The OKD GitHub page for additional details and the main website.

So there's a few ways to do what you want. But for Terraform specifically, the best thing to do is create your repeatable and public code and put it in a module. This means you'd have two repositories. One that is the skeleton for your infrastructure, and one that holds all of the values you need. Lets's say you have a module stored on github at github.com/test/module. When you write your main.tf for your private repo you would call it like this:

provider "aws" { region = var.region } module "infra-is-awesome" { source = "github.com/test/module" var1 = "10.0.25.0/24" var2 = "Server01" }

Then when you do terraform init it will pull in your module and map the variables for you.

Now what I would personally recommend is using environment variables for your credentials and anything else you want to expose. So for AWS, Terraform accepts AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. I'd recommend putting this in a dot file in your home directory (or somewhere) like here ~/.terraform:

#!/usr/bin/env bash export AWS_ACCESS_KEY_ID="my access key id" export AWS_SECRET_ACCESS_KEY="my super secret key"

Then when you want to run Terraform, all you have to do before you run it is source ~/.terraform. This will last for as long as you have that shell open. If you close the terminal and open it again, you just need to re-run that command. You can add it to your ~/.bash_profile or whatever, but you may not want it exported all of the time.

Terraform also lets you export environment variables for your regular variables. I don't usually do this, but you can do something like export TF_VAR_region=us-east-1. That would map to var.region instead of needing to type it in.

My advice is to leverage modules as much as possible and keep your private data in a separate repo and just pass that data in as variables to your module(s).

@Dashrender said in Naming convention for VMs?:

Wow - those are all boring.. I name my servers after warships. 😉

I onced named everything on a network after characters from the 5th Element.

Well except the badge machine. That was named MultiPass.. Technically not a character.

@scottalanmiller said in Best SIP VoIP Softphone for macOS:

Got a couple of users on macOS that would like to set up a softphone on their desktops. In theory Linphone, Zoiper, X-Lite make macOS versions. Anyone have a reason to pick one or the other or have another option on macOS?

I use Telephone on my laptop and like it. Its pretty sparse, but it works well and is efficient.

We've been using Skyetel as our primary trunks for some time now, and most of our customers are either using them now or porting over to them in the near term. Service has been great, and very easy to use.

@Obsolesce said in Ad blockers Advice:

@scottalanmiller said in Ad blockers Advice:

@Skyetel said in Ad blockers Advice:

What about something like:

"We noticed you are using an Ad Blocker - We hate ads too - and don't worry, we don't have any on our portal. However, Ad Blockers can cause issues with our portal. Please whitelist us, there's no ads here :D"

We try and keep notices like this friendly.

You aren't running ads. So it might be better to say "Hey, we see you are running an ad blocker. Your Skyetel Portal is ad-free. Some ad blockers have been known to cause issues with the portal. Should you experience any issues, it is possible that your ad blocker may be interacting with some of the portal components."

Looks good to me!

I like this too

@gjacobse said in Designing for tech startup: Network, AD, Backup etc:

@DustinB3403 said in Designing for tech startup: Network, AD, Backup etc:

I suppose you could use Storage Spaces Direct (all windows across the entire thing) but I wouldn't consider SSD at all mature nor production ready, especially at this scale.

Thanks, had not heard of this.

DataOn solutions fully support this and vice versa. They are experienced with this kind of scale and much larger.

@FakeNoMore said in Java JRE Licensing:

@scottalanmiller said in Java JRE Licensing:

@FakeNoMore said in Java JRE Licensing:

What I do not understand is the licensing of the newer versions (10, 11). Is JRE 10 still free?

Java 11 is the current LTS release.
Java 12 is the current rapid release.

Avoid Java 10 or older at this point, anything that old is legacy. 11 & 12 are good options, 10 and older are not as they are neither current nor current LTS.

So do we have to install the whole jdk now on every system since there are no separate JRE builds anymore?
How does that play into possible license costs with basically the whole Java SE installed? The features that are not free are probably there but not used.

Edit: There doesn't seem to be a JRE anymore, only JDK.

The whole thing has always been free. The only thing in the Java ecosystem that has ever requirement payment is running extremely old versions while still patching. As long as you keep things updated, it's always free top to bottom.

@scottalanmiller said in Why does some key combinations not work over ssh?:

@Pete-S said in Why does some key combinations not work over ssh?:

@scottalanmiller said in Why does some key combinations not work over ssh?:

So the issue is that SSH uses the ASCII definitions for what can be passed, and things like Control-Shift aren't defined in the ASCII C0 control set.

https://en.wikipedia.org/w/index.php?title=C0_and_C1_control_codes&oldid=869654887#C0_controls

So they aren't passed because they aren't part of the character set of the protocol. So yes, it's SSH not passing it because it doesn't exist to SSH 😞

That's too bad.

Do you have any link where it says that ssh uses these definitions? Maybe there is a way around it.

Can't find one, not with OpenSSH. Tectia supports it, but is crap in general. If you search on it, everyone talks about the ASCII limits of SSH. You'll find SFTP / SCP have the ASCII / Binary option for connections because of the underlying ASCII protocol in use.

Thanks, I'll dig around and see if I can find something. Otherwise I'll just have accept that it is what it is 🙂

Finally fixed in 2.31.25

@Pete-S Ok, I went ahead and let the installer partition it using the defaults for LVM. Everything is working!

The installer creates a small primary partition and installs /boot to it. It then creates an extended partition with the remainder of the drive and slices up logicals out of that for the LVM. It puts “/“ in vg1 as “lv root” and puts /swap in vg1 as well as lv swap”.

I was not creating a /boot. Never have. I was just creating a primary for the “/“ and then saving some of it for an extended /swap. I’ve done this forever. It even works in a VM. I have no idea why I couldn’t get it to work on the physical machine.

@nadnerB That is just marketing of company's public image. And it surely does make financial sense for Apple.
Scott's example of NTG is probably something different.
The company I work for have priorities other than financial, but that is not true for Apple or many other signatories there.

@JasGot said in A question for the SMB owners and operators here:

In-house software. We developed it in 2002 and maintain it to keep up with our needs.

I think that for MSPs that that tends to make the most sense. Our needs tend to be highly unique, and not that difficult to fill.

I thought it would be good to give an update on how the headphones are holding up to my usage and expectations.

Just a reminder, I got the Sennheiser PXC 550. They are over/around-ear Bluetooth noise-cancelling headphones.

So I've been using them almost daily now for the past almost 4 months, about 45-60 minutes each way to/from work on the train. I don't always use the noise cancelling on the train, but when I do, it shuts up what I am trying to avoid hearing pretty well. 🙂 I also use them at home for watching Udemy courses, at work, music for R&R at home, and sometimes for a video game. I usually use them wirelessly, but sometimes I hook them up to my computer's USB while listening when they need a charge. The charge still lasts well over 20+ hours. I don't time it, but it lasts weeks before needing a charge. Definitely 2+ weeks, depending on usage, which I mentioned above, give or take.

I found out a co-worker has had the same pair for years, and they also still look and work like new.

To wrap up, they are definitely holding up well, and surpassed my expectations. I definitely recommend!

@JaredBusch said in Force USB encryption Windows and Mac:

@Obsolesce said in Force USB encryption Windows and Mac:

@JaredBusch said in Force USB encryption Windows and Mac:

@Obsolesce said in Force USB encryption Windows and Mac:

Another solution for Macs will be required. It's not uncommon to have multiple solutions in place to cover different platforms

That is useless as it means the encrypted media is useless between macOS and Windows.

That's not an issue. There is no requirement to transport data between Mac and Windows devices on USB drives.

The point of wanting to use USB media is for portability. Otherwise, you simply disable it.

I don't know how many users are sticking data on a USB drive from a Mac, then giving it to someone else or marching it over to a Windows device, or vice versa, but if that's the case, there are ways to make it work.
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-to-go-faq

@Pete-S said in Custom web apps for SMB:

Also how big of an SMB are we talking about? A company with 10 employees is very different from one with 100 employees.

The cost of something custom is the same but a larger company can make more use of it and as such it creates more value for them, hence they are more inclined to invest in it.

I've developed a custom application when working for a 100+ employee company, so that's kind of where my mind heads.

@DustinB3403 said in Syncing massive amounts of changing data to BackBlaze B2 via Linux:

@Pete-S At my workstation I'm getting 225Mbit/s down and 155Mbit/s up (clearly not symmetrical there. . .) but not bad either considering I have nothing special configured for my workstation.

On a second test I noticed this A connection of 152.8 Mbps upload would backup 1,650 GB in a day

So this very well could be feasible to do.

Yes, that's not too bad. It could work. As @dafyre and other mentioned you should give it a try.
$.005 per GB is $5 per TB. So get an account and upload 2TB of random data to see how long it takes. Only going to cost you 10 bucks to find out.

@WLS-ITGuy said in GPO question:

@WLS-ITGuy

alt text

Thanks everyone for the assistance! I forgot that I had disabled the damn thing in the beginning of all this even though I told @dbeato that in a PM.

I wonder what was setting it to 30 days then? Perhaps someone in the past set it to 30, then the GPO was disabled, and the setting just stuck until it was changed again and enabled.

@JasGot said in ChromeBook Tablet with LTE?:

So I started looking for information on an Android tablet could be re-initialized with the Chrome OS at a later date. Not much on that topic out there...

Different hardware, unlikely to be happy trying to do that.

@Danp said in Managing spam posting:

Maybe they're enjoying the extra traffic. :man_shrugging:

23b3e1d4-ad1e-482c-b4ce-84bfe89579af-image.png