2008-04-05

さくらの旧(?)専用サーバ CentOS 4.6 を Linux-Vserver に入れ替えてみた

前置き

契約直後の初期状態

  • ホスト名をsakura2とした。
  • sshd と vsftpd が動いていた。
[admin@sakura2 ~]$ uname -a
Linux sakura2 2.6.9-67.0.4.ELsmp #1 SMP Sun Feb 3 07:08:57 EST 2008 i686 athlon i386 GNU/Linux
[admin@sakura2 ~]$ cat /etc/issue.net
CentOS release 4.6 (Final)
Kernel \r on an \m

CentOS 5 へのアップグレード(?)

中身の整理
  • なるべく最小構成に近い最新のCentOS4.6にしてみる。
# yum update
# yum remove emacs emacspeak emacs-leim emacs-common
# yum remove NetworkManager
# yum remove bluez-bluefw bluez-hcidump bluez-libs bluez-utils
# yum remove cups cups-libs
# yum remove irda-utils isdn4k-utils pcmcia-cs wireless-tools
# yum remove wpa_supplicant gpm xinetd
# yum remove ppp nfs-utils lksctp-tools autofs
# yum remove xorg-x11-libs
# yum remove selinux-policy-targeted
# yum remove vsftpd
# yum clean all
CentOS 5 にアップグレード(?)してみる
[admin@sakura2 ~]$ uname -a
Linux sakura2 2.6.9-67.0.7.ELsmp #1 SMP Sat Mar 15 06:54:55 EDT 2008 i686 athlon i386 GNU/Linux
# rpm -Uvh http://mirror.centos.org/centos/5/os/i386/CentOS/centos-release-notes-5.1.0-2.i386.rpm \
http://mirror.centos.org/centos/5/os/i386/CentOS/centos-release-5-1.0.el5.centos.1.i386.rpm
[root@sakura2 admin]# cat /etc/issue.net
CentOS release 5 (Final)
Kernel \r on an \m

# yum update glib procps udev iptables
# rpm -Uvh --nodeps http://mirror.centos.org/centos/5/os/i386/CentOS/initscripts-8.45.17.EL-1.el5.centos.1.i386.rpm \
http://mirror.centos.org/centos/5/os/i386/CentOS/mkinitrd-5.1.19.6-19.i386.rpm
# rpm -Uvh http://mirror.centos.org/centos/5/os/i386/CentOS/e2fsprogs-1.39-10.el5.i386.rpm \
http://mirror.centos.org/centos/5/os/i386/CentOS/e2fsprogs-libs-1.39-10.el5.i386.rpm \
http://mirror.centos.org/centos/5/os/i386/CentOS/e2fsprogs-devel-1.39-10.el5.i386.rpm
# rpm -Uvh http://mirror.centos.org/centos/5/os/i386/CentOS/kernel-2.6.18-53.el5.i686.rpm
[admin@sakura2 ~]$ uname -a
Linux sakura2 2.6.18-53.el5 #1 SMP Mon Nov 12 02:22:48 EST 2007 i686 athlon i386 GNU/Linux

# yum clean all

[root@sakura2 admin]# yum --version
Loading "fastestmirror" plugin
2.4.3
[root@sakura2 admin]# rpm --version
RPM version 4.3.3
# yum update
Error: Missing Dependency: python-abi = 2.3 is needed by package python-elementtree
  • 解決法がわからないので放置

Linux-Vserver の導入

# vi /etc/ssh/sshd_config
# /etc/init.d/sshd restart
# vi /etc/yum.repos.d/dhozac-vserver.repo
# yum update kernel
# yum install util-vserver{,-core,-lib,-sysv,-build}
[admin@sakura2 ~]$ uname -a
Linux sakura2 2.6.22.19-vs2.3.0.34.1 #1 SMP Mon Mar 17 05:32:04 EDT 2008 i686 athlon i386 GNU/Linux

ホストOS環境の整備

# yum update bash screen rsync
# /etc/init.d/iptables save
# /etc/init.d/iptables start
# cat /etc/sysconfig/iptables

# Generated by iptables-save v1.3.5 on Mon Mar 24 19:57:07 2008
**filter
:INPUT ACCEPT [1067:96557]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [63680:6208436]
:e0 - [0:0]
-A INPUT -i eth0 -j e0
-A e0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A e0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A e0 -p tcp -m tcp --dport 22 -j ACCEPT
-A e0 -p tcp -m tcp --dport 80 -j ACCEPT
-A e0 -p tcp -m tcp --dport 443 -j ACCEPT
-A e0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Mar 24 19:57:07 2008
# Generated by iptables-save v1.3.5 on Mon Mar 24 19:57:07 2008
**nat
:PREROUTING ACCEPT [179:10642]
:POSTROUTING ACCEPT [213:13895]
:OUTPUT ACCEPT [251:16220]
-A PREROUTING -s ! 10.0.0.0/255.255.255.0 -p tcp -m tcp --dport NNNN -j DNAT --to-destination 10.0.0.1:22
-A POSTROUTING -s 10.0.0.0/255.255.255.0 -d ! 10.0.0.0/255.255.255.0 -j SNAT --to-source AAA.BBB.CCC.DDD
COMMIT
# Completed on Mon Mar 24 19:57:07 2008

ゲストOSの設定

[root@sakura2 ~]# /usr/sbin/vserver-stat
CTX   PROC    VSZ    RSS  userTIME   sysTIME    UPTIME NAME
40013   27 301.5M  73.8M  30m36s31  56m38s90  11d06h56 one
40015    5  10.8M   4.4M   0m28s33   0m12s68   9d04h23 two
40016    2   4.2M   1.3M   0m00s47   0m00s64   0m01s97 three

追記

記事への反応(ブックマークコメント)

ログイン ユーザー登録
ようこそ ゲスト さん