@marcinozga said in OS cloud images, anyone?:
LXD containers by default are unprivileged, some software might not play nice with it. Set the container as privileged and see it issues are gone. Apache is one example when I had to adjust the container.
Already done, is not that easy. Also passing devices doesn't work.
@scottalanmiller LXC is nice, but I've met a lot of limits in access devices or fs, and it's not usually trivial to overcome them. Examples? Just try to build ubiquiti UNMS in a LXD container.
@stacksofplates said in OS cloud images, anyone?:
@francesco-provino said in OS cloud images, anyone?:
@stacksofplates said in OS cloud images, anyone?:
I'm running openstack at home. So yes I'm running cloud. I still have a bare KVM server at home also and if I need to run a VM I use virt-builder, create the VM, and get the address with virsh. Then I just run Ansible against it.
Very nice! It looks like the setup I'm gonna build at my home… any further detail? Thanks for your interesting reply!
It's just an OpenStack all in one on a DL380 G6. The KVM server is an R710. Updates are pushed out automatically with Ansible and Jenkins. Right now it's just a static Ansible inventory because I was having trouble getting useful information out of the OpenStack dynamic inventory. So right now it's all DHCP reservations. Likely once I get the script straightened out for the inventory, I won't need that any longer.
I've tried openstack also (in containers), but never found it too useful. At the moment, my goal is to build an environment that I can fully manage without relying on GUIs, so I can manage it with ssh on the iPad. It also seems to boost my needs to automate!
@stacksofplates said in OS cloud images, anyone?:
I'm running openstack at home. So yes I'm running cloud. I still have a bare KVM server at home also and if I need to run a VM I use virt-builder, create the VM, and get the address with virsh. Then I just run Ansible against it.
Very nice! It looks like the setup I'm gonna build at my home… any further detail? Thanks for your interesting reply!
I'm trying to move from classic ISO installation to the more devops-style cloud image + cloud init or virt-builder&co.
Does anyone here have done the same transition? Any hints?
It think regular setup with the console is cumbersome and it's the only thing that cannot be done with standard CLI with modern hypervisors, because it requires a GUI or web interface almost anytime…
@magicmarker said in Linux OS advice for building a SAM-SD:
I just want to mention that the KVM Hypervisor does take more than Linux basic knowledge. After @JaredBusch and @scottalanmiller recommended KVM on Fedora for the SAM-SD OS I have been playing with the KVM Hypervisor on a minimal Fedora install. I was able to successfully get a working KVM Hypervisor running. I realize that I've been very spoiled with the ESXi Hypervisor. I will require a more GUI based Hypervisor setup. I played around with the virt-manager which is a nice alternative to the cli for novice Linux users. There is still too much for me to learn with KVM and I never really did find instructions that really spell it out for me. I'm trying not to use VMware ESXi. I'm going to re-visit Hyper-V 2016 standalone with a Fedora Server (with desktop) VM to be my NFS file server. I'm open to any advice or words of encouragement to re-direct my focus back to the KVM Hypervisor.
Really? I've found KVM/libvirt much easier than XS/XAPI. KVM/libvirt has almost NO limits whatsoever, it can run and use any recent piece of hardware, any storage tecnology… any networking stack, of course.
@scottalanmiller with non-server hardware, 100% yes. I had multiple laptop and desktop pc that weren't able to boot or do basic stuff like loading bash or reading their own LUKS or LVM volume just after an update.
@scottalanmiller so, your raccomandation for deploying a KVM host is fedora 26, because KVM it is RH baby and F26 is the most recent one?
@coliver said in Migrating away from XenServer:
@francesco-provino said in Migrating away from XenServer:
@scottalanmiller but I don't want my host to stop working for an update… OpenSuSe 42.3 seems fairly recent to me.
What does this mean? Why would stop working?
I've seen updates breaking bridge functionality or messing with the VM hardware… an always updated host is a good choice for security and performance, but run VMs on libvirt alpha…
@scottalanmiller but I don't want my host to stop working for an update… OpenSuSe 42.3 seems fairly recent to me.
@scottalanmiller no, I will go with Leap. Why Tumbleweed as an host?
I want to convert two of my hosts to KVM, too… but my choice would be OpenSuSe, for the simple reasons that is more updated and it is a real enterprise distro, not like ubuntu. AFAIK KVM is fully supported.
@jaredbusch said in Ubiquiti released EdgeOS 1.9.7:
@dashrender said in Ubiquiti released EdgeOS 1.9.7:
@jaredbusch said in Ubiquiti released EdgeOS 1.9.7:
@donaldlandru said in Ubiquiti released EdgeOS 1.9.7:
@jaredbusch said in Ubiquiti released EdgeOS 1.9.7:
This means it is time for me to get off my ass and setup UNMS
Not much to see in here yet; however, it was pretty simple to get it going. Maybe I should write the how-to
I am looking at the guides now and I already want to over complicate it because I want it behind my own Nginx proxy.
But I think I will skip that and just install it their way for now.
Why? because you don't want to spend $2.50/m on a vultr instance?
Because specs say 2GB RAM minimum recommended. That is not a $2.50 instance.
Also, I do have a ton of space in colo that is perfectly viable to be used for this.
I can use non standard ports and have no issues. But I don't want to do that either.
I'm installing it inside an LXD container which in turns is inside a XS VM.
It should works.
@jaredbusch said in Ubiquiti released EdgeOS 1.9.7:
@francesco-provino said in Ubiquiti released EdgeOS 1.9.7:
@jaredbusch said in Ubiquiti released EdgeOS 1.9.7:
They have finally added UNMS.
New features
- [UNMS] Add UNMS support (Ubiquiti Network Management System)
- UNMS forum - https://community.ubnt.com/t5/UNMS-Ubiquiti-Network-Management/bd-p/UNMSBeta
- UNMS introduction and roadmap - https://unms.ubnt.com/
- UNMS demo - https://unms-demo.ubnt.com/
Updated! How to access the UNMS now? Too lazy to look up
You have to setup your own UNMS system and point your devices to it.
Installing… docker is downloading… thanks!
@jaredbusch said in Ubiquiti released EdgeOS 1.9.7:
They have finally added UNMS.
New features
- [UNMS] Add UNMS support (Ubiquiti Network Management System)
- UNMS forum - https://community.ubnt.com/t5/UNMS-Ubiquiti-Network-Management/bd-p/UNMSBeta
- UNMS introduction and roadmap - https://unms.ubnt.com/
- UNMS demo - https://unms-demo.ubnt.com/
Updated! How to access the UNMS now? Too lazy to look up 
@travisdh1 what do you reccommend for Radius? On Linux, of course… any quality tutorial out there?
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
I just wonder how much hard could be to setup a proper auth and landing page on the squid VM… I've seen microtik system that automate all the stuff related to move the VM from the guest VLAN and stuff like that. I don't know how much effort would take to orchestrate the ubiquiti sw with squid.
Backup a second. Squid is a proxy/cache. It doesn't do landing pages or authentication. You'd be looking at something else to handle that. The believe the Unifi controller has a captive portal built in that you may be able to work with.
I know, but it needs an external radius server to works.
I just wonder how much hard could be to setup a proper auth and landing page on the squid VM… I've seen microtik system that automate all the stuff related to move the VM from the guest VLAN and stuff like that. I don't know how much effort would take to orchestrate the ubiquiti sw with squid.
Thanks everybody for the hints!
So, your suggestion is using ubiquiti hw for access point and for the gateway (USG for example) and squid for the proxy part.
I think I could put squid in a vm aside the ubiquiti controller, a small 1U server should be more than enough.
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@dashrender what if I just need a log of the visited websites? No content filter is needed, just logging. What can the USG do?
You could easily do something like a squid proxy for this.
I want something fully supported, it's a production environment.
