I roto i tenei tuhinga ka titiro tatou ki te maha o nga tautuhinga whiriwhiri engari whai hua:
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
He korero haere tonu tenei tuhinga, tirohia oVirt i roto i nga haora 2 mo te timatanga и .
Tefito
- Tautuhinga taapiri - Kei konei matou
Tautuhinga kaiwhakahaere taapiri
Mo te waatea, ka whakauruhia e matou etahi atu kete:
$ sudo yum install bash-completion vimKia taea ai te whakaoti whakahau, me huri te bash-completion ki te bash.
Te taapiri i etahi atu ingoa DNS
Ka hiahiatia tenei ina hiahia koe ki te hono atu ki te kaiwhakahaere ma te whakamahi i tetahi ingoa rereke (CNAME, ingoa ingoa, he ingoa poto noa ranei kaore he pimuri rohe). Mo nga take haumaru, ka whakaaetia e te kaiwhakahaere nga hononga ma te whakamahi i te rarangi ingoa kua whakaaetia.
Waihangatia he kōnae whirihoranga:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.confte ihirangi e whai ake nei:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"ka whakaara ano i te kaiwhakahaere:
$ sudo systemctl restart ovirt-engineTe whakarite motuhēhēnga mā AD
Kei a oVirt he turanga kaiwhakamahi kua hangaia, engari kei te tautokohia nga kaiwhakarato LDAP o waho, tae atu ki. A.D.
Ko te huarahi ngawari mo te whirihoranga angamaheni ko te whakarewa i te ruānuku me te whakaara ano i te kaiwhakahaere:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engineHe tauira o te mahi a te rangatira
$ sudo ovirt-engine-extension-aaa-ldap-setup
Nga whakatinanatanga LDAP e waatea ana:
...
3 - Whaiaronga Hohe
...
Tīpakohia koa: 3
Whakaurua koa te ingoa ngahere Active Directory: example.com
Tīpakohia koa te kawa hei whakamahi (startTLS, ldaps, mania) [startTLS]:
Tīpakohia koa te tikanga kia whiwhi tiwhikete CA kua whakawaeheretia PEM (Kōnae, URL, Raina, Pūnaha, Haumaru): URL
URL:
Whakauruhia te DN kaiwhakamahi rapu (hei tauira uid=ingoakaiwhakamahi,dc=example,dc=com me waiho putua mo te ingoamuna): CN=oVirt-Engine,CN=Nga Kaiwhakamahi,DC=tauira,DC=com
Whakauruhia te kupuhipa kaiwhakamahi rapu: *kupuhipa*
[ INFO ] E ngana ana ki te here ma te whakamahi 'CN=oVirt-Engine,CN=Users,DC=example,DC=com'
Ka whakamahi koe i te Waitohu Takitahi mo nga Miihini Mariko (Ae, Kao) [Ae]:
Whakapūtātia koa te ingoa kōtaha ka kitea e ngā kaiwhakamahi [example.com]:
Tukuna koa nga tohu hei whakamatautau i te rere takiuru:
Whakauruhia te ingoa kaiwhakamahi: someAnyUser
Whakauruhia te kupuhipa kaiwhakamahi:
...
[INFO] I tutuki pai te raupapa takiuru
...
Tīpakohia te raupapa whakamātautau hei mahi (Kua oti, Whakamutua, Takiuru, Rapu) [Kua oti]:
[INFO] Wāhanga: Tatūnga tauwhitinga
...
WHAKARAPOPOPOTOTANGA whirihora
...
Ko te whakamahi i te ruānuku he pai mo te nuinga o nga keehi. Mo nga whirihoranga uaua, ka mahia a ringa nga tautuhinga. Ko etahi atu korero kei roto i nga tuhinga oVirt, . Whai muri i te pai o te hono i te Miihini ki te AD, ka puta he tohu taapiri ki te matapihi hononga, me te ripa whakaaetanga Kei nga mea punaha te kaha ki te tuku whakaaetanga ki nga kaiwhakamahi me nga roopu AD. Me tohu ko te raarangi o waho o nga kaiwhakamahi me nga roopu kaore i te AD anake, engari ko te IPA, eDirectory, etc.
Whakarea
I roto i te taiao whakaputa, me hono te punaha rokiroki ki te kaihautu ma te maha o nga huarahi I/O motuhake, maha. Hei tikanga, i roto i te CentOS (me te oVirt) kaore he raru ki te whakahiato i nga huarahi maha ki tetahi taputapu (kitea_multipaths ae). Kua tuhia etahi atu tautuhinga mo FCoE . He pai ki te aro ki te taunakitanga a te kaiwhakanao punaha rokiroki - he maha nga mea e kii ana ki te whakamahi i te kaupapa here a tawhio noa, engari na te taunoa i roto i te Enterprise Linux 7 ka whakamahia te wa-mahi.
