Best posts made by Francesco Provino

I've recently started a blog, this is my first article in English… http://www.francescoprovino.com/2016/09/06/xenserver-7-software-raid-with-mail-alert/

I hope you enjoy it!

Thank you all guys, I've already started my experiments (successful, till last try) with clonezilla &co.!

@Dashrender said in Buying vs Saving Economic Theory:

@Francesco-Provino said in Buying vs Saving Economic Theory:

@scottalanmiller said in Buying vs Saving Economic Theory:

@dafyre said in old MSP wants to know what they did wrong:

@scottalanmiller said in old MSP wants to know what they did wrong:

@dafyre said in old MSP wants to know what they did wrong:

@scottalanmiller said in old MSP wants to know what they did wrong:

@DustinB3403 said in old MSP wants to know what they did wrong:

@Mike-Davis and what exactly is wrong with WEP?!

(sarcasm boys)

That's all that they have here on Sicily where we are

O.o Can you VPN back somewhere else?

I'm not in China, the EU does not block VPNs.

VPN for traffic protection, it is, then.... But I mean seriously? The WiFi in Sicily can't use WPA ?

People don't tend to replace access points here. Equipment is expected to last decades.

What? I think I have ZERO equipment older than 5 years in any of the company I worked. And they are SMB, of course.

Wow - you are lucky!
Some of my switches are 10 years old
servers x2 - 10 years old
server x1 - 6 years old
server x1 - 4 years old
printers - 12+ years old
wireless access recently replaced was 10 years old
etc.

We have standardized everything to IBM x3550M4 (3 years old), Cisco SMB stuff, Ubiquity ER8 and HP z230/240. Our refresh cycle is 5 years, if nothing broke first… I'm just thinking about refresh a couple of old HP DL380 G7.

Oh, and a P3600 is just arrived from Germany, to replace one of our 5-years-old DS3500 SAN (switching to local storage, yay!).

Selinux cannot be the problem with SSH, if you haven't changed the SSH server listening port. Selinux has sane defaults for SSH, much less for other application… one of the bigger concern in learning RHEL/CentOS is not how to make everything running, but how to run it with Selinux ENFORCED.

Of course, never disable Selinux. Never.
It's maybe the most valuable security feature on the whole Linux ecosystem.

@msff-amman-Itofficer just use the libvirt shell, virsh! You can both connect to the host via ssh and use virsh installed on the host, or install virsh in the machine you are connecting from and use virsh in a remote fashion.

Virsh can do almost anything you can do with KVM: you can even edit the XML configuration of vm and networks by hand, so really no flexibility limit.
It's also easy scriptable and include a serial remote console, so you can install your OS by hand etc.

If you really really need a graphical console with virsh, you can install any VNC client on your machine and connect to a vm using virsh this way.

@wirestyle22 said in Debian File Server File Recovery:

@travisdh1 said in Debian File Server File Recovery:

@wirestyle22 said in Debian File Server File Recovery:

@travisdh1 nope

Uck. Do you know the type of file system (xfs, ext3, ext4, zfs)?

ext4

I prefer xfs, that can be growth online. Always use LVM.

It's trivial to expand a volume with LVM: just add another virtual disk to the machine, pvadd, lvexend, xfs_growfs and you're done.

@scottalanmiller said in Debian File Server File Recovery:

@Francesco-Provino said in Debian File Server File Recovery:

@wirestyle22 said in Debian File Server File Recovery:

@travisdh1 said in Debian File Server File Recovery:

@wirestyle22 said in Debian File Server File Recovery:

@travisdh1 nope

Uck. Do you know the type of file system (xfs, ext3, ext4, zfs)?

ext4

I prefer xfs, that can be growth online. Always use LVM.

It's trivial to expand a volume with LVM: just add another virtual disk to the machine, pvadd, lvexend, xfs_growfs and you're done.

Same here, XFS is our go to filesystem.

It's the fastest, no-frills, fully-enterprise, best supported alternative.

I had issues with the latest BTRFS, till yesterday (unnecessary rebalance, cpu 100% etc). The ext family is good, but it was not designed for massive scaling or enterprise workloads.
ZFS on linux… no thanks.
JFS and others: not well supported.

I just write an article about that here: http://www.francescoprovino.com/2017/04/16/full-disk-encryption-unlocking-from-virtual-serial-tty-paranoia-xenserver-and-libvirt/ .

@RojoLoco sort | uniq

@IRJ said in List Comparison Tool:

I have two very large lists of IPs and I would like to compare the differences between the list. I usually use Notepad ++ Compare for this type of thing, but I believe it only compares line to line.

I also tried using conditional format in excel, but I am not sure if the results are accurate.

Just one command:
diff <(sort list1 | uniq) <(sort list2 | uniq).

For 95% of tasks involving text manipulation (from the easiest like this to mid-complexity), the standard unix tools can do everything in a very quick and concise way.
The other 4.95% (very complex, special stuff) can be handled by Python (but also ruby or perl).
The last 0,05% is HPC/realtime/weird (C, Ada, erlang?).

But please, don't use a giant piece of bloatware just to compare strings .

@FATeknollogee said in KVM vs XenServer:

@Francesco-Provino We need a super-duper fancy looking web gui to manage KVM.

How come there is nothing like ProxMox or XOA for KVM?
I guess ProxMox is KVM!

Use oVirt if you need a web gui. Virt-manager is fine for 99% of use cases and works over ssh.

Why do you NEED a gui for that? I found the libvirt toolstack very easy to use, the docs are good, virsh is your friend.

I use the guy only for console access stuff, anything can be done via cli in an easier and quicker way than the grafical one.

@FATeknollogee said in KVM vs XenServer:

@Francesco-Provino Have you used oVirt?

The setup is complicated (on purpose?) and the interface is no that great, but it works. My last experience with oVirt was in 2016/03, maybe now could be much better. But a great cli cannot be beaten…
IMHO most of the people think they need a gui control panel because of the "VMware cult": nice GUI client, cumbersome CLI.
PowerCLI is usable, but not for interactive use. Virsh (for KVM) is simply great.

But, really, don't install a guest in the '90s way with KVM, instead use a proper tool like virt-builder.
The old way of install a guest is completely unneeded in a virtualized/cloud world; instead of installing through an ISO, a procedure that is slow and requires kickstart/manual intervention, you can just use a cloud image pre-built and optimized to run as a virtual guest and inject the customizations (credential, additional software, config) with tools like virt-builder.
AWS and the other cloud providers works this way.

@matteo-nunziati Xen can be fully used without XAPI, that are also an OSS project.
XenServer is the Xen package with XAPI, but any enterprise distro provide Xen WITHOUTH XAPI, namely SuSe and Ubuntu. You can use it effectively with libvirt or the xl toolstack.

At the moment I don't see any risk associated with Xen being dropped by anyone, because it's the widely used hypervisor in the world. Almost any public cloud use that. Just the fact that AWS is built on Xen it's a guarantee that it cannot became abandonware in any way. Amazon alone could support the entire Xen development with 0.1% the revenues from the AWS cloud. They have all the interest in maintain Xen healthy.

I think the IT sector is going beyond the enthusiasm wave about vm-based backup, it's not a novelty anymore, in any sense.

I was a veeam-on-vmware fan and I still use it, but I have some thought to share with the community… do we really need this kind o backups for modern workloads?

• VM-based backup comes from a world of deeply stateful, snowflakes machine. The world is moving towards stateless software with even more clear separation between data and applications.
• In my experience, full-VM block-based backups takes longer to run (think about and ERP where only the DB change), are more resource intensive and takes more space.
• Every VM-based system is tied to the specific virtualization platform, so migrate between different environment becomes harder VS agent-based backup system where restore on another platform is trivial.
• VM-based software tends to be more costly and complex than the agent-based counterpart.
• Backups are usually stored in proprietary formats that cannot be read easily; many non-VM backup software just compress the extracted data into common format.

I'm trying to rebuild one of my customer backup infrastructure without leverage any VM-based backup suite, implementing both regular full snapshot export of the VM (golden master templates used to rebuild the VM) and tradition backup methods.

Also, I've the feeling that VM-based backups are more geared towards legacy workloads that cannot adopt a modern design like those of the modern cloud-based, microserver or serverless application, so I think I'll start to use more and more devops-style or virtual-agnostic backup tools just to remain in touch with the latest trends in industry.

What do you think about it?

First, read the vSphere upgrade path on vmware site (just google it), after that…

@kuyaz said in KVM vs XenServer:

Hi all, for example my server has 16 core & 64gb RAM.

Just wondering, how many active VM I can run on those core actually? assuming for each VM I allocate 1GB, can I run 64 active VM with 1 virtual core each?

Can memory be shared also between VM?

When i said active, it is online but not in heavy usage.

It depends on the load, of course. Regarding the CPU, you can easily run 50+ VMs if they are idle. The CPU time is shared between the instance, so the overcommitment is very granular and efficient. Regarding the RAM, XenServer is not very good at RAM overcommitment by default; KVM instead can do a very nice job with similar instances, saving plenty of ram with KSM.

If I understand well, you are trying to install a full GUI in the hypervisor layer of your server. I’m sorry, but this is just plain wrong.
You should only install a bare minimum Fedora and KVM tools on bare metal, period.
The typical server is just not good with graphical stuff.

Don’t get me wrong, it’s great that you are experimenting a KVM environment, but don’t treat it as your old bare metal windows 2008 server.
Just to be clear, the right path to install and manage an enterprise server like the r720 does NOT include connecting any display, EVER.

First thing, you should use the management interface iDrac, that provides you vga-like and terminal access to the server on a web interface. You can even mount ISOs directly from your laptop, the time of burning cd/usb is over!
I’ve deployed two r740 this way two months ago, mounting the VMware ISO through wifi (!).

The other thing is, you don’t have to install any management GUI or tools in the bare metal system, ever. All the management should be done from another machine, that has the management stack. VMware (that I don’t love, but is the gold standard regarding some best practices) makes it clear from the beginning; no GUI, useless busybox on the host, everything is done through the management appliance (the vCenter).

Regarding Fedora, I use it for some of my server and the protocol is:

• install and upgrade the host OS with KVM and its tools;
• harden ssh disabling password login, enable ropt access or anther user that can became root (as of today you MUST use root to start the VM on the host, the user-based qemu connection is flawed in many ways including networking);
• install the KVM management layer (usually libvirt) and your gui of choice (virt-manager) into ANOTHER machine and connect those with the host via key-paired, passwordless ssh.

@ccwtech said in RAID on SSD's:

I set up my servers with RAID 10 and 10 or 15 K RPM Drives and a dedicated RAID card and an SSD Drive for CacheCade.

However with the decrease in pricing for SSD drives, I would like to start using them more in servers.

1. Still do RAID 10 with SSD's?
2. Is a dedicated RAID card still needed if using SSD's?

1. Usually RAID 5 makes sense. Still RAID 10 if you want maximum performance. Be aware that you can saturate almost any SATA/SAS controller with the performances of 6-7 SSD.
2. Apply the same consideration for the HDD.

@ccwtech said in RAID on SSD's:

If you have more than 6 or 7 SSD's you need a separate controller then?

RAID 5 isn't something I have done for years...

You don't "need" a separate controller, simply you will saturate both a separate SAS controller (RAID HW) and an integrated SATA one (SW RAID). Essentially, you can saturate the band of a PCIe 3.1 8x link.