kvm虚拟化部署

简介: kvm虚拟化部署

虚拟化介绍



虚拟化是云计算的基础。简单的说,虚拟化使得在一台物理的服务器上可以跑多台虚拟机,虚拟机共享物理机的CPU、内存、IO硬件资源,但逻辑上虚拟机之间是相互隔离的。

物理机我们一般称为宿主机 (Host),宿主机上面的虚拟机称为客户机(Guest)。那么Host是如何将自己的硬件资源虚拟化,并提供给Guest 使用的呢?


这个主要是通过一个叫做 Hypervisor的程序实现的。


根据Hypervisor的实现方式和所处的位置,虚拟化又分为两种:


  • 全虚拟化


  • 半虚拟化


全虚拟化:


Hypervisor直接安装在物理机上,多个虚拟机在Hypervisor上运行。Hypervisor实现方式一般是一个特殊定制的Linux系统。Xen和VMWare的ESXi都属于这个类型


image.png


半虚拟化:


物理机上首先安装常规的操作系统,比如Redhat、Ubuntu和Windows。Hypervisor作为OS 上的一个程序模块运行,并对管理虚拟机进行管理。KVM、VirtualBox和VMWare Workstation都属于这个类型


image.png


理论上讲:


全虚拟化一般对硬件虚拟化功能进行了特别优化,性能上比半虚拟化要高;


半虚拟化因为基于普通的操作系统,会比较灵活,比如支持虚拟机嵌套。嵌套意味着可以在KVM虚拟机中再运行KVM。


kvm介绍



  • kVM全称是Kernel-Based Virtual Machine。也就是说KVM是基于Linux内核实现的。


  • KVM有一个内核模块叫 kvm.ko,只用于管理虚拟CPU和内存。


  • 那IO的虚拟化,比如存储和网络设备则是由Linux内核与Qemu来实现。


  • 作为一个Hypervisor,KVM本身只关注虚拟机调度和内存管理这两个方面。IO外设的任务交给Linux内核和Qemu。


  • 大家在网上看KVM相关文章的时候肯定经常会看到Libvirt这个东西。


  • Libvirt就是 KVM的管理工具。


-其实,Libvirt除了能管理KVM这种 Hypervisor,还能管理Xen,VirtualBox等。


  • Libvirt包含3个东西:后台daemon程序 libvirtd、API库和命令行工具 virsh. libvirtd是服务程序,接收和处理API请求;


  • API库使得其他人可以开发基于Libvirt 的高级工具,比如virt-manager,这是个图形化的KVM管理工具;


  • virsh是我们经常要用的KVM命令行工具


kvm部署



  • 环境说明


image.png


kvm安装


部署前请确保你的CPU虚拟化功能已开启。分为两种情况:


虚拟机要关机设置CPU虚拟化


物理机要在BIOS里开启CPU虚拟化


  • 关闭防火墙与SELINUX


[root@kvm ~]# systemctl stop firewalld
[root@kvm ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@kvm ~]# setenforce 0
[root@kvm ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@localhost ~]# reboot


  • 配置网络源


[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1572  100  1572    0     0  17810      0 --:--:-- --:--:-- --:--:-- 17662
[root@localhost ~]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@localhost ~]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo


  • 安装依赖包、工具


[root@kvm ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
安装过程略.....


  • 验证CPU是否支持KVM;如果结果中有vmx(lntel)或svm(AMD)字样


[root@localhost ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx
[root@localhost ~]# 


  • kvm安装


[root@localhost ~]#yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
……
安装过程省略


因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部其他服务器处于同—网段


  • 此处我的网卡是ens33,所以用br0来桥接ens33网卡


[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@localhost network-scripts]# ls
ifcfg-br0    ifdown-ippp    ifdown-Team      ifup-ib     ifup-ppp       init.ipv6-global
ifcfg-ens33  ifdown-ipv6    ifdown-TeamPort  ifup-ippp   ifup-routes    network-functions
ifcfg-lo     ifdown-isdn    ifdown-tunnel    ifup-ipv6   ifup-sit       network-functions-ipv6
ifdown       ifdown-post    ifup             ifup-isdn   ifup-Team
ifdown-bnep  ifdown-ppp     ifup-aliases     ifup-plip   ifup-TeamPort
ifdown-eth   ifdown-routes  ifup-bnep        ifup-plusb  ifup-tunnel
ifdown-ib    ifdown-sit     ifup-eth         ifup-post   ifup-wireless
[root@localhost network-scripts]# 
[root@localhost network-scripts]# vim ifcfg-br0 
[root@localhost network-scripts]# cat ifcfg-br0 
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0 
TYPE=Bridge
DEVICE=br0
NM_CONTROLLED=no
BOOTPROTO=static
NAME=br0
ONBOOT=yes
IPADDR=192.168.170.13
NETMASK=255.255.255.0
GATEWAY=192.168.170.2
DNS1=114.114.114.114
DNS2=8.8.8.8
[root@localhost ~]# 
[root@localhost network-scripts]# 
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no


