Best posts made by stacksofplates

Here's one example of why KVM isnt more popular than it is. I love how KVM does snapshotting. I can create thousands of snapshots off of a metadata preallocated qcow2 image because it's reallocate on write and not copy on write. You would incur almost no performance hit up to a few thousand snapshots. But who works that way anymore? If you have the experience to automate reallocated snapshots and block commit them back to the base, you have the expertise to just create ephemeral systems and not use snapshots at all. Then you turn your expertise to automation of more important things. It's good at what it does, but when you have the expertise to leverage it at that level, you don't need it anymore.

@dashrender said in KVM or VMWare:

So Scott could be right, the might be tons of talent out there, there might be tons of companies with that talent on-board, but how is one supposed to find those companies in the first place.

Because to make the claim you have to know where they are.

If I told you there's a pile of diamonds the size of a house somewhere but couldn't tell you where it was, would you believe me that it exists?

Anyone can make claims based on statements like "we see", "we know", etc but that doesn't mean it's true.

@scottalanmiller said in KVM or VMWare:

@irj said in KVM or VMWare:

These are trends anymore. They are best practices.

Wow, um, no. Anything but. The absolutely, total opposite. Best practice means that there is essentially no exception. These aren't even "good for the majority."

That's just plain incorrect.

We work with large companies ranging from DoD (Platform One, GD, ), to Walmart, to big 4 accounting, to even training Red Hat. We also work with small companies down to 4-5 IT/devs. You are out of touch. All of them want CNCF landscape cloud native tooling. Some still use more legacy tools like Jenkins, but still want cloud native.

Just because the local branch of the single fortune 10 company you say that you work with uses on prem servers means nothing.

@scottalanmiller said in KVM or VMWare:

Just in this thread there is a lot

No there isn't. I"ll just be blatantly honest. I don't think you or your company have the skills you are saying here. Not too long ago you made an argument about creating VMs through Cockpit was fine because manual OS installations was ok and didn't need to be automated through clones. I 100% don't believe your company has KVM skills outside of maybe installing Proxmox and clicking some buttons.

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

Just in this thread there is a lot

No there isn't. I"ll just be blatantly honest. I don't think you or your company have the skills you are saying here. Not too long ago you made an argument about creating VMs through Cockpit was fine because manual OS installations was ok and didn't need to be automated through clones. I 100% don't believe your company has KVM skills outside of maybe installing Proxmox and clicking some buttons.

That's fine, but that's what you have to resort to.... claiming everyone you meet isn't good enough to say that there aren't skills for it. Yes, manual install IS fine, and I can't accept your opinion if you feel that one way is the only way for everything. You are doing exactly what we warn people about.... not evaluating needs, not learning multiple ways. Just latching onto the latest trend and touting the thing you know religiously without doing the one thing that makes us truly IT.... evaluating what we do in the context of the business need.

If you feel that manual installs have no place, you've made my point for me. Your opinion is suspect because you are wearing blinders and not operating like someone advising a company based on their needs, but just pushing an agenda. So you come across, like you sound, like a sales person pushing a product or technique. That's the opposite of our jobs in IT.

Sure, cloning is great much of the time, most of the time. But not all of the time. Until you stop with the "my way or the highway" rhetoric, you can't add value to a decision process.

I'm not claiming everyone isn't good enough. I know large tech companies have great KVM skills. But they are paid a ton and they aren't floating around helping SMBs deploy Windows AD infrastructure.

If you feel that manual installs have no place, you've made my point for me. Your opinion is suspect because you are wearing blinders and not operating like someone advising a company based on their needs, but just pushing an agenda. So you come across, like you sound, like a sales person pushing a product or technique. That's the opposite of our jobs in IT.

Manual installs have their place, to set up the template. Even if you're only deploying one server it should be from a template because it's repeatable. Updates are easier and quicker with templates. Just because you are charging your customers more so you can do manual work instead of automating it doesn't mean others are trying to sell something.

