Namuhla sizokhuluma ngendlela yokuthumela ngokushesha futhi kalula amaseva amaningana abonakalayo anezinhlelo zokusebenza ezihlukene kuseva eyodwa yomzimba. Lokhu kuzovumela noma yimuphi umlawuli wesistimu ukuthi aphathe yonke ingqalasizinda ye-IT yenkampani futhi onge inani elikhulu lezinsiza. Ukusetshenziswa kwe-virtualization kusiza ukukhipha ngangokunokwenzeka kusuka ku-hardware yesiphakeli somzimba, ukuvikela izinsizakalo ezibucayi futhi ubuyisele kalula ukusebenza kwazo ngisho noma kwenzeka ukwehluleka okukhulu kakhulu.
Ngaphandle kokungabaza, iningi labaphathi besistimu bajwayelene namasu okusebenza ngendawo ebonakalayo futhi kubo lesi sihloko ngeke sibe nokutholwa. Naphezu kwalokhu, kunezinkampani ezingasebenzisi ngokunenzuzo ukuguquguquka nokusheshisa kwezixazululo ezibonakalayo ngenxa yokuntuleka kolwazi olunembile ngazo. Sithemba ukuthi i-athikili yethu izokusiza uqonde ngesibonelo ukuthi kulula kakhulu ukuqala ukusebenzisa i-virtualization kanye kunokuzwa ukuphazamiseka nokushiyeka kwengqalasizinda yomzimba.
Ngenhlanhla, kulula kakhulu ukuzama ukuthi i-virtualization isebenza kanjani. Sizobonisa indlela yokwakha iseva endaweni ebonakalayo, isibonelo, ukudlulisa uhlelo lwe-CRM olusetshenziswa enkampanini. Cishe noma iyiphi iseva ebonakalayo ingashintshwa ibe yi-virtual, kodwa okokuqala udinga ukuqonda amasu okusebenza ayisisekelo. Lokhu kuzoxoxwa ngakho ngezansi.
Isebenza kanjani
Uma kukhulunywa nge-virtualization, ongoti abaningi be-novice bakuthola kunzima ukuqonda amagama, ngakho-ke ake sichaze imiqondo embalwa eyisisekelo:
- I-Hypervisor - isoftware ekhethekile ekuvumela ukuthi udale futhi uphathe imishini ebonakalayo;
- Umshini obonakalayo (ngemuva kwalokhu okubizwa ngokuthi i-VM) kuwuhlelo oluyiseva enengqondo ngaphakathi kwenyama enesethi yayo yezimpawu, amadrayivu nohlelo lokusebenza;
- I-Virtualization Host - iseva ebonakalayo ene-hypervisor esebenza kuyo.
Ukuze iseva isebenze njengomsingathi ogcwele we-virtualization, iphrosesa yayo kufanele isekele obunye kobuchwepheshe obubili - kungaba i-Intel® VT noma i-AMD-V™. Bobabili ubuchwepheshe benza umsebenzi obaluleke kakhulu wokuhlinzeka ngezinsiza ze-server hardware emishinini ebonakalayo.
Isici esiyinhloko ukuthi noma yiziphi izenzo zemishini ebonakalayo zenziwa ngokuqondile ezingeni le-hardware. Ngesikhathi esifanayo, zihlukanisiwe komunye nomunye, okwenza kube lula ukuzilawula ngokwehlukana. I-hypervisor ngokwayo idlala indima yesiphathimandla sokuqondisa, ukusabalalisa izinsiza, izindima kanye nezinto eziza kuqala phakathi kwazo. I-hypervisor iphinde ilingise leyo ngxenye yehadiwe edingekayo ukuze kusebenze kahle uhlelo lokusebenza.
