Kweli nqaku siza kujonga inani lokhetho kodwa useto oluluncedo:
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
Eli nqaku liyaqhubeka, bona i-oVirt kwiiyure ezi-2 ekuqaleni ΠΈ .
amanqaku
- Iisetingi ezongezelelweyo-Silapha
Iisetingi zomphathi ezongezelelweyo
Ukwenzela lula, siya kufaka iipakethe ezongezelelweyo:
$ sudo yum install bash-completion vimUkuvumela ukugqitywa komyalelo, ukugqitywa kwe-bash kufuna ukutshintshela kwi-bash.
Ukongeza amagama awongezelelweyo e-DNS
Oku kuyakufuneka xa ufuna ukuqhagamshela kumphathi usebenzisa elinye igama (CNAME, alias, okanye igama nje elifutshane ngaphandle kwesimamva sesizinda). Ngenxa yezizathu zokhuseleko, umphathi uvumela uqhagamshelo esebenzisa uluhlu oluvumelekileyo lwamagama kuphela.
Yenza ifayile yoqwalaselo:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.confumxholo olandelayo:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"kwaye uqale phantsi umphathi:
$ sudo systemctl restart ovirt-engineUkuseta uqinisekiso ngeAD
I-oVirt inesiseko somsebenzisi esakhelwe ngaphakathi, kodwa ababoneleli be-LDAP bangaphandle nabo bayaxhaswa, kubandakanywa. A.D.
Eyona ndlela ilula yoqwalaselo oluqhelekileyo kukundulula iwizard kwaye uqalise kwakhona umphathi:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engineUmzekelo womsebenzi wenkosi
$ sudo ovirt-injini-ulwandiso-aaa-ldap-setup
Umiliselo olukhoyo lwe-LDAP:
...
3 - Uvimba weefayili osebenzayo
...
Nceda khetha: 3
Nceda ngenisa igama leHlathi likavimba weefayili: example.com
Nceda khetha iprothokholi oza kuyisebenzisa (qalisa iTLS, ldaps, plain) [qalisa iTLS]:
Nceda ukhethe indlela yokufumana isatifikethi se-CA esinekhowudi ye-PEM (Ifayile, i-URL, i-Inline, iNkqubo, Ukungakhuselekanga): URL
URL:
Ngenisa umsebenzisi wokukhangela i-DN (umzekelo uid=username,dc=example,dc=com okanye ushiye ingenanto ukuze ungaziwa): CN=oVirt-Engine,CN=Abasebenzisi,DC=example,DC=com
Ngenisa igama lokugqithisa lomsebenzisi lokukhangela: *inombolo yokuvula*
[ ULWAZI ] Ukuzama ukubopha usebenzisa 'CN=oVirt-Engine,CN=Users,DC=example,DC=com'
Ngaba uza kusebenzisa iSayino esiNye koomatshini ababonakalayo (Ewe, Hayi) [Ewe]:
Nceda uchaze igama leprofayile eliza kubonakala kubasebenzisi [umzekelo.com]:
Nceda unikezele ngeenkcukacha zovavanyo lokungena:
Ngenisa igama lomsebenzisi: omnyeNabaniMsebenzisi
Ngenisa igama lokugqitha lomsebenzisi:
...
[INFO] Ulandelelwano lokungena lwenziwe ngempumelelo
...
Khetha ulandelelwano lovavanyo oluza kwenziwa (Kwenziwe, Lahla, Ngena, Phendla) [Kwenziwe]:
[INFO] Inqanaba: Ukuseta intengiselwano
...
ISISHWANKATHELO WOQUQUBO
...
Ukusebenzisa iwizard ifanelekile kwiimeko ezininzi. Ulungelelwaniso olunzima, useto lwenziwa ngesandla. Iinkcukacha ezithe vetshe kuxwebhu lwe-oVirt, . Emva kokudibanisa ngempumelelo i-Injini kwi-AD, iprofayili eyongezelelweyo iya kubonakala kwifestile yokudibanisa, kunye nakwithebhu Izimvume Izinto zenkqubo zinamandla okunika iimvume kubasebenzisi be-AD kunye namaqela. Kufuneka kuqatshelwe ukuba i-directory yangaphandle yabasebenzisi kunye namaqela ayinakuba yi-AD kuphela, kodwa kunye ne-IPA, i-eDirectory, njl.
Ukuphindaphinda
Kwindawo yokuvelisa, inkqubo yokugcina kufuneka idibaniswe nomninimzi ngokusebenzisa iindlela ezininzi ezizimeleyo, ezininzi ze-I / O. Njengomthetho, kwi-CentOS (kwaye ke i-oVirt) akukho ngxaki ngokuhlanganisa iindlela ezininzi kwisixhobo (fumana_iindlela ezininzi ewe). Iisetingi ezongezelelweyo zeFCoE zibhalwe ngaphakathi . Kufanelekile ukunikela ingqalelo kwingcebiso yomenzi wenkqubo yokugcina - abaninzi batusa ukusebenzisa umgaqo-nkqubo we-robin ejikelezayo, kodwa ngokungagqibekanga kwi-Enterprise Linux 7-ixesha lenkonzo lisetyenziswa.
Ukusebenzisa i-3PAR njengomzekelo
kunye noxwebhu I-EL yenziwe njengoMamkeli one-Generic-ALUA Persona 2, apho amaxabiso alandelayo angeniswa kwiseto /etc/multipath.conf:
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}Emva koko umyalelo wokuqalisa kwakhona unikwa:
systemctl restart multipathd
Irayisi. I-1 yinkqubo ye-I/O engagqibekanga.
Irayisi. I-2 - ipolisi ye-I / O emininzi emva kokusebenzisa izicwangciso.
Ukumisela ulawulo lwamandla
Ikuvumela ukuba wenze, umzekelo, ukusetwa kwakhona kwehardware yomatshini ukuba i-Injini ayikwazi ukufumana impendulo evela kumamkeli ixesha elide. Iphunyezwe ngeArhente yocingo.
Bala -> Abamkeli -> UMSEBENZI -Hlela -> Ulawulo lwamandla, emva koko uvule "Vumela uLawulo lwaMandla" kwaye wongeze iarhente - "Yongeza iarhente yocingo" -> +.
Sibonisa uhlobo (umzekelo, kwi-iLO5 kufuneka uchaze ilo4), igama/idilesi yojongano lwe-ipmi, kunye negama lomsebenzisi/igama lokugqitha. Kuyacetyiswa ukuba wenze umsebenzisi owahlukileyo (umzekelo, i-oVirt-PM) kwaye, kwimeko ye-ILO, umnike amalungelo akhethekileyo:
- Ngema
- Ikhonsoli ekude
- Amandla oMbane kunye nokuSeta kwakhona
- Imidiya ebonakalayo
- Qwalasela Izicwangciso ze-ILO
- Lawula iiAkhawunti zoMsebenzisi
Sukubuza ukuba kutheni le nto injalo, yakhethwa ngokomthetho. I-arhente yocingo ye-console ifuna amalungelo ambalwa.
Xa ucwangcisa uluhlu lolawulo lokufikelela, kufuneka ukhumbule ukuba i-arhente ayiqhubeki kwi-injini, kodwa kwi-host "emmelwane" (obizwa ngokuba yi-Proxy Management Power), oko kukuthi, ukuba kukho i-node enye kuphela kwiqela, ulawulo lwamandla luya kusebenza ngeke.
Ukumisela i-SSL
Imiyalelo esemthethweni epheleleyo - kwi , Isihlomelo D: oVirt kunye ne-SSL β Ukutshintsha i-oVirt Engine SSL/TLS Certificate.
Isatifikethi sinokuvela kwi-CA yethu yoshishino okanye kugunyaziwe wesatifikethi sorhwebo sangaphandle.
Inqaku elibalulekileyo: Isatifikethi senzelwe ukuqhagamshela kumphathi kwaye asiyi kuchaphazela unxibelelwano phakathi kwe-Injini kunye neendawo zokuhlala - baya kusebenzisa izatifikethi zokuzisayina ezikhutshwe yi-Engine.
Izinto ezifunekayo:
- isatifikethi sokukhutshwa kwe-CA kwifomathi ye-PEM, kunye nekhonkco lonke ukuya kwingcambu ye-CA (ukusuka kwi-CA ekhuphayo ephantsi ekuqaleni ukuya kwingcambu ekupheleni);
- isatifikethi se-Apache esikhutshwe yi-CA ekhutshwayo (ekwancediswa likhonkco lonke lezatifikethi ze-CA);
- iqhosha labucala le-Apache, ngaphandle kwegama lokugqitha.
Masicinge ukuba ukukhutshwa kwethu kwe-CA kuqhuba i-CentOS, ebizwa ngokuba yi-subca.example.com, kwaye izicelo, izitshixo, kunye nezatifikethi zibekwe kwi-/etc/pki/tls/ directory.
Senza ii-backups kwaye senze uluhlu lwexeshana:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certsKhuphela izatifikethi, zenze kwindawo yakho yokusebenza okanye uzidlulisele ngenye indlela efanelekileyo:
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certsNgenxa yoko, kuya kufuneka ubone zonke iifayile ezi-3:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.keyUkuhlohla izatifikethi
Khuphela iifayile kwaye uhlaziye uluhlu lwethemba:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.serviceYongeza/uhlaziye iifayile zoqwalaselo:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.confENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.confSSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cerOkulandelayo, qala ngokutsha zonke iinkonzo ezichaphazelekayo:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.serviceUlungile! Lixesha lokuba uqhagamshele kumphathi kwaye ujonge ukuba unxibelelwano lukhuselwe sisatifikethi esisayiniweyo se-SSL.
Ugcino lwamaxwebhu
Besiya kuba phi ngaphandle kwakhe? Kweli candelo siza kuthetha ngogcino lomphathi; ugcino lwe-VM ngumba owahlukileyo. Siza kwenza iikopi zoovimba kanye ngemini kwaye sizigcine nge-NFS, umzekelo, kwinkqubo efanayo apho sibeke khona imifanekiso ye-ISO - mynfs1.example.com:/exports/ovirt-backup. Akukhuthazwa ukugcina oovimba kumatshini ofanayo apho iNjini isebenza khona.
Faka kwaye uvule i-autofs:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofsMasenze iskripthi:
$ sudo vim /etc/cron.daily/make.oVirt.backup.shumxholo olandelayo:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;Ukwenza ifayile iphunyezwe:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.shNgoku busuku ngabunye siya kufumana uvimba weesetingi zomphathi.
Ujongano lolawulo lomamkeli
-Ujongano lwangoku lolawulo lweenkqubo zeLinux. Kule meko, yenza indima efanayo kwi-intanethi yewebhu ye-ESXi.
Irayisi. 3 - ukubonakala kwephaneli.
Ukufakela kulula kakhulu, udinga iipakethi ze-cockpit kunye neplagin ye-cockpit-ovirt-dashboard:
$ sudo yum install cockpit cockpit-ovirt-dashboard -yUkuvula i-Cockpit:
$ sudo systemctl enable --now cockpit.socketUkuseta iFirewall:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanentNgoku ungaqhagamshela kumamkeli: https://[Host IP or FQDN]:9090
Ii-VLAN
Kuya kufuneka ufunde ngakumbi malunga neenethiwekhi kwi . Kukho izinto ezininzi ezinokwenzeka, apha siza kuchaza ukudibanisa iinethiwekhi zenyani.
Ukudibanisa ezinye ii-subnets, kufuneka zichazwe kuqala kuqwalaselo: Inethiwekhi -> Iinethiwekhi -> Entsha, apha kuphela igama liyintsimi efunekayo; Uthungelwano lweVM ibhokisi yokukhangela, evumela oomatshini basebenzise lomsebenzi womnatha, yenziwe, kodwa ukudibanisa ithegi kufuneka yenziwe. Vula ukuthegiswa kweVLAN, ngenisa inombolo yeVLAN kwaye ucofe u-Kulungile.
Ngoku kufuneka uye kwiKhompyutha yenginginya -> Inginginya -> kvmNN -> Unxibelelwano lweNethiwekhi -> Seta iiNethiwekhi zomamkeli. Tsala inethwekhi eyongeziweyo ukusuka kwicala lasekunene Lothungelwano oluNgabelwanga ngokuQinisekayo ukuya ekhohlo kuNethiwekhi eBekelwe uQoqosho:
Irayisi. 4 - phambi kokuba wongeze inethiwekhi.
Irayisi. I-5 - emva kokongeza inethiwekhi.
Ukudibanisa iinethiwekhi ezininzi kumamkeli ngobuninzi, kulungele ukwabela ilebhile (ii) kubo xa usenza uthungelwano, kwaye wongeze uthungelwano ngeelebhile.
Emva kokuba uthungelwano lwenziwe, iinginginya ziya kungena kwimo engaSebenziyo de inethiwekhi yongezwe kuzo zonke iindawo kwiqela. Oku kuziphatha kubangelwa yi Funa Zonke iflegi kwi Cluster tab xa usenza umsebenzi womnatha omtsha. Kwimeko xa inethiwekhi ingafuneki kuzo zonke iindawo zeqela, le flegi inokukhutshazwa, emva koko xa inethiwekhi idityanisiwe kumamkeli, iya kuba ngasekunene kwicandelo elingafunwayo kwaye ungakhetha ukuba uqhagamshelane. kumamkeli othile.
Irayisi. 6-khetha uphawu lwemfuneko yenethiwekhi.
I-HPE ethile
Phantse bonke abavelisi banezixhobo eziphucula ukusetyenziswa kweemveliso zabo. Ukusebenzisa i-HPE njengomzekelo, i-AMS (i-Agentless Management Service, amsd ye-ILO5, i-hp-ams ye-iLO4) kunye ne-SSA (i-Smart Storage Administrator, esebenza nomlawuli wediski), njl.
Ukuqhagamshela indawo yokugcina ye-HPE
Sithatha ngaphandle isitshixo kwaye siqhagamshele oovimba be-HPE:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repoumxholo olandelayo:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcpJonga imixholo yokugcina kunye nolwazi lwephakheji (ukwenzela ireferensi):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsdUkuhlohla kunye nokuqaliswa:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsdUmzekelo wesixhobo sokusebenza kunye nomlawuli wedisk
Kuphelele apho okwangoku. Kumanqaku alandelayo ndiceba ukuthetha malunga nokusebenza okusisiseko kunye nezicelo. Umzekelo, uyenza njani i-VDI kwi-oVirt.
umthombo: www.habr.com