Ma kēiaʻatikala, e nānā mākou i kekahi mau koho koho, akā pono naʻe:
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
He hoʻomau kēia ʻatikala, e hoʻomaka e ʻike iā oVirt i 2 mau hola и .
Articles
- Nā hoʻonohonoho hou - Aia mākou
Nā hoʻonohonoho mana hou
No ka maʻalahi, e hoʻokomo mākou i nā pūʻolo hou:
$ sudo yum install bash-completion vimNo ka hoʻokō ʻana i nā kauoha bash-completion, e hoʻololi i ka bash.
Hoʻohui i nā inoa DNS hou
Pono kēia inā pono ʻoe e hoʻopili i ka luna me ka hoʻohana ʻana i kahi inoa ʻē aʻe (CNAME, alias, a i ʻole he inoa pōkole me ka ʻole o kahi suffix domain). No nā kumu palekana, ʻae wale ka luna i nā pilina i ka papa inoa i ʻae ʻia.
Hana i kahi faila hoʻonohonoho:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.confka mea i lalo:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"a hoʻomaka hou i ka luna:
$ sudo systemctl restart ovirt-engineKa hoʻonohonoho ʻana i ka hōʻoia ma o AD
Loaʻa i ka oVirt kahi waihona mea hoʻohana i kūkulu ʻia, akā kākoʻo pū ʻia nā mea hoʻolako LDAP waho, incl. AD.
ʻO ke ala maʻalahi no kahi hoʻonohonoho maʻamau e hoʻomaka i ka wizard a hoʻomaka hou i ka luna:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engineHe laʻana o ka wizard
$ sudo ovirt-engine-extension-aaa-ldap-setup
Loaʻa nā hoʻokō LDAP:
...
3 - Papa kuhikuhi Active
...
E koho i: 3
E ʻoluʻolu e hoʻokomo i ka inoa ʻo Active Directory Forest: example.com
E ʻoluʻolu e koho i ka protocol e hoʻohana ai (startTLS, ldaps, plain) [hoʻomakaTLS]:
E ʻoluʻolu e koho i ke ala e loaʻa ai ka palapala CA i hoʻopaʻa ʻia PEM (File, URL, Inline, System, Insecure): URL
URL:
E hoʻokomo i ka mea hoʻohana hulina DN (no ka laʻana uid=username,dc=example,dc=com a i ʻole waiho hakahaka no ka inoa ʻole): CN=oVirt-Engine,CN=Users,DC=example,DC=com
E hoʻokomo i ka ʻōlelo huna mea hoʻohana huli: *hua huna*
[ INFO ] Ke ho'āʻo nei e hoʻopaʻa me 'CN=oVirt-Engine,CN=Users,DC=example,DC=com'
E hoʻohana ana ʻoe i kahi hōʻailona hoʻokahi no nā Mīkini Virtual (ʻAe, ʻAʻole) [Ae]:
E ʻoluʻolu e kuhikuhi i ka inoa ʻaoʻao e ʻike ʻia e nā mea hoʻohana [example.com]:
E ʻoluʻolu e hāʻawi i nā hōʻoia no ka hoʻāʻo ʻana i ke kahe komo ʻana:
E hoʻokomo i ka inoa mea hoʻohana: kekahiAnyUser
E hoʻokomo i ka ʻōlelo huna mea hoʻohana:
...
[ INFO ] Ua hoʻokō pono ʻia ke kaʻina komo
...
E koho i ke kaʻina hoʻāʻo e hoʻokō (Hōʻia, Haʻalele, Komo, Huli) [Pono]:
[ INFO ] Pae: Hoʻonohonoho hana
...
HOOLAHA HOOLAHA
...
