Topics created by EddieJennings

@stacksofplates said in sssd and user ID mapping:

@Pete-S said in sssd and user ID mapping:

@Semicolon said in sssd and user ID mapping:

@Pete-S If it is an issue, its trival enough to prevent public key authentication for users or groups of users, even groups of AD users.

Sure, but the problem for developers and admins is that they usually need their keys. That's why I don't think ad/ldap integration with ssh users really works in that use case.

The other solution, which is what I think is more suitable for developers and admins, is to use your SSO/AD solution with MFA to pickup a short-lived ssh certificate. Then you use the ssh certificate to actually access things.
Many companies with huge infrastructures use this method because it's very scalable.

We forced kerberos for SSH auth after wen enabled AD integration. SSH works like keys then but you don't use the keys.

Never used it but it seems to be a good solution if you want AD integration.

I noticed that gitlab also supports kerberos for pushing and pulling. I assume github does too. That's very convenient.

@jaredbusch one important migration is all it takes. The only way to have done it without downtime would have been to go from Akamai to another CDN then back to Akamai. We opted not to do the back to Akamai part.

@eddiejennings said in Reverse Proxy for Single Public Facing Server:

@dashrender said in Reverse Proxy for Single Public Facing Server:

@eddiejennings said in Reverse Proxy for Single Public Facing Server:

@dashrender said in Reverse Proxy for Single Public Facing Server:

That's pretty easy to do when you're self hosted, but if you're doing something like Vultr instances, I'm guessing it's a bit harder - unless Vultr allows for the creation of VMs that only exist on a private network.

True and that why I specifically mentioned a self-hosting scenario. I think I have a thread from the past asking about whether or not people bother with reverse-proxy for things hosted in Vulture or the like.

I don't think that it makes a difference.

@dbeato said in Unifi Controller Installer Script for Ubuntu 21.04:

@voip_n00b said in Unifi Controller Installer Script for Ubuntu 21.04:

@stacksofplates docker is worse than reddit. I can’t believe you would suggest such hot garbage.

How is it garbage @VoIP_n00b ? It is quite possible if someone wants to run their Controller as a container. I am not sure why you are also comparing Reddit with Docker, what is the comparison?

I think it's an attempt at trolling.

@scottalanmiller said in Multiple Virtual Disks and Application Performance:

Remember.... just because you are virtual does not imply that your storage is virtual, nor does virtual storage imply that the storage will be shared between workloads or VMs. None of that is implied or suggested in going virtual. You still maintain all proper storage management decision making when virtual as you did physical. You don't get to give any of that up.

In restrospect, I probably ought not have included the System Center Dude stuff in the discussion, since it seemed to just cause confusion about what I was curious.

You still maintain all proper storage management decision making when virtual as you did physical.

I believe this is the greatest takeaway from the discussion. Regardless if the environment is like the one I'm in where ultimately one physical storage device is hosting all of the virtual storage within the VMs.

@flaxking said in Microsoft Resellers:

Great experience with Insight Canada account managers. Not so great experience with CDW.

Ingram Micro and Synnex were ok, RMAs always were a pita.

In the US we have to use Insight Canada for account managers. And they were terrible. We've had so many customers totally screwed because they lost their licenses, had no way to be reached. At one point, even Microsoft had no way to reach Insight!

There's a good bit of dysfunction going on, such as two weeks after starting to look into what's needed for configuration manager there's still no authoritative answer on "talk to this person to see what Microsoft licensing we have." 😛

I'm trying to get an idea of what's needed myself, and most of what I found is in relation to those who already have System Center and having current SA entitles you to Configuration Manager Current Branch.

@scottalanmiller said in Basic Ubiquiti Network:

@eddiejennings said in Basic Ubiquiti Network:

@jaredbusch said in Basic Ubiquiti Network:

@eddiejennings said in Basic Ubiquiti Network:

The Dream Machine looks interesting, but I'm not inpressed with it also being an 8-port switch.

I have not looked at it yet, but are they fixed switch ports, or assignable? The ER-X is an example of this.

The documentation I've seen doesn't tell me much. It seems like the switch ports create just a plain layer 2 switch. They aren't assignable interfaces like the old EdgeRouter Lite's eth0, 1 and 2.

I believe that to be true.

The old ER Lite were software bridged only and not something you ever wanted to do. Horrible performance killer.

The ER-X and ER-4 have an actual switch chip. You don't have to make each port use it, but it is there.

So you could make eth0 be WAN and eth1 through eth3 be members of switch0

@black3dynamite said in Ansible facts nested variable syntax preference:

Looks like Bracket notation is best choice instead of dot.

Bracket notation always works. Dot notation can cause problems because some keys collide with attributes and methods of python dictionaries. Use bracket notation if you use keys which start and end with two underscores (which are reserved for special meanings in python) or are any of the known public attributes:

Overlooked that in the documentation. While it's less efficient to type [' and '] rather than ., I'll live with it. 🙂

@Obsolesce said in YAML terminology and Ansible:

@Pete-S said in YAML terminology and Ansible:

@Obsolesce said in YAML terminology and Ansible:

@Pete-S said in YAML terminology and Ansible:

Other than that it doesn't matter to me what anyone calls it.

You are 100% to call it whatever you want. But a key/value pair is commonly referred to as a dictionary... or a hash table which is a dictionary data type. This isn't exclusive to Python in the least.

"Commonly referred" depends on the programming language in question. For example in many other languages it's commonly called an array or collection and never a dictionary.

If you look at the part you quoted, YAML calls it mappings.

The proper computer science terminology would be associative array.
https://en.wikipedia.org/wiki/Associative_array

The best thing to do is to call it exactly what the language or software you are referring to calls it. If Ansible wants you to create what it has named in their documentation as a dictionary in YAML, that's what you refer to it as. Otherwise, someone who is familiar with Ansible and it's documentation won't know what the hell you are talking about if you call it your own thing.

I can agree with that point of view - YAML in the context of Ansible.
https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html

So you'd call it dictionaries then. And lists.

@scottalanmiller said in New to Linux Administration: RHEL-Based or Debian-Based OS:

I agree, both is the obvious choice. But to truly answer the question, I'd focus on Ubuntu (not Debian) and then RHEL. Debian is great, but it is Ubuntu specifically that has the market.

Yes, almost the same is never the same as exactly the same.

@Pete-S said in YouTube Month in Review: December 2020:

@EddieJennings

Impressive work Eddie!

Thanks 🙂

@EddieJennings said in Script for Creating VMs from Template VM in KVM:

@travisdh1 said in Script for Creating VMs from Template VM in KVM:

@EddieJennings said in Script for Creating VMs from Template VM in KVM:

@Pete-S said in Script for Creating VMs from Template VM in KVM:

Not the exactly the same thing but you might want to look into how to create a VM from scratch.
Meaning a script that will set up a VM with vCPU, memory, storage, network etc and then boot it from iso and have it do an unattended install, create what users you want and install the packages you need.

That's one of the next things I'm looking into.

@EddieJennings Also remember about things like kickstart in RedHat based operating systems. In Fedora/CentOS/RHOS you can use a kickstart file to automatically select all the install time options for the OS. A short time later you've got a fresh server and all the time it took you to setup was running the creation script on your hypervisor.

One of the things I'll need to figure out going the Kickstart route is setting the hostname what I want it to be at the time of installation. Likely not difficult to do, I just have to figure it out. Or perhaps, I can just truly take the approach of just making a clean minimal install, and then later configure to whatever specific thing I'm wanting the VM to do for my lab / testing.

Inside the kickstart file you'll find something like this:

network --hostname=centos8-4.example.com

We use debian as our goto and then it's called a preseed file. The only real thing that can be tricky is to tell the installation what kickstart/preseed file you want to use. You can do it in different ways. If you don't want to rely on dhcp/tftp/pxe etc you can roll your own iso file. I think the kickstart file can also be mounted as a drive that the installation will detect when it starts.

I think the best approach is to make an automated installation with same basic settings and some of those will get changed later in the installation. For example you can use a fixed hostname that is later changed from ansible.

@Dashrender said in Managing Distribution Groups in an Exchange Hybrid Environment:

@EddieJennings said in Managing Distribution Groups in an Exchange Hybrid Environment:

I ought to have clarified. DUO MFA comes into play with Outlook for our mailboxes that are in Exchange Online. On-prem mailboxes (the few we have left aren't subject to DUO).

Are those that are left on prem - are they actual users? If so, I'm curious why they can't be migrated?

Eventually all users will be migrated, so, yes, we still have real users on-prem.

This is outside the scope of the original question / scenario, but I've learned a good bit during this process with much of that learning validating a few things I already knew, such as the value of taking the necessary time to plan, and prep the environment for migration (removing unnecessary objects, etc.).

@travisdh1 said in YouTube Months in Review: July and August 2020:

@EddieJennings You've been busy!

That I have. I didn't do a practice session for every objective because I ran out of time before the test. But taking the time to talk through most of them was a good way for me to determine if I needed to go back and review details.

@IRJ Shamelessly stole your ideas and tweaked the wording a bit. 🙂

Draft 5

@Pete-S I'll look at drafting the other format over the next couple of days. If I come up with anything decent, I'll add it to this thread.