KVM Deployment in the KVM Virtualization Solutions Series (1-3)

After learning the basic architecture of KVM through the KVM Architecture of the KVM Virtualization Solutions Series, let's continue with how to use KVM to build your own virtualization environment, which is shown in Table 1.

Table 1.KVM Setup Environment

host nameroleoperating systemIP AddressRemarks
kvm01KVM Host 1CentOS-7-x86_64-DVD-1810.ISO192.168.150.151
kvm02KVM Host 2ubuntu-20.04.3-desktop-amd64192.168.150.152

This article describes how to set up a KVM environment through a set of processes and methods, including hardware system configuration, host operating system installation, KVM installation, QEMU installation, qemu-kvm/qemu-img component installation, and starting the first KVM virtual machine.

1. Hardware System Configuration

1.1. If you use a physical machine to build a KVM, turn on VT and VT-d functions in the BIOS

Take Intel Architecture Server for example, in order to use KVM functionality, first you need the processor to support VT technology, in addition to turning on VT functionality in BIOS. Currently, most servers'BIOS turn on VT functionality by default.

In BIOS, the VT's identity is usually "Intel"® Virtualization Technology or Intel® Similar words like VT-d. In addition to supporting the necessary processor virtualization extensions, if the server chip also supports VT-d(Virtualization Technology for Directed I/O), it is also recommended to turn it on in BIOS, because if I/O devices need direct access to the virtual machine, VT-d support is required, such as GPU direct access to a virtual machine.

Step 1: Set VT and VT-d to Enabled in BIOS, as shown in Figure 1

Figure 1.Turn on VT and VT-d in BIOS

Step 2: Save BIOS configuration and exit, effective after system restart

Step 3: Check if the CPU supports hardware virtualization on Linux

If your host has a Linux operating system installed, you can check whether the CPU currently supports hardware virtualization by using CPU feature flags in the / proc/cpuinfo file. On x86 and x86-64 platforms, Intel family CPUs support the virtualization flag "vmx". On AMD series CPUs, the flag flag "svm".

If you are using an Intel schema server, the command line executes as follows:

[root@localhost ~]# grep vmx /proc/cpuinfo              # "vmx" message shows that the CPU supports virtualization
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ssbd ibrs ibpb stibp tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 arat spec_ctrl intel_stibp flush_l1d arch_capabilities

If you are using an AMD schema server, the command line executes as follows:

[root@localhost ~]# grep svm /proc/cpuinfo

1.2. If you are using a virtual machine to build a KVM, check "Virtualize Intel VT-x/EPT or AMD-V/RVI(V)"

If you are using VMware Workstation to build KVMM, the preferred option is to turn on the VMware virtualization engine, that is, check all the options for the virtualization engine, as shown in Figure 2.

Figure 2.Turn on the virtualization engine in VMware

2. Host Operating System Installation

KVM is a kernel-based virtualization technology. In order to build a KVM virtualization environment, it is necessary to install a Linux operating system on the host machine. In China, the common Linux operating systems used by enterprises include RHEL, CentOS and Ubuntu, so the host machine's operating system chooses CentOS and Ubuntu. Note that Proxmox VE virtualization tools can only be installed in DebianOn Linux, the installation of Debian is described in the Proxmox VE virtualization tools section, which does not demonstrate hosting Debian systems.

2.1. Host Installation CentOS Operating System

This host machine installs the CentOS operating system using a VMware Workstation virtual machine. The installation file of the operating system is CentOS-7-x86_64-DVD-1810.ISO.

2.1.1.CentOS System Installation

Step 1, Create the CentOS Mirror Storage Folder and the VMware Virtual Machine Disk Storage Folder

Create a "CentOS" folder on your local computer desktop and copy the CentOS-7-x86_64-DVD-1810.ISO image to the "CentOS" folder, as shown in Figure 3.

Figure 3.Create CentOS Mirror Folder

Create a Virtual Machine OS Storage/CentOS folder on your local computer's D drive to store the VMware virtual machine files you create later, as shown in Figure 4.

