KVM簡介
KVM贷掖,是Keyboard Video Mouse的縮寫藕夫,KVM 通過直接連接鍵盤孽糖、視頻或鼠標 (KVM)端口,能夠訪問和控制計算機汁胆。KVM技術無需目標服務器修改軟件梭姓。這就意味著可以在BIOS環(huán)境下霜幼,隨時訪問目標計算機嫩码。KVM 提供真正的主板級別訪問,并支持多平臺服務器和串行設備罪既。KVM 技術已經(jīng)從最初的基礎SOHO辦公型铸题,發(fā)展成為企業(yè) IT 基礎機房設施管理系統(tǒng)∽粮校可以從kvm 客戶端管理軟件輕松的直接訪問位于多個遠程位置的服務器和設備丢间。KVM over IP 解決方案具備完善的多地點故障轉移功能、符合新服務器管理標準 (IPMI) 的直接界面驹针,以及將本地存儲媒體映射至遠程位置的功能烘挫。
KVM代表著鍵盤、鼠標和顯示器,即利用一組鍵盤饮六、顯示器或鼠標實現(xiàn)對多臺設備的控制其垄,在遠程調(diào)度監(jiān)控方面發(fā)揮著重要作用。KVM技術可以向遠程終端發(fā)送調(diào)度信息網(wǎng)中的各項數(shù)據(jù)資料卤橄,為下一級調(diào)度機構提供方便绿满,這樣即便下級調(diào)度機構沒有建立調(diào)度數(shù)據(jù)網(wǎng),也能夠?qū)崿F(xiàn)信息的共享窟扑。
多計算機切換器KVM)以多主機切換技術為依據(jù)喇颁,借助一組鍵盤或鼠標和顯示器完成多臺服務器之間的切換,進而節(jié)省空間嚎货,降低成本橘霎,使得管理更為簡易方便,以提升工作效率殖属。該技術具有很多優(yōu)點茎毁,應用十分廣泛。首先忱辅,在整個機房管理中七蜘,改變了傳統(tǒng)的一對一的控制方式,而采用了一對多的管理方式墙懂,有利于節(jié)省空間橡卤、提高工作效率;其次损搬,主機系統(tǒng)的安全性能得到了很大提升碧库,而且具備了長距離的傳輸能力,在與遠程用戶相連接時巧勤,安全性能得到良好的保證嵌灰;在服務器較多的情況下,通過數(shù)字交換機與其他服務器相連颅悉,并能與遠程相連沽瞭,可同時對本地和遠程進行控制。在一些大型系統(tǒng)的解決方案中剩瓶,可使用具有模擬交換機矩陣功能的大型模塊系統(tǒng)驹溃,能夠滿足終端用戶同時對上百臺甚至更多服務器的訪問,進而實現(xiàn)從中心點通過KVM系統(tǒng)對各地的服務器進行有效控制延曙。此外豌鹤,該技術也可以在家庭中用,為普通用戶提供了很多方便枝缔。
kVM 全稱是 Kernel-Based Virtual Machine布疙。也就是說 KVM 是基于 Linux 內(nèi)核實現(xiàn)的仗阅。
KVM有一個內(nèi)核模塊叫 kvm.ko匙睹,只用于管理虛擬 CPU 和內(nèi)存抄瓦。
那 IO 的虛擬化佛吓,比如存儲和網(wǎng)絡設備則是由 Linux 內(nèi)核與Qemu來實現(xiàn)。
作為一個 Hypervisor俱诸,KVM 本身只關注虛擬機調(diào)度和內(nèi)存管理這兩個方面菠劝。IO 外設的任務交給 Linux 內(nèi)核和 Qemu。
大家在網(wǎng)上看 KVM 相關文章的時候肯定經(jīng)常會看到 Libvirt 這個東西睁搭。
Libvirt 就是 KVM 的管理工具赶诊。
其實,Libvirt 除了能管理 KVM 這種 Hypervisor园骆,還能管理 Xen舔痪,VirtualBox 等。
Libvirt 包含 3 個東西:后臺 daemon 程序 libvirtd锌唾、API 庫和命令行工具 virsh
- libvirtd是服務程序锄码,接收和處理 API 請求;
- API 庫使得其他人可以開發(fā)基于 Libvirt 的高級工具晌涕,比如 virt-manager滋捶,這是個圖形化的 KVM 管理工具;
- virsh 是我們經(jīng)常要用的 KVM 命令行工具
KVM的種類
按網(wǎng)絡環(huán)境可分為:基于IP(KVM O IP)和非IP余黎;
按設備環(huán)境可分為:機械和電子(手動和自動)重窟;
按安裝方式可分為:臺式和機架式;
按工作模式可分為:模擬KVM和數(shù)字KVM惧财;
按應用范圍可分為:高巡扇、中、低三類
虛擬化介紹
虛擬化是云計算的基礎垮衷。簡單的說厅翔,虛擬化使得在一臺物理的服務器上可以跑多臺虛擬機,虛擬機共享物理機的 CPU搀突、內(nèi)存刀闷、IO 硬件資源,但邏輯上虛擬機之間是相互隔離的描姚。
物理機我們一般稱為宿主機(Host)涩赢,宿主機上面的虛擬機稱為客戶機(Guest)戈次。
那么 Host 是如何將自己的硬件資源虛擬化轩勘,并提供給 Guest 使用的呢?
這個主要是通過一個叫做 Hypervisor 的程序?qū)崿F(xiàn)的怯邪。
根據(jù) Hypervisor 的實現(xiàn)方式和所處的位置绊寻,虛擬化又分為兩種:
- 全虛擬化
- 半虛擬化
全虛擬化:
Hypervisor 直接安裝在物理機上,多個虛擬機在 Hypervisor 上運行。Hypervisor 實現(xiàn)方式一般是一個特殊定制的 Linux 系統(tǒng)澄步。Xen 和 VMWare 的 ESXi 都屬于這個類型
半虛擬化:
物理機上首先安裝常規(guī)的操作系統(tǒng)冰蘑,比如 Redhat、Ubuntu 和 Windows村缸。Hypervisor 作為 OS 上的一個程序模塊運行祠肥,并對管理虛擬機進行管理。KVM梯皿、VirtualBox 和 VMWare Workstation 都屬于這個類型
理論上講:
全虛擬化一般對硬件虛擬化功能進行了特別優(yōu)化仇箱,性能上比半虛擬化要高;
半虛擬化因為基于普通的操作系統(tǒng)东羹,會比較靈活剂桥,比如支持虛擬機嵌套。嵌套意味著可以在KVM虛擬機中再運行KVM
部署KVM
環(huán)境說明
| 系統(tǒng)環(huán)境 | IP地址 |
|---|---|
| centos7.5 | 192.168.182.131 |
安裝KVM
安裝之前先確保你的虛擬機開啟了虛擬化属提,這里如果有三個選項就都勾選权逗,我們這里只有兩個就只勾選這兩個
首先關閉防火墻和selinux
[root@localhost ~]# systemctl disable --now firewalld
[root@localhost ~]# tail -6 /etc/selinux/config
SELINUX=disabled //將enabled改為disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
配置網(wǎng)絡倉庫
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
安裝依賴包及相關命令
[root@localhost ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
驗證CPU是否支持KVM,如果出現(xiàn)vmx(Intel)或svm(AMD)的字樣說明可以
[root@localhost ~]# egrep -o 'vmx|svm' /proc/cpuinfo
svm
svm
svm
svm
安裝KVM
[root@localhost ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
因為我們要和公司的其他服務器是同一個網(wǎng)段冤议,所以要把kvm的服務器的網(wǎng)卡配置成橋接模式斟薇。這樣的話KVM的虛擬機就可以通過該橋接網(wǎng)卡和公司內(nèi)部的其他服務器保持在同一個網(wǎng)段
[root@localhost network-scripts]# cp ifcfg-ens160 ifcfg-br0
[root@localhost network-scripts]# pwd
/etc/sysconfig/network-scripts
[root@localhost network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO="static"
DEFROUTE="yes"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
BRIDGE=br0
[root@localhost network-scripts]# cat ifcfg-br0
TYPE=Bridge
BOOTPROTO="static"
DEFROUTE="yes"
NAME=br0
DEVICE=br0
ONBOOT="yes"
IPADDR=192.168.182.131
PREFIX=24
GATEWAY=192.168.182.2
DNS1=192.168.182.2
重啟網(wǎng)卡并查看
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 00:0c:29:51:74:74 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:c2:d0:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:c2:d0:f1 brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:51:74:74 brd ff:ff:ff:ff:ff:ff
inet 192.168.182.131/24 brd 192.168.182.255 scope global noprefixroute br0
valid_lft forever preferred_lft forever
inet6 fe80::b85e:1fff:fea1:87e4/64 scope link
valid_lft forever preferred_lft forever
啟動服務并設置開機自啟
[root@localhost ~]# systemctl enable --now libvirtd
驗證安裝結果
[root@localhost ~]# lsmod | grep kvm
kvm_amd 2176426 0
kvm 578518 1 kvm_amd
irqbypass 13503 1 kvm
測試并驗證安裝結果
[root@localhost ~]# virsh -c qemu:///system list
Id 名稱 狀態(tài)
-------------------
[root@localhost ~]# virsh --version
4.5.0
[root@localhost ~]# virt-install --version
1.5.0
[root@localhost ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@localhost ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 10月 20 20:38 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
查看網(wǎng)橋信息
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c29517474 no ens33
virbr0 8000.525400c2d0f1 yes virbr0-nic
kvm web管理界面安裝
安裝依賴包
[root@localhost ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
從GitHub上下載webvirtmgr
[root@localhost src]# pwd
/usr/local/src
[root@localhost src]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
接收對象中: 100% (5614/5614), 2.97 MiB | 621.00 KiB/s, done.
處理 delta 中: 100% (3606/3606), done.
升級pip
[root@localhost webvirtmgr]# pip install --upgrade pip
安裝webvirtmgr
[root@localhost webvirtmgr]# pwd
/usr/local/src/webvirtmgr
[root@localhost webvirtmgr]# pip install -r requirements.txt
檢查sqlite3是否安裝
[root@localhost webvirtmgr]# python
Python 2.7.5 (default, Nov 16 2020, 22:23:17)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
初始化賬號信息
[root@localhost webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes //詢問是否創(chuàng)建超級管理員
Username (leave blank to use 'root'): //指定超級管理員帳號用戶名,默認留空為root
Email address: 1@2.com //設置超級管理員郵箱恕酸,在生產(chǎn)環(huán)境中填真實的郵箱
Password: //設置超級管理員的密碼
Password (again): //再次輸入密碼
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
拷貝web網(wǎng)頁至指定目錄
[root@localhost src]# pwd
/usr/local/src
[root@localhost webvirtmgr]# mkdir /var/www
[root@localhost webvirtmgr]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@localhost webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/
生成密鑰
[root@localhost webvirtmgr]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:SKFqmwFsKaY/5t7Wi1W6Hw5O5fJKy8aahtLmw/TuF88 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| . |
|. . . . |
|o= . . |
|=. . . . |
|. + . S |
| o.+ .= |
| +*o oB+o |
|.o*o+O=BE. |
| =+*B+B++ |
+----[SHA256]-----+
由于webvirtmgr和kvm服務器部署在同一臺機器奔垦,所以這里本地信任。如果kvm部署在其他他機器尸疆,那么這個是它的IP
[root@localhost webvirtmgr]# ssh-copy-id 192.168.182.131
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.182.131 (192.168.182.131)' can't be established.
ECDSA key fingerprint is SHA256:ySNiHWvgyBVXhGzIaWZjmgiNpd+6/FCeTygVqo0xLYw.
ECDSA key fingerprint is MD5:a8:fe:d4:cb:a6:a7:e8:90:3e:a4:ce:55:ce:5a:99:36.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.182.131's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.182.131'"
and check to make sure that only the key(s) you wanted were added.
配置端口轉發(fā)
[root@localhost webvirtmgr]# ssh 192.168.182.131 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
Last login: Wed Oct 20 20:14:34 2021 from 192.168.182.1
[root@localhost ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
配置nginx
[root@localhost nginx]# pwd
/etc/nginx
先備份
[root@localhost nginx]# cp nginx.conf{,-bak}
再重新編寫配置
[root@localhost nginx]# > nginx.conf
[root@localhost nginx]# vim nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
[root@localhost ~]# vim /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
確保bind綁定的是本機的8080端口
[root@localhost ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
bind = '0.0.0.0:8000' //確保此處綁定的是本機的8000端口椿猎,這個在nginx配置中定義了,被代理的端口
backlog = 2048
重啟nginx并設置開機自啟
[root@localhost ~]# systemctl restart nginx.service
[root@localhost ~]# systemctl enable --now nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@localhost ~]# ps -ef | grep nginx
root 124251 1 0 21:58 ? 00:00:00 nginx: master process /usr/sbin/nginx
nginx 124252 124251 0 21:58 ? 00:00:00 nginx: worker process
nginx 124253 124251 0 21:58 ? 00:00:00 nginx: worker process
root 126363 95533 0 21:58 pts/4 00:00:00 grep --color=auto nginx
設置supervisor
在此文件的最后添加一下內(nèi)容
[root@localhost ~]# vim /etc/supervisord.conf
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
啟動supervisor并設置開機自啟
[root@localhost ~]# systemctl enable --now supervisord.service
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
[root@localhost ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
配置nginx用戶
[root@localhost ~]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IByl1v++59cdCXgDChk0TrjDUfdGBfesawAdBegTwG4 nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| ..*B+..==+ |
| . *o+oo+.o o |
| * *.o.o+o o |
| . = E +o. +. |
| o S ....o .|
| . . .o |
| . o .o|
| . o . o|
| o+.. |
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.182.131
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.182.131' (ECDSA) to the list of known hosts.
root@192.168.182.131's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.182.131'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
[root@localhost ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@localhost ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@localhost ~]# systemctl restart libvirtd
[root@localhost ~]# systemctl restart nginx.service
第一次通過web訪問kvm時可能會一直訪問不了寿弱,一直轉圈犯眠,而命令行界面一直報錯(too many open files)
此時需要對nginx進行配置
[root@localhost ~]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
worker_rlimit_nofile 655350; //添加此行配置
[root@localhost ~]# systemctl restart nginx.service
然后再對系統(tǒng)參數(shù)進行設置
在最后添加下面兩行
[root@localhost ~]# vim /etc/security/limits.conf
* soft nofile 655350
* hard nofile 655350
KVM web界面管理
通過ip地址在瀏覽器上訪問kvm
這里的用戶名和密碼為剛才設置的超級管理員的用戶和密碼
創(chuàng)建ssh連接
點擊添加
點擊此處進行編輯
點擊創(chuàng)建存儲池,在點擊新存儲池
選擇目錄類型卷症革,名稱為default筐咧。點擊創(chuàng)建
進入存儲池
將ISO鏡像上傳至存儲目錄/var/lib/libvirt/images
[root@localhost ~]# cd /var/lib/libvirt/images/
[root@localhost images]# ls
rhel-8.2-x86_64-dvd_2.iso
先刷新一下網(wǎng)頁,在web界面查看ISO鏡像是否存在噪矛,點擊添加鏡像
選擇好子厚點擊創(chuàng)建即可
創(chuàng)建之后出現(xiàn)下圖說創(chuàng)建成功
kvm網(wǎng)絡管理
點擊網(wǎng)絡池量蕊,選擇新建網(wǎng)絡
這是好之后點擊創(chuàng)建
管理虛擬機實例
實例創(chuàng)建
點擊創(chuàng)建新虛擬機
點擊Custon Instance定制虛擬機
選擇好之后點擊創(chuàng)建即可
虛擬機插入光盤
先點擊設置,再點擊media艇挨,最后點擊連接插入虛擬機掛光盤
設置web上訪問虛擬機的密碼
先點擊access残炮,再點擊console password,最后設置密碼點擊set password
啟動虛擬機
點擊開機之后既可以看到此界面說明成功缩滨。
部署kvm
環(huán)境說明
| 系統(tǒng) | IP | 主機名 |
|---|---|---|
| redhat8 | 192.168.182.141 | kvm |
| centos7 | 192.168.182.131 | kvm-web |
KVM安裝
部署前請確保你的CPU虛擬化功能已開啟势就,這個地方有幾個就勾選幾個
配置網(wǎng)絡源
[root@kvm ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
安裝依賴包
[root@kvm ~]# dnf -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
驗證CPU是否支持KVM泉瞻;如果結果中有vmx(Intel)或svm(AMD)字樣,就說明CPU的支持的
[root@kvm ~]# egrep -o 'vmx|svm' /proc/cpuinfo
svm
svm
svm
svm
安裝kvm
[root@kvm ~]# dnf -y install qemu-kvm qemu-kvm-common qemu-img virt-manager libvirt python3-libvirt libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
因為虛擬機中網(wǎng)絡苞冯,我們一般都是和公司的其他服務器是同一個網(wǎng)段袖牙,所以我們需要把KVM服務器的網(wǎng)卡配置成橋接模式。
這樣的話KVM的虛擬機就可以通過該橋接網(wǎng)卡和公司內(nèi)部其他服務器處于同一網(wǎng)段舅锄。
此處我的網(wǎng)卡是ens160鞭达,所以用br0來橋接ens160網(wǎng)卡
[root@kvm ~]# cd /etc/sysconfig/network-scripts
[root@kvm network-scripts]# ls
ifcfg-ens160
[root@kvm network-scripts]# cp ifcfg-ens160 ifcfg-br0
[root@kvm network-scripts]# cat ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
DEVICE=ens160
NAME=ens160
BRIDGE=br0
[root@kvm network-scripts]# cat ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
DEVICE=br0
NAME=br0
IPADDR=192.168.182.141
PREFIX=24
GATEWAY=192.168.182.2
DNS1=192.168.182.2
[root@kvm network-scripts]# systemctl restart NetworkManager
[root@kvm network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:18:28:7e brd ff:ff:ff:ff:ff:ff
inet 192.168.182.141/24 brd 192.168.182.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe18:287e/64 scope link
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 7a:3a:c4:6c:f9:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.182.141/24 brd 192.168.182.255 scope global noprefixroute br0
valid_lft forever preferred_lft forever
inet6 fe80::783a:c4ff:fe6c:f99f/64 scope link tentative
valid_lft forever preferred_lft forever
啟動服務并設置開機自啟
[root@kvm network-scripts]# systemctl enable --now libvirtd
[root@kvm network-scripts]# systemctl status libvirtd
● libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vend>
Active: active (running) since Thu 2021-10-21 12:12:38 CST; 27s ago
Docs: man:libvirtd(8)
驗證安裝結果
[root@kvm ~]# lsmod |grep kvm
kvm_amd 110592 0
ccp 98304 1 kvm_amd
kvm 786432 1 kvm_amd
irqbypass 16384 1 kvm
[root@kvm ~]# virsh -c qemu:///system list
Id 名稱 狀態(tài)
-------------------
[root@kvm ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@kvm ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 10月 21 12:15 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
查看網(wǎng)橋信息
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
virbr0 8000.525400020d74 yes virbr0-nic
kvm web界面管理配置
配置epel源
[root@kvm-web ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@kvm-web ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
下載依賴包
[root@kvm-web ~]# yum -y install vim wget net-tools unzip zip gcc gcc-c++
[root@kvm-web ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
從github上下載webvirtmgr代碼
[root@kvm-web src]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
接收對象中: 100% (5614/5614), 2.97 MiB | 799.00 KiB/s, done.
處理 delta 中: 100% (3606/3606), done.
[root@kvm-web src]# pwd
/usr/local/src
升級pip
[root@kvm-web src]# pip install --upgrade pip
安裝webvirtmgr
[root@kvm-web webvirtmgr]# pip2 install -r requirements.txt
檢查sqlite3是否安裝
[root@kvm-web webvirtmgr]# python
Python 2.7.5 (default, Nov 16 2020, 22:23:17)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
初始化賬號信息
[root@kvm-web webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'root'):
Email address: 1@2.com
Password:
Password (again):
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
拷貝web網(wǎng)頁至指定目錄
[root@kvm-web ~]# mkdir /var/www
[root@kvm-web ~]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@kvm-web ~]# chown -R nginx.nginx /var/www/
生成密鑰
[root@kvm-web ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:h3GtPNdUJ24hKT4eKPlWR+2Fsjpfizgr8ib9Zqfy9LI root@kvm-web
The key's randomart image is:
+---[RSA 2048]----+
| .oo.o|
| ..+oo+o|
| ..o.o.++. |
| o .==.o+. |
| oSo==. . |
| o.+o . |
| o .+ o . |
| o =.*.+ . |
| =.BEB. |
+----[SHA256]-----+
[root@kvm-web ~]# ssh-copy-id 192.168.182.141
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.182.141 (192.168.182.141)' can't be established.
ECDSA key fingerprint is SHA256:7mzRedKdNf+R6jSRsMxcFJOL7sNVdLzp0r4hhDPN19s.
ECDSA key fingerprint is MD5:52:6f:d8:bf:38:d0:d9:86:13:ef:f2:03:ed:62:b0:e4.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.182.141's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.182.141'"
and check to make sure that only the key(s) you wanted were added.
配置端口轉發(fā)
[root@kvm-web ~]# ssh 192.168.182.141 -L localhost:6080:localhost:60
Last login: Thu Oct 21 12:02:14 2021 from 192.168.182.1
配置nginx
[root@kvm-web nginx]# pwd
/etc/nginx
[root@kvm-web nginx]# cp nginx.conf{,-bak}
[root@kvm-web nginx]# > nginx.conf
[root@kvm-web nginx]# vim nginx.conf
[root@kvm-web nginx]# cat nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
[root@kvm-web ~]# cat /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
綁定8000端口
[root@kvm-web ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
bind = '0.0.0.0:8000'
[root@kvm-web ~]# systemctl enable --now nginx
設置supervisor
[root@kvm-web ~]# vim /etc/supervisord.conf
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
開機自啟supervisord
[root@kvm-web ~]# systemctl enable --now supervisord.service
配置nginx用戶
[root@kvm-web ~]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Dp88il4JNj6aiaVFAxUkJRdDBCFn1d1VMaEm0yeaZ1U nginx@kvm-web
The key's randomart image is:
+---[RSA 2048]----+
|*B&+.. . . ...=oE|
|.B . . . .. . o |
|. o = o |
| . * + |
| o + . S o o |
| . + o * . o |
| o o o * |
| = + + . . |
|o +.o . |
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.182.141
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.182.141' (ECDSA) to the list of known hosts.
root@192.168.182.141's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.182.141'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
[root@kvm-web ~]# cat /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
重啟服務
[root@kvm ~]# systemctl restart libvirtd
[root@kvm-web ~]# systemctl restart nginx.service
