Umlingo wokwenza izinto ezibonakalayo: ikhosi yentshayelelo kwiProxmox VE

Namhlanje siza kuthetha ngendlela yokuhambisa ngokukhawuleza nangokulula iiseva ezininzi ezinenyani ezineenkqubo ezahlukeneyo zokusebenza kwiseva enye yomzimba. Oku kuya kuvumela nawuphi na umlawuli wenkqubo ukuba alawule ngokuyintloko yonke isiseko se-IT yenkampani kwaye agcine isixa esikhulu sezibonelelo. Ukusetyenziswa kwe-virtualization kunceda ukukhupha kangangoko kunokwenzeka kwi-hardware ye-server yomzimba, ukukhusela iinkonzo ezibalulekileyo kunye nokubuyisela ngokulula ukusebenza kwazo nakwimeko yokusilela okukhulu.

Ngaphandle kwamathandabuzo, uninzi lwabalawuli benkqubo baqhelene neendlela zokusebenza ngendawo ebonakalayo kwaye kubo eli nqaku aliyi kufunyanwa. Ngaphandle koku, kukho iinkampani ezingathathi ithuba lokuguquguquka kunye nesantya sezisombululo ezibonakalayo ngenxa yokungabikho kolwazi oluchanekileyo malunga nabo. Siyathemba ukuba inqaku lethu liya kukunceda uqonde ngomzekelo ukuba kulula kakhulu ukuqala ukusebenzisa i-virtualization kube kanye kunokuba ube namava okuphazamiseka kunye nokusilela kweziseko zophuhliso zomzimba.

Ngethamsanqa, kulula kakhulu ukuzama ukuba isebenza njani i-virtualization. Siza kubonisa indlela yokwenza iseva kwindawo ebonakalayo, umzekelo, ukufuduka inkqubo yeCRM esetyenziswa kwinkampani. Phantse nayiphi na iseva yomzimba inokuguqulwa ibe yinyani, kodwa okokuqala kufuneka uqonde iindlela zokusebenza ezisisiseko. Oku kuya kuxoxwa ngezantsi.

Ingaba isebenza kanjani

Xa kuziwa kwi-virtualization, iingcali ezininzi ze-novice zikufumanisa kunzima ukuqonda isigama, ngoko ke makhe sichaze iikhonsepthi ezimbalwa ezisisiseko:

• I-Hypervisor -isoftware ekhethekileyo ekuvumela ukuba udale kwaye ulawule oomatshini benyani;
• Umatshini wenyani (emva koku ekubhekiselwa kuyo njenge-VM) yinkqubo eyiseva enengqondo ngaphakathi kweyomzimba eneseti yayo yeempawu, iidrive kunye nenkqubo yokusebenza;
• Umamkeli weVirtualization - iseva yomzimba ene-hypervisor esebenza kuyo.

Ukuze iseva isebenze njengomamkeli opheleleyo wokubonwayo, iprosesa yayo kufuneka ixhase enye yeetekhnoloji ezimbini - nokuba yi-Intel® VT okanye i-AMD-V™. Zomibini iitekhnoloji zenza owona msebenzi ubalulekileyo wokubonelela ngezixhobo ze-server yehardware koomatshini benyani.

Into ephambili kukuba naziphi na izenzo zoomatshini benyani zenziwa ngokuthe ngqo kwinqanaba le-hardware. Kwangaxeshanye, babodwa omnye komnye, nto leyo eyenza kube lula ukuzilawula ngokwahlukeneyo. I-hypervisor ngokwayo idlala indima yegunya elilawulayo, ukusabalalisa izibonelelo, iindima kunye nezinto eziphambili phakathi kwazo. I-hypervisor iphinda ilandele loo nxalenye ye-hardware eyimfuneko ekusebenzeni okuchanekileyo kwenkqubo yokusebenza.

