🥇Mashiripiti ekuona: kosi yekusuma muProxmox VE

Nhasi tichataura nezve nzira yekukurumidza uye nyore kuendesa akati wandei mavhavhavha ane akasiyana masisitimu anoshanda pane imwe yemuviri server. Izvi zvinobvumira chero maneja wehurongwa kuti atore nechepakati iyo yese IT zvivakwa zvekambani uye kuchengetedza huwandu hukuru hwezviwanikwa. Iko kushandiswa kweiyo virtualization kunobatsira kubvisa zvakanyanya sezvinobvira kubva kune yemuviri server hardware, kuchengetedza zvakakosha masevhisi uye nyore kudzoreredza mashandiro avo kunyangwe pakaitika kutadza kwakanyanya.

Pasina kupokana, vazhinji vatariri vehurongwa vanoziva matekiniki ekushanda nenzvimbo chaiyo uye kwavari chinyorwa ichi hachizove chero kuwanikwa. Zvisinei neizvi, kune makambani asingatore mukana wekuchinjika uye nekumhanyisa kwechokwadi mhinduro nekuda kwekushaikwa kweruzivo rwechokwadi pamusoro pavo. Tinovimba kuti chinyorwa chedu chichakubatsira iwe kunzwisisa nemuenzaniso kuti zviri nyore kwazvo kutanga kushandisa virtualization kamwe pane kusangana nekusagadzikana uye zvikanganiso zvemuviri wekuvaka.

Neraki, zviri nyore kuyedza kuti virtualization inoshanda sei. Isu ticharatidza maitiro ekugadzira sevha munharaunda chaiyo, semuenzaniso, kuendesa CRM system inoshandiswa mukambani. Inenge chero sevha yemuviri inogona kushandurwa kuita chaiyo, asi chekutanga iwe unofanirwa kugona ekutanga maitiro ekushandisa. Izvi zvichakurukurwa pasi apa.

Chinoshanda sei

Kana zvasvika kune virtualization, nyanzvi dzakawanda dzemanovice dzinoona zvichinetsa kunzwisisa izwi rekuti, saka ngatitsanangure mashoma ekutanga pfungwa:

Hypervisor - yakakosha software iyo inokutendera iwe kugadzira uye kubata chaiwo machina;
Virtual muchina (inozonzi VM) isystem inonzwisisika sevha mukati meiyo yenyama ine yayo seti yehunhu, madhiraivha uye inoshanda sisitimu;
Virtualization Host - sevha yemuviri ine hypervisor inomhanya pairi.

Kuti sevha ishande seyakazara-yakazara virtualization host, processor yayo inofanirwa kutsigira imwe yematekinoroji maviri - ingave Intel® VT kana AMD-V™. Matekinoroji ese ari maviri anoita basa rakakosha rekupa server hardware zviwanikwa kumashini chaiwo.

Chinhu chakakosha ndechekuti chero zviito zvemashini chaiwo zvinoitwa zvakananga padanho rehardware. Panguva imwecheteyo, ivo vakaparadzaniswa kubva kune mumwe nemumwe, izvo zvinoita kuti zvive nyore kuzvidzora zvakasiyana. Iyo hypervisor pachayo inotora chinzvimbo chemukuru wevatariri, kugovera zviwanikwa, mabasa uye zvakakosha pakati pavo. Iyo hypervisor zvakare inoteedzera icho chikamu chehardware chinodiwa pakushanda kwakaringana kweiyo inoshanda sisitimu.

Iko kuunzwa kwe virtualization kunoita kuti zvikwanise kuve nemakopi akati wandei ekumhanya eimwe server. Kutadza kwakanyanya kana kukanganisa panguva yekuita shanduko kune kopi yakadaro hakuzokanganisa mashandiro ebasa razvino kana application. Izvi zvinobvisawo matambudziko maviri makuru - kuwedzera uye kukwanisa kuchengeta "zoo" yemhando dzakasiyana dzekushanda pane imwe hardware. Uyu mukana wakanakira kusanganisa akasiyana masevhisi pasina kudiwa kwekutenga akasiyana michina kune yega yega.

Virtualization inovandudza kukanganisa kushivirira kwemasevhisi uye yakatumirwa maapplication. Kunyangwe iyo sevha yemuviri ikatadza uye inoda kutsiviwa neimwe, iyo yese chaiyo dhizaini icharamba ichishanda zvizere, chero iyo dhisiki midhiya yakamira. Muchiitiko ichi, sevha yemuviri inogona kubva kune imwe yakasiyana zvachose yakagadzirwa. Izvi ndezvechokwadi kunyanya kumakambani anoshandisa maseva akamiswa uye achada kutamira kune mamwe mamodheru.

