KVM虚拟化安装部署及管理教程

运维
字数统计: 1.9k   |   阅读时长≈ 10 分钟

kvm安装

准备环境

1
2
3
4
5
6
7
8
# 关闭防火墙和selinux
systemctl disable --now firewalld.service 

# 临时关闭selinux
setenforce 0
# 永久关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
reboot

下载epel源和工具包

1
yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++

验证CPU是否支持KVM;如果结果中有vmx(Intel)或svm(AMD)字样,就说明CPU的支持的

1
2
[root@localhost ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx

安装kvm

1
yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools

桥接网卡,用br0来桥接ens33网卡

1
2
3
cd /etc/sysconfig/network-scripts/
# 复制一份网卡信息
cp ifcfg-ens33 ifcfg-br0

修改br0

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@localhost network-scripts]# cat ifcfg-br0 
TYPE=Bridge  # 修改处
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=br0    # 修改处
DEVICE=br0  # 修改处
ONBOOT=yes

修改ifcfg-ens33

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@localhost network-scripts]# cat  ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=static # 这里为static  但是不配置ip
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=ac53d2dc-058d-475e-b5dd-e4bd0ca7024a
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0  # 新增配置

重启网络

1
systemctl restart network

查看网卡信息 – 忽略dockerip

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@localhost network-scripts]# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 00:0c:29:34:5d:4b brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:88:7b:04:08 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0c:29:34:5d:4b brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.33/24 brd 192.168.3.255 scope global noprefixroute dynamic br0
       valid_lft 84820sec preferred_lft 84820sec
    inet6 fe80::e9bb:161f:c1d0:8e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:a5:ed:71 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:a5:ed:71 brd ff:ff:ff:ff:ff:ff
[root@localhost network-scripts]#

启动服务

1
systemctl enable --now libvirtd

验证安装结果

1
2
3
4
5
6
7
8
9
10
11
12
[root@localhost network-scripts]# lsmod|grep kvm
kvm_intel             174841  0 
kvm                   578558  1 kvm_intel
irqbypass              13503  1 kvm
[root@localhost network-scripts]# virsh -c qemu:///system list
 Id    名称                         状态
----------------------------------------------------

[root@localhost network-scripts]# virsh --version
4.5.0
[root@localhost network-scripts]# virt-install --version
1.5.0

查看网桥信息

1
2
3
4
5
6
[root@localhost network-scripts]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@localhost network-scripts]# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.000c29345d4b       no              ens33
docker0         8000.0242887b0408       no
virbr0          8000.525400a5ed71       yes             virbr0-nic

kvm web管理界面安装

kvm的web管理界面是由 webvirtmgr 程序提供的
安装程序

1
yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel

从github上下载webvirtmgr代码

1
2
3
4
5
6
7
8
9
10
11
[root@localhost network-scripts]# cd /usr/local/src/
[root@localhost src]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
接收对象中: 100% (5614/5614), 2.97 MiB | 29.00 KiB/s, done.
处理 delta 中: 100% (3606/3606), done.

[root@localhost src]# cd webvirtmgr/
# 安装框架以及模块
[root@localhost webvirtmgr]# pip install -r requirements.txt

检查sqlite3是否安装 可以导入模块代表已安装

1
2
3
4
5
6
7
[root@localhost webvirtmgr]# python
Python 2.7.5 (default, Nov 16 2020, 22:23:17) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
[root@localhost webvirtmgr]#

初始化账号信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@localhost webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes   # 是否创建管理员
Username (leave blank to use 'root'): admin    # 账号
Email address: 123@qq.com   # 邮箱
Password:    # 密码
Password (again):    # 再次输入密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)

安装nginx服务

1
2
3
4
5
yum install nginx  -y
# 拷贝web网页至指定目录
mkdir /var/www
cp -r /usr/local/src/webvirtmgr /var/www/
chown -R nginx.nginx /var/www/webvirtmgr/

生成秘钥

1
2
3
ssh-keygen -t rsa
# 由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个是它的ip
ssh-copy-id 192.168.3.33

端口转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
#正向代理:本地端口映射到其他机器的端口
# 例如:HostB 上启动一个 PortB 端口,映射到 HostC:PortC 上,在 HostB 上运行:
# HostB$ ssh -L 0.0.0.0:PortB:HostC:PortC user@HostC
[root@localhost ~]# ssh 192.168.3.33 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
[root@localhost ~]# ss -antl 
State      Recv-Q Send-Q                                                       Local Address:Port                                                                      Peer Address:Port              
LISTEN     0      128                                                                      *:8000                                                                                 *:*                  
LISTEN     0      100                                                                      *:6080                                                                                 *:*                  
LISTEN     0      128                                                                      *:80                                                                                   *:*                  
LISTEN     0      5                                                            192.168.122.1:53                                                                                   *:*                  
LISTEN     0      128                                                                      *:22                                                                                   *:*                  
LISTEN     0      100                                                              127.0.0.1:25                                                                                   *:*                  
LISTEN     0      128                                                                     :::22                                                                                  :::*                  
LISTEN     0      100                                                                    ::1:25                                                                                  :::*

配置nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[root@localhost ~]# cd /etc/nginx/
[root@localhost nginx]# cp nginx.conf nginx.conf-bak  #备份
[root@localhost nginx]# cat nginx.conf
user nginx;
worker_processes auto;
worker_rlimit_nofile 655350;  # 解决单个进程打开最大连接数问题
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    server {
        listen       80;
        server_name  localhost;
        include /etc/nginx/default.d/*.conf;
        location / {
            root html;
            index index.html index.htm;
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

新建webvirtmgr.conf 配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@localhost nginx]# cd conf.d/
[root@localhost conf.d]# vim  webvirtmgr.conf
server {
    listen 80 default_server;
    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;
    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr;
        expires max;
    }
    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M;
    }
}

对系统参数进行设置 – 解决单个进程打开最大连接数问题

1
2
3
4
[root@localhost conf.d]# vim /etc/security/limits.conf
# End of file           //添加下面两行
* soft nofile 655350        
* hard nofile 655350

启动nginx

1
[root@localhost conf.d]# systemctl enable --now nginx

确保bind绑定的是本机的8000端口

1
2
3
[root@localhost conf.d]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py 
bind = '0.0.0.0:8000'  # 修改为0.0.0.0
backlog = 2048

设置supervisor

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@localhost conf.d]# vim /etc/supervisord.conf 
#在最后添加下面的内容
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx

启动supervisor

1
systemctl enable --now supervisord

配置nginx用户

1
2
3
4
5
6
7
[root@localhost conf.d]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.3.33
-bash-4.2$ exit
登出

新建虚拟配置文件

1
2
3
4
5
6
7
[root@localhost conf.d]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

设置权限并重启nginx和libvirtd

1
2
3
[root@localhost conf.d]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# systemctl restart libvirtd

kvm web界面管理

通过ip地址在浏览器上访问kvm – http://192.168.3.33/

创建SSH连接:



创建存储:


进入存储:


通过FTP或者SAMBA上传ISO镜像文件至存储目录/var/lib/libvirt/images/

1
2
3
[root@localhost anonymous]# ll  /var/lib/libvirt/images/
总用量 4277248
-rwxr--r-- 1 nobody nobody 4379901952 9月   9 2017 CentOS-7-x86_64-DVD-1611.iso

在 web 界面查看ISO镜像是否存在

创建系统安装镜像


kvm网络管理
添加桥接网络



实例(虚拟机)创建



虚拟机插入光盘

设置在 web 上访问虚拟机的密码

启动虚拟机

打开控制台

安装虚拟机

  • 版权声明: 本博客所有文章除特别声明外,著作权归作者所有。转载请注明出处!
  • Copyrights © 2019-2023 XIN LONG
  • 访问人数: | 浏览次数:

请我喝杯咖啡吧~

支付宝
微信