1 基础环境规划
1.1 主机环境规划
系统版本 | 主机名 | IP地址 | 内存 | 磁盘 |
CentOS6.9 | kvm-node1 | 10.0.0.200 | 2G | 20G |
CentOS6.9 | kvm-node2 | 10.0.0.201 | 2G | 20G |
CentOS6.9 | kvm-manager | 10.0.0.210 | 2G | 20G |
CentOS6.9 | nfs01 | 10.0.0.31 | 2G | 20G |
1.2 Linux系统基础优化
#更改主机名
[root@kvm-node1 ~]# hostname
kvm-node1
#查看系统内核版本
[root@kvm-node1 ~]# uname -r
2.6.32-696.el6.x86_64
#查看selinux状态
[root@kvm-node1 ~]# getenforce
Disabled
#查看防火墙iptables状态
[root@kvm-node1 ~]# /etc/init.d/iptables status
iptables: Firewall is not running.
#查看本地hosts解析
[root@kvm-node1 ~]# cat /etc/hosts
10.0.0.200 kvm-node1
10.0.0.201 kvm-node2
10.0.0.210 kvm-manager
10.0.0.31 nfs01
1.3 检查虚拟化支持是否开启
#执行以下命令输出结果中包好vmx则表示已经开启,没有任何输出则表示没有启用
[root@kvm-node1 ~]# grep -E 'vmx|svm' /proc/cpuinfo
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc up arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ida arat xsaveopt pln pts dtherm hwp hwp_noitfy hwp_act_window hwp_epp tpr_shadow vnmi ept vpid fsgsbase bmi1 avx2 smep bmi2 invpcid rdseed adx
#VMware Workstation虚拟机开启虚拟化支持方法如下:
1.4 安装KVM虚拟化软件
#KVM虚拟化组件说明
Ø qemu虚拟化软件,可以虚拟不同的IO设备,如网卡、声卡、显卡等
Ø libvirt 用于管理kvm虚拟机的工具
Ø virt-install 命令行安装虚拟机工具
Ø virt-manager 图形化管理虚拟机工具
Ø openssh-askpass 远程连接kvm主机
#KVM软件安装命令
[root@kvm-node1 ~]# yum install qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install openssh-askpass -y
# kvm是linux内核的一个模块,验证KVM模块是否加载到linux内核
[root@kvm-node1 ~]# lsmod | grep kvm
kvm_intel 55432 0
kvm 346318 1 kvm_intel
1.5 启动libvirtd服务并添加开机自启动
[root@kvm-node1 ~]# /etc/init.d/libvirtd start
Starting libvirtd daemon:
[root@kvm-node1 ~]# /etc/init.d/libvirtd status
libvirtd (pid 1649) is running...
[root@kvm-node1 ~]# chkconfig --list libvirtd
libvirtd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
1.6 开启ipv4路由转发(NAT模式必选,网桥模式略过)
#修改/etc/sysctl.conf配置文件net.ipv4.ip_forward = 1
[root@kvm-node1 ~]# sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf
#更改linux内核使其立即生效
[root@kvm-node1 ~]# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
1.7 配置网络(网桥模式生产环境)
# 修改网卡配置文件NM_CONTROLLED=no,使其不受NetworkManager控制
[root@kvm-node1 ~]# sed -i 's#NM_CONTROLLED=yes#NM_CONTROLLED=no#g' /etc/sysconfig/network-scripts/ifcfg-eth0
[root@kvm-node1 ~]# sed -i 's#NM_CONTROLLED=yes#NM_CONTROLLED=no#g' /etc/sysconfig/network-scripts/ifcfg-eth1
#创建br0网桥配置文件,并设置网卡eth0桥接到网桥br0上
[root@kvm-node1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BRIDGE=br0
[root@kvm-node1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.0.0.200
NETMASK=255.255.255.0
GATEWAY=10.0.0.1
DNS1=114.114.114.114
DNS2=223.5.5.5
[root@kvm-node1 ~]# /etc/init.d/network restart
1.8 查看网桥br0配置完成后的网络信息
[root@kvm-node1 ~]# ifconfig
br0 Link encap:Ethernet HWaddr 00:0C:29:E2:34:26
inet addr:10.0.0.200 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fee2:3426/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:224 errors:0 dropped:0 overruns:0 frame:0
TX packets:143 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17610 (17.1 KiB) TX bytes:27692 (27.0 KiB)
eth0 Link encap:Ethernet HWaddr 00:0C:29:E2:34:26
inet6 addr: fe80::20c:29ff:fee2:3426/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31570 errors:0 dropped:0 overruns:0 frame:0
TX packets:18074 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:40885315 (38.9 MiB) TX bytes:1455107 (1.3 MiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:E2:34:30
inet addr:172.16.1.200 Bcast:172.16.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fee2:3430/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:180 (180.0 b) TX bytes:3312 (3.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
virbr0 Link encap:Ethernet HWaddr 52:54:00:80:89:7B
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
1.9 显示当前系统网桥信息
[root@kvm-node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c29e23426 no eth0
virbr0 8000.52540080897b yes virbr0-nic
2 NFS存储挂载
2.1 安装NFS、rpcbind服务
[root@kvm-node1 ~]# rpm -qa nfs-utils rpcbind
rpcbind-0.2.0-16.el6.x86_64
nfs-utils-1.2.3-78.el6.x86_64
[root@kvm-node1 ~]# yum install nfs-utils rpcbind -y
2.2 启动rpcbind服务并添加开机自启动
[root@kvm-node1 ~]# /etc/init.d/rpcbind start
Starting rpcbind: [ OK ]
[root@kvm-node1 ~]# chkconfig rpcbind on
2.3 打印rpc信息
[root@kvm-node1 ~]# rpcinfo -p localhost
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
2.4 挂载NFS共享目录
#显示NFS服务器上的挂载信息
[root@kvm-node1 ~]# showmount -e 10.0.0.31
Export list for 10.0.0.31:
/mirror 10.0.0.0/24
/images 10.0.0.0/24
#创建相应的挂载目录
[root@kvm-node1 ~]# mkdir /mirror
[root@kvm-node1 ~]# mkdir /images
#执行挂载命令
[root@kvm-node1 ~]# mount -t nfs 10.0.0.31:/mirror /mirror/
[root@kvm-node1 ~]# mount -t nfs 10.0.0.31:/images /images/
#显示当前系统挂载信息
[root@kvm-node1 ~]# df -h | grep -E "mirror|images"
10.0.0.31:/mirror 18G 7.1G 9.2G 44% /mirror
10.0.0.31:/images 18G 7.1G 9.2G 44% /images
#设置nfs网络文件系统开机自动挂载
[root@kvm-node1 ~]# echo "#share system mirror by wolf_dreams at 2018-8-01" >> /etc/rc.d/rc.local
[root@kvm-node1 ~]# echo "mount -t nfs 10.0.0.31:/mirror /mirror/" >> /etc/rc.d/rc.local
[root@kvm-node1 ~]# echo "mount -t nfs 10.0.0.31:/images /images/" >> /etc/rc.d/rc.local
#验证/etc/rc.d/rc.local文件中nfs挂载是否写入成功
[root@kvm-node1 ~]# tail -2 /etc/rc.d/rc.local
mount -t nfs 10.0.0.31:/mirror /mirror/
mount -t nfs 10.0.0.31:/images /images/
3 创建kvm虚拟机
3.1 创建虚拟机磁盘
#kvm虚拟机的磁盘格式支持两种raw(固定大小)、qcow2(精简模式)
[root@kvm-node1 ~]# qemu-img create -f qcow2 /images/VM-Centos.img 5G
Formatting '/images/VM-Centos.img', fmt=qcow2 size=5368709120 encryption=off cluster_size=65536
3.2 创建虚拟机实例
#参数说明
--virt-type:指定虚拟机类型(kvm、qemu、xen)
--os-type:指定虚拟机操作系统类型(linux、windows)
--name:指定虚拟机名称
--raw:指定虚拟机使用内存大小
--cpu:指定cpu的核数(默认为1)
--cdrom:指定虚拟机安装的ISO镜像
--disk:指定虚拟机数据存储磁盘格式(raw、qcow2)、存放位置、大小、磁盘接口类型等
--network:指定虚拟机网络类型, 默认nat,生产环境常用bridge
--graphics:指定虚拟机可连接方式, 比如VNC、监听IP、VNC连接端口等
--noautoconsole:不连接虚拟机图形界面控制台
#操作命令
[root@kvm-node1 ~]# virt-install --name VM-Centos --os-type=linux --virt-type kvm --ram 1024 --cdrom=/mirror/CentOS-6.9-x86_64-bin-DVD1.iso --disk path=/images/VM-Centos.img,format=qcow2,size=5,bus=scsi --network bridge=br0 --graphics vnc,listen=0.0.0.0,port=5901 --noautoconsole
Starting install...
