使用Wok管理kvm虚拟机
【Centos7.4】
!!!测试环境我们首关闭防火墙和selinux
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld [root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config [root@localhost ~]# setenforce 0
一:首先为KVM环境做准备工作
1、检查cpu是否支持虚拟化
[root@localhost ~]# cat /proc/cpuinfo | grep vmx flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand hypervisor lahf_lm abm 3dnowprefetch tpr_shadow vnmi ept vpid fsgsbase tsc_adjust smep invpcid rdseed smap clflushopt xsaveopt xsavec arat flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand hypervisor lahf_lm abm 3dnowprefetch tpr_shadow vnmi ept vpid fsgsbase tsc_adjust smep invpcid rdseed smap clflushopt xsaveopt xsavec arat
如果有vmx信息输出,就说明支持虚拟化;如果没有任何的输出,说明你的cpu不支持,将无法使用KVM虚拟机;(如果用的是AMD的处理器,将后面的VMX换成SVM)
由于我是在虚拟机上测试的。只需将虚拟化引擎下面的三个选项打勾就可以了(说白了,就是在虚拟机里面再装虚拟机——简称:虚拟机中的虚拟机)
2、确保BIOS里开启虚拟化功能——查看是否加载KVM模块
[root@localhost ~]# lsmod | grep kvm kvm_intel 170086 0 kvm 566340 1 kvm_intel irqbypass 13503 1 kvm
- 如果没有加载出来,运行以下命令重试
[root@localhost ~]# modprobe kvm [root@localhost ~]# modprobe kvm-intel [root@localhost ~]# lsmod | grep kvm kvm_intel 170086 0 kvm 566340 1 kvm_intel irqbypass 13503 1 kvm
3、部署桥接网络
1️⃣:在KVM里面需要用到桥接网络的管理工具:brctl ; 需要安装:bridge-utils安装包
[root@localhost ~]# yum install -y bridge-utils [root@localhost ~]# systemctl restart networker
2️⃣:配置KVM网桥模式
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp ifcfg-ens32 ifcfg-br0 [root@localhost network-scripts]# cat ifcfg-ens32 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none //改成静态 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens32 UUID=e916ebc7-5a6c-4711-a86b-0c2fc928c9b1 DEVICE=ens32 ONBOOT=yes BRIDGE=br0 //添加BRIDGE
[root@localhost network-scripts]# cat ifcfg-br0 TYPE=Bridge //将Ethernet换成Bridge PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none //换成静态 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=br0 //NAME换成设备名称br0 DEVICE=br0 //DEVICE同样换成设备名称br0 ONBOOT=yes IPADDR=192.168.0.123 //IP、掩码、网关、DNS根据自己的实际情况写 NETMASK=255.255.255.0 GATEWAY=192.168.0.1 DNS1=8.8.8.8 //复制过来的ifcfg-br0里面会有一个UUID这个可以注释,也可以删除;IPV6也可以注释或者删除,我只删除了UUID。
3️⃣:重启网络服务后查看网卡的配置信息:
[root@localhost network-scripts]# systemctl restart network [root@localhost network-scripts]# ifconfig br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.123 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 fe80::b086:e52c:8183:73c5 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:b5:00:34 txqueuelen 1000 (Ethernet) RX packets 35 bytes 2290 (2.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 39 bytes 3186 (3.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 00:0c:29:b5:00:34 txqueuelen 1000 (Ethernet) RX packets 23308 bytes 30757732 (29.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11549 bytes 1073445 (1.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 88 bytes 7632 (7.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 88 bytes 7632 (7.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4️⃣:测试br0网卡是否可以访问外网:
[root@localhost network-scripts]# ping -c 3 www.baidu.com PING www.wshifen.com (104.193.88.123) 56(84) bytes of data. 64 bytes from 104.193.88.123 (104.193.88.123): icmp_seq=1 ttl=47 time=255 ms 64 bytes from 104.193.88.123 (104.193.88.123): icmp_seq=2 ttl=47 time=264 ms 64 bytes from 104.193.88.123 (104.193.88.123): icmp_seq=3 ttl=45 time=320 ms --- www.wshifen.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 255.984/280.383/320.188/28.384 ms
二、安装libvirt及其他的KVM所需要的安装包
[root@localhost ~]# yum install –y libvirt virt-* qemu-* [root@localhost ~]# systemctl start libvirtd [root@localhost ~]# systemctl enable libvirtd //由于包很多,这样方便,就是安装时间太长
1 libvirt C语言工具包,提供libvirt服务 2 qemu-kvm 主要的KVM程序包 3 virt-manager GUI虚拟机管理工具 4 qemu-img 虚拟磁盘创建命令 5 virt-viewer GUI连接程序,连接到已配置好的虚拟机 6 libvirt-client 虚拟客户机提供的C语言工具包 7 virt-install 基于libvirt服务的虚拟机创建命令 8 bridge-utils 创建和管理桥接设备的工具
三、安装Web界面管理工具
- Kimchi是一个基于HTML5的KVM管理工具,是Wok的一个插件(使用Kimchi前一定要先安装了wok),通过Kimchi可以更方便的管理KVM
[root@localhost ~]# yum install -y wget [root@localhost ~]# wget https://github.com/kimchi-project/wok/releases/download/2.5.0/wok-2.5.0-0.el7.centos.noarch.rpm [root@localhost ~]# wget https://github.com/kimchi-project/kimchi/releases/download/2.5.0/kimchi-2.5.0-0.el7.centos.noarch.rpm [root@localhost ~]# ls anaconda-ks.cfg kimchi-2.5.0-0.el7.centos.noarch.rpm wok-2.5.0-0.el7.centos.noarch.rpm [root@localhost ~]# yum install -y wok-2.5.0-0.el7.centos.noarch.rpm [root@localhost ~]# yum install -y kimchi-2.5.0-0.el7.centos.noarch.rpm [root@localhost ~]# systemctl start wokd [root@localhost ~]# systemctl enable wokd [root@localhost ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 17591/nginx: master tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 4783/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1055/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1155/master tcp 0 0 127.0.0.1:64667 0.0.0.0:* LISTEN 17601/python2 tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 17591/nginx: master tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 17591/nginx: master tcp 0 0 127.0.0.1:8010 0.0.0.0:* LISTEN 17594/python2 tcp6 0 0 :::80 :::* LISTEN 17591/nginx: master tcp6 0 0 :::22 :::* LISTEN 1055/sshd tcp6 0 0 ::1:25 :::* LISTEN 1155/master udp 0 0 192.168.122.1:53 0.0.0.0:* 4783/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 4783/dnsmasq udp 0 0 127.0.0.1:323 0.0.0.0:* 682/chronyd udp6 0 0 ::1:323 :::* 682/chronyd
四、浏览器上操作
-
地址栏输入:ip:8000(第一次可能会出现提示不是私密连接,会有安全隐患之类的提示,这个不用管,继续访问就行)