gotta keep practicing for the RHCE exam.
setup is a beelink nuc and 2x optiplex 7060 micro for the proxmox cluster, pfsense as the firewall/dns/dhcp for the virtual machines and several rhel9 systems to do ansible against.
after the rhce i'm gonna look into setting up k3s and learning kubernetes.

i was looking at those beelink nucs those are cool little boxes, nice setup! Great for studying the stuff

Been Using Ubuntu past 4 months

time to learn kubernetes.

first pod deployment, tried for many hours trying to get the service and ingress to talk to gitlab via port 443 or 8443 but no luck. i finally logged into the gitlab container and checked netstat i saw it only served port 80 by default so setting up the deployment/service/ingress with that in mind and it worked. i'm assuming i have to change my deployment file to pass arguments to make gitlab listen on 443 at boot so still lots to learn.

my understanding of what you're seeing, adding 80 just took off the SSL

but what you're seeing is a config issue with how the api is talking to your control plane 9/10 times when something like this happens

in the gitlab pod do something like this so you're using SSL, 80 is fine for a lab testing but in production at a client I'd do something like this

env:

• name: GITLAB_OMNIBUS_CONFIG
  value: |
  external_url 'gitlab.example.com'
  nginx'listen_port' = 443
  nginx'listen_https' = true
  nginx'ssl_certificate' = "/etc/gitlab/ssl/gitlab.crt"
  nginx'ssl_certificate_key' = "/etc/gitlab/ssl/gitlab.key"

changed the title of the thread :-) love this stuff hehe

yeah i probably need to pass environment variables to gitlab itself or mount the gitlab.rb with the values pre-filled. i was trying to make it happen with the service and deployment manifests without success so it's either a skill issue or like you said i have to modify gitlab itself.

making progress, i can access the nginx ingress controller now via external IP with TLS but now I need to figure out why it does not connect to the gitlab container. i also switched to using the helm chart instead of a singular container as that is what gitlab recommends for kubernetes deployments.

how do you get good font rendering on KTT2?

desktop linux is actually pretty good now

been moving back and forth between windows and arch linux over the past week

it's gotten so much better in the last couple years lots of better distros that ship stable desktops

super informative.

patiently

i deleted a storage pool in my proxmox cluster that i thought was empty because i did not use it as intended (was gonna create fedora coreos VMs and try doing okd but instead chose k3s) and apparently it had the EFI disks for my rocky9 VMs LOL. had to delete and rebuild them and decided to install them with the STIG profile and FIPS mode so now i'm gonna use rke2 instead of k3s because of incompatible crypto implementations.

back to the initial cluster setup, now we continue learning. not too many issues getting it set up, just had to add some fapolicyd rules for rke2 and kubelet on the nodes and change the port used for joining nodes to the cluster since its a different number than k3s.

spent a lot of time today trying to setup pxe booting. initially tried with tftp and i got it to work using pfsense isc dhcp but then i updated pfsense and isc dhcp was removed because it is end of life so i had to use kea. for the life of me i could not get it to recognize the tftp boot file paramater/dhcp option 67 so the vm would get a dhcp address and then fail to find the boot media. the kea docs and forums had plenty of info but none of it ended up working for me.

decided to follow the red hat docs to do http boot and after a lot more reading and googling i got it to successfully boot using http. gonna do an initial manual install and then use the generated kickstart file to boot new rhel9 machines unattended.

first screenshot is the httpd access logs showing the vm downloading the rhel 9.7 iso content from the web server / documentation; second screenshot is the vm during the pxeboot process.

think i'm gonna postpone learning kubernetes because i definitely have more traditional linux admin stuff to master including containers and i want to learn git / setup gitlab.

also deciding between standing up active directory or idm/freeipa. leaning towards the latter because i haven't used it but active directory is king and i can experiment and break things that i wouldn't try at work.

got the kickstart working to automatically install rhel9.

What's the point in doing this?

I was thinking of running a Jedi academy server on a proxmox cluster with load balancing and fail over with a we hook that spins up the server upon request, and then the server is killed when it's idle after a certain amount of time, for the lulz

I've worked at like 150 companies some with lots of linux some with none and everyone had an AD, even if it was a giant design company that used ZFS for storing their design data they'd used kerberos on AD

not bad to learn it well

yeah i'm with you on that, might as well continue learning and getting better with the tech that i already know/use.

got gitlab running in a container so we moving now. selinux stuff is weird with the gitlab container, had to actually create and use the custom policy that sealert suggests for the initial command to start the container.