Schlagwort-Archive: oVirt

KVM Maschinen nach oVirt importieren

Um existierende KVM Maschinen nach oVirt importieren zu können gibt es ein paar Tricks die man zuvor kennen muss.

Mindestens ein oVirt-Engine benötigt eine public key authentication zum Rechner auf denen die KVM Maschinen liegen.

Um für den vdsm Benutzer eine diese einrichten zu können benötigt dieser zunächst ein home Verzeichnis und einen Eintrag in der /etc/passwd wo das home liegt

# mkdir /home/vdsm
# chown -R vdsm /home/vdsm
# vi /etc/passwd

vdsm:x:36:36:Node Virtualization Manager:/home/vdsm:/sbin/nologin

Nun kann die Authentifizierung eingerichtet werden:

# sudo -u vdsm ssh-keygen    
# sudo -u vdsm ssh-copy-id root@<kvm-server>

Nun kann unter „System > Data-Center > Cluster > Default > VMs > Import“ mit dem Import begonnen werden.

Und dann bekommt man einen Fehler .. voraussichtlicher BugFix in oVirt 4.1 🙁

Aktuell bleibt also nur der Weg eine identische VM über oVirt anzulegen und den Inhalt des alten Festplattenimages mittels dd in das neue leere oVirt Image zu übertragen:

# dd if=<old kvm image > of=<oVirt generated image> bs=4MB

oVirt legt die Images im entsprechenden NFS Export Verzeichnissen ab.

oVirt mit virt-manager bedienen

Um virt-manager mit der oVirt Installation verwenden zu können benötigt man noch folgende Regel-Datei.  Zugriffsrechte für Gruppen können mit  unix-group:<gruppenname> und für Benutzer mit unix-user vergeben werden.

vi /etc/polkit-1/localauthority/50-local.d/50-org.example-libvirt-remote-access.pkla

[Remote libvirt SSH access]
Identity=unix-user:myuser
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

nach muss auf dem oVirt System noch der Benutzer mit Passwort versehen werden.

# saslpasswd2 -a libvirt myuser

 

 

oVirt 4 einrichten

Im folgenden Teil wird erklärt wie oVirt  eingerichtet werden kann.

Zunächst muss die Paketquelle hinzugefügt werden:

# yum install http://resources.ovirt.org/pub/yum-repo/ovirt-release40.rpm

Danach müssen die benötigten Softwarepakete installiert werden:

# yum install ovirt-engine -y

Im Anschluss kann mit engine-setup das Installationsprogramm gestartet werden.

# engine-setup
[ INFO  ] Stage: Initializing
[ INFO  ] Stage: Environment setup
          Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf']
          Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20170107120457-5krvyd.log
          Version: otopi-1.5.2 (otopi-1.5.2-1.el7.centos)
[ INFO  ] Stage: Environment packages setup
[ INFO  ] Stage: Programs detection
[ INFO  ] Stage: Environment setup
[ INFO  ] Stage: Environment customization
         
          --== PRODUCT OPTIONS ==--
         
          Configure Engine on this host (Yes, No) [Yes]: 
          Configure Image I/O Proxy on this host? (Yes, No) [Yes]: 
          Configure WebSocket Proxy on this host (Yes, No) [Yes]: 
          Please note: Data Warehouse is required for the engine. If you choose to not configure it on this host, you have to configure it on a remote host, and then configure the engine on this host so that it can access the database of the remote Data Warehouse host.
          Configure Data Warehouse on this host (Yes, No) [Yes]: 
          Configure VM Console Proxy on this host (Yes, No) [Yes]: 
         
          --== PACKAGES ==--
         
[ INFO  ] Checking for product updates...
[ INFO  ] No product updates found
         
          --== NETWORK CONFIGURATION ==--
         
          Host fully qualified DNS name of this server [vmnode1.skys.local]: 
[WARNING] Failed to resolve vmnode1.skys.local using DNS, it can be resolved only locally
          Setup can automatically configure the firewall on this system.
          Note: automatic configuration of the firewall may overwrite current settings.
          Do you want Setup to configure the firewall? (Yes, No) [Yes]: No
         
          --== DATABASE CONFIGURATION ==--
         
          Where is the DWH database located? (Local, Remote) [Local]: 
          Setup can configure the local postgresql server automatically for the DWH to run. This may conflict with existing applications.
          Would you like Setup to automatically configure postgresql and create DWH database, or prefer to perform that manually? (Automatic, Manual) [Automatic]: 
          Where is the Engine database located? (Local, Remote) [Local]: 
          Setup can configure the local postgresql server automatically for the engine to run. This may conflict with existing applications.
          Would you like Setup to automatically configure postgresql and create Engine database, or prefer to perform that manually? (Automatic, Manual) [Automatic]: 
         
          --== OVIRT ENGINE CONFIGURATION ==--
         
          Engine admin password: 
          Confirm engine admin password: 
[WARNING] Password is weak: Es ist zu kurz
          Use weak password? (Yes, No) [No]: Yes
          Application mode (Virt, Gluster, Both) [Both]: 
         
          --== STORAGE CONFIGURATION ==--
         
          Default SAN wipe after delete (Yes, No) [No]: 
         
          --== PKI CONFIGURATION ==--
         
          Organization name for certificate [skys.local]: 
         
          --== APACHE CONFIGURATION ==--
         
          Setup can configure the default page of the web server to present the application home page. This may conflict with existing applications.
          Do you wish to set the application as the default page of the web server? (Yes, No) [Yes]: 
          Setup can configure apache to use SSL using a certificate issued from the internal CA.
          Do you wish Setup to configure that, or prefer to perform that manually? (Automatic, Manual) [Automatic]: 
         
          --== SYSTEM CONFIGURATION ==--
         
          Configure an NFS share on this server to be used as an ISO Domain? (Yes, No) [No]: 
         
          --== MISC CONFIGURATION ==--
         
          Please choose Data Warehouse sampling scale:
          (1) Basic
          (2) Full
          (1, 2)[1]:  
         
          --== END OF CONFIGURATION ==--
         
[ INFO  ] Stage: Setup validation
         
          --== CONFIGURATION PREVIEW ==--
         
          Application mode                        : both
          Default SAN wipe after delete           : False
          Update Firewall                         : False
          Host FQDN                               : vmnode1.skys.local
          Engine database secured connection      : False
          Engine database host                    : localhost
          Engine database user name               : engine
          Engine database name                    : engine
          Engine database port                    : 5432
          Engine database host name validation    : False
          DWH database secured connection         : False
          DWH database host                       : localhost
          DWH database user name                  : ovirt_engine_history
          DWH database name                       : ovirt_engine_history
          DWH database port                       : 5432
          DWH database host name validation       : False
          Engine installation                     : True
          PKI organization                        : skys.local
          Configure local Engine database         : True
          Set application as default page         : True
          Configure Apache SSL                    : True
          DWH installation                        : True
          Configure local DWH database            : True
          Engine Host FQDN                        : vmnode1.skys.local
          Configure Image I/O Proxy               : True
          Configure VMConsole Proxy               : True
          Configure WebSocket Proxy               : True
         
          Please confirm installation settings (OK, Cancel) [OK]: 
[ INFO  ] Stage: Transaction setup
[ INFO  ] Stopping engine service
[ INFO  ] Stopping ovirt-fence-kdump-listener service
[ INFO  ] Stopping dwh service
[ INFO  ] Stopping Image I/O Proxy service
[ INFO  ] Stopping websocket-proxy service
[ INFO  ] Stage: Misc configuration
[ INFO  ] Stage: Package installation
[ INFO  ] Stage: Misc configuration
[ INFO  ] Upgrading CA
[ INFO  ] Initializing PostgreSQL
[ INFO  ] Creating PostgreSQL 'engine' database
[ INFO  ] Configuring PostgreSQL
[ INFO  ] Creating PostgreSQL 'ovirt_engine_history' database
[ INFO  ] Configuring PostgreSQL
[ INFO  ] Creating CA
[ INFO  ] Creating/refreshing Engine database schema
[ INFO  ] Creating/refreshing DWH database schema
[ INFO  ] Configuring Image I/O Proxy
[ INFO  ] Setting up ovirt-vmconsole proxy helper PKI artifacts
[ INFO  ] Setting up ovirt-vmconsole SSH PKI artifacts
[ INFO  ] Configuring WebSocket Proxy
[ INFO  ] Creating/refreshing Engine 'internal' domain database schema
[ INFO  ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'
[ INFO  ] Stage: Transaction commit
[ INFO  ] Stage: Closing up
[ INFO  ] Starting engine service
[ INFO  ] Starting dwh service
[ INFO  ] Restarting ovirt-vmconsole proxy service
         
