Hauv tsab xov xwm no peb yuav saib ntau qhov kev xaiv tab sis muaj txiaj ntsig zoo:
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
Kab lus no yog kev txuas ntxiv, saib oVirt hauv 2 teev rau qhov pib ΠΈ .
Cov khoom
- Cov chaw ntxiv - Peb nyob ntawm no
Ntxiv kev tswj xyuas
Txhawm rau kom yooj yim, peb yuav nruab cov pob ntxiv:
$ sudo yum install bash-completion vimTxhawm rau kom ua tiav cov lus txib, bash-ua tiav yuav tsum tau hloov mus rau bash.
Ntxiv cov npe DNS ntxiv
Qhov no yuav tsum tau thaum koj xav tau txuas mus rau tus thawj tswj hwm siv lwm lub npe (CNAME, alias, lossis tsuas yog lub npe luv yam tsis muaj npe sau npe). Rau kev nyab xeeb vim li cas, tus thawj coj tso cai rau kev sib txuas tsuas yog siv cov npe tso cai.
Tsim cov ntaub ntawv configuration:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.confcov ntsiab lus hauv qab no:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"thiab rov pib tus thawj tswj hwm:
$ sudo systemctl restart ovirt-engineTeeb tsa kev lees paub ntawm AD
oVirt muaj cov neeg siv hauv paus, tab sis cov chaw muab kev pabcuam LDAP sab nraud kuj tau txais kev txhawb nqa, suav nrog. A.D.
Txoj kev yooj yim tshaj plaws rau kev teeb tsa ib txwm yog tso tus wizard thiab rov pib tus thawj tswj hwm:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engineIb qho piv txwv ntawm tus tswv txoj haujlwm
$ sudo ovirt-engine-extension-aaa-ldap-setup
Muaj kev siv LDAP:
...
3 - Active Directory
...
Thov xaiv: 3
Thov sau Active Directory Forest lub npe: piv txwv
Thov xaiv raws tu qauv siv (startTLS, ldaps, dawb) [startTLS]:
Thov xaiv txoj hauv kev kom tau txais PEM encoded CA daim ntawv pov thawj (Cov Ntaub Ntawv, URL, Inline, System, Tsis ruaj ntseg): URL
URL:
Nkag mus rau tus neeg siv tshawb nrhiav DN (piv txwv li uid = username, dc = piv txwv, dc = com lossis tawm khoob rau tsis qhia npe): CN = oVirt-Engine, CN = Cov neeg siv, DC = piv txwv, DC = com
Nkag mus tshawb tus neeg siv tus password: *password *
[ INFO ] Sim los khi siv 'CN = oVirt-Engine, CN = Cov neeg siv, DC = piv txwv, DC = com'
Puas yog koj yuav siv Ib Daim Ntawv Sau Npe rau Virtual Machine (Yog, Tsis yog) [Yog]:
Thov qhia lub npe profile uas yuav pom rau cov neeg siv [example.com]:
Thov muab cov ntaub ntawv pov thawj los kuaj tus lej nkag mus:
Sau tus neeg siv lub npe: ib coAnyUser
Sau tus user password:
...
[INFO] Tus ID nkag mus tau ua tiav tiav
...
Xaiv qhov kev xeem ua ntu kom ua tiav (Done, Abort, ID nkag mus, Nrhiav) [Ua tiav]:
[INFO] Theem: Kev teeb tsa kev lag luam
...
CONFIGURATION SUMMARY
...
Kev siv tus wizard yog haum rau feem ntau. Rau kev teeb tsa nyuaj, kev teeb tsa tau ua manually. Xav paub ntau ntxiv hauv oVirt cov ntaub ntawv, . Tom qab ua tiav kev txuas lub Cav rau AD, ib qho profile ntxiv yuav tshwm sim hauv qhov rai txuas, thiab ntawm lub tab permissions Cov khoom siv muaj peev xwm tso cai rau AD cov neeg siv thiab pab pawg. Nws yuav tsum raug sau tseg tias cov npe sab nraud ntawm cov neeg siv thiab pab pawg tuaj yeem tsis yog AD nkaus xwb, tab sis kuj yog IPA, eDirectory, thiab lwm yam.
Multipathing
Nyob rau hauv ib puag ncig ntau lawm, lub kaw lus cia yuav tsum txuas nrog tus tswv ntawm ntau txoj kev ywj pheej, ntau txoj hauv kev I / O. Raws li txoj cai, hauv CentOS (thiab yog li oVirt) tsis muaj teeb meem nrog kev sib sau ua ke ntau txoj hauv kev rau ib lub cuab yeej (find_multipaths yog). Cov chaw ntxiv rau FCoE tau sau rau hauv . Nws yog ib qho tsim nyog yuav tsum tau ua tib zoo saib xyuas cov lus pom zoo ntawm cov chaw tsim khoom khaws cia - ntau pom zoo siv txoj cai hloov pauv, tab sis los ntawm lub neej ntawd hauv Enterprise Linux 7 kev pabcuam-lub sijhawm siv.
Siv 3PAR ua piv txwv
thiab ntaub ntawv EL yog tsim los ua Tus Tswv Cuab nrog Generic-ALUA Persona 2, uas cov txiaj ntsig hauv qab no tau nkag mus rau hauv qhov chaw /etc/multipath.conf:
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}Tom qab ntawd cov lus txib kom rov pib dua yog muab:
systemctl restart multipathd
Rice. 1 yog lub neej ntawd ntau I/O txoj cai.
Rice. 2 - ntau txoj cai I/O tom qab thov kev teeb tsa.
Teeb tsa kev tswj fais fab
Tso cai rau koj ua, piv txwv li, kho vajtse rov pib dua ntawm lub tshuab yog tias Lub Cav tsis tuaj yeem tau txais cov lus teb los ntawm Tus Tswv rau lub sijhawm ntev. Ua los ntawm Fence Agent.
Compute -> Hosts -> XEEM - Kho kom raug -> Kev Tswj fais fab, tom qab ntawd qhib "Enable Power Management" thiab ntxiv tus neeg sawv cev - "Add Fence Agent" -> +.
Peb qhia txog hom (piv txwv li, rau iLO5 koj yuav tsum qhia ilo4), lub npe / chaw nyob ntawm ipmi interface, nrog rau tus neeg siv lub npe / tus password. Nws raug nquahu kom tsim ib tus neeg siv cais (piv txwv li, oVirt-PM) thiab, hauv cov ntaub ntawv ntawm iLO, muab cov cai rau nws:
- ID nkag mus
- Tej thaj chaw deb Console
- Virtual Power thiab Reset
- Virtual Media
- Configure iLO Chaw
- Tswj Tus Neeg Siv Khoom
Tsis txhob nug vim li cas qhov no yog li ntawd, nws tau raug xaiv empirically. Lub console fencing tus neeg saib xyuas yuav tsum muaj cai tsawg dua.
Thaum teeb tsa cov npe tswj hwm, koj yuav tsum nco ntsoov tias tus neeg sawv cev tsis ua haujlwm ntawm lub cav, tab sis ntawm tus tswv tsev "neeg nyob sib ze" (lub npe hu ua Power Management Proxy), piv txwv li, yog tias tsuas muaj ib qho ntawm cov pawg, kev tswj fais fab yuav ua haujlwm yuav tsis.
Kev teeb tsa SSL
Cov lus qhia tag nrho - hauv , Appendix D: oVirt thiab SSL β Hloov lub oVirt Cav SSL/TLS Certificate.
Daim ntawv pov thawj tuaj yeem yog los ntawm peb lub tuam txhab CA lossis los ntawm lwm lub tuam txhab daim ntawv pov thawj kev lag luam.
Cov lus ceeb toom tseem ceeb: Daim ntawv pov thawj yog npaj rau kev sib txuas nrog tus thawj tswj hwm thiab yuav tsis cuam tshuam kev sib txuas lus ntawm Lub Cav thiab cov nodes - lawv yuav siv daim ntawv pov thawj tus kheej kos npe los ntawm Lub Cav.
Yuav tsum muaj:
- daim ntawv pov thawj ntawm kev muab CA hauv PEM hom, nrog rau tag nrho cov saw mus rau hauv paus CA (los ntawm subordinate muab CA thaum pib mus rau hauv paus thaum kawg);
- ib daim ntawv pov thawj rau Apache muab los ntawm kev muab CA (tseem ntxiv los ntawm tag nrho cov saw ntawm CA daim ntawv pov thawj);
- tus yuam sij ntiag tug rau Apache, tsis muaj tus password.
Cia peb xav tias peb qhov kev tshaj tawm CA tab tom khiav CentOS, hu ua subca.example.com, thiab cov lus thov, cov yuam sij, thiab daim ntawv pov thawj nyob hauv /etc/pki/tls/ directory.
Peb ua backups thiab tsim ib ntus directory:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certsDownload tau daim ntawv pov thawj, ua nws los ntawm koj lub chaw ua haujlwm lossis hloov mus rau lwm txoj hauv kev yooj yim:
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certsYog li ntawd, koj yuav tsum pom tag nrho 3 cov ntaub ntawv:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.keyTxhim kho daim ntawv pov thawj
Luam cov ntaub ntawv thiab hloov kho cov npe ntseeg:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.serviceNtxiv/hloov cov ntaub ntawv configuration:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.confENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.confSSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cerTom ntej no, rov pib dua tag nrho cov kev pabcuam cuam tshuam:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.serviceNpaj txhij! Nws yog lub sijhawm los txuas rau tus thawj tswj hwm thiab xyuas tias qhov kev sib txuas tau tiv thaiv los ntawm daim ntawv pov thawj SSL kos npe.
