gyptazy
@gyptazy@gyptazy.ch
Moving an Entire FreeBSD Installation to a New Host or VM in a Few Easy Steps
https://it-notes.dragas.net/2024/09/16/moving-freebsd-installation-new-host-vm/
@stefano I would generally recommend a slight variation on that: install the base system on the new system and then move all of the non-root ZFS datasets across.
Also remember that ssh as root is disabled by default. You can avoid enabling it by creating a user with delegated administration permission.
@david_chisnall Thanks for the suggestions. I went with the root approach (though I noted that it's not the best solution) for simplicity. However, I did add a disclaimer about revoking root access as soon as the transfers are complete.
Regarding the basic installation and then migrating non-root datasets, it's usually the approach I follow (as I mentioned earlier: I put everything in jail and then only move the relevant datasets, avoiding the root file system). However, sometimes this approach can be very time-consuming, especially if there are specific configurations on the host itself.
@stefano The other issue with migrating the root is that a bunch of things in /etc
tend to be specific to the hosting provider. I prefer to copy these explicitly to make sure that I don't accidentally do something that doesn't work in the new place.
@david_chisnall Sure, that's the most correct approach. The one I've described is mostly a "quick and dirty" solution - I've mainly had problems with the network device configuration and the fstab (swap, mostly).
@lovisix thanks. I've added a small part about the options I've used and a link to the mbuffer webpage.
Faster way:
1. Install FreeBSD on 'target' with 'Auto (ZFS)' option.
2. Enable sshd(8) with ROOT login on 'target'.
3. On both:
# pkg install beadm mbuffer
4. On 'source':
# beadm export BE | mbuffer | ssh 'target' beadm import BE
5. On 'target':
# beadm activate BE
# reboot
@vermaden this is a good approach, but will only move the base system - not all the datasets.
@stefano TIL that zfs send/receive preserves mountpoints
@ianthetechie @Tubsta @bsdnow Yes, we need to talk about this, too 🙂
@Tubsta @bsdnow @ianthetechie ps: welcome to Europe!
@RussSharek I'm glad they safely made their way to you
@gyptazy wow can they only be obtained during conferences? Not that I am a true collector by nature, but these stickers have a certain appeal :-)
@angel @RussSharek thanks!
@angel Not totally. I started, but the result wasn't excellent. So I asked for some help and this is the final result.
This also provides further integration into the DN42 network and also finally brings #IPv4 support instead of only #IPv6 (via clearnet).
Peerings can be established by simply messaging me, or peering@ :)
Special thanks to @mirsal@chaos.social :)
Hope this provides some more value to all BoxyBSD users with their #FreeBSD, #OpenBSD, #NetBSD, #DragonFlyBSD, #MidnightBSD,... boxes :)
Met a friend last week, were talking about the days back in the 90s when we were posting in newsgroups and how this was an important source to build our Linux and #BSD knowledge. We were wondering if there is still a usenet today. Research was really disappointing. There are a few usenet servers out there, but they are not for free anymore like they were back then. Remember when every internet provider also provided a news server.
Anyone else missing good old
#usenet ?
#nostalgia #newsgroups
@gyptazy That’s true. Probably probably it’s out of time. I loved using slrn and mutt with plugins, but today it’s like reading mails with mutt. Works, but painful.
But usenet helped me to build my Linux skills and it made me discover FreeBSD. And I also noticed that very often the BSD folks were more friendly to newbie’s like me than the Linux folks.
@doerk Maybe if enshittification progresses enough, there'll be a revival
@quantensalat BTW. I really like the concept of Gemini, no shit, just plain text…
@doerk yes me too. It's still around, but a niche. Probably more so than the Fediverse.
A while bavk I tested a couple news servers offered by friendly people here and it felt so good to reactivate the muscle memory for tin again. 😀
But then I still use pine for email to this day so all those html emails be damned.
@fedops Pine for mail is awesome, even though I always had been the mutt/neomutt guy. But today 99,9% of the emails contain html in one or another way. How I remember the day’s when using html in mails was seen as a bad habit. Today it’s normal that every mail contains images, formatting elements and colored stuff. But we can’t turn back the wheel of time…
@doerk a lot of my mail is legible without the html and inline images. The ones that aren't I generally deal with k9 on my phone. But that's clearly going to be different for different people.
@doerk USENET is still active. There are some free servers around, some of which require registration, others don't.
To name a few, Motzarella/Eternal-September[1], news.neodome.net, Solani[2].
Also see [3] for some groups to check, to which I'd add the comp.unix.* subtree.
[1] http://www.eternal-september.org/
[2] https://solani.org/
[3] https://mastodon.scot/@CGM/112702185132813893
I'm a 28 years old BSD enthusiast and I'm also a developer/entrepreneur (in field of AI), used different BSD variants before (mostly FreeBSD and FreeBSD based ones such as GhostBSD and PC-BSD).
I'm a FLOSS advocate as well, although it's a long time I haven't participated in an open source project but I released most of my models as "open weight" models on websites such as huggingface.
What should I add to this?
@phantomofopera Welcome 👋
Added:
* Add a convert function to cast all bool alike options from configparser to bools. [#53]
* Add a config parser options for future features. [#53]
* Add a config versio schema that must be supported by ProxLB. [#53]
* Add feature to allow the API hosts being provided as a comma separated list. [#60]
* Add storage balancing function. [#51]
* Add doc how to add dedicated user for authentication. (by Dulux-Oz)
* Add cli arg -b to return the next best node for next VM/CT placement. [#8]
Changed:
* Provide a more reasonable output when HA services are not active in a Proxmox cluster. [#68]
* Improve the underlying code base for future implementations. [#53]
Fixed:
* Fix documentation for the master_only parameter placed in the wrong config section. [#74]
* Fix master_only function by inverting the condition.
Improved the overall validation and error handling. [#64]
* Fix bug in the proxlb.conf in the vm_balancing section.
* Fix handling of unset ignore_nodes and ignore_vms resulted in an attribute error. [#71]
* Fix anti-affinity rules not evaluating a new and different node. [#67]
More information:
https://github.com/gyptazy/ProxLB/releases/tag/v1.0.3
#homelab #storage #vmware #broadcom #alternatives #virtualization #virtualisation #vm #vms #virtualmachine #drs
Highly depends on the point of view.
Do I want to create open-source - sure that’s a great way to provide it to everyone.
Do I want to make money and it is maybe even only important for that platform? I create it for the target platform only.
As a dev it depends on your targeted user base and also a developer wants something to eat and drink. We can’t only live by GitHub stars :)
Just in addition, you can use more than 20 or even 30 (I know a setup with 43) but it gets challenging and depends on your network infrastructure
You’re welcome, watch also the upcoming features like DPM, APi and cluster auto upgrade (integrating security updates, moving VMs from that node away, reboot, rebalance),…
Unless you plan to run more than 30 nodes in a cluster, I’d stick to Proxmox. Why?
- More and more enterprise vendors like Veeam are supporting Proxmox
- The bigger community (you find a solution quicker when falling into any pitholes)
- In XCP you probably run Orchestra, here it depends if you’re running fully OSE and maintain it on your own
- Getting Orchestra up on acrashed node (if it was running there) takes additional efforts
- I don’t like that the Loadbalancing function is behind a pay-wall (even OSE) in Orchestra
- No native Loadbalancing in Proxmox to be fair, but ProxLB solves this
- In both setups I mostly tend to use NFS for a simplified setup (or if really needed NVMe-oF)
- Take care of the nit picky CoroSync on Proxmox which gets even worse with more and more nodes. Currently working on a PoC with etcd
I lastly wrote something about this, but the most things you might already know:
https://gyptazy.ch/blog/xcpng-a-more-professional-alternative-to-proxmox-based-on-xen/
I’ve seen too often issues there:
- Firewalling ICMP6 (RA,… complete outage on IPv6 because the of missing base knowledge)
- NDP / NDP Proxy …
- Slacc > /64 prefix
- Auto-configure w/o firewalling and host exposing (unintentiinally)
- IPv6 NAT (yeah, there‘re still reasons and usecases)
- …
But yeah, as long as it’s just about getting automatically a prefix assigned from your ISP and using it - yep it’s simple. (But in general there’s much more)
Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟰/𝟬𝟵/𝟬𝟵 (Valuable News - 2024/09/09) available.
https://vermaden.wordpress.com/2024/09/09/valuable-news-2024-09-09/
Past releases: https://vermaden.wordpress.com/news/
#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday
Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟰/𝟬𝟵/𝟬𝟵 (Valuable News - 2024/09/09) available.
https://vermaden.wordpress.com/2024/09/09/valuable-news-2024-09-09/
Past releases: https://vermaden.wordpress.com/news/
#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday
Many customers are currently dealing with this kind of idea and some also told me, that they only would move by getting some enterprise features from VMware into Proxmox.
This was one of the reasons I crafted the #ProxLB (https://github.com/gyptazy/ProxLB) which brings support for DRS and storage DRS to Proxmox. I currently maintain (and also planned) several clusters up to 20 nodes.
You can find my post about Veeam and Proxmox on my company website (https://www.credativ.de/en/blog/howtos-en/veeam-proxmox-ve-opportunities-for-open-source-virtualization/) providing some more information and benefits (especially when coming from VMware) about it.
Btw, for simplifying the setups I’d use NFS over iSCSI for most situations and where really needed NVMeoF.
If you have questions, feel free to ask.
Man kann dieses Bubble-Denken auch auf alles andere übertragen - nehmen wir den Beauty Bereich. Kannst du aus dem Stehgreif beantworten, warum, wieso welche Maskara, Lippgloss und Co zu welchem Hauttyp und Co passen und genutzt werden? Oder ist das einfach irgendein Beauty Produkt? Meine Frau bietet dafür Wochenworkshops an, also nicht trivial. Wir können das Ganze auf jegliche Bereiche ziehen.
Viskosität von Ölen für den Motor,… Jeder der sich in seiner Materie auskennt, wird es oft (hoffentlich) besser wissen - wichtig ist es letztlich jedoch für Anfänger es so einfach und unkompliziert zu machen.
Great one! :)
https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc
There are still reasons to stay at VMware but one of the huge gaps got eliminated by Veeam. Enterprises with > 1000 VMs are not anymore forced to evaluate a new backup solution in parallel.
I can't say anything regarding Avamar, never used it :)
However, if you're interested into some alternatives you can find my post about some of them here:
XCP-ng: https://gyptazy.ch/blog/xcpng-a-more-professional-alternative-to-proxmox-based-on-xen/
Harvester: https://gyptazy.ch/blog/harvester-a-more-modern-alternative-to-proxmox/
ClonOS (bhyve): https://gyptazy.ch/blog/clonos-an-alternative-to-proxmox-based-on-freebsd/
Please do not judge the slow processing rate, it's a nested virtualised test setup.
I see huge opportunities, allowing operators to test Proxmox in parallel to #VMware #ESX while always being able to backup & restore from any hypervisor to any other one. It simply integrates seamlessly. This provides huge possibilities by evaluating and testing opensource products like Proxmox in parallel to an already existing infrastructure without taking any risks.
This could easily lead into a wider adaption of Proxmox and opensource hypervisors in general.
@goebelmeier@mastodon.social @flushbug@chaos.social @timo@hetzel.net
Vagrant Box: https://app.vagrantup.com/gyptazy/boxes/rhino2024.2-arm64
Collection Overview of Boxes: https://gyptazy.ch/blog/collection-of-vagrant-boxes-images-for-apple-silicon-based-on-arm64/
#rhino #rhino2024 #rhinolinux2024 #aarch64 #vagrant #fusion #mac #applesilicon #m1 #m2 #m3 #m4
This simple HowTo guides you through the process to place new VMs (in this example FreeBSD 14 will be used, you can use any other ones) in a Proxmox cluster by ensuring the VMs will be placed on the best node in the cluster according to the resource usage of the nodes. Afterwards, Terraform with the BPG provider will deploy the VM in the cluster, where the hostname and node are provided in a dynamic way.
https://gyptazy.ch/howtos/howto-proxmox-automated-deployment-with-proxlb-terraform-freebsd-vms/
Yep that's it exactly - finding new people. You can more or less only find the by luck that anyone you know boosted or liked a post. And this is not the kind I'm into it. When getting in touch with new things, I quickly check the current situation and interesting things by looking them up. If I just have a look at XCPng, Trident, Harvester on X, I know what people are interested into and can prepare my content to fit their needs and interests. Here in the Fediverse I do not even find such posts... and people probably also not my posts. If I post BSD related content, many ones will see it because this is my primary bubble here.
X: Probably still my favorite platform but it’s getting worse and worse. At least, my lists and circles are fully functional, the search works quite good and brings me up the desired content. Finding new people gets different and is almost only possible when they commenting things with valuable content. The stream is going in the wrong direction (at least for me), where videos of fights, death or typical “sex sells” posts are shown. But working with communities and lists is still a great way to use it.
Fediverse: Runningm my own instance here for month. Sure no ads, but just a few interactions, finding new content is difficult, using the search is the probably worst experience ever. Sure, an instance cannot have knowledge of all instances in the world but when searching for not even niche content and only finding three posts that are even outdated, this is not useful or a great experience.
Threads: Could have been a great alternative. However, EU accounts do not support Fedi federation and the content is too mainstream in form of the typical Instagram content which is more about “sex sells”.
Blue sky: Anyone really still using it? I haven’t seen anyone anymore there being active.
Nostr: Hm yeah, too nichy.
Conclusion:
X stays on top, because only there I can find and interact content and people. Feediverse is a great alternative when you finally found your matching community where people are sharing your interests, because finding something by the search is just annoying. I can clearly understand why many ones are going back to Twitter/Y.
Authoritive nameserver, ntp, Web, Mail, fedi, Matrix…. Alles mögliche halt :)
- SLACC with prefix > /64
- DHCPv6 setups
- Firewalling ICMP6 can be annoying when not understanding the backgrounds with RA ADV / NDP / RS
- AutoConf and Temp addresses may be confusing (mostly default active)
- …
IPv6 is not just IPv4 with longer addresses, it is really a different protocol.
happy to hear and thank you very much - really appreciated! The project started initially for another one of my project (BoxyBSD.com - which offers free VMs for the opensource community, education and IPv6 learning) where VMs are used in completely different ways. Some VMs simply idle, some are just being used for testing, some are heavily beding used for opensource projects including compiling etc. So, this was the reason to me to create something like a load balancer. BoxyBSD is mostly based on #Proxmox and #bhyve (on #FreeBSD).
Later, a customer asked me if there's something similar to #DRS (in #VMware) for Proxmox. This made me to polish it up and make it available to everyone. I think it's a great opportunity to make a huge movement to opensource products in the current situation. I also said it at the #FrOSCon #conference last week, we can now really make a change in the virtualization section and set a baseline to #opensource products - just like the most of the base infrastructure in the internet.
In diesem Sinne - vielen Dank noch mal und einen schönen Abend :)
Unfortunately, it seems like I need to wait until March 2025 with release 1.5…
simply use -b (--best-node) to get the best node for your placement! Also soon available on the ProxLB API! Perfect for Ansible & Terraform 🎉
Find out more: https://proxlb.de
#vmware #alternatives #esx #esxi #cloud #harvester #opensource #vm #virtualmachine #hosting #vm #container #lxc #ansible #terraform #proxlb
Spätestens wenn es dann mit dem Basic-Debugging nicht mehr klappt, steht man vor den Problemen. Debugging von basis Netzproblemen oder basis Diensten usw. - heute ist es nur noch das Helm Chart ausrollen und paar Sachen verknüpfen, aber wehe darunter klappt was nicht. Und das dürfte bald zu einem tatsächlichen Problem werden.
Du warst ja gestern ebenfalls im FlyingCircus Netzwerk Talk, sowohl das Konzept, als auch die Realisierung und Debugging von solchen Setups ist dann bereits ein massives Problem.
Thanks to @formorer@rollenspiel.social and @mbanck@mastodon.xyz for their great talks! You can find the slides and recordings in my blog post!
https://gyptazy.ch/misc/visiting-the-froscon-2024-opensource-conference-germany/
You can find a the slides of my tech talk here: https://cdn.gyptazy.ch/tech-talks/QualvoSec_Security_Patch_Management/QualvoSec_A_Security_Patch_Management_Tool.html
The #FrOSCon is all about #opensource and free software but what about free VMs (Virtual Machines) to provide YOU the possibilities to learn, try and create #opensource software? This is where #BoxyBSD steps in!
Hey #FrOSCon!
#BoxyBSD is also present at the FrOSCon! BoxyBSD provides you free VMs based on #IPv6 and #BSD for education, learning, testing and #opensource!
