ProHoster > Blog > Utongi > Maitiro ekuchinjisa OpenVZ 6 mudziyo kuKVM server isina musoro

Maitiro ekuchinjisa OpenVZ 6 mudziyo kuKVM server isina musoro

Chero ani akamboda kufambisa mudziyo weOpenVZ kune server ine yakazara-yakazara KVM virtualization asangana nemamwe matambudziko:

  • Ruzhinji rweruzivo rwangove rwechinyakare uye rwaive rwakakodzera kune maOSs anga atopfuura EOL kutenderera
  • Yakasiyana OS inogara ichipa ruzivo rwakasiyana uye usambofunga zvinogona kuitika zvikanganiso zvekutama
  • Dzimwe nguva unofanirwa kubata nemagadzirirwo asingadi kushanda mushure mekutama.

Paunotama 1 sevha, unogona kugara uchigadzirisa chimwe chinhu panhunzi, asi zvakadini kana iwe ukatama sumbu rose?

Muchinyorwa chino ini ndichaedza kukuudza nzira yekufambisa zvakanaka mudziyo weOpenVZ kuenda kuKVM ine nguva shoma yekudzikira uye mhinduro yekukurumidza kumatambudziko ese.

Yekukurumidza primer: chii chinonzi OpenVZ uye chii KVM?

Ngatiregei kupinda mumatemu, asi ingotaura mune zvakajairika:

OpenVZ - virtualization padanho rekushandisa system, inogona kuiswa kunyangwe pavheni yemicrowave, sezvo pasina chikonzero cheCPU mirairo uye virtualization tekinoroji pamushini wekutambira.

KVM - yakazara-yakazara virtualization, uchishandisa iyo yakazara simba reCPU uye inokwanisa kuita chero chinhu, chero nzira, ichicheka kureba uye kuyambuka.

Kusiyana nezvinotendwa nevakawanda, munzvimbo yakapoteredza vanopa mabasa ekugamuchira vaenzi OpenVZ inotengeswa zvakanyanya, asi KVM haina kutengeswa zvakanyanya. Nerombo rakanaka, KVM ikozvino yatengeswa zvakanyanya zvakanaka semukoma wayo.

Tichaendesa chii?

Sango rese remaoperating systems aiwanikwa paOpenVZ raifanira kushandiswa sevanhu vanoyedzwa pakutamiswa: CentOS (Mavhezheni 6 ne7), Ubuntu (14, 16 uye 18 LTS), Debian 7.

Zvaifungidzirwa kuti midziyo yakawanda yeOpenVZ yaitove neimwe mhando yeLAMP inomhanya, uye mamwe aitove nesoftware chaiyo. Kazhinji, izvi zvaive zvigadziriso neISPmanager control panel, VestaCP (uye kazhinji, isina kuvandudzwa kwemakore). Zvakakosha kufunga nezvezvikumbiro zvavo zvekutamiswa.

Kutama kunoitwa nekuchengetedzwa IP kero Pamudziyo unotakurika, tichafungidzira kuti kero yeIP yemudziyo yakachengetedzwa paVM uye ichashanda pasina matambudziko.

Tisati tatamisa, ngative nechokwadi chekuti tine zvese zviripo:

  • OpenVZ server, yakazara midzi yekuwana kumushini wekutambira, kugona kumira/kukwira/kutanga/kubvisa midziyo
  • KVM server, yakazara midzi yekuwana kumushini wekutambira, nezvose zvinosanganisira. Zvinofungidzirwa kuti zvinhu zvose zvakatogadzirwa uye zvakagadzirira kushanda.

Ngatitange kutumira

Tisati tatanga kutamisa, ngatitsanangure mazwi anozobatsira kudzivirira nyonganiso:

KVM_NODE - KVM yekutambira muchina
VZ_NODE - OpenVZ yekutambira muchina
CTID - OpenVZ mudziyo
VM -KVM chaiyo server

Kugadzirira kutama uye kugadzira chaiwo michina.

vanotsika 1

Sezvo isu tichida kufambisa mudziyo kune imwe nzvimbo, isu tichagadzira VM ine gadziriso yakafanana pa KVM_NODE.
Zvinokosha! Unofanira kugadzira VM pane imwe chete operating system iri kushanda paCTID. Semuenzaniso, kana CTID iri kushanda Ubuntu 14, saka unofanira kuiisa paVM zvakare Ubuntu 14. Shanduro diki hadzina kukosha uye musiyano wadzo hauna kunyanya kukosha, asi shanduro huru dzinofanira kunge dzakafanana.

Mushure mekugadzira iyo VM, isu tichavandudza mapakeji paCTID uye paVM (kwete kuti ivhiringike nekuvandudza OS - isu hatiigadzirise, tinongogadzirisa mapakeji uye, kana zvichidikanwa, iyo OS vhezheni mukati meiyo huru vhezheni).

nokuti CentOS Maitiro aya anoita seasina njodzi:

# yum clean all
# yum update -y

Uye hazvina kuipa zvakanyanya kune Ubuntu, Debian:

# apt-get update
# apt-get upgrade

vanotsika 2

Isu tinoisa pa CTID, VZ_NODE и VM utility rsync:

CentOS:

# yum install rsync -y

Debian, Ubuntu:

# apt-get install rsync -y

Isu hatiisi chimwe chinhu pano kana uko.

vanotsika 3

Tiri kumira CTID pamusoro VZ_NODE team

vzctl stop CTID

Kuisa mufananidzo CTID:

vzctl mount CTID

Enda kune folda /vz/root/CTID uye tinozviita

mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .

Pasi pechroot, gadzira faira /root/exclude.txt - ichange iine runyoro rwezvisizvo zvisingazoverengerwe pane itsva server.

/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3

Ngatibatanei na KVM_NODE uye tanga yedu VMkuitira kuti ishande uye iwanikwe pane network.

Iye zvino zvinhu zvose zvagadzirira kutamiswa. Handeyi!

vanotsika 4

Tichiri pasi pesimba, tinoita

rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/

Iyo rsync command ichaita kuchinjisa, isu tinovimba kuti makiyi akajeka - kuchinjisa kunoitwa nekuchengetedza symlinks, kodzero dzekuwana, varidzi nemapoka, uye encryption yakadzimwa kukurumidza kukurumidza (zvaigona kushandisa imwe nekukurumidza cipher, asi izvi hazvina kukosha mukati megadziriro yebasa iri), pamwe nekudzvanya kwakadzimwa.

Mushure mekunge rsync yapera, buda chroot (nekudzvanya ctrl + d) uye ita

umount dev && umount proc && umount sys && cd .. && vzctl umount CTID

vanotsika 5

Ngatiite akati wandei zviito zvichatibatsira kuvhura iyo VM mushure mekutama kubva kuOpenVZ.
Pamaseva ane Systemd ngatimhanyei murairo unozotibatsira kupinda mune yenguva dzose koni, toti, kuburikidza neVNC server skrini

mv /etc/systemd/system/getty.target.wants/getty@tty2.service /etc/systemd/system/getty.target.wants/getty@tty1.service

Pamaseva CentOS 6 и CentOS 7 ita chokwadi chekuisa kernel nyowani:

yum install kernel-$(uname -r)

Sevha inogona kutorwa kubva pairi, asi mushure mekutamisa inogona kumira kushanda kana kudzimwa.

Paseva CentOS 7 iwe unofanirwa kuisa diki gadziriso yePolkitD, zvikasadaro sevha inowira mubhoti isingaperi:

getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }

getent passwd polkitd >/dev/null 
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }

rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }

Pane ese maseva, kana mod_fcgid yakaiswa yeApache, tichaita diki kugadzirisa nekodzero, zvikasadaro masaiti anoshandisa mod_fcgid anopunzika nekukanganisa 500:

chmod +s `which suexec` && apachectl restart

Uye chekupedzisira, zvichabatsira kune Ubuntu, Debian kugoverwa. Iyi OS inogona kudonha muboot inogara iripo kana paine chikanganiso

looping nekukurumidza. throttling execution zvishoma

isingafadzi, asi inogadziriswa nyore, zvichienderana neiyo OS vhezheni.

pamusoro Debian 9 kugadzirisa kunoratidzika seizvi:

tiri kuita

dbus-uuidgen

kana tikawana kukanganisa

/usr/local/lib/libdbus-1.so.3: shanduro `LIBDBUS_PRIVATE_1.10.8′ haina kuwanikwa

tarisa LIBDBUS

ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15 
libdbus-1.so.3.14.15 <-- нужен этот
libdbus-1.so.3.14.16

kana zvinhu zvose zvakanaka, tinozviita

cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15  libdbus-1.so.3

Kana zvisingabatsire, edza yechipiri sarudzo.

Yechipiri sarudzo yekugadzirisa dambudziko nayo throttling execution zvishoma yakakodzera munhu wese Ubuntu и Debian kugoverwa.

Tiri kuzviita

bash -x /var/lib/dpkg/info/dbus.postinst configure

Uye nokuda Ubuntu 14, Debian 7 Mukuwedzera, tinoita zvinotevera:

adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus

rm -rf /etc/init.d/modules_dep.sh

Takaita sei? Takagadzirisa messagebus, iyo yakanga isipo pakatanga. Debian/Ubuntu uye akabvisa modules_dep, yakabva kuOpenVZ uye akadzivirira ma kernel modules mazhinji kubva pakurodha.

vanotsika 6

Reboot iyo VM, tarisa muVNC kuti kurodha kuri kufamba sei uye zvine mutsindo - zvese zvinotakura pasina matambudziko. Kunyangwe, pamwe, mamwe matambudziko chaiwo achaonekwa mushure mekutama - asi iwo ari kunze kwechikamu chechinyorwa ichi uye anogadziriswa sezvaanoita.

Ndinovimba ruzivo urwu ruchabatsira! 🙂

Source: www.habr.com

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster