准备工作
首先你需要有一台CentOS的机器,作为制作镜像的机器。比如自己的虚拟机。我的环境是用一台R410上面装CentOS6.5的系统来做的。
注意事项
注意:kvm安装的虚拟机,不确定是那一台,在后台就是一个进程,每增加一台端口号+1,第一次创建的为5900!
安装基础工具包
[root@node1 ~]#yum -y install wget vim lsof 关闭防火墙和selinux
[root@node1 ~]#/etc/init.d/iptables stop
[root@node1 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
[root@node1 ~]#setenforce 0
[root@node1 ~]# grep SELINUX=disabled /etc/selinux/config
SELINUX=disabled
安装底层支持包
[root@node1 ~]#yum install libvirt libguestfs-tools qemu-kvm qemu-img
[root@node1 ~]#yum groupinstall Virtualization "Virtualization Client" -y
[root@node1 ~]#yum install tigervnc tigervnc-server tigervnc-server-module下载或从本地上传进去一个完整的系统镜像
[root@node1 ~]#cd /opt/
[root@node1 ~]#wget http://ftp.sjtu.edu.cn/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1708.iso (可自行从网上下载)启动服务
[root@node1 ~]#yum install avahi
修改配置文件:
[root@node1 ~]#/etc/libvirt/qemu.conf(199行)
打开user=“root”和group=“root”的注释
[root@node1 ~]#/etc/init.d/libvirtd start桥接网络
(目标为了能让新建出来的虚拟机能够和宿主机在同一网段通过xshell连上)
KVM修改NAT模式为桥接[案例]
在开始案例之前,需要知道的必要信息,宿主机IP是192.168.1.249,操作系统版本Centos-6.5-x86_64。
启动虚拟网卡
[root@node1 ~]#ifup eth0
这里网卡是NAT模式,可以上网,ping通其他机器,但是其他机器无法登陆!
宿主机查看网卡信息
[root@node1 ~]#brctl show
[root@node1 ~]#ifconfig virbr0
[root@node1 ~]#ifconfig vnet0
实现网桥,在kvm宿主机完成
步骤1,创建一个网桥,新建网桥连接到eth0,删除eth0,让新的网桥拥有eth0的ip
[root@node1 ~]#brctl addbr br0 #创建一个网桥
[root@node1 ~]#brctl show #显示网桥信息
[root@node1 ~]#brctl addif br0 eth0 && ip addr del dev eth0 192.168.1.249/24 && ifconfig br0 192.168.1.249/24 up
[root@node1 ~]#brctl show #查看结果
[root@node1 ~]#ifconfig br0 #验证br0是否成功取代了eth0的IP制作镜像
建立镜像文件
[root@node1 ~]#qemu-img create -f qcow2 CentOS-7.2-redoop.qcow2 80G通过virt-install来创建一个新的虚拟机
#非桥接网卡
[root@node1 ~]# virt-install \
--virt-type qemu \
--name centos \
--ram 10240 \ (内存,可自行配置)
--disk CentOS-7.2-redoop.qcow2,format=qcow2 \
--network network=default \
--graphics vnc,listen=0.0.0.0 --noautoconsole \
--os-type=linux --os-variant=rhel7 \
--location=/opt/CentOS-7-x86_64-DVD-1708.iso
#桥接网卡
[root@node1 ~]# virt-install \
--virt-type qemu \
--name centos \
--ram 10240\ (内存,可自行配置)
--disk CentOS-7.2-redoop.qcow2,format=qcow2 \
--network bridge=br0 \ (此处=后面是要桥接网卡的名字)
--graphics vnc,listen=0.0.0.0 --noautoconsole \
--os-type=linux --os-variant=rhel7 \
--location=/opt/CentOS-7-x86_64-DVD-1708.iso
#检测5900端口
[root@node1 ~]#lsof -i :5900
[root@node1 ~]#virsh list --all (查看所有创建虚拟机)
[root@node1 ~]#virsh start name (启动虚拟机)
```
### 用VNC连接创建出来的虚拟机
> 我用到的是windows版VNC以下是下载地址
> http://www.tightvnc.com
### 安装操作系统操作系统的安装和正常的安装几乎一样,你需要什么样的包,就安装什么样的包,有两点需要注意的:
注意一:分区,分区的时候只给”/” 根目录分一个区即可,其他都不要。
注意二:网络设置方面,确保你的网卡eth0是DHCP状态的,而且请务必勾上”auto connect”的对勾
> 选择英文语言,下一步
> #选择时区:亚洲上海
> 选择最小化安装包组
> 自定义磁盘分区
> 不使用LVM,单机 "+" 添加分区
> 只分配一个 “/” 分区,不创建 swap分区,本身就是虚拟机,更影响性能。
> 创建完,单机左上角“done”
> #开始安装系统
> 给root用户创建密码
## 通过xshell连接虚拟机并优化 [root@localhost ~]# yum install -y net-tools wget git vim lsof tcpdump
### 修改网卡信息(只保留以下内容)
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
3 TYPE=Ethernet
4 BOOTPROTO=dhcp
5 NAME=eth0
6 DEVICE=eth0
7 ONBOOT=yes
### 修改yum源 [root@localhost mple ~]# rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
### 关闭Networkemanager和防火墙1 [root@localhost ~]# systemctl disable firewalld
2 [root@localhost ~]# systemctl stop firewalld
3 [root@localhost ~]# systemctl stop NetworkManager
### 关闭selinux(两种方式,自行选择)1.
修改selinux配置文件
[root@localhosmple ~]# vim /etc/sysconfig/selinux
SELINUX=enforcing 改为 SELINUX=disabled
重启后,检查结果如下
[root@localhost ~]# getsebool
getsebool: SELinux is disabled
2.
[root@localhost ~]# sed –i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config
### 配置
> 删除已生成的网络设备规则(最后再删除,这样可以继续上网)[root@localhost ~]#rm -rf /etc/udev/rules.d/70-persistent-net.rules
```
增加一行到/etc/sysconfig/network
NOZEROCONF=yes(必须的修改分区加载表(/etc/fstab),注释或删除以前的,加上 UUID=cec-rootfs 一行:
[root@localhost ~]# vim /etc/fstab
#UUID=47a90bea-2d88-4c82-a335-09c1533b1538 / ext4 defaults 1 1
UUID=cec-rootfs / ext4 defaults 0 0
#其余的不用变ssh免密登录配置
vi /etc/ssh/sshd_config
...
RSAAuthentication yes
PubkeyAuthentication yes
PermitRootLogin without-password
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
(可选)设置系统能自动获取openstack指定的hostname和ssh-key
使用vim编辑/etc/rc.local文件
然后将以下内容输入进去,放在"touch /var/lock/subsys/local"之前
if [ ! -d /root/.ssh ]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Fetch public key using HTTP
ATTEMPTS=30
FAILED=0
while [ ! -f /root/.ssh/authorized_keys ]; do
curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/metadata-key 2>/dev/null
if [ $? -eq 0 ]; then
cat /tmp/metadata-key >> /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
restorecon /root/.ssh/authorized_keys
rm -f /tmp/metadata-key
echo "Successfully retrieved public key from instance metadata"
echo "*****************"
echo "AUTHORIZED KEYS"
echo "*****************"
cat /root/.ssh/authorized_keys
echo "*****************"
curl -f http://169.254.169.254/latest/meta-data/hostname > /tmp/metadata-hostname 2>/dev/null
if [ $? -eq 0 ]; then
TEMP_HOST=`cat /tmp/metadata-hostname`
sed -i "s/^HOSTNAME=.*$/HOSTNAME=$TEMP_HOST/g" /etc/sysconfig/network
/bin/hostname $TEMP_HOST
echo "Successfully retrieved hostname from instance metadata"
echo "*****************"
echo "HOSTNAME CONFIG"
echo "*****************"
cat /etc/sysconfig/network
echo "*****************"
else
echo "Failed to retrieve hostname from instance metadata. This is a soft error so we'll continue"
fi
rm -f /tmp/metadata-hostname
else
FAILED=$(($FAILED + 1))
if [ $FAILED -ge $ATTEMPTS ]; then
echo "Failed to retrieve public key from instance metadata after $FAILED attempts, quitting"
break
fi
echo "Could not retrieve public key from instance metadata (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds..."
sleep 5
fi
done 关机
[root@localhost ~]# poweroff
以下操作去宿主机上
清除网络相关硬件生成信息
[root@node1 ~]#virt-sysprep -d centos
压缩镜像
[root@node1 ~]#virt-sparsify --compress CentOS-7.2-redoop.qcow2 centos-7.2cloud.qcow2镜像制作到此结束
更多精彩文章,详见红象云腾社区