在 CentOS 7 作業系統進行 OpenVZ 7 安裝
第一次在開源中國發表博文,容我自我簡單介紹一下。我是來自ExtMail的運維人員,一直致力於ExtMail執行環境與系統熱備互備方面的研究。今天帶來關於OpenVZ 7 的安裝博文,現使用虛擬硬體式技術的企業或個人都傾向於Vmware 或者微軟的Hyper-V 使用容器式虛擬化技術的企業或個人都傾向於使用 Docker 、LXC 技術。OpenVZ 7 使用的虛擬化技術包含了 容器式與硬體式虛擬機器技術,具體就是 OpenVZ 自家的容器式技術與KVM硬體式虛擬化技術,當然 Docker 也可允許在容器式虛擬機器內。
1. 安裝前準備
- 準備好有
- 準備好最新 CentOS7 迷你版本iso 光碟,或使用 rufus 刻進usb內。
- 磁碟劃分,/ 根分割槽 ext4 /boot 分割槽 ext4 /vz 分割槽 ext4 最後就是 swap
2. 一鍵安裝指令碼,包含了Fail2ban 對 SSH 22 埠的密碼暴力破解保護。
#!/bin/bash # Defined Var YUM=/usr/bin/yum SED=/bin/sed RPM=/bin/rpm SYS=/usr/bin/systemctl # Add epel cat > /etc/yum.repos.d/epel.repo <<EOF [epel] name=Extra Packages for Enterprise Linux 7 - \$basearch #baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=\$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [epel-debuginfo] name=Extra Packages for Enterprise Linux 7 - \$basearch - Debug #baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch/debug metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=\$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=1 [epel-source] name=Extra Packages for Enterprise Linux 7 - \$basearch - Source #baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=\$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=1 EOF # Add epel-testing cat > /etc/yum.repos.d/epel-testing.repo <<EOF [epel-testing] name=Extra Packages for Enterprise Linux 7 - Testing - \$basearch #baseurl=http://download.fedoraproject.org/pub/epel/testing/7/\$basearch metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-epel7&arch=\$basearch failovermethod=priority enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [epel-testing-debuginfo] name=Extra Packages for Enterprise Linux 7 - Testing - \$basearch - Debug #baseurl=http://download.fedoraproject.org/pub/epel/testing/7/\$basearch/debug metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel7&arch=\$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=1 [epel-testing-source] name=Extra Packages for Enterprise Linux 7 - Testing - \$basearch - Source #baseurl=http://download.fedoraproject.org/pub/epel/testing/7/SRPMS metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel7&arch=\$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=1 EOF # Import OpenVZ $RPM --import http://download.openvz.org/RPM-GPG-Key-OpenVZ $RPM --import https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 $YUM install https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/Packages/o/openvz-release-7.0.8-4.vz7.x86_64.rpm -y # Yum Make Cache $YUM makecache # Yum Install Base $YUM install yum-plugin-priorities telnet bind-utils vim-en* lrzsz wget iptables-services net-tools psmisc -y # Yum Update $YUM update -y # startup network or postalias will complain error $SED -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux $SED -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # Clean UP Iptables echo '' > /etc/sysconfig/iptables # Install OpenVZ $YUM install prlctl prl-disp-service vzkernel ploop prl-disk-tool -y # Install fail2ban $YUM install fail2ban fail2ban-systemd -y # Add fail2ban sshd.local cat > /etc/fail2ban/jail.d/sshd.local << EOF [sshd] enabled = true filter = sshd action = iptables[name=sshd-ban, port=ssh, protocol=tcp] findtime =60 bantime = 600 maxretry = 3 EOF $SYS enable fail2ban echo "Now Reboot System" echo -n "." sleep 1; echo -n "." sleep 1; echo -n "." sleep 1; echo -n "." sleep 1; echo -n "." sleep 1; echo -n "." sleep 1; echo -n "." sync;sync;sync;sync; reboot
3. 簡單而基本命令
- 檢視虛擬機器 prlctl list -a
UUID唯一標識 狀態 IP地址 型別 名稱 UUID STATUS IP_ADDR T NAME {4cc24118-b7a1-408a-9af8-caaf492e26c7} running 192.168.1.164 CT 164 {bada9314-1050-4fe5-8865-4edf93c97c0f} running - VM CentOS7 {c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7} stopped - VM MyVM
- 檢視已安裝的容器式模版 vzpkg list -O
- 檢視線上可用的模版 vzpkg list --available
centos-6-x86_64 openvz-os
centos-7-x86_64 openvz-os
debian-7.0-x86_64 openvz-os
debian-8.0-x86_64 openvz-os
debian-9.0-x86_64 openvz-os
fedora-23-x86_64 openvz-os
sles-11-x86_64 openvz-os
sles-12-x86_64 openvz-os
suse-42.1-x86_64 openvz-os
suse-42.2-x86_64 openvz-os
suse-42.3-x86_64 openvz-os
ubuntu-14.04-x86_64 openvz-os
ubuntu-16.04-x86_64 openvz-os
ubuntu-17.10-x86_64 openvz-os
ubuntu-18.04-x86_64 openvz-os
- 預安裝線上模版
vzpkg install template centos-6-x86_64
- 建立線上預安裝的模版
vzpkg create cache centos-6-x86_64
- 建立容器式虛擬機器
prlctl create MyCT --vmtype ct
- 設定容器式虛擬機器使用的系統模版
prlctl set MyCT --ostemplate centos-6-x86_64
- 設定資源
prlctl set MyCT --cpus 8 --memsize 8G --swap 4G
- 設定網路
prlctl set MyCT --ipadd 192.168.1.x
- 建立硬體式虛擬機器
prlctl create MyVM --vmtype vm -d centos7
- 硬體式虛擬機器支援的作業系統
Windows Server 2016 、2012、2012 R2 2008 R2
CentOS 5、6、7 x86_64
Debian 8、9 x86_64
Ubuntu 14-18 x86_64
- 掛載光碟ISO檔案
prlctl set MyVM --device-set cdrom0 --image /vz/iso/CentOS-7-x86_64-Minimal-1804.iso
- 設定資源
prlctl set MyVM --cpus 8 --memsize 8G
- 修改預設磁碟容量(預設值為 64G)
prl_disk_tool resize --hdd /vz/vmprivate/c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7/harddisk.hdd --size 30G
- 設定VNC服務
prlctl set MyVM --vnc-mode manual --vnc-port 5902 --vnc-passwd linseek --vnc-address 0.0.0.0 / 127.0.0.1
- 檢視虛擬機器資訊
prlctl list --info MyVM
ID: {c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7}
EnvID: 1193083609
Name: MyVM
Description:
Type: VM
State: stopped
OS: centos7
Template: no
Uptime: 00:00:00 (since 2018-09-10 11:28:59)
Home: /vz/vmprivate/c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7/
Owner: [email protected]
GuestTools: state=not_installed
GuestTools autoupdate: on
Autostart: off
Autostop: shutdown
Autocompact: off
Boot order: hdd0 cdrom0 net0
EFI boot: off
Allow select boot device: off
External boot device:
On guest crash: restart
Remote display: mode=manual port=5902 address=127.0.0.1
Remote display state: stopped
Hardware:
cpu sockets=1 cpus=8 cores=8 VT-x accl=high mode=64 ioprio=4 iolimit='0'
memory 8192Mb
video 32Mb 3d acceleration=off vertical sync=yes
memory_guarantee auto
hdd0 (+) scsi:0 image='/vz/vmprivate/c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7/harddisk.hdd' type='expanded' 30720Mb subtype=virtio-scsi
cdrom0 (+) scsi:1 image='/vz/iso/CentOS-7-x86_64-Minimal-1804.iso' subtype=virtio-scsi
usb (+)
net0 (+) dev='vme001c42cda633' network='Bridged' mac=001C42CDA633 card=virtio
SmartMount: (-)
Disabled Windows logo: on
Nested virtualization: off
Offline management: (-)
- 控制命令
prlctl stop MyCT / MyVM
prlctl start MyCT / MyVM
prlctl restart MyCT / MyVM
prlctl suspend MyCT / MyVM
prlctl resume MyCT / MyVM
prlctl mount MyCT / MyVM
prlclt umount MyCT / MyVM