Figure 4.Create CentOS Virtual Machine Folder

Step 2, create a new virtual machine and edit the virtual machine configuration

Open the VMware Workstation virtual machine, click the Create New Virtual Machine button, and create the CentOS virtual machine. As shown in Figure 5, select Typical mode to create the virtual machine.

Figure 5.Typical mode installation

Continue clicking Next, skip to interface 6, and select Install Operating System (S) later.

Figure 6.Select ISO image later

Continue to click Next, skip to the Figure 7 interface, and select Linux and CentOS 764-bit because the version of the CentOS operating system we are installing is CentOS-7-x86_64-DVD-1810.ISO.

Figure 7.Select CentOS Version

Continue to click Next, skip to the interface of Figure 8, enter the name of the virtual machine, name can start as your personal habits, select the virtual machine file storage path.

Figure 8.Virtual machine name and storage path

Continue clicking Next, skip to interface 9, allocate virtual machine disk size, allocate 40G space enough for demonstration environment.

Figure 9.Assign virtual machine disks

Step 3, Turn on the virtual engine of the VMware virtual machine

Continue clicking Next, skip to the interface shown in Figure 10, and click the Customize Hardware button to edit the configuration further.

Figure 10.Further editing virtual machines

Select the Memory option to allocate 4G memory to the virtual machine, as shown in Figure 11. If your local machine has enough memory, you can also allocate 8G memory to the virtual machine. If you don't have enough memory, you can allocate 2G or 1G memory to save money.

Figure 11.Allocate memory to virtual machines

Continue to select the Processor option, assign a vCPU to the virtual machine, and turn on the virtualization engine, as shown in Figure 12.

Figure 12.Allocate vCPU and turn on virtualization engine

Continue to select the New CD/DVD option, click the Browse button, and select the CentOS image, which is stored in the CentOS folder we just created on your desktop, as shown in Figure 13.

Figure 13.Select CentOS mirror

Continue to select the Network Adapter option and choose the Network Connection Method in Bridge Mode, as shown in Figure 14.

Figure 14.Select Bridge Mode

When the virtual machine is created and edited, click the Finish button, as shown in Figure 15.

Figure 15.Virtual Machine Creation Completed

Step 3, turn on the virtual machine, enter the CentOS OS installation interface, select Install CentOS 7, press Enter to continue, as shown in Figure 16

Figure 16.Select Install CentOS 7 installation method

Step 4, Select the CentOS 7 operating system language, here we select the Chinese simplified, press the Continue button, as shown in Figure 17

Figure 17.Select Chinese Language

Step 5 then proceeds to the central OS 7 installation core configuration interface as shown in Figure 18

The Localization group can be selected according to the actual situation. The options of Installation Source, Software Selection, Installation Location, Network and Host Name in the Software group need to be configured.

Figure 18.Core Configuration Interface

Step 6, click on the "Installation Source" option to enter the installation source configuration interface. CentOS 7 supports multiple installation sources and can be selected as appropriate, as shown in Figure 19

Select the Automatically Detected Installation Media, click the Verify button to check if the installation media is working, and then click the Finish button.

Figure 19.Configure installation source

Step 7, click on the Software Selection option and enter the software selection configuration interface as shown in Figure 20.

By default, Minimum Installation is used because we will need to use a graphical user interface (GUI) to install and configure the virtual machine later, so select Server with GUI and click the Finish button.

Figure 20.Configuration Software Selection

Step 8, click the Installation Location option to enter the installation location configuration interface as shown in Figure 21

CentOS 7 supports a variety of installation methods, here we choose to install on the local hard drive, select "Auto-configure partition", and then click the "Finish" button.

Figure 21.Configure installation location

Step 9, click on the "Network and Host Name" option to enter the network and host name configuration interface, as shown in Figure 22

Select the network card on the left, click the Configure button, configure the IP address, subnet mask, gateway, DNS, etc. for the network card, and then click the Save button.