          --== SUMMARY ==--
         
[ INFO  ] Restarting httpd
          In order to configure firewalld, copy the files from
              /etc/ovirt-engine/firewalld to /etc/firewalld/services
              and execute the following commands:
              firewall-cmd --permanent --add-service ovirt-postgres
              firewall-cmd --permanent --add-service ovirt-https
              firewall-cmd --permanent --add-service ovirt-fence-kdump-listener
              firewall-cmd --permanent --add-service ovirt-imageio-proxy
              firewall-cmd --permanent --add-service ovirt-websocket-proxy
              firewall-cmd --permanent --add-service ovirt-http
              firewall-cmd --permanent --add-service ovirt-vmconsole-proxy
              firewall-cmd --reload
          The following network ports should be opened:
              tcp:2222
              tcp:443
              tcp:5432
              tcp:54323
              tcp:6100
              tcp:80
              udp:7410
          An example of the required configuration for iptables can be found at:
              /etc/ovirt-engine/iptables.example
          Please use the user 'admin@internal' and password specified in order to login
          Web access is enabled at:
              http://vmnode1.skys.local:80/ovirt-engine
              https://vmnode1.skys.local:443/ovirt-engine
          Internal CA D4:C8:59:3F:54:CD:26:4E:5C:97:5A:59:E4:1B:8A:DB:47:96:06:49
          SSH fingerprint: cf:bd:ba:bb:d8:5c:92:8e:9e:50:1d:80:a7:cf:f5:d7
         
          --== END OF SUMMARY ==--
         
[ INFO  ] Stage: Clean up
          Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20170107120457-5krvyd.log
[ INFO  ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20170107122105-setup.conf'
[ INFO  ] Stage: Pre-termination
[ INFO  ] Stage: Termination
[ INFO  ] Execution of setup completed successfully

Wenn die Firewall aktiviert ist muss man noch die oben aufgelisteten Aktionen durchführen.

Wenn SPICE von extern verwendet werden können soll muss noch folgende Regel hinzugefügt werden:

# firewall-cmd --permanent --add-port 5634-6166/tcp

Danach kann man sich am Webportal über die 2 ausgegebenen Adressen verbinden und einloggen.

Zunächst muss der lokale Host hinzu gefügt werden:
“System -> Data Centers -> Default -> Clusters -> Default -> Hosts -> New”

Die erfolgt über die Angabe von Namen IP und root Passwort.
Der Installationsprozess kann eine weile dauern.

NFS Exports erstellen:

# vi /etc/exports
/mnt/raid6/exports/isos         vmnode1(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36)
/mnt/raid6/exports/data         vmnode1(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36)

Nach müssen die shares neu geladen werden und die Berechtigungen für oVirt angepasst werden:

# exportfs -a
# chown -R vdsm:kvm /mnt/raid6/exports
# chown -R vdsm:kvm /mnt/raid6/exports

Im Anschluss kann der NFS Server aktiviert und gestartet werden:

# systemctl start {nfs-server,nfs-lock,nfs-idmap}
# systemctl enable {nfs-server,nfs-lock,nfs-idmap}
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.

Da oVirt noch NFS3 als Standard Version verwendet empfiehlt es sich NFS in der /etc/nfsmount.conf wie folgt zu konfigurieren:

[ NFSMount_Global_Options ]
# This statically named section defines global mount
# options that can be applied on all NFS mount.
#
# Protocol Version [2,3,4]
# This defines the default protocol version which will
# be used to start the negotiation with the server.
Defaultvers=3
#
# Setting this option makes it mandatory the server supports the
# given version. The mount will fail if the given version is
# not support by the server.
Nfsvers=3

Nach dem die Speicherplätze verfügbar sind können diese in oVirt eingehangen werden:
„System -> Data Centers -> Default -> Storage -> New Domain“:

Danach sollte es so aussehen:

Nun ist oVirt bereit für die Verwendung