[ale] Recommendations for my next distro?

Damon L. Chesser damon at damtek.com
Sun Mar 1 11:07:29 EST 2015


On 03/01/2015 10:49 AM, Jim Kinney wrote:
>
> The only good thing about the java use is it's NOT Oracle java. It's 
> designed to only use openjdk.
>
> Debian has something in their stack that can't talk to freeipa. They 
> haven't pulled the upstream pam code with the ability to use kerberos. 
> Don't know why. Outside of freeipa, kerberos is very hard to setup and 
> use. Oh. And the centos/fedora systems support ID cache with freeipa. 
> If you login with freeipa with the caching on, later, it the network 
> access to the freeipa server is down,  it will compare the sha1 hash 
> of your login with the prior approved cache hash and allow local use. 
> Good for laptop toting road-warriors.
>
> Updating ovirt doesn't impact the running VMs. The GUI can be slow 
> since EVERYTHING is a database lookup followed by a java based build 
> into the HTML screen with ajax overlay. They now have the admin GUI in 
> a VM itself so it can be migrated for system maintenance. VMWare is 
> $$$$$OUCH!! Ovirt is $0. The mailing list team is good as the 
> developers are paid by RedHat to answer questions. Ditto for FreeIPA. 
> FreeIPA is an AD killer.
>

My smart guys handled the lack of AD tie in with an uber technical 
move:  We purchased Centrify.  It only costs 30 times what an IDM server 
CLUSTER would have costs and does not cache logins or permit terminal 
logins.  Zero local accounts.  What can go wrong?  Got any openings? ;)


> Yay! RedHat official version of freeipa is called IdM. The Ovirt 
> version is called RHEV.
>
> Both tools are slowly being integrated into the replacement for 
> spacewalk. Think multi-country corporate wide desktop upgrades 
> overnight and server deployment with a few puppet rules anywhere 
> coupled with corporate "personality" rules pushing specific code 
> around from dispersed server-farm environments for HA.
>
> For the home user with technical chops, and good bandwidth, teaming 
> with other like minded peers can easily create personalized HA cloud 
> services with redundancy of service and storage.
>
> Hmm. That _would_ make for an interesting ALE project. ALE-Cloud. All 
> open source tools running on dispersed hardware for community uses - 
> social, code store, images, communications, etc.
>
> On Mar 1, 2015 10:17 AM, "DJ-Pfulio" <DJPfulio at jdpfu.com 
> <mailto:DJPfulio at jdpfu.com>> wrote:
>
>     Nice comparison, thanks!
>
>     The use of all that java in Redhat enterprise solutions really
>     bothers me.
>     OTOH, FreeIPA has me really jealous.  For things that should be
>     cross platform,
>     seems odd they won't run on Debian. Might as well stay with AD.
>
>     I expect that virt-manager would get cumbersome with more than 20
>     physical
>     systems and 100+ VMs or so. I like that different systems can
>     provide different
>     permissions, but dislike that if you can admin 1 VM on the
>     physical server, then
>     you can admin them all.
>
>     The VMware enterprise stuff is nice (it should be for those
>     costs!!!!) - mainly
>     because of the migration from release to release isn't usually
>     painful like it
>     is with openstack (so I hear). Migrations in openstack are ....
>     non-existent.
>     Basically, you have to build a fresh infra for a new openstack.
>     Seems like folks
>     would setup a migration hop technique.
>
>     On 03/01/2015 09:00 AM, Jim Kinney wrote:
>     > Ovirt is large. Very large. It's design is to directly challenge
>     VMware. So,
>     > yes, very large and designed to be deployed across multiple
>     physical systems.
>     >
>     > My grouse with it is the vast amount of java it's written in.
>     But that's all
>     > only for the web GUI and it's linking to the back end. The back
>     end is all
>     > libvirt :-)
>     >
>     > I've used it to setup some developers with the ability to
>     generate a VM that's a
>     > clone of an existing devel environment with (yuck) Oracle ready
>     to go for very
>     > specific testing needs then drop it in the trash. As I don't
>     have control of the
>     > network, I can only setup test VM s with private lan networking
>     which I do
>     > control. Ovirt uses spice to provide a console, CLI or X, and
>     the access is over
>     > the single, public IP. PluscI can lock down user access with
>     FreeIPA :-)
>     >
>     > Yeah, that is a security issue having that much java web code.
>     But the entire
>     > process is designed to run with full SELinux lock down. That
>     does much to
>     > mitigate the damage from a break in.
>     >
>     > Ovirt is NOT for desktop users to run a few VMs with.
>     Virt-manager does that
>     > very well. Ovirt's to run a large collection of VMs that's
>     managed by multiple
>     > admins across multiple servers with large-scale shared storage
>     (NFS is default
>     > but iSCSI from a SAN is preferred).
>     >
>     > On Mar 1, 2015 8:39 AM, "DJ-Pfulio" <djpfulio at jdpfu.com
>     <mailto:djpfulio at jdpfu.com>
>     > <mailto:djpfulio at jdpfu.com <mailto:djpfulio at jdpfu.com>>> wrote:
>     >
>     >     oVirt seems extremely bloated and complex or do I have that
>     wrong?  Plus it is
>     >     Redhat-only and uses a website for administration. Running a
>     web server has
>     >     always seemed the opposite of secure to me, but if you plan
>     to work in a redhat
>     >     shop, then using this makes 100% sense.
>     >
>     >     libvirt + virt-manager is lite/easy in comparison. This
>     method works for any
>     >     Linux hostOS (major distros) and takes less than 5 min to
>     install/configure for
>     >     your skill level. You can run a normal desktop on the same
>     machine with
>     >     virt-manager or remotely access any libvirt hypervisor
>     system securely - that is
>     >     built-in and uses ssh (password or key-based). virt-manager
>     is like the
>     >     virtualbox or VMware player/workstation GUI, so if you've
>     seen those, you'll be
>     >     fine.
>     >
>     >     Both can use KVM, LXC, Xen, and a few others (that won't be
>     named) and can run
>     >     any OS you like (almost). Some people have OS/2 v4 running
>     inside a VM, if
>     >     that's your desire. ;)
>     >
>     >     Or .... if you want web admin, take a look at proxmox. It is
>     very mature and
>     >     provides KVM and openvz containers. OTOH, it takes over the
>     physical machine
>     >     completely. Don't think you can run a desktop on the host.
>     Lots of places have
>     >     been running proxmox servers quietly for years.
>     >
>     >     On 03/01/2015 08:20 AM, Jim Kinney wrote:
>     >     > Look at Fedora or CentOS and play with Ovirt and FreeIPA.
>     Those two
>     >     > projects have a GUI yet the CLI behind the scenes is
>     massively powerful.
>     >     >
>     >     > Fedora 21 has a server version and CentOS 7 has a desktop
>     version.
>     >     >
>     >     > Then there's the docker minimalist version of each that's
>     all CLI.
>     >     >
>     >     > If you have the hardware for virtualization, load Ovirt as
>     a standalone on
>     >     > CentOS 7 and load up a zillion VMs to test/play with. Then
>     you can test
>     >     > every distro!
>     >
>
>
>     --
>     Got Linux? Used on smartphones, tablets, desktop computers, media
>     centers, and
>     servers by kids, Moms, Dads, grandparents and IT professionals.
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-- 
Damon at damtek.com
404-271-8699

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150301/62bb329a/attachment.html>


More information about the Ale mailing list