MENU

oVirt – from Setup to Cleanup

• September 27, 2018 • Deployment阅读设置

背景

  手头有台DL2000的服务器,抽了其中一个节点出来给不存在邪会当算力机。由于算力分配打算采用KVM来实现,所以遵循海蓝的建议,把目光瞟向了oVirt。
  部署时间:2018年9月,基于oVirt 4.2.6


硬件及系统

  • 50M下行,10M上行,给分配了公网IP的电信家庭宽带
  • 从Htroy那坑过来的,刷了 Padavan 的千兆路由(WR1200JS)
  • 从DL2000四子星上扣下来的一个节点
  • E5620 x2
  • REG ECC, RDIMM 4G 内存 x 16
  • 从Htroy那坑过来的240G SSD
  • 两块希捷酷鱼2T硬盘
  • 丽台 Quadro 2000
  • 系统 CentOS-7-x86_64-Minimal-1804

关于oVirt

oVirt is an open-source distributed virtualization solution, designed to manage your entire enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.


Engine-setup

  1. 配置防火墙,嫌麻烦可以直接关掉,但是不推荐
  2. 安装oVirt rpm:
    yum install http://resources.ovirt.org/pub/yum-repo/ovirt-release42.rpm
  3. 安装 ovirt-engine
    yum -y install ovirt-engine
  4. 安装配置 ovirt
    engine-setup

    [root@sailark bin]# engine-setup --help
    Usage: /usr/bin/engine-setup
    --log=file
    write log to this file.
    --config=file
    Load configuration files.
    --config-append=file
    Load extra configuration files or answer file.
    --offline
    Offline mode.
    --generate-answer=file
    Generate answer file.
    --reconfigure-optional-components
    Ask again about components that were disabled in previous run.
    --jboss-home=dir
    Use this jboss.
    --reconfigure-dwh-scale
    If DWH is configured, allow changing its scale.
    --accept-defaults
    Automatically use default answers in questions that have them.
    如果只是局域网内随便用用的话,可以加上–accept-defaults来全程使用默认值安装,否则跟随提示逐步配置:
    [root@sailark etc]# engine-setup
    [ INFO  ] Stage: Initializing
    [ INFO  ] Stage: Environment setup
      Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf']
      Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20180921072511-qgn0m4.log
      Version: otopi-1.7.8 (otopi-1.7.8-1.el7)
    [ INFO  ] Stage: Environment packages setup
    [ INFO  ] Stage: Programs detection
    [ INFO  ] Stage: Environment setup
    [ INFO  ] Stage: Environment customization
    
      --== PRODUCT OPTIONS ==--
    
      Configure Engine on this host (Yes, No) [Yes]:
      Configure ovirt-provider-ovn (Yes, No) [Yes]:
      Configure Image I/O Proxy on this host (Yes, No) [Yes]:
      Configure WebSocket Proxy on this host (Yes, No) [Yes]:
    
      * Please note * : Data Warehouse is required for the engine.
      If you choose to not configure it on this host, you have to configure
      it on a remote host, and then configure the engine on this host so
      that it can access the database of the remote Data Warehouse host.
      Configure Data Warehouse on this host (Yes, No) [Yes]:
      Configure VM Console Proxy on this host (Yes, No) [Yes]:
    
      --== PACKAGES ==--
    
    [ INFO  ] Checking for product updates...
    [ INFO  ] No product updates found
    
      --== NETWORK CONFIGURATION ==--
    
      Host fully qualified DNS name of this server [自动检测到的主机名]: 用默认主机名,或者你自己的域名
    [WARNING] Failed to resolve [???] using DNS, it can be resolved only locally
      Setup can automatically configure the firewall on this system.
      Note: automatic configuration of the firewall may overwrite current settings.
      NOTICE: iptables is deprecated and will be removed in future releases
      Do you want Setup to configure the firewall? (Yes, No) [Yes]:
    [ INFO  ] firewalld will be configured as firewall manager.
    
