With the recent Proxmox 9 release, many of us have the upgrade ahead or already done. What about you, and how do you generally approach updating your services? Which other updates are you looking forward to or is it just an annoying chore?
Also the usual - let us know what you are currently working on, what problems you are encountering and what you are excited about.
As for updates, I update my machines semi-regularly with Ansible. The Proxmox 9 update was unspectacular (good thing!), I just had to change some things in my Promox-post-install automation (nag bar removal and package sources). I still plan to get a merge request based update process for my containers as mentioned here but I’m just not there yet. That guide was also posted on reddit recently and got some traction.
I also spent some time yesterday to organize my nginx logs, they basically all got their own folder in /var/log/nginx with their own access log file by adding access_log /var/log/nginx/$server_name/access.log vhost_combined; to each config. Error log file paths can’t contain variables so I kept them in the default file so far.
Recently enabled wireguard (easy setting in my FritzBox router) and stopped exposing some of my services to the internet. That process isn’t finished yet though as I’ll need to switch to wildcard certificates in order to keep valid SSL for the now local-only services.
I find VMs to be unbearably sloe compared to a container. They just feel so heavy. I get the extra security layer, is that really why people are doing it or is there some other reason?
Extra security and full isolation with its own kernel, so you can load kernel modules and such.
Also can run Windows in a VM when needed, or MacOS.
VMs are basically just as fast as containers, and the RAM overhead from a lightweight Linux VM is very small.
Being able to choose the OS and kernel is also important. I would not want my hypervisor machine to load GPU kernel modules, especially not on an older LTS kernel (which often don’t support the latest hardware). Passing the GPU to a VM ensures stability of the host machine, with the flexibility to choose whatever kernel I need for specific hardware. This alongside running entirely different OSes (like *BSD, Windows :(, etc) is pretty useful for some services.
Portability, isolation, the ability to run pretty much anything inside. They do consume more resources, but if they’re that much slower then there’s probably something wrong in your setup.
Not everything runs in a container.