Asteris

Introducing Converge

// Steven Borrelli // Converge

We’re delighted to introduce our newest project, Converge. Converge is a configuration management tool that makes it easy to configure servers, desktops, and Raspberry Pi devices.

Converge manages apt and rpm packages, files, directories, docker images and containers, and the Linux LVM subsystem. The CLI, modules, and API server are all bundled in a single 11Mb binary file, making it easy to deploy and run.

Converge is powered by a sophisticated graph execution engine that automatically creates dependencies and runs tasks in parallel. Internally, the desired state of a system is represented as a directed graph.

Read More…

Consul ACLs – an Introduction

// Steven Borrelli // Consul

HashiCorp’s Consul is a popular service discovery and key/value storage tool that has become a core component of many distributed applications.

However, if Consul is not secured an intruder could register their own service and capture traffic. For example, if you have an auth service, the intruder could register another service with the same DNS entry auth.service.consul and collect login information.

Consul does not implement access controls on the key-value data or service discovery endpoints by default. This means anyone (including intruders) are able to connect to a Consul host, register services, and modify data.

But don’t despair! Consul has an Access Control List (ACL) system that can be used to control who can read and write data. This means we can keep intruders from registering services without authenticating to the Consul server.

Read More…