As @scottalanmiller tells us in the introductory post, lxd is completely image based. Each new container we create must be based from an image, either manually made or premade and downloaded from a remote location.

After installation, lxd by default sets us with remote image locations so we can start downloading images to our local store. We can check the default remote list with the following command.

~$ lxc remote list
+-----------------+------------------------------------------+---------------+--------+--------+
|      NAME       |                   URL                    |   PROTOCOL    | PUBLIC | STATIC |
+-----------------+------------------------------------------+---------------+--------+--------+
| images          | https://images.linuxcontainers.org       | simplestreams | YES    | NO     |
+-----------------+------------------------------------------+---------------+--------+--------+
| local (default) | unix://                                  | lxd           | NO     | YES    |
+-----------------+------------------------------------------+---------------+--------+--------+
| ubuntu          | https://cloud-images.ubuntu.com/releases | simplestreams | YES    | YES    |
+-----------------+------------------------------------------+---------------+--------+--------+
| ubuntu-daily    | https://cloud-images.ubuntu.com/daily    | simplestreams | YES    | YES    |
+-----------------+------------------------------------------+---------------+--------+--------+

To check the images available in each remote, we can run lxc image list remotename: and a list of all available image containers will be listed, but this is many times not practical due to the amount of images available in the remotes. So you can just visit the url shown in the remote list in your browser of choice to view the available images.

From the cli

~$ lxc image list images:

Visiting the remote url: https://images.linuxcontainers.org

To get images to our local store and start building containers the basic command is lxc image copy remoteName:imageDistribution/imageRelease/imageArchitecture local: imageArchitecture being optional.

This basic command does its job just fine but has a few drawbacks in my opinion. It forces us to call the imageDistribution/imageRealease image name each time we want to create a container and the image must be downloaded again manually if we want to have the latest container.

How can we fix this, easy addding two extra parameters to our basic image download command. Here is an example that will be downloading a Fedora/27 image from the "images:" remote, giving it our custom alias and having it auto updating daily.

~$ lxc image copy images:fedora/27 local: --alias f-27 --auto-update

Giving our images an alias has two benefits, shorter commands when creating containers and the ability to delete images by the alias instead of deleting by using the image Fingerprint which is not user friendly.

# List images in our local store and compare the alias vs fingerprint

~$ lxc image list
+---------+--------------+--------+-----------------------------------------+--------+----------+-----------------------------+
|  ALIAS  | FINGERPRINT  | PUBLIC |               DESCRIPTION               |  ARCH  |   SIZE   |         UPLOAD DATE         |
+---------+--------------+--------+-----------------------------------------+--------+----------+-----------------------------+
| f27     | b25c1b1b6831 | no     | Fedora 27 amd64 (20171201_01:27)        | x86_64 | 63.61MB  | Dec 1, 2017 at 3:01am (UTC) |
+---------+--------------+--------+-----------------------------------------+--------+----------+-----------------------------+

Finally to create and start our container based on our Fedora 27 image we just run.

~$ lxc launch f27 yourcontainername
Creating yourcontainername
Starting yourcontainername
~$

@kelly said in KVM Setup:

All scorn and derision aside, if I wanted to manage a KVM host from Windows what are my options?

Any GUI options?

How about testing either of the following two options if you dont want to have a linux vm or manage everything with virsh. Can't test them properly myself since currenty working out of my office and dont have any KVM server available:

If you have Win 10

1. WSL (Windows Subsystem for LInux) + VcXsrv+ virt-manger
   

If you have Win 7 you can use Cygwin
2. Cygwin + virtmanager

@dustinb3403 said in Installing Snipe-IT on CentOS 7 and MariaDB:

@jaredbusch said in Installing Snipe-IT on CentOS 7 and MariaDB:

@robblehead said in Installing Snipe-IT on CentOS 7 and MariaDB:

I had to run Setenforce 0

Interesting, that should be handled. There may be a directory missed or something.

I have a new install to make over the weekend for a client. I will make sure to check that.

Didn't we have to simply add the exclusions to setenforce to get this to work on my system a while back?

I remember having to do that, as disabling setenforce entirely isn't a great option.

SELinux prevents the httpd process from accessing the /var/log/httpd/error_log if I remember correctly. Running the following should get it working again.

ausearch -c 'httpd' --raw | audit2allow -M my-httpd
semodule -i my-httpd.pp

@reid-cooper said in Anyone have a script to rip apart traceroute:

SmokePing

@JaredBusch maybe try using Scapy to get what you want? It can do plotting and graphing and many other things, just have to read through the documentation.

---

Ex: A simple traceroute to mangolassit from my work computer with a graph.

>>> res, unans = traceroute("mangolassi.it",dport=443,maxttl=20)
Begin emission:
****Finished to send 20 packets.
****************
Received 20 packets, got 20 answers, remaining 0 packets
   104.25.46.32:tcp443 
1  189.211.38.162  11  
2  200.78.150.113  11  
3  200.78.150.49   11  
4  148.240.205.13  11  
5  213.248.97.166  11  
6  213.248.97.166  11  
7  62.115.32.214   11  
8  104.25.46.32    SA  
9  104.25.46.32    SA  
10 104.25.46.32    SA  
11 104.25.46.32    SA  
12 104.25.46.32    SA  
13 104.25.46.32    SA  
14 104.25.46.32    SA  
15 104.25.46.32    SA  
16 104.25.46.32    SA  
17 104.25.46.32    SA  
18 104.25.46.32    SA  
19 104.25.46.32    SA  
20 104.25.46.32    SA  
>>> res.graph()

DigitalOcean's apparently using their own built go-qemu and go-libvirt which they opensourced

https://blog.digitalocean.com/introducing-go-qemu-and-go-libvirt/

Maybe that could help as well, they mention they are not fully stable but they are using them in production.

@olivier said in What is KVM Best Management Tools in 2017?:

Do you know any valid API that can be called remotely and doing also network and storage operations?

I can't figure why I can't find this.

Maybe checkout the libvirt api?

• Application Development Guide (Python)
• Application Development Guide (C)

From the guide:

---

2.1 Object model
The scope of the libvirt API and the Python libvirt module is intended to extend to all functions necessary for deployment and management of virtual machines. This entails management of both the core hypervisor functions and host resources that are required by virtual machines, such as networking, storage and PCI/USB devices. Most of the classes and methods exposed by libvirt have a pluggable internal backend, allowing support for different underlying virtualization technologies and operating systems. Thus, the extent of the functionality available from a particular API or method is determined by the specific hypervisor driver in use and the capabilities of the underlying virtualization technology.

2.3. Remote management
While many virtualization technologies provide a remote management capability, libvirt does not assume this and provides a dedicated driver allowing for remote management of any libvirt hypervisor driver. The driver has a variety of data transports providing considerable security for the data communication. The driver is designed such that there is 100% functional equivalence whether talking to the libvirt driver locally, or via the RPC service.

In addition to the native RPC service included in libvirt, there are a number of alternatives for remote management that will not be discussed in this document. The libvirt-qpid project provides an agent for the QPid messaging service, exposing all libvirt managed objects and operations over the message bus. This keeps a fairly close, near 1-to-1, mapping to the C API in libvirt. The libvirt-CIM project provides a CIM agent, that maps the libvirt object model onto the DMTF virtualization schema.

---

@jaredbusch said in What Are You Doing Right Now:

Wondering what all my daughter’s candy is that she got out of a piñata yesterday at a classmate’s birthday party.

@jaredbusch said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@jaredbusch said in What Are You Doing Right Now:

ll my daughter’s candy is that she got out of a piñata yester

Mexican birthday? or Latin American?

No idea where they are from.

It is interesting that they have their daughter in the school they do. They speak Spanish natively at home. The Dad speaks fluent English as well as the daughter. But they have their daughter in a cross district school in a dual language Japanese program.

Almost all of them are mexican candy =).

Really like Pulparindo and the Pelon Pelo Rico, both tamarind based with diferrent quantitites of chili powder.

@travisdh1 He is running that command inside the container named rocketchat

Do steps 1 -4 from the official guide - https://snipe-it.readme.io/docs/upgrading-to-v4. Step 3 is not required if no one else is using the app. Run the commands as the apache user ( sudo -u apache .........)

5- Follow along the first part from @JaredBusch guide to upgrade you install to use git

git clone https://github.com/snipe/snipe-it temp
rm -rf /var/www/html/snipeit/.git*
mv temp/.git* /var/www/html/snipeit/
rm -rf temp/
cd /var/www/html/snipeit/
git reset --hard origin/master
git pull --force
chown -R apache:apache /var/www/html/snipeit/

6- Run the following as apache user as @JaredBusch guide recommends.

sudo -u apache php composer.phar install --no-dev --prefer-source
sudo -u apache php composer.phar dump-autoload

7- Add APP_LOCALE=en to your .env file.

