Ana gayyatar masu karatu don sanin ƙa'idodin gina ƙa'idodi masu jurewa ga ƙananan masana'antu a cikin cibiyar bayanai guda ɗaya, waɗanda za a tattauna dalla-dalla a cikin taƙaitaccen jerin labarai.
Gabatarwa
A karkashin cibiyar bayanai Ana iya fahimtar (Cibiyar sarrafa bayanai) kamar:
- nasa tara a cikin nasa "ɗakin uwar garke" a kan yankin kasuwancin, wanda ya dace da mafi ƙarancin buƙatun don samar da wutar lantarki da kayan sanyaya, kuma yana da damar Intanet ta hanyar masu samar da zaman kansu guda biyu;
- wani kwandon haya tare da kayan aikinsa, wanda ke cikin cibiyar bayanai na ainihi - abin da ake kira. Haɗin Tier III ko IV wanda ke ba da garantin ingantaccen ƙarfi, sanyaya da gazawar samun damar Intanet;
- cikakken hayar kayan aiki a cikin Tier III ko IV cibiyar bayanai.
Wani zaɓi na masauki don zaɓar - a kowane hali, komai na mutum ne, kuma yawanci ya dogara da manyan dalilai da yawa:
- me yasa kamfani ke buƙatar kayan aikin IT na kansa kwata-kwata;
- menene ainihin abin da kasuwancin ke so daga kayan aikin IT (abin dogaro, haɓakawa, gudanarwa, da sauransu);
- adadin zuba jari na farko a cikin kayan aikin IT, da kuma irin nau'in farashi don shi - babban birnin (wanda ke nufin siyan kayan aikin ku), ko aiki (kayan aikin yawanci hayar);
- da tsare-tsaren sararin sama na sha'anin kanta.
Kuna iya rubuta abubuwa da yawa game da abubuwan da ke tasiri shawarar kamfani don ƙirƙira da amfani da kayan aikin IT, amma burinmu shine mu nuna a aikace yadda za a ƙirƙiri wannan kayan aikin don ya zama mai jure wa kuskure, kuma a lokaci guda zai yiwu a adana kuɗi - rage farashin siyan software na kasuwanci, ko guje wa su gaba ɗaya.
Kamar yadda dogon aiki ya nuna, ba shi da daraja ceto a kan hardware, tun da miser ya biya sau biyu, har ma da yawa. Amma kuma - kayan aiki mai kyau, wannan shine kawai shawarwarin, kuma a ƙarshe abin da za a saya daidai da nawa ya dogara da damar kasuwancin, da kuma "zari" na gudanarwa. Bugu da ƙari, kalmar "m" ya kamata a fahimta a cikin ma'anar kalmar, tun da yake yana da kyau a zuba jari a cikin kayan aiki a matakin farko, don haka daga baya ba ku da matsaloli masu tsanani tare da ƙarin goyon bayanta da ƙaddamarwa, tun da farko tsarin da ba daidai ba da kuma ajiyar kuɗi mai yawa zai iya haifar da farashi mafi girma a nan gaba fiye da lokacin fara aikin.
Don haka, bayanan farko na aikin:
- akwai wata kamfani da ta yanke shawarar ƙirƙirar tashar yanar gizon kanta kuma ta kawo ayyukanta zuwa Intanet;
- kamfanin ya yanke shawarar yin hayan tarkace don saukar da kayan aikin sa a cikin ingantaccen cibiyar bayanai da aka tabbatar bisa ga ma'aunin Tier III;
- Kamfanin ya yanke shawarar kada ya adana da yawa akan kayan masarufi, don haka ya sayi kayan aiki masu zuwa tare da ƙarin garanti da tallafi:
Jerin kayan aiki
- sabobin Dell PowerEdge R640 na zahiri guda biyu kamar haka:
- biyu Intel Xeon Gold 5120 processor
- 512 GB na RAM
- SAS disks guda biyu a cikin RAID1, don shigar da OS
- ginannen katin cibiyar sadarwa 4-port 1G
- biyu 2-tashar jiragen ruwa 10G cibiyar sadarwa katunan
- guda 2-tashar jiragen ruwa FC HBA 16G.
- Dell MD2f 3820 ajiya mai sarrafawa da aka haɗa ta FC 16G kai tsaye zuwa Dell runduna;
- masu sauyawa biyu na matakin na biyu - Cisco WS-C2960RX-48FPS-L stacked;
- biyu sauya matakin na uku - Cisco WS-C3850-24T-E, hade a cikin tari;
- Rack, UPS, PDU, na'urorin wasan bidiyo - cibiyar bayanai ta samar.
