oVirt集群管理技术指南
硬件要求
oVirt Engine最低要求 双核4G,建议4核16G
oVirt Node需要部署业务虚拟机(至少2台,1台windows的中控,1台linux的镜像节点)
安装oVirt Engine
安装centos 7.5:
参看:https://blog.****.net/aptx689/article/details/82803287
安装源:http://mirrors.aliyun.com/centos/
注:
用usbwriter做的centos启动盘,可以直接选第一项安装系统
最后修改bios为legacy启动,然后进行安装,后面都是legacy模式的,就搞定了。
安装oVirt Engine:
yum install http://resources.ovirt.org/pub/yum-repo/ovirt-release42.rpm
yum -y update
yum -y install ovirt-engine
配置防火墙:
firewall-cmd --permanent --add-service ovirt-postgres
firewall-cmd --permanent --add-service ovirt-https
firewall-cmd --permanent --add-service ovirt-fence-kdump-listener
firewall-cmd --permanent --add-service ovirt-imageio-proxy
firewall-cmd --permanent --add-service ovirt-websocket-proxy
firewall-cmd --permanent --add-service ovirt-http
firewall-cmd --permanent --add-service ovirt-vmconsole-proxy
firewall-cmd --zone=public --add-port=2222/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=5432/tcp --permanent
firewall-cmd --zone=public --add-port=54323/tcp --permanent
firewall-cmd --zone=public --add-port=6100/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=7410/udp --permanent
firewall-cmd --reload
firewall-cmd --list-all
vi /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
增加:SSO_CALLBACK_PREFIX_CHECK=false
service ovirt-engine restart
设置静态ip:192.168.1.186
http://www.cnblogs.com/hongdada/p/6666932.html
访问网页:
https://192.168.1.186/ovirt-engine/
参看:
https://www.ovirt.org/documentation/install-guide/chap-Installing_oVirt.html
http://blog.topspeedsnail.com/archives/9091
https://www.jianshu.com/p/cd89ec4f9a91
安装oVirt node
oVirt node可以选择完整的镜像安装(建议)或者自己单独在centos上安装vdsm
镜像安装
下载oVirt node镜像
https://www.ovirt.org/node/#releas
注:
- 安装时有两处centos相关镜像名称,需要替换成usb安装源如/dev/sdb4
- ovirt node要求安装空间最少45GB
vdsm安装
首先安装centos7.5
然后再在系统上面安装vdsmd
参看:
https://www.ovirt.org/develop/developer-guide/vdsm/installing-vdsm-from-rpm.html
配置vdsmd
vdsm-tool configure --force
systemctl enable vdsmd.service
systemctl start vdsmd.service
nfs服务
作为集群虚拟机镜像、系统镜像的网络存储,本文将nfs存储放在oVirt node服务器上。
ovirtnode 节点开启nfs服务
systemctl enable nfs-server.service
systemctl start nfs-server.service
chown 36:36 export
chmod 755 export
vi /etc/exports
/export/data *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) /export/iso *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) /export/import_export *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36) |
exportfs -ra
exportfs –v
(/export/data存放虚拟机镜像,/export/iso存放系统安装镜像,/export/import_export存放集群间导入导出的镜像)
注:
libvirt用户名[email protected]密码shibboleth
参看:
https://www.ovirt.org/develop/troubleshooting-nfs-storage-issues.html
防火墙端口设置:
firewall-cmd --permanent --add-port=111/tcp
firewall-cmd --permanent --add-port=111/udp
firewall-cmd --permanent --add-port=892/udp
firewall-cmd --permanent --add-port=892/tcp
firewall-cmd --permanent --add-port=2049/tcp
firewall-cmd --permanent --add-port=2049/udp
firewall-cmd --permanent --add-port=32803/tcp
firewall-cmd --permanent --add-port=32769/udp
firewall-cmd --permanent --add-port=58828/udp
firewall-cmd --permanent --add-port=55465/tcp
firewall-cmd --reload (reload以后,端口修改才生效)
firewall-cmd --list-all-zones
参看:
https://blog.****.net/lincy100/article/details/6417743
https://blog.****.net/w171066/article/details/52934862
安装控制台管理软件virt-manager
下载安装:
https://virt-manager.org/download/
oVirt使用指南
整体参看:https://blog.****.net/wh211212/article/details/79442142
上传iso参看:(通过winscp直接copy到对应目录)
https://lists.ovirt.org/pipermail/users/2017-October/084793.html
注:
- 把集群的cpu微架构调整成高级些的sandybridge,才能安装winserver2012
- 安装windows带virtio驱动,run once
https://blog.****.net/snipercai/article/details/84324480
直通特性:
https://www.cnblogs.com/sammyliu/p/4548194.html
ovirt管理员手册:
https://www.ovirt.org/documentation/admin-guide/
可以创建直通网卡:
https://www.ovirt.org/documentation/admin-guide/chap-Logical_Networks.html
ovirt模板:
https://blog.****.net/wh211212/article/details/79977816
数据域中存放template
https://ovirt.org/documentation/admin-guide/chap-Storage.html
ovirt权限管理
http://docs.ocselected.org/ovirt-manuals/administration-guide/webhelp/administration-guide/content/%E7%94%A8%E6%88%B7%E8%A7%92%E8%89%B2%E5%92%8C%E7%94%A8%E6%88%B7%E6%9D%83%E9%99%90%E5%AE%9E%E4%BE%8B.html
https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles.html
ovirt-aaa-jdbc-tool user add test2 --attribute=firstName=John --attribute=lastName=Doe
ovirt-aaa-jdbc-tool user unlock test1
ovirt-aaa-jdbc-tool user show test2
ovirt-aaa-jdbc-tool user password-reset test2 --password-valid-to="2025-08-01 12:00:00+0800"