Honestly the whole fabric of the internet, how email/SMTP and DNS and things work, is just a relic of an earlier time. I honestly think the money-men have their hands deep enough into the workings at this point that you wouldn't be able to create something like those things today and have them go anywhere. I'm surprised that it all still works as well as it does.
No, I was talking about the shared infrastructure. SMTP, DNS, ICANN, things like that require a level of cooperation and shared investment in the whole thing working well, not really because anyone's going to "win" the business game by running it to their particular advantage. That's a very alien way of thinking on the modern internet. The equivalent today would be something like massive publicly available caching web proxies that anyone could use as a big reverse-CDN to speed up their web access that were just kind of provided to everyone, government-funded, just sitting out there as a public resource. You know, like communism.
I've heard network engineers say they had a lot of trouble talking to their bosses about "peering" (setting up routes between two ISPs that happen to have operations close to each other, so they can hand traffic off to each other if it'd be more efficient to use the other guy's routes and both networks get more efficient to operate). They said they had a lot of trouble explaining the concept to the business people. They pay us for service? Fine. We pay them for service? Fine. We provide service to each other and both of us benefit without any money being involved? Plt... bzzt... I give up, I don't get it. Who gets paid? Why do we do this?
They've lost sight of the idea that it's a good thing to set up the world in a nice well working way (for everyone, including yourself), and just focused on how they can make their check bigger even if there's no point, or even if everything gets worse as a result.
We use a separate subdomain. For example, all our hosts are joined to the ad.example.com domain, so remote management would be the same hostname on ilo.example.com.
We also have all HP hardware (at least for servers), so we have everything in OneView. Other devices (NetScaler SDX appliances, other stuff with management interfaces) just have their interface in that subdomain and it works out great.
Running personal active directory hybrid sync with azure, hybrid exchange, a separate red forest for management of vSphere infrastructure, using saltstack for Linux config management. ~50 VMs and containers.
This seems like a good use case for a cluster manager. I’ve used xCAT in the past and recently Lenovo has an interesting project called Confluent that includes a web interface. A paid option would be Bright. These are made to manage hundreds to thousands of nodes.
Look into getting a CMDB and keep track of all of your hardware. That can store the hostname / IPs of your KVM / OS or virtualization layer, vkernels, storage adapter IPs, your vCenters and so on and so forth. If your data is getting so big that spreadsheets are getting tough to manage, then you probable need a more enterprise method of storing it.
Thinking out loud but wouldn’t chrome bookmarks for the URLs backed up to a file/account work better than a sheet of it’s just for access?
As we have mostly Windows based machines we look after everything is in Pulseway or TeamViewer. Routers and misc tend to be on specific ports on their connections IP and we have a shared Keeper repository for passwords and notes.
The company I work for has been buying other companies and customers like is silly season in the last year so we are digesting all the extra crud that came with it and trying to streamline half a dozen CRM, RM and Monitoring systems at the moment.
At my company, we just have a standardized remote management suffix that we just throw at the end of the hostname, so we don’t actually track the urls. For example the server is named frosty, the url would be frostysuffix.
Then we track our servers with either an outdated access database that nobody updates, my locally saved personal Excel sheet, or by logging into one of the 4 different health checking applications that each monitor a piece of the infrastructure. (This part actually really sucks and I hate it.)
I was trying to get yacy working in a tiny container, but the dang thing kept crashing after indexing about 500,000 sites. Yacy is like a peer to peer web crawler. Too busy to dig into it and figure out why.
The weird thing to me about the majority of VMware environments I see is that they exist to prop up and extend Microsoft environments.
Microsoft is hostile towards this use case because having your own cloud competes with their cloud products.
VMware was a commodity product that exists because they know how desperately IT professionals need to keep these Windows systems running with some level of reliability with advanced backup and replication strategies. And it was good.
After trying out proxmox I can say that:
VM performance under windows is much faster on vmware. I think this boils down to the drivers for storage. I could go more into detail but not here.
Containers and Linux VMs are offering me more than I ever really hoped for in proxmox.
But now I’m starting to think what the alternatives are really. VMware was a windows first virtualization platform. Other virtualization platforms in the open source ecosystem really put things like Linux first. Having to race to get to the point of hosting windows systems with constantly increasing licensing prices has really diminished the value to me of virtualization over all for windows.
I think we as a community need to move away from windows on the server and embrace technologies like containers,docker,podman, Kubernetes and phase out reliance on Windows.
For starters, does anybody have a rock solid setup guide for a Kubernetes Active Directory System?
Yeeahh... I'm thinking (hoping) he means an alternative LDAP/IDP, like Keycloak or Authentik..? Wanting to reduce reliance on Windows = kicking AD to the curb, too.
The problem with Samba AD in a container or Samba in container is that Samba isn’t designed to be run in a temporary environment. You could run it in a LXC container but anything beyond that will break things in the short or long term.
I figured you could get around some of the storage limitations with something like persistent volume claims. I’m testing it out at the moment. I am a big fan of LXC.
I see a few people have created docker Samba Containers and I’m giving them a whirl. Can’t say much for stability but I think it’s an interesting experiment.
I know in the past smb server didn’t work in LXC containers because certain kernel modules caused conflicts.
If you manage to create persistent containers how are you going to update them down the road? Like I have said previously, Samba isn’t designed in a way that allows for effectively hot swapping system components.
It seems like it would better to create a VM template and then setup a fail over cluster. Just make sure you have a time server somewhere on the network.
If you are dead set on containers you could try LDAP in a container. I just don’t think active directory was built for Linux containerization.
There are a few applications out there that I don’t fully understand the deployment of but seem to work in containers.
Typically the storage is mounted outside of the container and passed through in the compose file for docker. This allows your data to be persistent. Ideally you would also want those to reside in a file system that can easily be snapshot like ZFS. When you pull down a new docker container, it should just remount the same location and begin to run.
Or at least that’s how I’d imagine it would run. I feel like one would run into the same challenges people have running databases persistently in containers.
Sysadmin
Active