N'isiokwu a, anyị ga-eleba anya na ọtụtụ ntọala nhọrọ ma bara uru:
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
Akụkọ a bụ ihe na-aga n'ihu, lee oVirt n'ime awa 2 maka mmalite и .
Isiokwu
- Ntọala mgbakwunye - Anyị nọ ebe a
Ntọala njikwa agbakwunyere
Maka ịdị mma, anyị ga-etinye ngwugwu ndị ọzọ:
$ sudo yum install bash-completion vimIji mee ka mmecha iwu, bash-emecha chọrọ ịgbanwe na bash.
Na-agbakwụnye aha DNS agbakwunyere
A ga-achọrọ nke a mgbe ịchọrọ iji aha ọzọ jikọọ na njikwa njikwa (CNAME, utu aha, ma ọ bụ naanị aha dị mkpirikpi na-enweghị suffix ngalaba). Maka ihe nchekwa, onye njikwa na-enye ohere njikọ naanị site na iji ndepụta aha anabatara.
Mepụta faịlụ nhazi:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.confọdịnaya ndị a:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"ma malitegharịa onye njikwa:
$ sudo systemctl restart ovirt-engineỊmepụta nkwenye site na AD
oVirt nwere ntọala onye ọrụ arụnyere, mana a na-akwadokwa ndị na-eweta LDAP mpụga, gụnyere. A.D.
Ụzọ kachasị mfe maka nhazi a na-ahụkarị bụ ịmalite ọkachamara ma malitegharịa onye njikwa:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engineIhe atụ nke ọrụ nna ukwu
$ sudo ovirt-engine-extension-aaa-ldap-setup
Mmejuputa LDAP dị:
...
3 - Akwụkwọ ndekọ na-arụ ọrụ
...
Biko họrọ: 3
Biko tinye aha ọhịa ndekọ Active: example.com
Biko họrọ protocol iji (startTLS, ldaps, larịị) [StartTLS]:
Biko họrọ usoro iji nweta asambodo CA agbakwunyere PEM (Faịlụ, URL, Inline, Sistemu, enweghị nchebe): URL
URL:
Tinye onye ọrụ ọchụchọ DN (dịka ọmụmaatụ uid=aha njirimara,dc=emple,dc=com ma ọ bụ hapụ ihe efu maka amaghị aha): CN=oVirt-Engine,CN=Ndị ọrụ,DC=ihe atụ,DC=com
Tinye paswọọdụ onye ọrụ ọchụchọ: *paswọọdụ*
[INFO] Na-agbalị ijikọ iji 'CN=oVirt-Engine,CN=Users,DC=eample,DC=com'
Ị ga-eji otu nbanye maka igwe mebere (Ee, Mba) [Ee]:
Biko kọwaa aha profaịlụ nke ndị ọrụ ga-ahụ [ihe atụ.com]:
Biko nye nzere iji nwalee nbanye nbanye:
Tinye aha njirimara: someUser
Tinye paswọọdụ onye ọrụ:
...
[INFO] Emechara usoro nbanye nke ọma
...
Họrọ usoro ule iji mee (Emela, Apụọ, Nbanye, Chọọ) [Emere ya]:
[INFO] Ọkwa: Nhazi azụmahịa
...
Nchịkọta Nhazi
...
Iji ọkachamara kwesịrị ekwesị maka ọtụtụ ikpe. Maka nhazi mgbagwoju anya, a na-eji aka eme ntọala. Nkọwa ndị ọzọ na akwụkwọ oVirt, . Mgbe ijikọ Engine na AD nke ọma, profaịlụ ọzọ ga-apụta na mpio njikọ yana na taabụ ikikere Ihe sistemu nwere ike inye ndị ọrụ AD na ndị otu ikike ikike. Okwesiri iburu n'uche na akwukwo akwukwo di iche iche nke ndi oru na ndi otu nwere ike ibu AD, kamakwa IPA, eDirectory, wdg.
Ịdị n'otu
N'ebe a na-emepụta ihe, a ghaghị ijikọ usoro nchekwa ahụ na onye ọbịa site na ọtụtụ nnwere onwe, ọtụtụ ụzọ I / O. Dị ka a na-achị, na CentOS (ya mere oVirt) enweghị nsogbu na ikpokọta ọtụtụ ụzọ na ngwaọrụ (find_multipaths ee). Edere ntọala agbakwunyere maka FCoE na . Ọ bara uru ịṅa ntị na nkwenye nke onye nrụpụta usoro nchekwa - ọtụtụ ndị na-akwado iji usoro iwu gburugburu, ma na ndabara na Enterprise Linux 7-oge ọrụ.
Iji 3PAR dịka ọmụmaatụ
na akwụkwọ Emebere EL dị ka onye ọbịa na Generic-ALUA Persona 2, nke etinyere ụkpụrụ ndị a na ntọala /etc/multipath.conf:
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}Mgbe nke ahụ gasịrị, enyere iwu ka ịmalitegharịa:
systemctl restart multipathd
Osikapa. 1 bụ ụkpụrụ I/O ọtụtụ ndabara.
Osikapa. 2 - otutu I/O amụma mgbe itinye ntọala.
Ịtọlite njikwa ike
Na-enye gị ohere ịrụ, dịka ọmụmaatụ, nrụpụta ngwaike nke igwe ma ọ bụrụ na Engine enweghị ike ịnweta nzaghachi n'aka onye ọbịa ruo ogologo oge. Ejiri ya site na onye nnọchi anya Fence.
Gbakọọ -> Ndị ọbịa -> AHOST - Dezie -> Njikwa ike, wee mee ka “Kwado njikwa ike” wee gbakwunye onye nnọchi anya - “Tinye onye nnọchi anya Fence” -> +.
Anyị na-egosi ụdị ahụ (dịka ọmụmaatụ, maka iLO5 ịkwesịrị ịkọwa ilo4), aha / adreesị nke interface ipmi, yana aha njirimara / paswọọdụ. A na-atụ aro ka ịmepụta onye ọrụ dị iche (dịka ọmụmaatụ, oVirt-PM) na, n'ihe banyere iLO, nye ya ohere:
- Banye
- Ogwe njikwa anya
- Ike mebere ma tọgharịa
- Mgbasa ozi mebere
- Hazie ntọala iLO
- Jikwaa Akaụntụ Onye ọrụ
Ajụla ihe kpatara nke a ji dị, a họọrọ ya n'ụzọ doro anya. Onye na-ahụ maka ihe mkpuchi ihe njikwa chọrọ ikike pere mpe.
Mgbe ị na-edozi ndepụta njikwa ohere, ị kwesịrị iburu n'uche na onye ọrụ ahụ na-agba ọsọ ọ bụghị na engine, kama na onye ọbịa "ndị agbata obi" (nke a na-akpọ Proxy Management Power), ya bụ, ọ bụrụ na enwere naanị otu ọnụ na ụyọkọ ahụ. njikwa ike ga-arụ ọrụ agaghị.
Ịtọlite SSL
Ntuziaka gọọmentị zuru ezu - n'ime , Ihe mgbakwunye D: oVirt na SSL - Dochie Asambodo oVirt Engine SSL/TLS.
Asambodo ahụ nwere ike ịbụ site na CA ụlọ ọrụ anyị ma ọ bụ site na ikike asambodo azụmahịa mpụga.
Ihe dị mkpa: Ezubere akwụkwọ ahụ maka ijikọ onye njikwa ahụ na ọ gaghị emetụta nkwurịta okwu n'etiti Engine na nodes - ha ga-eji asambodo ejiri aka aka nke engine nyere.
Ihe choro:
- akwụkwọ nke na-enye CA na PEM usoro, na dum yinye ruo mgbọrọgwụ CA (site na subordinate na-ewepụta CA na mmalite ruo mgbọrọgwụ na njedebe);
- asambodo maka Apache nke onye na-enye CA nyere (nke asambodo CA dum gbakwunyere ya);
- igodo nzuzo maka Apache, na-enweghị paswọọdụ.
Ka anyị were CA na-ewepụta CentOS, nke a na-akpọ subca.example.com, yana arịrịọ, igodo, na asambodo dị na /etc/pki/tls/ directory.
Anyị na-eme nkwado ndabere na mpaghara mepụta ndekọ nwa oge:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certsBudata asambodo, rụọ ya site na ọdụ ọrụ gị ma ọ bụ bufee ya n'ụzọ ọzọ dabara adaba:
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certsN'ihi ya, ị ga-ahụ faịlụ 3 niile:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.keyỊwụnye asambodo
Detuo faịlụ ndị ahụ wee melite ndepụta ntụkwasị obi:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.serviceTinye/melite faịlụ nhazi:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.confENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.confSSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cerNa-esote, malitegharịa ọrụ niile emetụtara:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.serviceNjikere! Oge erugo iji jikọọ na njikwa wee lelee na asambodo SSL abịanyere aka na-echekwa njikọ ahụ.
Archiving
Olee ebe anyị ga-anọ na-enweghị ya? N'akụkụ a, anyị ga-ekwu maka ebe nchekwa njikwa; VM archiving bụ okwu dị iche. Anyị ga-emepụta akwụkwọ ndekọ aha otu ugboro n'ụbọchị wee chekwaa ha site na NFS, dịka ọmụmaatụ, n'otu usoro ebe anyị debere ihe oyiyi ISO - mynfs1.example.com:/exports/ovirt-backup. A naghị atụ aro ka ịchekwa ebe nchekwa n'otu igwe ebe Engine na-agba ọsọ.
