@stacksofplates said in Back to Active Directory, Route 53 DNS:

@dashrender said in Back to Active Directory, Route 53 DNS:

If your ERP didn't integrate with AD, what authentication would it use?

Depending on how many people use the ERP I can see that being an issue. If it's manufacturing and every office employee uses it for documents, billing, etc and every shop employee uses it for time tracking and job tracking it could be a nuisance. Plus I doubt there's a way that automation tools can set usernames and passwords because I'm willing to bet this software doesn't have a RESTful API to work with.

Exactly, we have many application that we can integrate with AD making our life easier.

@bigbear said in Back to Active Directory, Route 53 DNS:

Are you referring to Route 53 Private DNS hosting to store the zone and reverse DNS zones? Or are you just referring to DNS resolution to resolve public internet services outside of your domain?

If the latter, and in reference to no AD clients I am assuming one issue is the slowness with which DNS can resolve on insecure clients (non AD) for internet services?

Just trying to understand the resiliency issue you are targeting by not using AD DNS...

I’m already using Route 53 to resolve internal address.

@dashrender said in Back to Active Directory, Route 53 DNS:

Is your plan to not have a LAN? Not sure how you use a public DNS for internal records (NAT'ed, non routable IPs) - I mean, of course you can put non routeable IPs in a public DNS server, that that really seems weird.

I try to be almost LANless (AzureAD, Dropbox, public DNS), but it does not work so well for our workflow. I see no issue with private IP on public DNS, there is zero valuable information in our IP/server names.

@dashrender said in Back to Active Directory, Route 53 DNS:

If your ERP didn't integrate with AD, what authentication would it use?

what was the issue with DropBox and Azure AD? is your issue the lack of a centralized authentication? (I'm assuming DropBox can't use your user's from Azure AD, or vice versa?)

We are using local ERP user, another set of credential to manage. That is one of the issues.

DropBox becomes very pricey if you have a lot of data and a lot of users… spin up another Windows fileserver is essentially free for us (we have datacenter license). And… yes, of course DropBox cannot use AzureAD auth.

@tim_g said in Back to Active Directory, Route 53 DNS:

@francesco-provino said in Back to Active Directory, Route 53 DNS:

@tim_g said in Back to Active Directory, Route 53 DNS:

And your AD server is more reliable than a simple DNS service on the same server?

You could point you AD DNS server to route53, and also configure DHCP to assign your route53 DNS as the second DNS server. That way you get the ease and convenience of not having to screw with external DNS with AD.

Lots of options, but it will be more of a pain in the ass to not use MS DNS with AD. It'll work though.

AD is not nearly as critical as DNS. I can be without AD server for a week without noticing it.

Right, but that's why almost everything asks for at least two DNS servers in IP configurations. Many allow you to configure more.

If you can be without it for that long and not notice, it doesn't seem you have any services really relying on it... which makes me further lean towards Salt. Salt is extremely easy to use. Did you give it a fair chance and learn it?

One thing is to have AD infrastructure in place (that can cache credential and policy for a long time), another one is to have one or more DC always available.

I like salt and I use it for my Linux environments (now learning ansible), but I just prefer the AD integration with many services like our ERP.

@tim_g said in Back to Active Directory, Route 53 DNS:

And your AD server is more reliable than a simple DNS service on the same server?

You could point you AD DNS server to route53, and also configure DHCP to assign your route53 DNS as the second DNS server. That way you get the ease and convenience of not having to screw with external DNS with AD.

Lots of options, but it will be more of a pain in the ass to not use MS DNS with AD. It'll work though.

The master-slave idea is great, I already consider it and it sounds good to me also.

@tim_g said in Back to Active Directory, Route 53 DNS:

And your AD server is more reliable than a simple DNS service on the same server?

You could point you AD DNS server to route53, and also configure DHCP to assign your route53 DNS as the second DNS server. That way you get the ease and convenience of not having to screw with external DNS with AD.

Lots of options, but it will be more of a pain in the ass to not use MS DNS with AD. It'll work though.

AD is not nearly as critical as DNS. I can be without AD server for a week without noticing it.

@tim_g said in Back to Active Directory, Route 53 DNS:

@dashrender said in Back to Active Directory, Route 53 DNS:

Main reason I can think of to use non Windows DNS/DHCP is for non windows devices (i.e. things that need network access but don't use any Windows Services).

He needs AD he says so I assume he has a lot of MS / Windows. Thats not a reason to use it, but just pointing that out. Typically MS DNS is installed with the first DC so I can't imaging how using something else is easier. I have tons of linux using MS DNS and DHCP without any issues ever.

After many tries with Dropbox + Azure AD or saltatack with local user etc. I just found more simple and cost effective just to use AD. We already have Windows server licensing in place for other reasons.

@tim_g I want to rely completely on external DNS like route 53 because of reliability, we already are on that. DHCP is on ubiquiti.

Hi everybody, after a long period without any AD, we discover that being without is just more costly and complicated, so I'm planning to go back to on-premise AD.
This time I want to use Route 53 as the DNS and not the MS one, any hints about the record I'll need?

@thwr said in Backup target recommendation for Veeam B&R:

I'm looking for a Veeam B&R backup target recommendation.

I can't provide much details at the moment, but I'm looking for ~40TB at the moment.

I’m in the same boat as yours. I’m building a Linux backup target with an x3550m4 and a Dell MD1000 attached through a SAS external controller. I just have to finalize the right controller-SAS_ports choice, anyone with experience about that?

