kvm部署及安装alpine及win10系统
系统环境
宿主机 win11
软件 VMware NAT网络
虚拟机 centos7
kvm简介
- KVM 全称是 Kernel-Based Virtual Machine,是基于 Linux 内核实现的。完全实现了硬件虚拟化,每个虚拟机都有自己的操作系统和应用程序。这使得KVM可以模拟完整的硬件环境,适用于需要运行多个操作系统的场景。
- KVM的CPU和内存由内核模块kvm.ko管理,虚拟 CPU 和内存,磁盘和网络设备由 Linux 内核与Qemu来实现。
- KVM作为一个 Hypervisor,本身只关注虚拟机调度和内存管理这两个方面。IO 外设的任务交给 Linux 内核和 Qemu。
KVM 的管理工具Libvirt:
Libvirt可以管理 KVM 、Xen,VirtualBox 等多种Hypervisor。
Libvirt 包含 3 个东西:后台程序 libvirtd、API 库、命令行工具 virsh。
libvirtd是服务程序,接收和处理 API 请求。
API 库是对开发人员用的,可以开发出图形化管理工具,比如 virt-manager。
virsh 是KVM 命令行工具。
VMware设置及准备
首先在VMware开启cpu虚拟化
可能需要关闭CPU性能计数器,第一次打开了进去了,重启后面又报错,关掉就能进去
打开虚拟报错模块APMC启动失败
解决办法为
关闭内核隔离
关闭window 的虚拟机平台
在虚拟机中检测机器的CPU是否支持KVM。若显示结果由vmx(Intel)或svm(AMD)字样,就说明支持。
egrep -o ‘vmx|svm’ /proc/cpuinfo
以上输出四个vmx代表四核
关闭防火墙和selinux
systemctl disable --now firewalld
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
修改
vim /etc/security/limits.conf
* soft nofile 655350
* hard nofile 655350
reboot重启
VMware添加硬盘
设置中点击硬盘添加即可,类型和第一块硬盘一致
进入虚拟机设置硬盘进行挂载
首先对硬盘分区
fdisk /dev/sdb
partprobe
格式化分区
mkfs.xfs /dev/sdb1
查看挂载分区
blkid
创建挂载点
mkdir /kvm_iso
mount -a
挂载生效
桥接网卡配置
查看虚拟交换机
brctl show
[root@k8s-master01 ~]# brctl show
bridge name bridge id STP enabled interfaces
cni0 8000.de1ff7834e0d no veth5fa18edb
veth900bae1a
vethdd1bb535
docker0 8000.0242893f737c no
docker_gwbridge 8000.024227f87f3a no
virbr0 8000.525400856305 yes virbr0-nic
kvm默认使用的是NAT网卡,即virbr0
查看网卡配置
[root@k8s-master01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="2317bc0c-ff83-4f62-b737-38ff7322f5a5"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="192.168.126.21"
GATEWAY="192.168.126.2"
DNS1="192.168.126.2"
修改网卡配置添加新的桥接网卡
cp ifcfg-ens33 ifcfg-kvmbr0
修改TYPE为bridge,修改name和device
vim ifcfg-kvmbr0
TYPE="Bridge"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="kvmbr0"
UUID="481ee70c-af90-4dfd-ad74-67ad5d21a5e3"
DEVICE="kvmbr0"
ONBOOT="yes"
IPADDR="192.168.126.21"
GATEWAY="192.168.126.2"
DNS1="192.168.126.2"
原网卡修改添加bridge,删除ip设置即可
vim ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="481ee70c-af90-4dfd-ad74-67ad5d21a5e3"
DEVICE="ens33"
ONBOOT="yes"
BRIDGE="kvmbr0"
systemctl restart network
brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242aab0a812 no
docker_gwbridge 8000.02422bf9159e no
kvmbr0 8000.000c291325db no ens33
virbr0 8000.525400856305 yes virbr0-nic
安装kvm
安装必要的软件和依赖
yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
做qemu-kvm的软连接。
ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
开启libvirtd是服务程序
systemctl enable --now libvirtd
验证kvm模块是否加载
[root@k8s-master01 network-scripts]# lsmod|grep kvm
kvm_intel 188793 0
kvm 653976 1 kvm_intel
irqbypass 13503 1 kvm
查看命令行工具是否安装成功
[root@k8s-master01 network-scripts]# virsh --version
4.5.0
[root@k8s-master01 network-scripts]# virt-install --version
1.5.0
安装web管理服务
图形化管理更加只管和方便
kvm的web管理界面使用webvirtmgr程序
