Quote:
Originally Posted by etpoole60
First question: Since my DNS is working can I remove those entries from my hosts file so I have only a single maintenance point?
|
Yes, as long as your DNS works as it should and you aren't messing around with it all the time (bringing up the service up and down 60 times a minute) you should be fine.
Quote:
Second question: Does it make since to install openvswitch and what will that buy me as far as networking is concerned?
|
Unless you plan of using vlans or some virtual port security, you don't need openvswitch, I run barebones KVM with more then 100 machines on a single bridge interface (x2 10g bonded interfaces) and it works just fine.
Quote:
Third question: I worked last in 01/2016 so my memory is questionable, but isn't that something I can do using 389-DS?
Forth question: What, exactly, does this buy me (other than trying to look like a fortune 500 company) as far as security is concerned?
|
You can use LDAP + kerberos to give you something close to AD (you won't be able to push policys to linux machines (cant do it in AD either) or update SSL certificates (with AD and SSSD you can do this).
Done right TGT tickets (kerberos) are very hard to forge, it gives you some advantages with some slight maintenance (SSL certs group/user management and DNS records)but gives you so much more... think single sign on, think login from anywhere without worrying if you sync'ed accounts, has somewhat better accounting for accounts then just standard UNIX does, has better password polices, enable/disable once, enable/disable everywhere! Your VM's are small now, but in time they will probably grow, wouldn't be nice if you had a proper way to maintain the vms/ other hardware? It also bring down the maintince of every box (VM in your case) because you don't have to worry about anything related to user accounts, set it and forget it and just worry about the LDAP side of things.
Quote:
Fifth question: Is this making things too complicated for a environment with only 12 machines?
|
No, in my opinion the point in time where you have to manage more then one account list is when you are doing it wrong, nevermind 12