Ukuqaliswa kwe-virtualization kwenza kube lula ukuba neekopi ezininzi ezisebenzayo zomncedisi omnye. Ukungaphumeleli okubalulekileyo okanye impazamo ngexesha lenkqubo yokwenza utshintsho kwikopi enjalo ayiyi kuchaphazela nayiphi na indlela yokusebenza kwenkonzo yangoku okanye isicelo. Oku kwakhona kuphelisa iingxaki ezimbini eziphambili - ukulinganisa kunye nokukwazi ukugcina "i-zoo" yeenkqubo ezahlukeneyo zokusebenza kwi-hardware efanayo. Eli lithuba elifanelekileyo lokudibanisa iinkonzo ezahlukeneyo ngaphandle kwesidingo sokuthenga izixhobo ezihlukeneyo nganye kuzo.

I-Virtualization iphucula ukunyamezela iimpazamo kwiinkonzo kunye nezicelo ezisetyenzisiweyo. Nokuba umncedisi wenyama uyasilela kwaye kufuneka atshintshwe nenye, yonke isiseko esibonakalayo siya kuhlala sisebenza ngokupheleleyo, ngaphandle kokuba imidiya yediski ilungile. Kule meko, iseva yenyama inokuba ivela kumenzi owahluke ngokupheleleyo. Oku kuyinyani ngakumbi kwiinkampani ezisebenzisa iiseva eziyekiweyo kwaye kuya kufuneka zifudukele kwezinye iimodeli.

Ngoku sidwelisa ezona hypervisors zidumileyo ezikhoyo namhlanje:

• VMware ESXi
• IMicrosoft Hyper-V
• Vula i-Virtualization Alliance KVM
• I-Oracle VM VirtualBox

Zonke ziphelele jikelele, nangona kunjalo, nganye kuzo ineempawu ezithile ekufuneka zihlale zithathelwa ingqalelo kwinqanaba lokukhetha: iindleko zokuthunyelwa / ukugcinwa kunye neempawu zobugcisa. Iindleko zeelayisensi zorhwebo ze-VMware kunye ne-Hyper-V ziphezulu kakhulu, kwaye kwimeko yokungaphumeleli, kunzima kakhulu ukusombulula ingxaki ngezi nkqubo ngokwakho.

I-KVM, kwelinye icala, isimahla kwaye kulula ukuyisebenzisa, ngakumbi njengenxalenye yesisombululo esenziwe se-Debian Linux esibizwa ngokuba yiProxmox Virtual Environment. Singacebisa le nkqubo ukuze siqhelane nehlabathi leziseko ezingundoqo.

Indlela yokufaka ngokukhawuleza i-Proxmox VE hypervisor

Ukufakela kaninzi akuphakamisi mibuzo. Khuphela inguqulelo yangoku yomfanekiso kwiziko elisemthethweni kwaye uyibhale kuyo nayiphi na imidiya yangaphandle usebenzisa into eluncedo Win32DiskImager (kwiLinux kusetyenziswa umyalelo wedd), emva koko siqale umncedisi ngokuthe ngqo kolu luhlu. Abathengi bethu abarenta iiseva ezinikezelweyo kuthi banokuthatha ithuba leendlela ezimbini ezilula ngakumbi - ngokunyusa umfanekiso ofunekayo ngokuthe ngqo kwi-KVM console, okanye usebenzisa iseva yethu ye-PXE.

Umfakeli unojongano lomzobo kwaye uya kubuza imibuzo embalwa kuphela.

1. Khetha idiski apho kufakelo kuya kwenziwa khona. Kwisahluko iinketho Ungakhankanya iinketho ezongezelelweyo zophawulo.

   

2. Chaza izicwangciso zengingqi.

   

3. Chaza igama eligqithisiweyo eliza kusetyenziswa ukugunyazisa umsebenzisi omkhulu kunye nedilesi ye-imeyile yomlawuli.

   

4. Chaza useto lwenethiwekhi. I-FQDN imele igama le-domain eliqeqeshwe ngokupheleleyo, umz. node01.yourcompany.com.

   

5. Emva kokuba ukufakela kugqityiwe, umncedisi unokuphinda aqaliswe ngokusebenzisa iqhosha lokuQalisa kwakhona.

   
   
   Ujongano lolawulo lwewebhu luya kufumaneka apha

   https://IP_адрес_сервера:8006

Yintoni omawuyenze emva kokufaka

Kukho izinto ezimbalwa ezibalulekileyo omele uzenze emva kokufaka iProxmox. Makhe sithethe ngazo zonke iinkcukacha ngakumbi.

Hlaziya isistim kwinguqulelo yamva nje

Ukwenza oku, masiye kwi-console yomncedisi wethu kwaye sikhubaze indawo yokugcina ehlawulwayo (ifumaneka kuphela kwabo bathenge inkxaso ehlawulwayo). Ukuba awukwenzi oku, i-apt iya kuxela impazamo xa ihlaziya imithombo yephakheji.

1. Vula ikhonsoli kwaye uhlele ifayile yoqwalaselo efanelekileyo:

   nano /etc/apt/sources.list.d/pve-enterprise.list

2. Kuya kubakho umgca omnye kuphela kule fayile. Sibeka uphawu phambi kwayo #ukuvala ukufumana uhlaziyo kwindawo yokugcina ehlawulweyo:

   #deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise

3. Isinqumli sekhibhodi Ctrl + X phuma kumhleli ngokuphendula Y xa ubuzwa yinkqubo malunga nokugcina ifayile.
4. Siqhuba umyalelo wokuhlaziya imithombo yephakheji kunye nokuhlaziya inkqubo:

   apt update && apt -y upgrade

Lumkela ukhuseleko

Singacebisa ukufaka eyona nto isetyenziswayo idumileyo Ukusilela2Ban, ekhusela kuhlaselo lwe-password (i-brute force). Umgaqo wokusebenza kwayo kukuba ukuba umhlaseli udlula inani elithile lokuzama ukungena ngexesha elithile kunye nokungena / igama eliyimfihlo elingalunganga, ngoko idilesi yakhe ye-IP iya kuvalwa. Ixesha lokuthintela kunye nenani lemizamo inokuchazwa kwifayile yoqwalaselo.

Ngokusekelwe kumava asebenzayo, ngeveki yokuqhuba umncedisi nge-ssh port evulekileyo 22 kunye nedilesi yangaphandle ye-IPv4 engatshintshiyo, bekukho iinzame ezingaphezu kwe-5000 zokuqikelela igama eliyimfihlo. Kwaye into eluncedo ivalwe ngempumelelo malunga needilesi ze-1500.

Ukugqibezela ukufakelo, nantsi imiyalelo ethile:

1. Vula ikhonsoli yeseva usebenzisa ujongano lwewebhu okanye iSSH.
2. Hlaziya imvelaphi yepakethe:

   apt update

3. Faka iFail2Ban:

   apt install fail2ban

4. Vula ubumbeko oluluncedo ukulungiselela ukuhlela:

   nano /etc/fail2ban/jail.conf

5. Ukutshintsha iinguqu ixesha (inani lemizuzwana apho umhlaseli aya kuvinjwa) kunye maxretry (inani lokungena/ukuzanywa kwegama lokugqitha) kwinkonzo yomntu ngamnye.
6. Isinqumli sekhibhodi Ctrl + X phuma kumhleli ngokuphendula Y xa ubuzwa yinkqubo malunga nokugcina ifayile.
7. Qala kwakhona inkonzo:

   systemctl restart fail2ban

Ungajonga ubume bomsebenzi, umzekelo, susa izibalo zokuvala iidilesi ze-IP ezivaliweyo apho bekukho iinzame zokucinezela amagama ayimfihlo e-SSH, ngomyalelo omnye olula:

fail2ban-client -v status sshd

Impendulo ye-utility iya kujongeka ngolu hlobo:

root@hypervisor:~# fail2ban-client -v status sshd
INFO   Loading configs for fail2ban under /etc/fail2ban
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
Status for the jail: sshd
|- Filter
|  |- Currently failed: 3
|  |- Total failed:     4249
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     410
   `- Banned IP list:

Ngendlela efanayo, unokukhusela i-Web interface kuhlaselo olunjalo ngokwenza umthetho ofanelekileyo. Umzekelo womthetho onjalo weFail2Ban unokufumaneka kuyo incwadi esemthethweni.