Creating domain... | 0 B 00:00
Domain installation still in progress. You can reconnect to
the console to complete the installation process.
#特别提示
使用--disk参数时,一定要指定磁盘的格式、接口类型、大小,如果不明确制定安装操作系统的时候识别的磁盘空间为0,不能安装操作系统;安装Centos6.9最小内存要设置为1G,要不安装操作系统的时候会进入文本模式而不是图形安装模式
3.3 使用vnc客户端连接KVM虚拟机,进行操作系统安装
#vnc客户端连接kvm虚拟机出现报错如下(原因可能是数据溢出导致):
#解决办法(调试图形质量为Low或者High模式多试几次即可解决):
3.4 开始安装Centos操作系统
#省略余下的安装过程,新入门的linux人员自行百度相关安装步骤
3.5 SecureCRT使用virt-manager管理虚拟机
3.5.1 安装X11相关软件
[root@kvm-node1 ~]# yum install -y xorg-x11-font-utils.x86_64
xorg-x11-server-utils.x86_64 xorg-x11-utils.x86_64 xorg-x11-xauth.x86_64 xorg-x11-xinit.x86_64
3.5.2 查询X11相关软件包
[root@kvm-node1 ~]# rpm -qa | grep xorg-x11
xorg-x11-xauth-1.0.9-1.el6.x86_64
xorg-x11-server-utils-7.7-14.el6.x86_64
xorg-x11-xinit-1.0.9-14.el6.x86_64
xorg-x11-font-utils-7.2-11.el6.x86_64
xorg-x11-utils-7.5-14.el6.x86_64
3.5.3 SSH服务端开启SSH隧道转发X11
#修改/etc/ssh/sshd_config配置文件X11Forwarding no为X11Forwarding yes
[root@kvm-node1 ~]# sed -i 's#X11Forwarding no#X11Forwarding yes#g' /etc/ssh/sshd_config
[root@kvm-node1 ~]# grep "X11Forwarding*" /etc/ssh/sshd_config
#X11Forwarding no
X11Forwarding yes
# X11Forwarding no
#重启SSH服务
[root@kvm-node1 ~]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
3.5.4 在客户端机器上安装Xming
Xming下载地址:
Xming安装方法:windows系统上双击安装即可
3.5.5 设置SecureCRT转发
#在SSH服务端上验证转发设置是否成功
[root@kvm-node1 ~]# echo $DISPLAY
localhost:12.0
3.5.6 在SSH服务端运行virt-manager命令
#virt-manager出现乱码现象
#解决virt-manager乱码方法
[root@kvm-node1 ~]# yum list dejavu-lgc-sans-fonts -y
#再次运行virt-manager
#至此我们可以使用在不安装图形化界面也能使用图形化管理kvm虚拟机了
4 KVM管理工具之Webvirtmgr实战
4.1 基础环境介绍
#系统基本设置
[root@kvm-manager ~]# cat /etc/redhat-release
CentOS release 6.9 (Final)
[root@kvm-manager ~]# uname -r
2.6.32-696.el6.x86_64
[root@kvm-manager ~]# hostname
kvm-manager
[root@kvm-manager ~]# getenforce
Disabled
[root@kvm-manager ~]# /etc/init.d/iptables status
iptables: Firewall is not running.
