ʻO ka mea e pono e hoʻololi i kahi pahu OpenVZ i kahi kikowaena me ka virtualization KVM piha i hoʻokahi manawa i ko lākou ola ua loaʻa i kekahi mau pilikia:
- ʻO ka hapa nui o ka ʻike he mea kahiko loa a pili pono i nā OS i hala lōʻihi i ka pōʻai EOL
- Hāʻawi mau ʻia nā ʻike like ʻole no nā ʻōnaehana hana like ʻole, a ʻaʻole i noʻonoʻo ʻia nā hewa i ka wā o ka neʻe ʻana
- I kekahi manawa pono ʻoe e hana i nā hoʻonohonoho i kēlā me kēia manawa ʻaʻole makemake e hana ma hope o ka neʻe ʻana
Ke hoʻololi nei ʻoe i kahi kikowaena 1, hiki iā ʻoe ke hoʻoponopono i kekahi mea ma ka lele, akā ke hoʻololi ʻoe i kahi pūʻulu holoʻokoʻa?
Ma kēia ʻatikala e hoʻāʻo wau e haʻi iā ʻoe pehea e neʻe pololei ai i kahi pahu OpenVZ i KVM me ka liʻiliʻi o ka downtime a me kahi hopena wikiwiki i nā pilikia āpau.
He polokalamu hoʻonaʻauao liʻiliʻi: he aha ka OpenVZ a he aha KVM?
ʻAʻole mākou e hele hohonu i nā huaʻōlelo, akā e ʻōlelo mākou ma nā ʻōlelo maʻamau:
OpenVZ - virtualization ma ka pae ʻōnaehana hana, hiki iā ʻoe ke kau iā ia ma ka microwave, no ka mea ʻaʻohe pono o nā ʻōkuhi CPU a me nā ʻenehana virtualization ma ka mīkini hoʻokipa.
KVM - ka hoʻopiha piha piha, ka hoʻohana ʻana i ka mana āpau o ka CPU a hiki i ka virtualizing i kekahi mea, i kēlā me kēia ʻano, ʻokiʻoki i ka lōʻihi a me ka crosswise.
Kūlike ʻole i ka manaʻo nui i waena o nā mea hoʻolako kikowaena OpenVZ e lilo i oversold, akā ʻaʻole ʻo KVM - ʻoi aku ka maikaʻi o ka mea hope, ʻoi aku ka maikaʻi o KVM ma mua o kona kaikunāne.
He aha kā mākou e lawe ai?
Ma ke ʻano he mau kumuhana hoʻāʻo no ka hoʻololi ʻana, pono mākou e hoʻohana i ka nahele holoʻokoʻa o nā ʻōnaehana hana i loaʻa ma OpenVZ: CentOS (6 a me 7 versions), Ubuntu (14, 16 a me 18 LTS), Debian 7.
Ua manaʻo ʻia ʻo ka hapa nui o nā ipu OpenVZ e holo nei i kekahi ʻano LAMP, a ua loaʻa i kekahi mau polokalamu kikoʻī loa. ʻO ka pinepine, ʻo ia nā hoʻonohonoho me ka ISPmanager, VestaCP control panel (a ʻo ka pinepine, ʻaʻole i hoʻonui ʻia no nā makahiki). Pono e noʻonoʻo ʻia kā lākou noi hoʻoili.
Lawe ʻia ka neʻe ʻana i ka mālama ʻana i ka IP address o ka ipu i hoʻoili ʻia; e manaʻo mākou ua mālama ʻia ka IP i loaʻa i ka ipu i ka VM a e hana me ka pilikia ʻole.
Ma mua o ka hoʻoili ʻana, e hōʻoia mākou i nā mea āpau ma ka lima:
- OpenVZ server, ke aʻa piha i ka mīkini hoʻokipa, hiki ke hooki/mauna/hoʻomaka/ holoi i nā ipu
- KVM kikowaena, ke aʻa piha i ka mīkini hoʻokipa, me nā mea a pau e pili ana. Ua manaʻo ʻia ua hoʻonohonoho ʻia nā mea āpau a mākaukau e hele.
E hoʻomaka kākou e hoʻoili
Ma mua o ka hoʻomaka ʻana i ka hoʻoili ʻana, e wehewehe mākou i nā huaʻōlelo e kōkua iā ʻoe e pale i ka huikau:
KVM_NODE - Mīkini hoʻokipa KVM
VZ_NODE - Mīkini hoʻokipa OpenVZ
CTID - ipu OpenVZ
VM - KVM kikowaena kikowaena
Hoʻomākaukau no ka neʻe ʻana a me ka hana ʻana i nā mīkini virtual.
pani 1
No ka mea pono mākou e hoʻoneʻe i ka pahu ma kahi, e hana mākou VM me kahi hoʻonohonoho like me KVM_NODE.
Mea nui! Pono ʻoe e hana i kahi VM ma ka ʻōnaehana hana e holo nei ma CTID. No ka laʻana, inā hoʻokomo ʻia ʻo Ubuntu 14 ma ka CTID, a laila pono e hoʻokomo ʻia ʻo Ubuntu 14 ma ka VM. ʻAʻole koʻikoʻi nā mana liʻiliʻi a ʻaʻole koʻikoʻi ko lākou ʻokoʻa, akā pono nā mana nui e like.
Ma hope o ka hoʻokumu ʻana i ka VM, e hōʻano hou mākou i nā pūʻolo ma ka CTID a ma ka VM (ʻaʻole e huikau me ka hoʻonui ʻana i ka OS - ʻaʻole mākou e hoʻonui iā ia, e hōʻano hou mākou i nā pūʻulu a, inā hiki mai, ka mana OS i loko o ka mea nui. mana).
No CentOS, ʻike ʻole kēia kaʻina hana:
# yum clean all
# yum update -yA ʻaʻole i emi iki ka pōʻino no Ubuntu a me Debian:
# apt-get update
# apt-get upgradepani 2
E hoʻouka ma CTID, VZ_NODE и VM pono rsync:
CentOS:
# yum install rsync -yʻO Debian, Ubuntu:
# apt-get install rsync -yʻAʻole mākou e hoʻokomo i kekahi mea ʻē aʻe ma laila a ma laila paha.
pani 3
Hoʻomaha mākou CTID maluna o VZ_NODE hui
vzctl stop CTIDKe kau ʻana i ke kiʻi CTID:
vzctl mount CTIDE hele i ka waihona /vz/root/CTID a hoʻokō
mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .Ma lalo o ke kumu, hana i kahi faila /root/exclude.txt - e loaʻa iā ia kahi papa inoa o nā ʻokoʻa ʻaʻole e hiki i ka kikowaena hou.
/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3Hoʻohui mākou i KVM_NODE a hoʻomaka i kā mākou VMno laila e hana a hiki ke loaʻa ma luna o ka pūnaewele.
I kēia manawa ua mākaukau nā mea a pau no ka hoʻoili. Hele!
pani 4
Aia nō ma lalo o ka mana'o, hana mākou
rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/Na ka rsync kauoha e hana i ka hoʻoili, manaʻolana mākou ua maopopo nā kī - ua lawe ʻia ka hoʻoili me ka mālama ʻana i nā symlinks, nā kuleana komo, nā mea nona a me nā hui, a ua pio ka hoʻopunipuni no ka wikiwiki (hiki iā ʻoe ke hoʻohana i kekahi cipher wikiwiki, akā. ʻAʻole koʻikoʻi kēia no kēia hana), a ua pio ka hoʻoemi.
Ma hope o ka hoʻopau ʻana i ka rsync, e haʻalele i ka chroot (ma ke kaomi ʻana iā ctrl+d) a hoʻokō.
umount dev && umount proc && umount sys && cd .. && vzctl umount CTIDpani 5
E hana kākou i kekahi mau ʻanuʻu e kōkua iā mākou e hoʻomaka i ka VM ma hope o ka neʻe ʻana mai OpenVZ.
Ma nā kikowaena me ʻŌnaehana e hoʻokō i kahi kauoha e kōkua iā mākou e komo i kahi console maʻamau, no ka laʻana, ma o ka pale kikowaena VNC
mv /etc/systemd/system/getty.target.wants/[email protected] /etc/systemd/system/getty.target.wants/[email protected]Ma nā kikowaena CentOS 6 и CentOS 7 E hoʻokomo i kahi kernel hou:
yum install kernel-$(uname -r)Hiki ke hoʻouka ʻia ke kikowaena mai ia mea, akā ma hope o ka hoʻoili ʻana hiki ke hoʻōki i ka hana a holoi ʻia paha.
Ma ke kikowaena CentOS 7 pono ʻoe e hoʻopili i kahi hoʻoponopono liʻiliʻi no PolkitD, inā ʻaʻole e hāʻule ke kikowaena mau loa:
getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }
getent passwd polkitd >/dev/null
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }
rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }Ma nā kikowaena āpau, inā hoʻokomo ʻia ka mod_fcgid no Apache, e hana mākou i kahi hoʻoponopono liʻiliʻi me nā kuleana, inā ʻaʻole e hāʻule nā pūnaewele me mod_fcgid me ka hewa 500:
chmod +s `which suexec` && apachectl restartA he mea pono ka mea hope no ka hoʻohele ʻana iā Ubuntu a me Debian. Hiki i kēia OS ke hāʻule i loko o kahi kāmaʻa mau loa me kahi hewa
holo wikiwiki loa. throttling execution liʻiliʻi
ʻoluʻolu ʻole, akā paʻa maʻalahi, ma muli o ka mana OS.
maluna o Debian 9 e like me keia:
ke hooko nei makou
dbus-uuidgeninā loaʻa iā mākou kahi hewa
/usr/local/lib/libdbus-1.so.3: ʻAʻole i loaʻa ka mana `LIBDBUS_PRIVATE_1.10.8′
e nānā i ka hele ʻana o LIBDBUS
ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15
libdbus-1.so.3.14.15 <-- нужен этот
libdbus-1.so.3.14.16inā pololei nā mea a pau, hana mākou
cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15 libdbus-1.so.3Inā ʻaʻole kōkua, e hoʻāʻo i ka koho lua.
ʻO ka lua o ka hopena i ka pilikia me throttling execution liʻiliʻi He kūpono no nā māhele Ubuntu a me Debian.
Hoʻopau mākou
bash -x /var/lib/dpkg/info/dbus.postinst configureA no ka Ubuntu 14, Debian 7 Eia kekahi, hana mākou:
adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus
rm -rf /etc/init.d/modules_dep.sh He aha kā mākou i hana ai? Hoʻihoʻi mākou i ka messagebus, i nalowale e holo iā Debian/Ubuntu, a wehe i nā modules_dep, i hele mai OpenVZ a keʻakeʻa i ka hoʻouka ʻana o nā modula kernel he nui.
pani 6
Hoʻomaka hou mākou i ka VM, e nānā i ka VNC pehea ka holomua o ka hoʻouka ʻana a, kūpono, e hoʻouka nā mea āpau me ka pilikia ʻole. ʻOiai hiki ke ʻike ʻia kekahi mau pilikia kikoʻī ma hope o ka neʻe ʻana, aia lākou ma waho o ke ʻano o kēia ʻatikala a e hoʻoponopono ʻia ke kū mai.
Manaʻo wau he pono kēia ʻike! 🙂
Source: www.habr.com