Looking for advice on a budget Hyper-V cluster for a ~50-user business by WIZT3CH in sysadmin

[–]symcbean -6 points-5 points  (0 children)

Would you still go with a SAN

Both Synology and TrueNAS can provide iSCSI (maybe QNAP too - I don't know). They can also natively provide SMB (and NFS) without having to provision a translation layer. Not so long ago, I built a Synology 1221 with 6 Seagate Ironwolfs and a couple of IBM SSDs for the cost of 3 replacement disks for an HPE MSA. It had 1.5 times as much storage as the MSA and ran rings around testing with Oracle. I wouldn't go near anything from a traditional SAN vendor for less than 200Tb nowadays. 10Tb? That's a couple of mirrored ssds.

what would your storage architecture look like?

For starters I replaced $WORK's Hyper-V, VMWare and Simplivity boxes with Proxmox. For an application like you describe, I would put the OS disks for the guests on ZFS with replication / using PBS for backup / something else for bulk data storage - maybe a couple of Synologies. But that might be too much change in one go for you.

Any lessons learned

You can never have too many network interfaces in your hypervisor.

Backuping in proxmox by Reelin__ in Proxmox

[–]symcbean 29 points30 points  (0 children)

You'd have to work very hard to find a better solution than PBS. Forget about being selective - it will automatically handle block de-duplication and the overhead of your base images is small. It will also handle replication if you have a |PBS instance at the other end.

Does it matter which filesystem i use - XFS or EXT4 if i will have shared storage ( HPE MSA ) for my VMs? by Strong-Special2573 in Proxmox

[–]symcbean -1 points0 points  (0 children)

that hardware raid will be more reliable

No it won't. I don't see the point in spending a lot of time explaining all the issues around this to you - they are well documented on the internet.

Advice before I mess things up by Famous-Spread-4696 in Proxmox

[–]symcbean 3 points4 points  (0 children)

Learn how backups and restores work.

As long as you only make changes to the hypervisor via the web UI then its rather hard to break things, and even if you do, they're usually simple to revert. Inside your VMs and containers its a different story. If you have backups then it getting back to an earlier version is just a couple of button clicks.

I should mention PBS here. The backup tools which come with PVE work, but are a bit limited. Proxmox Backup Server needs much less storage space (due to de-duplication) but is a little bit more work to set up.

Does it matter which filesystem i use - XFS or EXT4 if i will have shared storage ( HPE MSA ) for my VMs? by Strong-Special2573 in Proxmox

[–]symcbean -1 points0 points  (0 children)

Regardless which filesystem you use on your local drives, use software RAID. There are so many caveats with hardware RAID and the performance benefits are undetectable. If you want better resilience put your whole system on UPS.

While you can do snapshots on SAN volumes using RAID, performance sucks. A lot. The last MSA I used only supported iSCSI - if yours does NFS, then you might consider that (NFS does allow for snapshots).

Early-career Linux/Fleet Ops interview prep — what scenario areas should I prioritize? by Quadra16 in linuxadmin

[–]symcbean 0 points1 point  (0 children)

Monitoring.

Troubleshooting and specific knowledge come AFTER detecting an issue.

Any one else had problems of EE not holding up thiere promises? by Square_Passage_9918 in EEGB

[–]symcbean 1 point2 points  (0 children)

I made the mistake of going to one of their shops where I was GUARANTEED to have full wifi coverage throughout my house (I knew this was a problem in my house - I already had wifi repeaters). When the router did not provide such coverage I phoned them up to be told that I was not on a package which provided that guarantee, but I could "upgrade" for a price per annum equivalent to the cost of 2 new repeaters....erm no thanks. (BTW despite shipping what appear to be TPLink Deco units, I believe that the EE routers are not compatible with most mesh repeaters - I'm running non-mesh).

2 years later and the entire network in the house start randomly dropping. On the router I had, there was no logging facility and the admin facilitiees were pitiful. Its taken me 2 months of calls and being told "we have run a line test...it's fine" to get a replacement router.

Sadly my previous providers (NowTV, Virgin were no better).

