[OOTB-infra] OOTB-infra Digest, Vol 5, Issue 4
Daren Firminger
daren at digcat.com
Sat Jun 13 12:57:14 BST 2015
Ports which are currently open in honeycomb
tcp 0 0 127.0.0.1:8100 0.0.0.0:* LISTEN
21995/soffice.bin
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
1753/master
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
26332/java
tcp6 0 0 :::2021 :::* LISTEN 26332/java
tcp6 0 0 :::8009 :::* LISTEN 26332/java
tcp6 0 0 x.x.x.x:8143 :::* LISTEN
26332/java
tcp6 0 0 :::8080 :::* LISTEN 26332/java
tcp6 0 0 :::80 :::* LISTEN 24178/httpd
tcp6 0 0 :::8025 :::* LISTEN 26332/java
tcp6 0 0 ::1:25 :::* LISTEN 1753/master
tcp6 0 0 :::8443 :::* LISTEN 26332/java
tcp6 0 0 :::443 :::* LISTEN 24178/httpd
tcp6 0 0 :::7070 :::* LISTEN 26332/java
my comment re hardening was more to the community, in terms of
suggestions where things might be improved, from the first cut.
cheers
Daren
On 13/06/15 12:00, ootb-infra-request at xtreamlab.net wrote:
> Send OOTB-infra mailing list submissions to
> ootb-infra at xtreamlab.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.xtreamlab.net/mailman/listinfo/ootb-infra
> or, via email, send a message with subject or body 'help' to
> ootb-infra-request at xtreamlab.net
>
> You can reach the person managing the list at
> ootb-infra-owner at xtreamlab.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OOTB-infra digest..."
>
>
> Today's Topics:
>
> 1. Re: misdirecting honeycomb instance (@heiko) (Heiko Robert)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 12 Jun 2015 14:39:51 +0200
> From: Heiko Robert <heiko.orderofthebee.info at ecm4u.de>
> To: Martin Cosgrave <martin at ocretail.com>, ootb-infra at xtreamlab.net
> Subject: Re: [OOTB-infra] misdirecting honeycomb instance (@heiko)
> Message-ID: <557AD317.6060803 at ecm4u.de>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> Martin,
>
> I requested for info to be able to help you to solve _your network /
> redirect problem. Please don't overload this actual thread with generic
> discussions. This costs time and energy we could spend in other stuff.
> I'm totally fine to discuss VM concepts and products but let's do this
> in a separate thread to get things done. We need requirements if we have
> to make decisions. I still don't understand what you're trying to
> archive with the infrastructure. How should others? It would be much
> easier to provide you what you need and maybe expect if you describe the
> requirements.
>
> For now please
> * name the VM which needs to be bridged to the new virtual IP and
> provide login details
> * name which VMs should be up and running and which could be deleted
> * document as I requested for since this is independant from the
> hipervisor discussion but necessary to maintain this environment.
>
> Thanks
> Heiko
>
>
>
> Am 12.06.2015 um 12:25 schrieb Martin Cosgrave:
>> No those VMs are not all necessary, what you can see there are multiple
>> attempts to try to use ESXi for something useful.
>>
>> Unfortunately:
>> * foreman cannot control ESXi VMs, only full vsphere ones
>> * jenkins can neither use ESXi slaves due to missing libraries in the
>> free version
>> * showcase was an early attempt to have a showcase server managed by
>> foreman
>> * qadci was supposed to be a 'quick and dirty CI' to try to use the
>> resources for testing and CI, abandoned in favour of getting the release
>> out in time. I don't think it has a running jenkins but whichever does
>> have jenkins has multiple other services too
>>
>> I have said from the start that ESXi was a bad choice and we should have
>> chosen an open virtualisation platform. In use it has been a horrible
>> experience trying to get anything done at all with it. The restrictions
>> on the product which led to this horribly contorted network topology we
>> have now have made it all but impossible to actually do any work on the
>> infrastructure unless you use Windows, which I do not. And having a
>> windows vm *inside* the ESXi does not actually help much unless you can
>> get in to it easily, which I could not until I set up my own vpn and a
>> guacamole server to redirect the windows vm to my web browser.
>>
>> Daren mentioned that Honeycomb needs 'hardening', this is only due to
>> the fact that the iptables script we used has a 'default open' policy
>> for ports rather than 'default closed', which will be rectified as soon
>> as I get the chance to work on it, but until that point it is handy for
>> it to be behind the firewall. The machine in question is 'beehive'.
>> Obviously 80 and 443 need to be open, and we also expose the various
>> other ports like SMTP, FTP. Perhaps Daren can check out the full list of
>> ports we expose, as I said I'm rather ill at the moment and I don't
>> quite have the energy to track it down myself. (Nor do I have the energy
>> for this conversation to be honest).
>>
>> Before we do this though we should stop as a group as a whole and think,
>> since there is nothing of use on this infrastructure at the moment (and
>> I have wasted upwards of a hundred hours trying to get it to be useful)
>> maybe we should reconsider tearing it down and replacing it with a KVM
>> setup instead.
>>
>> Martin
>>
>> PS please don't divert the conversation into redmine, if you feel the
>> need to raise issues the agreed way is to use the github issues page for
>> the ootb-infra project.
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> OOTB-infra mailing list
> OOTB-infra at xtreamlab.net
> http://www.xtreamlab.net/mailman/listinfo/ootb-infra
>
>
> ------------------------------
>
> End of OOTB-infra Digest, Vol 5, Issue 4
> ****************************************
More information about the OOTB-infra
mailing list