KVM虚拟化
1、虚拟化介绍
虚拟化是云计算的基础。简单来说,虚拟化使得一台物理服务器上可以跑多台虚拟机,虚拟机共享物理主机的CPU、内存、IO等硬件资源,但是逻辑上虚拟机之间是互相隔阂的。
物理机一般称之为宿主机子,宿主机上面的虚拟机称之为客户机
那么Host是如何将硬件资源虚拟化,并且提供给Guest使用的呢?
这个主要通过一个叫做Hypervisor的来实现的。
- 全虚拟化
- 半虚拟化
全虚拟化:
Hypervisor直接安装在物理机子上,多个虚拟机在Hypervisor运行,其方式一般是一个特殊定制的Linux系统。Xen和VMWare的ESXI都属于这种类型
半虚拟化:
物理机上常见的操作系统,如:windows、Ubuntu等。Hypervisor作为OS上的一个程序模块运行,并且对管理虚拟机管理。KVM、VirtualBox和VMWare Workstation都属于
2、KVM介绍
kVM 全称是 Kernel-Based Virtual Machine。也就是说 KVM 是基于 Linux 内核实现的。
KVM有一个内核模块叫 kvm.ko,只用于管理虚拟 CPU 和内存。
那 IO 的虚拟化,比如存储和网络设备则是由 Linux 内核与Qemu来实现。
作为一个 Hypervisor,KVM 本身只关注虚拟机调度和内存管理这两个方面。IO 外设的任务交给 Linux 内核和 Qemu。
大家在网上看 KVM 相关文章的时候肯定经常会看到 Libvirt 这个东西。
Libvirt 就是 KVM 的管理工具。
其实,Libvirt 除了能管理 KVM 这种 Hypervisor,还能管理 Xen,VirtualBox 等。
Libvirt 包含 3 个东西:后台 daemon 程序 libvirtd、API 库和命令行工具 virsh
libvirtd是服务程序,接收和处理 API 请求;
API 库使得其他人可以开发基于 Libvirt 的高级工具,比如 virt-manager,这是个图形化的 KVM 管理工具;
virsh 是我们经常要用的 KVM 命令行工具
功能:
基于内核实现虚拟化,KVM包含了一个加载的内核模块kvm.ko。此外,由于KVM对硬件×86架构的依赖,会需要一个处理器规范模块。处理器规范模块与处理器类型相关,如果使用的是Intel的CPU,那么就加载kvm-intel.ko;如果使用的是AMD的CPU,就加载kvm-amd.ko模块。当Linux内核加载KVM模块之后,KVM模块只负责对虚拟机的虚拟CPU、虚拟内存进行管理和调度。
3、KVM部署
KVM环境准备
| 系统 | IP |
|---|---|
| redhad | 192.168.7.31 |
如果为虚拟机
部署前需要开启虚拟化功能
关闭防火墙和selinux
#关闭防火墙
[root@kvm ~]# systemctl stop firewalld
[root@kvm ~]# systemctl disable firewalld
[root@kvm ~]# setenforce 0
[root@kvm ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config
[root@kvm ~]# reboot
配置网络源
[root@kvm yum.repos.d]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@kvm ~]# sed -i 's/$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@kvm ~]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Ba se-163.repo
安装KVM和一些依赖
[root@kvm ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
#验证CPU是否支持KVM
[root@kvm ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx
vmx
#安装KVM
[root@kvm ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
#如果为桥接网络,则需要配置网卡。否则直接跳过
[root@kvm ~]# cd /etc/sysconfig/network-scripts/
[root@kvm network-scripts]# ls ifcfg-ens33 ifdown-isdn ifup ifup-plip ifup-tunnel ifcfg-lo ifdown-post ifup-aliases ifup-plusb
[root@kvm network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@kvm network-scripts]# cat ifcfg-br0
[root@kvm network-scripts]# cat ifcfg-br0
TYPE=Bridge
DEVICE=br0
NM_CONTROLLED=no
BOOTPROTO=static
NAME=br0 ONBOOT=yes
IPADDR=192.168.7.31
NETMASK=255.255.255.0
GATEWAY=192.168.7.1
DNS1=114.114.114.114
DNS2=8.8.8.8
[root@kvm network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no
[root@kvm ~]# systemctl restart network
#我用的是非桥接网络
[root@kvm ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.7.31 netmask 255.255.255.0 broadcast 192.168.7.255
inet6 fe80::20c:29ff:fe83:acfa prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:83:ac:fa txqueuelen 1000 (Ethernet)
RX packets 3035131 bytes 4249280965 (3.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 194612 bytes 35114690 (33.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 151327 bytes 34617483 (33.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 151327 bytes 34617483 (33.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:0d:4e:ad txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]#
#启动服务
[root@kvm ~]# systemctl start libvirtd
[root@kvm ~]# systemctl enable libvirtd
#验证
[root@kvm ~]# lsmod|grep kvm kvm_intel
170086 0 kvm 566340
1 kvm_intel irqbypass 13503 1 kvm
4、KVM的web控制端安装
#安装依赖
[root@kvm ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
#升级pip
[root@kvm ~]# pip install --upgrade pip -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
#从github上面下载webvirtmgr代码
[root@kvm ~]# cd /usr/local/src/
[root@kvm src]# git clone git://github.com/retspen/webvirtmgr.git
#安装webvirtmgr
[root@kvm src]# cd webvirtmgr/
[root@kvm webvirtmgr]# pip install -r requirements.txt -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
#初始化账号信息
[root@kvm webvirtmgr]# python manage.py syncdb
........省略......
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
#用户默认root直接回车
Username (leave blank to use 'root'):
Error: Enter a valid email address.
#邮箱
Email address: 1956104705@qq.com
#设置web端的登录密码
Password:
Password (again):
Error: Your passwords didn't match.
Password:
Password (again):
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
#拷贝web网页到指定/var/www下
[root@kvm webvirtmgr]# mkdir /var/www
[root@kvm webvirtmgr]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@kvm webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/
#生成密钥
[root@kvm ~]# ssh-keygen -t rsa
...省略......
[root@kvm ~]# ssh-copy-id 192.168.7.31
#配置端口转发
[root@kvm ~]# ssh 192.168.7.31 -L localhost:8000:localhost:8000 -L localh
#配置nginx
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
#配置代理
[root@kvm ~]# vim /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
#绑定端口为8000
[root@kvm ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
....
bind = '0.0.0.0:8000'
....
[root@kvm ~]# systemctl restart nginx
#设置supervisord
[root@kvm ~]# vim /etc/supervisord.conf
#尾行添加
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
[root@kvm ~]# systemctl start supervisord
[root@kvm ~]# systemctl enable supervisord
#配置nginx用户
[root@kvm ~]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:e+4AmfxrFND7ACL3VEGH2KEajgulSJur5HULbcFerGw nginx@kvm-web
The key's randomart image is:
+---[RSA 2048]----+
| *=+. |
| . o =.+. |
| ..o.+.o . |
|oooo.+oo+ |
|+o. oo=oS+ |
| ...+ +o... |
| o.o E .+ . |
|+ . = . .= |
|.. . ...o |
+----[SHA256]-----+
-bash-4.2$
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.7.31
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.7.31' (ECDSA) to the list of known hosts.
root@192.168.7.31's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.7.31'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
[root@kvm ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@kvm ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50libvirt-remote-access.p^Ca[root@kvm-web ~]# -local.d/50libvirt-remote-access.
[root@kvm ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@kvm ~]# systemctl restart nginx
[root@kvm ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@kvm ~]# systemctl restart libvirtd
[root@kvm ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6010 *:*
LISTEN 0 100 *:6080 *:*
LISTEN 0 128 *:8000 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6010 :::*
[root@kvm ~]#
web界面效果
后续操作:请见第二篇