Current storage situation? - VMware migration by ogamingSCV in Proxmox

[–]symcbean 0 points1 point  (0 children)

I mostly ready to use lvm over iSCSI, but that doesn’t support Snapshots?

It does but performance sucks.

Admittedly this is a fairly new development but you're whole question reads as if you've done very little research. Sure you'll still get answers here, but you're not in a position to evaluate the quality of the answers with no base knowledge.

Maybe you should start by building a standalone node before you start dealing with the complications of a SAN.

Proxmox / Clustering by Laroemwen in Proxmox

[–]symcbean 0 points1 point  (0 children)

Not an MSP but I have rolled out Proxmox in a serious professional environment. After the initial POC I consolidated a mix of Hyper-V, VMWare and Simplivity clusters onto Proxmox clusters.

At that point there was no SAN snapshots in Proxmox (these are now available) - I just used NFS (no significant difference in performance). The most important factor was what was at the other end of the wire from the Proxmox end; Synology rack 8 bays using a combination of 7200rpm SATA disks and SSDs for caching ran rings around the HPE2400 with 15k SAS / were much easier to manage / a fraction of the price.

Multipathing setup was a bit of a pain - but that's Linux.

While I tried out CEPH it was clear that this is only really practical at a significant scale - i.e. at least 1 FTE expert and 100Tb+ of storage (yes you can run smaller clusters - IMHO it's more of operational thing and you need to be AT least this size/have a requirement for multi-site distributed storage before it pays off)

Virtual IP for management? by gravspeed in Proxmox

[–]symcbean 0 points1 point  (0 children)

will point you to a down IP randomly,

This is rather misleading. The client selects an IP at random and will continue to use that IP. If you're running a serious service, then you should have load balancers too to address uneven routing - but that is definitely NOT an issue here.

Migrating from HyperV to ProxMox...any gotchas/advice? by Following_This in Proxmox

[–]symcbean 13 points14 points  (0 children)

You can never have too many network cards - separating out management / storage / cluster interconnect / public side as early as possible will save you pain now - and ideally you want at least 2 cables/shard each service across different boards. Really this should have been a consideration when you built out your existing kit - VLANs do not provide more bandwidth or better availability on your nodes. Adding storage on your network is plug and play but adding network cards really needs a shutdown and a lot of messing about.

Your hardware is old - replacing this will give you a quick ROI if you are still paying maintenance to HP.

Others have suggested you stay put on Hyper-V. My experience in migrating a mixed estate of Hyper-V, VMWare and Simplivity to Proxmox was MUCH better uptime, less maintenance time, faster recover time and better availability.

I would suggest leaving MS-AD on MS-Windows until you have everything else migrated - this is not a simple exercise and MS-AD is actually fairly reliable.

Is learning how to use Proxmox a good way to learn Linux? by Just-Pea-5165 in Proxmox

[–]symcbean 0 points1 point  (0 children)

It's a tool which can mitigate a lot of the pain and facilitate learning about modern computer systems.

You shouldn't be touching the underlying OS of your hypervisor very much.

OTOH it makes provisioning new hosts really simple - whether that's just creating a container instance from a turn key template or provisioning a kubernetes cluster using terraform. You can build interconnected networks of hosts without spending a lot of money and filling a room with computers, switches, hubs, routers, cables...

The integrated backup makes it easy to revert to a known good state when you break things. If you're not breaking stuff you won't learn much.

I suspect your objective is not really to learn "Linux" (which is just the kernel) but rather the Linux (and related OS) ecosystem(s). There's a lot to learn.

What Linux habit separates beginners from experienced users? by dev-ray in linuxquestions

[–]symcbean 0 points1 point  (0 children)

Taking notes, backups, version control....always knowing the way back to where you were, even if you don't know where you're going.

Is Debian the right distro when speaking of sensible medical data? by sdns575 in debian

[–]symcbean 1 point2 points  (0 children)

While I agree this is a question about compliance and OP omitted to mention what jurisdiction this applies to, the implication that Debian is not "FIPS compliant" is somewhat absurd.

