@scottalanmiller said in KVM or VMWare:
There's no shortage of KVM talent, so anyone telling you that they can't hire is actually telling you that they are so bad at searching that they can't function as a business or they are so bad to work for that no amount of money can fix it.
This simply isn't true. No one in the enterprise space runs qemu/libvirt. They've developed their own APIs (gvisor, firecracker, etc).
@rojoloco said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
@jaredbusch said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
It just sounds overall like dell is trying to stay relevant but are using tech from 2017 to do that
And this is a surprise?
No but still gives me the sad feels.
Imagine how I feel having to deploy this nonsense. I guess that's what I get for getting sick and missing 8 months of work.
is the container image public or is it a private Dell repo?
I'd like to take a look at it if it's public.
@irj said in KVM or VMWare:
@jaredbusch said in KVM or VMWare:
@hobbit666 said in KVM or VMWare:
Didn't get on with KVM but thats down to my skill set. (i.e. limited linux skills)
No business should run on just KVM. Until the most current iteration of Proxmox I would never recommend KVM for a business.
I have used it personally for years now. But that is different than running a business. A business needs simple easy to follow processes that are enabled by things like Proxmox, vCenter, and Hyper-V Manager.
Unless you use terraform or similar to build your servers on KVM. You would then need to leverage bash/powershell to do the builds. Then you have a very repeatable process that doesn't rely on GUI management. You can also use an open source tool like Jenkins to manage pipelines for deployment so it's easy repeatable.
I would say most SMBs who aren't trained in IaC would be better off with other options.
yeah we used KVM with just libvirt/qemu but we leveraged things like libguestfs and Ansible to do our deployments. Libguestfs allowed us to control templates and images and then Ansible did our cloning and VM creation/provisioning. You definitely want a good bit of IaC or configuration management experience to do that. However with that complexity, we had a lot of ability in certain areas that we wouldn't have had with vmware.
@jaredbusch said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
It just sounds overall like dell is trying to stay relevant but are using tech from 2017 to do that
And this is a surprise?
No but still gives me the sad feels.
@rojoloco said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
@rojoloco said in RojoLoco needs your Linux brains!!!:
Thanks to everyone for the great replies. I just got confirmation from Dell that I need to go with the server version. So it's looking like CentOS 8 Stream / Docker CE / Docker compose will be the setup. Stand by, there will probably be more noob questions coming soon.
Yeah wow that's gross that they force those specifically. Maybe Dell should catch up with everything that's going on in the world.
Check the original post, Dell gave us the choice of Docker CE or Docker Enterprise. I just read today that Enterprise license is included with Windows 2016/2019 license, so my assumption that "CE is free but Enterprise is not" was wrong. Dell says we can use either, I listed CE because I was unaware of the license thing with Windows. I will be using Enterprise edition.
I told y'all right up front that I don't know shit about any of this...
Eh EE really has no benefits. The crazy thing is the whole landscape is shifting away from Docker. K8s is already on containerd. The only thing left for docker is running locally on your laptop which is becoming less and less of a thing anyway.
All of their choices are pretty bad. RHEL/CentOS has a bad/annoying docker implementation. SUSE shouldn't require SLED. It just sounds overall like dell is trying to stay relevant but are using tech from 2017 to do that
@travisdh1 said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
@travisdh1 said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
@jaredbusch said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
@rojoloco said in RojoLoco needs your Linux brains!!!:
Thanks to everyone for the great replies. I just got confirmation from Dell that I need to go with the server version. So it's looking like CentOS 8 Stream / Docker CE / Docker compose will be the setup. Stand by, there will probably be more noob questions coming soon.
Yeah wow that's gross that they force those specifically. Maybe Dell should catch up with everything that's going on in the world.
Dell did not force that.
I don't get what you mean? They are forcing docker-compose over better containerized alternatives and those specific host versions. The host means nothing, it completely removes the point of a containerized app if I only have specific hosts I can run on.
While what you say here is true, most developers don't set up the containers properly. Leading to being locked into certain underlying distributions. In my experience with Docker, it's portability is mostly hype because of that issue.
I've never had that happen. Can you point me to an example? How would the containerized app even know what system it's running on? It's namespaced in the kernel. I'd love to see a real world example of this.
