ProHoster > Блог > Maamulka > Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE

Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE

Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE
Maanta waxaan ka hadli doonaa sida ugu dhaqsaha badan oo sahlan loo geeyo dhowr server-yada farsamada leh oo leh nidaamyada hawlgalka ee kala duwan hal server oo jireed. Tani waxay u oggolaan doontaa maamule kasta oo nidaam ah inuu si dhexe u maareeyo dhammaan kaabayaasha IT-ga ee shirkadda oo uu badbaadiyo tiro badan oo kheyraad ah. Isticmaalka farsamada casriga ah waxay ka caawisaa in la soo saaro inta ugu badan ee suurtogalka ah qalabka server-ka jirka, ilaalinta adeegyada muhiimka ah iyo si fudud u soo celinta hawlgalkooda xitaa haddii ay dhacdo guuldarrooyin aad u daran.

Shaki la'aan, maamulayaasha nidaamka intooda badani waxay yaqaanaan farsamooyinka la shaqeynta jawiga casriga ah oo iyaga maqaalkani ma noqon doono wax daahfur ah. Iyadoo ay taasi jirto, waxaa jira shirkado aan ka faa'iidaysan dabacsanaanta iyo xawaaraha xalalka casriga ah sababtoo ah la'aanta macluumaadka saxda ah ee iyaga ku saabsan. Waxaan rajeyneynaa in maqaalkeena uu kaa caawin doono inaad fahamto tusaale ahaan inay aad u fududahay in la bilaabo isticmaalka farsamada hal mar halkii aad la kulmi lahayd dhibaatooyinka iyo cilladaha kaabayaasha jirka.

Nasiib wanaag, aad ayay u fududahay in la isku dayo sida uu u shaqeeyo. Waxaan ku tusi doonaa sida loo abuuro server jawi dalwaddii, tusaale ahaan, si ay u gudbiyaan nidaamka CRM ee loo isticmaalo shirkad. Ku dhawaad ​​server kasta oo jirka ah ayaa loo rogi karaa mid toos ah, laakiin marka hore waxaad u baahan tahay inaad barato farsamooyinka hawlgalka aasaasiga ah. Tan ayaa hoos looga hadli doonaa.

Sidee u shaqeysaa

Marka ay timaaddo ku-takri-falidda, khabiiro badan oo cusub ayay ku adag tahay inay fahmaan erey-bixinta, haddaba aynu sharaxno dhowr fikradood oo aasaasi ah:

  • Hypervisor - software gaar ah oo kuu ogolaanaya inaad abuurto oo aad maamusho mashiinnada farsamada;
  • Mashiinka Virtual (Hadda ka dib loogu yeero VM) waa nidaam adeege macquul ah oo ku jira mid jireed oo leh astaamo u gaar ah, wadista iyo nidaamka hawlgalka;
  • Martigeliyaha Farsamaynta - server-ka jirka ah oo uu ku socdo hypervisor.

Si uu server-ku ugu shaqeeyo sidii martigaliye toos ah oo dhamaystiran, processor-kiisu waa inuu taageeraa mid ka mid ah labada tignoolajiyada - midkood Intel® VT ama AMD-V™. Labada teknoolajiyada waxay qabtaan hawsha ugu muhiimsan ee bixinta agabka qalabka server-ka ee mashiinnada farsamada.

Muuqaalka ugu muhiimsan waa in ficil kasta oo mashiinnada farsamada ah si toos ah loogu sameeyo heerka qalabka. Isla mar ahaantaana, way ka go'doonsan yihiin midba midka kale, taas oo ka dhigaysa mid aad u fudud in si gaar ah loo xakameeyo. Kormeeraha laftiisa ayaa ka ciyaara doorka maamulka kormeerka, qaybinta agabka, doorarka iyo mudnaanta dhexdooda. Hypervisor-ku waxa kale oo uu ku daydaa qayb ka mid ah qalabka lagama maarmaanka u ah hawlgalka saxda ah ee nidaamka qalliinka.

Soo bandhigida wax-ku-oolka ah waxay suurtogal ka dhigaysaa in la haysto dhowr koobi oo socda oo hal server ah. Guuldarrooyinka muhiimka ah ama khaladka inta lagu jiro habka isbeddelka nuqulka noocan oo kale ah sinaba uma saameyn doono hawlgalka adeegga ama codsiga hadda. Tani waxay sidoo kale meesha ka saaraysaa laba dhibaato oo waaweyn - miisaanka iyo awoodda lagu hayo " zoo" ee hababka qalliinka kala duwan ee qalab isku mid ah. Tani waa fursad ku habboon in la isku daro adeegyo kala duwan iyada oo aan loo baahnayn in la iibsado qalab gaar ah mid kasta oo iyaga ka mid ah.

Virtualization waxay wanaajisaa dulqaadka khaladka ah ee adeegyada iyo codsiyada la diro. Xitaa haddii server-ka jireed uu ku guuldareysto oo uu u baahan yahay in lagu beddelo mid kale, dhammaan kaabayaasha farsamada ayaa ahaan doona mid si buuxda u shaqeynaya, waase haddii warbaahinta disk-gu ay tahay mid sugan. Xaaladdan oo kale, server-ka jireed ayaa laga yaabaa inuu ka yimid soo saaraha gebi ahaanba ka duwan. Tani waxay si gaar ah run ugu tahay shirkadaha adeegsada server-yada la joojiyay oo u baahan doona inay u haajiraan noocyo kale.

Hadda waxaan taxnay hypervisors-ka ugu caansan ee maanta jira:

  • VMware ESXi
  • Microsoft Hyper-V
  • Isbahaysiga Virtualization Open KVM
  • Oracle VM VirtualBox

Dhammaantood waa kuwo caalami ah, si kastaba ha ahaatee, mid kasta oo iyaga ka mid ah wuxuu leeyahay sifooyin gaar ah oo ay tahay in mar walba lagu xisaabtamo marxaladda xulashada: kharashka hawlgelinta / dayactirka iyo sifooyinka farsamada. Qiimaha shatiga ganacsiga ee VMware iyo Hyper-V waa mid aad u sarreeya, haddii ay dhacdo guuldarrooyin, aad bay u adag tahay in lagu xalliyo dhibaatada nidaamyadan adiga keligaa.

KVM, dhanka kale, gabi ahaanba waa bilaash oo waa sahlan tahay in la isticmaalo, gaar ahaan qayb ka mid ah xalka Debian Linux-ku-saleysan ee diyaarsan ee loo yaqaan Proxmox Virtual Environment. Waxaan kugula talin karnaa nidaamkan si aad u barato bilowga hore ee adduunka kaabayaasha farsamada.

Sida ugu dhaqsaha badan loo geeyo Proxmox VE hypervisor

Rakibaadda inta badan ma keento wax su'aalo ah. Soo deji nooca hadda ee sawirka laga bilaabo goobta rasmiga ah una qor warbaahin kasta oo dibadda ah adoo isticmaalaya utility Win32DiskImager (Linux dhexdiisa amarka dd ayaa la isticmaalaa), ka dib markaa waxaan si toos ah uga bilownay server-ka warbaahintan. Macaamiishayada naga kiraysta server-yada gaarka ah waxay ka faa'iideysan karaan laba siyaabood oo ka fudud - si fudud iyaga oo si toos ah uga soo dhejinaya sawirka la rabo ee KVM, ama isticmaalaya server-kayaga PXE.

Rakibahu waxa uu leeyahay is dhexgal garaaf ah oo waxa uu kaliya ku weydiin doonaa dhawr su'aalood.

  1. Dooro diskka kaas oo rakibidda lagu sameyn doono. In cutubka Options Waxa kale oo aad cayimi kartaa xulashooyinka calaamadaynta dheeraadka ah.

    Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE

  2. Sheeg goobaha gobolka

    Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE

  3. Sheeg erayga sirta ah ee loo isticmaali doono in lagu oggolaado xididka superuser-ka iyo cinwaanka iimaylka maamulaha

    Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE

  4. Sheeg goobaha shabakada FQDN waxay u taagan tahay magac domain oo dhamaystiran, tusaale; node01.company.com.

    Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE

  5. Ka dib markii rakibidda la dhammeeyo, server-ka ayaa dib loo bilaabi karaa iyadoo la adeegsanayo badhanka Dib-u-boot.

    Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE

    Interface-ka maamulka shabakada waxa laga heli karaa

    https://IP_адрес_сервера:8006

Maxaa la sameeyaa ka dib rakibidda

Waxaa jira dhowr waxyaalood oo muhiim ah oo ay tahay inaad sameyso ka dib rakibidda Proxmox. Aynu si faahfaahsan uga hadalno mid kasta oo iyaga ka mid ah.

Ku cusboonaysii nidaamka nooca ugu dambeeyay

Si tan loo sameeyo, aan aado console-ka server-kayaga oo aan joojino kaydka lacagta lagu kaydiyo (waxaa heli kara oo keliya kuwa iibsaday taageerada lacagta). Haddii aadan tan samayn, apt waxay soo sheegi doontaa khalad markaad cusboonaysiinayso ilaha xirmada.

  1. Fur console-ka oo wax ka beddel faylka qaabeynta habboon: 
    nano /etc/apt/sources.list.d/pve-enterprise.list
  2. Waxa jiri doona hal xariiq oo keliya faylkan Waxaan hor dhignay calaamad #si aad u joojiso ka helida wararka kaydka lacagta ah: 
    #deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
  3. Gaaban kiiboodhka Ctrl + X ka bax tafatiraha adigoo ku jawaabaya Y marka la weydiiyo nidaamka ku saabsan badbaadinta faylka.
  4. Waxaan maamulnaa amarka si aan u cusboonaysiino ilaha xirmada oo aan u cusboonaysiino nidaamka: 
    apt update && apt -y upgrade

Iska ilaali badbaadada

Waxaan kugula talin karnaa rakibida tamarta ugu caansan Fail2Ban, kaas oo ka ilaalinaya weerarrada sirta ah (xoog qallafsan). Mabda'a hawsheeda ayaa ah in haddii weeraryahanku ka bato tiro go'an oo isku day ah oo gelitaan ah wakhti go'an gudaheed oo wata gal-gal/password khaldan, markaas ciwaanka IP-ga waa la xannibi doonaa. Xilliga xannibaadda iyo tirada isku dayga ayaa lagu qeexi karaa faylka qaabeynta.

Iyada oo ku saleysan waayo-aragnimada wax ku oolka ah, intii lagu jiray toddobaadka oo lagu shaqeynayey server leh dekedda ssh furan 22 iyo ciwaanka IPv4 ee dibadda ah, waxaa jiray in ka badan 5000 oo isku day ah oo lagu qiyaaso erayga sirta ah. Adeegga ayaa si guul leh u xannibay ilaa 1500 ciwaan.

Si loo dhamaystiro rakibaadda, halkan waxaa ah tilmaamo qaar:

  1. Ku fur console-ka server-ka dhex-galka shabakadda ama SSH.
  2. Cusbooneysii ilaha xirmada: 
    apt update
  3. Ku rakib Fail2Ban: 
    apt install fail2ban
  4. Fur qaabaynta utility si aad u saxdo: 
    nano /etc/fail2ban/jail.conf
  5. Beddelka doorsoomayaasha bantime (tirada ilbiriqsi ee la xannibi doono weerarka) iyo maxretry (lambarka gelitaanka/isku dayga sirta ah) ee adeeg kasta oo gaar ah.
  6. Gaaban kiiboodhka Ctrl + X ka bax tafatiraha adigoo ku jawaabaya Y marka la weydiiyo nidaamka ku saabsan badbaadinta faylka.
  7. Dib u bilow adeega: 
    systemctl restart fail2ban

Waxaad hubin kartaa heerka utility, tusaale ahaan, ka saar tirooyinka xannibaadda ee ciwaannada IP-ga ee la xannibay kuwaas oo ay jireen isku dayo lagu doonayay in lagu qasbo furaha SSH, oo leh hal amar oo fudud:

fail2ban-client -v status sshd

Jawaabta utility waxay u eegi doontaa sidatan:

root@hypervisor:~# fail2ban-client -v status sshd
INFO   Loading configs for fail2ban under /etc/fail2ban
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
Status for the jail: sshd
|- Filter
|  |- Currently failed: 3
|  |- Total failed:     4249
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     410
   `- Banned IP list:

Si la mid ah, waxaad ka ilaalin kartaa is-dhexgalka Shabakadda weerarradan oo kale adigoo abuuraya xeer ku habboon. Tusaalaha qaanuunkan oo kale ee Fail2Ban ayaa laga heli karaa buug-gacmeedka rasmiga ah.

Bilaabidda

Waxaan jeclaan lahaa inaan ku soo jiito dareenkaaga xaqiiqda ah in Proxmox uu diyaar u yahay inuu abuuro mashiinno cusub isla markiiba ka dib marka la rakibo. Si kastaba ha ahaatee, waxaan kugula talineynaa inaad buuxiso goobaha hordhaca ah si nidaamka si sahlan loo maareeyo mustaqbalka. Tababarku wuxuu muujinayaa in hypervisor-ka iyo mashiinnada farsamada gacanta lagu qaybiyo warbaahinta jireed ee kala duwan. Sida tan loo sameeyo ayaa hoos looga hadli doonaa.

Habee darawallada diskooga

Talaabada xigta waa in la habeeyo kaydinta loo isticmaali karo in lagu kaydiyo xogta mashiinka farsamada iyo kaydinta.

FIIRO GAAR AH! Tusaalaha qaabaynta diskka hoose waxa loo isticmaali karaa ujeedooyin tijaabo oo keliya. Isticmaalka adduunka dhabta ah, waxaan si adag ugu talinaynaa isticmaalka software ama hardware RAID array si looga hortago luminta xogta marka darawaladu fashilmaan. Waxaan kuu sheegi doonaa sida saxda ah ee loo diyaariyo array disk si loo shaqeeyo iyo waxa la sameeyo haddii ay dhacdo xaalad degdeg ah mid ka mid ah maqaallada soo socda.

Aynu ka soo qaadno in server-ku uu leeyahay laba saxan - / dev / sda, kaas oo lagu rakibay hypervisor iyo saxan madhan / dev / sdb, kaas oo la qorsheeyay in loo isticmaalo in lagu kaydiyo xogta mashiinka farsamada. Si nidaamku u arko kaydinta cusub, waxaad isticmaali kartaa habka ugu fudud uguna waxtarka badan - ku xidh sida hagaha caadiga ah. Laakiin intaa ka hor, waxaad u baahan tahay inaad sameyso talaabooyin diyaarin ah. Tusaale ahaan, aan aragno sida loo xiro darawal cusub / dev / sdb, cabbir kasta, u qaabaynta habka faylka ext4.

  1. Waxaan u kala qaybinnaa saxanka, anagoo abuurayna qayb cusub: 
    fdisk /dev/sdb
  2. Riix furaha o ama g (kala qaybi saxanka MBR ama GPT).
  3. Marka xigta, taabo furaha n (abuur qayb cusub).
  4. Iyo ugu dambeyntii w (si loo badbaadiyo isbedelada).
  5. Samee nidaamka faylka ext4: 
    mkfs.ext4 /dev/sdb1
  6. Samee hage aan ku dhejin doono qaybta: 
    mkdir /mnt/storage
  7. Fur faylka qaabeynta si aad u saxdo: 
    nano /etc/fstab
  8. Halkaa ku dar khad cusub: 
    /dev/sdb1	/mnt/storage	ext4	defaults	0	0
  9. Ka dib markaad isbedel sameyso, ku badbaadi kiiboodhka gaaban Ctrl + X, ku jawaabay Y su'aasha tifaftiraha.
  10. Si loo hubiyo in wax walba ay shaqeynayaan, waxaan u dirnaa server-ka si uu dib u bilaabo: 
    shutdown -r now
  11. Ka dib dib-u-bilawga, hubi qaybaha rakiban: 
    df -H

Wax soo saarka amarku waa inuu muujiyaa taas / dev / sdb1 ku rakiban hagaha /mnt/kaydinta. Tani waxay ka dhigan tahay in darawalkayagu diyaar u yahay isticmaalka.

Kudar kayd cusub Proxmox

Gal guddiga kantaroolka oo tag qaybaha Xarunta xogtabakhaarAddHagaha.

Daaqada furmo, ku buuxi meelaha soo socda:

  • ID - magaca goobta kaydinta mustaqbalka;
  • Hagaha - /mnt/kaydinta;
  • Nuxurka - dooro dhammaan xulashooyinka (guji ikhtiyaar kasta markeeda).

    Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE

Taas ka dib, taabo badhanka Add. Tani waxay dhamaystiraysaa habaynta

Samee mashiinka farsamada

Si aad u abuurto mashiinka farsamada gacanta, samee tallaabooyinkan taxanaha ah:

  1. Waxaan go'aansanay nooca nidaamka qalliinka.
  2. Horay u soo deji sawirka ISO
  3. Ka dooro liiska bakhaar kaydka cusub ee la sameeyay.
  4. Riix NuxurkaDownload.
  5. Ka dooro sawirka ISO liiska oo xaqiiji xulashada adiga oo riixaya badhanka Download.

Ka dib marka la dhammeeyo hawlgalka, sawirka ayaa lagu soo bandhigi doonaa liiska kuwa la heli karo.

Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE
Aynu abuurno mishiinkeena ugu horreeya:

  1. Riix Abuur VM.
  2. Mid mid u buuxi halbeegyada: magacaISO-SawirkaCabbirka darawalka adag iyo noocaTirada processor-yaashacabbirka RAMAdabtarada shabakada.
  3. Markaad dooratay dhammaan xuduudaha la rabo, guji Si loo dhamaystiro. Mashiinka la abuuray waxaa lagu soo bandhigi doonaa liiska guddiga xakamaynta.
  4. Dooro oo guji Buuxi.
  5. U gudub barta Konsole oo ku rakib nidaamka qalliinka si la mid ah sida server-ka caadiga ah.

Haddii aad u baahan tahay inaad abuurto mashiin kale, ku celi hawlgallada kore. Marka ay dhamaantood diyaar yihiin, waxaad isku mar la shaqayn kartaa iyaga adigoo furaya dhowr daaqadood oo console ah.

Deji autorun

Sida caadiga ah, Proxmox si toos ah uma bilaabo mishiinada, laakiin tan si fudud ayaa loo xalliyaa laba gujis oo keliya:

  1. Guji magaca mashiinka la rabo.
  2. Dooro tab FursadahaKu bilow boot.
  3. Waxa aanu dhignay calaamadda isla magaca.

Hadda, haddii server-ka jireed dib loo bilaabo, VM-gu si toos ah ayuu u bilaaban doonaa.

Sixir-bararka ka-hortagga: koorsada hordhaca ah ee Proxmox VE
Maamulayaasha horumarsan, waxa kale oo jirta fursad lagu qeexo cabbiraadyo dheeri ah oo lagu soo bandhigay qaybta Dalabka bilow/dami. Waxaad si cad u qeexi kartaa habka ay tahay in mishiinada loo bilaabo. Waxa kale oo aad cayimi kartaa wakhtiga ay tahay in ay dhaafto ka hor inta uusan bilaaban VM soo socda iyo wakhtiga daahitaanka (haddii nidaamka qalliinka aanu haysan wakhti uu ku xidho, hypervisor-ku wuxuu ku qasbi doonaa inuu xiro ka dib tiro cayiman oo ilbiriqsi ah).

gunaanad

Maqaalkani wuxuu qeexay aasaaska sida loo bilaabo Proxmox VE waxaanan rajeyneynaa inay ka caawin doonto kuwa cusub inay qaataan tallaabada ugu horreysa oo ay isku dayaan in ay ficil ahaan sameeyaan.

Proxmox VE runtii waa qalab aad u awood badan oo ku habboon maamule kasta; Waxa ugu muhiimsan waa inaadan ka baqin inaad tijaabiso oo aad fahamto sida ay dhab ahaantii u shaqeyso.

Haddii aad wax su'aalo ah qabtid, ku soo dhawoow faallooyinka

Source: www.habr.com

Add a comment