Akhristayaasheena waxaa lagu martiqaadayaa in ay bartaan mabaadi'da dhismaha kaabayaasha u dulqaadan kara cilladaha ganacsiga yaryar ee hal xarun xogeed, taas oo si faahfaahsan looga doodi doono maqaallo gaaban oo gaaban.
Hordhac
Under Xarunta xogta (Xarunta Habaynta Xogta) waxa loo fahmi karaa sidan:
- qolkaaga server-ka ah ee ku yaal dhismahaaga ganacsiga, kaas oo buuxinaya shuruudaha ugu yar ee bixinta tamarta iyo qaboojinta qalabka, iyo sidoo kale helitaanka internetka iyada oo loo marayo laba bixiyeyaal madaxbannaan;
- kiro kiro ah oo leh qalab u gaar ah, oo ku yaala xarun xog dhab ah - waxa loogu yeero. ururinta, taas oo u hoggaansamaya heerka Tier III ama IV, oo dammaanad qaadaysa koronto la isku halayn karo, qaboojin iyo marin-u-helid cillad-Internet ah;
- Qalab si buuxda u kiraystay oo ku jira xarunta xogta Tier III ama IV.
Xulashada hoyga ee la dooranayo waa shaqsi xaalad kasta, waxayna badanaa ku xiran tahay dhowr arrimood oo waaweyn:
- Muxuu ganacsigu ugu baahan yahay kaabayaal IT u gaar ah?
- waxa dhabta ah ee shirkadu ka rabto kaabayaasha IT-ga (isku-kalsoonaanta, scalability, maamulka, iwm.);
- mugga maalgelinta bilowga ah ee kaabayaasha IT-ga, iyo sidoo kale nooca kharashka - raasumaalka (taas oo macnaheedu yahay inaad iibsato qalabkaaga), ama hawlgalka (qalabka inta badan waa la kireeyaa);
- qorshaynta horyalka ganacsiga laftiisa.
Wax badan ayaa laga qori karaa arrimaha saamaynta ku leh go'aanka ganacsi ee abuurista iyo adeegsiga kaabayaasha IT-ga, laakiin hadafkayagu waa inaan si dhab ah u muujino sida loo abuuro kaabayaashan si ay u noqoto mid u dulqaadanaysa khaladka iyo sidoo kale lacag badbaadin kara. kharashka iibsashada software-ka ganacsiga, ama ka fogow gebi ahaanba.
Sida dhaqanka muddada-dheer muujinaysaa, ma u qalantaa in lagu badbaadiyo on hardware, tan iyo bakhaliyuhu laba jeer bixiyo, iyo xataa wax ka badan. Laakiin mar labaad, qalabka wanaagsani waa talobixin, iyo dhamaadka waxa dhabta ah ee la iibsanayo iyo inta ay ku xiran tahay awoodda ganacsiga iyo "damac" maamulkeeda. Waxaa intaa dheer, ereyga "damac" waa in la fahmo macnaha wanaagsan ee ereyga, maadaama ay ka fiican tahay in la maalgeliyo qalabka marxaladda hore, si aan loo helin dhibaatooyin halis ah oo taageero iyo miisaan dheeraad ah, tan iyo markii hore qorshaynta khaldan iyo kaydinta xad-dhaafka ah waxay keeni kartaa kharashyo badan marka loo eego marka la bilaabayo mashruuca.
Haddaba, xogta bilowga ah ee mashruuca:
- waxaa jira shirkad go'aansatay in ay samaysato shabakad shabakadeed oo u gaar ah oo ay hawlaheeda u keento internetka;
- shirkaddu waxay go'aansatay inay kireysato raakidh si ay qalabkeeda u dhigto xarun xogeed wanaagsan oo shahaado ah si waafaqsan heerka Tier III;
- shirkadu waxay go'aansatay in aysan wax badan ku badbaadin qalabka, sidaas darteed waxay soo iibsatay qalabkan soo socda oo leh dammaanad dheer iyo taageero:
Liiska qalabka
- laba nooc oo ah Dell PowerEdge R640 server sida soo socota:
- laba Intel Xeon Gold 5120 Processor
- 512GB RAM
- laba saxan oo SAS ah oo ku jira RAID1, oo loogu talagalay rakibidda OS
- ku dhex dhisan 4-deked 1G network card
- laba 2-dekedda 10G network kaararka
- hal 2-deked FC HBA 16G.
- Nidaamka kaydinta 2-controller Dell MD3820f, oo ku xiran FC 16G si toos ah Dell martigeliyaha;
- laba daaran oo heerka labaad ah - Cisco WS-C2960RX-48FPS-L is dulsaaran;
- laba daaran oo heerka saddexaad - Cisco WS-C3850-24T-E, is dulfuulan;
- Rack, UPS, PDU, Console servers waxaa bixiya xarunta xogta.
Sida aan aragno, qalabka hadda jira wuxuu leeyahay rajooyin wanaagsan oo loogu talagalay miisaan toosan iyo toosan, haddii shirkaddu ay awood u leedahay inay la tartanto shirkadaha kale ee la midka ah ee internetka, oo ay bilaabaan inay helaan faa'iido, taas oo lagu maalgalin karo balaadhinta khayraadka si loo sii wado tartan. iyo kobaca faa'iidada.
