Nabani na obedinga ukudlulisa isikhongozeli se-OpenVZ kwiseva ene-KVM epheleleyo ubuncinane kanye ebomini bakhe uye wadibana neengxaki ezithile:
- Uninzi lolwazi luphelelwe lixesha kwaye lwalufanelekile kwii-OS ezazidlulile ixesha elide kumjikelo we-EOL
- Ulwazi olwahlukileyo luhlala lunikezelwa kwiinkqubo ezahlukeneyo zokusebenza, kwaye iimpazamo ezinokwenzeka ngexesha lokufuduka azizange ziqwalaselwe
- Ngamanye amaxesha kufuneka ujongane noqwalaselo oluthi rhoqo ngoku kwaye emva koko ungafuni ukusebenza emva kokufuduka
Xa uthumela iseva e-1, unokuhlala ulungisa into ethile kwi-fly, kodwa xa uhambisa iqela elipheleleyo?
Kweli nqaku ndiza kuzama ukukuxelela indlela yokufuduka ngokuchanekileyo isikhongozeli se-OpenVZ siye kwi-KVM kunye nexesha elincinci lokuphumla kunye nesisombululo esikhawulezayo kuzo zonke iingxaki.
Inkqubo encinci yemfundo: yintoni i-OpenVZ kwaye yintoni i-KVM?
Asiyi kungena nzulu kwisigama, kodwa siya kuthi ngokwemiqathango ngokubanzi:
OpenVZ -I-virtualization kwinqanaba lenkqubo yokusebenza, unokude uyibeke kwi-microwave, kuba akukho mfuneko yemiyalelo ye-CPU kunye nobuchwepheshe be-virtualization kumatshini wokubamba.
KVM -Ukubona ngokupheleleyo, kusetyenziswa onke amandla e-CPU kwaye iyakwazi ukwenza nantoni na, nangayiphi na indlela, ukuyisika ngobude nangokunqamlezayo.
Ngokuchasene nenkolelo ethandwayo yokuba phakathi kwabanikezeli bokusingatha i-OpenVZ iya kuthengiswa kakhulu, kodwa i-KVM ayiyi-ngethamsanqa leyamva, i-KVM ngoku ayithengiswanga kakhulu kunomntakwabo.
Siza kuthwala ntoni?
Njengezifundo zovavanyo lokudluliselwa, kwafuneka sisebenzise ihlathi lonke leenkqubo zokusebenza ezikhoyo kwi-OpenVZ: I-CentOS (i-6 kunye ne-7 iinguqulelo), Ubuntu (14, 16 kunye ne-18 LTS), i-Debian 7.
Kwakucingelwa ukuba uninzi lwezikhongozeli ze-OpenVZ zazisele ziqhuba uhlobo oluthile lwe-LAMP, kwaye ezinye zinesoftware ethile. Amaxesha amaninzi, ezi ibilulungelelwaniso kunye ne-ISPmanager, iphaneli yolawulo yeVestaCP (kwaye rhoqo, ayihlaziywanga iminyaka). Izicelo zabo zotshintshelo kufuneka zithathelwe ingqalelo.
Ukufuduka kuqhutyelwa ngelixa kugcinwe idilesi ye-IP yesikhongozeli esigqithisiweyo; siya kucinga ukuba i-IP eyayinayo i-container igcinwe kwi-VM kwaye iya kusebenza ngaphandle kweengxaki.
Ngaphambi kokudlulisela, masiqinisekise ukuba sinayo yonke into esandleni:
- Iseva ye-OpenVZ, ukufikelela ngokupheleleyo kweengcambu kumatshini wokusingatha, ukukwazi ukumisa / ukukhwela / ukuqala / ukucima izitya
- Umncedisi we-KVM, ufikelelo olupheleleyo lweengcambu kumatshini wokusingatha, nayo yonke into ekuthethwa ngayo. Kucingelwa ukuba yonke into sele icwangcisiwe kwaye ilungele ukuhamba.
Masiqale ukudlulisa
Phambi kokuba siqale udluliselo, makhe sichaze amagama aya kukunceda uphephe ukubhideka:
KVM_NODE -Umatshini wokusingatha i-KVM
VZ_NODE -Umatshini wokusingatha i-OpenVZ
I-CTID -Isikhongozeli se-OpenVZ
VM -KVM iseva yenyani
Ukulungiselela ukufuduka kunye nokudala oomatshini benyani.
Isinyathelo 1
Ekubeni kufuneka sihambise isitya kwindawo ethile, siya kudala VM ngoqwalaselo olufanayo kwi KVM_NODE.
Kubalulekile! Kufuneka wenze i-VM kwinkqubo yokusebenza esebenzayo ngoku kwi-CTID. Ngokomzekelo, ukuba i-Ubuntu 14 ifakwe kwi-CTID, ngoko Ubuntu 14 kufuneka ifakwe kwi-VM. Iinguqulelo ezincinci azibalulekanga kwaye ukungafani kwazo akubalulekanga kangako, kodwa iinguqulelo ezinkulu kufuneka zifane.
Emva kokudala i-VM, siya kuhlaziya iipakethi kwi-CTID nakwi-VM (ukuba singadideki nokuhlaziya i-OS - asiyihlaziyi, sihlaziya kuphela iipakethi kwaye, ukuba ifikile, inguqulo ye-OS ngaphakathi kweyona nto iphambili." inguqulelo).
