@emad-r said in FOSS VPS Options (or VirtKick alternative):

@stacksofplates said in FOSS VPS Options (or VirtKick alternative):

Why not just use OpenStack?

I didnt know it had this functionality, I thought it was like vCenter.

Do you have screenshots on how the clients see the panel ?
do you know easy guide to set it up with KVM centos 7 ?
Does it support billing ?

Created a demo user. You get whatever resources are assigned to that user/group.

0_1513458428144_os.png

This is an all-in-one setup for a home lab. If you do this the right way you probably won't be managing it yourself. It uses KVM on CentOS (or Xen is possible on other platforms).

There is no billing directly through OpenStack, but it provides the info for that. Usage is tracked for all projects. You can set up billing through something like Cloudforms (ManageIQ). It doesn't look like Vmango does anything related to billing at all.

However, to be frank, are you really going to be charging customers to run a VPS on a single host?

Kimchi Screenshot Tour:

23_1513416848168_2017-12-16 11_32_41-Wok.png 22_1513416848168_2017-12-16 11_32_33-Wok.png 21_1513416848168_2017-12-16 11_32_26-Wok.png 20_1513416848168_2017-12-16 11_32_21-Wok.png 19_1513416848168_2017-12-16 11_32_12-Wok.png 18_1513416848167_2017-12-16 11_32_07-Wok.png 17_1513416848167_2017-12-16 11_31_59-Wok.png 16_1513416848167_2017-12-16 11_31_55-Wok.png 15_1513416848167_2017-12-16 11_31_38-Wok.png 14_1513416848167_2017-12-16 11_31_26-Wok.png 13_1513416848166_2017-12-16 11_31_21-Wok.png 12_1513416848166_2017-12-16 11_31_18-Wok.png 11_1513416848166_2017-12-16 11_31_12-Wok.png 10_1513416848165_2017-12-16 11_31_05-Wok.png 9_1513416848165_2017-12-16 11_30_49-Wok.png 8_1513416848162_2017-12-16 11_30_59-Wok.png 7_1513416848162_2017-12-16 11_33_31-Wok.png 6_1513416848162_2017-12-16 11_33_25-Wok.png 5_1513416848162_2017-12-16 11_33_15-Wok.png 4_1513416848161_2017-12-16 11_33_02-Wok.png 3_1513416848161_2017-12-16 11_32_51-Wok.png 2_1513416848161_2017-12-16 11_32_48-Wok.png 1_1513416848161_2017-12-16 11_32_44-Wok.png 0_1513416848159_2017-12-16 11_32_38-Wok.png

0_1513417013975_2017-12-16 11_35_13-noVNC.png

@coliver said in Smart Phishing Spams worrying me:

This is called spear phishing or targeted phishing. There isn't much you can do about it from a technical perspective. Train your users is about the only option.

That's really the case. The thing about spear phishing is that it is all but impossible to conidently detect unless you are the human recipient and can verify the details in some other manner.

@storageninja

Thanks so much, I will read in the mean time those blogs:

https://www.codyhosterman.com/
https://blogs.vmware.com/vsphere/author/cormac_hogan

@scottalanmiller said in Anyone with Cisco download access (firmware) can help me ?:

I replaced a Cisco a few weeks ago because we could get a Ubiquiti that was new faster, delivered to the site, than we could get a cable to hook into the Cisco. Saved both time and money and got them better quality gear. Pure win. Cisco's "deal with our BS" overhead is very high and a huge factor on their TCO.

Their optics division makes 2 Billion a year I hear. 3rd party optics are made by the same people so I never blinked at using them and duck taping some spares to the side of the chassis.

It's a crazy way of looking at it, but it's MS after all.

@dustinb3403 I didn't get it, sorry 🙂 I am so oblivious...

@tim_g said in When you deal with VMs CPU resources, do you give them Vcpu or Vprocessors ?:

It's all the same on they Hypervisor level.

But I'm guessing it may register differently (how you set it up in your screenshot) in the guest OS and software.

@jaredbusch said in Help me understand Cloudstack and Openstack use scenario:

@dashrender said in Help me understand Cloudstack and Openstack use scenario:

Why quote Scott, then give yourself the winning answer?

Because you can only select your own posts as the answer.

huh - weak!

@nerdydad

Time to purge everything

@emad-r

Solved seem was related to npm app I installed but didnt understand what it will do, its called forever and you can , it was duplicating the NodeBB service.