  • 重启网络


[root@localhost ~]# 
[root@localhost ~]# /etc/init.d/network restart
Restarting network (via systemctl):                        [  ok  ]
[root@localhost ~]# 


  • 启动服务


[root@localhost ~]# systemctl start libvirtd
[root@localhost ~]# systemctl enable libvirtd


  • 验证安装结果


[root@localhost ~]#  lsmod|grep kvm
kvm_intel             170086  0 
kvm                   566340  1 kvm_intel
irqbypass              13503  1 kvm


  • 测试并验证安装结果


[root@localhost ~]# virsh -c qemu:///system list
 Id    名称                         状态
----------------------------------------------------
[root@localhost ~]# virsh --version
4.5.0
[root@localhost ~]# virt-install --version
1.5.0
[root@localhost ~]# 
[root@localhost ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@localhost ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 8月  31 12:09 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm


  • 查看网卡信息


[root@localhost ~]# brctl show
bridge name bridge id   STP enabled interfaces
br0   8000.000c292184e7 no    ens33
virbr0    8000.525400585a5f yes   virbr0-nic
[root@localhost ~]# 


  • 使用xmanaer管理,掉出界面kvm


Web管理界面安装



  • 安装依赖包


[root@localhost ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel


  • 升级vip


[root@localhost ~]#pip install --upgrade pip


  • 从github上下载webvirtmgr代码


[root@localhost ~]#cd /usr/local/src/
[root@localhost src]#git clone git://github.com/retspen/webvirtmgr.git
Cloning into 'webvirtmgr'...
remote: Enumeratg objects: 5730, done.
remote: Total 5730 (delta 0), reused 0 (delta 0), pack-reused 5730
Receiving objects: 100% (5730/5730), 3.01 MiB | 39.00 KiB/s, done.
Resolving deltas: 100% (3688/3688), done.


  • 安装webvirtmgr


[root@localhost src]#cd webvirtmgr/
[root@localhost webvirtmgr]# pip install -r requirements.txt
Collecting django==1.5.5 (from -r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB)
    57% |██████████████████▌             | 4.7MB 38kB/s eta 0:01:28 
.....此处省略安装步骤


  • 检查sqlite3是否安装


[root@localhost webvirtmgr]# python
Python 2.7.5 (default, May  3 2017, 07:55:04)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()


  • 初始化账号信息


[root@localhost webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes     //问你是否创建超级管理员帐号
Username (leave blank to use 'root'):   //指定超级管理员帐号用户名,默认留空为root
Email address: sean1002@126.com     //设置超级管理员邮箱
Password:       //设置超级管理员密码
Password (again):       //再次输入超级管理员密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)


  • 拷贝web网页至指定目录


[root@localhost webvirtmgr]# mkdir /var/www
[root@localhost webvirtmgr]#cp -r /usr/local/src/webvirtmgr /var/www/
[root@localhost webvirtmgr]#chown -R nginx.nginx /var/www/webvirtmgr/


  • 生成密钥


[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:CQoZtso2M5Uo39lKvjZboncqakQ69iJt5wnjiJKZNhw root@kvm
The key's randomart image is:
+---[RSA 2048]----+
|  o              |
| ..+.            |
|..+o  .          |
|o+.o + . .       |
|+*. = . S        |
|+E+o .           |
|+*= + .          |
|BO+===.          |
|Oo=**=           |
+----[SHA256]-----+
//由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个ip
[root@localhost ~]#ssh-copy-id  192.168.170.13


  • 配置端口转发


[root@localhost ~]#ssh 192.168.100.13 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
[root@localhost~]# ss -antl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN      0      128              *:111                          *:*
LISTEN      0      5      192.168.122.1:53                           *:*
LISTEN      0      128              *:22                           *:*
LISTEN      0      100      127.0.0.1:25                           *:*
LISTEN      0      128      127.0.0.1:6080                         *:*
LISTEN      0      128      127.0.0.1:8000                         *:*
LISTEN      0      128             :::111                         :::*
LISTEN      0      128             :::22                          :::*
LISTEN      0      100            ::1:25                          :::*
LISTEN      0      128            ::1:6080                        :::*
LISTEN      0      128            ::1:8000                        :::* 


  • 配置nginx


[root@localhost ~]#vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    server {
        listen       80;
        server_name  localhost;
        include /etc/nginx/default.d/*.conf;
        location / {
            root html;
            index index.html index.htm;
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}
[root@kvm ~]# vim /etc/nginx/conf.d/webvirtmgr.conf
server {
    listen 80 default_server;
    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;
    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr;
        expires max;
    }
    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M;
    }
}


  • 确定bind绑定的是本机的8000端口


[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
.....此处省略N行
bind = '0.0.0.0:8000'     //确保此处绑定的是本机的8000端口,这个在nginx配置中定义了,被代理的端口
backlog = 2048
.....此处省略N行


  • 重启nginx


[root@localhost ~]#systemctl restart nginx
[root@localhost ~]#ss -antl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN      0      128              *:111                          *:*
LISTEN      0      128              *:80                           *:*
LISTEN      0      5      192.168.122.1:53                           *:*
LISTEN      0      128              *:22                           *:*
LISTEN      0      100      127.0.0.1:25                           *:*
LISTEN      0      128      127.0.0.1:6080                         *:*
LISTEN      0      128      127.0.0.1:8000                         *:*
LISTEN      0      128             :::111                         :::*
LISTEN      0      128             :::22                          :::*
LISTEN      0      100            ::1:25                          :::*
LISTEN      0      128            ::1:6080                        :::*
LISTEN      0      128            ::1:8000                        :::*


  • 设置supervisor


[root@localhost ~]#vim /etc/supervisord.conf
.....此处省略上面的内容,在文件最后加上以下内容
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx


  • 启动supervisor并设置开机自启


[root@localhost ~]#systemctl start supervisord
[root@localhost ~]#systemctl enable supervisord
[root@localhost ~]#systemctl status supervisord
```
- 配置nginx用户
```
[root@localhost ~]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rdbmW/YIXxAJBzPsd9q9eKHPjWtSZ5EQC5li3tkczYI nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|         .=o=.+  |
|         o.E.=.o |
|        o.o *.+ .|
|         o.o.+.o |
|        S ...+ ..|
|         o  ..o.+|
|        o + o.+oo|
|       . o =.*o+.|
|          o.oo*+.|
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.160.109
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.160.109' (ECDSA) to the list of known hosts.
root@192.168.160.109's password:
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'root@192.168.160.109'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
logout
[root@localhost ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@localhost ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@localhost ~]#  systemctl restart nginx
[root@localhost ~]# systemctl restart libvirtd
```
## kvm web 界面管理
通过ip地址在浏览器上访问kvm,例如我这里就是:http://192.168.170.13
![在这里插入图片描述](https://ucc.alicdn.com/images/user-upload-01/20191102154020949.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MjMxMzc0OQ==,size_16,color_FFFFFF,t_70)



相关文章
|
20天前
|
存储 Linux 调度
KVM 虚拟化的功能特性
【10月更文挑战第13天】虚拟化技术创建实体资源的虚拟版本,提升资源利用率。KVM(Kernel-based Virtual Machine)作为全虚拟化解决方案,借助Linux内核实现Hypervisor功能,通过模块化方式提供高效的虚拟化环境。
|
2月前
|
KVM 虚拟化
虚拟化技术概述及KVM环境安装
关于虚拟化技术概述及KVM环境安装的教程,涵盖了虚拟化的定义、分类、管理工具,以及KVM的系统需求、安装步骤和使用指南。
72 11
虚拟化技术概述及KVM环境安装
|
25天前
|
安全 KVM 虚拟化
OpenEuler 中配置 KVM 虚拟化环境指南
本文档详细介绍了如何在OpenEuler系统中配置和管理KVM虚拟化环境,包括环境准备、组件安装、虚拟机安装及管理命令等,适合初学者和有经验的用户。内容覆盖了从桥接网卡配置到虚拟机的安装与管理,以及常见问题的解决方法,帮助用户高效利用虚拟化技术。
|
3月前
|
Linux KVM 虚拟化
在Linux中,KVM和Docker在Linux虚拟化中的区别是什么?
在Linux中,KVM和Docker在Linux虚拟化中的区别是什么?
|
Go 虚拟化 云计算
Docker 基础知识解析:容器与传统虚拟化对比:资源利用、启动时间、隔离性和部署效率
Docker 基础知识解析:容器与传统虚拟化对比:资源利用、启动时间、隔离性和部署效率
413 0
|
6月前
|
存储 Linux KVM
虚拟化技术之KVM安装与使用
虚拟化技术之KVM安装与使用
|
6月前
|
Linux Shell 虚拟化
linux 部署docker容器虚拟化平台(二)--------docker 镜像制作方法
linux 部署docker容器虚拟化平台(二)--------docker 镜像制作方法
99 0
|
6月前
|
大数据 Linux KVM
【云计算与大数据技术】虚拟化技术、开源技术Xen、KVM、OpenVZ的讲解(图文解释 超详细)
【云计算与大数据技术】虚拟化技术、开源技术Xen、KVM、OpenVZ的讲解(图文解释 超详细)
214 0
|
3月前
|
存储 Linux 调度
OpenStack如何支持虚拟化技术?
【8月更文挑战第21天】
187 0
|
1月前
|
存储 分布式计算 分布式数据库
云计算和虚拟化技术
云计算是指把计算资源、存储资源、网络资源、应用软件等集合起来,采用虚拟化技术,将这些资源池化,组成资源共享池,共享池即是“云”。
134 64