Kamar yadda muke iya gani, kayan aikin da ake da su suna da kyakkyawan fata na yin gyare-gyare a kwance da kuma a tsaye, idan har kamfani zai iya yin gogayya da wasu kamfanoni masu irin wannan bayanin akan Intanet, kuma ya fara samun riba wanda za a iya saka hannun jari don fadada albarkatun don ƙarin gasa da ci gaban riba.
Waɗanne kayan aiki ne za mu iya ƙara idan kamfani ya yanke shawarar haɓaka aikin gungun kwamfuta ɗin mu:
- muna da babban ajiyar ajiya dangane da adadin tashoshin jiragen ruwa a kan masu sauyawa na 2960X, wanda ke nufin za mu iya ƙara ƙarin sabobin kayan aiki;
- saya biyu FC sauyawa don haɗa tsarin ajiya da ƙarin sabobin zuwa gare su;
- Ana iya haɓaka sabobin da ke akwai - ƙara ƙwaƙwalwar ajiya, maye gurbin masu sarrafawa tare da mafi inganci, haɗa zuwa cibiyar sadarwar 10G tare da adaftar cibiyar sadarwa na yanzu;
- zaka iya ƙara ƙarin ɗakunan faifai zuwa tsarin ajiya tare da nau'in diski da ake buƙata - SAS, SATA ko SSD, dangane da nauyin da aka tsara;
- bayan ƙara FC switches, zaku iya siyan wani tsarin ajiya don ƙara ƙarin ƙarfin diski, kuma idan kun sayi zaɓi na musamman Remote Replication zuwa gareshi, zaku iya saita kwafin bayanai tsakanin tsarin ajiya duka a cikin iyakokin cibiyar bayanai ɗaya da tsakanin cibiyoyin bayanai (amma wannan ya riga ya wuce iyakar labarin);
- Hakanan akwai maɓalli na mataki na uku - Cisco 3850, wanda za'a iya amfani dashi azaman cibiyar sadarwa mai jure rashin kuskure don saurin gudu tsakanin hanyoyin sadarwa na ciki. Wannan zai taimaka da yawa a nan gaba, yayin da kayan aikin cikin gida ke girma. Hakanan 3850 yana da tashoshin jiragen ruwa na 10G waɗanda za a iya amfani da su daga baya yayin haɓaka kayan aikin cibiyar sadarwa zuwa saurin 10G.
Tun da yanzu babu inda ba tare da kama-da-wane ba, tabbas za mu kasance cikin yanayin, duk da haka wannan babbar hanya ce don rage farashin sayan sabar masu tsada don abubuwan abubuwan more rayuwa guda ɗaya (sabar yanar gizo, bayanan bayanai, da sauransu), waɗanda ba koyaushe ake amfani da su da kyau ba idan akwai ƙarancin nauyi, kuma wannan shine ainihin abin da zai faru a farkon ƙaddamar da aikin.
Bugu da ƙari, haɓakawa yana da wasu fa'idodi da yawa waɗanda za su iya zama masu amfani sosai a gare mu: haƙurin kuskuren VM daga gazawar uwar garken hardware, ƙaura kai tsaye tsakanin kuɗaɗɗen kayan masarufi don kiyaye su, jagora ko rarraba kaya ta atomatik tsakanin nodes ɗin tari, da sauransu.
Don kayan aikin da kamfani ya siya, ƙaddamar da gungun VMware vSphere da ake samu sosai yana nuna kansa, amma tunda kowace software daga VMware an santa da alamun farashin “doki”, za mu yi amfani da cikakkiyar software na sarrafa kayan aiki kyauta - , a kan abin da sanannen, amma an riga an halicci samfurin kasuwanci - .
Software oVirt wajibi ne a haɗa dukkan abubuwan da ke cikin kayan aikin gabaɗaya don samun damar yin aiki da dacewa tare da injunan kama-da-wane da ake samu sosai - waɗannan su ne bayanan bayanai, aikace-aikacen yanar gizo, sabar wakili, masu daidaitawa, sabar don tattara rajistan ayyukan da nazari, da sauransu, wato, abin da tashar yanar gizon kasuwancinmu ta ƙunshi.
Ƙididdiga wannan gabatarwar, labarai masu zuwa suna jiran mu, waɗanda za su nuna a aikace daidai yadda ake tura dukkan kayan aikin masarufi da software na kamfani:
Jerin labarai
- Kashi na 1. Ana shirye-shiryen tura Tarin OVirt 4.3.
- Kashi na 2. Shigarwa da daidaita gunkin oVirt 4.3.
- Kashi na 3. Ƙirƙirar gungu na VyOS, tsara hanyar tuƙi na waje mai jurewa.
- Kashi na 4. Ƙaddamar da tari na Cisco 3850, tsara hanyar sadarwa ta intanet.
Sashe na 1. Ana Shiri Don Sanya OVirt 4.3 Cluster
Saitin masauki na asali
Shigarwa da daidaita OS shine mataki mafi sauƙi. Akwai labarai da yawa kan yadda ake shigar da OS yadda yakamata da daidaita shi, don haka babu ma'ana a gwada bayar da wani abu na musamman game da wannan.
Don haka, muna da rundunonin Dell PowerEdge R640 guda biyu waɗanda muke buƙatar shigar da OS da aiwatar da saitunan farko don amfani da su azaman masu haɓakawa don gudanar da injunan kama-da-wane a cikin gungu na oVirt 4.3.
Tunda muna shirin yin amfani da software na oVirt ba na kasuwanci ba, mun zaɓi OS don tura runduna. CentOS 7.7, ko da yake yana yiwuwa a shigar da wasu tsarin aiki akan runduna don oVirt:
- gini na musamman dangane da RHEL, abin da ake kira. ;
- OS Oracle Linux Summer 2019 game da kiyaye oVirt yana gudana akan sa.
Kafin shigar da OS, ana bada shawarar:
- saita cibiyar sadarwar iDRAC akan runduna biyu;
- sabunta firmware don BIOS da iDRAC zuwa sabbin sigogin;
- saita bayanin martabar tsarin uwar garken, zai fi dacewa a yanayin Aiki;
- saita RAID daga diski na gida (RAID1 ana ba da shawarar) don shigar da OS akan sabar.
Sa'an nan kuma mu shigar da OS a kan faifai da aka halitta a baya ta hanyar iDRAC - tsarin shigarwa na al'ada ne, babu lokuta na musamman a ciki. Hakanan zaka iya samun dama ga na'ura wasan bidiyo na uwar garken don fara shigarwar OS ta iDRAC, kodayake babu abin da zai hana ka haɗa na'ura, maɓalli da linzamin kwamfuta kai tsaye zuwa uwar garken da shigar da OS daga filasha.
Bayan shigar da OS, muna aiwatar da saitunan farko:
systemctl enable network.service
systemctl start network.service
systemctl status network.servicesystemctl stop NetworkManager
systemctl disable NetworkManager
systemctl status NetworkManageryum install -y ntp
systemctl enable ntpd.service
systemctl start ntpd.servicecat /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targetedcat /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536cat /etc/sysctl.conf
vm.max_map_count = 262144
vm.swappiness = 1Shigar da ainihin saitin software
Don saitin OS na farko, kuna buƙatar saita kowace hanyar sadarwa ta hanyar sadarwa akan uwar garken ta yadda zaku iya shiga Intanet don sabunta OS kuma shigar da fakitin software masu mahimmanci. Wannan za a iya yi duka a lokacin OS shigarwa tsari da kuma bayan shi.
yum -y install epel-release
yum update
yum -y install bind-utils yum-utils net-tools git htop iotop nmon pciutils sysfsutils sysstat mc nc rsync wget traceroute gzip unzip telnet Duk saitunan da ke sama da saitin software lamari ne na fifikon mutum, kuma wannan saitin shawarwari ne kawai.
Tun da mai masaukinmu zai taka rawar hypervisor, za mu ba da damar bayanin aikin da ake so:
systemctl enable tuned
systemctl start tuned
systemctl status tuned tuned-adm profile
tuned-adm profile virtual-host Kuna iya karanta ƙarin game da bayanin martaba a nan:".
Bayan shigar da OS, za mu matsa zuwa kashi na gaba - daidaita hanyoyin sadarwa na cibiyar sadarwa a kan runduna, da tarin Cisco 2960X switches.
Yana saita Cisco 2960X Switch Stack
A cikin aikinmu, za a yi amfani da lambobin VLAN masu zuwa - ko wuraren watsa shirye-shiryen keɓe da juna, don raba nau'ikan zirga-zirga:
Farashin VLAN10 - Intanet
Farashin VLAN17 - Gudanarwa (iDRAC, ajiya, sarrafa sauya)
Farashin VLAN32 – VM samar cibiyar sadarwa
Farashin VLAN33 - hanyar sadarwar haɗin kai (zuwa masu kwangila na waje)
Farashin VLAN34 – VM gwajin cibiyar sadarwa
Farashin VLAN35 – VM developer cibiyar sadarwa
Farashin VLAN40 – sa idanu cibiyar sadarwa
Kafin mu fara aiki, bari mu ba da zane a matakin L2, wanda a ƙarshe ya kamata mu zo:
Don hulɗar cibiyar sadarwa na rundunonin oVirt da injunan kama-da-wane tare da juna, da kuma don sarrafa tsarin ajiyar mu, ya zama dole a saita tarin Cisco 2960X switches.
Masu masaukin Dell suna da katunan cibiyar sadarwa na tashar jiragen ruwa 4, saboda haka, yana da kyau a tsara haɗin su zuwa Cisco 2960X ta amfani da haɗin haɗin yanar gizo mara kuskure, ta amfani da haɗar tashar tashar jiragen ruwa ta zahiri cikin ma'amala mai ma'ana, da ka'idar LACP (802.3ad):
- Ana saita tashoshin jiragen ruwa biyu na farko a kan mai watsa shiri a cikin yanayin haɗin kai kuma an haɗa su zuwa canjin 2960X - za a saita wannan ƙirar ma'ana. gada tare da adireshi don gudanar da runduna, saka idanu, sadarwa tare da sauran runduna a cikin gungu na oVirt, kuma za a yi amfani da shi don ƙaura Live na injunan kama-da-wane;
- mashigai biyu na biyu akan mai watsa shiri kuma ana saita su cikin yanayin haɗin gwiwa kuma an haɗa su zuwa 2960X - akan wannan ƙirar ma'ana ta amfani da oVirt, za a ƙirƙiri gadoji daga baya (a cikin VLANs masu dacewa) waɗanda injunan kama-da-wane zasu haɗa.
- duka tashoshin sadarwa guda biyu a cikin mahallin ma'ana guda ɗaya za su kasance masu aiki, watau. Ana iya watsa zirga-zirga akan su a lokaci guda, a cikin yanayin daidaitawa.
- Saitunan hanyar sadarwa akan nodes ɗin tari dole ne su kasance daidai ɗaya, ban da adiresoshin IP.
Saitin tari na asali 2960X da tashoshin jiragen ruwa
A baya, ya kamata mu canza canjin mu su kasance:
- tarkace saka;
- haɗa ta igiyoyi na musamman guda biyu na tsayin da ake buƙata, misali, CAB-STK-E-1M;
- an haɗa da wutar lantarki;
- an haɗa zuwa wurin aiki na mai gudanarwa ta tashar jiragen ruwa don daidaitawar farko.
Jagoran da ake buƙata don wannan yana samuwa a masana'anta.
Bayan kammala matakan da ke sama, muna saita masu sauyawa.
Abin da kowane umarni ke nufi bai kamata a yanke shi cikin tsarin wannan labarin ba; idan ya cancanta, ana iya samun duk bayanan da kansa.
Manufarmu ita ce mu saita tajin sauya da sauri da haɗa runduna da mu'amalar sarrafa ma'aji zuwa gare ta.
1) Muna haɗi zuwa maɓallin mai sarrafa, je zuwa yanayin gata, sannan je zuwa yanayin daidaitawa kuma muyi saitunan asali.
Daidaitaccen tsarin sauyawa:
enable
configure terminal
hostname 2960X
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone msec
no service password-encryption
service sequence-numbers
switch 1 priority 15
switch 2 priority 14
stack-mac persistent timer 0
clock timezone MSK 3
vtp mode transparent
ip subnet-zero
vlan 17
name Management
vlan 32
name PROD
vlan 33
name Interconnect
vlan 34
name Test
vlan 35
name Dev
vlan 40
name Monitoring
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-40 root primary
spanning-tree loopguard default
vlan internal allocation policy ascending
port-channel load-balance src-dst-ip
errdisable recovery cause loopback
errdisable recovery cause bpduguard
errdisable recovery interval 60
line con 0
session-timeout 60
exec-timeout 60 0
logging synchronous
line vty 5 15
session-timeout 60
exec-timeout 60 0
logging synchronous
ip http server
ip http secure-server
no vstack
interface Vlan1
no ip address
shutdown
exit
Ajiye tsarin tare da umarni"wr mu"kuma zata sake kunna tarin sauya tare da umarnin"sake dawowa» a kan master switch 1.
2) Mun saita tashoshin sadarwa na maɓalli a cikin yanayin samun dama (shigarwa) a cikin VLAN 17, don haɗa ma'amalar sarrafawa na tsarin ajiya da sabar iDRAC.
Yana daidaita Tashoshin Gudanarwa:
interface GigabitEthernet1/0/5
description iDRAC - host1
switchport access vlan 17
switchport mode access
spanning-tree portfast edge
interface GigabitEthernet1/0/6
description Storage1 - Cntr0/Eth0
switchport access vlan 17
switchport mode access
spanning-tree portfast edge
interface GigabitEthernet2/0/5
description iDRAC - host2
switchport access vlan 17
switchport mode access
spanning-tree portfast edge
interface GigabitEthernet2/0/6
description Storage1 – Cntr1/Eth0
switchport access vlan 17
switchport mode access
spanning-tree portfast edge
exit3) Bayan an sake loda kayan, duba cewa yana aiki daidai:
Duba aikin tari:
2960X#show switch stack-ring speed
Stack Ring Speed : 20G
Stack Ring Configuration: Full
Stack Ring Protocol : FlexStack
2960X#show switch stack-ports
Switch # Port 1 Port 2
-------- ------ ------
1 Ok Ok
2 Ok Ok
2960X#show switch neighbors
Switch # Port 1 Port 2
-------- ------ ------
1 2 2
2 1 1
2960X#show switch detail
Switch/Stack Mac Address : 0cd0.f8e4.ХХХХ
Mac persistency wait time: Indefinite
H/W Current
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
*1 Master 0cd0.f8e4.ХХХХ 15 4 Ready
2 Member 0029.c251.ХХХХ 14 4 Ready
Stack Port Status Neighbors
Switch# Port 1 Port 2 Port 1 Port 2
--------------------------------------------------------
1 Ok Ok 2 2
2 Ok Ok 1 14) Kafa damar SSH zuwa tarin 2960X
Don sarrafa tari mai nisa ta hanyar SSH, za mu yi amfani da IP 172.20.1.10 wanda aka saita akan SVI (canza ƙirar kama-da-wane) VLAN17.
Ko da yake yana da kyawawa don amfani da keɓaɓɓen tashar jiragen ruwa a kan sauyawa don dalilai na gudanarwa, wannan batu ne na fifiko da dama.
Ƙirƙirar damar SSH zuwa tarin sauya:
ip default-gateway 172.20.1.2
interface vlan 17
ip address 172.20.1.10 255.255.255.0
hostname 2960X
ip domain-name hw.home-lab.ru
no ip domain-lookup
clock set 12:47:04 06 Dec 2019
crypto key generate rsa
ip ssh version 2
ip ssh time-out 90
line vty 0 4
session-timeout 60
exec-timeout 60 0
privilege level 15
logging synchronous
transport input ssh
line vty 5 15
session-timeout 60
exec-timeout 60 0
privilege level 15
logging synchronous
transport input ssh
aaa new-model
aaa authentication login default local
username cisco privilege 15 secret my_ssh_passwordSaita kalmar sirri don shigar da yanayin gata:
enable secret *myenablepassword*
service password-encryptionSaita NTP:
ntp server 85.21.78.8 prefer
ntp server 89.221.207.113
ntp server 185.22.60.71
ntp server 192.36.143.130
ntp server 185.209.85.222
show ntp status
show ntp associations
show clock detail5) Saita hanyoyin sadarwa na Etherchannel masu ma'ana da tashoshi na zahiri da aka haɗa da runduna. Don sauƙin daidaitawa, duk samuwan VLANs za a ba su izini akan duk musaya masu ma'ana, amma ana ba da shawarar gabaɗaya don saita abin da ake buƙata kawai:
Haɓaka musaya na Etherchannel:
interface Port-channel1
description EtherChannel with Host1-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
spanning-tree portfast edge trunk
interface Port-channel2
description EtherChannel with Host2-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
spanning-tree portfast edge trunk
interface Port-channel3
description EtherChannel with Host1-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
spanning-tree portfast edge trunk
interface Port-channel4
description EtherChannel with Host2-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
spanning-tree portfast edge trunk
interface GigabitEthernet1/0/1
description Host1-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
interface GigabitEthernet1/0/2
description Host2-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
interface GigabitEthernet1/0/3
description Host1-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 3 mode active
interface GigabitEthernet1/0/4
description Host2-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 4 mode active
interface GigabitEthernet2/0/1
description Host1-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
interface GigabitEthernet2/0/2
description Host2-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
interface GigabitEthernet2/0/3
description Host1-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 3 mode active
interface GigabitEthernet2/0/4
description Host2-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 4 mode activeTsarin farko na musaya na cibiyar sadarwa don injunan kama-da-wane, akan runduna Mai watsa shiri1 и Mai watsa shiri2
Muna bincika gaban samfuran da ake buƙata don aikin haɗin gwiwa a cikin tsarin, shigar da ƙirar don sarrafa gadoji:
modinfo bonding
modinfo 8021q
yum install bridge-utilsYana daidaita ma'anar BOND1 mai ma'ana don injunan kama-da-wane da mu'amalarsa ta zahiri akan runduna:
cat /etc/sysconfig/network-scripts/ifcfg-bond1
#DESCRIPTION - management
DEVICE=bond1
NAME=bond1
TYPE=Bond
IPV6INIT=no
ONBOOT=yes
USERCTL=no
NM_CONTROLLED=no
BOOTPROTO=none
BONDING_OPTS='mode=4 lacp_rate=1 xmit_hash_policy=2'
cat /etc/sysconfig/network-scripts/ifcfg-em2
#DESCRIPTION - management
DEVICE=em2
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond1
SLAVE=yes
USERCTL=no
NM_CONTROLLED=no
cat /etc/sysconfig/network-scripts/ifcfg-em3
#DESCRIPTION - management
DEVICE=em3
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond1
SLAVE=yes
USERCTL=no
NM_CONTROLLED=no Bayan kammala saitin akan tari 2960 Х da runduna, sake kunna hanyar sadarwa a kan runduna, kuma duba aiki na ma'amala mai ma'ana.
- a kan mai masaukin baki:
systemctl restart network
cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
...
802.3ad info
LACP rate: fast
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
...
Slave Interface: em2
MII Status: up
Speed: 1000 Mbps
Duplex: full
...
Slave Interface: em3
MII Status: up
Speed: 1000 Mbps
Duplex: full- a kan tari mai sauyawa 2960 Х:
2960X#show lacp internal
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi1/0/1 SA bndl 32768 0x1 0x1 0x102 0x3D
Gi2/0/1 SA bndl 32768 0x1 0x1 0x202 0x3D
2960X#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
Number of channel-groups in use: 11
Number of aggregators: 11
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Gi1/0/1(P) Gi2/0/1(P)Tsarin farko na musaya na cibiyar sadarwa don sarrafa albarkatun tari, akan runduna Mai watsa shiri1 и Mai watsa shiri2
Yana daidaita ma'anar BOND1 mai ma'ana don gudanarwa akan runduna, da mu'amala ta zahiri:
cat /etc/sysconfig/network-scripts/ifcfg-bond0
#DESCRIPTION - management
DEVICE=bond0
NAME=bond0
TYPE=Bond
BONDING_MASTER=yes
IPV6INIT=no
ONBOOT=yes
USERCTL=no
NM_CONTROLLED=no
BOOTPROTO=none
BONDING_OPTS='mode=4 lacp_rate=1 xmit_hash_policy=2'
cat /etc/sysconfig/network-scripts/ifcfg-em0
#DESCRIPTION - management
DEVICE=em0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
NM_CONTROLLED=no
cat /etc/sysconfig/network-scripts/ifcfg-em1
#DESCRIPTION - management
DEVICE=em1
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
NM_CONTROLLED=no Bayan kammala saitin akan tari 2960 Х da runduna, sake kunna hanyar sadarwa a kan runduna, kuma duba aiki na ma'amala mai ma'ana.
systemctl restart network
cat /proc/net/bonding/bond1
2960X#show lacp internal
2960X#sh etherchannel summarySaita hanyar sadarwa ta hanyar sadarwa akan kowane mai masaukin baki a ciki Farashin VLAN17, kuma ku ɗaure shi zuwa ma'amala mai ma'ana BOND1:
Ana saita VLAN17 akan Mai watsa shiri1:
cat /etc/sysconfig/network-scripts/ifcfg-bond1.17
DEVICE=bond1.17
NAME=bond1-vlan17
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
NM_CONTROLLED=no
VLAN=yes
MTU=1500
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPADDR=172.20.17.163
NETMASK=255.255.255.0
GATEWAY=172.20.17.2
DEFROUTE=yes
DNS1=172.20.17.8
DNS2=172.20.17.9
ZONE=publicAna saita VLAN17 akan Mai watsa shiri2:
cat /etc/sysconfig/network-scripts/ifcfg-bond1.17
DEVICE=bond1.17
NAME=bond1-vlan17
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
NM_CONTROLLED=no
VLAN=yes
MTU=1500
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPADDR=172.20.17.164
NETMASK=255.255.255.0
GATEWAY=172.20.17.2
DEFROUTE=yes
DNS1=172.20.17.8
DNS2=172.20.17.9
ZONE=publicMun sake kunna hanyar sadarwa a kan runduna kuma mu duba ganuwa ga juna.
Wannan ya cika daidaitawar tari na Sisiko 2960X, kuma idan duk abin da aka yi daidai, yanzu muna da haɗin cibiyar sadarwa na duk abubuwan abubuwan more rayuwa ga juna a matakin L2.
Dell MD3820f saitin ajiya
Kafin fara aiki akan daidaita tsarin ajiya, dole ne a riga an haɗa shi da tarin sauya sheka na Cisco 2960 Х musaya na gudanarwa, da kuma ga runduna Mai watsa shiri1 и Mai watsa shiri2 ta hanyar FC.
Tsarin gabaɗaya na yadda yakamata a haɗa tsarin ajiya da maɓalli na sauyawa an ba da su a babin da ya gabata.
Tsarin haɗa ajiya ta hanyar FC zuwa runduna yakamata yayi kama da wannan:
Yayin haɗin kai, ya zama dole a rubuta adiresoshin WWPN don FC HBA runduna da aka haɗa da tashar jiragen ruwa na FC akan tsarin ajiya - wannan zai zama dole don daidaitawar runduna ta gaba ga LUNs akan tsarin ajiya.
Zazzagewa kuma shigar da kayan aikin sarrafa ajiya na Dell MD3820f akan aikin mai gudanarwa - PowerVault Modular Disk Storage Manager (MDSM).
Muna haɗi da ita ta tsoffin adiresoshin IP ɗinta, sannan mu daidaita adiresoshin mu daga VLAN17, don sarrafa masu sarrafawa ta hanyar TCP/IP:
Adana1:
ControllerA IP - 172.20.1.13, MASK - 255.255.255.0, Gateway - 172.20.1.2
ControllerB IP - 172.20.1.14, MASK - 255.255.255.0, Gateway - 172.20.1.2Bayan kafa adiresoshin, za mu je wurin wurin sarrafa kayan ajiya kuma mu saita kalmar wucewa, saita lokaci, sabunta firmware don masu sarrafawa da diski, idan ya cancanta, da sauransu.
An bayyana yadda ake yin haka a ciki ajiya.
Bayan yin saitunan da ke sama, muna buƙatar yin abubuwa kaɗan kawai:
- Sanya ID na tashar tashar FC mai masaukin baki - Masu Gano Port Port.
- Ƙirƙiri ƙungiyar mai masaukin baki - kungiyar mai masaukin baki kuma ƙara masu masaukin mu na Dell guda biyu a ciki.
- Ƙirƙiri ƙungiyar faifai da faifai masu kama-da-wane (ko LUNs) a ciki, waɗanda za a gabatar da su ga runduna.
- Tsara gabatar da fayafai masu kama-da-wane (ko LUNs) don runduna.
Ƙara sababbin runduna da masu gano masu gano tashar FC mai masaukin baki zuwa gare su ana yin su ta menu - Taswirar Mai watsa shiri -> Ƙayyade -> Masu masaukin baki…
Ana iya samun adiresoshin WWPN na FC HBA, misali, a cikin uwar garken iDRAC.
A sakamakon haka, ya kamata mu sami wani abu kamar wannan hoton:
Ƙara sabon rukunin runduna da ɗaurin runduna ana yin ta ta menu - Taswirar Mai watsa shiri -> Ƙayyade -> Rukunin Mai watsa shiri…
Don runduna, zaɓi nau'in OS - Linux (DM-MP).
Bayan ƙirƙirar rukunin runduna, ta shafin Adana & Ayyukan Kwafi, ƙirƙirar ƙungiyar faifai - Rukunin Disk, tare da nau'in ya danganta da buƙatun don haƙurin kuskure, misali, RAID10, kuma a cikinsa faifai masu kama da girman girman da ake buƙata:
Kuma a ƙarshe, mataki na ƙarshe shine gabatar da fayafai masu kama-da-wane (ko LUNs) don runduna.
Don yin wannan, ta hanyar menu - Taswirar Mai watsa shiri -> Taswirar wata -> Ƙara ... muna ɗaure faifai masu kama-da-wane ga runduna ta hanyar sanya musu lambobi.
Komai yakamata yayi kama da wannan hoton:
Wannan shine inda muka gama tare da saitin ajiya, kuma idan an yi komai daidai, to masu masaukin baki yakamata su ga LUNs da aka gabatar musu ta FC HBAs.
Bari mu tilasta tsarin don sabunta bayanai game da abubuwan da aka haɗa:
ls -la /sys/class/scsi_host/
echo "- - -" > /sys/class/scsi_host/host[0-9]/scanBari mu ga irin na'urorin da ake iya gani akan sabar mu:
cat /proc/scsi/scsi
Attached devices:
Host: scsi0 Channel: 02 Id: 00 Lun: 00
Vendor: DELL Model: PERC H330 Mini Rev: 4.29
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 00
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 01
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 04
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 11
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 31
Vendor: DELL Model: Universal Xport Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 00
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 01
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 04
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 11
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 31
Vendor: DELL Model: Universal Xport Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
lsscsi
[0:2:0:0] disk DELL PERC H330 Mini 4.29 /dev/sda
[15:0:0:0] disk DELL MD38xxf 0825 -
[15:0:0:1] disk DELL MD38xxf 0825 /dev/sdb
[15:0:0:4] disk DELL MD38xxf 0825 /dev/sdc
[15:0:0:11] disk DELL MD38xxf 0825 /dev/sdd
[15:0:0:31] disk DELL Universal Xport 0825 -
[18:0:0:0] disk DELL MD38xxf 0825 -
[18:0:0:1] disk DELL MD38xxf 0825 /dev/sdi
[18:0:0:4] disk DELL MD38xxf 0825 /dev/sdj
[18:0:0:11] disk DELL MD38xxf 0825 /dev/sdk
[18:0:0:31] disk DELL Universal Xport 0825 -A kan runduna, kuma kuna iya kuma saita su yawa, kuma ko da yake yana iya yin shi da kansa lokacin shigar da oVirt, yana da kyau a duba daidaiton MP tukuna.