He kūpono ka hoʻohana ʻana i ka wizard no ka hapa nui o nā hihia. No nā hoʻonohonoho paʻakikī, hana lima ʻia nā hoʻonohonoho. Nā kikoʻī hou aku ma ka palapala oVirt, . Ma hope o ka hoʻopili pono ʻana o ka Engine iā AD, e ʻike ʻia kahi ʻaoʻao hou ma ka puka makani pili, a ma ka 'ae hiki i nā mea ʻōnaehana ke hāʻawi i nā ʻae i nā mea hoʻohana a me nā hui AD. Pono e hoʻomaopopo ʻia ʻo ka papa kuhikuhi waho o nā mea hoʻohana a me nā hui ʻaʻole hiki ke AD wale nō, akā ʻo IPA, eDirectory, etc.
Hoʻonui
I loko o kahi hana hana, pono e hoʻopili ʻia ka ʻōnaehana mālama i ka mea hoʻokipa ma o nā ala I/O he nui, kūʻokoʻa. E like me ke kānāwai, ma CentOS (a no laila oVirtʻe) ʻaʻohe pilikia me ke kūkulu ʻana i nā ala he nui i ka hāmeʻa (find_multipaths ʻae). Hōʻike ʻia nā hoʻonohonoho hou no FCoE ma . He mea pono e hoʻolohe i ka ʻōlelo a ka mea hana mālama - nui ka poʻe e ʻōlelo nei e hoʻohana i ke kulekele round-robin, ʻoiai ʻo Enterprise Linux 7 e hoʻohana i ka manawa lawelawe.
Ma ka laana o 3PAR
a me ka palapala Hoʻokumu ʻia ʻo EL ma ke ʻano he Host me Generic-ALUA Persona 2, kahi i hoʻokomo ʻia ai kēia mau waiwai i loko o nā hoʻonohonoho /etc/multipath.conf:
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}A laila hāʻawi ʻia ke kauoha e hoʻomaka hou:
systemctl restart multipathd
Laiki. ʻO 1 ke kulekele I/O paʻamau.
Laiki. 2 - mau kulekele I / O ma hope o ka hoʻohana ʻana i nā hoʻonohonoho.
Hoʻonohonoho Mana Mana
ʻAe iā ʻoe e hana, no ka laʻana, kahi hoʻonohonoho paʻakikī o ka mīkini inā ʻaʻole hiki i ka Engine ke loaʻa ka pane mai ka Host no ka manawa lōʻihi. Hoʻokō ʻia ma o ka Fence Agent.
Helu -> Nā Hoʻokele -> HOME - Hoʻoponopono -> Mana Mana, a laila e hoʻohuli i ka "Enable Power Management" a hoʻohui i kahi mea hana - "Add Fence Agent" -> +.
E wehewehe i ke ʻano (no ka laʻana, no ka iLO5, pono ʻoe e kuhikuhi i ka ilo4), ka inoa / helu wahi o ka interface ipmi, a me ka inoa inoa / password. Manaʻo ʻia e hana i kahi mea hoʻohana ʻokoʻa (no ka laʻana, oVirt-PM) a, i ka hihia o iLO, hāʻawi iā ia i nā pono:
- Login
- Hōʻikeʻike mamao
- Mana Mana a hoʻoponopono hou
- Mea Pilikino
- E hoʻonohonoho i nā hoʻonohonoho iLO
- Hoʻoponopono i nā moʻokāki mea hoʻohana
Mai nīnau i ke kumu no ia mea, ua koho ʻia ma ka empirically. Pono ka ʻoihana pā console i kahi liʻiliʻi o nā kuleana.
I ka hoʻonohonoho ʻana i nā papa inoa hoʻokele mana, pono e hoʻomanaʻo ʻia ʻaʻole holo ka ʻelele ma ka mīkini, akā ma luna o ka mea hoʻokipa "hoa pili" (ka mea i kapa ʻia ʻo Power Management Proxy), ʻo ia hoʻi, inā hoʻokahi wale nō node ma ka pūʻulu, e hana ka hoʻokele mana ʻAʻole anei.
Hoʻonohonoho SSL
Nā ʻōlelo aʻoaʻo piha - in , Pākuʻi D: oVirt a me SSL - Hoʻololi i ka oVirt Engine SSL/TLS Certificate.
Hiki ke palapala hōʻoia mai kā mākou hui CA a mai kahi CA kālepa waho.
Manaʻo koʻikoʻi: ua manaʻo ʻia ka palapala hōʻoia e hoʻopili i ka luna, ʻaʻole ia e pili i ka pilina ma waena o ka Engine a me nā nodes - e hoʻohana lākou i nā palapala hōʻoia i hoʻopuka ʻia e ka Engine.
Manaʻo:
- palapala hōʻoia o ka hoʻopuka CA ma ka palapala PEM, me ke kaulahao holoʻokoʻa i ke kumu CA (mai ka subordinate e hoʻopuka ana i ka hoʻomaka a i ke kumu ma ka hopena);
- he palapala hōʻoia no Apache i hoʻopuka ʻia e ka mea hoʻopuka CA (ua piha pū me nā kaulahao holoʻokoʻa o nā palapala CA);
- kī pilikino no Apache, ʻaʻohe ʻōlelo huna.
E ʻōlelo mākou e holo ana kā mākou hoʻopuka CA i CentOS, i kapa ʻia ʻo subca.example.com, a aia nā noi, nā kī, a me nā palapala hōʻoia i loko o ka /etc/pki/tls/ directory.
Hana i nā waihona a hana i kahi papa kuhikuhi no ka manawa pōkole:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certsHoʻoiho i nā palapala hōʻoia, e hoʻokō iā ia mai kāu keʻena hana a i ʻole e hoʻololi iā ia ma kahi ala kūpono:
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certsʻO ka hopena, pono ʻoe e ʻike i nā faila 3 a pau:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.keyKe kau nei i nā palapala hōʻoia
E kope i nā faila a hōʻano hou i nā papa inoa hilinaʻi:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.serviceHoʻohui/hōʻano i nā faila hoʻonohonoho:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.confENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.confSSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cerA laila, e hoʻomaka hou i nā lawelawe āpau i pili:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.serviceMākaukau! ʻO ka manawa kēia e hoʻopili ai i ka luna a nānā i ka paʻa ʻana o ka pilina me kahi palapala SSL i kau inoa ʻia.
Pūnaewele
Auhea me ka ole ia! Ma kēia ʻāpana, e kamaʻilio mākou e pili ana i ka mālama ʻana i ka luna, ʻo ka waiho ʻana i ka VM he pilikia kaʻawale. E hana mākou i nā kope waihona i hoʻokahi manawa i ka lā a mālama iā lākou ma luna o NFS, no ka laʻana, ma ka ʻōnaehana like kahi a mākou i kau ai i nā kiʻi ISO - mynfs1.example.com:/exports/ovirt-backup. ʻAʻole pono e mālama i nā waihona ma ka mīkini hoʻokahi kahi e holo ai ka Engine.
E hoʻouka a hoʻā i nā autofs:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofsHana i kahi palapala:
$ sudo vim /etc/cron.daily/make.oVirt.backup.shka mea i lalo:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;E hoʻokō i ka faila:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.shI kēia manawa i kēlā me kēia pō e loaʻa iā mākou kahi waihona o nā hoʻonohonoho hoʻonohonoho.
Hoʻokele hoʻokipa hoʻokipa
he polokalamu hoʻoponopono hou no nā ʻōnaehana Linux. I kēia hihia, hana ia i kahi hana e like me ka pūnaewele pūnaewele ESXi.
Laiki. 3 - hiʻohiʻona o ka panel.
