kvm虚拟化

kvm虚拟化

1. 虚拟化介绍

虚拟化是云计算的基础。简单的说,虚拟化使得在一台物理的服务器上可以跑多台虚拟机,虚拟机共享物理机的 CPU、内存、IO 硬件资源,但逻辑上虚拟机之间是相互隔离的。

物理机我们一般称为宿主机(Host),宿主机上面的虚拟机称为客户机(Guest)。

那么 Host 是如何将自己的硬件资源虚拟化,并提供给 Guest 使用的呢?
这个主要是通过一个叫做 Hypervisor 的程序实现的。

根据 Hypervisor 的实现方式和所处的位置,虚拟化又分为两种:

  • 全虚拟化
  • 半虚拟化

全虚拟化:
Hypervisor 直接安装在物理机上,多个虚拟机在 Hypervisor 上运行。Hypervisor 实现方式一般是一个特殊定制的 Linux 系统。Xen 和 VMWare 的 ESXi 都属于这个类型
在这里插入图片描述

半虚拟化:
物理机上首先安装常规的操作系统,比如 Redhat、Ubuntu 和 Windows。Hypervisor 作为 OS 上的一个程序模块运行,并对管理虚拟机进行管理。KVM、VirtualBox 和 VMWare Workstation 都属于这个类型
img

理论上讲:
全虚拟化一般对硬件虚拟化功能进行了特别优化,性能上比半虚拟化要高;
半虚拟化因为基于普通的操作系统,会比较灵活,比如支持虚拟机嵌套。嵌套意味着可以在KVM虚拟机中再运行KVM。

2. kvm介绍

kVM 全称是 Kernel-Based Virtual Machine。也就是说 KVM 是基于 Linux 内核实现的。
KVM有一个内核模块叫 kvm.ko,只用于管理虚拟 CPU 和内存。

那 IO 的虚拟化,比如存储和网络设备则是由 Linux 内核与Qemu来实现。

作为一个 Hypervisor,KVM 本身只关注虚拟机调度和内存管理这两个方面。IO 外设的任务交给 Linux 内核和 Qemu。

大家在网上看 KVM 相关文章的时候肯定经常会看到 Libvirt 这个东西。

Libvirt 就是 KVM 的管理工具。

其实,Libvirt 除了能管理 KVM 这种 Hypervisor,还能管理 Xen,VirtualBox 等。

Libvirt 包含 3 个东西:后台 daemon 程序 libvirtd、API 库和命令行工具 virsh

  • libvirtd是服务程序,接收和处理 API 请求;
  • API 库使得其他人可以开发基于 Libvirt 的高级工具,比如 virt-manager,这是个图形化的 KVM 管理工具;
  • virsh 是我们经常要用的 KVM 命令行工具

3. kvm部署

3.1配置环境(三台都要配置)

在这里插入图片描述

1.环境配置
//kvm web管理界面安装:192.168.116.146
//kvm主机1:          192.168.116.147
//kvm之际2:          192.168.116.148

2.修改主机名
[root@localhost ~]# hostnamectl set-hostname kvm-web
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@kvm-web ~]# 

[root@localhost ~]# hostnamectl set-hostname kvm1
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@kvm1 ~]# 

[root@localhost ~]# hostnamectl set-hostname kvm2
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@kvm2 ~]# 

3.关闭防火墙
[root@kvm-web ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@kvm-web ~]# getenforce
Disabled

[root@kvm1 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@kvm1 ~]# getenforce
Disabled

[root@kvm2 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Remved /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@kvm2 ~]# getenforce
Disabled

3.2kvm web管理界面安装

kvm 的 web 管理界面是由 webvirtmgr 程序提供的。

1.安装依赖包
[root@kvm-web ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
UnionTechOS 20 AppStream                                                                                                               12 MB/s | 8.1 MB     00:00    
UnionTechOS 20 BaseOS                                                                                                                 3.2 MB/s | 1.8 MB     00:00    
UnionTechOS 20 PowerTools                                                                                                             4.4 MB/s | 2.8 MB     00:00    
UnionTechOS 20 Plus                                                                                                                   2.0 MB/s |  10 MB     00:05    
UnionTechOS 20 Extras                                                                                                                 7.1 kB/s | 2.3 kB     00:00    
UnionTechOS 20 Update                                                                                                                 1.0 kB/s | 257  B     00:00    
UnionTechOS 20 GM                                                                                                                     3.1 MB/s | 1.4 MB     00:00    
未找到匹配的参数: python-pip
未找到匹配的参数: libvirt-python
未找到匹配的参数: libxml2-python
未找到匹配的参数: python-websockify
未找到匹配的参数: python-devel
错误:没有任何匹配: python-pip libvirt-python libxml2-python python-websockify python-devel

//解决方案
[root@kvm-web ~]# yum -y install git
完毕!

[root@kvm-web ~]# yum list all | grep python | grep pip
python2-pip.noarch                                                9.0.3-19.0.1.module+uelc20+1063+c02c4c1c                  UnionTechOS-20-AppStream 
[root@kvm-web ~]# yum -y install python2-pip
完毕!

[root@kvm-web ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libvirt-python-4.5.0-1.el7.x86_64.rpm
[root@kvm-web ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  libvirt-python-4.5.0-1.el7.x86_64.rpm
[root@kvm-web ~]# yum -y install libvirt-python-4.5.0-1.el7.x86_64.rpm 
完毕!

[root@kvm-web ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libxml2-python-2.9.1-6.el7.5.x86_64.rpm
[root@kvm-web ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  libvirt-python-4.5.0-1.el7.x86_64.rpm  libxml2-python-2.9.1-6.el7.5.x86_64.rpm
[root@kvm-web ~]# rpm -ivh --nodeps libxml2-python-2.9.1-6.el7.5.x86_64.rpm 
警告:libxml2-python-2.9.1-6.el7.5.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
Verifying...                          ################################# [100%]
准备中...                          ################################# [100%]
正在升级/安装...
   1:libxml2-python-2.9.1-6.el7.5     ################################# [100%]

[root@kvm-web ~]# wget https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/p/python-websockify-0.6.0-5.el7.noarch.rpm
[root@kvm-web ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  libvirt-python-4.5.0-1.el7.x86_64.rpm  libxml2-python-2.9.1-6.el7.5.x86_64.rpm  python-websockify-0.6.0-5.el7.noarch.rpm
[root@kvm-web ~]# rpm -ivh --nodeps https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/p/python-websockify-0.6.0-5.el7.noarch.rpm
获取https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/p/python-websockify-0.6.0-5.el7.noarch.rpm
警告:/var/tmp/rpm-tmp.zLyZRt: 头V4 RSA/SHA256 Signature, 密钥 ID 352c64e5: NOKEY
Verifying...                          ################################# [100%]
准备中...                          ################################# [100%]
正在升级/安装...
   1:python-websockify-0.6.0-5.el7    ################################# [100%]

[root@kvm-web ~]# yum list all | grep supervisor
supervisor.noarch                                                 4.2.1-1.uelc20                                            UnionTechOS-20-Plus      
[root@kvm-web ~]# yum -y install supervisor
完毕!

[root@kvm-web ~]# yum -y install nginx
完毕!

[root@kvm-web ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-devel-2.7.5-89.el7.x86_64.rpm
[root@kvm-web ~]# ls
anaconda-ks.cfg       libvirt-python-4.5.0-1.el7.x86_64.rpm    python-devel-2.7.5-89.el7.x86_64.rpm
initial-setup-ks.cfg  libxml2-python-2.9.1-6.el7.5.x86_64.rpm  python-websockify-0.6.0-5.el7.noarch.rpm
[root@kvm-web ~]# rpm -ivh --nodeps python-devel-2.7.5-89.el7.x86_64.rpm 
警告:python-devel-2.7.5-89.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
Verifying...                          ################################# [100%]
准备中...                          ################################# [100%]
正在升级/安装...
   1:python-devel-2.7.5-89.el7        ################################# [100%]

2.从github上下载webvirtmgr代码(可以从网站上面拉,github.com)
[root@kvm-web ~]# cd /usr/local/src
[root@kvm-web src]# ls
webvirtmgr-master.zip
[root@kvm-web src]# unzip webvirtmgr-master.zip 
[root@kvm-web src]# ls
webvirtmgr-master  webvirtmgr-master.zip

3.安装webvirtmgr
[root@kvm-web src]# cd webvirtmgr-master
[root@kvm-web webvirtmgr-master]# ls
conf     create  dev-requirements.txt  images    interfaces  manage.py    networks    requirements.txt  serverlog  setup.py  templates    vrtManager
console  deploy  hostdetail            instance  locale      MANIFEST.in  README.rst  secrets           servers    storages  Vagrantfile  webvirtmgr
[root@kvm-web webvirtmgr-master]# pip2 install -r requirements.txt
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip2 install --user` instead.
Collecting django==1.5.5 (from -r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB)
    100% |████████████████████████████████| 8.1MB 40kB/s 
Collecting gunicorn==19.5.0 (from -r requirements.txt (line 2))
  Downloading https://files.pythonhosted.org/packages/f9/4e/f4076a1a57fc1e75edc0828db365cfa9005f9f6b4a51b489ae39a91eb4be/gunicorn-19.5.0-py2.py3-none-any.whl (113kB)
    100% |████████████████████████████████| 122kB 37kB/s 
Collecting lockfile>=0.9 (from -r requirements.txt (line 5))
  Downloading https://files.pythonhosted.org/packages/c8/22/9460e311f340cb62d26a38c419b1381b8593b0bb6b5d1f056938b086d362/lockfile-0.12.2-py2.py3-none-any.whl
Installing collected packages: django, gunicorn, lockfile
  Running setup.py install for django ... done
Successfully installed django-1.5.5 gunicorn-19.5.0 lockfile-0.12.2

4.检查sqlite3是否安装
[root@kvm-web webvirtmgr-master]# python2
Python 2.7.18 (default, Apr 12 2023, 18:54:18) 
[GCC 8.5.0 20210514 (UnionTech 8.5.0-10.0.3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()

5.初始化帐号信息
[root@kvm-web webvirtmgr-master]# python2 manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes      //问你是否创建超级管理员帐号
Username (leave blank to use 'root'):          //指定超级管理员帐号用户名,默认留空为root
Email address: 3068518641@qq.com            //设置超级管理员邮箱   
Password:               //设置超级管理员密码
Password (again):       //再次输入超级管理员密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)

6.拷贝web网页至指定目录
[root@kvm-web webvirtmgr-master]# mkdir /var/www
[root@kvm-web webvirtmgr-master]# cp -r /usr/local/src/webvirtmgr-master /var/www/
[root@kvm-web webvirtmgr-master]# chown -R nginx.nginx /var/www/webvirtmgr-master/

7.生成密钥
[root@kvm-web ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:QxEQAOgwV9nAaWPJ/+KgiRkixcK3lExob+Rbs4EJiQ4 root@kvm-web
The key's randomart image is:
+---[RSA 3072]----+
|..+=+Booo.       |
|E=.oX .  .       |
|B+Bo+o  .        |
|.+o@ +..         |
| o+ + +.S        |
|+  o... ..       |
|o+ o o .         |
|o o   .          |
|                 |
+----[SHA256]-----+
[root@kvm-web ~]# ssh-copy-id 192.168.116.147
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.116.147 (192.168.116.147)' can't be established.
ECDSA key fingerprint is SHA256:NmTmj8AZttR+QqiPin3+KkuKagCElpgZ5IXN6TU25oc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
UOS Server 20 1060a 
root@192.168.116.147's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.116.147'"
and check to make sure that only the key(s) you wanted were added.

