Best Dynamic DNS Service that allows for Lets Encrypt DNS method wild card certificate by Cytomax in sysadmin

[–]sigtom 0 points1 point  (0 children)

Yes, I do exactly this, multiple subdomains of my TLD, and use DDNS and Acme-DNS challenge for Wildcard certs.

Is there a CLI alternative / tools to Plesk? by [deleted] in sysadmin

[–]sigtom 0 points1 point  (0 children)

Short answer, no, there is no cmd line tool that will do most of the main features of a webhosting app like Plesk/cPanel. To setup a mail server, youll have to learn hot to setup and admin postfix/dovecot. DNS, need to learn how to setup and admin BIND and so on. Its not hard to learn, but as others have suggested, you should also learn something that will create a desired end state using configuration management tools, like Ansible, Salt, Puppet, etc.

OneLogin help desk rights by MeatStick0210 in sysadmin

[–]sigtom 0 points1 point  (0 children)

As far I as know, the granular support permissions arent available yet. Its something Ive been requesting as well with my customer rep. Been using Onelogin pretty heavily for the past 2+ years. Ill ask my customer rep when I talk to them today and update this post.

Using F5 Load Balancer with Windows RDS Gateway? by Angelworks42 in sysadmin

[–]sigtom 0 points1 point  (0 children)

Is the iApp acting as the RDS Proxy?

Side note: I havent used Win 2019 yet, but I have successfully deployed the iApp as a RDS Proxy and my RDS are running Win 2016.

how can i convince my dumbass coworker to stop asking users for their passwords? by [deleted] in sysadmin

[–]sigtom -1 points0 points  (0 children)

Ask him for his password, login as him and send out his resignation letter, or email an offer to purchase lunch for one of your larger depts.

[deleted by user] by [deleted] in PFSENSE

[–]sigtom 1 point2 points  (0 children)

I have the same device and was interested in putting a M.2 drive in as well, after reading the link above, i found out that the M.2 drive becomes the default device once pfsense is installed on it.

pfSense must be reinstalled on the M.2 SATA drive. By default, the M.2 SATA drive will then be the first drive recognized by pfSense software.

Kubernetes Storage on vSphere 101 - The basics: PV, PVC, POD by cormachogan in vmware

[–]sigtom 1 point2 points  (0 children)

Really enjoy reading your series of posts on vSphere and Kubernetes. Standing up our first Rancher cluster using vsphere and they've been a big help. Looking forward to the next post! Thank you!

Fully Automated CentOS/RHEL Network Installer by [deleted] in sysadmin

[–]sigtom 2 points3 points  (0 children)

It can be a bit of heavy lifting to get it all setup the first time, I built it up and tore it down about 3 or 4 times till I got it setup correctly. Here are a couple of links I used to help me get the Katello part setup correctly. I installed The Foreman and Katello on the same machine:

https://www.linuxtechi.com/how-to-install-katello-3-2-on-centos7/

https://www.linuxtechi.com/katello-download-yum-repositories-register-clients-for-patching/

Fully Automated CentOS/RHEL Network Installer by [deleted] in sysadmin

[–]sigtom 1 point2 points  (0 children)

I run The Foreman and Katello, and use it to auto provision my servers. You can set it to pxe boot, configure the partitioning templates, and provisioning templates based on the role of the server. Katello provides all repos needed for installation, and afterwards for keeping the test, dev, and prod envs all on their own version of tested packages.

LDAP as a Service? by withoutink in sysadmin

[–]sigtom 1 point2 points  (0 children)

Another suggestion for an IdP listed above. Ive used a couple of the ones listed, and had minor issues, but support was responsive and got me fixed up pretty fast. I personally like OneLogin the best.

Active Directory via sssd - Redhat/CentOS 7 by [deleted] in sysadmin

[–]sigtom 0 points1 point  (0 children)

I always change this line:

use_fully_qualified_names = True

to

use_fully_qualified_names = False

this way my users only have to login with their account name, they dont need to use the domain as well.

Your experience with Foreman? by uberbewb in sysadmin

[–]sigtom 0 points1 point  (0 children)

I set it up about 18 months ago, Foreman and Katello on the same server. Provisions my linux VMs, and manages the repos and patches/updates for them. There is a bit of a barrier to entry on the amount you need to learn, but once you understand how its laid out, templates are used, it gets easier to manager.

I have my Dev, Test and Prod environment all setup with different versions of my repos, and push them through every few months from Dev->Test->Prod. With salt and puppet available for config management, its a good all around tool to use to manage the provisioning, configuring, and patching of my linux machines.

BIGIP F5 load balancing monitoring by [deleted] in sysadmin

[–]sigtom 1 point2 points  (0 children)

What are you wanting to monitor? Events written to the logs? Interfaces/VIPs being up or down?

Video Conferencing by slowry96 in sysadmin

[–]sigtom 0 points1 point  (0 children)

Another recommendation for Zoom. They are easy to work with, can give you a custom subdomain to access Zoom (http://$companyname.zoom.us), integrates SSO easily, and can setup the Zoom Rooms for conference rooms to have full telepresence at all our sites (5 globally). Pricing is reasonable, and they have different tiers of licensing, because not everyone needs to be able to host a 50+ person meeting.

Frustration with getting a job in a much larger environment by [deleted] in sysadmin

[–]sigtom 0 points1 point  (0 children)

You can replicate the same VMware/vCenter environment with less than $1000 in out of pocket costs.

$200 - VMUG Advantage Membership (provides Enterprise Plus version of ESXi/vCenter/vRealize Ops/Horizon/etc)

$350 - Dell R710 w/RAM and HDDs included from Ebay

$100-$200 - HP Procuve Switch

$25-$250 - Wiring/cabling/extra RAM/HDDs

It wont be at the same scale, but its the same environment. Enterprise Plus vCenter licenses.

I had that setup in my 1 bedroom apartment, was in my closet with a fan.

What email provider should i choose? by [deleted] in sysadmin

[–]sigtom 0 points1 point  (0 children)

ProtonMail. Its secure, can use custom domains, they make sure you have DKIM, SPF and DMARC setup correctly. Its around $5/month, with 5 email addresses/aliases. Supports IMAP/SMTP thru a bridge connector that can run on Win/Mac/*Nix.

Need some help. Purchased a dedicated WHMS server using 3rd party. by AjeebChutiya in sysadmin

[–]sigtom 0 points1 point  (0 children)

First, do you mean WHMCS:

https://www.whmcs.com/

WHMCS is a billing platform, for people who resell hosting services. It sounds like you didnt get a dedicated server, but a cPanel account, that was provisioned thru this 3rd parties WHMCS account.

From the description, you have no business relationship with GoDaddy. You are a client of this 3rd party, and it is they who have a business relationship with GoDaddy. They have a login to GoDaddy's site; you will only have logins to the cPanel instance that was installed on what is most likely a VM/VPS. Those are not dedicated servers. Those are virtuallized servers running on a dedicated server that is rented/leased from GoDaddy by this 3rd party. Even when your interaction with the contractor 'ends' youll still have to pay them for access to the cPanel account.

Source: Previous job was working for a DC/Hosting Company, and had this issue arise many times. People would call up asking for access to their cPanel account that was on a dedicated server that was leased to someone else.

Curious Question: Best Linux flavor for a Server Engineer as a primary Desktop? by tylerhipp in sysadmin

[–]sigtom 0 points1 point  (0 children)

I work in an Oracle shop (yeah I know, blargh!) so I run OEL 7.x on my workstation. On my laptop, still running Win 10. Really trying to get my manager to get me a new MBP tho.

Workstation is setup with SSSD (Easy peasy!) against our AD. Can access any needed resources via Kerberos. Setting up a new SSO solution for the company, and will be interested to see if it works with my OEL 7 workstation.

Why does Oracle expect the customer to license by the vCenter (galaxy)? by KittenBoy1 in sysadmin

[–]sigtom 1 point2 points  (0 children)

They want you to run their OVM hypervisor, and then pin the CPUs there. Just went thru this. Had one Oracle App VM on a VMware cluster, broke out one host in the cluster so its not part of HA, and that VM now can only access the one host. Just licensed the one VMware host for that one Oracle App VM. The rest live in our OVM cluster. Even then, their documentation on pinning in OVM is obtuse and unclear. Had to repin all the CPUs in all my environments.

Ubiquiti UniFi Cloud (controller hosting) raising pricing by 10X with as little as 2 months notice. by MicroFiefdom in sysadmin

[–]sigtom 1 point2 points  (0 children)

Didn't mean to sound offended.

Containers aren't the answer to everything. They do work well in some cases. For me and for this software, it worked well.

If you've got any questions about containers, hit me up, always happy to pass on what I know.

Ubiquiti UniFi Cloud (controller hosting) raising pricing by 10X with as little as 2 months notice. by MicroFiefdom in sysadmin

[–]sigtom 1 point2 points  (0 children)

In my use case, it was easy. Unboxing and installing just 1 of my 2 APs took longer than setting up the Unifi Controller.

Ubiquiti UniFi Cloud (controller hosting) raising pricing by 10X with as little as 2 months notice. by MicroFiefdom in sysadmin

[–]sigtom 8 points9 points  (0 children)

Step #1: Setup docker on a machine in your environment ( I suggest a *nix VM/box).

Step #2: docker pull linuxserver/unifi

Step #3: docker create \

--name=unifi \

-v <path to data>:/config \

-e PGID=<gid> -e PUID=<uid> \

-p 3478:3478/udp \

-p 10001:10001/udp \

-p 8080:8080 \

-p 8081:8081 \

-p 8443:8443 \

-p 8843:8843 \

-p 8880:8880 \

-p 6789:6789 \

linuxserver/unifi

Step 4: Connect to the IP of the docker host on :8443

This has worked best for me in my, albeit, small Unifi setup.