####################3.日志分析工具journal####################
systemd-journald            ##进程名称

####################
[root@localhost ~]# cd /root/Desktop/
[root@localhost Desktop]# ps aux |grep journald
root       365  0.2  0.2  41164  2608 ?        Ss   21:29   0:00 /usr/lib/systemd/systemd-journald
root      2953  0.0  0.0 112644   948 pts/1    S+   21:36   0:00 grep --color=auto journald
进程名称为"systemd-journald"
####################

journalctl                ##直接执行,浏览系统日志(忽略重启前的日志信息)
journalctl -n 3                ##显示最新3条
journalctl -p err            ##显示报错
journalctl -f                ##监控日志,类似于"tail -f /var/log/messages"
journalctl --since --until        ##--since "[YYYY-MM-DD] [hh:mm:ss]" 从什么时间到什么时间的日志
journalctl -o verbose            ##显示日志能够使用的详细进程参数
journalctl _SYSTEMD_UNIT=sshd.service    ##显示服务名称为"sshd.service"的信息
journalctl _PID=1182            ##显示进程pid为"1182"的信息
journalctl _UID=0            ##显示进程uid为"0"的信息
journalctl _GID=0            ##显示进程gid为"0"的信息
journalctl _HOSTNAME=localhost        ##显示进程所在主机为"localhost"的信息
journalctl _COMM=sshd            ##显示命令名称为"sshd"的信息

####################
[root@localhost Desktop]# journalctl -n 5
-- Logs begin at Wed 2016-10-19 22:03:05 EDT, end at Wed 2016-10-19 22:05:40 EDT
Oct 19 22:05:40 localhost sshd[1670]: Received signal 15; terminating.
Oct 19 22:05:40 localhost systemd[1]: Starting OpenSSH server daemon...
Oct 19 22:05:40 localhost systemd[1]: Started OpenSSH server daemon.
Oct 19 22:05:40 localhost sshd[1678]: Server listening on 0.0.0.0 port 22.
Oct 19 22:05:40 localhost sshd[1678]: Server listening on :: port 22.
ines 1-6/6 (END)
[root@localhost Desktop]# journalctl -p err
-- Logs begin at Wed 2016-10-19 22:03:05 EDT, end at Wed 2016-10-19 22:05:40 EDT
Oct 19 22:03:05 localhost kernel: Failed to access perfctr msr (MSR c1 is 0)
Oct 19 22:03:06 localhost rpcbind[169]: rpcbind terminating on signal. Restart w
Oct 19 22:03:10 localhost smartd[505]: Problem creating device name scan list
Oct 19 22:03:10 localhost smartd[505]: In the system's table of devices NO devic
Oct 19 22:03:16 localhost systemd[1]: Failed to start LSB: Starts the Spacewalk
Oct 19 22:03:16 localhost systemd[1]: Failed to start /etc/rc.d/rc.local Compati
Oct 19 22:03:17 localhost libvirtd[1221]: libvirt version: 1.1.1, package: 29.el
Oct 19 22:03:17 localhost libvirtd[1221]: Module /usr/lib64/libvirt/connection-d
lines 1-9/9 (END)
[root@localhost Desktop]# journalctl -f            ##列出最新10条记录,并持续监控
-- Logs begin at Wed 2016-10-19 22:03:05 EDT. --
Oct 19 22:11:10 localhost sshd[2758]: Server listening on :: port 22.
Oct 19 22:11:44 localhost systemd[1]: Stopping System Logging Service...
Oct 19 22:11:44 localhost systemd[1]: Starting System Logging Service...
Oct 19 22:11:44 localhost systemd[1]: Started System Logging Service.
Oct 19 22:12:04 localhost systemd[1]: Stopping OpenSSH server daemon...
Oct 19 22:12:04 localhost sshd[2758]: Received signal 15; terminating.
Oct 19 22:12:04 localhost systemd[1]: Starting OpenSSH server daemon...
Oct 19 22:12:04 localhost systemd[1]: Started OpenSSH server daemon.
Oct 19 22:12:04 localhost sshd[2804]: Server listening on 0.0.0.0 port 22.
Oct 19 22:12:04 localhost sshd[2804]: Server listening on :: port 22.
>>>>>持续监控>>>>>
[root@localhost Desktop]# journalctl --since "2016-10-19 22:12:00" --until "2016-10-19 22:13:00"
-- Logs begin at Wed 2016-10-19 22:03:05 EDT, end at Wed 2016-10-19 22:20:01 EDT
Oct 19 22:12:04 localhost systemd[1]: Stopping OpenSSH server daemon...
Oct 19 22:12:04 localhost sshd[2758]: Received signal 15; terminating.
Oct 19 22:12:04 localhost systemd[1]: Starting OpenSSH server daemon...
Oct 19 22:12:04 localhost systemd[1]: Started OpenSSH server daemon.
Oct 19 22:12:04 localhost sshd[2804]: Server listening on 0.0.0.0 port 22.
Oct 19 22:12:04 localhost sshd[2804]: Server listening on :: port 22.
lines 1-7/7 (END)
[root@localhost Desktop]# ps aux |grep sshd
root      1379  0.0  0.4 135680  4884 ?        Ss   22:03   0:00 sshd: root@pts/0
root      3025  0.0  0.3  82956  3532 ?        Ss   22:29   0:00 /usr/sbin/sshd -D
root      3112  0.0  0.0 112644   944 pts/0    S+   22:35   0:00 grep --color=auto sshd
[root@localhost Desktop]# systemctl status sshd.service
sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
   Active: active (running) since Wed 2016-10-19 22:29:12 EDT; 6min ago
  Process: 3024 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS)
 Main PID: 3025 (sshd)
   CGroup: /system.slice/sshd.service
           └─3025 /usr/sbin/sshd -D

