Matsenga a virtualization: maphunziro oyambira mu Proxmox VE

Lero tikambirana momwe tingatumizire mwachangu komanso mosavuta ma seva angapo okhala ndi machitidwe osiyanasiyana pa seva imodzi. Izi zidzalola woyang'anira dongosolo aliyense kuyang'anira gawo lonse la IT ya kampaniyo ndikusunga zinthu zambiri. Kugwiritsiridwa ntchito kwa virtualization kumathandizira kuchotsa momwe zingathere kuchokera ku hardware ya seva yakuthupi, kuteteza mautumiki ovuta ndikubwezeretsa mosavuta ntchito yawo ngakhale zitalephera kwambiri.

Mosakayikira, olamulira ambiri amadziŵa bwino njira zogwirira ntchito ndi malo enieni ndipo kwa iwo nkhaniyi sikhala yotulukira. Ngakhale zili choncho, pali makampani omwe sagwiritsa ntchito mwayi wosinthika komanso kuthamanga kwa mayankho omwe ali nawo chifukwa chosowa chidziwitso cholondola chokhudza iwo. Tikukhulupirira kuti nkhani yathu ikuthandizani kumvetsetsa mwa chitsanzo kuti ndikosavuta kuyamba kugwiritsa ntchito virtualization kamodzi kuposa kukumana ndi zovuta ndi zofooka za zomangamanga.

Mwamwayi, ndizosavuta kuyesa momwe virtualization imagwirira ntchito. Tidzawonetsa momwe tingapangire seva mu malo enieni, mwachitsanzo, kusamutsa dongosolo la CRM lomwe likugwiritsidwa ntchito pakampani. Pafupifupi seva iliyonse yakuthupi imatha kusinthidwa kukhala yeniyeni, koma choyamba muyenera kudziwa njira zoyambira zogwirira ntchito. Izi zidzakambidwa pansipa.

Zimagwira ntchito bwanji

Pankhani ya virtualization, akatswiri ambiri a novice amavutika kuti amvetsetse mawuwa, kotero tiyeni tifotokoze mfundo zingapo zofunika:

• Hypervisor - mapulogalamu apadera omwe amakulolani kupanga ndi kuyang'anira makina enieni;
• Makina a Virtual (pambuyo pake amatchedwa VM) ndi dongosolo lomwe ndi seva yomveka mkati mwa thupi lomwe lili ndi mawonekedwe ake, ma drive ndi machitidwe ake;
• Virtualization Host - seva yakuthupi yokhala ndi hypervisor yomwe ikuyenda pamenepo.

Kuti seva igwire ntchito ngati woyang'anira wokhazikika, purosesa yake iyenera kuthandizira imodzi mwamaukadaulo awiri - Intel® VT kapena AMD-V™. Matekinoloje onsewa amagwira ntchito yofunika kwambiri yopereka zida zama seva kumakina enieni.

Chofunikira ndichakuti zochita zilizonse zamakina owoneka bwino zimachitidwa mwachindunji pamlingo wa hardware. Panthawi imodzimodziyo, amakhala otalikirana, zomwe zimapangitsa kuti zikhale zosavuta kuzilamulira mosiyana. The hypervisor palokha amatenga udindo woyang'anira, kugawa chuma, maudindo ndi zofunika kwambiri pakati pawo. Hypervisor imatsanziranso gawo la hardware lomwe liri lofunikira pakugwira ntchito moyenera kwa makina ogwiritsira ntchito.

Kuyambitsa kwa virtualization kumapangitsa kukhala ndi makope angapo othamanga a seva imodzi. Kulephera kwakukulu kapena zolakwika panthawi yosintha kope lotere sizingakhudze momwe ntchito kapena ntchito yomwe ikugwiritsidwira ntchito panopa. Izi zimathetsanso mavuto awiri akuluakulu - kukulitsa ndi kukwanitsa kusunga "zoo" ya machitidwe osiyanasiyana ogwiritsira ntchito pa hardware yomweyo. Uwu ndi mwayi wabwino kuphatikiza mautumiki osiyanasiyana popanda kufunikira kogula zida zapadera za aliyense wa iwo.

Virtualization imathandizira kulolerana kwazinthu ndi ntchito zomwe zatumizidwa. Ngakhale seva yakuthupi ikalephera ndipo ikufunika kusinthidwa ndi ina, zida zonse zokhazikika zidzagwirabe ntchito mokwanira, pokhapokha ngati ma disk media atha. Pankhaniyi, seva yakuthupi ikhoza kukhala yochokera kwa wopanga wosiyana kotheratu. Izi ndizowona makamaka kwa makampani omwe amagwiritsa ntchito ma seva omwe adasiyidwa ndipo ayenera kusamukira kumitundu ina.

