虛擬化技術有兩種類型的實現:
Type-I
hypervisor --> vm
Type-II
host --> vmm --> vms
Xen:
hypervisor, Dom0 kernel
KVM:Kernel-based Virtual Machine,Qumrane公司,依賴於HVM;Inter VT-x,ADM ADM-V;
KVM模塊載入後的系統運行模式:
內核模式:GuestOS執行I/O類操作,或其他的特殊指令的操作;稱作“來賓-內核”模式;
用戶模式:代表GuestOS請求I/O類操作,
來兵模式:GuestOS的非I/O類操作;事實上,它被稱作“來賓-用戶”模式;
KVM的組件:
兩類組件:
/dev/kvm:工作於hypervisor在用戶空間,可通過ioctl()系統調用來完成VM創建、啓動等管理功能;它是字符設備;
功能:創建VM,爲VM分配內存,讀寫VCPU的寄存器、向VCPU注入終端,運行VCPU等等;
qemu進程:工作於用戶空間,主要用於實現模擬PC機的IO設備;
KVM特性:
內存管理:
將分配給VM的內存交換至SWAP;
支持使用Huge Page;
支持使用Inter EPT或AMD RVI技術完成內存地址映像;GVA-->GPA-->HPA
支持KSM(Kernel Same-Page Merging)
硬件支持:
取決於Linux內核;
存儲:
本地存儲:
網絡附加存儲:
存儲區域網絡:
分佈式存儲:例如GlustFS
實時遷移:
支持的GuestOS:
Linux,Windows,OpenBSD,FreeBSD,OpenSolaris;
設備驅動:
IO設備的完全虛擬化:模擬應急
IO設備的半虛擬化:在GuestOS中安裝驅動;virtio
virtio-blk,virtio-net,virtio-pci,virtio-console,virtio-ballon
KVM內存管理:
KVM繼承了Linux系統管理內存的諸多特性,比如,分配給虛擬實用的內存可以被交換至交換空間、能夠實用大內存頁以實現更好的性能,以及對NUMA的支持能夠讓虛擬機高效訪問更大的內存空間等。
內存虛擬化:
KVM侷限性:
一般侷限性:
CPU overcommit
時間記錄難以精確,依賴於時間同步機制
MAC地址:
VM量特別大時,存在衝突的可能性;
實時遷移:
性能侷限性:
KVM的工具棧:
qemu:
qemu-kvm
qemu-img
libvirt
GUI:virt-manager,virt-viewer
CLI:virt-install,virsh
QEMU主要提供以下幾個部分:
處理器模擬器
仿真IO設備
關聯模擬的設備至真實設備;
調試器
與模擬器交互的用戶接口安裝:
(1) 確保CPU支持HVM
# grep -E --color=auto "(vmx|svm)" /proc/cpuinfo
(2) 裝載模塊
\# modprobe kvm
\# modprobe kvm-intel
(3) 驗證:
\/dev/kvm
管理工具棧:
[root@kvm ~]# yum grouplist | grep -i "virtualization"Virtualization: qemu-kvm,
Virtualization Client: python-virtinst,virt-manager,virt-viewer
Virtualization Platform: libvirt, libvirt-client
Virtualization Tools: libguestfs
KVM管理工具
virsh的本地模式與遠程模式
KVM:hvm
kvm,kvm-intel,/dev/kvm
管理工具棧:
qemu-kvm
libvirt
管理Kvm虛擬的方案:
qemu: /usr/libexec/
libvirt:
安裝工具:
virt-install
virt-manager
管理工具:
virsh
virt-manager
virt-viewerqemu-kvm:
qemu-kvm [ options ] [ disk_image ]
使用qemu-kvm管理工具:
yum install qemu-kvm
/usr/libexec/qemu-kvm
命令選項:
標準選項:
顯示選項:
塊設備選項:
網絡選項:
i386平臺專用選項:
字符設備選項:
藍牙設備選項:
Linux啓動專用選項:
調試/專家模式選項:
cirros project:爲cloud環境測試vm提供的微縮版Linux:
啓動第一個虛擬:qemu-kvm -m 128 -smp 2 -name test -hda /images/kvm/cirros-0.3.4-i386.disk.img
用-drive制定磁盤映像文件:# qemu-kvm -m 128 -name test -smp 2 -drive file=/images/kvm/cirros-0.3.4-i386-disk.img,if=virtio,media=disk,cache=writeback,format=qcow2
通過cdrom啓動winxp安裝:# qemu-kvm -name winxp -smp 4,sockets=1,cores=2,threads=2 -m 512 -drive file=/images/kvm/winxp.img,if=ide,media=disk,cache=writeback,format=qcow2 -drive file=/root/winxp_ghost.iso,media=cdrom
指定使用橋接網絡接口:qemu-kvm -m 128 -name test -smp 2 -drive file=/images/kvm/cirros-0.3.4-i386-disk.img,if=virtio,media=disk,cache=writeback,format=qcow2 -net nic -net tap,script=/etc/if-up,downscript=no -nographic
指定以網絡接口啓動vm:
qemu-kvm -m 512 -smp 2 -name centos -drive file=/images/centos/centos6.img,media=disk,if=virtio -net nic,model=virtio,macaddr=52:54:00:55:32:19 -net tap,ifname=centos6.0,script=/etc/qemu-ifup -boot order=nc,once=n
顯示選項:
SDL:Simple DirectMedia Layer:C語言開發,誇平臺且開元多媒體程序庫文件;
在qemu中使用"-sdl"即可
VNC:Virtual Network Computing,使用RFB(Remote FrameBuffer)協議遠程控制另外的主機;
CentOS 6.6
(1) yum install tigervnc-server
(2) vncpasswd
(3) vncserver :N
qemu-kvm
-vnc display,option,option
示例:-nvc -N,password
啓動qemu-kvm時,額外使用-monitor stdio選項,並使用change vnc password命令設置密碼;補充資料:qemu-kvm使用文檔
2.5.6 使用qemu-kvm管理KVM虛擬機
Qemu時一個廣泛使用的開源計算機仿真器和虛擬機,當做仿真器時,可以在一種架構(如PC機)下運行另一種架構(如PC機)下運行另一種架構(如ARM)下的操作系統和程序,而通過動態轉換,其可以獲得很高的運行效率。當作爲一個虛擬機時,qemu可以通過直接使用真機的系統資源,讓虛擬系統能夠獲得接近於物理機的性能表現,qemu支持xen或者kvm模式下的虛擬化。當用kvm時,qemu可以虛擬x86、服務器和嵌入式powerpc,以及s390的系統。
QEMU當運行與主機架構相同的目標架構時可以使用KVM,例如,當在一個x86兼容處理器上運行qemu-system-x86時,可以利用KVM加速爲宿主機和客戶機提供更好的性能。
Qemu有如下幾個部分組成:
處理器模擬器(x86、PowerPC和Sparc);
仿真設備(顯卡、網卡、硬盤、鼠標等);
用於將仿真設備連接至主機設備(真實設備)的通用設備;
模擬卷的描述信息;
調試器;
與模擬器交互的用戶接口;
2.5.6.1 使用qemu-kvm安裝Guest
如2.5.5中所述,給予libvirt的工具如virt-manager何virt-install提供了非常便捷的虛擬機管理接口,但它們事實上經過二次開發後又封裝了qemu-kvm的工具,因此,直接使用qemu-kvm命令也能夠完成此前的任務。
2.5.6.1.1 qemu-kvm命令
在RHEL6上,qemu-kvm位於/usr/libexec目錄中,由於此目錄不屬於PATH環境變量,故無法直接使用,這樣也阻止了可以直接使用qemu作爲創建並管理虛擬機。如若想使用qemu虛擬機,可以通過將/usr/libexec/qemu-kvm鏈接爲/usr/bin/qemu實現。
# ln -sv /usr/lib/exec/qemu-kvm /usr/bin/qemu-kvm
qemu-kvm命令使用格式爲"qemu-kvm [options] [disk_image]",其選項非常多,不過,大致可分爲如下幾類。
標準選項:
USB選項:
顯示選項:
i386平臺專用選項:
網絡選項:
字符設備選項:
藍牙相關選項:
Linux系統引導專用選項:
調試/專家模式選項:
PowerPC專用選項:
Sparc32專用選項:
考慮到篇幅及使用需要,這裏介紹的選項主要涉及到標準選項、顯示選項、i386平臺專用選項及Linux系統引導專用選項相關的選項。
2.5.6.1.2 qemu-kvm的標準選項
qemu-kvm的標準選項主要涉及制定主機類型、CPU模式、NUMA、軟驅設備、光驅設備及硬件設備等。
-name name:設定虛擬機名稱;
-M machine:制定要模擬的主機類型,如Standard PC、ISA-only PC或Intel-Mac等,可以使用"qemu-kvm -M ?"獲取所支持的所有類型;
-m megs:設定虛擬機的RAM大小;
-cpu model:設定CPU模型,如coreduo、qemu64等,可以使用"qemu-kvm -cpu ?"獲取所支持的所有模型;
-smp n[,cores=cores][,threads=threads][,sockets=sockets][,maxcpus=maxcpus]:設定模擬的SMP架構中CPU的個數等、每個CPU的核心數及CPU的socket數目等;PC機上最多可以模擬255顆CPU;maxcpus用於指定熱插入的CPU個數上限;
-numa opts:指定模擬多節點的numa設備;
-fda file
-fdb file:使用指定文件(file)作爲軟盤鏡像,file爲/dev/fd0表示使用物理軟驅;
-hda file
-hdb file
-hdc file
-hdd file:使用指定file作爲硬盤鏡像;
-cdrom file:使用指定file作爲CD-ROM進行,需要注意的是-cdrom和-hdc不能同時使用:將file指定爲/dev/cdrom可以直接使用物理光驅;
-drive option[,option[,option[,...]]]:定義一個硬盤設備;可用子選項有很多。
file=/path/to/somefile:硬件映像文件路徑;
if=interface:指定硬盤設備所連接的接口類型,既控制器類型,如ide、scsi、sd、mtd、floppy、pflash及virtio等;
index=index:設定同一種控制器類型中不同設備的索引號,即標識號;
media=media:定義介質類型爲硬盤(disk)還是光驅(cdrom);
snapshot=snapshot:指定當前硬盤設備是否支持快照功能:on或off;
cache=cache:定義如何使用物理機緩存來訪問塊數據,其可用值有none、writeback、unsafe和writethrough四個;
format=format:指定映像文件的格式,具體格式可參見qemu-img命令;
-boot [order=drives][,once=drives][,menu=of|off]:定義啓動設備的引導次序,每種設備使用一個字符表示;不同的架構所支持的設備及其表示字符不盡相同,在x86 PC架構上,a、b表示軟驅、c表示第一塊硬盤,d表示第一個光驅設備,n-p表示網絡適配器,默認爲硬盤設備;
-boot order=dc,once=d
2.5.6.1.3 qemu-kvm的顯示選項
顯示選項用力啊定義虛擬機啓動後的顯示接口相關類型及屬性等。
-nographic:默認情況下,qemu使用SDL來顯示VGA輸出,而此選項用於禁用圖形接口,此時,qemu類似一個簡單的命令行程序,其仿真串口設備將被重定向到控制檯;
-curses:禁止圖形接口,並使用curses/ncurses作爲交互接口;
-alt-grab:使用Ctrl+Alt+Shift組合鍵釋放鼠標;
-ctrl-grab:使用右Ctrl鍵釋放鼠標;
-sdl:啓動SDL;
-spice option[,option[,...]]:啓動spice遠程桌面協議,其有許多子選項,具體參照qemu-kvm的手冊;
-vga type:指定要仿真的VGA接口類型,常見類型有;
cirrus:Cirrus Logic GD5446顯示卡
std:帶有Bochs VBI擴展的標準VGA顯示卡
vmware:VMWare SVGA-II兼容的顯示適配器;
qxl:QXL半虛擬化顯示卡,與VGA兼容,在Guest中安裝qxl驅動後能以很好的方式工作,在使用spice協議時推薦使用此類型;
