kvm虚拟化

虚拟化：

全虚拟化    裸金属（纯硬件）上部署
		优点：性能强
半虚拟化    OS上部署 
		优点：嵌套

虚拟化实现方式：

kvm
esxi
xen
citrix     (银行)
hyer-v
vmware workstation
virualbox

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config 
[root@localhost ~]# setenforce 0
[root@localhost ~]# egrep -o 'vmx|svm' /proc/cpuinfo
svm
svm
svm
svm

[root@localhost ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++

[root@localhost ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools


[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens33
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@localhost network-scripts]# ls
ifcfg-br0  ifcfg-ens33
[root@localhost network-scripts]# vi ifcfg-br0 
[root@localhost network-scripts]# cat ifcfg-br0 
TYPE=Bridge
DEVICE=br0
BOOTPROTO=static
NAME=br0
ONBOOT=yes
IPADDR=192.168.230.138
NETMASK=255.255.255.0
GATEWAY=192.168.230.1
DNS1=114.114.114.114
DNS2=8.8.8.8
[root@localhost network-scripts]# vi ifcfg-ens33 
[root@localhost network-scripts]# cat ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0

[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 00:0c:29:7a:f0:16 brd ff:ff:ff:ff:ff:ff
3: br0:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0c:29:7a:f0:16 brd ff:ff:ff:ff:ff:ff
    inet 192.168.230.132/24 brd 192.168.230.255 scope global noprefixroute br0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe7a:f016/64 scope link 
       valid_lft forever preferred_lft forever

#启动服务
[root@localhost network-scripts]# systemctl start libvirtd
[root@localhost network-scripts]# systemctl enable libvirtd
#验证安装结果
[root@localhost network-scripts]# lsmod|grep kvm
kvm_amd               110592  0
ccp                    98304  1 kvm_amd
kvm                   839680  1 kvm_amd
irqbypass              16384  1 kvm
#测试并验证安装结果
[root@localhost network-scripts]# virsh -c qemu:///system list
 Id   名称   状态
-------------------

[root@localhost network-scripts]# virsh --version
6.0.0
[root@localhost network-scripts]# virt-install --version
2.2.1
[root@localhost network-scripts]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@localhost network-scripts]# ll /usr/bin/qemu-kvm
lrwxrwxrwx. 1 root root 21 10月 20 04:30 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@localhost network-scripts]# lsmod |grep kvm
kvm_amd               110592  0
ccp                    98304  1 kvm_amd
kvm                   839680  1 kvm_amd
irqbypass              16384  1 kvm
[root@localhost network-scripts]# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.000c297af016       no              ens33
virbr0          8000.52540035ace0       yes             virbr0-nic

[root@localhost ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
接收对象中: 100% (5614/5614), 2.97 MiB | 1.40 MiB/s, 完成.
处理 delta 中: 100% (3606/3606), 完成.
[root@localhost src]# ls
webvirtmgr

[root@localhost webvirtmgr]# pip install -r requirements.txt
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip2 install --user` instead.
Collecting django==1.5.5 (from -r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB)
    100% |████████████████████████████████| 8.1MB 30kB/s 
Collecting gunicorn==19.5.0 (from -r requirements.txt (line 2))
  Downloading https://files.pythonhosted.org/packages/f9/4e/f4076a1a57fc1e75edc0828db365cfa9005f9f6b4a51b489ae39a91eb4be/gunicorn-19.5.0-py2.py3-none-any.whl (113kB)
    100% |████████████████████████████████| 122kB 260kB/s 
Collecting lockfile>=0.9 (from -r requirements.txt (line 5))
  Downloading https://files.pythonhosted.org/packages/c8/22/9460e311f340cb62d26a38c419b1381b8593b0bb6b5d1f056938b086d362/lockfile-0.12.2-py2.py3-none-any.whl
Installing collected packages: django, gunicorn, lockfile
  Running setup.py install for django ... done
Successfully installed django-1.5.5 gunicorn-19.5.0 lockfile-0.12.2

[root@localhost webvirtmgr]# python
Python 2.7.18 (default, Sep 22 2021, 16:02:57) 
[GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()

[root@localhost webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): Please enter either "yes" or "no": yes
Username (leave blank to use 'root'): admin
Email address: 1@2.com
Password: 
Password (again): 
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)

[root@localhost webvirtmgr]# mkdir /var/www
[root@localhost webvirtmgr]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@localhost webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/

#设置免密登录
[root@localhost webvirtmgr]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ChQ5PYKHPBotfkfvxpQjHAwAD5EWPgupys6xUTn5KKY root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|=Bo++o           |
|==* ==o          |
|=*.o+oo..        |
|+.ooo+ =         |
|...=o = S        |
|o . +. =         |
|.* . .o          |
|= =              |
|E+               |
+----[SHA256]-----+
[root@localhost webvirtmgr]# ssh-copy-id 192.168.230.132
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.230.132 (192.168.230.132)' can't be established.
ECDSA key fingerprint is SHA256:JsrnPStzaWrA+yjXQWuTAqoe/Nw1gCzY6e6mUZqFVm4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.230.132's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.230.132'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost webvirtmgr]# ssh 192.168.230.132 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
Last login: Wed Oct 20 05:44:28 2021 from 192.168.230.1

[root@localhost ~]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        server_name  localhost;

        include /etc/nginx/default.d/*.conf;

        location / {
            root html;
            index index.html index.htm;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}
[root@localhost conf.d]# vi webvirtmgr.conf 
server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;

    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr;
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M;
    }
}
[root@localhost conf.d]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py 

#       Must be a positive integer. Generally set in the 64-2048
#       range.
#

bind = '0.0.0.0:8000'
backlog = 2048

[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# ss -anlt
State   Recv-Q  Send-Q   Local Address:Port     Peer Address:Port  Process  
LISTEN  0       128            0.0.0.0:111           0.0.0.0:*              
LISTEN  0       128            0.0.0.0:80            0.0.0.0:*              
LISTEN  0       32       192.168.122.1:53            0.0.0.0:*              
LISTEN  0       128            0.0.0.0:22            0.0.0.0:*              
LISTEN  0       128          127.0.0.1:6080          0.0.0.0:*              
LISTEN  0       128          127.0.0.1:8000          0.0.0.0:*              
LISTEN  0       128               [::]:111              [::]:*              
LISTEN  0       128               [::]:22               [::]:*              
LISTEN  0       128              [::1]:6080             [::]:*              
LISTEN  0       128              [::1]:8000             [::]:*      

[root@localhost ~]# vim /etc/supervisord.conf
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx        

[root@localhost ~]# vim /etc/supervisord.conf
[root@localhost ~]# systemctl start supervisord
[root@localhost ~]# systemctl enable supervisord
Created symlink /etc/systemd/system/multi-user.target.wants/supervisord.service → /usr/lib/systemd/system/supervisord.service.
[root@localhost ~]# ss -anlt
State   Recv-Q  Send-Q   Local Address:Port     Peer Address:Port  Process  
LISTEN  0       128            0.0.0.0:111           0.0.0.0:*              
LISTEN  0       128            0.0.0.0:80            0.0.0.0:*              
LISTEN  0       32       192.168.122.1:53            0.0.0.0:*              
LISTEN  0       128            0.0.0.0:22            0.0.0.0:*              
LISTEN  0       128          127.0.0.1:6080          0.0.0.0:*              
LISTEN  0       128          127.0.0.1:8000          0.0.0.0:*              
LISTEN  0       128               [::]:111              [::]:*              
LISTEN  0       128               [::]:22               [::]:*              
LISTEN  0       128              [::1]:6080             [::]:*              
LISTEN  0       128              [::1]:8000             [::]:*        

[root@localhost ~]# su - nginx -s /bin/bash
[nginx@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa): 
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:idaaaTI1vT7FyoZwiWy+5cfs7CICy2Mx+ijgWba2k5A nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|                 |
|                 |
|       + .       |
|  .. .=.S.       |
|oE o=oo= .o      |
|=oBo=o*=.o       |
|+B.=o*ooO        |
|+.+o+o.*=.       |
+----[SHA256]-----+
[nginx@localhost ~]$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=nonUserKnownHostsFile=/dev/null" >> ~/.ssh/config
[nginx@localhost ~]$ chmod 0600 ~/.ssh/config
[nginx@localhost ~]$ ssh-copy-id root@192.168.230.132
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.230.132' (ECDSA) to the list of known hosts.
root@192.168.230.132's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.230.132'"
and check to make sure that only the key(s) you wanted were added.

[nginx@localhost ~]$ exit
注销
     
[root@root@localhost ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes 

[root@localhost ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@localhost ~]# systemctl restart nginx
[root@localhost ~]# systemctl restart libvirtd

创建SSH连接：

[root@localhost ~]# cd /var/lib/libvirt/images
[root@localhost images]# ls
[root@localhost images]# ls
CentOS-Stream-8-x86_64-20201211-dvd1.iso

创建系统安装镜像

设置在 web 上访问虚拟机的密码

开机