Tsopano tikulemba ma hypervisors otchuka kwambiri omwe alipo lero:

• VMware ESXi
• Microsoft Hyper V
• Tsegulani Virtualization Alliance KVM
• Oracle VM VirtualBox

Zonsezi ndi zapadziko lonse lapansi, komabe, aliyense wa iwo ali ndi zinthu zina zomwe ziyenera kuganiziridwa nthawi zonse posankha: mtengo wa kutumizira / kukonza ndi mawonekedwe aukadaulo. Mtengo wa zilolezo zamalonda za VMware ndi Hyper-V ndizokwera kwambiri, ndipo zikalephera, ndizovuta kwambiri kuthana ndi vutoli nokha.

KVM, kumbali ina, ndi yaulere kwathunthu komanso yosavuta kugwiritsa ntchito, makamaka ngati gawo la yankho lopangidwa ndi Debian Linux lotchedwa Proxmox Virtual Environment. Titha kupangira dongosolo ili kuti tidziwe koyamba ndi dziko la zomangamanga.

Momwe mungatumizire mwachangu Proxmox VE hypervisor

Kuyika nthawi zambiri sikubweretsa mafunso. Tsitsani mtundu wamakono wa chithunzichi kuchokera kumalo ovomerezeka ndipo lembani ku media iliyonse yakunja pogwiritsa ntchito pulogalamuyo Win32DiskImager (mu Linux lamulo la dd likugwiritsidwa ntchito), pambuyo pake timayambitsa seva molunjika kuchokera ku izi. Makasitomala athu omwe amabwereka ma seva odzipatulira kuchokera kwa ife amatha kugwiritsa ntchito njira ziwiri zosavuta - kungoyika chithunzi chomwe mukufuna kuchokera pakompyuta ya KVM, kapena kugwiritsa ntchito. seva yathu ya PXE.

Woyikirayo ali ndi mawonekedwe azithunzi ndipo amangofunsa mafunso angapo.

1. Sankhani litayamba kumene unsembe adzachitidwa. Mu mutu Zosintha Mutha kutchulanso zosankha zina zolembera.

   

2. Tchulani zokonda zachigawo.

   

3. Tchulani mawu achinsinsi omwe adzagwiritsidwe ntchito kuvomereza muzu wamkulu ndi imelo adilesi ya woyang'anira.

   

4. Tchulani makonda a netiweki. FQDN imayimira dzina lachidziwitso chokwanira, mwachitsanzo. node01.yourcompany.com.

   

5. Kukhazikitsa kukatha, seva ikhoza kuyambiranso pogwiritsa ntchito batani la Reboot.

   
   
   Mawonekedwe a kasamalidwe ka intaneti apezeka pa

   https://IP_адрес_сервера:8006

Zoyenera kuchita mutakhazikitsa

Pali zinthu zingapo zofunika zomwe muyenera kuchita mukakhazikitsa Proxmox. Tiyeni tikambirane zambiri za aliyense wa iwo.

Sinthani dongosolo ku mtundu waposachedwa

Kuti tichite izi, tiyeni tipite ku console ya seva yathu ndikuyimitsa malo olipidwa (omwe akupezeka okhawo omwe agula chithandizo cholipira). Ngati simuchita izi, apt adzanena zolakwika posintha magwero a phukusi.

1. Tsegulani console ndikusintha fayilo yosinthika yoyenera:

   nano /etc/apt/sources.list.d/pve-enterprise.list

2. Padzakhala mzere umodzi wokha mufayiloyi. Timayika chizindikiro patsogolo pake #kuletsa kulandira zosintha kuchokera kumalo olipidwa:

   #deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise

3. Njira yachidule ya kiyibodi Ctrl + X tulukani mkonzi poyankha Y atafunsidwa ndi dongosolo za kusunga fayilo.
4. Timayendetsa lamulo losintha magwero a phukusi ndikusintha dongosolo:

   apt update && apt -y upgrade

Samalirani chitetezo

Tikhoza amalangiza khazikitsa wotchuka zofunikira Kusayera2Ban, yomwe imateteza motsutsana ndi mawu achinsinsi (brute force). Mfundo ya ntchito yake ndi yakuti ngati wowukira adutsa kuchuluka kwa zoyesera zolowera mkati mwa nthawi yodziwika ndi malowedwe / mawu achinsinsi olakwika, ndiye kuti adilesi yake ya IP idzatsekedwa. Nthawi yotsekereza ndi kuchuluka kwa zoyeserera zitha kufotokozedwa mufayilo yosinthira.

Kutengera ndi zomwe zidachitika, mkati mwa sabata ndikuyendetsa seva yokhala ndi ssh port 22 yotseguka komanso adilesi yakunja ya IPv4, panali zoyesa zopitilira 5000 zoyerekeza mawu achinsinsi. Ndipo ntchitoyo idatseka bwino ma adilesi pafupifupi 1500.

Kuti mumalize kuyika, nayi malangizo:

1. Tsegulani seva console kudzera pa intaneti kapena SSH.
2. Sinthani zoyambira phukusi:

   apt update

3. Ikani Fail2Ban:

   apt install fail2ban

4. Tsegulani zosinthira zothandiza kuti musinthe:

   nano /etc/fail2ban/jail.conf

5. Kusintha zosintha nthawi (chiwerengero cha masekondi omwe wowukirayo adzatsekeredwa) ndi maxretry (nambala yoyesera kulowa / achinsinsi) pa ntchito iliyonse payekha.
6. Njira yachidule ya kiyibodi Ctrl + X tulukani mkonzi poyankha Y atafunsidwa ndi dongosolo za kusunga fayilo.
7. Yambitsaninso ntchito:

   systemctl restart fail2ban

Mutha kuyang'ana momwe ntchitoyi ikuyendera, mwachitsanzo, chotsani ziwerengero zotsekereza za ma adilesi otsekedwa a IP omwe amayesa kukakamiza mawu achinsinsi a SSH, ndi lamulo limodzi losavuta:

fail2ban-client -v status sshd

Mayankho a utility adzawoneka motere:

root@hypervisor:~# fail2ban-client -v status sshd
INFO   Loading configs for fail2ban under /etc/fail2ban
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
Status for the jail: sshd
|- Filter
|  |- Currently failed: 3
|  |- Total failed:     4249
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     410
   `- Banned IP list:

Momwemonso, mutha kuteteza mawonekedwe a Webusayiti kuzinthu zotere popanga lamulo loyenera. Chitsanzo cha lamulo lotere la Fail2Ban likupezeka mu buku lovomerezeka.

Kuyamba

Ndikufuna kukuwonetsani kuti Proxmox ndi wokonzeka kupanga makina atsopano atangomaliza kukhazikitsa. Komabe, tikukulimbikitsani kuti mutsirize zoikamo zoyambira kuti dongosololi lizitha kuyang'aniridwa mosavuta m'tsogolomu. Zoyeserera zikuwonetsa kuti makina a hypervisor ndi makina owoneka bwino amayenera kugawidwa pama media osiyanasiyana. Momwe mungachitire izi tikambirana pansipa.

Konzani ma drive a disk

Chotsatira ndikukonza zosungira zomwe zingagwiritsidwe ntchito kusunga deta yamakina ndi zosunga zobwezeretsera.

CHENJERANI! Chitsanzo cha masanjidwe a disk chomwe chili pansipa chingagwiritsidwe ntchito kuyesa kokha. Kuti mugwiritse ntchito zenizeni padziko lapansi, timalimbikitsa kugwiritsa ntchito pulogalamu ya pulogalamu kapena hardware RAID kuti mupewe kutayika kwa data pomwe ma drive akulephera. Tikuwuzani momwe mungakonzekerere bwino diski kuti igwire ntchito ndi zomwe mungachite pakagwa mwadzidzidzi m'modzi mwankhani zotsatirazi.

Tiyerekeze kuti seva yakuthupi ili ndi ma disks awiri - / dev / sda, pomwe hypervisor imayikidwa ndi disk yopanda kanthu / dev / sdb, yomwe ikukonzekera kugwiritsidwa ntchito kusunga deta ya makina enieni. Kuti dongosolo liwone kusungirako kwatsopano, mungagwiritse ntchito njira yosavuta komanso yothandiza kwambiri - gwirizanitsani ngati chikwatu chokhazikika. Koma izi zisanachitike, muyenera kuchita zina zokonzekera. Mwachitsanzo, tiyeni tiwone momwe tingagwirizanitse galimoto yatsopano / dev / sdb, kukula kulikonse, kuyipanga kukhala fayilo yamafayilo ext4.

1. Timagawa diski, ndikupanga magawo atsopano:

   fdisk /dev/sdb

2. Dinani batani o kapena g (kugawa disk mu MBR kapena GPT).
3. Kenako, dinani kiyi n (pangani gawo latsopano).
4. Ndipo pamapeto pake w (kusunga zosintha).
5. Pangani fayilo ya ext4:

   mkfs.ext4 /dev/sdb1

6. Pangani chikwatu komwe tidzayika magawo:

   mkdir /mnt/storage

7. Tsegulani fayilo yosinthira kuti musinthe:

   nano /etc/fstab

8. Onjezani mzere watsopano pamenepo:

   /dev/sdb1	/mnt/storage	ext4	defaults	0	0

9. Mukasintha, zisungeni ndi njira yachidule ya kiyibodi Ctrl + X, poyankha Y ku funso la mkonzi.
10. Kuti muwone ngati zonse zikuyenda, timatumiza seva kuti iyambitsenso:

    shutdown -r now

11. Pambuyo poyambitsanso, yang'anani magawo omwe adayikidwa:

    df -H

Zotsatira za lamulo ziyenera kusonyeza izo / dev / sdb1 zokwezedwa mu directory /mnt/storage. Izi zikutanthauza kuti galimoto yathu ndi yokonzeka kugwiritsidwa ntchito.

Onjezani malo atsopano ku Proxmox

Lowani ku gulu lowongolera ndikupita ku magawo Data center ➝ zapamwamba ➝ kuwonjezera ➝ Directory.

Pawindo lomwe likutsegulidwa, lembani magawo otsatirawa:

• ID - dzina la malo osungirako mtsogolo;
• Directory - /mnt/storage;
• Zokhutira - sankhani zosankha zonse (kudina panjira iliyonse motsatana).

  

Pambuyo pake, dinani batani kuwonjezera. Izi zimamaliza kukhazikitsa.

Pangani makina enieni

Kuti mupange makina enieni, chitani zotsatirazi:

1. Timasankha za mtundu wa opaleshoni.
2. Tsitsani chithunzi cha ISO pasadakhale.
3. Sankhani kuchokera pa menyu zapamwamba nkhokwe yopangidwa kumene.
4. Dinani apa Zokhutira ➝ Download.
5. Sankhani chithunzi cha ISO kuchokera pamndandanda ndikutsimikizira zomwe mwasankha podina batani Download.

Opaleshoniyo ikamalizidwa, chithunzicho chidzawonetsedwa pamndandanda wazomwe zilipo.

Tiyeni tipange makina athu oyamba:

1. Dinani apa Pangani VM.
2. Lembani magawo amodzi ndi amodzi: dzina ➝ Chithunzi cha ISO ➝ Kukula kwa hard drive ndi mtundu ➝ Chiwerengero cha mapurosesa ➝ Kukula kwa RAM ➝ Adapter yamagetsi.
3. Mukasankha magawo onse omwe mukufuna, dinani Kuti mumalize. Makina opangidwa adzawonetsedwa mumenyu yowongolera.
4. Sankhani izo ndi kumadula Yambitsani.
5. Pitani ku mfundo Kutonthoza ndikuyika makina ogwiritsira ntchito chimodzimodzi monga pa seva yokhazikika.

Ngati mukufuna kupanga makina ena, bwerezani zomwe zili pamwambapa. Onse akakonzeka, mutha kugwira nawo ntchito nthawi imodzi potsegula mawindo angapo a console.

Kupanga autorun

Mwachikhazikitso, Proxmox simangoyambitsa makina, koma izi zimathetsedwa mosavuta ndikungodina kawiri:

1. Dinani pa dzina la makina omwe mukufuna.
2. Sankhani tabu Zosankha ➝ Yambani pa boot.
3. Timayika chizindikiro pafupi ndi kulembedwa kwa dzina lomwelo.

Tsopano, ngati seva yakuthupi iyambiranso, VM idzayamba yokha.

Kwa olamulira apamwamba, palinso mwayi wofotokozera zina zowonjezera zowonjezera mu gawoli Kukhazikitsa / Kuyimitsa. Mutha kufotokoza momveka bwino momwe makinawo ayenera kuyambitsidwira. Mukhozanso kufotokoza nthawi yomwe iyenera kudutsa VM yotsatira isanayambe ndi nthawi yochedwa yotsekera (ngati makina opangira opaleshoni alibe nthawi yotseka, hypervisor idzaukakamiza kutseka pambuyo pa masekondi angapo).

Pomaliza

Nkhaniyi yafotokoza zoyambira za momwe mungayambitsire Proxmox VE ndipo tikukhulupirira kuti izi zithandiza ongoyamba kumene kuchitapo kanthu ndikuyesa kuchitapo kanthu.

Proxmox VE ndi chida champhamvu kwambiri komanso chothandiza kwa woyang'anira dongosolo lililonse; Chinthu chachikulu sikuti muope kuyesa ndikumvetsetsa momwe zimagwirira ntchito.

Ngati muli ndi mafunso, olandiridwa ku ndemanga.

Source: www.habr.com