1. Introduction to virtualization
Virtualization is the foundation of cloud computing. In short, virtualization enables multiple virtual machines to run on a physical server. Virtual machines share CPU, memory and IO hardware resources of physical machines, but logically, virtual machines are isolated from each other.
The physical machine is generally called the Host, and the virtual machine on the Host is called the Guest.
So how does the Host virtualize its hardware resources and provide them to guests?
This is mainly realized through a program called Hypervisor.
According to the implementation mode and location of Hypervisor, virtualization can be divided into two types:
- Full virtualization
- Semi virtualization
Full Virtualization:
The Hypervisor is installed directly on the physical machine, and multiple virtual machines run on the Hypervisor. The implementation of Hypervisor is generally a special customized Linux system. Both Xen and VMWare ESXi belong to this type.
Semi Virtualization:
On the physical machine, first install conventional operating systems, such as Redhat, Ubuntu and Windows. The Hypervisor runs as a program module on the OS and manages the management virtual machine. KVM, VirtualBox and VMWare Workstation all belong to this type.
In theory:
Full virtualization generally optimizes the hardware virtualization function, and its performance is higher than that of semi virtualization;
Semi virtualization is more flexible because it is based on an ordinary operating system. For example, it supports virtual machine nesting. Nesting means that KVM can be run again in the KVM virtual machine.
2. kvm introduction
The full name of KVM is kernel based virtual machine. In other words, KVM is implemented based on Linux kernel.
KVM has a kernel module called kvm.ko, which is only used to manage virtual CPU and memory.
The virtualization of IO, such as storage and network devices, is realized by Linux kernel and Qemu.
As a Hypervisor, KVM only focuses on virtual machine scheduling and memory management. The tasks of IO peripherals are assigned to the Linux kernel and Qemu.
When you read KVM related articles on the Internet, you will often see Libvirt.
Libvirt is the management tool of KVM.
In fact, Libvirt can manage hypervisors such as KVM, Xen, VirtualBox, etc.
Libvirt contains three things: background daemon libvirtd, API library and command line tool virsh
- libvirtd is a service program that receives and processes API requests;
- The API library enables others to develop advanced tools based on Libvirt, such as virt manager, which is a graphical KVM management tool;
- virsh is a KVM command line tool we often use
3.1 kvm deployment
Environmental description:
| System type | IP |
|---|---|
| centos7 | 192.168.216.205 |
Please ensure that your CPU virtualization function is enabled before deployment. There are two cases
- Setting CPU virtualization for virtual machine shutdown
- The physical machine should enable CPU virtualization in BIOS
Use virtual machines here
//Turn off the firewall, selinux
[root@localhost ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@localhost ~]# reboot
[root@localhost ~]# getenforce 0
Disabled
//Configure network source
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1572 100 1572 0 0 13282 0 --:--:-- --:--:-- --:--:-- 13322
[root@localhost yum.repos.d]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@localhost yum.repos.d]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
//Verify that the CPU supports KVM [root@localhost yum.repos.d]# egrep -o 'vmx|svm' /proc/cpuinfo svm svm svm svm svm svm svm svm //If there is vmx (Intel) or svm(AMD) in the result, it indicates that the CPU is supported AMDcpu To do this [root@localhost yum.repos.d]# tee /etc/modprobe.d/qemu-system-x86.conf << EOF > options kvm ignore_msrs=1 > EOF options kvm ignore_msrs=1 [root@localhost yum.repos.d]# reboot
//Download components
[root@localhost ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
[root@localhost ~]# yum -y install qemu-kvm qemu-kvm-common qemu-img virt-manager libvirt python3-libvirt libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
//Generally, it is the same network segment as other servers in the company, so we need to configure the network card of KVM server to bridge mode. In this way, the virtual machine of KVM can be in the same network segment with other servers in the company through the bridge network card
//My network card name is ens33, so I use br0 to bridge the ens33 network card
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@localhost network-scripts]# vim ifcfg-br0
[root@localhost network-scripts]# cat ifcfg-br0
TYPE=Bridge
DEVICE=br0
BOOTPROTO=static
NAME=br0
ONBOOT=yes
IPADDR=192.168.216.204
NETMASK=255.255.255.0
GATEWAY=192.168.216.204
DNS1=114.114.114.114
DNS2=8.8.8.8
[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# cat ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
//Restart the network
[root@localhost ~]# systemctl restart network
[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 00:0c:29:82:b6:d0 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:82:b6:d0 brd ff:ff:ff:ff:ff:ff
inet 192.168.216.204/24 brd 192.168.216.255 scope global noprefixroute br0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe82:b6d0/64 scope link
valid_lft forever preferred_lft forever
//Start service
[root@localhost ~]# systemctl enable --now libvirtd
//Verify installation results
[root@localhost network-scripts]# lsmod|grep kvm
kvm_amd 2176426 0
kvm 578518 1 kvm_amd
irqbypass 13503 1 kvm
//Test and verify installation results
[root@localhost network-scripts]# virsh -c qemu:///system list
Id name state
----------------------------------------------------
[root@localhost ~]# virsh --version
4.5.0
[root@localhost ~]# virt-install --version
1.5.0
//Make a soft link for the command
[root@localhost ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@localhost ~]# which qemu-kvm
/usr/bin/qemu-kvm
//View network card bridging
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c2982b6d0 no ens33
virbr0 8000.52540023011d yes virbr0-nic
3.2 installation of KVM web management interface
The web management interface of kvm is provided by webvirtmgr program.
//Download related components
[root@localhost ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
//Download the webvirtmgr code from github
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# git clone git://github.com/retspen/webvirtmgr.git
//Install webvirtmgr
[root@localhost src]# cd webvirtmgr/
[root@localhost webvirtmgr]# pip install -r requirements.txt
[root@localhost ~]# python
Python 2.7.5 (default, Nov 16 2020, 22:23:17)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit() //No other information means no problem
//Initialize account information
[root@localhost webvirtmgr]# python manage.py syncdb
Omit output....
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes //Ask if you want to create a super administrator account
Username (leave blank to use 'root'): //Specify the super administrator account user name, which is left blank as root by default
Email address: 1@2.com //Set super administrator mailbox
Password: //Set super administrator password
Password (again): //Enter the super administrator password again
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s
[root@localhost ]# mkdir /var/www
[root@localhost ]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@localhost ]# chown -R nginx.nginx /var/www/webvirtmgr/
//Generate key
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:PiIUTYAfd5U20ewBR25lOOGc5ywjVOOQOGxdUYH18EA root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| ..... +=XOOE. |
| . .o. * *OB= = |
| ..o.o o.oBo. o|
| .. . ..+ |
| . S . o o |
| . . . o |
| . . o |
| . . . |
| |
+----[SHA256]-----+
//Since the webvirtmgr and kvm services are deployed on the same machine, there is local trust. If kvm is deployed on other machines, this is its ip address
[root@localhost ~]# SSH copy ID 192.168.216.204 / / fill in the local ip address
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.216.204 (192.168.216.204)' can't be established.
ECDSA key fingerprint is SHA256:y8UuseADpYv8QEpZIVRu4glCDufNJsCHp1dNWVOpSyQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.216.204's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.216.204'"
and check to make sure that only the key(s) you wanted were added.
//Configure port forwarding
[root@localhost ~]# ssh 192.168.216.204 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 100 *:6080 *:*
LISTEN 0 1 *:5900 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
//Configure nginx
## Configuration profile
[root@localhost ~]# cd /etc/nginx/
[root@localhost nginx]# cp nginx.conf /opt / / backup
[root@localhost nginx]# vim nginx.conf / / clear the original rewrite
[root@localhost nginx]# cat nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
## Configuration sub file
[root@localhost nginx]# cd conf.d/
[root@localhost conf.d]# vim /etc/nginx/conf.d/webvirtmgr.conf
[root@localhost conf.d]# cat /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
//Ensure that the bind is bound to the 8000 port of the local machine
[root@localhost conf]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
23 bind = '127.0.0.1:8000'
24 backlog = 2048
//Set supervisor
[root@localhost ~]# vim /etc/supervisord.conf
Add the following at the end of the document
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
//Start the supervisor and set the startup auto start
[root@localhost ~]# systemctl enable --now supervisord
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
//Configure nginx users
[root@localhost ~]# su - nginx -s /bin/bash
Last login: October 21, 2003::57 CST 2021pts/2 upper
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:SYshlaBNJ2l57oUU2a5RjPwxQ9I5nK9bEDfqW0HcJuo nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| +==@.+ . |
| +++B.# * o |
| ..o+.=.% + |
| .++Boo |
| ..*So . |
| o E o |
| = |
| o |
| |
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ cat ~/.ssh/config
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.216.204
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.216.204' (ECDSA) to the list of known hosts.
root@192.168.216.204's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.216.204'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
Logout
[root@localhost ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@localhost ~]# cat /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@localhost ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@localhost ~]# systemctl restart nginx libvirtd
3.3.1 kvm web interface management
Accessing kvm on the browser via ip address
Click the green box in the upper right corner
3.3.2 kvm storage management
//Transfer the image to the host through xshell
[root@localhost ~]# cd /var/lib/libvirt/images/ [root@localhost images]# ls CentOS-8.4.2105-x86_64-dvd1.iso
Go to the web interface to view
Create system installation image
3.3.3 kvm network management
3.3.4 instance management
4. Problem handling
-
If the host appears
Close the shell, reopen a and refresh to access the web page -
If you connect to a virtual machine, the console displays a connection timeout
[root@localhost ~]# yum -y install novnc [root@localhost ~]# novnc_server
Just refresh