一 kvm虚拟化分离部署环境
环境说明
centos7
| 主机名 | 主机ip | 部署内容 |
|---|---|---|
| kvm | 192.168.143.140 | lvm与web管理 |
| kvm139 | 192.168.143.139 | lvm |
虚拟机配置
真机虚拟化功能启动
二 kvm分离部署
主机kvm部署
//关闭防火墙和selinux
systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
setenforce 0
sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
reboot
//安装基础软件包
[root@kvm ~]# yum -y install epel-release
[root@kvm ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
[root@kvm ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx
vmx
//kvm安装
[root@kvm ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
//此处我的网卡是ens33,所以用br0来桥接ens33网卡
[root@kvm ~]# cd /etc/sysconfig/network-scripts/
[root@kvm network-scripts]# cp ifcfg-eth0 ifcfg-br0
[root@kvm network-scripts]# vim ifcfg-br0
[root@kvm network-scripts]# vi ifcfg-br0
[root@kvm ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.143.140
PREFIX=24
GATEWAY=192.168.143.2
DNS1=114.114.114.114
[root@kvm network-scripts]# vim ifcfg-eth0
[root@kvm network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no
//重启网络
[root@kvm network-scripts]# systemctl restart network
[root@kvm network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 00:50:56:31:9e:ca brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:56ff:fe31:9eca/64 scope link
valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:56:31:9e:ca brd ff:ff:ff:ff:ff:ff
inet 192.168.143.140/24 brd 192.168.143.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe31:9eca/64 scope link
valid_lft forever preferred_lft forever
[root@kvm network-scripts]#
//启动服务
[root@kvm network-scripts]# systemctl enable --now libvirtd
//验证安装结果
[root@kvm network-scripts]# lsmod|grep kvm
kvm_intel 174841 0
kvm 578518 1 kvm_intel
irqbypass 13503 1 kvm
[root@kvm network-scripts]# virsh -c qemu:///system list
Id Name State
----------------------------------------------------
[root@kvm network-scripts]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@kvm network-scripts]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 Oct 21 03:20 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@kvm network-scripts]#
kvm web管理界面安装
//安装依赖包
[root@kvm ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
//升级pi
[root@kvm ~]# pip install --upgrade pip
//从github上下载webvirtmgr代码
[root@kvm ~]# cd /usr/local/src/
[root@kvm src]# git clone git://github.com/retspen/webvirtmgr.git
Cloning into 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
Receiving objects: 100% (5614/5614), 2.97 MiB | 882.00 KiB/s, done.
Resolving deltas: 100% (3606/3606), done.
[root@kvm src]# cd webvirtmgr/
[root@kvm webvirtmgr]# pip install -r requirements.txt
Collecting django==1.5.5 (from -r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB)
100% |████████████████████████████████| 8.1MB 80kB/s
Collecting gunicorn==19.5.0 (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/f9/4e/f4076a1a57fc1e75edc0828db365cfa9005f9f6b4a51b489ae39a91eb4be/gunicorn-19.5.0-py2.py3-none-any.whl (113kB)
100% |████████████████████████████████| 122kB 6.6MB/s
Collecting lockfile>=0.9 (from -r requirements.txt (line 5))
Downloading https://files.pythonhosted.org/packages/c8/22/9460e311f340cb62d26a38c419b1381b8593b0bb6b5d1f056938b086d362/lockfile-0.12.2-py2.py3-none-any.whl
Installing collected packages: django, gunicorn, lockfile
Running setup.py install for django ... done
Successfully installed django-1.5.5 gunicorn-19.5.0 lockfile-0.12.2
You are using pip version 8.1.2, however version 21.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
//检查sqlite3是否安装
[root@kvm webvirtmgr]# python
Python 2.7.5 (default, Nov 16 2020, 22:23:17)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
//初始化帐号信息
[root@kvm webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'root'): admin
Email address: 1@2.com
Password:
Password (again):
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
[root@kvm webvirtmgr]#
//拷贝web网页至指定目录
[root@kvm ~]# mkdir /var/www
[root@kvm ~]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@kvm ~]# chown -R nginx.nginx /var/www/webvirtmgr/
//生成密钥
[root@kvm ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:h52l6y720QXmx9osl6f6rrsjl7xqwo6cY9R3IUZrPx8 root@kvm
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| . .+ |
| o=*.o |
| .So=o..+ |
| . ...o+*E. |
| . . .oo++=..|
| .oo=.o.=o.o |
| .++.*=+*X+ |
+----[SHA256]-----+
//由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个是它的ip
[root@kvm ~]# ssh-copy-id 192.168.143.140
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.143.140 (192.168.143.140)' can't be established.
ECDSA key fingerprint is SHA256:bfmaHrydvr3sBiebX8ziGtZNxB7FYyZUup3EZ+Mha4g.
ECDSA key fingerprint is MD5:ff:ac:86:f4:ab:67:92:4b:c1:1a:70:3d:dd:2a:46:35.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.143.140's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.143.140'"
and check to make sure that only the key(s) you wanted were added.
