I totonu o lenei tusiga o le a tatou vaʻavaʻai i le tele o faʻatonuga ae aoga:
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
O lenei tusiga o se faʻaauau, vaʻai oVirt i le 2 itula mo le amataga и .
Mataupu Faavae
- Fa'aopoopo fa'aopoopo - Ua matou i ai iinei
Fa'aopoopo fa'atonu pule
Mo le faʻafaigofie, matou te faʻapipiʻi isi afifi:
$ sudo yum install bash-completion vimIna ia mafai ona faʻamaeʻaina le faʻatonuga, o le bash-completion e manaʻomia ai le sui i le bash.
Fa'aopoopo igoa DNS fa'aopoopo
E mana'omia lenei mea pe a mana'omia ona e fa'afeso'ota'i i le pule e fa'aaoga ai se isi igoa (CNAME, alias, pe na'o se igoa pu'upu'u e aunoa ma se suffix domain). Mo mafuaaga saogalemu, e faʻatagaina e le pule fesoʻotaʻiga naʻo le faʻaaogaina o le lisi faʻatagaina o igoa.
Fausia se faila faatulagaina:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.confmea nei:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"ma toe amata le pule:
$ sudo systemctl restart ovirt-engineFa'atulaga le fa'amaoni e ala i le AD
oVirt o lo'o iai lona fa'aoga fa'aoga, ae o lo'o lagolagoina fo'i le LDAP i fafo, e aofia ai. A.D.
O le auala sili ona faigofie mo se faʻatulagaga masani o le faʻalauiloaina o le wizard ma toe amata le pule:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engineO se faʻataʻitaʻiga o galuega a le matai
$ sudo ovirt-engine-extension-aaa-ldap-setup
Fa'atino LDAP avanoa:
...
3 - Active Directory
...
Fa'amolemole filifili: 3
Fa'amolemole tu'u le igoa Active Directory Forest: example.com
Fa'amolemole filifili le fa'atonuga e fa'aoga (startTLS, ldaps, fa'aoga manino) [startTLS]:
Fa'amolemole filifili le auala e maua ai le fa'ailoga CA fa'ailoga PEM (File, URL, Inline, System, Insecure): URL
URL:
Ulufale i totonu ole su'esu'ega DN (mo se fa'ata'ita'iga uid=username,dc=example,dc=com pe tu'u avanoa mo le le ta'ua): CN=oVirt-Engine,CN=Users,DC=fa'ata'ita'iga,DC=com
Ulufale su'esu'e fa'aoga upu fa'aoga: *numera e le iloa e sesi*
[ INFO ] Taumafai e fusifusia e fa'aaoga ai le 'CN=oVirt-Engine,CN=Users,DC=example,DC=com'
O le a e fa'aogaina le Fa'ailoga Ta'atasi mo Masini Va'aiga (Ioe, Leai) [Ioe]:
Fa'amolemole fa'ailoa mai le igoa fa'amatalaga o le a iloa e tagata fa'aoga [example.com]:
Fa'amolemole tu'u mai fa'amatalaga e su'e ai le fa'agasolo o le saini:
Ulufale i le igoa ole tagata fa'aoga: someAnyUser
Ulufale upu fa'aoga:
...
[INFO] Ua manuia le fa'asologa o le saini
...
Filifili le fa'asologa o su'ega e fa'atino (Faia, Fa'ato'a, Ulufale, Su'e) [Ua uma]:
[INFO] Laasaga: Fa'atonuga o fefa'atauaiga
...
FA'ATA'IGA A'OTI
...
O le fa'aogaina o le wizard e talafeagai mo le tele o tulaga. Mo fa'atonuga lavelave, o fa'atulagaga e fa'atino ma le lima. Fa'amatalaga atili ile oVirt pepa, . A maeʻa ona faʻafesoʻotaʻi lelei le Inisinia i le AD, o le a faʻaalia se faʻamatalaga faaopoopo i le faamalama fesoʻotaʻiga, ma luga o le faʻamau Faʻatagaga O mea faʻaoga e iai le malosi e tuʻuina atu ai faʻatagaga i tagata faʻaoga AD ma vaega. E tatau ona maitauina o le lisi i fafo o tagata faʻaoga ma vaega e mafai ona le gata i le AD, ae faʻapea foi IPA, eDirectory, ma isi.
Faʻateleina
I totonu o se siosiomaga gaosiga, e tatau ona faʻafesoʻotaʻi le polokalama faʻapipiʻi i le talimalo e ala i le tele o auala tutoʻatasi, tele I / O auala. I le avea ai o se tulafono, i CentOS (ma o le mea lea oVirt) e leai ni faʻafitauli i le faʻapipiʻiina o le tele o auala i se masini (find_multipaths ioe). O fa'aopoopo fa'aopoopo mo FCoE o lo'o tusia i totonu . E taua le faʻalogo i le fautuaga a le kamupani gaosi mea e teu ai - e toʻatele e fautuaina le faʻaaogaina o le round-robin policy, ae o le faaletonu i le Enterprise Linux 7 auaunaga-taimi e faʻaaogaina.