Qalabkee ayaan ku dari karnaa haddii shirkadu ay go'aansato inay kordhiso waxqabadka kooxdayada xisaabinta:
- waxaan haysanaa kayd weyn oo ah tirada dekedaha ee 2960X, taas oo macnaheedu yahay inaan ku dari karno qalab badan oo qalab ah;
- soo iibso laba shido oo dheeri ah oo FC ah si aad ugu xidho nidaamyada kaydinta iyo adeegayaasha dheeraadka ah iyaga;
- server-yada hadda jira waa la cusboonaysiin karaa - ku dar xusuusta, ku beddel processor-yaasha kuwa ka awood badan, ku xidh shabakad 10G ah iyada oo la adeegsanayo adapters network hadda jira;
- Waxaad ku dari kartaa khaanadaha diskka dheeraadka ah ee nidaamka kaydinta leh nooca loo baahan yahay ee diskka - SAS, SATA ama SSD, iyadoo ku xiran culeyska la qorsheeyay;
- Ka dib markaad ku darto furayaasha FC, waxaad iibsan kartaa nidaam kale oo kaydin ah si aad ugu darto xitaa awood dheeri ah, iyo haddii aad iibsato ikhtiyaarka Remote Replication ee gaarka ah, waxaad dejin kartaa nuqul ka mid ah xogta inta u dhaxaysa hababka kaydinta labadaba gudaha isla xarunta xogta iyo inta u dhaxaysa xarumaha xogta ( laakiin tani mar horeba way ka baxsan tahay xadka maqaalka);
- Waxa kale oo jira dareemayaal heer saddexaad ah - Cisco 3850, kaas oo loo isticmaali karo xudunta udub dhexaadka u ah shabakadaha cilada leh ee isku xidhka xawaaraha sare ee shabakadaha gudaha. Tani waxay noqon doontaa mid waxtar leh mustaqbalka marka kaabayaasha gudaha koraan. 3850 waxa kale oo uu leeyahay 10G ports, kuwaas oo la isticmaali karo hadhow marka la cusboonaysiiyo qalabka shabakadaada xawaarahooda 10G.
Maaddaama hadda aysan jirin meel aan lahayn xirfad-yaqaannimo, waxaan dabcan ku jiri doonnaa isbeddelka, gaar ahaan maadaama tani ay tahay hab aad u wanaagsan oo lagu dhimo qiimaha iibsashada adeegayaasha qaaliga ah ee walxaha kaabayaasha shakhsi ahaaneed (server web, databases, iwm.), kuwaas oo aan had iyo jeer ahayn. ugu wanagsan ayaa loo istcimaalay hadii ay dhacdo in culaysku hooseeyo, tanina waa sida saxda ah waxa dhici doona bilowga mashruuca.
Intaa waxaa dheer, virtualization waxay leedahay faa'iidooyin kale oo badan oo faa'iido badan noogu yeelan kara: dulqaadka cilladda VM ee ka dhanka ah cilladaha server-ka, guuritaanka tooska ah ee u dhexeeya qanjidhada qalabka hardware si ay u dayactiraan, qaybinta culeyska gacanta ama otomatiga ah ee u dhexeeya qanjidhada cluster, iwm.
Qalabka ay shirkaddu soo iibsatay, geynta koox VMware vSphere ah oo aad loo heli karo ayaa lafteeda soo jeedinaysa, laakiin maadaama software kasta oo ka socda VMware lagu yaqaan calaamadihiisa qiimaha "faras", waxaan u isticmaali doonaa software bilaash ah oo lagu maareeyo qaab-dhismeedka - , iyada oo ku saleysan taas oo la abuuray badeecad caan ah laakiin horeba ganacsi .
Software orso lagama maarmaanka u ah in la isku daro dhammaan walxaha kaabayaasha hal dhan si ay u awoodaan in ay si ku habboon ugu shaqeeyaan mashiinnada farsamada ee aadka loo heli karo - kuwani waa database-yada, codsiyada webka, server-yada wakiillada, xisaabiyeyaasha, server-yada ururinta diiwaannada iyo falanqaynta, iwm, taas oo ah, waa maxay portal web ee ganacsigeena wuxuu ka kooban yahay.
Si aan u soo koobno hordhaca, waxaan sugi karnaa maqaallada soo socda, kuwaas oo si dhab ah u muujin doona sida saxda ah ee loo geeyo dhammaan qalabka iyo kaabayaasha software ee shirkad:
Liiska maqaallada
- Qeybta 1. Isu diyaarinta in la geeyo kooxda oVirt 4.3
- Qeybta 2. Ku rakibida iyo habaynta oVirt 4.3 cluster.
- Qeybta 3. Dejinta koox VyOS ah, habaynta khaladka-dulqaadka dariiqa dibadda.
- Qeybta 4. Dejinta xidhmooyin Cisco 3850 ah, abaabulida marinka intranetka.
