🥇Sida Container OpenVZ 6 loogu wareejiyo serverka KVM madax xanuun la'aan

Qof kasta oo u baahday inuu ku wareejiyo weelka OpenVZ server-ka leh KVM-takoorka buuxa ugu yaraan hal mar noloshiisa wuxuu la kulmay dhibaatooyin:

Inta badan macluumaadka si fudud waa duugoobay oo waxay khusaysay OS-yada muddada dheer ka gudbay wareegga EOL
Macluumaad kala duwan ayaa had iyo jeer la bixiyaa nidaamyada hawlgalka ee kala duwan, iyo khaladaadka suurtagalka ah inta lagu jiro socdaalka marna lama tixgeliyo
Mararka qaarkood waa inaad wax ka qabataa qaabaynta kuwaas oo had iyo jeer aan rabin inaad shaqeyso ka dib socdaalka

Markaad wareejiso 1 server, mar walba waxaad hagaajin kartaa wax duulista, laakiin markaad wareejiso koox dhan?

Maqaalkan waxaan isku dayi doonaa inaan kuu sheego sida saxda ah ee loogu haajiro weelka OpenVZ ee KVM oo leh waqti yar oo yar iyo xal degdeg ah dhammaan dhibaatooyinka.

Barnaamij waxbarasho oo yar: waa maxay OpenVZ iyo waa maxay KVM?

Uma sii dheeraan doono erey-bixinta, laakiin waxaynu si guud u odhan doonnaa:

OpenVZ - Farsamaynta heerka nidaamka hawlgalka, waxaad xitaa geyn kartaa microwave-ka, maadaama aysan jirin baahi loo qabo tilmaamaha CPU iyo tignoolajiyada wax-qabadka ee mashiinka martida loo yahay.

KVM - Farsamayn buuxda, iyadoo la adeegsanayo dhammaan awoodda CPU oo awood u leh inay wax ka beddelaan wax kasta, si kasta, u gooynta dhererka iyo isdhaafsiga.

Si ka soo horjeeda caqiidada caanka ah ee ka mid ah bixiyeyaasha martigelinaya OpenVZ waxay noqon doontaa mid xad dhaaf ah, laakiin KVM ma noqon doonto - nasiib wanaag kan dambe, KVM hadda maaha mid ka sii daraya walaalkeed.

Maxaan qaadi doonaa?

Maadooyinka tijaabada ah ee wareejinta, waxay ahayd inaan isticmaalno dhammaan kaynta nidaamyada hawlgalka ee laga heli karo OpenVZ: CentOS (noocyada 6 iyo 7), Ubuntu (14, 16 iyo 18 LTS), Debian 7.

Waxaa loo malaynayay in badi weelasha OpenVZ ay horeba u shaqaynayeen nooc ka mid ah LAMP, iyo qaar xitaa haysteen software gaar ah. Inta badan, kuwani waxay ahaayeen isku xidhka maamulaha ISP, guddiga xakamaynta VestaCP (iyo inta badan, aan la cusboonaysiin sannado). Codsiyadooda wareejinta waa in sidoo kale la tixgeliyaa.

Socdaalka waxaa la sameeyaa iyadoo la ilaalinayo ciwaanka IP-ga ee weelka la wareejiyay; waxaan u qaadaneynaa in IP-ga weelku lahaa uu ku keydsan yahay VM oo uu ku shaqeyn doono dhibaato la'aan.

Kahor wareejinta, aan hubino in aan wax walba gacanta ku hayno:

Adeegga furan ee VZ, xidid buuxa ee mashiinka martida loo yahay, awood uu ku joojiyo/kor u qaado/bilaabo/tirto weelasha
Server-ka KVM, xidid buuxa ee mashiinka martida loo yahay, oo leh dhammaan waxa ay tilmaamayso. Waxaa loo malaynayaa in wax walba mar hore la habeeyey oo diyaar u ah inuu tago.

Aan bilowno wareejinta

Kahor intaanan bilaabin wareejinta, aynu qeexno ereyada kaa caawin doona inaad ka fogaato jahwareerka:

KVM_NODE - KVM mashiinka martida loo yahay
VZ_NODE - Mashiinka martida loo yahay ee OpenVZ
CTID - weel furanVZ
VM - KVM server dalwaddii

U diyaargarowga socdaalka iyo abuurista mashiinnada casriga ah.

talaabo 1

Maadaama aan u baahanahay inaan weelka u guurno meel, waan abuuri doonaa VM oo leh qaabayn la mid ah KVM_NODE.
Muhiim! Waxaad u baahan tahay inaad ku abuurto VM nidaamka hawlgalka ee hadda ku shaqeeya CTID. Tusaale ahaan, haddii Ubuntu 14 lagu rakibo CTID-da, markaa Ubuntu 14 waa in lagu rakibaa VM-ga, noocyada yar yar maahan muhiim, farqigoodu maaha mid aad muhiim u ah, laakiin noocyada waaweyni waa inay isku mid noqdaan.

Kadib abuurista VM-ka, waxaan cusbooneysiin doonaa xirmooyinka CTID-ga iyo VM-ka (ma aha in lagu jahwareeriyo cusboonaysiinta OS-ma cusbooneysiinno, kaliya waxaan cusbooneysiineynaa xirmooyinka iyo, haddii ay timaado, nooca OS ee gudaha ugu weyn version).

CentOS nidaamkani wuxuu u muuqdaa mid aan dhib lahayn:

# yum clean all
# yum update -y

Oo aan waxyeello u yarayn Ubuntu iyo Debian:

# apt-get update
# apt-get upgrade

talaabo 2

Ku rakib CTID, VZ_NODE и VM utility rsync:

CentOS:

# yum install rsync -y

Debian, Ubuntu:

# apt-get install rsync -y

Wax kale kuma rakibno halkaas ama halkaas.

talaabo 3

Waxaan sameynaa joogsi CTID on VZ_NODE kooxda

vzctl stop CTID

Kordhinta sawirka CTID:

vzctl mount CTID

Tag /vz/root/ folderCTID oo fuliya

mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .

Hoosta xididka, samee fayl /root/exclude.txt - waxay ku jiri doontaa liis ka reeban oo aan heli doonin serverka cusub

/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3

Waxaan ku xidhna KVM_NODE oo aan bilowno VMsi ay u shaqeyso oo looga heli karo shabakada.

Hadda wax walba waa u diyaar wareejinta. Tag!

talaabo 4

Weli sixir-bararka, waanu fulinaynaa

rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/

Amarka rsync wuxuu fulin doonaa wareejinta, waxaan rajeyneynaa in furayaashu ay cad yihiin - wareejinta waxaa lagu fuliyaa ilaalinta calaamadaha, xuquuqaha gelitaanka, milkiilayaasha iyo kooxaha, iyo sirta ayaa naafo ah xawaare weyn (waxaad isticmaali kartaa xoogaa dhakhso ah, laakiin tani maaha mid aad muhiim ugu ah hawshan) , sidoo kale cadaadisku waa naafo.

Kadib markaad dhameysato rsync, ka bax chroot (adigoo riixaya ctrl+d) oo fuli

umount dev && umount proc && umount sys && cd .. && vzctl umount CTID

talaabo 5

Aan sameyno dhowr tillaabo oo naga caawin doona inaan bilowno VM ka dib markii laga soo wareejiyo OpenVZ.
On server-yada leh Systemd aan fulino amar naga caawin doona in aan galno console-ka caadiga ah, tusaale ahaan, iyada oo loo marayo shaashadda server-ka VNC

mv /etc/systemd/system/getty.target.wants/[email protected] /etc/systemd/system/getty.target.wants/[email protected]

On server-yada CentOS 6 и CentOS 7 Hubi inaad rakibto kernel cusub:

yum install kernel-$(uname -r)

Seerfarka waa laga soo shuban karaa, laakiin wareejinta ka dib waxaa laga yaabaa inuu joojiyo shaqada ama la tirtiro.

Serverka CentOS 7 waxaad u baahan tahay inaad codsatid hagaajin yar oo loogu talagalay PolkitD, haddii kale serverku wuu burburi doonaa weligiis:

getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }

getent passwd polkitd >/dev/null 
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }

rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }

Dhammaan server-yada, haddii mod_fcgid ee Apache lagu rakibay, waxaanu samayn doonaa hagaajin yar oo xuquuq leh, haddii kale goobaha isticmaalaya mod_fcgid waxay ku burburi doonaan qaladka 500:

chmod +s `which suexec` && apachectl restart

Iyo waxa ugu dambeeya ayaa faa'iido u leh qaybinta Ubuntu iyo Debian. OS-kan waxaa laga yaabaa inuu ku dhaco boot weligeed ah oo cilad wadata

si degdeg ah ciqaab dil ah oo yar

aan fiicneyn, laakiin si fudud u go'an, iyadoo ku xiran nooca OS.

In Debian 9 hagaajintu waxay u egtahay sidan:

waanu fulinaynaa

dbus-uuidgen

haddii aan khalad helno

/usr/local/lib/libdbus-1.so.3: nooca 'LIBDBUS_PRIVATE_1.10.8' lama helin

hubi joogitaanka LIBDBUS

ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15 
libdbus-1.so.3.14.15 <-- нужен этот
libdbus-1.so.3.14.16

haddii wax walba ay hagaagsan yihiin, waan sameynaa

cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15  libdbus-1.so.3

Haddii aysan ku caawin, isku day ikhtiyaarka labaad.

Xalka labaad ee dhibaatada leh ciqaab dil ah oo yar Ku habboon ku dhawaad dhammaan qaybinta Ubuntu iyo Debian.

Waan fulinaa

bash -x /var/lib/dpkg/info/dbus.postinst configure

Iyo Ubuntu 14, Debian 7 Intaa waxaa dheer waxaan fulinaa:

adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus

rm -rf /etc/init.d/modules_dep.sh

Maxaan samaynay? Waxaan soo celinay messagebus, kaas oo ka maqnaa inuu ku shaqeeyo Debian/Ubuntu, waxaana ka saarnay modules_dep, kaas oo ka yimid OpenVZ oo farageliyay rarista qaybo badan oo kernel ah.

talaabo 6

Waxaan dib u kicinay VM-ka, hubi VNC sida ay u socoto rarka iyo, sida ugu habboon, wax walba waxay ku shubmi doonaan dhibaato la'aan. In kasta oo ay dhici karto in dhibaatooyin gaar ah ay soo baxaan tahriibka ka dib, haddana waa kuwa ka baxsan qodobkan oo la sixi doono marka ay soo baxaan.

Waxaan rajeynayaa in macluumaadkani uu faa'iido leeyahay! 🙂

Source: www.habr.com

Sida weelka OpenVZ 6 loogu wareejiyo server-ka KVM madax xanuun la'aan

Barnaamij waxbarasho oo yar: waa maxay OpenVZ iyo waa maxay KVM?

Maxaan qaadi doonaa?

Aan bilowno wareejinta

U diyaargarowga socdaalka iyo abuurista mashiinnada casriga ah.

Add a comment cancel reply