Oct 19 22:29:12 localhost systemd[1]: Starting OpenSSH server daemon...
Oct 19 22:29:12 localhost systemd[1]: Started OpenSSH server daemon.
Oct 19 22:29:12 localhost sshd[3025]: Server listening on 0.0.0.0 port 22.
Oct 19 22:29:12 localhost sshd[3025]: Server listening on :: port 22.
[root@localhost Desktop]# journalctl -o verbose
------------------------------------------------------------
/3025
按"n"向下查找,可以查找到与"3025"相关的内容
比如:
    MESSAGE=Server listening on :: port 22.
    SYSLOG_PID=3025
    _PID=3025
    _SOURCE_REALTIME_TIMESTAMP=1476930552046485
按"q"退出
------------------------------------------------------------
[root@localhost Desktop]# journalctl _PID=3025 _COMM=sshd _HOSTNAME=localhost
-- Logs begin at Wed 2016-10-19 22:03:05 EDT, end at Wed 2016-10-19 22:50:01 EDT
Oct 19 22:29:12 localhost sshd[3025]: Server listening on 0.0.0.0 port 22.
Oct 19 22:29:12 localhost sshd[3025]: Server listening on :: port 22.
lines 1-3/3 (END)
####################

对systemd-journald管理
##默认情况下此程序会忽略重启前的日志信息,如不忽略:
mkdir /var/log/journal
chown root:systemd-journal /var/log/journal
chmod 2755 /var/log/journal
killall -1 systemd-journal        ##进程初始化
ls /var/log/journal/4513ad59a3b442ffa4b7ea88343fa55f
system.journal user-1000.journal

####################
com和command的区别:
[root@localhost Desktop]# ps ax -o comm,command | grep journal
systemd-journal /usr/lib/systemd/systemd-journald
grep            grep --color=auto journald
comm = systemd-journal
command = /usr/lib/systemd/systemd-journald

[root@localhost Desktop]# mkdir /var/log/journal
[root@localhost Desktop]# ls -ld /var/log/journal
drwxr-xr-x. 2 root root 6 Oct 17 05:39 /var/log/journal
[root@localhost Desktop]# cat /etc/group | grep journal
systemd-journal:x:190:
[root@localhost Desktop]# chown root:systemd-journal /var/log/journal
[root@localhost Desktop]# chmod 2755 /var/log/journal
[root@localhost Desktop]# ls -ld /var/log/journal
drwxr-sr-x. 2 root systemd-journal 6 Oct 17 05:39 /var/log/journal
[root@localhost Desktop]# killall -1 systemd-journald
[root@localhost Desktop]# date
Mon Oct 17 05:42:57 EDT 2016
[root@localhost Desktop]# ll /var/log/journal
total 0
drwxr-sr-x. 2 root systemd-journal 27 Oct 17 05:42 946cb0e817ea4adb916183df8c4fc817
[root@localhost Desktop]# ls /var/log/journal/946cb0e817ea4adb916183df8c4fc817/
system.journal
[root@localhost Desktop]# reboot
==========等待虚拟机重启==========
[root@localhost Desktop]# journalctl
-- Logs begin at Mon 2016-10-17 05:42:50 EDT, end at Mon 2016-10-17 05:49:16 EDT
Oct 17 05:42:50 localhost systemd-journal[31294]: Permanent journal is using 8.0
Oct 17 05:42:50 localhost systemd-journal[31294]: Journal started
Oct 17 05:42:50 localhost systemd[1]: Starting Trigger Flushing of Journal to Pe
Oct 17 05:42:50 localhost systemd[1]: systemd-journald.service: main process exi
Oct 17 05:42:50 localhost systemd[1]: Unit systemd-journald.service entered fail
Oct 17 05:42:50 localhost systemd[1]: Started Trigger Flushing of Journal to Per
Oct 17 05:47:01 localhost anacron[2279]: Job `cron.weekly' started
Oct 17 05:47:01 localhost anacron[2279]: Job `cron.weekly' terminated
Oct 17 05:47:27 localhost systemd[1]: Stopping Session 4 of user root.
Oct 17 05:47:27 localhost systemd[1]: Stopping Session 3 of user root.
Oct 17 05:47:27 localhost systemd[1]: Stopping Session 1 of user root.
......
##日志从05:42:50开始记录,这个时间是重启前的时间
[root@localhost Desktop]# ls /var/log/journal/946cb0e817ea4adb916183df8c4fc817/
system.journal  user-42.journal
####################

