Noma ubani oke wadinga ukudlulisa isiqukathi se-OpenVZ kuseva ene-KVM ebonakalayo egcwele okungenani kanye empilweni yakhe uhlangabezane nezinkinga ezithile:
- Ulwazi oluningi luphelelwe yisikhathi futhi belufanelekile kuma-OS asedlule isikhathi eside umjikelezo we-EOL
- Ulwazi oluhlukile luhlale luhlinzekwa kumasistimu wokusebenza ahlukene, futhi amaphutha angenzeka ngesikhathi sokuthutha awalokothi acatshangelwe
- Kwesinye isikhathi kufanele ubhekane nezilungiselelo ezingafuni ukusebenza njalo ngemuva kokufuduka
Uma udlulisa iseva engu-1, ungakwazi njalo ukulungisa okuthile empukaneni, kodwa uma udlulisela lonke iqoqo?
Kulesi sihloko ngizozama ukukutshela ukuthi ungathutha kanjani kahle isiqukathi se-OpenVZ siye ku-KVM esinesikhathi esincane sokuphumula nesixazululo esisheshayo kuzo zonke izinkinga.
Uhlelo oluncane lwezemfundo: yini i-OpenVZ futhi iyini i-KVM?
Ngeke singene sijule kumatemu, kodwa sizothi ngokwejwayelekile:
I-OpenVZ - i-virtualization ezingeni lesistimu yokusebenza, ungayisebenzisa ngisho ku-microwave, njengoba asikho isidingo semiyalo ye-CPU nobuchwepheshe be-virtualization emshinini wokusingathwa.
I-KVM - I-virtualization egcwele ngokugcwele, isebenzisa wonke amandla e-CPU futhi ikwazi ukwenza noma yini, nganoma iyiphi indlela, ukuyisika ngobude nangokuwela.
Ngokuphambene nenkolelo evamile yokuthi phakathi kwabahlinzeki bokusingatha i-OpenVZ izodayiswa kakhulu, kodwa i-KVM ngeke - ngenhlanhla yokugcina, i-KVM manje ayithengiswa kakhulu kunomfowabo.
Yini esizoyithwala?
Njengezihloko zokuhlola zokudlulisa, kudingeke ukuthi sisebenzise lonke ihlathi lamasistimu okusebenza atholakala ku-OpenVZ: CentOS (izinguqulo ezingu-6 nezingu-7), Ubuntu (14, 16 kanye ne-18 LTS), i-Debian 7.
Kwakucatshangwa ukuthi iningi leziqukathi ze-OpenVZ zase zivele zisebenzisa uhlobo oluthile lwe-LAMP, futhi ezinye zinesofthiwe ecacile kakhulu. Imvamisa, lokhu kwakuwukucushwa nge-ISPmanager, iphaneli yokulawula ye-VestaCP (futhi ngokuvamile, ayivuselelwa iminyaka). Izicelo zabo zokudlulisa kumele zicatshangelwe.
Ukuthutha kwenziwa ngenkathi kugcinwa ikheli le-IP lesiqukathi esidlulisiwe; sizothatha ngokuthi i-IP isiqukathi esasinayo ilondolozwe ku-VM futhi izosebenza ngaphandle kwezinkinga.
Ngaphambi kokudlulisa, asiqinisekise ukuthi sinakho konke esandleni:
- Iseva ye-OpenVZ, ukufinyelela okugcwele kwempande emshinini wokusingathwa, ikhono lokumisa/ukukhweza/ukuqalisa/ukususa iziqukathi
- Iseva ye-KVM, ukufinyelela okugcwele kwempande emshinini wokusingathwa, nakho konke okushoyo. Kucatshangwa ukuthi yonke into isivele isilungisiwe futhi isilungele ukuhamba.
Masiqale ukudlulisa
Ngaphambi kokuthi siqale ukudlulisa, ake sichaze amatemu azokusiza ugweme ukudideka:
KVM_NODE - Umshini wokusingathwa kwe-KVM
VZ_NODE - Umshini wokubamba i-OpenVZ
I-CTID - Isitsha se-OpenVZ
VM - Iseva ye-KVM ebonakalayo
Ukulungiselela ukuthutha nokudala imishini ebonakalayo.
