@emad-r said in KVM Poor Man Replication HA:

So I did ask around before posting this and I did receive warnings, but I have been testing this and it is very simple and dumb yet works (tested only with Linux VM Distro). sharing it here so you guys can bash me about my method, as well as enlighten me.

So you have your 2 KVM hosts okay + 1 Fedora machine with Virt Manager

You create all the VMs on the KVM and call it primary, let us call it KVM 1
the second KVM 2 will be just the slave incase KVM 1 drops.

So what we do is schedule a script to :

1. (optional )Stop Software VM activity like DB or WebServer sometime when it is not being utilized at midnight for example, systemctl stop httpd ..etc

2. Freeze the FileSystem (guest agent needs to be installed.)
   virsh domfsfreeze VMNAME

3. Rsync the VM image to another KVM host (KVM 2) periodically each night.
   rsync --progress --inplace -h
   or
   rsync --progress --inplace -h -W (safer)

4. Prepare previously in KVM 2 the VM xml (RAM/CPU)and make it same as the one in KVM1, also copy the MAC address. but keep VM2 shutdown.

5. You can script Fedora Machine to keep pinging KVM 1 or VM 1 and if it fails to receive thus it is down, so if that happens KVM 2 will virsh start VM2 , which will have the same everything even the same internal IP.

What do you think ? Too cheezy ? Does it show how much I am afraid to play with GLusterFS?

btw the tags are acting weird, whenever I type one it removes itself.

So the issue with rsyncing for anything other than a snapshot is the data will be different.

For example:

you rsync VM1 at 5AM to KVM2. At 3PM KVM1 goes down. VM1 will start up on KVM2, but any data written between 5AM and 3PM is lost. I wouldn't recommend rsync for anything other than copying disks as a backup or snapshot.

Gluster will do the real time replication you need for this.

@john-nicholson said in 2FA - when required by your vendors, do you stipend your staff?:

@dashrender said in 2FA - when required by your vendors, do you stipend your staff?:

@penguinwrangler said in 2FA - when required by your vendors, do you stipend your staff?:

Why not buy them some cheap Android Tablets. I mean you can pickup some really cheap ones, less than 50 bucks. As long as they are on the wifi then they use those. You have total control over the 2FA devices that way.

Now they are carrying around two devices with them, phone and this tablet.

It's worse than that. The device battery 6 months in last 10 minutes, the screen takes 2 minutes to use because it's some ancient touch screen, the Android release is 4 versions behind. The MDM API's are so crippled you can't get Airwatch or any real MDM solution to work. When you have labor resources that cost $100-500 an hour WTF would you try to save a few $ per person that will cripple their workflow? I've seen so many people try this and fail.

For what it's worth hospitals devices tend to be shared on call devices. My wife's on-call phone is locked down so tight that if she takes 2 steps out side air watch bricks the device till it comes back in the hospital. They use special Android devices that are properly patchable, have the full KNOX API's for air watch to hook, and have extra battery kits and hot docks everywhere.

Does Airwatch work well? We looked at AirPatrol but it was insanely expensive (like ~$2500 per access point).

@scottalanmiller said in Odoo vs ERPNext and Which linux more suitable (Ubuntu/CentOS) ?:

I would likely run on Fedora, of course. Fedora -> CentOS -> Ubuntu, in this case. Ubuntu is always my enterprise Linux of last resort. Only after all RH and Suse options are exhausted. Within the RH family, I always choose Fedora over CentOS.

How are you doing your central logging with Fedora?

I like neither but ERPNext seems more flexible. It's been a couple years but the ERPNext install script never worked on CentOS for me. Never tried Odoo other than the hosted so I can't answer which is better for it.

@dashrender said in KVM question (backing store)?:

@stacksofplates said in KVM question (backing store)?:

The backing store should be a read only image that you can run instant clones from. I don't use it since a full copy of my template only takes a couple seconds.

What do you do about data backups?
And answer that in an SMB relevant fashion.

In this case I'm not sure. You would only have a base as the backing store. Any customized stuff would be in the clone. However I think this is more for things like VDI where you wouldn't back up the VM and just destroy it when you're done with it.

The backing store should be a read only image that you can run instant clones from. I don't use it since a full copy of my template only takes a couple seconds.

@scottalanmiller said in DNS manager for all domains:

@stacksofplates said in DNS manager for all domains:

@scottalanmiller said in DNS manager for all domains:

@stacksofplates said in DNS manager for all domains:

Cloudflare. But if you are already on AWS it might be worth it just to use that.

Unless you want any content delivery, then you need CF anyway.

You'd probably be using CloudFront for that on AWS.

Possibly. But CloudFlare is free, so there is a lot of value to it even on AWS.

Sure. I think they have things so integrated that it almost makes it a non starter to look elsewhere (most of the time). Unless you have like 2 sites.

@scottalanmiller said in DNS manager for all domains:

@stacksofplates said in DNS manager for all domains:

Cloudflare. But if you are already on AWS it might be worth it just to use that.

Unless you want any content delivery, then you need CF anyway.

You'd probably be using CloudFront for that on AWS.

Cloudflare. But if you are already on AWS it might be worth it just to use that.

@matteo-nunziati said in virtualize all the things... ?:

@stacksofplates said in virtualize all the things... ?:

@bj said in virtualize all the things... ?:

@jaredbusch said in virtualize all the things... ?:

Then Manage it from your Fedora desktop

I think I'd rather not install an entire desktop to manage VMs. That seems like taking a step in the wrong direction to me.

You don't have to. You can manage from cli only. And if you just want virt-manager just have a VM on the host that you can X11 forward from.

If you have failover/replica/ha you can consider to use a vm to control the hypervisor

You can do it even without that. Single hosts are easy, and for the amount of resources it uses, you can just have one on each host as a fail safe. But as long as a single host is up you can control them all from a single Virt-Manager VM.