KVM案例:
案例背景:
某公司刚创立起步,为节省经费,准备使用KVM跑公司业务网站,特购两台高性能服务器(多核心,大内存,多网卡或双网卡,多硬盘-做raid5或raid10),在每个服务器上安装linux系统架设KVM服务,后在每个KVM上跑多台虚拟机,提供对外业务网站。
架构解说:
防火墙后使用HAProxy+Keepalived做高可用调度,HAProxy+Keepalived分别跑在不同的宿主机上,以免当其中一台宿主机宕机后,公司业务网站单点失败,无法访问。后端架设nginx+php,mariadb主从或读写分离或galary cluster三主架构,同理也跑在不同的宿主机,以免单点失败。双网卡起步,配置内外网,内网跑服务,与外网隔离。对带宽要求很高的话,双网卡绑定增加带宽方式(需交换机支持,做端口绑定)
简单配置:
实验前提:两台宿主机BIOS中,开启了虚拟化功能。因手里有一个配置好centos7最小化安装的qcow2文件,故拷贝即可模拟出多台虚拟机。
CentOS 7 64 位 KVM-1
[root@kvm-1 ~]# yum install qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install acpid -y
[root@kvm-1 ~]# systemctl start libvirtd
[root@kvm-1 ~]# systemctl enable libvirtd
#提前上传镜像
[root@kvm-1 src]# ll /usr/local/src/CentOS-7-x86_64-Minimal-1810.iso
-rw-r--r-- 1 root root 962592768 Jun 15 23:47 /usr/local/src/CentOS-7-x86_64-Minimal-1810.iso
#由于提前已经有qcow2文件,所以这里不需要重新安装,在安装前,强制关机后重启即可
[root@kvm-1 ~]# ll /var/lib/libvirt/images/
total 3552524
-rw-r--r-- 1 qemu qemu 1818886144 Jun 16 21:03 centos7_mini_1.qcow2
-rw-r--r-- 1 qemu qemu 1818951680 Jun 16 21:36 centos7_mini.qcow2
#创建虚拟机vm1
[root@kvm-1 ~]# virt-install --virt-type kvm \
--name centos7 \
--memory 512 \
--vcpus 1 \
--cdrom=/usr/local/src/CentOS-7-x86_64-Minimal-1810.iso \
--disk path=/var/lib/libvirt/images/centos7_mini.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=172.16.36.70 \
--noautoconsole
#创建虚拟机vm2
[root@kvm-1 ~]# virt-install --virt-type kvm \
--name centos7-1 \
--memory 512 \
--vcpus 1 \
--cdrom=/usr/local/src/CentOS-7-x86_64-Minimal-1810.iso \
--disk path=/var/lib/libvirt/images/centos7_mini_1.qcow2 \
--network bridge=br1 \
--graphics vnc,listen=172.16.36.70 \
--noautoconsole
CentOS 7 64 位 KVM-2
[root@kvm-2 ~]# yum install qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install acpid -y
[root@kvm-2 ~]# systemctl start libvirtd
[root@kvm-2 ~]# systemctl enable libvirtd
#提前上传镜像
[root@kvm-2 src]# ll /usr/local/src/CentOS-7-x86_64-Minimal-1810.iso
-rw-r--r-- 1 root root 962592768 Jun 15 23:47 /usr/local/src/CentOS-7-x86_64-Minimal-1810.iso
#由于提前已经有qcow2文件,所以这里不需要重新安装,在安装前,强制关机后重启即可
[root@kvm-2 ~]# ll /var/lib/libvirt/images/
total 3552524
-rw-r--r-- 1 qemu qemu 1818886144 Jun 16 21:03 centos7_mini_1.qcow2
-rw-r--r-- 1 qemu qemu 1818951680 Jun 16 21:36 centos7_mini.qcow2
#创建虚拟机vm3
[root@kvm-2 ~]# virt-install --virt-type kvm \
--name centos7-1 \
--memory 512 \
--vcpus 1 \
--cdrom=/usr/local/src/CentOS-7-x86_64-Minimal-1810.iso \
--disk path=/var/lib/libvirt/images/centos7_mini.qcow2 \
--network bridge=br0 \
--graphics vnc,listen=172.16.36.71 \
--noautoconsole
#创建虚拟机vm4
[root@kvm-1 ~]# virt-install --virt-type kvm \
--name centos7-2 \
--memory 512 \
--vcpus 1 \
--cdrom=/usr/local/src/CentOS-7-x86_64-Minimal-1810.iso \
--disk path=/var/lib/libvirt/images/centos7_mini_1.qcow2 \
--network bridge=br1 \
--graphics vnc,listen=172.16.36.71 \
--noautoconsole
通过virt-manager管理虚拟机:
执行virt-manager通常会报错:
(virt-manager:23111): Gtk-WARNING **: 15:48:20.549: cannot open display:
此处介绍securCRT+Xmanager启动virt-manager:
1.启动xmanager的passive
2.在secureCRT中执行以下的命令
export DISPLAY=172.16.36.1:0.0 ip地址是本机(真实主机,你摸得到)的客户端地址
3.写一个.sh文件,放到/etc/profile.d/,例如:
[root@kvm-1 images]# vim /etc/profile.d/display.sh
export DISPLAY=172.16.36.1:0.0
[root@kvm-1 images]# source /etc/profile.d/display.sh #读取生效
[root@kvm-1 images]# virt-manager #启动virt-manager
中间部分过程省略:如配置KVM里跑的虚拟机网卡增加、桥接选项、IP地址配置等操作。
各虚拟机服务配置:
[root@vm1 ~]# yum install haproxy keepalived -y
[root@vm1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
vrrp_iptables #禁止VIP移走后,生成iptables防护规则
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.43.248 dev eth0 label eth0:0 #VIP绑定
}
}
[root@vm1 ~]# vim /etc/haproxy/haproxy.cfg
listen stats
bind :9999 #监听在所有地址。
stats enable #开启状态页
#stats hide-version #隐藏haproxy版本信息
stats uri /haproxy-status #自定义管理URI
stats realm HAPorxy\Stats\Page #登陆时提醒消息
stats auth haadmin:123456 #用户认证信息,可写多个
stats refresh 5s #5S自动刷新页面内容
stats admin if TRUE #登陆成功即启用管理功能
listen web_port
bind 192.168.43.248:80
mode http
log global
option forwardfor
server Web1 172.16.36.75:80 check inter 3000 fall 3 rise 5
server Web2 172.16.36.76:80 check inter 3000 fall 3 rise 5
[root@vm1 ~]# systemctl start haproxy.service keepalived.service
[root@vm1 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:9999 *:*
LISTEN 0 128 192.168.43.248:80 *:*
[root@vm1 ~]# systemctl enable haproxy.service keepalived.service
===========================================================
[root@vm3 ~]# yum install haproxy keepalived -y
[root@vm3 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.43.248 dev eth0 label eth0:0
}
}
[root@vm3 ~]# vim /etc/haproxy/haproxy.cfg
listen web_port
bind 192.168.43.248:80
mode http
log global
option forwardfor
server Web1 172.16.36.75:80 check inter 3000 fall 3 rise 5
server Web2 172.16.36.76:80 check inter 3000 fall 3 rise 5
[root@vm3 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1 #开启监听本机不存在的IP地址。
[root@vm3 ~]# sysctl -p #使自定义项生效
net.ipv4.ip_nonlocal_bind = 1
[root@vm3 ~]# systemctl start haproxy.service keepalived.service
[root@vm3 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.43.248:80 *:*
[root@vm1 ~]# systemctl enable haproxy.service keepalived.service
===========================================================
[root@vm2 ~]# yum install httpd
[root@vm2 ~]# echo "web 172.16.36.75" > /var/www/html/index.html
[root@vm2 ~]# systemctl start httpd
[root@vm2 ~]# systemctl enable httpd
===========================================================
[root@vm4 ~]# yum install httpd
[root@vm2 ~]# echo "web 172.16.36.75" > /var/www/html/index.html
[root@vm4 ~]# systemctl start httpd
[root@vm4 ~]# systemctl enable httpd
测试访问:
