After we understand the basic architecture of KVM through "KVM Architecture of KVM Virtualization Solution Series", we will continue to introduce how to use KVM to build our own virtualization environment. The environment is shown in Table 1.
| CPU name | Role | operating system | IP address | Remark |
|---|---|---|---|---|
| sqm01 | KVM host 1 | CentOS-7-x86_64-DVD-1810.ISO | 192.168.150.151 | |
| kvm02 | KVM host 2 | ubuntu-20.04.3-desktop-amd64 | 192.168.150.152 |
This article will introduce how to build a KVM environment through a set of processes and methods, including hardware system configuration, host operating system installation, KVM installation, QEMU installation, qemu-kvm/qemu-img component installation, and starting the first KVM virtual machine.
1. Hardware system configuration
1.1. If you use a physical machine to build KVM, please enable the VT and VT-d functions in the BIOS
Taking an Intel-based server as an example, if you want to use the KVM function, you first need the processor to support the VT technology. In addition, you need to enable the VT function in the BIOS. At present, the BIOS of most servers has enabled the VT function by default.
In the BIOS, the logo of VT is usually "Intel® Virtualization Technology" or "Intel® VT-d" or similar words. In addition to supporting the necessary processor virtualization extensions, if the server chip also supports VT-d (Virtualization Technology for Directed I/O), it is also recommended to enable it in the BIOS, because if the I/O device needs to pass through the virtual machine, it needs VT-d supports it. For example, if the GPU is directly connected to a virtual machine, VT-d is used.
Step 1: Set VT and VT-d to Enabled in BIOS, as shown in Figure 1
Step 2: Save the BIOS configuration and exit, it will take effect after the system restarts
Step 3: Check whether the CPU supports hardware virtualization through Linux
If your host has installed the Linux operating system, you can check whether the CPU currently supports hardware virtualization through the CPU feature flags (flags) in the /proc/cpuinfo file. On the x86 and x86-64 platforms, Intel series CPUs support the virtualization flag "vmx". Flag "svm" on AMD series CPUs.
If you are using an Intel architecture server, the command line execution is as follows:
[root@localhost ~]# grep vmx /proc/cpuinfo # “vmx”信息显示CPU支持虚拟化
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ssbd ibrs ibpb stibp tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 arat spec_ctrl intel_stibp flush_l1d arch_capabilities
If you are using an AMD architecture server, the command line execution is as follows:
[root@localhost ~]# grep svm /proc/cpuinfo
1.2. If you use a virtual machine to build KVM, please check "Virtualization Intel VT-x/EPT or AMD-V/RVI(V)"
If you are using VMware Workstation to build KVMM, you first need to enable the VMware virtualization engine, that is, check all the options of the virtualization engine, as shown in Figure 2.
2. Host operating system installation
KVM is a kernel-based virtualization technology. To build a KVM virtualization environment, a Linux operating system needs to be installed on the host. In China, the Linux operating systems commonly used by enterprises include RHEL, CentOS, and Ubuntu, so CentOS and Ubuntu are selected as the host operating system. Note that the Proxmox VE virtualization tool can only be installed on Debian Linux, and the installation of Debian will be mentioned in the chapter of the Proxmox VE virtualization tool, and the installation of the Debian system on the host is not demonstrated here.
2.1. Install the CentOS operating system on the host machine
The host of this article uses the VMware Workstation virtual machine to install the CentOS operating system. The installation file of the operating system is CentOS-7-x86_64-DVD-1810.ISO.
2.1.1. CentOS system installation
The first step is to create a CentOS image storage folder and a VMware virtual machine disk storage folder
Create a "CentOS" folder on the local computer desktop, and then copy the CentOS-7-x86_64-DVD-1810.ISO image to the "CentOS" folder, as shown in Figure 3.
Create a "Virtual Machine OS Storage/CentOS" folder in the D disk of the local computer to store the VMware virtual machine files created later, as shown in Figure 4.
The second step is to create a new virtual machine and edit the configuration of the virtual machine
Open the VMware Workstation virtual machine, click the "Create New Virtual Machine" button to create a CentOS virtual machine, as shown in Figure 5, select the "Typical" mode to create a virtual machine.
Continue to click "Next", jump to the interface in Figure 6, and select "Install the operating system (S) later".
Continue to click "Next" to jump to the interface in Figure 7, select "Linux" and "CentOS 7 64-bit", because the version of the CentOS operating system we want to install is CentOS-7-x86_64-DVD-1810.ISO.
Continue to click "Next" to jump to the interface in Figure 8, enter the virtual machine name, the name can be changed according to personal habits, and select the virtual machine file storage path.
Continue to click "Next" to jump to the interface in Figure 9 to allocate the virtual machine disk size. Since it is a demonstration environment, 40G space is enough for use.
The third step is to open the virtual engine of the VMware virtual machine
Continue to click "Next" to jump to the interface in Figure 10, and then click the "Custom Hardware" button to further edit the configuration.
Select the "Memory" option and allocate 4G memory to the virtual machine, as shown in Figure 11. If your local machine has enough memory, you can also allocate 8G memory to the virtual machine. If there is not enough memory, you can allocate 2G or 1G memory, which is up to you.
Continue to select the "Processor" option, assign vCPUs to the virtual machine, and start the virtualization engine at the same time, as shown in Figure 12.
Continue to select the "New CD/DVD" option, and then click the "Browse" button to select the CentOS image, which is stored in the "CentOS" folder we just created on the desktop, as shown in Figure 13.
Continue to select the "Network Adapter" option, and select the "Bridge Mode" network connection method, as shown in Figure 14.
After creating and editing the virtual machine, click the "Finish" button, as shown in Figure 15.
The third step is to start the virtual machine, enter the CentOS operating system installation interface, select "Install CentOS 7", press Enter to continue, as shown in Figure 16
The fourth step is to select the language of the CentOS 7 operating system. Here we select Simplified Chinese and press the "Continue" button, as shown in Figure 17
The fifth step is to enter the CentOS 7 installation core configuration interface, as shown in Figure 18
The "Localization" group can be selected according to the actual situation. Options such as "Installation Source", "Software Selection" in the "Software" group, and "Installation Location", "Network and Host Name" in the "System" group need to be configured with parameters.
Step 6. Click the "Installation Source" option to enter the installation source configuration interface. CentOS 7 supports multiple installation sources, which can be selected according to the actual situation, as shown in Figure 19
Select "Automatically detected installation media", then click the "Verify" button to check whether the installation media is normal, and finally click the "Finish" button.
Step 7: Click the "Software Selection" option to enter the software selection configuration interface, as shown in Figure 20.
By default, "Minimal Installation" is used, because we need to use the Graphical User Interface (GUI) to install and configure the virtual machine later, so select "Server with GUI", and finally click the "Finish" button.
Step 8: Click the "Installation Location" option to enter the installation location configuration interface, as shown in Figure 21
CentOS 7 supports multiple installation methods. Here we choose to install on the local hard disk, and at the same time select "Automatically configure partitions", and finally click the "Finish" button.
Step 9: Click the "Network and Host Name" option to enter the network and host name configuration interface, as shown in Figure 22
Select the network card on the left, click the "Configure" button to configure the IP address, subnet mask, gateway, and DNS for the network card, and finally click the "Save" button.
The tenth step is to configure the host name and start the network card, as shown in Figure 23
The host name is "kvm01", enter "kvm01.localdomain" in the host name, and click "Apply" to make the new host name take effect. At the same time, click the start button of the network card to turn on the network card, and finally click the "Finish" button.
The eleventh step, after the basic configuration information is completed, you can start the installation, click the "Start Installation" button, as shown in Figure 24
The twelfth step, enter the user setting interface, set a password for the root user and create a non-root user, as shown in Figure 25
Click "ROOT password" to enter the root password configuration interface. Note that non-root users are not created here, this is an option, but it is recommended that you create non-root users.
The thirteenth step is to set the password of the root user. After the setting is completed, click the "Finish" button, as shown in Figure 26
The fourteenth step, after the installation is complete, restart the CentOS server, and after accepting the license, click the "Complete Configuration" button, as shown in Figure 27.
The fifteenth step is to open the terminal command window in the graphical user interface, and the commands can be used normally, as shown in Figure 28. At this point, the CentOS system installation is complete.
2.1.2. Basic network configuration
The first step is to use the command "ip addr" to view the current network situation
During the installation of CentOS 7, we have set up the IP address, subnet mask, gateway and DNS configuration information of the network card, as shown below.
[root@kvm01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ea:7e:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.150.151/24 brd 192.168.150.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fd3a:b661:7f13::24b/128 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fd3a:b661:7f13:0:3c29:223d:540:3045/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::ac3c:7790:a394:f23e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:b3:8d:c9 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:b3:8d:c9 brd ff:ff:ff:ff:ff:ff
The second step is to use the ping command to check whether you can access the Internet
[root@kvm01 ~]# ping www.baidu.com
PING www.a.shifen.com (163.177.151.110) 56(84) bytes of data.
64 bytes from 163.177.151.110 (163.177.151.110): icmp_seq=1 ttl=53 time=11.3 ms
64 bytes from 163.177.151.110 (163.177.151.110): icmp_seq=2 ttl=53 time=11.0 ms
64 bytes from 163.177.151.110 (163.177.151.110): icmp_seq=3 ttl=53 time=11.1 ms
64 bytes from 163.177.151.110 (163.177.151.110): icmp_seq=4 ttl=53 time=9.83 ms
2.1.3. Enable SSH service for remote login
By default, the CentOS 7 system has enabled SSH service for remote login, and you can use SSH tools such as Xshell, CRT, etc. to log in remotely, as shown in Figure 29.
2.1.4. Modify the CentOS system YUM software source
Each Linux operating system vendor will provide its own YUM software source, through which the software package can be installed conveniently and quickly, and at the same time, the dependency problem of the software package can be solved. However, these Linux operating system manufacturers are basically foreign, so the YUM software source warehouse is a foreign site, and the access speed is very slow. Sometimes the download is halfway through and the connection is disconnected, resulting in software update failure. Therefore, it is necessary for us to adjust the YUM software source warehouse to the domestic Alibaba Cloud or the YUM source of Alibaba Cloud, so that the software update and upgrade efficiency will be higher. At the same time, the subsequent installation and use of KVM also requires an external YUM source, so it is very important to learn to modify the YUM source.
The first step is to use the command "ls /ect/yum.repos.d" to view the default YUM source file of the system
[root@kvm01 ~]# ls /etc/yum.repos.d/
CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Media.repo CentOS-Sources.repo CentOS-Vault.repo
The second step is to use the command "cat /etc/yum.repos.d/CentOS-Base.repo" to view the system default YUM source file information
From the output information, we can see that the address of the YUM source file is mirrorlist.centos.org, which is the official server of CentOS. The speed of accessing the official server of CentOS from China is relatively slow, and sometimes the connection will be disconnected.
[root@kvm01 ~]# cat /etc/yum.repos.d/CentOS-Base.repo
# CentOS-Base.repo
……(省略)
#
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
……(省略)
The third step is to use the command "ping www.aliyun.com" to check the connectivity between the CentOS server and Alibaba Cloud
If the CentOS server cannot access Alibaba Cloud, the YUM software source of Alibaba Cloud cannot be used, so ensure the connectivity between the CentOS server and Alibaba Cloud.
[root@kvm01 ~]# ping www.aliyun.com
PING na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com (203.119.207.129) 56(84) bytes of data.
64 bytes from 203.119.207.129 (203.119.207.129): icmp_seq=1 ttl=86 time=47.4 ms
64 bytes from 203.119.207.129 (203.119.207.129): icmp_seq=2 ttl=86 time=47.4 ms
64 bytes from 203.119.207.129 (203.119.207.129): icmp_seq=3 ttl=86 time=48.5 ms
64 bytes from 203.119.207.129 (203.119.207.129): icmp_seq=4 ttl=86 time=48.5 ms
The fourth step is to use the command "mv /etc/yum.repos.d/CentOS-*.repo /tmp" to back up the original YUM source file to /tmp
[root@kvm01 ~]# cd /etc/yum.repos.d/
[root@kvm01 yum.repos.d]# ls
CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Media.repo CentOS-Sources.repo CentOS-Vault.repo
[root@kvm01 yum.repos.d]#
[root@kvm01 yum.repos.d]# mv /etc/yum.repos.d/CentOS-*.repo /tmp
[root@kvm01 yum.repos.d]# ls
Step 5, use the command "wget http://mirrors.aliyun.com/repo/Centos-7.repo" to download the YUM source file of Alibaba Cloud's CentOS system
[root@kvm01 yum.repos.d]# wget http://mirrors.aliyun.com/repo/Centos-7.repo
--2021-10-15 19:10:01-- http://mirrors.aliyun.com/repo/Centos-7.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 121.31.229.244, 116.162.112.221, 36.248.25.178, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|121.31.229.244|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:2523 (2.5K) [application/octet-stream]
正在保存至: “Centos-7.repo”
100%[========================================================================================================================>] 2,523 --.-K/s 用时 0s
2021-10-15 19:10:02 (177 MB/s) - 已保存 “Centos-7.repo” [2523/2523])
[root@kvm01 yum.repos.d]# ls # YUM源文件下载成功
Centos-7.repo
Step 6, use the command "cat /etc/yum.repos.d/Centos-7.repo" to view the details of the YUM source file
According to the output information, we can see that the access address of the YUM source is mirrors.aliyun.com, that is, the Alibaba Cloud YUM source is used.
[root@kvm01 yum.repos.d]# cat /etc/yum.repos.d/Centos-7.repo
# CentOS-Base.repo
……(省略)
#
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
The seventh step, use the command "yum clean all" to clear the original YUM cache
[root@kvm01 yum.repos.d]# yum clean all
已加载插件:fastestmirror, langpacks
正在清理软件源: base extras updates
Cleaning up list of fastest mirrors
The eighth step, use the command "yum makecache" to generate a new YUM cache
[root@kvm01 yum.repos.d]# yum makecache
已加载插件:fastestmirror, langpacks
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
base/7/x86_64/primary_db FAILED
http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_64/repodata/6d0c3a488c282fe537794b5946b01e28c7f44db79097bb06826e1c0c88bad5ef-primary.sqlite.bz2: [Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; Unknown error"
正在尝试其它镜像。
……(省略)
The ninth step, use the command "yum update" to update the YUM source
[root@kvm01 yum.repos.d]# yum update
So far, the default YUM source of the CentOS operating system has been changed to the Alibaba Cloud YUM source, and it can be used normally.
2.1.5. Install ifconfig command tool
CentOS 7 began to deprecate the "ifconfig" command and use the "ip addr" command instead. Some people still use ifconfig because of their personal habits. To use the ifconfig command in CentOS 7, you need to install the net-tools network tool.
We can search for the ifconfig package through the search option of the yum command, which can find and display the relevant software.
[root@kvm01 ~]# yum search ifconfig
已加载插件:fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
================================================================ 匹配:ifconfig ================================================================
net-tools.x86_64 : Basic networking tools
Combined with the above information, we are prompted by running yum search ifconfig: installing the ifconfig package only needs to install net-tools.x86_64.
[root@kvm01 ~]# yum install net-tools.x86_64
已加载插件:fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.163.com
* updates: mirrors.163.com
软件包 net-tools-2.0-0.25.20131004git.el7.x86_64 已安装并且是最新版本
无须任何处理
After the installation is complete, next, we check whether the ifconfig tool can be used normally, as follows:
[root@kvm01 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.150.151 netmask 255.255.255.0 broadcast 192.168.150.255
inet6 fe80::ac3c:7790:a394:f23e prefixlen 64 scopeid 0x20<link>
inet6 fd3a:b661:7f13::24b prefixlen 128 scopeid 0x0<global>
inet6 fd3a:b661:7f13:0:3c29:223d:540:3045 prefixlen 64 scopeid 0x0<global>
ether 00:0c:29:ea:7e:95 txqueuelen 1000 (Ethernet)
RX packets 1072007 bytes 1602189438 (1.4 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 514109 bytes 41269959 (39.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:b3:8d:c9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2.1.6. Configure NTP time synchronization server
The asynchronous time between the Linux operating system and the virtualization platform will cause many problems, especially when the virtualization platform uses cluster functions and distributed storage functions, so it is very important to build an NTP server. The NTP server can be a physical server or a virtual machine.
Server-side NTP configuration (blue color)
The first step, use the command "yum install ntp ntpdata" to install the ntp service and ntpdate tool in the CentOS 7 server
[root@kvm01 ~]# yum install ntp ntpdata
已加载插件:fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
……(以下内容省略)
The second step is to use the ping command to detect the connectivity between the local NTP server and the public NTP server
Use the Alibaba Cloud NTP server as the public NTP server, and the CentOS 7 server as the local NTP server needs to synchronize time with the public NTP server when necessary, so it is necessary to ensure the interconnection between the local NTP server and the Alibaba Cloud NTP server.
[root@kvm01 ~]# ping ntp.aliyun.com
PING ntp.aliyun.com (203.107.6.88) 56(84) bytes of data.
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=1 ttl=53 time=51.8 ms
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=2 ttl=53 time=51.8 ms
64 bytes from 203.107.6.88 (203.107.6.88): icmp_seq=3 ttl=53 time=51.5 ms
[root@kvm01 ~]# ping ntp1.aliyun.com
PING ntp1.aliyun.com (120.25.115.20) 56(84) bytes of data.
64 bytes from 120.25.115.20 (120.25.115.20): icmp_seq=1 ttl=52 time=5.83 ms
64 bytes from 120.25.115.20 (120.25.115.20): icmp_seq=2 ttl=52 time=6.73 ms
64 bytes from 120.25.115.20 (120.25.115.20): icmp_seq=3 ttl=52 time=7.33 ms
The third step is to modify the ntp configuration file /etc/ntp.conf, and cancel the default NTP server address of the configuration file
[root@kvm01 ~]# vim /etc/ntp.conf
……(省略)
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# server 0.centos.pool.ntp.org iburst # 注销默认的centosntp服务器
# server 1.centos.pool.ntp.org iburst # 注销默认的centosntp服务器
# server 2.centos.pool.ntp.org iburst # 注销默认的centosntp服务器
# server 3.centos.pool.ntp.org iburst # 注销默认的centosntp服务器
The fourth step is to modify the ntp configuration file /etc/ntp.conf and add the following configuration
[root@kvm01 ~]# vim /etc/ntp.conf
#日志文件
logfile /var/log/ntpd.log
#授权192.168.150.0网段上所有机器可以从这台机器上查询和时间同步
restrict 192.168.150.0 mask 225.225.225.0 nomotify notrap
#时间服务器列表
server ntp1.aliyun.com
server ntp2.aliyun.com
server ntp3.aliyun.com
#当外部时间不可用时,使用本地时间
server 127.0.0.1
fudge 127.0.0.1 stratum 10
#允许上层时间服务器主动修改本机时间
restrict ntp1.aliyun.com nomodify notrap noquery
restrict ntp2.aliyun.com nomodify notrap noquery
restrict ntp3.aliyun.com nomodify notrap noquery
The fifth step, save and exit, restart the ntp service, and add the automatic startup after booting
[root@kvm01 ~]# systemctl disable chronyd #关闭chrony自启动功能,否则NTP服务自启动失败
[root@kvm01 ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@kvm01 ~]# systemctl restart ntpd
The sixth step is to query the current NTP server source information
Among them, 120.25.115.20 and 203.107.6.88 are the IP addresses of Alibaba Cloud NTP servers.
[root@kvm01 ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*120.25.115.20 10.137.53.7 2 u 35 64 17 11.436 -0.857 4.066
203.107.6.88 10.137.38.86 2 u 33 64 17 44.415 3.242 4.605
localhost .INIT. 16 l - 64 0 0.000 0.000 0.000
The seventh step, when starting the ntp service, first manually synchronize the local time, note that this is the time synchronization between the local NTP server and the public NTP server
[root@kvm01 ~]# ntpdate -u ntp1.aliyun.com
16 Oct 08:36:05 ntpdate[29087]: adjust time server 120.25.115.20 offset 0.004865 sec
The eighth step is to check whether the ntp synchronization time is started. If the execution result of the following command appears, it means that the synchronization time is started successfully
[root@kvm01 ~]# ntpstat
synchronised to NTP server (120.25.115.20) at stratum 3
time correct to within 13 ms
polling server every 64 s
The ninth step, as an NTP server, you need to enable the ntp service in the firewall, otherwise the NTP client cannot synchronize the time
[root@kvm01 ~]# firewall-cmd --add-service=ntp --permanent
[root@kvm01 ~]# firewall-cmd --reload
Linux client NTP configuration (blue color)
The NTP configuration of the Linux client is almost the same as that of the server, because the local NTP server (192.168.150.151) is actually a client of the public NTP server. The only difference is that in the last step, there is no need to enable the ntp service in the firewall. What I am demonstrating here is the Debinn Linux client.
