ProHoster > Blog > Maamulka > Sida weelka OpenVZ 6 loogu wareejiyo server-ka KVM madax xanuun la'aan

Sida weelka OpenVZ 6 loogu wareejiyo server-ka KVM madax xanuun la'aan

Qof kasta oo u baahday inuu ku wareejiyo weelka OpenVZ server-ka leh KVM-takoorka buuxa ugu yaraan hal mar noloshiisa wuxuu la kulmay dhibaatooyin:

  • Inta badan macluumaadka si fudud waa duugoobay oo waxay khusaysay OS-yada muddada dheer ka gudbay wareegga EOL
  • Macluumaad kala duwan ayaa had iyo jeer la bixiyaa nidaamyada hawlgalka ee kala duwan, iyo khaladaadka suurtagalka ah inta lagu jiro socdaalka marna lama tixgeliyo
  • Mararka qaarkood waa inaad wax ka qabataa qaabaynta kuwaas oo had iyo jeer aan rabin inaad shaqeyso ka dib socdaalka

Markaad wareejiso 1 server, mar walba waxaad hagaajin kartaa wax duulista, laakiin markaad wareejiso koox dhan?

Maqaalkan waxaan isku dayi doonaa inaan kuu sheego sida saxda ah ee loogu haajiro weelka OpenVZ ee KVM oo leh waqti yar oo yar iyo xal degdeg ah dhammaan dhibaatooyinka.

Barnaamij waxbarasho oo yar: waa maxay OpenVZ iyo waa maxay KVM?

Uma sii dheeraan doono erey-bixinta, laakiin waxaynu si guud u odhan doonnaa:

OpenVZ - Farsamaynta heerka nidaamka hawlgalka, waxaad xitaa geyn kartaa microwave-ka, maadaama aysan jirin baahi loo qabo tilmaamaha CPU iyo tignoolajiyada wax-qabadka ee mashiinka martida loo yahay.

KVM - Farsamayn buuxda, iyadoo la adeegsanayo dhammaan awoodda CPU oo awood u leh inay wax ka beddelaan wax kasta, si kasta, u gooynta dhererka iyo isdhaafsiga.

Si ka soo horjeeda aaminsanaanta caanka ah, deegaanka bixiyeyaasha martigelinta OpenVZ waa la iibiyaa, laakiin KVM ma iibsamo. Nasiib wanaag, KVM hadda si weyn ayaa loo iibiyaa sida walaalkeed oo kale.

Maxaan qaadi doonaa?

Dhammaan kaymaha nidaamyada hawlgalka ee laga heli karo OpenVZ waa in loo isticmaalo maadooyin tijaabo ah oo loogu talagalay wareejinta: CentOS (noocyada 6 iyo 7), Ubuntu (14, 16 iyo 18 LTS), Debian 7.

Waxaa loo malaynayay in badi weelasha OpenVZ ay horeba u shaqaynayeen nooc ka mid ah LAMP, iyo qaar xitaa haysteen software gaar ah. Inta badan, kuwani waxay ahaayeen isku xidhka maamulaha ISP, guddiga xakamaynta VestaCP (iyo inta badan, aan la cusboonaysiin sannado). Codsiyadooda wareejinta waa in sidoo kale la tixgeliyaa.

Tahriibka waxaa lagu sameeyaa ilaalin Ciwaanka IP-ga Weel la qaadi karo, waxaan u qaadaneynaa in cinwaanka IP-ga ee weelka uu ku jiro VM-ka oo uu si dhib la'aan ah u shaqayn doono.

Kahor wareejinta, aan hubino in aan wax walba gacanta ku hayno:

  • Adeegga furan ee VZ, xidid buuxa ee mashiinka martida loo yahay, awood uu ku joojiyo/kor u qaado/bilaabo/tirto weelasha
  • Server-ka KVM, xidid buuxa ee mashiinka martida loo yahay, oo leh dhammaan waxa ay tilmaamayso. Waxaa loo malaynayaa in wax walba mar hore la habeeyey oo diyaar u ah inuu tago.

Aan bilowno wareejinta

Kahor intaanan bilaabin wareejinta, aynu qeexno ereyada kaa caawin doona inaad ka fogaato jahwareerka:

KVM_NODE - KVM mashiinka martida loo yahay
VZ_NODE - Mashiinka martida loo yahay ee OpenVZ
CTID - weel furanVZ
VM - KVM server dalwaddii

U diyaargarowga socdaalka iyo abuurista mashiinnada casriga ah.

talaabo 1

Maadaama aan u baahanahay inaan weelka u guurno meel, waan abuuri doonaa VM oo leh qaabayn la mid ah KVM_NODE.
Muhiim! Waxaad u baahan tahay inaad abuurto VM ku shaqeeya isla nidaamka hawlgalka ee hadda ku shaqeeya CTID. Tusaale ahaan, haddii CTID uu shaqeynayo Ubuntu 14, markaa waxaad u baahan tahay inaad ku rakibto VM sidoo kale Ubuntu 14. Noocyada yaryar muhiim ma aha, kala duwanaanshahoodana aad uma aha mid aad muhiim u ah, laakiin noocyada waaweyn waa inay isku mid noqdaan.

Kadib abuurista VM-ka, waxaan cusbooneysiin doonaa xirmooyinka CTID-ga iyo VM-ka (ma aha in lagu jahwareeriyo cusboonaysiinta OS-ma cusbooneysiinno, kaliya waxaan cusbooneysiineynaa xirmooyinka iyo, haddii ay timaado, nooca OS ee gudaha ugu weyn version).

Si aad u CentOS Habkani wuxuu u muuqdaa mid aan waxyeello lahayn:

# yum clean all
# yum update -y

Oo aan waxyeello lahayn Ubuntu, Debian:

# apt-get update
# apt-get upgrade

talaabo 2

Ku rakib CTID, VZ_NODE и VM utility rsync:

CentOS:

# yum install rsync -y

Debian, Ubuntu:

# apt-get install rsync -y

Wax kale kuma rakibno halkaas ama halkaas.

talaabo 3

Waxaan sameynaa joogsi CTID on VZ_NODE kooxda

vzctl stop CTID

Kordhinta sawirka CTID:

vzctl mount CTID

Tag /vz/root/ folderCTID oo fuliya

mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .

Hoosta xididka, samee fayl /root/exclude.txt - waxay ku jiri doontaa liis ka reeban oo aan heli doonin serverka cusub

/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3

Waxaan ku xidhna KVM_NODE oo aan bilowno VMsi ay u shaqeyso oo looga heli karo shabakada.

Hadda wax walba waa u diyaar wareejinta. Tag!

talaabo 4

Weli sixir-bararka, waanu fulinaynaa

rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/

Amarka rsync wuxuu fulin doonaa wareejinta, waxaan rajeyneynaa in furayaashu ay cad yihiin - wareejinta waxaa lagu fuliyaa ilaalinta calaamadaha, xuquuqaha gelitaanka, milkiilayaasha iyo kooxaha, iyo sirta ayaa naafo ah xawaare weyn (waxaad isticmaali kartaa xoogaa dhakhso ah, laakiin tani maaha mid aad muhiim ugu ah hawshan) , sidoo kale cadaadisku waa naafo.

Kadib markaad dhameysato rsync, ka bax chroot (adigoo riixaya ctrl+d) oo fuli

umount dev && umount proc && umount sys && cd .. && vzctl umount CTID

talaabo 5

Aan sameyno dhowr tillaabo oo naga caawin doona inaan bilowno VM ka dib markii laga soo wareejiyo OpenVZ.
On server-yada leh Systemd aan fulino amar naga caawin doona in aan galno console-ka caadiga ah, tusaale ahaan, iyada oo loo marayo shaashadda server-ka VNC

mv /etc/systemd/system/getty.target.wants/getty@tty2.service /etc/systemd/system/getty.target.wants/getty@tty1.service

On server-yada CentOS 6 и CentOS 7 Hubi inaad rakibto kernel cusub:

yum install kernel-$(uname -r)

Seerfarka waa laga soo shuban karaa, laakiin wareejinta ka dib waxaa laga yaabaa inuu joojiyo shaqada ama la tirtiro.

Serverka CentOS 7 waxaad u baahan tahay inaad codsatid hagaajin yar oo loogu talagalay PolkitD, haddii kale serverku wuu burburi doonaa weligiis:

getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }

getent passwd polkitd >/dev/null 
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }

rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }

Dhammaan server-yada, haddii mod_fcgid ee Apache lagu rakibay, waxaanu samayn doonaa hagaajin yar oo xuquuq leh, haddii kale goobaha isticmaalaya mod_fcgid waxay ku burburi doonaan qaladka 500:

chmod +s `which suexec` && apachectl restart

Ugu dambeyntiina, waxay faa'iido u yeelan doontaa Ubuntu, Debian qaybinta. OS-kani wuxuu ku dhici karaa boot joogto ah oo leh qalad

si degdeg ah ciqaab dil ah oo yar

aan fiicneyn, laakiin si fudud u go'an, iyadoo ku xiran nooca OS.

In Debian 9 hagaajintu waxay u egtahay sidan:

waanu fulinaynaa

dbus-uuidgen

haddii aan khalad helno

/usr/local/lib/libdbus-1.so.3: nooca 'LIBDBUS_PRIVATE_1.10.8' lama helin

hubi joogitaanka LIBDBUS

ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15 
libdbus-1.so.3.14.15 <-- нужен этот
libdbus-1.so.3.14.16

haddii wax walba ay hagaagsan yihiin, waan sameynaa

cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15  libdbus-1.so.3

Haddii aysan ku caawin, isku day ikhtiyaarka labaad.

Xalka labaad ee dhibaatada leh ciqaab dil ah oo yar ku habboon ku dhawaad ​​​​qof walba Ubuntu и Debian qaybinta.

Waan fulinaa

bash -x /var/lib/dpkg/info/dbus.postinst configure

Iyo Ubuntu 14, Debian 7 Intaa waxaa dheer waxaan fulinaa:

adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus

rm -rf /etc/init.d/modules_dep.sh

Maxaan sameynay? Waxaan soo celinay baskii fariimaha, kaas oo ka maqnaa shirkadda bilawga ah. Debian/Ubuntu waxayna ka saareen modules_dep, kuwaas oo ka yimid OpenVZ oo ka hortagay modules badan oo kernel ah inay soo raraan.

talaabo 6

Waxaan dib u kicinay VM-ka, hubi VNC sida ay u socoto rarka iyo, sida ugu habboon, wax walba waxay ku shubmi doonaan dhibaato la'aan. In kasta oo ay dhici karto in dhibaatooyin gaar ah ay soo baxaan tahriibka ka dib, haddana waa kuwa ka baxsan qodobkan oo la sixi doono marka ay soo baxaan.

Waxaan rajeynayaa in macluumaadkani uu faa'iido leeyahay! 🙂

Source: www.habr.com

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster