linux基础命令虚拟机
Excerpted from my book: Teach Yourself Linux Virtualization and High Availability: prepare for the LPIC-3 304 certification exam — also available from my Bootstrap-IT site.
从我的书中摘录: 自学Linux虚拟化和高可用性:为LPIC-3 304认证考试做准备 —也可以从我的 Bootstrap-IT网站上获得 。
Despite having access to ever more efficient and powerful hardware, operations that are run directly on traditional physical (or bare-metal) servers unavoidably face significant practical limits. The cost and complexity of building and launching a single physical server mean that effectively adding or removing resources to quickly meet changing demand is difficult or, in some cases, impossible. Safely testing new configurations or full applications before their release can also be complicated, expensive, and time-consuming.
尽管可以使用更高效,更强大的硬件,但是直接在传统物理(或裸机)服务器上运行的操作不可避免地会面临很大的实际限制。 构建和启动单个物理服务器的成本和复杂性意味着有效添加或删除资源以快速满足不断变化的需求是困难的,在某些情况下甚至是不可能的。 在发布新配置或完整应用程序之前对其进行安全测试也可能很复杂,昂贵且耗时。
As envisioned by pioneering researchers Gerald J. Popek and Robert P. Goldberg in a paper from 1974 (“Formal Requirements for Virtualizable Third Generation Architectures” — Communications of the ACM 17 (7): 412–421), successful virtualization must provide an environment that:
先锋研究人员Gerald J. Popek和Robert P. Goldberg在1974年发表的论文(“可虚拟化的第三代体系结构的正式要求” — ACM通讯17(7):412-421)中曾设想,成功的虚拟化必须提供一个环境那:
- Is equivalent to that of a physical machine so that software access to hardware resources and drivers should be indistinguishable from a non-virtualized experience. 等同于物理机,因此与非虚拟化体验之间的软件访问应该没有区别。
- Allows complete client control over virtualized system hardware. 允许对虚拟化系统硬件的完全客户端控制。
- Wherever possible, efficiently executes operations directly on underlying hardware resources, including CPUs. 只要有可能,就可以直接在基础硬件资源(包括CPU)上有效地执行操作。
Virtualization allows physical compute, memory, network, and storage (“core four”) resources to be divided between multiple virtual entities. Each virtual device is represented within its software and user environments as an actual, standalone entity. Configured properly, virtually isolated resources can provide more secure applications with no visible connectivity between environments. Virtualization also allows new virtual machines to be provisioned and run almost instantly, and then destroyed as soon as they are no longer needed.
虚拟化允许将物理计算,内存,网络和存储(“核心四”)资源分配到多个虚拟实体之间。 每个虚拟设备在其软件和用户环境中均表示为实际的独立实体。 正确配置的虚拟隔离资源可以提供更安全的应用程序,而环境之间没有可见的连接。 虚拟化还允许配置新虚拟机并几乎立即运行,然后在不再需要它们时立即销毁它们。
For large applications supporting constantly changing business needs, the ability to quickly scale up and down can spell the difference between survival and failure. The kind of adaptability that virtualization offers allows scripts to add or remove virtual machines in seconds…rather than the weeks it might take to purchase, provision, and deploy a physical server.
对于支持不断变化的业务需求的大型应用程序,快速扩展和缩小的能力可以说明生存与失败之间的区别。 虚拟化提供的这种适应性使脚本可以在几秒钟内添加或删除虚拟机,而不是花费数周的时间购买,配置和部署物理服务器。
虚拟化如何工作 (How Virtualization Works)
Under non-virtual conditions, x86 architectures strictly control which processes can operate within each of four carefully defined privilege layers (described as Ring 0 through Ring 3).
在非虚拟条件下,x86体系结构严格控制哪些进程可以在四个精心定义的特权层(称为环0到环3)中的每个特权层内运行。
Normally, only the host operating system kernel has any chance of accessing instructions kept in Ring 0. However, since you can’t give multiple virtual machines running on a single physical computer equal access to ring 0 without asking for big trouble, there must be a virtual machine manager (or “hypervisor”) whose job it is to effectively redirect requests for resources like memory and storage to their virtualized equivalents.
