@scottalanmiller said in Kvm network troubleshooting:
Your server has an IP address of 192.168.122.1? Is that correct? Nothing wrong with that technically, but it would be exceptionally unusual. That's almost always the gateway address. What is the address of your gateway?
That's libvirts virtual bridge address for the NAT network.
So looking at the interfaces it looks like enp4s0 was set up with an address. All of the VMs are macvtap interfaces on top of that nic for network access. Then libvirt created a virtual bridge for the default NAT network. If that's correct then you don't need to create a bridge or anything. Just tell the VM to use enp4s0 for networking and macvtap will auto set up the tun/tap device for access. You have no address on enp4s0 which is why I'm guessing you cant access the host.
If you can get into the VMs, you should be able to SSH to the virtual bridge (which is the host) if they have an interface on the NAT network.
@wirestyle22 said in IT reporting website for every day users:
@stacksofplates I think an interesting project would be to create a shared directory that Ansible pulled from to create pages on the website per day and allow it to automatically organize the website. It seems like it would be possible to do. Just a thought.
If you're going to go to that much work, just have a script that checks your actual monitoring and posts human readable outputs to Grafana.
Also as a side note, if you hate Powerpoint like I do, it has a presentation plugin that doesn't look too bad.
It depends if you are using an agent or just rsyslog. Rsyslog can do tls and compression but not sure if you can cache until the remote server is back up, you would have to be sending over tcp for it to be able to verify. It can do tcp but I don't know if it has built in mechanisms to cache until the remote returns. The best way to handle it with just rsyslog is to have multiple syslog servers (Graylog) to send to and then they store in their backend (Elasticsearch in the case of Graylog).
@fuznutz04 said in KVM and Back Ups:
@scottalanmiller said in KVM and Back Ups:
@fuznutz04 said in KVM and Back Ups:
For example, I had a developer fubar a server the other day. Completely unrecoverable. It was hosted at vultr, and I used their backup service. I was able to completely restore the server from their snapshot backup. That’s what I am after.
That's not crash consistent. So THAT level of backup KVM can do without anything special, it's just taking a snapshot of the storage. You have that with any system because it is done at the storage layer.
What tools can I use to do that (scheduled) with KVM on fedora?
QEMU has both internal and external snapshots. Internal are inside of the qcow2 file, external are redirect on write snapshots. The external are the more robust since they don't do full COW like the internal ones.
@scottalanmiller said in Concerns with BtrFS and ReFS:
@MattSpeller said in Concerns with BtrFS and ReFS:
We use EXT4 in our linux storage appliances - yet they seem to be pushing btrfs?
Synology and ReadyNAS seem to push BtrFS. It makes things easier for them.
For production, everyone I know pushes XFS. Fast and reliable. Pretty much the only big factors in storage.
XFS also has xfsdump and xfsrestore. It's not exactly the same as btrfs but it does give some backup ability. It also has dedupe but it's somewhat limited last I saw https://hooks.technology/2018/03/xfs-deduplication-with-reflinks/
I've always found NGINX to be much lighter weight and performant than Apache.
I was able to proxy through NGINX after running docker-compose up -d. I didn't use HTTPS because I'm lazy but it passed HTTP fine.
It's just a simple config to test (again because I'm lazy):
@Dashrender said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:
@scottalanmiller said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:
@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:
@scottalanmiller said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:
@wirestyle22 said in How do I block anything after .com that is not a country code with a regular expression for e-mail filtering purposes?:
It has reduced our spam by 95% and I've only seen 3 instances of false positives in 4 months of it being active.
The question is, how many false positives are okay?
You try to have as little false positives as possible while also having as little spam as possible. Can't prevent either 100%
That's not really an answer. And yes, you can prevent the one 100%.
Exactly - don't filter, and you will have 0% false positives.
Or block 100% and you have no spam 
@IRJ said in Github for code storage:
It seems like some of you are using github for code storage. I am starting write more and more code as of late and would like a better way to organize it in the cloud.
What solution are your using? and if you are using github, how are you organizing it?
I use hosted GitLab. It's free for private repos. Plus the runners are free as well if you host them. It's an awesome service.
The biggest limits on GitLab are large organization things like burndown charts and Epic creation for kanban. A lot of stuff like that.
