RHEL9.4搭建虛擬機器實驗環境

李蔚發表於2024-11-02

日期:2024.10.27
目的:搭建Linux虛擬機器環境供學習測試,無圖形介面。同等硬體配置下效能上要優於Windows上執行的虛擬化解決方案。
參照:

  • 鳥哥Linux私房菜伺服器篇 RockyLinux 9版
    https://linux.vbird.org/linux_server/rocky9/
  • Linux中國 如何在 Rocky Linux 9 / AlmaLinux 9 上安裝 KVM
    https://linux.cn/article-15843-1.html

拓撲結構圖

VMHOST實體機安裝RHEL9.4系統,這個機器後續還打算做ansible的主控,還有可能做個瀏覽器代理等,所以主機名還是暫時設定為RHEL9,具體硬體配置如下:

CPU

[root@RHEL9 ~]# lscpu | head -n9
Architecture:                         x86_64
CPU op-mode(s):                       32-bit, 64-bit
Address sizes:                        39 bits physical, 48 bits virtual
Byte Order:                           Little Endian
CPU(s):                               4
On-line CPU(s) list:                  0-3
Vendor ID:                            GenuineIntel
BIOS Vendor ID:                       Intel(R) Corporation
Model name:                           Intel(R) Core(TM) i3-8100 CPU @ 3.60GHz

虛擬化支援

[root@RHEL9 ~]# lscpu | grep Virtual
Virtualization:                       VT-x

記憶體

[root@RHEL9 ~]# free -h
               total        used        free      shared  buff/cache   available
Mem:            15Gi       522Mi        14Gi       9.0Mi       495Mi        14Gi
Swap:          2.0Gi          0B       2.0Gi

主機板

[root@RHEL9 ~]# dmidecode | grep 'Base Board Information' -A2
Base Board Information
	Manufacturer: Gigabyte Technology Co., Ltd.
	Product Name: H310M DS2 2.0

發行版本

[root@RHEL9 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 9.4 (Plow)

網路卡

[root@RHEL9 ~]# nmcli con show
NAME    UUID                                  TYPE      DEVICE 
enp4s0  a14dc4d0-42ca-409b-a285-635a55788d3e  ethernet  enp4s0 
lo      9e4dc40f-43b7-4906-8f24-c398821cbcf9  loopback  lo    

網路環境

[root@RHEL9 ~]# nmcli con show enp4s0 | grep IP4
IP4.ADDRESS[1]:                         192.168.4.156/23
IP4.GATEWAY:                            192.168.4.1
IP4.ROUTE[1]:                           dst = 192.168.4.0/23, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192.168.4.1, mt = 100
IP4.DNS[1]:                             218.2.2.2
IP4.DNS[2]:                             218.4.4.4

目前是自動獲取IP,安裝系統時候走的路由器的DHCP

[root@RHEL9 ~]# nmcli con show enp4s0 | grep ipv4.method:
ipv4.method:                            auto

安裝vim編輯器和命令補全

[root@RHEL9 ~]# dnf install -y bash-completion vim-enhanced

準備改IP地址,設定網橋。
由於設定網橋要刪除原有網路卡的配置,透過ssh的遠端連線會中斷,所以編寫指令碼用nohup執行。

[root@RHEL9 ~]# vim network_init.sh

#!/bin/bash
#填寫要配置的靜態IP/掩碼,閘道器,DNS
wan_ip='192.168.5.253/23'
wan_gateway='192.168.4.1'
wan_dns1='218.2.2.2'
wan_dns2='218.4.4.4'
#sed抓出初始網路卡的UUID
eth_uuid=$(nmcli connection show | sed -En 's/^.+ +(.+) +ethernet.+$/\1/p')
#sed抓出初始網路卡的名稱
eth_device=$(nmcli device | sed -En 's/^([[:alnum:]]+) +ethernet.+$/\1/p')
#使用UUID刪除初始網路卡配置檔案 建立網橋 配置網橋引數 新增網橋slave 上線網橋
nmcli connection delete $eth_uuid
nmcli connection add type bridge autoconnect yes con-name WANbridge ifname WANbridge
nmcli connection modify WANbridge ipv4.method manual ipv4.addresses $wan_ip
nmcli connection modify WANbridge ipv4.gateway $wan_gateway
nmcli connection modify WANbridge ipv4.dns $wan_dns1 +ipv4.dns $wan_dns2
nmcli connection add type bridge-slave autoconnect yes con-name $eth_device ifname $eth_device master WANbridge
nmcli connection up WANbridge
#建立實驗額外需要用的兩個交換機
nmcli connection add type bridge con-name DMZbridge ifname DMZbridge
nmcli connection add type bridge con-name LANbridge ifname LANbridge
nmcli connection modify DMZbridge ipv4.method disabled ipv6.method disabled
nmcli connection modify LANbridge ipv4.method disabled ipv6.method disabled
nmcli connection up DMZbridge
nmcli connection up LANbridge

[root@RHEL9 ~]# nohup sh ./network_init.sh

新的網路連線

[root@RHEL9 ~]# nmcli connection show 
NAME       UUID                                  TYPE      DEVICE    
WANbridge  901555b3-308e-40ff-a678-0242a05204bc  bridge    WANbridge 
DMZbridge  7fe518c4-2647-47d9-9695-e491506eabac  bridge    DMZbridge 
enp4s0     b2c038e0-3c4b-4b84-b748-ce125e6a8cf0  ethernet  enp4s0    
LANbridge  9ca0a06b-61dd-4744-87c7-a5abfc1e6315  bridge    LANbridge 
lo         9e4dc40f-43b7-4906-8f24-c398821cbcf9  loopback  lo       

進入路由管理頁面,對映路由62222埠到VMHOST的22埠
以後可以透過公網IP:221.229.XX.X1的62222埠發起ssh連線到VMHOST的22埠

硬碟情況,一塊120G的固態硬碟,還有一塊2.7T的資料盤沒有掛載

[root@RHEL9 ~]# lsblk
NAME          MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda             8:0    0 119.2G  0 disk 
├─sda1          8:1    0   100M  0 part /boot/efi
├─sda2          8:2    0 118.6G  0 part 
│ ├─rhel-root 253:0    0  16.6G  0 lvm  /
│ ├─rhel-swap 253:1    0     2G  0 lvm  [SWAP]
│ └─rhel-home 253:2    0   100G  0 lvm  /kvm
└─sda3          8:3    0   512M  0 part /boot
sdb             8:16   0   2.7T  0 disk 
└─sdb1          8:17   0   2.7T  0 part 

我這塊硬碟之前用過,做實驗可以先練習擦除一下資料

[root@RHEL9 ~]# wipefs /dev/sdb
DEVICE OFFSET        TYPE UUID LABEL
sdb    0x200         gpt       
sdb    0x2baa1475e00 gpt       
sdb    0x1fe         PMBR      
[root@RHEL9 ~]# wipefs -a /dev/sdb
/dev/sdb: 8 bytes were erased at offset 0x00000200 (gpt): 45 46 49 20 50 41 52 54
/dev/sdb: 8 bytes were erased at offset 0x2baa1475e00 (gpt): 45 46 49 20 50 41 52 54
/dev/sdb: 2 bytes were erased at offset 0x000001fe (PMBR): 55 aa
/dev/sdb: calling ioctl to re-read partition table: Success

得到初始硬碟,用fdisk分割槽,會提示硬碟過大,DOS分割槽表不支援,要使用GPT格式的分割槽表

[root@RHEL9 ~]# fdisk /dev/sdb

Welcome to fdisk (util-linux 2.37.4).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table.
The size of this disk is 2.7 TiB (3000592982016 bytes). DOS partition table format cannot be used on drives for volumes larger than 2199023255040 bytes for 512-byte sectors. Use GUID partition table format (GPT).

Created a new DOS disklabel with disk identifier 0xdbcf0123.

Command (m for help): g
Created a new GPT disklabel (GUID: 3CFE7EBE-322A-5243-9CC6-5C7E8E791E04).

Command (m for help): n
Partition number (1-128, default 1): 
First sector (2048-5860533134, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-5860533134, default 5860533134): 

Created a new partition 1 of type 'Linux filesystem' and of size 2.7 TiB.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

分割槽後結果如下

[root@RHEL9 ~]# parted /dev/sdb print
Model: ATA ST3000DM001-1ER1 (scsi)
Disk /dev/sdb: 3001GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name  Flags
 1      1049kB  3001GB  3001GB

格式化為xfs檔案系統

[root@RHEL9 ~]# mkfs.xfs /dev/sdb1
meta-data=/dev/sdb1              isize=512    agcount=4, agsize=183141597 blks
         =                       sectsz=4096  attr=2, projid32bit=1
         =                       crc=1        finobt=1, sparse=1, rmapbt=0
         =                       reflink=1    bigtime=1 inobtcount=1 nrext64=0
data     =                       bsize=4096   blocks=732566385, imaxpct=5
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0, ftype=1
log      =internal log           bsize=4096   blocks=357698, version=2
         =                       sectsz=4096  sunit=1 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

看下UUID

[root@RHEL9 ~]# blkid | grep dev/sdb1
/dev/sdb1: UUID="9bce0c90-9206-4121-be23-3f069e66a0a0" TYPE="xfs" PARTUUID="7cc849ff-4eb2-3143-b733-6a69b55250cc"

建立掛載點資料夾,修改fstab

[root@RHEL9 ~]# mkdir /data
[root@RHEL9 ~]# vim /etc/fstab 

/dev/mapper/rhel-root   /                       xfs     defaults        0 0 
UUID=5d03a640-f6d5-4e52-bf9f-9833e5b8cc96 /boot                   ext4    defaults        1 2 
UUID=1990-9D2E          /boot/efi               vfat    umask=0077,shortname=winnt 0 2 
/dev/mapper/rhel-home   /kvm                    xfs     defaults        0 0 
/dev/mapper/rhel-swap   none                    swap    defaults        0 0 
#下方為新新增
UUID=9bce0c90-9206-4121-be23-3f069e66a0a0 /data                   xfs     defaults        1 2 

自動掛載,重新載入配置檔案

[root@RHEL9 ~]# mount -a
mount: (hint) your fstab has been modified, but systemd still uses
       the old version; use 'systemctl daemon-reload' to reload.
[root@RHEL9 ~]# systemctl daemon-reload

觀察掛載結果

[root@RHEL9 ~]# df -Th | grep /data
/dev/sdb1             xfs       2.8T   20G  2.8T   1% /data

安裝Virtualization Host組包並啟動libvirtd服務

[root@RHEL9 ~]# dnf -y groupinstall 'Virtualization Host'
[root@RHEL9 ~]# systemctl enable --now libvirtd
Created symlink /etc/systemd/system/multi-user.target.wants/libvirtd.service → /usr/lib/systemd/system/libvirtd.service.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd.socket → /usr/lib/systemd/system/libvirtd.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd-ro.socket → /usr/lib/systemd/system/libvirtd-ro.socket.
Created symlink /etc/systemd/system/sockets.target.wants/libvirtd-admin.socket → /usr/lib/systemd/system/libvirtd-admin.socket.

關閉虛擬化軟體自帶的一些暫時用不到的服務和埠

[root@RHEL9 ~]# systemctl mask rpcbind.service rpcbind.socket
Created symlink /etc/systemd/system/rpcbind.service → /dev/null.
Created symlink /etc/systemd/system/rpcbind.socket → /dev/null.
[root@RHEL9 ~]# systemctl stop rpcbind.service rpcbind.socket
[root@RHEL9 ~]# virsh net-list
 Name      State    Autostart   Persistent
--------------------------------------------
 default   active   yes         yes

[root@RHEL9 ~]# virsh net-destroy default 
Network default destroyed

[root@RHEL9 ~]# virsh net-undefine default 
Network default has been undefined

安裝tuned服務給系統調優

[root@RHEL9 ~]# dnf install -y tuned
[root@RHEL9 ~]# systemctl enable --now tuned
Created symlink /etc/systemd/system/multi-user.target.wants/tuned.service → /usr/lib/systemd/system/tuned.service.
[root@RHEL9 ~]# tuned-adm profile virtual-host

配置防火牆,開vnc埠供以後圖形化安裝系統使用,關閉多餘不用服務

[root@RHEL9 ~]# firewall-cmd --add-port=5902/tcp
success
[root@RHEL9 ~]# firewall-cmd --list-ports
5902/tcp
[root@RHEL9 ~]# firewall-cmd --list-services 
cockpit dhcpv6-client ssh
[root@RHEL9 ~]# firewall-cmd --remove-service={cockpit,dhcpv6-client}
success
[root@RHEL9 ~]# firewall-cmd --list-services 
ssh
[root@RHEL9 ~]# firewall-cmd --runtime-to-permanent 
success

同樣透過路由將公網地址上的62202埠對映到剛開啟的5902埠,方便以後遠端訪問

相關文章