在 CentOS 7 操作系统进行 OpenVZ 7 安装

发表于 更新于 分类于 本文字数: 6.8k 阅读时长 ≈ 6 分钟

今天带来关于OpenVZ 7 的安装博文,现使用虚拟硬件式技术的企业或个人都倾向于Vmware 或者微软的Hyper-V 使用容器式虚拟化技术的企业或个人都倾向于使用 Docker 、LXC 技术。OpenVZ 7 使用的虚拟化技术包含了 容器式与硬件式虚拟机技术,具体就是 OpenVZ 自家的容器式技术与KVM硬件式虚拟化技术,当然 Docker 也可允许在容器式虚拟机内。 1. 安装前准备

  • 准备好有 Intel VT 技术 的服务器
  • 准备好最新 CentOS7 迷你版本iso 光盘,或使用 rufus 刻进usb内。
  • 磁盘划分,/ 根分区  ext4 /boot 分区 ext4 /vz 分区 ext4 最后就是 swap

2. 一键安装脚本,包含了Fail2ban 对 SSH 22 端口的密码暴力破解保护。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/bin/bash

# Defined Var
YUM=/usr/bin/yum
SED=/bin/sed
RPM=/bin/rpm
SYS=/usr/bin/systemctl

# Add epel

cat > /etc/yum.repos.d/epel.repo <<EOF
[epel]
name=Extra Packages for Enterprise Linux 7 - \$basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - \$basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - \$basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
EOF

# Add epel-testing

cat > /etc/yum.repos.d/epel-testing.repo <<EOF
[epel-testing]
name=Extra Packages for Enterprise Linux 7 - Testing - \$basearch
#baseurl=http://download.fedoraproject.org/pub/epel/testing/7/\$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-epel7&arch=\$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-testing-debuginfo]
name=Extra Packages for Enterprise Linux 7 - Testing - \$basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/testing/7/\$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-testing-source]
name=Extra Packages for Enterprise Linux 7 - Testing - \$basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/testing/7/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
EOF

# Import OpenVZ

$RPM --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
$RPM --import https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

$YUM install https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/Packages/o/openvz-release-7.0.8-4.vz7.x86_64.rpm -y

# Yum Make Cache

$YUM makecache

# Yum Install Base

$YUM install yum-plugin-priorities telnet bind-utils vim-en* lrzsz wget iptables-services net-tools psmisc -y

# Yum Update
$YUM update -y 

# startup network or postalias will complain error
$SED -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
$SED -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

# Clean UP Iptables
echo '' > /etc/sysconfig/iptables

# Install OpenVZ

$YUM install prlctl prl-disp-service vzkernel ploop prl-disk-tool -y

# Install fail2ban

$YUM install fail2ban fail2ban-systemd -y

# Add fail2ban sshd.local

cat > /etc/fail2ban/jail.d/sshd.local << EOF
[sshd]
enabled = true
filter = sshd
action = iptables[name=sshd-ban, port=ssh, protocol=tcp]
findtime =60
bantime = 600
maxretry = 3
EOF

$SYS enable fail2ban

echo "Now Reboot System"
echo -n "."
sleep 1;
echo -n "."
sleep 1;
echo -n "."
sleep 1;
echo -n "."
sleep 1;
echo -n "."
sleep 1;
echo -n "."
sleep 1;
echo -n "."
sync;sync;sync;sync;
reboot

3. 简单而基本命令

  • 查看虚拟机 prlctl list -a
1
2
3
4
5
UUID唯一标识                             状态         IP地址         类型 名称
UUID                                    STATUS       IP_ADDR         T  NAME
{4cc24118-b7a1-408a-9af8-caaf492e26c7}  running      192.168.1.164   CT 164
{bada9314-1050-4fe5-8865-4edf93c97c0f}  running      -               VM CentOS7
{c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7}  stopped      -               VM MyVM
  • 查看已安装的容器式模版 vzpkg list -O
  • 查看线上可用的模版 vzpkg list –available
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
centos-6-x86_64                    openvz-os
centos-7-x86_64                    openvz-os
debian-7.0-x86_64                  openvz-os
debian-8.0-x86_64                  openvz-os
debian-9.0-x86_64                  openvz-os
fedora-23-x86_64                   openvz-os
sles-11-x86_64                     openvz-os
sles-12-x86_64                     openvz-os
suse-42.1-x86_64                   openvz-os
suse-42.2-x86_64                   openvz-os
suse-42.3-x86_64                   openvz-os
ubuntu-14.04-x86_64                openvz-os
ubuntu-16.04-x86_64                openvz-os
ubuntu-17.10-x86_64                openvz-os
ubuntu-18.04-x86_64                openvz-os
  • 预安装线上模版

vzpkg install template centos-6-x86_64

  • 建立线上预安装的模版

vzpkg create cache centos-6-x86_64

  • 建立容器式虚拟机

prlctl create MyCT –vmtype ct

  • 设定容器式虚拟机使用的系统模版

prlctl set MyCT –ostemplate centos-6-x86_64

  • 设定资源

prlctl set MyCT –cpus 8 –memsize 8G –swap 4G

  • 设定网络

prlctl set MyCT –ipadd 192.168.1.x

  • 建立硬件式虚拟机

prlctl create MyVM –vmtype vm -d centos7

  • 硬件式虚拟机支持的操作系统

Windows Server 2016 、2012、2012 R2 2008 R2 CentOS 5、6、7 x86_64 Debian 8、9 x86_64 Ubuntu 14-18 x86_64

  • 挂载光盘ISO文件

prlctl set MyVM –device-set cdrom0 –image /vz/iso/CentOS-7-x86_64-Minimal-1804.iso

  • 设定资源

prlctl set MyVM –cpus 8 –memsize 8G

  • 修改默认磁盘容量(默认值为 64G)

prl_disk_tool resize –hdd /vz/vmprivate/c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7/harddisk.hdd –size 30G

  • 设定VNC服务

prlctl set MyVM –vnc-mode manual –vnc-port 5902 –vnc-passwd linseek –vnc-address 0.0.0.0 / 127.0.0.1

  • 查看虚拟机信息

prlctl list –info MyVM

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
ID: {c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7}
EnvID: 1193083609
Name: MyVM
Description: 
Type: VM
State: stopped
OS: centos7
Template: no
Uptime: 00:00:00 (since 2018-09-10 11:28:59)
Home: /vz/vmprivate/c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7/
Owner: root@.
GuestTools: state=not_installed
GuestTools autoupdate: on
Autostart: off
Autostop: shutdown
Autocompact: off
Boot order: hdd0 cdrom0 net0 
EFI boot: off
Allow select boot device: off
External boot device: 
On guest crash: restart
Remote display: mode=manual port=5902 address=127.0.0.1
Remote display state: stopped
Hardware:
  cpu sockets=1 cpus=8 cores=8 VT-x accl=high mode=64 ioprio=4 iolimit='0'
  memory 8192Mb
  video 32Mb 3d acceleration=off vertical sync=yes
  memory_guarantee auto
  hdd0 (+) scsi:0 image='/vz/vmprivate/c71d02d9-d0e4-42d0-bc1e-bcb3e8e97dc7/harddisk.hdd' type='expanded' 30720Mb subtype=virtio-scsi
  cdrom0 (+) scsi:1 image='/vz/iso/CentOS-7-x86_64-Minimal-1804.iso' subtype=virtio-scsi
  usb (+)
  net0 (+) dev='vme001c42cda633' network='Bridged' mac=001C42CDA633 card=virtio
SmartMount: (-)
Disabled Windows logo: on
Nested virtualization: off
Offline management: (-)
  • 控制命令

prlctl stop  MyCT / MyVM prlctl start MyCT / MyVM prlctl restart MyCT / MyVM prlctl suspend MyCT / MyVM prlctl resume MyCT / MyVM prlctl mount MyCT / MyVM prlclt umount MyCT / MyVM