kvm虚拟化


1. 虚拟化介绍

虚拟化是云计算的基础。简单的说,虚拟化在一个桌面物理的服务器上可以运行多台虚拟机,虚拟机共享物理机的CPU,内存,IO硬件资源,但逻辑上虚拟机之间是相互隔离的。

物理机我们一般称为宿主机(Host),宿主机上面的虚拟机称为替换(Guest)。

那么Host是如何将自己的硬件资源虚拟化,并提供给Guest使用的呢?
这个主要是通过一个叫做Hypervisor的程序实现的。

根据Hypervisor的实现方式和所处的位置,虚拟化又分为两种:

  • 全虚拟化
  • 半虚拟化

全虚拟化:
Hypervisor直接安装在物理机上,多个虚拟机在Hypervisor上运行。Hypervisor实现方式一般是一个特殊定制的Linux系统。Xen和VMWare的ESXi都属于这个类型
在这里插入图片描述
半虚拟化:
物理机上首先安装常规的操作系统,比如红帽,Ubuntu的和Windows.Hypervisor作为OS上的一个程序模块运行,并对管理虚拟机进行管理.KVM,VirtualBox的和VMware工作站都属于这个类型
在这里插入图片描述
理论上讲:
全虚拟化一般对硬件虚拟化功能进行了特别优化,性能上比半虚拟化要高;
半虚拟化因为基于普通的操作系统,会比较灵活,支持虚拟机封装。意味着可以在KVM虚拟机中再运行KVM。

2. kvm介绍

kVM全称是基于内核的虚拟机。KVM是基于Linux内核实现的。KVM
有一个内核模块叫kvm.ko,仅用于管理虚拟CPU和内存。

那IO的虚拟化,可以存储和网络设备则由Linux内核与Qemu来实现。

作为一个虚拟机监控程序,KVM本身仅关注虚拟机调度和内存管理这两个方面。IO外设的任务提交Linux内核和Qemu。

大家在网上看KVM相关文章的时候肯定经常会看到Libvirt这个东西。

Libvirt就是KVM的管理工具。

其实,Libvirt除了能管理KVM这种Hypervisor,还能管理Xen,VirtualBox等。

Libvirt包含3个东西:后台守护程序程序libvirtd,API库和命令行工具virsh

  • libvirtd是服务程序,接收和处理API请求;
  • API库的其他人可以开发基于Libvirt的高级工具,例如virt-manager,这是个图形化的KVM管理工具;
  • virsh是我们经常要用的KVM命令行工具

3. kvm部署

在这里插入图片描述
//首先在虚拟机里面添加一块硬盘,防止容量不够

//查看刚添加的硬盘
[root@localhost ~]# lsblk
NAME          MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda             8:0    0   20G  0 disk 
├─sda1          8:1    0    1G  0 part /boot
└─sda2          8:2    0   19G  0 part 
  ├─rhel-root 253:0    0   17G  0 lvm  /
  └─rhel-swap 253:1    0    2G  0 lvm  [SWAP]
sdb             8:16   0  200G  0 disk 
sr0            11:0    1  3.8G  0 rom 


//fdisk分区
[root@localhost ~]# fdisk /dev/sdb 
欢迎使用 fdisk (util-linux 2.23.2)。

更改将停留在内存中,直到您决定将更改写入磁盘。
使用写入命令前请三思。

Device does not contain a recognized partition table
使用磁盘标识符 0x471ee6d9 创建新的 DOS 磁盘标签。

命令(输入 m 获取帮助):n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
分区号 (1-4,默认 1):
起始 扇区 (2048-419430399,默认为 2048):
将使用默认值 2048
Last 扇区, +扇区 or +size{K,M,G} (2048-419430399,默认为 419430399):
将使用默认值 419430399
分区 1 已设置为 Linux 类型,大小设为 200 GiB

命令(输入 m 获取帮助):w
The partition table has been altered!