Ukwethulwa kwe-virtualization kwenza kube nokwenzeka ukuba namakhophi amaningana asebenzayo eseva eyodwa. Ukwehluleka okubalulekile noma iphutha phakathi nenqubo yokwenza izinguquko kukhophi enjalo ngeke kuthinte nganoma iyiphi indlela ukusebenza kwesevisi yamanje noma isicelo. Lokhu futhi kuqeda izinkinga ezimbili eziyinhloko - ukukala kanye nekhono lokugcina "i-zoo" yezinhlelo zokusebenza ezihlukene kuhadiwe efanayo. Leli yithuba elihle lokuhlanganisa izinsiza ezihlukahlukene ngaphandle kwesidingo sokuthenga imishini ehlukene ngayinye yazo.
I-Virtualization ithuthukisa ukubekezelelwa kwamaphutha kwezinsizakalo nezinhlelo zokusebenza ezisetshenzisiwe. Ngisho noma iseva ebonakalayo yehluleka futhi idinga ukushintshwa ngomunye, yonke ingqalasizinda ebonakalayo izohlala isebenza ngokugcwele, inqobo nje uma imidiya yediski injalo. Kulokhu, iseva ebonakalayo kungenzeka isuka kumkhiqizi ohluke ngokuphelele. Lokhu kuyiqiniso ikakhulukazi ezinkampanini ezisebenzisa amaseva anqanyuliwe futhi kuzodingeka zithuthele kwamanye amamodeli.
Manje sibhala ama-hypervisors aziwa kakhulu akhona namuhla:
- I-VMware ESXi
- I-Microsoft Hyper-V
- Vula i-Virtualization Alliance KVM
- I-Oracle VM VirtualBox
Zonke ziphelele, kodwa-ke, ngayinye yazo inezici ezithile okufanele zihlale zicatshangelwa esigabeni sokukhetha: izindleko zokuthunyelwa / ukugcinwa kanye nezici zobuchwepheshe. Izindleko zamalayisense okuhweba e-VMware ne-Hyper-V ziphezulu kakhulu, futhi uma kwenzeka ukwehluleka, kunzima kakhulu ukuxazulula inkinga ngalezi zinhlelo ngokwakho.
I-KVM, ngakolunye uhlangothi, imahhala ngokuphelele futhi kulula ukuyisebenzisa, ikakhulukazi njengengxenye yesisombululo esenziwe ngomumo se-Debian Linux esibizwa nge-Proxmox Virtual Environment. Singancoma le sistimu ukuze sijwayelane nomhlaba wengqalasizinda ebonakalayo.
Ungayifaka kanjani ngokushesha i-Proxmox VE hypervisor
Ukufakwa ngokuvamile akuphakamisi mibuzo. Landa inguqulo yamanje yesithombe futhi uyibhale kunoma iyiphi imidiya yangaphandle usebenzisa insiza (ku-Linux kusetshenziswa umyalo we-dd), ngemva kwalokho sivula iseva ngokuqondile kule midiya. Amakhasimende ethu aqasha amaseva azinikele kithi angasebenzisa izindlela ezimbili ezilula nakakhulu - ngokumane akhweze isithombe esisifunayo ngokuqondile kukhonsoli ye-KVM, noma asebenzise .
Isifaki sinesithombe esibonakalayo futhi sizobuza imibuzo embalwa kuphela.
- Khetha idiski lapho ukufakwa kuzokwenziwa khona. Esahlukweni Izinketho Ungaphinda ucacise izinketho ezengeziwe zomaka.
- Cacisa izilungiselelo zesifunda.
- Cacisa iphasiwedi ezosetshenziswa ukugunyaza umsebenzisi omkhulu wezimpande kanye nekheli le-imeyili lomlawuli.
- Cacisa izilungiselelo zenethiwekhi. I-FQDN imele igama lesizinda eliqeqeshwe ngokugcwele, isb. node01.yourcompany.com.
- Ngemuva kokuthi ukufakwa sekuqediwe, iseva ingaqalwa kabusha kusetshenziswa inkinobho ethi Qalisa kabusha.
