KVM virtualization platform construction, working mode and principle

Introduction

• The US Environmental Protection EPA report once counted a set of statistics: EPA researched the energy efficiency of servers and data centers and found that in fact, servers are only working 5% of the time, and they have been dormant at other times. In order to improve hardware utilization, virtualization technologies such as KVM are born at the right time;
• KVM has been directly integrated into the Linux kernel since Linux version 2.6.20. It relies on the CPU virtualization instruction set (such as Intel-VT, AMD-V) to achieve high-performance virtualization support.

1. Virtualization technology

1.1 Overview

• Virtualize a computer into multiple logical computers through virtualization technology, and run multiple logical computers on one computer at the same time. At the same time, each logical computer can run different operating systems, and application programs can run in independent spaces. And do not affect each other, thereby improving the efficiency of the computer

虚拟化理解
1、在一个操作系统中(win10)模拟多个操作系统(centos、win10、suse)，同时每个操作系统可以跑不同的服务
(nginx+tomcat)，从而实现一台宿主机搭建一个集群
定位
2、通过软件/应用程序的方式,来实现物理硬件的功能，也就是模拟硬件资源/设备/操作系统。
实际应用：workstation、virtualbox、网吧等

1.2 The embryonic development of virtualization technology

• In 1961, the IBM709 machine implemented a time-sharing system, which divided the CPU usage into multiple extremely short time slices (1/100sec). Each time slice performed different tasks. By polling these time slices, one CPU disguised as multiple CPUs;

• In 1972, IBM officially named the time-sharing system of the system370 machine as a virtual machine;

• In 1990, the system 390 machine introduced by IBM supports logical partitioning (a CPU is divided into multiple parts, independent of each other, that is, logical partitioning);

• Xen: Coming out in 2003, it is an external hypervisor/VMM program (virtual machine management program) that can control the host machine and allocate resources to multiple clients;

• KVM: came out in 2007 and is now built into the kernel;

• Virtualization technologies supported by Xen: full virtualization, para-virtualization;

• Virtualization technology supported by KVM: full virtualization.

1.3 Types of virtualization

• Full virtualization: All physical hardware resources are abstracted through software, and finally called
• Paravirtualization: need to modify the operating system
• Pass-through: use physical hardware resources directly (need support, not perfect)

Methods used in full virtualization:

• Using hypervisor (VMM) software, the principle is to establish an abstraction layer between the underlying hardware and the server, and the core-based virtual machine is an open source product for Linux systems. Hypervisor (VMM) can capture CPU instructions and access hardware control for instructions Devices and peripherals act as intermediaries.

note:

• Software resources are not as high as hardware resources (same function)|

2. KVM architecture and principle

2.1 Introduction to KVM

• The generalized KVM actually consists of two parts: one
  part is the KVM kernel module supported by the LINUX kernel, and the other part is the simplified and modified Qemu.

1、KVM 内核模块模拟处理器和内存以支持虚拟机的运行，Qemu 主要处理 I/O 以及为用户提供一个用户空间工具来进行
虚拟机的管理。 两者相互结合， 相辅相成， 构成了一个完整的虚拟化平台。

2、Libvirt：KVM的管理工具，除了可以管理KVM这类VMM，还可以管理Xen，VirtualBox，甚至OpenStack底层

3、Libvirt包含3个组件：后台daemon程序libvirtd、API库、命令行工具virsh

注意： Qemu 本身并不是 KVM 的一部分， Qemu 是一套完整的虚拟化解决方案， 是纯软件实现虚拟化， 包括处理器
虚拟化、 内存虚拟化以及各种虚拟设备的模拟， 但因为是纯软件模拟出来的， 所以 Qemu 的性能比较低。

2.2 KVM virtualization architecture / three modes

1、客户模式(guestOS)：VM中的OS为GuestOS
客户机在操作系统中运行的模式，客户机分为内核模式和用户模式，作用如下:
2.用户模式：
为用户提供虚拟机管理的用户空间工具以及代表用户执行I/O,Qemu工作在此模式下(Qemu的主要功能)
3.linux内核模式：
模拟CPU、内存，实现客户模式切换，处理从客户模式的推出，KVM即运行在此模式下

2.3 KVM principle

1、Guest:客户机系统，包括CPU(vCPU)、内存、驱动(Console、网卡、I/O设备驱动等)，被KVM置于一种受限制的CPU模式下运行
2、KVM内核模块模拟处理器和内存以支持虚拟机运行
3、Qemu主要处理I/O以及为客户提供一个用户空间/dev/kvm 工具libvirt来进行虚拟机管理ioctl(定义)专用于设备输入输出操作的系统调用
libvirt: KVM管理工具
以上构成一个完整的虚拟化平台

• Simple understanding

1）KVM驱动提供处理器、内存的虚拟化，以及客户机I/O的拦截,guest的I/O被拦截后，交由Qemu处理
2）Qemu利用接口libkvm调用(ioctl）虚拟机设备接口/dev/kvm来分配资源、管理、维护虚拟机

2.3.1 Core functions of KVM virtualization technology (principle)

• QEMU: Working in the user layer, controlling the libkvm tool (tool function, controlling the kvm in the kernel) to call physical virtualized resources;
  the way to call virtualized resources is ioctl to provide virtual machines
• kvm (working at the kernel layer, virtualizing/abstracting physical hardware resources, providing Qemu component calls)

2.3.2 Functions of KVM Core Components

• QEMU:
  Function: Control I/O virtualization, call hardware resources
• KVM:
  Function: Provides the virtualization of CPU and memory (hardware resources) for virtualization

3. The characteristics of virtualization

• Advantage

1、集中化管理 (远程管理、维护)
2、提高硬件利用率 (物理资源利用率低-例如峰值，虚拟化解决了“空闲”容量)
3、动态调整机器/资源配置（虚拟化把系统的应用程序和服务硬件分离、提高了灵活性)
4、高可靠 (可部署额外的功能和方案，可提高透明负载均衡、迁移、恢复复制等应用环境)

• Disadvantage

1、前期高额费用(初期的硬件支持)
2、降低硬件利用率(特定场景-例如极度吃资源的应用不一定适合虚拟化)
3、更大的错误影响面(本地物理机down机会导致虚拟机均不可用，同时可能虚拟机中文件全部损坏)
4、实施配置复杂、管理复杂(管理人员运维、排障困难)
5、一定的限制性(虚拟化技术涉及各种限制，必须与支持/兼容虚拟化的服务器、应用程序及供应商结合使用)
6、安全性（虚拟化技术自身的安全隐患)

4. Build KVM platform

4.1 Project topology diagram

• Virtual machine resources

CPU：双核双线程-CPU虚拟化开启
内存：8G	
硬盘：300G
双网卡：单网卡
操作系统：Centos 7.5

4.2 KVM environment preparation

• First install the centos7 system: create a new virtual machine in the VMware software and install the centos7 system
• Centos7 system optimization: After the centos7 system is installed, you need to check the KVM virtualization function and select the NAT mode for the network card
  
• Related optimized configuration

1、防火墙优化
[root@kvm ~]# systemctl stop firewalld.service
[root@kvm ~]# systemctl disable firewalld.service		'//关闭防火墙，永久关闭'
[root@kvm ~]# vi /etc/selinux/config
...
SELINUX=disabled		'//将enforcing修改为disabled'

2、设置镜像光盘自动挂载
[root@kvm ~]# vi /etc/fstab		'//设置永久挂载'
...
/dev/cdrom                                /mnt                 iso9660    defaults        0 0
[root@kvm ~]# mount -a			'//让挂载生效'

3、优化ssh
[root@kvm ~]# vim /etc/ssh/sshd_config		'//设置DNS反向解析，让客户端连接服务器更快'
...
UseDNS no		'//取消注释，并将yes改成no'

4、yum本地仓库搭建
[root@kvm ~]# cd /etc/yum.repos.d/
[root@kvm yum.repos.d]# mkdir backup
[root@kvm yum.repos.d]# mv C* backup
[root@kvm yum.repos.d]# ls
backup  local.repo
[root@kvm yum.repos.d]# vim yql.repo		'//搭建本地Yum仓库'
//添加以下配置
[yql]
name=test
baseurl=file:///mnt
enabled=1
gpgcheck=0
[root@kvm yum.repos.d]# yum clean all			'//清空yum仓库'
[root@kvm yum.repos.d]# mount /dev/sr0 /mnt		'//因为没有重启，所以需要手动挂载一下光盘镜像'
[root@kvm yum.repos.d]# yum makecache			'//建立缓存，加载yum数据'

4.3 Install KVM

• Install related component packages

[root@kvm ~]# yum groupinstall -y "GNOME Desktop"  
'//安装 GNOME 桌面环境  如果装了图形界面不需要装了'

[root@kvm ~]# yum -y install qemu-kvm 			'//安装KVM 模块'
[root@kvm ~]# yum -y install qemu-kvm-tools   	'// KVM 调试工具,可不安装'
[root@kvm ~]# yum -y install virt-install      	'//构建虚拟机的命令行工具'
[root@kvm ~]# yum -y install qemu-img    		'//Qemu 组件,创建磁盘、 启动虚拟机等'
[root@kvm ~]# yum -y install bridge-utils   	'//网络支持工具'
[root@kvm ~]# yum -y install libvirt  			'//虚拟机管理工具'
[root@kvm ~]# yum -y install virt-manager   	'//图形界面管理虚拟机'
[root@kvm ~]# ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
'//将 系 统 的 默 认 运 行 target 更 改 为graphical.targe。 重启后系统将进入图形化界面。'

[root@kvm ~]# reboot	'//重启'

• Check the virtualization module and enable related services

[root@kvm ~]# cat /proc/cpuinfo | grep vmx     '//查看CPU是否支持虚拟化'
[root@kvm ~]# lsmod | grep kvm   '//查看KVM模块是否安装'
kvm_intel             183621  0 
kvm                   586948  1 kvm_intel
irqbypass              13503  1 kvm
[root@kvm ~]#  systemctl start libvirtd     '//开启libvirtd服务'
[root@kvm ~]#  systemctl enable libvirtd   	'//开机启动libvirtd服务'

4.4 Set KVM network as bridge

• After installing KVM on the host server, you must first set up the network. There are two ways to run the KVM network in libvirt:
  NAT and Bridge respectively. The default is NAT.

1、用户模式， 即 NAT 方式， 这种方式是默认网络， 数据包由 NAT 方式通过主机的接口进行传送， 可以访问外网， 
但是无法从外部访问虚拟机网络。

2、桥接模式， 这种模式允许虚拟机像一台独立的主机一样拥有网络， 外部的机器可以直接访问到虚拟机内部， 但需要
网卡支持， 一般有线网卡都支持。

这里以 Bridge（桥接） 为例。

• Modify ens33 network card

[root@kvm ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none	'//修改为none'
DEFROUTE=yes
#IPADDR=192.168.140.30
#NETMASK=255.255.255.0
#GATEWAY=192.168.140.2
#DNS=192.168.140.2
BRIDGE=br0		'//注释掉原本的IP地址和网关等设置，添加此处'
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=5aa5a365-ef5d-4600-a8f0-a89e553e2714
DEVICE=ens33
ONBOOT=yes

• Create a new bridged network card and restart the network card service

[root@kvm ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0	'//配置桥接网卡'
TYPE=Bridge
OTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.140.30
NETMASK=255.255.255.0
GATEWAY=192.168.140.2

[root@kvm~]# systemctl restart network	'//重启网卡'

4.5 KVM management

• Create KVM storage and mirror folders, and upload mirrors

[root@kvm ~]# mkdir -p /data_kvm/iso  	 '//创建上传镜像centos 7.5的镜像目录'
[root@kvm ~]# mkdir -p /data_kvm/store   '//创建虚拟机存储文件目录'
[root@kvm ~]# mount.cifs //192.168.140.1/elk /mnt
Password for root@//192.168.140.1/elk:  ******		//输入电脑主机密码（若没密码按空格即可）
[root@kvm ~]# cd /mnt/
[root@kvm mnt]# ls
CentOS-7-x86_64-DVD-1708.iso
[root@kvm mnt]# cp CentOS-7-x86_64-DVD-1708.iso /data_kvm/iso/
[root@kvm mnt]# ll /data_kvm/iso/
总用量 4415488
-rwxr-xr-x 1 root root 4521459712 1月  11 08:50 CentOS-7-x86_64-DVD-1708.iso

[root@kvm ~]# virt-manager      '//图形界面敲，打开虚拟系统管理器'

4.5.1 Create a storage pool

• Double-click to open QEMU/KVM-storage-add (plus sign)-fill in the name-forward-browse-other locations-computer-data_kvm-store-open-complete

(1) First create a storage pool selection /data_kvm/store

(2) Use the same method again to create a storage pool selection /data_kvm/iso

4.5.2 Create a storage volume

4.6 Start to create a virtual machine

• Open the virtual system manager-right click on QEMU/KVM-select new
  
• Local installation media—forward
  
• Choose to use ISO image—Browse to select the image in the storage pool of the image just created—Go forward
  
• Configure memory and CPU—forward
  
• Management-select the storage volume in the storage pool just created-forward
  
• Click to customize configuration before installation-select network (bridge)-complete
  
• Click on boot options-check to start the virtual machine when the host boots-start the installation-a prompt appears to select yes
  
  

4.7 Summary

• VMM is a system software that can maintain multiple efficient and isolated program environments (virtual machines), and at the same time can manage the real resources of the computer system and provide ports for virtual machines;
• The use of KVM virtualization technology greatly improves hardware utilization. Centralized management of multiple virtual machines, easy maintenance