8- Double-check that your storage directory and all sub-directories are writable by apache user

9- Apply db migrations as the apache user

sudo -u apache php artisan migrate

10- Open your .env file again and change your current APP_KEY to LEGACY_APP_KEY and add a new APP_KEY= to the file. So assuming both fields are the last ones of the file, your .env file should look like this with the changes:

....
....
LEGACY_APP_KEY=thisisyourpreviouskey
APP_KEY=

Save your .env file with the changes and run

sudo -u apache php artisan key:generate
sudo -u apache php artisan config:clear
sudo -u apache php artisan snipeit:legacy-recrypt

If you get a "Whoops" error when you try to login or refresh your Snipe-IT page, you probably forgot to clear your browser cookies. That error happens because we use a more encryption cipher to encrypt your data (including sessions), and clearing your browser should fix that.

11 - If you put the site on maintenance bring it up (sudo -u apache php artisan up)and go to your snipeit url.

@tim_g said in Running nested VMs in Fedora 26 KVM / QEMU on Hyper-V:

Creating a Linux VM on Hyper-V is easy. Creating a nested VM inside your Linux VM running on Hyper-V... well, it's not going to work out of the box.

Here's how to do it: https://www.timothygruber.com/hyper-v-2/run-a-nested-vm-on-kvm-qemu-vm-in-hyper-v/

Why would you want to? In my case, there was a developer who needed to compile code on a special Linux VM, and immediately needs to test it inside a throw-away VM running in there.

Doing this on his own or another physical PC or other means was not an option.

Wouldn't this be a good case to use a LXC/LXD container and not have to mess with nested virtualization?

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

@eddiejennings said in What Are You Doing Right Now:

Phone number port request has been submitted to Twilio. Ah, such a great feeling!

@EddieJennings how has twilio been as a trunk provider? Is your install of FreePBX ready to be used in production

@travisdh1 said in How to choose public DNS provider for an ISP:

@scottalanmiller said in How to choose public DNS provider for an ISP:

@nerdydad said in How to choose public DNS provider for an ISP:

@brianlittlejohn said in How to choose public DNS provider for an ISP:

You are going to use private IP addresses, so all of you subs will be double nat'ed ?

That's what I'm considering. What are the potential problems with this?

Think about it conceptually. No ISP puts a global firewall in front of its clients. You are building a single corporate LAN environment here rather than an ISP WAN network, basically. Nothing will work as expected. And you will guarantee that at least one private range that they should be able to use will be broken.

You are thinking of this as an SMB IT department trying to control employees, rather than an ISP trying to provide service to customers.

Uhm... just about every ISP is doing carrier grade NAT anymore. It's caused all sorts of headaches in Millersburg because some goofball decided to use 192.168.1.X for their CGNAT. #fail

Down here in mexico, almost all cable companies that also provide internet service use CGNAT as well, the downside is they are also some of the worst providers but they do use it.

@aaronstuder said in Issues Installting Snipe-IT on CentOS 7:

What port(s) is git using?

unable to access 'https://github.com/snipe/snipe-it/': Failed connect to github.com:443;

https-443

@irj said in What's the worst technology ever invented?:

Small office printers!!!!

Can't upvote your comment enough, really hate having to deal with them.

@dustinb3403 Does the system have an static ip assigned? Because if it does not, if I am not mistaken, NetworkManager should be managing dhclient by default .

You could have tried

sudo dhclient -r eth0
sudo dhclient eth0

or restarting NetworkManager.service, it should have fixed your problem.

@jaredbusch said in How to upgrade Snipe-IT on CentOS 7 that did not use git:

@ambarishrh said in How to upgrade Snipe-IT on CentOS 7 that did not use git:

@ambarishrh said in How to upgrade Snipe-IT on CentOS 7 that did not use git:

Invalid default value for 'locale'

I just updated .env and added APP_LOCALE=en executed again and it worked!

I never go that, it might be related to 4.

It is step 7 of the upgrade process to version 4.

@scottalanmiller said in What Are You Doing Right Now:

Hey, someone showed up to the office. But now they've left. So that's that. LOL. Ten minutes.

Why is nobody else there and why did he even go if he was going to stay just 10 minutes ?

Upgrading our Snipe-It vm to v4.0.9

@stacksofplates said in Ansible Testing with Molecule:

@romo said in Ansible Testing with Molecule:

@stacksofplates is the libvirt provider for Vagrant working properly? I thought it was in development and not working well.

No it works really well. I got the LXC driver working for Molecule so I’ll probably use that over vagrant. I still use Vagrant with libvirt for role development however.

I'll have to give it a try then.

Do you prefer vagrant than using virt-* tools (builder, sysprep, etc)?