Introduction and deployment of kvm virtualization

1. Introduction to virtualization

Virtualization is the foundation of cloud computing. In short, virtualization enables multiple virtual machines to run on a physical server. Virtual machines share CPU, memory and IO hardware resources of physical machines, but logically, virtual machines are isolated from each other.

The physical machine is generally called the Host, and the virtual machine on the Host is called the Guest.

So how does the Host virtualize its hardware resources and provide them to guests?
This is mainly realized through a program called Hypervisor.

According to the implementation mode and location of Hypervisor, virtualization can be divided into two types:

  • Full virtualization
  • Semi virtualization

Full Virtualization:
The Hypervisor is installed directly on the physical machine, and multiple virtual machines run on the Hypervisor. The implementation of Hypervisor is generally a special customized Linux system. Both Xen and VMWare ESXi belong to this type.

Semi Virtualization:
On the physical machine, first install conventional operating systems, such as Redhat, Ubuntu and Windows. The Hypervisor runs as a program module on the OS and manages the management virtual machine. KVM, VirtualBox and VMWare Workstation all belong to this type.

In theory:
Full virtualization generally optimizes the hardware virtualization function, and its performance is higher than that of semi virtualization;
Semi virtualization is more flexible because it is based on an ordinary operating system. For example, it supports virtual machine nesting. Nesting means that KVM can be run again in the KVM virtual machine.

2. kvm introduction

The full name of KVM is kernel based virtual machine. In other words, KVM is implemented based on Linux kernel.
KVM has a kernel module called kvm.ko, which is only used to manage virtual CPU and memory.

The virtualization of IO, such as storage and network devices, is realized by Linux kernel and Qemu.

As a Hypervisor, KVM only focuses on virtual machine scheduling and memory management. The tasks of IO peripherals are assigned to the Linux kernel and Qemu.

When you read KVM related articles on the Internet, you will often see Libvirt.

Libvirt is the management tool of KVM.

In fact, Libvirt can manage hypervisors such as KVM, Xen, VirtualBox, etc.

Libvirt contains three things: background daemon libvirtd, API library and command line tool virsh

  • libvirtd is a service program that receives and processes API requests;
  • The API library enables others to develop advanced tools based on Libvirt, such as virt manager, which is a graphical KVM management tool;
  • virsh is a KVM command line tool we often use

3.1 kvm deployment

Environmental description:

System typeIP
centos7192.168.216.205

Please ensure that your CPU virtualization function is enabled before deployment. There are two cases

  • Setting CPU virtualization for virtual machine shutdown
  • The physical machine should enable CPU virtualization in BIOS

Use virtual machines here

//Turn off the firewall, selinux
[root@localhost ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@localhost ~]# reboot
[root@localhost ~]#  getenforce 0
Disabled

//Configure network source
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1572  100  1572    0     0  13282      0 --:--:-- --:--:-- --:--:-- 13322
[root@localhost yum.repos.d]#  sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@localhost yum.repos.d]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo

//Verify that the CPU supports KVM
[root@localhost yum.repos.d]# egrep -o 'vmx|svm' /proc/cpuinfo
svm
svm
svm
svm
svm
svm
svm
svm
//If there is vmx (Intel) or svm(AMD) in the result, it indicates that the CPU is supported
AMDcpu To do this
[root@localhost yum.repos.d]# tee /etc/modprobe.d/qemu-system-x86.conf << EOF
> options kvm ignore_msrs=1
> EOF
options kvm ignore_msrs=1
[root@localhost yum.repos.d]# reboot
//Download components
[root@localhost ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
[root@localhost ~]# yum -y install qemu-kvm qemu-kvm-common qemu-img virt-manager libvirt python3-libvirt libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools

//Generally, it is the same network segment as other servers in the company, so we need to configure the network card of KVM server to bridge mode. In this way, the virtual machine of KVM can be in the same network segment with other servers in the company through the bridge network card
//My network card name is ens33, so I use br0 to bridge the ens33 network card
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@localhost network-scripts]# vim ifcfg-br0 
[root@localhost network-scripts]# cat ifcfg-br0 
TYPE=Bridge
DEVICE=br0
BOOTPROTO=static
NAME=br0
ONBOOT=yes
IPADDR=192.168.216.204
NETMASK=255.255.255.0
GATEWAY=192.168.216.204
DNS1=114.114.114.114
DNS2=8.8.8.8
[root@localhost network-scripts]# vim ifcfg-ens33 
[root@localhost network-scripts]# cat ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0

//Restart the network
[root@localhost ~]# systemctl restart network
[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 00:0c:29:82:b6:d0 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0c:29:82:b6:d0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.216.204/24 brd 192.168.216.255 scope global noprefixroute br0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe82:b6d0/64 scope link 
       valid_lft forever preferred_lft forever

//Start service
[root@localhost ~]# systemctl enable --now libvirtd

//Verify installation results
[root@localhost network-scripts]# lsmod|grep kvm
kvm_amd              2176426  0 
kvm                   578518  1 kvm_amd
irqbypass              13503  1 kvm

//Test and verify installation results
[root@localhost network-scripts]# virsh -c qemu:///system list
 Id    name                         state
----------------------------------------------------

[root@localhost ~]# virsh --version
4.5.0
[root@localhost ~]# virt-install --version
1.5.0

//Make a soft link for the command
[root@localhost ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@localhost ~]# which qemu-kvm
/usr/bin/qemu-kvm

//View network card bridging
[root@localhost ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.000c2982b6d0       no              ens33
virbr0          8000.52540023011d       yes             virbr0-nic

3.2 installation of KVM web management interface

The web management interface of kvm is provided by webvirtmgr program.

//Download related components
[root@localhost ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel

//Download the webvirtmgr code from github
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# git clone git://github.com/retspen/webvirtmgr.git

//Install webvirtmgr
[root@localhost src]# cd webvirtmgr/
[root@localhost webvirtmgr]# pip install -r requirements.txt

[root@localhost ~]# python
Python 2.7.5 (default, Nov 16 2020, 22:23:17) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()  //No other information means no problem

//Initialize account information
[root@localhost webvirtmgr]# python manage.py syncdb
 Omit output....
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes     //Ask if you want to create a super administrator account
Username (leave blank to use 'root'):   //Specify the super administrator account user name, which is left blank as root by default
Email address: 1@2.com     //Set super administrator mailbox
Password:       //Set super administrator password
Password (again):       //Enter the super administrator password again
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s

[root@localhost ]# mkdir /var/www
[root@localhost ]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@localhost ]# chown -R nginx.nginx /var/www/webvirtmgr/

//Generate key
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:PiIUTYAfd5U20ewBR25lOOGc5ywjVOOQOGxdUYH18EA root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|   ..... +=XOOE. |
|  . .o. * *OB= = |
|   ..o.o o.oBo. o|
|    ..   . ..+   |
|    .   S . o o  |
|   .   .   . o   |
|    . . o        |
|     . . .       |
|                 |
+----[SHA256]-----+

//Since the webvirtmgr and kvm services are deployed on the same machine, there is local trust. If kvm is deployed on other machines, this is its ip address
[root@localhost ~]# SSH copy ID 192.168.216.204 / / fill in the local ip address
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.216.204 (192.168.216.204)' can't be established.
ECDSA key fingerprint is SHA256:y8UuseADpYv8QEpZIVRu4glCDufNJsCHp1dNWVOpSyQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.216.204's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.216.204'"
and check to make sure that only the key(s) you wanted were added.

//Configure port forwarding
[root@localhost ~]# ssh 192.168.216.204 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
[root@localhost ~]# ss -antl
State       Recv-Q Send-Q                                 Local Address:Port                                                Peer Address:Port              
LISTEN      0      128                                        127.0.0.1:8000                                                           *:*                  
LISTEN      0      100                                                *:6080                                                           *:*                  
LISTEN      0      1                                                  *:5900                                                           *:*                  
LISTEN      0      128                                                *:111                                                            *:*                  
LISTEN      0      128                                                *:80                                                             *:*                  
LISTEN      0      5                                      192.168.122.1:53                                                             *:*                  
LISTEN      0      128                                                *:22                                                             *:*                  
LISTEN      0      100                                        127.0.0.1:25                                                             *:*                  
LISTEN      0      128                                               :::111                                                           :::*                  
LISTEN      0      128                                               :::22                                                            :::*                  
LISTEN      0      100                                              ::1:25                                                            :::*                

//Configure nginx
## Configuration profile
[root@localhost ~]#  cd /etc/nginx/
[root@localhost nginx]# cp nginx.conf /opt / / backup
[root@localhost nginx]# vim nginx.conf / / clear the original rewrite
[root@localhost nginx]# cat nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        server_name  localhost;

        include /etc/nginx/default.d/*.conf;

        location / {
            root html;
            index index.html index.htm;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

## Configuration sub file
[root@localhost nginx]# cd conf.d/
[root@localhost conf.d]# vim /etc/nginx/conf.d/webvirtmgr.conf
[root@localhost conf.d]# cat /etc/nginx/conf.d/webvirtmgr.conf
server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;

    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr;
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M;
    }
}

//Ensure that the bind is bound to the 8000 port of the local machine
[root@localhost conf]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
23 bind = '127.0.0.1:8000'
24 backlog = 2048


//Set supervisor
[root@localhost ~]# vim /etc/supervisord.conf 
Add the following at the end of the document
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx


//Start the supervisor and set the startup auto start
[root@localhost ~]# systemctl enable --now supervisord
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.

//Configure nginx users
[root@localhost ~]# su - nginx -s /bin/bash
 Last login: October 21, 2003::57 CST 2021pts/2 upper
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa): 
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:SYshlaBNJ2l57oUU2a5RjPwxQ9I5nK9bEDfqW0HcJuo nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|    +==@.+ .     |
|   +++B.# * o    |
|  ..o+.=.% +     |
|     .++Boo      |
|     ..*So .     |
|      o E o      |
|         =       |
|        o        |
|                 |
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ cat ~/.ssh/config
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.216.204
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.216.204' (ECDSA) to the list of known hosts.
root@192.168.216.204's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.216.204'"
and check to make sure that only the key(s) you wanted were added.

-bash-4.2$ exit
 Logout

[root@localhost ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@localhost ~]# cat /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@localhost ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla

[root@localhost ~]# systemctl restart nginx libvirtd

3.3.1 kvm web interface management

Accessing kvm on the browser via ip address
Click the green box in the upper right corner

3.3.2 kvm storage management


//Transfer the image to the host through xshell

[root@localhost ~]# cd /var/lib/libvirt/images/
[root@localhost images]# ls
CentOS-8.4.2105-x86_64-dvd1.iso 

Go to the web interface to view
Create system installation image

3.3.3 kvm network management


3.3.4 instance management







4. Problem handling

  1. If the host appears

    Close the shell, reopen a and refresh to access the web page

  2. If you connect to a virtual machine, the console displays a connection timeout

[root@localhost ~]# yum -y install novnc
[root@localhost ~]# novnc_server

Just refresh

Tags: Linux Operation & Maintenance cloud computing

Posted on Wed, 20 Oct 2021 16:31:37 -0400 by TMX