ProHoster > Ibhulogi > Ulawulo > Uyidlulisela njani i-OpenVZ 6 kwi-server ye-KVM ngaphandle kweentloko

Uyidlulisela njani i-OpenVZ 6 kwi-server ye-KVM ngaphandle kweentloko

Nabani na obedinga ukudlulisa isikhongozeli se-OpenVZ kwiseva ene-KVM epheleleyo ubuncinane kanye ebomini bakhe uye wadibana neengxaki ezithile:

  • Uninzi lolwazi luphelelwe lixesha kwaye lwalufanelekile kwii-OS ezazidlulile ixesha elide kumjikelo we-EOL
  • Ulwazi olwahlukileyo luhlala lunikezelwa kwiinkqubo ezahlukeneyo zokusebenza, kwaye iimpazamo ezinokwenzeka ngexesha lokufuduka azizange ziqwalaselwe
  • Ngamanye amaxesha kufuneka ujongane noqwalaselo oluthi rhoqo ngoku kwaye emva koko ungafuni ukusebenza emva kokufuduka

Xa uthumela iseva e-1, unokuhlala ulungisa into ethile kwi-fly, kodwa xa uhambisa iqela elipheleleyo?

Kweli nqaku ndiza kuzama ukukuxelela indlela yokufuduka ngokuchanekileyo isikhongozeli se-OpenVZ siye kwi-KVM kunye nexesha elincinci lokuphumla kunye nesisombululo esikhawulezayo kuzo zonke iingxaki.

Inkqubo encinci yemfundo: yintoni i-OpenVZ kwaye yintoni i-KVM?

Asiyi kungena nzulu kwisigama, kodwa siya kuthi ngokwemiqathango ngokubanzi:

OpenVZ -I-virtualization kwinqanaba lenkqubo yokusebenza, unokude uyibeke kwi-microwave, kuba akukho mfuneko yemiyalelo ye-CPU kunye nobuchwepheshe be-virtualization kumatshini wokubamba.

KVM -Ukubona ngokupheleleyo, kusetyenziswa onke amandla e-CPU kwaye iyakwazi ukwenza nantoni na, nangayiphi na indlela, ukuyisika ngobude nangokunqamlezayo.

Ngokuchasene nenkolelo ethandwayo, kwimeko-bume ababoneleli bokusingatha I-OpenVZ ithengiswa kakhulu, kodwa i-KVM ayithengiswa kakhulu. Ngethamsanqa, i-KVM ngoku ithengiswa kakhulu kanye njengomntakwabo.

Siza kuthwala ntoni?

Lonke ihlathi leenkqubo zokusebenza ezikhoyo kwi-OpenVZ kwafuneka lisetyenziswe njengezifundo zovavanyo lokudluliselwa: CentOS (Iinguqulelo ezi-6 nezi-7), Ubuntu (14, 16 kunye ne-18 LTS), Debian 7.

Kwakucingelwa ukuba uninzi lwezikhongozeli ze-OpenVZ zazisele ziqhuba uhlobo oluthile lwe-LAMP, kwaye ezinye zinesoftware ethile. Amaxesha amaninzi, ezi ibilulungelelwaniso kunye ne-ISPmanager, iphaneli yolawulo yeVestaCP (kwaye rhoqo, ayihlaziywanga iminyaka). Izicelo zabo zotshintshelo kufuneka zithathelwe ingqalelo.

Ukufuduka kwenziwa ngokulondolozwa Iidilesi ze-IP Kwisikhongozeli esiphathwayo, siza kucinga ukuba idilesi ye-IP yesikhongozeli igcinwe kwi-VM kwaye iya kusebenza ngaphandle kweengxaki.

Ngaphambi kokudlulisela, masiqinisekise ukuba sinayo yonke into esandleni:

  • Iseva ye-OpenVZ, ukufikelela ngokupheleleyo kweengcambu kumatshini wokusingatha, ukukwazi ukumisa / ukukhwela / ukuqala / ukucima izitya
  • Umncedisi we-KVM, ufikelelo olupheleleyo lweengcambu kumatshini wokusingatha, nayo yonke into ekuthethwa ngayo. Kucingelwa ukuba yonke into sele icwangcisiwe kwaye ilungele ukuhamba.

Masiqale ukudlulisa

Phambi kokuba siqale udluliselo, makhe sichaze amagama aya kukunceda uphephe ukubhideka:

KVM_NODE -Umatshini wokusingatha i-KVM
VZ_NODE -Umatshini wokusingatha i-OpenVZ
I-CTID -Isikhongozeli se-OpenVZ
VM -KVM iseva yenyani

Ukulungiselela ukufuduka kunye nokudala oomatshini benyani.

Isinyathelo 1

Ekubeni kufuneka sihambise isitya kwindawo ethile, siya kudala VM ngoqwalaselo olufanayo kwi KVM_NODE.
Kubalulekile! Udinga ukwenza i-VM kwinkqubo efanayo yokusebenza esebenza kwi-CTID ngoku. Umzekelo, ukuba i-CTID iyasebenza Ubuntu 14, emva koko kuya kufuneka uyifake nakwi-VM Ubuntu 14. Iinguqulelo ezincinci azibalulekanga kwaye ukungangqinelani kwazo akubaluleke kangako, kodwa iinguqulelo eziphambili kufuneka zifane.