Qalisa

Ndingathanda ukutsala ingqalelo yakho kwinto yokuba iProxmox ikulungele ukwenza oomatshini abatsha ngoko nangoko emva kofakelo. Nangona kunjalo, sincoma ukuba ugcwalise useto lwangaphambili ukuze inkqubo ibe nokulawulwa lula kwixesha elizayo. Uqheliselo lubonisa ukuba i-hypervisor kunye noomatshini benyani kufuneka basasazwe kwimidiya eyahlukeneyo yomzimba. Indlela yokwenza oku kuya kuxutyushwa ngezantsi.

Qwalasela iidrive zediski

Inyathelo elilandelayo kukuqwalasela ugcino olungasetyenziselwa ukugcina idatha yomatshini wenyani kunye nee-backups.

QAPHELA! Umzekelo woyilo lwedisk ongezantsi ungasetyenziselwa iinjongo zovavanyo kuphela. Kusetyenziso lwehlabathi lokwenyani, sicebisa ngamandla ukusebenzisa isoftwe okanye ihardware RAID uluhlu ukunqanda ilahleko yedatha xa iidrive zisilela. Siza kukuxelela indlela yokulungisa ngokufanelekileyo uluhlu lwediski yokusebenza kunye nokuba wenze ntoni kwimeko kaxakeka kwelinye lamanqaku alandelayo.

Makhe sicinge ukuba umncedisi wenyama unediski ezimbini − / dev / sda, apho i-hypervisor ifakwe khona kunye nediski engenanto / dev / sdb, ecetywa ukuba isetyenziswe ukugcina idatha yomatshini wenyani. Ukuze inkqubo ibone ugcino olutsha, ungasebenzisa eyona ndlela ilula kunye neyona isebenzayo-yidibanise njengoluhlu oluqhelekileyo. Kodwa ngaphambi koko, kufuneka wenze amanyathelo okulungiselela. Njengomzekelo, makhe sibone indlela yokudibanisa idrayivu entsha / dev / sdb, nabuphi na ubungakanani, ukuyifomatha kwisixokelelwano sefayile ext4.

1. Sahlulahlula idiski, sisenza isahlulelo esitsha:

   fdisk /dev/sdb

2. Cofa iqhosha o okanye g (ukwahlulahlula idiski kwi-MBR okanye kwi-GPT).
3. Okulandelayo, cofa iqhosha n (yenza icandelo elitsha).
4. Kwaye ekugqibeleni w (ukugcina utshintsho).
5. Yenza inkqubo yefayile ye-ext4:

   mkfs.ext4 /dev/sdb1

6. Yenza uvimba weefayili apho siza kufaka isahlulelo:

   mkdir /mnt/storage

7. Vula ifayile yoqwalaselo ukulungiselela ukuhlela:

   nano /etc/fstab

8. Yongeza umgca omtsha apho:

   /dev/sdb1	/mnt/storage	ext4	defaults	0	0

9. Emva kokwenza utshintsho, zigcine ngesinqumli se-keyboard Ctrl + X, ephendula Y kumbuzo womhleli.
10. Ukujonga ukuba yonke into iyasebenza, sithumela iseva ukuba iqalise kwakhona:

    shutdown -r now

11. Emva kokuqalisa kwakhona, jonga izahlulelo ezinyusiweyo:

    df -H

Imveliso yomyalelo kufuneka ibonise oko / dev / sdb1 ifakwe kulawulo /mnt/storage. Oku kuthetha ukuba idrayivu yethu ilungele ukusetyenziswa.

Yongeza indawo yokugcina entsha kwiProxmox

Ngena kwipaneli yokulawula kwaye uye kumacandelo Iziko ledatha ➝ I-Vault ➝ Yongeza ➝ Uluhlu.

Kwifestile evulayo, gcwalisa le mihlaba ilandelayo:

• ID - igama lendawo yokugcina ixesha elizayo;
• Uluhlu - /mnt/storage;
• Umxholo — khetha zonke iinketho (ucofa kukhetho ngalunye ngokulandelelana).

  

Emva koku, cofa iqhosha Yongeza. Oku kugqiba ukuseta.

Yenza umatshini wenyani

Ukwenza umatshini wenyani, yenza olu landelelwano lulandelayo lwezenzo:

1. Sithatha isigqibo malunga noguqulelo lwenkqubo yokusebenza.
2. Khuphela umfanekiso we-ISO kwangaphambili.
3. Khetha kwimenyu I-Vault indawo yokugcina entsha.
4. Push Umxholo ➝ Khuphela.
5. Khetha umfanekiso we-ISO kuluhlu kwaye uqinisekise ukhetho ngokucofa iqhosha Khuphela.

Emva kokuba umsebenzi ugqityiwe, umfanekiso uya kuboniswa kuluhlu lwezinto ezikhoyo.

Masenze umatshini wethu wokuqala onenyani:

1. Push Yenza iVM.
2. Gcwalisa iiparamitha nganye nganye: Igama ➝ ISO-Umfanekiso ➝ Ubungakanani be-hard drive kunye nohlobo ➝ Inani labaqhubekekisi ➝ Ubungakanani be-RAM ➝ Iadaptha yenethiwekhi.
3. Emva kokuba ukhethe zonke iiparamitha ezifunekayo, cofa Ukugqiba. Umatshini owenziweyo uya kuboniswa kwimenyu yepaneli yolawulo.
4. Yikhethe kwaye ucofe Qalisa.
5. Yiya kwindawo Iconsole kwaye ufake isixokelelwano esisebenza kanye ngendlela efanayo naleyo ikwiseva eqhelekileyo eqhelekileyo.

Ukuba ufuna ukwenza omnye umatshini, phinda le misebenzi ingentla. Nje ukuba zonke zilungile, unokusebenzisana nazo ngaxeshanye ngokuvula iifestile ezininzi zeconsole.

Cwangcisa i-autorun

Ngokungagqibekanga, iProxmox ayiqalisi ngokuzenzekelayo oomatshini, kodwa oku kusombululeka ngokulula ngocofa nje kabini:

1. Cofa kwigama lomatshini ofunekayo.
2. Khetha ithebhu Khetha ➝ Qala kwi-boot.
3. Sibeka uphawu ecaleni kombhalo wegama elifanayo.

Ngoku, ukuba iseva yomzimba iqalwe ngokutsha, iVM iya kuqalisa ngokuzenzekelayo.

Kubalawuli abaphambili, kukho kwakhona ithuba lokuchaza iiparameters ezongezelelweyo zokuqalisa kwicandelo Qala/Cima iodolo. Ungacacisa ngokucacileyo ukuba ngowuphi umyalelo oomatshini abafanele baqalwe ngawo. Ungakhankanya kwakhona ixesha ekufuneka lidlule phambi kokuba i-VM elandelayo iqale kunye nexesha lokulibaziseka lokuvala (ukuba inkqubo yokusebenza ayinalo ixesha lokuvala, i-hypervisor iya kuyinyanzela ukuba ivale emva kwenani elithile lemizuzwana).

isiphelo

Eli nqaku lichaze iziseko zendlela yokuqalisa ngeProxmox VE kwaye siyathemba ukuba iya kunceda abaqalayo ukuba bathathe inyathelo lokuqala kwaye bazame i-virtualization kwisenzo.

I-Proxmox VE ngokwenene sisixhobo esinamandla kakhulu kwaye esifanelekileyo kuye nawuphi na umlawuli wenkqubo; Into ephambili kukuba ungoyiki ukuzama kwaye uqonde ukuba isebenza njani ngokwenene.

Ukuba unayo nayiphi na imibuzo, wamkelekile kwizimvo.

umthombo: www.habr.com