The only thing I can think of is you tried to run an x86 container on an arm system. The system architecture type should be the only thing that has an affect here
It's been months since I've tried, because I gave up on using the docker deployment method for open source projects.
I know, it makes no sense, but it's what I've run into way more often than not. I think @scottalanmiller has mentioned having these same issues with Docker.
We only run containerized deployments and have never seen that. Open source, enterprise paid, or internally developed.
See if you can find something you couldn't deploy because it must have been a misconfiguration.
@travisdh1 said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
@jaredbusch said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
@rojoloco said in RojoLoco needs your Linux brains!!!:
Thanks to everyone for the great replies. I just got confirmation from Dell that I need to go with the server version. So it's looking like CentOS 8 Stream / Docker CE / Docker compose will be the setup. Stand by, there will probably be more noob questions coming soon.
Yeah wow that's gross that they force those specifically. Maybe Dell should catch up with everything that's going on in the world.
Dell did not force that.
I don't get what you mean? They are forcing docker-compose over better containerized alternatives and those specific host versions. The host means nothing, it completely removes the point of a containerized app if I only have specific hosts I can run on.
While what you say here is true, most developers don't set up the containers properly. Leading to being locked into certain underlying distributions. In my experience with Docker, it's portability is mostly hype because of that issue.
I've never had that happen. Can you point me to an example? How would the containerized app even know what system it's running on? It's namespaced in the kernel. I'd love to see a real world example of this.
The only thing I can think of is you tried to run an x86 container on an arm system. The system architecture type should be the only thing that has an affect here
@jaredbusch said in RojoLoco needs your Linux brains!!!:
@stacksofplates said in RojoLoco needs your Linux brains!!!:
@rojoloco said in RojoLoco needs your Linux brains!!!:
Thanks to everyone for the great replies. I just got confirmation from Dell that I need to go with the server version. So it's looking like CentOS 8 Stream / Docker CE / Docker compose will be the setup. Stand by, there will probably be more noob questions coming soon.
Yeah wow that's gross that they force those specifically. Maybe Dell should catch up with everything that's going on in the world.
Dell did not force that.
I don't get what you mean? They are forcing docker-compose over better containerized alternatives and those specific host versions. The host means nothing, it completely removes the point of a containerized app if I only have specific hosts I can run on.
@rojoloco said in RojoLoco needs your Linux brains!!!:
Thanks to everyone for the great replies. I just got confirmation from Dell that I need to go with the server version. So it's looking like CentOS 8 Stream / Docker CE / Docker compose will be the setup. Stand by, there will probably be more noob questions coming soon.
Yeah wow that's gross that they force those specifically. Maybe Dell should catch up with everything that's going on in the world.
@gjacobse said in Does a script imply Automation?:
@stacksofplates said in Does a script imply Automation?:
What reasons are cited when they fight you on this? This should have been scripted years ago.
Can I buy you a beer, or case,.. or....
There is such a push for 'security' over
anything elsethat it's Not allowed to the point of when onboarding someone, things are missed (or worse; added and not needed) so you have to retouch an account more than once.I've mentioned it since day one, made suggestions, and even found one that would cover most anything needed... It would only need to be adjusted to this environment...
It's always 'blocked' or ignored or what ever. Powershell Remote execution - even if signed - is turned off. To perform a task needed by a process we are starting (MS AutoPilot) PS is needed -
by design.... So, I have to run it - one damn line at a time,.. and circumvent policies and such just to do the tasks needed. It's so seriously ridiculous to need and be told to perform a task - and can't because of the aire of security.....
Find somewhere where you want to work. Life is too short to put up with places like that.
@irj said in Does a script imply Automation?:
@gjacobse said in Does a script imply Automation?:
- Save key to text file with the file name of the computer name, saving to network share.
Saving the key to a text file on a mapped share is really bad lol.
Yeah especially since it's been mentioned this is an environment with higher security and PHI/PII. Mapped drives shouldn't even be a thing.
@gjacobse said in Does a script imply Automation?:
The biggest one they are fighting me on script wise is Onboarding - creating a user, assigning a O365 license, entering in the REQUIRED information for the EMR to work, setting the Manager, address, adding the needed Security groups for VPN, Teams, MFA, and so on. And of course, there is Offboarding that could be done as well...
What reasons are cited when they fight you on this? This should have been scripted years ago. If it's because they are working on implementing something like kace or some automation tool to do it, that's one thing but if they are just saying it has to be manual that's another.
@pete-s said in Does a script imply Automation?:
For instance a motor in a car runs by itself. But that doesn't make the car automated. Because the control of the car is not automated
Except that is automated compared to where it initially started. It's very automated in the sense that I don't have to get out and crank start my car or fill it with oil after every trip because it's assumed my oil will just leak out of my engine like they did when they first arrived.
You're proving my point. Automation changes over time. What we count as automated today will just be something we take for granted tomorrow. Which is why I used the example of lower level concepts. Those used to be manual things, and are now "automated" because we don't even think about them. But we don't really call that automation.
A script that echoes "hello world" is not automation but is a script.
In my mind for it to count as automation, the work the script does has to be less than equal to the amount of work it would take to do the task manually (with the caveat that the work is useful). This would incorporate tying larger initiatives together.
And we are back to what most of the discussions are on this site, it's opinion. The person talking to Gene clearly didn't think whatever the script was counted as automation. He's fully in his right to think that because a lot will agree with him.
I'm more interested to know what the script did or is going to do and we could determine whether it should be counted as automation.
@pete-s said in Does a script imply Automation?:
@eddiejennings said in Does a script imply Automation?:
@gjacobse said in Does a script imply Automation?:
Simply thus
Does a script imply automation?
No. Often a script is used as a tool to create automation, and usually one would write a script with the end goal of eventually automating something. However, just a script alone in a vacuum does not imply automation.
That's not really true because automation is not just IT automation like DevOps.
Automation comes from ancient Greek and means "acting on it's own will".So everything that is "acting on it's own will" is automated. If you start an install script, it will do things on it's own will. That is automation. If you use Ansible (a bunch of scripts) to do something, it's also automation.
Neither of those are fully automated because they will not initiate the process themselves and also requires some manual input.
In contrast things like large modern manufacturing plants are often fully automated and will run by themselves. However operators are needed to make decision and adjust the process so the end result is satisfactory. The ones that make the programs for a factory are called automation engineers.
I feel like this is splitting hairs way too finely. I don't think we can use that definition here.
Opening a browser and going to google.com would then be automation because I don't manually send the tcp request and then send an acknowledgement. I don't manually search the cache for data.
Same with any task on a computer. If we use that definition the only thing that's not automated is manually changing magnetic polarization on the platter by hand.
I believe there's a point where we can say things are automated or not based on what the script/task is.
Wow gross that you have to use a specific OS under the containers. You're stuck between a rock and a hard place. Suse needing docker EE (why?) And CentOS/RHEL trying to do their own docker thing. I guess I'd go with CentOS.
Does this have to be compose or can you do k8s?
@pete-s said in Miscellaneous Tech News:
@stacksofplates said in Miscellaneous Tech News:
@mlnews said in Miscellaneous Tech News:
Cryptocurrency launchpad hit by $3 million supply chain attack
SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.
Guessing they used that term since it's hot news right now.
I wonder if that isn't a supply chain attack anyway. Private repo or not, shouldn't make a difference in that determination. "Private" is just private in the sense that you have to be invited to contribute.
What makes it a supply chain attack is that the hacker didn't attack any production servers. He attacked the software supply chain by injecting malicious code in their repository. Which eventually got deployed and ended up running.
If he had gained access to production servers somehow and made the exact same changes on the software running, it would not have been a supply chain attack.
Don't know how the sushi-thing works but they say it's community driven and decentralized which sound like the malicious code might have ended up deployed in many places.
It's not that it's a private repo. It's that the person was allowed to modify the code base. Supply chain isn't opening a PR to a project and having it approved, that's just insider malicious coding.
@mlnews said in Miscellaneous Tech News:
Cryptocurrency launchpad hit by $3 million supply chain attack
SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.
Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.
Guessing they used that term since it's hot news right now.
@dustinb3403 said in I can't even:
So when do we start boycotting businesses that refuse to use SSL...
They have SSL, it just doesn't redirect you properly.