[root@kvm-manager ~]# for i in `echo -e "0\n1"`;do echo -n eth$i:;ifconfig eth$i | awk -F '[ :]+' 'NR==2{print $4}';done
eth0:10.0.0.210
eth1:172.16.1.210
#开启yum源包缓存
[root@kvm-manager ~]# vi /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1
debuglevel=2
logfile=/var/log/yum.log
4.2 安装webvirtmgr软件包
[root@kvm-manager ~]# yum -y install http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
[root@kvm-manager ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx
4.3 安装python需求并设置Django环境
[root@kvm-manager ~]# git clone git://github.com/retspen/webvirtmgr.git
Initialized empty Git repository in /root/webvirtmgr/.git/
remote: Counting objects: 5730, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 5730 (delta 1), reused 0 (delta 0), pack-reused 5724
Receiving objects: 100% (5730/5730), 3.01 MiB | 131 KiB/s, done.
Resolving deltas: 100% (3686/3686), done.
[root@kvm-manager ~]cd webvirtmgr
[root@kvm-manager webvirtmgr]# pip install -r requirements.txt
[root@kvm-manager webvirtmgr]# ./manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
#输入用户信息:
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'root'): root #输入用户名
Email address: gh1578@qq.com #输入自己的邮箱账户
Password: #输入你的用户登录密码
Password (again): #再次确认登录密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
[root@kvm-manager webvirtmgr]# ./manage.py collectstatic
#创建额外的超级用户
[root@kvm-manager webvirtmgr]# ./manage.py createsuperuser
WARNING:root:No local_settings file found.
Username: admin #输入超级用户名
Email address: gh1578@qq.com #输入你的邮箱
Password: #输入超级用户的登录密码
Password (again): #再次确认密码
Superuser created successfully.
#修改额外超级用户密码
[root@kvm-manager webvirtmgr]# ./manage.py changepassword admin
WARNING:root:No local_settings file found.
Changing password for user 'admin'
Password:
Password (again):
Password changed successfully for user 'admin'
4.4 配置nginx
[root@kvm-manager webvirtmgr]# cd ..
[root@kvm-manager ~]# mkdir -pv /var/www
mkdir: created directory `/var/www'
[root@kvm-manager ~]# mv webvirtmgr/ /var/www/
#添加文件webvirtmgr.conf中/etc/nginx/conf.d目录中
[root@kvm-manager ~]# cd /etc/nginx/conf.d/
[root@kvm-manager conf.d]# vim webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M; # Set higher depending on your needs
}
}
#启动nginx服务报错如下:
[root@kvm-manager nginx]# /etc/init.d/nginx start
Starting nginx: nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/conf.d/webvirtmgr.conf:2
[FAILED]
#报错原因:在/etc/nginx/conf.d/目录存在nginx服务默认的配置文件,从而引起冲突,导致nginx服务启动失败
[root@kvm-manager conf.d]# ls -ld default.conf.bak
-rw-r--r-- 1 root root 451 Oct 31 2016 default.conf
#解决办法:
[root@kvm-manager conf.d]# mv default.conf{,.bak}
[root@kvm-manager conf.d]# ls -ld default.conf*
-rw-r--r-- 1 root root 451 Oct 31 2016 default.conf.bak
#启动nginx服务并设置开机自启动
[root@kvm-manager ~]# /etc/init.d/nginx status
nginx is stopped
[root@kvm-manager ~]# /etc/init.d/nginx start
Starting nginx: [ OK ]
[root@kvm-manager ~]# chkconfig nginx on
#查看nginx端口是否正常开通
[root@kvm-manager ~]# lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 25044 root 6u IPv4 63052 0t0 TCP *:http (LISTEN)
nginx 25046 nginx 6u IPv4 63052 0t0 TCP *:http (LISTEN)
#设置/var/www/webvirtmgr目录属主与属组权限为nginx
[root@kvm-manager ~]# chown -R nginx:nginx /var/www/webvirtmgr/
[root@kvm-manager ~]# ls -ld /var/www/webvirtmgr/
drwxr-xr-x 21 nginx nginx 4096 Aug 4 16:39 /var/www/webvirtmgr/
4.5 配置Supervisor
#编辑/etc/supervisord.conf配置文件,在该文件尾部添加以下内容
[root@kvm-manager ~]# vim /etc/supervisord.conf
[program:webvirtmgr]
command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/superviso
4.6 启动supervisord服务并设置开机自启动
[root@kvm-manager ~]# /etc/init.d/supervisord status
supervisord is stopped
[root@kvm-manager ~]# /etc/init.d/supervisord start
Starting supervisord: [ OK ]
[root@kvm-manager ~]# chkconfig supervisord on
#查看supervisord服务是否正常运行
[root@kvm-manager ~]# ps -ef | grep supervisord | grep -v grep
root 25421 1 0 19:01 ? 00:00:03 /usr/bin/python /usr/bin/supervisord
4.7 调试webvirtmgr方法
[root@kvm-manager ~]# cd /var/www/webvirtmgr/
[root@kvm-manager webvirtmgr]# ./manage.py runserver
WARNING:root:No local_settings file found.
WARNING:root:No local_settings file found.
Validating models...
0 errors found
August 04, 2018 - 16:47:44
Django version 1.5.5, using settings 'webvirtmgr.settings'
Development server is running at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
Error: That port is already in use.
4.8 打开webvirtmgr web登录页面
1、在浏览器中输入
2、在浏览器中输入
#修改/var/www/webvirtmgr/conf/gunicorn.conf.py配置文件中bind = '127.0.0.1:8000'为
bind = '0.0.0.0:8000'即可
[root@kvm-manager ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
#bind = '127.0.0.1:8000'
bind = '0.0.0.0:8000'
#重启supervisord服务
[root@kvm-manager ~]# /etc/init.d/supervisord restart
Stopping supervisord: [ OK ]
Starting supervisord: [ OK ]
4.9 添加KVM主机(TCP连接方式)
4.9.1 在webvirtmgr服务端主机上验证KVM主机信息
[root@kvm-manager ~]# virsh -c qemu+tcp://10.0.0.200/system nodeinfo
CPU model: x86_64
CPU(s): 1
CPU frequency: 2501 MHz
CPU socket(s): 1
Core(s) per socket: 1
Thread(s) per core: 1
NUMA cell(s): 1
Memory size: 1004112 KiB
4.9.2 在webvirtmgr服务端上验证KVM主机报错解决方法
#出现报错如下
[root@kvm-manager ~]# virsh -c qemu+tcp://10.0.0.200/system nodeinfo
error: unable to connect to server at '10.0.0.200:16509': No route to host
error: failed to connect to the hypervisor
#问题原因及解决办法
1、KVM宿主机防火墙阻挡16509端口
方法一(关闭防火墙):
/etc/init.d/iptables stop
chkconfig iptables off
方法二(添加防火墙放行16509端口规则):
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 16509 -j ACCEPT
/etc/init.d/iptables save
2、KVM宿主机tcp监听端口没有启用
#去掉/etc/sysconfig/libvirtd文件中以下内容的注释,使libvirtd服务处于监听状态
[root@kvm-node1 ~]# vim /etc/sysconfig/libvirtd
LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf
LIBVIRTD_ARGS="--listen"
#修改/etc/libvirt/libvirtd.conf文件中以下内容的注释,使libvirtd服务允许tcp方式通讯
[root@kvm-node1 ~]# vim /etc/libvirt/libvirtd.conf
listen_tls = 0 #取消CA认证
listen_tcp = 1 #允许tcp监听
tcp_port = "16509" #开放tcp端口
listen_addr = "0.0.0.0" #修改监听地址为0.0.0.0
auth_tcp = "none" #修改tcp认证为none;如果auth_tcp = "sasl"则tcp方法连接采用sasl方式认证
#重启libvirtd服务
[root@kvm-node1 ~]# /etc/init.d/libvirtd restart
Stopping libvirtd daemon: [ OK ]
Starting libvirtd daemon: [ OK ]
#查看libvirtd服务运行进程状态
[root@kvm-node1 ~]# ps aux | grep libvirtd | grep -v grep
root 17418 0.0 0.7 494124 7036 ? Sl 22:53 0:00 libvirtd --daemon --config /etc/libvirt/libvirtd.conf --listen
#查看libvirtd服务运行相应端口
[root@kvm-node1 ~]# netstat -lntp | grep 16509
tcp 0 0 0.0.0.0:16509 0.0.0.0:* LISTEN 17418/libvirtd
#再次在webvirtmgr主机上执行验证KVM宿主机命令,正常打印KVM宿主机基本硬件信息
[root@kvm-manager ~]# virsh -c qemu+tcp://10.0.0.200/system nodeinfo
4.9.3 基于TCP认证采用sasl加密添加特定用户
提示说明:如果auth_tcp = "sasl"则tcp方式连接则采用sasl方式认证,所以要执行以
下saslpasswd2的命令来创建账户,如果为auth_tcp = "none"则可以直接使用kvm宿主机本地的账户以tcp方式添加到webvirtmgr进行管理
#使用saslpasswd2命令添加账户
[root@kvm-node1 ~]# saslpasswd2 -a libvirt gandalf #在KVM宿主机上创建用户gandalf
Password: #输入gandalf密码
Again (for verification): #再次确认gandalf密码
#使用sasldblistusers2命令查看创建的账户
[root@kvm-node1 ~]# sasldblistusers2 -f /etc/libvirt/passwd.db
gandalf@kvm-node1: userPassword
#使用saslpasswd2命令带-d参数禁用用户访问权限
[root@kvm-node1 ~]# saslpasswd2 -a libvirt -d Gandalf
#在webvirtmgr服务端主机上进行验证测试
[root@kvm-manager ~]# virsh -c qemu+tcp://10.0.0.200/system nodeinfo
Please enter your authentication name: gandalf
Please enter your password:
CPU model: x86_64
CPU(s): 1
CPU frequency: 2501 MHz
CPU socket(s): 1
Core(s) per socket: 1
Thread(s) per core: 1
NUMA cell(s): 1
Memory size: 1004112 KiB
4.9.4 在webvirtmgr web页面添加KVM主机
4.9.4.1 TCP连接方式添加
4.9.4.2 添加KVM主机完成
4.9.4.3 管理KVM主机所有信息
5 KVM虚拟化故障案例
5.1 案例一:virsh shutdown VM-name无法关闭虚拟机
问题描述:
通过kvm虚拟化安装虚拟机,通过virsh shutdown VM-name命令关闭虚拟机,命令已经执行成功,但是通过virsh list --all 查看虚拟机状态仍然处于running,只能通过virsh destroy命令强制关闭
解决办法:
在虚拟机上执行以下命令:
yum install acpid -y
/etc/init.d/acpid start
chkconfig acpid on
验证效果:
再次执行virsh shutdown VM-name命令成功关闭虚拟机
5.2 案例二:KVM虚拟机在使用vnc连接时鼠标不同步
解决办法:
virsh edit VM-name
<input type='mouse' bus='ps2'/> 改成 <input type=’tablet’ bus=’usb’/>
(该句位于<devices>配置中)
input元素:input元素含有一个强制的属性,type属性的值可以是mouse或者tablet,前者使用相对运动,后者使用绝对运动。bus属性指定一个明确的设备类型,值可以是:xen、ps2、usb。