如何进行OpenVZ容器的实时迁移
版本1.0
作者:Falko Timme
本指南介绍了如何将OpenVZ容器从一个OpenVZ主机实时迁移到另一个。 在本文中,两个OpenVZ主机都在Debian Lenny上运行,但实时迁移在其他发行版中没有区别。
我不会保证这将为您工作!
1初步说明
我在这里使用以下系统:
- OpenVZ主机1:
server.example.com,IP地址:192.168.0.100 - OpenVZ主机2:
server2.example.com,IP地址:192.168.0.101 - 虚拟机:
vm1.example.com,IP地址:192.168.0.102,VEID102
应该根据本教程设置两个OpenVZ主机: 在Debian Lenny(AMD64)上安装和使用OpenVZ 。 虚拟机vm1.example.com在带有VEID 102的 server1上运行。
2 vm1.example.com的实时迁移从server1到server2
要检查实时迁移是否真实完成,即不存在客户端,您可以登录到vm1.example.com (例如使用SSH)并ping另一台服务器:
vm1.example.com:
ping google.com
这将ping google.com直到您按CTRL + C。 即使在迁移过程中,ping也应该继续。
server1:
我想以root用户身份运行实时迁移。 实时迁移只有在server1上的root用户可以通过SSH登录到服务器2 , 而不需要输入密码 (这意味着必须在server2上允许SSH root登录 - 检查您的sshd配置: / etc / ssh / sshd_config )。 这可以通过生成root @ server1的密钥对来实现,然后将root @ server1的公钥存储在root @ server2的〜/ .ssh / authorized_keys文件中。 幸运的是,有一个bash脚本可以为我们做到这一点。 我们创建脚本如下:
vi /usr/local/bin/ssh-keyput
#!/bin/bash
#
# ssh-keyput -- set up passwordless openssh login.
#
# Copyright (C) 2001, 2002, 2006 by SWsoft.
# Author: Kir Kolyshkin
#
# This script is used to put your public ssh keys to another host's
# authorized_keys[2], so you will be able to ssh login without entering
# a password. Key pairs are generated if needed, and connectivity
# is checked after putting the keys.
PROGNAME=`basename $0`
function usage()
{
echo "Usage: $PROGNAME [user@]IP [[user@]IP ...]" 1>&2
exit 0
}
# Check for correct number of parameters
test $# -gt 0 || usage;
SSH_KEYGEN=`which ssh-keygen`
if test $? -ne 0; then
# Error message is printed by 'which'
exit 1
fi
SSH_DIR=~/.ssh
if ! test -d $SSH_DIR; then
mkdir $SSH_DIR
fi
chmod 700 $SSH_DIR
if [ ! -f $SSH_DIR/identity ] || [ ! -f $SSH_DIR/identity.pub ]; then
echo "Generating ssh1 RSA keys - please wait..."
rm -f $SSH_DIR/identity $SSH_DIR/identity.pub
$SSH_KEYGEN -t rsa1 -f $SSH_DIR/identity -P ''
if [ $? -ne 0 ]; then
echo "Command \"$SSH_KEYGEN -t rsa1 -f $SSH_DIR/identity" \
"-P ''\" failed" 1>&2
exit 1
fi
else
echo "ssh1 RSA key is present"
fi
if [ ! -f $SSH_DIR/id_dsa ] || [ ! -f $SSH_DIR/id_dsa.pub ]; then
echo "Generating ssh2 DSA keys - please wait..."
rm -f $SSH_DIR/id_dsa $SSH_DIR/id_dsa.pub
$SSH_KEYGEN -t dsa -f $SSH_DIR/id_dsa -P ''
if test $? -ne 0; then
echo "Command \"$SSH_KEYGEN -t dsa -f $SSH_DIR/id_dsa" \
"-P ''\" failed" 1>&2
exit 1
fi
else
echo "ssh2 DSA key is present"
fi
SSH1_RSA_KEY=`cat $SSH_DIR/identity.pub`
SSH2_DSA_KEY=`cat $SSH_DIR/id_dsa.pub`
for IP in $*; do
echo "You will now be asked for password for $IP"
# set -x
ssh -oStrictHostKeyChecking=no $IP "mkdir -p ~/.ssh; chmod 700 ~/.ssh; \
echo \"$SSH1_RSA_KEY\" >> ~/.ssh/authorized_keys; \
echo \"$SSH2_DSA_KEY\" >> ~/.ssh/authorized_keys2; \
chmod 600 ~/.ssh/authorized_keys ~/.ssh/authorized_keys2"
# set +x
if test $? -eq 0; then
echo "Keys were put successfully"
else
echo "Error putting keys to $IP" 1>&2
fi
done
for IP in $*; do
for ver in 1 2; do
echo -n "Checking $IP connectivity by ssh$ver... "
ssh -q -oProtocol=${ver} -oBatchMode=yes \
-oStrictHostKeyChecking=no $IP /bin/true
if [ $? -eq 0 ]; then
echo "OK"
else
echo "failed" 1>&2
fi
done
done |
然后我们使脚本可执行...
chmod a+x /usr/local/bin/ssh-keyput
...并按如下方式调用以生成root @ server1的密钥对,并将公钥存储在root @ server2 ( server2 = 192.168.0.101 )的〜/ .ssh / authorized_keys文件中:
ssh-keyput 192.168.0.101
server1:~# ssh-keyput 192.168.0.101
Generating ssh1 RSA keys - please wait...
Generating public/private rsa1 key pair.
Your identification has been saved in /root/.ssh/identity.
Your public key has been saved in /root/.ssh/identity.pub.
The key fingerprint is:
5f:5b:17:0d:6b:17:9e:ae:b8:bf:87:37:d2:27:db:65 root@server1.example.com
The key's randomart image is:
+--[RSA1 2048]----+
| .. |
| .o+|
| o+o|
| ....|
| S . ...|
| . ..o.. |
| ....o E|
| .o.Bo|
| ..o*o+|
+-----------------+
Generating ssh2 DSA keys - please wait...
Generating public/private dsa key pair.
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
29:84:d2:0f:ed:9d:25:52:6f:09:f5:5f:c3:fd:eb:26 root@server1.example.com
The key's randomart image is:
+--[ DSA 1024]----+
| o.. |
| . o . o o . .|
| . + + . = . oo|
| . = o * . .o|
| + S . .|
| . .|
| . |
| E.. |
| o. |
+-----------------+
You will now be asked for password for 192.168.0.101
root@192.168.0.101's password:
Keys were put successfully
Checking 192.168.0.101 connectivity by ssh1... failed
Checking 192.168.0.101 connectivity by ssh2... OK
server1:~#
看一眼
vzlist -a
你应该看到vm1.example.com仍然在server1上运行:
server1:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
102 9 running 192.168.0.102 vm1.example.com
server1:~#
现在我们可以开始实时迁移:
vzmigrate --online 192.168.0.101 102
(在--online之后使用目标服务器的IP地址或主机名,最后一个参数是VEID,在这种情况下为102 )
server1:~# vzmigrate --online 192.168.0.101 102
OPT:--online
OPT:192.168.0.101
StartingPreparingInitializingSyncingLiveSyncingCleanup
server1:~#
在迁移期间,vm1.example.com上的ping应该继续,这意味着guest虚拟机即使在迁移过程中也在运行。
之后再来看看
vzlist -a
server1:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
server1:~#
如您所见, vm1.example.com不再在server1上列出。
我们来看看server2 :
server2:
vzlist -a
server2:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
102 9 running 192.168.0.102 vm1.example.com
server2:~#
如果一切顺利, vm1.example.com现在应该在server2上运行。
如果要将vm1.example.com迁移回服务器1 ,则必须为root @ server2创建一个密钥对,然后将公钥复制到server1 :
vi /usr/local/bin/ssh-keyput
#!/bin/bash
#
# ssh-keyput -- set up passwordless openssh login.
#
# Copyright (C) 2001, 2002, 2006 by SWsoft.
# Author: Kir Kolyshkin
#
# This script is used to put your public ssh keys to another host's
# authorized_keys[2], so you will be able to ssh login without entering
# a password. Key pairs are generated if needed, and connectivity
# is checked after putting the keys.
PROGNAME=`basename $0`
function usage()
{
echo "Usage: $PROGNAME [user@]IP [[user@]IP ...]" 1>&2
exit 0
}
# Check for correct number of parameters
test $# -gt 0 || usage;
SSH_KEYGEN=`which ssh-keygen`
if test $? -ne 0; then
# Error message is printed by 'which'
exit 1
fi
SSH_DIR=~/.ssh
if ! test -d $SSH_DIR; then
mkdir $SSH_DIR
fi
chmod 700 $SSH_DIR
if [ ! -f $SSH_DIR/identity ] || [ ! -f $SSH_DIR/identity.pub ]; then
echo "Generating ssh1 RSA keys - please wait..."
rm -f $SSH_DIR/identity $SSH_DIR/identity.pub
$SSH_KEYGEN -t rsa1 -f $SSH_DIR/identity -P ''
if [ $? -ne 0 ]; then
echo "Command \"$SSH_KEYGEN -t rsa1 -f $SSH_DIR/identity" \
"-P ''\" failed" 1>&2
exit 1
fi
else
echo "ssh1 RSA key is present"
fi
if [ ! -f $SSH_DIR/id_dsa ] || [ ! -f $SSH_DIR/id_dsa.pub ]; then
echo "Generating ssh2 DSA keys - please wait..."
rm -f $SSH_DIR/id_dsa $SSH_DIR/id_dsa.pub
$SSH_KEYGEN -t dsa -f $SSH_DIR/id_dsa -P ''
if test $? -ne 0; then
echo "Command \"$SSH_KEYGEN -t dsa -f $SSH_DIR/id_dsa" \
"-P ''\" failed" 1>&2
exit 1
fi
else
echo "ssh2 DSA key is present"
fi
SSH1_RSA_KEY=`cat $SSH_DIR/identity.pub`
SSH2_DSA_KEY=`cat $SSH_DIR/id_dsa.pub`
for IP in $*; do
echo "You will now be asked for password for $IP"
# set -x
ssh -oStrictHostKeyChecking=no $IP "mkdir -p ~/.ssh; chmod 700 ~/.ssh; \
echo \"$SSH1_RSA_KEY\" >> ~/.ssh/authorized_keys; \
echo \"$SSH2_DSA_KEY\" >> ~/.ssh/authorized_keys2; \
chmod 600 ~/.ssh/authorized_keys ~/.ssh/authorized_keys2"
# set +x
if test $? -eq 0; then
echo "Keys were put successfully"
else
echo "Error putting keys to $IP" 1>&2
fi
done
for IP in $*; do
for ver in 1 2; do
echo -n "Checking $IP connectivity by ssh$ver... "
ssh -q -oProtocol=${ver} -oBatchMode=yes \
-oStrictHostKeyChecking=no $IP /bin/true
if [ $? -eq 0 ]; then
echo "OK"
else
echo "failed" 1>&2
fi
done
done |
然后我们使脚本可执行...
chmod a+x /usr/local/bin/ssh-keyput
...并按如下方式调用以生成root @ server2的密钥对,并将公钥存储在root @ server1 ( server1 = 192.168.0.100 )的〜/ .ssh / authorized_keys文件中:
ssh-keyput 192.168.0.100
然后我们将vm1.example.com (VEID 102 )迁移到server1 (IP地址192.168.0.100 ):
vzmigrate --online 192.168.0.100 102
server2:~# vzmigrate --online 192.168.0.100 102
OPT:--online
OPT:192.168.0.100
StartingPreparingInitializingSyncingLiveSyncingCleanup
server2:~#
3链接
- OpenVZ: http : //wiki.openvz.org/