I-interface yokuphatha iwebhu izotholakala ku-https://IP_адрес_сервера:8006
Okufanele ukwenze ngemva kokufaka
Kunezinto ezimbalwa ezibalulekile okufanele uzenze ngemuva kokufaka i-Proxmox. Ake sixoxe mayelana ngamunye wabo ngokuningiliziwe.
Buyekeza isistimu ibe yinguqulo yakamuva
Ukwenza lokhu, ake siye kukhonsoli yeseva yethu futhi sikhubaze indawo yokugcina ekhokhelwayo (itholakala kuphela kulabo abathenge ukwesekwa okukhokhelwayo). Uma ungakwenzi lokhu, i-apt izobika iphutha lapho ibuyekeza imithombo yephakheji.
- Vula ikhonsoli bese uhlela ifayela lokumisa le-apt:
nano /etc/apt/sources.list.d/pve-enterprise.list - Kuzoba nomugqa owodwa kuphela kuleli fayela. Sibeka uphawu phambi kwalo #ukukhubaza ukwamukela izibuyekezo ezivela endaweni ekhokhelwayo:
#deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise - Isinqamuleli sekhibhodi Ctrl + X phuma kumhleli ngokuphendula Y lapho ebuzwa uhlelo mayelana nokulondoloza ifayela.
- Sisebenzisa umyalo wokuvuselela imithombo yephakheji futhi sibuyekeze isistimu:
apt update && apt -y upgrade
Nakekela ukuphepha
Singancoma ukufaka insiza edume kakhulu I-Fail2Ban, evikela ekuhlaselweni kwephasiwedi (i-brute force). Umgomo wokusebenza kwawo ukuthi uma umhlaseli edlula inombolo ethile yemizamo yokungena phakathi nesikhathi esinqunyiwe ngokungena ngemvume/iphasiwedi engalungile, khona-ke ikheli lakhe le-IP lizovinjelwa. Isikhathi sokuvimbela kanye nenombolo yemizamo ingacaciswa kufayela lokumisa.
Ngokusekelwe kokuhlangenwe nakho okungokoqobo, phakathi neviki lokuqalisa iseva ene-ssh port 22 evulekile kanye nekheli langaphandle le-IPv4 elimile, kube nemizamo engaphezu kuka-5000 yokuqagela iphasiwedi. Futhi insiza ivimbe ngempumelelo amakheli angaba ngu-1500.
Ukuze uqedele ukufaka, nansi eminye imiyalelo:
- Vula ikhonsoli yeseva usebenzisa isixhumi esibonakalayo sewebhu noma i-SSH.
- Buyekeza imithombo yephakheji:
apt update - Faka i-Fail2Ban:
apt install fail2ban - Vula ukulungiselelwa kokusetshenziswa ukuze uhlele:
nano /etc/fail2ban/jail.conf - Ukushintsha okuguquguqukayo isikhathi (inani lamasekhondi lapho umhlaseli ezovinjwa khona) kanye i-maxretry (inombolo yemizamo yokungena/yokufaka iphasiwedi) kusevisi ngayinye ngayinye.
- Isinqamuleli sekhibhodi Ctrl + X phuma kumhleli ngokuphendula Y lapho ebuzwa uhlelo mayelana nokulondoloza ifayela.
- Qala kabusha isevisi:
systemctl restart fail2ban
Ungahlola isimo sokusetshenziswa, isibonelo, susa izibalo zokuvinjwa zamakheli e-IP avinjiwe lapho kube nemizamo yokuhlukumeza amaphasiwedi e-SSH, ngomyalo owodwa olula:
fail2ban-client -v status sshdImpendulo yohlelo lokusebenza izobukeka kanje:
root@hypervisor:~# fail2ban-client -v status sshd
INFO Loading configs for fail2ban under /etc/fail2ban
INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO Using socket file /var/run/fail2ban/fail2ban.sock
Status for the jail: sshd
|- Filter
| |- Currently failed: 3
| |- Total failed: 4249
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 410
`- Banned IP list:Ngendlela efanayo, ungavikela isixhumi esibonakalayo seWebhu ekuhlaselweni okunjalo ngokwakha umthetho ofanelekile. Isibonelo somthetho onjalo we-Fail2Ban ungatholakala ku .
Ukuqalisa
Ngingathanda ukudonsela ukunaka kwakho eqinisweni lokuthi i-Proxmox isilungele ukudala imishini emisha ngokushesha ngemva kokufakwa. Kodwa-ke, sincoma ukuthi ugcwalise izilungiselelo zokuqala ukuze isistimu ilawuleke kalula ngokuzayo. Ukuzijwayeza kukhombisa ukuthi i-hypervisor kanye nemishini ebonakalayo kufanele isatshalaliswe emithonjeni ehlukene yomzimba. Indlela yokwenza lokhu kuzoxoxwa ngayo ngezansi.
Lungiselela amadrayivu ediski
Isinyathelo esilandelayo siwukumisa isitoreji esingasetshenziswa ukulondoloza idatha yomshini obonakalayo nezipele.
QAPHELA! Isibonelo sesakhiwo sediski esingezansi singasetshenziselwa izinjongo zokuhlola kuphela. Ngokusetshenziswa komhlaba wangempela, sincoma ngokuqinile ukusebenzisa isofthiwe noma izingxenye zehadiwe RAID ukuvimbela ukulahleka kwedatha lapho amadrayivu ehluleka. Sizokutshela ukuthi ungayilungisa kanjani kahle i-disk array ukuze usebenze nokuthi yini okufanele uyenze uma kunesimo esiphuthumayo kwesinye sezindatshana ezilandelayo.
Ake sicabange ukuthi iseva ebonakalayo inamadiski amabili - / dev / sda, lapho i-hypervisor ifakwe khona kanye nediski engenalutho / dev / sdb, ehlelelwe ukuthi isetshenziselwe ukugcina idatha yomshini obonakalayo. Ukuze isistimu ibone isitoreji esisha, ungasebenzisa indlela elula nephumelelayo - ixhume njengohlu olujwayelekile. Kodwa ngaphambi kwalokho, udinga ukwenza ezinye izinyathelo zokulungiselela. Njengesibonelo, ake sibone indlela yokuxhuma idrayivu entsha / dev / sdb, noma yimuphi usayizi, ukuyifometha ibe uhlelo lwefayela ext4.
- Sihlukanisa i-disk, sakha ukwahlukanisa okusha:
fdisk /dev/sdb - Cindezela inkinobho o noma g (hlukanisa idiski ku-MBR noma i-GPT).
- Okulandelayo, cindezela inkinobho n (dala isigaba esisha).
- Futhi ekugcineni w (ukulondoloza izinguquko).
- Dala isistimu yefayela ye-ext4:
mkfs.ext4 /dev/sdb1 - Dala uhla lwemibhalo lapho sizofaka khona ukwahlukanisa:
mkdir /mnt/storage - Vula ifayela lokumisa ukuze lihlelwe:
nano /etc/fstab - Engeza umugqa omusha lapho:
/dev/sdb1 /mnt/storage ext4 defaults 0 0 - Ngemva kokwenza izinguquko, zilondoloze ngesinqamuleli sekhibhodi Ctrl + X,ephendula Y embuzweni womhleli.
- Ukuhlola ukuthi yonke into iyasebenza, sithumela iseva ukuthi iqalise kabusha:
shutdown -r now - Ngemuva kokuqalisa kabusha, hlola ama-partitions afakiwe:
df -H
Umphumela womyalo kufanele ubonise lokho / dev / sdb1 kufakwe kuhla lwemibhalo /mnt/storage. Lokhu kusho ukuthi idrayivu yethu isilungele ukusetshenziswa.
Engeza inqolobane entsha ku-Proxmox
Ngena kuphaneli yokulawula bese uya ezigabeni Isikhungo sedatha ➝ Isitoreji ➝ Engeza ➝ Uhla lwemibhalo.
Ewindini elivulayo, gcwalisa izinkambu ezilandelayo:
- ID - igama lendawo yokugcina izinto esikhathini esizayo;
- Uhla lwemibhalo - /mnt/storage;
- Okuqukethwe — khetha zonke izinketho (uchofoza inketho ngayinye ngokulandelana).
Ngemva kwalokhu, cindezela inkinobho Engeza. Lokhu kuqeda ukusetha.
Dala umshini obonakalayo
Ukuze udale umshini we-virtual, yenza ukulandelana kwezenzo ezilandelayo:
- Sinquma ngenguqulo yesistimu yokusebenza.
- Landa isithombe se-ISO kusengaphambili.
- Khetha kumenyu Isitoreji inqolobane esanda kwakhiwa.
- Phusha Okuqukethwe ➝ Landa.
- Khetha isithombe se-ISO ohlwini futhi uqinisekise ukukhetha ngokucindezela inkinobho Landa.
Ngemva kokuba umsebenzi usuphothuliwe, isithombe sizovezwa ohlwini lwabatholakalayo.
Masidale umshini wethu wokuqala we-virtual:
- Phusha Dala i-VM.
- Gcwalisa amapharamitha ngayinye ngayinye: Имя ➝ ISO-Isithombe ➝ Usayizi we-Hard drive kanye nohlobo ➝ Inani lamaphrosesa ➝ Usayizi we-RAM ➝ I-adaptha yenethiwekhi.
- Ngemva kokukhetha yonke imingcele oyifunayo, chofoza Ukuqedela. Umshini odaliwe uzoboniswa kumenyu yephaneli yokulawula.
- Ikhethe bese uchofoza Qalisa.
- Hamba ephoyinti console futhi ufake isistimu yokusebenza ngendlela efanayo ncamashi nakweseva evamile yomzimba.
Uma udinga ukudala omunye umshini, phinda le misebenzi engenhla. Uma zonke sezilungile, ungasebenza nazo kanyekanye ngokuvula amawindi amaningana ekhonsoli.
Setha i-autorun
Ngokuzenzakalelayo, i-Proxmox ayiqalisi ngokuzenzakalelayo imishini, kodwa lokhu kuxazululwa kalula ngokuchofoza kabili nje:
- Chofoza egameni lomshini owufunayo.
- Khetha ithebhu Izinketho ➝ Qala ku-boot.
- Sibeka uphawu eduze kombhalo wegama elifanayo.
Manje, uma iseva ebonakalayo iqalwa kabusha, i-VM izoqala ngokuzenzakalelayo.
Kubalawuli abathuthukile, kuphinde kube nethuba lokucacisa imingcele eyengeziwe yokuqaliswa esigabeni Qala/Vala i-oda. Ungacacisa ngokusobala ukuthi imishini kufanele iqalwe ngaluphi uhlelo. Ungaphinda ucacise isikhathi okufanele sidlule ngaphambi kokuthi i-VM elandelayo iqale kanye nesikhathi sokulibaziseka sokuvala shaqa (uma isistimu yokusebenza ingenaso isikhathi sokuvala, i-hypervisor izoyiphoqa ukuthi ivale ngemva kwenombolo ethile yemizuzwana).
isiphetho
Lesi sihloko sichaze izinto eziyisisekelo zokuthi ungaqala kanjani nge-Proxmox VE futhi sithemba ukuthi kuzosiza abasanda kuhlanganyela bathathe isinyathelo sokuqala futhi bazame ukwenza izinto ezibonakalayo.
I-Proxmox VE iyithuluzi elinamandla kakhulu nelikahle ngempela lanoma yimuphi umlawuli wesistimu; Into esemqoka ukungesabi ukuzama futhi uqonde ukuthi kusebenza kanjani ngempela.
Uma unemibuzo, wamukelekile kumazwana.
Source: www.habr.com