Ninu nkan yii a yoo wo nọmba aṣayan ṣugbọn awọn eto to wulo:
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
Nkan yii jẹ itesiwaju, wo oVirt ni awọn wakati 2 fun ibẹrẹ и .
Ìwé
- Awọn eto afikun - A wa nibi
Awọn eto oluṣakoso afikun
Fun irọrun, a yoo fi awọn idii afikun sii:
$ sudo yum install bash-completion vimLati mu ipari pipaṣẹ ṣiṣẹ, bash-ipari nilo iyipada si bash.
Fifi afikun awọn orukọ DNS
Eyi yoo nilo nigbati o nilo lati sopọ si oluṣakoso ni lilo orukọ yiyan (CNAME, inagijẹ, tabi orukọ kukuru kan laisi suffix agbegbe). Fun awọn idi aabo, oluṣakoso gba awọn asopọ laaye nikan ni lilo atokọ ti a gba laaye ti awọn orukọ.
Ṣẹda faili iṣeto kan:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.confakoonu wọnyi:
SSO_ALTERNATE_ENGINE_FQDNS="ovirt.example.com some.alias.example.com ovirt"ki o tun bẹrẹ oluṣakoso naa:
$ sudo systemctl restart ovirt-engineṢiṣeto ìfàṣẹsí nipasẹ AD
oVirt ni ipilẹ olumulo ti a ṣe sinu, ṣugbọn awọn olupese LDAP ita tun ni atilẹyin, pẹlu. A.D.
Ọna ti o rọrun julọ fun iṣeto aṣoju ni lati ṣe ifilọlẹ oluṣeto naa ki o tun oluṣakoso naa bẹrẹ:
$ sudo yum install ovirt-engine-extension-aaa-ldap-setup
$ sudo ovirt-engine-extension-aaa-ldap-setup
$ sudo systemctl restart ovirt-engineApeere ti a titunto si ká iṣẹ
$ sudo ovirt-engine-itẹsiwaju-aaa-ldap-setup
Awọn imuse LDAP ti o wa:
...
3 - Iroyin Directory
...
Jọwọ yan: 3
Jọwọ tẹ orukọ Igbo Directory Active sii: example.com
Jọwọ yan ilana lati lo (startTLS, ldaps, pẹtẹlẹ) [ibẹrẹTLS]:
Jọwọ yan ọna lati gba PEM koodu CA ijẹrisi (Faili, URL, Inline, Eto, Ailewu): URL
URL:
Tẹ olumulo wiwa DN (fun apẹẹrẹ uid=orukọ olumulo,dc=apẹẹrẹ,dc=com tabi fi silẹ fun alailorukọ): CN=oVirt-Engine,CN=Awọn olumulo,DC=apẹẹrẹ,DC=com
Tẹ ọrọ igbaniwọle olumulo wiwa: *ọrọigbaniwọle*
[ INFO ] Ngbiyanju lati dipọ nipa lilo 'CN=oVirt-Engine,CN=Awọn olumulo,DC=apẹẹrẹ,DC=com'
Ṣe iwọ yoo lo Wọle Kan Kan fun Awọn ẹrọ Foju (Bẹẹni, Bẹẹkọ) [Bẹẹni]:
Jọwọ pato orukọ profaili ti yoo han si awọn olumulo [apẹẹrẹ.com]:
Jọwọ pese awọn iwe-ẹri lati ṣe idanwo sisan iwọle:
Tẹ orukọ olumulo sii: Diẹ ninu Olumulo
Tẹ ọrọ igbaniwọle olumulo sii:
...
[INFO] Ilana iwọle ti ṣiṣẹ ni aṣeyọri
...
Yan ọkọọkan idanwo lati ṣiṣẹ (Ti ṣe, Paarẹ, Wọle, Wa) [Ti ṣe]:
[INFO] Ipele: Eto iṣowo
...
Akopọ iṣeto ni
...
Lilo oluṣeto naa dara fun ọpọlọpọ awọn ọran. Fun awọn atunto idiju, awọn eto ni a ṣe pẹlu ọwọ. Awọn alaye diẹ sii ninu iwe oVirt, . Lẹhin ti o ti sopọ mọ ẹrọ ni ifijišẹ si AD, profaili afikun yoo han ni window asopọ, ati lori taabu awọn igbanilaaye Awọn nkan eto ni agbara lati fun awọn igbanilaaye si awọn olumulo AD ati awọn ẹgbẹ. O yẹ ki o ṣe akiyesi pe itọsọna ita ti awọn olumulo ati awọn ẹgbẹ le kii ṣe AD nikan, ṣugbọn tun IPA, eDirectory, ati bẹbẹ lọ.
Ipọpọ pupọ
Ni agbegbe iṣelọpọ, eto ipamọ gbọdọ wa ni asopọ si agbalejo nipasẹ ominira pupọ, awọn ọna I / O pupọ. Gẹgẹbi ofin, ni CentOS (ati nitorinaa oVirt) ko si awọn iṣoro pẹlu apejọ awọn ọna pupọ si ẹrọ kan (find_multipaths bẹẹni). Awọn eto afikun fun FCoE ni a kọ sinu . O tọ lati san ifojusi si iṣeduro ti olupese eto ipamọ - ọpọlọpọ ṣe iṣeduro lilo eto imulo iyipo-robin, ṣugbọn nipasẹ aiyipada ni Idawọlẹ Linux 7 akoko-iṣẹ ti lo.
Lilo 3PAR bi apẹẹrẹ
ati iwe A ṣẹda EL gẹgẹbi Olugbalejo pẹlu Generic-ALUA Persona 2, fun eyiti awọn iye wọnyi ti wa ni titẹ si awọn eto /etc/multipath.conf:
defaults {
polling_interval 10
user_friendly_names no
find_multipaths yes
}
devices {
device {
vendor "3PARdata"
product "VV"
path_grouping_policy group_by_prio
path_selector "round-robin 0"
path_checker tur
features "0"
hardware_handler "1 alua"
prio alua
failback immediate
rr_weight uniform
no_path_retry 18
rr_min_io_rq 1
detect_prio yes
fast_io_fail_tmo 10
dev_loss_tmo "infinity"
}
}Lẹhin eyi aṣẹ lati tun bẹrẹ ni a fun:
systemctl restart multipathd
Iresi. 1 ni aiyipada ọpọ I/O imulo.
Iresi. 2 - Ilana I / O pupọ lẹhin lilo awọn eto.
Ṣiṣeto iṣakoso agbara
Gba ọ laaye lati ṣe, fun apẹẹrẹ, atunto ohun elo ẹrọ ti ẹrọ naa ko ba le gba esi lati ọdọ Gbalejo fun igba pipẹ. Ti ṣe nipasẹ Aṣoju Fence.
Iṣiro -> Awọn ogun -> HOST - Ṣatunkọ -> Isakoso Agbara, lẹhinna mu ṣiṣẹ “Mu iṣakoso agbara ṣiṣẹ” ki o ṣafikun aṣoju kan - “Ṣafikun Aṣoju Fence” -> +.
A tọka si iru (fun apẹẹrẹ, fun iLO5 o nilo lati pato ilo4), orukọ / adirẹsi ti wiwo ipmi, bakanna bi orukọ olumulo / ọrọ igbaniwọle. O gba ọ niyanju lati ṣẹda olumulo lọtọ (fun apẹẹrẹ, oVirt-PM) ati, ninu ọran ti iLO, fun ni awọn anfani:
- Wo ile
- Isakoṣo latọna jijin
- Foju Power ati Tun
- Media Foju
- Tunto ILO Eto
- Ṣe abojuto Awọn akọọlẹ olumulo
Maṣe beere idi ti eyi fi jẹ bẹ, o ti yan ni agbara. Aṣoju adaṣe adaṣe console nilo awọn ẹtọ diẹ.
Nigbati o ba ṣeto awọn atokọ iṣakoso wiwọle, o yẹ ki o ranti pe aṣoju ko ṣiṣẹ lori ẹrọ, ṣugbọn lori agbalejo “aládùúgbò” (eyiti a pe ni Aṣoju Iṣakoso Iṣakoso), ie, ti o ba wa ni apa kan nikan ninu iṣupọ, iṣakoso agbara yoo ṣiṣẹ yoo ko.
Ṣiṣeto SSL
Full osise ilana - ni , Àfikún D: oVirt ati SSL - Rirọpo oVirt Engine SSL/TLS Certificate.
Ijẹrisi le jẹ boya lati CA ajọ-ajo wa tabi lati ọdọ aṣẹ ijẹrisi iṣowo ita.
Akiyesi pataki: Iwe-ẹri naa jẹ ipinnu fun sisopọ si oluṣakoso ati pe kii yoo ni ipa lori ibaraẹnisọrọ laarin Enjini ati awọn apa - wọn yoo lo awọn iwe-ẹri ti ara ẹni ti o funni nipasẹ Ẹrọ naa.
Awọn ibeere:
- ijẹrisi ti ipinfunni CA ni ọna kika PEM, pẹlu gbogbo pq soke si root CA (lati ipinfunni ti o wa labẹ CA ni ibẹrẹ si gbongbo ni ipari);
- ijẹrisi fun Apache ti o funni nipasẹ CA ti o funni (tun ṣe afikun nipasẹ gbogbo pq ti awọn iwe-ẹri CA);
- bọtini ikọkọ fun Apache, laisi ọrọ igbaniwọle.
Jẹ ki a ro pe ipinfunni CA n ṣiṣẹ CentOS, ti a pe ni subca.example.com, ati awọn ibeere, awọn bọtini, ati awọn iwe-ẹri wa ninu /etc/pki/tls/ directory.
A ṣe awọn afẹyinti ati ṣẹda itọsọna igba diẹ:
$ sudo cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.`date +%F`
$ sudo cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.`date +%F`
$ sudo mkdir /opt/certs
$ sudo chown mgmt.mgmt /opt/certsṢe igbasilẹ awọn iwe-ẹri, ṣe lati ibi iṣẹ rẹ tabi gbe lọ ni ọna irọrun miiran:
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/cachain.pem [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]:/etc/pki/tls/private/ovirt.key [email protected]:/opt/certs
[myuser@mydesktop] $ scp -3 [email protected]/etc/pki/tls/certs/ovirt.crt [email protected]:/opt/certsBi abajade, o yẹ ki o wo gbogbo awọn faili 3:
$ ls /opt/certs
cachain.pem ovirt.crt ovirt.keyAwọn iwe-ẹri fifi sori ẹrọ
Daakọ awọn faili ki o ṣe imudojuiwọn awọn atokọ igbẹkẹle:
$ sudo cp /opt/certs/cachain.pem /etc/pki/ca-trust/source/anchors
$ sudo update-ca-trust
$ sudo rm /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/cachain.pem /etc/pki/ovirt-engine/apache-ca.pem
$ sudo cp /opt/certs/ovirt03.key /etc/pki/ovirt-engine/keys/apache.key.nopass
$ sudo cp /opt/certs/ovirt03.crt /etc/pki/ovirt-engine/certs/apache.cer
$ sudo systemctl restart httpd.serviceṢafikun/ṣe imudojuiwọn awọn faili atunto:
$ sudo vim /etc/ovirt-engine/engine.conf.d/99-custom-truststore.confENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""$ sudo vim /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.confSSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass$ sudo vim /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf# Key file for SSL connections
ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
# Certificate file for SSL connections
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cerNigbamii, tun bẹrẹ gbogbo awọn iṣẹ ti o kan:
$ sudo systemctl restart ovirt-provider-ovn.service
$ sudo systemctl restart ovirt-imageio-proxy
$ sudo systemctl restart ovirt-websocket-proxy
$ sudo systemctl restart ovirt-engine.serviceṢetan! O to akoko lati sopọ si oluṣakoso ati ṣayẹwo pe asopọ naa ni aabo nipasẹ ijẹrisi SSL ti o fowo si.
Ifipamọ
Nibo ni a yoo wa laisi rẹ? Ni apakan yii a yoo sọrọ nipa fifipamọ oluṣakoso; fifipamọ VM jẹ ọran lọtọ. A yoo ṣe awọn ẹda pamosi lẹẹkan ni ọjọ kan ati tọju wọn nipasẹ NFS, fun apẹẹrẹ, lori eto kanna nibiti a ti gbe awọn aworan ISO - mynfs1.example.com:/exports/ovirt-backup. A ko ṣe iṣeduro lati tọju awọn ile-ipamọ sori ẹrọ kanna nibiti Enjini nṣiṣẹ.
Fi sori ẹrọ ati mu awọn autofs ṣiṣẹ:
$ sudo yum install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofsJẹ ki a ṣẹda iwe afọwọkọ kan:
$ sudo vim /etc/cron.daily/make.oVirt.backup.shakoonu wọnyi:
#!/bin/bash
datetime=`date +"%F.%R"`
backupdir="/net/mynfs01.example.com/exports/ovirt-backup"
filename="$backupdir/`hostname --short`.`date +"%F.%R"`"
engine-backup --mode=backup --scope=all --file=$filename.data --log=$filename.log
#uncomment next line for autodelete files older 30 days
#find $backupdir -type f -mtime +30 -exec rm -f {} ;Ṣiṣe faili naa ni ṣiṣe:
$ sudo chmod a+x /etc/cron.daily/make.oVirt.backup.shBayi ni gbogbo alẹ a yoo gba iwe-ipamọ ti awọn eto oluṣakoso.
Gbalejo isakoso ni wiwo
- wiwo iṣakoso ode oni fun awọn eto Linux. Ni idi eyi, o ṣe ipa kan ti o jọra si wiwo wẹẹbu ESXi.
Iresi. 3 - irisi ti nronu.
Fifi sori jẹ rọrun pupọ, o nilo awọn idii cockpit ati ohun itanna cockpit-ovirt-dashboard:
$ sudo yum install cockpit cockpit-ovirt-dashboard -yMuu Cockpit ṣiṣẹ:
$ sudo systemctl enable --now cockpit.socketEto ogiriina:
sudo firewall-cmd --add-service=cockpit
sudo firewall-cmd --add-service=cockpit --permanentBayi o le sopọ si agbalejo: https://[Gbigbelejo IP tabi FQDN]:9090
VLANs
O yẹ ki o ka diẹ ẹ sii nipa awọn nẹtiwọki ni . Ọpọlọpọ awọn aye wa, nibi a yoo ṣe apejuwe sisopọ awọn nẹtiwọọki foju.
Lati sopọ awọn subnets miiran, wọn gbọdọ kọkọ ṣapejuwe ninu iṣeto ni: Nẹtiwọọki -> Awọn nẹtiwọki -> Titun, nibi nikan orukọ ni aaye ti a beere; Apoti Nẹtiwọọki VM, eyiti ngbanilaaye awọn ẹrọ lati lo nẹtiwọọki yii, ti ṣiṣẹ, ṣugbọn lati so aami naa gbọdọ ṣiṣẹ Muu VLAN ṣiṣẹ, tẹ nọmba VLAN sii ki o tẹ O DARA.
Bayi o nilo lati lọ si Iṣiro ogun -> Awọn ọmọ-ogun -> kvmNN -> Awọn atọkun Nẹtiwọọki -> Ṣeto Awọn Nẹtiwọọki Gbalejo. Fa nẹtiwọọki ti a fikun lati apa ọtun ti Awọn Nẹtiwọọki Igbọnmọ Ti a ko sọtọ si apa osi sinu Awọn Nẹtiwọọki Igbọnmọ Ti a sọtọ:
Iresi. 4 - ṣaaju fifi nẹtiwọki kan kun.
Iresi. 5 - lẹhin fifi nẹtiwọki kan kun.
Lati so awọn nẹtiwọọki pupọ pọ si agbalejo ni olopobobo, o rọrun lati fi aami (s) si wọn nigba ṣiṣẹda awọn nẹtiwọọki, ati ṣafikun awọn nẹtiwọọki nipasẹ awọn aami.
Lẹhin ti nẹtiwọọki ti ṣẹda, awọn ọmọ-ogun yoo lọ si ipo ti kii ṣiṣẹ titi ti nẹtiwọọki yoo fi kun si gbogbo awọn apa inu iṣupọ naa. Ihuwasi yii jẹ idi nipasẹ Beere Gbogbo asia lori taabu iṣupọ nigba ṣiṣẹda nẹtiwọki titun kan. Ninu ọran nigbati nẹtiwọọki ko ba nilo lori gbogbo awọn apa ti iṣupọ, asia yii le jẹ alaabo, lẹhinna nigba ti a ba ṣafikun nẹtiwọọki si agbalejo kan, yoo wa ni apa ọtun ni apakan Ko beere ati pe o le yan boya lati sopọ o si kan pato ogun.
Iresi. 6 — yan abuda ibeere nẹtiwọki kan.
HPE ni pato
Fere gbogbo awọn aṣelọpọ ni awọn irinṣẹ ti o mu ilọsiwaju lilo awọn ọja wọn dara. Lilo HPE gẹgẹbi apẹẹrẹ, AMS (Iṣẹ Iṣakoso Aṣoju, amsd fun iLO5, hp-ams fun iLO4) ati SSA (Alabojuto Ibi ipamọ Smart, ṣiṣẹ pẹlu oludari disk), ati bẹbẹ lọ jẹ iwulo.
Nsopọ ibi ipamọ HPE
A gbe bọtini wọle ati so awọn ibi ipamọ HPE:
$ sudo rpm --import https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
$ sudo vim /etc/yum.repos.d/mcp.repoakoonu wọnyi:
[mcp]
name=Management Component Pack
baseurl=http://downloads.linux.hpe.com/repo/mcp/centos/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcp
[spp]
name=Service Pack for ProLiant
baseurl=http://downloads.linux.hpe.com/SDR/repo/spp/RHEL/$releasever/$basearch/current/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-mcpWo awọn akoonu ibi ipamọ ati alaye package (fun itọkasi):
$ sudo yum --disablerepo="*" --enablerepo="mcp" list available
$ yum info amsdFifi sori ẹrọ ati ifilọlẹ:
$ sudo yum install amsd ssacli
$ sudo systemctl start amsdApeere ti ohun elo fun ṣiṣẹ pẹlu oludari disk kan
Iyẹn ni gbogbo fun bayi. Ninu awọn nkan atẹle Mo gbero lati sọrọ nipa diẹ ninu awọn iṣẹ ipilẹ ati awọn ohun elo. Fun apẹẹrẹ, bi o ṣe le ṣe VDI ni oVirt.
orisun: www.habr.com