官方qcow2鏡像建立虛擬機過程

1. 下載官方鏡像

$ wget -P /var/lib/libvirt/images/ http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
--2019-11-13 02:17:20--  http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
Resolving cloud.centos.org (cloud.centos.org)... 38.110.33.4, 2604:4500:0:109::10
Connecting to cloud.centos.org (cloud.centos.org)|38.110.33.4|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 942407680 (899M)
Saving to: ‘CentOS-7-x86_64-GenericCloud.qcow2’

CentOS-7-x86_64-GenericCloud.qco 100%[========================================================>] 898.75M  71.2MB/s    in 14s     

2019-11-13 02:17:35 (62.6 MB/s) - ‘CentOS-7-x86_64-GenericCloud.qcow2’ saved [942407680/942407680]

2. 建立虛擬機

$ cd /var/lib/libvirt/images/
$ virt-install -n centos-7 -r 65536 --vcpus 32 --cpu Haswell,-rtm,-hle,+rdrand,+f16c --description "CentOS-7-x86_64-GenericCloud"  --network bridge=br0,model=e1000 --network bridge=br1,model=e1000 --graphics vnc,listen=0.0.0.0 --disk path=/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2 --boot hd=/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2

Starting install...
Creating domain...                                                            |    0 B     00:00
Domain creation completed. You can restart your domain by running:
  virsh --connect qemu:///system start centos-7

等待幾分鐘後，進入用戶登錄命令行...

CentOS Linux 7 (Core)
Kernel 3.10.0-957.27.2.e17.x86_64 on an x86_64

192.168.0.10 login:_

因爲官方鏡像是不支持直接默認用戶名和密碼登錄，因此咱們須要將主機公鑰導入虛擬機的/root/.ssh/authorized_keys文件中

3. 導入主機公鑰

查看主機公鑰

cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSs90dCvSJRGYZdShRME3c0cfHAwLGk9q364Pezj7NWcmknEn5algwQi62NusUsSkbHI8xkfpguXYH923SWOaETJOb5zmOnZV7Ow4u+Z5vNGwd5bjl92uRGQ+9YHl/NwrfOaVphQQT/CtmdHQjJIMeLg7FUEjXxL+EL63gFP6A5293d1WW73828Abs+k1bghzJFcHnXUyNPFE3EsG6AYErequz1DlFkJfcS3A1nS0eP4zK0LTDDJp8J2plnNGqcNibrDtt4FEjqcZ4Hsd12biqrqojXlk7XQiZ5YXlLR1XoVL2Pgmc42wIZ9CdnLSN+br2nbcvHuSLKL2Q9G9chG7t root@centos

掛載鏡像文件系統

$ virsh destroy centos-7
Domain centos-7 destroyed

$ mkdir centos_fs
$ guestmount -d centos-7 -i --rw centos_fs/
$ chroot cnetos_fs/

進入系統導入公鑰

[root@centos /]# vi /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSs90dCvSJRGYZdShRME3c0cfHAwLGk9q364Pezj7NWcmknEn5algwQi62NusUsSkbHI8xkfpguXYH923SWOaETJOb5zmOnZV7Ow4u+Z5vNGwd5bjl92uRGQ+9YHl/NwrfOaVphQQT/CtmdHQjJIMeLg7FUEjXxL+EL63gFP6A5293d1WW73828Abs+k1bghzJFcHnXUyNPFE3EsG6AYErequz1DlFkJfcS3A1nS0eP4zK0LTDDJp8J2plnNGqcNibrDtt4FEjqcZ4Hsd12biqrqojXlk7XQiZ5YXlLR1XoVL2Pgmc42wIZ9CdnLSN+br2nbcvHuSLKL2Q9G9chG7t root@centos
[root@centos /]# touch /.autorelabel
[root@centos /]# exit

因爲當前的環境中 SELinux 並未啓動，因此咱們對文件的修改可能形成文件的 context 不正確。爲了確保開機時從新設定 SELinux context，必須在根目錄下添加隱藏文件.autorelabel

4. 配置虛擬機

進入虛擬機

$ ssh 192.168.0.10
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
ECDSA key fingerprint is ca:31:fb:2d:d5:a2:b3:16:84:05:ac:12:ed:cd:09:99.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.10' (ECDSA) to the list of known hosts.

修改root密碼

[root@192.168.0.10 ~]# 
[root@192.168.0.10 ~]# passwd root
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

修改ssh配置

[root@192.168.0.10 ~]# vi /etc/ssh/sshd_config
.....
PermitRootLogin yes
...
PasswordAuthentication yes
.....
[root@192.168.0.10 ~]# systemctl restart sshd.service

設置靜態IP

[root@192.168.0.10 ~]# ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.10  netmask 255.255.0.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fee5:a9cd  prefixlen 64  scopeid 0x20<link>
        inet6 172:0:10:0:5054:ff:fee5:a9cd  prefixlen 64  scopeid 0x0<global>
        ether 52:54:00:e5:a9:cd  txqueuelen 1000  (Ethernet)
        RX packets 6236  bytes 444038 (433.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 416  bytes 45279 (44.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 6  bytes 416 (416.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 416 (416.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@192.168.0.10 ~]# ifconfig ens3 192.168.0.15
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.15  netmask 255.255.0.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fee5:a9cd  prefixlen 64  scopeid 0x20<link>
        inet6 172:0:10:0:5054:ff:fee5:a9cd  prefixlen 64  scopeid 0x0<global>
        ether 52:54:00:e5:a9:cd  txqueuelen 1000  (Ethernet)
        RX packets 6236  bytes 444038 (433.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 416  bytes 45279 (44.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 6  bytes 416 (416.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 416 (416.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@192.168.0.10 ~]# ip route add default via 192.168.0.1 dev ens3
[root@192.168.0.10 ~]# ip route
default via 192.168.0.1 dev ens3
192.0.0.0/16 dev ens3 proto kernel scope link src 192.168.0.15

修改主機名

[root@192.168.0.10 ~]# hostnamectl --static set-hostname centos

從新鏈接

$ ssh root@192.168.0.15
The authenticity of host '192.168.0.15 (192.168.0.15)' can't be established.
ECDSA key fingerprint is ca:31:fb:2d:d5:a2:b1:15:83:05:ac:12:ed:cd:09:99.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.15' (ECDSA) to the list of known hosts.
root@192.168.0.15's password:
Permission denied, please try again.
root@192.168.0.15's password:
Last failed login: Fri Nov 15 06:23:32 UTC 2019 from 192.168.0.12 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Fri Nov 15 06:10:28 2019 from 192.168.0.12

[root@centos ~]# 
[root@centos ~]# hostnamectl
   Static hostname: centos
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 65113b1a0d2f6087d515e6a8cd0ee7ef
           Boot ID: 16692d27335542449484fd6cdd862b85
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-957.27.2.el7.x86_64
      Architecture: x86-64

因爲ifcfg-ens3網卡配置文件是系統啓動自動生成的，不能編輯生效，因此咱們須要在profile中初始化網絡配置

[root@centos ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens3
# Created by cloud-init on instance boot automatically, do not edit.
#
BOOTPROTO=dhcp
DEVICE=ens3
HWADDR=52:54:00:e5:a9:cd
ONBOOT=yes
TYPE=Ethernet
USERCTL=no

在文件末尾加上以下命令

[root@centos ~]# vi /etc/profile
.....
ifconfig ens3 192.168.0.15
ip route add default via 192.168.0.1 dev ens3