Sihiri na haɓakawa: koyarwar gabatarwa a cikin Proxmox VE

A yau za mu yi magana game da yadda za a yi sauri da sauƙi tura sabobin kama-da-wane tare da tsarin aiki daban-daban akan sabar ta jiki ɗaya. Wannan zai ba kowane mai kula da tsarin damar sarrafa dukkan kayan aikin IT na kamfanin da adana albarkatu masu yawa. Yin amfani da ƙwaƙƙwaran ƙimantawa yana taimakawa wajen taƙaitawa gwargwadon yiwuwa daga kayan aikin uwar garken jiki, kare ayyuka masu mahimmanci da sauƙin dawo da aikin su ko da a cikin yanayin gazawa sosai.

Ba tare da wata shakka ba, yawancin masu gudanar da tsarin sun saba da fasahohin yin aiki tare da yanayin kama-da-wane kuma a gare su wannan labarin ba zai zama wani ganowa ba. Duk da haka, akwai kamfanonin da ba sa amfani da sassauƙa da saurin hanyoyin magance su saboda rashin cikakken bayani game da su. Muna fatan labarinmu zai taimaka muku fahimtar ta misali cewa yana da sauƙin fara amfani da haɓakawa sau ɗaya fiye da fuskantar rashin jin daɗi da ƙarancin kayan aikin jiki.

Abin farin ciki, abu ne mai sauqi ka gwada yadda aikin kama-karya ke aiki. Za mu nuna yadda ake ƙirƙirar uwar garken a cikin mahallin kama-da-wane, alal misali, don canja wurin tsarin CRM da ake amfani da shi a cikin kamfani. Kusan kowane uwar garken jiki ana iya juya shi zuwa kama-da-wane, amma da farko kuna buƙatar ƙware ainihin dabarun aiki. Wannan za a tattauna a kasa.

Yaya yake aiki

Idan ya zo ga sanin yakamata, ƙwararrun ƙwararru da yawa suna samun wahalar fahimtar ƙamus, don haka bari mu bayyana wasu ƴan dabaru:

• Hypervisor – software na musamman wanda ke ba ku damar ƙirƙira da sarrafa injina;
• Na'ura mai ban mamaki (nan gaba ana kiranta da VM) wani tsari ne wanda ke zama uwar garken ma'ana a cikin na zahiri tare da tsarin sa na halaye, tuki da tsarin aiki;
• Mai watsa shirye-shiryen Farko - uwar garken jiki tare da hypervisor yana gudana akan shi.

Domin uwar garke ta yi aiki a matsayin mai cikakken iko, dole ne mai sarrafa ta ya goyi bayan ɗayan fasahohi biyu - ko dai Intel® VT ko AMD-V™. Dukansu fasahohin biyu suna yin aiki mafi mahimmanci na samar da albarkatun kayan aikin uwar garken zuwa injunan kama-da-wane.

Babban fasalin shine cewa duk wani aiki na injunan kama-da-wane ana yin su kai tsaye a matakin hardware. A lokaci guda, an ware su da juna, wanda ya sa ya zama sauƙin sarrafa su daban. Hypervisor da kansa yana taka rawar hukuma mai kulawa, rarraba albarkatu, matsayi da fifiko tsakanin su. Hypervisor kuma yana kwaikwayon wannan ɓangaren kayan aikin da ke da mahimmanci don ingantaccen tsarin aiki.

Gabatar da kamanceceniya yana ba da damar samun kwafi da yawa masu gudana na sabar ɗaya. Mummunan gazawa ko kuskure yayin aiwatar da canje-canje ga irin wannan kwafin ba zai shafi aikin sabis na yanzu ko aikace-aikacen ta kowace hanya ba. Wannan kuma yana kawar da manyan matsaloli guda biyu - ƙira da ikon kiyaye "zuwan zoo" na tsarin aiki daban-daban akan hardware iri ɗaya. Wannan dama ce mai kyau don haɗa nau'ikan ayyuka ba tare da buƙatar siyan kayan aiki daban ba ga kowannensu.

Ƙwarewa yana inganta haƙurin kuskuren ayyuka da aikace-aikacen da aka tura. Ko da uwar garken jiki ya gaza kuma yana buƙatar maye gurbinsa da wani, duk kayan aikin kama-da-wane za su ci gaba da aiki gabaɗaya, muddin kafofin watsa labaru na diski ba su da kyau. A wannan yanayin, uwar garken jiki na iya kasancewa daga masana'anta daban-daban. Wannan gaskiya ne musamman ga kamfanonin da ke amfani da sabar da aka daina kuma za su buƙaci ƙaura zuwa wasu ƙira.

Yanzu mun lissafa mashahuran hypervisors waɗanda ke wanzu a yau:

• VMware ESXi
• Microsoft Hyper-V
• Buɗe Virtualization Alliance KVM
• Oracle VM VirtualBox

Dukkansu sun kasance na duniya, duk da haka, kowannensu yana da wasu siffofi waɗanda ya kamata a yi la'akari da su koyaushe a matakin zaɓi: farashin ƙaddamarwa / kulawa da halayen fasaha. Farashin lasisin kasuwanci don VMware da Hyper-V yana da yawa, kuma idan akwai gazawa, yana da matukar wahala a warware matsalar tare da waɗannan tsarin da kanku.

KVM, a gefe guda, yana da cikakkiyar kyauta kuma mai sauƙin amfani, musamman a matsayin wani ɓangare na tushen tushen tushen Debian Linux wanda ake kira Proxmox Virtual Environment. Za mu iya ba da shawarar wannan tsarin don sanin farko tare da duniyar kayan aikin kama-da-wane.

Yadda ake tura Proxmox VE hypervisor da sauri

Shigarwa galibi baya tayar da kowace tambaya. Zazzage sigar hoton na yanzu daga shafin yanar gizon kuma rubuta shi zuwa kowane kafofin watsa labarai na waje ta amfani da mai amfani Win32DiskImager (a cikin Linux ana amfani da umarnin dd), bayan haka muna taya uwar garken kai tsaye daga wannan kafofin watsa labarai. Abokan cinikinmu waɗanda ke hayar sabobin sadaukarwa daga gare mu na iya cin gajiyar hanyoyi guda biyu har ma mafi sauƙi - ta hanyar ɗaga hoton da ake so kai tsaye daga na'urar ta KVM, ko amfani da uwar garken PXE mu.

Mai sakawa yana da siffa mai hoto kuma zai yi ƴan tambayoyi kawai.

1. Zaɓi faifan da za a yi shigarwa. A cikin babi Zabuka Hakanan zaka iya ƙayyade ƙarin zaɓuɓɓukan alamar alama.

   

2. Ƙayyade saitunan yanki.

   

3. Ƙayyade kalmar sirrin da za a yi amfani da ita don ba da izini ga tushen superuser da adireshin imel na mai gudanarwa.

   

4. Ƙayyade saitunan cibiyar sadarwa. FQDN tana nufin cikakken sunan yanki, misali. node01.yourcompany.com.

   

5. Bayan an gama shigarwa, ana iya sake kunna uwar garken ta amfani da maɓallin Sake yi.

   
   
   Za a sami hanyar haɗin yanar gizon gudanarwa a

   https://IP_адрес_сервера:8006

Abin da za a yi bayan shigarwa

Akwai wasu mahimman abubuwa da yakamata kuyi bayan shigar da Proxmox. Bari mu yi magana game da kowannensu dalla-dalla.

Sabunta tsarin zuwa sabon sigar

Don yin wannan, bari mu je zuwa na'ura mai ba da hanya tsakanin hanyoyin sadarwa na uwar garken mu kuma musaki wurin ajiyar kuɗin da aka biya (samuwa ga waɗanda suka sayi tallafin biya kawai). Idan ba ku yi wannan ba, apt zai ba da rahoton kuskure yayin sabunta tushen fakitin.

1. Bude na'ura wasan bidiyo kuma gyara fayil ɗin sanyi mai dacewa:

   nano /etc/apt/sources.list.d/pve-enterprise.list

2. Za a sami layi ɗaya kawai a cikin wannan fayil ɗin. Mun sanya alama a gabanta #don musaki karɓar sabuntawa daga wurin ajiyar kuɗi:

   #deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise

3. Gajerar hanyar allo Ctrl + X fita editan ta hanyar ba da amsa Y lokacin da tsarin ya tambaye shi game da adana fayil ɗin.
4. Muna gudanar da umarni don sabunta tushen fakiti da sabunta tsarin:

   apt update && apt -y upgrade

Kula da aminci

Za mu iya ba da shawarar shigar da mashahurin mai amfani Fail2Ban, wanda ke ba da kariya daga hare-haren kalmar sirri (brute force). Ka’idar aikinsa ita ce, idan maharin ya wuce wasu adadin yunƙurin shiga cikin ƙayyadadden lokaci tare da shigar da kalmar sirri ba daidai ba, to za a toshe adireshin IP ɗin sa. Za a iya ƙayyade lokacin toshewa da adadin ƙoƙarin a cikin fayil ɗin sanyi.

Dangane da gogewa mai amfani, a cikin mako guda na gudanar da sabar tare da bude tashar ssh tashar jiragen ruwa 22 da adireshin IPv4 na waje, an yi ƙoƙari fiye da 5000 don tantance kalmar wucewa. Kuma kamfanin ya yi nasarar toshe adireshi kusan 1500.

Don kammala shigarwa, ga wasu umarni:

1. Bude na'ura mai ba da hanya tsakanin hanyoyin sadarwa ta hanyar yanar gizo ko SSH.
2. Sabunta tushen fakitin:

   apt update

3. Shigar Fail2Ban:

   apt install fail2ban

4. Bude saitin kayan aiki don gyarawa:

   nano /etc/fail2ban/jail.conf

5. Canza masu canji bantime (yawan sakan da za a toshe maharin) da maxretry (yawan yunƙurin shigar da kalmar shiga / kalmar sirri) don kowane sabis na kowane mutum.
6. Gajerar hanyar allo Ctrl + X fita editan ta hanyar ba da amsa Y lokacin da tsarin ya tambaye shi game da adana fayil ɗin.
7. Sake kunna sabis:

   systemctl restart fail2ban

Kuna iya bincika matsayin mai amfani, alal misali, cire ƙididdigar toshewa na adiresoshin IP da aka katange daga waɗanda aka yi ƙoƙarin lalata kalmar sirri ta SSH, tare da umarni ɗaya mai sauƙi:

fail2ban-client -v status sshd

Martanin mai amfani zai yi kama da haka:

root@hypervisor:~# fail2ban-client -v status sshd
INFO   Loading configs for fail2ban under /etc/fail2ban
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
Status for the jail: sshd
|- Filter
|  |- Currently failed: 3
|  |- Total failed:     4249
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     410
   `- Banned IP list:

Hakazalika, zaku iya kare hanyar yanar gizo daga irin waɗannan hare-hare ta hanyar ƙirƙirar ƙa'idar da ta dace. Ana iya samun misalin irin wannan ƙa'idar don Fail2Ban a ciki hukuma manual.

FarawaEND_LINK

Ina so in ja hankalin ku ga gaskiyar cewa Proxmox yana shirye don ƙirƙirar sabbin injina nan da nan bayan shigarwa. Koyaya, muna ba da shawarar ku kammala saitunan farko don a iya sarrafa tsarin cikin sauƙi a nan gaba. Ayyuka na nuna cewa ya kamata a rarraba hypervisor da injunan kama-da-wane akan kafofin watsa labarai na zahiri daban-daban. Yadda za a yi wannan za a tattauna a kasa.

Sanya faifan faifai

Mataki na gaba shine saita ma'ajiyar da za'a iya amfani da ita don adana bayanan injin kama-da-wane da adana bayanai.

HANKALI! Misalin shimfidar faifai da ke ƙasa ana iya amfani da shi don dalilai gwaji kawai. Don amfani na zahiri, muna ba da shawara mai ƙarfi ta yin amfani da tsararrun software ko hardware RAID don hana asarar bayanai lokacin da tuƙi suka gaza. Za mu gaya muku yadda ake shirya tsararrun faifai don aiki yadda ya kamata da abin da za ku yi idan akwai gaggawa a cikin ɗayan labarai masu zuwa.

Bari mu ɗauka uwar garken jiki yana da diski guda biyu - / dev / sda, wanda aka shigar da hypervisor da faifan fanko / dev / sdb, wanda aka tsara za a yi amfani da shi don adana bayanan injina. Domin tsarin don ganin sabon ajiya, zaka iya amfani da hanya mafi sauƙi kuma mafi inganci - haɗa shi azaman jagorar yau da kullun. Amma kafin wannan, kuna buƙatar yin wasu matakan shiri. A matsayin misali, bari mu ga yadda ake haɗa sabon tuƙi / dev / sdb, kowane girman, tsara shi zuwa tsarin fayil ext4.

1. Muna raba faifai, ƙirƙirar sabon bangare:

   fdisk /dev/sdb

2. Danna maɓallin o ko g (Rarraba faifai a cikin MBR ko GPT).
3. Na gaba, danna maɓallin n (ƙirƙiri sabon sashe).
4. Kuma a karshe w (don adana canje-canje).
5. Ƙirƙiri tsarin fayil na ext4:

   mkfs.ext4 /dev/sdb1

6. Ƙirƙiri kundin adireshi inda za mu ɗaga ɓangaren:

   mkdir /mnt/storage

7. Bude fayil ɗin sanyi don gyarawa:

   nano /etc/fstab

8. Ƙara sabon layi a wurin:

   /dev/sdb1	/mnt/storage	ext4	defaults	0	0

9. Bayan yin canje-canje, ajiye su tare da gajeriyar hanyar madannai Ctrl + X, amsawa Y ga tambayar edita.
10. Don duba cewa komai yana aiki, muna aika uwar garken don sake yi:

    shutdown -r now

11. Bayan sake yi, duba abubuwan da aka ɗora:

    df -H

Fitowar umarnin yakamata ya nuna hakan / dev / sdb1 saka a cikin directory /mnt/ajiya. Wannan yana nufin cewa tuƙinmu yana shirye don amfani.

Ƙara sabon wurin ajiya a cikin Proxmox

Shiga cikin sashin kulawa kuma je zuwa sassan Cibiyar bayanai âž Vault âž Add âž Jagora.

A cikin taga da yake buɗewa, cika filaye masu zuwa:

• ID - sunan wurin ajiya na gaba;
• Jagora - /mnt/ajiya;
• Abun ciki - zaɓi duk zaɓuɓɓukan (danna kowane zaɓi bi da bi).

  

Bayan wannan, danna maɓallin Add. Wannan yana kammala saitin.

Ƙirƙiri injin kama-da-wane

Don ƙirƙirar injin kama-da-wane, yi jerin ayyuka masu zuwa:

1. Mun yanke shawara akan sigar tsarin aiki.
2. Zazzage hoton ISO a gaba.
3. Zaɓi daga menu Vault sabon ma'ajiyar da aka kirkira.
4. Turawa Abun ciki âž Zazzagewa.
5. Zaɓi hoton ISO daga lissafin kuma tabbatar da zaɓi ta latsa maɓallin Zazzagewa.

Bayan an gama aikin, za a nuna hoton a cikin jerin sunayen da ake da su.

Bari mu ƙirƙiri injin mu na farko:

1. Turawa Ƙirƙiri VM.
2. Cika sigogi ɗaya bayan ɗaya: Имя âž Hoton ISO âž Girman rumbun kwamfutarka da nau'in âž Yawan masu sarrafawa âž Girman RAM âž Adaftan cibiyar sadarwa.
3. Bayan zaɓar duk sigogin da ake so, danna Don kammalawa. Za a nuna na'urar da aka ƙirƙira a cikin menu na sarrafawa.
4. Zaɓi shi kuma danna Kaddamarwa.
5. Je zuwa nuni Console kuma shigar da tsarin aiki daidai daidai da sabar ta jiki ta yau da kullun.

Idan kana buƙatar ƙirƙirar wata na'ura, maimaita ayyukan da ke sama. Da zarar sun shirya duka, zaku iya aiki tare da su lokaci guda ta buɗe windows na wasan bidiyo da yawa.

Saita autorun

Ta hanyar tsoho, Proxmox baya fara injuna ta atomatik, amma ana iya warware wannan cikin sauƙi tare da dannawa biyu kawai:

1. Danna sunan injin da ake so.
2. Zaɓi shafi Zaɓuɓɓuka âž Fara a kan taya.
3. Mun sanya kaska kusa da rubutun sunan guda.

Yanzu, idan an sake kunna sabar ta zahiri, VM zata fara ta atomatik.

Ga masu gudanar da ci-gaba, akwai kuma damar tantance ƙarin sigogin ƙaddamarwa a cikin sashin Fara/Odar rufewa. Kuna iya fayyace fayyace cikin wane tsari ya kamata a fara injinan. Hakanan zaka iya ƙididdige lokacin da ya kamata ya wuce kafin VM na gaba ya fara da lokacin jinkirin kashewa (idan tsarin aiki ba shi da lokacin da za a rufe, hypervisor zai tilasta shi ya rufe bayan wasu adadin daƙiƙai).

ƙarshe

Wannan labarin ya bayyana ainihin yadda ake farawa tare da Proxmox VE kuma muna fata cewa zai taimaka wa sababbin sababbin su ɗauki mataki na farko da gwada ƙwarewar aiki.

Proxmox VE hakika kayan aiki ne mai ƙarfi da dacewa ga kowane mai gudanar da tsarin; Babban abu shine kada ku ji tsoro don gwaji kuma ku fahimci yadda yake aiki da gaske.

Idan kuna da tambayoyi, maraba da sharhi.

source: www.habr.com