Don kunna kammala umarni, kammala bash yana buƙatar canzawa zuwa bash.
Ƙara ƙarin sunayen DNS
Ana buƙatar wannan lokacin da kuke buƙatar haɗawa da mai sarrafa ta amfani da madadin suna (CNAME, alias, ko gajeriyar suna ba tare da ƙaranci na yanki ba). Don dalilai na tsaro, mai sarrafa yana ba da damar haɗi kawai ta amfani da jerin sunayen da aka yarda.
Ƙirƙiri fayil ɗin daidaitawa:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf
Misalin aikin maigida
$ sudo ovirt-engine-extension-aaa-ldap-saitin
Akwai aiwatar da LDAP:
...
3 - Littafin Jagora
...
Da fatan za a zaɓi: 3
Da fatan za a shigar da Active Directory Forest sunan: Misali.com
Da fatan za a zaɓi yarjejeniya don amfani (startTLS, ldaps, bayyananne) [startTLS]:
Da fatan za a zaɓi hanya don samun takaddun shaida na CA PEM (Fayil, URL, Layi, Tsari, Mara tsaro): URL
URL: wwwca.example.com/myRootCA.pem
Shigar da mai amfani DN (misali uid=sunan mai amfani,dc=misali,dc=com ko barin komai don wanda ba a sani ba): CN=oVirt-Engine,CN=Masu amfani,DC=misali,DC=com
Shigar da kalmar sirrin mai amfani: *Password*
[INFO] Ƙoƙarin ɗaure ta amfani da 'CN=oVirt-Engine,CN=Users,DC=misali,DC=com'
Shin za ku yi amfani da Sign-On guda ɗaya don Injin Farko (Ee, A'a) [I]:
Da fatan za a saka sunan bayanin martaba wanda zai ganuwa ga masu amfani [misali.com]:
Da fatan za a ba da takaddun shaida don gwada kwararar shiga:
Shigar da sunan mai amfani: Wani Mai amfani
Shigar da kalmar wucewa ta mai amfani:
...
[INFO] An aiwatar da jerin shiga cikin nasara
...
Zaɓi jerin gwaji don aiwatarwa (An yi, Zubar da ciki, Shiga, Bincike) [An gama]:
[INFO] Mataki: Saitin ciniki
...
TAKAITACCEN TSIRA
...
Amfani da mayen ya dace da yawancin lokuta. Don hadaddun saiti, ana yin saituna da hannu. Ƙarin cikakkun bayanai a cikin takardun oVirt, Masu amfani da Matsayi. Bayan an yi nasarar haɗa Injin zuwa AD, ƙarin bayanin martaba zai bayyana a cikin taga haɗin gwiwa, da kuma akan shafin izini Abubuwan tsarin suna da ikon ba da izini ga masu amfani da AD da ƙungiyoyi. Ya kamata a lura cewa bayanan waje na masu amfani da ƙungiyoyi na iya zama ba kawai AD ba, har ma IPA, eDirectory, da sauransu.
Haɗuwa da yawa
A cikin yanayin samarwa, dole ne a haɗa tsarin ajiya zuwa mai watsa shiri ta hanyar masu zaman kansu da yawa, hanyoyin I / O da yawa. A matsayinka na mai mulki, a cikin CentOS (sabili da haka oVirt) babu matsaloli tare da haɗa hanyoyi da yawa zuwa na'ura (find_multipaths eh). An rubuta ƙarin saituna don FCoE a ciki Kashi na 2. Yana da kyau a kula da shawarwarin masana'antun tsarin ajiya - da yawa suna ba da shawarar yin amfani da manufofin zagaye-robin, amma ta tsohuwa a cikin Enterprise Linux 7 ana amfani da lokacin sabis.
Shinkafa 2 - Manufofin I/O da yawa bayan amfani da saituna.
Saita sarrafa wutar lantarki
Yana ba ku damar yin, misali, sake saitin na'ura mai ƙarfi idan Injin ba zai iya samun amsa daga Mai watsa shiri na dogon lokaci ba. An aiwatar ta hanyar Wakilin Fence.
Yi lissafi -> Mai watsa shiri -> HOST - Shirya -> Gudanar da Wuta, sannan kunna "Enable Power Management" kuma ƙara wakili - "Ƙara Wakilin Fence" -> +.
Muna nuna nau'in (misali, don iLO5 kana buƙatar saka ilo4), sunan / adireshin ipmi interface, da sunan mai amfani / kalmar sirri. Ana ba da shawarar ƙirƙirar mai amfani daban (misali, oVirt-PM) kuma, a cikin yanayin iLO, a ba shi gata:
Shiga
Console mai nisa
Ƙarfin Ƙarfi da Sake saiti
Kafofin watsa labarai na gani
Saita saitunan iLO
Gudanar da Asusun Masu Amfani
Kada ku tambayi dalilin da yasa wannan yake haka, an zaɓe shi da gaske. Wakilin shinge na wasan bidiyo yana buƙatar ƙananan haƙƙoƙi.
Lokacin kafa jerin abubuwan sarrafawa, ya kamata ku tuna cewa wakili ba yana gudana akan injin ba, amma akan mai masaukin “maƙwabta” (wanda ake kira Proxy Management Proxy), watau idan akwai kumburi ɗaya kawai a cikin tari, sarrafa wutar lantarki zai yi aiki ba zai.
Saita SSL
Cikakken umarnin hukuma - in takardun, Shafi D: oVirt da SSL - Maye gurbin oVirt Engine SSL/TLS Certificate.
Takaddun shaida na iya zama ko dai daga CA na kamfani ko kuma daga ikon takardar shedar kasuwanci ta waje.
Muhimmiyar sanarwa: takardar shaidar an yi niyya don haɗawa da manajan, ba zai shafi hulɗar da ke tsakanin Injin da nodes ba - za su yi amfani da takaddun shaida da Injin ya bayar.
Bukatun:
takardar shaidar CA a cikin tsarin PEM, tare da dukan sarkar zuwa tushen CA (daga ƙaddamarwa a farkon zuwa tushen a karshen);
takardar shaida don Apache da CA mai bayarwa ta bayar (kuma an haɗa ta da dukkanin jerin takaddun shaida na CA);
maɓalli na sirri don Apache, ba tare da kalmar sirri ba.
Bari mu ɗauka cewa fitar da CA ɗinmu tana gudana CentOS, wanda ake kira subca.example.com, kuma buƙatun, maɓallai, da takaddun shaida suna cikin /etc/pki/tls/ directory.
Shirya! Lokaci ya yi da za a haɗa zuwa manajan kuma duba cewa haɗin yana da kariya ta takardar shaidar SSL da aka sa hannu.
Yin ajiya
Ina za mu kasance ba tare da ita ba? A cikin wannan sashe za mu yi magana game da adana kayan aiki; VM archiving batu ne na daban. Za mu yi kwafin ajiya sau ɗaya a rana kuma mu adana su ta hanyar NFS, alal misali, akan tsarin guda ɗaya inda muka sanya hotunan ISO - mynfs1.example.com:/exports/ovirt-backup. Ba'a ba da shawarar adana ma'ajin ajiya akan na'ura ɗaya inda Injin ke aiki ba.
Yanzu zaku iya haɗawa da mai watsa shiri: https://[ Mai watsa shiri IP ko FQDN ]:9090
VLANs
Ya kamata ku karanta ƙarin game da cibiyoyin sadarwa a ciki takardun. Akwai yuwuwar da yawa, anan za mu bayyana haɗa hanyoyin sadarwar kama-da-wane.
Don haɗa wasu ƙananan hanyoyin sadarwa, dole ne a fara bayyana su a cikin tsarin: Network -> Networks -> Sabo, a nan sunan kawai filin da ake bukata; Akwatin rajistan cibiyar sadarwa ta VM, wanda ke ba injina damar amfani da wannan hanyar sadarwar, an kunna, amma don haɗa alamar dole ne a kunna. Kunna VLAN tagging, shigar da lambar VLAN kuma danna Ok.
Yanzu kuna buƙatar zuwa Lissafin runduna -> Runduna -> kvmNN -> Hanyoyin Sadarwar Sadarwar -> Saita Cibiyar Sadarwar Mai watsa shiri. Jawo ƙarar hanyar sadarwar daga gefen dama na hanyoyin sadarwa masu ma'ana waɗanda ba a sanya su ba zuwa hagu cikin hanyoyin sadarwa masu ma'ana:
Shinkafa 4- kafin a kara network.
Shinkafa 5-bayan kara network.
Don haɗa cibiyoyin sadarwa da yawa zuwa mai masaukin baki a girma, ya dace a sanya musu lakabi (s) lokacin ƙirƙirar cibiyoyin sadarwa, da ƙara cibiyoyin sadarwa ta lakabi.
Bayan an ƙirƙiri hanyar sadarwar, masu watsa shirye-shiryen za su shiga cikin yanayin da ba na aiki ba har sai an ƙara hanyar sadarwar zuwa duk nodes a cikin gungu. Wannan hali yana faruwa ta hanyar Buƙatar Duk Tuta akan shafin tari lokacin ƙirƙirar sabuwar hanyar sadarwa. A cikin yanayin lokacin da ba a buƙatar hanyar sadarwa akan duk nodes na gungu, wannan tuta za a iya kashe shi, sannan lokacin da aka ƙara hanyar sadarwar zuwa mai watsa shiri, zai kasance a hannun dama a sashin da ba a buƙata kuma zaku iya zaɓar ko kuna haɗawa. shi zuwa ga wani mai gida na musamman.
Shinkafa 6-zaba sifa ta hanyar sadarwa.
HPE na musamman
Kusan duk masana'antun suna da kayan aikin da ke inganta amfanin samfuran su. Yin amfani da HPE a matsayin misali, AMS (Sabis na Gudanar da Agent, amsd don iLO5, hp-ams don iLO4) da SSA (Mai Gudanar da Ma'ajiyar Ajiye, aiki tare da mai sarrafa diski), da sauransu suna da amfani.