Shigarwa da daidaitawa DM Multipath
yum install device-mapper-multipath
mpathconf --enable --user_friendly_names y
cat /etc/multipath.conf | egrep -v "^s*(#|$)"
defaults {
user_friendly_names yes
find_multipaths yes
}
blacklist {
wwid 26353900f02796769
devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"
devnode "^hd[a-z]"
}Saita sabis na MP don farawa ta atomatik kuma fara shi:
systemctl enable multipathd && systemctl restart multipathdBincika bayanai game da ɗorawa da aka ɗora don aikin MP:
lsmod | grep dm_multipath
dm_multipath 27792 6 dm_service_time
dm_mod 124407 139 dm_multipath,dm_log,dm_mirror
modinfo dm_multipath
filename: /lib/modules/3.10.0-957.12.2.el7.x86_64/kernel/drivers/md/dm-multipath.ko.xz
license: GPL
author: Sistina Software <[email protected]>
description: device-mapper multipath target
retpoline: Y
rhelversion: 7.6
srcversion: 985A03DCAF053D4910E53EE
depends: dm-mod
intree: Y
vermagic: 3.10.0-957.12.2.el7.x86_64 SMP mod_unload modversions
signer: CentOS Linux kernel signing key
sig_key: A3:2D:39:46:F2:D3:58:EA:52:30:1F:63:37:8A:37:A5:54:03:00:45
sig_hashalgo: sha256Duba taƙaitaccen daidaitawar hanyoyin da ke akwai:
mpathconf
multipath is enabled
find_multipaths is disabled
user_friendly_names is disabled
dm_multipath module is loaded
multipathd is runningBayan ƙara sabon LUN zuwa tsarin ajiya kuma gabatar da shi ga mai watsa shiri, kuna buƙatar bincika HBAs da aka haɗa da mai watsa shiri akan sa.
systemctl reload multipathd
multipath -v2Kuma a ƙarshe, muna bincika ko an gabatar da duk LUNs akan tsarin ajiya don runduna, kuma ko akwai hanyoyi guda biyu ga kowa.
Duba aikin MP:
multipath -ll
3600a098000e4b4b3000003175cec1840 dm-2 DELL ,MD38xxf
size=2.0T features='3 queue_if_no_path pg_init_retries 50' hwhandler='1 rdac' wp=rw
|-+- policy='service-time 0' prio=14 status=active
| `- 15:0:0:1 sdb 8:16 active ready running
`-+- policy='service-time 0' prio=9 status=enabled
`- 18:0:0:1 sdi 8:128 active ready running
3600a098000e4b48f000002ab5cec1921 dm-6 DELL ,MD38xxf
size=10T features='3 queue_if_no_path pg_init_retries 50' hwhandler='1 rdac' wp=rw
|-+- policy='service-time 0' prio=14 status=active
| `- 18:0:0:11 sdk 8:160 active ready running
`-+- policy='service-time 0' prio=9 status=enabled
`- 15:0:0:11 sdd 8:48 active ready running
3600a098000e4b4b3000003c95d171065 dm-3 DELL ,MD38xxf
size=150G features='3 queue_if_no_path pg_init_retries 50' hwhandler='1 rdac' wp=rw
|-+- policy='service-time 0' prio=14 status=active
| `- 15:0:0:4 sdc 8:32 active ready running
`-+- policy='service-time 0' prio=9 status=enabled
`- 18:0:0:4 sdj 8:144 active ready runningKamar yadda kake gani, duk nau'ikan diski guda uku da ke kan tsarin ajiya ana iya gani ta hanyoyi biyu. Don haka, an kammala duk aikin shirye-shiryen, wanda ke nufin cewa zaku iya ci gaba zuwa babban ɓangaren - kafa ƙungiyar oVirt, wanda za'a tattauna a cikin labarin na gaba.
source: www.habr.com