<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 03/01/2015 10:49 AM, Jim Kinney
wrote:<br>
</div>
<blockquote
cite="mid:CAEo=5Px_iewrQqxXgJ174hLWfMFJzc==x4OccCVkEMJdnwNGhA@mail.gmail.com"
type="cite">
<p dir="ltr">The only good thing about the java use is it's NOT
Oracle java. It's designed to only use openjdk.</p>
<p dir="ltr">Debian has something in their stack that can't talk
to freeipa. They haven't pulled the upstream pam code with the
ability to use kerberos. Don't know why. Outside of freeipa,
kerberos is very hard to setup and use. Oh. And the
centos/fedora systems support ID cache with freeipa. If you
login with freeipa with the caching on, later, it the network
access to the freeipa server is down, it will compare the sha1
hash of your login with the prior approved cache hash and allow
local use. Good for laptop toting road-warriors.</p>
<p dir="ltr">Updating ovirt doesn't impact the running VMs. The
GUI can be slow since EVERYTHING is a database lookup followed
by a java based build into the HTML screen with ajax overlay.
They now have the admin GUI in a VM itself so it can be migrated
for system maintenance. VMWare is $$$$$OUCH!! Ovirt is $0. The
mailing list team is good as the developers are paid by RedHat
to answer questions. Ditto for FreeIPA. FreeIPA is an AD killer.</p>
</blockquote>
<br>
My smart guys handled the lack of AD tie in with an uber technical
move: We purchased Centrify. It only costs 30 times what an IDM
server CLUSTER would have costs and does not cache logins or permit
terminal logins. Zero local accounts. What can go wrong? Got any
openings? ;)<br>
<br>
<br>
<blockquote
cite="mid:CAEo=5Px_iewrQqxXgJ174hLWfMFJzc==x4OccCVkEMJdnwNGhA@mail.gmail.com"
type="cite">
<p dir="ltr"> Yay! RedHat official version of freeipa is called
IdM. The Ovirt version is called RHEV. </p>
<p dir="ltr">Both tools are slowly being integrated into the
replacement for spacewalk. Think multi-country corporate wide
desktop upgrades overnight and server deployment with a few
puppet rules anywhere coupled with corporate "personality" rules
pushing specific code around from dispersed server-farm
environments for HA.</p>
<p dir="ltr">For the home user with technical chops, and good
bandwidth, teaming with other like minded peers can easily
create personalized HA cloud services with redundancy of service
and storage.</p>
<p dir="ltr">Hmm. That _would_ make for an interesting ALE
project. ALE-Cloud. All open source tools running on dispersed
hardware for community uses - social, code store, images,
communications, etc.</p>
<div class="gmail_quote">On Mar 1, 2015 10:17 AM, "DJ-Pfulio" <<a
moz-do-not-send="true" href="mailto:DJPfulio@jdpfu.com">DJPfulio@jdpfu.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Nice
comparison, thanks!<br>
<br>
The use of all that java in Redhat enterprise solutions really
bothers me.<br>
OTOH, FreeIPA has me really jealous. For things that should
be cross platform,<br>
seems odd they won't run on Debian. Might as well stay with
AD.<br>
<br>
I expect that virt-manager would get cumbersome with more than
20 physical<br>
systems and 100+ VMs or so. I like that different systems can
provide different<br>
permissions, but dislike that if you can admin 1 VM on the
physical server, then<br>
you can admin them all.<br>
<br>
The VMware enterprise stuff is nice (it should be for those
costs!!!!) - mainly<br>
because of the migration from release to release isn't usually
painful like it<br>
is with openstack (so I hear). Migrations in openstack are
.... non-existent.<br>
Basically, you have to build a fresh infra for a new
openstack. Seems like folks<br>
would setup a migration hop technique.<br>
<br>
On 03/01/2015 09:00 AM, Jim Kinney wrote:<br>
> Ovirt is large. Very large. It's design is to directly
challenge VMware. So,<br>
> yes, very large and designed to be deployed across
multiple physical systems.<br>
><br>
> My grouse with it is the vast amount of java it's written
in. But that's all<br>
> only for the web GUI and it's linking to the back end.
