Advanced Architecture Lab
来源:互联网 发布:白贺翔 java架构师 编辑:程序博客网 时间:2024/05/23 19:14
In this lab, you explore and implement an advanced CloudForms appliance with multi-tier architecture. The lab steps through the process of breaking up appliance roles into multi-tier appliances.
The lab creates an environment with an architecture similar to that shown in this diagram:
One appliance is dedicated to the database.
One appliance is dedicated to the web UI.
Five appliances are dedicated to be the workers.
End users connect only to the UI appliance.
Only worker appliances communicate with the different providers (vCenter, RHV, SCVMM, OpenShift, etc.).
1. Configure the Database
In this section, you set up the initial database configuration.
1.1. Log In and Connect to CloudForms Appliance
Log in using SSH:
# ssh <your username>-redhat.com@workstation-<UID>.rhpds.opentlc.com
From the
workstation
host, use SSH to remotely connect to the appliance (password issmartvm
):# ssh root@cf.example.com
Verify that your output is similar to the following, indicating that you are now logged in to the CloudForms appliance:
Last login: Fri Dec 18 14:38:39 2015 from workstation-[GUID].rhpds.opentlc.comWelcome to the Appliance ConsoleFor a menu, type: appliance_console.
1.2. Configure CloudForms Database
Start the console:
# appliance_console
Verify that your console information page is similar to this example:
Welcome to the CFME Virtual Appliance.To modify the configuration, use a web browser to access the management page.Hostname: cf-[GUID].rhpds.opentlc.comIP Address: 192.168.0.100Netmask: 255.255.0.0Gateway: 192.168.0.2Primary DNS: 192.168.0.1Secondary DNS:Search Order: localdomain rhpds.opentlc.comMAC Address: 2c:c2:60:3d:70:15Timezone: America/New_YorkLocal Database: not runningCFME Database: not configuredDatabase/Region: not configuredExternal Auth: not configuredCFME Version: 5.5.0.13CFME Console: not configuredPress any key to continue.
Press any key to open the Advanced Setting menu:
Advanced Setting1) Set DHCP Network Configuration2) Set Static Network Configuration3) Test Network Configuration4) Set Hostname5) Set Timezone, Date, and Time6) Restore Database From Backup7) Setup Database Region8) Configure Database...OUTPUT OMITTED...Choose the advanced setting:
Enter
8
to Configure Database and verify that your output is similar to the following:Configure DatabaseNo encryption key found.For migrations, copy encryption key from a hardened appliance.For worker and multi-region setups, copy key from another appliance.If this is your first appliance, just generate one now.Encryption Key1) Create key2) Fetch key from remote machineChoose the encryption key: |1|
Enter
1
to Create key and confirm that your key is created:Encryption key now configured.
From the Database Operation menu, enter
1
to Create Internal Database:Database Operation1) Create Internal Database2) Create Region in External Database3) Join Region in External Database4) Reset Configured DatabaseChoose the database operation: 1
Enter
1
to select the/dev/vdb
disk device:database disk1) /dev/vdb: 10240 MB2) Don't partition the diskChoose the database disk: |1|
When prompted, enter
0
for database region number:Each database region number must be unique.Enter the database region number: 0
When prompted for the database password and password confirmation, enter
r3dh4t1!
twice:Enter the database password on 127.0.0.1: ********Enter the database password again: ********
Wait a few minutes and then verify that the database configuration is complete:
Activating the configuration using the following settings...Host: 127.0.0.1Username: rootDatabase: vmdb_productionRegion: 0Initialize postgresql disk startingInitialize postgresql disk completeInitialize postgresql startingInitialize postgresql completeChecking for connections to the database...Create region startingCreate region completeConfiguration activated successfully.Press any key to continue.
Press any key when prompted.
Verify that you see the CloudForms appliance information page:
Welcome to the CFME Virtual Appliance.To modify the configuration, use a web browser to access the management page.Hostname: cf-261c.rhpds.opentlc.comIP Address: 192.168.0.100Netmask: 255.255.0.0Gateway: 192.168.0.2Primary DNS: 192.168.0.1Secondary DNS:Search Order: localdomain rhpds.opentlc.comMAC Address: 2c:c2:60:3d:70:15Timezone: America/New_YorkLocal Database: runningCFME Database: postgres @ localhostDatabase/Region: vmdb_production / 0External Auth: not configuredCFME Version: 5.5.0.13CFME Console: https://192.168.0.100Press any key to continue.
Press any key when prompted.
1.3. Lock Down the Appliance
From the CloudForms Advanced Setting menu, enter
12
to access the Harden Appliance Using SCAP Configuration screen:Harden Appliance Using SCAP ConfigurationLocking down the appliance for SCAP...CompletePress any key to continue.
The lock down process begins immediately without any further prompting.Press any key when prompted.
Press any key when prompted again.
Enter
18
to Quit the Advanced Setting menu.Part of the lockdown procedure causes idle SSH sessions to time out on the CloudForms appliance. While this can be a problem when runningtail -f
on logs, it is an important security measure.Use the
exit
command to log out of the appliance.
2. Configure UI and Workers
In this section, you add new appliances that are designated either as the UI appliance or a worker appliance. The UI appliance provides the main interface for users and administrators. It has no other function, such as database or SmartProxy. The worker appliances serve as workers for all CloudForms functions that do not provide a user interface or database.
From the
workstation
host, become theroot
user then configure the remaining appliances using theappliance_console_cli
over SSH.Run the following script to set up SSH keys to all the appliances, then configure them to use the central database appliance:
$ sudo -i# hostlist="cfui.example.com cfwork1.example.com cfwork2.example.com cfwork3.example.com cfwork4.example.com cfwork5.example.com"# for host in $hostlist; do ssh-copy-id -o StrictHostKeyChecking=false $host;done# for host in $hostlist; do ssh root@$host "appliance_console_cli -a smartvm -p r3dh4t1! -h cf.example.com -K cf.example.com -H $host";done
Remember the default password forroot
on the appliances issmartvm
3. Configure IdM Authentication on UI Appliance (CLI Portion)
Make sure you are in the
cfui.example.com
CLI.# ssh cfui.example.com# appliance_console
Press any key to open the Advanced Setting menu:
...OUTPUT OMITTED...Advanced Setting...OUTPUT OMITTED...10) Configure External Authentication (httpd)...OUTPUT OMITTED...Choose the advanced setting:
Enter
10
to configure external authentication (httpd).Enter
idm.example.com
as the IdM/IPA server hostname.Enter
example.com
as the server domain.Enter
EXAMPLE.COM
for the server realm.Enter
admin
for the server principal.Enter
r3dh4t1!
for the server principal password.Verify that your display looks similar to the following:
Configure External Authentication (httpd)IPA Server Parameters:Enter the IPA Server Hostname: idm.example.comEnter the IPA Server Domain: |rhpds.opentlc.com| example.comEnter the IPA Server Realm: |EXAMPLE.COM| EXAMPLE.COMEnter the IPA Server Principal: |admin| adminEnter the IPA Server Principal Password: r3dh4t1!
View the sample IPA server details, as shown here:
IPA Server Details: Hostname: idm.example.com Domain: example.com Realm: EXAMPLE.COM Naming Context: dc=example,dc=com Principal: adminProceed? (Y/N):
At the Proceed? (Y/N) prompt, enter
y
.Review the IPA configuration output:
Checking connectivity to idm.example.com ... Succeeded.Configuring IPA (may take a minute) ...Configuring the IPA Client ...Configuring pam ...Configuring sssd ...Configuring IPA HTTP Service and Keytab ...Configuring httpd ...Configuring SELinux ...Restarting sssd and httpd ...Configuring sssd to start upon reboots ...External Authentication configured successfully.Press any key to continue.
Exit the Appliance TUI and log out of the appliance.
4. Install VMware VDDK
Any appliance that serves the SmartProxy role and that interacts with vSphere must have the VMware Virtual Disk Development Kit (VDDK) installed.
This lab provides a copy of the VDDK tarball on the workstation
server for you. In practice, you download this from the VMware website directly using the following steps:
Navigate to Downloads → All Downloads, Drivers & Tools → VMware vSphere → Drivers & Tools.
Expand Automation Tools and SDKs.
Select vSphere Virtual Disk Development Kit 5.5.
Alternatively, you can find the file by searching for it on the VMware website using the website’s search menu.
Copy the VDDK tarball from the
workstation
host to the CloudForms appliance:[root@workstation-GUID ~]# for i in `seq 1 5`; do scp /root/VMware-vix-disklib-5.5.0-1284542.x86_64.tar.gz root@cfwork$i.example.com:/root; done
From the
workstation
host extract the tarball on each host:[root@workstation-GUID ~]# for i in `seq 1 5`; do ssh cfwork$i.example.com "tar zxf VMware-vix-disklib-5.5.0-1284542.x86_64.tar.gz;cd vmware-vix-disklib-distrib;yes|./vmware-install.pl --default"; done
Verify that your output looks similar to this VDDK install output (this should output 5 times):
Creating a new VMware VIX DiskLib API installer database using the tar4 format.Installing VMware VIX DiskLib API.You must read and accept the VMware VIX DiskLib API End User License Agreementto continue.Press *Enter* to display it.VMware® vSphere Software Development Kit License AgreementVMware, Inc. (VMware) provides the VMware vSphere Software Development Kit(collectively the Software) to you subject to the following terms andconditions. By downloading, installing, or using the Software, you (theindividual or legal entity) agree to be bound by the terms of this licenseagreement (the Agreement). If you disagree with any of the followingterms, then do not use the Software.1. The Software contains a variety of materials, interface definitions,documentation, sample utility applications and sample code regardingprogramming interfaces to one or more VMware products that are referenced insuch materials (the referenced products, VMware Products). This Softwareis intended to be used to develop software that interacts with the VMwareProducts.2. Use Rights: Subject to the restrictions below, you may download andmake a reasonable number of copies of the Software for your use solely forthe purpose of creating software that communicates with VMware Products(your software, Developer Software). Some code may be designated asdistributable code and/or modifiable code at http://www.vmware.com/go/vwssdk-redistribution-info. You may use and merge all or portions of the distributable code withyour Developer Software. Any merged portion of any distributable code isDo you accept? (yes/no) yesThank you.What prefix do you want to use to install VMware VIX DiskLib API?The prefix is the root directory where the otherfolders such as man, bin, doc, lib, etc. will be placed.[/usr]The installation of VMware VIX DiskLib API 5.5.0 build-1284542 for Linuxcompleted successfully. You can remove this software from your systemat any time by invoking the following command:"/usr/bin/vmware-uninstall-vix-disklib.pl".Enjoy,--the VMware team
Run the following command from the
workstation
host to find the newly installed VDDK library:[root@workstation-GUID ~]# for i in `seq 1 5`; do ssh cfwork$i.example.com "ldconfig"; done
Run the following command from the
workstation
host to verify that the VDDK files are installed and accessible to the appliance on all hosts:[root@workstation-GUID ~]# for i in `seq 1 5`; do ssh cfwork$i.example.com "echo cfwork$i.example.com;ldconfig -p |grep vix"; done
Verify that your
ldconfig
output is similar for all hosts:cfwork1.example.com libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5 libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.socfwork2.example.com libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5 libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.socfwork3.example.com libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5 libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.socfwork4.example.com libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5 libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.socfwork5.example.com libvixDiskLib.so.5 (libc6,x86-64) => /lib/libvixDiskLib.so.5 libvixDiskLib.so (libc6,x86-64) => /lib/libvixDiskLib.so
5. Set admin
User Password
Before continuing, you must change the default admin
password. You do this from the CloudForms web UI.
Go to
http://cfui-GUID.rhpds.opentlc.com
.Remember to replace GUID with your personal GUID which is provided at the top of the lab provisioning email you received from Red Hat.Accept the untrusted SSL certificate.
Click the Update password link, as shown below:
Complete the form as follows:
Username:
admin
Password:
smartvm
New Password:
r3dh4t1!
Verify Password:
r3dh4t1!
- Advanced Architecture Lab
- Virtual Lab Platform Architecture
- CSAPP: Architecture Lab
- Advanced Linux Sound Architecture (ALSA)
- Advanced Linux Sound Architecture (ALSA) 研究笔记
- Advanced Computer Architecture and Parallel Processing
- Advanced Linux Sound Architecture (ALSA) 研究笔记
- Advanced Ajax: Architecture and Best Practices
- Advanced FPGA Design: Architecture, Implementation, and Optimization
- Advanced Linux Sound Architecture (ALSA) 研究笔记
- Lab
- LAB
- AdvancED ActionScript Components: Mastering the Flash Component Architecture
- ALSA(Advanced Linux Sound Architecture)声卡编程介绍
- Open Software Architecture for Advanced Control of Robotic Manipulators
- ALSA(Advanced Linux Sound Architecture)声卡编程介绍
- Designing an Adaptive Security Architecture to Protect Against Advanced Threats
- ALSA(Advanced Linux Sound Architecture)声卡编程介绍及实例
- 分享下最近写的开源电子书《我的职业是前端工程师》
- mysql 关联条件 中使用 like
- 当前目录下maven生成jar并带lib文件夹啊
- HashMap之原理及死锁
- 未发布 手机可以同电脑端连接 测试 操作步奏
- Advanced Architecture Lab
- 后台和前台对json的处理
- Html+Css+Js_之table每隔3行显示不同的两种颜色
- ASP .NET MVC ORM 数据库优先
- java实现数字组合
- 集合
- learning opencv中介绍的一种可以连通区域的函数
- 用户管理 ---> 网页授权
- Unity3d-制作粒子光环特效