由于母鸡管理很麻烦,什么都要IPMI的话太费劲,又由于母鸡只有一个IP,一开始想过网上各种面板开小鸡,但是无奈有些要求内核版本,要求这个那个,由于只有我自己一个用户,还是选择命令方式开.
先给母鸡装系统,比如我比较偏爱Debian 10,由于用的是标准的virt工具,所以系统无所谓,选自己熟悉的就行.
装完系统就安装虚拟机管理工具.
apt install bridge-utils qemu-kvm virtinst virt-top libvirt-daemon-system libvirt-clients
adduser root libvirt
默认管理工具的VNC是不监听外网的,这样我们没法链接,所以改成外网监听.
sed -i 's/#vnc_listen = "0.0.0.0"/vnc_listen = "0.0.0.0"/g' /etc/libvirt/qemu.conf
systemctl restart libvirtd
当然还要改一下网卡配置,不然没法做桥接,由于我只有一个IP,所以我还要做NAT转发,IPv6通过隧道分配了一组,链接隧道后续备用.
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
allow-hotplug enp2s0
iface enp2s0 inet static
address 192.3.185.***/30
gateway 192.3.185.***
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8
dns-search colocrossing.com
auto tun0
iface tun0 inet6 v4tunnel
address 2001:470:1f06:***::2
netmask 64
endpoint 209.51.161.14
local 192.3.185.***
ttl 255
gateway 2001:470:1f06:***::1
auto vmbr0
iface vmbr0 inet static
address 192.168.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o enp2s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o enp2s0 -j MASQUERADE
iface vmbr0 inet6 static
address 2001:470:****::1/48
netmask 48
bridge_ports tun0
bridge_stp off
bridge_fd 0
配置DHCPv4 / DHCPv6 + SLAAC,需要先安装工具.
apt install isc-dhcp-server radvd
DHCP服务于V4和V6,文件是/etc/default/isc-dhcp-server.
INTERFACESv4="vmbr0"
INTERFACESv6="vmbr0"
DHCPv4就配置我自己划分的内网段,文件是/etc/dhcp/dhcpd.conf.
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 8.8.8.8;
range 192.168.0.2 192.168.0.100;
}
DHCPv6就配置我自己下发的前缀,文件是/etc/dhcp/dhcpd6.conf.
default-lease-time 2592000;
preferred-lifetime 604800;
option dhcp-renewal-time 3600;
option dhcp-rebinding-time 7200;
allow leasequery;
option dhcp6.info-refresh-time 21600;
subnet6 2001:470:****::/48 {
range6 2001:470:****::2 2001:470:****:ffff:ffff:ffff:ffff:ffff;
}
对于V6,光有IP是不行的,V6也没网关概念,我用SLAAC下发其他配置,文件是/etc/radvd.conf.
interface vmbr0
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:470:****::/48
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
把刚才配置的这些服务全部设置成开机自启,然后重启服务器.
systemctl enable isc-dhcp-server
systemctl enable radvd
拉一个镜像或者直接从ISO中安装.
cd /var/lib/libvirt/boot
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.10.0-amd64-netinst.iso
创建一个机,参数具体应该一看就懂.
virt-install \
--virt-type=kvm \
--name=debian10 \
--vcpus=1 \
--ram=2048 \
--network bridge=vmbr0,model=virtio \
--cdrom /var/lib/libvirt/boot/debian-10.10.0-amd64-netinst.iso \
--disk path=/var/lib/libvirt/images/debian10.qcow2,size=10,bus=virtio,cache=writeback,format=qcow2 \
--graphics=vnc,password=xxoo
之后可以用virsh愉快管理了,当然也可以找设置好的qcow镜像直接启动,就相当于模板一样.
尽量还是不要在母鸡上干活,毕竟权限越大责任越大危险越高.