KVM是什么
KVM(Kernel-based Virtual Machine, 即內核級虛擬機) 是一個開源的系統虛擬化模塊。它使用Linux自身的調度器進行管理,所以相對於Xen,其核心源碼很少。
目前KVM已成為學術界的主流VMM之一,它包含一個為處理器提供底層虛擬化 可加載的核心模塊kvm.ko(kvm-intel.ko 或 kvm-amd.ko)。kvm還需要一個經過修改的QEMU
軟件(qemu-kvm),作為虛擬機上層控制和界面。KVM的虛擬化需要硬件支持(如 Intel VT技術或者AMD V技術)。是基於硬件的完全虛擬化。 KVM可以運行多個其本身運行未
改動的鏡像的虛擬機,例如Windows,Mac OS X ,每個虛擬機都有各自的虛擬硬件,比如網卡、硬盤核圖形適配器等。
KVM和QEMU的關系
QEMU是個獨立的虛擬化解決方案,從這個角度它並不依賴KVM。而KVM是另一套虛擬化解決方案,不過因為這個方案實際上只實現了內核中對處理器(Intel VT), AMD SVM)
虛擬化特性的支持,換言之,它缺乏設備虛擬化以及相應的用戶空間管理虛擬機的工具,所以它借用了QEMU的代碼並加以精簡,連同KVM一起構成了另一個獨立的虛擬化解決方案:
KVM+QEMU。
kvm相關安裝包及其作用
qemu-kvm #主要的KVM程序包
python-virtinst #創建虛擬機所需要的命令行工具和程序庫
virt-manager #GUI虛擬機管理工具
virt-top #虛擬機統計命令
virt-viewer #GUI連接程序,連接到已配置好的虛擬機
libvirt #C語言工具包,提供libvirt服務
libvirt-client #虛擬客戶機提供的C語言工具包
virt-install #基於libvirt服務的虛擬機創建命令
bridge-utils #創建和管理橋接設備的工具
centos7 安裝 VNC 環境
請參考:http://www.cnblogs.com/kevingrace/p/5821450.html
1)更改為啟動桌面或命令行模式
獲取當前系統啟動模式
[root@localhost ~]# systemctl get-default
multi-user.target
查看配置文件
[root@localhost ~]# cat /etc/inittab # inittab is no longer used when using systemd. # # ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. # # Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target # # systemd uses 'targets' instead of runlevels. By default, there are two main targets: # # multi-user.target: analogous to runlevel 3 //命令行模式 # graphical.target: analogous to runlevel 5 //圖形界面模式 # # To view current default target, run: # systemctl get-default # # To set a default target, run: # systemctl set-default TARGET.target
由命令行模式更改為圖形界面模式
[root@localhost ~]# systemctl set-default graphical.target
由圖形界面模式更改為命令行模式(
此步驟不用執行)
[root@localhost ~]# systemctl set-default multi-user.target
獲取當前系統啟動模式
[root@localhost ~]# systemctl get-default
graphical.target
2)關閉防火牆
centos的防火牆是firewalld,關閉防火牆的命令
停止firewall
[root@localhost ~]# systemctl stop firewalld.service
禁止firewall開機啟動
[root@localhost ~]# systemctl disable firewalld.service
關閉selinux
[root@ehs-rac-01 ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config [root@ehs-rac-01 ~]# setenforce 0 [root@ehs-rac-01 ~]# cat /etc/selinux/config | grep -i SELINUX= | grep -v "^#" SELINUX=disabled [root@ehs-rac-01 ~]# getenforce
3)安裝軟件
[root@localhost ~]# yum update [root@localhost ~]# yum groupinstall "GNOME Desktop" "X Window System" "Desktop" [root@localhost ~]# yum install tigervnc-server tigervnc vnc vnc-server
4)配置vnc連接
[root@localhost ~]# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service ########修改 vim /etc/systemd/system/vncserver@:1.service ########找到這一行######## ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i" PIDFile=/home/<USER>/.vnc/%H%i.pid ########這里直接用root 用戶登錄,所以我替換成######## ExecStart=/sbin/runuser -l root -c "/usr/bin/vncserver %i" PIDFile=/root/.vnc/%H%i.pid ########如果是其他用戶的話比如john替換如下######## ExecStart=/sbin/runuser -l john -c "/usr/bin/vncserver %i" PIDFile=/home/john/.vnc/%H%i.pid
由於直接root用戶登錄,所以配置如下:
[root@localhost ~]# cat /etc/systemd/system/vncserver@:1.service ......... [Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=forking # Clean any existing files in /tmp/.X11-unix environment ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' ExecStart=/usr/sbin/runuser -l root -c "/usr/bin/vncserver %i" PIDFile=/root/.vnc/%H%i.pid ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' [Install] WantedBy=multi-user.target
為VNC設密碼(比如密碼設置為123456)
[root@localhost ~]# vncpasswd Password: Verify: Would you like to enter a view-only password (y/n)? n #注意表示"是否輸入一個只能查看的密碼,選擇否",否則連接vnc會出現黑屏 A view-only password is not used [root@localhost ~]# vim /etc/libvirt/qemu.conf vnc_password = "123456" vnc_listen = "0.0.0.0"
重加載 systemd
[root@localhost ~]# systemctl daemon-reload
啟動vnc
[root@localhost ~]# systemctl enable vncserver@:1.service [root@localhost ~]# systemctl start vncserver@:1.service
注意,此處關閉了防火牆,如果防火牆開了,需要開通一下規則:
[root@localhost ~]# firewall-cmd --permanent --add-service vnc-server
[root@localhost ~]# systemctl restart firewalld.service
如果是iptable,則需要在/etc/sysconfig/iptables里添加:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5903 -j ACCEPT
關閉vnc連接
[root@localhost ~]# /usr/bin/vncserver -kill :1
測試vnc連接:
[root@localhost ~]# novnc_server --vnc 192.168.1.8:5901 --listen 6081 Warning: could not find self.pem Starting webserver and WebSockets proxy on port 6081 WebSocket server settings: - Listen on :6081 - Flash security policy server - Web server. Web root: /usr/share/novnc - No SSL/TLS support (no cert file) - proxying from :6081 to 192.168.1.8:5901 Navigate to this URL: http://kvm-server:6081/vnc.html?host=kvm-server&port=6081 #http訪問方式 Press Ctrl-C to exit
由於kvm-server的主機名對於ip是112.112.113.56,所以在瀏覽器里輸入:
http://10.0.7.100:6081/vnc.html?host=10.0.7.100&port=6081
也可以在本地windows機器上安裝vnc viewer,遠程訪問,在windows下安裝vnc客戶端,VNC遠程連接信息(下面ip是VNC服務端的地址):
VNC Server:
10.0.7.100:5901
Encrytion:Let VNC Server choose
然后輸入vncpasswd的密碼即可完成VNC遠程連接!
問題:
Could not make bus activated clients aware of XDG_CURRENT_DESKTOP=GNOME environment variable:Could not connect: Connection refused
[root@kevin ~]# cat /root/.vnc/kevin:1.log ........... ........... (imsettings-check:31898): GLib-GIO-CRITICAL **: 21:56:03.842: g_dbus_proxy_call_sync_internal: assertion 'G_IS_DBUS_PROXY (proxy)' failed GLib-GIO-Message: 21:56:03.854: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. ** (process:31798): WARNING **: 21:56:03.861: Could not make bus activated clients aware of XDG_CURRENT_DESKTOP=GNOME environment variable: Could not connect: Connection refused 原因:dbus-daemon存在沖突。 因為root系統環境中裝有anaconda,它的bin目錄中的dbus-daemon會與系統自帶的dbus-daemon沖突。 [root@kevin ~]# find / -name "dbus-daemon" /usr/bin/dbus-daemon /data/anaconda3/bin/dbus-daemon /data/anaconda3/pkgs/dbus-1.13.6-h746ee38_0/bin/dbus-daemon [root@kevin ~]# which dbus-daemon /data/anaconda3/bin/dbus-daemon 解決辦法:使用非root用戶啟動vncserver [root@kevin ~]# useradd vncuser [root@kevin ~]# echo "vncuser@123"|passwd --stdin vncuser [root@kevin ~]# vim /etc/sudoers vncuser ALL=(ALL) NOPASSWD: ALL 修改vncserver使用vncuser這個非root用戶啟動 [root@kevin ~]# cat /etc/systemd/system/vncserver@:1.service .......... .......... ExecStart=/usr/sbin/runuser -l vncuser -c "/usr/bin/vncserver %i" PIDFile=/root/.vnc/%H%i.pid 接着切入到非root用戶vncuser下啟動vncserver [root@kevin ~]# su - vncuser Last login: Tue Jul 2 22:05:38 CST 2019 on pts/2 設置vnc登錄密碼 [vncuser@kevin ~]$ vncpasswd 啟動vnc [vncuser@kevin ~]$ vncserver 查看vnc日志 [vncuser@kevin ~]$ cd .vnc/ [vncuser@kevin .vnc]$ ll total 20 -rw-r--r-- 1 vncuser vncuser 332 Jul 2 22:06 config -rw-rw-r-- 1 vncuser vncuser 1046 Jul 2 22:10 kevin:1.log -rw-rw-r-- 1 vncuser vncuser 5 Jul 2 22:06 kevin:1.pid -rw------- 1 vncuser vncuser 8 Jul 2 22:06 passwd -rwxr-xr-x 1 vncuser vncuser 112 Jul 2 22:06 xstartup [vncuser@kevin .vnc]$ cat kevin\:1.log Xvnc TigerVNC 1.8.0 - built Nov 2 2018 19:05:14 Copyright (C) 1999-2017 TigerVNC Team and many others (see README.txt) See http://www.tigervnc.org for information on TigerVNC. Underlying X server release 12001000, The X.Org Foundation Tue Jul 2 22:06:26 2019 vncext: VNC extension running! vncext: Listening for VNC connections on all interface(s), port 5901 vncext: created VNC server for screen 0 touch: cannot touch ‘/home/vncuser/.cache/imsettings/log’: No such file or directory Tue Jul 2 22:06:30 2019 ComparingUpdateTracker: 0 pixels in / 0 pixels out ComparingUpdateTracker: (1:-nan ratio) Tue Jul 2 22:10:22 2019 Connections: accepted: 192.168.1.200::56162 Tue Jul 2 22:10:23 2019 Connections: closed: 192.168.1.200::56162 (reading version failed: not an RFB client?) EncodeManager: Framebuffer updates: 0 EncodeManager: Total: 0 rects, 0 pixels EncodeManager: 0 B (1:-nan ratio) ComparingUpdateTracker: 0 pixels in / 0 pixels out ComparingUpdateTracker: (1:-nan ratio)
安裝kvm
1)檢查cpu是否支持虛擬化
[root@localhost ~]# grep vmx /proc/cpuinfo #如果有vmx信息輸出,就說明支持VT;如果沒有任何的輸出,說明你的cpu不支持,將無法使用KVM虛擬機。
2)確保BIOS里開啟虛擬化功能,即查看是否加載KVM模塊
[root@localhost ~]# lsmod | grep kvm kvm_intel 188683 6 kvm 621392 1 kvm_intel irqbypass 13503 3 kvm ========================================================= #如果沒有加載,運行以下命令: [root@localhost ~]# modprobe kvm [root@localhost ~]# modprobe kvm-intel [root@localhost ~]# lsmod | grep kvm kvm_intel 170086 0 kvm 566340 1 kvm_intel irqbypass 13503 1 kvm ========================================================= #內核模塊導出了一個名為/dev/kvm的設備,這個設備將虛擬機的的地址空間獨立於內核或者任何應用程序的地址空間。 [root@localhost ~]# ll /dev/kvm crw-rw-rw-+ 1 root kvm 10, 232 9月 4 13:59 /dev/kvm
3)橋接網絡
如果沒有brctl命令(用來管理網橋的工具),則需要安裝bridge-utils
[root@localhost ~]# yum -y install bridge-utils [root@localhost ~]# systemctl restart network
配置KVM的網橋模式
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp ifcfg-em1 ifcfg-br0 [root@localhost network-scripts]# cat ifcfg-br0 TYPE=Bridge #這一行修改為Bridge PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=no IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=br0 #修改設備名稱為br0 #UUID=12609bab-f8f0-46d0-bc6c-13c6773df04f #這一行注釋 DEVICE=br0 #修改設備為br0 ONBOOT=yes DELAY=0 IPADDR=10.0.7.100 NETMASK=255.255.255.0 GATEWAY=10.0.7.1 DNS1=114.114.114.114 [root@localhost network-scripts]# cat ifcfg-em1 TYPE=Ethernet BRIDGE=br0 #添加這一行 PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=no IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=em1 UUID=12609bab-f8f0-46d0-bc6c-13c6773df04f DEVICE=em1 ONBOOT=yes #IPADDR=10.0.7.100 #注釋掉這幾行 #NETMASK=255.255.255.0 #GATEWAY=10.0.7.1 #dns1=114.114.114.114
重啟網卡服務
[root@localhost network-scripts]# systemctl restart network
查看網卡
[root@localhost network-scripts]# brctl show bridge name bridge id STP enabled interfaces br0 8000.44a8422bfad4 no em1 virbr1 8000.525400535018 yes virbr1-nic
查看ip信息
[root@localhost network-scripts]# ifconfig |head -20 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.7.100 netmask 255.255.255.0 broadcast 10.0.7.255 inet6 fe80::46a8:42ff:fe2b:fad4 prefixlen 64 scopeid 0x20<link> ether 44:a8:42:2b:fa:d4 txqueuelen 1000 (Ethernet) RX packets 38776 bytes 1901003 (1.8 MiB) RX errors 0 dropped 486 overruns 0 frame 0 TX packets 30650 bytes 14303961 (13.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 44:a8:42:2b:fa:d4 txqueuelen 1000 (Ethernet) RX packets 73991 bytes 5250039 (5.0 MiB) RX errors 0 dropped 320 overruns 0 frame 0 TX packets 71210 bytes 37997234 (36.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 16 em2: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 44:a8:42:2b:fa:d5 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) [root@localhost network-scripts]# ping www.baidu.com PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data. 64 bytes from 61.135.169.121 (61.135.169.121): icmp_seq=1 ttl=51 time=8.07 ms 64 bytes from 61.135.169.121 (61.135.169.121): icmp_seq=2 ttl=51 time=7.94 ms
4)安裝libvirt及kvm
libvirt是管理虛擬機的API庫,不僅支持KVM虛擬機,也可以管理Xen等方案下的虛擬機。
[root@localhost ~]# yum -y install libcanberra-gtk2 qemu-kvm.x86_64 \
qemu-kvm-tools.x86_64 libvirt.x86_64 libvirt-cim.x86_64 \
libvirt-client.x86_64 libvirt-java.noarch libvirt-python.x86_64 \
libiscsi-1.7.0-5.el6.x86_64 dbus-devel virt-clone tunctl \
virt-manager libvirt libvirt-python python-virtinst
由於要用virt-manager圖形化安裝虛擬機,所以還需要安裝X-window(這個在前面部署VNC環境里就已經安裝了)
[root@localhost ~]# yum groupinstall "X Window System"
安裝中文字符,解決界面亂碼問題
[root@localhost ~]# yum install -y dejavu-lgc-sans-fonts [root@localhost ~]# yum groupinstall -y "Fonts"
啟用libvirt
[root@localhost ~]# systemctl enable libvirtd
[root@localhost ~]# systemctl start libvirtd
使用virt-manager管理kvm(通過VNC連接服務器)
提前將ISO系統鏡像存放到服務器的一個目錄里,比如/opt/iso
[root@openstack ~]# mkdir /opt/iso [root@localhost ~]# ll /opt/iso/ 總用量 3704832 -rw-r--r--. 1 qemu qemu 3793747968 9月 3 20:28 rhel-server-7.3-x86_64-dvd.iso
開始安裝 rhel-server-7.3 虛擬機系統
網絡和主機名配置
解決KVM虛擬機在使用vnc連接時鼠標不同步的問題
在VNC界面中感覺virt-manager管理的虛擬機界面總是鼠標跟不上,指到哪兒也看不出來,界面上一直顯示press control_l+a/t_l來移動鼠標!十分郁悶!
想要修改鼠標和宿主機界面同步方法如下:
[root@openstack ~]# cd /etc/libvirt/qemu [root@openstack qemu]# ls networks test-win2008.xml [root@openstack qemu]# cp test-win2008.xml /opt/ [root@openstack qemu]# vim test-win2008.xml //在<devices>標簽中添加下面這段配置 <devices> ...... <input type='tablet' bus='usb'/> //即添加這句話即可! ...... </devices> [root@openstack qemu]# virsh define /etc/libvirt/qemu/test-win2008.xml 定義域 test-win2008(從 /etc/libvirt/qemu/test-win2008.xml)