Are you using Virt-Viewer or Virt-Manager?
If you are using Virt-Manager, create SSH password less login between the 2 machines and try again.
Also how many times does it prompt for root password when you first connect to the VM ?
And what OS are you using for Virt-Manager ?
And there is an option for key mapping in Virt-Manager, you can make it auto or en-US
This PDQ Deploy you guys have been mentioning, does it require an agent on the other Windows clients ?
or it just relies on Active Directory to work.
The windows installer of salt minion asks you for :
Salt Master Hostname or IP address
Minion Name
And you can install it silently with:
Salt-Minion-2016.11.5-AMD64-Setup.exe /S /master=yoursaltmaster /minion-name=yourminionname
Sadly I cant trust my users to run the installer and do the steps, I ASKED THEM TO PLACE THE 3 letter number sticker on their machine, and I emailed them an example photo, and the idiots entered alot of crap for minion name
Now I have to do them all manually
90 MACHINES
GONA GO KILL MORE PPL IN DBD
While I agree with what you said technically, Salt can be so powerful in my opinion and that it can do
everything I want from AD (but it needs prior planning and proper machine naming, also the first step of configuring salt minion on every machine can be daunting, yeah on every machine).
I think what you'are referencing about AD is regarding authorization part, well for me I can create users also windows groups remotely using salt native module, then using this with a NAS I can provide access, or I can run script on selected user to mount the share on startup of their machines.
In summary it can do everything AD does in my perspective, but you just need to plan ahead and keep things simpler.
Also check this module, where you can configure the local group policy for windows clients.
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.win_lgpo.html
It is just one of many native modules where you can do many things, want to check free space on all of your client machines, this can be done using 1 liner:
salt '*' status.diskusage
Thus salt expands the already known stable reporting tools that Windows natively has, but it wraps it in SSH feel environment that I love.
I think next step for us in my organization is using SaltStack + Urbackup . Will keep you posted about how this goes.
Well you can review it and install it and check it out and then publish your thoughts here. Based on my experience it is very simple and you cant choose many options from the web interface last time i checked it.
I need to configure my VM with virtIO driver and the web interface defaults to something else I forgot what it was.
Also it relies on WoK which is framework, so its not really native solution... and your better of testing it from docker image which is much more quicker.
Cause KVM have so many front-ends, just use RHEL supported ones = Ovirt or VirtManager.
And dont expect fancy things with opensource and free stuff,
The best software for this is -> DoubleKiller
http://www.softpedia.com/get/Security/Secure-cleaning/DoubleKiller.shtml
Its interface is old but it gets the job done quickly and accurately.
@FATeknollogee said in Home Lab Hypervisor?:
Virt-manager vs oVirt, which one is considered more "up to date"?
Neither is out of date.
If you are familiar with ESXi C# Vsphere client to manage hosts use Virt Manager, if you want something like ESXi Virtual appliance to manage multiple hosts go for oVirt which is web based solution.
Virt-manager targeted at manually managing couple of hosts, oVirt is solution for many hosts.
so this thread:
https://mangolassi.it/topic/13635/saltstack-use-cases
Got me all excited about saltstack, I hope it remains Opensource and free and available forever.
And I really wanted Active Directory replacement, I dont have AD at my work, we do have centralized I.T services like XMPP server/Nextcloud/some machines have secure VNC installed but not all, but nothing to manage the Windows clients. Thus it depends on the users most of the time.
So WannaCry came up and the max I can do is download the patch and host it on our NAS, and email everyone with the link and steps on how to do it, and tell them I am available for support just reply to the email and I will try to VNC to the machine or go manually and apply it (we are talking about managing 100+ machines).
But that did test our infrastructure readiness for similar scenarios and it was poor and slow, cause it depends on the users, who you just cant trust on doing the right thing, sometimes they get so busy, some think just that download the .msu file patch to their desktop means that they did it and applied the patch without even running it.
So that got me trialing SaltStack:
I did the basic stuff, Got Centos 7 minmial machine (2 cpu/2 gb ram) and installed SaltStack using this info :
https://repo.saltstack.com/#rhel
Then create 2 folders:
mkdir /srv/salt/
mkdir /srv/pillar/
Then edit this file:
/etc/salt/master
And uncomment the following lines, keeping the default config for them.
interface #(change this to your machine IP)
publish_port
user
ret_port
root_dir: /
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
Then ensure firewalld is allowing the ports (puplish+ret) configured above to be opened or accessible in your LAN.
