Jerin RHCSA: Muhimman Abubuwan Haɓakawa da Gudanar da Baƙi tare da KVM - Sashe na 15

Idan ka duba kalmar Virtualize a cikin ƙamus, za ka ga cewa tana nufin \ƙirƙirar sigar kama-da-wane (maimakon ainihin) na wani abu. ware ɗaya daga wani, a saman tsarin (hardware) iri ɗaya, wanda aka sani a cikin tsarin ƙirƙira azaman mai watsa shiri.

Ta hanyar amfani da na'urar saka idanu (wanda kuma aka sani da hypervisor), na'urori masu kama-da-wane (wanda ake nufi da baƙi) ana samar da kayan aikin kama-da-wane (watau CPU, RAM, ajiya, musaya na cibiyar sadarwa, don suna kaɗan) daga kayan aikin da ke ƙasa.

Tare da wannan a zuciyarsa, a bayyane yake ganin cewa ɗayan manyan fa'idodin haɓakawa shine tanadin farashi (a cikin kayan aiki da kayan aikin cibiyar sadarwa da kuma dangane da ƙoƙarin kiyayewa) da raguwa mai yawa a cikin sararin samaniya da ake buƙata don ɗaukar duk kayan aikin da suka dace.

Tun da wannan taƙaitaccen yadda ba za a iya ɗaukar duk hanyoyin da za a iya amfani da su ba, Ina ƙarfafa ku da ku koma ga takaddun da aka jera a taƙaice don ƙarin cikakkun bayanai kan batun.

Da fatan za a tuna cewa labarin na yanzu an yi niyya ya zama mafari don koyan mahimman abubuwan haɓakawa a cikin RHEL 7 ta amfani da KVM (Kernel na tushen Virtual Machine) tare da abubuwan amfani da layin umarni, kuma ba tattaunawa mai zurfi game da batun ba.

Tabbatar da Bukatun Hardware da Shigar Fakiti

Domin saita iyawa, dole ne CPU naku ya goyi bayansa. Kuna iya tabbatar ko tsarin ku ya cika buƙatu tare da umarni mai zuwa:

# grep -E 'svm|vmx' /proc/cpuinfo

A cikin hoton da ke gaba za mu iya ganin cewa tsarin na yanzu (tare da microprocessor AMD) yana goyan bayan haɓakawa, kamar yadda aka nuna ta svm. Idan muna da processor na tushen Intel, za mu ga vmx maimakon a cikin sakamakon umarnin da ke sama.

Bugu da ƙari, kuna buƙatar samun damar iya yin aiki a cikin firmware na mai masaukin ku (BIOS ko UEFI).

Yanzu shigar da fakitin da suka dace:

  1. qemu-kvm shine buɗaɗɗen tushen Virtualizer wanda ke ba da kwaikwayi hardware don KVM hypervisor yayin da qemu-img yana ba da kayan aikin layin umarni don sarrafa hotunan diski.
  2. libvirt ya haɗa da kayan aikin don yin hulɗa tare da iyawar tsarin aiki.
  3. libvirt-python yana ƙunshe da tsarin da ke ba da izinin aikace-aikacen da aka rubuta a cikin Python don amfani da ƙa'idar da libvirt ke bayarwa.
  4. libguestfs-kayan aikin: iri-iri na kayan aikin layin umarni na mai sarrafa tsarin don injina.
  5. shigar da ta dace: sauran abubuwan amfani da layin umarni don sarrafa injin kama-da-wane.

# yum update && yum install qemu-kvm qemu-img libvirt libvirt-python libguestfs-tools virt-install

Da zarar an gama shigarwa, tabbatar kun fara kuma kunna sabis na libvirtd:

# systemctl start libvirtd.service
# systemctl enable libvirtd.service

Ta hanyar tsoho, kowane injin kama-da-wane kawai zai iya sadarwa tare da sauran a cikin uwar garken jiki iri ɗaya kuma tare da mai masaukin kansa. Domin bawa baƙi damar isa ga wasu injina a cikin LAN ɗinmu da kuma Intanet, muna buƙatar saita hanyar sadarwa ta gada a cikin mai masaukinmu (ka ce br0, misali) ta,

1. ƙara layin da ke gaba zuwa babban tsarin NIC ɗin mu (mafi yiwuwa /etc/sysconfig/network-scripts/ifcfg-enp0s3):

BRIDGE=br0

2. ƙirƙirar fayil ɗin sanyi don br0 (/etc/sysconfig/network-scripts/ifcfg-br0) tare da waɗannan abubuwan (lura cewa ƙila za ku canza adireshin IP, adireshin ƙofar, da bayanan DNS). ):

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
IPADDR=192.168.0.18
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
NM_CONTROLLED=no
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=br0
ONBOOT=yes
DNS1=8.8.8.8
DNS2=8.8.4.4

3. a ƙarshe, ba da damar tura fakiti ta hanyar yin, a cikin /etc/sysctl.conf,

net.ipv4.ip_forward = 1

da loda canje-canje zuwa tsarin kernel na yanzu:

# sysctl -p

Lura cewa ƙila kuma kuna buƙatar gaya wa Firewalld cewa ya kamata a bar irin wannan zirga-zirga. Ka tuna cewa za ku iya komawa ga labarin kan wannan batu a cikin wannan silsilar (Sashe na 11: Gudanar da zirga-zirgar hanyar sadarwa ta amfani da FirewallD da Iptables) idan kuna buƙatar taimako don yin hakan.