Figure 22.Configure Network Card Information

Step 10, Configure the host name and start the network card as shown in Figure 23

The host name is "kvm01". Enter "kvm01.localdomain" in the host name and click "Apply" to make the new host name take effect. At the same time, click the Start button of the network card, open the network card, and finally click the "Finish" button.

Figure 23.Configure Host Name and Enable Network Card

Step 11. Once the basic configuration information is complete, you can start the installation. Click the Start Installation button, as shown in Figure 24

Figure 24.Start installing the system

Step 12, enter the user setup interface, set the password for the root user, and create a non-root user, as shown in Figure 25

Click "ROOT Password" to enter the root password configuration interface. Note that creating a non-root user is not an option here, but it is recommended that you create a non-root user.

Figure 25.User Settings Interface

Step 13, set the root user's password, and when you're done, click the Finish button, as shown in Figure 26

Figure 26.Set root password

Step 14. After the installation is complete, the CentOS server restarts. After accepting the license, click the Finish Configuration button, as shown in Figure 27.

Figure 27.Complete System Configuration

Step 15 Open the terminal command window in the graphical user interface and the command will work as expected, as shown in Figure 28

Figure 28.Complete System Installation

2.1.2. Basic network configuration

First step, use the command "ip addr" to view the current network condition

During the installation of CentOS 7, we set up the IP address, subnet mask, gateway, DNS and other configuration information of the network card, as shown below.

[root@kvm01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:ea:7e:95 brd ff:ff:ff:ff:ff:ff
    inet 192.168.150.151/24 brd 192.168.150.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fd3a:b661:7f13::24b/128 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fd3a:b661:7f13:0:3c29:223d:540:3045/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::ac3c:7790:a394:f23e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:b3:8d:c9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:b3:8d:c9 brd ff:ff:ff:ff:ff:ff

Step 2, use the ping command to detect whether you can access the Internet

[root@kvm01 ~]# ping www.baidu.com
PING www.a.shifen.com (163.177.151.110) 56(84) bytes of data.
64 bytes from 163.177.151.110 (163.177.151.110): icmp_seq=1 ttl=53 time=11.3 ms
64 bytes from 163.177.151.110 (163.177.151.110): icmp_seq=2 ttl=53 time=11.0 ms
64 bytes from 163.177.151.110 (163.177.151.110): icmp_seq=3 ttl=53 time=11.1 ms
64 bytes from 163.177.151.110 (163.177.151.110): icmp_seq=4 ttl=53 time=9.83 ms

2.1.3. Turn on SSH service remote login

CentOS 7 system has enabled SSH service remote login by default, and SSH tools such as Xshell, CRT, etc. can be used for remote login, as shown in Figure 29.

Figure 29.Xshell Logon to CentOS

2.1.4. Modify the YUM software source for the CentOS system

Each Linux operating system manufacturer will provide their own YUM software source, through which you can install the package conveniently and quickly, and at the same time you can solve the dependency problem of the package. But these Linux operating system manufacturer are basically foreign, so the YUM software source warehouse is a foreign site, access speed is very slow, sometimes downloaded half of the line, resulting in software updates lost.Failed. Therefore, it is necessary to adjust the YUM software source warehouse to the YUM source of Aliyun or Aliyun in China, so that the efficiency of software update and upgrade will be higher. At the same time, subsequent installations using KVM also need external YUM source, so it is very important to learn to modify YUM source.

First, use the command "ls/ect/yum.repos.d" to view the system default YUM source file

[root@kvm01 ~]# ls /etc/yum.repos.d/
CentOS-Base.repo  CentOS-CR.repo  CentOS-Debuginfo.repo  CentOS-fasttrack.repo  CentOS-Media.repo  CentOS-Sources.repo  CentOS-Vault.repo

Step 2, use the command "cat/etc/yum.repos.d/CentOS-Base.repo" to view the system default YUM source file information

As you can see from the output information, the address of the YUM source file is mirrorlist.centos.org, which is the official server of CentOS. Accessing the official server of CentOS from home is slow and sometimes disconnected.

