KVM三企业级虚拟化技术KVM网络及脚本管理
一、KVM网络管理
画图工具:
https://www.processon.com
分类:
网络:
nat isolated接口:
bridge
虚拟交换机
linux-bridge(linux自带)
ovs(open-Vswitch)
NAT网络拓扑
隔离网络拓扑
桥接网络拓扑
可以通过查看mac地址是否一致来确定是不是一根线上的两个接口
[root@server ~]# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.5254003c2ba7 yes virbr0-nic
vnet2
vnet3
从交换机上把vnet网卡删除:
[root@server ~]# brctl delif virbr0 vnet0
添加vnet网卡到交换机上:
[root@server ~]# brctl addif virbr0 vnet0
1、配置文件方式配置桥接
在宿主机上
1.修改配置文件
[root@server ~]# cat ifcfg-br0
TYPE=Bridge
NAME=br0
DEVICE=br0
ONBOOT="yes"
BOOTPROTO=static
IPADDR=10.18.44.251
GATEWAY=10.18.44.1
NETMASK=255.255.255.0
DNS1=10.18.44.100
DNS2=8.8.8.8
[root@server ~]# cat ifcfg-enp3s0
DEVICE="enp3s0"
ONBOOT="yes"
BRIDGE=br0
2.重启libvirtd服务
3.重启network服务
删除桥接网卡步骤:
1.删除br0的配置文件
2.修改正常网卡的配置文件
3.重启系统
2、配置文件方式创建nat网络
[root@server ~]# cp /etc/libvirt/qemu/networks/nat2.xml /etc/libvirt/qemu/networks/nat3.xml
[root@server ~]# vim /etc/libvirt/qemu/networks/nat3.xml
<network>
<name>nat3</name>
<uuid>4d8b9b5c-748f-4e16-a509-848202b9c83b</uuid>
<forward mode='nat'/> //和隔离模式的区别
<bridge name='virbr4' stp='on' delay='0'/>
<mac address='52:57:00:62:0c:d4'/>
<domain name='nat3'/>
<ip address='192.168.104.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.104.128' end='192.168.104.254'/>
</dhcp>
</ip>
</network>
重启服务:
[root@server ~]# systemctl restart libvirtd
3、配置文件方式创建isolated网络
<network>
<name>isolate1</name>
<uuid>6341d3a6-7330-4e45-a8fe-164a6a68929a</uuid>
<bridge name='virbr2' stp='on' delay='0'/>
<mac address='52:54:00:6b:39:0c'/>
<domain name='isolate1'/>
<ip address='192.168.101.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.101.128' end='192.168.101.254'/>
</dhcp>
</ip>
</network>
查看所有的网络:
[root@server ~]# virsh net-list
启动网络:
[root@server ~]# virsh net-start isolated200
开机自启动:
[root@server ~]# virsh net-autostart isolated200
网络相关基本命令
查看一个guest主机的网络接口信息:
[root@server ~]# virsh domiflist vm1
接口 类型 源 型号 MAC
---------------------------------------
vnet0 network default virtio 52:54:00:94:a7:a1
Virbr0的DHCP
Virbr0 是 KVM 默认创建的一个 Bridge,其作用是为连接其上的虚机网卡提供 NAT 访问外网的功能。
Virbr0 默认分配了一个IP 192.168.122.1,并为连接其上的其他虚拟网卡提供 DHCP 服务。
Virbr0 使用 dnsmasq 提供 DHCP 服务,可以在宿主机中查看该进程信息
[root@server ~]# ps -elf|grep dnsmasq
5 S libvirt+ 2422 1 0 80 0 - 7054 poll_s 11:26 ? 00:00:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf
在 /var/lib/libvirt/dnsmasq/ 目录下有一个 virbr0.status 文件,当 VM1 成功获得 DHCP 的 IP 后,可以在该文件中查看到相应的信息
[root@server ~]# cat virbr0.status
[
{
"ip-address": "192.168.122.28",
"mac-address": "52:54:00:94:a7:a1",
"hostname": "vm1",
"expiry-time": 1511626337
}
]
从外面客户端访问KVM中NAT方式的内网虚拟机:
本机开启路由,开启防火墙,写入如下规则:
[root@server ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 10022 -j DNAT --to-destination 192.168.10.11:22
从其他客户端测试:
[wing@macserver ~]$ ssh root@192.168.22.108 -p 10022
二、脚本管理KVM
1、批量创建虚机脚本
#!/bin/bash
#KVM batch create vm tool
#version: 0.1
#author: wing
#需要事先准备模板镜像和配置文件模板
echo "1.创建自定义配置单个虚拟机
2.批量创建自定义配置虚拟机
3.批量创建默认配置虚拟机
4.删除虚拟机"
#扩展功能:
[root@server ~]# 查看现在虚拟机
[root@server ~]# 查看某个虚拟机的配置
[root@server ~]# 升配/降配
[root@server ~]# 添加/删除网络
read -p "选取你的操作(1/2/3):" op
batch_self_define() {
KVMname=`openssl rand -hex 5`
sourceimage=/var/lib/libvirt/images/vmmodel.img
sourcexml=/etc/libvirt/qemu/vmmodel.xml
newimg=/var/lib/libvirt/images/${KVMname}.img
newxml=/etc/libvirt/qemu/${KVMname}.xml
cp $sourceimage $newimg
cp $sourcexml $newxml
KVMuuid=`uuidgen`
KVMmem=${1}000000
KVMcpu=$2
KVMimg=$newimg
KVMmac=`openssl rand -hex 3 | sed -r 's/..\B/&:/g'`
sed -i "s@KVMname@$KVMname@;s@KVMuuid@$KVMuuid@;s@KVMmem@$KVMmem@;s@KVMcpu@$KVMcpu@;s@KVMimg@$KVMimg@;s@KVMmac@$KVMmac@" $newxml
virsh define $newxml
virsh list --all
}
self_define() {
read -p "请输入新虚机名称:" newname
read -p "请输入新虚机内存大小(G):" newmem
read -p "请输入新虚机cpu个数:" newcpu
sourceimage=/var/lib/libvirt/images/vmmodel.img
sourcexml=/etc/libvirt/qemu/vmmodel.xml
newimg=/var/lib/libvirt/images/${newname}.img
newxml=/etc/libvirt/qemu/${newname}.xml
cp $sourceimage $newimg
cp $sourcexml $newxml
KVMname=$newname
KVMuuid=`uuidgen`
KVMmem=${newmem}000000
KVMcpu=$newcpu
KVMimg=$newimg
KVMmac=`openssl rand -hex 3 | sed -r 's/..\B/&:/g'`
sed -i "s@KVMname@$KVMname@;s@KVMuuid@$KVMuuid@;s@KVMmem@$KVMmem@;s@KVMcpu@$KVMcpu@;s@KVMimg@$KVMimg@;s@KVMmac@$KVMmac@" $newxml
virsh define $newxml
virsh list --all
}
case $op in
1)self_define;;
2)
read -p "请输入要创建的虚拟机的个数:" num
read -p "请输入新虚机内存大小(G):" newmem
read -p "请输入新虚机cpu个数:" newcpu
for((i=1;i<=$num;i++))
do
batch_self_define $newmem $newcpu
done;;
3)
read -p "请输入要创建的虚拟机的个数:" num
for((i=1;i<=$num;i++))
do
batch_self_define 1 1
done;;
*)
echo "输入错误,请重新执行脚本"
exit;;
esac
2、配置文件模板
[root@server ~]# vim /etc/libvirt/qemu/vmmodel.xml
<domain type='KVM'>
<name>KVMname</name>
<uuid>KVMuuid</uuid>
<memory unit='KiB'>KVMmem</memory>
<currentMemory unit='KiB'>KVMmem</currentMemory>
<vcpu placement='static'>KVMcpu</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-rhel7.0.0'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
</features>
<cpu mode='custom' match='exact' check='partial'>
<model fallback='allow'>Haswell-noTSX</model>
</cpu>
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/usr/libexec/qemu-KVM</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='KVMimg'/>
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</disk>
<controller type='usb' index='0' model='ich9-ehci1'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x7'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci1'>
<master startport='0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0' multifunction='on'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci2'>
<master startport='2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x1'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci3'>
<master startport='4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</controller>
<interface type='network'>
<mac address='52:54:00:KVMmac'/>
<source network='default'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='unix'>
<target type='virtio' name='org.qemu.guest_agent.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</memballoon>
</devices>
</domain>
3、随机生成mac地址
其中5种方式:
[root@server ~]# echo $[$RANDOM%9]$[$RANDOM%9]:$[$RANDOM%9]$[$RANDOM%9]:$[$RANDOM%9]$[$RANDOM%9]
65:42:31
[root@server ~]# echo `openssl rand -hex 1`:`openssl rand -hex 1`:`openssl rand -hex 1`
99:6e:67
[root@server ~]# openssl rand -hex 3 | sed -r 's/(..)/\1:/g'|sed 's/.$//'
e9:b6:12
[root@server ~]# openssl rand -hex 3 | sed -r 's/(..)(..)(..)/\1:\2:\3/g'
94:89:e3
[root@server ~]# openssl rand -hex 3 | sed -r 's/..\B/&:/g'
c5:66:90
\B 表示 非单词边界
\b 表示 单词边界
<a 表示以a开头的单词
b> 表示以b结尾的单词
使用UUID:
[root@server ~]# uuidgen | sed -r 's/(..)(..)(..)(.*)/\1:\2:\3/'
使用熵池里面的随机数:
[root@server ~]# echo -n 00:60:2F; dd bs=1 count=3 if=/dev/random 2>/dev/null | hexdump -v -e '/1 ":%02X"'
三、KVM相关项目
1、迁移
从物理机器迁移到KVM
从KVM迁移到云主机
2、文件管理服务(ftp nfs jira+wiki)
3、日志服务
