kvm部署
环境说明:
| 系统类型 | IP |
|---|---|
| RHEL8 | 192.168.236.131 |
kvm安装
部署前请确保你的CPU虚拟化功能已开启。分为两种情况:
虚拟机要关机设置CPU虚拟化
物理机要在BIOS里开启CPU虚拟化
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
//关闭防火墙和seliunx
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@localhost ~]# reboot
//验证CPU是否支持KVM;如果结果中有vmx(Intel)或svm(AMD)字样,就说明CPU的支持的
[root@localhost ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx
vmx
vmx
//安装工具
[root@localhost ]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
//kvm安装
[root@localhost ~]# yum -y install qemu-kvm qemu-img virt-manager libvirt libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
[root@localhost ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/bridge-utils-1.5-9.el7.x86_64.rpm
[root@localhost ~]# yum -y localinstall libvirt-python-4.5.0-1.el7.x86_64.rpm
[root@localhost ~]# wget http://mirror.centos.org/centos/7/updates/x86_64/Packages/qemu-kvm-tools-1.5.3-175.el7_9.1.x86_64.rpm
[root@localhost ~]# rpm -ih --nodeps qemu-kvm-tools-1.5.3-175.el7_9.1.x86_64.rpm
warning: qemu-kvm-tools-1.5.3-175.el7_9.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
################################# [100%]
################################# [100%]
file /usr/bin/kvm_stat from install of qemu-kvm-tools-10:1.5.3-175.el7_9.1.x86_64 conflicts with file from package kernel-tools-4.18.0-193.el8.x86_64
[root@localhost ~]# yum -y install python2-devel
//因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把 \
KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部 \
其他服务器处于同一网段
[root@localhost network-scripts]# cp ifcfg-ens160 ifcfg-br0
[root@localhost network-scripts]# ls
ifcfg-br0 ifcfg-ens160
[root@localhost network-scripts]# vi ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.236.131
NETMASK=255.255.255.0
GATEWAY=192.168.236.2
DNS1=114.114.114.114
[root@localhost network-scripts]# vi ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=static
NAME=ens160
DEVICE=ens160
ONBOOT=yes
BRIDGE=br0
[root@localhost ~]# ifdown br0;ifup br0
[root@localhost ~]# ifdown ens160;ifup ens160
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether 00:0c:29:54:83:50 brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:54:83:50 brd ff:ff:ff:ff:ff:ff
inet 192.168.236.131/24 brd 192.168.236.255 scope global noprefixroute br0
valid_lft forever preferred_lft forever
inet6 fe80::780e:d0ff:fe1d:3b18/64 scope link
valid_lft forever preferred_lft forever
//启动服务
[root@localhost ~]# systemctl start libvirtd
[root@localhost ~]# systemctl enable libvirtd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:111 [::]:*
//验证安装结果
[root@localhost ~]# lsmod |grep kvm
kvm_intel 294912 0
kvm 786432 1 kvm_intel
irqbypass 16384 1 kvm
[root@localhost ~]# virsh --version
4.5.0
[root@localhost ~]# virt-install --version
2.2.1
[root@localhost ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
//查看网桥信息
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c29548350 no ens160
kvm web管理界面安装
kvm 的 web 管理界面是由 webvirtmgr 程序提供的。
[root@localhost ~]# yum -y install git nginx python2-devel
[root@localhost ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libxml2-python-2.9.1-6.el7.5.x86_64.rpm
[root@localhost ~]# rpm -ivh --nodeps libxml2-python-2.9.1-6.el7.5.x86_64.rpm
[root@localhost ~]# wget https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/p/python-websockify-0.6.0-2.el7.noarch.rpm
[root@localhost ~]# rpm -ivh --nodeps supervisor-3.4.0-1.el7.noarch.rpm
[root@localhost ~]# yum -y install git libxml2-python supervisor nginx python2-devel
//升级pip
[root@localhost ~]# pip2 install --upgrade pip
//从github上下载webvirtmgr代码
[root@localhost src]# git clone git://github.com/retspen/webvirtmgr.git
//备份