The back end is all<br>
> libvirt :-)<br>
><br>
> I've used it to setup some developers with the ability to
generate a VM that's a<br>
> clone of an existing devel environment with (yuck) Oracle
ready to go for very<br>
> specific testing needs then drop it in the trash. As I
don't have control of the<br>
> network, I can only setup test VM s with private lan
networking which I do<br>
> control. Ovirt uses spice to provide a console, CLI or X,
and the access is over<br>
> the single, public IP. PluscI can lock down user access
with FreeIPA :-)<br>
><br>
> Yeah, that is a security issue having that much java web
code. But the entire<br>
> process is designed to run with full SELinux lock down.
That does much to<br>
> mitigate the damage from a break in.<br>
><br>
> Ovirt is NOT for desktop users to run a few VMs with.
Virt-manager does that<br>
> very well. Ovirt's to run a large collection of VMs
that's managed by multiple<br>
> admins across multiple servers with large-scale shared
storage (NFS is default<br>
> but iSCSI from a SAN is preferred).<br>
><br>
> On Mar 1, 2015 8:39 AM, "DJ-Pfulio" <<a
moz-do-not-send="true" href="mailto:djpfulio@jdpfu.com">djpfulio@jdpfu.com</a><br>
> <mailto:<a moz-do-not-send="true"
href="mailto:djpfulio@jdpfu.com">djpfulio@jdpfu.com</a>>>
wrote:<br>
><br>
> oVirt seems extremely bloated and complex or do I
have that wrong? Plus it is<br>
> Redhat-only and uses a website for administration.
Running a web server has<br>
> always seemed the opposite of secure to me, but if
you plan to work in a redhat<br>
> shop, then using this makes 100% sense.<br>
><br>
> libvirt + virt-manager is lite/easy in comparison.
This method works for any<br>
> Linux hostOS (major distros) and takes less than 5
min to install/configure for<br>
> your skill level. You can run a normal desktop on the
same machine with<br>
> virt-manager or remotely access any libvirt
hypervisor system securely - that is<br>
> built-in and uses ssh (password or key-based).
virt-manager is like the<br>
> virtualbox or VMware player/workstation GUI, so if
you've seen those, you'll be<br>
> fine.<br>
><br>
> Both can use KVM, LXC, Xen, and a few others (that
won't be named) and can run<br>
> any OS you like (almost). Some people have OS/2 v4
running inside a VM, if<br>
> that's your desire. ;)<br>
><br>
> Or .... if you want web admin, take a look at
proxmox. It is very mature and<br>
> provides KVM and openvz containers. OTOH, it takes
over the physical machine<br>
> completely. Don't think you can run a desktop on the
host. Lots of places have<br>
> been running proxmox servers quietly for years.<br>
><br>
> On 03/01/2015 08:20 AM, Jim Kinney wrote:<br>
> > Look at Fedora or CentOS and play with Ovirt and
FreeIPA. Those two<br>
> > projects have a GUI yet the CLI behind the
scenes is massively powerful.<br>
> ><br>
> > Fedora 21 has a server version and CentOS 7 has
a desktop version.<br>
> ><br>
> > Then there's the docker minimalist version of
each that's all CLI.<br>
> ><br>
> > If you have the hardware for virtualization,
load Ovirt as a standalone on<br>
> > CentOS 7 and load up a zillion VMs to test/play
with. Then you can test<br>
> > every distro!<br>
><br>
<br>
<br>
--<br>
Got Linux? Used on smartphones, tablets, desktop computers,
media centers, and<br>
servers by kids, Moms, Dads, grandparents and IT
professionals.<br>
_______________________________________________<br>
Ale mailing list<br>
<a moz-do-not-send="true" href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a moz-do-not-send="true"
href="http://mail.ale.org/mailman/listinfo/ale"
target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a moz-do-not-send="true"
href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Ale mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ale@ale.org">Ale@ale.org</a>
<a class="moz-txt-link-freetext" href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a>
See JOBS, ANNOUNCE and SCHOOLS lists at
<a class="moz-txt-link-freetext" href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
<a class="moz-txt-link-abbreviated" href="mailto:Damon@damtek.com">Damon@damtek.com</a>
404-271-8699
</pre>
</body>
</html>