Qaybta 1. Isu diyaarinta in la geeyo kooxda oVirt 4.3
Habaynta martida aasaasiga ah
Ku rakibida iyo habaynta OS waa talaabada ugu fudud. Waxaa jira maqaallo badan oo badan oo ku saabsan sida saxda ah ee loo rakibo loona habeeyo OS, markaa ma jirto wax macno ah oo la isku dayo in la bixiyo wax gaar ah oo arrintan ku saabsan.
Markaa, waxaan haynaa laba Dell PowerEdge R640 martigaliyayaasha kuwaas oo aan u baahanahay inaan ku rakibno OS-ka oo aan sameyno dejin horudhac ah si aan ugu isticmaalno kuwa kor u kaca ee ku shaqeeya mashiinnada farsamada ee kooxda oVirt 4.3.
Maadaama aan qorsheynay inaan isticmaalno software-ka oVirt ee aan ganacsiga ahayn ee bilaashka ah, OS waxaa loo doortay in la geeyo martigeliyayaasha CentOS 7.7, inkastoo OS-yada kale lagu rakibi karo martigeliyaha oVirt:
- dhismo gaar ah oo ku salaysan RHEL, waxa loogu yeero. ;
- OS Oracle Linux, xagaaga 2019 ku saabsan taageeridda shaqada oVirt.
Kahor intaadan rakibin OS-ka waxaa lagula talinayaa:
- u habeeyaan isku xirka shabakada iDRAC ee labada martigeliyaha;
- u cusboonaysii BIOS iyo iDRAC firmware noocyadii ugu dambeeyay;
- habeeyo xogta nidaamka serverka, gaar ahaan qaabka wax qabad;
- ka habee RAID saxannada maxalliga ah (RAID1 ayaa lagula talinayaa) si loogu rakibo OS-ka server-ka.
Kadibna waxaan ku rakibnaa OS-ka diskka hore loo abuuray iyada oo loo marayo iDRAC - habka rakibidda waa caadi, ma jiraan daqiiqado gaar ah. Helitaanka console-ka server-ka si loo bilaabo rakibaadda OS sidoo kale waxaa laga heli karaa iDRAC, in kasta oo aysan jirin wax kaa diidaya inaad si toos ah ugu xidhidhiyaha, kiiboodhka iyo jiirka server-ka oo aad OS ka rakibto flash drive.
Ka dib marka la rakibo OS-ka, waxaan sameynaa dejinta hore:
systemctl enable network.service
systemctl start network.service
systemctl status network.servicesystemctl stop NetworkManager
systemctl disable NetworkManager
systemctl status NetworkManageryum install -y ntp
systemctl enable ntpd.service
systemctl start ntpd.servicecat /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targetedcat /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536cat /etc/sysctl.conf
vm.max_map_count = 262144
vm.swappiness = 1Rakibaadda set aasaasiga ah ee software
Si aad marka hore u habaynayso OS-ka, waxaad u baahan tahay inaad habayso shabakad kasta oo isku xidha server-ka si aad u gasho internetka si aad u cusboonaysiiso OS-ga oo aad u rakibto xidhmooyinka software-ka ee lagama maarmaanka ah. Tan waxaa la samayn karaa labadaba inta lagu guda jiro habka rakibo OS iyo ka dib.
yum -y install epel-release
yum update
yum -y install bind-utils yum-utils net-tools git htop iotop nmon pciutils sysfsutils sysstat mc nc rsync wget traceroute gzip unzip telnet Dhammaan goobaha kor ku xusan iyo qalabka software-ka waa arrin ku saabsan doorbidka shakhsi ahaaneed, oo setkani waa talobixin kaliya.
Maadaama martigeliyahayagu uu ciyaari doono doorka hypervisor, waxaan awood u siin doonaa astaanta waxqabadka ee loo baahan yahay:
systemctl enable tuned
systemctl start tuned
systemctl status tuned tuned-adm profile
tuned-adm profile virtual-host Waxaad ka akhriyi kartaa wax badan oo ku saabsan profile profile halkan: "«.
Kadib rakibidda OS-ka, waxaan u gudubnaa qaybta xigta - dejinta shabakadaha shabakadaha martigeliyaha iyo xirmooyinka Cisco 2960X.
Habaynta Cisco 2960X Switch Stack
Mashruucayagu waxa uu isticmaali doonaa tirooyinka soo socda ee VLAN-ama baahinta xayndaabka, gooni-gooniyada ah, si loo kala saaro noocyada kala duwan ee taraafikada:
VLAN 10 - Internetka
VLAN 17 - Maareynta (iDRAC, nidaamka kaydinta, maaraynta furayaasha)
VLAN 32 - Shabakadda wax soo saarka VM
VLAN 33 - isku xidhka isku xidhka (ee qandaraaslayaasha dibadda)
VLAN 34 - Shabakadda tijaabada VM
VLAN 35 - Shabakadda horumarinta VM
VLAN 40 – Shabakadda la socodka
Kahor intaanan shaqada bilaabin, halkan waa jaantus heerka L2 ah oo ay tahay inaan ugu dambeyntii gaadhno:
Is dhexgalka shabakada ee martigeliyaha oVirt iyo mashiinada farsamada ee midba midka kale, iyo sidoo kale maaraynta nidaamka kaydinta, waxaa lagama maarmaan ah in la habeeyo xirmooyinka Cisco 2960X.
Martigeliyayaasha Dell waxay leeyihiin kaarar shabakadeed oo 4-deked ah, sidaas darteed, waxaa lagu talinayaa in la abaabulo xiriirkooda Cisco 2960X iyadoo la adeegsanayo isku xirka shabakad cillad-u-dulqaadasho leh, iyadoo la adeegsanayo kooxaynta dekedaha shabakadda jirka ee isku-xirka macquulka ah, iyo borotokoolka LACP ( 802.3ad):
- Labada dekedood ee ugu horreeya ee martida loo yahay ayaa lagu habeeyey habka isku xidhka oo lagu xidho beddelka 2960X - interface-kan macquulka ah ayaa la habayn doonaa buundada oo leh ciwaanka maaraynta martida loo yahay, la socodka, xidhiidhka martigaliyayaasha kale ee kutlada oVirt, waxa kale oo loo isticmaali doona guuritaanka tooska ah ee mashiinada farsamada;
- labada dekedood ee labaad ee martida loo yahay ayaa sidoo kale lagu habeeyey habka isku xidhka oo ku xidhan 2960X - on interface this macquul ah oo isticmaalaya oVirt, buundooyinka la abuuri doonaa mustaqbalka (in VLANs u dhiganta) kuwaas oo mashiinada dalwaddii lagu xidhi doonaa.
- labada dekedood ee shabakadaha, gudaha isku interface macquul ah, waxay noqon doonaan kuwo firfircoon, i.e. gaadiidka korkooda waxaa lagu kala qaadi karaa isku mar, in hab dheelitirka.
- Dejinta shabakada ee qanjidhada kutlada waa inay ahaadaan isku mid, marka laga reebo cinwaannada IP-ga.
Dejinta xidhmooyin beddelka aasaasiga ah 2960X iyo dekedaheeda
Furayaashayadu waa inay marka hore ahaadaan:
- rafcaan lagu rakibay;
- ku xiran laba fiilooyin gaar ah oo dhererka loo baahan yahay, tusaale ahaan, CAB-STK-E-1M;
- ku xiran sahayda korontada;
- ku xidhan goobta shaqada ee maamulka iyada oo loo sii marayo dekedda konsole qaabayntooda bilowga ah.
Tilmaanta lagama maarmaanka ah ee tan ayaa laga heli karaa soo saaraha.
Ka dib markii la dhamaystiro tillaabooyinka kor ku xusan, waxaan habayn furayaasha.
Waxa amar kasta loola jeedo looguma talogelin in lagu qeexo qaabka qodobkan; haddii loo baahdo, dhammaan macluumaadka waxaa loo heli karaa si madaxbannaan.
Hadafkayagu waa in aan u habaynno xidhmadaha beddelka sida ugu dhakhsaha badan ee suurtogalka ah oo aan ugu xidhno martigaliyayaasha iyo is-dhexgalada maamulka kaydinta.
1) Ku xidh badhanka Master-ka, u gudub qaabka mudnaanta leh, ka dibna u gudub qaabka qaabaynta oo samee dejinta aasaasiga ah.
Qaabka beddelka aasaasiga ah:
enable
configure terminal
hostname 2960X
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone msec
no service password-encryption
service sequence-numbers
switch 1 priority 15
switch 2 priority 14
stack-mac persistent timer 0
clock timezone MSK 3
vtp mode transparent
ip subnet-zero
vlan 17
name Management
vlan 32
name PROD
vlan 33
name Interconnect
vlan 34
name Test
vlan 35
name Dev
vlan 40
name Monitoring
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-40 root primary
spanning-tree loopguard default
vlan internal allocation policy ascending
port-channel load-balance src-dst-ip
errdisable recovery cause loopback
errdisable recovery cause bpduguard
errdisable recovery interval 60
line con 0
session-timeout 60
exec-timeout 60 0
logging synchronous
line vty 5 15
session-timeout 60
exec-timeout 60 0
logging synchronous
ip http server
ip http secure-server
no vstack
interface Vlan1
no ip address
shutdown
exit
Waxa aanu ku kaydinay qaabka amarkawr mem" oo dib u bilow xirmada beddelka amarka"dib u cusbooneysiin» ku dul wareegta Master-ka 1.
2) Waxaan u habeyneynaa dekedaha shabakadda ee beddelka habka gelitaanka ee VLAN 17, si aan ugu xirno isdhexgalka maamulka ee nidaamyada kaydinta iyo server-yada iDRAC.
Dejinta maamulka dekedaha:
interface GigabitEthernet1/0/5
description iDRAC - host1
switchport access vlan 17
switchport mode access
spanning-tree portfast edge
interface GigabitEthernet1/0/6
description Storage1 - Cntr0/Eth0
switchport access vlan 17
switchport mode access
spanning-tree portfast edge
interface GigabitEthernet2/0/5
description iDRAC - host2
switchport access vlan 17
switchport mode access
spanning-tree portfast edge
interface GigabitEthernet2/0/6
description Storage1 – Cntr1/Eth0
switchport access vlan 17
switchport mode access
spanning-tree portfast edge
exit3) Ka dib markaad dib u soo dejiso xirmada, hubi inay si sax ah u shaqeyso:
Hubinta shaqeynta xirmada:
2960X#show switch stack-ring speed
Stack Ring Speed : 20G
Stack Ring Configuration: Full
Stack Ring Protocol : FlexStack
2960X#show switch stack-ports
Switch # Port 1 Port 2
-------- ------ ------
1 Ok Ok
2 Ok Ok
2960X#show switch neighbors
Switch # Port 1 Port 2
-------- ------ ------
1 2 2
2 1 1
2960X#show switch detail
Switch/Stack Mac Address : 0cd0.f8e4.ХХХХ
Mac persistency wait time: Indefinite
H/W Current
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
*1 Master 0cd0.f8e4.ХХХХ 15 4 Ready
2 Member 0029.c251.ХХХХ 14 4 Ready
Stack Port Status Neighbors
Switch# Port 1 Port 2 Port 1 Port 2
--------------------------------------------------------
1 Ok Ok 2 2
2 Ok Ok 1 14) Dejinta gelitaanka SSH ee xirmada 2960X
Si aan meel fog uga maamulno xirmada SSH, waxaan isticmaali doonaa IP 172.20.1.10 loo habeeyey SVI VLAN17.
In kasta oo ay habboon tahay in loo isticmaalo deked u go'an beddelashada ujeedooyinka maamulka, tani waa arrin ku saabsan doorbidida iyo kartida shakhsi ahaaneed.
Habaynta gelitaanka SSH ee xidhmooyin shido ah:
ip default-gateway 172.20.1.2
interface vlan 17
ip address 172.20.1.10 255.255.255.0
hostname 2960X
ip domain-name hw.home-lab.ru
no ip domain-lookup
clock set 12:47:04 06 Dec 2019
crypto key generate rsa
ip ssh version 2
ip ssh time-out 90
line vty 0 4
session-timeout 60
exec-timeout 60 0
privilege level 15
logging synchronous
transport input ssh
line vty 5 15
session-timeout 60
exec-timeout 60 0
privilege level 15
logging synchronous
transport input ssh
aaa new-model
aaa authentication login default local
username cisco privilege 15 secret my_ssh_passwordDeji furaha sirta ah si aad u geliso qaabka mudnaanta leh:
enable secret *myenablepassword*
service password-encryptionDejinta NTP:
ntp server 85.21.78.8 prefer
ntp server 89.221.207.113
ntp server 185.22.60.71
ntp server 192.36.143.130
ntp server 185.209.85.222
show ntp status
show ntp associations
show clock detail5) Habee isku xirka Etherchannel macquulka ah iyo dekedaha jireed ee ku xiran martigeliyayaasha. Si loo fududeeyo qaabeynta, dhammaan VLAN-yada la heli karo waxaa lagu dayn doonaa dhammaan is-dhexgalka macquulka ah, laakiin guud ahaan waxaa lagula talinayaa in la habeeyo kaliya waxa loo baahan yahay:
Isku xirka Etherchannel:
interface Port-channel1
description EtherChannel with Host1-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
spanning-tree portfast edge trunk
interface Port-channel2
description EtherChannel with Host2-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
spanning-tree portfast edge trunk
interface Port-channel3
description EtherChannel with Host1-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
spanning-tree portfast edge trunk
interface Port-channel4
description EtherChannel with Host2-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
spanning-tree portfast edge trunk
interface GigabitEthernet1/0/1
description Host1-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
interface GigabitEthernet1/0/2
description Host2-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
interface GigabitEthernet1/0/3
description Host1-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 3 mode active
interface GigabitEthernet1/0/4
description Host2-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 4 mode active
interface GigabitEthernet2/0/1
description Host1-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
interface GigabitEthernet2/0/2
description Host2-management
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
interface GigabitEthernet2/0/3
description Host1-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 3 mode active
interface GigabitEthernet2/0/4
description Host2-VM
switchport trunk allowed vlan 10,17,30-40
switchport mode trunk
channel-protocol lacp
channel-group 4 mode activeQaabeynta bilowga ah ee isku xirka shabakadaha mashiinnada farsamada gacanta ee martida loo yahay Martigeliyaha1 и Martigeliyaha2
Waxaan hubineynaa joogitaanka cutubyada lagama maarmaanka u ah isku xirnaanta si ay uga shaqeeyaan nidaamka, ku dheji moduleka xakamaynta buundooyinka:
modinfo bonding
modinfo 8021q
yum install bridge-utilsHabaynta BOND1 interface-ka macquulka ah ee mishiinada farsamada iyo is dhexgalkeeda jireed ee martida loo yahay:
cat /etc/sysconfig/network-scripts/ifcfg-bond1
#DESCRIPTION - management
DEVICE=bond1
NAME=bond1
TYPE=Bond
IPV6INIT=no
ONBOOT=yes
USERCTL=no
NM_CONTROLLED=no
BOOTPROTO=none
BONDING_OPTS='mode=4 lacp_rate=1 xmit_hash_policy=2'
cat /etc/sysconfig/network-scripts/ifcfg-em2
#DESCRIPTION - management
DEVICE=em2
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond1
SLAVE=yes
USERCTL=no
NM_CONTROLLED=no
cat /etc/sysconfig/network-scripts/ifcfg-em3
#DESCRIPTION - management
DEVICE=em3
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond1
SLAVE=yes
USERCTL=no
NM_CONTROLLED=no Ka dib markii la dhammeeyo dejinta on raso 2960 Х iyo martigeliyayaasha, waxaan dib u bilownay shabakada martigeliyaha waxaanan hubineynaa shaqeynta isdhexgalka macquulka ah.
- dhanka martida loo yahay:
systemctl restart network
cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
...
802.3ad info
LACP rate: fast
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
...
Slave Interface: em2
MII Status: up
Speed: 1000 Mbps
Duplex: full
...
Slave Interface: em3
MII Status: up
Speed: 1000 Mbps
Duplex: full- on xirmo beddelka 2960 Х:
2960X#show lacp internal
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi1/0/1 SA bndl 32768 0x1 0x1 0x102 0x3D
Gi2/0/1 SA bndl 32768 0x1 0x1 0x202 0x3D
2960X#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
Number of channel-groups in use: 11
Number of aggregators: 11
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Gi1/0/1(P) Gi2/0/1(P)Qaabaynta bilowga ah ee isku xidhka shabakada ee maaraynta ilaha kooxda martida loo yahay Martigeliyaha1 и Martigeliyaha2
Habaynta BOND1 interface macquul ah ee maamulka iyo is dhexgalkeeda jireed ee martida loo yahay:
cat /etc/sysconfig/network-scripts/ifcfg-bond0
#DESCRIPTION - management
DEVICE=bond0
NAME=bond0
TYPE=Bond
BONDING_MASTER=yes
IPV6INIT=no
ONBOOT=yes
USERCTL=no
NM_CONTROLLED=no
BOOTPROTO=none
BONDING_OPTS='mode=4 lacp_rate=1 xmit_hash_policy=2'
cat /etc/sysconfig/network-scripts/ifcfg-em0
#DESCRIPTION - management
DEVICE=em0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
NM_CONTROLLED=no
cat /etc/sysconfig/network-scripts/ifcfg-em1
#DESCRIPTION - management
DEVICE=em1
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
NM_CONTROLLED=no Ka dib markii la dhammeeyo dejinta on raso 2960 Х iyo martigeliyayaasha, waxaan dib u bilownay shabakada martigeliyaha waxaanan hubineynaa shaqeynta isdhexgalka macquulka ah.
systemctl restart network
cat /proc/net/bonding/bond1
2960X#show lacp internal
2960X#sh etherchannel summaryWaxaan u habaynaynaa isku xirka shabakada xakamaynta ee martigeliyaha kasta VLAN 17, oo ku xidh interface-ka macquulka ah BOND1:
Ku habeynta VLAN17 Host1:
cat /etc/sysconfig/network-scripts/ifcfg-bond1.17
DEVICE=bond1.17
NAME=bond1-vlan17
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
NM_CONTROLLED=no
VLAN=yes
MTU=1500
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPADDR=172.20.17.163
NETMASK=255.255.255.0
GATEWAY=172.20.17.2
DEFROUTE=yes
DNS1=172.20.17.8
DNS2=172.20.17.9
ZONE=publicKu habeynta VLAN17 Host2:
cat /etc/sysconfig/network-scripts/ifcfg-bond1.17
DEVICE=bond1.17
NAME=bond1-vlan17
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
NM_CONTROLLED=no
VLAN=yes
MTU=1500
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPADDR=172.20.17.164
NETMASK=255.255.255.0
GATEWAY=172.20.17.2
DEFROUTE=yes
DNS1=172.20.17.8
DNS2=172.20.17.9
ZONE=publicWaxaan dib u bilownay shabakada martigeliyayaasha waxaanan hubinay muuqaalkooda midba midka kale.
Tani waxay dhamaystiraysaa qaabeynta xirmooyinka Cisco 2960X, iyo haddii wax walba si sax ah loo sameeyay, markaa hadda waxaan leenahay isku xirnaanta shabakada ee dhammaan walxaha kaabayaasha midba midka kale ee heerka L2.
Dejinta nidaamka kaydinta Dell MD3820f
Kahor intaadan bilaabin shaqada dejinta nidaamka kaydinta, waa in mar hore lagu xidhaa xidhmooyin shirar Cisco ah 2960 Х kontoroolka interneedka, iyo sidoo kale kuwa martida loo yahay Martigeliyaha1 и Martigeliyaha2 iyada oo loo marayo FC.
Jaantuska guud ee sida nidaamyada kaydinta loogu xidhi karo xidhmooyin shido ayaa lagu bixiyay cutubkii hore.
Jaantuska isku xirka nidaamka kaydinta iyada oo loo marayo FC martida loo yahay waa inuu u ekaado sidan:
Inta lagu jiro isku xirka, waxaad u baahan tahay inaad qorto ciwaanada WWPN ee martigaliyayaasha FC HBA ee ku xidhan dekedaha FC ee nidaamka kaydinta - tani waxay lama huraan u noqon doontaa in hadhow la dejiyo xidhitaanka martida loo yahay LUNs ee nidaamka kaydinta.
Goobta shaqada ee maamulaha, soo deji oo ku rakib utility si aad u maamusho nidaamka kaydinta Dell MD3820f - Maareeyaha Kaydinta Disk ee PowerVault Modular (MDSM).
Waxaan ku xireynaa ciwaanka IP-ga ee caadiga ah, ka dibna waxaan ka habeyneynaa ciwaannadayada VLAN17, si loo maareeyo kontaroolayaasha iyada oo loo marayo TCP/IP:
Kaydinta1:
ControllerA IP - 172.20.1.13, MASK - 255.255.255.0, Gateway - 172.20.1.2
ControllerB IP - 172.20.1.14, MASK - 255.255.255.0, Gateway - 172.20.1.2Ka dib dejinta ciwaannada, u gudub barta maamulka kaydinta oo deji furaha sirta ah, deji wakhtiga, cusboonaysii firmware-ka maamulayaasha iyo saxannada, haddii loo baahdo, iwm.
Sida tan loo sameeyo ayaa lagu tilmaamay Habka kaydinta
Ka dib markii la dhamaystiro goobaha kor ku xusan, waxaan u baahan doonaa oo kaliya dhowr tallaabo:
- Habee martigeliyaha aqoonsiga dekeda FC - Aqoonsiga Dekedda Martigeliyaha.
- Abuur kooxda martida loo yahay - Kooxda martida loo yahay oo ku dar labadayada Dell martida loo yahay.
- Ku samee koox saxan ah iyo saxanadaha farsamada gacanta (ama LUNs) taas oo loo soo bandhigi doono martida loo yahay.
- Habee soo-bandhigidda disk-yada farsamada (ama LUN-yada) ee martida loo yahay.
Ku darista martigaliyayaasha cusub iyo xidhidhiyaha deked FC martida loo yahay iyaga waxaa lagu sameeyaa liiska - Khariidadaha martida loo yahay -> Qeexaan -> Martigeliyayaasha…
Cinwaannada WWPN ee martigeliyayaasha FC HBA waxa laga heli karaa, tusaale ahaan, serfarada iDRAC.
Natiijo ahaan, waa inaan helno wax sidan oo kale ah:
Ku darista koox cusub oo martigeliyayaal ah iyo martigeliyaha xidhitaankeeda waxaa lagu sameeyaa liiska - Khariidadaha martida loo yahay -> Qeexaan -> Kooxda martida loo yahay…
Kuwa martida loo yahay, dooro nooca OS- Linux (DM-MP).
Kadib abuurista kooxda martida loo yahay, iyada oo loo marayo tab Kaydinta & Adeegyada Nuqulka, samee koox saxan - Kooxda Disk, oo leh nooc ku xiran shuruudaha u dulqaadashada qaladka, tusaale ahaan, RAID10, iyo ku dhex jira saxanadaha farsamada ee cabbirka loo baahan yahay:
Ugu dambeyntiina, marxaladda ugu dambeysa waa soo bandhigida saxanadaha farsamada (ama LUNs) ee martida loo yahay.
Si tan loo sameeyo, iyada oo loo marayo menu - Khariidadaha martida loo yahay -> Khariidaynta dayaxa -> Ku dar ... Waxaan ku xiraa saxanadaha casriga ah iyo kuwa martida loo yahay anagoo u qoondeynayna nambaro iyaga.
Wax walba waa inay u ekaadaan sawirkan:
Tani waa meesha aan ku dhameyno dejinta nidaamka kaydinta, iyo haddii wax walba si sax ah loo sameeyay, markaa martigeliyayaashu waa inay arkaan LUNs oo lagu soo bandhigay iyaga oo loo marayo FC HBA.
Aan ku qasbi nidaamka inuu cusboonaysiiyo macluumaadka ku saabsan saxanadaha ku xidhan:
ls -la /sys/class/scsi_host/
echo "- - -" > /sys/class/scsi_host/host[0-9]/scanAynu aragno aaladaha ka muuqda seerfaradayada:
cat /proc/scsi/scsi
Attached devices:
Host: scsi0 Channel: 02 Id: 00 Lun: 00
Vendor: DELL Model: PERC H330 Mini Rev: 4.29
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 00
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 01
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 04
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 11
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi15 Channel: 00 Id: 00 Lun: 31
Vendor: DELL Model: Universal Xport Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 00
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 01
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 04
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 11
Vendor: DELL Model: MD38xxf Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
Host: scsi18 Channel: 00 Id: 00 Lun: 31
Vendor: DELL Model: Universal Xport Rev: 0825
Type: Direct-Access ANSI SCSI revision: 05
lsscsi
[0:2:0:0] disk DELL PERC H330 Mini 4.29 /dev/sda
[15:0:0:0] disk DELL MD38xxf 0825 -
[15:0:0:1] disk DELL MD38xxf 0825 /dev/sdb
[15:0:0:4] disk DELL MD38xxf 0825 /dev/sdc
[15:0:0:11] disk DELL MD38xxf 0825 /dev/sdd
[15:0:0:31] disk DELL Universal Xport 0825 -
[18:0:0:0] disk DELL MD38xxf 0825 -
[18:0:0:1] disk DELL MD38xxf 0825 /dev/sdi
[18:0:0:4] disk DELL MD38xxf 0825 /dev/sdj
[18:0:0:11] disk DELL MD38xxf 0825 /dev/sdk
[18:0:0:31] disk DELL Universal Xport 0825 -Ciidanka martida loo yahay waxa kale oo aad ku habayn kartaa isku dhufasho, iyo in kasta oo marka la rakibayo oVirt ay samayn karto tan lafteeda, waxaa fiican inaad horay u sii hubiso hawlgalka saxda ah ee MP.
Rakibaadda iyo habaynta DM Multipath
yum install device-mapper-multipath
mpathconf --enable --user_friendly_names y
cat /etc/multipath.conf | egrep -v "^s*(#|$)"
defaults {
user_friendly_names yes
find_multipaths yes
}
blacklist {
wwid 26353900f02796769
devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"
devnode "^hd[a-z]"
}Deji adeegga MP inuu iskii u bilaabo oo bilaabo:
systemctl enable multipathd && systemctl restart multipathdHubinta macluumaadka ku saabsan cutubyada la raray ee hawlgalka MP:
lsmod | grep dm_multipath
dm_multipath 27792 6 dm_service_time
dm_mod 124407 139 dm_multipath,dm_log,dm_mirror
modinfo dm_multipath
filename: /lib/modules/3.10.0-957.12.2.el7.x86_64/kernel/drivers/md/dm-multipath.ko.xz
license: GPL
author: Sistina Software <[email protected]>
description: device-mapper multipath target
retpoline: Y
rhelversion: 7.6
srcversion: 985A03DCAF053D4910E53EE
depends: dm-mod
intree: Y
vermagic: 3.10.0-957.12.2.el7.x86_64 SMP mod_unload modversions
signer: CentOS Linux kernel signing key
sig_key: A3:2D:39:46:F2:D3:58:EA:52:30:1F:63:37:8A:37:A5:54:03:00:45
sig_hashalgo: sha256Aynu eegno xogta kooban ee ku saabsan qaabaynta dariiqyada badan ee jira:
mpathconf
multipath is enabled
find_multipaths is disabled
user_friendly_names is disabled
dm_multipath module is loaded
multipathd is runningKa dib marka lagu daro LUN cusub nidaamka kaydinta oo aad u soo bandhigto martigeliyaha, waxaad u baahan tahay inaad sawirto HBA-yada ku xiran martigeliyaha korkiisa.
systemctl reload multipathd
multipath -v2Ugu dambeyntiina, waxaan hubineynaa in dhammaan LUN-yada lagu soo bandhigay nidaamka kaydinta martida loo yahay, iyo haddii ay jiraan laba waddo oo dhammaantood ah.
Hubinta hawlgalka MP:
multipath -ll
3600a098000e4b4b3000003175cec1840 dm-2 DELL ,MD38xxf
size=2.0T features='3 queue_if_no_path pg_init_retries 50' hwhandler='1 rdac' wp=rw
|-+- policy='service-time 0' prio=14 status=active
| `- 15:0:0:1 sdb 8:16 active ready running
`-+- policy='service-time 0' prio=9 status=enabled
`- 18:0:0:1 sdi 8:128 active ready running
3600a098000e4b48f000002ab5cec1921 dm-6 DELL ,MD38xxf
size=10T features='3 queue_if_no_path pg_init_retries 50' hwhandler='1 rdac' wp=rw
|-+- policy='service-time 0' prio=14 status=active
| `- 18:0:0:11 sdk 8:160 active ready running
`-+- policy='service-time 0' prio=9 status=enabled
`- 15:0:0:11 sdd 8:48 active ready running
3600a098000e4b4b3000003c95d171065 dm-3 DELL ,MD38xxf
size=150G features='3 queue_if_no_path pg_init_retries 50' hwhandler='1 rdac' wp=rw
|-+- policy='service-time 0' prio=14 status=active
| `- 15:0:0:4 sdc 8:32 active ready running
`-+- policy='service-time 0' prio=9 status=enabled
`- 18:0:0:4 sdj 8:144 active ready runningSida aad arki karto, dhammaan saddexda saxan ee nidaamka kaydinta waxay ka muuqdaan laba waddo. Sidaa darteed, dhammaan shaqada diyaarinta waa la dhammaystiray, taas oo macnaheedu yahay inaad u sii wadi karto qaybta ugu muhiimsan - dejinta kooxda oVirt, kaas oo looga hadli doono maqaalka soo socda.
Source: www.habr.com