none:禁用VGA卡;
vnc display[,option[,option[,...]]]:默認情況下,qemu使用SDL顯示VGA輸出,使用-vnc選項,可以讓qemu監聽在VNC上,並將VGA輸出重定向至VNC會話;使用此選項時,必須使用-k選項制定鍵盤佈局類型,其有許多子選項,具體請參照qemu-kvm的手冊;
display:
(1) host:N
172.16.100.67:1,監聽於172.16.100.67主的5900+N的端口上
(2) unix:/path/to/socket_file
(3) none
options:
password:連接時需要驗證密碼,設定密碼通過monitor接口使用change
reverse: "反向"連接至某處於監聽狀態的vncview上;
-monitor stdio:表示在標準輸入輸出上顯示monitor界面
-nographic:
Ctrl-a, c:在console和monitor之間切換
Ctrl-a, h:顯示幫助信息
2.5.6.1.4 386平臺專用選項
-no-acpi:禁用ACPI功能,GuestOS與ACPI出席兼容問題時使用此選項;
-balloon none:禁用balloon設備;
-balloon virtio[,addr=addr]:啓用virtio balloon設備;
2.5.6.1.5 網絡屬性相關選項
網絡屬性相關選項用於定義網絡設備接口類型其相關的各屬性等信息,這裏只介紹nic、tap和user三種類型網絡接口的屬性,其它類型請參照qemu-kvm手冊。
-net nic[,vlan=n][,macaddr=mac][,model=type][,name=name][,addr=addr][,vectors=v]:創建一個新的網卡設備並連接至vlan n中;PC架構上默認的NIC爲e1000,macaddr用於爲其制定MAC地址,name用於指定一個在監控時顯示的網上設備名稱;emu可以模擬多個類型的網卡設備,如virtio、i82551、i82557b、i82559er、ne2k_isa、pcnet、rt18139、e1000、smc91c111、lance及mcf_fec等;不過,不同平臺架構上,其支持的類型可能只包含前述列表的一部分,可以使用"qemu-kvm -net nic,model=?"來獲取當前平臺支持的類型;
注意:默認mac地址爲:52:54:00:12:34:56,使用中需手動指定;
-net tap[,vlan=n][,name=name][,fd=h][,ifname=name][,script=file][,downscript=dfile]:通過物理機的TAP網絡接口連接至vlan n中,使用script=file指定的腳本(默認爲/etc/qemu-ifup)來配置當前網絡接口,並使用downscript=file指定的腳本(默認爲/tc/qemu-ifdown)來撤銷接口配置;使用script=no和downscript=no可分別用來禁止執行腳本;
-net user[,option][,option][,...]:在用戶模式配置網絡棧,其不依賴於管理權限;有效選項有:
vlan=n:連接至vlan n,默認n=0;
name=name[/mask]:設定GuestOS可見的IP網絡,掩碼可選,默認爲10.0.2.0/8;
host=addr[/mask]:設定GuestOS中看到的物理機的IP地址,默認爲指定網絡中的第二個,即x.x.x.2;
dhcpstart=addr:指定DHCP服務地址池中16個地址的起始IP,默認爲第16個至第31個,即x.x.x.16-x.x.x.31;
dns=addr:指定GuestOS可見的dns服務器地址,默認爲GuestOS網絡中的第三個地址,即x.x.x.3;
tftp=dir:激活內置的tftp服務器,並使用指定的dir作爲tftp服務器的默認根目錄;
bootfile=file:BOOTP文件名稱,用於實現網絡引導GuestOS;如:qemu -hda linux.img -boot n -net user,tftp=/tftpserver/pub,bootfile=/pxelinux.0
# cat /etc/qemu-ifup
#!/bin/bash
#
bridge=br0
if [ -n "$1" ];then
if link set $1 up
sleep 1
brctl addif $bridge $1
[ $? -eq 0] && exit 0 || exit 1
else
echo "Error: no interface specified."
exit 1
fi
# cat /etc/qemu-ifdown
#!/bin\bash
#
bridge=br0
if [ -n "$1" ];then
brctl delif $bridge $1
ip link set $1 down
exit 0
else
echo "Error: no interface specified."
exit 1
fi
總結:
kvm的網絡模型:
1、隔離模型:在host創建一個vswitch(bridge device),每個虛擬機的tap設備直接添加至vswitch上;
2、路由模型:
3、NAT模型:
4、橋接模型:
網絡模型:
隔離模型
路由模型:
NAT模型(NAT Mode)
橋接模型
2.5.6.1.6 一個使用示例
下面的命令創建了一個名爲rhel5.8的虛擬機,其RAM大小爲512MB,有兩顆CPU的SMP架構,默認引導設備爲硬盤,有一個硬盤設備和一個光驅設備,網絡接口類型爲virtio,VGA模式爲cirrus,並啓用了balloon功能。
# qemu-kvm -name "rhel5.8" -m 512 \
-smp 2 -boot d \
-drive file=/VM/images/rhel5.8/hda,if=virtio,index=0,media=disk,format=qcow2 \
-drive file=/isos/rhel-5.8.iso,index=1,media=cdrom \
-net nic,model=virtio,macaddr=52:54:00:A5:41:1E \
需要注意的是,上述命令中使用的硬盤映像文件/VM/images/rhel5.8/hda需要事先使用qemu-img命令創建,其具體使用格式請見下章介紹。
在虛擬機創建並安裝GuestOS完成之後,可以免去光驅設備直接啓動之。命令如下所示。
# qemu-kvm -name "rhel5.8" -m 512 \
-smp 2 -boot d \
-drive file=/VM/images/rhel5.8/hda,if=virtio,index=0,media=disk,format=qcow2 \
-net nic,model=virtio,macaddr=52:54:00:A5:41:1E \
-vga cirrus -balloon virtio
2.5.6.1.7 使用qemu-img管理磁盤映像
qemu-img是qemu用來事先磁盤映像管理的工具組件,其有許多子命令,分別用於實現不同的管理功能,而每一個子命令也都有一系列不同的選項,其使用語法格式爲"qemu-img subcommand [ options]",支持的子命令如下。
create:創建一個新的磁盤映像文件;
check:檢查磁盤映像文件中的錯誤;
convert:轉換磁盤映像的格式;
info:顯示指定磁盤映像的信息;
snapshot:管理磁盤映像的快照;
commit:提交磁盤映像的所有改變;
rbase:基於某磁盤映像創建新的映像文件;
resize:增大或縮減磁盤映像文件的大小;
使用create子命令創建磁盤映像的命令格式爲"create [ -f fmt ] [ -o options ] filename [size]",例如下面的命令創建一個格式爲qcow2的120G的稀疏磁盤映像文件。
# qemu-img create -f qcow2 /VM/images/rhel5.8/hda 120G Formatting '/VM/images/rhel5.8/hda',fmt=qcow2 size=128849018880 encryption=off cluster_size=65536
更進一步使用信息請參照手冊頁。
KVM(2)
KVM的網絡功能
qemu-kvm所提供的網絡模型:
基於網橋的虛擬機網卡:-net tap
基於NAT的虛擬機網絡:
Qemu內置的用戶網絡模式:-net user
直接分配網絡設備(VT-d, SR-IOV)
-net nic:爲VM添加虛擬網卡並指明虛擬網卡特性
-net user, -net tap:定義虛擬網絡,並制定如何將VM的虛擬網卡連入虛擬網絡
-net none:禁用vm的網絡功能
-net nic -net tap, -net nic -net user
-net nic[,vlan=n][,macaddr=mac][,model=type][,name=name][,addr=addr][,vectors=v]
-net nic,model=virtio
查看本機的qemu-kvm支持網絡接口類型:
# qemu-kvm -net nic,model=?
qemu: Supported NIC models: ne2k_pci,i82551,i82557b,i82559er,rt18139,e1000,pcnet,virtio
注意:(1) 如果需要爲VM添加多塊網卡,則要多使用"-net nic"選項;
(2) 需要爲VM的網卡指定MAC地址,地址範圍屬於"52:54:00"開頭的地址塊;-net tap[,vlan=n][,name=name][,fd=h][,ifname=name][,script=file][,downscript=dfile]
ifname=
script=/path/to/some_script:虛擬機啓動時,tap爲其創建的Nic的後半段會保留host上,在host之上通常需要將其添加至某橋上,實現虛擬網絡功能;
downscript=/path/to/some_script:虛擬機關閉時,如果處理此前的啓動腳本爲其設置網絡;
KVM常用的虛擬網絡模型:
橋接模型
NAT模型
路由模型
隔離模型
nat模型網絡腳本示例:
/etc/qemu-natup
#!/bin/bash
#
bridge="isbr"
net="10.0.0.0/8"
ifaddr=10.0.10.1
checkbr() {
if brctl show | grep -i "^$1"; then
return 0
else
return 1
fi
}
initbr() {
brctl addbr $bridge
ip link set $bridge up
ip addr add $ifaddr dev $bridge
}
enable_ip_forward() {
sysctl -w net.ipv4.ip_forward=1
}
setup_nat() {
checkbr $bridge
if [ $? -eq 1 ]; then
initbr
enable_ip_forward
iptables -t nat -A POSTROUTING -s $net ! -d $net -j MASQUERADE
fi
}
if [ -n "$1" ]; then
setup_nat
ip link set $1 up
brctl addif $bridge $1
exit 0
else
echo "Error: no interface specified."
exit 1
fi
/etc/qemu-natdown
#!/bin/bash
#
bridge="isbr"
remove_rule() {
iptables -t nat -F
}
isalone_bridge() {
if ! brctl show | awk "/^$bridge/{print \$4}" | grep "[^[:space:]]" &> /dev/null; then
ip link set $bridge
brctl delbr $bridge
remove_rule
fi
}
if [ -n "$1" ]; then
ip link set $1 down
brctl delif $bridge $1
isalone_bridge
exit 0
else
echo "Error: no interface specified."
exit 1
fi
手動設置接口添加至指定橋的過程:
brctl addr $BR
ip link set $IF up
ip link set $BR up
brctl addif $BR $IF
virtio半虛擬化:
HVM:虛擬化CPU
I/O半虛擬化分爲兩段:
前端驅動(virtio前半段):virtio-blk,virtio-net,virtio-pci,virtio-balloon,virtio-console
Linux:CentOS 4.8+, 5.3+, 6.0+, 7.0+
Windows:
virtio:虛擬隊列,virt-ring
transport:
後端處理程序(virt backend drivers):在QEMU中實現;virtio
virtio-balloon:
ballooning:讓VM中運行的GuestOS中運行調整其內存大小;
# qemu-kvm -balloon virtio
手動查看GuestOS內存用量
info balloon
balloon Nvirtio-net:
其依賴於GuestOS中的驅動,及Qemu中的後端驅動
GuestOS:virtio_net.ko
Qemu:qemu-kvm -net nic,model=?
qemu-kvm -net nic,model=virtio
Host中的GSO,TSO
關掉可能會提升性能:
ethtool -K $IF gso off
ethtool -K $IF tso off
ethtool -K $IF
vhost-net:用於取代工作於用戶空間的qemu中爲virtio-net實現的後端驅動以實現性能提升的驅動;
-net tap[,vnet_hdr=on|off][,vhost=on|off]
qemu-kvm -net tap,vnet_hdr=on,vhost=on
virtio-blk:
其依賴於GuestOS中的驅動,及Qemu中的後端驅動
-drive file=/path/to/some_image_file,if=virtio
kvm_clock:半虛擬化的時鐘
# grep -i "paravirt" /boot/config-2.6.32-504.el6.x86_64
CONFIG_PARAVIRT_GUEST=y
CONFIG_PARAVIRT=y
CONFIG_PARAVIRT_CLOCK=yVM Migration:
static migration
live migration
整體遷移時間
服務器遷移時間
對服務的性能的映像
在待遷入主機使用
# qemu-kvm -vnc :N -incoming tcp:0:7777
# vncviewer :590N
在源主機使用
monitor接口:
migrate tcp:DEST_IP:DEST:PORTlibvirt工具棧:
支持的虛擬化技術:KVM,XEN,LXC,VMWARE,Qemu,OpenVZ;
libvirt中的術語:
node:指物理節點
hypervisor:
domian: vm instances
安裝:
CentOS 6 # yum install libvirt libvirt-client python-virtinst virt-manager
CentOS 7 # yum install libvirt libvirt-client virt-manager virt-install
libvirt和libvirtd的配置文件:
libvirt配置文件:/etc/libvirt/libvirt.conf
守護進行配置文件:/etc/libvirt/libvirtd.conf
域配置文件:xml格式
<vcpu placement='static'>2</vcpu>
<features>
<domain>
</domain>Hypervisor的訪問路徑:
本地URL:
driver[+transport]:///[path][?extral-param]
driver:驅動名稱,例如qemu, xen, lxc
transport:傳輸方式
kvm使用qemu驅動,使用格式qemu:///system, 例如qemu:///system遠程URL:
driver[+transport]://[user@][host][:port]/[path][?extral-param]
例如:qemu://172.16.100.6/system
qemu+ssh:\//[email protected]/system
qemu+tcp://172.16.100.6/system工具使用:
(1) CLI:virt-install, virsh
(2) virt-manager
補充資料:virt-install使用文檔
2.5.3.2 使用virt-install創建虛擬機並安裝GuestOS
virt-install是一個命令行工具,它能夠爲KVM、Xen或其他支持libvirt API的hypervisor創建虛擬機並完成GuestOS安裝;此外,它能夠基於串行控制檯、VNC或SDL支持文本或圖形安裝界面,安裝過程可以使用本地的安裝介質如CDROM,也可以通過網絡方式如NFS、HTTP或FTP服務事項,對於通過網絡安裝的方式,virt-install可以自動加載必要的文件以啓動安裝過程而無須額外提供引導工具。當然,virt-install也支持PXE方式的安裝過程,也能夠直接使用現有的磁盤映像直接啓動安裝過程。
virt-install命令有許多選項,這些選項大體可分爲下面幾大類,同時對每類中的常用選項也做出簡單說明。
一般選項:指定虛擬機的名稱、內存大小、VCPU個數及特性等;
-n NAME, --name=NAME: 虛擬機名稱,需全局唯一;
-r MEMORY, --ram=MEMORY: 虛擬機內存大小,單位爲MB;
--vcpus=VCPUS[,maxvcpus=MAX][,sockets=#][,cores=#][,threads=#]: VCPU個數及相關配置;
安裝方法:指定安裝方法、GuestOS類型等;
-c CDROM, --cdrom=CDROM: 光盤安裝介質
-l LOCATION, --location=LOCATION: 安裝源URL,支持FTP、HTTP及NFS等,如ftp:\//172.16.0.1/pub,http:\//172.16.0.1/cobbler/ks_mirros/CentOS-7-x86_64;
--pxe: 基於PXE完成安裝;
--livecd: 吧光盤當做LiveCD;
--os-type=DISTRO_TYPE: 操作系統類型,如linux、unix或windows等;
-x EXTRA, --extra-args=EXTRA: 根據--location指定的方式安裝GuestOS時,用於傳遞給內核的額外選項,例如指定kickstart文件的位置,--extra-args "ks=http:\//172.16.0.1/class.cfg"
--boot=BOOTOPTS: 指定安裝過程完成後的配置選項,如指定引導設備次序,使用指定的而非安裝的kernel/initrd來引導系統啓動等;例如:
--boot cdrom,hd,network: 指定引導次序;
--boot kernel=KERNEL,initrd=INITRD,kernel_args="console=/dev/ttyS0": 指定啓動系統的內核及initrd文件;
存儲配置:指定存儲類型、位置及屬性等:
--disk=DISKOPTS:指定存儲設備及其屬性;格式爲--disk /some/storage/path,opt1=val1,opt2=val2等;常用的選項有:
device:設備類型,如cdrom、disk或floppy等,默認爲disk;
bus:磁盤總線類型,其值可以爲ide、scsi、usb、virtio或xen;
perms:訪問選項,如rw、ro或sh(恭喜的可讀寫),默認爲rw;
size:新建磁盤映像的大小,單位爲GB;
cache:緩存模型,其值有none、writethrouth(緩存讀)及writeback(緩存讀寫);
format:磁盤映像格式,如raw、qcow2、vmdk等;
sparse:磁盤映像使用稀疏格式,即不立即分配指定大小的空間;
--nodisks:不使用本地磁盤,在LiveCD模式中常用;
網絡配置:指定網絡接口的網絡類型及接口屬性如MAC地址、驅動模式等;
-w NETWORK,--network=NETWORK,opt1=val1,opt2=val2:將虛擬機連入宿主機的網絡中,其中NETWORK可以爲:
bridge=BRIDGE:連接至名爲"BRIDGE"的橋設備;
network=NAME:連接至名爲"NAME"的網絡;
其它常用的選項還有:
model:GuestOS中看到的網絡設備型號,如e1000、rt18139或virtio等;
mac:固定的MAC地址;省略此選項時將使用隨機地址,但無論何種方式,對於KVM來說,其前三段必須爲52:54:00:
--nonetworks:虛擬機不適用網絡功能;
圖形配置:定義虛擬機顯示功能相關的配置,如VNC相關配置;
--grapthics TYPE,opt1=val1,opt2=val2:指定圖形顯示相關的配置,此選項不會配置任何顯示硬件(如顯卡),而是僅指定虛擬機啓動後對其進行訪問的接口;
TYPE:指定顯示類型,可以爲vnc、sdl、spice或none等,默認爲vnc;
port:TYPE爲vnc或spice時其監聽的端口;
lisetn:TYPE爲vnc或spice時所監聽的IP地址,默認爲127.0.0.1,可以通過修改/etc/libvirt/qemu;
conf定義新的默認值:
password:TYPE爲vnc或spice時,爲遠程訪問監聽的服務指定認證密碼;
--noautoconsole:禁止自動連接至虛擬機的控制檯;
設備選項:指定文本控制檯、聲音設備、串行接口、並行接口、顯示接口等;
--serial=CHAROPTS:附加一個串行設備至當前虛擬機,根據設備類型的不同,可以使用不同的選項,格式爲"--serial type,opt1=val1,opt2=val2,...",例如:
--serial pty:創建僞終端;
--serial dev,path=HOSTPATH:附加主機設備至此虛擬機;
其他:
--autostart:指定虛擬機是否在物理啓動後自動啓動;
--print-xml:如果虛擬機不需要安裝過程(--import、--boot),則顯示生成的XML而不是創建此虛擬機;默認情況下,此選項仍會創建磁盤映像;
--force:禁止命令進入交互式模式,如果有需要回答yes或no選項,則自動回答爲yes;
--dry-run:執行創建虛擬機的整個過程,但不真正的創建虛擬機、改變主機上的設備配置信息及將其創建的需求通知給libvirt;
-d, --debug:顯示debug信息;
儘管virt-install命令有着類似上述的衆多選項,但實際使用中,其必須提供選項僅包括--name、--ram、--disk(也可是--nodisks)及安裝過程相關的選項,此外,有時還需要使用--connect=CONNECT選項來指定連接至一個非默認的hypervisor;
使用示例:
(1) # virt-install -n "centos6" -r 512 --vcpus=2 -l http:\//172.16.0.1/cobbler/ks_mirros/CentOS-6.6-x86_64/ -x "ks=http:\//172.16.0.1/centos6.x86_64.cfg" --disk path=/images/kvm/centos6.img,size=120,sparse --force -w bridge=br100,model=virtio
(2) 下面這個示例創建一個名爲rhel5的虛擬機,其hypervisor爲KVM,內存大小爲512MB,磁盤爲8G的映像文件/var/lib/libvirt/images/rhel5.8.img,通過boot.iso光盤鏡像來引導啓動安裝過程。
# virt-install \
--connect qemu:///system \
--virt-type kvm \
--name rhel5 \
--ram 512 \
--disk path=/var/lib/libvirt/images/rhel5.img,size=8 \
--graphics vnc \
--cdrom /tmp/boot.iso \
--os-variant rhel5
(3) 下面的示例將創建一個名爲rhel6的虛擬機,其有兩個虛擬CPU,安裝方法爲FTP,並制定了ks文件的位置,磁盤映像文件爲稀疏格式,連接至物理主機上的名爲brnet0的橋接網絡;
# virt-install \
--connect qemu:///system \
--virt-type kvm \
--name rhel6 \
--ram 1024 \
--vcpus 2 \
--network bridge=brnet0 \
--disk path=/VMs/images/rhel6.img,size=120,sparse \
--location ftp:\//172.16.0.1/rhel6/dvd \
--extra_args "ks=http:\//172.16.0.1/rhel6.cfg" \
--os-variant rhel6 \
--force
(4) 下面的示例將創建一個名爲rhel5.8的虛擬機,磁盤映像文件爲稀疏模式的格式爲qcow2且總線類型爲virtio,安裝過程不啓動圖形界面(--nographics),但會啓動一個串行終端將安裝過程以字符形式顯示在當前文本模式下,虛擬機顯卡類型爲cirrus;
# virt-install \
--connect qemu:///system \
--virt-type kvm \
--name rhel5.8 \
--vcpus 2,maxvcpus=4 \
--ram 512 \
--disk path=/VMs/images/rhel5.8.img,size=120,format=qcow2,bus=virtio,sparse \
--network bridge=brnet0,model=virtio
--nographics \
--location ftp:\//172.16.0.1/pub \
--extra-args "ks=http:\//172.16.0.1/class.cfg console=ttyS0 serial" \
--os-variant rhel5 \
--force \
--video=cirrus
(5) 下面的示例則利用已經存在的磁盤映像文件(已經有安裝好的系統)創建一個名爲rhel5.8的虛擬機;
# virt-install \
--name rhel5.8
--ram 512
--disk /VMs/rhel5.8.img
--import
virt-install -n cirros -r 128 --vcpus=1,maxvcpus=4 --disk /images/cirros/cirros-0.4.0-x86_64-disk.img --network bridge=br0,model=virtio --import --serial=pty --console=pty --nographics
^]:使用ctrl+]回到物理機終端;
注意:每個虛擬機創建後,其配置信息保存在/etc/libvirt/qemu目錄中,文件名與虛擬機相同,格式爲XML;
virsh的幾個常用命令:
virt-install:創建虛擬機,並安裝OS,也可創建虛擬機並導入Image文件;
根據xl文件創建:
create:創建並啓動
define:創建但不啓動
關閉domain:
destroy
shutdown
reboot
刪除domain:
undefine
連接至console:
console
列出:
list
附加或拆除disk:
attach-disk
detach-disk
附加或拆除網卡:
attach-interface
detach-interface
保存狀態至磁盤文件或從磁盤文件恢復:
save
restore
暫停於內存和繼續運行:
suspend
resume
Host 和Hypervisor:
sysinfo, uri, connect
網絡接口:
iface-list, iface-bridge
虛擬網絡:
net-list
virt-manager:GUI工具
Linux內核:
namespace:名稱空間
文件系統隔離:
網絡隔離:主要用於實現網絡資源的隔離,包括網絡設備、IPv4地址或IPv6地址、IP路由表、防火牆、/proc/net、/sys/class/net以及套接字等;
IPC隔離:
用戶和用戶組隔離:
PID隔離:對名稱空間內的PID重新標號,兩個不同的名稱空間可以使用相同的PID;
UTS隔離:Unix Time-sharing System,提供主機名和域名的隔離;
cgroups:控制組
用於完成資源配置,用於實現限制被各namespace隔離起來的資源,還可以爲資源設置權重,計算使用量、完成各種所需的管理任務等;
Linux Network NameSpace:
注意:netns在內核實現,其控制功能由iproute所提供的netns這個OBJECT來提供;CentOS6.6提供的iproute不具有此OBJECT,需要依賴於OpenStack Icehouse的EPEL源來提供:
1、使用netns
ip netns list
ip netns add NAME
ip netns del NAME
ip netns exec NAME COMMAND
2、使用虛擬以太網卡
ip link add FRONTEND-NAME type veth peer name BACKEND-NAME
虛擬化管理工具:
http://www.linux-kvm.org/page/Management_Tools
實驗環境:
操作系統:Centos7.5
IP地址:172.16.100.67
內核:2.6.32-504.el6.x86_64
我這裏使用VMware Workstation實驗操作,需要在虛擬機Inter VT-x/EPT或AMD-V/RVI(V);
[root@kvm ~]# hostname kvm.server.com
NETWORKING=yes
[root@localhost ~]# vim /etc/hostname
kvm.server.com
[root@kvm ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.100.6 kvm kvm.server.com查看是否支持硬件輔助虛擬化;
[root@kvm ~]# grep -E --color=auto "(vmx|svm)" /proc/cpuinfo
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust smep arat
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust smep arat
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust smep arat
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm tpr_shadow vnmi ept vpid fsgsbase tsc_adjust smep arat加載kvm核心模塊,如果CPU是intel加載相關kvm模塊;
[root@kvm ~]# modprobe kvm
[root@kvm ~]# modprobe kvm-intel
[root@kvm ~]# lsmod | grep kvm
kvm_intel 174841 0
kvm 578518 1 kvm_intel
[root@kvm ~]# ls /dev/kvm
/dev/kvm
[root@kvm ~]# yum grouplist | grep -i "virtualization"
Virtualization
Virtualization Client
Virtualization Platform
Virtualization Tools
[root@kvm ~]# yum -y install qemu-kvm
[root@kvm ~]# ln -sv /usr/libexec/qemu-kvm /usr/bin/到http://download.cirros-cloud.net/0.4.0/ 下載cirros-0.4.0-x86_64-disk.img文件;
[root@kvm ~]# qemu-img info cirros-0.4.0-x86_64-disk.img
image: cirros-0.4.0-x86_64-disk.img
file format: qcow2
virtual size: 44M (46137344 bytes)
disk size: 12M
cluster_size: 65536
Format specific information:
compat: 1.1
lazy refcounts: false
[root@kvm ~]# qemu-kvm -m 128 -smp 2 -name "test" -hda cirros-0.4.0-x86_64-disk.img
VNC server running on `::1:5900'
[root@kvm ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 1 ::1:5900 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@kvm ~]# yum -y install tigervnc
[root@kvm ~]# vncviewer :5900
ctrl+alt+2可以完成控制檯切換(監控接口)
可以使用help查看監控命令,可以使用info查看虛擬機相關信息,切換回去使用ctrl+alt+1;;
[root@kvm ~]# ps aux | grep qemu-kvm
root 14212 6.3 3.1 807032 121556 pts/0 Sl+ 12:38 1:12 qemu-kvm -m 128 -smp 2 -name test -hda cirros-0.4.0-x86_64-disk.img
root 15423 0.0 0.0 112720 984 pts/2 S+ 12:57 0:00 grep --color=auto qemu-kvm
[root@kvm ~]# kill -9 14212
[root@kvm ~]# qemu-kvm -m 128 -smp 2 -name "test" -hda cirros-0.4.0-x86_64-disk.img
VNC server running on `::1:5900'
[root@kvm ~]# vncviewer :5900不指定cpu類型,cpu類型爲qemu virtual cpu;
使用底層物理主機cpu;
[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -hda cirros-0.4.0-x86_64-disk.img
VNC server running on `::1:5900'
[root@kvm ~]# vncviewer :5900cpu類型爲物理機cpu型號;
virtio使用半虛擬化;
[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback
VNC server running on `::1:5901'
安裝windows xp:
[root@kvm ~]# mkdir -pv /images/windows
[root@kvm ~]# qemu-img create -f qcow2 /images/windows/winxp.qcow2 -o ?
Supported options:
size Virtual disk size
compat Compatibility level (0.10 or 1.1)
backing_file File name of a base image
backing_fmt Image format of the base image
encryption Encrypt the image
cluster_size qcow2 cluster size
preallocation Preallocation mode (allowed values: off, metadata, falloc, full)
lazy_refcounts Postpone refcount updates
[root@kvm ~]# qemu-img create -f qcow2 /images/windows/winxp.qcow2 -o size=20G,preallocation=metadata
[root@kvm ~]# ll -h /images/windows/winxp.qcow2
-rw-r--r--. 1 root root 21G 12月 25 11:09 /images/windows/winxp.qcow2
[root@kvm ~]# du -sh /images/windows/winxp.qcow2
4.1M /images/windows/winxp.qcow2
[root@kvm ~]# qemu-kvm -m 512 -smp 2 -cpu host -drive file=/images/windows/winxp.qcow2,media=disk -drive file=/root/winxp_ghost.iso,media=cdrom -boot order=dc,once=d
[root@kvm ~]# vncviewer :5900
啓用SDL功能,默認SDL是禁用的,應該是編譯qemu-kvm時候沒有啓用SDL功能;
[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -sdl
SDL support is disabled修改vnc監聽端口;
[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -vnc 172.16.100.67:0
[root@kvm ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6013 *:*
LISTEN 0 1 172.16.100.67:5900 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6010 *:*
LISTEN 0 128 ::1:6013 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6010 :::*使用windows的VNC Viewer進行連接;
設置vnc登錄密碼;[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -vnc 172.16.100.67:0,password
直接顯示monitor;
[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -vnc 172.16.100.67:0,password -monitor stdio
QEMU 1.5.3 monitor - type 'help' for more information
(qemu) change vnc password #設置登錄密碼
Password: ******** #smoke520
[root@kvm ~]# vncviewer 172.16.100.67 port 5900
打開控制檯;[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -nographic -monitor stdio
使用ctl+a,c在console和monitor之間切換,如果不能切換,可以通過圖形界面操作一次再進行測試;
使用vgs顯示類型cirrus;[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -nographic -vga cirrus
$ lspci
00:00.0 Class 0600: 8086:1237
00:01.0 Class 0601: 8086:7000
00:01.1 Class 0101: 8086:7010
00:01.3 Class 0680: 8086:7113
00:02.0 Class 0300: 1013:00b8
00:03.0 Class 0200: 8086:100e
00:04.0 Class 0100: 1af4:1001
$ ls /sys/bus
acpi event_source mipi-dsi pci_express sdio vme
clockevents i2c mmc platform serio workqueue
clocksource machinecheck nd pnp spi xen
container mdio_bus node rapidio usb xen-backend
cpu memory pci scsi virtio
$ ls /sys/bus/pci
devices drivers_autoprobe rescan slots
drivers drivers_probe resource_alignment uevent
$ lsmod
Module Size Used by Not tainted
nls_iso8859_1 16384 0
isofs 40960 0
ip_tables 24576 0
x_tables 36864 1 ip_tables
pcnet32 45056 0
8139cp 28672 0
mii 16384 2 pcnet32,8139cp
ne2k_pci 16384 0
8390 20480 1 ne2k_pci
e1000 135168 0
virtio_scsi 20480 0
# poweroff創建橋;
[root@kvm ~]# yum list all | grep -i bridge
bridge-utils.x86_64 1.5-9.el7 base
cockpit-bridge.x86_64 176-4.el7.centos extras
[root@kvm ~]# modinfo bridge
filename: /lib/modules/3.10.0-862.el7.x86_64/kernel/net/bridge/bridge.ko.xz
alias: rtnl-link-bridge
version: 2.3
license: GPL
retpoline: Y
rhelversion: 7.5
srcversion: A0B6183F98024E85CD123C5
depends: stp,llc
intree: Y
vermagic: 3.10.0-862.el7.x86_64 SMP mod_unload modversions
signer: CentOS Linux kernel signing key
sig_key: 3A:F3:CE:8A:74:69:6E:F1:BD:0F:37:E5:52:62:7B:71:09:E3:2B:96
sig_hashalgo: sha256
[root@kvm ~]# yum -y install bridge-utils
[root@kvm ~]# brctl addbr br0
[root@kvm ~]# ifconfig br0
br0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 32:41:58:12:f2:2d txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
[root@kvm ~]# brctl delbr br0
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
[root@kvm ~]# brctl addbr br0
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
[root@kvm ~]# ip link set br0 up
[root@kvm ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 0
link/ether 00:0c:29:4d:1a:85 brd ff:ff:ff:ff:ff:ff
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 0
link/ether 00:0c:29:4d:1a:8f brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 0
link/ether de:0f:35:9a:40:7e brd ff:ff:ff:ff:ff:ff
[root@kvm ~]# nmtui #圖形界面添加橋
[root@kvm ~]# nmcli #字符界面添加橋
[root@kvm ~]# qemu-kvm -net nic,model=? #查看支持的網卡接口類型
qemu: Supported NIC models: ne2k_pci,i82551,i82557b,i82559er,rtl8139,e1000,pcnet,virtio
[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -nographic -net nic -net tap,ifname=vif0.0,script=no$ sudo su -
# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:12:34:56
inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1332 (1.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
# lsmod
Module Size Used by Not tainted
nls_iso8859_1 16384 0
isofs 40960 0
ip_tables 24576 0
x_tables 36864 1 ip_tables
pcnet32 45056 0
8139cp 28672 0
mii 16384 2 pcnet32,8139cp
ne2k_pci 16384 0
8390 20480 1 ne2k_pci
e1000 135168 0
virtio_scsi 20480 0[root@kvm ~]# ifconfig -a
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::dc0f:35ff:fe9a:407e prefixlen 64 scopeid 0x20<link>
ether de:0f:35:9a:40:7e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.100.67 netmask 255.255.255.0 broadcast 172.16.100.255
inet6 fe80::b1b8:96a7:a44f:457a prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:85 txqueuelen 1000 (Ethernet)
RX packets 951575 bytes 1245256906 (1.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 164474 bytes 34905276 (33.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.190.133 netmask 255.255.255.0 broadcast 192.168.190.255
inet6 fe80::883a:9679:298f:e313 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:8f txqueuelen 1000 (Ethernet)
RX packets 310638 bytes 34915775 (33.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12045 bytes 1078798 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 205148 bytes 1012812935 (965.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 205148 bytes 1012812935 (965.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether d6:60:69:3c:00:75 txqueuelen 1000 (Ethernet)
RX packets 10 bytes 1332 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# vim /etc/qemu-ifup
#!/bin/bash
#
bridge=br0
if [ -n "$1" ];then
ip link set $1 up
brctl addif $bridge $1
[ $? -eq 0 ] && exit 0 || exit 1
else
echo "Error: no interface specified."
exit 1
fi
[root@kvm ~]# bash -n /etc/qemu-ifup
[root@kvm ~]# chmod +x /etc/qemu-ifup# poweroff
隔離模型配置:兩個虛擬機通過同一網橋進行通信;
創建虛擬機test;[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -nographic -net nic -net tap,ifname=vif0.0,script=/etc/qemu-ifup
$ sudo su -
# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:12:34:56
inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1332 (1.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)[root@kvm ~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::dc0f:35ff:fe9a:407e prefixlen 64 scopeid 0x20<link>
ether 8a:94:56:87:cc:af txqueuelen 1000 (Ethernet)
RX packets 20 bytes 2384 (2.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.100.67 netmask 255.255.255.0 broadcast 172.16.100.255
inet6 fe80::b1b8:96a7:a44f:457a prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:85 txqueuelen 1000 (Ethernet)
RX packets 956162 bytes 1245673566 (1.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 166357 bytes 35105450 (33.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.190.133 netmask 255.255.255.0 broadcast 192.168.190.255
inet6 fe80::883a:9679:298f:e313 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:8f txqueuelen 1000 (Ethernet)
RX packets 352423 bytes 37659211 (35.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12923 bytes 1171612 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 205148 bytes 1012812935 (965.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 205148 bytes 1012812935 (965.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif0.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::8894:56ff:fe87:ccaf prefixlen 64 scopeid 0x20<link>
ether 8a:94:56:87:cc:af txqueuelen 1000 (Ethernet)
RX packets 10 bytes 1332 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.8a945687ccaf no vif0.0創建虛擬機test1,如果啓動第二臺虛擬機啓動失敗,問題在於兩臺虛擬機使用同一個磁盤鏡像文件,存在像同一個磁盤文件同時寫入數據導致,可以複製鏡像文件一份啓動,或者第一個虛擬機配置後使用sync同步,再啓動第二臺;
[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test1" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -nographic -net nic -net tap,ifname=vif1.0,script=/etc/qemu-ifup
[root@kvm ~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::dc0f:35ff:fe9a:407e prefixlen 64 scopeid 0x20<link>
ether 8a:94:56:87:cc:af txqueuelen 1000 (Ethernet)
RX packets 24 bytes 2672 (2.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.100.67 netmask 255.255.255.0 broadcast 172.16.100.255
inet6 fe80::b1b8:96a7:a44f:457a prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:85 txqueuelen 1000 (Ethernet)
RX packets 956747 bytes 1245720743 (1.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 167094 bytes 35192944 (33.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.190.133 netmask 255.255.255.0 broadcast 192.168.190.255
inet6 fe80::883a:9679:298f:e313 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:8f txqueuelen 1000 (Ethernet)
RX packets 352658 bytes 37675061 (35.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12931 bytes 1172458 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 205148 bytes 1012812935 (965.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 205148 bytes 1012812935 (965.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif0.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::8894:56ff:fe87:ccaf prefixlen 64 scopeid 0x20<link>
ether 8a:94:56:87:cc:af txqueuelen 1000 (Ethernet)
RX packets 11 bytes 1418 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 906 (906.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif1.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a4ca:aeff:feda:11d7 prefixlen 64 scopeid 0x20<link>
ether a6:ca:ae:da:11:d7 txqueuelen 1000 (Ethernet)
RX packets 3 bytes 258 (258.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 734 (734.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.8a945687ccaf no vif0.0
vif1.0配置test虛擬機網卡;
$ sudo su -
# ifconfig eth0 192.168.2.1 netmask 255.255.255.0
# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:12:34:56
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:161 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:762 (762.0 B) TX bytes:10418 (10.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:220 errors:0 dropped:0 overruns:0 frame:0
TX packets:220 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:21832 (21.3 KiB) TX bytes:21832 (21.3 KiB)配置test1虛擬機網卡;
$ sudo su -
# ifconfig eth0 192.168.2.2 netmask 255.255.255.0
# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:12:34:56
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:151 errors:0 dropped:0 overruns:0 frame:0
TX packets:155 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9086 (8.8 KiB) TX bytes:9942 (9.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)通過虛擬機test ping test1虛擬機,發現不通,是因爲兩臺虛擬機MAC地址一樣;
# ping 192.168.2.2
PING 192.168.2.2 (192.168.2.2): 56 data bytes關閉test2虛擬機,重新生成MAC地址;# poweroff
[root@kvm ~]# qemu-kvm -m 128 -cpu host -smp 2 -name "test1" -drive file=cirros-0.4.0-x86_64-disk.img,if=virtio,media=disk,format=qcow2,cache=writeback -nographic -net nic,macaddr=52:54:00:12:34:57 -net tap,ifname=vif1.0,script=/etc/qemu-ifup
$ sudo su -
# ifconfig eth0 192.168.2.2 netmask 255.255.255.0
# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:12:34:57
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe12:3457/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1332 (1.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)通過虛擬機test ping test1虛擬機;
# ping 192.168.2.2
PING 192.168.2.2 (192.168.2.2): 56 data bytes
64 bytes from 192.168.2.2: seq=0 ttl=64 time=3.308 ms
64 bytes from 192.168.2.2: seq=1 ttl=64 time=1.646 ms
64 bytes from 192.168.2.2: seq=2 ttl=64 time=1.219 ms
64 bytes from 192.168.2.2: seq=3 ttl=64 time=1.774 ms路由+NAT模式配置(一):
[root@kvm ~]# ip link add veth1.0 type veth peer veth1.1 #添加兩塊虛擬機網卡,並且成爲一對;
[root@kvm ~]# ifconfig -a
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::dc0f:35ff:fe9a:407e prefixlen 64 scopeid 0x20<link>
ether 4e:b6:06:8d:06:3a txqueuelen 1000 (Ethernet)
RX packets 757 bytes 39882 (38.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.100.67 netmask 255.255.255.0 broadcast 172.16.100.255
inet6 fe80::b1b8:96a7:a44f:457a prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:85 txqueuelen 1000 (Ethernet)
RX packets 990915 bytes 1285916651 (1.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 178398 bytes 36389257 (34.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.190.133 netmask 255.255.255.0 broadcast 192.168.190.255
inet6 fe80::883a:9679:298f:e313 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:8f txqueuelen 1000 (Ethernet)
RX packets 354425 bytes 37791220 (36.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12967 bytes 1175947 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 205256 bytes 1012825571 (965.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 205256 bytes 1012825571 (965.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 0a:b8:18:b9:0a:8a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1.0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 46:ac:ce:e9:7b:ac txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif0.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::4cb6:6ff:fe8d:63a prefixlen 64 scopeid 0x20<link>
ether 4e:b6:06:8d:06:3a txqueuelen 1000 (Ethernet)
RX packets 17 bytes 1942 (1.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25 bytes 2590 (2.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif1.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fcbd:a7ff:feaf:971b prefixlen 64 scopeid 0x20<link>
ether fe:bd:a7:af:97:1b txqueuelen 1000 (Ethernet)
RX packets 17 bytes 1942 (1.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1258 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# ip link set veth0 up
[root@kvm ~]# ip link set veth1.0 up
[root@kvm ~]# brctl addif br0 veth1.0
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.46accee97bac no veth1.0
vif0.0
vif1.0
[root@kvm ~]# ifconfig veth0 192.168.2.254 netmask 255.255.255.0通過虛擬機test ping 192.168.2.254,並添加網關;
# ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254): 56 data bytes
64 bytes from 192.168.2.254: seq=0 ttl=64 time=57.522 ms
64 bytes from 192.168.2.254: seq=1 ttl=64 time=0.612 ms
64 bytes from 192.168.2.254: seq=2 ttl=64 time=0.552 ms
64 bytes from 192.168.2.254: seq=3 ttl=64 time=0.837 ms
# route add default gw 192.168.2.254
# ping 172.16.100.67 #ping宿主機出口網卡通,是因爲linux地址是屬於主機而不是網卡;
PING 172.16.100.67 (172.16.100.67): 56 data bytes
64 bytes from 172.16.100.67: seq=0 ttl=64 time=0.706 ms
64 bytes from 172.16.100.67: seq=1 ttl=64 time=0.759 ms
64 bytes from 172.16.100.67: seq=2 ttl=64 time=0.631 ms
64 bytes from 172.16.100.67: seq=3 ttl=64 time=0.844 ms
# ping 172.16.100.254 #ping宿主機外面主機不通;
PING 172.16.100.254 (172.16.100.254): 56 data bytes[root@kvm ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@kvm ~]# echo 1 > /proc/sys/net/ipv4/ip_forward# ping 172.16.100.254 #還是不通,因爲報文可以出去但是回不來;
PING 172.16.100.254 (172.16.100.254): 56 data bytes
[root@kvm ~]# tcpdump -i veth0 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:10:24.045633 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 56577, seq 280, length 64
16:10:25.130140 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 56577, seq 281, length 64
16:10:26.215759 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 56577, seq 282, length 64
[root@kvm ~]# tcpdump -i ens33 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
16:11:52.017641 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 56577, seq 361, length 64
16:11:53.102113 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 56577, seq 362, length 64
16:11:54.186597 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 56577, seq 363, length 64
[root@kvm ~]# iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to-source 172.16.100.67test虛擬機可以通向宿主機外部;
# ping 172.16.100.254
PING 172.16.100.254 (172.16.100.254): 56 data bytes
64 bytes from 172.16.100.254: seq=0 ttl=63 time=1.277 ms
64 bytes from 172.16.100.254: seq=1 ttl=63 time=0.964 ms
64 bytes from 172.16.100.254: seq=2 ttl=63 time=0.834 ms[root@kvm ~]# tcpdump -i veth0 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:19:56.134027 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 57345, seq 117, length 64
16:19:56.134447 IP 172.16.100.254 > 192.168.2.1: ICMP echo reply, id 57345, seq 117, length 64
16:19:57.224209 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 57345, seq 118, length 64
16:19:57.225032 IP 172.16.100.254 > 192.168.2.1: ICMP echo reply, id 57345, seq 118, length 64路由模式+NAT配置(二):
在路由模式+NAT配置(一)基礎上修改;
[root@kvm ~]# ip link del veth1.0 type veth peer veth1.1
[root@kvm ~]# ifconfig br0 192.168.2.254 netmask 255.255.255.0# ping 172.16.100.254
PING 172.16.100.254 (172.16.100.254): 56 data bytes
64 bytes from 172.16.100.254: seq=0 ttl=63 time=3.631 ms
64 bytes from 172.16.100.254: seq=1 ttl=63 time=1.304 ms
64 bytes from 172.16.100.254: seq=2 ttl=63 time=1.064 ms
64 bytes from 172.16.100.254: seq=3 ttl=63 time=0.972 ms[root@kvm ~]# tcpdump -i br0 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:52:17.377937 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 59137, seq 0, length 64
16:52:17.387164 IP 172.16.100.254 > 192.168.2.1: ICMP echo reply, id 59137, seq 0, length 64
16:52:18.474832 IP 192.168.2.1 > 172.16.100.254: ICMP echo request, id 59137, seq 1, length 64
16:52:18.475454 IP 172.16.100.254 > 192.168.2.1: ICMP echo reply, id 59137, seq 1, length 64
[root@kvm ~]# tcpdump -i ens33 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
16:53:28.050863 IP 172.16.100.67 > 172.16.100.254: ICMP echo request, id 59137, seq 65, length 64
16:53:28.051268 IP 172.16.100.254 > 172.16.100.67: ICMP echo reply, id 59137, seq 65, length 64
16:53:29.137740 IP 172.16.100.67 > 172.16.100.254: ICMP echo request, id 59137, seq 66, length 64
16:53:29.138167 IP 172.16.100.254 > 172.16.100.67: ICMP echo reply, id 59137, seq 66, length 64橋接模式配置:
在路由模式+NAT配置(二)基礎上修改;
[root@kvm ~]# ip addr del 192.168.2.254/24 dev br0
[root@kvm ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:4d:1a:85 brd ff:ff:ff:ff:ff:ff
inet 172.16.100.67/24 brd 172.16.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::b1b8:96a7:a44f:457a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:4d:1a:8f brd ff:ff:ff:ff:ff:ff
inet 192.168.190.133/24 brd 192.168.190.255 scope global noprefixroute dynamic ens34
valid_lft 1143sec preferred_lft 1143sec
inet6 fe80::883a:9679:298f:e313/64 scope link noprefixroute
valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 4e:b6:06:8d:06:3a brd ff:ff:ff:ff:ff:ff
inet6 fe80::dc0f:35ff:fe9a:407e/64 scope link
valid_lft forever preferred_lft forever
21: vif0.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
link/ether 4e:b6:06:8d:06:3a brd ff:ff:ff:ff:ff:ff
inet6 fe80::4cb6:6ff:fe8d:63a/64 scope link
valid_lft forever preferred_lft forever
22: vif1.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
link/ether fe:bd:a7:af:97:1b brd ff:ff:ff:ff:ff:ff
inet6 fe80::fcbd:a7ff:feaf:971b/64 scope link
valid_lft forever preferred_lft forever
[root@kvm ~]# ip addr del 172.16.100.67/24 dev ens33
[root@kvm ~]# brctl addif br0 ens33
[root@kvm ~]# ip addr add 172.16.100.67/24 dev br0
[root@kvm ~]# ping 172.16.100.254 #橋網卡ping到達外部網關;
PING 172.16.100.254 (172.16.100.254) 56(84) bytes of data.
64 bytes from 172.16.100.254: icmp_seq=1 ttl=64 time=0.328 ms
64 bytes from 172.16.100.254: icmp_seq=2 ttl=64 time=0.340 ms
64 bytes from 172.16.100.254: icmp_seq=3 ttl=64 time=0.411 ms
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c294d1a85 no ens33
vif0.0
vif1.0配置test虛擬機網卡地址;
# ifconfig eth0 172.16.100.10 netmask 255.255.255.0
# ping 172.16.100.67
PING 172.16.100.67 (172.16.100.67): 56 data bytes
64 bytes from 172.16.100.67: seq=0 ttl=64 time=2.596 ms
64 bytes from 172.16.100.67: seq=1 ttl=64 time=0.592 ms
64 bytes from 172.16.100.67: seq=2 ttl=64 time=0.785 ms
# ping 172.16.100.254
PING 172.16.100.254 (172.16.100.254): 56 data bytes
64 bytes from 172.16.100.254: seq=0 ttl=64 time=8.336 ms
64 bytes from 172.16.100.254: seq=1 ttl=64 time=0.939 ms
64 bytes from 172.16.100.254: seq=2 ttl=64 time=1.112 ms
# poweroff關閉虛擬機後vif0.0接口自動消失,因此不需要添加qemu-ifdown腳本;
[root@kvm ~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.100.67 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::dc0f:35ff:fe9a:407e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:85 txqueuelen 1000 (Ethernet)
RX packets 27843 bytes 2750292 (2.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 492 bytes 39292 (38.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::b1b8:96a7:a44f:457a prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:85 txqueuelen 1000 (Ethernet)
RX packets 1024616 bytes 1289523328 (1.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 185310 bytes 37066051 (35.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.190.133 netmask 255.255.255.0 broadcast 192.168.190.255
inet6 fe80::883a:9679:298f:e313 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:8f txqueuelen 1000 (Ethernet)
RX packets 431403 bytes 43673526 (41.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17607 bytes 1752393 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 207560 bytes 1013094467 (966.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 207560 bytes 1013094467 (966.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif1.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e866:47ff:fe94:bc20 prefixlen 64 scopeid 0x20<link>
ether ea:66:47:94:bc:20 txqueuelen 1000 (Ethernet)
RX packets 13 bytes 1550 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 460 bytes 41741 (40.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c294d1a85 no ens33
vif1.0基於pxe安裝虛擬機操作系統,kickstart部署見https://blog.51cto.com/smoke520/2325660;
[root@kvm ~]# mkdir /images/centos
[root@kvm ~]# qemu-img create /images/centos/centos6.img -o size=120G,preallocation=metadata -f qcow2
[root@kvm ~]# qemu-kvm -m 512 -smp 2 -name centos -drive file=/images/centos/centos6.img,media=disk,if=virtio -net nic,model=virtio,macaddr=52:54:00:55:32:19 -net tap,ifname=centos6.0,script=/etc/qemu-ifup -boot order=nc,once=n
[root@kvm ~]# vncviewer :5900
使用libvirt管理虛擬機:
[root@kvm ~]# yum -y install libvirt libvirt-client virt-manager virt-install
[root@kvm ~]# yum -y install qemu-kvm
[root@kvm ~]# systemctl start libvirtd.service
[root@kvm libvirt]# less qemu/networks/default.xml
<network>
<name>default</name>
<uuid>d8dbeec5-ac1c-406b-95a9-78e848dde819</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:a4:87:9a'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
[root@kvm libvirt]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.100.67 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::dc0f:35ff:fe9a:407e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:85 txqueuelen 1000 (Ethernet)
RX packets 64381 bytes 7641946 (7.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 492 bytes 39292 (38.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::b1b8:96a7:a44f:457a prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:85 txqueuelen 1000 (Ethernet)
RX packets 2932320 bytes 4087077073 (3.8 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 575800 bytes 62827478 (59.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.190.133 netmask 255.255.255.0 broadcast 192.168.190.255
inet6 fe80::883a:9679:298f:e313 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4d:1a:8f txqueuelen 1000 (Ethernet)
RX packets 627003 bytes 121348682 (115.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 95189 bytes 21267415 (20.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 343335 bytes 1856954043 (1.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 343335 bytes 1856954043 (1.7 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:a4:87:9a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm libvirt]# virsh list
Id 名稱 狀態
----------------------------------------------------
[root@kvm libvirt]# virt-manager
[root@kvm libvirt]# virsh capabilities #查看性能
[root@kvm ~]# virsh iface-bridge ens33 br0 --no-stp #將ens33添加到br0
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c294d1a85 no ens33
virbr0 8000.525400a4879a yes virbr0-nic
[root@kvm ~]# virt-manager
安裝操作系統,選擇pxe進行安裝,kickstart部署見https://blog.51cto.com/smoke520/2325660;
選擇安裝的操作系統類型及CPU內存大小;
選擇橋接的網絡;
使用pxe安裝中;
[root@kvm libvirt]# virsh list
Id Name State
----------------------------------------------------
5 centos6.5 running使用virt-install安裝centos系統,選擇pxe進行安裝,kickstart部署見https://blog.51cto.com/smoke520/2325660;
[root@kvm ~]# mkdir /images/centos -pv
[root@kvm ~]# virt-install -n centos6.6 -r 512 --vcpus=2,maxvcpus=4 --pxe --disk /images/centos/centos6.6.qcow2,size=120,format=qcow2,bus=virtio,sparse=yes --network bridge=br0,model=virtio --force
[root@kvm ~]#
[root@kvm ~]# virsh list
Id 名稱 狀態
----------------------------------------------------
9 centos6.6 running
[root@kvm ~]# yum -y install virt-viewer
[root@kvm ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6013 *:*
LISTEN 0 128 127.0.0.1:6014 *:*
LISTEN 0 128 127.0.0.1:6015 *:*
LISTEN 0 128 127.0.0.1:5900 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 ::1:6013 :::*
LISTEN 0 128 ::1:6014 :::*
LISTEN 0 128 ::1:6015 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
[root@kvm ~]# virt-viewer 9 #使用虛擬機id或名字進行連接正在安裝操作系統,安裝完成關閉操作系統;
[root@kvm ~]# virsh create /etc/libvirt/qemu/centos6.6.xml #使用剛纔創建的虛擬機xml文件創建域centos6.6
[root@kvm ~]# virsh list
Id 名稱 狀態
----------------------------------------------------
12 centos6.6 running
[root@kvm ~]# virt-viewer 12
[root@kvm ~]# virsh destroy 12
[root@kvm ~]# virsh undefine centos6.6 --remove-all-storage #移除域
[root@kvm ~]# virt-install -n centos6.6 -r 512 --vcpus=2,maxvcpus=4 --pxe --disk /images/centos/centos6.6.qcow2,size=120,format=qcow2,bus=virtio,sparse=yes --network bridge=br0,model=virtio --force --graphics vnc
[root@kvm ~]# mkdir /images/cirros
[root@kvm ~]# mv cirros-0.4.0-x86_64-disk.img /images/cirros/
[root@kvm ~]# virt-install -n cirros -r 128 --disk /images/cirros/cirros-0.4.0-x86_64-disk.img --import --dry-run #試跑一遍
[root@kvm ~]# virt-install -n cirros -r 128 --disk /images/cirros/cirros-0.4.0-x86_64-disk.img --import
[root@kvm ~]# virsh list
Id 名稱 狀態
----------------------------------------------------
16 centos6.6 running
17 cirros running
[root@kvm ~]# virsh destroy 17 #刪除域
[root@kvm ~]# virsh undefine cirros #取消域定義
[root@kvm ~]# ls /images/cirros/
cirros-0.4.0-x86_64-disk.img
[root@kvm ~]# virt-install -n cirros -r 128 --vcpus=1,maxvcpus=4 --disk /images/cirros/cirros-0.4.0-x86_64-disk.img --network bridge=br0,model=virtio --import --serial=pty --console=pty --nographics
[root@kvm ~]# virsh list
Id 名稱 狀態
----------------------------------------------------
16 centos6.6 running
18 cirros running
[root@kvm ~]# virsh console 18 #連接到虛擬機
$ sudo su -[root@kvm ~]# qemu-img create -f qcow2 -o size=20G,preallocation=metadata /images/cirros/second.qcow2
[root@kvm ~]# qemu-img info /images/cirros/second.qcow2
image: /images/cirros/second.qcow2
file format: qcow2
virtual size: 20G (21474836480 bytes)
disk size: 4.1M
cluster_size: 65536
Format specific information:
compat: 1.1
lazy refcounts: false
[root@kvm ~]# virsh attach-disk 18 /images/cirros/second.qcow2 vda --targetbus virtio #給域18添加磁盤設備vda# fdisk -l /dev/vda
Disk /dev/vda: 20 GiB, 21478375424 bytes, 41949952 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes[root@kvm ~]# virsh detach-disk 18 vda #從域18拆除vda磁盤,必須要沒有使用,沒有分區纔可以拆除;
# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:5B:68:3D
inet addr:172.16.100.55 Bcast:172.16.100.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe5b:683d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:136 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17886 (17.4 KiB) TX bytes:1410 (1.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c294d1a85 no ens33
vnet0
vnet1
virbr0 8000.525400a4879a yes virbr0-nic
[root@kvm ~]# virsh attach-interface 18 bridge virbr0 #給域18添加網卡並橋接到virbr0# ifconfig -a
eth0 Link encap:Ethernet HWaddr 52:54:00:5B:68:3D
inet addr:172.16.100.55 Bcast:172.16.100.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe5b:683d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6288 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:859559 (839.4 KiB) TX bytes:3742 (3.6 KiB)
eth1 Link encap:Ethernet HWaddr 52:54:00:2D:88:DA
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)[root@kvm ~]# virsh detach-interface 18 bridge --mac 52:54:00:2D:88:DA #移出域18mac爲52:54:00:2D:88:DA網卡;
[root@kvm ~]# virsh dumpxml cirros #查看cirros配置xml信息;
[root@kvm ~]# virsh vcpucount 18 #查看域18 vcpu數量
最大值 配置 4
最大值 live 4
當前 配置 1
當前 live 1
[root@kvm ~]# virsh vcpuinfo 18 #查看域18 vcpu信息
VCPU: 0
CPU: 2
狀態: running
CPU 時間: 147.1s
CPU關係: yyyy
[root@kvm ~]# virsh setvcpus 18 2 #設置域18 vcpus數量
[root@kvm ~]# virsh vcpucount 18
最大值 配置 4
最大值 live 4
當前 配置 1
當前 live 2
[root@kvm ~]# virsh domblklist 18 #列出域18 塊設備
目標 源
------------------------------------------------
hda /images/cirros/cirros-0.4.0-x86_64-disk.img
[root@kvm ~]# virsh domiflist 18 #列出域18虛擬接口
接口 類型 源 型號 MAC
-------------------------------------------------------
vnet1 bridge br0 virtio 52:54:00:5b:68:3d
[root@kvm ~]# virsh dominfo 18 #查看域18信息
Id: 18
名稱: cirros
UUID: 08f3e3f5-a507-4f8c-a191-de19d342f072
OS 類型: hvm
狀態: running
CPU: 2
CPU 時間: 156.4s
最大內存: 131072 KiB
使用的內存: 131072 KiB
持久: 是
自動啓動: 禁用
管理的保存: 否
安全性模式: selinux
安全性 DOI: 0
安全性標籤: system_u:system_r:svirt_t:s0:c113,c991 (permissive)
[root@kvm ~]# virsh sysinfo #查看hypervisor信息
[root@kvm ~]# virsh nodeinfo #查看當前節點信息
CPU 型號: x86_64
CPU: 4
CPU 頻率: 2494 MHz
CPU socket: 2
每個 socket 的內核數: 2
每個內核的線程數: 1
NUMA 單元: 1
內存大小: 4193716 KiB
[root@kvm ~]# virsh uri #查看當前主機訪問接口
qemu:///system
[root@kvm ~]# virsh version #查看信息版本號
根據庫編譯:libvirt 4.5.0
使用庫:libvirt 4.5.0
使用的 API: QEMU 4.5.0
運行管理程序: QEMU 1.5.3
[root@kvm ~]# virsh iface-list #查看接口列表
名稱 狀態 MAC 地址
---------------------------------------------------
br0 活動 00:0c:29:4d:1a:85
ens34 活動 00:0c:29:4d:1a:8f
lo 活動 00:00:00:00:00:00
[root@kvm ~]# virsh nwfilter-list #列出過濾器
UUID 名稱
------------------------------------------------------------------
05eacdab-9d9b-4db7-90bb-c5fa7422d10d allow-arp
9e7df728-fab6-4c62-a49a-31bf9026811f allow-dhcp
68960c0b-97c5-46e5-97a2-73a15d1cc90b allow-dhcp-server
436cb464-9fa0-4c0c-8a87-23270e12e487 allow-incoming-ipv4
02e0ed10-5594-462e-a7b1-0d2461a7d75b allow-ipv4
eec3f69b-8181-4de2-88d7-d905c5a8eed9 clean-traffic
9ad58b65-dd60-471e-ae52-f312f57797ca clean-traffic-gateway
79b69a1c-3f4a-44ec-b40e-6e667e1f5d8a no-arp-ip-spoofing
0c915c8c-0af2-445c-b9e6-397d7bad462c no-arp-mac-spoofing
c9e4bb08-906d-43b2-be6c-c9adaea95dad no-arp-spoofing
a99f4da3-845f-4403-87bb-7f6136182663 no-ip-multicast
3076d800-5536-4a71-932f-931d952cd044 no-ip-spoofing
5791d291-c73a-4e8e-b945-61355219e31a no-mac-broadcast
c2b543ca-7376-4dc0-8669-804f04993f87 no-mac-spoofing
9274a37c-2844-453a-a959-dc2100321f46 no-other-l2-traffic
000811b7-0dc5-45e3-be9e-02179f892e9f no-other-rarp-traffic
b601d397-0829-4fb2-9752-e7e0eb4ba2ba qemu-announce-self
e61dcef3-fd94-4c8c-b8b9-cd34dce5a5bb qemu-announce-self-rarp
[root@kvm ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
[root@kvm ~]# virsh net-list #查看用戶空間網絡
名稱 狀態 自動開始 持久
----------------------------------------------------------
default 活動 是 是
[root@kvm ~]# ip netns help
[root@kvm ~]# ip netns list
[root@kvm ~]# ip netns add r1
[root@kvm ~]# ip netns add r2
[root@kvm ~]# ip netns list
r2
r1
[root@kvm ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# ip netns exec r1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
[root@kvm ~]# ip netns exec r1 ifconfig lo 127.0.0.1/8 up
[root@kvm ~]# ip netns exec r1 ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# ip netns exec r2 ifconfig
[root@kvm ~]# ip netns exec r2 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# ip netns exec r1 iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@kvm ~]# ip netns exec r1 iptables -A FORWARD -s 127.0.0.0/8 -j ACCEPT
[root@kvm ~]# ip netns exec r1 iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@kvm ~]# ip netns exec r1 iptables -A FORWARD -s 127.0.0.0/8 -j ACCEPT
[root@kvm ~]# ip netns exec r1 iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 127.0.0.0/8 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@kvm ~]# ip netns exec r2 iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@kvm ~]# ip netns exec r1 iptables -Fnamespace(名稱空間):
[root@kvm ~]# brctl delif br0 ens33
[root@kvm ~]# brctl delif br0 vnet0
[root@kvm ~]# brctl delif br0 vnet1
[root@kvm ~]# ip addr del 172.16.100.67/24 dev br0
[root@kvm ~]# ip link set br0 down
[root@kvm ~]# brctl delbr br0
[root@kvm ~]# brctl addbr br-ex
[root@kvm ~]# ip link set br-ex up
[root@kvm ~]# ip addr add 172.16.100.67/24 dev br-ex;brctl addif br-ex ens33
[root@kvm ~]# brctl addbr br-in
[root@kvm ~]# ip link set br-in up
[root@kvm ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@kvm ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@kvm ~]# ip netns list
r2
r1
[root@kvm ~]# ip link add veth1.1 type veth peer name veth1.2 #創建一對網卡
[root@kvm ~]# ip link set veth1.1 netns r1
[root@kvm ~]# ip link set veth1.2 netns r2
[root@kvm ~]# ip netns exec r1 ifconfig -a
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1.1: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 52:58:96:91:a1:08 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# ip netns exec r2 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1.2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 5a:b4:fe:af:6a:3a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# ip netns exec r1 ip link set veth1.1 name eth0
[root@kvm ~]# ip netns exec r1 ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
56: eth0@if55: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 52:58:96:91:a1:08 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[root@kvm ~]# ip netns exec r2 ip link set veth1.2 name eth0
[root@kvm ~]# ip netns exec r2 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
55: eth0@if56: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 5a:b4:fe:af:6a:3a brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@kvm ~]# ip netns exec r1 ifconfig eth0 10.0.1.1 netmask 255.255.255.0 up
[root@kvm ~]# ip netns exec r2 ifconfig eth0 10.0.1.2 netmask 255.255.255.0 up
[root@kvm ~]# ip netns exec r1 ping 10.0.1.2
PING 10.0.1.2 (10.0.1.2) 56(84) bytes of data.
64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=0.124 ms
64 bytes from 10.0.1.2: icmp_seq=2 ttl=64 time=0.068 ms
64 bytes from 10.0.1.2: icmp_seq=3 ttl=64 time=0.065 ms
--- 10.0.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2015ms
rtt min/avg/max/mdev = 0.065/0.085/0.124/0.029 ms
[root@kvm ~]# cd /images/cirros/
[root@kvm cirros]# cp cirros-0.4.0-x86_64-disk.img test1.qcow2
[root@kvm cirros]# cp cirros-0.4.0-x86_64-disk.img test2.qcow2
[root@kvm cirros]# vim /etc/qemu-ifup
#!/bin/bash
#
bridge=br-in
if [ -n "$1" ]; then
ip link set $1 up
brctl addif $bridge $1
[ $? -eq 0 ] && exit 0 || exit 1
else
echo "Error: no interface specified."
exit 1
fi
[root@kvm cirros]# chmod +x /etc/qemu-ifup
[root@kvm cirros]# qemu-kvm -m 128 -smp 1 -name vm1 -drive file=/images/cirros/test1.qcow2,if=virtio,media=disk -net nic,macaddr=52:54:00:aa:bb:cc -net tap,ifname=vif1.0,script=/etc/qemu-ifup --nographicvm1虛擬機:
$ ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:AA:BB:CC
inet6 addr: fe80::5054:ff:feaa:bbcc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1332 (1.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)[root@kvm ~]# qemu-kvm -m 128 -smp 1 -name vm2 -drive file=/images/cirros/test2.qcow2,if=virtio,media=disk -net nic,macaddr=52:54:00:aa:bb:dd -net tap,ifname=vif2.0,script=/etc/qemu-ifup --nographic
vm2虛擬機:
$ ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:AA:BB:DD
inet6 addr: fe80::5054:ff:feaa:bbdd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1332 (1.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br-ex 8000.000c294d1a85 no ens33
br-in 8000.328c89317de6 no vif1.0
vif2.0
virbr0 8000.525400a4879a yes virbr0-nic
[root@kvm ~]# ip netns delete r1
[root@kvm ~]# ip netns delete r2
[root@kvm ~]# ip netns list
[root@kvm ~]# ip netns add r1
[root@kvm ~]# ip link add rinr type veth peer name rins
[root@kvm ~]# ip link set rinr up
[root@kvm ~]# ip link set rins up
[root@kvm ~]# brctl addif br-in rins
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br-ex 8000.000c294d1a85 no ens33
br-in 8000.328c89317de6 no rins
vif1.0
vif2.0
virbr0 8000.525400a4879a yes virbr0-nic
[root@kvm ~]# ip link set rinr netns r1
[root@kvm ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rinr: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether ce:69:a3:07:26:9c txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# ip netns exec r1 ip link set rinr name eth0
[root@kvm ~]# ip netns exec r1 ip link set eth0 up
[root@kvm ~]# ip netns exec r1 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
61: eth0@if60: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether ce:69:a3:07:26:9c brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@kvm ~]# ip netns exec r1 ifconfig eth0 10.0.1.254 netmask 255.255.255.0 up
[root@kvm ~]# ip netns exec r1 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.254 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::cc69:a3ff:fe07:269c prefixlen 64 scopeid 0x20<link>
ether ce:69:a3:07:26:9c txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1296 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0vm1虛擬機:
$ sudo su -
# ifconfig eth0 10.0.1.1 netmask 255.255.255.0 up
# ping 10.0.1.254
PING 10.0.1.254 (10.0.1.254): 56 data bytes
64 bytes from 10.0.1.254: seq=0 ttl=64 time=4.513 ms
64 bytes from 10.0.1.254: seq=1 ttl=64 time=0.650 ms
64 bytes from 10.0.1.254: seq=2 ttl=64 time=0.913 ms
^C
--- 10.0.1.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.650/2.025/4.513 ms
# route add default gw 10.0.1.254vm2虛擬機:
$ sudo su -
# ifconfig eth0 10.0.1.2 netmask 255.255.255.0 up
# ping 10.0.1.254
PING 10.0.1.254 (10.0.1.254): 56 data bytes
64 bytes from 10.0.1.254: seq=0 ttl=64 time=5.052 ms
64 bytes from 10.0.1.254: seq=1 ttl=64 time=0.914 ms
64 bytes from 10.0.1.254: seq=2 ttl=64 time=0.651 ms
^C
--- 10.0.1.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.651/2.205/5.052 ms
# route add default gw 10.0.1.254[root@kvm ~]# ip link add rexr type veth peer name rexs
[root@kvm ~]# brctl addif br-ex rexs
[root@kvm ~]# ip link set rexs up
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br-ex 8000.000c294d1a85 no ens33
rexs
br-in 8000.328c89317de6 no rins
vif1.0
vif2.0
virbr0 8000.525400a4879a yes virbr0-nic
[root@kvm ~]# ip netns exec r1 ip link set rexr name eth1
[root@kvm ~]# ip netns exec r1 ifconfig eth1 172.16.100.78 netmask 255.255.255.0 up
[root@kvm ~]# ip netns exec r1 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.254 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::cc69:a3ff:fe07:269c prefixlen 64 scopeid 0x20<link>
ether ce:69:a3:07:26:9c txqueuelen 1000 (Ethernet)
RX packets 18 bytes 1476 (1.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26 bytes 2052 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.100.78 netmask 255.255.255.0 broadcast 172.16.100.255
inet6 fe80::9459:cdff:fe22:c531 prefixlen 64 scopeid 0x20<link>
ether 96:59:cd:22:c5:31 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kvm ~]# ip netns exec r1 ping 172.16.100.254 #ping到達外網;
PING 172.16.100.254 (172.16.100.254) 56(84) bytes of data.
64 bytes from 172.16.100.254: icmp_seq=1 ttl=64 time=0.439 ms
64 bytes from 172.16.100.254: icmp_seq=2 ttl=64 time=0.332 ms
64 bytes from 172.16.100.254: icmp_seq=3 ttl=64 time=0.341 ms
--- 172.16.100.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.332/0.370/0.439/0.053 msvm1虛擬機:
# ping 172.16.100.78 #ping虛擬機路由網關
PING 172.16.100.78 (172.16.100.78): 56 data bytes
64 bytes from 172.16.100.78: seq=0 ttl=64 time=1.608 ms
64 bytes from 172.16.100.78: seq=1 ttl=64 time=1.322 ms
64 bytes from 172.16.100.78: seq=2 ttl=64 time=0.719 ms
^C
--- 172.16.100.78 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.719/1.216/1.608 ms
# ping 172.16.100.254 #ping外部不可達,可以出去但是無法回來;
PING 172.16.100.254 (172.16.100.254): 56 data bytes
^C
--- 172.16.100.254 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss[root@kvm ~]# tcpdump -i vif1.0 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vif1.0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:17:25.195509 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 0, length 64
15:17:26.280923 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 1, length 64
15:17:27.366791 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 2, length 64
15:17:28.451911 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 3, length 64
4 packets captured
4 packets received by filter
0 packets dropped by kernel
[root@kvm ~]# tcpdump -i rins -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rins, link-type EN10MB (Ethernet), capture size 262144 bytes
15:18:28.118409 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 58, length 64
15:18:29.204036 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 59, length 64
15:18:30.289528 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 60, length 64
15:18:31.404451 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 61, length 64
4 packets captured
4 packets received by filter
0 packets dropped by kernel
[root@kvm ~]# ip netns exec r1 tcpdump -i eth0 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:19:18.060319 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 104, length 64
15:19:19.144789 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 105, length 64
15:19:20.229315 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 106, length 64
15:19:21.314689 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 107, length 64
4 packets captured
4 packets received by filter
0 packets dropped by kernel
[root@kvm ~]# ip netns exec r1 tcpdump -i eth1 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
15:20:01.485663 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 144, length 64
15:20:02.570014 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 145, length 64
15:20:03.654586 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 146, length 64
15:20:04.739067 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47361, seq 147, length 64
4 packets captured
4 packets received by filter
0 packets dropped by kernel
[root@kvm ~]# ip netns exec r1 iptables -t nat -A POSTROUTING -s 10.0.1.0/24 ! -d 10.0.1.0/24 -j SNAT --to-source 172.16.100.78
[root@kvm ~]# ip netns exec r1 iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.0.1.0/24 !10.0.1.0/24 to:172.16.100.78vm1虛擬機:
# ping 172.16.100.254
PING 172.16.100.254 (172.16.100.254): 56 data bytes
64 bytes from 172.16.100.254: seq=0 ttl=63 time=1.043 ms
64 bytes from 172.16.100.254: seq=1 ttl=63 time=1.193 ms
64 bytes from 172.16.100.254: seq=2 ttl=63 time=0.833 ms
^C
--- 172.16.100.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.833/1.023/1.193 ms[root@kvm ~]# tcpdump -i rins -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rins, link-type EN10MB (Ethernet), capture size 262144 bytes
15:25:06.214853 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47873, seq 23, length 64
15:25:06.215286 IP 172.16.100.254 > 10.0.1.1: ICMP echo reply, id 47873, seq 23, length 64
15:25:07.300593 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47873, seq 24, length 64
15:25:07.301030 IP 172.16.100.254 > 10.0.1.1: ICMP echo reply, id 47873, seq 24, length 64
15:25:08.386000 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47873, seq 25, length 64
15:25:08.386385 IP 172.16.100.254 > 10.0.1.1: ICMP echo reply, id 47873, seq 25, length 64
15:25:09.471555 IP 10.0.1.1 > 172.16.100.254: ICMP echo request, id 47873, seq 26, length 64
15:25:09.472536 IP 172.16.100.254 > 10.0.1.1: ICMP echo reply, id 47873, seq 26, length 64
8 packets captured
8 packets received by filter
0 packets dropped by kernelnamespace運行dhcp服務器:
[root@kvm ~]# yum install dnsmasq
[root@kvm ~]# ip netns exec r1 dnsmasq --dhcp-range=10.0.1.100,10.0.1.120
[root@kvm ~]# ip netns exec r1 ps aux | grep dnsmasq
nobody 72436 0.0 0.0 53856 1112 ? S 15:42 0:00 dnsmasq --dhcp-range=10.0.1.100,10.0.1.120
root 71000 0.0 0.0 112720 980 pts/5 S+ 15:44 0:00 grep --color=auto dnsmasq
nobody 73728 0.0 0.0 53852 1120 ? S 1月02 0:02 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
root 73730 0.0 0.0 53824 584 ? S 1月02 0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelpervm2虛擬機:
# udhcpc -R
# cirros-dhcpc up eth0
# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:AA:BB:DD
inet addr:10.0.1.108 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:feaa:bbdd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6996 (6.8 KiB) TX bytes:9556 (9.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.1.254 0.0.0.0 UG 0 0 0 eth0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0[root@kvm ~]# ip netns exec r1 kill 72436
[root@kvm ~]# ip netns exec r1 dnsmasq -F 10.0.1.151,10.0.1.160 --dhcp-option=option:router,10.0.1.254
[root@kvm ~]# ip netns exec r1 ps aux | grep dnsmasq
nobody 72831 0.0 0.0 53856 1124 ? S 16:09 0:00 dnsmasq -F 10.0.1.151,10.0.1.160 --dhcp-option=option:router,10.0.1.254
root 72852 0.0 0.0 112720 980 pts/2 S+ 16:09 0:00 grep --color=auto dnsmasqvm2虛擬機:
# udhcpc -R
# cirros-dhcpc up eth0
# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:AA:BB:DD
inet addr:10.0.1.159 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:feaa:bbdd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9188 (8.9 KiB) TX bytes:11328 (11.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.1.254 0.0.0.0 UG 0 0 0 eth0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
# ping 172.16.100.254
PING 172.16.100.254 (172.16.100.254): 56 data bytes
64 bytes from 172.16.100.254: seq=0 ttl=63 time=1.520 ms
64 bytes from 172.16.100.254: seq=1 ttl=63 time=1.303 ms
64 bytes from 172.16.100.254: seq=2 ttl=63 time=1.076 ms
^C
--- 172.16.100.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.076/1.299/1.520 ms