This free service is powered by @gyptazy and @nerdscavehosting :)
Happy to see you all! If you see me, feel free to poke me!
Greets from the BSDCafe and BoxyBSD!
#froscon19 #froscon24 #froscon2024 #boxybsd #bsdcafe #runbsd #freebsd
ProxLB is a Load Balancer for #Proxmox clusters, which rebalances your VM/CT workloads across nodes in your cluster.
https://github.com/gyptazy/ProxLB/releases/tag/v1.0.2
#virtualization #virtualisation #vmware #esxi #esx #kvm #qemu #xcpng #xen #xenserver #alternatives #opensource #free #fediverse #support #migration #VM #virtualmachines #virtualmachines #container #containers #LXC
@winterschon@bsd.cafe @BoxyBSD@bsd.cafe @nerdscavehosting@mastodon.social
This ensures, that nodes in a Proxmox cluster are being automatically patched. Therefore, ProxLB now also comes with its own API which provides other nodes to identify the current state of other nodes in cluster. By this, we're finally able to keep nodes aware of potential maintenance windows when being patched and to move workloads away to other nodes in a balanced way and honouring the resources. Also, we can identify if a system reboot for the newly installed packages is required and skip moving those workloads away. However, I want to have everything done by the Proxmox API or ProxLB API which requires me to extend the Proxmox API by the new features. I try to get those into upstream to avoid maintaining a dedicated packages providing this extended features in the Proxmox API. I'm happy to see people testing this feature, please do NOT use this on production systems right now.
PR:
https://github.com/gyptazy/ProxLB/pull/48
#vmware #proxmox #xcpng #updates #security #opensource #infrastructure #virtualization
kiki.bunny.net (AS200325) 91.200.176.1
coco.bunny.net (AS129898) 109.104.147.1
Beim bezahlen dann:
"ja ungern, eigentlich erst ab 50€"
"Ja gut, ich hab kein Bargeld, dann geh ich wieder."
"Ja, aber das ist ja kein fertiger Blumenstrauß den ich wieder zurückstellen kann"
"Dann lassen sie mich doch bezahlen, wozu haben sie das Gerät da"
"Ja erst ab 50€, dann müssen sie noch was anderes kaufen"
Ich dreh mich um und will gehen
"Ok, ausnahmsweise."
"Zahle mit Apple Pay"
BEEP BEEP BEEP BEEP
"Ihre Kreditkarte wird nicht akzeptiert"
(ok AMEX kann ich noch verstehen)
"BEEP"
"Oh, Sie haben mit Kreditkarte bezahlt und nicht per EC"
(WTF EC gibt es nicht mehr aber gut ich weiß was sie meint)
"Das geht nicht"
"Sie sehen doch das es ging und durch ist"
"Nein, das geht nicht"
"Sie sehen doch das der Betrag auf ihrem Bong korrekt bezahlt worden ist"
"Nein wir akzeptieren aber keine Kreditkarten wegen der Gebühr"
"Das sagen Sie mir jetzt nachdem ich damit bezahlt habe, was möchten sie jetzt von mir? Sie haben ihr Geld und ich die Ware - alles gut"
STILLE
"Sie müssen mir jetzt ihre Kontaktdaten aufschreiben, falls ich das Geld nicht bekomme"
"Sie müssen mir jetzt ihre Datenschutzverordnung vorlegen, wie sie mit meinen persönlichen Daten dann umgehen, zudem rufe ich jetzt die Polizei"
"Nein bitte nicht"
"Gut, dann ist das Thema nun geklärt"
Dann ging ich... Unfassbar manchmal.
It's more a desktop oriented FreeBSD fork but ok, there were requests for it. So, it's ok to also have it in place :)
Talking about new images at #BoxyBSD for your free VPS instances, we now also have #MidnightBSD 3.2 in place!
Thanks to @gyptazy putting all the efforts into this project! Also thanks to @nerdscavehosting for providing additional nodes to this project!
Friends of #BSDCafe,
until today, I have been using Bunny.net DNS for the BSD Cafe. They are cheap and fast, but the panel sometimes isn't working, and I don't think they support IPv6, effectively limiting services to some IPv4 dependency.
About an hour ago, I moved to (for now) two dedicated DNS servers on two FreeBSD jails, managed with PowerDNS. I still have some things to fine-tune, but we're on the right track.
Stay tuned!
#BSDCafeUpdates #BSDCafeServices #BSDCafeAnnouncements #BSD #FreeBSD #DNS #TechUpdate #RunBSD
Here we go, #DragonFlyBSD is now also available at #BoxyBSD
Have fun my #BSD fans!
Stay tuned!
Free VPS?! #BoxyBSD did it for you - the opensource community and BSD fans!
Recently, we also started to provide #ARM64 based VPS, just next to the typical #AMD64 ones. Unfortunately, we reached today our limit for the ARM64 ones and can only provision amd64 ones.
I’m already looking to solve this quickly. Also to mention, we still have a very limited #RISCV64 alpha. But this one is really limited because there’s still no H flagged board available, which means #RV64 users run on a dedicated Vision Five 2 board.
Hope this update finds you well! Have a nice weekend!
Cheers,
@gyptazy
Stefano is doing a great job handling all the things in the BSDCafe. Keep in mind, he’s doing everything on his own. From sponsoring the needed hardware, putting all the efforts into it from a technical perspective, being active in the community, joining all the things, doing moderation in the right way,… everything as a one man show. Do I see there issues? Yes, but only from the point of view that people aren’t honoring it.
So, a big thank you @stefano@bsd.cafe
#Simson #Schwalbe #SimsonSchwalbe #StahlwerkeSuhl #DDRBike #KR51
Hoffe es hilft…
Fiddling with #FreeBSD jails(examples) part-II.
In case you missed it, @gyptazy has released version 1.0 of ProxLB!
ProxLB: (Re)Balance VM Workloads Across Nodes in Proxmox Clusters.
Last time I got asked if I’m into this kind of s*x, when I provided an BSD containing mail address. 🤦
Oh, no worries - sad to hear! Hope you’re already doing better again - hope nothing serious! Wish you all the best, get well soon!!
Yeah but it also tells you what to do?! Please get in touch with me in Matrix chat. And also in the calls, papers and even this post I speak about abusing this service, which is why the web form is simply deactivated. I mean, more than telling what to do is impossible to me 🫣
Leider hat die kleine Ente das zeitliche gesegnet, aber vielleicht wäre es was mit der Königin (DS), allerdings nicht meine ;)
Remembers me of our meet in Schweden 2007 :) 2CV power :)
When people ask me how I can provide such a service, they mostly inly think about the hardware and the costs. Trust me, that’s the least of the problems! Running such a service is more about avoiding and handling service abuses. Free services tend to be abused by people and this is the most difficult part - protection!
But let’s have a short look at the things…
Passion (why?):
The passion and idea behind this project is probably the most interesting part. I can clearly remember the time back in the days when I started in tech and had even then an outdated, slow and rarely working system. It was pure pain to work with it, but luckily it did somehow its job. However, doing more difficult thinks were mostly impossible: Higher loads led into shutdowns - I had to undervolt the system, write kernel modules for undervolting support (which were really appreciated in the community) but also all other resources didn’t gave me the possibility to run more exiting things. Renting a „cheap“ server (back in that day virtual server were not really known and the first implementations based on chroots like OpenVZ were coming years later) was impossible to me. So, learning in real-life scenarios was mostly impossible to me and made everything more difficult. I really know and remember these times where I had to deal somehow with limitations. This is good but also bad. The good thing is, you become really creative into finding solutions and get really nit picky about improving things. The other thing is, it makes your life really hard. With BoxyBSD I want to provide passionated and interested people the opportunity to get at least a system where they can learn and educate. They get a fully usable VM where they can configure, run and use the system how they like (unless they’re not violating the ToS). They have a public IPv6 address (and even a whole additional /64 network) to also learn and practice more complex network solutions. They can run servers, learn how things for their future. Often they quickly find out why a PTR is needed for sending mails (sure, you can also define your reverse DNS at BoxyBSD) but also why firewalling ICMP6 isn’t a great idea (at least you want to have RA & ND active). Things you mostly learn the hard wary in real life setups. But BoxyBSD is also about more - it’s also about supporting the #opensource community. BoxyBSD also sponsors opensource projects like #Freeway, #Telescope & #GameOfTrees. And everything at zero costs!
Resources (how?):
Resources are probably the thing that mostly pops up in the mind of people when hearing about this service and yes - it of course requires a lot of resources since I’m providing full VMs for each user without any over provisioning in memory or disk which are too volatile in this project. But the resources are often already present. In this case, I already have my own labs based on #Proxmox and #bhyve which are built in a fully productional way. This gives me the possibility to provide resource left overs to this project. Also, there are sponsors like Moritz from @nerdscavehosting@mastodon.social who sponsors nodes which are dedicated used to this project. Next to this, the question is about another resource - time! The whole infrastructure if fully automated by simply choosing the desired OS and pressing „create VM“ everything else in handled fully automatically. A desired node is obtained by my side project (ProxLB - in a customised version to also support bhyve hosts), the VM created and a the IP address returned. That’s it - easy!
Protection (the real issue):
The real issue is about people that’s going to abuse the service. This was something I had to learn the hard way. In the first iteration it was simply fully #FreeBSD #Jails based with a very simple interface where you just inserted your SSH pub key and immediately got returned an address of a Jail (if you’re interested, that was the first version: https://www.youtube.com/watch?v=geOS4LTCwok). This was a way too easy and people immediately used it for sending spam mails. I had to take some actions but also didn’t want to block whole ports to make services unusable. Therefore, I had some other ideas which worked out very well, like forcing to use a relay with rate limiting. Today, BoxyBSD grew up, is running ob full fledged VMs providing users and developers the possibility to modify kernel and to have more deep possibilities to learn and test. By only providing images for #FreeBSD, #OpenBSD and #NetBSD (and #illumos / #OpenSolaris) the community and targeted people is smaller than usual. Also software that is written by Scriptkiddies often does not work out of the box on BSD based systems and needs (honestly only small) adjustments. But that’s also often already a reason not to abuse such services. It still may occur that someone is unintentionally doing bad things, generating a lot of traffic (like two weeks ago where someone made 2Gbps traffic for over 12 hours) but usually, this isn’t any problem. Proactive monitoring already notifies me (that’s the only thing where I need to step in) and validate to take actions if someone might be harmed or services affected.
In the end, I like to see that the community is more like a family where things are being used like their own ones. People even come in touch with me and letting me know that they don’t need the VM anymore and to free up the resources for other ones - that’s something I really love to see! Sometimes they come simply back when they need something again and get their new VM. I really love the BSD community and especially the #BSDCafe (https://bsd.cafe) and #BSDNetwork (https://bsd.network). Things can be simple!
PS: At the #FrOSCon you can grab some #BoxyBSD stickers. Just poke me when you see me :)
Ressources:
Call Recording: https://www.youtube.com/watch?v=XEHL4skVq3U&t
BoxyBSD Jail: https://www.youtube.com/watch?v=geOS4LTCwok
Papers: https://cdn.gyptazy.ch/tech-talks/BoxyBSD-A_free_VM_hosting_service_for_education_and_research/BoxyBSD-A_free_VM_hosting_service_for_education_and_research.html
Website: https://boxybsd.com
You know IPX/SPX worked better when you started multiplayer in GTA1 or C&C RA and it worked immediately, when win95 had issues with TCP/IP ;)
https://gyptazy.ch/blog/xcpng-a-more-professional-alternative-to-proxmox-based-on-xen/
A friendly reminder to check out the #OpenBSD want.html page on occasion, developers may add requests for hardware they want/need for development.
mlarkin@ modified www/want.html: Mac mini M2 needed for vmm(4) development.
Allerdings hat Proxmox eigenes HA eben nur sehr rudimentäre Möglichkeiten, als auch das es sich nicht für jedes Setup eignet oder gar nutzbar wäre. Das fängt mit Bugs an, die nicht in ältere Versionen gebackported werden an, aber auch dass man ggf. gar nicht für jede VM HA feature nutzen möchte, aber dennoch die Nodes vernünftig ausbalancieren möchte.
Aber das ist vermutlich eine gute Idee als ein Feature die Gruppen zu alignen.
Das gleiche gilt auch für das Gegenteil, sodass du auch Gruppen erstellen kannst, wo VMs zusammen auf einen Hypervisor gelegt werden sollen, oder eben auch gänzlich ignoriert werden sollen.