He mea maʻalahi loa ka hoʻouka ʻana, pono ʻoe i nā pūʻolo cockpit a me ka plugin cockpit-ovirt-dashboard:
$ sudo yum install cockpit cockpit-ovirt-dashboard -yHoʻololi Copit:
$ sudo systemctl enable --now cockpit.socketHoʻonohonoho ʻana i ka pā ahi:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanentI kēia manawa hiki iā ʻoe ke hoʻopili i ka host: https://[Host IP or FQDN]:9090
Nā VLAN
E heluhelu hou e pili ana i nā pūnaewele ma . Nui nā mea hiki, ma aneʻi e wehewehe mākou i ka pilina o nā pūnaewele virtual.
No ka hoʻohui ʻana i nā subnets ʻē aʻe, pono e wehewehe mua ʻia lākou i ka hoʻonohonoho ʻana: Network -> Networks -> New, eia wale nō ka inoa i makemake ʻia; ʻO ka pahu pahu VM Network, kahi e hiki ai i nā mīkini ke hoʻohana i kēia pūnaewele, hiki ke hoʻohana ʻia, a no ka hoʻopili ʻana i ka tag, pono ʻoe e hoʻohana. E ho'ā i ka hōʻailona VLAN, e hookomo i ka helu VLAN a kaomi OK.
I kēia manawa pono ʻoe e hele i ka Compute -> Hosts -> kvmNN -> Network Interfaces -> Setup Host Networks hosts. Kauo i ka pūnaewele hoʻohui ʻia mai ka ʻaoʻao ʻākau o Unassigned Logical Networks i ka hema i Assigned Logical Networks:
Laiki. 4 - ma mua o ka hoʻohui ʻana i ka pūnaewele.
Laiki. 5 - ma hope o ka hoʻohui ʻana i ka pūnaewele.
No ka hoʻopili nui ʻana o kekahi mau pūnaewele i kahi mea hoʻokipa, ʻoi aku ka maʻalahi o ka hāʻawi ʻana i ka lepili iā lākou i ka wā e hana ana i nā ʻupena, a hoʻohui i nā pūnaewele ma nā lepili.
Ma hope o ka hoʻokumu ʻia ʻana o ka pūnaewele, e hele nā pūʻali i ka mokuʻāina Non Operational a hiki i ka hoʻohui ʻia ʻana o ka pūnaewele i nā nodes cluster āpau. Hoʻokumu ʻia kēia ʻano e ka hae Require All ma ka Cluster tab i ka wā e hana ai i kahi pūnaewele hou. I ka hihia inā ʻaʻole pono ka pūnaewele ma nā nodes a pau o ka puʻupuʻu, hiki ke hoʻopau ʻia kēia hiʻohiʻona, a laila ʻo ka pūnaewele, i ka wā e hoʻohui ai i kahi mea hoʻokipa, aia ma ka ʻākau i ka ʻāpana ʻAʻole Pono a hiki iā ʻoe ke koho inā e hoʻopili iā ia. kahi hoʻokipa kūikawā.
Laiki. 6 - koho i ka hōʻailona o ka pono pūnaewele.
HPE kiko'ī
Loaʻa nā mea hana a pau e hoʻomaikaʻi i ka hoʻohana ʻana o kā lākou huahana. Ke hoʻohana nei i ka HPE ma ke ʻano he laʻana, ʻo AMS (Agentless Management Service, amsd no iLO5, hp-ams no iLO4) a me SSA (Smart Storage Administrator, hana pū me kahi disk controller), etc.
Hoʻohui i ka waihona HPE
Hoʻokomo i ke kī a hoʻohui i nā waihona HPE:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repoka mea i lalo:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcpE nānā i nā mea o ka waihona a me ka ʻike e pili ana i ka pūʻolo (no ka ʻike):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsdHoʻokomo a hoʻomaka:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsdʻO kahi hiʻohiʻona o ka pono no ka hana ʻana me kahi disk controller
ʻO ia wale nō i kēia manawa. Ma nā ʻatikala aʻe, hoʻolālā wau e uhi i kekahi mau hana kumu a me nā noi. No ka laʻana, pehea e hana ai i ka VDI ma oVirt.
Source: www.habr.com