Currently I do not use SS for provisioning servers, or salt state files, but I reckon I will get to that once I am more knowledgeable with the tool
So the above covered the Centos Salt Master part, now for the minions, simply download the file:
https://repo.saltstack.com/#windows
And install it, during install you will be asked to provide the IP for the salt master + the ID name of the client minion machine. (It is important to come up with an minion naming plan prior)
And this covers the minion part, what I found is very interesting is that SS works even if the windows machine had kaspersky workstation security installed with everything set on high as well as UAC, usually kaspersky messes everything up.
Now go back to the Centos Salt master:
and type :
salt-key -L
You should see the new client minion name but it not authorized, thus type:
salt-key -A
to authorize the windows minion to connect (you can enable in the salt master config to accept all requests by default)
Now the actual patch part, lets say our windows minion ID is 123 in this example:
Download wannacry patch and put in Centos Salt Master dir of /srv/salt.
and cd to that dir in the Master.
run the following on the Master:
salt '123' service.start 'wuauserv' && salt "" cp.get_file salt://wannacry_patch_x64.msu C:/wannacry_patch_x64.msu && salt '' cmd.run 'wusa.exe C:/wannacry_patch_x64.msu /quiet /norestart'
If you want the patch to work on selected machines, simply use salt -L '123,124' instead, and all machines use salt '*' instead.
The above command will apply the patch, without rebooting the machine.
salt '123' cmd.run 'wmic qfe | find “4012212”'
This is based on:
https://technet.microsoft.com/library/security/MS17-010
Windows 7 for x64-based Systems Service Pack 1
(4012212)
Security Only[1]
This will return to you that the user have it installed, the minion might need to reboot first then it will be listed, not sure.
salt '123' cmd.run 'del C:\wannacry_patch_x64.msu'
I know the above is rough and un-tidy, but I like to help in increasing the popularity of this awesome solution that I am trialing and it is stable and speedy and works, truly a GPO solution that works.
@JaredBusch said in Bare Metal Backup (and restore):
@EddieJennings Basically, this backup method it a solid 100% guaranteed method because you are capturing backups of all data in a stopped state. No worries about SQL server database states, etc. You are only backing up the backup files made by the SQL application itself.
This is a perfectly valid scenario.
Using a full image backup is dangerous if it does not talk to the database process and tell it that it is going to run a backup. Because then the Database files are not in a state to be read. This is probably what happened to your mentor/boss/whatever.
True I second this, cause he is focusing on backing up files, but the downside is restoring from DR will take some time for the stuff to be ready.
Having VM export feature + his current file backup will speed the DR restore process greatly.
hmm, i have been reading through the commends and I have the following:
If its desktop or laptop, then it can be grounded (desktop are easier) with kensington cord, and if you are worried about auto decrypt on boot up and theft, then you can use TPM module header.
With those even if the Internal HDD got stolen if you used encryption software that uses the TPM it will not decrypt unless the TPM module gets stolen too, for desktops it is different location than laptops and I think it can bind with the motherboard model, note sure though.
Using desktops it is alot easier i guess going the above route.
Hi,
To the title say its all, i am learning more and more about SS, especially for AD alternative.
till know I love what I see, not just like.
I wonder wondering If I have currently 3 minions, for example:
[root@salt ~]# salt '*' test.ping
172:
True
123:
True
vm:
Minion did not return. [Not connected]
Can I place minion 172 and minion 123 in certain group or folder ? like you would do with AD ?
So when I type a command :
salt 'GROUP X' cmd.run 'del C:\opera.exe'
I can launch this command on 172 + 123 ?
Many thanks in advance for continual support.
Perhaps when I finish I will write a tutorial.
Hello,
Can i get support, I am trying something like this:
salt '' cp.get_file test123.txt
salt '' cp.get_file test123.txt /c/
salt '*' cp.get_file test123.txt \c\
And the results are:
I.T_PC:
----------
I want to send file to my Windows Minion
Thanks.
File Is hosted in /srv/salt/
Can you try swapping the RAM DIMMs, or removing one.
Also try:
Disconnect it from the wall outlet, press the power button for 30 seconds for 2-3 times, connect it to power and power it on again.
NextCloud + OnlyOffice container
or
NextCloud + Collabora Code container
or
Just NextCloud
But the warranty for that is 10 years, how much space reservation did you give it and TB written ?
I think your best bet is KVM as host + Virt IO drivers with RDP or virt viewer to connect to the machine.
Virt-Viewer for me amazing and full featured but reliability wise it was hit and miss, I dont think virt-viewer receives much love and attention as much as virt-manager.