@scottalanmiller said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

Manual installs have their place, to set up the template. Even if you're only deploying one server it should be from a template because it's repeatable. Updates are easier and quicker with templates. Just because you are charging your customers more so you can do manual work instead of automating it doesn't mean others are trying to sell something.

Exaclty the opposite. Since the average business installs only one instance (remember, average businesses are super small) the time to do what you are saying is all above and beyond the work done in teh lifespan of a workload. on average.

Tons and tons of places you are correct, should be templates. But stating "all" is simply BS.

The time to do what I"m saying might add 10 minutes, maybe. To have a system you can rebuild instantly. It only helps you in the long run.

@jaredbusch said in Does Mesh Central support blanking remote screen:

@scottalanmiller said in Does Mesh Central support blanking remote screen:

@jaredbusch said in Does Mesh Central support blanking remote screen:

@scottalanmiller said in Does Mesh Central support blanking remote screen:

Why load? MOst of the time we log into machines that have that stuff already on the screen. We just cause the screen to unlock and don't know who can see it. VERY often for us, that this case comes up, it is a medical system in a room where a doctor may or may not be, and a patient may or may not be, and the patient may or may not have someone watching them.

Logging in to a remote system with potential PHI active on it without a user present? Never. Your entire scenario is a PHI data breach.

Hence the need to blank the screen so that it is the same as any VDI style medical system.

No, your people are the breech. You should not need to see random PHI to support anything. If there is a can't print chart issues, etc, there should be a generic, fake, patient that can be used.

I mean they are also managing peoples passwords and typing them in for the customers so you're already down a bad rabbit hole.

@gjacobse said in Windows Terminal: Runas:

@Obsolesce
That didn't help either....

Are you sure there isn't a policy from something blocking the execution of it?

@scottalanmiller said in KVM or VMWare:

Keep in mind, this thread is about a small IT team in a small business, a private school. The needs for all that stuff doesn't apply to them, at all.

Yet you somehow claim there's tons of KVM talent out there for them to pick from.

That was the whole point of all of this. The only people hiring KVM expertise are enterprises and mainly tech ones. Sure some companies like DO hire them but that's maybe only a handful since the company only has 500 some employees total.

The KVM talent is eaten up by large companies that pay them well because it's hard to do correctly. And with the current landscape it's getting more and more specialized. When I can spin up vms with kubevirt automatically and have it orchestrate and manage them for me, the uses for bare KVM are much smaller.

@eddiejennings said in KVM or VMWare:

@travisdh1 said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@travisdh1 said in KVM or VMWare:

@irj said in KVM or VMWare:

@francesco-provino said in KVM or VMWare:

@WLS-ITGuy I haven’t been in this forum for years, and after years I still see similar questions and the same arguing…

Do yourself a favor and learn something useful like Terraform to automate VMware or similar stuff, the real deal today is not wasting your time reinventing the wheel and doing manual operations, not saving a few bucks on hypervisor’s license.

I agree here. Many on here don't understand the benefits of IaC and proper SDLC because they haven't been exposed to it yet. Penny wise and pound foolish.

Granted many of these one man shops don't have the resources (IT employees) to do it. If you're fixing printers you don't have the bandwidth to do this kind of stuff. Either way there is still pain in the long run for not doing automation, but for them it's just not feasible.

I'm all in favor of automation.

What I question is why you NEED VMWare to automate things? I've done it with XenServer/XCP-NG, and I don't see why anyone couldn't also automate KVM based things as well.

Can you give examples of this automation? I have a feeling the terms aren't exactly the same here.

What I'm thinking of in this case is using Ansible to provision and build and manage VMs and/or the host server.

I’ve been working with this in my home lab, and the virt module seems pretty limited in what it can do. For making a new VM, I’m basically creating and executing a script that runs virt-install to make the VM, which is similar to what the Fedora Project does for VM creation.

You can use virt-clone if you don't want to run full virt-install.

But you need to set the template up first through something.

@rjt said in KVM or VMWare:

@stacksofplates

XCP-ng and XE cli and XenOrchestra and XCPngCenter use the well known XEN API known as "XAPI".

Start a task using the XE command line and it shows up in the other task lists such as that in XenOrchestra.

Start a vm move from XCPNGcenter and it shows up under xe task-list.

Start a vm copy command from XenOrchestra and it will show up under xe task-list.

We use one set of tools to manage both old Citrix 6.5 hosts and the latest XCP-ng hosts.

Not sure how that compares to ProxMox/KVM. Do not know on the status of a real KVM API, but as a long time bash user, I would consider bash an API.

Bash is not an API, it's a shell. You don't really interact with the KVM APIs directly, it's libvirt which you usually interact with because KVM is very low level. Libvirt has real APIs but like I mentioned above, they don't do a lot of what you would want. Commands like xe vm-list are similar to things like virsh list --all and are done through libvirt. KVM can be leveraged without libvirt/qemu (see things like gvisor and firecracker), however libvirt is normally what you get out of the box.

Cloning is a good immediate example. Cloning is done through a tool like virt-clone which is a subset of tooling from virt-manager (source here https://github.com/virt-manager/virt-manager/blob/master/virtinst/virtclone.py) . So if you were to try to create a REST API to interact with libvirt to clone a system you'd essentially need something like a CGI script to kick off the clone process. It's very kludgy. I did a lot of this automation through Ansible, but it took a lot of work and was somewhat limited.

@olivier said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

@pete-s said in KVM or VMWare:

It isn't the ability to automate that is the problem. It's the availablility of easy to use tools that is the problem.

Thats the whole point I'm making.

KVM is hard to automate. Not that it's impossible, but the tooling doesn't exist to where you can easily automate like with VMware.

And that's a very good point. That's why here at Vates, we made various efforts in XCP-ng/Xen Orchestra, providing multiple solutions: Packer, Terraform and even Ansible integration. That's also why Xen Orchestra really makes sense as a "middleware", as a single central point to consume with its API. Like vCenter in fact.

This is a true way to create value on top of it. The other aspect is all about integration, like we did with Netbox for example (sync all VMs and hosts, with their IP address, config and such to Netbox).

Right VMware or Xen Orchestra. If the tool isn't built with an API first mindset, the work needed to automate it greatly increases.

@scottalanmiller said in HTML Editing:

@stacksofplates said in HTML Editing:

@jaredbusch said in HTML Editing:

I only use VS Code today.

Even if I was only Windows, I would use VS Code over Notepad++ now.

There is nothing better available since it can be universally installed on Linux, Windows, or macOS.

I've been using a Mix. I use VSCode some days and I use Pycharm/GoLand other days. I like different things about both.

I like PyCharm and its related tools a lot. I just don't use them enough (or like them enough) to justify the extra price.

Pycharm is free. I did pay for Goland because the debugging and some extra features are worth it. I don't need to use pycharm because you can use the Python plugin in Goland but I had a couple issues one time and just decided to use pycharm separately.

@dashrender said in GPO or GPP printer setup in light of all this printing nightmare stuff?:

If you have a real green field situation - I would seriously look at options to get rid of AD if possible.

I'm not sure I'll ever be able to do that because I have a large number of spots that need any number of 20+ persons be allowed to log into those computers. AD or some similar technology make that pretty easy. While you can script users over multiple machines - that seems painful, though I've never done it.

Seems any hosted directory service would work? AAD or Jumpcloud sound like they would fit.

@pete-s said in GKE Auto Scaling down to shut down resource usage and save costs.:

@stacksofplates said in GKE Auto Scaling down to shut down resource usage and save costs.:

@pete-s said in GKE Auto Scaling down to shut down resource usage and save costs.:

@irj
Interesting, I know nothing but aren't you using the cluster autoscaler?