更新源
yum install -y epel-release
yum install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx -y
cd /usr/local/src/
git clone https://github.com/retspen/webvirtmgr.git
cd webvirtmgr/
pip install -r requirements.txt --trusted-host=pypi.python.org
导入sqlite3,默认自带,检查一下
[root@k8s-master01 webvirtmgr]# python
Python 2.7.5 (default, Nov 14 2023, 16:14:06)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
同步数据库,初始化账号
[root@k8s-master01 webvirtmgr]# ./manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'root'): admin 输入用户名
Email address: xxxx@qq.com 输入邮箱
Password: 输入密码
Password (again): 确认密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
拷贝web文件到指定目录
cp -Rv /usr/local/src/webvirtmgr /var/www/webvirtmgr
授权
chown -R nginx:nginx /var/www/webvirtmgr
对kvm服务器做ssh免密
ssh-keygen -t rsa
ssh-copy-id root@192.168.126.21 这个是目标主机ip,因为kvm和webvirtmgr可能不在一个主机
配置端口转发
ssh 192.168.126.21 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
mv /etc/nginx/nginx.conf.default /etc/nginx/nginx.conf
vim /etc/nginx/nginx.conf
添加下面这两行配置
增加文件句柄数量
worker_rlimit_nofile 655350;
模块化配置文件,可以在/etc/nginx/conf.d/目录添加多个虚拟主机配置
include /etc/nginx/conf.d/*.conf
#pid logs/nginx.pid;
#添加下面这一行
worker_rlimit_nofile 655350;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#添加下面这一行
include /etc/nginx/conf.d/*.conf;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
cat > /etc/nginx/conf.d/webvirtmgr.conf <<'EOF'
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M; # Set higher depending on your needs
}
}
EOF
systemctl restart nginx
修改/etc/supervisord.conf ,追加以下内容
cat >> /etc/supervisord.conf <<EOF
[program:webvirtmgr]
command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
EOF
启动supervisor并设置开机自启
systemctl enable --now supervisord
修改为所有主机可以访问
vim /var/www/webvirtmgr/conf/gunicorn.conf.py
#bind = '127.0.0.1:8000'
bind = '0.0.0.0:8000'
backlog = 2048
在webvirtmgr服务器生成密钥,做免密登录
kvm服务器配置 libvirt ssh授权
cat > /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla << EOF
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
EOF
修改属主属组。
chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
systemctl restart nginx
systemctl restart libvirtd
kmv管理
地址是ip后加login登录
http://192.168.126.21/login/
用户名密码用前面manage.py设置的
添加kvm node连接
新建存储池
上传镜像文件到kvm_iso目录
手动创建镜像,输入磁盘大小
创建桥接网卡
创建虚拟机
virsh基本命令
virsh list –all
Id 名称 状态
4 ubuntu running
virsh start ubuntu 开机
virsh stop ubuntu 关机
virsh destory ubuntu 强制关机,拔电源
virsh rebot ubuntu 重启
配置文件位置 /etc/libvirt/qemu/ubuntu.xml
安装vnc
yum install tigervnc-server -y
wget https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/n/novnc-1.3.0-5.el7.noarch.rpm
yum -y install novnc-1.3.0-5.el7.noarch.rpm
nohup novnc_server 192.168.126.21:59 &
问题无法解决
直接使用mobaxterm来连接VNC,端口提示为5900
使用5900端口连接即可
ubuntu kvm资源带不动,卡在安装界面,下载alpine安装
root进入
setup-alpine 进入安装
