ProHoster > I-blog > Ukuphatha > Ungasidlulisela kanjani isitsha se-OpenVZ 6 kuseva ye-KVM ngaphandle kwekhanda elibuhlungu

Ungasidlulisela kanjani isitsha se-OpenVZ 6 kuseva ye-KVM ngaphandle kwekhanda elibuhlungu

Noma ubani oke wadinga ukudlulisa isiqukathi se-OpenVZ kuseva ene-KVM ebonakalayo egcwele okungenani kanye empilweni yakhe uhlangabezane nezinkinga ezithile:

  • Ulwazi oluningi luphelelwe yisikhathi futhi belufanelekile kuma-OS asedlule isikhathi eside umjikelezo we-EOL
  • Ulwazi oluhlukile luhlale luhlinzekwa kumasistimu wokusebenza ahlukene, futhi amaphutha angenzeka ngesikhathi sokuthutha awalokothi acatshangelwe
  • Kwesinye isikhathi kufanele ubhekane nezilungiselelo ezingafuni ukusebenza njalo ngemuva kokufuduka

Uma udlulisa iseva engu-1, ungakwazi njalo ukulungisa okuthile empukaneni, kodwa uma udlulisela lonke iqoqo?

Kulesi sihloko ngizozama ukukutshela ukuthi ungathutha kanjani kahle isiqukathi se-OpenVZ siye ku-KVM esinesikhathi esincane sokuphumula nesixazululo esisheshayo kuzo zonke izinkinga.

Uhlelo oluncane lwezemfundo: yini i-OpenVZ futhi iyini i-KVM?

Ngeke singene sijule kumatemu, kodwa sizothi ngokwejwayelekile:

I-OpenVZ - i-virtualization ezingeni lesistimu yokusebenza, ungayisebenzisa ngisho ku-microwave, njengoba asikho isidingo semiyalo ye-CPU nobuchwepheshe be-virtualization emshinini wokusingathwa.

I-KVM - I-virtualization egcwele ngokugcwele, isebenzisa wonke amandla e-CPU futhi ikwazi ukwenza noma yini, nganoma iyiphi indlela, ukuyisika ngobude nangokuwela.

Ngokuphambene nenkolelo evamile, endaweni ezungezile abahlinzeki bokusingatha I-OpenVZ ithengiswa ngokweqile, kodwa i-KVM ayithengiswa ngokweqile. Ngenhlanhla nge-KVM, manje ithengiswa ngokweqile njengoba kunjalo nangomfowabo.

Yini esizoyithwala?

Lonke ihlathi lezinhlelo zokusebenza ezitholakala ku-OpenVZ kwadingeka lisetshenziswe njengezihloko zokuhlola zokudluliselwa: CentOS (Izinguqulo ezingu-6 nezingu-7), Ubuntu (14, 16 kanye no-18 LTS), Debian 7.

Kwakucatshangwa ukuthi iningi leziqukathi ze-OpenVZ zase zivele zisebenzisa uhlobo oluthile lwe-LAMP, futhi ezinye zinesofthiwe ecacile kakhulu. Imvamisa, lokhu kwakuwukucushwa nge-ISPmanager, iphaneli yokulawula ye-VestaCP (futhi ngokuvamile, ayivuselelwa iminyaka). Izicelo zabo zokudlulisa kumele zicatshangelwe.

Ukufuduka kwenziwa ngokulondolozwa Amakheli e-IP Ngesitsha esiphathekayo, sizocabanga ukuthi ikheli le-IP lesitsha ligcinwe ku-VM futhi lizosebenza ngaphandle kwezinkinga.

Ngaphambi kokudlulisa, asiqinisekise ukuthi sinakho konke esandleni:

  • Iseva ye-OpenVZ, ukufinyelela okugcwele kwempande emshinini wokusingathwa, ikhono lokumisa/ukukhweza/ukuqalisa/ukususa iziqukathi
  • Iseva ye-KVM, ukufinyelela okugcwele kwempande emshinini wokusingathwa, nakho konke okushoyo. Kucatshangwa ukuthi yonke into isivele isilungisiwe futhi isilungele ukuhamba.

Masiqale ukudlulisa

Ngaphambi kokuthi siqale ukudlulisa, ake sichaze amatemu azokusiza ugweme ukudideka:

KVM_NODE - Umshini wokusingathwa kwe-KVM
VZ_NODE - Umshini wokubamba i-OpenVZ
I-CTID - Isitsha se-OpenVZ
VM - Iseva ye-KVM ebonakalayo

Ukulungiselela ukuthutha nokudala imishini ebonakalayo.

Isinyathelo 1

Njengoba sidinga ukuhambisa isitsha endaweni ethile, sizodala VM ngokucushwa okufanayo kokuthi KVM_NODE.
Kubalulekile! Udinga ukudala i-VM ohlelweni olufanayo lokusebenza olusebenza ku-CTID njengamanje. Isibonelo, uma i-CTID isebenza Ubuntu 14, bese udinga ukuyifaka naku-VM futhi Ubuntu 14. Izinguqulo ezincane azibalulekile futhi ukungafani kwazo akubalulekile kangako, kodwa izinguqulo ezinkulu kumele zifane.

Ngemuva kokudala i-VM, sizobuyekeza amaphakheji ku-CTID naku-VM (akufanele kudidaniswe nokuvuselela i-OS - asiyibuyekezi, sibuyekeza amaphakheji kuphela futhi, uma ifika, inguqulo ye-OS ngaphakathi kwe-main main. inguqulo).

Ukuze CentOS Le nqubo ibukeka ingenangozi:

# yum clean all
# yum update -y

Futhi akulona ingozi kangako Ubuntu, Debian:

# apt-get update
# apt-get upgrade

Isinyathelo 2

Faka kuvuliwe I-CTID, VZ_NODE и VM usizo rsync:

CentOS:

# yum install rsync -y

Debian, Ubuntu:

# apt-get install rsync -y

Asifaki okunye okunye lapho noma lapho.

Isinyathelo 3

Siyama I-CTID on VZ_NODE iqembu

vzctl stop CTID

Ukukhweza isithombe I-CTID:

vzctl mount CTID

Iya ku /vz/root/ ifoldaI-CTID futhi akhiphe

mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .

Ngaphansi kwempande, dala ifayela /root/exclude.txt - lizoqukatha uhlu lwezinto ezihlukile ezingeke zifinyelele kuseva entsha.

/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3

Xhuma ku KVM_NODE futhi uqalise wethu VMukuze isebenze futhi ifinyeleleke ngenethiwekhi.

Manje yonke into isilungele ukudluliswa. Hamba!

Isinyathelo 4

Namanje ngaphansi kwesipelingi, siyadlala

rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/

Umyalo we-rsync uzokwenza ukudlulisa, sithemba ukuthi okhiye bacacile - ukudlulisa kwenziwa ngokulondolozwa kwama-symlink, amalungelo okufinyelela, abanikazi namaqembu, futhi ukubethela kukhutshaziwe ngesivinini esikhulu (ungasebenzisa i-cipher esheshayo, kodwa lokhu akubalulekile kangako kulo msebenzi) , kanye nokucindezelwa kukhutshaziwe.

Ngemva kokuqeda i-rsync, phuma ku-chroot (ngokucindezela u-ctrl+d) bese ukhipha

umount dev && umount proc && umount sys && cd .. && vzctl umount CTID

Isinyathelo 5

Masenze izinyathelo ezimbalwa ezizosisiza ukuthi sethule i-VM ngemva kokudlulisa sisuka ku-OpenVZ.
Kumaseva ane I-Systemd ake sikhiphe umyalo ozosisiza ukuthi singene kukhonsoli evamile, isibonelo, ngesikrini seseva ye-VNC

mv /etc/systemd/system/getty.target.wants/getty@tty2.service /etc/systemd/system/getty.target.wants/getty@tty1.service

Kumaseva CentOS 6 и CentOS 7 Qiniseka ukuthi ufaka i-kernel entsha:

yum install kernel-$(uname -r)

Iseva ingalayishwa kuyo, kodwa ngemva kokudlulisa ingase iyeke ukusebenza noma isuswe.

Kuseva CentOS 7 udinga ukufaka ukulungisa okuncane kwe-PolkitD, ngaphandle kwalokho iseva izophahlazeka unomphela:

getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }

getent passwd polkitd >/dev/null 
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }

rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }

Kuwo wonke amaseva, uma i-mod_fcgid ye-Apache ifakiwe, sizokwenza ukulungisa okuncane ngamalungelo, ngaphandle kwalokho amasayithi asebenzisa i-mod_fcgid azophahlazeka ngephutha 500:

chmod +s `which suexec` && apachectl restart

Futhi okokugcina, kuzoba wusizo ku- Ubuntu, Debian ukusatshalaliswa. Le OS ingaphahlazeka ebhuthini elihlala njalo ngephutha

iluphu ngokushesha kakhulu. throttling ukubulawa kancane

ezingemnandi, kodwa zilungiswe kalula, kuye ngenguqulo ye-OS.

In Debian 9 ukulungiswa kubukeka kanje:

senza

dbus-uuidgen

uma sithola iphutha

/usr/local/lib/libdbus-1.so.3: inguqulo `LIBDBUS_PRIVATE_1.10.8′ ayitholakali

hlola ubukhona be-LIBDBUS

ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15 
libdbus-1.so.3.14.15 <-- нужен этот
libdbus-1.so.3.14.16

uma konke kuhlelekile, siyakwenza

cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15  libdbus-1.so.3

Uma kungasizi, zama inketho yesibili.

Isixazululo sesibili senkinga nge throttling ukubulawa kancane kufanelekile cishe wonke umuntu Ubuntu и Debian ukusatshalaliswa.

Siyaqhuba

bash -x /var/lib/dpkg/info/dbus.postinst configure

Futhi for Ubuntu 14, Debian 7 Ngaphezu kwalokho senza:

adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus

rm -rf /etc/init.d/modules_dep.sh

Senzeni? Sibuyisele i-messagebus, eyayingekho ekuqaleni. Debian/Ubuntu futhi sasusa ama-modules_dep, avela ku-OpenVZ futhi savimbela ama-module amaningi e-kernel ukuthi alayishe.

Isinyathelo 6

Siqalisa kabusha i-VM, hlola ku-VNC ukuthi ukulayisha kuqhubeka kanjani futhi, kuhle, yonke into izolayisha ngaphandle kwezinkinga. Nakuba kungenzeka ukuthi ezinye izinkinga ezithile zizovela ngemva kokufuduka, zingaphezu kobubanzi balesi sihloko futhi zizolungiswa njengoba zivela.

Ngethemba ukuthi lolu lwazi luwusizo! 🙂

Source: www.habr.com

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster