利用 2 台物理机搭建 5 台 KVM 虚拟机环境。
由 VMware Workstation 虚拟机来模拟物理机;
一:实验环境准备
1.1:实验网络
外部网络:192.168.1.0/24(DNS&NTP服务器:192.168.1.254)
内部网络:172.16.1.0/24(DNS&NTP服务器:172.16.1.253)
KVM 虚拟机采用桥接网络,和物理机共享内外网环境。
1.2:VMware Workstation 准备虚拟机
创建2台虚拟机:
- 2×2 cpu,内存4G,4块网卡(2块桥接模式用于谅解外部网络、2块仅主机模式用于创建内部网络。
- 最小化安装 CentOS 7.2,并进行初始化配置(详见【CentOS】 - CentOS系统初始化)。
VMware 的两台虚拟机,以下称为“物理机”。
KVM 宿主机的系统全部采用CentOS 7.2 的 minimal 镜像进行安装。
1.3:物理机1的配置
1.3.1:更改主机名
- 更改物理机1的主机名为pm1,以使后续步骤的命令方便甄别:
]# hostnamectl set-hostname pm1.yqc.com
1.3.2:外部网络配置
br0
[root@pm1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0
TYPE="Bridge"
BOOTPROTO="static"
NAME="br0"
DEVICE="br0"
ONBOOT="yes"
IPADDR="192.168.1.101"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
DNS1="192.168.1.254"
bond0
[root@pm1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-bond0
BOOTPROTO="none"
NAME="bond0"
DEVICE="bond0"
ONBOOT="yes"
BONDING_MASTER=yes
BONDING_OPTS="mode=1 miimon=100"
BRIDGE="br0"
eth0
[root@pm1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
NM_CONTROLLED="no"
MASTER="bond0"
USERCTL="no"
SLAVE="yes"
eth1
[root@pm1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
NM_CONTROLLED="no"
MASTER="bond0"
USERCTL="no"
SLAVE="yes"
1.3.3:内部网络配置
br1
[root@pm1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br1
TYPE="Bridge"
BOOTPROTO="static"
NAME="br1"
DEVICE="br1"
ONBOOT="yes"
IPADDR="172.16.1.101"
NETMASK="255.255.255.0"
DNS1="172.16.1.253"
bond1
[root@pm1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-bond1
BOOTPROTO="none"
NAME="bond1"
DEVICE="bond1"
ONBOOT="yes"
BONDING_MASTER=yes
BONDING_OPTS="mode=1 miimon=100"
BRIDGE="br1"
eth2
[root@pm1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth2
BOOTPROTO="none"
NAME="eth2"
DEVICE="eth2"
ONBOOT="yes"
NM_CONTROLLED="no"
MASTER="bond1"
USERCTL="no"
SLAVE="yes"
eth3
[root@pm1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth3
BOOTPROTO="none"
NAME="eth3"
DEVICE="eth3"
ONBOOT="yes"
NM_CONTROLLED="no"
MASTER="bond1"
USERCTL="no"
SLAVE="yes"
1.3.4:验证网络
- 验证网络配置:
[root@pm1 ~]# ifconfig
bond0: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fe89:3d10 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:89:3d:10 txqueuelen 0 (Ethernet)
RX packets 1304 bytes 194219 (189.6 KiB)
RX errors 0 dropped 217 overruns 0 frame 0
TX packets 207 bytes 21728 (21.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
bond1: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fe89:3d24 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:89:3d:24 txqueuelen 0 (Ethernet)
RX packets 36 bytes 5494 (5.3 KiB)
RX errors 0 dropped 5 overruns 0 frame 0
TX packets 24 bytes 1852 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.101 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 240e:324:79e:f400:20c:29ff:fe89:3d10 prefixlen 64 scopeid 0x0<global>
inet6 fe80::20c:29ff:fe89:3d10 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:89:3d:10 txqueuelen 0 (Ethernet)
RX packets 521 bytes 64927 (63.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 199 bytes 20624 (20.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.101 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::20c:29ff:fe89:3d24 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:89:3d:24 txqueuelen 0 (Ethernet)
RX packets 31 bytes 4760 (4.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1096 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500
ether 00:0c:29:89:3d:10 txqueuelen 1000 (Ethernet)
RX packets 2585 bytes 321460 (313.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 674 bytes 136653 (133.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500
ether 00:0c:29:89:3d:10 txqueuelen 1000 (Ethernet)
RX packets 217 bytes 21442 (20.9 KiB)
RX errors 0 dropped 217 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500
ether 00:0c:29:89:3d:24 txqueuelen 1000 (Ethernet)
RX packets 31 bytes 5194 (5.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 1852 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth3: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500
ether 00:0c:29:89:3d:24 txqueuelen 1000 (Ethernet)
RX packets 5 bytes 300 (300.0 B)
RX errors 0 dropped 5 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 验证外部网络通信:
[root@pm1 ~]# ping www.baidu.com
PING www.a.shifen.com (180.101.49.12) 56(84) bytes of data.
64 bytes from 180.101.49.12: icmp_seq=1 ttl=52 time=39.5 ms
64 bytes from 180.101.49.12: icmp_seq=2 ttl=52 time=40.0 ms
- 验证内部网络通信:
[root@pm1 ~]# ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.
64 bytes from 172.16.1.1: icmp_seq=1 ttl=128 time=5.65 ms
64 bytes from 172.16.1.1: icmp_seq=2 ttl=128 time=0.691 ms
1.3.5:NTP 定时同步
[root@pm1 ~]# /usr/sbin/ntpdate 192.168.1.254 && /usr/sbin/hwclock -w
11 Nov 17:20:28 ntpdate[4687]: adjust time server 172.16.1.253 offset 0.014662 sec
[root@pm1 ~]# echo "*/30 * * * * /usr/sbin/ntpdate 172.16.1.253 && /usr/sbin/hwclock -w" > /var/spool/cron/root
1.4:物理机2的配置
物理机2可以直接克隆物理机1;
1.4.1:更改主机名
- 更改物理机1的主机名为pm2,以使后续步骤的命令方便甄别:
]# hostnamectl set-hostname pm2.yqc.com
1.4.2:外部网络配置
br0
[root@pm2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0
TYPE="Bridge"
BOOTPROTO="static"
NAME="br0"
DEVICE="br0"
ONBOOT="yes"
IPADDR="192.168.1.102"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
DNS1="192.168.1.254"
bond0
[root@pm2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-bond0
BOOTPROTO="none"
NAME="bond0"
DEVICE="bond0"
ONBOOT="yes"
BONDING_MASTER=yes
BONDING_OPTS="mode=1 miimon=100"
BRIDGE="br0"
eth0
[root@pm2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
NM_CONTROLLED="no"
MASTER="bond0"
USERCTL="no"
SLAVE="yes"
eth1
[root@pm2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
NM_CONTROLLED="no"
MASTER="bond0"
USERCTL="no"
SLAVE="yes"
1.4.3:内部网络配置
br1
[root@pm2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br1
TYPE="Bridge"
BOOTPROTO="static"
NAME="br1"
DEVICE="br1"
ONBOOT="yes"
IPADDR="172.16.1.102"
NETMASK="255.255.255.0"
DNS1="172.16.1.253"
bond1
[root@pm2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-bond1
BOOTPROTO="none"
NAME="bond1"
DEVICE="bond1"
ONBOOT="yes"
BONDING_MASTER=yes
BONDING_OPTS="mode=1 miimon=100"
BRIDGE="br1"
eth2
[root@pm2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth2
BOOTPROTO="none"
NAME="eth2"
DEVICE="eth2"
ONBOOT="yes"
NM_CONTROLLED="no"
MASTER="bond1"
USERCTL="no"
SLAVE="yes"
eth3
[root@pm2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth3
BOOTPROTO="none"
NAME="eth3"
DEVICE="eth3"
ONBOOT="yes"
NM_CONTROLLED="no"
MASTER="bond1"
USERCTL="no"
SLAVE="yes"
1.4.4:验证网络
- 验证网络配置:
[root@pm2 ~]# ifconfig
bond0: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fe18:35e9 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:18:35:e9 txqueuelen 0 (Ethernet)
RX packets 853 bytes 101031 (98.6 KiB)
RX errors 0 dropped 142 overruns 0 frame 0
TX packets 381 bytes 59847 (58.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
bond1: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fe18:35fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:18:35:fd txqueuelen 0 (Ethernet)
RX packets 65 bytes 5994 (5.8 KiB)
RX errors 0 dropped 14 overruns 0 frame 0
TX packets 51 bytes 3986 (3.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe18:35e9 prefixlen 64 scopeid 0x20<link>
inet6 240e:324:79e:f400:20c:29ff:fe18:35e9 prefixlen 64 scopeid 0x0<global>
ether 00:0c:29:18:35:e9 txqueuelen 0 (Ethernet)
RX packets 272 bytes 32214 (31.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 133 bytes 17392 (16.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.102 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::20c:29ff:fe18:35fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:18:35:fd txqueuelen 0 (Ethernet)
RX packets 40 bytes 3136 (3.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12 bytes 816 (816.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500
ether 00:0c:29:18:35:e9 txqueuelen 1000 (Ethernet)
RX packets 712 bytes 87425 (85.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 372 bytes 59113 (57.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500
ether 00:0c:29:18:35:e9 txqueuelen 1000 (Ethernet)
RX packets 142 bytes 13692 (13.3 KiB)
RX errors 0 dropped 142 overruns 0 frame 0
TX packets 9 bytes 734 (734.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500
ether 00:0c:29:18:35:fd txqueuelen 1000 (Ethernet)
RX packets 52 bytes 5204 (5.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 3252 (3.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth3: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500
ether 00:0c:29:18:35:fd txqueuelen 1000 (Ethernet)
RX packets 14 bytes 876 (876.0 B)
RX errors 0 dropped 14 overruns 0 frame 0
TX packets 9 bytes 734 (734.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 验证外部网络通信:
[root@pm2 ~]# ping www.baidu.com
PING www.a.shifen.com (180.101.49.12) 56(84) bytes of data.
64 bytes from 180.101.49.12: icmp_seq=1 ttl=52 time=39.5 ms
64 bytes from 180.101.49.12: icmp_seq=2 ttl=52 time=40.0 ms
- 验证内部网络通信:
[root@pm2 ~]# ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.
64 bytes from 172.16.1.1: icmp_seq=1 ttl=128 time=5.65 ms
64 bytes from 172.16.1.1: icmp_seq=2 ttl=128 time=0.691 ms
1.4.5:NTP 定时同步
[root@pm2 ~]# /usr/sbin/ntpdate 192.168.1.254 && /usr/sbin/hwclock -w
11 Nov 17:20:28 ntpdate[4687]: adjust time server 172.16.1.253 offset 0.014662 sec
[root@pm2 ~]# echo "*/30 * * * * /usr/sbin/ntpdate 172.16.1.253 && /usr/sbin/hwclock -w" > /var/spool/cron/root
二:搭建 KVM 虚拟机环境
2.1:准备 KVM 虚拟化环境
2.1.1:确认 CPU 开启了虚拟化
[root@pm1 ~]# grep -E "vmx|svm" /proc/cpuinfo | wc -l
4
[root@pm2 ~]# grep -E "vmx|svm" /proc/cpuinfo | wc -l
4
2.1.2:安装 KVM 相关工具包并启动
安装相关工具包
~]# yum install qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install -y
启动 libvirtd
~]# systemctl start libvirtd
~]# systemctl enable libvirtd
验证 KVM 的 NAT 网卡
]# ifconfig virbr0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:cf:58:53 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 如果需要创建 NAT 网络的 KVM 虚拟机,可以通过更改以下配置文件来配置自己想要的 KVM 内网网段:
]# grep "192.168.122.1" /etc/libvirt/ -R
/etc/libvirt/qemu/networks/autostart/default.xml: <ip address='192.168.122.1' netmask='255.255.255.0'>
/etc/libvirt/qemu/networks/default.xml: <ip address='192.168.122.1' netmask='255.255.255.0'>
/etc/libvirt/qemu/networks/autostart/default.xml 为 /etc/libvirt/qemu/networks/default.xml 的软链接,二者实际为同一配置文件。
此次实验采用桥接网络,不做更改。
2.2:KVM 虚拟机创建
2.2.1:在 pm1 上创建 CentOS-7.2-1511-bridge 虚拟机模板
创建磁盘
- 磁盘采用 qcow2 格式,大小为10G,存放在 KVM 默认镜像目录中:
[root@pm1 ~]# qemu-img create -f qcow2 /var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2 10G
Formatting '/var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2', fmt=qcow2 size=10737418240 encryption=off cluster_size=65536 lazy_refcounts=off
上传镜像
- 采用 CentOS 7.2 的最小化镜像进行 KVM 虚拟机的系统安装:
[root@pm1 src]# ll /usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso
-rw-r--r-- 1 root root 632291328 Oct 27 15:01 /usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso
创建桥接网络的 KVM 虚拟机
[root@pm1 ~]# virt-install --virt-type kvm \
--name CentOS-7.2-1511-bridge \
--ram 1024 \
--vcpus 2 \
--cdrom=/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso \
--disk path=/var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
使用 virt-manager 连接 KVM 虚拟机
- 命令行执行 virt-manager:
[root@pm1 ~]# virt-manager
- 在弹出窗口中选择创建的 KVM 虚拟机:
为 KVM 虚拟机安装 CentOS 7.2 系统
- 传递内核参数:
目的是将网卡名称标准化,设置为eth*。
net.ifnames=0 biosdevname=0
- 按照常规安装步骤安装系统:
安装过程中配置好 IP 地址 192.168.1.201/24,安装完成后就可以远程进行 SSH 连接。
CentOS 系统初始化配置
- 更改主机名:
[root@localhost ~]# hostnamectl set-hostname pm1-node201.yqc.com
- 关闭防火墙:
[root@pm1-node201 ~]# systemctl stop firewalld
[root@pm1-node201 ~]# systemctl disable firewalld
- 关闭 SELinux:
[root@pm1-node201 ~]# vi /etc/sysconfig/selinux
SELINUX=disabled
[root@pm1-node201 ~]# setenforce 0
- 关闭NetworkManager:
[root@pm1-node201 ~]# systemctl stop NetworkManager
[root@pm1-node201 ~]# systemctl disable NetworkManager
- 更改为国内 yum 源:
[root@pm1-node201 ~]# mkdir /etc/yum.repos.d/repo_bak && mv /etc/yum.repos.d/CentOS* /etc/yum.repos.d/repo_bak
[root@pm1-node201 ~]# curl -o /etc/yum.repos.d/CentOS-7-ali.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@pm1-node201 ~]# yum clean cache
