M'nkhaniyi tiwona zosintha zingapo zomwe mungasankhe koma zothandiza:
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
Nkhaniyi ndikupitilira, onani oVirt mu maola awiri poyambira и .
nkhani
- Zokonda zowonjezera - Tili pano
Zokonda zowonjezera zowonjezera
Kuti zitheke, tidzakhazikitsa ma phukusi owonjezera:
$ sudo yum install bash-completion vimKuti athe kumaliza lamulo, bash-kumaliza kumafuna kusintha kwa bash.
Powonjezera mayina a DNS
Izi zidzafunika mukafuna kulumikizana ndi manejala pogwiritsa ntchito dzina lina (CNAME, alias, kapena dzina lalifupi lopanda suffix ya domain). Pazifukwa zachitetezo, manejala amalola kulumikizana kokha pogwiritsa ntchito mndandanda wololedwa wa mayina.
Pangani fayilo yosinthira:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.confzotsatirazi:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"ndikuyambitsanso manejala:
$ sudo systemctl restart ovirt-engineKukhazikitsa kutsimikizika kudzera pa AD
oVirt ili ndi malo ogwiritsira ntchito, koma operekera LDAP akunja amathandizidwanso, kuphatikizapo. A.D.
Njira yosavuta yosinthira wamba ndikuyambitsa wizard ndikuyambitsanso manejala:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engineChitsanzo cha ntchito ya mbuye
$ sudo ovirt-injini-yowonjezera-aaa-ldap-kukhazikitsa
Kukhazikitsa kwa LDAP komwe kulipo:
...
3 - Active Directory
...
Chonde sankhani: 3
Chonde lowetsani dzina la Active Directory Forest: chitsanzo.com
Chonde sankhani protocol yoti mugwiritse ntchito (startTLS, ldaps, plain) [yambitsaniTLS]:
Chonde sankhani njira yopezera satifiketi ya CA ya PEM (Fayilo, URL, Inline, System, Insecure): ulalo
ulalo:
Lowetsani wosuta wa DN (mwachitsanzo uid=username,dc=example,dc=com kapena siyani opanda kanthu kwa osadziwika): CN=oVirt-Engine,CN=Ogwiritsa,DC=chitsanzo,DC=com
Lowetsani mawu achinsinsi osaka: *password*
[ INFO ] Kuyesa kumanga pogwiritsa ntchito 'CN=oVirt-Engine,CN=Users,DC=example,DC=com'
Kodi mugwiritsa ntchito Kusainira Kumodzi Pamakina Owona (Inde, Ayi) [Inde]:
Chonde tchulani dzina lambiri lomwe liziwoneka kwa ogwiritsa ntchito [chitsanzo.com]:
Chonde perekani zidziwitso kuti muyese mayendedwe olowera:
Lowetsani dzina lanu: enaAnyUser
Lowetsani mawu achinsinsi:
...
[INFO] Njira zolowera zachitika bwino
...
Sankhani mayeso kuti muyese (Ndamaliza, Chotsani, Lowani, Sakani) [Zatheka]:
[INFO] Gawo: Kukhazikitsa kochitika
...
KUSINTHA KWAMBIRI
...
Kugwiritsa ntchito wizard ndikoyenera nthawi zambiri. Kwa masinthidwe ovuta, makonda amachitidwa pamanja. Zambiri muzolemba za oVirt, . Pambuyo polumikiza bwino Injini ku AD, mbiri yowonjezera idzawonekera pawindo lolumikizira, ndi pa tabu Zilolezo Zinthu zamakina zimatha kupereka zilolezo kwa ogwiritsa ntchito AD ndi magulu. Zindikirani kuti bukhu lakunja la ogwiritsa ntchito ndi magulu silingakhale AD, komanso IPA, eDirectory, etc.
Zowonjezera
Mu malo opangira zinthu, makina osungira zinthu ayenera kulumikizidwa ku host kudzera m'njira zingapo zodziyimira pawokha za I/O. Kawirikawiri, mu CentOS (ndipo motero oVirt'e) palibe mavuto osonkhanitsira njira zingapo ku chipangizochi (find_multipaths inde). Zokonda zina za FCoE zafotokozedwa mu Ndikoyenera kulabadira malangizo a wopanga makina osungiramo zinthu—ambiri amalimbikitsa kugwiritsa ntchito mfundo yozungulira, pomwe Enterprise imagwiritsa ntchito mfundo yokhazikika. Linux Nthawi yogwira ntchito 7 imagwiritsidwa ntchito.