[root@kvm ~]# ssh 192.168.143.140 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
Last login: Thu Oct 21 03:09:06 2021 from 192.168.143.1
[root@kvm ~]# ss -atnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
//配置nginx
[root@kvm ~]# vi /etc/nginx/nginx.conf
[root@kvm ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
[root@kvm ~]#
[root@kvm ~]# vi /etc/nginx/conf.d/webvirtmgr.conf
[root@kvm ~]# cat /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
#
vim /var/www/webvirtmgr/conf/gunicorn.conf.py
.....此处省略N行 bind修改以下数值
bind = '0.0.0.0:8000'
backlog = 2048
//重启nginx
[root@kvm ~]# systemctl restart nginx
[root@kvm ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
//设置supervisor
[root@kvm ~]# vi /etc/supervisord.conf
.....此处省略上面的内容,在文件最后加上以下内容
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
//启动supervisor并设置开机自启
[root@kvm ~]# systemctl enable --now supervisord
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
[root@kvm ~]# ss -atnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@kvm ~]#
//配置nginx用户
[root@kvm ~]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:YAFLcG8yqULfLRTJc2rpDGUGTsfn6j6k2jDRia5isrc nginx@kvm
The key's randomart image is:
+---[RSA 2048]----+
| .+B+o |
| oo.%.+ |
| . .O.% |
|. +o+O.o |
|.o.+=o..S |
|... =. |
| + + |
|+.=. o |
|*+Eo... |
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.143.140
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.143.140' (ECDSA) to the list of known hosts.
root@192.168.143.140's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.143.140'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
logout
[root@kvm ~]# vi /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@kvm ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@kvm ~]# systemctl restart nginx
[root@kvm ~]# systemctl restart libvirtd
网页输入 http://192.168.143.140/login/ 登入
点击添加 Add Connections
点击 ssh连接 添加标记 IP 用户名
点击 192.168.143.140 访问功能
点击 存储池storages 添加新的存储 new storage
点击 目录类型卷 添加名称 点击创建
通过远程连接软件上传ISO镜像文件至存储目录/var/lib/libvirt/images/
[root@kvm ~]# cd /var/lib/libvirt/images/
[root@kvm images]# ls
[root@kvm images]# ls
CentOS-7-x86_64-DVD-1804-7.5.iso
[root@kvm images]#
重新加载一下
添加虚拟机配置 点击创建
添加成功如图
点击网络池 点击New Network 新的网络
选择网络类型 填写名称 点击创建
点击 New instance创建虚拟机
填写虚拟机配置信息 选择镜像和网络池
点击设置 Media 位置 连接光盘
设置在 web 上访问虚拟机的密码
点击启动
点击小方块查看图形化界面
虚拟机安装
ssh远程连接
新增新的kvm设备
//关闭防火墙和selinux
systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
setenforce 0
sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
reboot
[root@139 ~]# yum -y install epel-release
[root@139 ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
[root@139 ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx
vmx
[root@139 ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
[root@139 ~]# cd /etc/sysconfig/network-scripts/
[root@139 network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@139 network-scripts]# vim ifcfg-br0
[root@139 network-scripts]# vim ifcfg-eth0
[root@139 network-scripts]# vim ifcfg-ens33
[root@139 network-scripts]# vim ifcfg-br0
[root@139 network-scripts]# cat ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.143.139
PREFIX=24
GATEWAY=192.168.143.2
DNS1=114.114.114.114
[root@139 network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no
[root@139 network-scripts]# systemctl restart network
[root@139 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 00:0c:29:d8:c2:b6 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fed8:c2b6/64 scope link tentative
valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:d8:c2:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.143.139/24 brd 192.168.143.255 scope global noprefixroute br0
valid_lft forever preferred_lft forever
inet6 fe80::449c:ecff:feab:d9b1/64 scope link
valid_lft forever preferred_lft forever
[root@139 network-scripts]# systemctl enable --now libvirtd
[root@139 network-scripts]# lsmod|grep kvm
kvm_intel 174841 0
kvm 578518 1 kvm_intel
irqbypass 13503 1 kvm
[root@139 network-scripts]# virsh -c qemu:///system list
Id 名称 状态
----------------------------------------------------
[root@139 network-scripts]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@139 network-scripts]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 10月 20 21:17 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@139 network-scripts]#
Add Connection添加新的ip
点击 ssh连接 添加标记 IP 用户名
点击 192.168.143.139 访问功能
#注意事项添加后发现权限不够,现在kvm设备 ,ssh添加免密登入
[root@kvm ~]# ssh-copy-id 192.168.143.139
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.143.139's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.143.139'"
and check to make sure that only the key(s) you wanted were added.
[root@kvm ~]# su - nginx -s /bin/bash
Last login: Thu Oct 21 03:45:52 CST 2021 on pts/1
-bash-4.2$ ssh-copy-id root@192.168.143.139
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.143.139' (ECDSA) to the list of known hosts.
root@192.168.143.139's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.143.139'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
logout
[root@kvm ~]# systemctl restart nginx
[root@kvm ~]# systemctl restart libvirtd
点击 存储池storages 添加新的存储 storage
点击 目录类型卷 添加名称 点击创建
通过远程连接软件上传ISO镜像文件至存储目录/var/lib/libvirt/images/
[root@139 network-scripts]# cd
[root@139 ~]# cd /var/lib/libvirt/images/
[root@139 images]# ls
[root@139 images]# ls
CentOS-7-x86_64-DVD-1804-7.5.iso
[root@139 images]#
重新加载一下
添加虚拟机配置 点击创建
添加成功如图
点击网络池 点击New Network 新的网络
选择网络类型 填写名称 点击创建
点击 New instance创建虚拟机
点击Custom instance 创建虚拟机
填写虚拟机配置信息 选择镜像和网络池
点击设置 Media 位置 连接光盘
设置在 web 上访问虚拟机的密码
点击启动
点击小方块查看图形化界面
虚拟机安装
ssh 远程连接虚拟机
