解决措施:
1)在webvirtmgr服务器(服务端)上(这里kvm和WebVirtMgr部署在同一台机器上)创建nginx用户家目录(默认nginx服务安装时是没有nginx家目录的),生成nginx的公私钥
[iyunv@openstack ops]# cd /home/
[iyunv@openstack home]# mkdir nginx
[iyunv@openstack home]# chown nginx.nginx nginx/
[iyunv@openstack home]# chmod 700 nginx/ -R
[iyunv@openstack home]# su - nginx -s /bin/bash
-bash-4.1$ ssh-keygen #期间输入yes后直接回车,回车
-bash-4.1$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.1$ chmod 0600 ~/.ssh/config
2)在kvm(客服端)服务器上(这里kvm和WebVirtMgr部署在同一台机器上)配置用户,这里默认采用root用户
---------------------------------------------------------------------------------------------------------------------
如果采用其他用户,比如webvirtmgr,操作如下:
[iyunv@openstack ops]#useradd webvirtmgr
[iyunv@openstack ops]#echo "123456" | passwd --stdin webvirtmgr
[iyunv@openstack ops]#groupadd libvirt
[iyunv@openstack ops]#usermod -G libvirt -a webvirtmgr
---------------------------------------------------------------------------------------------------------------------
3)在webvirtmgr服务器(服务端)上(这里kvm和WebVirtMgr部署在同一台机器上),将nginx用户的ssh-key上传到kvm服务器上(这里kvm和WebVirtMgr部署在同一台机器上)
[iyunv@openstack ops]# su - nginx -s /bin/bash
-bash-4.1$ ssh-copy-id root@192.168.1.17
Warning: Permanently added '192.168.1.17' (RSA) to the list of known hosts.
root@192.168.1.17's password: #输入192.168.1.17即本机的root账号
Now try logging into the machine, with "ssh 'root@192.168.1.17'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
---------------------------------------------------------------------------------------------------------------------
这里采用的是root用户,如果采用其他用户,比如上面假设的webvirtmgr用户,操作如下:
[iyunv@openstack ops]#su - nginx -s /bin/bash
-bash-4.1$ssh-copy-id webvirtmgr@192.168.0.23
---------------------------------------------------------------------------------------------------------------------
4)在kvm(客服端)服务器上(这里kvm和WebVirtMgr部署在同一台机器上)配置 libvirt ssh授权
[iyunv@openstack ops]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root #注意这里采用的是root用户
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[iyunv@openstack ops]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
-------------------------------------------------------------------------------------------------------------------------------
这里采用的是root用户,如果采用其他用户,比如上面假设的webvirtmgr用户,操作如下:
[iyunv@openstack ops]#vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:webvirtmgr #这里就设定webvirtmgr用户
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[iyunv@openstack ops]#chown -R webvirtmgr.webvirtmgr /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
--------------------------------------------------------------------------------------------------------------------------------
5)重启 libvirtd 服务
/etc/init.d/libvirtd restart
这样上面报错的问题就迎仍而解了! 然后重新ssh方式连接就ok了,就不会有上面那个报错了~
但是,又出现了其他报错(如下)!尼玛~~ 接续排查!
解决措施:
在WebVirtMgr服务器本地使用ssh方式连接,在终端命令行里:
[iyunv@openstack .ssh]# virsh -c qemu+ssh://103.10.86.17/system list
The authenticity of host '103.10.86.17 (103.10.86.17)' can't be established.
RSA key fingerprint is 3d:c1:2e:70:e9:e5:1d:84:40:a2:63:82:af:e5:cc:cd.
Are you sure you want to continue connecting (yes/no)? yes
error: End of file while reading data: Warning: Permanently added '103.10.86.17' (RSA) to the list of known hosts.: Input/output error
error: failed to connect to the hypervisor
看日志 tail /var/log/secure | grep sshd 发现是我这里主动发出断开的.有可能检测到libvirtd有些问题导致的。
当时使用virt-manage可以查询到远程的信息.估计是sshd出现的问题把.
折腾一会,暂时没找到解决方案
决定先选用通过tcp协议进行迁移的(但是这种方式没有用ssh连接方式安全——)
等后面有时间了,再想办法解决上面ssh方式连接的错误吧
注意:
在使用tcp方式连接后,会出现连接终端的情况!
[iyunv@openstack .ssh]# virsh -c qemu+tcp://192.168.1.17/system
error: Cannot recv data: Connection reset by peer
error: failed to connect to the hypervisor 连接断开,重新连接便可。
[iyunv@openstack ops]# ps aux | grep libvirtd
root 59619 0.6 0.0 1008128 22048 ? Sl 19:17 0:06 libvirtd --daemon --config /etc/libvirt/libvirtd.conf --listen
root 61081 0.0 0.0 103316 1004 pts/2 S+ 19:33 0:00 grep --color libvirtd
[iyunv@openstack ops]# kill -9 59619
[iyunv@openstack ops]# ps aux | grep libvirtd
root 61083 0.0 0.0 103312 904 pts/2 S+ 19:33 0:00 grep --color libvirtd
[iyunv@openstack ops]# libvirtd --daemon --listen --config /etc/libvirt/libvirtd.conf
[iyunv@openstack ops]# ps aux | grep libvirtd
root 61086 13.5 0.0 418240 6576 ? Sl 19:33 0:00 libvirtd --daemon --listen --config /etc/libvirt/libvirtd.conf
root 61176 0.0 0.0 103312 908 pts/2 S+ 19:33 0:00 grep --color libvirtd
[iyunv@openstack ops]# virsh -c qemu+tcp://192.168.1.17/system
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
后续发现,webvirtmgr连上后,过一会儿就会断开!
针对这个情况,可以可以写个定时脚本,如下:
[iyunv@openstack ops]# cat /usr/local/src/libvirtd.sh
#!/bin/bash
ps -ef | grep "libvirtd --daemon --listen"|grep -v grep|awk -F" " '{print $2}'|xargs kill -9
/usr/sbin/libvirtd --daemon --listen --config /etc/libvirt/libvirtd.conf
[iyunv@openstack ops]# crontab -l
* * * * * /bin/bash -x /usr/local/src/libvirtd.sh > /dev/null 2>&1
* * * * * sleep 10;/bin/bash -x /usr/local/src/libvirtd.sh > /dev/null 2>&1
* * * * * sleep 20;/bin/bash -x /usr/local/src/libvirtd.sh > /dev/null 2>&1
* * * * * sleep 30;/bin/bash -x /usr/local/src/libvirtd.sh > /dev/null 2>&1
* * * * * sleep 40;/bin/bash -x /usr/local/src/libvirtd.sh > /dev/null 2>&1
* * * * * sleep 50;/bin/bash -x /usr/local/src/libvirtd.sh > /dev/null 2>&1 ********************************************************************************* 一般如上配置后,webvirtmgr里的控制台是可以正常连接虚拟机的。 但如果webvirtmgr里通过控制台页面(vnc)连接虚拟机失败,可以按照下面的操作方法尝试解决:
kvm原来的安装方式是客户端需要安装vncviewer,才能看到安装页面,而webvirtmgr使用了novnc,页面通过websocket进行通信。
1)首先需要安装novnc
[iyunv@openstack ops]#yum install -y novnc
2)防火墙打开vnc的6080端口
[iyunv@openstack ops]# vim /etc/sysconfig/iptables
.......
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6080 -j ACCEPT
.......
[iyunv@openstack ops]# /etc/init.d/iptables restart
3)由上面可知,webvirtmgr进程通过supervisor管理。这里需要重启supervisor进程
[iyunv@openstack ops]# /etc/init.d/supervisord restart
这样,再次打开Webvirtmgr的控制台,发现就能连上虚拟机了!
******************
可以在webvirtmgr服务器上通过命令行尝试下连接:
[iyunv@openstack ops]# novnc_server --help
Usage: novnc_server [--listen PORT] [--vnc VNC_HOST:PORT] [--cert CERT]
Starts the WebSockets proxy and a mini-webserver and
provides a cut-and-paste URL to go to.
--listen PORT Port for proxy/webserver to listen on
Default: 6080
--vnc VNC_HOST:PORT VNC server host:port proxy target
Default: localhost:5900
--cert CERT Path to combined cert/key file
Default: self.pem
--web WEB Path to web files (e.g. vnc.html)
Default: ./
[iyunv@openstack ops]# novnc_server --listen 192.168.1.17:6086 #端口在6080后的都可以用
Warning: could not find self.pem
Starting webserver and WebSockets proxy on port 192.168.1.17:6086
WARNING: no 'numpy' module, HyBi protocol will be slower
WebSocket server settings:
- Listen on 192.168.1.17:6086
- Flash security policy server
- Web server. Web root: /usr/share/novnc
- No SSL/TLS support (no cert file)
- proxying from 192.168.1.17:6086 to localhost:5900
Navigate to this URL:
http://kvm-server:192.168.1.17:6086/vnc.html?host=kvm-server&port=192.168.1.17:6086
Press Ctrl-C to exit *********************************************************************************