[root@kvm-web ~]# ssh-copy-id 192.168.116.148
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.116.148 (192.168.116.148)' can't be established.
ECDSA key fingerprint is SHA256:ZvdIFVgFKsJIqs38/OmzEDggtLY3JM1EGdeVfj+DKqE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
UOS Server 20 1060a 
root@192.168.116.148's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.116.148'"
and check to make sure that only the key(s) you wanted were added.

8.配置端口转发
[root@kvm-web ~]# ssh 192.168.116.147 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
UOS Server 20 1060a 
Welcome to UOS Server 20

Last login: Mon Dec 18 15:36:07 2023 from 192.168.116.1
Welcome to 4.19.0-91.82.152.uelc20.x86_64

[root@kvm1 ~]# exit
logout
Connection to 192.168.116.147 closed.
[root@kvm-web ~]# ssh 192.168.116.148 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
UOS Server 20 1060a 
Welcome to UOS Server 20

Last login: Mon Dec 18 15:36:11 2023 from 192.168.116.1
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@kvm2 ~]# exit
logout
Connection to 192.168.116.148 closed.

9.配置nginx
[root@kvm-web ~]# ls /etc/nginx/nginx.conf
/etc/nginx/nginx.conf
[root@kvm-web ~]# mv /etc/nginx/nginx.conf /opt
[root@kvm-web ~]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        server_name  localhost;

        include /etc/nginx/default.d/*.conf;

        location / {
            root html;
            index index.html index.htm;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

[root@kvm-web ~]# vim /etc/nginx/conf.d/webvirtmgr.conf
server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;

    location /static/ {
        root /var/www/webvirtmgr-master/webvirtmgr;
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M;
    }
}

10.确保bind绑定的是本机的8000端口
[root@kvm-web ~]#vim /var/www/webvirtmgr-master/conf/gunicorn.conf.py
bind = '0.0.0.0:8000'    //修改这一行
backlog = 2048

11.重启nginx
[root@kvm-web ~]# systemctl restart nginx
[root@kvm-web ~]# ss -antl
State              Recv-Q             Send-Q                           Local Address:Port                           Peer Address:Port             Process             
LISTEN             0                  511                                    0.0.0.0:80                                  0.0.0.0:*                                    
LISTEN             0                  128                                    0.0.0.0:22                                  0.0.0.0:*                                    
LISTEN             0                  5                                    127.0.0.1:631                                 0.0.0.0:*                                    
LISTEN             0                  128                                       [::]:22                                     [::]:*                                    
LISTEN             0                  5                                        [::1]:631                                    [::]:*                                    

12.设置supervisor
[root@kvm-web ~]# vim /etc/supervisord.conf
.....此处省略上面的内容,在文件最后加上以下内容
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr-master/manage.py run_gunicorn -c /var/www/webvirtmgr-master/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr-master
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr-master/console/webvirtmgr-console
directory=/var/www/webvirtmgr-master
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx

13.启动supervisor并设置开机自启
[root@kvm-web ~]# systemctl enable --now supervisord
Created symlink /etc/systemd/system/multi-user.target.wants/supervisord.service → /usr/lib/systemd/system/supervisord.service.
[root@kvm-web ~]# systemctl status supervisord
● supervisord.service - Process Monitoring and Control Daemon
   Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2023-12-18 16:28:10 CST; 10s ago
  Process: 369892 ExecStart=/usr/bin/supervisord -c /etc/supervisord.conf (code=exited, status=0/SUCCESS)
 Main PID: 369895 (supervisord)
    Tasks: 13
   Memory: 175.4M
[root@kvm-web ~]# ss -antl
State              Recv-Q             Send-Q                           Local Address:Port                           Peer Address:Port             Process             
LISTEN             0                  511                                    0.0.0.0:80                                  0.0.0.0:*                                    
LISTEN             0                  128                                    0.0.0.0:22                                  0.0.0.0:*                                    
LISTEN             0                  5                                    127.0.0.1:631                                 0.0.0.0:*                                    
LISTEN             0                  2048                                   0.0.0.0:8000                                0.0.0.0:*                                    
LISTEN             0                  100                                    0.0.0.0:6080                                0.0.0.0:*                                    
LISTEN             0                  128                                       [::]:22                                     [::]:*                                    
LISTEN             0                  5                                        [::1]:631                                    [::]:*          

14.配置nginx用户(首先要切换到nginx用户中)
//切换命令:su - nginx -s /bin/bash
[nginx@kvm-web ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa): 
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:JN5Qj+l43vrnwHQd+GQJwEosM+HyoT4iQiK+IIAROsE nginx@kvm-web
The key's randomart image is:
+---[RSA 3072]----+
|+     .o.....    |
|.E   .+.o+.  o . |
|+   . ==+.. . =  |
|.o   = O.    = . |
|=.  . + S . . o  |
|*  .   o + .     |
|=.. o   . +      |
|+... .   . ..    |
| .      ...o.    |
+----[SHA256]-----+
[nginx@kvm-web ~]$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
[nginx@kvm-web ~]$ chmod 0600 ~/.ssh/config
[nginx@kvm-web ~]$ 
[nginx@kvm-web ~]$ ssh-copy-id root@192.168.116.147
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.116.147' (ECDSA) to the list of known hosts.
UOS Server 20 1060a 
root@192.168.116.147's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.116.147'"
and check to make sure that only the key(s) you wanted were added.

[nginx@kvm-web ~]$ ssh-copy-id root@192.168.116.148
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.116.148' (ECDSA) to the list of known hosts.
UOS Server 20 1060a 
root@192.168.116.148's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.116.148'"
and check to make sure that only the key(s) you wanted were added.

[root@kvm-web ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@kvm-web ~]# cat /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

[root@kvm-web ~]#systemctl restart nginx
[root@kvm-web ~]#systemctl restart libvirtd

3.3 kvm web界面管理

通过ip地址在浏览器上访问kvm,例如我这里就是:http://192.168.116.146/login

在这里插入图片描述
在这里插入图片描述

3.4kvm安装1(192.168.116.147)

部署前请确保你的CPU虚拟化功能已开启。分为两种情况:

  • 虚拟机要关机设置CPU虚拟化
  • 物理机要在BIOS里开启CPU虚拟化
1.kvm安装
[root@kvm1 ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
UnionTechOS 20 AppStream                                                                                                              4.8 MB/s | 8.1 MB     00:01    
上次元数据过期检查:0:00:02 前,执行于 2023年12月18日 星期一 17时09分15秒。
未找到匹配的参数: qemu-kvm-tools
未找到匹配的参数: libvirt-python
错误:没有任何匹配: qemu-kvm-tools libvirt-python

//解决方案
[root@kvm1 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm1 ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm1 ~]# rpm -ivh --nodeps qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm 
警告:qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
Verifying...                          ################################# [100%]
准备中...                          ################################# [100%]
        file /usr/bin/kvm_stat from install of qemu-kvm-tools-10:1.5.3-175.el7.x86_64 conflicts with file from package kernel-tools-4.19.0-91.82.152.uelc20.x86_64

[root@kvm1 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libvirt-python-4.5.0-1.el7.x86_64.rpm
[root@kvm1 ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  libvirt-python-4.5.0-1.el7.x86_64.rpm  qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm1 ~]# yum -y install libvirt-python-4.5.0-1.el7.x86_64.rpm 
完毕!

[root@kvm1 ~]# yum -y install qemu-kvm qemu-img virt-manager libvirt libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
完毕!