[root@pm1-node201 ~]# yum makecache
[root@pm1-node201 ~]# yum repolist
- 安装常用工具包:
[root@pm1-node201 ~]# yum install vim iotop bc gcc gcc-c++ glibc glibc-devel pcre \
pcre-devel openssl openssl-devel zip unzip zlib-devel net-tools \
lrzsz tree ntpdate telnet lsof tcpdump wget libevent libevent-devel \
bc systemd-devel bash-completion traceroute \
bridge-utils -y
- NTP时间同步:
[root@pm1-node201 ~]# /usr/sbin/ntpdate 192.168.1.254 && /usr/sbin/hwclock -w
[root@pm1-node201 ~]# echo "*/30 * * * * /usr/sbin/ntpdate 192.168.1.254 && /usr/sbin/hwclock -w" > /var/spool/cron/root
- 内核参数优化:
[root@pm1-node201 ~]# vim ~/.vimrc
set paste
[root@pm1-node201 ~]# vim /etc/sysctl.conf
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 1 #?
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001 65000
# swap
vm.overcommit_memory = 0
vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2
[root@pm1-node201 ~]# sysctl -p
- 系统资源限制优化:
[root@pm1-node201 ~]# vim /etc/security/limits.conf
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
* soft memlock 32000
* hard memlock 32000
* soft msgqueue 8192000
* hard msgqueue 8192000
关机
- 关机以便拷贝该虚拟机的磁盘文件:
[root@pm1 ~]# virsh list
Id Name State
----------------------------------------------------
2 CentOS-7.2-1511-bridge running
[root@pm1 ~]# virsh shutdown CentOS-7.2-1511-bridge
Domain CentOS-7.2-1511-bridge is being shutdown
2.2.2:创建 pm1-node201
拷贝虚拟机磁盘文件
[root@pm1 ~]# cp /var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2 /var/lib/libvirt/images/pm1-node201.qcow2
创建虚拟机
- 基于拷贝好的虚拟机磁盘文件创建虚拟机
[root@pm1 ~]# virt-install --virt-type kvm \
--name pm1-node201 \
--ram 1024 \
--vcpus 2 \
--cdrom=/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso \
--disk path=/var/lib/libvirt/images/images/pm1-node201.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
- 选择 “Shut Down” 强制关机:
有时在启动选择界面 “Shut Down” 无法关机,可以选择 “Force Off” 强制关机。
- 再次开启虚拟机,就会从磁盘直接引导现有系统:
更改主机名
]# hostnamectl set-hostname pm1-node201.yqc.com
添加内网网卡
- View 选择 Details,点击左下角Add Hardware:
- 选择 Network,桥接到 br1,设备类型为 virtio:
配置网络
- 添加 eth1 网络配置文件
[root@pm1-node201 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO="none"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR="172.16.1.201"
PREFIX="24"
DNS1="172.16.1.253"
- 重启网络服务并验证:
[root@pm1-node201 ~]# systemctl restart network
[root@pm1-node201 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.201 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 240e:324:79e:f400:5054:ff:fe1f:99c7 prefixlen 64 scopeid 0x0<global>
inet6 fe80::5054:ff:fe1f:99c7 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:1f:99:c7 txqueuelen 1000 (Ethernet)
RX packets 1310 bytes 195856 (191.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 384 bytes 43157 (42.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.201 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::5054:ff:fef2:3384 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:f2:33:84 txqueuelen 1000 (Ethernet)
RX packets 7 bytes 558 (558.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 676 (676.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@pm1-node201 ~]# ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.
64 bytes from 172.16.1.1: icmp_seq=1 ttl=128 time=5.42 ms
64 bytes from 172.16.1.1: icmp_seq=2 ttl=128 time=1.22 ms
关闭 pm1-node201
- 因为后续克隆的 KVM 虚拟机都是使用的192.168.1.201的地址,所以先关闭 pm1-node201,以能够 SSH 连接新创建的虚拟机:
创建模板时失误了,应该用个其它的地址,这样就不用多这一步了,不过没多大关系,就多了一小步。
[root@pm1 ~]# virsh shutdown pm1-node201
2.2.3:创建 pm1-node204
拷贝虚拟机磁盘文件
[root@pm1 ~]# cp /var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2 /var/lib/libvirt/images/pm1-node204.qcow2
创建虚拟机
- 基于拷贝好的虚拟机磁盘文件创建虚拟机
[root@pm1 ~]# virt-install --virt-type kvm \
--name pm1-node204 \
--ram 1024 \
--vcpus 2 \
--cdrom=/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso \
--disk path=/var/lib/libvirt/images/pm1-node204.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
- 虚拟机启动过程和 pm1-node201 相同。
更改主机名
]# hostnamectl set-hostname pm1-node204.yqc.com
配置网络
- 更改 IP 地址为 172.16.1.204
[root@pm1-node204 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="172.16.1.204"
PREFIX="24"
DNS1="172.16.1.253"
[root@pm1-node204 ~]# systemctl restart network
- 更改虚拟机网卡配置,桥接到 br1:
- 验证内部网络连通性:
[root@pm1-node204 ~]# ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.
64 bytes from 172.16.1.1: icmp_seq=1 ttl=128 time=1.70 ms
64 bytes from 172.16.1.1: icmp_seq=2 ttl=128 time=1.94 ms
2.2.4:创建 pm2-node202
拷贝虚拟机磁盘文件
[root@pm2 ~]# scp pm1:/var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2 /var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2
[root@pm2 ~]# cp /var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2 /var/lib/libvirt/images/pm2-node202.qcow2
拷贝镜像
[root@pm2 ~]# scp pm1:/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso /usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso
创建虚拟机
- 基于拷贝好的虚拟机磁盘文件创建虚拟机
[root@pm2 ~]# virt-install --virt-type kvm \
--name pm2-node202 \
--ram 1024 \
--vcpus 2 \
--cdrom=/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso \
--disk path=/var/lib/libvirt/images/pm2-node202.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
- 虚拟机启动过程和 pm1-node201 相同。
更改主机名
]# hostnamectl set-hostname pm2-node202.yqc.com
添加内网网卡
参照 pm1-node201 中的步骤。
配置网络
- 更改 eth0 的地址为 192.168.1.202
[root@pm2-node202 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.1.202"
PREFIX="24"
GATEWAY="192.168.1.1"
DNS1="192.168.1.254"
- 更改 eth1 的地址为 172.16.1.202
[root@pm2-node202 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO="none"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR="172.16.1.202"
PREFIX="24"
DNS1="172.16.1.253"
- 重启网络服务并验证:
[root@pm2-node202 ~]# systemctl restart network
[root@pm2-node202 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.202 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::5054:ff:fe04:2d17 prefixlen 64 scopeid 0x20<link>
inet6 240e:324:79e:f400:5054:ff:fe04:2d17 prefixlen 64 scopeid 0x0<global>
ether 52:54:00:04:2d:17 txqueuelen 1000 (Ethernet)
RX packets 1207 bytes 172922 (168.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 349 bytes 58171 (56.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.202 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::5054:ff:fe1d:9e2 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:1d:09:e2 txqueuelen 1000 (Ethernet)
RX packets 10 bytes 908 (908.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25 bytes 1674 (1.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@pm2-node202 ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=12.0 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=2.85 ms
[root@pm2-node202 ~]# ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.
64 bytes from 172.16.1.1: icmp_seq=1 ttl=128 time=7.27 ms
64 bytes from 172.16.1.1: icmp_seq=2 ttl=128 time=1.24 ms
2.2.5:创建 pm2-node203
拷贝虚拟机磁盘文件
[root@pm2 ~]# cp /var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2 /var/lib/libvirt/images/pm2-node203.qcow2
创建虚拟机
- 基于拷贝好的虚拟机磁盘文件创建虚拟机
[root@pm2 ~]# virt-install --virt-type kvm \
--name pm2-node203 \
--ram 1024 \
--vcpus 2 \
--cdrom=/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso \
--disk path=/var/lib/libvirt/images/pm2-node203.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
- 虚拟机启动过程和 pm1-node201 相同。
更改主机名
]# hostnamectl set-hostname pm2-node203.yqc.com
配置网络
- 更改 IP 地址为 172.16.1.203
[root@pm2-node203 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="172.16.1.203"
PREFIX="24"
DNS1="172.16.1.253"
[root@pm2-node203 ~]# systemctl restart network
- 更改虚拟机网卡配置,桥接到 br1:
- 验证内部网络连通性:
[root@pm2-node203 ~]# ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.
64 bytes from 172.16.1.1: icmp_seq=1 ttl=128 time=1.70 ms
64 bytes from 172.16.1.1: icmp_seq=2 ttl=128 time=1.94 ms
2.2.6:创建 pm2-node205
拷贝虚拟机磁盘文件
[root@pm2 ~]# cp /var/lib/libvirt/images/centos-7.2-1511-minimal.qcow2 /var/lib/libvirt/images/pm2-node205.qcow2
创建虚拟机
- 基于拷贝好的虚拟机磁盘文件创建虚拟机
[root@pm2 ~]# virt-install --virt-type kvm \
--name pm2-node205 \
--ram 1024 \
--vcpus 2 \
--cdrom=/usr/local/src/CentOS-7.2-x86_64-Minimal-1511.iso \
--disk path=/var/lib/libvirt/images/pm2-node205.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
- 虚拟机启动过程和 pm1-node201 相同。
更改主机名
]# hostnamectl set-hostname pm2-node205.yqc.com
配置网络
- 更改 IP 地址为 172.16.1.205
[root@pm2-node205 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="172.16.1.205"
PREFIX="24"
DNS1="172.16.1.253"
[root@pm2-node205 ~]# systemctl restart network
- 更改虚拟机网卡配置,桥接到 br1
- 验证内部网络连通性:
[root@pm2-node205 ~]# ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.
64 bytes from 172.16.1.1: icmp_seq=1 ttl=128 time=1.70 ms
64 bytes from 172.16.1.1: icmp_seq=2 ttl=128 time=1.94 ms
2.3:KVM 虚拟机后续设置
2.3.1:设置 KVM 虚拟机随物理机开机启动
[root@pm1 ~]# virsh autostart pm1-node201
[root@pm1 ~]# virsh autostart pm1-node204
[root@pm2 ~]# virsh autostart pm2-node202
[root@pm2 ~]# virsh autostart pm2-node203
[root@pm2 ~]# virsh autostart pm2-node205
2.3.2:保存 KVM 虚拟机快照
[root@pm1 ~]# virsh snapshot-create-as pm1-node201 --name "pm1-node201-init" --description "Initial state"
[root@pm1 ~]# virsh snapshot-create-as pm1-node204 --name "pm1-node204-init" --description "Initial state"
[root@pm2 ~]# virsh snapshot-create-as pm2-node202 --name "pm2-node202-init" --description "Initial state"
[root@pm2 ~]# virsh snapshot-create-as pm2-node203 --name "pm2-node203-init" --description "Initial state"
[root@pm2 ~]# virsh snapshot-create-as pm2-node205 --name "pm2-node205-init" --description "Initial state"
2.3.3:查看创建完成的 KVM 虚拟机
- pm1 的 KVM 虚拟机:
[root@pm1 ~]# virsh list --all
Id Name State
----------------------------------------------------
7 pm1-node204 running
8 pm1-node201 running
- CentOS-7.2-1511-bridge shut off
- pm2 的 KVM 虚拟机:
[root@pm2 ~]# virsh list --all
Id Name State
----------------------------------------------------
2 pm2-node202 running
4 pm2-node203 running
6 pm2-node205 running
至此,KVM 虚拟机环境搭建完成。