###############################
#######    15.系统虚拟机管理    #######
###############################

####################
使用虚拟化软件必须在BIOS里面打开虚拟化功能
有的主机BIOS里面不开放虚拟化,也没有完全虚拟化功能

qemu-kvm    ##虚拟化硬件
qemu-img    ##虚拟化存储

Linux自带的虚拟化软件叫KVM

virt-manager    ##打开虚拟系统管理器
####################

####################
man virt-install
/EXAMPLES
按"n"向下查找,找到如下说明:
       Run a Live CD p_w_picpath under Xen fullyvirt, in diskless environment

         # virt-install \
              --hvm \
              --name demo \
              --memory 500 \
              --disks none \
              --livecd \
              --graphics vnc \
              --cdrom /root/fedora7live.iso            ##需要的信息
####################

####################1.安装####################
vim vmcreate
----------------------------------------------------------------------
#!/bin/bash                    ##命令运行环境的指定
virt-install \                    ##安装虚拟机
> --name $1 \                    ##虚拟机名称指定,$1表示脚本后的第一串字符
> --ram 1000 \                    ##内存
> --file /var/lib/libvirt/p_w_picpaths/$1.img \    ##硬盘文件
> --file-size 8 \                ##硬盘文件大小
> --cdrom /home/kiosk/Desktop/rhel-server-7.1-x86_64-dvd.iso &        ##安装源指定
----------------------------------------------------------------------
"#!"这个是固定格式
"\"表示换行
"$1"表示脚本后面跟的第一个参数
"&"打入后台

chmod u+x vmcreate
mv vmcreate /usr/local/bin/
vmcreate hello        ##"hello"是虚拟机名称,注意:切换到root用户下执行

实验发现:
使用命令创建的虚拟机存储的格式是img
使用virt-manager创建的虚拟机存储的格式是qcow2

####################2.管理####################
virt-manager            ##开启图形管理工具
virt-view vmname        ##显示虚拟机,vmname表示虚拟机名称
virsh list            ##列出正在运行的vm
virsh list --all        ##列出所有vm
virsh start vmname        ##运行指定vm
virsh shutdown vmname        ##正常指定关闭vm,可以被忽略(比如开机后没有登陆,就不能shutdown)
virsh destroy vmname        ##强行结束指定vm,不能被忽略
virsh create vmname.xml        ##临时恢复指定vm,vmname表示前端管理文件
virsh define vmname.xml        ##永久恢复vm
virsh undefine vmname        ##删除vm的前端管理,不会删除存储

