KVM虚拟化
实验环境:
系统 | IP |
---|---|
centos7 | 192.168.164.128 |
一、虚拟化介绍
虚拟化是云计算的基础。简单的说,虚拟化使得在一台物理的服务器上可以跑多台虚拟机,虚拟机共享物理机的 CPU、内存、IO 硬件资源,但逻辑上虚拟机之间是相互隔离的。
物理机我们一般称为宿主机(Host),宿主机上面的虚拟机称为客户机(Guest)。
那么 Host 是如何将自己的硬件资源虚拟化,并提供给 Guest 使用的呢?
这个主要是通过一个叫做 Hypervisor 的程序实现的。
虚拟化分类:
- 全虚拟化 裸金属上部署(没有操作系统的主机)
特点:性能强,不能嵌套 - 半虚拟化 OS(操作系统)上部署
特点:和全虚相比性能略差,可以嵌套
虚拟化的实现方式:
-
服务器中使用的:
1、kvm
2、esxi
3、xen
4、Citrix 面向银行
5、hyper-v -
个人用户:
1、VMware workstations
2、virualbox
二、KVM部署
2.1kvm安装
关闭防火墙和selinux
[root@kvm ~]# systemctl stop firewalld
[root@kvm ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@kvm ~]# setenforce 0
[root@kvm ~]# vim /etc/selinux/config
SELINUX=disabled
验证CPU是否支持KVM;如果结果中有vmx(Intel)或svm(AMD)字样,就说明CPU的支持的
[root@kvm ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx
vmx
kvm安装
[root@kvm ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
设置网卡
因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把
KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部
其他服务器处于同一网段。
[root@kvm network-scripts]# pwd
/etc/sysconfig/network-scripts
[root@kvm network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@kvm network-scripts]# vim ifcfg-br0
TYPE="Bridge"
DEVICE="br0"
NM_CONTROLLED="no"
BOOTPROTO="static"
NAME="br0"
ONBOOT="yes"
IPADDR=192.168.164.128
NETMASK=255.255.255.0
GATEWAY=192.168.164.2
DNS1=114.114.114.114
[root@kvm network-scripts]# vim ifcfg-ens33
TYPE="Ethernet"
BOOTPROTO="static"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
BRIDGE="br0"
NM_CONTROLLED="no"
//重启网络
[root@kvm network-scripts]# systemctl restart NetworkManager
# 重启过后发现ens33还是有IP的,这是因为还没有反应过来,重启一下就好了
[root@kvm ~]# reboot
启动服务
启动守护进程
[root@kvm ~]# systemctl start libvirtd
[root@kvm ~]# systemctl enable libvirtd
验证安装结果
[root@kvm ~]# lsmod|grep kvm //这里有显示kvm就表示安装成功了
kvm_intel 174841 0
kvm 578518 1 kvm_intel
irqbypass 13503 1 kvm
[root@kvm ~]# virsh -c qemu:///system list //列出现有kvm系统
Id 名称 状态
----------------------------------------------------
[root@kvm ~]# virsh --version
4.5.0
//创建一个软连接,让系统能找到这个命令
[root@kvm ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@kvm ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 10月 20 20:54 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@kvm ~]# which qemu-kvm
/usr/bin/qemu-kvm
//查看网桥信息
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c29739601 no ens33
virbr0 8000.525400bf0336 yes virbr0-nic
2.2kvm web界面安装
安装依赖包
[root@kvm ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
//从github上下载webvirtmgr代码
[root@kvm src]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
接收对象中: 100% (5614/5614), 2.97 MiB | 156.00 KiB/s, done.
处理 delta 中: 100% (3606/3606), done.
//安装webvirtmgr
[root@kvm webvirtmgr]# pip install -r requirements.txt
Collecting django==1.5.5 (from -r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB)
100% |████████████████████████████████| 8.1MB 86kB/s
Collecting gunicorn==19.5.0 (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/f9/4e/f4076a1a57fc1e75edc0828db365cfa9005f9f6b4a51b489ae39a91eb4be/gunicorn-19.5.0-py2.py3-none-any.whl (113kB)
100% |████████████████████████████████| 122kB 347kB/s
Collecting lockfile>=0.9 (from -r requirements.txt (line 5))
Downloading https://files.pythonhosted.org/packages/c8/22/9460e311f340cb62d26a38c419b1381b8593b0bb6b5d1f056938b086d362/lockfile-0.12.2-py2.py3-none-any.whl
Installing collected packages: django, gunicorn, lockfile
Running setup.py install for django ... done
Successfully installed django-1.5.5 gunicorn-19.5.0 lockfile-0.12.2
//检查sqlite3是否安装
[root@kvm webvirtmgr]# python
Python 2.7.5 (default, Nov 16 2020, 22:23:17)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3 //导入模块,如果没有输入信息表示没有问题,如果有输出内容表示有问题。
>>> exit() //退出
//初始化帐号信息
[root@kvm webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes //你你是否创建超级管理员帐号
Username (leave blank to use 'root'): admin //默认管理员是root,请输入管理员名称
Email address: 151@9090.com //邮箱
Password: //密码
Password (again): //再次输入密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
//拷贝web界面到指定目录
[root@kvm webvirtmgr]# mkdir /var/www
[root@kvm webvirtmgr]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@kvm webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/
[root@kvm www]# ll
总用量 4
drwxr-xr-x 20 nginx nginx 4096 10月 20 21:20 webvirtmgr
//生成秘钥
[root@kvm ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:2Ohw3srP23TJLA3ZbvEZ6IcMDMQ6vR9X8k1AYBYqtew root@kvm
The key's randomart image is:
+---[RSA 2048]----+
| .. . =+. |
| ..o = . |
| oo + . |
| o+.= o... .|
| . +.S.E ++.o |
| = .. .X.=.o.|
| o ..oo% + |
| . o o.+ . |
| o.+.. |
+----[SHA256]-----+
# 由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个是它的ip
[root@kvm ~]# ssh-copy-id 192.168.164.128 //此IP为当前主机的IP
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.164.128 (192.168.164.128)' can't be established.
ECDSA key fingerprint is SHA256:5lQxTJD16qBxew8AwHXB/8tSdpxrqUOtSUCf+zrqTlQ.
ECDSA key fingerprint is MD5:e0:30:24:4b:50:7d:71:6a:55:0d:69:8f:3a:96:51:c1.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.164.128's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.164.128'"
and check to make sure that only the key(s) you wanted were added.
//配置端口转发
[root@kvm ~]# ssh 192.168.164.128 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
#此IP为本机的IP
Last login: Wed Oct 20 20:49:07 2021 from 192.168.164.1
[root@kvm ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::443 :::*
[root@kvm ~]#
配置nginx
先备份然后清空文件内容,然后再重新编辑配置文件
[root@kvm nginx]# cp nginx.conf{,-bak}
[root@kvm nginx]# > nginx.conf
#重新编辑配置文件
[root@kvm nginx]# vi /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
//编辑硬Nginx的子文件
[root@kvm ~]# vim /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
//编辑配置文件,确保bind绑定的是本机的8000端口
[root@kvm conf.d]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
......
bind = '0.0.0.0:8000' //把原来的127本地地址改成默认地址,监听本机的所有IP的8000端口
backlog = 2048
......
//重启nginx,如果重启失败报端口被占用就用fuser -k 80/tcp 命令关闭80端口即可,然后再重启
[root@kvm ~]# systemctl restart nginx.service
[root@kvm ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
//设置supervisor,在文件的末尾添加一下内容
[root@kvm ~]# vim /etc/supervisord.conf
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
//启动supervisor并设置开机自启
[root@kvm ~]# systemctl start supervisord.service
[root@kvm ~]# systemctl enable supervisord.service
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
[root@kvm ~]# systemctl status supervisord.service
● supervisord.service - Process Monitoring and Control Daemon
Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2021-10-20 22:06:03 CST; 24s ago
Main PID: 112320 (supervisord)
CGroup: /system.slice/supervisord.service
├─112320 /usr/bin/python /usr/bin/supervisord -c /etc/s...
└─113132 /usr/bin/python2 /var/www/webvirtmgr/manage.py...
10月 20 22:06:03 kvm systemd[1]: Starting Process Monitoring and....
10月 20 22:06:03 kvm systemd[1]: Started Process Monitoring and ....
Hint: Some lines were ellipsized, use -l to show in full.
[root@kvm ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
//配置nginx用户,生成秘钥
[root@kvm home]# su - nginx -s /bin/bash //零时给Nginx用户一个bin/bash 因为是系统用户所有直接登陆时登陆不成功的
#生成秘钥
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UKTuvbpXYFyez0JPrfFEvMc/Nw2Vu58YnynnG1p6e48 nginx@kvm
The key's randomart image is:
+---[RSA 2048]----+
| .o . .|
| o . o..|
| o. o . o +.|
| . .+ + o =.o|
| ..So = = o+|
| . . o =..++|
| . .. . +oO|
| .. o+O+|
| o+. oE+*|
+----[SHA256]-----+
//添加一个配置文件
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ cat ~/.ssh/config
StrictHostKeyChecking=no //主机key检查关闭,就是远程登陆的时候没有让输入yes/no那一步
UserKnownHostsFile=/dev/null //不要.ssh/known_hosts文件,不输入yes和no就没有主机信息,所有把这个文件放到空洞中
-bash-4.2$ chmod 0600 ~/.ssh/config //改权限
//把公钥给root用户,让Nginx登陆root时免密登陆
-bash-4.2$ ssh-copy-id root@192.168.164.128
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.164.128' (ECDSA) to the list of known hosts.
root@192.168.164.128's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.164.128'"
and check to make sure that only the key(s) you wanted were added.
退出Nginx用户
//生成一个配置文件
[root@kvm ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
//设置刚创建文件权限并重启服务
[root@kvm ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@kvm ~]# systemctl restart nginx
[root@kvm ~]# systemctl restart libvirtd
2.3kvm web界面管理
访问本机得IP地址即可登陆上来
这里的密码和账户是超级管理的用户名和密码
kvm连接管理
创建ssh连接:
kvm存储管理
创建存储
通过远程软件将镜像放到/var/lib/libvirt/images/
[root@kvm images]# ll
总用量 9374720
-rw-r--r-- 1 root root 9599713280 10月 20 23:58 CentOS-Stream-8-x86_64-20201211-dvd1.iso
[root@kvm images]# pwd
/var/lib/libvirt/images
这里用软件直接上传文件即可
在web界面查看是否有上传的镜像文件
创建系统安装镜像
添加成功
kvm网络管理
添加桥接网络
实例管理
创建实例虚拟机
虚拟机插入光盘
设置在web上访问虚拟机的密码
启动虚拟机
虚拟机安装
部署centos8完成!!!!!!!!!!
三、可能出现的问题
1、终端一直报 too many open files 错误
第一次通过web访问kvm时可能会一直访问不了,一直转圈,而命令行界面一直报错(too many open files)
此时需要对nginx进行配置
[root@localhost ~]# vim /etc/nginx/nginx.conf
....此处省略N行
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
worker_rlimit_nofile 655350; //添加此行配置
[root@localhost ~]# systemctl restart nginx
//然后对系统参数进行设置,文件末尾添加两行。等待一会或者重启即可
[root@localhost ~]# vim /etc/security/limits.conf
....此处省略N行
# End of file
* soft nofile 655350
* hard nofile 655350
2、虚拟机启动时报错(连接超时、服务器断开连接)
web界面配置完成后可能出现以下问题
解决决方法是安装novnc并通过novnc_server启动一个vnc
[root@kvm ~]# yum -y install novnc
设置权限
[root@kvm ~]# chmod +x /etc/rc.d/rc.local
[root@kvm ~]# ll /etc/rc.local
lrwxrwxrwx 1 root root 13 10月 3 20:07 /etc/rc.local -> rc.d/rc.local
[root@kvm ~]# ll /etc/rc.d/rc.local
-rwxr-xr-x 1 root root 473 10月 30 23:11 /etc/rc.d/rc.local
[root@kvm ~]# vim /etc/rc.d/rc.local
最后一行添加
nohup novnc_server 192.168.164.128:5920 & 此时是自己虚拟机的IP地址
[root@localhost ~]# source /etc/rc.d/rc.local
[root@localhost ~]# nohup: 忽略输入并把输出追加到"nohup.out"
[root@localhost ~]# ps -ef|grep novnc
root 13567 12772 0 23:41 pts/2 00:00:00 bash /usr/bin/novnc_server 192.168.164.128:5920
root 13577 13567 0 23:41 pts/2 00:00:00 /usr/bin/python /usr/bin/websockify --web /usr/bin/../share/novnc/ 6080 localhost:5900
root 13602 12772 0 23:43 pts/2 00:00:00 grep --color=autonovnc
#配置修改完成后随后就可以正常启动了