[ale] Recommendations for my next distro?

Jim Kinney jim.kinney at gmail.com
Sun Mar 1 10:49:55 EST 2015


The only good thing about the java use is it's NOT Oracle java. It's
designed to only use openjdk.

Debian has something in their stack that can't talk to freeipa. They
haven't pulled the upstream pam code with the ability to use kerberos.
Don't know why. Outside of freeipa, kerberos is very hard to setup and use.
Oh. And the centos/fedora systems support ID cache with freeipa. If you
login with freeipa with the caching on, later, it the network access to the
freeipa server is down,  it will compare the sha1 hash of your login with
the prior approved cache hash and allow local use. Good for laptop toting
road-warriors.

Updating ovirt doesn't impact the running VMs. The GUI can be slow since
EVERYTHING is a database lookup followed by a java based build into the
HTML screen with ajax overlay.  They now have the admin GUI in a VM itself
so it can be migrated for system maintenance. VMWare is $$$$$OUCH!! Ovirt
is $0. The mailing list team is good as the developers are paid by RedHat
to answer questions. Ditto for FreeIPA. FreeIPA is an AD killer. Yay!
RedHat official version of freeipa is called IdM. The Ovirt version is
called RHEV.

Both tools are slowly being integrated into the replacement for spacewalk.
Think multi-country corporate wide desktop upgrades overnight and server
deployment with a few puppet rules anywhere coupled with corporate
"personality" rules pushing specific code around from dispersed server-farm
environments for HA.

For the home user with technical chops, and good bandwidth, teaming with
other like minded peers can easily create personalized HA cloud services
with redundancy of service and storage.

Hmm. That _would_ make for an interesting ALE project. ALE-Cloud. All open
source tools running on dispersed hardware for community uses - social,
code store, images, communications, etc.
On Mar 1, 2015 10:17 AM, "DJ-Pfulio" <DJPfulio at jdpfu.com> wrote:

> Nice comparison, thanks!
>
> The use of all that java in Redhat enterprise solutions really bothers me.
> OTOH, FreeIPA has me really jealous.  For things that should be cross
> platform,
> seems odd they won't run on Debian. Might as well stay with AD.
>
> I expect that virt-manager would get cumbersome with more than 20 physical
> systems and 100+ VMs or so. I like that different systems can provide
> different
> permissions, but dislike that if you can admin 1 VM on the physical
> server, then
> you can admin them all.
>
> The VMware enterprise stuff is nice (it should be for those costs!!!!) -
> mainly
> because of the migration from release to release isn't usually painful
> like it
> is with openstack (so I hear). Migrations in openstack are ....
> non-existent.
> Basically, you have to build a fresh infra for a new openstack. Seems like
> folks
> would setup a migration hop technique.
>
> On 03/01/2015 09:00 AM, Jim Kinney wrote:
> > Ovirt is large. Very large. It's design is to directly challenge VMware.
> So,
> > yes, very large and designed to be deployed across multiple physical
> systems.
> >
> > My grouse with it is the vast amount of java it's written in. But that's
> all
> > only for the web GUI and it's linking to the back end.  The back end is
> all
> > libvirt :-)
> >
> > I've used it to setup some developers with the ability to generate a VM
> that's a
> > clone of an existing devel environment with (yuck) Oracle ready to go
> for very
> > specific testing needs then drop it in the trash. As I don't have
> control of the
> > network, I can only setup test VM s with private lan  networking which I
> do
> > control. Ovirt uses spice to provide a console, CLI or X, and the access
> is over
> > the single, public IP. PluscI can lock down user access with FreeIPA :-)
> >
> > Yeah, that is a security issue having that much java web code. But the
> entire
> > process is designed to run with full SELinux lock down. That does much to
> > mitigate the damage from a break in.
> >
> > Ovirt is NOT for desktop users to run a few VMs with. Virt-manager does
> that
> > very well. Ovirt's to run a large collection of VMs that's managed by
> multiple
> > admins across multiple servers with large-scale shared storage (NFS is
> default
> > but iSCSI from a SAN is preferred).
> >
> > On Mar 1, 2015 8:39 AM, "DJ-Pfulio" <djpfulio at jdpfu.com
> > <mailto:djpfulio at jdpfu.com>> wrote:
> >
> >     oVirt seems extremely bloated and complex or do I have that wrong?
> Plus it is
> >     Redhat-only and uses a website for administration. Running a web
> server has
> >     always seemed the opposite of secure to me, but if you plan to work
> in a redhat
> >     shop, then using this makes 100% sense.
> >
> >     libvirt + virt-manager is lite/easy in comparison. This method works
> for any
> >     Linux hostOS (major distros) and takes less than 5 min to
> install/configure for
> >     your skill level. You can run a normal desktop on the same machine
> with
> >     virt-manager or remotely access any libvirt hypervisor system
> securely - that is
> >     built-in and uses ssh (password or key-based).  virt-manager is like
> the
> >     virtualbox or VMware player/workstation GUI, so if you've seen
> those, you'll be
> >     fine.
> >
> >     Both can use KVM, LXC, Xen, and a few others (that won't be named)
> and can run
> >     any OS you like (almost). Some people have OS/2 v4 running inside a
> VM, if
> >     that's your desire. ;)
> >
> >     Or .... if you want web admin, take a look at proxmox. It is very
> mature and
> >     provides KVM and openvz containers. OTOH, it takes over the physical
> machine
> >     completely. Don't think you can run a desktop on the host. Lots of
> places have
> >     been running proxmox servers quietly for years.
> >
> >     On 03/01/2015 08:20 AM, Jim Kinney wrote:
> >     > Look at Fedora or CentOS and play with Ovirt and FreeIPA. Those two
> >     > projects have a GUI yet the CLI behind the scenes is massively
> powerful.
> >     >
> >     > Fedora 21 has a server version and CentOS 7 has a desktop version.
> >     >
> >     > Then there's the docker minimalist version of each that's all CLI.
> >     >
> >     > If you have the hardware for virtualization, load Ovirt as a
> standalone on
> >     > CentOS 7 and load up a zillion VMs to test/play with. Then you can
> test
> >     > every distro!
> >
>
>
> --
> Got Linux? Used on smartphones, tablets, desktop computers, media centers,
> and
> servers by kids, Moms, Dads, grandparents and IT professionals.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150301/65d821db/attachment.html>


More information about the Ale mailing list