[root@kvm01 ~]# cat /etc/yum.repos.d/CentOS-Base.repo 
# CentOS-Base.repo
......(Omit)
#
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
......(Omit)

Step 3, use the command "ping www.aliyun.com" to detect the connectivity between the CentOS server and Ali cloud

If the CentOS server cannot access Ali Cloud, you cannot use the YUM software source of Ali Cloud, so make sure that the CentOS server has connectivity to Ali Cloud.

[root@kvm01 ~]# ping www.aliyun.com
PING na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com (203.119.207.129) 56(84) bytes of data.
64 bytes from 203.119.207.129 (203.119.207.129): icmp_seq=1 ttl=86 time=47.4 ms
64 bytes from 203.119.207.129 (203.119.207.129): icmp_seq=2 ttl=86 time=47.4 ms
64 bytes from 203.119.207.129 (203.119.207.129): icmp_seq=3 ttl=86 time=48.5 ms
64 bytes from 203.119.207.129 (203.119.207.129): icmp_seq=4 ttl=86 time=48.5 ms

Step 4, use the command "mv/etc/yum.repos.d/CentOS-*.repo/tmp" to back up the original YUM source file to/tmp

[root@kvm01 ~]# cd /etc/yum.repos.d/
[root@kvm01 yum.repos.d]# ls
CentOS-Base.repo  CentOS-CR.repo  CentOS-Debuginfo.repo  CentOS-fasttrack.repo  CentOS-Media.repo  CentOS-Sources.repo  CentOS-Vault.repo
[root@kvm01 yum.repos.d]# 
[root@kvm01 yum.repos.d]# mv /etc/yum.repos.d/CentOS-*.repo /tmp
[root@kvm01 yum.repos.d]# ls

Step 5, use the command "wget"http://mirrors.aliyun.com/repo/CentOS-7.repo"Download Aliyun's entOS system YUM source files

[root@kvm01 yum.repos.d]# wget http://mirrors.aliyun.com/repo/Centos-7.repo
--2021-10-15 19:10:01--  http://mirrors.aliyun.com/repo/Centos-7.repo
 Resolving Host mirrors.aliyun.com (mirrors.aliyun.com)... 121.31.229.244, 116.162.112.221, 36.248.25.178, ...
on connection mirrors.aliyun.com (mirrors.aliyun.com)|121.31.229.244|:80... Connected.
Sent HTTP Request, awaiting response... 200 OK
 Length: 2523 (2.5K) [application/octet-stream]
Saving to: "Centos-7.repo"

100%[========================================================================================================================>] 2,523       --.-K/s Time-consuming 0 s      

2021-10-15 19:10:02 (177 MB/s) - Saved" Centos-7.repo" [2523/2523])

[root@kvm01 yum.repos.d]# ls                            # YUM source file downloaded successfully
Centos-7.repo

Step 6, use the command "cat/etc/yum.repos.d/Centos-7.repo" to view the details of the YUM source file

From the output information, you can see that the access address of the YUM source is mirrors.aliyun.com, that is, the Aliyun YUM source is used.

[root@kvm01 yum.repos.d]# cat /etc/yum.repos.d/Centos-7.repo 
# CentOS-Base.repo
......(Omit)
#
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

Step 7, clear the YUM cache using the command "yum clean all"

[root@kvm01 yum.repos.d]# yum clean all
 Plugins loaded: fastestmirror, langpacks
 Cleaning up software sources: base extras updates
Cleaning up list of fastest mirrors

Step 8, use the command "yum makecache" to generate a new YUM cache

[root@kvm01 yum.repos.d]# yum makecache 
Plugins loaded: fastestmirror, langpacks
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                                                                     | 3.6 kB  00:00:00     
extras                                                                                                                   | 2.9 kB  00:00:00     
updates                                                                                                                  | 2.9 kB  00:00:00     
base/7/x86_64/primary_db       FAILED                                          
http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_64/repodata/6d0c3a488c282fe537794b5946b01e28c7f44db79097bb06826e1c0c88bad5ef-primary.sqlite.bz2: [Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; Unknown error"
Trying another mirror.
......(Omit)

Step 9, update the YUM source with the command "yum update"

[root@kvm01 yum.repos.d]# yum update

At this point, the default YUM source of the CentOS operating system has been modified to Aliyun YUM source and can be used normally.

