kvm虚拟化
文章目录
1. 虚拟化介绍
虚拟化是云计算的基础。简单的说,虚拟化使得在一台物理的服务器上可以跑多台虚拟机,虚拟机共享物理机的 CPU、内存、IO 硬件资源,但逻辑上虚拟机之间是相互隔离的。
物理机我们一般称为宿主机(Host),宿主机上面的虚拟机称为客户机(Guest)。
那么 Host 是如何将自己的硬件资源虚拟化,并提供给 Guest 使用的呢?
这个主要是通过一个叫做 Hypervisor 的程序实现的。
根据 Hypervisor 的实现方式和所处的位置,虚拟化又分为两种:
- 全虚拟化
- 半虚拟化
全虚拟化:
Hypervisor 直接安装在物理机上,多个虚拟机在 Hypervisor 上运行。Hypervisor 实现方式一般是一个特殊定制的 Linux 系统。Xen 和 VMWare 的 ESXi 都属于这个类型
半虚拟化:
物理机上首先安装常规的操作系统,比如 Redhat、Ubuntu 和 Windows。Hypervisor 作为 OS 上的一个程序模块运行,并对管理虚拟机进行管理。KVM、VirtualBox 和 VMWare Workstation 都属于这个类型
理论上讲:
全虚拟化一般对硬件虚拟化功能进行了特别优化,性能上比半虚拟化要高;
半虚拟化因为基于普通的操作系统,会比较灵活,比如支持虚拟机嵌套。嵌套意味着可以在KVM虚拟机中再运行KVM。
2. kvm介绍
kVM 全称是 Kernel-Based Virtual Machine。也就是说 KVM 是基于 Linux 内核实现的。
KVM有一个内核模块叫 kvm.ko,只用于管理虚拟 CPU 和内存。
那 IO 的虚拟化,比如存储和网络设备则是由 Linux 内核与Qemu来实现。
作为一个 Hypervisor,KVM 本身只关注虚拟机调度和内存管理这两个方面。IO 外设的任务交给 Linux 内核和 Qemu。
大家在网上看 KVM 相关文章的时候肯定经常会看到 Libvirt 这个东西。
Libvirt 就是 KVM 的管理工具。
其实,Libvirt 除了能管理 KVM 这种 Hypervisor,还能管理 Xen,VirtualBox 等。
Libvirt 包含 3 个东西:后台 daemon 程序 libvirtd、API 库和命令行工具 virsh
- libvirtd是服务程序,接收和处理 API 请求;
- API 库使得其他人可以开发基于 Libvirt 的高级工具,比如 virt-manager,这是个图形化的 KVM 管理工具;
- virsh 是我们经常要用的 KVM 命令行工具
3. kvm部署
3.1配置环境(三台都要配置)
1.环境配置
//kvm web管理界面安装:192.168.116.146
//kvm主机1: 192.168.116.147
//kvm之际2: 192.168.116.148
2.修改主机名
[root@localhost ~]# hostnamectl set-hostname kvm-web
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@kvm-web ~]#
[root@localhost ~]# hostnamectl set-hostname kvm1
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@kvm1 ~]#
[root@localhost ~]# hostnamectl set-hostname kvm2
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@kvm2 ~]#
3.关闭防火墙
[root@kvm-web ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@kvm-web ~]# getenforce
Disabled
[root@kvm1 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@kvm1 ~]# getenforce
Disabled
[root@kvm2 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Remved /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@kvm2 ~]# getenforce
Disabled
3.2kvm web管理界面安装
kvm 的 web 管理界面是由 webvirtmgr 程序提供的。
1.安装依赖包
[root@kvm-web ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
UnionTechOS 20 AppStream 12 MB/s | 8.1 MB 00:00
UnionTechOS 20 BaseOS 3.2 MB/s | 1.8 MB 00:00
UnionTechOS 20 PowerTools 4.4 MB/s | 2.8 MB 00:00
UnionTechOS 20 Plus 2.0 MB/s | 10 MB 00:05
UnionTechOS 20 Extras 7.1 kB/s | 2.3 kB 00:00
UnionTechOS 20 Update 1.0 kB/s | 257 B 00:00
UnionTechOS 20 GM 3.1 MB/s | 1.4 MB 00:00
未找到匹配的参数: python-pip
未找到匹配的参数: libvirt-python
未找到匹配的参数: libxml2-python
未找到匹配的参数: python-websockify
未找到匹配的参数: python-devel
错误:没有任何匹配: python-pip libvirt-python libxml2-python python-websockify python-devel
//解决方案
[root@kvm-web ~]# yum -y install git
完毕!
[root@kvm-web ~]# yum list all | grep python | grep pip
python2-pip.noarch 9.0.3-19.0.1.module+uelc20+1063+c02c4c1c UnionTechOS-20-AppStream
[root@kvm-web ~]# yum -y install python2-pip
完毕!
[root@kvm-web ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libvirt-python-4.5.0-1.el7.x86_64.rpm
[root@kvm-web ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg libvirt-python-4.5.0-1.el7.x86_64.rpm
[root@kvm-web ~]# yum -y install libvirt-python-4.5.0-1.el7.x86_64.rpm
完毕!
[root@kvm-web ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libxml2-python-2.9.1-6.el7.5.x86_64.rpm
[root@kvm-web ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg libvirt-python-4.5.0-1.el7.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm
[root@kvm-web ~]# rpm -ivh --nodeps libxml2-python-2.9.1-6.el7.5.x86_64.rpm
警告:libxml2-python-2.9.1-6.el7.5.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
Verifying... ################################# [100%]
准备中... ################################# [100%]
正在升级/安装...
1:libxml2-python-2.9.1-6.el7.5 ################################# [100%]
[root@kvm-web ~]# wget https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/p/python-websockify-0.6.0-5.el7.noarch.rpm
[root@kvm-web ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg libvirt-python-4.5.0-1.el7.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm python-websockify-0.6.0-5.el7.noarch.rpm
[root@kvm-web ~]# rpm -ivh --nodeps https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/p/python-websockify-0.6.0-5.el7.noarch.rpm
获取https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/p/python-websockify-0.6.0-5.el7.noarch.rpm
警告:/var/tmp/rpm-tmp.zLyZRt: 头V4 RSA/SHA256 Signature, 密钥 ID 352c64e5: NOKEY
Verifying... ################################# [100%]
准备中... ################################# [100%]
正在升级/安装...
1:python-websockify-0.6.0-5.el7 ################################# [100%]
[root@kvm-web ~]# yum list all | grep supervisor
supervisor.noarch 4.2.1-1.uelc20 UnionTechOS-20-Plus
[root@kvm-web ~]# yum -y install supervisor
完毕!
[root@kvm-web ~]# yum -y install nginx
完毕!
[root@kvm-web ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-devel-2.7.5-89.el7.x86_64.rpm
[root@kvm-web ~]# ls
anaconda-ks.cfg libvirt-python-4.5.0-1.el7.x86_64.rpm python-devel-2.7.5-89.el7.x86_64.rpm
initial-setup-ks.cfg libxml2-python-2.9.1-6.el7.5.x86_64.rpm python-websockify-0.6.0-5.el7.noarch.rpm
[root@kvm-web ~]# rpm -ivh --nodeps python-devel-2.7.5-89.el7.x86_64.rpm
警告:python-devel-2.7.5-89.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
Verifying... ################################# [100%]
准备中... ################################# [100%]
正在升级/安装...
1:python-devel-2.7.5-89.el7 ################################# [100%]
2.从github上下载webvirtmgr代码(可以从网站上面拉,github.com)
[root@kvm-web ~]# cd /usr/local/src
[root@kvm-web src]# ls
webvirtmgr-master.zip
[root@kvm-web src]# unzip webvirtmgr-master.zip
[root@kvm-web src]# ls
webvirtmgr-master webvirtmgr-master.zip
3.安装webvirtmgr
[root@kvm-web src]# cd webvirtmgr-master
[root@kvm-web webvirtmgr-master]# ls
conf create dev-requirements.txt images interfaces manage.py networks requirements.txt serverlog setup.py templates vrtManager
console deploy hostdetail instance locale MANIFEST.in README.rst secrets servers storages Vagrantfile webvirtmgr
[root@kvm-web webvirtmgr-master]# pip2 install -r requirements.txt
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip2 install --user` instead.
Collecting django==1.5.5 (from -r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB)
100% |████████████████████████████████| 8.1MB 40kB/s
Collecting gunicorn==19.5.0 (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/f9/4e/f4076a1a57fc1e75edc0828db365cfa9005f9f6b4a51b489ae39a91eb4be/gunicorn-19.5.0-py2.py3-none-any.whl (113kB)
100% |████████████████████████████████| 122kB 37kB/s
Collecting lockfile>=0.9 (from -r requirements.txt (line 5))
Downloading https://files.pythonhosted.org/packages/c8/22/9460e311f340cb62d26a38c419b1381b8593b0bb6b5d1f056938b086d362/lockfile-0.12.2-py2.py3-none-any.whl
Installing collected packages: django, gunicorn, lockfile
Running setup.py install for django ... done
Successfully installed django-1.5.5 gunicorn-19.5.0 lockfile-0.12.2
4.检查sqlite3是否安装
[root@kvm-web webvirtmgr-master]# python2
Python 2.7.18 (default, Apr 12 2023, 18:54:18)
[GCC 8.5.0 20210514 (UnionTech 8.5.0-10.0.3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
5.初始化帐号信息
[root@kvm-web webvirtmgr-master]# python2 manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes //问你是否创建超级管理员帐号
Username (leave blank to use 'root'): //指定超级管理员帐号用户名,默认留空为root
Email address: 3068518641@qq.com //设置超级管理员邮箱
Password: //设置超级管理员密码
Password (again): //再次输入超级管理员密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
6.拷贝web网页至指定目录
[root@kvm-web webvirtmgr-master]# mkdir /var/www
[root@kvm-web webvirtmgr-master]# cp -r /usr/local/src/webvirtmgr-master /var/www/
[root@kvm-web webvirtmgr-master]# chown -R nginx.nginx /var/www/webvirtmgr-master/
7.生成密钥
[root@kvm-web ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:QxEQAOgwV9nAaWPJ/+KgiRkixcK3lExob+Rbs4EJiQ4 root@kvm-web
The key's randomart image is:
+---[RSA 3072]----+
|..+=+Booo. |
|E=.oX . . |
|B+Bo+o . |
|.+o@ +.. |
| o+ + +.S |
|+ o... .. |
|o+ o o . |
|o o . |
| |
+----[SHA256]-----+
[root@kvm-web ~]# ssh-copy-id 192.168.116.147
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.116.147 (192.168.116.147)' can't be established.
ECDSA key fingerprint is SHA256:NmTmj8AZttR+QqiPin3+KkuKagCElpgZ5IXN6TU25oc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
UOS Server 20 1060a
root@192.168.116.147's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.116.147'"
and check to make sure that only the key(s) you wanted were added.
[root@kvm-web ~]# ssh-copy-id 192.168.116.148
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.116.148 (192.168.116.148)' can't be established.
ECDSA key fingerprint is SHA256:ZvdIFVgFKsJIqs38/OmzEDggtLY3JM1EGdeVfj+DKqE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
UOS Server 20 1060a
root@192.168.116.148's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.116.148'"
and check to make sure that only the key(s) you wanted were added.
8.配置端口转发
[root@kvm-web ~]# ssh 192.168.116.147 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
UOS Server 20 1060a
Welcome to UOS Server 20
Last login: Mon Dec 18 15:36:07 2023 from 192.168.116.1
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@kvm1 ~]# exit
logout
Connection to 192.168.116.147 closed.
[root@kvm-web ~]# ssh 192.168.116.148 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
UOS Server 20 1060a
Welcome to UOS Server 20
Last login: Mon Dec 18 15:36:11 2023 from 192.168.116.1
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@kvm2 ~]# exit
logout
Connection to 192.168.116.148 closed.
9.配置nginx
[root@kvm-web ~]# ls /etc/nginx/nginx.conf
/etc/nginx/nginx.conf
[root@kvm-web ~]# mv /etc/nginx/nginx.conf /opt
[root@kvm-web ~]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
[root@kvm-web ~]# vim /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr-master/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
10.确保bind绑定的是本机的8000端口
[root@kvm-web ~]#vim /var/www/webvirtmgr-master/conf/gunicorn.conf.py
bind = '0.0.0.0:8000' //修改这一行
backlog = 2048
11.重启nginx
[root@kvm-web ~]# systemctl restart nginx
[root@kvm-web ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 511 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
12.设置supervisor
[root@kvm-web ~]# vim /etc/supervisord.conf
.....此处省略上面的内容,在文件最后加上以下内容
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr-master/manage.py run_gunicorn -c /var/www/webvirtmgr-master/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr-master
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr-master/console/webvirtmgr-console
directory=/var/www/webvirtmgr-master
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
13.启动supervisor并设置开机自启
[root@kvm-web ~]# systemctl enable --now supervisord
Created symlink /etc/systemd/system/multi-user.target.wants/supervisord.service → /usr/lib/systemd/system/supervisord.service.
[root@kvm-web ~]# systemctl status supervisord
● supervisord.service - Process Monitoring and Control Daemon
Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-12-18 16:28:10 CST; 10s ago
Process: 369892 ExecStart=/usr/bin/supervisord -c /etc/supervisord.conf (code=exited, status=0/SUCCESS)
Main PID: 369895 (supervisord)
Tasks: 13
Memory: 175.4M
[root@kvm-web ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 511 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 2048 0.0.0.0:8000 0.0.0.0:*
LISTEN 0 100 0.0.0.0:6080 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
14.配置nginx用户(首先要切换到nginx用户中)
//切换命令:su - nginx -s /bin/bash
[nginx@kvm-web ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:JN5Qj+l43vrnwHQd+GQJwEosM+HyoT4iQiK+IIAROsE nginx@kvm-web
The key's randomart image is:
+---[RSA 3072]----+
|+ .o..... |
|.E .+.o+. o . |
|+ . ==+.. . = |
|.o = O. = . |
|=. . + S . . o |
|* . o + . |
|=.. o . + |
|+... . . .. |
| . ...o. |
+----[SHA256]-----+
[nginx@kvm-web ~]$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
[nginx@kvm-web ~]$ chmod 0600 ~/.ssh/config
[nginx@kvm-web ~]$
[nginx@kvm-web ~]$ ssh-copy-id root@192.168.116.147
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.116.147' (ECDSA) to the list of known hosts.
UOS Server 20 1060a
root@192.168.116.147's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.116.147'"
and check to make sure that only the key(s) you wanted were added.
[nginx@kvm-web ~]$ ssh-copy-id root@192.168.116.148
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.116.148' (ECDSA) to the list of known hosts.
UOS Server 20 1060a
root@192.168.116.148's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.116.148'"
and check to make sure that only the key(s) you wanted were added.
[root@kvm-web ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@kvm-web ~]# cat /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@kvm-web ~]#systemctl restart nginx
[root@kvm-web ~]#systemctl restart libvirtd
3.3 kvm web界面管理
通过ip地址在浏览器上访问kvm,例如我这里就是:http://192.168.116.146/login
3.4kvm安装1(192.168.116.147)
部署前请确保你的CPU虚拟化功能已开启。分为两种情况:
- 虚拟机要关机设置CPU虚拟化
- 物理机要在BIOS里开启CPU虚拟化
1.kvm安装
[root@kvm1 ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
UnionTechOS 20 AppStream 4.8 MB/s | 8.1 MB 00:01
上次元数据过期检查:0:00:02 前,执行于 2023年12月18日 星期一 17时09分15秒。
未找到匹配的参数: qemu-kvm-tools
未找到匹配的参数: libvirt-python
错误:没有任何匹配: qemu-kvm-tools libvirt-python
//解决方案
[root@kvm1 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm1 ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm1 ~]# rpm -ivh --nodeps qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
警告:qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
Verifying... ################################# [100%]
准备中... ################################# [100%]
file /usr/bin/kvm_stat from install of qemu-kvm-tools-10:1.5.3-175.el7.x86_64 conflicts with file from package kernel-tools-4.19.0-91.82.152.uelc20.x86_64
[root@kvm1 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libvirt-python-4.5.0-1.el7.x86_64.rpm
[root@kvm1 ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg libvirt-python-4.5.0-1.el7.x86_64.rpm qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm1 ~]# yum -y install libvirt-python-4.5.0-1.el7.x86_64.rpm
完毕!
[root@kvm1 ~]# yum -y install qemu-kvm qemu-img virt-manager libvirt libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
完毕!
2.因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把 \
KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部 \
其他服务器处于同一网段
//此处我的网卡是ens33,所以用br0来桥接ens33网卡
[root@kvm1 ~]# cd /etc/sysconfig/network-scripts/
[root@kvm1 network-scripts]# ls
ifcfg-ens33
[root@kvm1 network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@kvm1 network-scripts]# vim ifcfg-br0
[root@kvm1 network-scripts]# cat ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.116.147
NETMASK=255.255.255.0
GATEWAY=192.168.116.2
DNS1=114.114.114.114
[root@kvm1 network-scripts]# vim ifcfg-ens33
[root@kvm1 network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
3.重启网络
[root@kvm1 network-scripts]# systemctl restart NetworkManager
[root@kvm1 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:55:dc:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.116.147/24 brd 192.168.116.255 scope global dynamic noprefixroute ens33
valid_lft 1477sec preferred_lft 1477sec
inet6 fe80::8f8b:5c4c:b551:bb74/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 7e:7c:c6:d2:d6:1d brd ff:ff:ff:ff:ff:ff
inet 192.168.116.147/24 brd 192.168.116.255 scope global noprefixroute br0
valid_lft forever preferred_lft forever
4.启动服务
[root@kvm1 ~]# systemctl start libvirtd
[root@kvm1 ~]# systemctl enable libvirtd
Created symlink /etc/systemd/system/multi-user.target.wants/libvirtd.service → /usr/lib/systemd/system/libvirtd.service.
Created symlink /etc/systemd/system/sockets.target.wants/virtlockd.socket → /usr/lib/systemd/system/virtlockd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd.socket → /usr/lib/systemd/system/libvirtd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd-ro.socket → /usr/lib/systemd/system/libvirtd-ro.socket.
5.验证安装结果
[root@kvm1 ~]# lsmod|grep kvm
kvm_intel 241664 0
kvm 774144 1 kvm_intel
irqbypass 20480 1 kvm
6.测试并验证安装结果
[root@kvm1 ~]# virsh -c qemu:///system list
Id 名称 状态
-------------------
[root@kvm1 ~]# virsh --version
8.0.0
[root@kvm1 ~]# virt-install --version
3.2.0
[root@kvm1 ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@kvm1 ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 12月 18 17:43 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@kvm1 ~]# lsmod |grep kvm
kvm_intel 241664 0
kvm 774144 1 kvm_intel
irqbypass 20480 1 kvm
7.查看网桥信息
[root@kvm1 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
virbr0 8000.525400cc171b yes
3.5kvm安装2(192.168.116.148)
部署前请确保你的CPU虚拟化功能已开启。分为两种情况:
- 虚拟机要关机设置CPU虚拟化
- 物理机要在BIOS里开启CPU虚拟化
1.kvm安装
[root@kvm2 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm2 ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm2 ~]# rpm -ivh --nodeps qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
警告:qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
Verifying... ################################# [100%]
准备中... ################################# [100%]
file /usr/bin/kvm_stat from install of qemu-kvm-tools-10:1.5.3-175.el7.x86_64 conflicts with file from package kernel-tools-4.19.0-91.82.152.uelc20.x86_64
[root@kvm2 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libvirt-python-4.5.0-1.el7.x86_64.rpm
[root@kvm2 ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg libvirt-python-4.5.0-1.el7.x86_64.rpm qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm
[root@kvm2 ~]# yum -y install libvirt-python-4.5.0-1.el7.x86_64.rpm
完毕!
[root@kvm2 ~]# yum -y install qemu-kvm qemu-img virt-manager libvirt libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
完毕!
2.因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把 \
KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部 \
其他服务器处于同一网段
//此处我的网卡是ens33,所以用br0来桥接ens33网卡
[root@kvm2 ~]# cd /etc/sysconfig/network-scripts/
[root@kvm2 network-scripts]# ls
ifcfg-ens33
[root@kvm2 network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@kvm2 network-scripts]# vim ifcfg-br0
[root@kvm2 network-scripts]# cat ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.116.148
NETMASK=255.255.255.0
GATEWAY=192.168.116.2
DNS1=114.114.114.114
[root@kvm2 network-scripts]# vim ifcfg-ens33
[root@kvm2 network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
3.重启网络
[root@kvm2 network-scripts]# systemctl restart NetworkManager
[root@kvm2 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:43:5f:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.116.148/24 brd 192.168.116.255 scope global dynamic noprefixroute ens33
valid_lft 990sec preferred_lft 990sec
inet6 fe80::9265:e355:540e:9f63/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether be:fd:b1:df:a0:75 brd ff:ff:ff:ff:ff:ff
inet 192.168.116.148/24 brd 192.168.116.255 scope global noprefixroute br0
valid_lft forever preferred_lft forever
4.启动服务
[root@kvm2 ~]# systemctl enable --now libvirtd
Created symlink /etc/systemd/system/multi-user.target.wants/libvirtd.service → /usr/lib/systemd/system/libvirtd.service.
Created symlink /etc/systemd/system/sockets.target.wants/virtlockd.socket → /usr/lib/systemd/system/virtlockd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd.socket → /usr/lib/systemd/system/libvirtd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd-ro.socket → /usr/lib/systemd/system/libvirtd-ro.socket.
5.验证安装结果
[root@kvm2 ~]# lsmod|grep kvm
kvm_intel 241664 0
kvm 774144 1 kvm_intel
irqbypass 20480 1 kvm
6.测试并验证安装结果
[root@kvm2 ~]# virsh -c qemu:///system list
Id 名称 状态
-------------------
[root@kvm2 ~]# virsh --version
8.0.0
[root@kvm2 ~]# virt-install --version
3.2.0
[root@kvm2 ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@kvm2 ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 12月 18 18:06 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@kvm2 ~]# lsmod |grep kvm
kvm_intel 241664 0
kvm 774144 1 kvm_intel
irqbypass 20480 1 kvm
7.查看网桥信息
[root@kvm2 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
virbr0 8000.5254005e5c7d yes
3.3.1 kvm1连接管理
创建SSH连接:
3.3.2 kvm1存储管理
创建存储:
[root@kvm1 ~]# cd /var/lib/libvirt/images/
[root@kvm1 images]# ls
centos7.img CentOS-7-x86_64-DVD-1804.iso//这个镜像需要上传的
3.3.3 kvm1网络管理
添加桥接网络
3.3.4 实例管理
实例(虚拟机)创建
虚拟机插入光盘
设置在 web 上访问虚拟机的密码
3.3.5kvm2
4.故障案例
4.1 案例1
web界面配置完成后可能会出现以下错误界面
解决方法是安装novnc并通过novnc_server启动一个vnc
[root@localhost ~]# ll /etc/rc.local
lrwxrwxrwx. 1 root root 13 Aug 6 2018 /etc/rc.local -> rc.d/rc.local
[root@localhost ~]# ll /etc/rc.d/rc.local
-rw-r--r-- 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local
[root@localhost ~]# chmod +x /etc/rc.d/rc.local
[root@localhost ~]# ll /etc/rc.d/rc.local
-rwxr-xr-x 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local
[root@localhost ~]# vim /etc/rc.d/rc.local
......此处省略N行
# that this script will be executed during boot.
touch /var/lock/subsys/local
nohup novnc_server 172.16.12.128:5920 &
[root@localhost ~]# . /etc/rc.d/rc.local
做完以上操作后再次访问即可正常访问
4.2 案例2
第一次通过web访问kvm时可能会一直访问不了,一直转圈,而命令行界面一直报错(too many open files)
此时需要对nginx进行配置
[root@localhost ~]# vim /etc/nginx/nginx.conf
....此处省略N行
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
worker_rlimit_nofile 655350; //添加此行配置
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
....此处省略N行
[root@localhost ~]# systemctl restart nginx
然后对系统参数进行设置
[root@localhost ~]# vim /etc/security/limits.conf
....此处省略N行
# End of file
* soft nofile 655350
* hard nofile 655350
到此问题即可解决