Wụnye ma mee autofs:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofsKa anyị mepụta edemede:
$ sudo vim /etc/cron.daily/make.oVirt.backup.shọdịnaya ndị a:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;Na-eme ka faịlụ ahụ rụọ ọrụ:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.shUgbu a kwa abalị anyị ga-enweta ebe nchekwa ntọala njikwa.
interface njikwa ndị ọbịa
- interface nchịkwa ọgbara ọhụrụ maka sistemụ Linux. N'okwu a, ọ na-arụ ọrụ yiri nke ESXi web interface.
Osikapa. 3 - ọdịdị nke panel.
Nwụnye dị nnọọ mfe, ị chọrọ ngwugwu kokpiiti na ngwa mgbakwunye cockpit-ovirt-dashboard:
$ sudo yum install cockpit cockpit-ovirt-dashboard -yNa-eme ka igwe kokpiiti:
$ sudo systemctl enable --now cockpit.socketNtọala Firewall:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanentUgbu a ị nwere ike jikọọ na onye ọbịa: https://[Ọbịa IP ma ọ bụ FQDN]:9090
Ndị VLAN
Ịkwesịrị ịgụkwu gbasara netwọk n'ime . Enwere ọtụtụ ohere, ebe a anyị ga-akọwa ijikọ netwọkụ mebere.
Iji jikọọ subnets ndị ọzọ, a ga-ebu ụzọ kọwaa ha na nhazi: Network -> Netwọk -> Ọhụrụ, ebe a naanị aha a chọrọ ubi; Agbanyere igbe nlele netwọkụ VM, nke na-enye igwe ohere iji netwọkụ a, mana ijikọ mkpado a ga-agbanyerịrị. Kwado mkpado VLAN, tinye nọmba VLAN wee pịa OK.
Ugbu a, ị ga-aga Compute hosts -> Hosts -> kvmNN -> Network Interfaces -> Ntọala netwọkụ ndị ọbịa. Dọrọ netwọk agbakwunyere n'akụkụ aka nri nke netwọkụ ezi uche na-adịghị ekenye ya gaa n'aka ekpe n'ime netwọk ezi uche ekenye:
Osikapa. 4 - tupu ịgbakwunye netwọk.
Osikapa. 5 - mgbe ịgbakwunye netwọk.
Iji jikọọ ọtụtụ netwọk na onye ọbịa n'ọtụtụ, ọ dị mma ikenye ha akara mgbe ị na-eke netwọk, ma tinye netwọk site na akara.
Mgbe emechara netwọk ahụ, ndị ọbịa ga-abanye na steeti anaghị arụ ọrụ ruo mgbe etinyere netwọk ahụ na ọnụ ụzọ niile dị na ụyọkọ ahụ. Emere omume a site na ọkọlọtọ chọrọ niile dị na ụyọkọ taabụ mgbe ị na-eke netwọk ọhụrụ. N'ọnọdụ mgbe netwọk na-adịghị mkpa na niile ọnụ nke ụyọkọ, ọkọlọtọ a nwere ike nkwarụ, mgbe ahụ mgbe netwọk na-agbakwunyere netwọk na onye ọbịa, ọ ga-abụ n'aka nri na-adịghị chọrọ ngalaba na ị nwere ike họrọ ma jikọọ. ya ka otu onye ọbịa.
Osikapa. 6 — họrọ àgwà netwọk chọrọ.
HPE kpọmkwem
Ihe fọrọ nke nta ka ọ bụrụ ndị nrụpụta niile nwere ngwaọrụ na-eme ka ojiji ngwaahịa ha dị mma. Iji HPE dị ka ihe atụ, AMS (Agentless Management Service, amsd for iLO5, hp-ams for iLO4) na SSA (Smart Storage Administrator, na-arụ ọrụ na diski njikwa), wdg bara uru.
Jikọọ ebe nchekwa HPE
Anyị na-ebubata igodo wee jikọọ ebe nchekwa HPE:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repoọdịnaya ndị a:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcpLelee ọdịnaya nchekwa yana ozi ngwugwu (maka ntụaka):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsdNwụnye na mmalite:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsdIhe atụ nke akụrụngwa maka ịrụ ọrụ na njikwa diski
Nke ahụ bụ naanị ugbu a. N'isiokwu ndị na-esonụ, m na-eme atụmatụ ikwu banyere ụfọdụ isi ọrụ na ngwa. Dịka ọmụmaatụ, otu esi eme VDI na oVirt.
isi: www.habr.com