KVM虚拟化

环境	IP
rhel7	192.168.160.129

1.kvm安装

1.1 关闭防火墙和SElinux

[root@localhost ~]# systemctl restart firewalld

[root@localhost ~]# systemctl disable firewalld

Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

[root@localhost ~]# getenforce 
Disabled

1.2 下载网络源

[root@localhost network-scripts]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo

[root@localhost ~]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo

[root@localhost ~]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo

1.3 检查cpu是否支持KVM并安装KVM

[root@localhost ~]# egrep -o 'vmx|sv' /proc/cpuinfo 
vmx
vmx
vmx
vmx

[root@localhost ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools

1.4 设置桥接网卡（先添加一块新网卡）

[root@localhost ~]# cd /etc/sysconfig/network-scripts/

[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-br0

[root@localhost network-scripts]# vim ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
IPV4_FAILURE_FATAL=no
NAME=br0
DEVICE=br0
ONBOOT=yes
NM_CONTROLLED=no
IPADDR=192.168.160.128
NETMASK=255.255.255.0
GATEWAY=192.168.160.1
DNS1=114.114.114.114
DNS2=8.8.8.8


[root@localhost network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=ens33
UUID=af65f584-0fe3-456b-be69-7e097f41506a
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no

1.5 启动服务

[root@localhost ~]# systemctl start libvirtd

[root@localhost ~]# systemctl enable libvirtd

[root@localhost ~]# lsmod |grep kvm
kvm_intel             170086  0 
kvm                   566340  1 kvm_intel
irqbypass              13503  1 kvm
[root@localhost ~]# virsh -c qemu:///system list
 Id    名称                         状态
----------------------------------------------------
[root@localhost ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm

[root@localhost ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 12月 15 15:23 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm

[root@localhost ~]# brctl show             查看网桥信息
bridge name	bridge id		STP enabled	interfaces
br0		8000.000c29ca7502	no		ens33
virbr0		8000.525400b86aef	yes		virbr0-nic

2.kvm web管理界面安装

2.1 安装依赖包

[root@localhost ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel

[root@localhost ~]# pip install --upgrade pip          升级pip

[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# git clone git://github.com/retspen/webvirtmgr.git  从github上下载webvirtmgr代码

2.2 安装webvirtmgr

[root@localhost src]# cd webvirtmgr/

[root@localhost webvirtmgr]# pip install -r requirements.txt

[root@localhost webvirtmgr]# python        检查sqlite3是否安装
Python 2.7.5 (default, Oct 30 2018, 23:45:53) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3         没有报错即为正常
>>> exit()

2.3 初始化账号信息

[root@localhost webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes         是否创建超级管理员帐号
Username (leave blank to use 'root'):                   指定超级管理员帐号用户名，默认留空为root
Email address: wscl1996@outlook.com                     设置超级管理员邮箱
Password:                                               设置超级管理员密码
Password (again): 
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)

2.4 拷贝web网页至指定目录

[root@localhost webvirtmgr]# cd
[root@localhost ~]# mkdir /var/www
[root@localhost ~]# cp -r /usr/local/src/webvirtmgr/ /var/www/
[root@localhost ~]# chown -R nginx.nginx /var/www/webvirtmgr/

2.5 生成密匙

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:HbgcxqpEK63olPQiIkf7824v7k46FqPHUaMCWbh5wB8 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|..               |
|o..E   . .       |
| *. o   = .      |
|= .+ .o+ + .     |
| +o +o..S .      |
|.o+==.           |
|=++=.+.          |
|*.o.*oo          |
| . ooX*o.        |
+----[SHA256]-----+
 
[root@localhost ~]# ssh-copy-id 192.168.160.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.160.129 (192.168.160.129)' can't be established.
ECDSA key fingerprint is SHA256:3XP5v9HZPVnIR5xgOUf2nlDTovhwpSEYLKViTxzZFDw.
ECDSA key fingerprint is MD5:fb:5d:9c:bd:f7:7a:78:45:8a:ae:ed:59:d3:bc:36:80.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.160.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.160.129'"
and check to make sure that only the key(s) you wanted were added.

2.6 配置端口转发

[root@localhost ~]# ssh 192.168.160.129 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
Last failed login: Sun Dec 16 10:12:41 CST 2018 from 192.168.160.129 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sun Dec 16 09:58:58 2018 from 192.168.160.33

[root@localhost ~]# ss -antl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128             *:111                         *:*                  
LISTEN      0      5      192.168.122.1:53                          *:*                  
LISTEN      0      128             *:22                          *:*                  
LISTEN      0      100     127.0.0.1:25                          *:*                  
LISTEN      0      128     127.0.0.1:6010                        *:*                  
LISTEN      0      128     127.0.0.1:6011                        *:*                  
LISTEN      0      128     127.0.0.1:6012                        *:*                  
LISTEN      0      128     127.0.0.1:6080                        *:*                  
LISTEN      0      128     127.0.0.1:8000                        *:*                  
LISTEN      0      128            :::111                        :::*                  
LISTEN      0      128            :::22                         :::*                  
LISTEN      0      100           ::1:25                         :::*                  
LISTEN      0      128           ::1:6010                       :::*                  
LISTEN      0      128           ::1:6011                       :::*                  
LISTEN      0      128           ::1:6012                       :::*                  
LISTEN      0      128           ::1:6080                       :::*                  
LISTEN      0      128           ::1:8000                       :::*

2.7 配置nginx

[root@localhost ~]# vim /etc/nginx/conf.d/webvirtmgr.conf

server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;

    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr;
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M;
    }
}


[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py          确保bind绑定的是本机的8000端口
bind = '0.0.0.0:8000'
backlog = 2048

[root@localhost ~]# systemctl restart nginx

2.8 设置supervisor

[root@localhost ~]# vim /etc/supervisord.conf           行位添加
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx

[root@localhost ~]# systemctl start supervisord
[root@localhost ~]# systemctl enable supervisord

2.9 配置nginx用户

[root@localhost home]# mkdir nginx
[root@localhost home]# chown -R nginx.nginx nginx/
[root@localhost home]# chmod -R 700 nginx/
[root@localhost home]# su - nginx -s /bin/bash
上一次登录：六 12月 15 16:37:14 CST 2018pts/3 上
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa): 
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:2U006a/5/9nhhDBDd3iOnWhMZCzMO7Cn7boJyqp/L2Y nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|          o ++   |
|         . =+o.  |
|          oo++ o |
|         +.*= B .|
|        S =+o* + |
|         . .= o  |
|       .  .  + o |
|    .E. . ..o o +|
| .oo=oo. +o  ..+=|
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.160.129
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.160.129' (ECDSA) to the list of known hosts.
root@192.168.160.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.160.129'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost home]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla

bvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

[root@localhost home]# systemctl restart nginx
[root@localhost home]# systemctl restart libvirtd

3.kvm web界面管理

通过IP地址在浏览器上访问KVM，例如我这里就是：http://192.168.160.129/login
[root@localhost home]# accept: Too many open files         nginx的连接数超过了系统设定的最大值造成的. 
accept: Too many open files
accept: Too many open files
[root@localhost ~]# ulimit -n 655360       把打开文件数设置足够大，这是临时修改方案

[root@localhost ~]# vim /etc/nginx/nginx.conf     修改nginx.conf文件,添加下面内容，然后重启nginx
worker_rlimit_nofile 655350;

[root@localhost ~]# systemctl restart nginx


用ulimit -n 655360 修改只对当前的shell有效，退出后失效。所以，需要永久性修改，修改/etc/security/limits.conf，在文件底部添加：
[root@localhost ~]# vim /etc/security/limits.conf 
* soft nofile 655360
* hard nofile 655360

通过远程连接软件上传ISO镜像文件至存储目录的/var/lib/libvirt/images

[root@localhost images]# pwd
/var/lib/libvirt/images
[root@localhost images]# ls
rhel-server-7.4-x86_64-dvd.iso