elasticsearch 2.x?

[villain]

has anyone managed to get CIF working with elasticsearch 2.x? I ask because 1.x is EOL'd next month

there was some discussion earlier in the year, not sure where that got to though

[wesyoung]

not that i'm aware of. we've been testing with CIFv3 (2.x and 5.x) and having some good success... if EOL of 1.x is a concern, my suggestion is to start testing with CIFv3:

https://github.com/csirtgadgets/bearded-avenger

which is getting closer to beta status, and is setup to easily support v5 (just some minor bugs we're working out) as v5 becomes mature...

[villain]

ok, will do. is there a non docker/ansible install process currently for v3?

[wesyoung]

if you read through the wiki:

https://github.com/csirtgadgets/bearded-avenger/wiki

the easybuttons actually bootstrap the system and install ansible to get it "the rest of the way there" (so you don't actually have to know ansible). we're organizing around that idea for the all-in-one's to give a template for how to build a system using a more modern approach.

that said, we're also working on getting the bulk of this into things like pip, as well as flushing out .deb/.rpm packages (see the Makefiles), but haven't cleaned that up yet. realistically, you'll still need some form of "ansible" or alike to configure the system even if you have the .deb's, mostly because we're constantly updating, adding new deps and maintaining newer versions of those deps... easier to update and push using things like ansible, harder if you're trying to re-rpm/deb it all too..

does that make sense?

[villain]

ah ok. i havent looked into ansible too much, but i thought it was commonly used to deploy systems that commonly use docker & virtualbox, is that not the case here? i'd like to avoid going the vm-in-a-vm route if possible

[wesyoung]

nah, i use it to deploy to systems that are not those (ie: build out aws infra... etc). take a look at:

https://www.amazon.com/Ansible-Automating-Configuration-Management-Deployment/dp/1491915323

think of it as a way to standardize all the shell scripts we use to configure a system. in some of the examples, i use it via Vagrant just to configure a vm for testing, but that's because i can re-use a lot of the roles and configs on bare metal when we go to production too :)