@JaredBusch PHP 7 should be a nice improvement.
AdamF
@AdamF
822
Reputation
1746
Posts
2473
Profile views
0
Followers
5
Following
Posts made by AdamF
-
RE: What Are You Doing Right Nowposted in Water Closet
-
RE: What Are You Doing Right Nowposted in Water Closet
@JaredBusch said in What Are You Doing Right Now:
RHEL 8 upstream for the Sangoma OS and PHP 7.
Nice! When will FPBX 16 be released? Will it be on Asterisk 16 or the new 18?
-
RE: Opinions: Ansible vs. SaltStackposted in IT Discussion
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
or do you also lock down your firewall to only allow ports 4505:4506 FROM your minion IPs?
No, this would make the agents pointless. Because they'd be unable to obtain a new address and keep working. This wouldn't just make mobile points not work, it would make any site without static IPs a problem, which is almost all of them today.
So the only reason I brought this up, is because of a big vulnerability with SS a few months back. (https://www.helpnetsecurity.com/2020/05/04/saltstack-salt-vulnerabilities/) Specifically the section in the article that states:
“Adding network security controls that restrict access to the salt master (ports 4505 and 4506 being the defaults) to known minions, or at least block the wider Internet, would also be prudent as the authentication and authorization controls provided by Salt are not currently robust enough to be exposed to hostile networks,” the researchers added.Now of course, an up to date master avoided this altogether, but still.
-
RE: Opinions: Ansible vs. SaltStackposted in IT Discussion
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
Whoa! VM Ware just acquired Saltstack. https://blogs.vmware.com/management/2020/10/vmware-completes-saltstack-acquisition-to-bolster-software-configuration-management-and-infrastructure-automation.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-completes-saltstack-acquisition-to-bolster-software-configuration-management-and-infrastructure-automation
I wonder what that means moving forward....
That was over a week ago, lol.
Ha! Just saw it this AM. Does this give you any concern with the future of the open source version of Salt?
No, VMware has little interest in upsetting the balance of things. This kind of tool is already universally open source. Closed source only makes sense when you can dominate the field until some open source option takes over. Open source already owns this field.
Close sourcing an existing product is very hard to do, because you risk that someone else will fork it and keep it open and make your version irrelevant leaving you with literally nothing for the money that you spent.
Makes sense. From yesterday: With Salt, on your salt master, do you rely on the keys for authentication, or do you also lock down your firewall to only allow ports 4505:4506 FROM your minion IPs?
-
RE: Opinions: Ansible vs. SaltStackposted in IT Discussion
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
Whoa! VM Ware just acquired Saltstack. https://blogs.vmware.com/management/2020/10/vmware-completes-saltstack-acquisition-to-bolster-software-configuration-management-and-infrastructure-automation.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-completes-saltstack-acquisition-to-bolster-software-configuration-management-and-infrastructure-automation
I wonder what that means moving forward....
That was over a week ago, lol.
Ha! Just saw it this AM. Does this give you any concern with the future of the open source version of Salt?
-
RE: Opinions: Ansible vs. SaltStackposted in IT Discussion
Whoa! VM Ware just acquired Saltstack. https://blogs.vmware.com/management/2020/10/vmware-completes-saltstack-acquisition-to-bolster-software-configuration-management-and-infrastructure-automation.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-completes-saltstack-acquisition-to-bolster-software-configuration-management-and-infrastructure-automation
I wonder what that means moving forward....
-
RE: Opinions: Ansible vs. SaltStackposted in IT Discussion
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
essentially every company has some number of workloads like this and once you have one, you can only use agentless when you are willing to not manage everything, just some things. Agent based is essentially the only way to use one tool for all
That's understandable. So what about if you are not managing workstations, and you would only use this to manage server workloads in various data centers? Would your same thinking still apply?
Depends, is every server open to the Internet and/or on a LAN that you have access to? Mine are not, I have a lot of servers that are like databases and are not accessible from the outside whatsoever. Salt works great and they are super secure. I can do loads of port forwarding and whatnot for Ansible and make it work as their IPs don't change, but it's a huge pain.
And what if you use any kind of scaling, combined with that kind of security, now you have to automate port forwarding and firewall rules, combined with the VMs, in real time, or you get management errors with the wrong stuff going to the wrong server.
Agents are just so much better IMHO in the real world. Not that that one factor means everything, but all other things being equal, I always want the agent.
Also, is the new Salt Gui that you are talking about open source?
-
RE: Opinions: Ansible vs. SaltStackposted in IT Discussion
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
@AdamF said in Opinions: Ansible vs. SaltStack:
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
essentially every company has some number of workloads like this and once you have one, you can only use agentless when you are willing to not manage everything, just some things. Agent based is essentially the only way to use one tool for all
That's understandable. So what about if you are not managing workstations, and you would only use this to manage server workloads in various data centers? Would your same thinking still apply?
Depends, is every server open to the Internet and/or on a LAN that you have access to? Mine are not, I have a lot of servers that are like databases and are not accessible from the outside whatsoever. Salt works great and they are super secure. I can do loads of port forwarding and whatnot for Ansible and make it work as their IPs don't change, but it's a huge pain.
And what if you use any kind of scaling, combined with that kind of security, now you have to automate port forwarding and firewall rules, combined with the VMs, in real time, or you get management errors with the wrong stuff going to the wrong server.
Agents are just so much better IMHO in the real world. Not that that one factor means everything, but all other things being equal, I always want the agent.
That's fair. With Salt, on your salt master, do you rely on the keys for authentication, or do you also lock down your firewall to only allow ports 4505:4506 FROM your minion IPs?
-
RE: Opinions: Ansible vs. SaltStackposted in IT Discussion
@scottalanmiller said in Opinions: Ansible vs. SaltStack:
essentially every company has some number of workloads like this and once you have one, you can only use agentless when you are willing to not manage everything, just some things. Agent based is essentially the only way to use one tool for all
That's understandable. So what about if you are not managing workstations, and you would only use this to manage server workloads in various data centers? Would your same thinking still apply?