<p dir="ltr">The only good thing about the java use is it's NOT Oracle java. It's designed to only use openjdk.</p>
<p dir="ltr">Debian has something in their stack that can't talk to freeipa. They haven't pulled the upstream pam code with the ability to use kerberos. Don't know why. Outside of freeipa, kerberos is very hard to setup and use. Oh. And the centos/fedora systems support ID cache with freeipa. If you login with freeipa with the caching on, later, it the network access to the freeipa server is down, it will compare the sha1 hash of your login with the prior approved cache hash and allow local use. Good for laptop toting road-warriors.</p>
<p dir="ltr">Updating ovirt doesn't impact the running VMs. The GUI can be slow since EVERYTHING is a database lookup followed by a java based build into the HTML screen with ajax overlay. They now have the admin GUI in a VM itself so it can be migrated for system maintenance. VMWare is $$$$$OUCH!! Ovirt is $0. The mailing list team is good as the developers are paid by RedHat to answer questions. Ditto for FreeIPA. FreeIPA is an AD killer. Yay! RedHat official version of freeipa is called IdM. The Ovirt version is called RHEV. </p>
<p dir="ltr">Both tools are slowly being integrated into the replacement for spacewalk. Think multi-country corporate wide desktop upgrades overnight and server deployment with a few puppet rules anywhere coupled with corporate "personality" rules pushing specific code around from dispersed server-farm environments for HA.</p>
<p dir="ltr">For the home user with technical chops, and good bandwidth, teaming with other like minded peers can easily create personalized HA cloud services with redundancy of service and storage.</p>
<p dir="ltr">Hmm. That _would_ make for an interesting ALE project. ALE-Cloud. All open source tools running on dispersed hardware for community uses - social, code store, images, communications, etc.</p>
<div class="gmail_quote">On Mar 1, 2015 10:17 AM, "DJ-Pfulio" <<a href="mailto:DJPfulio@jdpfu.com">DJPfulio@jdpfu.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Nice comparison, thanks!<br>
<br>
The use of all that java in Redhat enterprise solutions really bothers me.<br>
OTOH, FreeIPA has me really jealous. For things that should be cross platform,<br>
seems odd they won't run on Debian. Might as well stay with AD.<br>
<br>
I expect that virt-manager would get cumbersome with more than 20 physical<br>
systems and 100+ VMs or so. I like that different systems can provide different<br>
permissions, but dislike that if you can admin 1 VM on the physical server, then<br>
you can admin them all.<br>
<br>
The VMware enterprise stuff is nice (it should be for those costs!!!!) - mainly<br>
because of the migration from release to release isn't usually painful like it<br>
is with openstack (so I hear). Migrations in openstack are .... non-existent.<br>
Basically, you have to build a fresh infra for a new openstack. Seems like folks<br>
would setup a migration hop technique.<br>
<br>
On 03/01/2015 09:00 AM, Jim Kinney wrote:<br>
> Ovirt is large. Very large. It's design is to directly challenge VMware. So,<br>
> yes, very large and designed to be deployed across multiple physical systems.<br>
><br>
> My grouse with it is the vast amount of java it's written in. But that's all<br>
> only for the web GUI and it's linking to the back end. The back end is all<br>
> libvirt :-)<br>
><br>
> I've used it to setup some developers with the ability to generate a VM that's a<br>
> clone of an existing devel environment with (yuck) Oracle ready to go for very<br>
> specific testing needs then drop it in the trash. As I don't have control of the<br>
> network, I can only setup test VM s with private lan networking which I do<br>
> control. Ovirt uses spice to provide a console, CLI or X, and the access is over<br>
> the single, public IP. PluscI can lock down user access with FreeIPA :-)<br>
><br>
> Yeah, that is a security issue having that much java web code. But the entire<br>
> process is designed to run with full SELinux lock down. That does much to<br>
> mitigate the damage from a break in.<br>
><br>
> Ovirt is NOT for desktop users to run a few VMs with. Virt-manager does that<br>
> very well. Ovirt's to run a large collection of VMs that's managed by multiple<br>
> admins across multiple servers with large-scale shared storage (NFS is default<br>
> but iSCSI from a SAN is preferred).<br>
><br>
> On Mar 1, 2015 8:39 AM, "DJ-Pfulio" <<a href="mailto:djpfulio@jdpfu.com">djpfulio@jdpfu.com</a><br>
> <mailto:<a href="mailto:djpfulio@jdpfu.com">djpfulio@jdpfu.com</a>>> wrote:<br>
><br>
> oVirt seems extremely bloated and complex or do I have that wrong? Plus it is<br>
> Redhat-only and uses a website for administration. Running a web server has<br>
> always seemed the opposite of secure to me, but if you plan to work in a redhat<br>
> shop, then using this makes 100% sense.<br>
><br>
> libvirt + virt-manager is lite/easy in comparison. This method works for any<br>
> Linux hostOS (major distros) and takes less than 5 min to install/configure for<br>
> your skill level. You can run a normal desktop on the same machine with<br>
> virt-manager or remotely access any libvirt hypervisor system securely - that is<br>
> built-in and uses ssh (password or key-based). virt-manager is like the<br>
> virtualbox or VMware player/workstation GUI, so if you've seen those, you'll be<br>
> fine.<br>
><br>
> Both can use KVM, LXC, Xen, and a few others (that won't be named) and can run<br>
> any OS you like (almost). Some people have OS/2 v4 running inside a VM, if<br>
> that's your desire. ;)<br>
><br>
> Or .... if you want web admin, take a look at proxmox. It is very mature and<br>
> provides KVM and openvz containers. OTOH, it takes over the physical machine<br>
> completely. Don't think you can run a desktop on the host. Lots of places have<br>
> been running proxmox servers quietly for years.<br>
><br>
> On 03/01/2015 08:20 AM, Jim Kinney wrote:<br>
> > Look at Fedora or CentOS and play with Ovirt and FreeIPA. Those two<br>
> > projects have a GUI yet the CLI behind the scenes is massively powerful.<br>
> ><br>
> > Fedora 21 has a server version and CentOS 7 has a desktop version.<br>
> ><br>
> > Then there's the docker minimalist version of each that's all CLI.<br>
> ><br>
> > If you have the hardware for virtualization, load Ovirt as a standalone on<br>
> > CentOS 7 and load up a zillion VMs to test/play with. Then you can test<br>
> > every distro!<br>
><br>
<br>
<br>
--<br>
Got Linux? Used on smartphones, tablets, desktop computers, media centers, and<br>
servers by kids, Moms, Dads, grandparents and IT professionals.<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>