Muchinyorwa chino tichatarisa akati wandei esarudzo asi anobatsira marongero:
tichishandisa mamwe mazita kumaneja ;kubatanidza huchokwadi kuburikidza neActive Directory ;Mutlipathing ;kutonga kwesimba ;kutsiva SSL chitupa ;archiving ;host management interface (cockpit) ;VLANs ;HPE chaiyo .
Chinyorwa ichi ndechekuenderera mberi, ona oVirt mumaawa maviri ekutanga
Articles
Nhanganyaya Kuiswa kwemaneja (ovirt-injini) uye hypervisors (mauto) - Mamwe marongero - Tiri pano
Kuwedzera maneja marongero
Kuti zvive nyore, isu tichaisa mamwe mapakeji:
$ sudo yum install bash-completion vim
Kugonesa kupedzisa kwekuraira, bash-kupedzisa kunoda kuchinjira ku bash.
Kuwedzera mamwe mazita eDNS
Izvi zvinozodiwa kana uchinge wada kubatana nemaneja uchishandisa rimwe zita (CNAME, alias, kana kungoti zita ripfupi risina domain suffix). Nekuda kwezvikonzero zvekuchengetedza, maneja anobvumira kubatanidza chete achishandisa runyoro rwakabvumidzwa rwemazita.
Gadzira faira rekugadzirisa:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf
zvinotevera zvirimo:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"
uye tangazve maneja:
$ sudo systemctl restart ovirt-engine
Kumisikidza chokwadi kuburikidza neAD
oVirt ine yakavakirwa-mukati mushandisi base, asi ekunze LDAP vanopa vanotsigirwa zvakare, kusanganisira. A.D.
Iyo yakapusa nzira yekumisikidzwa ndeyekuvhura wizard uye kutangazve maneja:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engine
Muenzaniso webasa ratenzi
$ sudo ovirt-injini-kuwedzera-aaa-ldap-setup
Inowanikwa LDAP mashandisirwo:
...
3 - Active Directory
...
Sarudza: 3
Ndokumbira uise Active Directory Sango zita: Example.com
Ndokumbira usarudze protocol yekushandisa (startTLS, ldaps, plain) [kutangaTLS]:
Ndokumbira usarudze nzira yekuwana PEM encoded CA chitupa (Faira, URL, Inline, System, Insecure): URL
URL:
Pinda mushandisi wekutsvaga DN (semuenzaniso uid=username,dc=example,dc=com kana siya pasina munhu asingazivikanwe): CN=oVirt-Engine,CN=Users,DC=example,DC=com
Isa password yemushandisi yekutsvaga: *pasiwedhi*
[ INFO ] Kuedza kusunga uchishandisa βCN=oVirt-Engine,CN=Users,DC=example,DC=comβ
Uri kuzoshandisa Single Sign-On yeVirtual Machines (Hongu, Kwete) [Ehe]:
Ndapota tsanangura zita reprofile richaonekwa nevashandisi [muenzaniso.com]:
Ndokumbira upe magwaro ekuyedza kuyerera kwekupinda:
Isa zita rekushandisa: someAnyUser
Isa password yemushandisi:
...
[INFO] Login kutevedzana kwaitwa zvinobudirira
...
Sarudza kutevedzana kwebvunzo kuita (Zvaitwa, Kubvisa, Kupinda, Kutsvaga) [Zvaitwa]:
[INFO] Danho: Kugadziriswa kwekutengeserana
...
CONFIGURATION SUMMARY
...
Kushandisa wizard kwakakodzera kune mazhinji kesi. Nekugadziriswa kwakaoma, zvigadziriso zvinoitwa nemaoko. Mamwe mashoko muOVirt zvinyorwa,
Kuwanda
Munzvimbo yekugadzira, sisitimu yekuchengetera inofanirwa kuve yakabatana kune muenzi kuburikidza neakawanda akazvimirira, akawanda I/O nzira. Semutemo, muCentOS (uye saka oVirt) hapana matambudziko nekuunganidza nzira dzakawanda kune mudziyo (tsvaga_multipaths hongu). Mamwe marongero eFCoE akanyorwa mukati
Kushandisa 3PAR semuenzaniso
uye gwaro
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}
Mushure mezvo murairo wekutanga zvakare unopiwa:
systemctl restart multipathd
Mupunga. 1 ndiyo yakasarudzika yakawandisa I/O mutemo.
Mupunga. 2 - yakawanda I / O mutemo mushure mekushandisa marongero.
Kugadzika manejimendi emagetsi
Inokutendera kuti uite, semuenzaniso, kuseta kwehardware yemuchina kana Injini isingakwanisi kugamuchira mhinduro kubva kuMugadziri kwenguva yakareba. Inoitwa kuburikidza neFence Agent.
Compute -> Hosts -> HOST - Rongedza -> Power Management, wobva wagonesa "Gonesa Power Management" uye wedzera mumiriri - "Wedzera Fence Agent" -> +.
Isu tinoratidza rudzi (somuenzaniso, yeLO5 unoda kutsanangura ilo4), zita / kero ye ipmi interface, pamwe chete nezita rekushandisa / password. Zvinokurudzirwa kugadzira mushandisi akaparadzana (semuenzaniso, oVirt-PM) uye, kana iri ILO, mupe ropafadzo:
- Login
- Remote Console
- Virtual Power uye Reset
- Virtual Media
- Gadzirisa iLO Settings
- Gadzira Maakaundi eMushandisi
Usabvunze kuti sei izvi zvakadaro, zvakasarudzwa empirically. Iyo console fencing agent inoda kodzero shoma.
Paunenge uchigadzira manyorerwo ekutonga, unofanirwa kuyeuka kuti mumiriri haamhanyi pajini, asi pane "muvakidzani" anogamuchira (anonzi Power Management Proxy), kureva, kana paine node imwe chete musumbu, kutonga kwemagetsi kuchashanda hazvingadaro.
Kugadzira SSL
Mirayiridzo yepamutemo yakazara - mu
Chitupa chinogona kunge chiri kubva kune yedu corporate CA kana kubva kune yekunze kutengeserana chitupa chiremera.
Chiziviso chakakosha: Chitupa chakagadzirirwa kubatana kune maneja uye hachizokanganisa kutaurirana pakati peInjini nemanodhi - ivo vanozoshandisa zvitupa zvekuzvisaina zvakapihwa neInjini.
Zvinotarisirwa:
- chitupa chekuburitsa CA muPEM fomati, neketani yese kusvika kumudzi CA (kubva kune yakadzika inopa CA pakutanga kusvika pamudzi pamagumo);
- chitupa cheApache chakapihwa neCA inoburitsa (inowedzerwawo neketani yese yeCA zvitupa);
- kiyi yakavanzika yeApache, isina password.
Ngatifungei kuti kupa kwedu CA kuri kuita CentOS, inonzi subca.example.com, uye zvikumbiro, makiyi, uye zvitupa zviri mu/etc/pki/tls/ directory.
Isu tinoita backups uye tinogadzira dhairekitori renguva pfupi:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certs
Dhawunirodha zvitupa, zviite kubva kune yako yekushandira kana kutamisa neimwe nzira iri nyore:
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certs
Nekuda kweizvozvo, iwe unofanirwa kuona ese matatu mafaera:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.key
Kuisa zvitupa
Kopa mafaera uye gadzirisa zvinyorwa zvekuvimba:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.service
Wedzera / gadziridza mafaera ekugadzirisa:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf
ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""
$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf
# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer
Tevere, tangazve ese akakanganisika masevhisi:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.service
Ready! Yave nguva yekubatanidza kune maneja uye tarisa kuti kubatana kwakadzivirirwa nechitupa cheSSL chakasainwa.
Archive
Taizovepi pasina iye? Muchikamu chino tichataura nezve maneja kuchengetedza; VM kuchengetedza inyaya yakaparadzana. Isu tichaita makopi ekuchengetera kamwechete pazuva uye toachengeta kuburikidza neNFS, semuenzaniso, pane imwecheteyo sisitimu yatakaisa ISO mifananidzo - mynfs1.example.com:/exports/ovirt-backup. Hazvikurudzirwe kuchengetedza zvinyorwa pamushini mumwe chete uko Injini iri kushanda.
Isa uye gonesa autofs:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofs
Ngatigadzire chinyorwa:
$ sudo vim /etc/cron.daily/make.oVirt.backup.sh
zvinotevera zvirimo:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;
Kuita kuti faira riitike:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.sh
Iye zvino manheru ega ega tinogashira archive yemaneja marongero.
Host manejimendi interface
Mupunga. 3 - kuonekwa kwepaneti.
Kuisirwa kuri nyore kwazvo, unoda mapakeji ecockpit uye cockpit-ovirt-dashboard plugin:
$ sudo yum install cockpit cockpit-ovirt-dashboard -y
Kugonesa Cockpit:
$ sudo systemctl enable --now cockpit.socket
Firewall setup:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanent
Iye zvino unokwanisa kubatana kune mugamuchiri: https://[Host IP kana FQDN]:9090
VLANs
Iwe unofanirwa kuverenga zvakawanda nezve network mukati
Kuti ubatanidze mamwe ma subnets, anofanirwa kutanga atsanangurwa mukugadzirisa: Network -> Networks -> Nyowani, pano chete zita ndiro munda unodiwa; Iyo VM Network cheki bhokisi, iyo inobvumira michina kushandisa iyi network, inogoneswa, asi kubatanidza iyo tag inofanirwa kugoneswa. Gonesa VLAN tagging, isa nhamba yeVLAN wobva wadzvanya OK.
Iye zvino iwe unofanirwa kuenda kuCompute hosts -> Hosts -> kvmNN -> Network Interfaces -> Setup Host Networks. Dhonza network yakawedzerwa kubva kudivi rekurudyi reUnassigned Logical Networks kuruboshwe muAssigned Logical Networks:
Mupunga. 4 - usati wawedzera network.
Mupunga. 5 - mushure mekuwedzera network.
Kuti ubatanidze manetwork akawanda kune mugamuchiri muhuwandu, zviri nyore kugovera label (s) kwavari paunenge uchigadzira network, uye wedzera network nemavara.
Mushure mekunge mambure agadzirwa, mauto achapinda muNon Operational state kusvikira network yawedzerwa kune nodes dzose musumbu. Maitiro aya anokonzerwa neiyo Inoda Zvese mureza paCluster tebhu paunenge uchigadzira network nyowani. Muchiitiko kana network isingadikanwi pamanode ese esumbu, mureza uyu unogona kuvharwa, zvino kana network yawedzerwa kune muenzi, ichange iri kurudyi muchikamu Chisingadikanwi uye unogona kusarudza kuti ungabatanidza. kune mumwe mugamuchiri chaiye.
Mupunga. 6-sarudza chinodiwa netiweki hunhu.
HPE chaiyo
Vanenge vese vanogadzira vane zvishandiso zvinovandudza kushandiswa kwezvinhu zvavo. Kushandisa HPE semuenzaniso, AMS (Agentless Management Service, amsd yeLO5, hp-ams yeLO4) uye SSA (Smart Storage Administrator, kushanda nedhisiki controller), nezvimwewo zvinobatsira.
Kubatanidza iyo HPE repository
Isu tinopinza kiyi uye tinobatanidza iyo HPE repositori:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repo
zvinotevera zvirimo:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
Wona zvirimo mudura uye ruzivo rwepasuru (yereferensi):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsd
Kuisa uye kutanga:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsd
Muenzaniso wekushandisa kwekushanda nedhisiki controller
Ndizvo zvose ikozvino. Muzvinyorwa zvinotevera ndinoronga kutaura nezve mamwe mabasa ekutanga uye maapplication. Semuenzaniso, kugadzira VDI muoVirt.
Source: www.habr.com