Filtering .raw fields with Python Elasticsearch DSL High-Level Client
It took me a while to figure out how to search the not_analyzed ".raw" fields created by Logstash in Elasticsearch indices, using the high-level Python Elasticsearch client. Because keyword arguments can't have attributes, Python throws an error if you try it the intuitive way (this assumes you've already set up a client as es and an index as i, as shown in the docs):Instead, you create a dictionary with your parameters and unpack it using the ** operator:
This produces the Elasticsearch query we want:
Installing cAdvisor and Heapster on bare metal Kubernetes
If you’ve spent some time with Kubernetes, or docker in general, you probably start to wonder about performance. Moreover, you’re probably wondering how to gauge performance of he overall host as well as the containers running on it. This is where cAdvisor comes in. CAdvisor is a open source tool for monitoring docker and it’s running containers. The best part about cAdvisor is that it has native docker support and is super easy to integrate into an existing Kubernetes cluster. Additionally, cAdvisor runs in a container (starting to see why docker is awesome?) so the configuration changes required on the host are super minimal. AKA – You just need to tell the host to run the container.
In addition to installing cAdvisor on our bare metal Kubernetes cluster, we’re also going to install another awesome open source Google tool call Heapster. Heapster gathers all of the data from each Kubernetes node via cAdvisor and puts it all together for you in one spot.
So let’s get started with installing cAdvisor…
The cAdvisor container needs to run on each host you want cAdvisor to monitor. While we could do this through the Continue reading
Protecting web origins with Authenticated Origin Pulls
As we have been discussing this week, securing the connection between CloudFlare and the origin server is arguably just as important as securing the connection between end users and CloudFlare. The origin certificate authority we announced this week will help CloudFlare verify that it is talking to the correct origin server. But what about verification in the opposite direction? How can the origin verify that the client talking to it is actually CloudFlare?
TLS Client Authentication
TLS (the modern version of SSL) allows a client to verify the identity of the server it is talking to. Normally, a TLS handshake is one-way, that is, the client is able to verify the server's identity, but the server is not able to verify the client's identity. What about when both sides need to verify each other's identity?
Enter TLS Client Authentication. In a client authenticated TLS handshake both sides provide a certificate to be verified. If the origin server is configured to only accept requests which use a valid client certificate from CloudFlare, requests which have not passed through CloudFlare will be dropped (as they will not have our certificate). This means that attackers cannot circumvent CloudFlare features such as our WAF Continue reading
iPexpert’s Newest “CCIE Wall of Fame” Additions 2/27/2015
Please join us in congratulating the following iPexpert client’s who have passed their CCIE lab!
This Week’s CCIE Success Stories
- Haroon Raees, CCIE #46529 (Collaboration)
- Evariste Happi, CCIE #46452 (Collaboration)
- Daniel Flieth, CCIE #46067 (Collaboration)
- Majid, CCIE #45866 (Collaboration)
- Rob Lacrosse, CCIE #45283 (Collaboration)
- Devan Lim, CCIE #45991 (Collaboration)
- Clay Ostlund, CCIE #45770 (Collaboration)
We Want to Hear From You!
Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!
PlexxiPulse—Demonstrating Big Data Fabrics
If you’ve been following us on the blog or on social media, you know that we announced our partnership with Big Data platform provider Cloudera last month. And, that a few months ago, our own Ed Henry demonstrated how to construct Big Data fabrics that easily integrate with systems like OpenStack and Cloudera during an installation of SDxCentral’s DemoFriday series. That webinar was recently published on SDxCentral’s website. You can watch the full presentation here to see the next generation of data fabrics in action. Enjoy!
Below please find a few of our top picks for our favorite news articles of the week. Have a great weekend!
Enterprise Networking Planet: The Future of White Box Networking in the Enterprise
By Arthur Cole
It seems that the farther along we get on the road to SDx, the more pertinent question is, what role will white box play in an increasingly distributed network environment? To be sure, white box hardware will see a dramatic rise in web-facing hyperscale operations in the years to come, but the advantages the technology brings to the table start to erode as scale drops. This means the traditional enterprise facility, which still has a vital role to Continue reading
Thoughts on Building Tools versus “Programming”
A couple weeks ago at Networking Field Day 9, Brocade presented with their usual A-list of networking gurus. One of the presenters was Jon Hudson, a very engaging, visionary speaker. His talk, shown below, was about the state of network programmability.
During the conversation (which is well worth watching), discussion turned to the question of “will network engineers become programmers?” posed by John Herbert of MovingPackets.net. Jon Hudson’s response elicited applause from the room. He said:
“The trouble I have with that statement is, most network engineers I know, like myself, we know how how to code. We went to school for it, and we chose not to.” – Jon Hudson
The conversation went on to discuss the value of programmability for the sake of consistency in the management and configuration of large-scale network fabrics (which I don’t think anyone would really debate as a “Good Thing”), but Jon’s quote about being a programmer and some of the sidebar that flowed from it created a fair bit of activity in the Twitter stream. Following the presentation, my attention was called to a mailing list on which a question was asked about networking engineerings being “given a Continue reading