安装配置alpine
安装系统
使用以下命令安装系统
setup-alpine
网络配置必须不能出错,不然导致上不了网,然后无法装上系统,有两个软件要从网上下
ERROR:unable to select packages:
sfdisk (no such package):
required by:world[sfdisk]
syslinux (no such package):
required by:world[syslinux]
修改网络配置
vim /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.126.51/24
gateway 192.168.126.2
hostname alpine
vim /etc/resolve.conf
nameserver 192.168.126.2
/etc/init.d/networking restart
配置源
sed -i ‘s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/’ /etc/apk/repositories
apk update
软件操作
查找软件
apk search
安装 软件
apk add
查看已安装
apk info
删除软件
apk del
升级所有软件
apk upgrade
查看所有服务
rc-service --list
ssh配置
ssh服务配置为开机自动启动
rc-update add sshd
vi vim /etc/ssh/sshd_config
sshd重启
/etc/init.d/sshd restart
kvm安装win10
系统找不到硬盘,方法为下载virtio-win-0.1.215.iso
https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.215-2/virtio-win-0.1.215.iso
查看挂载
virsh domblklist win10
目标 源
vda /kvm_iso/win10.img
hda /kvm_iso/Windows 10 Enterprise LTSC 2021 (x64) – DVD (Chinese-Simplified).ISO
切换iso挂载
virsh change-media –domain win10 hda /kvm_iso/virtio-win-0.1.215.iso
点击加载驱动程序,选择win10
创建分区后,挂载回win10
virsh change-media –domain win10 hda /kvm_iso/Windows\ 10\ Enterprise\ LTSC\ 2021\ (x64)\ -\ DVD\ (Chinese-Simplified).ISO
正常安装即可
问题及解决
pip install -r requirements.txt报错
Could not fetch URL https://pypi.python.org/simple/django/: There was a problem confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618) - skipping
Could not find a version that satisfies the requirement django==1.5.5 (from -r requirements.txt (line 1)) (from versions: )
No matching distribution found for django==1.5.5 (from -r requirements.txt (line 1))
添加信任即可
pip install -r requirements.txt --trusted-host=pypi.python.org
accept: Too many open files错误
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files
访问web页面时,一直访问不了一,命令行界面一直报错too many open files,这是文件句柄数太小太导致的。
limits.conf中添加文件句柄配置,重新登录即可ulimit -a查看生效
vim /etc/security/limits.conf
* soft nofile 655350
* hard nofile 655350
nginx配置中添加worker_rlimit_nofile
vim /etc/nginx/nginx.conf
#pid /run/nginx.pid;
worker_rlimit_nofile 655350;
安装python3.8
wget https://bootstrap.pypa.io/pip/3.6/get-pip.py
python3 get-pip.py
wget https://www.python.org/ftp/python/3.8.8/Python-3.8.8.tgz
tar xf Python-3.8.8.tgz
cd Python-3.8.8/
./configure
make -j 2 && make install
默认安装在/usr/local/bin下
mv /usr/bin/python /usr/bin/python.bak
mv /usr/bin/pip /usr/bin/pip.bak
ln -s /usr/local/bin/python3 /usr/bin/python
ln -s /usr/local/bin/pip3 /usr/bin/pip
soure ~/.bashrc
pip install setuptools
rm /usr/bin/python
rm /usr/bin/pip
ln -s /usr/bin/python2.7 /usr/bin/python
ln -s /usr/bin/pip2.7 /usr/bin/pip
systemctl restart supervisord重启报错
python版本问题,指定版本
vim /usr/bin/echo_supervisord_conf
vim /usr/bin/supervisorctl
vim /usr/bin/supervisord
修改python版本
#!/usr/bin/python2.7