Is it just the checksum on a page or is there content around the checksum?
For Fedora you can just do
sudo dnf install vagrant-libvirt
@travisdh1 said in Onlyoffice vs Collabora in Nextcloud:
@stacksofplates said in Onlyoffice vs Collabora in Nextcloud:
@scottalanmiller said in Onlyoffice vs Collabora in Nextcloud:
@travisdh1 said in Onlyoffice vs Collabora in Nextcloud:
@scottalanmiller said in Onlyoffice vs Collabora in Nextcloud:
@travisdh1 said in Onlyoffice vs Collabora in Nextcloud:
Last time I looked at them, the Collabora open source version needed compiled.
It's never needed that as long as I've known about it. It's a Docker instance, which is the real pain of it.
Hrm, I'll have to take another look. Docker would make it somewhat easier.
No, makes it ridiculously harder.
The Collabora documentation is really straightforward on the container and looks very easy. What isn't "production" about the setup?
With Docker, you have to be running the exact same version of OS and kernel that the devs who built the container. Docker specifically isn't portable like so many people claim.
No you don't. That's not true at all.
Yes you can create an app that uses a syscall that may be deprecated or uses a very new kernel hook that isn't available in older kernels. So you would be limited to kernels that support those, but it is in no way a requirement to have the exact same kernel and certainly not the exact same OS.
@travisdh1 said in Onlyoffice vs Collabora in Nextcloud:
@stacksofplates said in Onlyoffice vs Collabora in Nextcloud:
@travisdh1 said in Onlyoffice vs Collabora in Nextcloud:
@stacksofplates said in Onlyoffice vs Collabora in Nextcloud:
@scottalanmiller said in Onlyoffice vs Collabora in Nextcloud:
@travisdh1 said in Onlyoffice vs Collabora in Nextcloud:
@scottalanmiller said in Onlyoffice vs Collabora in Nextcloud:
@travisdh1 said in Onlyoffice vs Collabora in Nextcloud:
Last time I looked at them, the Collabora open source version needed compiled.
It's never needed that as long as I've known about it. It's a Docker instance, which is the real pain of it.
Hrm, I'll have to take another look. Docker would make it somewhat easier.
No, makes it ridiculously harder.
The Collabora documentation is really straightforward on the container and looks very easy. What isn't "production" about the setup?
With Docker, you have to be running the exact same version of OS and kernel that the devs who built the container. Docker specifically isn't portable like so many people claim.
No you don't. That's not true at all.
Yes you can create an app that uses a syscall that may be deprecated or uses a very new kernel hook that isn't available in older kernels. So you would be limited to kernels that support those, but it is in no way a requirement to have the exact same kernel and certainly not the exact same OS.
Yes, that's what everyone claims, but I have very rarely had a Docker container work when deployed to a different distribution that it was created on, and sometimes even different kernel versions break things.
Yes, they are supposed to be portable, but every distribution has a slightly different compiled kernel. Because the kernel is shared, random things are just broken and/or don't work. I've seen it happen so often that I just assume anyone claiming Docker containers works with it in a monolithic environment. In which case, of course they just work.
I've literally never had it happen and I use it all of the time. Build on Fedora, deploy to either RHEL/CentOS or Fedora. And pull images from Ubuntu and use those all of the time.
Grafana is probably the easiest and best looking.
Just for kicks here's what I set up:
podman pod create -p 8080:80 -p 9980:9980 --name nextcloud-pod
podman run --pod nextcloud-pod -d nextcloud
podman run -d -t --name collabora --pod nextcloud-pod -e "extra_params=--o:ssl.enable=false" -e "domain=example\\.com" collabora/code
Then I just pointed the Collabora app in Nextcloud to http://127.0.0.1:9980.
@brandon220 said in Onlyoffice vs Collabora in Nextcloud:
@stacksofplates True.... I was overthinking it.
If I try to use the local ip, it throws a mixed content error regarding https.Error when trying to connect (Mixed Active Content is not allowed. HTTPS address for Document Server is required.)
ok kind of cheating but what if you do -p 443:80 to the container instead of -p 80:80? Does it let you fake https then? I mean this would happen regardless of if it's a container or not. I guess I can see the point of Nextcloud wanting to not have mixed protocols but what about running things on localhost beside it? That seems like a strange decision.
