云计算之KVM虚拟化实战

 

1 基础环境规划

1.1 主机环境规划

系统版本	主机名	IP地址	内存	磁盘
CentOS6.9	kvm-node1	10.0.0.200	2G	20G
CentOS6.9	kvm-node2	10.0.0.201	2G	20G
CentOS6.9	kvm-manager	10.0.0.210	2G	20G
CentOS6.9	nfs01	10.0.0.31	2G	20G

1.2 Linux系统基础优化

#更改主机名

[root@kvm-node1 ~]# hostname

kvm-node1

#查看系统内核版本

[root@kvm-node1 ~]# uname -r

2.6.32-696.el6.x86_64

#查看selinux状态

[root@kvm-node1 ~]# getenforce

Disabled

#查看防火墙iptables状态

[root@kvm-node1 ~]# /etc/init.d/iptables status

iptables: Firewall is not running.

#查看本地hosts解析

[root@kvm-node1 ~]# cat /etc/hosts

10.0.0.200 kvm-node1

10.0.0.201 kvm-node2

10.0.0.210 kvm-manager

10.0.0.31 nfs01

1.3 检查虚拟化支持是否开启

#执行以下命令输出结果中包好vmx则表示已经开启，没有任何输出则表示没有启用

[root@kvm-node1 ~]# grep -E 'vmx|svm' /proc/cpuinfo

flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc up arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ida arat xsaveopt pln pts dtherm hwp hwp_noitfy hwp_act_window hwp_epp tpr_shadow vnmi ept vpid fsgsbase bmi1 avx2 smep bmi2 invpcid rdseed adx

#VMware Workstation虚拟机开启虚拟化支持方法如下：

1.4 安装KVM虚拟化软件

#KVM虚拟化组件说明

Ø qemu虚拟化软件，可以虚拟不同的IO设备，如网卡、声卡、显卡等

Ø libvirt 用于管理kvm虚拟机的工具

Ø virt-install 命令行安装虚拟机工具

Ø virt-manager 图形化管理虚拟机工具

Ø openssh-askpass 远程连接kvm主机

#KVM软件安装命令

[root@kvm-node1 ~]# yum install qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install openssh-askpass -y

# kvm是linux内核的一个模块，验证KVM模块是否加载到linux内核

[root@kvm-node1 ~]# lsmod | grep kvm

kvm_intel 55432 0

kvm 346318 1 kvm_intel

1.5 启动libvirtd服务并添加开机自启动

[root@kvm-node1 ~]# /etc/init.d/libvirtd start

Starting libvirtd daemon:

[root@kvm-node1 ~]# /etc/init.d/libvirtd status

libvirtd (pid 1649) is running…

[root@kvm-node1 ~]# chkconfig –list libvirtd

libvirtd 0:off 1:off 2:off 3:on 4:on 5:on 6:off

1.6 开启ipv4路由转发（NAT模式必选，网桥模式略过）

#修改/etc/sysctl.conf配置文件net.ipv4.ip_forward = 1

[root@kvm-node1 ~]# sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf

#更改linux内核使其立即生效

[root@kvm-node1 ~]# sysctl -p /etc/sysctl.conf

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

1.7 配置网络（网桥模式生产环境）

# 修改网卡配置文件NM_CONTROLLED=no，使其不受NetworkManager控制

[root@kvm-node1 ~]# sed -i 's#NM_CONTROLLED=yes#NM_CONTROLLED=no#g' /etc/sysconfig/network-scripts/ifcfg-eth0

[root@kvm-node1 ~]# sed -i 's#NM_CONTROLLED=yes#NM_CONTROLLED=no#g' /etc/sysconfig/network-scripts/ifcfg-eth1

#创建br0网桥配置文件，并设置网卡eth0桥接到网桥br0上

[root@kvm-node1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=no

BRIDGE=br0

[root@kvm-node1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0

TYPE=Bridge

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=static

IPADDR=10.0.0.200

NETMASK=255.255.255.0

GATEWAY=10.0.0.1

DNS1=114.114.114.114

DNS2=223.5.5.5

[root@kvm-node1 ~]# /etc/init.d/network restart

1.8 查看网桥br0配置完成后的网络信息

[root@kvm-node1 ~]# ifconfig

br0 Link encap:Ethernet HWaddr 00:0C:29:E2:34:26

inet addr:10.0.0.200 Bcast:10.0.0.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fee2:3426/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:224 errors:0 dropped:0 overruns:0 frame:0

TX packets:143 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:17610 (17.1 KiB) TX bytes:27692 (27.0 KiB)

eth0 Link encap:Ethernet HWaddr 00:0C:29:E2:34:26

inet6 addr: fe80::20c:29ff:fee2:3426/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:31570 errors:0 dropped:0 overruns:0 frame:0

TX packets:18074 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:40885315 (38.9 MiB) TX bytes:1455107 (1.3 MiB)

eth1 Link encap:Ethernet HWaddr 00:0C:29:E2:34:30

inet addr:172.16.1.200 Bcast:172.16.1.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fee2:3430/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3 errors:0 dropped:0 overruns:0 frame:0

TX packets:48 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:180 (180.0 b) TX bytes:3312 (3.2 KiB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

virbr0 Link encap:Ethernet HWaddr 52:54:00:80:89:7B

inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

1.9 显示当前系统网桥信息

[root@kvm-node1 ~]# brctl show

bridge name bridge id STP enabled interfaces

br0 8000.000c29e23426 no eth0

virbr0 8000.52540080897b yes virbr0-nic

2 NFS存储挂载

2.1 安装NFS、rpcbind服务

[root@kvm-node1 ~]# rpm -qa nfs-utils rpcbind

rpcbind-0.2.0-16.el6.x86_64

nfs-utils-1.2.3-78.el6.x86_64

[root@kvm-node1 ~]# yum install nfs-utils rpcbind -y

2.2 启动rpcbind服务并添加开机自启动

[root@kvm-node1 ~]# /etc/init.d/rpcbind start

Starting rpcbind: [ OK ]

[root@kvm-node1 ~]# chkconfig rpcbind on

2.3 打印rpc信息

[root@kvm-node1 ~]# rpcinfo -p localhost

program vers proto port service

100000 4 tcp 111 portmapper

100000 3 tcp 111 portmapper

100000 2 tcp 111 portmapper

100000 4 udp 111 portmapper

100000 3 udp 111 portmapper

100000 2 udp 111 portmapper

2.4 挂载NFS共享目录

#显示NFS服务器上的挂载信息

[root@kvm-node1 ~]# showmount -e 10.0.0.31

Export list for 10.0.0.31:

/mirror 10.0.0.0/24

/images 10.0.0.0/24

#创建相应的挂载目录

[root@kvm-node1 ~]# mkdir /mirror

[root@kvm-node1 ~]# mkdir /images

#执行挂载命令

[root@kvm-node1 ~]# mount -t nfs 10.0.0.31:/mirror /mirror/

[root@kvm-node1 ~]# mount -t nfs 10.0.0.31:/images /images/

#显示当前系统挂载信息

[root@kvm-node1 ~]# df -h | grep -E "mirror|images"

10.0.0.31:/mirror 18G 7.1G 9.2G 44% /mirror

10.0.0.31:/images 18G 7.1G 9.2G 44% /images

#设置nfs网络文件系统开机自动挂载

[root@kvm-node1 ~]# echo "#share system mirror by wolf_dreams at 2018-8-01" >> /etc/rc.d/rc.local

[root@kvm-node1 ~]# echo "mount -t nfs 10.0.0.31:/mirror /mirror/" >> /etc/rc.d/rc.local

[root@kvm-node1 ~]# echo "mount -t nfs 10.0.0.31:/images /images/" >> /etc/rc.d/rc.local

#验证/etc/rc.d/rc.local文件中nfs挂载是否写入成功

[root@kvm-node1 ~]# tail -2 /etc/rc.d/rc.local

mount -t nfs 10.0.0.31:/mirror /mirror/

mount -t nfs 10.0.0.31:/images /images/

3 创建kvm虚拟机

3.1 创建虚拟机磁盘

#kvm虚拟机的磁盘格式支持两种raw(固定大小)、qcow2（精简模式）

[root@kvm-node1 ~]# qemu-img create -f qcow2 /images/VM-Centos.img 5G

Formatting '/images/VM-Centos.img', fmt=qcow2 size=5368709120 encryption=off cluster_size=65536

3.2 创建虚拟机实例

#参数说明

–virt-type:指定虚拟机类型(kvm、qemu、xen)

–os-type:指定虚拟机操作系统类型(linux、windows)

–name:指定虚拟机名称

–raw:指定虚拟机使用内存大小

–cpu:指定cpu的核数(默认为1)

–cdrom:指定虚拟机安装的ISO镜像

–disk:指定虚拟机数据存储磁盘格式(raw、qcow2)、存放位置、大小、磁盘接口类型等

–network:指定虚拟机网络类型, 默认nat,生产环境常用bridge

–graphics:指定虚拟机可连接方式, 比如VNC、监听IP、VNC连接端口等

–noautoconsole:不连接虚拟机图形界面控制台

#操作命令

[root@kvm-node1 ~]# virt-install –name VM-Centos –os-type=linux –virt-type kvm –ram 1024 –cdrom=/mirror/CentOS-6.9-x86_64-bin-DVD1.iso –disk path=/images/VM-Centos.img,format=qcow2,size=5,bus=scsi –network bridge=br0 –graphics vnc,listen=0.0.0.0,port=5901 –noautoconsole

Starting install…

Creating domain… | 0 B 00:00

Domain installation still in progress. You can reconnect to

the console to complete the installation process.

#特别提示

使用–disk参数时,一定要指定磁盘的格式、接口类型、大小，如果不明确制定安装操作系统的时候识别的磁盘空间为0，不能安装操作系统；安装Centos6.9最小内存要设置为1G，要不安装操作系统的时候会进入文本模式而不是图形安装模式

3.3 使用vnc客户端连接KVM虚拟机,进行操作系统安装

#vnc客户端连接kvm虚拟机出现报错如下（原因可能是数据溢出导致）：

#解决办法（调试图形质量为Low或者High模式多试几次即可解决）：

3.4 开始安装Centos操作系统

#省略余下的安装过程，新入门的linux人员自行百度相关安装步骤

3.5 SecureCRT使用virt-manager管理虚拟机

3.5.1 安装X11相关软件

[root@kvm-node1 ~]# yum install -y xorg-x11-font-utils.x86_64

xorg-x11-server-utils.x86_64 xorg-x11-utils.x86_64 xorg-x11-xauth.x86_64 xorg-x11-xinit.x86_64

3.5.2 查询X11相关软件包

[root@kvm-node1 ~]# rpm -qa | grep xorg-x11

xorg-x11-xauth-1.0.9-1.el6.x86_64

xorg-x11-server-utils-7.7-14.el6.x86_64

xorg-x11-xinit-1.0.9-14.el6.x86_64

xorg-x11-font-utils-7.2-11.el6.x86_64

xorg-x11-utils-7.5-14.el6.x86_64

3.5.3 SSH服务端开启SSH隧道转发X11

#修改/etc/ssh/sshd_config配置文件X11Forwarding no为X11Forwarding yes

[root@kvm-node1 ~]# sed -i 's#X11Forwarding no#X11Forwarding yes#g' /etc/ssh/sshd_config

[root@kvm-node1 ~]# grep "X11Forwarding*" /etc/ssh/sshd_config

#X11Forwarding no

X11Forwarding yes

# X11Forwarding no

#重启SSH服务

[root@kvm-node1 ~]# /etc/init.d/sshd restart

Stopping sshd: [ OK ]

Starting sshd: [ OK ]

3.5.4 在客户端机器上安装Xming

Xming下载地址：https://sourceforge.net/projects/xming/

Xming安装方法：windows系统上双击安装即可

3.5.5 设置SecureCRT转发

#在SSH服务端上验证转发设置是否成功

[root@kvm-node1 ~]# echo $DISPLAY

localhost:12.0

3.5.6 在SSH服务端运行virt-manager命令

#virt-manager出现乱码现象

#解决virt-manager乱码方法

[root@kvm-node1 ~]# yum list dejavu-lgc-sans-fonts -y

#再次运行virt-manager

#至此我们可以使用在不安装图形化界面也能使用图形化管理kvm虚拟机了

4 KVM管理工具之Webvirtmgr实战

4.1 基础环境介绍

#系统基本设置

[root@kvm-manager ~]# cat /etc/redhat-release

CentOS release 6.9 (Final)

[root@kvm-manager ~]# uname -r

2.6.32-696.el6.x86_64

[root@kvm-manager ~]# hostname

kvm-manager

[root@kvm-manager ~]# getenforce

Disabled

[root@kvm-manager ~]# /etc/init.d/iptables status

iptables: Firewall is not running.

[root@kvm-manager ~]# for i in `echo -e "0\n1"`;do echo -n eth$i:;ifconfig eth$i | awk -F '[ :]+' 'NR==2{print $4}';done

eth0:10.0.0.210

eth1:172.16.1.210

#开启yum源包缓存

[root@kvm-manager ~]# vi /etc/yum.conf

[main]

cachedir=/var/cache/yum/$basearch/$releasever

keepcache=1

debuglevel=2

logfile=/var/log/yum.log

4.2 安装webvirtmgr软件包

[root@kvm-manager ~]# yum -y install http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

[root@kvm-manager ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx

4.3 安装python需求并设置Django环境

[root@kvm-manager ~]# git clone git://github.com/retspen/webvirtmgr.git

Initialized empty Git repository in /root/webvirtmgr/.git/

remote: Counting objects: 5730, done.

remote: Compressing objects: 100% (6/6), done.

remote: Total 5730 (delta 1), reused 0 (delta 0), pack-reused 5724

Receiving objects: 100% (5730/5730), 3.01 MiB | 131 KiB/s, done.

Resolving deltas: 100% (3686/3686), done.

[root@kvm-manager ~]cd webvirtmgr

[root@kvm-manager webvirtmgr]# pip install -r requirements.txt

[root@kvm-manager webvirtmgr]# ./manage.py syncdb

WARNING:root:No local_settings file found.

Creating tables …

Creating table auth_permission

Creating table auth_group_permissions

Creating table auth_group

Creating table auth_user_groups

Creating table auth_user_user_permissions

Creating table auth_user

Creating table django_content_type

Creating table django_session

Creating table django_site

Creating table servers_compute

Creating table instance_instance

Creating table create_flavor

#输入用户信息：

You just installed Django's auth system, which means you don't have any superusers defined.

Would you like to create one now? (yes/no): yes

Username (leave blank to use 'root'): root #输入用户名

Email address: gh1578@qq.com #输入自己的邮箱账户

Password: #输入你的用户登录密码

Password (again): #再次确认登录密码

Superuser created successfully.

Installing custom SQL …

Installing indexes …

Installed 6 object(s) from 1 fixture(s)

[root@kvm-manager webvirtmgr]# ./manage.py collectstatic

#创建额外的超级用户

[root@kvm-manager webvirtmgr]# ./manage.py createsuperuser

WARNING:root:No local_settings file found.

Username: admin #输入超级用户名

Email address: gh1578@qq.com #输入你的邮箱

Password: #输入超级用户的登录密码

Password (again): #再次确认密码

Superuser created successfully.

#修改额外超级用户密码

[root@kvm-manager webvirtmgr]# ./manage.py changepassword admin

WARNING:root:No local_settings file found.

Changing password for user 'admin'

Password:

Password (again):

Password changed successfully for user 'admin'

4.4 配置nginx

[root@kvm-manager webvirtmgr]# cd ..

[root@kvm-manager ~]# mkdir -pv /var/www

mkdir: created directory `/var/www'

[root@kvm-manager ~]# mv webvirtmgr/ /var/www/

#添加文件webvirtmgr.conf中/etc/nginx/conf.d目录中

[root@kvm-manager ~]# cd /etc/nginx/conf.d/

[root@kvm-manager conf.d]# vim webvirtmgr.conf

server {

listen 80 default_server;

server_name $hostname;

#access_log /var/log/nginx/webvirtmgr_access_log;

location /static/ {

root /var/www/webvirtmgr/webvirtmgr;

expires max;

}

location / {

proxy_pass http://127.0.0.1:8000;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;

proxy_set_header Host $host:$server_port;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_connect_timeout 600;

proxy_read_timeout 600;

proxy_send_timeout 600;

client_max_body_size 1024M; # Set higher depending on your needs

}

}

#启动nginx服务报错如下：

[root@kvm-manager nginx]# /etc/init.d/nginx start

Starting nginx: nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/conf.d/webvirtmgr.conf:2

[FAILED]

#报错原因：在/etc/nginx/conf.d/目录存在nginx服务默认的配置文件，从而引起冲突，导致nginx服务启动失败

[root@kvm-manager conf.d]# ls -ld default.conf.bak

-rw-r–r– 1 root root 451 Oct 31 2016 default.conf

#解决办法：

[root@kvm-manager conf.d]# mv default.conf{,.bak}

[root@kvm-manager conf.d]# ls -ld default.conf*

-rw-r–r– 1 root root 451 Oct 31 2016 default.conf.bak

#启动nginx服务并设置开机自启动

[root@kvm-manager ~]# /etc/init.d/nginx status

nginx is stopped

[root@kvm-manager ~]# /etc/init.d/nginx start

Starting nginx: [ OK ]

[root@kvm-manager ~]# chkconfig nginx on

#查看nginx端口是否正常开通

[root@kvm-manager ~]# lsof -i :80

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

nginx 25044 root 6u IPv4 63052 0t0 TCP *:http (LISTEN)

nginx 25046 nginx 6u IPv4 63052 0t0 TCP *:http (LISTEN)

#设置/var/www/webvirtmgr目录属主与属组权限为nginx

[root@kvm-manager ~]# chown -R nginx:nginx /var/www/webvirtmgr/

[root@kvm-manager ~]# ls -ld /var/www/webvirtmgr/

drwxr-xr-x 21 nginx nginx 4096 Aug 4 16:39 /var/www/webvirtmgr/

4.5 配置Supervisor

#编辑/etc/supervisord.conf配置文件，在该文件尾部添加以下内容

[root@kvm-manager ~]# vim /etc/supervisord.conf

[program:webvirtmgr]

command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py

directory=/var/www/webvirtmgr

autostart=true

autorestart=true

logfile=/var/log/supervisor/webvirtmgr.log

log_stderr=true

user=nginx

[program:webvirtmgr-console]

command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console

directory=/var/www/webvirtmgr

autostart=true

autorestart=true

stdout_logfile=/var/log/superviso

4.6 启动supervisord服务并设置开机自启动

[root@kvm-manager ~]# /etc/init.d/supervisord status

supervisord is stopped

[root@kvm-manager ~]# /etc/init.d/supervisord start

Starting supervisord: [ OK ]

[root@kvm-manager ~]# chkconfig supervisord on

#查看supervisord服务是否正常运行

[root@kvm-manager ~]# ps -ef | grep supervisord | grep -v grep

root 25421 1 0 19:01 ? 00:00:03 /usr/bin/python /usr/bin/supervisord

4.7 调试webvirtmgr方法

[root@kvm-manager ~]# cd /var/www/webvirtmgr/

[root@kvm-manager webvirtmgr]# ./manage.py runserver

WARNING:root:No local_settings file found.

WARNING:root:No local_settings file found.

Validating models…

0 errors found

August 04, 2018 – 16:47:44

Django version 1.5.5, using settings 'webvirtmgr.settings'

Development server is running at http://127.0.0.1:8000/

Quit the server with CONTROL-C.

Error: That port is already in use.

4.8 打开webvirtmgr web登录页面

1、在浏览器中输入http://10.0.0.210/login/

2、在浏览器中输入http://192.168.1.8:8000/login/

#修改/var/www/webvirtmgr/conf/gunicorn.conf.py配置文件中bind = '127.0.0.1:8000'为

bind = '0.0.0.0:8000'即可

[root@kvm-manager ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py

#bind = '127.0.0.1:8000'

bind = '0.0.0.0:8000'

#重启supervisord服务

[root@kvm-manager ~]# /etc/init.d/supervisord restart

Stopping supervisord: [ OK ]

Starting supervisord: [ OK ]

4.9 添加KVM主机（TCP连接方式）

4.9.1 在webvirtmgr服务端主机上验证KVM主机信息

[root@kvm-manager ~]# virsh -c qemu+tcp://10.0.0.200/system nodeinfo

CPU model: x86_64

CPU(s): 1

CPU frequency: 2501 MHz

CPU socket(s): 1

Core(s) per socket: 1

Thread(s) per core: 1

NUMA cell(s): 1

Memory size: 1004112 KiB

4.9.2 在webvirtmgr服务端上验证KVM主机报错解决方法

#出现报错如下

[root@kvm-manager ~]# virsh -c qemu+tcp://10.0.0.200/system nodeinfo

error: unable to connect to server at '10.0.0.200:16509': No route to host

error: failed to connect to the hypervisor

#问题原因及解决办法

1、KVM宿主机防火墙阻挡16509端口

方法一（关闭防火墙）：

/etc/init.d/iptables stop

chkconfig iptables off

方法二（添加防火墙放行16509端口规则）：

iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 16509 -j ACCEPT

/etc/init.d/iptables save

2、KVM宿主机tcp监听端口没有启用

#去掉/etc/sysconfig/libvirtd文件中以下内容的注释，使libvirtd服务处于监听状态

[root@kvm-node1 ~]# vim /etc/sysconfig/libvirtd

LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf

LIBVIRTD_ARGS="–listen"

#修改/etc/libvirt/libvirtd.conf文件中以下内容的注释，使libvirtd服务允许tcp方式通讯

[root@kvm-node1 ~]# vim /etc/libvirt/libvirtd.conf

listen_tls = 0 #取消CA认证

listen_tcp = 1 #允许tcp监听

tcp_port = "16509" #开放tcp端口

listen_addr = "0.0.0.0" #修改监听地址为0.0.0.0

auth_tcp = "none" #修改tcp认证为none；如果auth_tcp = "sasl"则tcp方法连接采用sasl方式认证

#重启libvirtd服务

[root@kvm-node1 ~]# /etc/init.d/libvirtd restart

Stopping libvirtd daemon: [ OK ]

Starting libvirtd daemon: [ OK ]

#查看libvirtd服务运行进程状态

[root@kvm-node1 ~]# ps aux | grep libvirtd | grep -v grep

root 17418 0.0 0.7 494124 7036 ? Sl 22:53 0:00 libvirtd –daemon –config /etc/libvirt/libvirtd.conf –listen

#查看libvirtd服务运行相应端口

[root@kvm-node1 ~]# netstat -lntp | grep 16509

tcp 0 0 0.0.0.0:16509 0.0.0.0:* LISTEN 17418/libvirtd

#再次在webvirtmgr主机上执行验证KVM宿主机命令，正常打印KVM宿主机基本硬件信息

[root@kvm-manager ~]# virsh -c qemu+tcp://10.0.0.200/system nodeinfo

4.9.3 基于TCP认证采用sasl加密添加特定用户

提示说明：如果auth_tcp = "sasl"则tcp方式连接则采用sasl方式认证，所以要执行以

下saslpasswd2的命令来创建账户，如果为auth_tcp = "none"则可以直接使用kvm宿主机本地的账户以tcp方式添加到webvirtmgr进行管理

#使用saslpasswd2命令添加账户

[root@kvm-node1 ~]# saslpasswd2 -a libvirt gandalf #在KVM宿主机上创建用户gandalf

Password: #输入gandalf密码

Again (for verification): #再次确认gandalf密码

#使用sasldblistusers2命令查看创建的账户

[root@kvm-node1 ~]# sasldblistusers2 -f /etc/libvirt/passwd.db

gandalf@kvm-node1: userPassword

#使用saslpasswd2命令带-d参数禁用用户访问权限

[root@kvm-node1 ~]# saslpasswd2 -a libvirt -d Gandalf

#在webvirtmgr服务端主机上进行验证测试

[root@kvm-manager ~]# virsh -c qemu+tcp://10.0.0.200/system nodeinfo

Please enter your authentication name: gandalf

Please enter your password:

CPU model: x86_64

CPU(s): 1

CPU frequency: 2501 MHz

CPU socket(s): 1

Core(s) per socket: 1

Thread(s) per core: 1

NUMA cell(s): 1

Memory size: 1004112 KiB

4.9.4 在webvirtmgr web页面添加KVM主机

4.9.4.1 TCP连接方式添加

4.9.4.2 添加KVM主机完成

4.9.4.3 管理KVM主机所有信息

5 KVM虚拟化故障案例

5.1 案例一：virsh shutdown VM-name无法关闭虚拟机

问题描述：

通过kvm虚拟化安装虚拟机，通过virsh shutdown VM-name命令关闭虚拟机，命令已经执行成功，但是通过virsh list –all 查看虚拟机状态仍然处于running，只能通过virsh destroy命令强制关闭

解决办法：

在虚拟机上执行以下命令：

yum install acpid -y

/etc/init.d/acpid start

chkconfig acpid on

验证效果：

再次执行virsh shutdown VM-name命令成功关闭虚拟机

5.2 案例二：KVM虚拟机在使用vnc连接时鼠标不同步

解决办法：

virsh edit VM-name

<input type='mouse' bus='ps2'/> 改成  <input type=’tablet’ bus=’usb’/>

（该句位于<devices>配置中）

input元素：input元素含有一个强制的属性，type属性的值可以是mouse或者tablet，前者使用相对运动，后者使用绝对运动。bus属性指定一个明确的设备类型，值可以是：xen、ps2、usb。

转载于:https://www.cnblogs.com/Wolf-Dreams/p/9459909.html