oVirt 3.5 开源虚拟化管理平台

ovirt 开源，很多人用，基于KVM，现在都出到4.0 多的了，但3.5有一个特别的功能就是：
可以allinone 安装，如果不是有什么特别要求的话，是可以一起装的。

我公司现在约有400人用这个虚拟桌面运行，11台服务器，到现在稳定运行3年多。

Ovirt 安装：

Installation:

To get the public key:

$ gpg --recv-keys --keyserver subkeys.pgp.net FE590CB7
$ gpg --list-keys --with-fingerprint FE590CB7
---
pub   2048R/FE590CB7 2014-03-30 [expires: 2016-04-02]
Key fingerprint = 31A5 D783 7FAD 7CB2 86CD  3469 AB8C 4F9D FE59 0CB7
uid                  oVirt <infra@ovirt.org>
sub   2048R/004BC303 2014-03-30
---
$ gpg --export --armor FE590CB7 > ovirt-infra.pub
# rpm --import ovirt-infra.pub

yum localinstall http://resources.ovirt.org/releases/ovirt-release.noarch.rpm yum localinstall http://resources.ovirt.org/pub/yum-repo/ovirt-release35.rpm 
yum install http://resources.ovirt.org/pub/yum-repo/ovirt-release36.rpm yum localinstall http://resources.ovirt.org/pub/yum-repo/ovirt-release36.rpm 
yum install -y ovirt-engine
yum install -y ovirt-hosted-engine-setup screen glusterfs-server vdsm-gluster system-storage-manager
yum install -y ovirt-engine-setup-plugin-allinone
yum install -y ovirt-engine-reports

engine-setup

mkdir vms
chown 36:36 -R vms/

yum -y install nfs-utils

vi /etc/exports
/data/vms *(rw,async,no_root_squash)
/data/vms *(insecure,rw,async,no_root_squash)

vi /etc/sysconfig/nfs

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020

vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT

chkconfig glusterfsd on
service rpcbind start
service nfs start
service iptables restart
chkconfig rpcbind on
chkconfig nfs on

lsmod | grep kvm

modprobe kvm_intel     ##intel
modprobe kvm_amd       ##amd

/etc/modprobe/vdsm*.conf

FireFox plugin:
yum install spice-xpi

spice ie plugin: http://svps.viettelidc.com.vn/spice.html#manual-install1  http://svps.viettelidc.com.vn/spice.html#web-install1 
spice: http://www.spice-space.org/download.html 
spice proxy:
engine-config -s SpiceProxyDefault=someProxy
service ovirt-engine restart

On ovirt-engine:
yum install spice-gtk, virt-viewer, spice-xpi
yum-install squid
/etc/squid/squid.conf updates:
acl localhost src <browser IP addr>
#http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_port 3128

service squid restart
make sure iptables allow 3128

engine-config -s SpiceProxyDefault= http://<ovirt-engine-IP>:3128 service ovirt-engine restart

其它应用：
打开流模式，可以省宽带

ovirt 默认只有一个display网络，可以修改为全网卡监听

一些命令：

vdsClient -s 0 list table
vdsClient -s 0 setVmTicket ${VM_UUID} ${PASS} ${VALIDITY}
vdsClient -s 0 list grep displayPort

engine-manage-domains add --domain=allwinnertech.com --provider=ad --user=yourname

linux可通过软件连接虚拟机

remote-viewer --spice-ca-file /home/ca.crt --spice-host-subject "O=test.com,CN=172.16.1.7" -f spice://kvm01.test.com/?port=5900\&tls-port=5901

打开虚拟机：
curl --insecure --request POST --header "Accept: application/xml" --header "Content-Type: application/xml" --user 'admin@internal:password' --data '<action> </action>' "https://kvm01.xxx.com/ovirt-engine/api/vms/714261c4-2139-4315-8d8c-802b895c6aea/start"

关机：
curl --insecure --request POST --header "Accept: application/xml" --header "Content-Type: application/xml" --user 'admin@internal:password!' --data '<action> </action>' "https://kvm01.xxx.com/ovirt-engine/api/vms/714261c4-2139-4315-8d8c-802b895c6aea/shutdown"

断电：
curl --insecure --request POST --header "Accept: application/xml" --header "Content-Type: application/xml" --user 'admin@internal:password!' --data '<action> <value>123456</value></action>' "https://kvm01.xxx.com/ovirt-engine/api/vms/714261c4-2139-4315-8d8c-802b895c6aea/stop"

设置spice 密码：
curl --insecure --request POST --header "Accept: application/xml" --header "Content-Type: application/xml" --user 'admin@internal:password!' --data '<action><ticket><expiry>1234567890</expiry><value>123456</value></ticket> </action>' "https://kvm01.xxx.com/ovirt-engine/api/vms/714261c4-2139-4315-8d8c-802b895c6aea/ticket"