It's supposed to scale up and down automatically as needed with the settings you give it. If it doesn't scale down as far as you like, have a look at the settings.

Autoscaling depends on the apps. If your app can't withstand a shutdown it's not a good idea. When more nodes are added the scheduler might move the pod to a different machine.

Yes, but that is why you have settings. How far you want to be able to scale down and how far you want to be able to scale up.

But I don't know much about it though except what I've picked up from videos like the one below:

It's not really about cluster settings. Even adding one node can cause a pod to be rescheduled. Then the node has to download the container and start the app which could take quite a bit of time depending on your container size. The point was the only time to enable autoscaling is if you know your app can handle interruptions.

@jaredbusch said in beyond bash shell scripting, what language should I use:

@obsolesce said in beyond bash shell scripting, what language should I use:

@jaredbusch said in beyond bash shell scripting, what language should I use:

@pete-s said in beyond bash shell scripting, what language should I use:

There is no general answer to your question.

There is. Just because you cannot see it doesn't mean it does not exist.

Each person's answer of a language is a general answer. Their reason for the recommendation allows me to see if it fits my need and skill and desire.

It might be an excuse to give Golang a whirl.

I have never done anything with it but I know @stacksofplates has done a bunch with it.

Yeah it all depends. Prob the best option for this use case is to choose based on the libraries available for what you want to do.

However if you just want a binary you can ship around easily then Go is a great choice.

@jaredbusch said in beyond bash shell scripting, what language should I use:

@scottalanmiller said in beyond bash shell scripting, what language should I use:

Go is great as a language. But like Ruby, not installed generally. And fewer resources. If it was a greenfield new OS, yeah, Go for sure. But for practical reasons, Python I think.

As these are systems that I control, there is no reason Go cannot be installed.

Between your comments and prior ones from @stacksofplates I think I might try Go in order to learn it.

You normally wouldn't install it anyway as it's not a scripting language. You'd just compile your binary and ship that to your systems.

I know we talked about this but for everyone, one thing that can help here is having multiple node pools. You can have a node pool for the database that has a certain node size and then one pool for the applications that can be a different size. The application node pool can then be scaled down to zero if needed and then bumped back up.

@taurex said in Centralized Log Management:

Scott pretty much nailed it. Although collecting and preserving logs centrally is a good idea, analysing them anything but superficially would normally require a dedicated IT security team. There are (expensive) solutions like SIEM that make this job easier but even those can hardly be managed by a typical SMB/SME IT depts on their own. If the OP's organisation needs to be ISO 27001 certified or compliant with PCI, HIPAA etc. yet small enough, looking at MDR, MSSP or managed SIEM providers might be an alternative.

Opendistro/opensearch is an SIEM, same with Loki/Grafana or Graylog (even with the crappy licensing).

They don't have to be expensive and they can be relatively easy to set up reasonable alerting for events you need to know about.

@jimmy9008 said in VDI Options - Modernization:

@jt1001001 said in VDI Options - Modernization:

@jimmy9008 We have a use case involving a legacy client/server app that we've determined we're going to have to go VDI for in order to secure it. One lousy app for approx 5 users that I hope we eventually move away from. We are currently reviewing Azure VDI for this and it so far will fit the bill though we had to go throught a lot of "hoops" to configure networking, VPN back into our infrastructure, etc. We have not yet presented budget numbers to the bean counters but Im hoping when we do they will see the $$$$$ wasted for 5 users and will force them to a new product.

What other products do you plan to look at? Still VDI or something else? Any experience of VMWare Horizon?

We have around 600 - 1000 users globally (mostly developers) on the VDI I need to replace. The company dictates that the VDI must be in the same datacenter as the rest of the developers environments, so I don't think Azure VDI would work for us because of that mandate.

I know this isn't VDI, but what about something like GitPod, Eclipse Che, Coder, etc? In everyone's defense, developing over VDI truly sucks. This would keep the development environments in the same data center, but would give a much better experience.