通常,只有主机操作系统内核才有机会访问Ring 0中保存的指令。但是,由于您不能在不要求大麻烦的情况下,使运行在一台物理计算机上的多个虚拟机平等地访问Ring 0,因此必须虚拟机管理器(或“管理程序”),其工作是将对内存和存储等资源的请求有效地重定向到它们的虚拟化等效项。
When working within a hardware environment without SVM or VT-x virtualization, this is done through a process known as trap and emulate and binary translation. On virtualized hardware, such requests can usually be caught by the hypervisor, adapted to the virtual environment, and passed back to the virtual machine.
在没有SVM或VT-x虚拟化的硬件环境中工作时,这是通过称为陷阱和仿真以及二进制转换的过程完成的。 在虚拟化硬件上,此类请求通常可以由管理程序捕获,适应虚拟环境并传递回虚拟机。
Simply adding a new software layer to provide this level of coordination will add significant latency to just about every aspect of system performance. One very successful solution has been to introduce new instruction sets into CPUs that create a so-called “Ring -1” that will act as Ring 0 and allow a guest OS to operate without having any impact on other, unrelated operations.
只需添加一个新的软件层来提供这种级别的协调,就会在系统性能的几乎每个方面都增加大量的延迟。 一种非常成功的解决方案是将新的指令集引入到CPU中,以创建所谓的“ Ring -1”(Ring -1),该环将充当Ring 0,并允许来宾OS运行而不会影响其他无关的操作。
In fact, when implemented well, virtualization allows most software code to run exactly the way it normally would without any need for trapping.
实际上,如果实施得当,虚拟化将使大多数软件代码以正常方式正常运行,而无需进行陷阱。
Though often playing a support role in virtualization deployments — emulation works quite differently. While virtualization seeks to divide existing hardware resources among multiple users, the goal of emulation is to make one particular hardware/software environment imitate one that doesn’t actually exist, so that users can launch processes that wouldn’t be possible natively. This requires software code that simulates the desired underlying hardware environment to fool your software into thinking it’s actually running somewhere else.
尽管通常在虚拟化部署中扮演支持角色,但是仿真的工作方式却大不相同。 尽管虚拟化试图将现有的硬件资源分配给多个用户,但仿真的目的是使一种特定的硬件/软件环境模仿实际上不存在的硬件/软件环境,以便用户可以启动本机无法实现的过程。 这需要模拟所需的基础硬件环境的软件代码,以使您的软件误以为它实际上在其他地方运行。
Emulation can be relatively simple to implement, but it will nearly always come with a serious performance penalty.
仿真可以相对简单地实现,但是几乎总是会带来严重的性能损失。
There have traditionally been two classes of hypervisor: Type-1 and Type-2.
传统上,系统管理程序分为两类:Type-1和Type-2。
Bare-metal hypervisors (Type-1) are booted as a machine’s operating system and — sometimes through a primary privileged virtual machine (VM) — maintain full control over the host hardware, running each guest OS as a system process. XenServer and VMWare ESXi are prominent modern examples of Type-1. In recent years, popular usage of the term “hypervisor” has spread to include all host virtualization technologies, but once upon a time, it would have been used to describe only Type-1 systems. The more general term covering all types would originally have been “Virtual Machine Monitors”. Insofar as people use the term Virtual Machine Monitors at all these days, I suspect they mean “hypervisor” in all its iterations.
裸机管理程序(Type-1)作为计算机的操作系统启动,并且有时(通过主特权虚拟机(VM))保持对主机硬件的完全控制,将每个来宾OS作为系统进程运行。 XenServer和VMWare ESXi是Type-1的杰出现代示例。 近年来,“管理程序”一词的流行用法已经扩展到包括所有主机虚拟化技术,但是从前,它曾经仅用于描述Type-1系统。 涵盖所有类型的更笼统的术语最初是“虚拟机监视器”。 就这些天来人们一直使用“虚拟机监视器”一词而言,我怀疑他们在所有迭代中都表示“管理程序”。
Hosted hypervisors (Type-2) are themselves simply processes running on top of a normal operating system stack. Type-2 hypervisors (which include VirtualBox and, in some ways, KVM) abstract host system resources for guest operating systems, providing the illusion of a private hardware environment.
托管的虚拟机管理程序(类型2)本身只是在正常操作系统堆栈上运行的进程。 Type-2虚拟机管理程序(包括VirtualBox,并在某种程度上包括KVM)为来宾操作系统抽象主机系统资源,从而提供了专用硬件环境的错觉。
虚拟化:PV与HVM (Virtualization: PV vs HVM)
Virtual Machines (VMs) are fully virtualized. Or, in other words, they think they’re regular operating system deployments living happy lives on their own private hardware. Because they don’t need to interface with their environment any differently than a standalone OS, they can run with off-the-shelf unmodified software stacks. In the past, though, this compatibility came at a cost, as translating hardware signals through an emulation layer took extra time and cycles.
虚拟机(VM)已完全虚拟化。 换句话说,他们认为这是常规的操作系统部署,在自己的专用硬件上过着幸福的生活。 因为他们不需要与独立操作系统进行任何不同的接口来与环境交互,所以它们可以与现成的未修改软件堆栈一起运行。 但是,在过去,这种兼容性是要付出代价的,因为通过仿真层转换硬件信号要花费额外的时间和周期。
Paravirtual (PV) guests are, on the other hand, at least partially aware of their virtual environment, including the fact that they’re sharing hardware resources with other virtual machines. This awareness means that there’s no need for PV hosts to emulate storage and network hardware and makes efficient I/O drivers available. Historically, this has allowed PV hypervisors to achieve better performance for those operations requiring connectivity to hardware components.
另一方面,准虚拟(PV)来宾至少部分了解其虚拟环境,包括他们与其他虚拟机共享硬件资源这一事实。 这种认识意味着PV主机无需仿真存储和网络硬件,并可以使用有效的I / O驱动程序。 从历史上看,这使PV虚拟机管理程序可以为那些需要连接到硬件组件的操作实现更好的性能。
However, to provide guest access to a virtual Ring 0 (i.e., Ring -1), modern hardware platforms — and in particular Intel’s Ivy Bridge architecture — introduced a new library of CPU instruction sets that allowed Hardware Virtual Machine (HVM) virtualization to leapfrog past the trap-and-emulate bottleneck and take full advantage of hardware extensions and unmodified software kernel operations.
但是,为了向访客提供对虚拟Ring 0(即Ring -1)的访问权限,现代硬件平台(尤其是英特尔的Ivy Bridge架构)引入了新的CPU指令集库,从而使硬件虚拟机( HVM )虚拟化得以跨越克服了陷阱和仿真瓶颈,并充分利用了硬件扩展和未修改的软件内核操作。
The recent Intel technology, Extended Page Tables (EPT), can also significantly increase virtualization performance.
最新的英特尔技术扩展页表(EPT)也可以显着提高虚拟化性能。
Therefore, for most use cases, you will now find that HVM provides greater performance, portability, and compatibility.
因此,对于大多数用例,您现在会发现HVM提供了更高的性能,可移植性和兼容性。
硬件相容性 (Hardware Compatibility)
At least some virtualization features require hardware support — especially from the host’s CPU. Therefore you should make sure that your server has everything you’ll need for the task you’re going to give it. Most of what you’ll need to know is kept in the /proc/cpuinfo file and, in particular, in the “flags” section of each processor. Since there will be so many flags however, you’ll need to know what to look for.
至少某些虚拟化功能需要硬件支持,尤其是主机CPU的支持。 因此,您应该确保服务器具有要执行的任务所需的一切。 您需要了解的大多数信息都保存在/ proc / cpuinfo文件中,尤其是在每个处理器的“标志”部分中。 但是,由于会有很多标志,因此您需要知道要查找的内容。
Run
跑
$ grep flags /proc/cpuinfo
$ grep标志/ proc / cpuinfo
…to see what you’ve got under the hood.
…看看你的内幕。
容器虚拟化 (Container Virtualization)
As we’ve seen, a hypervisor VM is a complete operating system whose relationship to Core Four hardware resources is fully virtualized: it thinks it’s running on its own computer.
如我们所见,虚拟机管理程序VM是一个完整的操作系统,它与Core 4硬件资源的关系已完全虚拟化:它认为它在自己的计算机上运行。
A hypervisor installs a VM from the same ISO image you would download and use to install an operating system directly onto an empty physical hard drive.
系统管理程序将从与您下载的相同ISO映像安装VM,并用于将操作系统直接安装到空的物理硬盘驱动器上。
A container, on the other hand is, effectively, an application, launched from a script-like template, that thinks it’s an operating system. In container technologies (like LXC and Docker), containers are nothing more than software and resource (files, processes, users) abstractions that rely on the host kernel and a representation of the “core four” hardware resources (i.e, CPU, RAM, network and storage) for everything they do.
另一方面,容器实际上是从脚本样板启动的应用程序,该模板认为它是操作系统。 在容器技术(如LXC和Docker)中,容器不过是依赖于主机内核和“四个核心”硬件资源(即CPU,RAM,网络和存储)。
Of course, since containers are, effectively, isolated extensions of the host kernel, virtualizing Windows (or even older or newer Linux releases running incompatible versions of libc) on, say, an Ubuntu 16.04 host, is impossible. But the technology does allow for incredibly lightweight and versatile compute opportunities.
当然,由于容器实际上是主机内核的隔离扩展,因此不可能在例如Ubuntu 16.04主机上虚拟化Windows(甚至运行不兼容版本的libc的旧版本或更新版本的Linux)。 但是该技术确实提供了难以置信的轻巧和多功能的计算机会。
移民 (Migration)
The virtualization model also permits a very wide range of migration, backup, and cloning operations — even from running systems (V2V). Since the software resources that define and drive a virtual machine are so easily identified, it usually doesn’t take too much effort to duplicate whole server environments in multiple locations and for multiple purposes.
虚拟化模型还允许进行非常广泛的迁移,备份和克隆操作,甚至可以从正在运行的系统(V2V)中进行。 由于定义和驱动虚拟机的软件资源非常容易识别,因此在多个位置并出于多种目的复制整个服务器环境通常不需要花费太多精力。
Sometimes it’s no more complicated than creating an archive of a virtual file system on one host, unpacking it within the same path on a different host, checking the basic network settings, and firing it up. Most platforms, offer a single command line operation to move guests between hosts.
有时,它并不比在一个主机上创建虚拟文件系统的存档,在不同主机上的相同路径中解压缩文件,检查基本网络设置并启动它更为复杂。 大多数平台都提供单个命令行操作,以在主机之间移动来宾。
Migrating deployments from physical servers to virtualized environments (P2V) can sometimes be a bit more tricky. Even creating a cloned image of a simple physical server and importing it into an empty VM can involve some complexity. And once that’s done, you may still need to make considerable adjustments to the design to take full advantage of all the functionality the virtualization has to offer. Depending on the operating system that you are migrating, you might also need to incorporate paravirtualized drivers into the process to allow the OS to run properly in its new home.
将部署从物理服务器迁移到虚拟环境(P2V)有时会比较棘手。 即使创建简单物理服务器的克隆映像并将其导入到空VM中也可能涉及一些复杂性。 一旦完成,您可能仍需要对设计进行重大调整,以充分利用虚拟化所提供的所有功能。 根据要迁移的操作系统,您可能还需要将半虚拟化驱动程序合并到进程中,以使OS能够在新家中正常运行。
As with everything else in server management: carefully plan ahead.
与服务器管理中的所有其他内容一样,请仔细计划。
Excerpted from my book: Teach Yourself Linux Virtualization and High Availability: prepare for the LPIC-3 304 certification exam.
摘自我的书: 自学Linux虚拟化和高可用性:为LPIC-3 304认证考试做准备 。
Interested in learning to deploy practical Linux admin projects? Check out my Manning book, Linux in Action.
有兴趣学习部署实用的Linux管理项目吗? 查阅我的Manning书《 Linux in Action》 。
Or, you can try a hybrid course called Linux in Motion that’s made up of more than two hours of video and around 40% of the text of Linux in Action.
或者,您可以尝试一个名为 Linux in Motion 的混合课程,该课程 由两个多小时的视频和大约40%的Linux in Action文本组成。
翻译自: https://www.freecodecamp.org/news/linux-server-virtualization-the-basics/
linux基础命令虚拟机
扫一扫
2461
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
