1. What is virtualization and virtual machine
1, virtualization
(1) Virtualization is the process of creating a software-based (or virtual) as a manifestation of some components (such as a virtual application, server, storage and network). It is down
low all sizes of enterprise IT spending, while increasing its efficiency and agility in the most effective way.
(2) virtualization can improve IT agility, flexibility and scalability, and significant cost savings. Higher workload mobility, higher performance and resource
availability, automated operation and maintenance - these are the advantages of virtualization, virtualization technology allows IT departments to more easily manage and reduce cost of ownership and operation and
maintenance costs. Other advantages include:
Lower capital costs and operation and maintenance costs. Minimize or eliminate downtime. IT departments to improve work efficiency, effectiveness, agility and responsiveness. Accelerate the speed of deployment of applications and resources. Improve business continuity and disaster recovery capabilities. Simplify data center management. True Software-Defined Data Center availability.
2, the virtual machine
Virtual computer system is called a "virtual machine" (VM), which is a strict isolation and container containing operating system software and applications. Each self-contained virtual machines are
completely independent. By placing multiple virtual machines on a single computer can run only on a single physical server or a "host" multiple operating systems and applications,
streamline software layer called "the hypervisor" can be separated from the host machine and the virtual come, and dynamic allocation of computing resources each virtual machine as needed.
The main characteristics of the virtual machine:
1, the partition can run multiple operating systems on a single physical machine. The system can allocate resources among virtual machines. 2, isolation can fault and security isolation at the hardware level. Advanced control features available resources to maintain performance. 3, the package can be saved state of the virtual machine to complete the file. Move and copy virtual machines as easily as moving and copying files. 4, independent of the hardware can be any formulation or migrate to the virtual machine on any physical server.
2, cloud computing
Cloud computing is a concept was first conceived by former Google CEO Eric • Schmidt (Eric Schmidt) in the search engine Assembly August 9, 2006 on the first time, and "cloud computing" is this synonymous with the idea,
Cloud computing to virtualization foundation, and providing network-centric resources, to provide users with safe, fast and convenient data storage and network computing services, including hardware, platform, software and services and other resources required, the network was called "cloud."
1, cloud computing Category:
Public cloud: for example aws, Ali clouds and azure, mountain cloud, Tencent cloud belong to the public cloud, everyone can pay to use, do not need to be concerned about the underlying hardware, but the data security needs Cowley. Private cloud: in their own house or IDC self Openstack, VMware and other environmental Hybrid cloud: it is necessary to use a public cloud, a private cloud but also to use that part of their private cloud and public cloud services have the transfer, this part is called mixed cloud
2, the cloud stratification
IaaS: Infrastructure Services, Infrastructure-as-a-service # self-built room PaaS: Platform Services, Redis on the Platform-as-a-service # public cloud, RDS and other services,
even on the phone APP SaaS: Software Service , Software-as-a-service # E-mail, OA system.
3, virtualization technology classification
1, the simulator: a host on virtualization software simulator to simulate a plurality of hardware or hardware environment, each environment is a separate virtual machine, CPU, IO, memory and the like are simulated, and can simulate different from the current virtual machine instruction set of a physical CPU in the machine host, such as Windows can simulate the mac OS, unix system, are well-known simulator has: pearpc, QEMU, Bochs.
2, all of the virtual machines / quasi-virtualization: full virtualization / native virtualization, full virtualization of CPU and memory do simulation, only to do the appropriate allocation of CPU and memory operations, full virtualization support requires physical hardware, such as the need CPU must support and open virtualization capabilities such as Intel's Intel VT-X / EPT, AMD's AMD-V / RVI, to the CPU level support virtualization capabilities and memory virtualization technology, so fully virtualized hardware-based assisted virtualization, vmware workstation, vmware esxi, paralles desktop, KVM, Microsoft Hyper-V.
3, Paravirtualization: para virtualization, paravirtualization requires guest OS kernel is to know that they run in a virtualized environment which, so guestOS system architecture must and system architecture host of the same, and the requirements of the guest OS kernel to do the appropriate changes, and therefore only supports open source paravirtualization system kernel, the system does not support the closed-source, the more common paravirtualization is an earlier version of XEN, but its Xen version 3.0, can support the use of hardware virtualization technology support (http://www-archive.xenproject.org/files/xen_3.0_datasheet.pdf), to achieve a fully virtualized, without modification on its platform directly run as Linux / Windows and other operating systems, such a system with better compatibility.
hypervisor type
Run directly to a physical machine: vmware esxi, rhev hypervisor
We need to run the operating system: KVM, XEN, vmware workstation
4, the introduction of KVM, preparation and qemu-kvm command Detailed
1, KVM Introduction
(1 Introduction
KVM: Keyboard Video Mouse is an abbreviation. KVM switch by directly connecting a keyboard, video and mouse (KVM) port, allowing you to access and control the computer. KVM technology eliminates the need to modify the target server software. This means that the BIOS in the Windows environment, ready access to the target computer. KVM provides true motherboard level access, and support for multi-platform servers and serial devices.
KVM technology has evolved from the original foundation SOHO office type, the development of enterprise IT infrastructure Room facilities management systems. Servers and devices can be located more remote locations kvm client management software easily accessed directly from. KVM over IP solutions have the perfect multi-site failover capabilities, new server management standard (IPMI) direct interface, and will map local storage media to a remote location function.
KVM is a "freak", was originally a type 2 host virtualization; but once loaded kvm.ko modules on OS, will "infect" OS, it becomes a hypervisor (kvm), the original software as a control space station, converted to a type 1 mode virtual host.
(2) KVM assembly
① kvm.ko: Mo块
API Application Programming Interface
② QEMU -kvm: tools user-space programs;
qemu-KVM is an open source virtualization, which provides hardware emulation for the KVM hypervisor.
Kvm a running virtual machine is a qemu-kvm process, run qemu-kvm program and pass it the appropriate options and parameters that can complete the virtual machine starts, to terminate the process that is able to shut down the virtual machine;
③ libvirt virtualization library: Libvirt is a C toolkit to interact with the most recent versions of Linux (and other operating systems) virtualization capabilities. Main export package includes virtualization support libvirtd server.
C/S:
Client:
libvirt-client
virt-manager
Daemon:
libvirt-daemon
(3)KVM模块load进内存之后,系统的运行模式:
内核模式:GuestOS执行IO类的操作时,或其它的特殊指令操作时的模式;它也被称为"Guest-Kernel"模式;
用户模式:Host OS的用户空间,用于代为GuestOS发出IO请求;
客户机模式:GuestOS的用户模式;所有的非IO类请求。
实战一、实现宿主机为NAT模式,安装叠加虚拟机
KVM需要宿主机CPU必须支持虚拟化功能,因此如果是在vmware workstation上使用虚拟机做宿主机,那么必须要在虚拟机配置界面的处理器选项中开启虚拟机化功能。
(1)前提:
① 必须跑在x86 系统的架构上
② 必须支持硬件级虚拟化
vmx:Intel VT-x
svm:AMD AMD-v
③ 在虚拟机上再虚拟化,需开启虚拟化 Intel VT-x/EPT,且虚拟机此时使用的是NAT模式网络
(2)判断CPU是否支持硬件虚拟化:
[root@centos-7~]#grep -E "vmx|svm" /proc/cpuinfo
注意:vmx 或 svm 必须出现一个,表示是支持的
vmx:Intel VT-x
svm:AMD AMD-v
(3)安装前准备
① 装载KVM 模块
[root@centos-7~]#yum install qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install -y
② 检测kvm 模块是否装载
③ 启动安装的服务,并设置为开机启动
[root@centos-7~]#systemctl start libvirtd [root@centos-7~]#systemctl enable libvirtd
3、virsh-install命令使用帮助:
[root@linux-node1 ~]# virt-install --help
usage: virt-install --name NAME --ram RAM STORAGE INSTALL [options]
使用指定安装介质新建虚拟机。
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
--connect URI 使用 libvirt URI 连接到 hypervisor
通用选项:
-n NAME, --name NAME 客户端事件名称
--memory MEMORY 配置虚拟机内存分配。例如:
--memory 1024 (in MiB)
--memory 512,maxmemory=1024
--vcpus VCPUS 为虚拟机配置的 vcpus 数。例如:
--vcpus 5
--vcpus 5,maxcpus=10,cpuset=1-4,6,8
--vcpus sockets=2,cores=4,threads=2,
--cpu CPU CPU 型号及功能。例如:
--cpu coreduo,+x2apic
--cpu host
--metadata METADATA 配置虚拟机元数据。例如:
--metadata name=foo,title="My pretty title",uuid=...
--metadata description="My nice long description"
安装方法选项:
--cdrom CDROM 光驱安装介质
-l LOCATION, --location LOCATION
安装源(例如:nfs:host:/path、http://host/path
ftp://host/path)
--pxe 使用 PXE 协议从网络引导
--import 在磁盘映像中构建虚拟机
--livecd 将光驱介质视为 Live CD
-x EXTRA_ARGS, --extra-args EXTRA_ARGS
附加到使用 --location 引导的内核的参数
--initrd-inject INITRD_INJECT
使用 --location 为 initrd 的 root
添加给定文件
--os-variant DISTRO_VARIANT
在其中安装 OS 变体的虚拟机,比如
'fedora18'、'rhel6'、'winxp' 等等。
--boot BOOT 配置虚拟机引导设置。例如:
--boot hd,cdrom,menu=on
--boot init=/sbin/init (for containers)
--idmap IDMAP 为 LXC 容器启用用户名称空间。例如:
--idmap uid_start=0,uid_target=1000,uid_count=10
设备选项:
--disk DISK 使用不同选项指定存储。例如:
--disk size=10 (new 10GiB image in default location)
--disk /my/existing/disk,cache=none
--disk device=cdrom,bus=scsi
--disk=?
-w NETWORK, --network NETWORK
配置虚拟机网络接口。例如:
--network bridge=mybr0
--network network=my_libvirt_virtual_net
--network network=mynet,model=virtio,mac=00:11...
--network none
--network help
--graphics GRAPHICS 配置虚拟机显示设置。例如:
--graphics vnc
--graphics spice,port=5901,tlsport=5902
--graphics none
--graphics vnc,password=foobar,port=5910,keymap=ja
--controller CONTROLLER
配置虚拟机控制程序设备。例如:
--controller type=usb,model=ich9-ehci1
--input INPUT 配置虚拟机输入设备。例如:
--input tablet
--input keyboard,bus=usb
--serial SERIAL 配置虚拟机串口设备
--parallel PARALLEL 配置虚拟机并口设备
--channel CHANNEL 配置虚拟机沟通频道
--console CONSOLE 配置虚拟机与主机之间的文本控制台连接
--hostdev HOSTDEV 将物理 USB/PCI/etc
主机设备配置为与虚拟机共享
--filesystem FILESYSTEM
将主机目录传递给虚拟机。例如:
--filesystem /my/source/dir,/dir/in/guest
--filesystem template_name,/,type=template
--sound [SOUND] 配置虚拟机声音设备模拟
--watchdog WATCHDOG 配置虚拟机 watchdog 设备
--video VIDEO 配置虚拟机视频硬件。
--smartcard SMARTCARD
配置虚拟机智能卡设备。例如:
--smartcard mode=passthrough
--redirdev REDIRDEV 配置虚拟机重定向设备。例如:
--redirdev usb,type=tcp,server=192.168.1.1:4000
--memballoon MEMBALLOON
配置虚拟机 memballoon 设备。例如:
--memballoon model=virtio
--tpm TPM 配置虚拟机 TPM 设备。例如:
--tpm /dev/tpm
--rng RNG 配置虚拟机 RNG 设备。例如:
--rng /dev/random
--panic PANIC 配置虚拟机 panic 设备。例如:
--panic default
虚拟机配置选项:
--security SECURITY 设定域安全驱动器配置。
--numatune NUMATUNE 为域进程调整 NUMA 策略。
--memtune MEMTUNE 为域进程调整内粗策略。
--blkiotune BLKIOTUNE
为域进程调整 blkio 策略。
--memorybacking MEMORYBACKING
为域进程设置内存后备策略。例如:
--memorybacking hugepages=on
--features FEATURES 设置域 <features> XML。例如:
--features acpi=off
--features apic=on,eoi=on
--clock CLOCK 设置域 <clock> XML。例如:
--clock offset=localtime,rtc_tickpolicy=catchup
--pm PM 配置 VM 电源管理功能
--events EVENTS 配置 VM 生命周期管理策略
--resource RESOURCE 配置 VM 资源分区(cgroups)
虚拟化平台选项:
-v, --hvm 客户端应该是一个全虚拟客户端
-p, --paravirt 这个客户端一个是一个半虚拟客户端
--container 这台虚拟机需要一个容器客户端
--virt-type HV_TYPE 要使用的管理程序名称(kvm、qemu、xen
等等)
--arch ARCH 模拟的 CPU 构架
--machine MACHINE 要模拟的机器类型
其它选项:
--autostart 引导主机时自动启动域。
--wait WAIT 等待安装完成的分钟数。
--noautoconsole 不要自动尝试连接到客户端控制台
--noreboot 完成安装后不要引导虚拟机。
--print-xml [XMLONLY]
输出所生成域 XML,而不是创建虚拟机。
--dry-run 完成安装步骤,但不要创建设备或者定义
虚拟机。
--check CHECK 启用或禁用验证检查。例如:
--check path_in_use=off
--check all=off
-q, --quiet 禁止无错误输出
-d, --debug 输入故障排除信息
使用 '--option=?' 或者 '--option help' 查看可用子选项
有关示例及完整选项语法,请查看 man page。
1、创建10G磁盘
[root@centos-7~]#qemu-img create -f qcow2 /var/lib/libvirt/images/CentOS-7-x86_64.qcow2 10G #qcow2格式的磁盘
2、上传镜像到指定目录
[root@centos-7src]#ls CentOS-7-x86_64-Minimal-1908.iso [root@centos-7src]#pwd /usr/local/src
3、在宿主机器上创建虚拟机
virt-install --virt-type kvm \ --name linux \ 指定系统名称 --memory 1024 \ 指定系统内存大小 --vcpus=2 \ 指定cpu数 --autostart \ 宿主机开机与之自动启动 --cdrom=/usr/local/src/CentOS-7-x86_64-Minimal-1908.iso \ 镜像路径 --disk path=/var/lib/libvirt/images/CentOS-7-x86_64.qcow2 \ 磁盘路径 --network network=default \ 使用默认网络,此时是NAT网络 --graphics vnc,listen=0.0.0.0 \ --noautoconsole
4、通过VNC远程控制,IP地址输入此时本主机的IP地址和端口号5900,开始控制虚拟机,并安装Linux系统,也可以用xshell连接,需要企业版本,安装图形化工具,也能管理内置虚拟机。
[root@centos-7~]#yum groupinstall "GNOME Desktop" 安装图形化桌面,可以远程控制,宿主机内部的虚拟机。 [root@centos-7~]#virt-manager 用此软件连接进行远程控制内置虚拟机。
5、创建Linux磁盘分区。
6、对磁盘进行分区
7、重启系统。
8、安装完成后,开始在叠加虚拟机内部ping宿主机,可以ping通,但是由于是NAT网络,内部可以访问外部网络,外部不能访问到叠加虚拟机内部,且宿主机也无法访问到此叠加虚拟机网络,此场景不常用。
由于叠加虚拟机是NAT模式,此时宿主机是桥接模式,都无法访问此虚拟机的IP地址,此时NAT模式的虚拟机模式完成。
4、virsh命令详解:
(1)virsh命令:
虚拟机的生成需要依赖于预定义的xml格式的配置文件;其生成工具有两个:virt-manager, virt-install;
virsh [OPTION]... COMMAND [ARG]..
子命令的分类:
Domain Management (help keyword 'domain') 域管理(帮助关键字“域”)
Domain Monitoring (help keyword 'monitor') 域监视(帮助关键字“监视器”)
Host and Hypervisor (help keyword 'host') 主机和管理程序(帮助关键字“主机”)
Interface (help keyword 'interface') 接口(帮助关键字“接口”)
Networking (help keyword 'network') 网络(帮助关键字“网络”)
Network Filter (help keyword 'filter') 网络过滤器(帮助关键字“过滤器”)
Snapshot (help keyword 'snapshot') 快照(帮助关键字“快照”)
Storage Pool (help keyword 'pool') 存储池(help关键字“池”)
Storage Volume (help keyword 'volume') 存储卷(帮助关键字“卷”)
(2)域管理 Domain Management (help keyword 'domain')
创建虚拟机:
create:从xml格式的配置文件创建并启动虚拟机;
define:从xml格式的配置文件创建虚拟机;
停止:
destroy:强行关机、拔电源;
shutdown:关机;
start:启动
reboot:重启;
undefine:删除虚拟机;
suspend/resume:暂停于内存中,或继续运行暂停状态的虚拟机;真正实现的效果:pause/unpause
save/restore:挂起/继续;保存虚拟机的当前状态至文件中,或从指定文件恢复虚拟机;
console:连接至指定domain的控制台;
(3)域的设备资源管理:
① cpu
cpu-stats 查看cpu 信息
vcpuinfo 查看vcpu 信息
vcpucount 看有几个cpu
setvcpus 可以调整cpu数(如果是调整的是动态的,在创建虚拟机时设置,静态的不行)
vcpupin 把vcpu 绑定到真正的cpu 上
② memcache
setmaxmem 修改最大内存(创建虚拟机时设置的是否可以修改)
setmem 修改内存大小(没超过上限时)
③ 设备
attach-disk/detach-disk:磁盘设备的热插拔;
domblklist:查询虚拟机的磁盘设备
attach-interface/detach-interface:网络接口设备的热插拔;
domiflist:查询虚拟机的网卡设备
虚拟机管理命令示例:
yum install acpid -y 安装此包才能使用virsh命令对虚拟机进行管理
virsh管理虚拟机常见用法:
[root@s1 src]# virsh list #列出当前开机的 [root@s1 src]# virsh list --all #列出所有 [root@s1 src]# virsh shutdown CentOS-7-x86_64 #正常关机 [root@s1 src]# virsh start CentOS-7-x86_64 #正常开机 [root@s1 src]# virsh destroy centos7 #强制停止/关机 [root@s1 src]# virsh undefine Win_2008_r2-x86_64 #强制删除 [root@s1 src]# virsh autostart centos7 #设置开机自启动
5、qemu-kvm命令语法
qemu-kvm [options] [disk_image]
选项有很多类别:标准选项、块设备相关选项、显示选项、网络选项、..
(1)标准选项:
-machine [type=]name:-machine help来获取列表,用于指定模拟的主机类型;
-cpu cpu:-cpu help来获取列表;用于指定要模拟的CPU型号;
-smp n[,maxcpus=cpus][,cores=cores][,threads=threads]多少线程[,sockets=sockets]多少核:指明虚拟机上vcpu的数量及拓扑;
-boot [order=drives][,once=drives]只用一次(如按照系统时只用一次光盘引导)[,menu=on|off] [,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_time][,strict=on|off]
order:各设备的引导次序:c表示第一块硬盘,d表示第一个光驱设备;-boot order=dc,once=d
-m megs:虚拟机的内存大小;
-name NAME:当前虚拟机的名称,要惟一;
(2)块设备相关的选项:
-hda/-hdb file:指明IDE总线类型的磁盘映像文件路径;第0和第1个;
-hdc/-hdd file:第2和第3个;
-cdrom file:指定要使用光盘映像文件;
-drive [file=file路径][,if=type接口][,media=d接口对应的设备类型][,index=i] [,cache=writethrough|writeback|none|directsync|unsafe][,format=f]:
① file=/PATH/TO/SOME_IMAGE_FILE:映像文件路径;
② if=TYPE:块设备总线类型,ide, scsi, sd, floppy, virtio,...
③ media=TYPE:介质类型,cdrom和disk;
④ index=i:设定同一类型设备多个设备的编号;
⑤ cache=writethrough|writeback|none|directsync|unsafe:缓存方式;
⑥ format=f:磁盘映像文件的格式;
CentOS磁盘镜像文件下载: https://cloud.centos.org/centos/7/images/
(3)显示选项:
-display type:显示的类型,sdl, curses, none和vnc;
-nographic:不使用图形接口; 显卡型号
-vga [std|cirrus|vmware|qxl|xenfb|none]:模拟出的显卡的型号;
-vnc display[,option[,option[,...]]]]:启动一个vnc server来显示虚拟机接口; 让qemu进程监听一个vnc接口;
display:
① HOST:N
在HOST主机的第N个桌面号输出vnc;
② unix:/PATH/TO/SOCK_FILE
③ none
options:
password:连接此服务所需要的密码;
-monitor stdio:在标准输出上显示monitor界面;
Ctrl-a, c:在console和monitor之间切换;
Ctrl-a, h
(4)网络选项:
-net nic[,vlan=n][,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]
为虚拟机创建一个网络接口,并将其添加至指定的VLAN;
model=type:指明模拟出的网卡的型号,ne2k_pci,i82551,i82557b,i82559er,rtl8139,e1000,pcnet,virtio;
net nic,model=?
macaddr=mac:指明mac地址;52:54:00:
-net tap[,vlan=n][,name=str][,fd=h][,fds=x:y:...:z][,ifname=name][,script=file][,downscript=dfile]:
通过物理的TAP网络接口连接至vlan;
script=file:启动虚拟机时要执行的脚本,默认为/etc/qemu-ifup
downscript=dfile:关闭虚拟机时要执行的脚本,/etc/qemu-ifdown
ifname=NAME:自定义接口名称;
其它选项:
-daemonize:以守护进程运行;
实战二、实现桥接与仅主机模式,并构建叠加虚拟机的隧道虚拟通道
架构图:
1、选择两个虚拟机,每个虚拟机有两个仅主机模式和两个桥接模式,宿主机一安装叠加虚拟机参考以上安装方式:
yum install bridge-utils -y #centos7.5以上版本就自带此软件,需要进行桥接绑定使用。
配置宿主机一的桥接模式和仅主机模式
现在一般的企业都会使用双网卡接入,这样既能添加网络带宽,同时又能做相应的冗余,可以说是好处多多。而一般企业都会使用linux操作系统下自带的网卡绑定模式,当然现在网卡产商也会出一些针对windows操作系统网卡管理软件来做网卡绑定(windows操作系统没有网卡绑定功能 需要第三方支持),一共有其中方式,其中比较长用的是0/1/6:
网卡绑定案例,先做绑定,然后再把绑定后的网卡配置成桥接:
1、第一组配置,将ens33和ens37绑定为bond0:
(1)先创建bond0配置那文件步骤及内容如下:
[root@centos-7network-scripts]#pwd /etc/sysconfig/network-scripts [root@centos-7network-scripts]#cat ifcfg-bond0 BOOTPROTO=static NAME=bond0 DEVICE=bond0 ONBOOT=yes BONDING_MASTER=yes BONDING_OPTS="mode=1 miimon=100" #指定绑定类型为1及链路状态监测间隔时间 BRIDGE=br0 #桥接到br0
(2)配置br0的IP地址,将bond0绑定在br0上。
[root@centos-7network-scripts]#cat ifcfg-br0 TYPE=Bridge BOOTPROTO=static NAME=br0 DEVICE=br0 ONBOOT=yes IPADDR=192.168.1.100 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS1=192.168.1.1
(3)配置ens33
[root@centos-7network-scripts]#cat ifcfg-ens33 BOOTPROTO=static NAME=ens33 DEVICE=ens33 ONBOOT=yes NM_CONTROLLED=no MASTER=bond0 USERCTL=no SLAVE=yes
(4)配置ens37
[root@centos-7network-scripts]#cat ifcfg-ens37 BOOTPROTO=static NAME=ens37 DEVICE=ens37 ONBOOT=yes NM_CONTROLLED=no MASTER=bond0 USERCTL=no SLAVE=yes
2、将第二组仅主机模式的ens38和ens39绑定在bond1上
(1)先配置bond1的配置文件
[root@centos-7network-scripts]#cat ifcfg-bond1 BOOTPROTO=static NAME=bond1 DEVICE=bond1 ONBOOT=yes BONDING_MASTER=yes BONDING_OPTS="mode=1 miimon=100" BRIDGE=br1
(2)配置br1的IP地址,并将bond1绑定在br1上
[root@centos-7network-scripts]#cat ifcfg-br1 TYPE=Bridge BOOTPROTO=static NAME=br1 DEVICE=br1 ONBOOT=yes IPADDR=10.20.200.100 NETMASK=255.255.255.0
(3)将ens38绑定在bond1上
[root@centos-7network-scripts]#cat ifcfg-ens38 BOOTPROTO=static NAME=ens38 DEVICE=ens38 ONBOOT=yes NM_CONTROLLED=no MASTER=bond1 USERCTL=no SLAVE=yes
(4)将ens39绑定在bond1上
[root@centos-7network-scripts]#cat ifcfg-ens39 BOOTPROTO=static NAME=ens39 DEVICE=ens39 ONBOOT=yes NM_CONTROLLED=no MASTER=bond1 USERCTL=no SLAVE=yes
(5)修改完配置文件之后先将NetworkManager网卡关闭,否则会存在无法远程连接的风险。
[root@rs1~]#systemctl stop NetworkManager [root@rs1~]#systemctl disable NetworkManager
3、在vm1虚拟机上配置
(1)将vm1虚拟机的网卡设置为桥接的br0上,(vm1虚拟机安装过程见上面)
virt-manager工具打开远程连接进行设置,选择到br0桥接,并点击右下角的apply应用。
(2)在内网添加一个网络设备,然后将此网络设备绑定在br1(仅主机模式)模式下,并选择virtio模式(半虚拟化)
(3)配置eth0的IP地址,将其配置为外网地址
[root@localhost network-scripts]# cat ifcfg-eth0 BOOTPROTO=static DEVICE="eth0" ONBOOT="yes" IPADDR=192.168.1.200 PREFIX=24 GATEWAY=192.168.1.1 DNS1=192.168.1.1
配置eth1的IP地址,配置为内网地址
[root@localhost network-scripts]# cat ifcfg-eth1 BOOTPROTO=static DEVICE="eth1" ONBOOT="yes" IPADDR=10.20.200.200 PREFIX=24
安装完成之后需要安装连接网络的包
yum install net-tools -y
3、安装vm2虚拟机
1、配置vm2之前先要安装vm2虚拟机系统,将安装好的vm1虚拟机关闭,然后将安装好的vm1虚拟机镜像复制一份,再开始安装,在安装界面只需要强制关机,然后重新启动,此时镜像就会进行引导,将系统自动安装上。
[root@centos-7images]#cp CentOS-7-x86_64.qcow2 CentOS.qcow2
开始安装系统,只需要将系统名称修改一下,磁盘路径修改一下即可。
virt-install --virt-type kvm \ --name linux777 \ 修改系统名称 --memory 1024 \ --vcpus=2 \ --autostart \ --cdrom=/usr/local/src/CentOS-7-x86_64-Minimal-1908.iso \ --disk path=/var/lib/libvirt/images/CentOS.qcow2 \ 磁盘路径修改一下即可 --network bridge=br0 \ --graphics vnc,listen=0.0.0.0 \ --noautoconsole
然后用virt-manager命令打开界面,强制关机,重启之后就会自动安装上系统。
安装完成之后需要安装连接网络的包
yum install net-tools -y
在vm2虚拟机上配置(作为内网后端服务,外网无法直接访问,保证安全性)
1、开始配置vm2的网卡及IP地址,先将网卡改为桥接模式,为了安装httpd服务
2、配置IP地址,先改为自动获取,可以连接外网,安装httpd服务
[root@localhost network-scripts]# cat ifcfg-eth0 BOOTPROTO=dhcp DEVICE="eth0" ONBOOT="yes" #IPADDR=10.20.200.201 #PREFIX=24
3、然后启动vm2虚拟机,安装httpd服务,创建一个显示页面
[root@centos-7~]#yum install httpd -y [root@centos-7~]#echo 10.20.200.201 > /var/www/html/index.html [root@centos-7~]#systemctl start httpd
4、配置完httpd服务之后再将IP地址改为静态内网IP地址,并将网卡绑定在br1上,设置为仅主机模式。
[root@localhost network-scripts]# cat ifcfg-eth0 BOOTPROTO=none DEVICE="eth0" ONBOOT="yes" IPADDR=10.20.200.201 PREFIX=24
配置宿主机二的桥接模式和仅主机模式
1、第一组配置,将ens33和ens37绑定为bond0:
只需要将宿主机一的bond0/1、br0/1、ens33/37/38/39配置文件都复制到本主机一份,只需要修改br0和br1的IP地址即可。
[root@centos-7network-scripts]#scp ifcfg-ens* ifcfg-b* 192.168.1.201:/etc/sysconfig/network-scripts/
(1)先创建bond0配置那文件步骤及内容如下:
[root@centos-7network-scripts]#pwd /etc/sysconfig/network-scripts [root@centos-7network-scripts]#cat ifcfg-bond0 BOOTPROTO=static NAME=bond0 DEVICE=bond0 ONBOOT=yes BONDING_MASTER=yes BONDING_OPTS="mode=1 miimon=100" #指定绑定类型为1及链路状态监测间隔时间 BRIDGE=br0 #桥接到br0
(2)配置br0的IP地址,将bond0绑定在br0上。
[root@centos-7network-scripts]#cat ifcfg-br0 TYPE=Bridge BOOTPROTO=static NAME=br0 DEVICE=br0 ONBOOT=yes IPADDR=192.168.1.101 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS1=192.168.1.1
(3)配置ens33
[root@centos-7network-scripts]#cat ifcfg-ens33 BOOTPROTO=static NAME=ens33 DEVICE=ens33 ONBOOT=yes NM_CONTROLLED=no MASTER=bond0 USERCTL=no SLAVE=yes
(4)配置ens37
[root@centos-7network-scripts]#cat ifcfg-ens37 BOOTPROTO=static NAME=ens37 DEVICE=ens37 ONBOOT=yes NM_CONTROLLED=no MASTER=bond0 USERCTL=no SLAVE=yes
2、将第二组仅主机模式的ens38和ens39绑定在bond1上
(1)先配置bond1的配置文件
[root@centos-7network-scripts]#cat ifcfg-bond1 BOOTPROTO=static NAME=bond1 DEVICE=bond1 ONBOOT=yes BONDING_MASTER=yes BONDING_OPTS="mode=1 miimon=100" BRIDGE=br1
(2)配置br1的IP地址,并将bond1绑定在br1上
[root@centos-7network-scripts]#cat ifcfg-br1 TYPE=Bridge BOOTPROTO=static NAME=br1 DEVICE=br1 ONBOOT=yes IPADDR=10.20.200.101 NETMASK=255.255.255.0
(3)将ens38绑定在bond1上
[root@centos-7network-scripts]#cat ifcfg-ens38 BOOTPROTO=static NAME=ens38 DEVICE=ens38 ONBOOT=yes NM_CONTROLLED=no MASTER=bond1 USERCTL=no SLAVE=yes
(4)将ens39绑定在bond1上
[root@centos-7network-scripts]#cat ifcfg-ens39 BOOTPROTO=static NAME=ens39 DEVICE=ens39 ONBOOT=yes NM_CONTROLLED=no MASTER=bond1 USERCTL=no SLAVE=yes
(5)修改完配置文件之后先将NetworkManager网卡关闭,否则会存在无法远程连接到主机的风险。
[root@rs1~]#systemctl stop NetworkManager [root@rs1~]#systemctl disable NetworkManager
(6)配置完IP地址之后在宿主机二上ping宿主机一仅主机模式的IP地址,如果能ping通,则网卡绑定搭建完成。
4、开始在宿主机二上安装vm3虚拟机
1、安装前先安装工具包
yum install qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install -y
2、启动libvirtd服务,并设置为开机启动
[root@rs1src]#systemctl start libvirtd [root@rs1src]#systemctl enable libvirtd
3、在将宿主机一的镜像文件复制到宿主机二上,并开始安装虚拟机:
[root@centos-7~]#scp /usr/local/src/CentOS-7-x86_64-Minimal-1908.iso 192.168.1.201:/usr/local/src/
开始安装系统:
virt-install --virt-type kvm \ --name linux77 \ --memory 1024 \ --vcpus=2 \ --autostart \ --cdrom=/usr/local/src/CentOS-7-x86_64-Minimal-1908.iso \ --disk path=/var/lib/libvirt/images/CentOS-7-x86_64.qcow2 \ --network bridge=br0 \ --graphics vnc,listen=0.0.0.0 \ --noautoconsole
4、在图形界面上执行命令,进行安装linux叠加虚拟机系统
[root@rs1src]#yum groupinstall "GNOME Desktop" -y [root@rs1src]#virt-manager
5、安装完系统之后,设置网卡类型,一个绑定在br0(桥接模式),一个选择br1(仅主机模式),并都选择virtio(半虚拟化模式)
5、在vm3虚拟机配置
1、virt-manager工具打开远程连接进行设置,选择到br0桥接,并点击右下角的apply应用。
2、在内网添加一个网络设备,然后将此网络设备绑定在br1模式下,并选择virtio模式(半虚拟化)
3、配置eth0的IP地址,将其配置为外网地址
[root@localhost network-scripts]# cat ifcfg-eth0 BOOTPROTO=static DEVICE="eth0" ONBOOT="yes" IPADDR=192.168.1.202 PREFIX=24 GATEWAY=192.168.1.1 DNS1=192.168.1.1
配置eth1的IP地址,配置为内网地址(仅主机模式)
[root@localhost network-scripts]# cat ifcfg-eth1 BOOTPROTO=static DEVICE="eth1" ONBOOT="yes" IPADDR=10.20.200.202 PREFIX=24
设置完网卡,并配置完IP地址之后,安装net-tools网络包
[root@localhost network-scripts]# yum install net-tools -y
6、安装vm4虚拟机
将安装好的vm3虚拟镜像关机,然后将安装好的叠加虚拟机镜像复制一份,再开始安装,在安装界面只需要强制关机,然后重新启动就会将系统自动安装上。
[root@centos-7images]#cp CentOS-7-x86_64.qcow2 CentOS.qcow2
开始安装系统,只需要将系统名称修改一下,磁盘路径修改一下即可。
virt-install --virt-type kvm \ --name linux37 \ 修改系统名称 --memory 1024 \ --vcpus=2 \ --autostart \ --cdrom=/usr/local/src/CentOS-7-x86_64-Minimal-1908.iso \ --disk path=/var/lib/libvirt/images/CentOS.qcow2 \ 磁盘路径修改一下即可 --network bridge=br0 \ --graphics vnc,listen=0.0.0.0 \ --noautoconsole
然后用virt-manager命令打开界面,强制关机,重启之后就会自动安装上系统。
在vm4虚拟机上配置(作为内网后端服务,外网无法直接访问,保证安全性)
1、开始配置vm4的网卡及IP地址,先将网卡改为桥接模式,为了安装httpd服务
2、配置IP地址,先改为自动获取,可以连接外网,安装httpd服务
[root@localhost network-scripts]# cat ifcfg-eth0 BOOTPROTO=dhcp DEVICE="eth0" ONBOOT="yes" #IPADDR=10.20.200.203 #PREFIX=24
3、然后启动vm2虚拟机,安装httpd服务,创建一个显示页面
[root@centos-7~]#yum install httpd -y [root@centos-7~]#echo 10.20.200.201 > /var/www/html/index.html [root@centos-7~]#systemctl start httpd
配置完成之后需要安装连接网络的包
yum install net-tools -y
4、配置完httpd服务之后再将IP地址改为静态内网IP地址,并将网卡绑定在br1上,使用仅主机模式,配置完成ip地址重启network 。
[root@localhost network-scripts]# cat ifcfg-eth0 BOOTPROTO=none DEVICE="eth0" ONBOOT="yes" IPADDR=10.20.200.203 PREFIX=24
注意:此时所有的基本架构搭建完,下来我们在vm1和vm3上安装haproxy和keepalived,来实现高可用和调度到后端内网服务器上。
在vm1上安装Haproxy和keepalived,并配置
1、安装haproxy和keepalived包
[root@localhost network-scripts]# yum install haproxy keepalived -y
2、开始配置keepalived文件,设置为主节点:vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.248 dev eth0 label eth0:0 绑定vip地址
}
}
3、配置haproxy文件:vi /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen web
bind 192.168.1.248:80 绑定vip地址
server 10.20.200.201 10.20.200.201:80 check 监听后端的vm2虚拟机
server 10.20.200.203 10.20.200.203:80 check 监听后端的vm4虚拟机
4、配置路由转发功能
[root@localhost network-scripts]# vi /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.ip_nonlocal_bind = 1 [root@localhost network-scripts]# sysctl -p 让路由转发参数生效 net.ipv4.ip_forward = 1 net.ipv4.ip_nonlocal_bind = 1
配置完成后启动haproxy和keepalived服务,并查看监听端口是否打开
[root@localhost network-scripts]# systemctl start haproxy keepalived
在vm3上安装haproxy和keepalived包,并配置
1、安装haproxy和keepalived包
[root@localhost network-scripts]# yum install haproxy keepalived -y
2、将vm1虚拟机的keepalived配置文件复制过来,然后修改优先级,改为BACKUP即可。
[root@localhost network-scripts]# scp /etc/keepalived/keepalived.conf 192.168.1.202:/etc/keepalived/
修改haproxy配置文件
[root@localhost network-scripts]# vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP 从节点
interface eth0
virtual_router_id 51
priority 80 优先级改为80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.248 dev eth0 label eth0:0
}
}
3、将vm1上的haproxy配置文件复制过来即可。
[root@localhost network-scripts]# scp /etc/haproxy/haproxy.cfg 192.168.1.202:/etc/haproxy/
查看haproxy配置文件:vi /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen web
bind 192.168.1.248:80 绑定vip地址
server 10.20.200.201 10.20.200.201:80 check 监听后端的vm2虚拟机
server 10.20.200.203 10.20.200.203:80 check 监听后端的vm4虚拟机
配置完成后启动haproxy和keepalived服务,并查看监听端口是否打开
[root@localhost network-scripts]# systemctl start haproxy keepalived
4、配置路由转发功能
[root@localhost network-scripts]# vi /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.ip_nonlocal_bind = 1 [root@localhost network-scripts]# sysctl -p 让路由转发参数生效 net.ipv4.ip_forward = 1 net.ipv4.ip_nonlocal_bind = 1
测试效果
1、此时vm1和vm3主机的haproxy和keepalived服务都启动;
外部只能通过访问VIP地址才能调度到后端仅主机模式的vm2机器上,外部无法直接访问内部IP地址的网络,提高企业网络安全。
2、将vm1的keepalived及后端vm2的httpd服务宕机,此时就会访问到vm4主机的web网站上,起到了备用及高可用效果。
[root@localhost network-scripts]# systemctl stop keepalived [root@localhost network-scripts]# systemctl stop httpd
如果vm2和vm4想要上外网,只需要再绑定一个桥接网卡,即可,仅主机模式只让其提供覆盖物即可,到此,双网卡绑定桥接模式和仅主机模式已搭建完成。
如果我们只需要在宿主机绑定一个网卡时,只需要将一个网卡绑定在br0上做桥接即可。