Sehloohong sena re tla sheba mefuta e mengata ea boikhethelo empa e le ea bohlokoa:
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
Sengoliloeng sena ke ntšetso-pele, bona oVirt ka mor'a lihora tse 2 ho qala и .
Articles
- Litlhophiso tse ling - Re teng
Litlhophiso tse ling tsa mookameli
Bakeng sa boiketlo, re tla kenya liphutheloana tse eketsehileng:
$ sudo yum install bash-completion vimHo etsa hore taelo e phetheloe, bash-completion e hloka ho fetohela ho bash.
E eketsa mabitso a DNS
Sena se tla hlokahala ha o hloka ho hokela mookameli o sebelisa lebitso le leng (CNAME, alias, kapa lebitso le lekhuts'oane feela ntle le suffix ea domain). Bakeng sa mabaka a ts'ireletso, mookameli o lumella likhokahano feela ka lethathamo le lumelletsoeng la mabitso.
Theha faele ea litlhophiso:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conflitaba tse latelang:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"ebe o qala mookameli hape:
$ sudo systemctl restart ovirt-engineHo theha netefatso ka AD
oVirt e na le setsi sa basebelisi se hahelletsoeng, empa bafani ba kantle ba LDAP le bona ba tšehelitsoe, ho kenyeletsoa. A.D.
Mokhoa o bonolo ka ho fetisisa oa tlhophiso e tloaelehileng ke ho qala wizard le ho qala mookameli hape:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engineMohlala oa mosebetsi oa monghali
$ sudo ovirt-enjene-extension-aaa-ldap-setup
Ts'ebetsong ea LDAP e teng:
...
3 - Bukana e sebetsang
...
Ka kopo, khetha: 3
Ka kopo, kenya lebitso la Active Directory Forest: mohlala.com
Ka kopo, khetha protocol eo u ka e sebelisang (startTLS, ldaps, plain) [qalaTLS]:
Ka kopo, khetha mokhoa oa ho fumana setifikeiti sa CA se kentsoeng ka PEM (Faele, URL, Inline, System, Insecure): URL
URL:
Kenya mosebelisi oa patlo oa DN (mohlala uid=username,dc=example,dc=com kapa u siee motho ea sa tsejoeng): CN=oVirt-Engine,CN=Basebedisi,DC=mohlala,DC=com
Kenya phasewete ea ho batla mosebelisi: *password*
[ INFO ] Ho leka ho tlama ka ho sebelisa 'CN=oVirt-Engine,CN=Users,DC=mohlala,DC=com'
A na u tlil'o sebelisa Ho Kena ho le Mong bakeng sa Mechini ea Virtual (E, Che) [Ee]:
Ka kopo, bolela lebitso la boemo bo tla bonahala ho basebelisi [mohlala.com]:
Ka kopo, fana ka mangolo a bopaki ho hlahloba phallo ea ho kena:
Kenya lebitso la mosebelisi: someAnyUser
Kenya password ea mosebelisi:
...
[INFO] Tatelano ea ho kena e sebelitsoe ka katleho
...
Khetha tatellano ea teko eo u lokelang ho e etsa (Ho felile, Tlosa, Kena, Batla) [E felile]:
[INFO] Boemo: tlhophiso ea transaction
...
TS'ELISO TS'ELISO
...
Ho sebelisa wizate ho loketse maemong a mangata. Bakeng sa litlhophiso tse rarahaneng, litlhophiso li etsoa ka letsoho. Lintlha tse ling ho litokomane tsa oVirt, . Kamora ho hokahanya Enjine ho AD ka katleho, profil e eketsehileng e tla hlaha fensetereng ea khokahano, le tabong Lumello Lintho tsa sistimi li na le bokhoni ba ho fana ka tumello ho basebelisi le lihlopha tsa AD. Hoa lokela ho hlokomeloa hore buka ea kantle ea basebelisi le lihlopha e ka se be AD feela, empa hape le IPA, eDirectory, joalo-joalo.
Bongata
Sebakeng sa tlhahiso, tsamaiso ea polokelo e tlameha ho hokahanngoa le moamoheli ka litsela tse ngata tse ikemetseng, tse ngata tsa I/O. E le molao, ho CentOS (ka hona oVirt) ha ho na mathata a ho bokella litsela tse ngata ho sesebelisoa (find_multipaths e). Litlhophiso tse ling tsa FCoE li ngotsoe ho . Ho bohlokoa ho ela hloko khothaletso ea moetsi oa sistimi ea polokelo - ba bangata ba khothaletsa ho sebelisa leano la "round-robin", empa ka ho sa feleng ho Enterprise Linux 7 nako ea ts'ebeletso e sebelisoa.
Ho sebelisa 3PAR e le mohlala
le tokomane EL e entsoe e le Moamoheli ea nang le Generic-ALUA Persona 2, eo ho eona ho kengoang litekanyetso tse latelang ho litlhophiso /etc/multipath.conf:
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}Ka mor'a moo taelo ea ho qala bocha e fanoa:
systemctl restart multipathd
Raese. 1 ke leano la kamehla la I/O.
Raese. 2 - maano a mangata a I / O ka mor'a ho sebelisa litlhophiso.
Ho theha tsamaiso ea matla
E u lumella ho etsa, mohlala, ho lokisa lisebelisoa tsa mochini haeba Enjine e sa khone ho fumana karabo ho tsoa ho Moamoheli nako e telele. E kenngoe ka Moemeli oa Fense.
Kopanya -> Baamoheli -> moamoheli - Edita -> Tsamaiso ea Matla, ebe u nolofalletsa "Enable Power Management" 'me u kenye moemeli - "Eketsa Moemeli oa Fence" -> +.
Re bonts'a mofuta (mohlala, bakeng sa iLO5 o hloka ho hlakisa ilo4), lebitso / aterese ea sebopeho sa ipmi, hammoho le lebitso la mosebelisi / password. Ho khothaletsoa ho theha mosebelisi ea arohaneng (mohlala, oVirt-PM) mme, molemong oa ILO, o mo fe litokelo:
- Kena
- Remote Console
- Matla a Virtual le Reset
- Virtual Media
- Lokisa Litlhophiso tsa ILO
- Laola Liakhaonto tsa Basebelisi
U se ke ua botsa hore na ke hobane'ng ha sena se le joalo, se khethiloe ka matla. Moemeli oa terata oa console o hloka litokelo tse fokolang.
Ha u theha manane a taolo ea phihlello, u lokela ho hopola hore moemeli ha a sebetse ka enjene, empa ho moamoheli oa "moahelani" (eo ho thoeng ke Power Management Proxy), ke hore, haeba ho na le node e le 'ngoe feela sehlopheng, tsamaiso ea matla e tla sebetsa hana.
Ho theha SSL
Litaelo tse felletseng tsa semmuso - ho , Sehlomathiso sa D: oVirt le SSL — Ho Nchafatsa Setifikeiti sa OVirt Engine SSL/TLS.
Setifikeiti se ka tsoa ho CA ea rona ea khoebo kapa ho tsoa ho bolaoli ba setifikeiti sa kantle sa khoebo.
Keletso ea bohlokoa: Setifikeiti se reretsoe ho hokela mookameli 'me se ke ke sa ama puisano lipakeng tsa Enjene le li-node - ba tla sebelisa litifikeiti tse ingoletseng tse fanoeng ke Enjene.
Litlhokahalo:
- setifikeiti sa ho fana ka CA ka sebopeho sa PEM, ka ketane eohle ho fihlela motso oa CA (ho tloha ho CA e fanoeng ka tlase qalong ho isa motsong qetellong);
- setifikeiti sa Apache se fanoeng ke CA e fanoeng (hape e tlatselletsoa ke ketane eohle ea litifikeiti tsa CA);
- senotlolo sa poraefete bakeng sa Apache, ntle le password.
Ha re nke hore CA ea rona e ntšitsoeng e sebetsa CentOS, e bitsoang subca.example.com, 'me likopo, linotlolo le litifikeiti li fumaneha ho /etc/pki/tls/ directory.
Re etsa li-backups mme re theha bukana ea nakoana:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certsKhoasolla litifikeiti, u li phethe ho tsoa setsing sa hau sa mosebetsi kapa u li fetise ka tsela e 'ngoe e bonolo:
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certsKa lebaka leo, o lokela ho bona lifaele tsohle tse 3:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.keyHo kenya litifikeiti
Kopitsa lifaele 'me u ntlafatse manane a trust:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.serviceKenya/ntlafatsa lifaele tsa tlhophiso:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.confENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.confSSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cerE latelang, qala litšebeletso tsohle tse amehang bocha:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.serviceE lokile! Ke nako ea ho hokela mookameli le ho netefatsa hore khokahano e sirelelitsoe ke setifikeiti sa SSL se saennoeng.
Ho boloka
Re ka be re le kae kantle ho eena? Karolong ena re tla bua ka polokelo ea litaba ea mookameli; ho boloka litaba tsa VM ke taba e arohaneng. Re tla etsa likopi tsa bekapo hang ka letsatsi ebe re li boloka ka NFS, ho etsa mohlala, tsamaisong e tšoanang moo re behileng litšoantšo tsa ISO - mynfs1.example.com:/exports/ovirt-backup. Ha e khothalletsoe ho boloka li-archives mochining o le mong moo Enjine e sebetsang teng.
Kenya le ho nolofalletsa li-autofs:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofsHa re theheng mongolo:
$ sudo vim /etc/cron.daily/make.oVirt.backup.shlitaba tse latelang:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;Ho etsa hore faele e phethehe:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.shHona joale bosiu bo bong le bo bong re tla fumana polokelo ea litlhophiso tsa mookameli.
Sehokelo sa tsamaiso ea moamoheli
- sehokelo sa sejoale-joale sa tsamaiso bakeng sa litsamaiso tsa Linux. Tabeng ena, e phetha karolo e tšoanang le ea ESXi web interface.
Raese. 3 - ponahalo ea phanele.
Ho kenya ho bonolo haholo, o hloka liphutheloana tsa cockpit le plugin ea cockpit-ovirt-dashboard:
$ sudo yum install cockpit cockpit-ovirt-dashboard -yE nolofaletsa Cockpit:
$ sudo systemctl enable --now cockpit.socketTlhophiso ea li-firewall:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanentJoale o ka hokela ho moamoheli: https://[Host IP or FQDN]:9090
Li-VLAN
U lokela ho bala haholoanyane ka marang-rang ho . Ho na le menyetla e mengata, mona re tla hlalosa ho hokahanya marang-rang a fumanehang.
Ho hokahanya li-subnets tse ling, li tlameha ho hlalosoa pele ho tlhophiso: Network -> Networks -> New, mona feela lebitso ke sebaka se hlokahalang; Lebokose la tlhahlobo la VM Network, le lumellang mechini ho sebelisa marang-rang ena, lea lumelloa, empa ho hokahanya tag ho tlameha ho lumelloa. Numella VLAN tagging, kenya nomoro ea VLAN ebe o tobetsa OK.
Joale o hloka ho ea ho Compute hosts -> Hosts -> kvmNN -> Network Interfaces -> Setup Host Networks. Hula marang-rang a kenyellelitsoeng ho tloha ka lehlakoreng le letona la Unassigned Logical Networks ho ea ka ho le letšehali ho Assigned Logical Networks:
Raese. 4 - pele o eketsa marang-rang.
Raese. 5 - ka mor'a ho eketsa marang-rang.
Ho hokela marang-rang a mangata ho moamoheli ka bongata, ho bonolo ho ba abela lileibole ha u theha marang-rang, le ho eketsa marang-rang ka lileibole.
Ka mor'a hore marang-rang a thehoe, mabotho a tla kena sebakeng se sa sebetseng ho fihlela marang-rang a kenngoa ho li-node tsohle sehlopheng. Boitšoaro bona bo bakoa ke folakha ea Require All ho tab ea Cluster ha u theha marang-rang a macha. Tabeng ea ha marang-rang a sa hlokehe ho li-node tsohle tsa sehlopha, folakha ena e ka holofala, joale ha marang-rang a eketsoa ho moeti, e tla ba ka ho le letona karolong e sa Hlokehang 'me u ka khetha hore na u kopanye. ho moamoheli ea itseng.
Raese. 6—khetha tšobotsi e hlokahalang ea netweke.
HPE e khethehileng
Hoo e ka bang baetsi bohle ba na le lisebelisoa tse ntlafatsang ts'ebeliso ea lihlahisoa tsa bona. Ho sebelisa HPE e le mohlala, AMS (Agentless Management Service, amsd for iLO5, hp-ams bakeng sa iLO4) le SSA (Smart Storage Administrator, ho sebetsa le disk controller), joalo-joalo li molemo.
Ho hokela polokelo ea HPE
Re kenya senotlolo ebe re hokela polokelo ea HPE:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repolitaba tse latelang:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcpSheba likahare tsa polokelo le lintlha tsa sephutheloana (bakeng sa litšupiso):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsdHo kenya le ho qala:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsdMohlala oa sesebelisoa sa ho sebetsa le taolo ea disk
Ke phetho bakeng sa jwale. Lihloohong tse latelang ke rera ho bua ka ts'ebetso le lits'ebetso tse ling tsa mantlha. Mohlala, mokhoa oa ho etsa VDI ho oVirt.
Source: www.habr.com