Calling ioctl() to re-read partition table.
正在同步磁盘。


//磁盘格式化
[root@localhost ~]# mkfs.ext4 /dev/sdb1
mke2fs 1.42.9 (28-Dec-2013)
文件系统标签=
OS type: Linux
块大小=4096 (log=2)
分块大小=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
13107200 inodes, 52428544 blocks
2621427 blocks (5.00%) reserved for the super user
第一个数据块=0
Maximum filesystem blocks=2199912448
1600 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: 完成                            
正在写入inode表: 完成                            
Creating journal (32768 blocks): 完成
Writing superblocks and filesystem accounting information: 完成     


//永久挂载磁盘
[root@localhost ~]# blkid           //查看磁盘uuid
/dev/sda1: UUID="fd661084-d861-478e-8667-8f9b540e11fb" TYPE="xfs" 
/dev/sda2: UUID="ccKJPJ-Bquf-YggJ-dX6O-adOY-wRR0-QM7lPA" TYPE="LVM2_member" 
/dev/sdb1: UUID="a8e7ca69-ad76-4fa8-9089-28899cd44efe" TYPE="ext4" 
/dev/sr0: UUID="2017-07-11-01-39-24-00" LABEL="RHEL-7.4 Server.x86_64" TYPE="iso9660" PTTYPE="dos" 
/dev/mapper/rhel-root: UUID="51a7acc0-5556-4b4a-a2bb-85e3f0533cdc" TYPE="xfs" 
/dev/mapper/rhel-swap: UUID="a850e78e-dffd-4eae-a199-53ec29397fdf" TYPE="swap" 
[root@localhost ~]# mkdir iso
[root@localhost ~]# vim /etc/fstab          //将查到的uuid写入fstab文件内
UUID=a8e7ca69-ad76-4fa8-9089-28899cd44efe /iso  ext4    defaults        0 0
[root@localhost ~]# mount -a                //重新挂载所有
[root@localhost ~]# lsblk
NAME          MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda             8:0    0   20G  0 disk 
├─sda1          8:1    0    1G  0 part /boot
└─sda2          8:2    0   19G  0 part 
  ├─rhel-root 253:0    0   17G  0 lvm  /
  └─rhel-swap 253:1    0    2G  0 lvm  [SWAP]
sdb             8:16   0  200G  0 disk 
└─sdb1          8:17   0  200G  0 part /iso
sr0            11:0    1  3.8G  0 rom  

//永久关闭防火墙和selinux

[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# reboot

//配置yum源

[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# yum -y install vim wget
[root@localhost yum.repos.d]# wget http://mirrors.aliyun.com/repo/Centos-7.repo
[root@localhost yum.repos.d]# vim Centos-7.repo
:%s/$releasever/7/
[root@localhost yum.repos.d]# yum -y install epel-release

//部署KVM

//验证CPU是否支持KVM;如果结果中有vmx(Intel)或svm(AMD)字样,就说明CPU的支持的
[root@localhost ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx


//kvm安装
[root@localhost ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools


因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把 \
KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部 \
其他服务器处于同一网段
//此处我的网卡是ens33,所以用br0来桥接ens33网卡
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens33  ifdown-eth   ifdown-isdn    ifdown-sit       ifup          ifup-ib    ifup-plip   ifup-routes    ifup-tunnel        network-functions-ipv6
ifcfg-lo     ifdown-ib    ifdown-post    ifdown-Team      ifup-aliases  ifup-ippp  ifup-plusb  ifup-sit       ifup-wireless
ifdown       ifdown-ippp  ifdown-ppp     ifdown-TeamPort  ifup-bnep     ifup-ipv6  ifup-post   ifup-Team      init.ipv6-global
ifdown-bnep  ifdown-ipv6  ifdown-routes  ifdown-tunnel    ifup-eth      ifup-isdn  ifup-ppp    ifup-TeamPort  network-functions
[root@localhost network-scripts]# cp ifcfg-ens33 ./ifcfg-br0
[root@localhost network-scripts]# ls
ifcfg-br0    ifdown-bnep  ifdown-ipv6  ifdown-routes    ifdown-tunnel  ifup-eth   ifup-isdn   ifup-ppp     ifup-TeamPort     network-functions
ifcfg-ens33  ifdown-eth   ifdown-isdn  ifdown-sit       ifup           ifup-ib    ifup-plip   ifup-routes  ifup-tunnel       network-functions-ipv6
ifcfg-lo     ifdown-ib    ifdown-post  ifdown-Team      ifup-aliases   ifup-ippp  ifup-plusb  ifup-sit     ifup-wireless
ifdown       ifdown-ippp  ifdown-ppp   ifdown-TeamPort  ifup-bnep      ifup-ipv6  ifup-post   ifup-Team    init.ipv6-global
[root@localhost network-scripts]# vim ifcfg-br0 
[root@localhost network-scripts]# cat ifcfg-br0 
TYPE=Bridge
DEVICE=br0
NM_CONTROLLED=no
BOOTPROTO=static
NAME=br0
ONBOOT=yes
IPADDR=192.168.26.156
NETMASK=255.255.255.0
GATEWAY=192.168.26.2
DNS1=114.114.114.114
[root@localhost network-scripts]# vim ifcfg-ens33 
[root@localhost network-scripts]# cat ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no


//重启网络
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
    link/ether 00:0c:29:22:f4:84 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::20c:29ff:fe22:f484/64 scope link 
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 00:0c:29:22:f4:84 brd ff:ff:ff:ff:ff:ff
    inet 192.168.26.156/24 brd 192.168.26.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe22:f484/64 scope link 
       valid_lft forever preferred_lft forever


//启动服务并设置开机自启动
[root@localhost ~]# systemctl start libvirtd
[root@localhost ~]# systemctl enable libvirtd


//验证安装结果
[root@localhost ~]# lsmod | grep kvm
kvm_intel             170086  0 
kvm                   566340  1 kvm_intel
irqbypass              13503  1 kvm


//测试并验证安装结果
[root@localhost ~]# virsh -c qemu:///system list
 Id    名称                         状态
----------------------------------------------------

[root@localhost ~]# virsh -c qemu:///system list
 Id    名称                         状态
----------------------------------------------------

[root@localhost ~]# virsh --version
4.5.0
[root@localhost ~]# virt-install --version
1.5.0

[root@localhost ~]# ln -sv /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
"/usr/bin/qemu-kvm" -> "/usr/libexec/qemu-kvm"
[root@localhost ~]# ll /usr/bin/qemu-kvm 
lrwxrwxrwx 1 root root 21 1月   9 19:55 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm

[root@localhost ~]# lsmod | grep kvm
kvm_intel             170086  0 
kvm                   566340  1 kvm_intel
irqbypass              13503  1 kvm


//查看网桥信息
[root@localhost ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.000c2922f484	no		ens33
virbr0		8000.525400121d18	yes		virbr0-nic

4. kvm Web管理界面安装

kvm的web管理界面是由webvirtmgr程序提供的。

//安装依赖包
[root@localhost ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel


//升级pip
[root@localhost ~]# pip install --upgrade pip
Collecting pip
  Downloading https://files.pythonhosted.org/packages/00/b6/9cfa56b4081ad13874b0c6f96af8ce16cfbc1cb06bedf8e9164ce5551ec1/pip-19.3.1-py2.py3-none-any.whl (1.4MB)
    100% |████████████████████████████████| 1.4MB 81kB/s 
Installing collected packages: pip
  Found existing installation: pip 8.1.2
    Uninstalling pip-8.1.2:
      Successfully uninstalled pip-8.1.2
Successfully installed pip-19.3.1


//从github上下载webvirtmgr代码
[root@localhost ~]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
接收对象中: 100% (5614/5614), 2.98 MiB | 595.00 KiB/s, done.
处理 delta 中: 100% (3602/3602), done.


//安装webvirtmgr
[root@localhost webvirtmgr]# ls
conf     create  dev-requirements.txt  images    interfaces  manage.py    networks    requirements.txt  serverlog  setup.py  templates    vrtManager
console  deploy  hostdetail            instance  locale      MANIFEST.in  README.rst  secrets           servers    storages  Vagrantfile  webvirtmgr
[root@localhost webvirtmgr]# pip install -r requirements.txt 
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7fe1a3676fd0>: Failed to establish a new connection: [Errno -2] \xe6\x9c\xaa\xe7\x9f\xa5\xe7\x9a\x84\xe5\x90\x8d\xe7\xa7\xb0\xe6\x88\x96\xe6\x9c\x8d\xe5\x8a\xa1',)': /simple/django/
Collecting django==1.5.5
  Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB)
     |████████████████████████████████| 8.1MB 3.1MB/s 
Collecting gunicorn==19.5.0
  Downloading https://files.pythonhosted.org/packages/f9/4e/f4076a1a57fc1e75edc0828db365cfa9005f9f6b4a51b489ae39a91eb4be/gunicorn-19.5.0-py2.py3-none-any.whl (113kB)
     |████████████████████████████████| 122kB 258kB/s 
Collecting lockfile>=0.9
  Downloading https://files.pythonhosted.org/packages/c8/22/9460e311f340cb62d26a38c419b1381b8593b0bb6b5d1f056938b086d362/lockfile-0.12.2-py2.py3-none-any.whl
Installing collected packages: django, gunicorn, lockfile
    Running setup.py install for django ... done
Successfully installed django-1.5.5 gunicorn-19.5.0 lockfile-0.12.2


//检查sqlite3是否安装
[root@localhost webvirtmgr]# python
Python 2.7.5 (default, Aug  7 2019, 00:51:29) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()

//初始化帐号信息
[root@localhost webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes      //询问你是否创建超级管理员
Username (leave blank to use 'root'): admin      //设置超级管理员账户,留空为root账户
Email address: 123@qq.com      //设置超级管理员邮箱
Password:       //设置超级管理员密码
Password (again):       //再次输入超级管理员密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)


//拷贝web网页至指定目录
[root@localhost webvirtmgr]# mkdir /var/www
[root@localhost webvirtmgr]# cp -r /root/webvirtmgr /var/www/
[root@localhost webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/


//生成密钥
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:B8WoZRUlh1SqSk3SDES3c5paytxAnwORL5e8JJC7kts root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|     +=..=*=+    |
|    o .*+oo+     |
|     o+*B.o      |
|    ..+**O       |
|   . .o=S..      |
|  o .+ B.o       |
|   +  * .        |
|  . E            |
|                 |
+----[SHA256]-----+

//由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个是它的ip
[root@localhost ~]# ssh-copy-id 192.168.26.156
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.156 (192.168.26.156)' can't be established.
ECDSA key fingerprint is SHA256:tm5aw4jtDLZbuf36IzZmL1+KMtd9gkSDZIcmRJ7O+Pw.
ECDSA key fingerprint is MD5:41:b5:7d:fb:0e:dc:e2:94:30:ea:98:9e:f3:b1:3f:7d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.156's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.26.156'"
and check to make sure that only the key(s) you wanted were added.


//配置端口转发
[root@localhost ~]# ssh 192.168.26.156 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
Last login: Thu Jan  9 19:41:35 2020 from 192.168.26.1
[root@localhost ~]# ss -tanl
State       Recv-Q Send-Q                                       Local Address:Port                                                      Peer Address:Port              
LISTEN      0      128                                                      *:111                                                                  *:*                  
LISTEN      0      5                                            192.168.122.1:53                                                                   *:*                  
LISTEN      0      128                                                      *:22                                                                   *:*                  
LISTEN      0      100                                              127.0.0.1:25                                                                   *:*                  
LISTEN      0      128                                              127.0.0.1:6080                                                                 *:*                  
LISTEN      0      128                                              127.0.0.1:8000                                                                 *:*                  
LISTEN      0      128                                                     :::111                                                                 :::*                  
LISTEN      0      128                                                     :::22                                                                  :::*                  
LISTEN      0      100                                                    ::1:25                                                                  :::*                  
LISTEN      0      128                                                    ::1:6080                                                                :::*                  
LISTEN      0      128                                                    ::1:8000                                                                :::* 


//配置nginx
[root@localhost ~]# vim /etc/nginx/nginx.conf
[root@localhost ~]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        server_name  _;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            root html;
            index index.html index.htm;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }


[root@localhost ~]# vim /etc/nginx/conf.d/webvirtmgr.conf      //这个文件本身是没有的,是vim直接创建的
[root@localhost ~]# cat /etc/nginx/conf.d/webvirtmgr.conf 
server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;

    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr;
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M;
    }
}


//确保bind绑定的是本机的8000端口
[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py 
...
...省略
...
bind = '0.0.0.0:8000'      //确保此处绑定的是本机的8000端口,这个在nginx配置中定义了,被代理的端口
backlog = 2048
...
...省略
...


//重启nginx并设置为开机自启动
[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py 
[root@localhost ~]# systemctl restart nginx
[root@localhost ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@localhost ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since 四 2020-01-09 21:03:16 CST; 22s ago
 Main PID: 1623 (nginx)
   CGroup: /system.slice/nginx.service
           ├─1623 nginx: master process /usr/sbin/nginx
           └─1624 nginx: worker process

1月 09 21:03:16 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
1月 09 21:03:16 localhost.localdomain nginx[1617]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
1月 09 21:03:16 localhost.localdomain nginx[1617]: nginx: configuration file /etc/nginx/nginx.conf test is successful
1月 09 21:03:16 localhost.localdomain systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argument
1月 09 21:03:16 localhost.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.

[root@localhost ~]# ss -tanl
State       Recv-Q Send-Q                                       Local Address:Port                                                      Peer Address:Port              
LISTEN      0      128                                                      *:111                                                                  *:*                  
LISTEN      0      128                                                      *:80                                                                   *:*                  
LISTEN      0      5                                            192.168.122.1:53                                                                   *:*                  
LISTEN      0      128                                                      *:22                                                                   *:*                  
LISTEN      0      100                                              127.0.0.1:25                                                                   *:*                  
LISTEN      0      128                                              127.0.0.1:6080                                                                 *:*                  
LISTEN      0      128                                              127.0.0.1:8000                                                                 *:*                  
LISTEN      0      128                                                     :::111                                                                 :::*                  
LISTEN      0      128                                                     :::22                                                                  :::*                  
LISTEN      0      100                                                    ::1:25                                                                  :::*                  
LISTEN      0      128                                                    ::1:6080                                                                :::*                  
LISTEN      0      128                                                    ::1:8000                                                                :::*       



//设置supervisor
[root@localhost ~]# vim /etc/supervisord.conf
...
...省略,在文件最后加上以下内容
...
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx


//启动supervisor并设置开机自启
[root@localhost ~]# systemctl start supervisord
[root@localhost ~]# systemctl enable supervisord
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
[root@localhost ~]# systemctl status supervisord
● supervisord.service - Process Monitoring and Control Daemon
   Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
   Active: active (running) since 四 2020-01-09 20:41:52 CST; 48s ago
 Main PID: 13045 (supervisord)
   CGroup: /system.slice/supervisord.service
           ├─13045 /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
           └─13110 /usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py

