Advanced Architecture Lab

转载

Freddy_Shen 2021-07-09 14:05:07

文章标签 Red Hat CloudForms 文章分类 Java 后端开发

In this lab, you explore and implement an advanced CloudForms appliance with multi-tier architecture. The lab steps through the process of breaking up appliance roles into multi-tier appliances.

The lab creates an environment with an architecture similar to that shown in this diagram:

One appliance is dedicated to the database.
One appliance is dedicated to the web UI.
Five appliances are dedicated to be the workers.
End users connect only to the UI appliance.
Only worker appliances communicate with the different providers (vCenter, RHV, SCVMM, OpenShift, etc.).

1. Configure the Database

In this section, you set up the initial database configuration.

1.1. Log In and Connect to CloudForms Appliance

# ssh <your username>-redhat.com@workstation-<UID>.rhpds.opentlc.com

From the workstation host, use SSH to remotely connect to the appliance (password is smartvm):
```
# ssh root@cf.example.com
```

Verify that your output is similar to the following, indicating that you are now logged in to the CloudForms appliance:

Last login: Fri Dec 18 14:38:39 2015 from workstation-[GUID].rhpds.opentlc.com
Welcome to the Appliance Console

For a menu, type: appliance_console.

1.2. Configure CloudForms Database

Start the console:
```
# appliance_console
```

Verify that your console information page is similar to this example:

Welcome to the CFME Virtual Appliance.

To modify the configuration, use a web browser to access the management page.

Hostname:                      cf-[GUID].rhpds.opentlc.com
IP Address:                    192.168.0.100
Netmask:                       255.255.0.0
Gateway:                       192.168.0.2
Primary DNS:                   192.168.0.1
Secondary DNS:
Search Order:                  localdomain rhpds.opentlc.com
MAC Address:                   2c:c2:60:3d:70:15
Timezone:                      America/New_York
Local Database:                not running
CFME Database:                 not configured
Database/Region:               not configured
External Auth:                 not configured
CFME Version:                  5.5.0.13
CFME Console:                  not configured


Press any key to continue.

Press any key to open the Advanced Setting menu:

Advanced Setting

1) Set DHCP Network Configuration
2) Set Static Network Configuration
3) Test Network Configuration
4) Set Hostname
5) Set Timezone, Date, and Time
6) Restore Database From Backup
7) Setup Database Region
8) Configure Database
...OUTPUT OMITTED...

Choose the advanced setting:

Enter 8 to Configure Database and verify that your output is similar to the following:

Configure Database

No encryption key found.
For migrations, copy encryption key from a hardened appliance.
For worker and multi-region setups, copy key from another appliance.
If this is your first appliance, just generate one now.

Encryption Key

1) Create key
2) Fetch key from remote machine

Choose the encryption key: |1|

Enter 1 to Create key and confirm that your key is created:
```
Encryption key now configured.
```

From the Database Operation menu, enter 1 to Create Internal Database:

Database Operation

1) Create Internal Database
2) Create Region in External Database
3) Join Region in External Database
4) Reset Configured Database

Choose the database operation: 1

Enter 1 to select the /dev/vdb disk device:

database disk

1) /dev/vdb: 10240 MB
2) Don't partition the disk

Choose the database disk: |1|

When prompted, enter 0 for database region number:

Each database region number must be unique.
Enter the database region number: 0

When prompted for the database password and password confirmation, enter r3dh4t1! twice:

Enter the database password on 127.0.0.1: ********
Enter the database password again: ********

Wait a few minutes and then verify that the database configuration is complete:

Activating the configuration using the following settings...
Host:     127.0.0.1
Username: root
Database: vmdb_production
Region:   0

Initialize postgresql disk starting
Initialize postgresql disk complete
Initialize postgresql starting
Initialize postgresql complete
Checking for connections to the database...

Create region starting
Create region complete

Configuration activated successfully.

Press any key to continue.

Press any key when prompted.

Verify that you see the CloudForms appliance information page:

Welcome to the CFME Virtual Appliance.

To modify the configuration, use a web browser to access the management page.