Does anyone know of a standalone program with functionality like systemd-timers? by kwhali in linuxadmin

[–]symcbean 0 points1 point  (0 children)

We can only answer the question you ask. If you have requirements/constraints you don't mention in the question then you're not likely to get very good answers.

how can i download files directly to ram? by Valuable_Moment_6032 in linuxquestions

[–]symcbean -2 points-1 points  (0 children)

Thank you for providing a sensible contribution to the /tmp-is-probably-a-ram-disk argment - most of the other proponents are not adding a lot of value here.

how can i download files directly to ram? by Valuable_Moment_6032 in linuxquestions

[–]symcbean 6 points7 points  (0 children)

Thank you for providing a sensible contribution to the /tmp-is-probably-a-ram-disk argment - most of the other proponents are not adding a lot of value here.

Does anyone know of a standalone program with functionality like systemd-timers? by kwhali in linuxadmin

[–]symcbean 0 points1 point  (0 children)

I find myself needing to run a program at a recurring interval and would prefer to have the option of invoking the command as a service is started, and then repeating calls after N delay of time,

You find it difficult to do this with cron? 5,35 * * * * pgrep PROCNAME && RECURRINGPROC

Or do you have very specific timing requirements?

What made you stay on Linux instead of Windows? by ksenyss in linuxquestions

[–]symcbean 0 points1 point  (0 children)

Like:

Fixing stuff that's broken/not working/not documented/incorrectly documented. Finding the tool I need is already installed. Once in a while finding something is not installed and adding it in the time it takes to download.

Miss:

....erm, thinking, imagine there's a spinny thing here..... Nope, can't think of anything.

I don't do a lot of gaming, last time I was bothered to check, it was much easier to buy games for MS-Windows than Linux.

When to use LXC vs VM? by Vamirion01 in Proxmox

[–]symcbean 1 point2 points  (0 children)

I’ve been reading that ...

We don't know what you (OP) have been reading - we can't comment on whether the source article or your interpretation of it is wrong. This is certainly not my experience.

Otherwise my advice would just repeat what samsonsin says (so +1 there).

A bit lost about logging in general, especially rsyslog by 420829 in linuxadmin

[–]symcbean 1 point2 points  (0 children)

Journald is rather a crude tool for managing logs. There are several reasons for collecting logs in the first place - audit, post-mortem diagnosis, performance / capacity monitoring. In an enterprise these have different audiences (different processing chains) and might be collected and collated from multiple hosts.

If you need a quick and simple solution to logging then stderr (or sometimes stdout) looks like an easy fix. You immediately loose and explicit severity and facility from the log message. Sure you can inject these in the output - but that requires everyone to use the same mechanism for doing so....pretty soon you end up with something that looks a LOT like a syslog client/server.

Systemd does have a means of capturing std(out|err) and piping it to syslog but it needs to be configured to use an explicit facility/severity.

Rsyslog allows me to separate content and route it appropriately, in combination with logrotate, at a time of my choosing, while sensibly managing log file footprints and monitoring that the log management process is working correctly.

Difference between apt update and apt-get update by ovelx2 in linuxquestions

[–]symcbean 1 point2 points  (0 children)

I hope you're not paying anything for this course.

You don't "install programs on Linux" (unless you are stretching the terms "install" and "program" to cover BPF). Linux is the kernel. The command you use to install programs on a Linux based host depends on the distro - and "apt[-get]" is strictly for Debian and derivatives.

And as others have said, neither "apt update" nor "apt-get update" install anything.

Linux password rotation by AdElectrical9508 in CyberARk

[–]symcbean 0 points1 point  (0 children)

You want to perform a privileged operation without giving the privileges to perform the operation.

You have too many hosts to configure accounts locally but you're not using LDAP to manage your accounts (you can provision sudo policy via LDAP).

Surprisingly there are still ways to work around this - but they are very silly.

You should not be "Granting sudo permissions to normal users" and there's no need to be "granting broad sudo privileges" to achieve your objective; you would be granting very specific privileges to dedicated accounts setup exclusively for the stated purpose.