####################
rhel7.1.xml    ##虚拟机前端管理
rhel7.1.img    ##虚拟机存储

[root@foundation50 Desktop]# ll /etc/libvirt/qemu/
total 24
-rw-------. 1 root root 2488 Oct 17 16:56 desktop.xml
drwx------. 3 root root   40 Sep 11 09:13 networks
-rw-------. 1 root root 4259 Oct 20 15:05 rhel6.5.xml
-rw-------. 1 root root 4263 Oct 20 13:06 rhel7.1.xml
-rw-------. 1 root root 2536 Oct 17 16:55 server.xml
[root@foundation50 Desktop]# cp -p /etc/libvirt/qemu/rhel7.1.xml /mnt/    ##"-p"复制权限
[root@foundation50 Desktop]# ll /mnt
total 28
-rw-r--r--. 1 root root 18928 Sep 17 14:21 foundation-config-7.0-1.r26059.x86_64.rpm
-rw-------. 1 root root  4263 Oct 20 13:06 rhel7.1.xml
[root@foundation50 Desktop]# ls /var/lib/libvirt/p_w_picpaths/    ##"/var"下存放的是系统数据
rh124-desktop-vda.ovl    rh124-desktop-vdb.qcow2  rh124-server-vda.qcow2  rh124-server.xml
rh124-desktop-vda.qcow2  rh124-desktop.xml        rh124-server-vdb.ovl    rhel6.5.qcow2
rh124-desktop-vdb.ovl    rh124-server-vda.ovl     rh124-server-vdb.qcow2  rhel7.1.img
[root@foundation50 Desktop]# mv /var/lib/libvirt/p_w_picpaths/rhel7.1.img /mnt/
[root@foundation50 Desktop]# ls /mnt/
foundation-config-7.0-1.r26059.x86_64.rpm  rhel7.1.img  rhel7.1.xml
[root@foundation50 Desktop]# virt-manager
手动删除虚拟机"rhel7.1"的前端管理。由于"rhel7.1.img"已经被移走,Storage已经不存在
现在开始恢复:
[root@foundation50 Desktop]# vim /mnt/rhel7.1.xml
------------------------------------------------------------
 41       <source file='/var/lib/libvirt/p_w_picpaths/rhel7.1.img'/>
------------------------------------------------------------
[root@foundation50 Desktop]# mv /mnt/rhel7.1.img /var/lib/libvirt/p_w_picpaths/
[root@foundation50 Desktop]# ls /var/lib/libvirt/p_w_picpaths/
rh124-desktop-vda.ovl    rh124-desktop-vdb.qcow2  rh124-server-vda.qcow2  rh124-server.xml
rh124-desktop-vda.qcow2  rh124-desktop.xml        rh124-server-vdb.ovl    rhel6.5.qcow2
rh124-desktop-vdb.ovl    rh124-server-vda.ovl     rh124-server-vdb.qcow2  rhel7.1.img
[root@foundation50 Desktop]# virsh create /mnt/rhel7.1.xml
Domain rhel7.1 created from /mnt/rhel7.1.xml

[root@foundation50 Desktop]# ls /etc/libvirt/qemu/
desktop.xml  networks  rhel6.5.xml  server.xml            ##只是临时开启,并没有恢复前端管理
[root@foundation50 Desktop]# virsh define /mnt/rhel7.1.xml
Domain rhel7.1 defined from /mnt/rhel7.1.xml

[root@foundation50 Desktop]# ls /etc/libvirt/qemu/
desktop.xml  networks  rhel6.5.xml  rhel7.1.xml  server.xml    ##前端管理已经恢复
[root@foundation50 Desktop]# virsh undefine rhel7.1
Domain rhel7.1 has been undefined

[root@foundation50 Desktop]# ls /etc/libvirt/qemu/
desktop.xml  networks  rhel6.5.xml  server.xml            ##前端管理再次被删除

如果找不到文件的路径,可以使用以下命令进行查找:
[root@foundation50 Desktop]# find / -name rhel7.1.xml
/etc/libvirt/qemu/rhel7.1.xml
[root@foundation50 Desktop]# find / -name rhel7.1.img
/var/lib/libvirt/p_w_picpaths/rhel7.1.img
####################

如果前端管理被删除,光剩下Storage,就只能在管理器里指定硬盘来恢复
步骤如下:
Create a new virtual machine
-->Import existing disk p_w_picpath-->Forward
-->Provide the existing storage path-->(略)......

####################3.虚拟机快照####################
qemu-img create -f qcow2 -b vm1.qcow2 node1.qcow2    ##创建快照"node1.qcow2"
注意:创建的是快照,而不是复制一个Storage出来

####################
[root@foundation50 Desktop]# cd /var/lib/libvirt/p_w_picpaths/
[root@foundation50 p_w_picpaths]# ls
rh124-desktop-vda.ovl    rh124-desktop.xml       rh124-server-vdb.qcow2
rh124-desktop-vda.qcow2  rh124-server-vda.ovl    rh124-server.xml
rh124-desktop-vdb.ovl    rh124-server-vda.qcow2  rhel6.5.qcow2
rh124-desktop-vdb.qcow2  rh124-server-vdb.ovl    rhel7.1.img
[root@foundation50 p_w_picpaths]# file rhel7.1.img
rhel7.1.img: QEMU QCOW Image (v3), 8589934592 bytes        ##格式"QCOW"即"qcow2"
[root@foundation50 p_w_picpaths]# qemu-img create -f qcow2 -b rhel7.1.img westos.img
Formatting 'westos.img', fmt=qcow2 size=8589934592 backing_file='rhel7.1.img' encryption=off cluster_size=65536 lazy_refcounts=off
[root@foundation50 p_w_picpaths]# ll rhel7.1.img
-rw-------. 1 root root 8591507456 Oct 20 17:43 rhel7.1.img
[root@foundation50 p_w_picpaths]# du -sh rhel7.1.img
3.3G    rhel7.1.img
[root@foundation50 p_w_picpaths]# ll westos.img
-rw-r--r--. 1 root root 197120 Oct 21 09:30 westos.img
[root@foundation50 p_w_picpaths]# du -sh westos.img
196K    westos.img                        ##快照仅196K
[root@foundation50 Desktop]# virt-manager
在管理器里指定硬盘加载"westos.img"进行开机启动
[root@foundation50 p_w_picpaths]# du -sh westos.img
4.2M    westos.img
[root@foundation50 p_w_picpaths]# du -sh westos.img
8.2M    westos.img
[root@foundation50 p_w_picpaths]# du -sh westos.img
17M    westos.img                        ##随着开机的进行,快照越来越大
假如虚拟机出现故障,比如执行如下操作:
rm -fr /etc/
重启后,发现虚拟机启不起来
不需要操作前端管理
直接删除"westos.img",重新创建快照
[root@foundation50 p_w_picpaths]# rm -fr westos.img
[root@foundation50 p_w_picpaths]# qemu-img create -f qcow2 -b rhel7.1.img westos.img
Formatting 'westos.img', fmt=qcow2 size=8589934592 backing_file='rhel7.1.img' encryption=off cluster_size=65536 lazy_refcounts=off

实验发现:
[root@foundation50 p_w_picpaths]# qemu-img create -f qcow2 -b westos.img linux.img
Formatting 'linux.img', fmt=qcow2 size=8589934592 backing_file='westos.img' encryption=off cluster_size=65536 lazy_refcounts=off
[root@foundation50 p_w_picpaths]# qemu-img create -f qcow2 -b linux.img linux1.img
Formatting 'linux1.img', fmt=qcow2 size=8589934592 backing_file='linux.img' encryption=off cluster_size=65536 lazy_refcounts=off
[root@foundation50 p_w_picpaths]# qemu-img create -f qcow2 -b linux1.img linux2.img
Formatting 'linux2.img', fmt=qcow2 size=8589934592 backing_file='linux1.img' encryption=off cluster_size=65536 lazy_refcounts=off
快照可以创建快照,并且被快照创建出来的快照也可以加载启动
但是当前一个快照被删除时,后一个快照就会失效
比如:
[root@foundation50 p_w_picpaths]# rm -fr linux1.img
linux2将不能被加载启动

编辑脚本:
vim vmctl
----------------------------------------------------------------------
#!/bin/bash
echo poweroff $1 ...
virsh destroy $1 &> /dev/null
echo del $1.xml ...
virsh undefine $1 &> /dev/null
echo create disk ...
qemu-img create -f qcow2 -b /var/lib/libvirt/p_w_picpaths/$1.qcow2 /var/lib/libvirt/p_w_picpaths/$2.qcow2 &> /dev/null
echo create $2 vm ...
virt-install \
--name $2 \
--ram 1000 \
--disk /var/lib/libvirt/p_w_picpaths/$2.qcow2 \
--import &> /dev/null &
echo created $2 successful !!!
----------------------------------------------------------------------
执行脚本"vmctl":
[root@foundation50 杂]# sh vmctl rhel6.5 test
poweroff rhel6.5 ...
del rhel6.5.xml ...
create disk ...
create test vm ...
created test successful !!!
"-x"表示跟踪脚本的执行:
[root@foundation50 杂]# sh -x vmctl rhel6.5 test
+ echo poweroff rhel6.5 ...
poweroff rhel6.5 ...
+ virsh destroy rhel6.5
+ echo del rhel6.5.xml ...
del rhel6.5.xml ...
+ virsh undefine rhel6.5
+ echo create disk ...
create disk ...
+ qemu-img create -f qcow2 -b /var/lib/libvirt/p_w_picpaths/rhel6.5.qcow2 /var/lib/libvirt/p_w_picpaths/test.qcow2
+ echo create test vm ...
create test vm ...
+ echo created test successful '!!!'
created test successful !!!
+ virt-install --name test --ram 1000 --disk /var/lib/libvirt/p_w_picpaths/test.qcow2 --import
####################