文章目录
1. 虚拟化介绍
虚拟化是云计算的基础。简单的说,虚拟化在一个桌面物理的服务器上可以运行多台虚拟机,虚拟机共享物理机的CPU,内存,IO硬件资源,但逻辑上虚拟机之间是相互隔离的。
物理机我们一般称为宿主机(Host),宿主机上面的虚拟机称为替换(Guest)。
那么Host是如何将自己的硬件资源虚拟化,并提供给Guest使用的呢?
这个主要是通过一个叫做Hypervisor的程序实现的。
根据Hypervisor的实现方式和所处的位置,虚拟化又分为两种:
- 全虚拟化
- 半虚拟化
全虚拟化:
Hypervisor直接安装在物理机上,多个虚拟机在Hypervisor上运行。Hypervisor实现方式一般是一个特殊定制的Linux系统。Xen和VMWare的ESXi都属于这个类型
半虚拟化:
物理机上首先安装常规的操作系统,比如红帽,Ubuntu的和Windows.Hypervisor作为OS上的一个程序模块运行,并对管理虚拟机进行管理.KVM,VirtualBox的和VMware工作站都属于这个类型
理论上讲:
全虚拟化一般对硬件虚拟化功能进行了特别优化,性能上比半虚拟化要高;
半虚拟化因为基于普通的操作系统,会比较灵活,支持虚拟机封装。意味着可以在KVM虚拟机中再运行KVM。
2. kvm介绍
kVM全称是基于内核的虚拟机。KVM是基于Linux内核实现的。KVM
有一个内核模块叫kvm.ko,仅用于管理虚拟CPU和内存。
那IO的虚拟化,可以存储和网络设备则由Linux内核与Qemu来实现。
作为一个虚拟机监控程序,KVM本身仅关注虚拟机调度和内存管理这两个方面。IO外设的任务提交Linux内核和Qemu。
大家在网上看KVM相关文章的时候肯定经常会看到Libvirt这个东西。
Libvirt就是KVM的管理工具。
其实,Libvirt除了能管理KVM这种Hypervisor,还能管理Xen,VirtualBox等。
Libvirt包含3个东西:后台守护程序程序libvirtd,API库和命令行工具virsh
- libvirtd是服务程序,接收和处理API请求;
- API库的其他人可以开发基于Libvirt的高级工具,例如virt-manager,这是个图形化的KVM管理工具;
- virsh是我们经常要用的KVM命令行工具
3. kvm部署
//首先在虚拟机里面添加一块硬盘,防止容量不够
//查看刚添加的硬盘
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 19G 0 part
├─rhel-root 253:0 0 17G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
sdb 8:16 0 200G 0 disk
sr0 11:0 1 3.8G 0 rom
//fdisk分区
[root@localhost ~]# fdisk /dev/sdb
欢迎使用 fdisk (util-linux 2.23.2)。
更改将停留在内存中,直到您决定将更改写入磁盘。
使用写入命令前请三思。
Device does not contain a recognized partition table
使用磁盘标识符 0x471ee6d9 创建新的 DOS 磁盘标签。
命令(输入 m 获取帮助):n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
分区号 (1-4,默认 1):
起始 扇区 (2048-419430399,默认为 2048):
将使用默认值 2048
Last 扇区, +扇区 or +size{K,M,G} (2048-419430399,默认为 419430399):
将使用默认值 419430399
分区 1 已设置为 Linux 类型,大小设为 200 GiB
命令(输入 m 获取帮助):w
The partition table has been altered!
Calling ioctl() to re-read partition table.
正在同步磁盘。
//磁盘格式化
[root@localhost ~]# mkfs.ext4 /dev/sdb1
mke2fs 1.42.9 (28-Dec-2013)
文件系统标签=
OS type: Linux
块大小=4096 (log=2)
分块大小=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
13107200 inodes, 52428544 blocks
2621427 blocks (5.00%) reserved for the super user
第一个数据块=0
Maximum filesystem blocks=2199912448
1600 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872
Allocating group tables: 完成
正在写入inode表: 完成
Creating journal (32768 blocks): 完成
Writing superblocks and filesystem accounting information: 完成
//永久挂载磁盘
[root@localhost ~]# blkid //查看磁盘uuid
/dev/sda1: UUID="fd661084-d861-478e-8667-8f9b540e11fb" TYPE="xfs"
/dev/sda2: UUID="ccKJPJ-Bquf-YggJ-dX6O-adOY-wRR0-QM7lPA" TYPE="LVM2_member"
/dev/sdb1: UUID="a8e7ca69-ad76-4fa8-9089-28899cd44efe" TYPE="ext4"
/dev/sr0: UUID="2017-07-11-01-39-24-00" LABEL="RHEL-7.4 Server.x86_64" TYPE="iso9660" PTTYPE="dos"
/dev/mapper/rhel-root: UUID="51a7acc0-5556-4b4a-a2bb-85e3f0533cdc" TYPE="xfs"
/dev/mapper/rhel-swap: UUID="a850e78e-dffd-4eae-a199-53ec29397fdf" TYPE="swap"
[root@localhost ~]# mkdir iso
[root@localhost ~]# vim /etc/fstab //将查到的uuid写入fstab文件内
UUID=a8e7ca69-ad76-4fa8-9089-28899cd44efe /iso ext4 defaults 0 0
[root@localhost ~]# mount -a //重新挂载所有
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 19G 0 part
├─rhel-root 253:0 0 17G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
sdb 8:16 0 200G 0 disk
└─sdb1 8:17 0 200G 0 part /iso
sr0 11:0 1 3.8G 0 rom
//永久关闭防火墙和selinux
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# reboot
//配置yum源
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# yum -y install vim wget
[root@localhost yum.repos.d]# wget http://mirrors.aliyun.com/repo/Centos-7.repo
[root@localhost yum.repos.d]# vim Centos-7.repo
:%s/$releasever/7/
[root@localhost yum.repos.d]# yum -y install epel-release
//部署KVM
//验证CPU是否支持KVM;如果结果中有vmx(Intel)或svm(AMD)字样,就说明CPU的支持的
[root@localhost ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx
//kvm安装
[root@localhost ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把 \
KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部 \
其他服务器处于同一网段
//此处我的网卡是ens33,所以用br0来桥接ens33网卡
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown-eth ifdown-isdn ifdown-sit ifup ifup-ib ifup-plip ifup-routes ifup-tunnel network-functions-ipv6
ifcfg-lo ifdown-ib ifdown-post ifdown-Team ifup-aliases ifup-ippp ifup-plusb ifup-sit ifup-wireless
ifdown ifdown-ippp ifdown-ppp ifdown-TeamPort ifup-bnep ifup-ipv6 ifup-post ifup-Team init.ipv6-global
ifdown-bnep ifdown-ipv6 ifdown-routes ifdown-tunnel ifup-eth ifup-isdn ifup-ppp ifup-TeamPort network-functions
[root@localhost network-scripts]# cp ifcfg-ens33 ./ifcfg-br0
[root@localhost network-scripts]# ls
ifcfg-br0 ifdown-bnep ifdown-ipv6 ifdown-routes ifdown-tunnel ifup-eth ifup-isdn ifup-ppp ifup-TeamPort network-functions
ifcfg-ens33 ifdown-eth ifdown-isdn ifdown-sit ifup ifup-ib ifup-plip ifup-routes ifup-tunnel network-functions-ipv6
ifcfg-lo ifdown-ib ifdown-post ifdown-Team ifup-aliases ifup-ippp ifup-plusb ifup-sit ifup-wireless
ifdown ifdown-ippp ifdown-ppp ifdown-TeamPort ifup-bnep ifup-ipv6 ifup-post ifup-Team init.ipv6-global
[root@localhost network-scripts]# vim ifcfg-br0
[root@localhost network-scripts]# cat ifcfg-br0
TYPE=Bridge
DEVICE=br0
NM_CONTROLLED=no
BOOTPROTO=static
NAME=br0
ONBOOT=yes
IPADDR=192.168.26.156
NETMASK=255.255.255.0
GATEWAY=192.168.26.2
DNS1=114.114.114.114
[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no
//重启网络
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 00:0c:29:22:f4:84 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe22:f484/64 scope link
valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:0c:29:22:f4:84 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.156/24 brd 192.168.26.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe22:f484/64 scope link
valid_lft forever preferred_lft forever
//启动服务并设置开机自启动
[root@localhost ~]# systemctl start libvirtd
[root@localhost ~]# systemctl enable libvirtd
//验证安装结果
[root@localhost ~]# lsmod | grep kvm
kvm_intel 170086 0
kvm 566340 1 kvm_intel
irqbypass 13503 1 kvm
//测试并验证安装结果
[root@localhost ~]# virsh -c qemu:///system list
Id 名称 状态
----------------------------------------------------
[root@localhost ~]# virsh -c qemu:///system list
Id 名称 状态
----------------------------------------------------
[root@localhost ~]# virsh --version
4.5.0
[root@localhost ~]# virt-install --version
1.5.0
[root@localhost ~]# ln -sv /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
"/usr/bin/qemu-kvm" -> "/usr/libexec/qemu-kvm"
[root@localhost ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 1月 9 19:55 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@localhost ~]# lsmod | grep kvm
kvm_intel 170086 0
kvm 566340 1 kvm_intel
irqbypass 13503 1 kvm
//查看网桥信息
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c2922f484 no ens33
virbr0 8000.525400121d18 yes virbr0-nic
4. kvm Web管理界面安装
kvm的web管理界面是由webvirtmgr程序提供的。
//安装依赖包
[root@localhost ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
//升级pip
[root@localhost ~]# pip install --upgrade pip
Collecting pip
Downloading https://files.pythonhosted.org/packages/00/b6/9cfa56b4081ad13874b0c6f96af8ce16cfbc1cb06bedf8e9164ce5551ec1/pip-19.3.1-py2.py3-none-any.whl (1.4MB)
100% |████████████████████████████████| 1.4MB 81kB/s
Installing collected packages: pip
Found existing installation: pip 8.1.2
Uninstalling pip-8.1.2:
Successfully uninstalled pip-8.1.2
Successfully installed pip-19.3.1
//从github上下载webvirtmgr代码
[root@localhost ~]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
接收对象中: 100% (5614/5614), 2.98 MiB | 595.00 KiB/s, done.
处理 delta 中: 100% (3602/3602), done.
//安装webvirtmgr
[root@localhost webvirtmgr]# ls
conf create dev-requirements.txt images interfaces manage.py networks requirements.txt serverlog setup.py templates vrtManager
console deploy hostdetail instance locale MANIFEST.in README.rst secrets servers storages Vagrantfile webvirtmgr
[root@localhost webvirtmgr]# pip install -r requirements.txt
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7fe1a3676fd0>: Failed to establish a new connection: [Errno -2] \xe6\x9c\xaa\xe7\x9f\xa5\xe7\x9a\x84\xe5\x90\x8d\xe7\xa7\xb0\xe6\x88\x96\xe6\x9c\x8d\xe5\x8a\xa1',)': /simple/django/
Collecting django==1.5.5
Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB)
|████████████████████████████████| 8.1MB 3.1MB/s
Collecting gunicorn==19.5.0
Downloading https://files.pythonhosted.org/packages/f9/4e/f4076a1a57fc1e75edc0828db365cfa9005f9f6b4a51b489ae39a91eb4be/gunicorn-19.5.0-py2.py3-none-any.whl (113kB)
|████████████████████████████████| 122kB 258kB/s
Collecting lockfile>=0.9
Downloading https://files.pythonhosted.org/packages/c8/22/9460e311f340cb62d26a38c419b1381b8593b0bb6b5d1f056938b086d362/lockfile-0.12.2-py2.py3-none-any.whl
Installing collected packages: django, gunicorn, lockfile
Running setup.py install for django ... done
Successfully installed django-1.5.5 gunicorn-19.5.0 lockfile-0.12.2
//检查sqlite3是否安装
[root@localhost webvirtmgr]# python
Python 2.7.5 (default, Aug 7 2019, 00:51:29)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
//初始化帐号信息
[root@localhost webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes //询问你是否创建超级管理员
Username (leave blank to use 'root'): admin //设置超级管理员账户,留空为root账户
Email address: 123@qq.com //设置超级管理员邮箱
Password: //设置超级管理员密码
Password (again): //再次输入超级管理员密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
//拷贝web网页至指定目录
[root@localhost webvirtmgr]# mkdir /var/www
[root@localhost webvirtmgr]# cp -r /root/webvirtmgr /var/www/
[root@localhost webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/
//生成密钥
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:B8WoZRUlh1SqSk3SDES3c5paytxAnwORL5e8JJC7kts root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| +=..=*=+ |
| o .*+oo+ |
| o+*B.o |
| ..+**O |
| . .o=S.. |
| o .+ B.o |
| + * . |
| . E |
| |
+----[SHA256]-----+
//由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个是它的ip
[root@localhost ~]# ssh-copy-id 192.168.26.156
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.156 (192.168.26.156)' can't be established.
ECDSA key fingerprint is SHA256:tm5aw4jtDLZbuf36IzZmL1+KMtd9gkSDZIcmRJ7O+Pw.
ECDSA key fingerprint is MD5:41:b5:7d:fb:0e:dc:e2:94:30:ea:98:9e:f3:b1:3f:7d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.156's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.26.156'"
and check to make sure that only the key(s) you wanted were added.
//配置端口转发
[root@localhost ~]# ssh 192.168.26.156 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
Last login: Thu Jan 9 19:41:35 2020 from 192.168.26.1
[root@localhost ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
//配置nginx
[root@localhost ~]# vim /etc/nginx/nginx.conf
[root@localhost ~]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name _;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
[root@localhost ~]# vim /etc/nginx/conf.d/webvirtmgr.conf //这个文件本身是没有的,是vim直接创建的
[root@localhost ~]# cat /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
//确保bind绑定的是本机的8000端口
[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
...
...省略
...
bind = '0.0.0.0:8000' //确保此处绑定的是本机的8000端口,这个在nginx配置中定义了,被代理的端口
backlog = 2048
...
...省略
...
//重启nginx并设置为开机自启动
[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
[root@localhost ~]# systemctl restart nginx
[root@localhost ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@localhost ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2020-01-09 21:03:16 CST; 22s ago
Main PID: 1623 (nginx)
CGroup: /system.slice/nginx.service
├─1623 nginx: master process /usr/sbin/nginx
└─1624 nginx: worker process
1月 09 21:03:16 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
1月 09 21:03:16 localhost.localdomain nginx[1617]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
1月 09 21:03:16 localhost.localdomain nginx[1617]: nginx: configuration file /etc/nginx/nginx.conf test is successful
1月 09 21:03:16 localhost.localdomain systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argument
1月 09 21:03:16 localhost.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.
[root@localhost ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
//设置supervisor
[root@localhost ~]# vim /etc/supervisord.conf
...
...省略,在文件最后加上以下内容
...
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
//启动supervisor并设置开机自启
[root@localhost ~]# systemctl start supervisord
[root@localhost ~]# systemctl enable supervisord
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
[root@localhost ~]# systemctl status supervisord
● supervisord.service - Process Monitoring and Control Daemon
Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2020-01-09 20:41:52 CST; 48s ago
Main PID: 13045 (supervisord)
CGroup: /system.slice/supervisord.service
├─13045 /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
└─13110 /usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
1月 09 20:41:52 localhost.localdomain systemd[1]: Starting Process Monitoring and Control Daemon...
1月 09 20:41:52 localhost.localdomain systemd[1]: Started Process Monitoring and Control Daemon.
[root@localhost ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
//配置nginx用户
[root@localhost ~]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:uuOyOeNNfIisE/VAt2YGx6stUMqFsz8apwoCdul1ssI nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| . . |
| o = + |
| . B + o |
| = + * |
|.. * @ .S |
|o *.Bo*o |
|o Eo+= . |
|o +.=+.o |
|...o+*+. |
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.26.156
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.26.156' (ECDSA) to the list of known hosts.
root@192.168.26.156's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.156'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
登出
[root@localhost ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@localhost ~]# cat /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@localhost ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
5. kvm web界面管理
通过ip地址在浏览器上访问kvm,例如我这里就是:192.168.26.156
5.1 kvm连接管理
创建SSH连接:
5.2 kvm存储管理
创建存储:
通过远程连接软件如Xftp上传ISO原始文件至存储目录/iso
[root@localhost ~]# cd /iso/
[root@localhost iso]# ls
lost+found
[root@localhost iso]# ls
lost+found rhel-server-7.4-x86_64-dvd.iso
在web界面上查看ISO是否存在
创建系统安装镜像
添加成功后如下图所示
5.3 kvm网络管理
添加桥接网络
5.3 实例管理
一个虚拟机即为一个示例
实例(虚拟机)创建
虚拟机插入光盘
设置在web上访问虚拟机的密码
启动虚拟机
虚拟机安装
虚拟机安装步骤就是正常系统安装步骤,按照正常系统安装步骤来即可
6. 故障案例
6.1 案例1
web界面配置完成后可能会出现以下错误界面
解决方法是安装novnc并通过novnc_server启动一个vnc
[root@localhost ~]# ll /etc/rc.local
lrwxrwxrwx. 1 root root 13 Aug 6 2018 /etc/rc.local -> rc.d/rc.local
[root@localhost ~]# ll /etc/rc.d/rc.local
-rw-r--r-- 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local
[root@localhost ~]# chmod +x /etc/rc.d/rc.local
[root@localhost ~]# ll /etc/rc.d/rc.local
-rwxr-xr-x 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local
[root@localhost ~]# vim /etc/rc.d/rc.local
......此处省略N行
# that this script will be executed during boot.
touch /var/lock/subsys/local
nohup novnc_server 172.16.12.128:5920 &
[root@localhost ~]# . /etc/rc.d/rc.local
做完以上操作后再次访问即可正常访问
6.2 案例2
第一次通过web访问kvm时可能会一直访问不了,一直转圈,而命令行界面一直报错(too many open files)
此时需要对nginx进行配置
[root@localhost ~]# vim /etc/nginx/nginx.conf
....此处省略N行
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
worker_rlimit_nofile 655350; //添加此行配置
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
....此处省略N行
[root@localhost ~]# systemctl restart nginx
然后对系统参数进行设置
[root@localhost ~]# vim /etc/security/limits.conf
....此处省略N行
# End of file
* soft nofile 655350
* hard nofile 655350