oVirt mumaawa maviri. Chikamu 2. Zvimwe zvirongwa

Muchinyorwa chino tichatarisa akati wandei esarudzo asi anobatsira marongero:

• tichishandisa mamwe mazita kumaneja;
• kubatanidza huchokwadi kuburikidza neActive Directory;
• Mutlipathing;
• kutonga kwesimba;
• kutsiva SSL chitupa;
• archiving;
• host management interface (cockpit);
• VLANs;
• HPE chaiyo.

Chinyorwa ichi ndechekuenderera mberi, ona oVirt mumaawa maviri ekutanga 1 chikamu и chikamu 2.

Articles

1. Nhanganyaya
2. Kuiswa kwemaneja (ovirt-injini) uye hypervisors (mauto)
3. Mamwe marongero - Tiri pano

Kuwedzera maneja marongero

Kuti zvive nyore, isu tichaisa mamwe mapakeji:

$ sudo yum install bash-completion vim

Kugonesa kupedzisa kwekuraira, bash-kupedzisa kunoda kuchinjira ku bash.

Kuwedzera mamwe mazita eDNS

Izvi zvinozodiwa kana uchinge wada kubatana nemaneja uchishandisa rimwe zita (CNAME, alias, kana kungoti zita ripfupi risina domain suffix). Nekuda kwezvikonzero zvekuchengetedza, maneja anobvumira kubatanidza chete achishandisa runyoro rwakabvumidzwa rwemazita.

Gadzira faira rekugadzirisa:

$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf

zvinotevera zvirimo:

SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"

uye tangazve maneja:

$ sudo systemctl restart ovirt-engine

Kumisikidza chokwadi kuburikidza neAD

oVirt ine yakavakirwa-mukati mushandisi base, asi ekunze LDAP vanopa vanotsigirwa zvakare, kusanganisira. A.D.

Iyo yakapusa nzira yekumisikidzwa ndeyekuvhura wizard uye kutangazve maneja:

$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engine

Muenzaniso webasa ratenzi
$ sudo ovirt-injini-kuwedzera-aaa-ldap-setup
Inowanikwa LDAP mashandisirwo:
...
3 - Active Directory
...
Sarudza: 3
Ndokumbira uise Active Directory Sango zita: Example.com

Ndokumbira usarudze protocol yekushandisa (startTLS, ldaps, plain) [kutangaTLS]:
Ndokumbira usarudze nzira yekuwana PEM encoded CA chitupa (Faira, URL, Inline, System, Insecure): URL
URL: wwwca.example.com/myRootCA.pem
Pinda mushandisi wekutsvaga DN (semuenzaniso uid=username,dc=example,dc=com kana siya pasina munhu asingazivikanwe): CN=oVirt-Engine,CN=Users,DC=example,DC=com
Isa password yemushandisi yekutsvaga: *pasiwedhi*
[ INFO ] Kuedza kusunga uchishandisa ‘CN=oVirt-Engine,CN=Users,DC=example,DC=com’
Uri kuzoshandisa Single Sign-On yeVirtual Machines (Hongu, Kwete) [Ehe]:
Ndapota tsanangura zita reprofile richaonekwa nevashandisi [muenzaniso.com]:
Ndokumbira upe magwaro ekuyedza kuyerera kwekupinda:
Isa zita rekushandisa: someAnyUser
Isa password yemushandisi:
...
[INFO] Login kutevedzana kwaitwa zvinobudirira
...
Sarudza kutevedzana kwebvunzo kuita (Zvaitwa, Kubvisa, Kupinda, Kutsvaga) [Zvaitwa]:
[INFO] Danho: Kugadziriswa kwekutengeserana
...
CONFIGURATION SUMMARY
...

Kushandisa wizard kwakakodzera kune mazhinji kesi. Nekugadziriswa kwakaoma, zvigadziriso zvinoitwa nemaoko. Mamwe mashoko muOVirt zvinyorwa, Vashandisi uye Mabasa. Mushure mekubudirira kubatanidza Injini kuAD, imwe nhoroondo ichaonekwa muhwindo rekubatanidza, uye patebhu Permissions Sisitimu zvinhu zvine kugona kupa mvumo kune vashandisi veAD nemapoka. Zvinofanira kucherechedzwa kuti dhairekitori rekunze revashandisi nemapoka rinogona kunge risiri AD chete, asiwo IPA, eDirectory, nezvimwe.

Kuwanda

Munzvimbo yekugadzira, sisitimu yekuchengetera inofanirwa kuve yakabatana kune muenzi kuburikidza neakawanda akazvimirira, akawanda I/O nzira. Semutemo, muCentOS (uye saka oVirt) hapana matambudziko nekuunganidza nzira dzakawanda kune mudziyo (tsvaga_multipaths hongu). Mamwe marongero eFCoE akanyorwa mukati 2nd chikamu. Zvakakodzera kuteerera kurudziro yemugadziri wegadziriro yekuchengetedza - vazhinji vanokurudzira kushandisa iyo inotenderera-robin mutemo, asi nekusarudzika mu Enterprise Linux 7 sevhisi-nguva inoshandiswa.

Kushandisa 3PAR semuenzaniso
uye gwaro HPE 3PAR Red Hat Enterprise Linux, CentOS Linux, Oracle Linux, uye OracleVM Server Implementation Guide. EL inogadzirwa seMubati ane Generic-ALUA Persona 2, iyo inotevera hunhu inopinzwa muzvirongwa /etc/multipath.conf:

defaults {
           polling_interval      10
           user_friendly_names   no
           find_multipaths       yes
          }
devices {
          device {
                   vendor                   "3PARdata"
                   product                  "VV"
                   path_grouping_policy     group_by_prio
                   path_selector            "round-robin 0"
                   path_checker             tur
                   features                 "0"
                   hardware_handler         "1 alua"
                   prio                     alua
                   failback                 immediate
                   rr_weight                uniform
                   no_path_retry            18
                   rr_min_io_rq             1
                   detect_prio              yes
                   fast_io_fail_tmo         10
                   dev_loss_tmo             "infinity"
                 }
}

Mushure mezvo murairo wekutanga zvakare unopiwa:

systemctl restart multipathd

Mupunga. 1 ndiyo yakasarudzika yakawandisa I/O mutemo.

Mupunga. 2 - yakawanda I / O mutemo mushure mekushandisa marongero.

Kugadzika manejimendi emagetsi

Inokutendera kuti uite, semuenzaniso, kuseta kwehardware yemuchina kana Injini isingakwanisi kugamuchira mhinduro kubva kuMugadziri kwenguva yakareba. Inoitwa kuburikidza neFence Agent.

Compute -> Hosts -> HOST - Rongedza -> Power Management, wobva wagonesa "Gonesa Power Management" uye wedzera mumiriri - "Wedzera Fence Agent" -> +.

Isu tinoratidza rudzi (somuenzaniso, yeLO5 unoda kutsanangura ilo4), zita / kero ye ipmi interface, pamwe chete nezita rekushandisa / password. Zvinokurudzirwa kugadzira mushandisi akaparadzana (semuenzaniso, oVirt-PM) uye, kana iri ILO, mupe ropafadzo:

• Login
• Remote Console
• Virtual Power uye Reset
• Virtual Media
• Gadzirisa iLO Settings
• Gadzira Maakaundi eMushandisi

Usabvunze kuti sei izvi zvakadaro, zvakasarudzwa empirically. Iyo console fencing agent inoda kodzero shoma.

Paunenge uchigadzira manyorerwo ekutonga, unofanirwa kuyeuka kuti mumiriri haamhanyi pajini, asi pane "muvakidzani" anogamuchira (anonzi Power Management Proxy), kureva, kana paine node imwe chete musumbu, kutonga kwemagetsi kuchashanda hazvingadaro.

Kugadzira SSL

Mirayiridzo yepamutemo yakazara - mu zvinyorwa, Appendikisi D: oVirt uye SSL - Kutsiva oVirt Injini SSL/TLS Chitupa.

Chitupa chinogona kunge chiri kubva kune yedu corporate CA kana kubva kune yekunze kutengeserana chitupa chiremera.

Chiziviso chakakosha: Chitupa chakagadzirirwa kubatana kune maneja uye hachizokanganisa kutaurirana pakati peInjini nemanodhi - ivo vanozoshandisa zvitupa zvekuzvisaina zvakapihwa neInjini.

Zvinotarisirwa:

• chitupa chekuburitsa CA muPEM fomati, neketani yese kusvika kumudzi CA (kubva kune yakadzika inopa CA pakutanga kusvika pamudzi pamagumo);
• chitupa cheApache chakapihwa neCA inoburitsa (inowedzerwawo neketani yese yeCA zvitupa);
• kiyi yakavanzika yeApache, isina password.

Ngatifungei kuti kupa kwedu CA kuri kuita CentOS, inonzi subca.example.com, uye zvikumbiro, makiyi, uye zvitupa zviri mu/etc/pki/tls/ directory.

Isu tinoita backups uye tinogadzira dhairekitori renguva pfupi:

$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certs

Dhawunirodha zvitupa, zviite kubva kune yako yekushandira kana kutamisa neimwe nzira iri nyore:

[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certs

Nekuda kweizvozvo, iwe unofanirwa kuona ese matatu mafaera:

$ ls /opt/certs
cachain.pem  ovirt.crt  ovirt.key

Kuisa zvitupa

Kopa mafaera uye gadzirisa zvinyorwa zvekuvimba:

$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.service

Wedzera / gadziridza mafaera ekugadzirisa:

$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf

ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""

$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf

SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass

$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf

# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer

Tevere, tangazve ese akakanganisika masevhisi:

$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.service

Ready! Yave nguva yekubatanidza kune maneja uye tarisa kuti kubatana kwakadzivirirwa nechitupa cheSSL chakasainwa.

Archive

Taizovepi pasina iye? Muchikamu chino tichataura nezve maneja kuchengetedza; VM kuchengetedza inyaya yakaparadzana. Isu tichaita makopi ekuchengetera kamwechete pazuva uye toachengeta kuburikidza neNFS, semuenzaniso, pane imwecheteyo sisitimu yatakaisa ISO mifananidzo - mynfs1.example.com:/exports/ovirt-backup. Hazvikurudzirwe kuchengetedza zvinyorwa pamushini mumwe chete uko Injini iri kushanda.

Isa uye gonesa autofs:

$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofs

Ngatigadzire chinyorwa:

$ sudo vim /etc/cron.daily/make.oVirt.backup.sh

zvinotevera zvirimo:

#!/bin/bash

datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days 
#find $backupdir -type f -mtime +30 -exec rm -f {} ;

Kuita kuti faira riitike:

$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.sh

Iye zvino manheru ega ega tinogashira archive yemaneja marongero.

Host manejimendi interface

Cockpit - yemazuva ano yekutonga interface yeLinux masisitimu. Muchiitiko ichi, inoita basa rakafanana neESXi web interface.

Mupunga. 3 - kuonekwa kwepaneti.

Kuisirwa kuri nyore kwazvo, unoda mapakeji ecockpit uye cockpit-ovirt-dashboard plugin:

$ sudo yum install cockpit cockpit-ovirt-dashboard -y

Kugonesa Cockpit:

$ sudo systemctl enable --now cockpit.socket

Firewall setup:

sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanent

Iye zvino unokwanisa kubatana kune mugamuchiri: https://[Host IP kana FQDN]:9090

VLANs

Iwe unofanirwa kuverenga zvakawanda nezve network mukati zvinyorwa. Pane zvakawanda zvinogoneka, pano isu tichatsanangura kubatanidza virtual network.

Kuti ubatanidze mamwe ma subnets, anofanirwa kutanga atsanangurwa mukugadzirisa: Network -> Networks -> Nyowani, pano chete zita ndiro munda unodiwa; Iyo VM Network cheki bhokisi, iyo inobvumira michina kushandisa iyi network, inogoneswa, asi kubatanidza iyo tag inofanirwa kugoneswa. Gonesa VLAN tagging, isa nhamba yeVLAN wobva wadzvanya OK.

Iye zvino iwe unofanirwa kuenda kuCompute hosts -> Hosts -> kvmNN -> Network Interfaces -> Setup Host Networks. Dhonza network yakawedzerwa kubva kudivi rekurudyi reUnassigned Logical Networks kuruboshwe muAssigned Logical Networks:

Mupunga. 4 - usati wawedzera network.

Mupunga. 5 - mushure mekuwedzera network.

Kuti ubatanidze manetwork akawanda kune mugamuchiri muhuwandu, zviri nyore kugovera label (s) kwavari paunenge uchigadzira network, uye wedzera network nemavara.

Mushure mekunge mambure agadzirwa, mauto achapinda muNon Operational state kusvikira network yawedzerwa kune nodes dzose musumbu. Maitiro aya anokonzerwa neiyo Inoda Zvese mureza paCluster tebhu paunenge uchigadzira network nyowani. Muchiitiko kana network isingadikanwi pamanode ese esumbu, mureza uyu unogona kuvharwa, zvino kana network yawedzerwa kune muenzi, ichange iri kurudyi muchikamu Chisingadikanwi uye unogona kusarudza kuti ungabatanidza. kune mumwe mugamuchiri chaiye.

Mupunga. 6-sarudza chinodiwa netiweki hunhu.

HPE chaiyo

Vanenge vese vanogadzira vane zvishandiso zvinovandudza kushandiswa kwezvinhu zvavo. Kushandisa HPE semuenzaniso, AMS (Agentless Management Service, amsd yeLO5, hp-ams yeLO4) uye SSA (Smart Storage Administrator, kushanda nedhisiki controller), nezvimwewo zvinobatsira.

Kubatanidza iyo HPE repository
Isu tinopinza kiyi uye tinobatanidza iyo HPE repositori:

$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repo

zvinotevera zvirimo:

[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp

[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp

Wona zvirimo mudura uye ruzivo rwepasuru (yereferensi):

$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsd

Kuisa uye kutanga:

$ sudo yum install amsd ssacli
$ sudo systemctl start amsd

Muenzaniso wekushandisa kwekushanda nedhisiki controller

Ndizvo zvose ikozvino. Muzvinyorwa zvinotevera ndinoronga kutaura nezve mamwe mabasa ekutanga uye maapplication. Semuenzaniso, kugadzira VDI muoVirt.

Source: www.habr.com