虚拟化介绍
虚拟化是云计算的基础。简单的说,虚拟化使得在一台物理的服务器上可以跑多台虚拟机,虚拟机共享物理机的CPU、内存、IO硬件资源,但逻辑上虚拟机之间是相互隔离的。
物理机我们一般称为宿主机 (Host),宿主机上面的虚拟机称为客户机(Guest)。那么Host是如何将自己的硬件资源虚拟化,并提供给Guest 使用的呢?
这个主要是通过一个叫做 Hypervisor的程序实现的。
根据Hypervisor的实现方式和所处的位置,虚拟化又分为两种:
- 全虚拟化
- 半虚拟化
全虚拟化:
Hypervisor直接安装在物理机上,多个虚拟机在Hypervisor上运行。Hypervisor实现方式一般是一个特殊定制的Linux系统。Xen和VMWare的ESXi都属于这个类型
半虚拟化:
物理机上首先安装常规的操作系统,比如Redhat、Ubuntu和Windows。Hypervisor作为OS 上的一个程序模块运行,并对管理虚拟机进行管理。KVM、VirtualBox和VMWare Workstation都属于这个类型
理论上讲:
全虚拟化一般对硬件虚拟化功能进行了特别优化,性能上比半虚拟化要高;
半虚拟化因为基于普通的操作系统,会比较灵活,比如支持虚拟机嵌套。嵌套意味着可以在KVM虚拟机中再运行KVM。
kvm介绍
- kVM全称是Kernel-Based Virtual Machine。也就是说KVM是基于Linux内核实现的。
- KVM有一个内核模块叫 kvm.ko,只用于管理虚拟CPU和内存。
- 那IO的虚拟化,比如存储和网络设备则是由Linux内核与Qemu来实现。
- 作为一个Hypervisor,KVM本身只关注虚拟机调度和内存管理这两个方面。IO外设的任务交给Linux内核和Qemu。
- 大家在网上看KVM相关文章的时候肯定经常会看到Libvirt这个东西。
- Libvirt就是 KVM的管理工具。
-其实,Libvirt除了能管理KVM这种 Hypervisor,还能管理Xen,VirtualBox等。
- Libvirt包含3个东西:后台daemon程序 libvirtd、API库和命令行工具 virsh. libvirtd是服务程序,接收和处理API请求;
- API库使得其他人可以开发基于Libvirt 的高级工具,比如virt-manager,这是个图形化的KVM管理工具;
- virsh是我们经常要用的KVM命令行工具
kvm部署
- 环境说明
kvm安装
部署前请确保你的CPU虚拟化功能已开启。分为两种情况:
虚拟机要关机设置CPU虚拟化
物理机要在BIOS里开启CPU虚拟化
- 关闭防火墙与SELINUX
[root@kvm ~]# systemctl stop firewalld [root@kvm ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@kvm ~]# setenforce 0 [root@kvm ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config [root@localhost ~]# reboot
- 配置网络源
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1572 100 1572 0 0 17810 0 --:--:-- --:--:-- --:--:-- 17662 [root@localhost ~]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo [root@localhost ~]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
- 安装依赖包、工具
[root@kvm ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++ 安装过程略.....
- 验证CPU是否支持KVM;如果结果中有vmx(lntel)或svm(AMD)字样
[root@localhost ~]# egrep -o 'vmx|svm' /proc/cpuinfo vmx [root@localhost ~]#
- kvm安装
[root@localhost ~]#yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools …… 安装过程省略
因为虚拟机中网络,我们一般都是和公司的其他服务器是同一个网段,所以我们需要把KVM服务器的网卡配置成桥接模式。这样的话KVM的虚拟机就可以通过该桥接网卡和公司内部其他服务器处于同—网段
- 此处我的网卡是ens33,所以用br0来桥接ens33网卡
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-br0 [root@localhost network-scripts]# ls ifcfg-br0 ifdown-ippp ifdown-Team ifup-ib ifup-ppp init.ipv6-global ifcfg-ens33 ifdown-ipv6 ifdown-TeamPort ifup-ippp ifup-routes network-functions ifcfg-lo ifdown-isdn ifdown-tunnel ifup-ipv6 ifup-sit network-functions-ipv6 ifdown ifdown-post ifup ifup-isdn ifup-Team ifdown-bnep ifdown-ppp ifup-aliases ifup-plip ifup-TeamPort ifdown-eth ifdown-routes ifup-bnep ifup-plusb ifup-tunnel ifdown-ib ifdown-sit ifup-eth ifup-post ifup-wireless [root@localhost network-scripts]# [root@localhost network-scripts]# vim ifcfg-br0 [root@localhost network-scripts]# cat ifcfg-br0 [root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0 TYPE=Bridge DEVICE=br0 NM_CONTROLLED=no BOOTPROTO=static NAME=br0 ONBOOT=yes IPADDR=192.168.170.13 NETMASK=255.255.255.0 GATEWAY=192.168.170.2 DNS1=114.114.114.114 DNS2=8.8.8.8 [root@localhost ~]# [root@localhost network-scripts]# [root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet BOOTPROTO=static NAME=ens33 DEVICE=ens33 ONBOOT=yes BRIDGE=br0 NM_CONTROLLED=no
- 重启网络
[root@localhost ~]# [root@localhost ~]# /etc/init.d/network restart Restarting network (via systemctl): [ ok ] [root@localhost ~]#
- 启动服务
[root@localhost ~]# systemctl start libvirtd [root@localhost ~]# systemctl enable libvirtd
- 验证安装结果
[root@localhost ~]# lsmod|grep kvm kvm_intel 170086 0 kvm 566340 1 kvm_intel irqbypass 13503 1 kvm
- 测试并验证安装结果
[root@localhost ~]# virsh -c qemu:///system list Id 名称 状态 ---------------------------------------------------- [root@localhost ~]# virsh --version 4.5.0 [root@localhost ~]# virt-install --version 1.5.0 [root@localhost ~]# [root@localhost ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm [root@localhost ~]# ll /usr/bin/qemu-kvm lrwxrwxrwx 1 root root 21 8月 31 12:09 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
- 查看网卡信息
[root@localhost ~]# brctl show bridge name bridge id STP enabled interfaces br0 8000.000c292184e7 no ens33 virbr0 8000.525400585a5f yes virbr0-nic [root@localhost ~]#
- 使用xmanaer管理,掉出界面kvm
Web管理界面安装
- 安装依赖包
[root@localhost ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
- 升级vip
[root@localhost ~]#pip install --upgrade pip
- 从github上下载webvirtmgr代码
[root@localhost ~]#cd /usr/local/src/ [root@localhost src]#git clone git://github.com/retspen/webvirtmgr.git Cloning into 'webvirtmgr'... remote: Enumeratg objects: 5730, done. remote: Total 5730 (delta 0), reused 0 (delta 0), pack-reused 5730 Receiving objects: 100% (5730/5730), 3.01 MiB | 39.00 KiB/s, done. Resolving deltas: 100% (3688/3688), done.
- 安装webvirtmgr
[root@localhost src]#cd webvirtmgr/ [root@localhost webvirtmgr]# pip install -r requirements.txt Collecting django==1.5.5 (from -r requirements.txt (line 1)) Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB) 57% |██████████████████▌ | 4.7MB 38kB/s eta 0:01:28 .....此处省略安装步骤
- 检查sqlite3是否安装
[root@localhost webvirtmgr]# python Python 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import sqlite3 >>> exit()
- 初始化账号信息
[root@localhost webvirtmgr]# python manage.py syncdb WARNING:root:No local_settings file found. Creating tables ... Creating table auth_permission Creating table auth_group_permissions Creating table auth_group Creating table auth_user_groups Creating table auth_user_user_permissions Creating table auth_user Creating table django_content_type Creating table django_session Creating table django_site Creating table servers_compute Creating table instance_instance Creating table create_flavor You just installed Django's auth system, which means you don't have any superusers defined. Would you like to create one now? (yes/no): yes //问你是否创建超级管理员帐号 Username (leave blank to use 'root'): //指定超级管理员帐号用户名,默认留空为root Email address: sean1002@126.com //设置超级管理员邮箱 Password: //设置超级管理员密码 Password (again): //再次输入超级管理员密码 Superuser created successfully. Installing custom SQL ... Installing indexes ... Installed 6 object(s) from 1 fixture(s)
- 拷贝web网页至指定目录
[root@localhost webvirtmgr]# mkdir /var/www [root@localhost webvirtmgr]#cp -r /usr/local/src/webvirtmgr /var/www/ [root@localhost webvirtmgr]#chown -R nginx.nginx /var/www/webvirtmgr/
- 生成密钥
[root@localhost ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:CQoZtso2M5Uo39lKvjZboncqakQ69iJt5wnjiJKZNhw root@kvm The key's randomart image is: +---[RSA 2048]----+ | o | | ..+. | |..+o . | |o+.o + . . | |+*. = . S | |+E+o . | |+*= + . | |BO+===. | |Oo=**= | +----[SHA256]-----+ //由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个ip [root@localhost ~]#ssh-copy-id 192.168.170.13
- 配置端口转发
[root@localhost ~]#ssh 192.168.100.13 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60 [root@localhost~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 5 192.168.122.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 127.0.0.1:6080 *:* LISTEN 0 128 127.0.0.1:8000 *:* LISTEN 0 128 :::111 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 128 ::1:6080 :::* LISTEN 0 128 ::1:8000 :::*
- 配置nginx
[root@localhost ~]#vim /etc/nginx/nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; server { listen 80; server_name localhost; include /etc/nginx/default.d/*.conf; location / { root html; index index.html index.htm; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } } [root@kvm ~]# vim /etc/nginx/conf.d/webvirtmgr.conf server { listen 80 default_server; server_name $hostname; #access_log /var/log/nginx/webvirtmgr_access_log; location /static/ { root /var/www/webvirtmgr/webvirtmgr; expires max; } location / { proxy_pass http://127.0.0.1:8000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; client_max_body_size 1024M; } }
- 确定bind绑定的是本机的8000端口
[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py .....此处省略N行 bind = '0.0.0.0:8000' //确保此处绑定的是本机的8000端口,这个在nginx配置中定义了,被代理的端口 backlog = 2048 .....此处省略N行
- 重启nginx
[root@localhost ~]#systemctl restart nginx [root@localhost ~]#ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 128 *:80 *:* LISTEN 0 5 192.168.122.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 127.0.0.1:6080 *:* LISTEN 0 128 127.0.0.1:8000 *:* LISTEN 0 128 :::111 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 128 ::1:6080 :::* LISTEN 0 128 ::1:8000 :::*
- 设置supervisor
[root@localhost ~]#vim /etc/supervisord.conf .....此处省略上面的内容,在文件最后加上以下内容 [program:webvirtmgr] command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py directory=/var/www/webvirtmgr autostart=true autorestart=true logfile=/var/log/supervisor/webvirtmgr.log log_stderr=true user=nginx [program:webvirtmgr-console] command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console directory=/var/www/webvirtmgr autostart=true autorestart=true stdout_logfile=/var/log/supervisor/webvirtmgr-console.log redirect_stderr=true user=nginx
- 启动supervisor并设置开机自启
[root@localhost ~]#systemctl start supervisord [root@localhost ~]#systemctl enable supervisord [root@localhost ~]#systemctl status supervisord ``` - 配置nginx用户 ``` [root@localhost ~]# su - nginx -s /bin/bash -bash-4.2$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa): Created directory '/var/lib/nginx/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/lib/nginx/.ssh/id_rsa. Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub. The key fingerprint is: SHA256:rdbmW/YIXxAJBzPsd9q9eKHPjWtSZ5EQC5li3tkczYI nginx@localhost.localdomain The key's randomart image is: +---[RSA 2048]----+ | .=o=.+ | | o.E.=.o | | o.o *.+ .| | o.o.+.o | | S ...+ ..| | o ..o.+| | o + o.+oo| | . o =.*o+.| | o.oo*+.| +----[SHA256]-----+ -bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config -bash-4.2$ chmod 0600 ~/.ssh/config -bash-4.2$ ssh-copy-id root@192.168.160.109 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub" /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Warning: Permanently added '192.168.160.109' (ECDSA) to the list of known hosts. root@192.168.160.109's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.160.109'" and check to make sure that only the key(s) you wanted were added. -bash-4.2$ exit logout [root@localhost ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla [Remote libvirt SSH access] Identity=unix-user:root Action=org.libvirt.unix.manage ResultAny=yes ResultInactive=yes ResultActive=yes [root@localhost ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla [root@localhost ~]# systemctl restart nginx [root@localhost ~]# systemctl restart libvirtd ``` ## kvm web 界面管理 通过ip地址在浏览器上访问kvm,例如我这里就是:http://192.168.170.13 
