Date: Mon, 25 Jan 2021 09:09:33 -0800 From: John Kennedy <warlock@phouka.net> To: freebsd-virtualization@freebsd.org Subject: Re: RHEL virtualization Message-ID: <YA77TbG%2Bh8YbbmMP@phouka1.phouka.net> In-Reply-To: <YAyt7cRRvm9Q4RK0@phouka1.phouka.net> References: <YAyt7cRRvm9Q4RK0@phouka1.phouka.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 23, 2021 at 03:14:53PM -0800, John Kennedy wrote: > At work, we have RHEL (-ish; some RHEL, some CentOS, some OEL). Mostly v7, > some v8. Since I'm doing the Covid work-from-home telecommute, I'm trying to > recreate some of my work infrastructure while trying to plan a bit towards > the future (migrating a lot of VMs to Azure). > > What I'd like to recreate is my existing kickstart infrastructure, where I > PXE boot the system, feed it anaconda goodness which dovetails into puppet > and I can generate a clean system from a template. Works great for VMWare > and HyperV, not so much for Azure but if I can generate a snapshot disk > image Azure can ingest, I'll be happy on that score. > > I've been very happy with bhyve for FreeBSD. I messed with VirtualBox for > a while (a long time ago), but with my tendency to track stable (think: > kernel modules) and keep very current on ports-from-source (frequent > package updates, upon which VirtualBox has MANY dependencies) made that a > poorer experience than I had with it on Windows. I've been very happy with > bhyve since it's basically baked right in. Let me restate some of this in a different way to maybe get some more thinking. Using the BHYVE_UEFI.fd from uefi-edk2-bhyve, I can boot my OEL8 (RHEL8 clone). That currently worries me because it has the big python-2.7 warning on it (as does uefi-edk2-bhyve-csm). On physical boxes, I've been able to grab a PXEBOOT ISO when the firmware lacks PXE booting, but I haven't got that to work yet for these. Those python worries are basically what is driving me to look elsewhere (like fighting with grub-bhyve and away from the only UEFI booting that I know about). I personally like PXE-booting a new system (and possibly making a gold image from that, depending on what I'm doing) because it basically answers that little auditor-voice in the back of my head that, in the event of some possible security problem, how do I know that my backups haven't been compromised. In all of those gigabytes, after all of the toxic recursive mindless non-logic, how do you *know*? My happy answer to myself is: "here is a configuration file that I can review, all the binaries are on the vendor's site or re-downloaded, here are the puppet customization rules, blam! done! 10 minutes later I have a clean system." In any case, that is why I'm chasing PXE booting, although I'd be interested in the way other people solve that problem. That really doesn't work that way in Azure, thus the gold images approach I'll probably have to take with them in the future.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YA77TbG%2Bh8YbbmMP>