环境说明:centos 7 主机使用kvm创建openstack动态扩容根分区镜像。
安装kvm包
yum install -y qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install libguestfs-tools
创建kvm网络环境
cat <<EOF | tee /etc/sysconfig/network-scripts/ifcfg-eth0 >> /dev/null
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no
EOF
cat <<EOF | tee /etc/sysconfig/network-scripts/ifcfg-br0 >> /dev/null
TYPE=Bridge
BOOTPROTO=static
IPV4_FAILURE_FATAL=no
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.100.100
NETMASK=255.255.255.0
GATEWAY=192.168.100.2
DNS1=223.5.5.5
EOF
systemctl restart network
上传centos ISO镜像
自行上传镜像到宿主机上。本教程将镜像上传到 /opt/share 目录。
创建qcow2文件
mkdir /opt/images
qemu-img create -f qcow2 /opt/images/CentOS-7-x86_64.qcow2 10G
启动kvm虚机
systemctl start libvirtd
virt-install --virt-type kvm --name CentOS7-x86_64 --ram 1024 --cdrom=/opt/share/CentOS-7-x86_64-DVD-1908.iso --disk path=/opt/images/CentOS-7-x86_64.qcow2 --network bridge=br0 --graphics vnc,listen=0.0.0.0 --noautoconsole
安装系统自行决定怎么安装,分区最好手动分区。
安装好系统,是让reboot重启系统。重启后kvm虚拟机不会启动系统。需要手动启动系统。
virsh list --all
virsh start CentOS7-x86_64
下载cloud-init相关包
yum install -y gdisk cloud-init cloud-utils-growpart qemu-guest-agent acpid
systemctl enable qemu-guest-agent.service acpid.service
查看根分区的编号
$ mount |grep /dev/vd
/dev/vda3 on / type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/vda1 on /boot type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
填写cloud-init配置
根据上面查看的根分区数字填写,不要写在最后。尽量前面几行。
vi /etc/cloud/cloud.cfg
users:
- default
disable_root: 1
ssh_pwauth: 0
# 添加下面三行配置文件
bootcmd:
- [ cloud-init-per, once, grow-partition, growpart, /dev/vda, 3 ]
- [ cloud-init-per, once, resize-filesystem, resize2fs, /dev/vda3 ]
修改yum源
yum install wget -y
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e ‘/mirrors.cloud.aliyuncs.com/d‘ -e ‘/mirrors.aliyuncs.com/d‘ /etc/yum.repos.d/CentOS-Base.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache
安装常用的软件包
yum install vim net-tools gcc gcc-c++ tree wget telnet lrzsz traceroute bash-completion-extras -y
修改PS1样式
vim /etc/profile.d/environment.sh
PS1="[\[\e[32;1m\]\u\[\e[37;1m\]@\[\e[31;4m\]\h\[\e[0m\] \[\e[33;1m\]\w\[\e[37;1m\]]\\$ \[\e[0m\]"
修改sshd服务
cd /etc/ssh/
cp sshd_config sshd_config.bak
vim sshd_config
# 修改端口
Port XXXX
# 禁止root用户直接登录,首先要有普通用户。
PermitRootLogin no
# 优化sshd的连接速度
GSSAPIAuthentication no
UseDNS no
禁用ipv6服务
cat >> /etc/sysctl.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
EOF
禁用selinux服务
sed -i ‘/SELINUX/s/enforcing/disabled/‘ /etc/selinux/config
增大文件描述符
echo ‘* - nofile 65535 ‘ >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf
设置时间同步
yum install -y ntp
vim /etc/chrony.conf
#修改前
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#修改后
server ntp1.alyun.com
server ntp2.alyun.com
server ntp3.alyun.com
systemctl enable chronyd
用户sudo免密
cat <<EOF | tee -a /etc/sudoers >> /dev/null
devops ALL=(ALL) NOPASSWD: ALL
EOF
关闭kvm虚拟机
init 0
清理kvm虚拟机信息
virt-sysprep -d CentOS7-x86_64