Hostname:                      cf-261c.rhpds.opentlc.com
IP Address:                    192.168.0.100
Netmask:                       255.255.0.0
Gateway:                       192.168.0.2
Primary DNS:                   192.168.0.1
Secondary DNS:
Search Order:                  localdomain rhpds.opentlc.com
MAC Address:                   2c:c2:60:3d:70:15
Timezone:                      America/New_York
Local Database:                running
CFME Database:                 postgres @ localhost
Database/Region:               vmdb_production / 0
External Auth:                 not configured
CFME Version:                  5.5.0.13
CFME Console:                  https://192.168.0.100


Press any key to continue.

Press any key when prompted.

1.3. Lock Down the Appliance

From the CloudForms Advanced Setting menu, enter 12 to access the Harden Appliance Using SCAP Configuration screen:
```
Harden Appliance Using SCAP Configuration

Locking down the appliance for SCAP...
Complete

Press any key to continue.
```
The lock down process begins immediately without any further prompting.
Press any key when prompted.
Press any key when prompted again.
Enter 18 to Quit the Advanced Setting menu.

Part of the lockdown procedure causes idle SSH sessions to time out on the CloudForms appliance. While this can be a problem when running tail -f on logs, it is an important security measure.
Use the exit command to log out of the appliance.

2. Configure UI and Workers

In this section, you add new appliances that are designated either as the UI appliance or a worker appliance. The UI appliance provides the main interface for users and administrators. It has no other function, such as database or SmartProxy. The worker appliances serve as workers for all CloudForms functions that do not provide a user interface or database.

From the workstation host, become the root user then configure the remaining appliances using the appliance_console_cli over SSH.

Run the following script to set up SSH keys to all the appliances, then configure them to use the central database appliance:

$ sudo -i
# hostlist="cfui.example.com cfwork1.example.com cfwork2.example.com cfwork3.example.com cfwork4.example.com cfwork5.example.com"
# for host in $hostlist; do ssh-copy-id -o StrictHostKeyChecking=false $host;done
# for host in $hostlist; do ssh root@$host "appliance_console_cli -a smartvm -p r3dh4t1! -h cf.example.com -K cf.example.com -H $host";done

Remember the default password for root on the appliances is smartvm

3. Configure IdM Authentication on UI Appliance (CLI Portion)

This step is for the UI appliance only—do not perform it for the worker appliances.

Make sure you are in the cfui.example.com CLI.
```
# ssh cfui.example.com
# appliance_console
```

Press any key to open the Advanced Setting menu:

...OUTPUT OMITTED...
Advanced Setting

...OUTPUT OMITTED...
10) Configure External Authentication (httpd)
...OUTPUT OMITTED...

Choose the advanced setting:

Enter 10 to configure external authentication (httpd).
Enter idm.example.com as the IdM/IPA server hostname.
Enter example.com as the server domain.
Enter EXAMPLE.COM for the server realm.
Enter admin for the server principal.
Enter r3dh4t1! for the server principal password.

Verify that your display looks similar to the following:

Configure External Authentication (httpd)


IPA Server Parameters:

Enter the IPA Server Hostname: idm.example.com
Enter the IPA Server Domain: |rhpds.opentlc.com| example.com
Enter the IPA Server Realm: |EXAMPLE.COM| EXAMPLE.COM
Enter the IPA Server Principal: |admin| admin
Enter the IPA Server Principal Password: r3dh4t1!

View the sample IPA server details, as shown here:

IPA Server Details:
  Hostname:       idm.example.com
  Domain:         example.com
  Realm:          EXAMPLE.COM
  Naming Context: dc=example,dc=com
  Principal:      admin

Proceed? (Y/N):

At the Proceed? (Y/N) prompt, enter y.

Review the IPA configuration output:

Checking connectivity to idm.example.com ... Succeeded.

Configuring IPA (may take a minute) ...
Configuring the IPA Client ...
Configuring pam ...
Configuring sssd ...
Configuring IPA HTTP Service and Keytab ...
Configuring httpd ...
Configuring SELinux ...
Restarting sssd and httpd ...
Configuring sssd to start upon reboots ...

External Authentication configured successfully.

Press any key to continue.

Exit the Appliance TUI and log out of the appliance.

4. Install VMware VDDK

Complete this step on all worker appliances, but NOT on the UI appliance.

Any appliance that serves the SmartProxy role and that interacts with vSphere must have the VMware Virtual Disk Development Kit (VDDK) installed.