1月 09 20:41:52 localhost.localdomain systemd[1]: Starting Process Monitoring and Control Daemon...
1月 09 20:41:52 localhost.localdomain systemd[1]: Started Process Monitoring and Control Daemon.
[root@localhost ~]# ss -tanl
State       Recv-Q Send-Q                                       Local Address:Port                                                      Peer Address:Port              
LISTEN      0      128                                                      *:111                                                                  *:*                  
LISTEN      0      128                                                      *:80                                                                   *:*                  
LISTEN      0      5                                            192.168.122.1:53                                                                   *:*                  
LISTEN      0      128                                                      *:22                                                                   *:*                  
LISTEN      0      100                                              127.0.0.1:25                                                                   *:*                  
LISTEN      0      128                                              127.0.0.1:6080                                                                 *:*                  
LISTEN      0      128                                              127.0.0.1:8000                                                                 *:*                  
LISTEN      0      128                                                     :::111                                                                 :::*                  
LISTEN      0      128                                                     :::22                                                                  :::*                  
LISTEN      0      100                                                    ::1:25                                                                  :::*                  
LISTEN      0      128                                                    ::1:6080                                                                :::*                  
LISTEN      0      128                                                    ::1:8000                                                                :::* 


//配置nginx用户
[root@localhost ~]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa): 
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:uuOyOeNNfIisE/VAt2YGx6stUMqFsz8apwoCdul1ssI nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|   . .           |
|  o = +          |
| . B + o         |
|  = + *          |
|.. * @ .S        |
|o *.Bo*o         |
|o  Eo+= .        |
|o +.=+.o         |
|...o+*+.         |
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.26.156
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.26.156' (ECDSA) to the list of known hosts.
root@192.168.26.156's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.26.156'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
登出


[root@localhost ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@localhost ~]# cat /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla 
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@localhost ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla 

5. kvm web界面管理

通过ip地址在浏览器上访问kvm,例如我这里就是:192.168.26.156
在这里插入图片描述

5.1 kvm连接管理

创建SSH连接:
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

5.2 kvm存储管理

创建存储:
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
通过远程连接软件如Xftp上传ISO原始文件至存储目录/iso

[root@localhost ~]# cd /iso/
[root@localhost iso]# ls
lost+found
[root@localhost iso]# ls
lost+found  rhel-server-7.4-x86_64-dvd.iso

在web界面上查看ISO是否存在
在这里插入图片描述
创建系统安装镜像
在这里插入图片描述
在这里插入图片描述
添加成功后如下图所示
在这里插入图片描述

5.3 kvm网络管理

添加桥接网络
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

5.3 实例管理

一个虚拟机即为一个示例

实例(虚拟机)创建
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
虚拟机插入光盘
在这里插入图片描述
设置在web上访问虚拟机的密码
在这里插入图片描述
启动虚拟机
在这里插入图片描述
在这里插入图片描述
虚拟机安装
在这里插入图片描述
虚拟机安装步骤就是正常系统安装步骤,按照正常系统安装步骤来即可

6. 故障案例

6.1 案例1

web界面配置完成后可能会出现以下错误界面
在这里插入图片描述
解决方法是安装novnc并通过novnc_server启动一个vnc

[root@localhost ~]# ll /etc/rc.local
lrwxrwxrwx. 1 root root 13 Aug  6  2018 /etc/rc.local -> rc.d/rc.local
[root@localhost ~]# ll /etc/rc.d/rc.local
-rw-r--r-- 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local
[root@localhost ~]# chmod +x /etc/rc.d/rc.local
[root@localhost ~]# ll /etc/rc.d/rc.local
-rwxr-xr-x 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local

[root@localhost ~]# vim /etc/rc.d/rc.local
......此处省略N行
# that this script will be executed during boot.

touch /var/lock/subsys/local
nohup novnc_server 172.16.12.128:5920 &

[root@localhost ~]# . /etc/rc.d/rc.local

做完以上操作后再次访问即可正常访问
在这里插入图片描述

6.2 案例2

第一次通过web访问kvm时可能会一直访问不了,一直转圈,而命令行界面一直报错(too many open files)

此时需要对nginx进行配置

[root@localhost ~]# vim /etc/nginx/nginx.conf
....此处省略N行
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
worker_rlimit_nofile 655350;    //添加此行配置

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
....此处省略N行

[root@localhost ~]# systemctl restart nginx

然后对系统参数进行设置

[root@localhost ~]# vim /etc/security/limits.conf
....此处省略N行
# End of file
* soft nofile 655350
* hard nofile 655350
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值