Kwi-CentOS le nkqubo ibonakala ingenabungozi:
# yum clean all
# yum update -yKwaye akukho bungozi buncinci ku-Ubuntu kunye neDebian:
# apt-get update
# apt-get upgradeIsinyathelo 2
Faka kwi I-CTID, VZ_NODE ΠΈ VM into eluncedo rsync:
CentOS:
# yum install rsync -yDebian, Ubuntu:
# apt-get install rsync -yAsifaki nantoni na eyenye apho okanye phaya.
Isinyathelo 3
Senza ukuma I-CTID phezu VZ_NODE Iqela
vzctl stop CTIDUkunyuswa komfanekiso I-CTID:
vzctl mount CTIDYiya kwi/vz/root/ifoldaI-CTID kwaye yenze
mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .Ngaphantsi kwengcambu, yenza ifayile /root/exclude.txt - iyakuba noluhlu lwezinto ezingaphandle ezingazukufika kumncedisi omtsha.
/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3Sidibanisa kwi KVM_NODE kwaye uqalise wethu VMukuze isebenze kwaye ifikeleleke kwinethiwekhi.
Ngoku yonke into ilungele ukudluliselwa. Hamba!
Isinyathelo 4
Sisephantsi kopelo, senza
rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/Umyalelo we-rsync uya kwenza ukudluliselwa, siyathemba ukuba izitshixo zicacile - ukudluliselwa kuqhutyelwa ngokugcinwa kwee-symlinks, amalungelo okufikelela, abanini kunye namaqela, kwaye uguqulelo luvaliwe ngenxa yesantya esikhulu (ungasebenzisa i-cipher ngokukhawuleza, kodwa oku akubalulekanga kangako kulo msebenzi) , kunye noxinzelelo luvaliwe.
Emva kokugqiba i-rsync, phuma kwi-chroot (ngokucinezela ctrl+d) kwaye wenze
umount dev && umount proc && umount sys && cd .. && vzctl umount CTIDIsinyathelo 5
Masenze amanyathelo aliqela aya kusinceda siqalise i-VM emva kokudluliselwa kwi-OpenVZ.
Kwiiseva ezine Systemd masenze umyalelo oza kusinceda singene kwiconsole eqhelekileyo, umzekelo, ngeVNC isikrini somncedisi.
mv /etc/systemd/system/getty.target.wants/[email protected] /etc/systemd/system/getty.target.wants/[email protected]Kwiiseva CentOS 6 ΠΈ CentOS 7 Qinisekisa ukufaka i-kernel entsha:
yum install kernel-$(uname -r)Iseva inokulayishwa kuyo, kodwa emva kokudluliselwa inokuyeka ukusebenza okanye icinywe.
Kwiseva CentOS 7 kufuneka ufake i-polkitD yolungiso oluncinci, kungenjalo umncedisi uya konakala ngonaphakade:
getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }
getent passwd polkitd >/dev/null
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }
rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }Kuzo zonke iiseva, ukuba i-mod_fcgid ye-Apache ifakiwe, siya kwenza ukulungiswa okuncinci ngamalungelo, kungenjalo iisayithi ezisebenzisa i-mod_fcgid ziya kuphazamiseka ngempazamo 500:
chmod +s `which suexec` && apachectl restartKwaye into yokugqibela iluncedo ku-Ubuntu kunye nokuhanjiswa kweDebian. Le OS inokuntlitheka kwi-boot yanaphakade ngempazamo
ukulophu ngokukhawuleza okukhulu. ukwenza i-throttling kancinane
engathandekiyo, kodwa ilungiswe ngokulula, kuxhomekeke kwinguqulo ye-OS.
phezu Debian 9 ukulungiswa kubonakala ngolu hlobo:
siqhuba
dbus-uuidgenukuba sifumana impazamo
/usr/local/lib/libdbus-1.so.3: inguqulelo `LIBDBUS_PRIVATE_1.10.8β² ayifunyenwanga
khangela ubukho be LIBDBUS
ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15
libdbus-1.so.3.14.15 <-- Π½ΡΠΆΠ΅Π½ ΡΡΠΎΡ
libdbus-1.so.3.14.16ukuba yonke into ime ngocwangco, siyayenza
cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15 libdbus-1.so.3Ukuba ayincedi, zama inketho yesibini.
Isisombululo sesibini kwingxaki nge ukwenza i-throttling kancinane Ifanelekile phantse yonke i-Ubuntu kunye ne-Debian distribution.
Siyaqhuba
bash -x /var/lib/dpkg/info/dbus.postinst configureKwaye ngenxa Ubuntu 14, Debian 7 Ukongeza, senza:
adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus
rm -rf /etc/init.d/modules_dep.sh Senze ntoni? Sibuyisele i-messagebus, ebingekho ukuqhuba i-Debian/Ubuntu, kwaye sasusa iimodyuli_dep, ezisuka kwi-OpenVZ kwaye zaphazamisana nokulayishwa kweemodyuli ezininzi zekernel.
Isinyathelo 6
Siqalisa kwakhona i-VM, khangela kwi-VNC ukuba ukulayisha kuqhubeka njani kwaye, ngokufanelekileyo, yonke into iya kulayisha ngaphandle kweengxaki. Nangona kunokwenzeka ukuba ezinye iingxaki ezithile ziya kubonakala emva kokufuduka, zingaphaya kwendawo yeli nqaku kwaye ziya kulungiswa njengoko zivela.
Ndiyathemba ukuba olu lwazi luluncedo! π
umthombo: www.habr.com