2.1.5. Install ifconfig command tool

CentOS 7 began to discard the ifconfig command and use the ip addr command instead. Some people still use ifconfig because of their personal usage habits. To use the ifconfig command in CentOS 7, you need to install the net-tools network tool.

We can search for ifconfig packages using the search option of the yum command, which can find out what the relevant software is.

[root@kvm01 ~]# yum search ifconfig
 Plugins loaded: fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * base: mirrors.163.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
================================================================ Match: ifconfig ================================================================
net-tools.x86_64 : Basic networking tools

Combined with the above information, running yum search ifconfig prompts us that installing the ifconfig package only requires installing net-tools.x86_64.

[root@kvm01 ~]# yum install net-tools.x86_64
 Plugins loaded: fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * base: mirrors.163.com
 * extras: mirrors.163.com
 * updates: mirrors.163.com
 software package net-tools-2.0-0.25.20131004git.el7.x86_64 Installed and up to date
 No processing required

After the installation, let's check to see if the ifconfig tool works as follows:

[root@kvm01 ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.150.151  netmask 255.255.255.0  broadcast 192.168.150.255
        inet6 fe80::ac3c:7790:a394:f23e  prefixlen 64  scopeid 0x20<link>
        inet6 fd3a:b661:7f13::24b  prefixlen 128  scopeid 0x0<global>
        inet6 fd3a:b661:7f13:0:3c29:223d:540:3045  prefixlen 64  scopeid 0x0<global>
        ether 00:0c:29:ea:7e:95  txqueuelen 1000  (Ethernet)
        RX packets 1072007  bytes 1602189438 (1.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 514109  bytes 41269959 (39.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:b3:8d:c9  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2.1.6. Configure NTP Time Synchronization Server

The time synchronization between the Linux operating system and the virtualization platform can cause many problems, especially when the virtualization platform uses cluster functions, distributed storage functions, etc. It is very important to set up NTP server. NTP server can be either a physical server or a virtual machine.

Server NTP Configuration

First, install the ntp service and ntpdate tool on the CentOS 7 server using the command "yum install ntp ntpdata"

[root@kvm01 ~]# yum install ntp ntpdata
 Plugins loaded: fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
......(The following is omitted)

Step 2, use the ping command to detect the connectivity between the local NTP server and the public NTP server

Using the Ali Cloud NTP server as a public NTP server, the CentOS 7 server as a local NTP server needs to synchronize time with the public NTP server when necessary, so it is necessary to ensure that the local NTP server is connected with the Ali Cloud NTP server before.

[root@kvm01 ~]# ping ntp.aliyun.com
PING ntp.aliyun.com (203.107.6.88) 56(84) bytes of data.
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=1 ttl=53 time=51.8 ms
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=2 ttl=53 time=51.8 ms
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=3 ttl=53 time=51.5 ms
[root@kvm01 ~]# ping ntp1.aliyun.com
PING ntp1.aliyun.com (120.25.115.20) 56(84) bytes of data.
64 bytes from 120.25.115.20 (120.25.115.20): icmp_seq=1 ttl=52 time=5.83 ms
64 bytes from 120.25.115.20 (120.25.115.20): icmp_seq=2 ttl=52 time=6.73 ms
64 bytes from 120.25.115.20 (120.25.115.20): icmp_seq=3 ttl=52 time=7.33 ms

Step 3, modify the NTP configuration file/etc/ntp.conf to unregister the default NTP server address for the configuration file

[root@kvm01 ~]# vim /etc/ntp.conf 
......(Omit)
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# server 0.centos.pool.ntp.org iburst                       # Log off the default centosntp server
# server 1.centos.pool.ntp.org iburst                       # Log off the default centosntp server
# server 2.centos.pool.ntp.org iburst                       # Log off the default centosntp server
# server 3.centos.pool.ntp.org iburst                       # Log off the default centosntp server

Step 4, modify the NTP configuration file/etc/ntp.conf to add the following configuration

[root@kvm01 ~]# vim /etc/ntp.conf 

#log file
logfile /var/log/ntpd.log

#Authorize all machines on the 192.168.150.0 segment to query and synchronize time from this machine
restrict 192.168.150.0 mask 225.225.225.0 nomotify notrap

#Time Server List
server ntp1.aliyun.com                         
server ntp2.aliyun.com
server ntp3.aliyun.com

#Use local time when external time is unavailable
server 127.0.0.1
fudge 127.0.0.1 stratum 10

#Allow upper time servers to actively modify local time
restrict ntp1.aliyun.com  nomodify notrap noquery
restrict ntp2.aliyun.com  nomodify notrap noquery
restrict ntp3.aliyun.com  nomodify notrap noquery

Step 5, Save Exit, Restart ntp Service, Join Startup and Start

[root@kvm01 ~]# systemctl disable chronyd      #Turn off chrony auto-start, otherwise NTP service auto-start fails
[root@kvm01 ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@kvm01 ~]# systemctl restart ntpd

Step 6, Query the current NTP server source information

Among them, 120.25.115.20 and 203.107.6.88 are the IP addresses of NTP servers in Ali Cloud.

[root@kvm01 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*120.25.115.20   10.137.53.7      2 u   35   64   17   11.436   -0.857   4.066
 203.107.6.88    10.137.38.86     2 u   33   64   17   44.415    3.242   4.605
 localhost       .INIT.          16 l    -   64    0    0.000    0.000   0.000

Step 7 When starting the NTP service, first synchronize the local time manually, note that this is the synchronization time between the local NTP server and the public NTP server

[root@kvm01 ~]# ntpdate -u ntp1.aliyun.com
16 Oct 08:36:05 ntpdate[29087]: adjust time server 120.25.115.20 offset 0.004865 sec

Step 8, query whether ntp synchronization time is started, and if the following command execution results occur, the synchronization time is started successfully

[root@kvm01 ~]# ntpstat
synchronised to NTP server (120.25.115.20) at stratum 3
   time correct to within 13 ms
   polling server every 64 s

Step 9 As an NTP server, you need to open the release NTP service in the firewall, otherwise the NTP client cannot synchronize the time

[root@kvm01 ~]# firewall-cmd --add-service=ntp --permanent 
[root@kvm01 ~]# firewall-cmd --reload

Linux Client NTP Configuration

The NTP configuration of the Linux client is almost identical to the server-side NTP configuration, since the local NTP server (192.168.150.151) is also the client of the public NTP server. The only difference is that in the last step, there is no need to open the release NTP service in the firewall. I'm demonstrating the Debinn Linux client here.

First step, client installs ntp and ntpdate components

root@pve:~# apt-get install ntp
root@pve:~# apt-get install ntpdate

Step 2, use the ping command to detect client-to-local NTP server connectivity

The IP address of the local NTP server is 192.168.150.151. Ensure the connectivity between the NTP client and the local NTP server

root@pve:~# ping 192.168.150.151
PING 192.168.150.151 (192.168.150.151) 56(84) bytes of data.
64 bytes from 192.168.150.151: icmp_seq=1 ttl=64 time=4.70 ms
64 bytes from 192.168.150.151: icmp_seq=2 ttl=64 time=1.20 ms
64 bytes from 192.168.150.151: icmp_seq=3 ttl=64 time=1.48 ms

