KVM virtualization + KVM installation (novices can understand at a glance)

1. Overview of virtualization technology

1.1 Virtualization technology

Virtualize a computer into multiple logical computers through virtualization technology, and run multiple logical computers on one computer at the same time. At the same time, each logical computer can run different operating systems, and application programs can run in independent spaces. And do not affect each other, thereby improving the efficiency of the computer

1.2. Development of virtualization technology (prototype)

● In 1961, IBM 709 machine implemented a time-sharing system, which divided the CPU usage into multiple extremely short time slices (1/100sec). Each time slice performs different tasks. By polling these time slices, the One CPU
pretends to be multiple CPUs ● In 1972, 1BM officially named the time-sharing system of the system370 machine as a virtual machine.
● In 1990, IBM introduced the system390 machine to support logical partitioning (divided into multiple CPUs, independent of each other, (That is logical division)
● Xen came out in 2003 as an external hyperviso/VMM program (virtual machine management program) that can control the host to allocate resources to multiple clients
● KVM: came out in 2007 and is now built into the kernel kernel In
● Xen supported virtualization technology: full virtualization, para-virtualization
● KVM: supported virtualization technology: full virtualization

1.3 Features of virtualization technology

■ Simulate multiple operating systems (centos. win10. suse) in one operating system (win10), and each operating system can run different services (nginx + tomcat), so as to realize a host computer to build a cluster (from the whole)
■ Realize the functions of physical hardware through software/applications.
Note: Software resources are not as high as hardware resources (stable and efficient) (same function)

1.4 Types of virtualization

■ Full virtualization: All physical hardware resources are abstracted through software, and finally called

● Method of use: Using hypervisor (VMM) software, the principle is to establish an abstraction layer between the underlying hardware and the server, and the core-based virtual machine is an open source product hypervisor (VMM) for Linux systems that can capture CPU instructions. Act as an intermediary for instructions to access hardware controllers and peripherals

■ Para-virtualization: It is necessary to modify the
virtualization engine in the settings of the operating system virtual machine, which is to turn on the hardware-assisted-"software virtualization function, so that the performance is higher and closer to the physical device

■ Pass-through: use physical hardware resources directly (need kernel-level support, technical implementation is difficult, imperfect)

1.5, the characteristics of virtualization

■ Advantage

● Centralized management (remote management, maintenance)
● Improve hardware utilization (low utilization of physical resources: for example, peak value, virtualization solves "idle" capacity)
● Dynamic adjustment of machine/resource configuration (virtualization changes the system's applications and Separation of service hardware and increased flexibility)
● High reliability (additional functions and solutions can be deployed, which can improve application environments such as transparent load balancing, migration, and recovery replication)

■ Disadvantages
● High upfront costs (initial hardware support)
● Reduced hardware utilization (in certain scenarios, such as extremely resource-intensive applications may not be suitable for virtualization)
● Greater error impact (local physical machine down opportunities cause virtual machines to be Unavailable, and all files in the virtual machine may be damaged)
● Complex implementation and configuration, complicated management (difficulty in operation and maintenance and troubleshooting for managers)
● Certain restrictions (virtualization technology involves various restrictions, and must be compatible with support/compatible virtualization Servers, applications, and vendors used in combination)
● Security (the security risks of virtualization technology itself, the robustness of the code determines whether the virtualization product is stable)

1.6. Comparison before and after virtualization

■ Before virtualization
● Each host has an operating system
●
Software and hardware are closely integrated ● Running multiple applications on the same host usually causes conflicts
● System resource utilization is low (for example: 5%)
● Hardware costs are high and insufficient flexible

■ After virtualization,
the interdependence between operating system and hardware is broken (the operating system of the host computer is used as the underlying support to simulate multiple operating systems).
● Through the technology of encapsulating into the virtual machine, the management operating system and application program are single Individual (convenient management)
● Strong security and fault isolation
● Virtual machines are independent of hardware, they can run on any hardware (the virtual machine manager supports the operating system)

1.6.1, comparison

1.6.1.1 Operating system (before virtualization)

In the LAMP architecture (implemented by a host)
LuNUx + Apache + MySQL + PHP
, Apache and MySQL resources are shared. If the architecture requires high security isolation between services, the Apache page and the MySQL database directory must not Meet each other, if the Apache vulnerability is exposed, the attacker can access the MySQL data directory by the Apache process to obtain the data in MySQL. This is a serious security hazard. To solve this potential danger, you can achieve the kernel level Isolation (using virtualization technology)

1.6.1.2, combination of software and hardware

Because the hardware and the operating system are incompatible or not supported, some software and hardware functions cannot be used normally (and the most difficult problem).
When virtualization is used, the software and hardware will be isolated (allocated) through the virtualization layer driver. The virtualization layer can identify software/hardware applications, so you can use a combination of software and hardware

1.6.1.3. Running multiple applications on the same host usually produces conflicts

Apache and Nginx have the same location (port 80), and can only be separated by reverse proxy. At the same time, if you use this method on the same machine, if important data files in Apache and Nginx are leaked at the same time, virtualized Services can be isolated to improve security

1.7, case

VMwareWorkstation: Use software to achieve virtual multi-operating system
VirtualBox: Use software to virtualize a variety of physical device functions
Take VMware
workstation as an example, workstatin supports the virtualization
technology of Intel and AMD. Hardware-assisted virtualization technology Intel-VT-x AMD-V

1.7.1, Intel VT-x technology

Intel VT-x technology mainly includes the virtualization technology of CPU, memory and I/0, and also provides optimized processing (early to make up for the defects of X86 architecture virtualization)
AMD-V is a set of hardware for the x86 processor system architecture Expansion and hardware-assisted virtualization technology can simplify software-only virtualization solutions, improve the design of VMM (virtual machine monitor), make full use of hardware resources, and improve the virtualization efficiency of servers and data centers

1.7.2, VMM (Virtual Machine Monitor/Management Program)

VMM is a system software that can maintain multiple efficient and isolated program environments (virtual machines), and at the same time can manage the real resources of the computer system and provide interfaces for virtual machines

1.8 Overview of KVM

Generalized KVM

■ KVM (Kernel-based Vritual Machine) is a kernel-based virtual machine

■ KvM is an open source Linux native full virtualization solution based on virtualized extended X86 hardware (requires CPU to support Intel-VT. x or AMD-V)

■ KVM is embedded in the kernel module to simulate the processor and memory to support virtual machine operation and isolate sensitive instructions

The virtual machine is implemented as a regular Linux process, which is scheduled by a standard Linux scheduler; each virtual CPU of the virtual machine is implemented as a regular Linux process. This allows KVM to use the existing functions of the Linux kernel, but
KVM itself does not perform any simulation. A client space program (virtual machine) is required to set the address space of a client virtual server through the /dev/kvm (this virtual device needs to be turned on hardware-assisted virtualization) interface, and it is performed by Qemu simulation I/O (ioct) Resource scheduling and maintenance management, Qemu virtualized resources are read and write, and use the Libvirt tool to call KVM virtualized physical resources
● Libvirt: KVM management tool, in addition to managing VMMs such as KVM, it can also manage Xen, VirtualBox, even the bottom layer of OpenStack
● Libvirt contains 3 components: the background daemon program libvirtd, the API library, and the command line tool virsh

1.8.1, KVM virtualization architecture / three modes

■ Guest mode (guestOS): The OS in the VM is the mode in which the GuestOs
guest runs in the operating system. The guest is divided into kernel mode and user mode. The functions are as follows:
● User mode:
provides users with user space tools for virtual machine management As well as executing I/0 on behalf of the user, Qemu works in this mode (the main function of Qemu)
● linux kernel mode
Simulates CPU and memory, realizes client mode switching, and handles the launch of client mode, KVM runs in this mode

1.8.2, KVM principle

■ Guest: The guest system, including CPU (vCPU), memory, drivers (Console. Network card, I/o device driver, etc.), is run in a restricted CPU mode by KVM

■ KVM kernel module simulates the processor and memory to support virtual machine operation

■ Qemu mainly handles I/O and provides customers with a user space /dev/kvm tool libvirt for virtual machine management. Ioctl (definition) is a system call dedicated to device input and output operations. Qemu itself is not part of KVM. Qemu is A complete virtualization solution is pure software to achieve virtualization, including processor virtualization, memory virtualization, and simulation of various virtual devices, but because it is simulated by pure software, the performance of Qemu is relatively low.
libvint: KVM management tools The
above constitute a complete virtualization platform

Simple understanding:
KVM driver provides processor, memory virtualization, and guest I/O interception. After guest I/O is intercepted, it is handled by Qemu. Qemu uses the interface libkvm to call (ioct) the virtual machine device interface/ dev/kvm to allocate resources, manage and maintain virtual machines

2. KVM virtualization platform deployment

2.1, virtual machine resources

CPU: Dual-core dual-thread-CPU virtualization enabled
Memory: 8G
Hard disk: 300G
Dual network card: Single network card
Operating system: Centos 7.6 (1810)

2.2. Experimental environment

2.2.1, modify the host name

[root@localhost ~]# hostnamectl set-hostname kvm 
[root@localhost ~]# su

2.2.2. Set the mirrored disc to be permanently mounted

[root@kvm ~]# vi /etc/fstab

[root@kvm ~]# mount -a

2.2.3, environmental optimization

Note: Set DNS reverse resolution
# whether to reverse DNS resolution , setting it to NO can make the client connect to the server faster

[root@kvm ~]# vim /etc/ssh/sshd_config 

2.2.4. Make a local YUM warehouse

[root@kvm ~]# mkdir /abc
[root@kvm ~]# cd /etc/yum.repos.d/
[root@kvm yum.repos.d]# ls -lh

[root@kvm yum.repos.d]# mkdir bak
[root@kvm yum.repos.d]# mv CentOS-* bak
[root@kvm yum.repos.d]# cd bak
[root@kvm bak]# ls -lh

[root@kvm /]# cd /etc/yum.repos.d/
[root@kvm yum.repos.d]# vim local.repo

[root@kvm yum.repos.d]# yum clean all          #清空yum仓库
[root@kvm yum.repos.d]# mount /dev/sr0 /mnt    #因为没有重启，所以需要手动挂载一下光盘镜像
[root@kvm yum.repos.d]# yum makecache          #加载yum数据

2.2.5, turn off the firewall, core protection

[root@kvm yum.repos.d]# systemctl stop firewalld.service 
[root@kvm yum.repos.d]# systemctl disable firewalld.service 
[root@kvm yum.repos.d]# setenforce 0

[root@kvm yum.repos.d]# vim /etc/selinux/config 

[root@kvm yum.repos.d]# reboot  /init 6     #重启系统

3. Install KVM

3.1. Some have already been installed, but the following installation still needs to be repeated

[root@kvm ~]# yum groupinstall -y "GNOME Desktop"  #安装 GNOME 桌面环境  如果装了图形界面不需要装了
[root@kvm ~]# yum -y install qemu-kvm #安装KVM 模块
[root@kvm ~]# yum -y install qemu-kvm-tools   #KVM 调试工具,可不安装
[root@kvm ~]# yum -y install virt-install     #构建虚拟机的命令行工具
[root@kvm ~]# yum -y install qemu-img    #qemu 组件,创建磁盘、 启动虚拟机等
[root@kvm ~]# yum -y install bridge-utils   #网络支持工具
[root@kvm ~]# yum -y install libvirt   #虚拟机管理工具
[root@kvm ~]# yum -y install virt-manager  #图形界面管理虚拟机
[root@kvm ~]# reboot	#重启

3.2. Set the display mode of the startup interface

[root@kvm ~]# ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target        # 将 系 统 的 默 认 运 行 target 更 改 为graphical.targe              #重启后系统将进入图形化界面
[root@kvm ~]#  init 6

3.3. Check whether the CPU supports virtualization

[root@kvm ~]# cat /proc/cpuinfo | grep vmx

2.4. Check whether the KVM module has been installed

[root@kvm ~]# lsmod | grep kvm

[root@kvm ~]# systemctl start libvirtd         # 开启libvirtd服务
[root@kvm ~]# systemctl enable libvirtd        # 开机启动libvirtd服务

4. Set up the KVM network

After installing KVM on the host server, you must first set up the network. There are two ways to run KVM network in libvirt:
Two modes of KVM network:
NAT: The default setting, data packets are
transmitted by NAT through the host’s interface and can be accessed outside Network, but cannot access the virtual machine network
bridge from the outside : this mode allows the virtual machine to have a network like an independent host, and the external machine can directly access the inside of the virtual machine, but it needs the support of the network card (generally wired network cards support )

4.1. Deploy using Bridge mode

[root@kvm ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33    #修改ens33网卡

4.1.1. Create a new bridged network card

[root@kvm ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0

[root@kvm ~]# systemctl restart network     #重启网卡

5. KVM deployment and management

5.1. Create a directory for KVM storage and mirroring data, upload a centos7 mirror

[root@kvm ~]# mount.cifs //192.168.0.103/iso /mnt 
[root@kvm ~]# cd /mnt
[root@kvm mnt]# ll

[root@kvm mnt]# cp CentOS-7-x86_64-DVD-1708.iso /data_kvm/iso/
[root@kvm mnt]# ls /data_kvm/iso/

5.2. Knock on the graphical interface to open the virtual system manager

[root@kvm mnt]# cd
[root@kvm ~]# virt-manager 

5.3. Use virtual system manager to manage virtual machines

Creation ideas:
① Create storage pool (ISO, STORE)
② Add storage volume
③ Create virtual machine

5.3.1, create a storage pool

Note: Double-click to open QEMU/KVM–>Storage–>Plus (+)–>Fill in the name–>Forward–>Browse–>Other locations–>Computer–>data_kvm–store–>Open–>Finish

5.3.1.1, double-click to open QEMU/KVM

5.3.1.2, KVM -> storage -> plus sign (+) -> fill in the name -> forward

5.3.1.3. Browse -> Other Locations -> Computer

5.3.1.4, data_kvm--store-->Open-->Finish

5.4. Choose the same method to create the storage pool kvm2 and select the /data_kvm/iso folder

5.5, create a storage volume

5.6, create a virtual machine

5.6.1. Select the image file in the kvm2 storage pool, namely /data_kvm/iso

5.6.2. Configure memory and CPU-forward

5.6.3. Management-select the storage volume in the storage pool just created-forward

5.6.4. Click Customize configuration before installation-select network (bridge)-complete

5.6.5. Click the boot option-check to start the virtual machine when the host boots-start the installation-a prompt appears to select yes

5.6.6. Installation (normal installation is sufficient)