2.因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把 \
KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部 \
其他服务器处于同一网段
//此处我的网卡是ens33,所以用br0来桥接ens33网卡
[root@kvm1 ~]# cd /etc/sysconfig/network-scripts/
[root@kvm1 network-scripts]# ls
ifcfg-ens33
[root@kvm1 network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@kvm1 network-scripts]# vim ifcfg-br0 
[root@kvm1 network-scripts]# cat ifcfg-br0 
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.116.147
NETMASK=255.255.255.0
GATEWAY=192.168.116.2
DNS1=114.114.114.114
[root@kvm1 network-scripts]# vim ifcfg-ens33 
[root@kvm1 network-scripts]# cat ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0

3.重启网络
[root@kvm1 network-scripts]# systemctl restart NetworkManager
[root@kvm1 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:55:dc:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.116.147/24 brd 192.168.116.255 scope global dynamic noprefixroute ens33
       valid_lft 1477sec preferred_lft 1477sec
    inet6 fe80::8f8b:5c4c:b551:bb74/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 7e:7c:c6:d2:d6:1d brd ff:ff:ff:ff:ff:ff
    inet 192.168.116.147/24 brd 192.168.116.255 scope global noprefixroute br0
       valid_lft forever preferred_lft forever

4.启动服务
[root@kvm1 ~]# systemctl start libvirtd
[root@kvm1 ~]# systemctl enable libvirtd
Created symlink /etc/systemd/system/multi-user.target.wants/libvirtd.service → /usr/lib/systemd/system/libvirtd.service.
Created symlink /etc/systemd/system/sockets.target.wants/virtlockd.socket → /usr/lib/systemd/system/virtlockd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd.socket → /usr/lib/systemd/system/libvirtd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd-ro.socket → /usr/lib/systemd/system/libvirtd-ro.socket.

5.验证安装结果
[root@kvm1 ~]# lsmod|grep kvm
kvm_intel             241664  0
kvm                   774144  1 kvm_intel
irqbypass              20480  1 kvm

6.测试并验证安装结果
[root@kvm1 ~]# virsh -c qemu:///system list
 Id   名称   状态
-------------------

[root@kvm1 ~]# virsh --version
8.0.0
[root@kvm1 ~]# virt-install --version
3.2.0
[root@kvm1 ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@kvm1 ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 1218 17:43 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@kvm1 ~]# lsmod |grep kvm
kvm_intel             241664  0
kvm                   774144  1 kvm_intel
irqbypass              20480  1 kvm

7.查看网桥信息
[root@kvm1 ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.000000000000       no              
virbr0          8000.525400cc171b       yes             

3.5kvm安装2(192.168.116.148)

部署前请确保你的CPU虚拟化功能已开启。分为两种情况:

  • 虚拟机要关机设置CPU虚拟化
  • 物理机要在BIOS里开启CPU虚拟化
1.kvm安装
[root@kvm2 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm2 ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm2 ~]# rpm -ivh --nodeps qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm 
警告:qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
Verifying...                          ################################# [100%]
准备中...                          ################################# [100%]
        file /usr/bin/kvm_stat from install of qemu-kvm-tools-10:1.5.3-175.el7.x86_64 conflicts with file from package kernel-tools-4.19.0-91.82.152.uelc20.x86_64

[root@kvm2 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libvirt-python-4.5.0-1.el7.x86_64.rpm
[root@kvm2 ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  libvirt-python-4.5.0-1.el7.x86_64.rpm  qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm2 ~]# yum -y install libvirt-python-4.5.0-1.el7.x86_64.rpm 
完毕!

[root@kvm2 ~]# yum -y install qemu-kvm qemu-img virt-manager libvirt libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
完毕!

2.因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把 \
KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部 \
其他服务器处于同一网段
//此处我的网卡是ens33,所以用br0来桥接ens33网卡
[root@kvm2 ~]# cd /etc/sysconfig/network-scripts/
[root@kvm2 network-scripts]# ls
ifcfg-ens33
[root@kvm2 network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@kvm2 network-scripts]# vim ifcfg-br0 
[root@kvm2 network-scripts]# cat ifcfg-br0 
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.116.148
NETMASK=255.255.255.0
GATEWAY=192.168.116.2
DNS1=114.114.114.114
[root@kvm2 network-scripts]# vim ifcfg-ens33 
[root@kvm2 network-scripts]# cat ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0

3.重启网络
[root@kvm2 network-scripts]# systemctl restart NetworkManager
[root@kvm2 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:43:5f:64 brd ff:ff:ff:ff:ff:ff
    inet 192.168.116.148/24 brd 192.168.116.255 scope global dynamic noprefixroute ens33
       valid_lft 990sec preferred_lft 990sec
    inet6 fe80::9265:e355:540e:9f63/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether be:fd:b1:df:a0:75 brd ff:ff:ff:ff:ff:ff
    inet 192.168.116.148/24 brd 192.168.116.255 scope global noprefixroute br0
       valid_lft forever preferred_lft forever

4.启动服务
[root@kvm2 ~]# systemctl enable --now libvirtd
Created symlink /etc/systemd/system/multi-user.target.wants/libvirtd.service → /usr/lib/systemd/system/libvirtd.service.
Created symlink /etc/systemd/system/sockets.target.wants/virtlockd.socket → /usr/lib/systemd/system/virtlockd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd.socket → /usr/lib/systemd/system/libvirtd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd-ro.socket → /usr/lib/systemd/system/libvirtd-ro.socket.

5.验证安装结果
[root@kvm2 ~]# lsmod|grep kvm
kvm_intel             241664  0
kvm                   774144  1 kvm_intel
irqbypass              20480  1 kvm

6.测试并验证安装结果
[root@kvm2 ~]# virsh -c qemu:///system list
 Id   名称   状态
-------------------

[root@kvm2 ~]# virsh --version
8.0.0
[root@kvm2 ~]# virt-install --version
3.2.0
[root@kvm2 ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@kvm2 ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 1218 18:06 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@kvm2 ~]# lsmod |grep kvm
kvm_intel             241664  0
kvm                   774144  1 kvm_intel
irqbypass              20480  1 kvm

7.查看网桥信息
[root@kvm2 ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.000000000000       no              
virbr0          8000.5254005e5c7d       yes             
3.3.1 kvm1连接管理

创建SSH连接:

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

3.3.2 kvm1存储管理

创建存储:

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

[root@kvm1 ~]# cd /var/lib/libvirt/images/
[root@kvm1 images]# ls
centos7.img  CentOS-7-x86_64-DVD-1804.iso//这个镜像需要上传的

在这里插入图片描述

3.3.3 kvm1网络管理

添加桥接网络

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

3.3.4 实例管理

实例(虚拟机)创建

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

虚拟机插入光盘

在这里插入图片描述

设置在 web 上访问虚拟机的密码

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

3.3.5kvm2

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

4.故障案例

4.1 案例1

web界面配置完成后可能会出现以下错误界面
img
解决方法是安装novnc并通过novnc_server启动一个vnc

[root@localhost ~]# ll /etc/rc.local
lrwxrwxrwx. 1 root root 13 Aug  6  2018 /etc/rc.local -> rc.d/rc.local
[root@localhost ~]# ll /etc/rc.d/rc.local
-rw-r--r-- 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local
[root@localhost ~]# chmod +x /etc/rc.d/rc.local
[root@localhost ~]# ll /etc/rc.d/rc.local
-rwxr-xr-x 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local

[root@localhost ~]# vim /etc/rc.d/rc.local
......此处省略N行
# that this script will be executed during boot.

touch /var/lock/subsys/local
nohup novnc_server 172.16.12.128:5920 &

[root@localhost ~]# . /etc/rc.d/rc.local

做完以上操作后再次访问即可正常访问
img

4.2 案例2

第一次通过web访问kvm时可能会一直访问不了,一直转圈,而命令行界面一直报错(too many open files)

此时需要对nginx进行配置

[root@localhost ~]# vim /etc/nginx/nginx.conf
....此处省略N行
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
worker_rlimit_nofile 655350;    //添加此行配置

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
....此处省略N行

[root@localhost ~]# systemctl restart nginx

然后对系统参数进行设置

[root@localhost ~]# vim /etc/security/limits.conf
....此处省略N行
# End of file
* soft nofile 655350
* hard nofile 655350

到此问题即可解决

  • 30
    点赞
  • 15
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值