F's Blog

博客 收藏夹
libvirt

24 Jul 2015

Ubuntu uses KVM as the back-end virtualization technology primarily for non-graphic servers and libvirt as its toolkit/API.

QEMU is a generic and open source machine emulator and virtualizer.

When used as a machine emulator, QEMU can run OSes and programs made for one machine (e.g. an ARM board) on a different machine (e.g. your own PC). By using dynamic translation, it achieves very good performance.

When used as a virtualizer, QEMU achieves near native performance by executing the guest code directly on the host CPU. QEMU supports virtualization when executing under the Xen hypervisor or using the KVM kernel module in Linux. When using KVM, QEMU can virtualize x86, server and embedded PowerPC, 64-bit POWER, S390, 32-bit and 64-bit ARM, and MIPS guests.

综上,一般把 KVM 和 QUEM 结合起来使用。KVM是内核级的虚拟化实现,而 QEUM 是对硬件的仿真,如 USB、显卡等,libvirt 是对kvm 虚拟机接口封装。

使用上,它们合在一起像 VMWare 或 VirtualBox。

libvirt

它就像 kvm 的 shell,主要有三部分中组成:

重要概念:

安装

当前环境:Mint18.

安装 Hypervisor

Hypervisor 是实现创建虚拟机功能的,而 libvirt 是管理 Hypervisor 的,并提供控制接口。

KVM 在 Linux 内核层支持虚拟化,仿真 CPU、内存等。

QEUM 仿真外设,如 USB、显卡等。

QEMU is a full system emulator. This emulator supports emulation of multiple different CPUs and hardware devices. The CPU is emulated using binary translation, a method that translates a processor’s native code (opcode) into software functions that are compatible with the CPU you are using to run QEMU. These functions mimic the results as if the original code was running on the original CPU. Similarly hardware devices are modeled in software to provide a virtual environment. The result, you can run the original code as if it was running on the emulated machine. For example, you could run code written for ARM processor on your Intel based machine. Emulation is extremely slow, since any single command in the original opcode, may be translated to dozens of commands in order to emulate the result. The really good thing about QEMU is that its architecture is designed to allow definition of new CPU types and new hardware devices.

KVM is a kernel module that allows the use of Intel or AMD virtualization extensions technologies. Very simply put, these extensions allow multiple operating systems to share a physical CPU without interfering with each other. On the other hand, they do not solve sharing all of the hardware devices. For this KVM requires extra logic.

The developers of KVM took advantage of QEMU architecture and basically created a new model of CPU in QEMU. This new model type has KVM specific logic. When execution of a code can run natively (meaning CPU opcode that does not require IO), it uses KVM kernel module system calls to switch execution to run natively on the CPU, while the QEMU device model is used to provide the rest of the required functionality. Today when people refer to KVM hypervisor, they actually mean the QEMU-KVM combination.

1.首先检测是否支持kvm。

$ kvm-ok

# ok
INFO: /dev/kvm exists
KVM acceleration can be used

2.安装包

$ sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils qemu-utils

加入用户组

$ sudo adduser `id -un` libvirtd
Adding user '<username>' to group 'libvirtd' ...

然后需要relogin一次,使用户加入libvirtd组。

管理

virt-manager

安装图形化管理界面virt-manager,直接就可以使用了。

问题:error opening spice console, Spiceclientgtk missing

安装以下包:

# libvirt-daemon-system (>= 1.2.7)
# gnome-icon-theme
gir1.2-spice-client-gtk-3.0

virsh

安装操作系统:

virt-install -r 1024 --name xp --disk path=./xp2.img,size=8 --network network:default --cdrom ~/Downloads/xpsp3.iso --os-type=windows --accelerate --graphics vnc

webvirtmgr

Django写的web管理。所依赖包有:

按照官方说明,配置好nginx后,配置supervisor,然后是配置ssh(如果用ssh来连接libvirt服务器)。

当然,也可以手动启动服务,在webvirtmgr的根目录下启动本地服务:

./manage runserver

然后重启nginx,就会将8000端口的服务映射到80上了。

然后开启noVNC,这样就可以在浏览器中查看界面了。

$ websockify 6080 127.0.0.1:5900
$ sudo iptables -I INPUT -m state --state NEW -s YOUR_IP_ADDRESS -m tcp -p tcp --dport 6080 -j ACCEPT

QEMU

Q35

QEMU支持的架构非常少,在Q35出现之前,就只有诞生于1996年的i440FX + PIIX一个架构在苦苦支撑。一方面是Intel不断推出新的芯片组,搞出了PCIe、AHCI等等新东西。i440FX已经无法满足需求,为此在 KVM Forum 2012 上Jason Baron带来了PPT:A New Chipset For Qemu - Intel’s Q35。Q35是Intel在2007年6月推出的芯片组,最吸引人的就是其支持PCI-e。

其北桥为MCH,南桥为ICH9。CPU 通过 前端总线(FSB) 连接到 北桥(MCH),北桥为内存、PCIE等提供接入,同时连接到南桥(ICH9)。南桥为 USB / PCIE / SATA 等提供接入。

virtio

So-called “full virtualization” is a nice feature because it allows you to run any operating system virtualized. However, it’s slow because the hypervisor has to emulate actual physical devices such as RTL8139 network cards . This emulation is both complicated and inefficient.

Virtio is a virtualization standard for network and disk device drivers where just the guest’s device driver “knows” it is running in a virtual environment, and cooperates with the hypervisor. This enables guests to get high performance network and disk operations, and gives most of the performance benefits of paravirtualization.

Note that virtio is different, but architecturally similar to, Xen paravirtualized device drivers (such as the ones that you can install in a Windows guest to make it go faster under Xen). Also similar is VMWare’s Guest Tools.

This page describes how to configure libvirt to use virtio with KVM guests.

Windows 上的 PCI、virtio 驱动找不到了,可以在这里安装: https://github.com/virtio-win/kvm-guest-drivers-windows.

吐槽

好吧,又掌握了一项新技能,虚拟机平台,听说搜狗几千台服务器就是用的libvirt。一直以为很复杂呢,因为管几千台机器呢,结果用了一个晚上就能跑起来了(因为我只知道个大概原理,然后会敲命令用就行)。

我总是把事情想得太复杂,给自己不去做的理由。可只有去做才知道深浅啊,不要被自己首先拦着。

在新东西新领域新朋友新技术面前,放开心扉去接受吧!

会用libvirt让我很激动,仿佛看到了有千万台电脑在我的控制下。

参考

本文由 付豪 创作,采用署名 4.0 国际(CC BY 4.0)创作共享协议进行许可,详细声明