KVM虚拟化安装部署及管理教程

目录1.kvm部署1.1 kvm安装1.2 kvm web管理界面安装1.3 kvm web界面管理1.3.1 kvm连接管理1.3.2 kvm存储管理1.3.3 kvm网络管理1.3.4 实例管理故障

1.kvm部署

1.1 kvm安装

//关闭防火墙和selinux [root@kvm ~]# systemctl disable –now firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@kvm ~]# sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config [root@kvm ~]# reboot //下载epel源和工具包 [root@kvm ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++ //验证CPU是否支持KVM；如果结果中有vmx（Intel）或svm(AMD)字样，就说明CPU的支持的 [root@kvm ~]# egrep -o vmx|svm /proc/cpuinfo //安装kvm [root@kvm ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools //桥接网卡，用br0来桥接ens160网卡 [root@kvm ~]# cd /etc/sysconfig/network-scripts/ [root@kvm network-scripts]# cp ifcfg-ens33 ifcfg-br0 [root@kvm network-scripts]# cat ifcfg-br0 TYPE=Bridge DEVICE=br0 NM_CONTROLLED=no BOOTPROTO=static NAME=br0 ONBOOT=yes IPADDR=192.168.237.131 NETMASK=255.255.255.0 GATEWAY=192.168.237.2 DNS1=114.114.114.114 DNS2=8.8.8.8 [root@kvm network-scripts]# cat ifcfg-ens33 TYPE=Ethernet BOOTPROTO=static NAME=ens33 DEVICE=ens33 ONBOOT=yes BRIDGE=br0 NM_CONTROLLED=no //重启网络 [root@kvm ~]# systemctl restart network [root@kvm ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether 00:0c:29:7b:10:a5 brd ff:ff:ff:ff:ff:ff inet6 fe80::20c:29ff:fe7b:10a5/64 scope link valid_lft forever preferred_lft forever 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:0c:29:7b:10:a5 brd ff:ff:ff:ff:ff:ff inet 192.168.237.131/24 brd 192.168.237.255 scope global br0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe7b:10a5/64 scope link valid_lft forever preferred_lft forever 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:1c:33:d6 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:1c:33:d6 brd ff:ff:ff:ff:ff:ff //启动服务 [root@kvm ~]# systemctl enable –now libvirtd //验证安装结果 [root@kvm ~]# lsmod|grep kvm kvm_intel 188740 0 kvm 637289 1 kvm_intel irqbypass 13503 1 kvm //测试 [root@kvm ~]# virsh -c qemu:///system list Id 名称 状态 —————————————————- [root@kvm ~]# virsh –version 4.5.0 [root@kvm ~]# virt-install –version 1.5.0 [root@kvm ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm [root@kvm ~]# ll /usr/bin/qemu-kvm lrwxrwxrwx 1 root root 21 10月 20 23:14 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm //查看网桥信息 [root@kvm ~]# brctl show bridge name bridge id STP enabled interfaces br0 8000.000c297b10a5 no ens33 virbr0 8000.5254001c33d6 yes virbr0-nic

1.2 kvm web管理界面安装

kvm 的 web 管理界面是由 webvirtmgr 程序提供的。

//安装依赖包 [root@kvm ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel //从github上下载webvirtmgr代码 [root@kvm ~]# cd /usr/local/src/ [root@kvm src]# git clone git://github.com/retspen/webvirtmgr.git 正克隆到 webvirtmgr… remote: Enumerating objects: 5614, done. remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614 接收对象中: 100% (5614/5614), 2.97 MiB | 29.00 KiB/s, done. 处理 delta 中: 100% (3606/3606), done. //安装webvirtmgr [root@kvm src]# cd webvirtmgr/ [root@kvm webvirtmgr]# pip install -r requirements.txt Collecting django==1.5.5 (from -r requirements.txt (line 1)) Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB) 100% |████████████████████████████████| 8.1MB 49kB/s …… //检查sqlite3是否安装 [root@kvm webvirtmgr]# python Python 2.7.5 (default, Nov 16 2020, 22:23:17) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2 Type “help”, “copyright”, “credits” or “license” for more information. >>> import sqlite3 >>> exit() //初始化账号信息 [root@kvm webvirtmgr]# python manage.py syncdb WARNING:root:No local_settings file found. Creating tables … Creating table auth_permission Creating table auth_group_permissions Creating table auth_group Creating table auth_user_groups Creating table auth_user_user_permissions Creating table auth_user Creating table django_content_type Creating table django_session Creating table django_site Creating table servers_compute Creating table instance_instance Creating table create_flavor You just installed Djangos auth system, which means you dont have any superusers defined. Would you like to create one now? (yes/no): yes Username (leave blank to use root): admin Email address: 123@qq.com Password: Password (again): Superuser created successfully. Installing custom SQL … Installing indexes … Installed 6 object(s) from 1 fixture(s) //拷贝web网页至指定目录 [root@kvm webvirtmgr]# mkdir /var/www [root@kvm webvirtmgr]# cp -r /usr/local/src/webvirtmgr /var/www/ [root@kvm webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/ //生成密钥 [root@kvm ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory /root/.ssh. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:icyLAYmyxABKsogsIHmJqGjSby0ogFwf1p2zeiPwuxY root@kvm The keys randomart image is: +—[RSA 2048]—-+ |O+ . . . . | |/ooo o . + | |&*+ o . o | |X+.. = . o | |= o..* S | |. . +o.E o | | . …. = . | | o | | … | +—-[SHA256]—–+ [root@kvm ~]# ssh-copy-id 192.168.237.131 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/root/.ssh/id_rsa.pub” The authenticity of host 192.168.237.131 (192.168.237.131) cant be established. ECDSA key fingerprint is SHA256:/AR9dYUN0PN9LOHYWfHeUe5LgyczVMH9mYv9+2GcAbM. ECDSA key fingerprint is MD5:30:f6:de:5a:7d:c2:08:b5:b7:31:61:4a:4e:dd:32:73. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys root@192.168.237.131s password: Number of key(s) added: 1 Now try logging into the machine, with: “ssh 192.168.237.131” and check to make sure that only the key(s) you wanted were added. //配置端口转发 [root@kvm ~]# ssh 192.168.237.131 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60 Last login: Wed Oct 20 23:12:00 2021 from 192.168.237.1 [root@kvm ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:6080 *:* LISTEN 0 128 127.0.0.1:8000 *:* LISTEN 0 128 *:111 *:* LISTEN 0 5 192.168.122.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 [::1]:6080 [::]:* LISTEN 0 128 [::1]:8000 [::]:* LISTEN 0 128 [::]:111 [::]:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 100 [::1]:25 [::]:* //配置nginx [root@kvm ~]# cd /etc/nginx/ [root@kvm nginx]# ls conf.d fastcgi_params mime.types scgi_params win-utf default.d fastcgi_params.default mime.types.default scgi_params.default fastcgi.conf koi-utf nginx.conf uwsgi_params fastcgi.conf.default koi-win nginx.conf.default uwsgi_params.default [root@kvm nginx]# cp nginx.conf nginx.conf-bak //备份 [root@kvm nginx]# cat nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main $remote_addr – $remote_user [$time_local] “$request” $status $body_bytes_sent “$http_referer” “$http_user_agent” “$http_x_forwarded_for”; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; server { listen 80; server_name localhost; include /etc/nginx/default.d/*.conf; location / { root html; index index.html index.htm; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } } [root@kvm conf.d]# pwd /etc/nginx/conf.d [root@kvm conf.d]# vi webvirtmgr.conf [root@kvm conf.d]# cat webvirtmgr.conf server { listen 80 default_server; server_name $hostname; #access_log /var/log/nginx/webvirtmgr_access_log; location /static/ { root /var/www/webvirtmgr/webvirtmgr; expires max; } location / { proxy_pass http://127.0.0.1:8000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; client_max_body_size 1024M; } } //确保bind绑定的是本机的8000端口 [root@kvm ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py bind = 0.0.0.0:8000 //修改此行 backlog = 2048 //启动nginx [root@kvm ~]# systemctl enable –now nginx Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service. [root@kvm ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:6080 *:* LISTEN 0 128 127.0.0.1:8000 *:* LISTEN 0 128 *:111 *:* LISTEN 0 128 *:80 *:* LISTEN 0 5 192.168.122.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 [::1]:6080 [::]:* LISTEN 0 128 [::1]:8000 [::]:* LISTEN 0 128 [::]:111 [::]:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 100 [::1]:25 [::]:* //设置supervisor [root@kvm ~]# vim /etc/supervisord.conf #在最后添加下面的内容 [program:webvirtmgr] command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py directory=/var/www/webvirtmgr autostart=true autorestart=true logfile=/var/log/supervisor/webvirtmgr.log log_stderr=true user=nginx [program:webvirtmgr-console] command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console directory=/var/www/webvirtmgr autostart=true autorestart=true stdout_logfile=/var/log/supervisor/webvirtmgr-console.log redirect_stderr=true user=nginx //启动supervisor [root@kvm ~]# systemctl enable –now supervisord Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service. [root@kvm ~]# systemctl status supervisord ● supervisord.service – Process Monitoring and Control Daemon Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled) Active: active (running) since 三 2021-10-20 23:53:33 CST; 12s ago Process: 46734 ExecStart=/usr/bin/supervisord -c /etc/supervisord.conf (code=exited, status=0/SUCCESS) Main PID: 46737 (supervisord) //配置nginx用户 [root@kvm ~]# su – nginx -s /bin/bash -bash-4.2$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa): Created directory /var/lib/nginx/.ssh. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/lib/nginx/.ssh/id_rsa. Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub. The key fingerprint is: SHA256:S46h+CYFvCGW+6z68PXZgbKNLLdPdiPD6LmzPOpYBwI nginx@kvm The keys randomart image is: +—[RSA 2048]—-+ | | | | |E.. | |oo+ | |o.o+ . S | | o.o.+ * . | |. =.* O * | | =oX=X * o | |++**%B= . | +—-[SHA256]—–+ -bash-4.2$ touch ~/.ssh/config && echo -e “StrictHostKeyChecking=nonUserKnownHostsFile=/dev/null” >> ~/.ssh/config -bash-4.2$ chmod 0600 ~/.ssh/config -bash-4.2$ ssh-copy-id root@192.168.237.131 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/var/lib/nginx/.ssh/id_rsa.pub” /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys Warning: Permanently added 192.168.237.131 (ECDSA) to the list of known hosts. root@192.168.237.131s password: Number of key(s) added: 1 Now try logging into the machine, with: “ssh root@192.168.237.131” and check to make sure that only the key(s) you wanted were added. -bash-4.2$ exit 登出 [root@kvm ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla [Remote libvirt SSH access] Identity=unix-user:root Action=org.libvirt.unix.manage ResultAny=yes ResultInactive=yes ResultActive=yes [root@kvm ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla [root@kvm ~]# systemctl restart nginx [root@kvm ~]# systemctl restart libvirtd

1.3 kvm web界面管理

通过ip地址在浏览器上访问kvm

1.3.1 kvm连接管理

创建SSH连接：

1.3.2 kvm存储管理

创建存储：

进入存储：

通过远程连接软件上传ISO镜像文件至存储目录/var/lib/libvirt/images/

[root@kvm ~]# ls /var/lib/libvirt/images/ CentOS-8.4.2105-x86_64-dvd1.iso

在 web 界面查看ISO镜像是否存在

创建系统安装镜像

1.3.3 kvm网络管理

添加桥接网络

1.3.4 实例管理 实例(虚拟机)创建

虚拟机插入光盘

设置在 web 上访问虚拟机的密码

启动虚拟机

打开控制台

安装虚拟机

安装完成

故障

web界面无法访问，命令行报错（accept: Too many open files）

对nginx进行配置 [root@kvm ~]# vim /etc/nginx/nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; worker_rlimit_nofile 655350; //添加此行 [root@kvm ~]# systemctl restart nginx.service 对系统参数进行设置 [root@kvm ~]# vim /etc/security/limits.conf # End of file //添加下面两行 * soft nofile 655350 * hard nofile 655350 重启虚拟机，就能成功访问 [root@kvm ~]# reboot

以上就是KVM虚拟化安装部署及管理教程的详细内容，更多关于KVM虚拟化安装部署及管理的资料请关注其它相关文章！