Khawv koob
Peb yuav nyob qhov twg tsis muaj nws? Hauv seem no peb yuav tham txog tus thawj tswj kev khaws cia; VM archiving yog ib qho teeb meem cais. Peb yuav ua cov ntawv luam theej ib zaug ib hnub thiab khaws cia ntawm NFS, piv txwv li, ntawm tib lub kaw lus uas peb tso cov duab ISO - mynfs1.example.com:/exports/ovirt-backup. Nws tsis pom zoo kom khaws cov ntaub ntawv khaws cia ntawm tib lub tshuab uas Lub Cav ua haujlwm.
Nruab thiab pab kom autofs:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofsWb tsim ib tsab ntawv:
$ sudo vim /etc/cron.daily/make.oVirt.backup.shcov ntsiab lus hauv qab no:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;Ua cov ntaub ntawv executable:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.shTam sim no txhua txhua hmo peb yuav tau txais ib daim ntawv teev cov chaw tswj hwm.
Host tswj interface
- niaj hnub kev tswj hwm interface rau Linux systems. Hauv qhov no, nws ua lub luag haujlwm zoo ib yam li ESXi web interface.
Rice. 3 - zoo li lub vaj huam sib luag.
Kev teeb tsa yooj yim heev, koj xav tau cov pob cockpit thiab cockpit-ovirt-dashboard plugin:
$ sudo yum install cockpit cockpit-ovirt-dashboard -yEnabling Cockpit:
$ sudo systemctl enable --now cockpit.socketKev teeb tsa firewall:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanentTam sim no koj tuaj yeem txuas mus rau tus tswv tsev: https://[Host IP lossis FQDN]: 9090
VLANs
Koj yuav tsum nyeem ntau ntxiv txog cov network hauv . Muaj ntau qhov ua tau, ntawm no peb yuav piav qhia txog kev sib txuas virtual network.
Txhawm rau txuas lwm cov subnets, lawv yuav tsum xub piav qhia hauv kev teeb tsa: Network -> Networks -> Tshiab, ntawm no tsuas yog lub npe yog qhov xav tau; Lub VM Network checkbox, uas tso cai rau cov tshuab siv lub network no, tau qhib, tab sis txhawm rau txuas lub cim npe yuav tsum tau qhib. Pab kom VLAN tagging, sau tus lej VLAN thiab nyem OK.
Tam sim no koj yuav tsum mus rau Compute hosts -> Hosts -> kvmNN -> Network Interfaces -> Setup Host Networks. Luag lub network ntxiv los ntawm sab xis ntawm Unassigned Logical Networks mus rau sab laug rau hauv Assigned Logical Networks:
Rice. 4 - ua ntej ntxiv lub network.
Rice. 5 - tom qab ntxiv lub network.
Txhawm rau txuas ntau lub network rau ib tus tswv hauv ntau, nws yog qhov yooj yim los muab daim ntawv lo rau lawv thaum tsim cov tes hauj lwm, thiab ntxiv cov tes hauj lwm los ntawm cov ntawv sau.
Tom qab tsim lub network, cov tswv yuav nkag mus rau hauv lub xeev tsis ua haujlwm kom txog thaum lub network tau ntxiv rau tag nrho cov nodes hauv pawg. Qhov kev coj cwj pwm no yog tshwm sim los ntawm Xav Tau Txhua tus chij ntawm Pawg tab thaum tsim lub network tshiab. Nyob rau hauv rooj plaub thaum lub network tsis xav tau ntawm tag nrho cov nodes ntawm pawg, tus chij no tuaj yeem ua tsis taus, tom qab ntawd thaum lub network ntxiv rau tus tswv tsev, nws yuav nyob rau sab xis hauv ntu Tsis xav tau thiab koj tuaj yeem xaiv seb puas yuav txuas. nws mus rau ib tus tswv tsev tshwj xeeb.
Rice. 6-xaiv tus cwj pwm xav tau ntawm lub network.
HPE tshwj xeeb
Yuav luag txhua tus neeg tsim khoom muaj cov cuab yeej uas txhim kho kev siv tau ntawm lawv cov khoom. Siv HPE ua piv txwv, AMS (Agentless Management Service, amsd rau iLO5, hp-ams rau iLO4) thiab SSA (Smart Storage Administrator, ua hauj lwm nrog ib tug disk controller), thiab lwm yam yog pab tau.
Txuas lub HPE repository
Peb import tus yuam sij thiab txuas HPE repositories:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repocov ntsiab lus hauv qab no:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcpSaib cov ntaub ntawv khaws cia thiab cov ntaub ntawv pob (rau kev siv):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsdInstallation thiab tso tawm:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsdIb qho piv txwv ntawm kev siv hluav taws xob rau kev ua haujlwm nrog tus tswj disk
Qhov ntawd yog tag nrho rau tam sim no. Hauv kab lus hauv qab no kuv npaj yuav tham txog qee qhov kev ua haujlwm yooj yim thiab kev siv. Piv txwv li, yuav ua li cas ua VDI hauv oVirt.
Tau qhov twg los: www.hab.com