@matteo-nunziati said in KVM in Production - Build it yourself:

What has stopped me from using kvm in production was: what if I have to off load stuff to other people? Will they be
skilled enough for this crap?! So I just moved to hyperv+altaro...

That's sad. I hope some user friendly solution will come out soon. I'm in the KVM boat since 2010, KVM is SO good today. Maybe it will get faster adoption after the AWS move.

Seems that Bacula has a KVM plugin: https://www.baculasystems.com/enterprise-backup-solution-with-bacula-systems/virtual-machine-backup-software . Any experience with that?

Testing oVirt 4.2 stable. Does anyone know how to manually start a VM on the ovirt node (EG when the engine is down)? Seems like vdsm-client can do a lot of stuff with VMs, but not start it.

@tim_g said in oVirt Testing:

@black3dynamite said in oVirt Testing:

@tim_g said in oVirt Testing:

@francesco-provino said in oVirt Testing:

@tim_g said in oVirt Testing:

@francesco-provino said in oVirt Testing:

Other than that, the virtual console of the VMs is accesible only with a VNC/spice client, when Cockpit get it right with integrated console.

Maybe there is much of unknowed to me in oVirt, but I find it really a mess compared to KVM.

You can use remote-viewer, VNC, whatever software you want to access VMs.

And even more, in the oVirt web interface (HTML5), you can simply right-click on a VM and click console. You can use spice/vnc/RD from there. Doing the spice options opens up remote-viewer anyways.

You have the same access options as you do with just straight KVM... I'm not sure what you mean here.
Not working from the web interface in 4.2, yet.

No, I haven't access to virsh anymore, with any user included root. And saslpasswd2 won't help this time.

Not sure what you mean. Maybe I'm misunderstanding you.... I have no problems at all opening up a console for a virtual console for a VM in any way.

I can view the VM in virt-viewer/remote-viewer, VNC, noVNC, RDP... even launch the console via Cockpit. What else do you need? If you need to edit the configuration the VM, you can do it all through oVirt as easily as you can in straight VMM. Even via Cockpit you can create VMs via templates and other simple things.

He's talking about virsh commands.

Oh I see, I misunderstood. Makes sense now.

But with oVirt, I don't have any need to run virsh commands... it's all doable through the oVirt GUI.

Everything? Maybe you are talking about a very tiny and non-production environment now… you are missing the best part, scripting and automation!
How can you possibly manage without automation
an environment of 50+ VMs without babysitting everyday?

For instance, in one of my KVM environment I’ve done a tiny script that 1) check the uuid and automatic mount an external esata HDD inside a VM 2) trigger the borg backup script 3) cleanly unmount the disk and email the operator when the task is finished. It tooks half an hour write and ha saved a lot of time in the last 4 years. (Ok, I know the esata hdd is not the best backup target, but it’s the third-offsite one and there are five of that)

@tim_g said in oVirt Testing:

@francesco-provino said in oVirt Testing:

Other than that, the virtual console of the VMs is accesible only with a VNC/spice client, when Cockpit get it right with integrated console.

Maybe there is much of unknowed to me in oVirt, but I find it really a mess compared to KVM.

You can use remote-viewer, VNC, whatever software you want to access VMs.

And even more, in the oVirt web interface (HTML5), you can simply right-click on a VM and click console. You can use spice/vnc/RD from there. Doing the spice options opens up remote-viewer anyways.

You have the same access options as you do with just straight KVM... I'm not sure what you mean here.
Not working from the web interface in 4.2, yet.

No, I haven't access to virsh anymore, with any user included root. And saslpasswd2 won't help this time.

@tim_g said in oVirt Testing:

The same is true for SCVMM. You don't install and use SCVMM for a small environment where you only have one hypervisor. It just over complicates things and actually makes simple tasks take longer.

This isn't how you use something like SCVMM or oVIrt.

If you have a single server, just have a couple VMs you want to run on it, and have KVM management skills... I think oVirt may not be the best thing.

If you have multiple servers, need high-availability, will be going through Virtual Machines, need integrated backups, one-touch migrations and checkpoints, templates, virtual networks, and everything else... then yes, oVirt is for you.

oVirt is a virtualization management platform. It requires at least 2 servers (or one if doing self-hosted) just to run it. You wouldn't do this just for a single hypervisor.

I've two enterprise server with CentOS at the moment, for this home-lab project alone. I understand perfectly the role of oVirt, I'm also a vSphere ops.

And I still find much simple to script anythin in a few lines than to use all this oVirt mess... the template thing can be done easily and without hide VMs under a blob of UUIDs. The same goes for migration and storage HA (gluster, DRBD). Checkpoints AKA... snapshots :D? The OpenvSwitch integration of oVirt is instead a big selling point, I've never got OVS right in plain KVM.

@francesco-provino said in oVirt Testing:

I get an auth error when trying to use virsh... even entering the root or oVirt admin credentials does not help.

Of course this is a feature and not a bug, because vsdm holds the daemon... but I hate it. It makes all my libvirt knowledge useless.

I get an auth error when trying to use virsh... even entering the root or oVirt admin credentials does not help.

Other than that, the virtual console of the VMs is accesible only with a VNC/spice client, when Cockpit get it right with integrated console.

Maybe there is much of unknowed to me in oVirt, but I find it really a mess compared to KVM.