Iye zvino isu tinonyora anonyanya kufarirwa hypervisors aripo nhasi:

VMware ESXi
Microsoft Hyper V
Vhura Virtualization Alliance KVM
Oracle VM VirtualBox

Iwo ese ari epasirese, zvisinei, chimwe nechimwe chazvo chine zvimwe zvinhu izvo zvinofanirwa kugara zvichitariswa padanho rekusarudza: mutengo wekutumira / kuchengetedza uye hunyanzvi hunhu. Mutengo wemarezinesi ekutengesa eVMware neHyper-V wakakwira zvakanyanya, uye kana ukatadza, zvinonetsa kugadzirisa dambudziko nemasisitimu aya uri wega.

KVM, kune rumwe rutivi, yakasununguka zvachose uye iri nyore kushandisa, kunyanya sechikamu cheyakagadzirirwa-yakagadzirwa Debian Linux-based solution inonzi Proxmox Virtual Environment. Isu tinogona kukurudzira iyi sisitimu yekuzivana kwekutanga nenyika yezvivakwa zvemukati.

Maitiro ekukurumidza kutumira Proxmox VE hypervisor

Kuiswa kazhinji hakumutsi mibvunzo. Dhaunirodha yazvino vhezheni yemufananidzo kubva kune yepamutemo saiti uye nyora kune chero midhiya yekunze uchishandisa utility Win32DiskImager (muLinux iyo dd command inoshandiswa), mushure mezvo isu tinotanga sevha zvakananga kubva kune iyi midhiya. Vatengi vedu vanorenda maseva akazvitsaurira kubva kwatiri vanogona kutora mukana wenzira mbiri dzakareruka - nekungoisa mufananidzo waunoda zvakananga kubva kuKVM console, kana kushandisa. yedu PXE server.

Iyo yekuisa ine graphical interface uye inongobvunza mibvunzo mishoma.

Sarudza dhisiki iyo kuiswa kuchaitwa. Muchitsauko Options Iwe unogona zvakare kutsanangura mamwe mamarkup sarudzo.
Taura mamiriro edunhu.
Taura password iyo ichashandiswa kubvumidza iyo midzi superuser uye email kero yemutungamiriri.
Taura masetirwo etiweki. FQDN inomirira zita renzvimbo inokwana, semuenzaniso. node01.yourcompany.com.
Mushure mekuiswa kwapera, sevha inogona kudzoserwa patsva uchishandisa Reboot bhatani.

Iyo web management interface ichave iripo pa
```
https://IP_адрес_сервера:8006
```

Zvaunofanira kuita mushure mekuiswa

Pane zvinhu zvishoma zvakakosha zvaunofanira kuita mushure mekuisa Proxmox. Ngatikurukurei nezvemumwe nemumwe wavo zvakadzama.

Gadziridza sisitimu kune yazvino vhezheni

Kuti tiite izvi, ngatiendei kune console ye server yedu uye tidzime iyo yakabhadharwa repository (inowanikwa chete kune avo vakatenga rubatsiro rwekubhadhara). Kana iwe ukasaita izvi, apt inoshuma chikanganiso kana uchivandudza mapakeji masosi.

Vhura iyo console uye gadzirisa iyo apt yekumisikidza faira:
```
nano /etc/apt/sources.list.d/pve-enterprise.list
```
Pachave nemutsetse mumwe chete mufaira iri. Tinoisa chiratidzo pamberi payo #kudzima kugamuchira zvigadziriso kubva kune inobhadharwa repository:
```
#deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
```
Keyboard shortcut Ctrl + X buda mupepeti nekupindura Y paakabvunzwa nehurongwa nezve kuchengetedza faira.
Isu tinomhanyisa murairo wekuvandudza mapakeji masosi uye kugadzirisa sisitimu:
```
apt update && apt -y upgrade
```

Chengetedza kuchengeteka

Isu tinogona kukurudzira kuisa iyo inonyanya kufarirwa utility Fail2Ban, iyo inodzivirira kurwiswa kwepassword (brute force). Nheyo yekushanda kwayo ndeyekuti kana munhu anorwisa akadarika imwe nhamba yekuedza kupinda mukati menguva yakatarwa neasina kurongeka / password, ipapo IP kero yake ichavharwa. Nguva yekuvhara uye nhamba yekuedza inogona kutsanangurwa mufaira rekugadzirisa.

Zvichienderana neruzivo runoshanda, mukati mevhiki yekumhanyisa sevha ine yakavhurika ssh port 22 uye yekunze static IPv4 kero, pakanga paine zvinopfuura zviuru zvishanu zvekuyedza kufungidzira password. Uye iyo yekushandisa yakabudirira kuvharira anenge 5000 kero.

Kuti upedze kuisa, heino mimwe mirairo:

Vhura server console kuburikidza newebhu interface kana SSH.
Gadziridza pasuru masosi:
```
apt update
```
Isa Fail2Ban:
```
apt install fail2ban
```
Vhura zvigadziriso zvekushandisa zvekugadzirisa:
```
nano /etc/fail2ban/jail.conf
```
Kuchinja chinja bantime (nhamba yemasekonzi ayo anorwisa achavharirwa) uye maxretry (nhamba yekupinda / password yekupinda yekuedza) kune yega yega sevhisi.
Keyboard shortcut Ctrl + X buda mupepeti nekupindura Y paakabvunzwa nehurongwa nezve kuchengetedza faira.
Tangazve sevhisi:
```
systemctl restart fail2ban
```

Iwe unogona kutarisa chimiro chekushandisa, semuenzaniso, bvisa iyo inovharira nhamba yeakavharika IP kero kubva kwaive nekuyedza kumanikidza SSH mapassword, nemurairo mumwe wakapusa:

fail2ban-client -v status sshd

Mhinduro yemushandisi ichaita seizvi:

root@hypervisor:~# fail2ban-client -v status sshd
INFO   Loading configs for fail2ban under /etc/fail2ban
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
Status for the jail: sshd
|- Filter
|  |- Currently failed: 3
|  |- Total failed:     4249
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     410
   `- Banned IP list:

Nenzira yakafanana, iwe unogona kudzivirira iyo Webhu interface kubva pakurwiswa kwakadaro nekugadzira mutemo wakakodzera. Muenzaniso wemutemo wakadaro weFail2Ban unogona kuwanikwa mukati official manual.

kutanga

Ndinoda kukwevera pfungwa dzako kune chokwadi chekuti Proxmox yakagadzirira kugadzira michina mitsva nekukurumidza mushure mekuiswa. Nekudaro, isu tinokurudzira kuti upedze zvigadziriso zvekutanga kuitira kuti sisitimu igone kutungamirwa zviri nyore mune ramangwana. Kudzidzira kunoratidza kuti iyo hypervisor uye chaiyo michina inofanirwa kugoverwa pamusoro pemidhiya yakasiyana yemuviri. Nzira yekuita izvi ichakurukurwa pasi apa.

Gadzira dhisiki madhiraivha

Nhanho inotevera ndeyekugadzirisa chengetedzo iyo inogona kushandiswa kuchengetedza chaiyo muchina data uye backups.

TARIRA! Muenzaniso wedhisiki pazasi unogona kushandiswa pakuedza zvinangwa chete. Nekushandisa chaiko-pasirese, isu tinokurudzira zvakasimba kushandisa software kana hardware RAID array kudzivirira kurasikirwa kwedata kana madhiraivha atadza. Isu tichakuudza nzira yekugadzirira zvakanaka dhisiki array yekushanda uye zvekuita kana paine emergency mune chimwe chezvinyorwa zvinotevera.

Ngatifungei sevha yemuviri ine madhisiki maviri - / dev / sda, iyo iyo hypervisor yakaiswa uye isina dhisiki / dev / sdb, iyo yakarongwa kushandiswa kuchengetedza data yemuchina chaiwo. Kuti iyo sisitimu ione chengetedzo nyowani, unogona kushandisa yakapusa uye inoshanda nzira - batanidza iyo seyakajairwa dhairekitori. Asi zvisati zvaitika, unoda kuita mamwe matanho ekugadzirira. Semuenzaniso, ngationei nzira yekubatanidza dhiraivha nyowani / dev / sdb, chero saizi, kuigadzira kuita faira system ext4.

Isu tinoparadzanisa dhisiki, tichigadzira chikamu chitsva:
```
fdisk /dev/sdb
```
Dzvanya kiyi o kana g (kugovera dhisiki muMBR kana GPT).
Tevere, dzvanya kiyi n (gadzira chikamu chitsva).
Uye pakupedzisira w (kuchengetedza shanduko).
Gadzira ext4 faira system:
```
mkfs.ext4 /dev/sdb1
```
Gadzira dhairekitori apo isu tichaisa iyo partition:
```
mkdir /mnt/storage
```
Vhura iyo configuration faira yekugadzirisa:
```
nano /etc/fstab
```

Wedzera mutsara mutsva ipapo:

/dev/sdb1	/mnt/storage	ext4	defaults	0	0

Mushure mekuita shanduko, chengetedza nekapfupi keibhodhi Ctrl + X, vachipindura Y kumubvunzo wemupepeti.
Kuti uone kuti zvese zviri kushanda, tinotumira sevha kuti itangezve:
```
shutdown -r now
```
Mushure mekugadzirisazve, tarisa zvikamu zvakaiswa:
```
df -H
```

Kubuda kwemirairo kunofanira kuratidza izvozvo / dev / sdb1 yakaiswa mudhairekitori /mnt/storage. Izvi zvinoreva kuti dhiraivha yedu yakagadzirira kushandiswa.

Wedzera imwe repository muProxmox

Pinda kune control panel uye enda kune zvikamu Data center ➝ Vault ➝ wedzera ➝ Directory.

Pahwindo rinovhurwa, zadza minda inotevera:

ID - zita renzvimbo yekuchengetedza remangwana;
Directory - /mnt/storage;
Zvemukati - sarudza zvese zvingasarudzwa (kudzvanya pane yega yega sarudzo).

Mushure meizvi, tinya bhatani wedzera. Izvi zvinopedzisa kuseta.

Gadzira muchina chaiwo

Kugadzira muchina chaiwo, ita zvinotevera kutevedzana kwezviito:

Isu tinosarudza pane vhezheni yeiyo inoshanda sisitimu.
Dhaunirodha mufananidzo weISO pamberi.
Sarudza kubva kumenyu Vault iyo ichangobva kugadzirwa repository.
Dinani pano Zvemukati ➝ Download.
Sarudza mufananidzo weISO kubva pane rondedzero uye simbisa iyo sarudzo nekudzvanya bhatani Download.

Mushure mekuvhiyiwa kwapera, chifananidzo chicharatidzwa mune runyorwa rweanowanikwa.

Ngatigadzire yedu yekutanga virtual muchina:

Dinani pano Gadzira VM.
Zadza parameters imwe neimwe: zita ➝ ISO-Mufananidzo ➝ Hard drive saizi uye mhando ➝ Nhamba yevagadziri ➝ RAM saizi ➝ Network adapta.
Wasarudza ese anodiwa paramita, tinya Kupedzisa. Muchina wakagadzirwa ucharatidzwa mune menyu yekutonga.
Sarudza iyo uye tinya Kutanga.
Enda kunongedzo Console uye isa iyo inoshanda sisitimu nenzira yakafanana neyenguva dzose yemuviri server.

Kana iwe uchida kugadzira mumwe muchina, dzokorora mashandiro ari pamusoro. Kana vese vagadzirira, unogona kushanda navo panguva imwe chete nekuvhura akati wandei windows console.

Gadzirisa autorun

Nekumisikidza, Proxmox haingotange michina, asi izvi zvinogadziriswa nyore nekudzvanya kaviri chete:

Dzvanya pazita remuchina waunoda.
Sarudza tab mikana ➝ Tanga pa boot.
Isu tinoisa tiki pedyo nekunyorwa kwezita rimwe chete.

Zvino, kana sevha yemuviri ikadzoserwa, VM ichatanga otomatiki.

Kune vatungamiri vepamusoro, kune zvakare mukana wekutsanangura mamwe mapeji ekutanga muchikamu Kutanga/Kudzima kurongeka. Iwe unogona kutsanangura zvakajeka muhurongwa hwekuti michina inofanira kutangwa. Iwe unogona zvakare kutsanangura nguva inofanirwa kupfuura VM inotevera isati yatanga uye kunonoka kunonoka nguva (kana iyo inoshanda sisitimu isina nguva yekudzima, iyo hypervisor inoimanikidza kuvhara mushure meimwe nhamba yemasekonzi).

mhedziso

Ichi chinyorwa chatsanangura izvo zvekutanga zveProxmox VE uye isu tinovimba zvichabatsira vatsva kutora danho rekutanga uye kuyedza virtualization mukuita.

Proxmox VE ndeyechokwadi yakasimba kwazvo uye iri nyore chishandiso kune chero sisitimu maneja; Chinhu chikuru hachisi kutya kuedza uye kunzwisisa kuti inoshanda sei.

Kana uine chero mibvunzo, gamuchirwa kune zvakataurwa.

Source: www.habr.com

Iwo mashiripiti e virtualization: kosi yekutanga muProxmox VE