I removed it and rebooted the server and the npm log seems correct:

[deprecated] `String.prototype.rtrim` is deprecated as of NodeBB v1.5; use `utils.rtrim` instead. 5/9 00:15:31 [1294] - info: [socket.io] Restricting access to origin: http://192.168.1.39: 5/9 00:15:31 [1294] - warn: [plugins/load] The following plugins may not be compatible with your version of NodeBB. This may cause unintended behaviour or crashing. In the event of an unresponsive NodeBB caused by this plugin, run `./nodebb reset -p PLUGINNAME` to disable it. nodebb-plugin-markdown 5/9 00:15:31 [1294] - info: Routes added 5/9 00:15:31 [1294] - info: NodeBB Ready 5/9 00:15:31 [1294] - info: Enabling 'trust proxy' 5/9 00:15:31 [1294] - info: NodeBB is now listening on: 0.0.0.0:4567

@emad-r said in ESXi 6.5 standalone host help export big VM ?:

So writing this to raise awareness, cause newer ESXI 6.5 update 1 refuses the old C# VMware Vsphere client.
Thanks.

Yeah, the Vsphere Client was removed on version 6.5 even for Windows as well. The OVF Tool is what has been recommended to export and import...

@emad-r said in Reset MySQL password on Fedora 26:

@dashrender

Correct, without doing any thing. And this was the first time for 2 things:

Autogen password password password.

back in the day, you install you get blank pass, and use mysql_secure_installation

You still do. No idea what you did

@emad-r

NVM, forgot about VMware Remote Console (VMRC), which is the optimized way of connection to VM GUI console, download it now.

I think vsphere C# client currently is VMRC in some minimal way. At least one is still actively developed. (You cant connect to an .iso file using webclient flex without uploading the whole .iso file to the host, however with the older C# client and newer method VMRC this can be still done).

That said, we lost the export to .ova or .ovf easier method compared to web ui export which gives you the .vmdk file as is.

@emad-r One of the main points of using configuration management tools is that when using them properly you create idempotent operations (getting the same result no matter the number of times the operation is executed).

Instead of using cmd.run to execute the install, you could as others have mentioned the chocolatey module, or if you don't want to install chocolatey on your computers you could use the win_pkg which requries a repo created on the salt-master. Both of those modules are idempotent, so once you reach the desired state no matter how many times you run them they will not make any more changes.

https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_pkg.html
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.chocolatey.html

The software available in the official windows git repo.
https://github.com/saltstack/salt-winrepo-ng

Creating a windows software repository:
On your salt master run

salt-run winrepo.update_git_repos

Sync the repo on your Windows minions

salt -G 'os:windows' pkg.refresh_db

Now you can use the pkg module in your states, or adhoc commands.

//Example adhoc command (remote execution) salt -G 'os:Windows' pkg.install salt-minion

That last command will always install the latest version of the salt-minion you could add the version parameter to specify the one you require.

Firewall?

@emad-r

I just finished home lab setup with Apache + Centos + WebDAV
On 1 machine
that is connected to 2 other glusterfs peers working in replication mode.

It felt good when everything worked as expected. and I can connect via WinSCP, and it recognizes passwords for users created by Bcrypt which I reckon uses Blowfish and over HTTPS which makes it very secure.

umm.. its lame abit that each folder/share you will need to define in it apache webdav.conf, but if you want to implement something manually that is the price you pay.

Other than that it is all good, you can create personal shares like HR , and other Public ones. And replication does occur by the underlying glusterfs.

@aaronstuder said in How to setup Nginx TLS certificate based Authentication (VPN alternative):

@emad-r 3650 🙂

One of the main reasons that normal certs cannot be bought with forever expiration is because then people would be less apt to update them as ciphers are broken.

Look at how many people still use(d) SSLv1 SHA1, etc., long after they were proven broken.

@jaredbusch said in Nginx Certificate Authentication issue:

@emad-r said in Nginx Certificate Authentication issue:

@jaredbusch said in Nginx Certificate Authentication issue:

ls -laZ /etc/pki/nginx/ca.crt

-rw-r--r-- root root ?

i specified -laZ intentionally to show the SELinux context also.

I don't have your directory setup, but this is what my /etc/pki/tls/certs looks like

drwxr-xr-x. root root system_u:object_r:cert_t:s0 . drwxr-xr-x. root root system_u:object_r:cert_t:s0 .. lrwxrwxrwx. root root system_u:object_r:cert_t:s0 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem lrwxrwxrwx. root root system_u:object_r:cert_t:s0 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt -rw-r--r--. root root unconfined_u:object_r:cert_t:s0 dhparam.pem -rwxr-xr-x. root root system_u:object_r:bin_t:s0 make-dummy-cert -rw-r--r--. root root system_u:object_r:cert_t:s0 Makefile -rwxr-xr-x. root root system_u:object_r:cert_t:s0 renew-dummy-cert

Thanks this pointed me in the right direction, a useful guide coming soon