Te whakamahi i te 3PAR hei tauira
me te tuhinga Ka hangaia a EL hei Kaihautu me te Generic-ALUA Persona 2, mo te whakauru i nga uara e whai ake nei ki nga tautuhinga /etc/multipath.conf:
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}Whai muri ka tukuna te whakahau ki te whakaara ano:
systemctl restart multipathd
raihi. Ko 1 te kaupapa here I/O maha taunoa.
raihi. 2 - kaupapa here I/O maha i muri i te tono tautuhinga.
Te whakarite whakahaere mana
Ka taea e koe te mahi, hei tauira, te tautuhi taputapu o te miihini ki te kore e taea e te Mihini te whakautu mai i te Kaihautu mo te wa roa. I whakatinanahia na roto i te Kaihanga Taiapa.
Tatau -> Kaihautū -> HOST — Whakatika -> Whakahaere Mana, katahi ka taea te "Whakahohehia te Whakahaere Hiko" me te taapiri i tetahi kaihoko - "Taapirihia te Kaihokohoko Taiapa" -> +.
Ka tohuhia te momo (hei tauira, mo te iLO5 me tohu e koe ilo4), te ingoa/te wahitau o te atanga ipmi, me te ingoa kaiwhakamahi/kupuhipa. E taunaki ana ki te hanga i tetahi kaiwhakamahi motuhake (hei tauira, oVirt-PM) a, mo te iLO, hoatu ki a ia he mana:
- Takiuru
- Papatohu Mamao
- Te Mana Mariko me te Tautuhi
- Paoho Mariko
- Whirihorahia nga Tautuhinga iLO
- Whakahaere Pūkete Kaiwhakamahi
Kaua e patai he aha i penei ai, i whiriwhiria marietia. He iti ake te mana o te kaihoko taiapa papatohu.
I te wa e whakarite ana i nga rarangi mana uru, me mahara koe kaore te kaihoko e rere i runga i te miihini, engari i runga i te kaihautu "tata" (ko te mea e kiia ana ko te Takawaenga Whakahaere Mana), ara, mena he kotahi noa te node i roto i te tautau, ka mahi te whakahaere mana kaore.
Te whakarite SSL
Nga tohutohu whai mana katoa - i roto , Apiti D: oVirt me SSL — Whakakapi i te Tiwhikete SSL/TLS Engine oVirt.
Ka taea te tiwhikete mai i a maatau umanga CA mai i tetahi mana tiwhikete arumoni o waho.
He korero nui: Ko te tiwhikete te tikanga mo te hono atu ki te kaiwhakahaere me te kore e pa ki te whakawhitiwhitinga korero i waenga i te Mihini me nga pona - ka whakamahia e ratou nga tiwhikete haina-whaiaro i tukuna e te Miihini.
Whakaritenga:
- te tiwhikete o te tuku CA i roto i te whakatakotoranga PEM, me te mekameka katoa tae noa ki te CA pakiaka (mai i te rangatira e tuku ana i te CA i te timatanga ki te pakiaka i te mutunga);
- he tiwhikete mo Apache i tukuna e te Kaituku CA (kua taapirihia e te mekameka katoa o nga tiwhikete CA);
- kī tūmataiti mo Apache, kaore he kupuhipa.
Me whakaaro tatou kei te whakahaere to tatou tuku CA i te CentOS, e kiia ana ko te subca.example.com, a ko nga tono, taviri, me nga tiwhikete kei roto i te raarangi /etc/pki/tls/.
Ka mahia e matou he taapiri me te hanga i tetahi raarangi rangitahi:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certsTangohia nga tiwhikete, mahia mai i to teihana mahi, whakawhiti ranei ma tetahi atu huarahi pai:
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certsKo te mutunga, me kite koe i nga konae 3 katoa:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.keyTe whakauru i nga tiwhikete
Tāruatia ngā kōnae ka whakahōu i ngā rārangi whirinaki:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.serviceTāpiri/whakahōu kōnae whirihoranga:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.confENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.confSSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cerPanuku, whakaara ano i nga ratonga kua pa katoa:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.serviceKua rite! Kua tae ki te wa ki te hono atu ki te kaiwhakahaere me te tirotiro kei te tiakina te hononga e te tiwhikete SSL kua hainatia.
Whakapuranga
Kei hea tatou me te kore ia? I tenei waahanga ka korero tatou mo te whakapuranga kaiwhakahaere; Ko te whakapuranga VM he take motuhake. Ka mahia e matou nga kape purongo kotahi i te ra ka penapena ma te NFS, hei tauira, i runga i te punaha ano i tuu ai nga whakaahua ISO - mynfs1.example.com:/exports/ovirt-backup. Kaore i te tūtohutia ki te penapena i nga purongo ki runga i te miihini kotahi e rere ana te Miihini.
Tāuta me te whakahohe i ngā autofs:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofsMe hanga he tuhinga:
$ sudo vim /etc/cron.daily/make.oVirt.backup.shte ihirangi e whai ake nei:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;Ka taea te whakahaere i te konae:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.shInaianei i nga po katoa ka whiwhi matou i te puranga o nga tautuhinga kaiwhakahaere.
Atanga whakahaere manaaki
— he atanga whakahaere hou mo nga punaha Linux. I tenei keehi, he rite tonu tana mahi ki te atanga paetukutuku ESXi.
raihi. 3 - ahua o te röpü.
He tino ngawari te whakaurunga, kei te hiahia koe ki nga kete cockpit me te mono cockpit-ovirt-dashboard:
$ sudo yum install cockpit cockpit-ovirt-dashboard -yKei te Whakahohe i te Cockpit:
$ sudo systemctl enable --now cockpit.socketTatūnga pātūahi:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanentInaianei ka taea e koe te hono atu ki te kaihautu: https://[Host IP or FQDN]:9090
VLAN
Me panui koe mo nga whatunga i roto . He maha nga mea ka taea, i konei ka whakaahuahia e matou te hono hononga mariko.
Hei hono atu i etahi atu kupenga-roto, me whakaahua tuatahi i roto i te whirihoranga: Whatunga -> Whatunga -> Hou, i konei ko te ingoa anake he mara e hiahiatia ana; Ko te pouakataki Whatunga VM, e taea ai e nga miihini te whakamahi i tenei whatunga, kua whakahohea, engari ki te hono i te tohu me whakahohea Whakahohehia te tohu VLAN, tomo te tau VLAN ka paato OK.
Inaianei me haere koe ki te Compute hosts -> Hosts -> kvmNN -> Network Interfaces -> Setup Host Networks. Toia te whatunga taapiri mai i te taha matau o nga Whatunga Ararau Kore i Tautapa ki te taha maui ki nga Whatunga Ararau Kua Tautapahia:
raihi. 4 - i mua i te taapiri i te whatunga.
raihi. 5 - i muri i te taapiri i te whatunga.
Hei hono i nga whatunga maha ki tetahi kaihautu i te nuinga, he pai ki te tautapa i tetahi tapanga ki a raatau i te wa e hanga ana i nga whatunga, me te taapiri i nga whatunga ma nga tapanga.
I muri i te hanganga o te whatunga, ka haere nga kaihautu ki te ahua Non Operational tae noa ki te taapiri i te whatunga ki nga pona katoa o te roopu. Ko tenei whanonga na te haki Tiaki Katoa i runga i te ripa Cluster i te wa e hanga ana he whatunga hou. Mena kaore e hiahiatia te whatunga ki nga pona katoa o te tautau, ka taea te whakakore i tenei haki, na ka honoa te whatunga ki tetahi kaihautu, kei te taha matau ki te waahanga Kore e hiahiatia ana ka taea e koe te whiriwhiri mena ka hono atu. ki tetahi kaihautu motuhake.
raihi. 6—whiria he huanga whakaritenga whatunga.
HPE motuhake
Tata ki nga kaihanga katoa he taputapu hei whakapai ake i te whakamahinga o a raatau hua. Ma te whakamahi i te HPE hei tauira, AMS (Agentless Management Service, amsd for iLO5, hp-ams for iLO4) me SSA (Smart Storage Administrator, mahi tahi me te kaiwhakahaere kōpae), me etahi atu.
Te hono i te putunga HPE
Ka kawemai matou i te taviri me te hono i nga putunga HPE:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repote ihirangi e whai ake nei:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcpTirohia nga ihirangi putunga me nga korero mokihi (hei tohutoro):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsdTāuta me te whakarewatanga:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsdHe tauira o te whaipainga mo te mahi tahi me te kaiwhakahaere kōpae
Heoi ano mo naianei. I roto i nga tuhinga e whai ake nei ka whakamahere ahau ki te korero mo etahi mahi me nga tono. Hei tauira, me pehea te hanga VDI ki oVirt.
Source: will.com