Isinyathelo 1
Njengoba sidinga ukuhambisa isitsha endaweni ethile, sizodala VM ngokucushwa okufanayo kokuthi KVM_NODE.
Kubalulekile! Udinga ukudala i-VM kusistimu yokusebenza esebenza ku-CTID okwamanje. Isibonelo, uma i-Ubuntu 14 ifakwe ku-CTID, khona-ke i-Ubuntu 14 kufanele ifakwe ku-VM. Izinguqulo ezincane azibalulekile futhi ukungafani kwazo akubalulekile kangako, kodwa izinguqulo ezinkulu kufanele zifane.
Ngemuva kokudala i-VM, sizobuyekeza amaphakheji ku-CTID naku-VM (akufanele kudidaniswe nokuvuselela i-OS - asiyibuyekezi, sibuyekeza amaphakheji kuphela futhi, uma ifika, inguqulo ye-OS ngaphakathi kwe-main main. inguqulo).
Ku-CentOS le nqubo ibonakala ingenabungozi:
# yum clean all
# yum update -yFuthi okungeyona ingozi ku-Ubuntu ne-Debian:
# apt-get update
# apt-get upgradeIsinyathelo 2
Faka kuvuliwe I-CTID, VZ_NODE ΠΈ VM usizo rsync:
I-CentOS:
# yum install rsync -yI-Debian, Ubuntu:
# apt-get install rsync -yAsifaki okunye okunye lapho noma lapho.
Isinyathelo 3
Siyama I-CTID on VZ_NODE iqembu
vzctl stop CTIDUkukhweza isithombe I-CTID:
vzctl mount CTIDIya ku /vz/root/ ifoldaI-CTID futhi akhiphe
mount --bind /dev dev && mount --bind /sys sys && mount --bind /proc proc && chroot .Ngaphansi kwempande, dala ifayela /root/exclude.txt - lizoqukatha uhlu lwezinto ezihlukile ezingeke zifinyelele kuseva entsha.
/boot
/proc
/sys
/tmp
/dev
/var/lock
/etc/fstab
/etc/mtab
/etc/resolv.conf
/etc/conf.d/net
/etc/network/interfaces
/etc/networks
/etc/sysconfig/network*
/etc/sysconfig/hwconf
/etc/sysconfig/ip6tables-config
/etc/sysconfig/kernel
/etc/hostname
/etc/HOSTNAME
/etc/hosts
/etc/modprobe*
/etc/modules
/net
/lib/modules
/etc/rc.conf
/usr/share/nova-agent*
/usr/sbin/nova-agent*
/etc/init.d/nova-agent*
/etc/ips
/etc/ipaddrpool
/etc/ips.dnsmaster
/etc/resolv.conf
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-ens3Xhuma ku KVM_NODE futhi uqalise wethu VMukuze isebenze futhi ifinyeleleke ngenethiwekhi.
Manje yonke into isilungele ukudluliswa. Hamba!
Isinyathelo 4
Namanje ngaphansi kwesipelingi, siyadlala
rsync --exclude-from="/root/exclude.txt" --numeric-ids -avpogtStlHz --progress -e "ssh -T -o Compression=no -x" / root@KVM_NODE:/Umyalo we-rsync uzokwenza ukudlulisa, sithemba ukuthi okhiye bacacile - ukudlulisa kwenziwa ngokulondolozwa kwama-symlink, amalungelo okufinyelela, abanikazi namaqembu, futhi ukubethela kukhutshaziwe ngesivinini esikhulu (ungasebenzisa i-cipher esheshayo, kodwa lokhu akubalulekile kangako kulo msebenzi) , kanye nokucindezelwa kukhutshaziwe.
Ngemva kokuqeda i-rsync, phuma ku-chroot (ngokucindezela u-ctrl+d) bese ukhipha
umount dev && umount proc && umount sys && cd .. && vzctl umount CTIDIsinyathelo 5
Masenze izinyathelo ezimbalwa ezizosisiza ukuthi sethule i-VM ngemva kokudlulisa sisuka ku-OpenVZ.
Kumaseva ane I-Systemd ake sikhiphe umyalo ozosisiza ukuthi singene kukhonsoli evamile, isibonelo, ngesikrini seseva ye-VNC
mv /etc/systemd/system/getty.target.wants/[email protected] /etc/systemd/system/getty.target.wants/[email protected]Kumaseva I-CentOS 6 ΠΈ I-CentOS 7 Qiniseka ukuthi ufaka i-kernel entsha:
yum install kernel-$(uname -r)Iseva ingalayishwa kuyo, kodwa ngemva kokudlulisa ingase iyeke ukusebenza noma isuswe.
Kuseva I-CentOS 7 udinga ukufaka ukulungisa okuncane kwe-PolkitD, ngaphandle kwalokho iseva izophahlazeka unomphela:
getent group polkitd >/dev/null && echo -e "e[1;32mpolkitd group already existse[0m" || { groupadd -r polkitd && echo -e "e[1;33mAdded missing polkitd groupe[0m" || echo -e "e[1;31mAdding polkitd group FAILEDe[0m"; }
getent passwd polkitd >/dev/null
&& echo -e "e[1;32mpolkitd user already existse[0m" || { useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd && echo -e "e[1;33mAdded missing polkitd usere[0m" || echo -e "e[1;31mAdding polkitd user FAILEDe[0m"; }
rpm -Va polkit* && echo -e "e[1;32mpolkit* rpm verification passede[0m" || { echo -e "e[1;33mResetting polkit* rpm user/group ownership & permse[0m"; rpm --setugids polkit polkit-pkla-compat; rpm --setperms polkit polkit-pkla-compat; }Kuwo wonke amaseva, uma i-mod_fcgid ye-Apache ifakiwe, sizokwenza ukulungisa okuncane ngamalungelo, ngaphandle kwalokho amasayithi asebenzisa i-mod_fcgid azophahlazeka ngephutha 500:
chmod +s `which suexec` && apachectl restartFuthi into yokugcina iwusizo ekusatshalalisweni kwe-Ubuntu ne-Debian. Le OS ingase iphahlazeke ebhuthini yaphakade ngephutha
iluphu ngokushesha kakhulu. throttling ukubulawa kancane
ezingemnandi, kodwa zilungiswe kalula, kuye ngenguqulo ye-OS.
In I-Debian 9 ukulungiswa kubukeka kanje:
senza
dbus-uuidgenuma sithola iphutha
/usr/local/lib/libdbus-1.so.3: inguqulo `LIBDBUS_PRIVATE_1.10.8β² ayitholakali
hlola ubukhona be-LIBDBUS
ls -la /lib/x86_64-linux-gnu | grep dbus
libdbus-1.so.3 -> libdbus-1.so.3.14.15
libdbus-1.so.3.14.15 <-- Π½ΡΠΆΠ΅Π½ ΡΡΠΎΡ
libdbus-1.so.3.14.16uma konke kuhlelekile, siyakwenza
cd /lib/x86_64-linux-gnu
rm -rf libdbus-1.so.3
ln -s libdbus-1.so.3.14.15 libdbus-1.so.3Uma kungasizi, zama inketho yesibili.
Isixazululo sesibili senkinga nge throttling ukubulawa kancane Ifanele cishe konke ukusatshalaliswa kwe-Ubuntu ne-Debian.
Siyaqhuba
bash -x /var/lib/dpkg/info/dbus.postinst configureFuthi for Ubuntu 14, I-Debian 7 Ngaphezu kwalokho senza:
adduser --system --home /nonexistent --no-create-home --disabled-password --group messagebus
rm -rf /etc/init.d/modules_dep.sh Senzeni? Sibuyisele i-messagebus, ebingekho ukusebenzisa i-Debian/Ubuntu, futhi sakhipha amamojula_dep, avela ku-OpenVZ futhi aphazamisa ukulayishwa kwamamojula amaningi e-kernel.
Isinyathelo 6
Siqalisa kabusha i-VM, hlola ku-VNC ukuthi ukulayisha kuqhubeka kanjani futhi, kuhle, yonke into izolayisha ngaphandle kwezinkinga. Nakuba kungenzeka ukuthi ezinye izinkinga ezithile zizovela ngemva kokufuduka, zingaphezu kobubanzi balesi sihloko futhi zizolungiswa njengoba zivela.
Ngethemba ukuthi lolu lwazi luwusizo! π
Source: www.habr.com