Si ay u sahlanaato, waxaanu ku rakibi doonaa baakado dheeraad ah:
$ sudo yum install bash-completion vim
Si aad awood ugu yeelato dhamaystirka amarka, dhamaystirka bash-ku wuxuu u baahan yahay u beddelashada bash.
Ku darida magacyo DNS oo dheeri ah
Tani waxa loo baahan doonaa marka aad u baahan tahay in aad ku xidhid maamulaha addoo isticmaalaya magac kale (CNAME, alias, ama kaliya magac gaaban oo aan lahayn suffix domain). Sababo ammaan dartood, maareeyuhu wuxuu ogol yahay isku xirka isagoo isticmaalaya liiska magacyada ee la ogol yahay oo keliya.
Samee faylka qaabeynta:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf
Tusaale u ah shaqada sayidkiisa
$ sudo ovirt-engine-extension-aaa-ldap-setup
Hirgelinta LDAP ee la heli karo:
...
3 - Hagaha firfircoon
...
Fadlan dooro: 3
Fadlan geli magaca Kaymaha Hagaha Active: example.com
Fadlan dooro borotokoolka aad isticmaalayso (startTLS, ldaps, plain) [startTLS]:
Fadlan door habka aad ku heli lahayd shahaadadda CA ee PEM-ku-qoraneed (Fayl, URL, Khadka, Nidaamka, Aamminsan): URL
URL: wwwca.example.com/myRootCA.pem
Geli isticmaalaha raadinta DN (tusaale uid=username,dc=example,dc=com ama ka tag maran si qarsoodi ah): CN=oVirt-Engine,CN= Isticmaalayaasha,DC=tusaale,DC=com
Geli erayga sirta ah ee isticmaalaha: *password*
[INFO] Isku day inaad ku xidho adigoo isticmaalaya 'CN=oVirt-Engine,CN=Users,DC=example,DC=com'
Ma waxaad u isticmaashey hal calaamad oo kali ah oo loogu talagalay mishiinada Virtual (Haa, Maya) [Haa]:
Fadlan sheeg magaca astaanta guud ee u muuqan doona isticmaalayaasha [tusaale.com]:
Fadlan bixi shahaadooyin si aad u tijaabiso socodka gelitaanka:
Geli magaca isticmaalaha: Isticmaale kasta
Geli erayga sirta ah ee isticmaalaha:
...
[INFO] Taxanaha soo galitaanka si guul leh ayaa loo fuliyay
...
Dooro taxanaha tijaabada si aad ufuliso [La sameeyay]:
[INFO] Marxaladda: Habaynta wax kala iibsiga
...
KOOXDA QAABKA
...
Isticmaalka saaxirku waxay ku habboon tahay kiisaska intooda badan. Habaynta adag, dejimaha waxaa lagu sameeyaa gacanta. Faahfaahin dheeraad ah oo ku jirta dukumentiyada oVirt, Isticmaalayaasha iyo Doorarka. Kadib marka si guul leh loogu xidho mishiinka AD, profile dheeraad ah ayaa ka muuqan doona daaqada xidhiidhka, iyo tabka Ogolaanshaha Walxaha nidaamku waxay awood u leeyihiin inay oggolaadaan isticmaalayaasha AD iyo kooxaha. Waa in la ogaadaa in tusaha dibadda ee isticmaalayaasha iyo kooxaha aysan noqon karin AD oo keliya, laakiin sidoo kale IPA, eDirectory, iwm.
Isku dhufasho
Deegaanka wax soo saarka, nidaamka kaydinta waa in lagu xidhaa martigeliyaha iyada oo loo marayo madax-bannaan badan, wadooyin badan oo I/O ah. Sida caadiga ah, gudaha CentOS (iyo sidaas darteed oVirt) ma jiraan wax dhibaato ah oo ku saabsan isu-ururinta wadooyin badan oo qalab ah (hel_multipaths haa). Dejinta dheeraadka ah ee FCoE ayaa lagu qoray Qaybta 2aad. Waxaa habboon in fiiro gaar ah loo yeesho talada soo saaraha nidaamka kaydinta - qaar badan ayaa kugula taliya in la isticmaalo siyaasadda wareega wareega, laakiin marka la eego Enterprise Linux 7-waqtiga adeegga ayaa la isticmaalaa.
Ka dib markaa amarka dib u bilaabista ayaa la bixiyaa:
systemctl restart multipathd
Bariis 1 waa siyaasadda I/O ee badan.
Bariis 2- siyaasada I/O badan ka dib marka la dabaqo
Dejinta maamulka awooda
Kuu ogolaanayaa inaad samayso, tusaale ahaan, qalab dib u dajin ee mishiinka haddi matoorku aanu jawaab ka heli karin martida loo yahay wakhti dheer. Waxaa lagu fuliyay Wakiilka Xayndaabka.
Xisaabi -> Martigeliyayaasha -> HOST - Tafatir -> Maareynta Korontada, ka dib awood "Enable Management Power" oo ku dar wakiil - "Ku dar Wakiilka Xayndaabka" -> +.
Waxaanu tilmaamaynaa nooca (tusaale ahaan, iLO5 waxaad u baahan tahay inaad sheegto ilo4), magaca / ciwaanka ipmi interface, iyo sidoo kale magaca isticmaalaha / erayga sirta ah. Waxaa lagula talinayaa in la abuuro isticmaale gooni ah (tusaale, oVirt-PM) iyo, marka laga hadlayo iLO, sii mudnaan gaar ah:
login
Console fog
Awood Virtual iyo Dib u dejin
Media Virtual
Habee ILO Settings
Maamul Xisaabaadka Isticmaalaha
Ha weydiin sababta tani ay sidaas tahay, waxaa loo doortay si macquul ah. Wakiilka xayndaabka console wuxuu u baahan yahay xuquuqo yar.
Markaad dejinayso liisaska xakamaynta gelitaanka, waa inaad maskaxda ku haysaa in wakiilku aanu ku socon mishiinka, laakiin uu ku socdo martigeliyaha "dariska" (waxa loogu yeero Proxy Management Power), ie, haddii uu jiro hal nood oo keliya ee kutlada, maamulka korontada ayaa shaqayn doona ma doono.
Shahaadadu waxay noqon kartaa mid ka timid CA-shirkadeed ama mid ka timid hay'ad shahaado ganacsi oo dibadda ah.
Xusuusin muhiim ah: Shahaadada waxaa loogu talagalay in lagu xiro maareeyaha mana saameyn doonto xiriirka u dhexeeya Matoorka iyo noodhka - waxay isticmaali doonaan shahaadooyin iskiis u saxeexay oo uu bixiyay Matoorka.
Shuruudaha:
shahaadada soo saarista CA ee qaabka PEM, oo leh silsiladda oo dhan ilaa xididka CA (laga bilaabo soo-saarka hoose ee CA bilowga ilaa xididka dhamaadka);
shahaadada Apache oo ay bixisay CA soo saartay (sidoo kale waxaa lagu kabay dhammaan silsiladda shahaadooyinka CA);
furaha gaarka ah ee Apache, bilaa sir ah.
Aan ka soo qaadno in soo saaraheena CA uu wado CentOS, oo loo yaqaan subca.example.com, iyo codsiyada, furayaasha, iyo shahaadooyinka waxay ku yaalaan /etc/pki/tls/ directory.
Waxaanu samaynaa kayd-celin waxaanu abuurnaa hage ku meel gaadh ah:
Hadda waxaad ku xidhi kartaa martigeliyaha: https://[Host IP or FQDN]:9090
VLANs
Waa inaad wax badan ka akhrido shabakadaha gudaha dukumentiyo. Waxaa jira fursado badan, halkan waxaan ku tilmaami doonaa isku xirka shabakadaha farsamada.
Si loo xidho subnets kale, marka hore waa in lagu qeexaa qaabeynta: Network -> Networks -> Cusub, halkan magaca kaliya ayaa loo baahan yahay; Sanduuqa hubinta ee Shabakadda VM, kaas oo u oggolaanaya mishiinada inay adeegsadaan shabakaddan, waa la dajiyay, laakiin in la isku xidho summada waa in la dhaqaajiyaa. Daar sumadaynta VLAN, geli lambarka VLAN oo guji OK.
Hadda waxaad u baahan tahay inaad aado xisaabiyeyaasha -> Hosts -> kvmNN -> Interfaces Network -> Dejinta Shabakadaha Martigelinta. U jiid shabkada lagu daray dhinaca midig ee Shabakadaha macquulka ah ee Aan La-u-degin dhanka bidix una geli Shabakadaha macquulka ah ee loo qoondeeyay:
Bariis 4 - ka hor intaadan ku darin shabakad.
Bariis 5 - ka dib marka lagu daro shabakad.
Si loogu xidho shabakado badan martigeliyaha guud ahaan, way ku habboon tahay in lagu meeleeyo calaamad(-yaal) iyaga marka la abuurayo shabkado, oo lagu daro shabakadaha calaamado.
Ka dib markii shabakada la abuuro, martigaliyayaasha waxay geli doonaan gobolka aan shaqayn ilaa shabakada lagu daro dhammaan qanjidhada kutlada. Dabeecaddan waxaa sababa Baahida All Calan ee ku yaal tabka Kooxda marka la abuurayo shabakad cusub. Xaaladda marka shabakadda aan looga baahnayn dhammaan qanjidhada kooxda, calankani waa la joojin karaa, ka dib marka shabakadda lagu daro martigeliyaha, waxay ku jiri doontaa midigta qaybta aan loo baahnayn oo waxaad dooran kartaa inaad ku xidho. waxay u tahay martigelin gaar ah.
Bariis 6-dooro shuruuda shabakada sifada.
HPE gaar ah
Ku dhawaad dhammaan wax-soo-saarayaashu waxay leeyihiin qalab hagaajinaya isticmaalka alaabtooda. Isticmaalka HPE tusaale ahaan, AMS (Adeegga Maareynta Agentless, amsd for iLO5, hp-ams for iLO4) iyo SSA (Maamulaha Kaydinta Smart, oo la shaqeeya kontaroolaha saxanka), iwm.