Kugwiritsa ntchito 3PAR monga chitsanzo
ndi document EL idapangidwa ngati Host yokhala ndi Generic-ALUA Persona 2, yomwe mfundo zotsatirazi zimalowetsedwa muzokonda /etc/multipath.conf:
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}Pambuyo pake lamulo loti muyambitsenso limaperekedwa:
systemctl restart multipathd
Mpunga. 1 ndiye ndondomeko yosasinthika ya ma I/O angapo.
Mpunga. 2 - ndondomeko zambiri za I / O mutatha kugwiritsa ntchito makonda.
Kukhazikitsa kasamalidwe ka mphamvu
Imakulolani kuti muchite, mwachitsanzo, kukonzanso makina a hardware ngati Injini singathe kulandira yankho kuchokera kwa Host kwa nthawi yayitali. Kukhazikitsidwa kudzera mwa Fence Agent.
Kuwerengera -> Makamu -> HOST - Sinthani -> Kuwongolera Mphamvu, kenako yambitsani "Yambitsani Kuwongolera Mphamvu" ndikuwonjezera wothandizira - "Add Fence Agent" -> +.
Timasonyeza mtundu (mwachitsanzo, kwa iLO5 muyenera kufotokozera ilo4), dzina / adilesi ya mawonekedwe a ipmi, komanso dzina lachinsinsi / mawu achinsinsi. Ndikofunikira kuti mupange wogwiritsa ntchito wina (mwachitsanzo, oVirt-PM) ndipo, pankhani ya ILO, mumupatse mwayi:
- Lowani muakaunti
- Remote Console
- Virtual Power ndikukhazikitsanso
- Virtual Media
- Konzani Zokonda za ILO
- Kuwongolera Akaunti Yogwiritsa Ntchito
Osafunsa chifukwa chake zili choncho, zidasankhidwa mwachidwi. Wothandizira mpanda wa console amafuna maufulu ochepa.
Mukakhazikitsa mndandanda wowongolera mwayi, muyenera kukumbukira kuti wothandizila sathamanga pa injini, koma pa "oyandikana nawo" wolandira (wotchedwa Power Management Proxy), mwachitsanzo, ngati pali node imodzi yokha m'gulu, kasamalidwe ka mphamvu kagwira ntchito sadzatero.
Kupanga SSL
Malangizo athunthu - mu , Zowonjezera D: oVirt ndi SSL - Kusintha Sitifiketi ya oVirt Engine SSL/TLS.
Satifiketi ikhoza kukhala yochokera ku kampani yathu ya CA kapena kuchokera kwa satifiketi yakunja yamalonda.
Chidziwitso chofunikira: Satifiketiyo idapangidwa kuti ilumikizidwe ndi manejala ndipo sichingakhudze kulumikizana pakati pa Injini ndi ma node - adzagwiritsa ntchito ziphaso zodzilembera zokha zoperekedwa ndi Injini.
Zofunikira:
- satifiketi yopereka CA mu mtundu wa PEM, ndi unyolo wonse mpaka muzu CA (kuchokera kwa woperekayo wopereka CA koyambirira mpaka muzu kumapeto);
- satifiketi ya Apache yoperekedwa ndi CA yopereka (yophatikizidwanso ndi satifiketi yonse ya CA);
- kiyi yachinsinsi ya Apache, yopanda mawu achinsinsi.
Tiyerekeze kuti CA yathu yopereka ikugwira ntchito CentOS, imatchedwa subca.example.com, ndipo zopempha, makiyi ndi ziphaso zili mu /etc/pki/tls/ directory.
Timapanga zosunga zobwezeretsera ndikupanga chikwatu chakanthawi:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certsTsitsani satifiketi, chitani kuchokera kumalo anu ogwirira ntchito kapena kusamutsa m'njira ina yabwino:
[myuser@mydesktop] $ scp -3 causer@subca.example.com:/etc/pki/tls/cachain.pem mgmt@ovirt.example.com:/opt/certs
[myuser@mydesktop] $ scp -3 causer@subca.example.com:/etc/pki/tls/private/ovirt.key mgmt@ovirt.example.com:/opt/certs
[myuser@mydesktop] $ scp -3 causer@subca.example.com/etc/pki/tls/certs/ovirt.crt mgmt@ovirt.example.com:/opt/certsZotsatira zake, muyenera kuwona mafayilo onse atatu:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.keyKuyika masatifiketi
Koperani mafayilo ndikusintha mndandanda wa trust:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.serviceOnjezani / sinthani mafayilo osinthira:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.confENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.confSSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cerKenako, yambitsaninso ntchito zonse zomwe zakhudzidwa:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.serviceOkonzeka! Yakwana nthawi yolumikizana ndi manejala ndikuwonetsetsa kuti kulumikizana kwatetezedwa ndi satifiketi ya SSL yosainidwa.
Kusungidwa
Tikanakhala kuti popanda iye? Mu gawoli tikambirana za kusunga ma manejala; VM archive ndi nkhani ina. Tidzapanga makope osungidwa kamodzi patsiku ndikusunga kudzera pa NFS, mwachitsanzo, padongosolo lomwelo pomwe tidayika zithunzi za ISO - mynfs1.example.com:/exports/ovirt-backup. Sitikulimbikitsidwa kusunga zolemba pamakina omwewo pomwe Injini ikugwira ntchito.
Ikani ndi kuyatsa ma autofs:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofsTiyeni tipange script:
$ sudo vim /etc/cron.daily/make.oVirt.backup.shzotsatirazi:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;Kupanga fayilo kuti ikwaniritsidwe:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.shTsopano usiku uliwonse timalandira zosungidwa zakale zamakina oyang'anira.
Host kasamalidwe mawonekedwe
- mawonekedwe amakono oyang'anira Linux machitidwe. Pankhaniyi, imagwira ntchito yofanana ndi mawonekedwe a intaneti a ESXi.
Mpunga. 3 - mawonekedwe a gulu.
Kuyika ndikosavuta, muyenera phukusi la cockpit ndi pulogalamu yowonjezera ya cockpit-ovirt-dashboard:
$ sudo yum install cockpit cockpit-ovirt-dashboard -yKuthandizira Cockpit:
$ sudo systemctl enable --now cockpit.socketKupanga ma firewall:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanentTsopano mutha kulumikizana ndi wolandila: https://[Host IP kapena FQDN]:9090
Ma VLANs
Muyenera kuwerenga zambiri za ma network mu . Pali zotheka zambiri, apa tifotokoza kulumikiza maukonde pafupifupi.
Kuti mulumikizane ndi ma subnets ena, amayenera kufotokozedwa koyamba pakusintha: Network -> Networks -> Chatsopano, apa dzina lokha ndilo gawo lofunikira; Bokosi loyang'ana la VM Network, lomwe limalola makina kugwiritsa ntchito netiweki iyi, layatsidwa, koma kulumikiza chizindikirocho kuyenera kuyatsidwa. Yambitsani ma tagging a VLAN, lowetsani nambala ya VLAN ndikudina Chabwino.
Tsopano muyenera kupita ku Compute host -> Hosts -> kvmNN -> Network Interfaces -> Setup Host Networks. Kokani netiweki yowonjezeredwa kuchokera kumanja kwa Unassigned Logical Networks kupita kumanzere kupita ku Assigned Logical Networks:
Mpunga. 4 - musanawonjezere maukonde.
Mpunga. 5 - mutatha kuwonjezera maukonde.
Kuti mulumikize ma netiweki angapo kwa wolandira mochulukira, ndikwabwino kuwapatsa zilembo popanga ma netiweki, ndikuwonjezera maukonde ndi zilembo.
Netiweki ikapangidwa, makamuwo amapita ku Non Operational state mpaka ma netiweki awonjezedwe ku node zonse mgululi. Khalidweli limayambitsidwa ndi Chifuniro Chonse mbendera pa Cluster tabu popanga netiweki yatsopano. Ngati maukonde sakufunika pamagulu onse a gululo, mbendera iyi ikhoza kuyimitsidwa, ndiye kuti netiwekiyo ikawonjezedwa kwa wolandila, idzakhala kumanja mu gawo la Non Required ndipo mutha kusankha ngati mungalumikizane. kwa wolandira wina.
Mpunga. 6 - sankhani zofunikira pa netiweki.
HPE yeniyeni
Pafupifupi opanga onse ali ndi zida zomwe zimakulitsa kugwiritsidwa ntchito kwa zinthu zawo. Pogwiritsa ntchito HPE monga chitsanzo, AMS (Agentless Management Service, amsd for iLO5, hp-ams for iLO4) ndi SSA (Smart Storage Administrator, kugwira ntchito ndi disk controller), ndi zina zotero.
Kulumikiza chosungira cha HPE
Timalowetsa kiyi ndikulumikiza nkhokwe za HPE:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repozotsatirazi:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcpOnani zomwe zili m'nkhokwe ndi zambiri za phukusi (kuti mufufuze):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsdKuyika ndi kukhazikitsa:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsdChitsanzo cha ntchito yogwiritsira ntchito disk controller
Ndizo zonse pakadali pano. M'nkhani zotsatirazi ndikukonzekera kulankhula za ntchito zina zofunika ndi ntchito. Mwachitsanzo, momwe mungapangire VDI mu oVirt.
Source: www.habr.com