The first step, the client installs ntp and ntpdate components
root@pve:~# apt-get install ntp
root@pve:~# apt-get install ntpdate
The second step is to use the ping command to detect the connectivity of the client to the local NTP server
The IP address of the local NTP server is 192.168.150.151, and the connectivity between the NTP client and the local NTP server needs to be ensured
root@pve:~# ping 192.168.150.151
PING 192.168.150.151 (192.168.150.151) 56(84) bytes of data.
64 bytes from 192.168.150.151: icmp_seq=1 ttl=64 time=4.70 ms
64 bytes from 192.168.150.151: icmp_seq=2 ttl=64 time=1.20 ms
64 bytes from 192.168.150.151: icmp_seq=3 ttl=64 time=1.48 ms
The third step is to modify the client configuration file /etc/ntp.conf and cancel the original NTP server
root@pve:~# vim /etc/ntp.conf
# pool 0.debian.pool.ntp.org iburst
# pool 1.debian.pool.ntp.org iburst
# pool 2.debian.pool.ntp.org iburst
# pool 3.debian.pool.ntp.org iburst
The fourth step is to modify the client configuration file /etc/ntp.conf and add the following configuration
root@pve:~# vim /etc/ntp.conf
#ntp服务器地址
pool 192.168.150.151
#允许上层时间服务器主动修改本机时间
restrict 192.168.150.151 nomodify notrap noquery
#当外部时间不可用时,使用本地时间
pool 127.0.0.1 #本地时钟
fudge 127.0.0.1 stratum 10
The sixth step is to save and exit, restart the ntp service, and add the automatic startup after booting
root@pve:~# service ntp start
root@pve:~# service ntp restart
The seventh step is to query the current NTP source information, where 192.168.150.1 is the IP address of the CentOS NTP server
root@pve:~# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.150.151 .POOL. 16 p - 64 0 0.000 +0.000 0.000
127.0.0.1 .POOL. 16 p - 64 0 0.000 +0.000 0.000
Linux client and NTP server test (blue font)
The first step is to select a Linux host as the client, and use the command "data" to check the time
root@pve:~# date
Sat 16 Oct 2021 09:05:48 AM CST
The second step is to synchronize the time of the client and the NTP server
root@pve:~# ntpdate -d 192.168.150.151
16 Oct 15:53:31 ntpdate[10432]: ntpdate 4.2[email protected] Wed Sep 23 11:46:38 UTC 2020 (1)
Looking for host 192.168.150.151 and service ntp
192.168.150.151 reversed to pve.local
host found : pve.local
transmit(192.168.150.151)
receive(192.168.150.151)
transmit(192.168.150.151)
receive(192.168.150.151)
transmit(192.168.150.151)
receive(192.168.150.151)
transmit(192.168.150.151)
receive(192.168.150.151)
server 192.168.150.151, port 123
stratum 3, precision -25, leap 00, trust 000
refid [120.25.115.20], root delay 0.006226, root dispersion 0.017593
reference time: e5150300.1cc3bebd Sat, Oct 16 2021 15:51:28.112
originate timestamp: e5150381.d4b56738 Sat, Oct 16 2021 15:53:37.830
transmit timestamp: e5150381.d4162fc2 Sat, Oct 16 2021 15:53:37.828
filter delay: 0.03215 0.03011 0.03143 0.02934
---- ---- ---- ----
filter offset: -0.000538 +0.000440 +0.000617 +0.000077
---- ---- ---- ----
delay 0.02934, dispersion 0.00037, offset +0.000077
16 Oct 15:53:37 ntpdate[10432]: adjust time server 192.168.150.151 offset +0.000077 sec
Win 10 client NTP configuration and NTP server test (blue font)
The first step is to use the ping command to detect the network connectivity between the Win10 client and the NTP server
C:\Users\lishe>ping 192.168.150.151
正在 Ping 192.168.150.151 具有 32 字节的数据:
来自 192.168.150.151 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.150.151 的回复: 字节=32 时间=1ms TTL=64
来自 192.168.150.151 的回复: 字节=32 时间=1ms TTL=64
来自 192.168.150.151 的回复: 字节=32 时间=1ms TTL=64
The second step is to open the NTP clock setting interface of the Win10 client, click "Change Settings", as shown in Figure 30
The third step is to modify the NTP server to 192.168.150.151, and click the "Update Now" button, as shown in Figure 31
In the fourth step, the time synchronization between the Win10 client and the NTP server 192.168.150.151 is successful, as shown in Figure 32
So far, the NTP server and NTP client have been set up and can be used normally.