使用libvirt管理KVM虚拟机

使用libvirt管理KVM虚拟机

一、安装虚拟化管理工具

1、yum install virt-manager libvirt libvirt-python python-virtinst

1. 1、kmod-kvm : kvm kernel module(s)
2. 2、kvm : Kernel-based Virtual Machine
3. 3、kvm-qemu-img : Qemu disk image utility
4. 4、kvm-tools : KVM debugging and diagnostics tools
5. 5、python-virtinst : Python modules and utilities for installing virtual machines
6. 6、virt-manager : Virtual Machine Manager (GUI app, to install and configure VMs)
7. 7、virt-viewer: Virtual Machine Viewer (another lightweight app to view VM console and/or install VMs)
8. 9、bridge-utils : Utilities for configuring the Linux Ethernet bridge (this is recommended for KVM networking)

KVM Package Group RHEL comes with KVM software group which includes full virtualization support with KVM. You can list all packages in the group as follows:

# yum groupinfo KVM

 

2、Start the libvirtd daemon service

service libvirtd start

关于错误：

注：该错误出现在centos5.4，libvirtd 0.6.3

重启libvirtd后，启动guest时会出现下面的问题。

Apr 22 09:16:20 srv4 kernel: libvirtd[27156]: segfault at 00000000444e3000 rip 0000003e5501e161 rsp 00000000444dfcd0 error 4

Apr 22 09:16:20 srv4 libvirtd: 09:16:20.739: error : internal error Unable to daemonize QEMU process 

重启了host，问题解决

原因：https://bugzilla.redhat.com/show_bug.cgi?id=505625

Everytime the virGetCapabilities() method is run, it destroys the existing virCapsPtr object and creates it again....without any of the selinux info. virt-manager runs this method. so once virt-manager has run, subsequent calls to get the security info will give the crash you see.

 

二、有关网络

http://wiki.libvirt.org/page/Networking

1、一般网络（又名NAT）：guest可以访问外网，外网不能访问guest。

安装了libvirt后，一个NAT网络即可用。host被设置为192.168.122.1（virbr0），所有的guest将被分配为192.168.122.x

如果看不到virbr0

或者在 virsh start <Name of KVM>时出现下面的错误：

Apr 22 08:50:37 srv4 libvirtd: 08:50:37.839: error : internal error Failed to add tap interface 'vnet%d' to bridge 'virbr0' : No such device 

 

查看/var/log/message.log

Apr 22 08:57:10 srv4 dnsmasq[26000]: failed to open pidfile /var/run/libvirt/network/default.pid: Permission denied

Apr 22 08:57:10 srv4 dnsmasq[26000]: FAILED to start up

 

手动启动default network

virsh net-start default

error: Failed to start network default

error: internal error '/usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file=  --listen-address 192.168.122.1 --except-interface lo --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-lease-max=253' exited with non-zero status 3 and signal 0: 

dnsmasq: failed to open pidfile /var/run/libvirt/network/default.pid: Permission denied

解决办法：

我的当前系统：selinux-policy.noarch                                               2.4.6-203.el5  

yum updata selinux-policy.noarch

selinux-policy.noarch                                               2.4.6-279.el5_5.2 

 

service libvirtd restart

注：需要重启host，上面写了原因

1. # ifconfig virbr0
2. virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
3. inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
4. inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
5. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
6. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
7. TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
8. collisions:0 txqueuelen:0
9. RX bytes:0 (0.0 b) TX bytes:10962 (10.7 KiB)

一个故障：

不论是NAT，还是Bridge模式，guest都无法与其他服务器通信，而且NAT模式时无法通过dhcp获取IP。没有查到错误原因。

不使用virsh来启动，按照 http://blog.chinaunix.net/space.php?uid=1838361&do=blog&id=234090文章介绍的方法来启动时，NAT及bridge模式都可以正常访问其他服务器。所以按照该文章的方法，在guest的xml文件中定义interface的部分，指定虚拟网卡为tap0,网络正常了，将指定的网卡名去掉，由virsh自动分配为vnet0，网络也是正常的，也可以通过dhcp获取IP了。原因未知。

另：virsh启动的log文件位于：/var/log/libvirt/qemu/

 

20110711:

nat方式无法获取IP，service libvirtd restart 重启服务，恢复。

 

关于NAT方式，guest可以获取ip，但无法与访问公网：

有多个网卡？你的物理机由哪个网卡访问公网？例如，我的物理机由br0访问公网，则，修改default.xml文件，添加forward的dev参数。

1. virsh # net-dumpxml default
   
2. <network>
3.   <name>default</name>
4.   <uuid>8d004490-ee73-4e36-b9ef-821d7e73f9f6</uuid>
5.   <forward dev='br0' mode='nat'/>
6.   <bridge name='virbr0' stp='on' forwardDelay='0' />
7.   <ip address='192.168.122.1' netmask='255.255.255.0'>
8.     <dhcp>
9.       <range start='192.168.122.2' end='192.168.122.254' />
10.     </dhcp>
11.   </ip>
12. </network>

1. virsh # net-define /etc/libvirt/qemu/network/default.xml
2. virsh # net-destroy default
3. virsh # net-start  default

2、Bridge网络（又名：共享物理网卡）:guest可以访问外网，外网也可以访问guest

# cd /etc/sysconfig/network-scripts/

# cp ifcfg-eth0 ifcfg-br0 

两个配置文件内容分别为：

/etc/sysconfig/network-scripts/ifcfg-eth0

1. DEVICE=eth0
2. TYPE=Ethernet
3. ONBOOT=yes
4. NM_CONTROLLED=no
5. BRIDGE=br0

/etc/sysconfig/network-scripts/ifcfg-br0

1. DEVICE=br0
2. TYPE=Bridge
3. NM_CONTROLLED=no
4. BOOTPROTO=static
5. IPADDR=221.193.136.121
6. NETMASK=255.255.255.0
7. ONBOOT=yes

The NM_CONTROLLED=no option was added because both device should not be controlled by the Network Manager for bridge to work. 

 

重启network（ 当前连接会丢失，确保你总是可以访问host，否则要格外小心）

service network restart

关于错误：Bringing up interface eth0:  tg3 device eth0 does not seem to be present, delaying initialization.

原因：br0里没有加配置 TYPE=Bridge

对于rhel6和centos6，需要关闭NetworkManager 

service NetworkManager stop

chkconfig --level 35 NetworkManager off

 

Disable Netfilter processing in the bridged traffic.

在 /etc/sysctl.conf文件中添加：

1. net.bridge.bridge-nf-call-ip6tables = 0
2. net.bridge.bridge-nf-call-iptables = 0
3. net.bridge.bridge-nf-call-arptables = 0
4. net.bridge.bridge-nf-filter-vlan-tagged = 0

 

        验证是否生效

ifconfig

br0现在扮演eth0的角色。

br0       Link encap:Ethernet  HWaddr 00:14:5E:C2:1E:40  

          inet addr:221.193.136.121   Bcast:221.193.136.255  Mask:255.255.255.0 

          inet6 addr: f