This lab provides a copy of the VDDK tarball on the workstation server for you. In practice, you download this from the VMware website directly using the following steps:

Navigate to Downloads → All Downloads, Drivers & Tools → VMware vSphere → Drivers & Tools.
Expand Automation Tools and SDKs.
Select vSphere Virtual Disk Development Kit 5.5.

Alternatively, you can find the file by searching for it on the VMware website using the website’s search menu.

Copy the VDDK tarball from the workstation host to the CloudForms appliance:

[root@workstation-GUID ~]# for i in `seq 1 5`; do scp /root/VMware-vix-disklib-5.5.0-1284542.x86_64.tar.gz root@cfwork$i.example.com:/root; done

From the workstation host extract the tarball on each host:

[root@workstation-GUID ~]# for i in `seq 1 5`; do ssh cfwork$i.example.com "tar zxf VMware-vix-disklib-5.5.0-1284542.x86_64.tar.gz;cd vmware-vix-disklib-distrib;yes|./vmware-install.pl --default"; done

Verify that your output looks similar to this VDDK install output (this should output 5 times):

Creating a new VMware VIX DiskLib API installer database using the tar4 format.


Installing VMware VIX DiskLib API.

You must read and accept the VMware VIX DiskLib API End User License Agreement
to continue.
Press *Enter* to display it.

VMware® vSphere Software Development Kit License Agreement

VMware, Inc. (VMware) provides the VMware vSphere Software Development Kit
(collectively the Software) to you subject to the following terms and
conditions.  By downloading, installing, or using the Software, you (the
individual or legal entity) agree to be bound by the terms of this license
agreement (the Agreement). If you disagree with any of the following
terms, then do not use the Software.

1.  The Software contains a variety of materials, interface definitions,
documentation, sample utility applications and sample code regarding
programming interfaces to one or more VMware products that are referenced in
such materials (the referenced products, VMware Products).  This Software
is intended to be used to develop software that interacts with the VMware
Products.

2.  Use Rights:  Subject to the restrictions below, you may download and
make a reasonable number of copies of the Software for your use solely for
the purpose of creating software that communicates with VMware Products
(your software, Developer Software).  Some code may be designated as
distributable code and/or modifiable code at http://www.vmware.com/go/vwssdk-redistribution-info
.  You may use and merge all or portions of the distributable code with
your Developer Software.  Any merged portion of any distributable code is

Do you accept? (yes/no) yes

Thank you.

What prefix do you want to use to install VMware VIX DiskLib API?

The prefix is the root directory where the other
folders such as man, bin, doc, lib, etc. will be placed.
[/usr]

The installation of VMware VIX DiskLib API 5.5.0 build-1284542 for Linux
completed successfully. You can remove this software from your system
at any time by invoking the following command:
"/usr/bin/vmware-uninstall-vix-disklib.pl".

Enjoy,

--the VMware team

Run the following command from the workstation host to find the newly installed VDDK library:

[root@workstation-GUID ~]# for i in `seq 1 5`; do ssh cfwork$i.example.com "ldconfig"; done

Run the following command from the workstation host to verify that the VDDK files are installed and accessible to the appliance on all hosts:
```
[root@workstation-GUID ~]# for i in `seq 1 5`; do ssh cfwork$i.example.com "echo cfwork$i.example.com;ldconfig -p |grep vix"; done
```

Verify that your ldconfig output is similar for all hosts:

cfwork1.example.com
        libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5
        libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.so
cfwork2.example.com
        libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5
        libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.so
cfwork3.example.com
        libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5
        libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.so
cfwork4.example.com
        libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5
        libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.so
cfwork5.example.com
        libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5
        libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.so

5. Set `admin` User Password

Before continuing, you must change the default admin password. You do this from the CloudForms web UI.

Go to http://cfui-GUID.rhpds.opentlc.com.

Remember to replace GUID with your personal GUID which is provided at the top of the lab provisioning email you received from Red Hat.
Accept the untrusted SSL certificate.
Click the Update password link, as shown below:
Complete the form as follows:
- Username: admin
- Password: smartvm
- New Password: r3dh4t1!
- Verify Password: r3dh4t1!

上一篇：protocol=http/1.1, code=400, message=Bad Request, url=*********

下一篇：在MacPro上安装 openshift origin

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