Faʻaaogaina le 3PAR e fai ma faʻataʻitaʻiga
ma pepa EL ua faia o se Host ma Generic-ALUA Persona 2, lea o loʻo tuʻuina atu ai tulaga taua nei i totonu /etc/multipath.conf:
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}A maeʻa ona tuʻuina atu le poloaiga e toe amata:
systemctl restart multipathd
Alaisa. 1 ole faiga fa'avae I/O e tele.
Alaisa. 2 - tele I/O faiga fa'avae pe'ā uma ona fa'aoga tulaga.
Fa'atulagaina pulega o le paoa
Fa'ataga oe e fa'atino, mo se fa'ata'ita'iga, se toe setiina o meafaigaluega a le masini pe a le mafai e le Inisinia ona maua se tali mai le Host mo se taimi umi. Fa'atinoina e ala ile Fence Agent.
Compute -> Hosts -> AIGA - Faʻasaʻo -> Pulea Malosiaga, ona faʻatagaina lea o le "Enable Power Management" ma faʻaopoopo se sui - "Add Fence Agent" -> +.
Matou te faʻaalia le ituaiga (mo se faʻataʻitaʻiga, mo le iLO5 e te manaʻomia e faʻamaonia ilo4), le igoa / tuatusi o le ipmi interface, faʻapea foʻi ma le igoa faʻaoga / password. E fautuaina le faia o se tagata faʻaoga ese (mo se faʻataʻitaʻiga, oVirt-PM) ma, i le tulaga o le iLO, tuʻuina atu ia te ia avanoa:
- Saini i Totonu
- Console Mamao
- Malosiaga ma Toe Fa'atonu
- Fa'asalalauga Fa'amatalaga
- Fa'atulaga le iLO Seti
- Puleaina Fa'amatalaga Fa'aaogā
Aua le fesili pe aisea ua faapea ai, na filifilia faʻapitoa. E mana'omia e le sui o le pa fa'amafanafana le itiiti o aia tatau.
Pe a faʻatulagaina lisi faʻatonutonu avanoa, e tatau ona e manatua o le sooupu e le o tamoʻe i luga o le afi, ae i luga o se "tuaoi" talimalo (le mea e taʻua o le Power Management Proxy), o lona uiga, pe afai e na o le tasi le node i le fuifui, pule malosi o le a aoga e leai.
Fa'atulaga SSL
Fa'atonuga aloa'ia atoatoa - i , Fa'aopoopo D: oVirt ma SSL — Suia le oVirt Engine SSL/TLS Certificate.
O le tusipasi e mafai ona maua mai le matou kamupani CA po'o mai se pulega fa'atau pisinisi fafo.
Faʻamatalaga taua: O le tusi faamaonia e faʻamoemoe mo le faʻafesoʻotaʻi i le pule ma o le a le afaina ai le fesoʻotaʻiga i le va o le Inisinia ma nodes - o le a latou faʻaaogaina tusi pasi saini na tuʻuina atu e le Inisinia.
Manaoga:
- tusi faamaonia o le tuʻuina atu o CA i le PEM format, faʻatasi ai ma le filifili atoa e oʻo atu i le aʻa CA (mai le subordinate tuʻuina atu CA i le amataga i le aʻa i le faaiuga);
- se tusi faamaonia mo Apache na tuʻuina atu e le CA na tuʻuina atu (faʻaopoopoina e le faasologa atoa o tusi faamaonia CA);
- ki patino mo Apache, e aunoa ma se upu faataga.
Fa'apea la tatou tu'uina atu CA o lo'o fa'agaoioia CentOS, ta'ua o le subca.example.com, ma o talosaga, ki, ma tusipasi o lo'o i totonu o le /etc/pki/tls/ directory.
Matou te faia faʻamaumauga ma faia se lisi le tumau:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certsLa'u tusi pasi, fai mai lau fale faigaluega pe fa'afeiloa'i i se isi auala faigofie:
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certsO se taunuuga, e tatau ona e vaʻai uma faila e 3:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.keyFa'apipi'i tusi pasi
Kopi faila ma fa'afou lisi fa'alagolago:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.serviceFa'aopoopo/fa'afou faila fa'atulaga:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.confENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.confSSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cerSosoo ai, toe amata uma auaunaga ua aafia:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.serviceSauni! Ua oʻo i le taimi e faʻafesoʻotaʻi ai i le pule ma siaki le fesoʻotaʻiga e puipuia e se tusi faamaonia SSL sainia.
Fa'amaumauga
O fea tatou te iai pe a aunoa ma ia? I lenei vaega o le a tatou talanoa e uiga i le faʻamaumauga a le pule; VM archiving o se mataupu ese. O le a matou faia kopi faʻamaumauga faʻatasi i le aso ma teuina i latou e ala i le NFS, mo se faʻataʻitaʻiga, i luga o le faiga lava e tasi na matou tuʻuina ai ata ISO - mynfs1.example.com:/exports/ovirt-backup. E le fautuaina le teuina o faʻamaumauga i luga o le masini lava e tasi o loʻo taʻavale ai le Inisinia.
Fa'apipi'i ma fa'agaoioi autofs:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofsSei o tatou faia se tala:
$ sudo vim /etc/cron.daily/make.oVirt.backup.shmea nei:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;Fa'atonuina le faila:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.shO le taimi nei o po uma matou te maua ai se faʻamaumauga o faʻatonuga o le pule.
Fa'aoga pulega talimalo
- o se faʻaoga faʻaonaponei faʻatautaia mo faiga Linux. I lenei tulaga, e faia se matafaioi e tutusa ma le ESXi web interface.
Alaisa. 3 - foliga o le laulau.
E faigofie tele le faʻapipiʻiina, e te manaʻomia le pusa vaalele ma le cockpit-ovirt-dashboard plugin:
$ sudo yum install cockpit cockpit-ovirt-dashboard -yFa'agaoioi le Cockpit:
$ sudo systemctl enable --now cockpit.socketFa'atonuga puipui:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanentOle taimi nei e mafai ona e faʻafesoʻotaʻi ile talimalo: https://[Host IP or FQDN]:9090
VLAN
E tatau ona e faitau atili e uiga i fesoʻotaʻiga i totonu . E tele avanoa, o iinei o le a matou faʻamatalaina fesoʻotaʻiga fesoʻotaiga vavave.
Ina ia faʻafesoʻotaʻi isi subnets, e tatau ona faʻamatalaina muamua i le faʻatulagaga: Network -> Networks -> New, naʻo le igoa o se fanua manaʻomia; O le VM Network checkbox, lea e mafai ai e masini ona faʻaogaina lenei fesoʻotaʻiga, ua mafai, ae e faʻafesoʻotaʻi le pine e tatau ona mafai. Fa'amalo le fa'ailoga VLAN, ulufale i le numera VLAN ma kiliki le OK.
Ole taimi nei e tatau ona e alu ile Compute hosts -> Hosts -> kvmNN -> Network Interfaces -> Setup Host Networks. Toso le feso'otaiga fa'aopoopo mai le itu taumatau o Unassigned Logical Networks i le agavale i Assigned Logical Networks:
Alaisa. 4 - aʻo leʻi faʻaopoopoina se fesoʻotaʻiga.
Alaisa. 5 - pe a uma ona faʻaopoopoina se fesoʻotaʻiga.
Ina ia faʻafesoʻotaʻi le tele o fesoʻotaʻiga i se talimalo i le tele, e faigofie le tuʻuina atu o se igoa (s) ia i latou pe a fatuina fesoʻotaʻiga, ma faʻaopoopo fesoʻotaʻiga e ala i igoa.
A mae'a ona fa'atūina le feso'ota'iga, o le a alu le 'au i le tulaga Non Operational seia fa'aopoopo le feso'ota'iga i nodes uma i le fuifui. O lenei amio e mafua mai i le Require All flag i luga o le Cluster tab pe a fatuina se fesoʻotaʻiga fou. I le tulaga pe a le manaʻomia le fesoʻotaʻiga i nodes uma o le fuifui, e mafai ona faʻagata lenei fuʻa, ona faʻaopoopoina lea o le fesoʻotaʻiga i se talimalo, o le ai ai i le taumatau i le vaega e le manaʻomia ma e mafai ona e filifili pe faʻafesoʻotaʻi. i se talimalo faapitoa.
Alaisa. 6—filifili se uiga manaomia o fesootaiga.
HPE patino
Toeitiiti lava o tagata gaosi oloa uma e iai meafaigaluega e faʻaleleia ai le faʻaogaina oa latou oloa. O le fa'aaogaina o le HPE e fai ma fa'ata'ita'iga, AMS (Agentless Management Service, amsd mo iLO5, hp-ams mo iLO4) ma le SSA (Smart Storage Administrator, galue ma se fa'atonu tisiki), ma isi.
Feso'ota'i le fale teu oloa HPE
Matou te faʻaulufale mai le ki ma faʻafesoʻotaʻi fale teu oloa HPE:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repomea nei:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcpVa'ai mea o lo'o i totonu ma fa'amatalaga afifi (mo fa'amatalaga):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsdFa'apipi'i ma fa'alauiloa:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsdO se faʻataʻitaʻiga o se aoga mo le galue ma se faʻapipiʻi tisiki
Na'o le pau lena mo le taimi nei. I tala o loʻo mulimuli mai, ou te fuafua e talanoa e uiga i nisi o gaioiga faʻavae ma faʻaoga. Mo se faʻataʻitaʻiga, faʻafefea ona fai VDI i le oVirt.
puna: www.habr.com