Emva kokudala i-VM, siya kuhlaziya iipakethi kwi-CTID nakwi-VM (ukuba singadideki nokuhlaziya i-OS - asiyihlaziyi, sihlaziya kuphela iipakethi kwaye, ukuba ifikile, inguqulo ye-OS ngaphakathi kweyona nto iphambili." inguqulelo).

kuba CentOS Le nkqubo ibonakala ingenabungozi:

# yum clean all
# yum update -y

Kwaye akukho nto ingenabungozi kangako Ubuntu, Debian:

# apt-get update
# apt-get upgrade

Isinyathelo 2

Faka kwi I-CTID, VZ_NODE и VM into eluncedo rsync:

CentOS:

# yum install rsync -y

Debian, Ubuntu:

# apt-get install rsync -y

Asifaki nantoni na eyenye apho okanye phaya.

Isinyathelo 3

Senza ukuma I-CTID phezu VZ_NODE Iqela

vzctl stop CTID

Ukunyuswa komfanekiso I-CTID:

vzctl mount CTID

Yiya kwi/vz/root/ifoldaI-CTID kwaye yenze

mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .

Ngaphantsi kwengcambu, yenza ifayile /root/exclude.txt - iyakuba noluhlu lwezinto ezingaphandle ezingazukufika kumncedisi omtsha.

/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3

Sidibanisa kwi KVM_NODE kwaye uqalise wethu VMukuze isebenze kwaye ifikeleleke kwinethiwekhi.

Ngoku yonke into ilungele ukudluliselwa. Hamba!

Isinyathelo 4

Sisephantsi kopelo, senza

rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/

Umyalelo we-rsync uya kwenza ukudluliselwa, siyathemba ukuba izitshixo zicacile - ukudluliselwa kuqhutyelwa ngokugcinwa kwee-symlinks, amalungelo okufikelela, abanini kunye namaqela, kwaye uguqulelo luvaliwe ngenxa yesantya esikhulu (ungasebenzisa i-cipher ngokukhawuleza, kodwa oku akubalulekanga kangako kulo msebenzi) , kunye noxinzelelo luvaliwe.

Emva kokugqiba i-rsync, phuma kwi-chroot (ngokucinezela ctrl+d) kwaye wenze

umount dev && umount proc && umount sys && cd .. && vzctl umount CTID

Isinyathelo 5

Masenze amanyathelo aliqela aya kusinceda siqalise i-VM emva kokudluliselwa kwi-OpenVZ.
Kwiiseva ezine Systemd masenze umyalelo oza kusinceda singene kwiconsole eqhelekileyo, umzekelo, ngeVNC isikrini somncedisi.

mv /etc/systemd/system/getty.target.wants/getty@tty2.service /etc/systemd/system/getty.target.wants/getty@tty1.service

Kwiiseva CentOS 6 и CentOS 7 Qinisekisa ukufaka i-kernel entsha:

yum install kernel-$(uname -r)

Iseva inokulayishwa kuyo, kodwa emva kokudluliselwa inokuyeka ukusebenza okanye icinywe.

Kwiseva CentOS 7 kufuneka ufake i-polkitD yolungiso oluncinci, kungenjalo umncedisi uya konakala ngonaphakade:

getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }

getent passwd polkitd >/dev/null 
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }

rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }

Kuzo zonke iiseva, ukuba i-mod_fcgid ye-Apache ifakiwe, siya kwenza ukulungiswa okuncinci ngamalungelo, kungenjalo iisayithi ezisebenzisa i-mod_fcgid ziya kuphazamiseka ngempazamo 500:

chmod +s `which suexec` && apachectl restart

Okokugqibela, kuya kuba luncedo Ubuntu, Debian usasazo. Le OS ingangqubana ne-permanent boot ngempazamo

ukulophu ngokukhawuleza okukhulu. ukwenza i-throttling kancinane

engathandekiyo, kodwa ilungiswe ngokulula, kuxhomekeke kwinguqulo ye-OS.

phezu Debian 9 ukulungiswa kubonakala ngolu hlobo:

siqhuba

dbus-uuidgen

ukuba sifumana impazamo

/usr/local/lib/libdbus-1.so.3: inguqulelo `LIBDBUS_PRIVATE_1.10.8′ ayifunyenwanga

khangela ubukho be LIBDBUS

ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15 
libdbus-1.so.3.14.15 <-- нужен этот
libdbus-1.so.3.14.16

ukuba yonke into ime ngocwangco, siyayenza

cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15  libdbus-1.so.3

Ukuba ayincedi, zama inketho yesibini.

Isisombululo sesibini kwingxaki nge ukwenza i-throttling kancinane ifanelekile phantse kuwo wonke umntu Ubuntu и Debian usasazo.

Siyaqhuba

bash -x /var/lib/dpkg/info/dbus.postinst configure

Kwaye ngenxa Ubuntu 14, Debian 7 Ukongeza, senza:

adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus

rm -rf /etc/init.d/modules_dep.sh

Senze ntoni? Sibuyisele i-messagebus, eyayingekho xa kuqaliswa ikhompyutha. Debian/Ubuntu kwaye yasusa ii-modules_dep, ezivela kwi-OpenVZ kwaye zathintela ii-modules ezininzi ze-kernel ekulayisheni.

Isinyathelo 6

Siqalisa kwakhona i-VM, khangela kwi-VNC ukuba ukulayisha kuqhubeka njani kwaye, ngokufanelekileyo, yonke into iya kulayisha ngaphandle kweengxaki. Nangona kunokwenzeka ukuba ezinye iingxaki ezithile ziya kubonakala emva kokufuduka, zingaphaya kwendawo yeli nqaku kwaye ziya kulungiswa njengoko zivela.

Ndiyathemba ukuba olu lwazi luluncedo! 🙂

umthombo: www.habr.com

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster