I floated the idea of "hey we should move the cabinet out of the break room and into a more secure room" and was then shown a small room we have that was very cold, only accessible by a locked exterior door (kind of weird but whatever, it's locked at all times) and apparently includes the place where our net connection enters the building, but clearly has room for server racks. This seems potentially ideal?
What about cooling/ventilation? I know you’re just putting one server in there, but at full load, you might be in trouble.
It's real cold in there so I would assume it is air conditioned pretty well, but I'll check. We've got a guy coming out Monday to help me finish setting up the server so I'm gonna see if we can maybe just put it in there on a table for now instead of in the other guy's office and they'll be able to tell me if there's any reason that's a bad idea.
I ditched Minikube and tried doing the same setup with Docker for Desktop's own stuff. Sure, it works, but oh boy, container management! I'll try Microk8s as well, I mostly just want a quick way to turn k8s on/off for when I want to dabble with it.
+1
Options
RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
Y’all have said a lot of words and I understand maybe half of them.
Well, some cursory trial and error ended up with mostly error - tried multipass/microk8s and multishift and couldn't be arsed figuring out what went wrong.
Docker for Desktop's built-in k8s worked well enough for demo purposes - I just want to learn some k8s, I'll deal with the minor annoyances I get with this solution.
Also my Macbook runs hot enough while doing this that the power I get over USB-C from my monitors isn't enough to keep the battery topped off. :rotate:
Also my Macbook runs hot enough while doing this that the power I get over USB-C from my monitors isn't enough to keep the battery topped off. :rotate:
Donglebook Pros seem real bad at external power management.
eh, the power from the monitor really matters. the macbook pros have an 87w power adapter, and the couple usb c monitors I've seen max out at 45w out. That's why I asked. Doesn't matter what laptop you have if it's pulling 60w+ under load and you have a 45w adapter, it's just math.
I was just playing around with kubernetes last week. Their docs need some improvement, if you ask me. Their getting started page says you should use minikube to install a tiny kubernetes setup on your laptop to talk to. Fine. But the page on installing minikube says:
Installing minikube
... Make sure you have kubectl installed. You can install kubectl according to the instructions in Install and Set Up kubectl.
Install and Set Up kubectl
...
if you are intending to run a Kubernetes cluster on your laptop (locally), you will need a tool like Minikube to be installed first
Ugh.
It turns out that I could just blindly install things without actually running them and then it all sort of came together, but then I realised that it was much easier to just use the 'I would like kubernetes please' checkbox in Docker Desktop and that was that.
I wasn't playing with Kubernetes last week, but we are using Helm currently and I did spend some time seeing what kind of improvements we could make to the app versioning and deployment process for our Kube clusters. Turns out that it has lifecycle hooks that could be used for things like ensuring database migrations are always performed before an upgrade!
Our software is made up of multiple components (not microservices, but a monolithic API server and multiple frontend apps). We also, for each of our client deployments, specify versions for each component individually, so our production environments are a giant clusterfuck of version combinations. I'd also like to dumpster the multiple helm charts we have currently and replace them with a single, properly-versioned chart that bundles known versions of each component with no possibility for overriding individual versions.
The infrastructure team seems content to exclude the dev team from their planning, unfortunately, so making progress there is difficult.
I have (had?) an irrational urge to play with Hashicorp Nomad, and I was looking into the effort required to run a cluster that I'd feel reasonably safe putting into production. One of the first steps was something like "And now, create your own certificate authority" and I kind of lost enthusiasm at that point.
It’s been suggested we use Duo but I wanted to see other options that have been used.
we use duo for our mostly on prem environment (moving to o365 within a year). It's ok, but I don't love it. I'm not sure about the other solutions but the options for offline login suck.
So, we use it as a 2FA for users to sign into laptops. If a laptop doesn't have a connection to the internet when you attempt to sign in, you can't use the normal 2FA (push notification or the normal authenticator). You either have to use one time use codes that have to be set up separately from the "nromal" 2FA, or something like a yubikey. This means for most users we have to set up two different 2FA methods for them, which is not ideal.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
Okay so I've got this VMware server running but am having some trouble. We've got vCenter/vSphere on it, and I am able to log into both the host and to vcenter. However, vcenter is showing the host as "not responding", or it was until I told it to disconnect, then reconnect, and now it can't even reconnect. Only 3 VMs on the thing, a domain controller, one for doing backups, one for vcenter. Someone else configured it for me but when we got it installed we switched the IP of the domain controller (also handling DNS/DHCP) and used the same IP the old DNS/DHCP server was using (while unplugging the old one of course.) Internet works just great on the network and I can log into the host and see the VMs, but vcenter isn't working and vcenter is what seems to let me actually control stuff. The network is working so this isn't a "oh no everything's on fire" type deal but anyone have any quick fixes for this sort of thing I might be missing? I haven't tried rebooting the whole server yet but that's an option I suppose.
the only thing worse than a maintenance window where I have to actively do the maintenance is when that maintenance window is from 4 am to 5 am.
There is not enough coffee.
see, I feel the opposite of this -- if I have to do something, I'd always rather do it super early in the morning. I'd rather keep my evenings to myself and get up early to get work done...doubly so if it's on a Saturday.
Okay so I've got this VMware server running but am having some trouble. We've got vCenter/vSphere on it, and I am able to log into both the host and to vcenter. However, vcenter is showing the host as "not responding", or it was until I told it to disconnect, then reconnect, and now it can't even reconnect. Only 3 VMs on the thing, a domain controller, one for doing backups, one for vcenter. Someone else configured it for me but when we got it installed we switched the IP of the domain controller (also handling DNS/DHCP) and used the same IP the old DNS/DHCP server was using (while unplugging the old one of course.) Internet works just great on the network and I can log into the host and see the VMs, but vcenter isn't working and vcenter is what seems to let me actually control stuff. The network is working so this isn't a "oh no everything's on fire" type deal but anyone have any quick fixes for this sort of thing I might be missing? I haven't tried rebooting the whole server yet but that's an option I suppose.
Since you changed IPs, did you update the DNS config on the host and inside vcenter? Does the host and vcenter have records in DNS?
Just remember that half the people you meet are below average intelligence.
Also DC/Vmware/Vsphere (I'm old and haven't been working with VMware myself for a while, so it might not be as relevant anymore): what are your timeserver settings? If you're DC/timeserver changed IP, it's possible that you're timesync is off.
Okay so I've got this VMware server running but am having some trouble. We've got vCenter/vSphere on it, and I am able to log into both the host and to vcenter. However, vcenter is showing the host as "not responding", or it was until I told it to disconnect, then reconnect, and now it can't even reconnect. Only 3 VMs on the thing, a domain controller, one for doing backups, one for vcenter. Someone else configured it for me but when we got it installed we switched the IP of the domain controller (also handling DNS/DHCP) and used the same IP the old DNS/DHCP server was using (while unplugging the old one of course.) Internet works just great on the network and I can log into the host and see the VMs, but vcenter isn't working and vcenter is what seems to let me actually control stuff. The network is working so this isn't a "oh no everything's on fire" type deal but anyone have any quick fixes for this sort of thing I might be missing? I haven't tried rebooting the whole server yet but that's an option I suppose.
Since you changed IPs, did you update the DNS config on the host and inside vcenter? Does the host and vcenter have records in DNS?
We updated that VM's IP, but not anything on the host or in vcenter to my knowledge. New to VMware stuff so not certain how to do that. Or the timeserver stuff
edit: Ah HA! I did have to update the DNS IP for vcenter in a different menu with a different port I didn't know about until now. Thanks everyone!
Employee called me over to look at a phone issue. Hands me her headset, and I notice there's no rubber earpiece, just a rubber-band wrapped around the stem. Note, this isn't what she calls me over for, it's for something else entirely.
I swear to god my predecessors physically abused these people or something, man. She used her headset like this for a year. Stuck a coiled up rubber-band inside her ear for a fucking year.
"Well I assumed we didn't have any spares and I knew this was expensive and wouldn't get replaced."
I then cracked open a bag of 100+ replacement earpieces I've had on the shelf.
I just can't wrap my head around willing to shove a rubber-band into your ear canal every day for a year rather than ask someone for help. I can only surmise that asking someone for help was too painful in comparison.
I had someone who had her dual monitors set up backwards (i.e. to go from right monitor to left you had to move the mouse off the right side of the monitor) for a solid year. When I asked her why she didn't ask anyone about it she said she didn't think it could be fixed and just got used to it.
Posts
It's real cold in there so I would assume it is air conditioned pretty well, but I'll check. We've got a guy coming out Monday to help me finish setting up the server so I'm gonna see if we can maybe just put it in there on a table for now instead of in the other guy's office and they'll be able to tell me if there's any reason that's a bad idea.
Those who are labbing environments might want to look into multipass.
https://multipass.run/
XBL:Phenyhelm - 3DS:Phenyhelm
Which you can run in Multipass if your not running Linux as a primary OS.
https://microk8s.io/
XBL:Phenyhelm - 3DS:Phenyhelm
How does that compare to Minikube? It's what I've dabbled with on my Mac, but it uses full Virtualbox stuff.
Minikube is good too but I am not a fan of Virtual box. It seems to get worse each release since Oracle bought it.
Microk8's is cool in that it's a snap and therefore it is sort of managed for you.
Edit: and if you're on Linux as a base you are running k8's in a snap sandbox with a lot less overhead. Which is cool.
XBL:Phenyhelm - 3DS:Phenyhelm
Moolteeee paaasssss.
This is a clickable link to my Steam Profile.
Docker for Desktop's built-in k8s worked well enough for demo purposes - I just want to learn some k8s, I'll deal with the minor annoyances I get with this solution.
Eh, it's just 80 containers, walk it off.
what monitor do you have?
eh, the power from the monitor really matters. the macbook pros have an 87w power adapter, and the couple usb c monitors I've seen max out at 45w out. That's why I asked. Doesn't matter what laptop you have if it's pulling 60w+ under load and you have a 45w adapter, it's just math.
Okay, fine. Off I go to the 'set up kubectl' page.
Ugh.
It turns out that I could just blindly install things without actually running them and then it all sort of came together, but then I realised that it was much easier to just use the 'I would like kubernetes please' checkbox in Docker Desktop and that was that.
Then I plan to build the cluster by hand.. .
Because that's a thing I do for fun.. .
XBL:Phenyhelm - 3DS:Phenyhelm
They are moving to Okta Verify shortly because RSA sucks so bad, FWIW.
XBL:Phenyhelm - 3DS:Phenyhelm
Edit:
I think switching to the microsoft authenticator is on our roadmap though.
For our number of users it was six figures a year, which made management cringe a bit.
We've put that on hold for now, but it's still on the table.
Our software is made up of multiple components (not microservices, but a monolithic API server and multiple frontend apps). We also, for each of our client deployments, specify versions for each component individually, so our production environments are a giant clusterfuck of version combinations. I'd also like to dumpster the multiple helm charts we have currently and replace them with a single, properly-versioned chart that bundles known versions of each component with no possibility for overriding individual versions.
The infrastructure team seems content to exclude the dev team from their planning, unfortunately, so making progress there is difficult.
I have (had?) an irrational urge to play with Hashicorp Nomad, and I was looking into the effort required to run a cluster that I'd feel reasonably safe putting into production. One of the first steps was something like "And now, create your own certificate authority" and I kind of lost enthusiasm at that point.
we use duo for our mostly on prem environment (moving to o365 within a year). It's ok, but I don't love it. I'm not sure about the other solutions but the options for offline login suck.
So, we use it as a 2FA for users to sign into laptops. If a laptop doesn't have a connection to the internet when you attempt to sign in, you can't use the normal 2FA (push notification or the normal authenticator). You either have to use one time use codes that have to be set up separately from the "nromal" 2FA, or something like a yubikey. This means for most users we have to set up two different 2FA methods for them, which is not ideal.
We have one client that uses 2FA with Office 365, besides that we don't have any systems that use it.
Oh deer!
XBL:Phenyhelm - 3DS:Phenyhelm
the "no true scotch man" fallacy.
There is not enough coffee.
see, I feel the opposite of this -- if I have to do something, I'd always rather do it super early in the morning. I'd rather keep my evenings to myself and get up early to get work done...doubly so if it's on a Saturday.
Since you changed IPs, did you update the DNS config on the host and inside vcenter? Does the host and vcenter have records in DNS?
We updated that VM's IP, but not anything on the host or in vcenter to my knowledge. New to VMware stuff so not certain how to do that. Or the timeserver stuff
edit: Ah HA! I did have to update the DNS IP for vcenter in a different menu with a different port I didn't know about until now. Thanks everyone!
the "no true scotch man" fallacy.
I swear to god my predecessors physically abused these people or something, man. She used her headset like this for a year. Stuck a coiled up rubber-band inside her ear for a fucking year.
"Well I assumed we didn't have any spares and I knew this was expensive and wouldn't get replaced."
I then cracked open a bag of 100+ replacement earpieces I've had on the shelf.
I just can't wrap my head around willing to shove a rubber-band into your ear canal every day for a year rather than ask someone for help. I can only surmise that asking someone for help was too painful in comparison.