Viss, 3 months ago

also, apropos of .. something..

if you run a shop who does this crazy nonsense of:

• every one of your customers gets a subdomain
• you have one ip with like, 15,000 subdomains aimed at it

im coming for you

Viss, 3 months ago

though it is pretty rewarding to throw massive massive orgs into it like cern and disney and watch an absolutely dumptruck of a report come out the other side.

bensonk, 3 months ago

@Viss Grafana and Prometheus can be installed on a computer and just used. They are good systems and worth using.

Viss, 3 months ago

@bensonk without elasticsearch?

Viss, 3 months ago

@bensonk i dont want to have to install, configure and maintain three separate pieces of software to get a cpu graph. that setup is incredibly bloated, topheavy and needy for a handful of machines, not to metion the bountiful attack surfaces they all expose

bensonk, 3 months ago

@Viss If all you want is a graph, you can use prometheus by itself. It is a very lightweight system. Grafana is if you want to make fancy dashboards.

josephholsten, 3 months ago

@bensonk @Viss ^ This ^

I personally prefer client-push systems like ganglia, graphite, influxdb; but if you can architect your system so Prometheus can pull everything, it’s obnoxiously easy.

bensonk, 3 months ago

@josephholsten @Viss Having seen both in use at scale at work, and having moved from a pull model to a push model, I... am pretty happy with the pull, actually. Prom is much closer to the system I wish we had.

josephholsten, 3 months ago

@bensonk @Viss I wonder how much is that I just am terrified of having network acl that allow inbound traffic from a rotating set of IPs in the monitoring cluster. Being received by a lightly maintained support service that usually has at least full read only access to internal service state.

Viss, 3 months ago

@josephholsten @bensonk i did a training class in oslo last week, and one of the things i showcased was misconfigured publicly accessible prometheus instances leaking all sorts of internal data to anybody who curled the right way

bensonk, 3 months ago

@Viss @josephholsten There is a certain amount of configuration that is absolutely a key piece of any monitoring configuration. If there are systems that let you perform that kind of monitoring without requiring nuanced configuration, I'd love to read about how they work.

Viss, 3 months ago

@bensonk @josephholsten well for starters, any system that has a default config of listening on every interface with no creds is .. bad. like redis. and prometheus. and docker.

they need extra care to make them un-bad.
and i dont feel like picking up the developers slack for them

josephholsten, 3 months ago

@Viss @bensonk “i dont feel like picking up the developers slack for them”

and another BOFH was born

Viss, 3 months ago

@josephholsten @bensonk ah. ad hominem. how quaint

uberbrady, 2 months ago

@Viss We do a lot of that crazy nonsense - if you'd like to take a swing at us, let me know. Could be arranged.

Viss, 2 months ago

@uberbrady sure, if you wanna dm me some domains to go after, i can push them into the system to see what orbital comes up with

uberbrady, 2 months ago

@Viss you have a info@ or some other address you want me to yammer at?

Viss, 2 months ago

@uberbrady absolutely! dan@phobos.io is me, and info@phobos.io goes to both founders!

morb, 3 months ago

@Viss netdata is pretty solid imho

Viss, 3 months ago

@morb im looking into netdata now, i hadnt heard about it before, but their demo site has pretty sexy graphs and it seems to integrate with redis, celery and rabbitmq out of the box, and we rely heavily on those

morb, 3 months ago

@Viss I used it standalone for basic telemetry on lamp servers ages ago; nice to see that it's well fleshed out now