ProHoster > Blog > Ulamuliro > Momwe mungasinthire chidebe cha OpenVZ 6 kupita ku seva ya KVM popanda mutu

Momwe mungasinthire chidebe cha OpenVZ 6 kupita ku seva ya KVM popanda mutu

Aliyense amene akufunika kusamutsa chidebe cha OpenVZ ku seva yokhala ndi mawonekedwe a KVM kamodzi kamodzi m'moyo wawo wakumana ndi zovuta:

  • Zambirizi ndi zachikale ndipo zinali zogwirizana ndi ma OS omwe anali atadutsa kale EOL
  • Zambiri zimaperekedwa nthawi zonse pamakina osiyanasiyana ogwiritsira ntchito, ndipo zolakwika zomwe zingatheke panthawi yakusamuka sizimaganiziridwa
  • Nthawi zina mumayenera kuthana ndi masinthidwe omwe nthawi ndi nthawi sakufuna kugwira ntchito mukasamuka

Mukasamutsa seva 1, mutha kukonza china chake pa ntchentche, koma mukasamutsa gulu lonse?

M'nkhaniyi ndiyesera kukuuzani momwe mungasamutsire bwino chidebe cha OpenVZ kupita ku KVM chokhala ndi nthawi yochepa komanso njira yothetsera mavuto onse.

Pulogalamu yaying'ono yophunzitsa: OpenVZ ndi chiyani ndipo KVM ndi chiyani?

Sitidzapita mozama mu terminology, koma tidzanena mwachidule:

OpenVZ - virtualization pamlingo wa machitidwe opangira, mutha kuyiyika pa microwave, popeza palibe chifukwa cha malangizo a CPU ndi matekinoloje aukadaulo pamakina ochitirako.

KVM - kusinthika kwathunthu, kugwiritsa ntchito mphamvu zonse za CPU ndikutha kuwonera chilichonse, mwanjira iliyonse, kudula motalika komanso modutsa.

Mosiyana ndi zomwe anthu ambiri amakhulupirira, m'chilengedwe opereka chithandizo cha alendo OpenVZ yagulitsidwa mopitirira muyeso, koma KVM siigulitsidwanso. Mwamwayi, KVM tsopano yagulitsidwa mopitirira muyeso mofanana ndi m'bale wake.

Kodi tidzanyamula chiyani?

Nkhalango yonse ya machitidwe ogwiritsira ntchito omwe analipo pa OpenVZ adayenera kugwiritsidwa ntchito ngati anthu oyesa kusamutsa: CentOS (Mabaibulo 6 ndi 7), Ubuntu (14, 16 ndi 18 LTS), Debian 7.

Zinkaganiziridwa kuti zotengera zambiri za OpenVZ zinali kale ndi mtundu wina wa LAMP, ndipo ena anali ndi mapulogalamu apadera kwambiri. Nthawi zambiri, awa anali masanjidwe ndi ISPmanager, VestaCP control panel (ndipo nthawi zambiri, osasinthidwa kwa zaka). Zopempha zawo zosinthira ziyeneranso kuganiziridwa.

Kusamutsa kumachitika ndi kusunga IP ma adilesi Pa chidebe chonyamulika, tidzaganiza kuti adilesi ya IP ya chidebecho yasungidwa pa VM ndipo idzagwira ntchito popanda mavuto.

Tisanasamutse, tiyeni tiwonetsetse kuti tili ndi chilichonse:

  • Seva ya OpenVZ, mwayi wofikira pamakina osungira, kutha kuyimitsa / kukwera / kuyambitsa / kufufuta zotengera
  • Seva ya KVM, mwayi wofikira pamakina osungira, ndi zonse zomwe zikutanthauza. Zimaganiziridwa kuti zonse zakonzedwa kale ndipo zakonzeka kupita.

Tiyeni tiyambe kusamutsa

Tisanayambe kusamutsa, tiyeni tifotokoze mawu omwe angakuthandizeni kupewa chisokonezo:

KVM_NODE - Makina opangira KVM
VZ_NODE - Makina otsegulira a OpenVZ
CTID - Chidebe cha OpenVZ
VM - KVM seva yeniyeni

Kukonzekera kusamuka ndikupanga makina enieni.

mwatsatane 1

Popeza tiyenera kusuntha chidebe kwinakwake, tidzapanga VM ndi masinthidwe ofanana ndi KVM_NODE.
Zofunika! Muyenera kupanga VM pa operating system yomweyi yomwe ikugwira ntchito pa CTID. Mwachitsanzo, ngati CTID ikugwira ntchito Ubuntu 14, ndiye kuti muyenera kuyiyikanso pa VM Ubuntu 14. Mabaibulo ang'onoang'ono si ofunikira ndipo kusiyana kwawo sikofunikira kwenikweni, koma mabaibulo akuluakulu ayenera kukhala ofanana.

Pambuyo popanga VM, tidzasintha ma phukusi pa CTID ndi VM (kuti tisasokonezedwe ndi kukonzanso OS - sitimayisintha, timangosintha maphukusi ndipo, ngati ifika, mtundu wa OS mkati mwa chachikulu. version).

chifukwa CentOS Njirayi ikuwoneka yopanda vuto:

# yum clean all
# yum update -y

Ndipo palibe chovulaza china chilichonse kwa Ubuntu, Debian:

# apt-get update
# apt-get upgrade

mwatsatane 2

Ikani pa CTID, VZ_NODE и VM zothandiza rsync:

CentOS:

# yum install rsync -y

Debian, Ubuntu:

# apt-get install rsync -y

Sitikuyika china chilichonse pamenepo kapena apo.

mwatsatane 3

Timayimitsa CTID pa VZ_NODE gulu

vzctl stop CTID

Kuyika chithunzi CTID:

vzctl mount CTID

Pitani ku /vz/root/fodaCTID ndi kuchitira

mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .

Pansi pa muzu, pangani fayilo /root/exclude.txt - idzakhala ndi mndandanda wazinthu zomwe sizingafike ku seva yatsopano.

/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3

Timalumikizana ndi KVM_NODE ndi kukhazikitsa wathu VMkotero kuti imagwira ntchito komanso ikupezeka pa intaneti.

Tsopano zonse zakonzeka kusamutsa. Pitani!

mwatsatane 4

Tikadali pansi pa matsenga, timachita

rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/

Lamulo la rsync lidzachita kusamutsidwa, tikukhulupirira kuti makiyi akuwonekera bwino - kutengerako kumachitika ndikusunga ma symlink, ufulu wopeza, eni ndi magulu, ndipo kubisa kumayimitsidwa chifukwa cha liwiro lalikulu (mutha kugwiritsa ntchito cipher mwachangu, koma izi sizofunika kwambiri pa ntchitoyi) , komanso kukanikiza kumayimitsidwa.

Mukamaliza rsync, tulukani ku chroot (pokanikiza ctrl + d) ndikuchita

umount dev && umount proc && umount sys && cd .. && vzctl umount CTID

mwatsatane 5

Tiyeni tichite zingapo zomwe zingatithandize kukhazikitsa VM pambuyo posamutsa OpenVZ.
Pa maseva ndi Systemd tiyeni tipereke lamulo lomwe litithandiza kulowa mu console yokhazikika, mwachitsanzo, kudzera pawindo la seva ya VNC

mv /etc/systemd/system/getty.target.wants/getty@tty2.service /etc/systemd/system/getty.target.wants/getty@tty1.service

Pa maseva CentOS 6 и CentOS 7 Onetsetsani kuti mwayika kernel yatsopano:

yum install kernel-$(uname -r)

Seva ikhoza kutulutsidwa kuchokera pamenepo, koma pambuyo posamutsa ikhoza kusiya kugwira ntchito kapena kuchotsedwa.

Pa seva CentOS 7 muyenera kugwiritsa ntchito kukonza pang'ono kwa PolkitD, apo ayi seva idzawonongeka kosatha:

getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }

getent passwd polkitd >/dev/null 
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }

rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }

Pa maseva onse, ngati mod_fcgid ya Apache idayikidwa, tidzakonza pang'ono ndi ufulu, apo ayi masamba omwe amagwiritsa ntchito mod_fcgid adzawonongeka ndi cholakwika 500:

chmod +s `which suexec` && apachectl restart

Ndipo potsiriza, zidzakhala zothandiza kwa Ubuntu, Debian kugawa. OS iyi ikhoza kugwa mu boot yokhazikika ndi cholakwika

kuzungulira mwachangu kwambiri. throttling kuphedwa pang'ono

zosasangalatsa, koma zokhazikika mosavuta, kutengera mtundu wa OS.

pa Debian 9 kukonza kumawoneka motere:

timachita

dbus-uuidgen

ngati tipeza cholakwika

/usr/local/lib/libdbus-1.so.3: mtundu `LIBDBUS_PRIVATE_1.10.8′ sunapezeke

onani kukhalapo kwa LIBDBUS

ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15 
libdbus-1.so.3.14.15 <-- нужен этот
libdbus-1.so.3.14.16

ngati zonse zili mu dongosolo, timachita

cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15  libdbus-1.so.3

Ngati sizikuthandizani, yesani njira yachiwiri.

Yachiwiri yothetsera vuto ndi throttling kuphedwa pang'ono yoyenera pafupifupi aliyense Ubuntu и Debian kugawa.

kuchita

bash -x /var/lib/dpkg/info/dbus.postinst configure

Ndipo kwa Ubuntu 14, Debian 7 Tsopano tikuchita:

adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus

rm -rf /etc/init.d/modules_dep.sh

Tinachita chiyani? Tinabwezeretsa messagebus, yomwe inali ikusowa poyambira. Debian/Ubuntu ndipo anachotsa modules_dep, zomwe zinachokera ku OpenVZ ndipo zinaletsa ma module ambiri a kernel kuti asatsegulidwe.

mwatsatane 6

Timayambiranso VM, fufuzani mu VNC momwe kutsitsa kukuyendera, ndipo zonse zidzatsegula popanda mavuto. Ngakhale kuti n’zotheka kuti mavuto ena enieni adzawonekera pambuyo pa kusamuka, iwo ali opitirira malire a nkhaniyi ndipo adzakonzedwa pamene abuka.

Ndikukhulupirira kuti chidziwitsochi ndi chothandiza! 🙂

Source: www.habr.com

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster