alexskysilk's latest activity
-
Aalexskysilk replied to the thread Using vlan on vmbr with vm on same vlan problems.Wouldnt be simpler to just make the upstream switch port v100 untagged?
-
Aalexskysilk replied to the thread Ceph client still using luminous while on Squid.ceph daemon mon.[id] sessions | grep -A20 -B20 -i luminous
-
Aalexskysilk replied to the thread [SOLVED] Failed Restore VM from Veeam to Proxmox.Thats a bug. update your veeam proxmox module (or just veeam.)
-
Aalexskysilk replied to the thread Dell Hardware Compatibility with Proxmox for Infrastructure Upgrade.remove the virtual drives and pass the disks directly to the OS. h310 is an hba anyway.
-
Aalexskysilk replied to the thread making mp's migratable (virtiofs on pve managed paths only).I should have addressed this to begin with. always been true, so a central multiuser repo in 2025 would use nfsv4 with kerberos because it exists. That is an entirely different matter then "Getting root on the server is a "hacking 101" exercise...
-
Aalexskysilk replied to the thread making mp's migratable (virtiofs on pve managed paths only).let me just verify I understood what you claim; having an NFS share open is a vector for an attacker to gain root access to the underlying server, and its a well known attack? humor me, as I am clearly not in the know; since its a well known...
-
Aalexskysilk reacted to BobhWasatch's post in the thread making mp's migratable (virtiofs on pve managed paths only) with
Like.
I was responding to the specific statement you made: That is simply not true for "traditional" NFS without Kerberos. Getting root on the server is a "hacking 101" exercise, not something that is "HIGHLY speculative". It is a well-known attack... -
Aalexskysilk replied to the thread making mp's migratable (virtiofs on pve managed paths only).easily remedied by limiting access to trusted guests at the network level. Look, ANY method of sharing has tradeoffs between security and usability; its the task of the sysadmin/netsec/opsec staff to ensure that whatever solution deployed meets...
-
Aalexskysilk replied to the thread Ceph - feasible for Clustered MSSQL?.As @gurubert mentioned, your solution doesnt match your problem description. you dont need 3 servers for a mssql cluster. you need two. You dont even need a nas/san at all, you have multiple options included windows failover cluster and storage...
-
Aalexskysilk reacted to gurubert's post in the thread Ceph - feasible for Clustered MSSQL? with Like.
If you want to run MSSQL in a clustered setup use local storage for its nodes. There is no need to replicate on the storage level if the DB replicates its data on the application level.
-
Aalexskysilk replied to the thread making mp's migratable (virtiofs on pve managed paths only).For my curiousity, can you elaborate? 1. What does the number of devices have to do with you access control? 2. similarly, what does it have to do with people bringing their own devices? 3. a user having root at their side has no consequence on...
-
Aalexskysilk replied to the thread making mp's migratable (virtiofs on pve managed paths only).Wait; are you looking to use virtioFS as a replacement for a network file system? I mean, ok, but thats a very tough hill to climb; NFS and SMB had decades to deal with various bugs, limitations, issues, etc. and if you're not- well, nfs and...
-
Aalexskysilk replied to the thread making mp's migratable (virtiofs on pve managed paths only)..... that doesnt make any sense. what do access controls have to do with network routing? any addressable device (including your network server) is routed according to rules you set.
-
Aalexskysilk replied to the thread making mp's migratable (virtiofs on pve managed paths only).I dont actually understand your point; maybe I misunderstood nothing with virtiofs deals with this. perhaps, again, I dont understand what you're trying to accomplish. NFS has access control...
-
Aalexskysilk replied to the thread I want to like VirtIOFS, but....It is not likely that you can beat the speed of native cephfs connection by sticking another obfuscation layer on top of it, regardless of how efficient. I hope you would post the results of your comparison.
-
Aalexskysilk replied to the thread Shared Remote ZFS Storage.I've been selling storage for 25 years. that was never the intent. its intended to facilitate multiple initiators so you're no longer tied to a single server spof. Kinda true, but not because it "surpassed" the others. There are simply larger...
-
Aalexskysilk replied to the thread Shared Remote ZFS Storage.Shared storage is shared storage. the HOW is less relevant then the "what." both the above and the following list are all example of multi initiator capable solutions, either block or file. Logically its all the same thing. As for Glusterfs...
-
Aalexskysilk replied to the thread making mp's migratable (virtiofs on pve managed paths only).If the storage is already an nfs mount, why do you need virtiofs at all? just mount the nfs mounts inside the guest.
-
Aalexskysilk reacted to MarkusKo's post in the thread Understanding ceph performance and scaling with Like.
im not an expert on this but from what i've read on this forum so far * don't create a 3 node ceph cluster for production, use 5 nodes ++ * ceph performance depends on amount of nodes, the local ssd's speed and network speed * don't host vm's...
-
Aalexskysilk replied to the thread Shared Remote ZFS Storage.ok I'll bite. How do you make a compute cluster without it?