通过ISPConfig 3(Debian 6.0)安装OpenVZ + VM管理
版本1.0
作者:Till Brehm <t [dot] brehm [at] projektfarm [dot] com>,Falko Timme <falko [dot] timme [at] projektfarm [dot] com>
本教程将介绍如何安装OpenVZ主机服务器来管理ISPConfig 3主机控制面板中的虚拟机。 OpenVZ是用于Linux服务器的轻量级虚拟化技术,与* BSD系统上的监狱类似。 详见http://www.openvz.org 。 ISPConfig 3包含一个模块来管理本地服务器和运行ISPConfig的远程服务器上的OpenVZ虚拟机。
安装
首先从Debian Squeeze存储库直接安装OpenVZ内核和实用程序。
在64位Linux(x86_64)上,使用以下命令:
apt-get -y install linux-image-openvz-amd64 vzctl vzquota vzdump
在32位Linux(x86)上,改为使用此命令:
apt-get -y install linux-image-openvz-686 vzctl vzquota vzdump
从/ var / lib / vz到/ vz创建一个符号链接,以便ISPConfig稍后找到OpenVZ安装。
ln -s /var/lib/vz /vz
编辑文件/etc/sysctl.conf ,并确保它包含以下行:
vi /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1
如果需要修改/etc/sysctl.conf,请运行
sysctl -p
应用更改。
如果虚拟机的IP地址与主机系统的IP地址不同,则以下步骤很重要。 如果不这样做,网络将无法在虚拟机中运行!
打开/etc/vz/vz.conf并将NEIGHBOUR_DEVS设置为全部:
vi /etc/vz/vz.conf
[...]
# Controls which interfaces to send ARP requests and modify APR tables on.
NEIGHBOUR_DEVS=all
[...]
现在重新启动服务器,以便openVZ内核被加载:
reboot
现在我们下载一个预处理的Debain OpenVZ映像。 输入模板缓存目录...
cd /var/lib/vz/template/cache
...并下载32Bit Debian镜像。
wget http://download.openvz.org/template/precreated/contrib/debian-6.0-i386-minimal.tar.gz
在64位系统上,下载64位图像:
wget http://download.openvz.org/template/precreated/contrib/debian-6.0-amd64-minimal.tar.gz
更多预处理的OpenVZ图像可以在这里下载:
http://download.openvz.org/template/precreated/contrib/
在后续步骤中,将安装ISPConfig 3控制面板界面的先决条件。
安装MySQL数据库服务器...
apt-get -y install mysql-client mysql-server
...并在安装程序请求时输入MySQL的新密码。
安装Apache和PHP ...
apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt sudo libtimedate-perl
...并启用一些apache模块:
a2enmod suexec rewrite ssl actions include
安装fail2ban:这是可选的,但建议,因为ISPConfig监视器尝试显示日志:
apt-get install fail2ban
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
然后启动安装脚本:
php -q install.php
>> Initial configuration
Operating System: Debian 6.0 (Squeeze/Sid) or compatible
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]: <-- hit enter
Installation mode (standard,expert) [standard]: <-- expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [ispconfig.local]: <-- hit enter
MySQL server hostname [localhost]: <-- hit enter
MySQL root username [root]: <-- hit enter
MySQL root password []: <-- enter the mysql root password here
MySQL database to create [dbispconfig]: <-- hit enter
MySQL charset [utf8]: <-- hit enter
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- hit enter
Adding ISPConfig server record to database.
Configure Mail (y,n) [y]: <-- n
Configure Jailkit (y,n) [y]: <-- n
Configure FTP Server (y,n) [y]: <-- n
Configure DNS Server (y,n) [y]: <-- n
Hint: If this server shall run the ISPConfig interface, select 'y' in the 'Configure Apache Server' option.
Configure Apache Server (y,n) [y]: <-- y
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configure Firewall Server (y,n) [y]: <-- y
Configuring Bastille Firewall
Install ISPConfig Web Interface (y,n) [y]: <-- y
Installing ISPConfig
ISPConfig Port [8080]: <-- hit enter
Enable SSL for the ISPConfig web interface (y,n) [y]: <-- hit enter
Generating RSA private key, 4096 bit long modulus
.............................................++
.........................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- Enter your country code, e.g. DE
State or Province Name (full name) [Some-State]: <-- Enter the state
Locality Name (eg, city) []: <-- enter the name of the city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your company name
Organizational Unit Name (eg, section) []: <-- hit enter
Common Name (eg, YOUR name) []: <-- hit enter
Email Address []: <-- hit enter
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- hit enter
An optional company name []: <-- hit enter
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
Restarting web server: apache2 ... waiting .
Installation completed.
删除/ tmp目录中下载的ispconfig文件:
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