    
      --== DATABASE CONFIGURATION ==--
    
      Where is the DWH database located? (Local, Remote) [Local]:           Setup can configure the local postgresql server automatically for the DWH to run. This may conflict with existing applications.
      Would you like Setup to automatically configure postgresql and create DWH database, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
      Where is the Engine database located? (Local, Remote) [Local]:
      Setup can configure the local postgresql server automatically for the engine to run. This may conflict with existing applications.
      Would you like Setup to automatically configure postgresql and create Engine database, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
    
      --== OVIRT ENGINE CONFIGURATION ==--
    
      Engine admin password:
      Confirm engine admin password:
      Application mode (Virt, Gluster, Both) [Both]:
      Use default credentials (admin@internal) for ovirt-provider-ovn (Yes, No) [Yes]:
    
      --== STORAGE CONFIGURATION ==--
    
      Default SAN wipe after delete (Yes, No) [No]:
    
      --== PKI CONFIGURATION ==--
    
      Organization name for certificate [自动提取的组织名]:
    
      --== APACHE CONFIGURATION ==--
    
      Setup can configure the default page of the web server to present the application home page. This may conflict with existing applications.
      Do you wish to set the application as the default page of the web server? (Yes, No) [Yes]:
      Setup can configure apache to use SSL using a certificate issued from the internal CA.
      Do you wish Setup to configure that, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
    
      --== SYSTEM CONFIGURATION ==--
    
    
      --== MISC CONFIGURATION ==--
    
      Please choose Data Warehouse sampling scale:
      (1) Basic
      (2) Full
      (1, 2)[1]:
    
      --== END OF CONFIGURATION ==--
    
    [ INFO  ] Stage: Setup validation
    
      --== CONFIGURATION PREVIEW ==--
    
      Application mode                        : both
      Default SAN wipe after delete           : False
      Firewall manager                        : firewalld
      Update Firewall                         : True
      Host FQDN                               : 你之前填的主机名
      Configure local Engine database         : True
      Set application as default page         : True
      Configure Apache SSL                    : True
      Engine database secured connection      : False
      Engine database user name               : ????
      Engine database name                    : ????
      Engine database host                    : localhost
      Engine database port                    : ????
      Engine database host name validation    : False
      Engine installation                     : True
      PKI organization                        : 之前填的组织名
      Set up ovirt-provider-ovn               : True
      Configure WebSocket Proxy               : True
      DWH installation                        : True
      DWH database host                       : localhost
      DWH database port                       : ????
      Configure local DWH database            : True
      Configure Image I/O Proxy               : True
      Configure VMConsole Proxy               : True
    
      Please confirm installation settings (OK, Cancel) [OK]:
    [ INFO  ] Stage: Transaction setup
    [ INFO  ] Stopping engine service
    [ INFO  ] Stopping ovirt-fence-kdump-listener service
    [ INFO  ] Stopping dwh service
    [ INFO  ] Stopping Image I/O Proxy service
    [ INFO  ] Stopping vmconsole-proxy service
    [ INFO  ] Stopping websocket-proxy service
    [ INFO  ] Stage: Misc configuration
    [ INFO  ] Stage: Package installation
    [ INFO  ] Stage: Misc configuration
    [ INFO  ] Upgrading CA
    [ INFO  ] Creating PostgreSQL 'engine' database
    [ INFO  ] Configuring PostgreSQL
    [ INFO  ] Creating PostgreSQL 'ovirt_engine_history' database
    [ INFO  ] Configuring PostgreSQL
    [ INFO  ] Creating CA
    [ INFO  ] Creating/refreshing DWH database schema
    [ INFO  ] Configuring Image I/O Proxy
    [ INFO  ] Setting up ovirt-vmconsole proxy helper PKI artifacts
    [ INFO  ] Setting up ovirt-vmconsole SSH PKI artifacts
    [ INFO  ] Configuring WebSocket Proxy
    [ INFO  ] Creating/refreshing Engine database schema
    [ INFO  ] Creating/refreshing Engine 'internal' domain database schema
    [ INFO  ] Adding default OVN provider to database
    [ INFO  ] Adding OVN provider secret to database
    [ INFO  ] Setting a password for internal user admin
    [ INFO  ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'
    [ INFO  ] Stage: Transaction commit
    [ INFO  ] Stage: Closing up
    [ INFO  ] Starting engine service
    [ INFO  ] Starting dwh service
    [ INFO  ] Restarting ovirt-vmconsole proxy service
    
      --== SUMMARY ==--
    
    [ INFO  ] Restarting httpd
      Please use the user '用户名和域' and password specified in order to login
      Web access is enabled at:
      http://你的主机名或域名:80/ovirt-engine
      https://你的主机名或域名:443/ovirt-engine
      Internal CA 证书信息
      SSH fingerprint: SHA256:
    
      --== END OF SUMMARY ==--
    
    [ INFO  ] Stage: Clean up
      Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20180921072511-qgn0m4.log
    [ INFO  ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20180921072951-setup.conf'
    [ INFO  ] Stage: Pre-termination
    [ INFO  ] Stage: Termination
    [ INFO  ] Execution of setup completed successfully
  5. 设置ovirt-engine开机自动启动
    chkconfig ovirt-engine on
  6. 这个时候你已经可以通过你的主机名或域名来访问oVirt的web后台了,注意由于采用的是自签证书,所以第一次访问https时需要信任所使用的证书
访问:
http://你的主机名或域名:80/ovirt-engine
https://你的主机名或域名:443/ovirt-engine

oVirt 一些初始配置

1. 仪表盘

  登录门户管理页面后,可以看到当前的仪表盘信息。如图


2. 新建数据中心

  一开始oVirt为我们建立了一个默认的数据中心,当然如果你不喜欢用名为Default的数据中心的话,可以自己来新建一个。从门户管理-计算-数据中心里,点击新建,输入你喜欢的数据中心名称,它的描述,存储类型等等,新建一个数据中心。

  新建完一个数据中心后,点击右上角(新建,编辑,删除)后面的省略号,会有一个引导操作,点击后将会开始引导你进行接下来的操作。


3. 新建集群

  在引导操作中,进行第一步配置集群。为集群指定名称,架构,优化策略等信息。然后点击确定。


4. 新建主机

  接下来,我们需要为oVirt配置所被管理的母机,如图所示填上主机名,配置登录权限


5. 配置存储

  配置完主机后,我们需要为主机配置存储,在导航中选择存储-域-新建域,分别新建一个域功能为’数据’与’ISO’的存储,这里使用nfs存储(关于如何配置nfs请看5.1)。如图




5.1 nfs存储配置

  安装好nfs之后,需要建立两个目录,分别用于存放数据,以及存放系统镜像,并为目录授予权限,参考如下指令:

cd /
mkdir exports
mkdir /exports/data
mkdir /exports/iso
chown -R 36:36 exports

  对于nfs的配置文件,则需要:

[root@sailark etc]# vim exports

/exports/data      *(rw)
/exports/iso       *(rw)

  一切搞定后 service nfs restart 即可。


6. 主机控制台

  如果一切正常的话,到这里已经可以通过主机控制台查看到你的主机了,通过在导航里选择计算-主机,选中你的主机,然后点击右上角的主机控制台,使用你的root密码登录。如图

  主机控制台使用的是Cockpit,如果你想要让它在开机启动可以使用

systemctl enable cockpit.socket

  如果配置正确却无法打开主机控制台,考虑下是否是cockpit服务未启动,使用以下命令查看服务状态并启动服务。

// 查看 cockpit 状态
systemctl status cockpit.service
// 启动 cockpit 服务
systemctl start cockpit.service

7. 上传镜像文件

  在 存储-存储域 中点击查看你创建的ISO存储域,可以看到这个存储域的ID。在系统中,也会有与ID同名的目录在创建存储域时被创建,而我们需要上传ISO镜像的话,只需要用scp或者想其它方法,把镜像文件写到对应的目录下即可,例如我的ISO域配置如下图,那么我想要上传一个Centos的镜像,只需要把它放到
/exports/iso/71150756-1d5f-4a7f-a305-20d598e2d80e/images/11111111-1111-1111-1111-111111111111/CentOS-7-x86_64-Minimal-1804.iso


第一台虚拟机

  在 计算-虚拟机 中点击新建,开始创建我们的第一台虚拟机。

1.创建GUID

  每一台虚拟机都有一个唯一标识GUID,在系统中被称为VM Id,用来作为这个虚拟机的身份标识,GUID的生成可以通过各种途径,比如在线工具:(Online GUID Generator)[https://www.guidgenerator.com/online-guid-generator.aspx]


2.填写基本信息

  点击 新建 后,我们需要为虚拟机填入一些基本信息,如选择操作系统,虚拟机名称,描述,VM Id等,还需要为其选择一个vNIC配置集来实例化网络接口,如图:


3.创建并附加实例镜像

  实例镜像也即是这台虚拟机实例所使用的虚拟机磁盘,可以选择从现有的镜像中附加,也可以选择新建一个空的镜像,这里我们点击创建一个新的实例镜像:


4.为虚拟机实例分配资源

  点击左侧选项卡中的”系统”,为虚拟机分配内存大小区间和CPU内核(线程)数:


5.启用图形控制台

  图形控制台允许你通过协议远程控制虚拟机,目前oVirt支持的协议为VNC/SPICE,用于连接的客户端可以在(Console Clients Resources)[https://www.ovirt.org/documentation/admin-guide/virt/console-client-resources/]下载,但是如果oVirt是作为你的私有服务器使用的话,更推荐你使用noVNC进行连接,直接在web中管理。


6.引导选项

  点击选项卡中的”引导选项”,为虚拟机设置引导设备,就像你在给你自己重装系统时一样,将CD-ROM也加进引导设备队列,并选择一个系统镜像为CD-ROM附加一张CD。


7.完成创建并通电

  新建一台虚拟机后,需要先等待它创建实例镜像,这个过程我们可以在事件中查看到,或者创建完毕后会弹出通知。一切就绪后,我点击选中新建的虚拟机,并点击右上角的运行为其通电。


8.noVNC 安装系统

  至此,平台已经完全搭建完毕,第一台虚拟机也已经成功创建并通电,接下来便是开始虚拟机内的操作了,最开始由于系统尚未安装完毕,我们无法直接使用ssh连接,所以我们可以使用web控制台noVNC来完成系统的安装。
  首先在虚拟机页面,选中目标虚拟机,点击右上方控制台的下拉箭头,在弹出的选项中点击控制台选项。这时候会弹出一个控制台设置页面,我们选择VNC协议下的noVNC控制台,并点击确定保存设置。
  这时我们点击控制台,就会弹出noVNC的页面来控制虚拟机。而如果你选择了其它几个连接客户端,那么你还会被要求去下载客户端并进行安装,用以连接一个包含虚拟机连接配置的 .vv 文件。


Cleanup

  当你因为某些原因,想要卸载掉,或者准备充足oVirt时,需要执行cleanup。
  依照oVirt官方文档:engine-cleanup
  我们执行如下操作来移除oVirt:

  • engine-cleanup
  • yum remove ovirt-engine

Reinstall

  当你执行了engine-cleanup然后想要重装的时候,有可能因为ssl配置没清除而卡在”Creating CA”这一步,这时候可以尝试着使用:

 [root@sailark etc]# ovn-nbctl del-ssl
 [root@sailark etc]# ovn-sbctl del-ssl

  关于这个 openvswitch 的 bug可以查看:(Bug 1570384)[https://bugzilla.redhat.com/show_bug.cgi?id=1570384]


Bugs

1. The redirection URI for client is not registered

  当你刚安装完后,在web页面点击管理门户等链接时,可能会出现该提示并无法跳转,这时候只需要:

[root@Sailark-ServerB etc]# echo "SSO_CALLBACK_PREFIX_CHECK=false" > /etc/ovirt-engine/engine.conf.d/99-sso.conf
[root@Sailark-ServerB etc]# systemctl restart ovirt-engine
Last Modified: July 20, 2019