Step 3, modify the client configuration file/etc/ntp.conf and log off the original NTP server

root@pve:~# vim /etc/ntp.conf
# pool 0.debian.pool.ntp.org iburst
# pool 1.debian.pool.ntp.org iburst
# pool 2.debian.pool.ntp.org iburst
# pool 3.debian.pool.ntp.org iburst

Step 4, modify the client configuration file/etc/ntp.conf to add the following configuration

root@pve:~# vim /etc/ntp.conf
#ntp server address
pool 192.168.150.151

#Allow upper time servers to actively modify local time
restrict 192.168.150.151 nomodify notrap noquery 
#Use local time when external time is unavailable
pool 127.0.0.1      #Local Clock
fudge 127.0.0.1 stratum 10

Step 6, Save Exit, Restart ntp Service, Join Start-up and Start-up

root@pve:~# service ntp start
root@pve:~# service ntp restart

Step 7, Query the current NTP source information, where 192.168.150.1 is the IP address of the CentOS NTP server

root@pve:~# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.150.151 .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 127.0.0.1       .POOL.          16 p    -   64    0    0.000   +0.000   0.000

Linux Client and NTP Server Testing

First, select a Linux host as the client and use the command "data" to view the time

root@pve:~# date
Sat 16 Oct 2021 09:05:48 AM CST

Step 2, Synchronize client and NTP server time

root@pve:~# ntpdate -d 192.168.150.151
16 Oct 15:53:31 ntpdate[10432]: ntpdate 4.2.8p15@1.3728-o Wed Sep 23 11:46:38 UTC 2020 (1)
Looking for host 192.168.150.151 and service ntp
192.168.150.151 reversed to pve.local
host found : pve.local
transmit(192.168.150.151)
receive(192.168.150.151)
transmit(192.168.150.151)
receive(192.168.150.151)
transmit(192.168.150.151)
receive(192.168.150.151)
transmit(192.168.150.151)
receive(192.168.150.151)

server 192.168.150.151, port 123
stratum 3, precision -25, leap 00, trust 000
refid [120.25.115.20], root delay 0.006226, root dispersion 0.017593
reference time:      e5150300.1cc3bebd  Sat, Oct 16 2021 15:51:28.112
originate timestamp: e5150381.d4b56738  Sat, Oct 16 2021 15:53:37.830
transmit timestamp:  e5150381.d4162fc2  Sat, Oct 16 2021 15:53:37.828
filter delay:  0.03215    0.03011    0.03143    0.02934   
               ----       ----       ----       ----      
filter offset: -0.000538  +0.000440  +0.000617  +0.000077 
               ----       ----       ----       ----      
delay 0.02934, dispersion 0.00037, offset +0.000077

16 Oct 15:53:37 ntpdate[10432]: adjust time server 192.168.150.151 offset +0.000077 sec

Win 10 Client NTP Configuration and Testing with NTP Server

First, use the ping command to detect network connectivity between the Win10 client and NTP server

C:\Users\lishe>ping 192.168.150.151
 Now Ping 192.168.150.151 Data with 32 bytes:
From 192.168.150.151 Reply: byte=32 time<1ms TTL=64
 From 192.168.150.151 Reply: byte=32 time=1ms TTL=64
 From 192.168.150.151 Reply: byte=32 time=1ms TTL=64
 From 192.168.150.151 Reply: byte=32 time=1ms TTL=64

Step 2, open the NTP clock setting interface for Win10 customers and click Change Settings, as shown in Figure 30

Figure 30.Win10 Client Time Configuration

Step 3, modify the NTP server to 192.168.150.151 and click the Update Now button, as shown in Figure 31

Figure 31.Modify Win10 Client NTP Server

Step 4: The Win10 client and NTP server synchronized successfully at 192.168.150.151, as shown in Figure 32

Figure 32.Win10 Client and NTP Server Time Synchronization Successful

At this point, both the NTP server and the NTP client have been set up and can be used normally.

Tags: CentOS kvm NTP

Posted on Sat, 16 Oct 2021 12:40:15 -0400 by crees