IDK man, it would be great if my crash cart or KVM only needed one cable. I can’t wait for USB-C on servers to be everywhere

Yeah, that’s I mean though, it’s optional and not a fundamental design of the truck.

Trucks with covers are a thing, it’s called a tonneau. What’s not normal is for them to be permanent.

To actually answer your question, you need some kind of job scheduling service that manages the whole operation. Whether that’s SSM or Ansible or something else. With Ansible, you can set a parallel parameter that will say that you only update 3 or so at a time until they are all done. If one of those upgrades fails, then it will abort the process. There’s a parameter to make it die if any host fails, but I don’t recall it right now.

It’s weird how defensive people get over their cannonball road trips. It’s great to take a few minutes on a break while taking a long trip.

If I see comments explaining every other line, especially describing “what” instead of “why”, I assume the code was written by a recent grad and is going to be bad. Describing what you are doing looks like you are doing a homework assignment.

Like on that line, obviously we’re initializing a variable, but why 1 instead of 0? Could be relevant to a loop somewhere else, but I guess I’ll have to figure that out by reading the code anyways.

But blockchains get “bad” records added all the times. Database entries and blockchain blocks are both equally as susceptible to bad business logic making incorrect entries. No business is going to adopt a sales recording system that doesn’t allow them to control the entries and to reverse the entries they don’t agree with.

Haha, yeah. I guess that’s ironic that I’m taking a stance against Starbucks with a username like this.

It’s funny comparing tobacco to an actual addictive stimulant, coffee, and decided sugar is the problem. I say as I drink my black coffee in the morning.

Whatever it takes to get you away from Starbucks seems like a win though.

I think you should understand that if you are opening ports to the wide internet, you are putting yourself and anyone else on your network at risk. You’re playing with fire here.

I have this setup with Tailscale so that I can watch plex from anywhere, without exposing ports to devices that I don’t trust and I can help you if you want. But don’t expose 80 to the internet.

I do Tailscale on every device, but they also have a Funnel service that might work for you

Maybe look into Tailscale. At the end of the day, someone needs to open up the ports, but Tailscale does it strictly to negotiate a VPN connection between two devices, so they don’t see the traffic that goes over the tunnel.

For anyone wondering what a document should look like, the DoD publishes that for anyone to read. Just search Derivative Classifier Training. Spoiler alert: this ain’t what a top secret document looks like.

How have I never seen that before. It’s perfection

Don’t you go and reinstall, learn how to fix this

It’s a weird take for sure. I’m not endorsing killing of POWs, but this would be the dumbest way to kill a bunch of captives. If they wanted them dead, then literally doing nothing would work.

Now they are out political bargaining chips and a plane.

Realistically, yes. But it’s a phrase and it’s important that they start doing that first. Maybe it’s their intention to do it publicly.

Also, sure, but a Wireguard installation is going to be much more secure than a Nextcloud that you aren’t sure if it’s configured correctly. And Tailscale doubly so.

Please set up Tailscale or a Wireguard VPN before you start forwarding ports on your router.

Your configuration as you have described it so far is setting yourself up for a world of hurt, in that you are going to be a target for hackers from literally the entire world.

There is a lot of complexity and overhead involved in either system. But, the benefits of containerizing and using Kubernetes allow you to standardize a lot of other things with your applications. With Kubernetes, you can standardize your central logging, network monitoring, and much more. And from the developers perspective, they usually don’t even want to deal with VMs. You can run something Docker Desktop or Rancher Desktop on the developer system and that allows them to dev against a real, compliant k8s distro. Kubernetes is also explicitly declarative, something that OpenStack was having trouble being.

So there are two swim lanes, as I see it: places that need to use VMs because they are using commercial software, which may or may not explicitly support OpenStack, and companies trying to support developers in which case the developers probably want a system that affords a faster path to production while meeting compliance requirements. OpenStack offered a path towards that later case, but Kubernetes came in and created an even better path.

PS: I didn’t really answer your question”capable” question though. Technically, you can run a kubernetes cluster on top of OpenStack, so by definition Kubernetes offers a subset of the capabilities of OpenStack. But, it encapsulates the best subset for deploying and managing modern applications. Go look at some demos of ArgoCD, for example. Go look at Cilium and Tetragon for network and workload monitoring. Look at what Grafana and Loki are doing for logging/monitoring/instrumentation.

Because OpenStack lets you deploy nearly anything (and believe me, I was slinging OVAs for anything back in the day) you will never get to that level of standardization of workloads that allows you to do those kind of things. By limiting what the platform can do, you can build really robust tooling around the things you need to do.

I used to be a certified OpenStack Administrator and I’ll say that K8s has eaten its lunch in many companies and in mindshare.

But if you do it, look at triple-o instead of installing from docs.