[root@localhost src]# cp -r webvirtmgr{,-bak}
[root@localhost src]# ls
debug kernels webvirtmgr webvirtmgr-bak
//安装webvirtmgr
[root@localhost webvirtmgr]# pip -V
pip 20.3 from /usr/lib/python2.7/site-packages/pip (python 2.7)
[root@localhost webvirtmgr]# pip install -r requirements.txt
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Collecting django==1.5.5
Downloading Django-1.5.5.tar.gz (8.1 MB)
|████████████████████████████████| 8.1 MB 22 kB/s
//检查sqlite3是否安装
[root@localhost webvirtmgr]# python2
Python 2.7.17 (default, Jun 5 2020, 03:38:32)
[GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
//初始化帐号信息
[root@localhost webvirtmgr]# python2 manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'root'): root
Email address: 1@2.com
Password:
Password (again):
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
//拷贝web网页至指定目录
root@localhost ~]# mkdir /var/www
[root@localhost ~]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@localhost ~]# chown -R nginx.nginx /var/www/webvirtmgr/
//生成密钥
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:YjppszRkTfAn58Tg4o8mg16OadN1ku0kCfn5awGPHq8 root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| . . |
| + o |
| o = = |
| + = * |
| * % S |
| . o ^ B |
|. +.& @ . |
|.o=B * = |
|.+...Eo.. |
+----[SHA256]-----+
//由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个是它的ip
[root@localhost ~]# ssh-copy-id 192.168.236.131
//映射
[root@localhost ~]# ssh 192.168.236.131 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
Last login: Tue Dec 1 14:11:46 2020 from 192.168.236.1
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:5355 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6080 0.0.0.0:*
LISTEN 0 128 127.0.0.1:8000 0.0.0.0:*
LISTEN 0 128 [::]:5355 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::1]:6080 [::]:*
LISTEN 0 128 [::1]:8000 [::]:*
//配置nginx
[root@localhost ~]# vi /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
[root@localhost ~]# vim /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
bind = ‘0.0.0.0:8000’
backlog = 2048
//设置supervisor
[root@kvm ~]# vim /etc/supervisord.conf
cat >> /etc/supervisord.conf <<'EOF'
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
EOF
//确保bind绑定的是本机的8000端口
[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
......
bind = '0.0.0.0:8000'
backlog = 2048
......
//重启nginx
[root@localhost ~]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:5355 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6080 0.0.0.0:*
LISTEN 0 128 127.0.0.1:8000 0.0.0.0:*
LISTEN 0 128 [::]:5355 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::1]:6080 [::]:*
LISTEN 0 128 [::1]:8000 [::]:*
[root@localhost ~]#
//设置supervisor
[root@localhost ~]# cat >> /etc/supervisord.conf <<EOF
...... 文件最后面添加以下内容
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
[root@localhost ~]# su - nginx -s /bin/bash
Last login: Tue Dec 1 17:28:58 CST 2020 on pts/0
[nginx@localhost ~]$
[nginx@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:v+eeP5UEkM90aj3NDPktbMqV1HnqcbCZIoQF3a3KqQs nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| .=.oo. o.|
| . o..o*oo|
| . ++=%+|
| . o=%+B|
| S. =.*.+o|
| .+ o ...|
| E .. . |
| .. .... |
| ...++... |
+----[SHA256]-----+
[nginx@localhost ~]$
nginx@localhost ~]$ cd .ssh
[nginx@localhost .ssh]$ touch config
[nginx@localhost .ssh]$ cat config
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
[nginx@localhost .ssh]$ ssh-copy-id root@192.168.236.131
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR: Bad owner or permissions on /var/lib/nginx/.ssh/config
kvm web界面管理
通过ip地址在浏览器上访问kvm
kvm连接管理
创建SSH连接:
0)
kvm存储管理
创建存储
2005
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
