ProHoster > Blog > Gudanarwa > Yadda ake canja wurin akwati na OpenVZ 6 zuwa uwar garken KVM ba tare da ciwon kai ba

Yadda ake canja wurin akwati na OpenVZ 6 zuwa uwar garken KVM ba tare da ciwon kai ba

Duk wanda ya buƙaci canja wurin akwati na OpenVZ zuwa uwar garken tare da cikakkiyar ƙwarewar KVM aƙalla sau ɗaya a rayuwarsa ya ci karo da wasu matsaloli:

  • Yawancin bayanan sun tsufa kuma sun dace da OSes waɗanda suka daɗe sun wuce zagayowar EOL
  • Ana ba da bayanai daban-daban koyaushe don tsarin aiki daban-daban, kuma ba a taɓa yin la'akari da kurakurai masu yuwuwa yayin ƙaura
  • Wani lokaci dole ne ku yi ma'amala da saitunan da kowane lokaci kuma ba sa son yin aiki bayan ƙaura

Lokacin da kuka canja wurin uwar garken 1, koyaushe kuna iya gyara wani abu akan tashi, amma lokacin da kuka canja wurin tari duka?

A cikin wannan labarin, zan yi ƙoƙarin gaya muku yadda ake yin ƙaura daidai da akwati na OpenVZ zuwa KVM tare da ƙarancin ƙarancin lokaci da sauri ga duk matsalolin.

Ƙananan shirin ilimi: menene OpenVZ kuma menene KVM?

Ba za mu zurfafa cikin ilimin kalmomi ba, amma za mu ce gabaɗaya:

OpenVZ - haɓakawa a matakin tsarin aiki, har ma za ku iya tura shi a kan microwave, tunda babu buƙatar umarnin CPU da fasahar ƙirƙira akan injin mai watsa shiri.

KVM - cikakken ingantaccen aiki, ta amfani da duk ƙarfin CPU kuma yana iya sarrafa komai, ta kowace hanya, yanke shi tsayi da tsayi.

Sabanin ra'ayin jama'a, a cikin muhalli masu samar da masauki An sayar da OpenVZ fiye da kima, amma KVM ba haka yake ba. Abin farin ciki ga na biyun, yanzu an sayar da KVM fiye da kima kamar ɗan'uwansa.

Me za mu ɗauka?

Dole ne a yi amfani da dukkan dazuzzukan tsarin aiki da ake da su a OpenVZ a matsayin gwajin da za a yi don canja wurin: CentOS (nau'i 6 da 7), Ubuntu (14, 16 da 18 LTS), Debian 7.

An ɗauka cewa yawancin kwantena na OpenVZ sun riga sun fara aiki da wani nau'in LAMP, wasu ma suna da takamaiman software. Mafi sau da yawa, waɗannan sun kasance jeri tare da ISPmanager, kwamitin kula da VestaCP (kuma mafi yawan lokuta, ba a sabunta shi ba tsawon shekaru). Hakanan dole ne a yi la'akari da buƙatun canja wurin su.

Ana yin ƙaura tare da kiyayewa Adireshin IP Ga akwati mai ɗaukuwa, za mu ɗauka cewa adireshin IP na akwatin yana kan VM kuma zai yi aiki ba tare da matsala ba.

Kafin canja wurin, bari mu tabbatar cewa muna da komai a hannu:

  • OpenVZ uwar garken, cikakken tushen damar shiga injin mai watsa shiri, ikon tsayawa / hawa / farawa / share kwantena
  • KVM uwar garken, cikakken tushen damar zuwa injin mai watsa shiri, tare da duk abin da yake nufi. An ɗauka cewa an riga an saita komai kuma an shirya don tafiya.

Bari mu fara canjawa wuri

Kafin mu fara canja wurin, bari mu ayyana sharuɗɗan da za su taimake ka ka guje wa ruɗani:

KVM_NODE - KVM na'ura mai watsa shiri
VZ_NODE - Injin mai watsa shiri na OpenVZ
CTID - Bude VZ ganga
VM - KVM Virtual uwar garken

Ana shirye-shiryen ƙaura da ƙirƙirar injunan kama-da-wane.

Mataki 1

Tun da muna buƙatar matsar da akwati a wani wuri, za mu ƙirƙira VM tare da irin wannan tsari zuwa KVM_NODE.
Muhimmin! Kana buƙatar ƙirƙirar VM akan tsarin aiki iri ɗaya wanda ke aiki akan CTID. Misali, idan CTID yana aiki Ubuntu 14, to kuna buƙatar shigar da shi akan VM kuma Ubuntu 14. Ƙananan sigar ba su da mahimmanci kuma bambancinsu ba shi da mahimmanci, amma manyan sigar dole ne su kasance iri ɗaya.

Bayan ƙirƙirar VM, za mu sabunta fakitin akan CTID da VM (kada a ruɗe tare da sabunta OS - ba mu sabunta shi ba, muna sabunta fakitin ne kawai kuma, idan ya zo, sigar OS a cikin babba. sigar).

domin CentOS Wannan tsari yana kama da mara lahani:

# yum clean all
# yum update -y

Kuma babu wata illa ga Ubuntu, Debian:

# apt-get update
# apt-get upgrade

Mataki 2

Shigar a kan CTID, VZ_NODE и VM mai amfani rsync:

CentOS:

# yum install rsync -y

Debian, Ubuntu:

# apt-get install rsync -y

Ba mu shigar da wani abu ko dai a can ko a can.

Mataki 3

Muna yin tasha CTID a kan VZ_NODE tawaga

vzctl stop CTID

Hawan hoton CTID:

vzctl mount CTID

Je zuwa babban fayil /vz/root/CTID da aiwatarwa

mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .

A ƙarƙashin tushen, ƙirƙirar fayil /root/exclude.txt - zai ƙunshi jerin keɓancewa waɗanda ba za su sami sabon sabar ba.

/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3

Muna haɗi zuwa KVM_NODE da kaddamar da mu VMta yadda ya yi aiki kuma yana samuwa ta hanyar hanyar sadarwa.

Yanzu komai yana shirye don canja wuri. Tafi!

Mataki 4

Har yanzu a ƙarƙashin sihiri, muna yin

rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/

Umurnin rsync zai aiwatar da canja wurin, muna fatan cewa maɓallan sun bayyana - ana aiwatar da canja wurin tare da adana alamomin, haƙƙin samun dama, masu mallaka da ƙungiyoyi, kuma an kashe ɓoyayyen ɓoye don saurin sauri (zaku iya amfani da wasu sauri sauri, amma wannan ba shi da mahimmanci ga wannan aikin) , haka kuma matsawa yana da rauni.

Bayan kammala rsync, fita daga chroot (ta latsa ctrl+d) kuma aiwatar

umount dev && umount proc && umount sys && cd .. && vzctl umount CTID

Mataki 5

Bari mu yi matakai da yawa waɗanda za su taimaka mana ƙaddamar da VM bayan canja wurin daga OpenVZ.
A kan sabobin tare da Tsarin bari mu aiwatar da umarni wanda zai taimaka mana mu shiga cikin na'ura mai kwakwalwa ta yau da kullun, misali, ta allon uwar garken VNC

mv /etc/systemd/system/getty.target.wants/getty@tty2.service /etc/systemd/system/getty.target.wants/getty@tty1.service

A kan sabobin CentOS 6 и CentOS 7 Tabbatar shigar da sabon kwaya:

yum install kernel-$(uname -r)

Ana iya loda uwar garken daga gare ta, amma bayan canja wurin yana iya daina aiki ko a goge shi.

Akan uwar garke CentOS 7 kuna buƙatar amfani da ƙaramin gyara don PolkitD, in ba haka ba uwar garken zai rushe har abada:

getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }

getent passwd polkitd >/dev/null 
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }

rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }

A kan duk sabobin, idan mod_fcgid na Apache aka shigar, za mu yi ƙaramin gyara tare da haƙƙoƙi, in ba haka ba rukunin yanar gizon da ke amfani da mod_fcgid za su yi karo da kuskure 500:

chmod +s `which suexec` && apachectl restart

Kuma a ƙarshe, zai taimaka maka wajen Ubuntu, Debian rarrabawa. Wannan OS ɗin na iya faɗuwa cikin taya ta dindindin tare da kuskure

looping da sauri. kisa kadan

m, amma sauƙi gyarawa, dangane da OS version.

a kan Debian 9 gyaran yayi kama da haka:

muna aiwatarwa

dbus-uuidgen

idan muka samu kuskure

/usr/local/lib/libdbus-1.so.3: sigar `LIBDBUS_PRIVATE_1.10.8'

duba kasancewar LIBDBUS

ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15 
libdbus-1.so.3.14.15 <-- нужен этот
libdbus-1.so.3.14.16

idan komai yana cikin tsari, muna yin shi

cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15  libdbus-1.so.3

Idan bai taimaka ba, gwada zaɓi na biyu.

Magani na biyu ga matsalar tare da kisa kadan ya dace da kusan kowa da kowa Ubuntu и Debian rarrabawa.

Muna aiwatarwa

bash -x /var/lib/dpkg/info/dbus.postinst configure

Kuma don Ubuntu 14, Debian 7 Bugu da ƙari, muna yin:

adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus

rm -rf /etc/init.d/modules_dep.sh

Me muka yi? Mun mayar da messagebus ɗin, wanda ya ɓace don fara aiki. Debian/Ubuntu kuma an cire modules_dep, wanda ya fito daga OpenVZ kuma ya hana yawancin kayan aikin kernel lodawa.

Mataki 6

Muna sake kunna VM, duba cikin VNC yadda ake ci gaba da lodi kuma, da kyau, komai zai kaya ba tare da matsala ba. Ko da yake mai yiyuwa ne wasu takamaiman matsaloli su bayyana bayan hijira, amma sun fi ƙarfin wannan labarin kuma za a gyara su yayin da suka taso.

Ina fatan wannan bayanin yana da amfani! 🙂

source: www.habr.com

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster