HomeAboutMailing ListList Chatter /0/0 3.84.186.122

Linux physical server, best practice

2018-03-05 by: David Welch
From: David Welch 
------------------------------------------------------
Basically my question is, should everything be run in a virtual machine?

If I'm running an app in-house, Jira say (sigh), on a dedicated server,
should it still be in a KVM virtual machine?

I tend to think so. Despite the increased complexity of the setup, this
gives snapshotting built-in basically.

Thoughts?
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ2h1Z2FsdWcg
bWFpbGluZyBsaXN0CkNodWdhbHVnQGNodWdhbHVnLm9yZwpodHRwOi8vY2h1Z2FsdWcub3JnL2Nn
aS1iaW4vbWFpbG1hbi9saXN0aW5mby9jaHVnYWx1Zwo=

=============================================================== From: Stephen Kraus ------------------------------------------------------ Jails or VMs yes. Gives you more security for the hose and can allow you to isolate the application.

=============================================================== From: Lynn Dixon ------------------------------------------------------ KVM is built into the Linux Kernel and there are tons of userspace tools and services to make managing KVM super easy. Virsh, Virt-manager, oVirt, or hell, OpenStack (if you want to get REALLY complex..heh). I use virtuals for all my stuff as it gives me way more flexibility with my home server. I am one of the oddballs running oVirt in both my home server and my co-located lab machines. I have a single oVirt manager node taking care of both sites (home and remote lab) using the oVirt datacenter construct as the differentiator. On Mon, Feb 5, 2018 at 9:56 PM, Stephen Kraus wrote:

=============================================================== From: David Welch ------------------------------------------------------ oVirt looks interesting. I'm ready to move from Ubuntu, though, so am taking a look at Kimchi. I'm currently using simple 'virt manager' in an attempt to migrate off of VirtualBox.

=============================================================== From: Billy ------------------------------------------------------ I run everything I can in kubernetes pods on bare metal. I even containerize= d the ovirt manager. I do have an ovirt environment for VMs, but if I can run it in a container -= then it runs in a container. I have about 15 applications that run in about 40 containers - from dhcpd, t= o mrouted, dns, git, Jenkins, Postgres, zabbix, pulp, gluster, and a bunch o= ther things I play with. It allows me a lot of density compared to VMs, plus= I can run containers on things that can=E2=80=99t run VMs - like a few Atom= systems or older intel chips that don=E2=80=99t have the VT-x extensions. H= owever, they run containers just fine. Currently my IPA nodes are VMs, but it=E2=80=99s on my todo list to containe= rize that too.=20 --b ng a look at Kimchi. I'm currently using simple 'virt manager' in an attempt= to migrate off of VirtualBox. nd services to make managing KVM super easy. Virsh, Virt-manager, oVirt, or= hell, OpenStack (if you want to get REALLY complex..heh).=20 y home server. I am one of the oddballs running oVirt in both my home serve= r and my co-located lab machines. I have a single oVirt manager node taking c= are of both sites (home and remote lab) using the oVirt datacenter construct= as the differentiator.=20 rote: to isolate the application. : ? should it still be in a KVM virtual machine?=20 gives snapshotting built-in basically.=20

=============================================================== From: Dean Warren ------------------------------------------------------ Billy, Just read your reply and want to know more about containers on atom. What resources would you recommend for a ground up start? Dean Hope you have a great day, Dean Warren r , ch ew Atom However, inerize : t, e er u : e? , s

=============================================================== From: Billy ------------------------------------------------------ Honesty, I=E2=80=99d start with fedora Atomic Host. [1]. It=E2=80=99s specially designed to be lightweight and mostly read only. Upda= tes aren=E2=80=99t done trough =E2=80=9Crpm,=E2=80=9D but by something calle= d =E2=80=9Costree.=E2=80=9D The reason it=E2=80=99s called Atomic, is that updates are, well, Atomic. Yo= u update the host, and the entire system, kernel, packages, etc, are set to t= he new version at boot. If it doesn=E2=80=99t boot, you can boot to the prev= ious =E2=80=9Cslot.=E2=80=9D Sort of like a network switch or appliance. Since it=E2=80=99s mostly read only, in order to administer the box, you use= containers. There=E2=80=99s special containers that fedora ships that have a= bunch of helpful tools, and there are official containers to run rsyslog if= you need it. There=E2=80=99s some for openscap, and vendors even supply som= e containers for their utilities. It=E2=80=99s a different way of administering a box, but it=E2=80=99s lightw= eight, and easy to restore if you mess something up. All my systems that run= containers are based on Atomic Host. When I get a bit more time, I can point you to some GitHub projects that mig= ht help you explore getting started with containers.=20 [1] https://getfedora.org/en/atomic/ --b esources would you recommend for a ground up start? ized the ovirt manager. r - then it runs in a container. , to mrouted, dns, git, Jenkins, Postgres, zabbix, pulp, gluster, and a bunc= h other things I play with. It allows me a lot of density compared to VMs, p= lus I can run containers on things that can=E2=80=99t run VMs - like a few A= tom systems or older intel chips that don=E2=80=99t have the VT-x extensions= . However, they run containers just fine. inerize that too.=20 e: king a look at Kimchi. I'm currently using simple 'virt manager' in an attem= pt to migrate off of VirtualBox. s and services to make managing KVM super easy. Virsh, Virt-manager, oVirt,= or hell, OpenStack (if you want to get REALLY complex..heh).=20 h my home server. I am one of the oddballs running oVirt in both my home se= rver and my co-located lab machines. I have a single oVirt manager node taki= ng care of both sites (home and remote lab) using the oVirt datacenter const= ruct as the differentiator.=20 wrote: ou to isolate the application. te: ne? r, should it still be in a KVM virtual machine?=20 is gives snapshotting built-in basically.=20