与计算最初是一种按流量付费的模式,这种模式提供可用的、便捷的、按需的网络访问,进入可配置的计算机资源共享池(资源包括网络、服务器、存储、应用程序、服务),这些资源能够快速提供只需投入的管理工作或者与服务商进行很少的交换
1.云集孙是一种概念指的是资源的使用金额交付模式
2.云计算的优势弹性付费、按需付费、快速扩展
3.云计算不用关系底层基础设施架构
1.IDC托管 2.IDC租用 3.虚拟主机(卖空间)4.VPS虚拟专用主机openvz
传统数据中心面临的问题和缺点
1.资源利用率低 2.资源分配不合理 3.初始成本高(小型企业承受不起)
虚拟化指将一套硬件虚拟为多台逻辑计算机,每个逻辑计算机可运行不同的操作系统,并且虚拟机不会相互影响。例如:我们生活中买了一台服务器进行虚拟为多台主机,没有虚拟化的时候一套硬件服务器仅运行一个服务,这会造成大量资源浪费,使用虚拟化则实现分配运行多个服务,充分的利用了资源
全虚拟化:
Hypervisor直接安装在物理机上,多个虚拟机在Hypervisor上运行.Hypervisor实现方式一般是一个特殊定制的Linux系统.Xen和VMWare的ESXi都属于这个类型
半虚拟化:
物理机上首先安装常规的操作系统,比如红帽,Ubuntu的和Windows.Hypervisor作为OS上的一个程序模块运行,并对管理虚拟机进行管理.KVM,VirtualBox的和VMware工作站都属于这个类型
两种虚拟化对比
全虚拟化一般对硬件虚拟化功能进行了特别优化,性能上比半虚拟化要高;
半虚拟化因为基于普通的操作系统,会比较灵活,比如支持虚拟机嵌套嵌套。意味着可以在KVM虚拟机中再运行KVM。
企业初创或者增添服务器设备,我们需要把服务器进行虚拟化管理然后在上面部署配置服务我给大家举个例子例如我们现在购买了一台服务器,我们不可能就在上面部署一种服务,要最大化的分配资源达到资源价值最大化,
举例我们买了一台DELL的R730服务器打算把它虚拟化为多台主机
冷迁移实现方法有多种,例如有快照来迁移实例、实例文件迁移。以文件迁移为例,完成冷迁移。
2.1虚拟机文件冷迁移步骤:
1、关闭虚拟机
2、找到虚拟机位于/var/lib/nova/instances下文件
3、将虚拟机的文件全部copy到目标主机的相同位置下
4、修改用户组
5、更新数据库中host,node字段为目标主机的名字
6、重启目标主机的nova-compute服务
冷迁移(cold migration),也叫静态迁移。关闭电源的虚拟机进行迁移。通过冷迁移,可以选择将关联的磁盘从一个数据存储移动到另一个数据存储。
好处:虚拟机不需要位于共享存储器上,数据丢失率小。
缺点:需要关闭电源,业务中断。
热迁移是在不停机的情况下完成迁移,步骤比起冷迁移要复杂。
3.1热迁移步骤:
1、迁移前的条件检查
2、迁移前的预处理
3、迁移过程
4、迁移后的处理
热迁移(Live Migration),又叫动态迁移、实时迁移,即虚拟机保存/恢复,通常是将整个虚拟机的运行状态完整保存下来,同时可以快速的恢复到原有硬件平台甚至是不同硬件平台上。恢复以后,虚拟机仍旧平滑运行,用户不会察觉到任何差异。
好处:软件和硬件系统的维护升级,不会影响用户的关键服务,提高了服务的高可用性和 用户的满意度。
缺点:过程不可中断,操作复杂。
场景 1:物理机器硬件系统的维护,故障修复和升级(upgrade),但运行在这台物理机器上的虚拟机不能关机,因为用户重要的服务跑在上面。
场景 2:物理机器软件系统升级,打补丁(patch),为了不影响上面跑的虚拟机,在升级和打补丁之前,需要把虚拟机迁移到别的物理机器上。
场景 3:一个物理机器上的负载太重,需要减少一些虚拟机来释放资源。
场景 4:跨域环境下,有的域里有的物理机上的虚拟机太多,有的域里物理机上虚拟机太少,做一下资源平衡。
虚拟机的迁移,就是数据的转移,如果计算节点之间没有共享存储,所以要转移的数据包括两部分:
1、静态数据:存储在本地的虚拟机的镜像文件,包括后端镜像(libvirt Base)和虚拟机单独的增量镜像文件(libvirt instance disks)。
2、动态数据:内存里虚拟机的运行时数据,内存里的数据是动态变化的数据,虚拟机里运行的负载的大小直接影响迁移的时间长短。
共享存储与非共享存储
虚拟机的数据存在共享磁盘上(Shared storage-based live migration),迁移只需要完成内存数据的迁移。
虚拟机的数据存在本地磁盘(block migration),需要对镜像文件和内存数据同时迁移。
注意:本文使用的系统是ubuntu18.04,OpenStack版本是Pike。其他系统略有出入
关闭防火墙和selinux
[root@kvm ~]# systemctl stop firewalld
[root@kvm ~]# systemctl disable firewalld
[root@kvm ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@kvm ~]# setenforce 0
[root@kvm ~]# reboot
验证CPU是否支持KVM;如果结果中有vmx(Intel)或svm(AMD)字样,就说明CPU的支持的
[root@kvm ~]# egrep -o "vmx|svm" /proc/cpuinfo
vmx
vmx
vmx
vmx
kvm安装
[root@kvm ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
[root@kvm ~]# ip a show ens35
3: ens35: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d3:9a:94 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.69/24 brd 192.168.100.255 scope global ens35
valid_lft forever preferred_lft forever
inet6 fe80::c5c1:1c5e:ad1:ae53/64 scope link
valid_lft forever preferred_lft forever
[root@kvm network-scripts]# cat ifcfg-ens35
TYPE=Ethernet
BOOTPROTO=static
NAME=ens35
DEVICE=ens35
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no
[root@kvm network-scripts]# cat ifcfg-br0
TYPE=Bridge
DEVICE=br0
NM_CONTROLLED=no
BOOTPROTO=static
NAME=br0
ONBOOT=yes
IPADDR=192.168.199.69
NETMASK=255.255.255.0
GATEWAY=192.168.199.1
DNS1=114.114.114.114
DNS2=8.8.8.8
//重启网络
[root@kvm network-scripts]# systemctl restart network
[root@kvm network-scripts]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d3:9a:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.100.33/24 brd 192.168.100.255 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::10d8:3642:d44c:3543/64 scope link
valid_lft forever preferred_lft forever
3: ens35: mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 00:0c:29:d3:9a:94 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fed3:9a94/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:3d:76:f3 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:3d:76:f3 brd ff:ff:ff:ff:ff:ff
9: br0: mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:0c:29:d3:9a:94 brd ff:ff:ff:ff:ff:ff
inet 192.168.199.69/24 brd 192.168.199.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fed3:9a94/64 scope link
valid_lft forever preferred_lft forever
//启动服务
[root@kvm network-scripts]# systemctl start libvirtd
[root@kvm network-scripts]# systemctl enable libvirtd
//验证安装结果
[root@kvm network-scripts]# lsmod|grep kvm
kvm_intel 170086 0
kvm 566340 1 kvm_intel
irqbypass 13503 1 kvm
//测试并验证安装结果
[root@kvm network-scripts]# virsh -c qemu:///system list
Id 名称 状态
----------------------------------------------------
[root@kvm network-scripts]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@kvm network-scripts]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 12月 15 21:11 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
//查看网桥信息
[root@kvm network-scripts]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c29d39a94 no ens35
virbr0 8000.5254003d76f3 yes virbr0-nic
kvm web管理界面安装
安装依赖包
[root@kvm network-scripts]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
//升级pip
[root@kvm yum.repos.d]# pip install --upgrade pip
//从github上下载webvirtmgr代码
[root@kvm yum.repos.d]# cd /usr/local/src/
[root@kvm src]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
接收对象中: 100% (5614/5614), 2.98 MiB | 133.00 KiB/s, done.
处理 delta 中: 100% (3603/3603), done.
//安装webvirtmgr
[root@kvm webvirtmgr]# cd webvirtmgr/
[root@kvm webvirtmgr]# pip install -r requirements.txt
Collecting django==1.5.5 (from -r requirements.txt (line 1))
Downloading https://files.pythonhosted.org/packages/38/49/93511c5d3367b6b21fc2995a0e53399721afc15e4cd6eb57be879ae13ad4/Django-1.5.5.tar.gz (8.1MB)
9% |███ | 757kB 12kB/s eta 0:09:26
//检查sqlite3是否安装
[root@kvm webvirtmgr]# python
Python 2.7.5 (default, Oct 30 2018, 23:45:53)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
//初始化帐号信息
[root@kvm webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes //问你是否创建超级管理员帐号
Username (leave blank to use 'root'): root //指定超级管理员帐号用户名,默认留空为root
Email address: //设置超级管理员邮箱
Password: //设置超级管理员密码
Password (again): //再次输入超级管理员密码
Error: Your passwords didn't match.
Password:
Password (again):
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
\\拷贝web网页至指定目录
[root@kvm webvirtmgr]# mkdir /var/www
[root@kvm webvirtmgr]# cp -r /usr/local/src/webvirtmgr /var/www/
[root@kvm webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr
//生成密钥
[root@kvm ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:SIBNs7C9G8hfqSXPSjgCjN19O7dHaQcikzHWuAwnrX8 root@kvm
The key's randomart image is:
+---[RSA 2048]----+
| .++ . o |
| .+.+o B . |
| . o .B = |
|oo o +.o* . . |
|o.+ = *.So . o |
|. o X ...E + . |
|. o = o o..o . |
| . o . o .. |
| . .. |
+----[SHA256]-----+
[root@kvm ~]# ssh-copy-id 192.168.199.69
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.199.69 (192.168.199.69)' can't be established.
ECDSA key fingerprint is SHA256:Jv8hH7gJNX60Ul1azgTQ1WBmlgdBlyynRjJPZfjnnmA.
ECDSA key fingerprint is MD5:bd:28:0f:12:27:e5:7c:01:f3:3a:ce:20:23:ec:59:c9.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.199.69'"
and check to make sure that only the key(s) you wanted were added.
//配置端口转发
[root@kvm ~]# ssh 192.168.199.69 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
Last login: Sat Dec 15 21:38:19 2018 from 192.168.100.1
[root@kvm ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
//配置nginx
[root@kvm ~]# vim /etc/nginx/nginx.conf
server {
listen 80 ;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
[root@kvm ~]# cat /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
//确保bind绑定的是本机的8000端口
[root@kvm ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
bind = '0.0.0.0:8000'
backlog = 2048
//重启nginx
[root@kvm ~]# systemctl restart nginx
[root@kvm ~]# ss -lnpt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:* users:(("rpcbind",pid=664,fd=4),("systemd",pid=1,fd=49))
LISTEN 0 128 *:80 *:* users:(("nginx",pid=16579,fd=6),("nginx",pid=16578,fd=6),("nginx",pid=16577,fd=6),("nginx",pid=16576,fd=6),("nginx",pid=16575,fd=6))
LISTEN 0 5 192.168.122.1:53 *:* users:(("dnsmasq",pid=1186,fd=6))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=940,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1043,fd=13))
LISTEN 0 128 127.0.0.1:6080 *:* users:(("ssh",pid=13616,fd=7))
LISTEN 0 128 127.0.0.1:8000 *:* users:(("ssh",pid=13616,fd=5))
LISTEN 0 128 :::111 :::* users:(("rpcbind",pid=664,fd=6),("systemd",pid=1,fd=69))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=940,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=1043,fd=14))
LISTEN 0 128 ::1:6080 :::* users:(("ssh",pid=13616,fd=6))
LISTEN 0 128 ::1:8000 :::*
//设置supervisor
[root@kvm ~]# vim /etc/supervisord.conf
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
//启动supervisor并设置开机自启
[root@kvm ~]# systemctl start supervisord
[root@kvm ~]# systemctl enable supervisord
[root@kvm ~]# ss -lnpt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:* users:(("rpcbind",pid=664,fd=4),("systemd",pid=1,fd=63))
LISTEN 0 128 *:80 *:* users:(("nginx",pid=16579,fd=6),("nginx",pid=16578,fd=6),("nginx",pid=16577,fd=6),("nginx",pid=16576,fd=6),("nginx",pid=16575,fd=6))
LISTEN 0 5 192.168.122.1:53 *:* users:(("dnsmasq",pid=1186,fd=6))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=940,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1043,fd=13))
LISTEN 0 128 127.0.0.1:6080 *:* users:(("ssh",pid=13616,fd=7))
LISTEN 0 128 127.0.0.1:8000 *:* users:(("ssh",pid=13616,fd=5))
LISTEN 0 128 :::111 :::* users:(("rpcbind",pid=664,fd=6),("systemd",pid=1,fd=65))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=940,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=1043,fd=14))
LISTEN 0 128 ::1:6080 :::* users:(("ssh",pid=13616,fd=6))
LISTEN 0 128 ::1:8000 :::* users:(("ssh",pid=13616,fd=4))
//配置nginx用户
[root@kvm ~]# cd /home/
[root@kvm home]# mkdir nginx
[root@kvm home]# chown -R nginx.nginx nginx/
[root@kvm home]# chmod -R 700 nginx/
[root@kvm home]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Jgp8nZvN1ZJ8s5Ko+NF0IdoB3wi4FrrZdcFQd6HLJRw nginx@kvm
The key's randomart image is:
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.199.69' (ECDSA) to the list of known hosts.
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@kvm home]# cat /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
bvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@kvm home]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
kvm web界面管理
\这里进入网页后会出现如下报错,修改最大连接数
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files
\\解决
文件底部添加
[root@kvm ~]# tail -2 /etc/security/limits.conf
* soft nofile 655360
* hard nofile 655360
[root@kvm ~]# vim /etc/nginx/nginx.conf
events {
worker_connections 655350;
}
进入存储:
通过远程连接软件上传ISO镜像文件至存储目录的/ var / lib中/ libvirt的/图像/
[root@kvm images]# ls
rhel-server-7.4-x86_64-dvd.iso
kvm网络管理