通过vnc来对kvm进行远程管理
大家经过上面的章节是不是已经发现问题了,就是服务器在机房,我如果想要xshell远程的话,打开图形界面的时候我还得跑到机房去,是不是很不方便,生产环境中,我们需要可以远程界面模式,不可能天天坐在服务器面前,当然你也可以选择xshell+xmanager这个组合,但是呢我推荐哈,还是用vnc,因为这个安装部署比较方便
第一、安装部署VNC服务端组件
[root@localhost ~]# rpm -qa | grep vnc #查看当前是否已经安装vnc相应的包,缺少一个tigervnc-server的包
gvnc-0.7.0-3.el7.x86_64
tigervnc-license-1.8.0-5.el7.noarch
gtk-vnc2-0.7.0-3.el7.x86_64
tigervnc-server-minimal-1.8.0-5.el7.x86_64
[root@localhost ~]# yum -y install tigervnc-server #yum直接安装tigervnc-server包
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.huaweicloud.com
* extras: mirrors.huaweicloud.com
* updates: mirrors.huaweicloud.com
Resolving Dependencies
--> Running transaction check
---> Package tigervnc-server.x86_64 0:1.8.0-22.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================
Installing:
tigervnc-server x86_64 1.8.0-22.el7 updates 211 k
Transaction Summary
=================================================================================================================================================
Install 1 Package
Total download size: 211 k
Installed size: 498 k
Downloading packages:
tigervnc-server-1.8.0-22.el7.x86_64.rpm | 211 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : tigervnc-server-1.8.0-22.el7.x86_64 1/1
Verifying : tigervnc-server-1.8.0-22.el7.x86_64 1/1
Installed:
tigervnc-server.x86_64 0:1.8.0-22.el7
Complete!
[root@localhost ~]# rpm -qa | grep vnc #再次查看对应的包是否安装上
gvnc-0.7.0-3.el7.x86_64
tigervnc-license-1.8.0-5.el7.noarch
gtk-vnc2-0.7.0-3.el7.x86_64
tigervnc-server-minimal-1.8.0-5.el7.x86_64
tigervnc-server-1.8.0-22.el7.x86_64 #已经安装成功
[root@localhost ~]# rpm -qc tigervnc-server #查看vnc的配置文件位置
/etc/sysconfig/vncservers
[root@localhost ~]# cat /etc/sysconfig/vncservers #配置文件by别的位置
# THIS FILE HAS BEEN REPLACED BY /lib/systemd/system/vncserver@.service
[root@localhost ~]# cat /lib/systemd/system/vncserver@.service #查看配置文件
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
# 2. Replace <USER> with the actual user name and edit vncserver
# parameters in the wrapper script located in /usr/bin/vncserver_wrapper
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=simple
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver_wrapper <USER> %i
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
[Install]
WantedBy=multi-user.target
[root@localhost ~]# cp /usr/lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@.service #复制配置文件
[root@localhost ~]# vim /etc/systemd/system/vncserver@.service #总共修改三处
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
# 2. Replace <USER> with the actual user name and edit vncserver
# parameters in the wrapper script located in /usr/bin/vncserver_wrapper
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking #简单模式修改成forking
User=root #添加这一行
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver_wrapper root %i #这里的<USER>改成相应的系统用户名,这里用root.
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
[Install]
WantedBy=multi-user.target
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# vncpasswd #为vnc配置密码,输入密码直接回车
Password:
Verify:
Would you like to enter a view-only password (y/n)? n #系统将提示您输入并确认密码,以及是否将其设置为仅查看密码。 如果您选择
A view-only password is not used
[root@localhost ~]# vncserver
New 'localhost.localdomain:1 (root)' desktop is localhost.localdomain:1
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:1.log
[root@localhost ~]# vncserver -version #查看vnc的版本
WARNING: The first attempt to start Xvnc failed, possibly because the font
catalog is not properly configured. Attempting to determine an appropriate
font path for this system and restart Xvnc using that font path ...
Could not start Xvnc.
Xvnc TigerVNC 1.8.0 - built Apr 11 2018 06:06:57
Copyright (C) 1999-2017 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.
Underlying X server release 11903000, The X.Org Foundation
Xvnc TigerVNC 1.8.0 - built Apr 11 2018 06:06:57
Copyright (C) 1999-2017 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.
Underlying X server release 11903000, The X.Org Foundation
[root@localhost ~]# which vncserver #查看启动命令
/usr/bin/vncserver
[root@localhost ~]# vncserver #启动vnc,如果可以加入到开机自启动里面,自行百度
New 'localhost.localdomain:2 (root)' desktop is localhost.localdomain:2
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:2.log
[root@localhost ~]# ss -antup | grep vnc #查看vnc进程是否存在。5901是vnc的端口好 ,第一次开启服务没有这么多进程
tcp LISTEN 0 5 *:5901 *:* users:(("Xvnc",pid=2180,fd=9))
tcp LISTEN 0 5 *:5902 *:* users:(("Xvnc",pid=4309,fd=9))
tcp LISTEN 0 128 *:6001 *:* users:(("Xvnc",pid=2180,fd=6))
tcp LISTEN 0 128 *:6002 *:* users:(("Xvnc",pid=4309,fd=6))
tcp LISTEN 0 5 :::5901 :::* users:(("Xvnc",pid=2180,fd=10))
tcp LISTEN 0 5 :::5902 :::* users:(("Xvnc",pid=4309,fd=10))
tcp LISTEN 0 128 :::6001 :::* users:(("Xvnc",pid=2180,fd=5))
tcp LISTEN 0 128 :::6002 :::* users:(("Xvnc",pid=4309,fd=5))
[root@localhost ~]#
VNC访问默认监听如下3个TCP端口:
RFB(Remote FrameBuffer)协议 默认端口 : 5900+显示器号
HTTP协议默认端口 : 5800+显示器号
X协议 默认端口 : 6000+显示器号
第二,安装部署宿主机上的客户端。
安装相对来说比较简单,只要看提示下一步即可。这里我只提供程序下载地址含激活码
链接:https://pan.baidu.com/s/19edlN51vqkqeaeRauvrX1A
提取码:qbz3
复制这段内容后打开百度网盘手机App,操作更方便哦
依次是file------new connect
这里的192.168.100.128:1,后面的这个1代表的是5901端口,如果是2就代表着5902端口,以此类推
出现这个问题,多半是selinux没有关,和防火墙规则导致的
第三、进行防火墙配置。
[root@localhost ~]# getenforce #查看selinux是状态
Permissive #代表开启状态
[root@localhost ~]# vim /etc/sysconfig/selinux #永久关闭selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled #将这里改为disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# reboot #重启服务器,使配置生效
Connection closed by foreign host.
Disconnected from remote host(192.168.100.129:22) at 10:42:32.
[root@localhost ~]# getenforce #再次查看selinux状态
Disabled #关闭状态
[root@localhost ~]# ss -antup | grep vnc #发现没有进程在
[root@localhost ~]# vncserver #开启vnc服务
New 'localhost.localdomain:1 (root)' desktop is localhost.localdomain:1
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:1.log
[root@localhost ~]# ss -antup | grep vnc
tcp LISTEN 0 5 *:5901 *:* users:(("Xvnc",pid=1797,fd=9))
tcp LISTEN 0 128 *:6001 *:* users:(("Xvnc",pid=1797,fd=6))
tcp LISTEN 0 5 :::5901 :::* users:(("Xvnc",pid=1797,fd=10))
tcp LISTEN 0 128 :::6001 :::* users:(("Xvnc",pid=1797,fd=5))
[root@localhost ~]# firewall-cmd --permanent --add-service vnc-server #将vnc-server添加到防火墙中
success
[root@localhost ~]# firewall-cmd --reload #重启防火墙
success
第四、尝试vnc连接虚拟机。
***** 注意,第一次连接vnc可能会很卡,可以尝试重启服务端的vnc服务尝试解决下,画质可以在选项里面设置*******
-------------------------------------------------------------------为了抽包好烟,加油----------------------------------------
本章vnc连接成功,下一章:kvm实战之存储相关设置(六)