Linux云自动化运维第七课
第十单元 系统日志
一、系统日志默认分类
/var/log/messages ###系统服务及日志,包括服务的信息,报错等等
/var/log/secure ###系统认证信息日志
/var/log/maillog ###系统邮件服务信息
/var/log/cron ###系统定时任务信息
/var/log/boot.log ###系统启动信息
二、日志管理服务rsyslog
1.rsyslog负责采集日志和分类存放日志
2.rsyslog日志分类
vim /etc/rsyslog.conf ###主配置文件
服务.日志级别 /存放文件
*.* /var/log/westos
systemctl restart rsyslog.service ###重启日志管理服务
eg:[root@localhost Desktop]# vim /etc/rsyslog.conf ###编辑日志管理文件
###*.* /var/log/desktop ###添加该句,意思为所有服务.所有级别的日志存放在/var/log/desktop中
[root@localhost Desktop]# ll /var/log/desktop
ls: 无法访问/var/log/desktop: 没有那个文件或目录
[root@localhost Desktop]# systemctl restart rsyslog.service ###重启日志管理服务
[root@localhost Desktop]# ll /var/log/desktop
-rw-r--r--. 1 root root 496 Mar 28 21:17 /var/log/desktop
[root@localhost Desktop]# cat /var/log/desktop ###查看日志文件
Mar 28 21:17:14 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="4324" x-info="http://www.rsyslog.com"] start
Mar 28 21:17:13 localhost rsyslogd-2307: warning: ~ action is deprecated, consider using the 'stop' statement instead [try http://www.rsyslog.com/e/2307 ]
Mar 28 21:17:13 localhost systemd: Stopping System Logging Service... ###记录了刚才的重启日志管理服务
Mar 28 21:17:13 localhost systemd: Starting System Logging Service...
Mar 28 21:17:14 localhost systemd: Started System Logging Service.
[root@localhost Desktop]# systemctl restart sshd.service ###重启sshd服务
[root@localhost Desktop]# cat /var/log/desktop
Mar 28 21:17:14 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="4324" x-info="http://www.rsyslog.com"] start
Mar 28 21:17:13 localhost rsyslogd-2307: warning: ~ action is deprecated, consider using the 'stop' statement instead [try http://www.rsyslog.com/e/2307 ]
Mar 28 21:17:13 localhost systemd: Stopping System Logging Service...
Mar 28 21:17:13 localhost systemd: Starting System Logging Service...
Mar 28 21:17:14 localhost systemd: Started System Logging Service.
Mar 28 21:17:52 localhost systemd: Stopping OpenSSH server daemon... ###记录sshd的重启日志
Mar 28 21:17:52 localhost sshd[3096]: Received signal 15; terminating.
Mar 28 21:17:52 localhost systemd: Starting OpenSSH server daemon...
Mar 28 21:17:52 localhost systemd: Started OpenSSH server daemon.
Mar 28 21:17:52 localhost sshd[4361]: Server listening on 0.0.0.0 port 22.
Mar 28 21:17:52 localhost sshd[4361]: Server listening on :: port 22.
3.格式
日志设备(类型).(连接符号)日志级别 日志处理方式(action)
4.日志设备(可以理解为日志类型):
auth ###pam产生的日志
authpriv ###ssh,ftp等登录信息的验证信息
cron ###时间任务相关
kern ###内核
lpr ###打印
mail ###邮件
mark(syslog)–rsyslog ###服务内部的信息,时间标识
news ###新闻组
user ###用户程序产生的相关信息
uucp ###unix to unix copy, unix主机之间相关的通讯
local 1~7 ###自定义的日志设备
5.日志级别
debug ###有调式信息的,日志信息最多
info ###般信息的日志,最常用
notice ###最具有重要性的普通条件的信息
warning ###警告级别
err ###错误级别,阻止某个功能或者模块不能正常工作的信息
crit ###严重级别,阻止整个系统或者整个软件不能正常工作的信息
alert ###需要立刻修改的信息
emerg ###内核崩溃等严重信息
none ###什么都不记录
ps:从上到下,级别从低到高,记录的信息越来越少。详细的可以查看手册: man 3 syslog
6.连接符号
.xxx: 表示大于等于xxx级别的信息
.=xxx:表示等于xxx级别的信息
.!xxx:表示在xxx之外的等级的信息
7.实例
1)记录到普通文件或设备文件::
*.* /var/log/file.log ### 绝对路径
*.* /dev/pts/0
测试:logger -p local3.info ‘KadeFor is testing the rsyslog and logger ‘ logger 命令用于产生日志
2)发送给用户(需要在线才能收到)
*.* root
*.* root,kadefor,up01 ### 使用,号分隔多个用户
*.* * ### *号表示所有在线用户
3)忽略,丢弃
local3.* ~ ### 忽略所有local3类型的所有级别的日志
4)执行脚本::
local3.* ^/tmp/a.sh ### ^号后跟可执行脚本或程序的绝对路径,日志内容可以作为脚本的第一个参数,可用来触发报警
8.日志同步
1)systemctl stop firewalld ###关闭两台主机的火墙
2)配置日志发送方
*.* @172.25.0.11 ###通过udp协议把日志发送到11主机,@udp,@@tcp
3)配置日志接受方
15 $ModLoad imudp ###日志接收插件
16 $UDPServerRun 514 ###日志接收插件使用端口
#netstat -anulpe | grep rsyslog
udp 0 0 0.0.0.0:514 0.0.0.0:* 0 122073 32654/rsyslogd
udp6 0 0 :::514 :::* 0 122074 32654/rsyslogd
4)测试
> /var/log/messages ###两边都作,日志文件清空
logger test message ###日志发送方
tail -f /var/log/message ###日志接收方
eg:[root@localhost Desktop]# vim /etc/rsyslog.conf ###日志接受方,文件配置
###$ModLoad imudp
###$UDPServerRun 514
[root@localhost Desktop]# systemctl stop firewalld.service ###关闭接受方主机的防火墙
[root@localhost Desktop]# systemctl restart rsyslog.service ###重启接受方的日志管理服务
[root@localhost Desktop]# tail -f /var/log/messages ###监控日志变化
[root@localhost Desktop]# vim /etc/rsyslog.conf ###日志发送方,文件配置
###*.* @172.25.254.242 ###通过udp协议把日志发送到接受方主机,@udp,@@tcp
[root@localhost Desktop]# systemctl restart rsyslog.service ###重启发送方的日志管理服务
[root@localhost Desktop]# logger test message ###测试指令,看接受方日志变化
9.日志采集格式
$template WESTOS, "%timegenerated% %FROMHOST-IP% %syslogtag% %msg% "
%timegenerated% ###显示日志时间
%FROMHOST-IP% ###显示主机ip
%syslogtag% ###日志记录目标
%msg% ###日志内容
###换行
$ActionfileDefaultTemplate WESTOS
*.info;mail.none;authpriv.none;cron.none /var/log/messages;<<WESTOS>>
eg:[root@localhost Desktop]# vim /etc/rsyslog.conf
###$template DESKTOP,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg% " ###*.* /var/log/desktop;DESKTOP
[root@localhost Desktop]# systemctl restart rsyslog.service ###重启日志管理服务
[root@localhost Desktop]# >/var/log/desktop ###清空日志记录文件
[root@localhost Desktop]# cat /var/log/desktop
[root@localhost Desktop]# systemctl restart sshd.service ###重启sshd服务
[root@localhost Desktop]# cat /var/log/desktop ###日志记录sshd重启服务,并以rsyslog.conf文件中要求的格式输出
Mar 28 21:31:33 127.0.0.1 systemd: Stopping OpenSSH server daemon...
Mar 28 21:31:33 127.0.0.1 sshd[4434]: Received signal 15; terminating.
Mar 28 21:31:33 127.0.0.1 systemd: Starting OpenSSH server daemon...
Mar 28 21:31:33 127.0.0.1 systemd: Started OpenSSH server daemon.
Mar 28 21:31:33 127.0.0.1 sshd[4582]: Server listening on 0.0.0.0 port 22.
Mar 28 21:31:33 127.0.0.1 sshd[4582]: Server listening on :: port 22.
###%时间戳% %主机ip% %日志记录目标% %日志内容%
三、日志分析工具journal
1.systemd-journal 进程名称
journalctl ###直接执行,浏览系统日志
-n 3 ###显示最新3条
-p err ###显示报错
-f ###监控日志
--since --until ###--since "[YYYY-MM-DD] [hh:mm:ss]" 从什么时间到什么时间的日志
-o verbose ###显示日志能够使用的详细进程参数,_SYSTEMD_UNIT=sshd.service服务名称,_PID=1182进程pid
eg:[root@localhost Desktop]# journalctl ###浏览系统日志
[root@localhost Desktop]# journalctl -n 3 ###显示最新3条日志
-- Logs begin at Tue 2017-03-28 21:00:51 EDT, end at Tue 2017-03-28 22:30:11 EDT. --
Mar 28 22:30:11 localhost dbus[526]: [system] Activating service name='org.freedesktop.PackageKit' (usin
Mar 28 22:30:11 localhost dbus-daemon[526]: dbus[526]: [system] Successfully activated service 'org.free
Mar 28 22:30:11 localhost dbus[526]: [system] Successfully activated service 'org.freedesktop.PackageKit
lines 1-4/4 (END)
[root@localhost Desktop]# journalctl -p err ###显示报错日志
-- Logs begin at Tue 2017-03-28 21:00:51 EDT, end at Tue 2017-03-28 22:30:11 EDT. --
Mar 28 21:00:51 localhost kernel: Failed to access perfctr msr (MSR c1 is 0)
Mar 28 21:00:52 localhost rpcbind[171]: rpcbind terminating on signal. Restart with "rpcbind -w"
Mar 28 21:00:59 localhost smartd[518]: Problem creating device name scan list
Mar 28 21:00:59 localhost smartd[518]: In the system's table of devices NO devices found to scan
Mar 28 21:01:05 localhost systemd[1]: Failed to start LSB: Starts the Spacewalk Daemon.
Mar 28 21:01:06 localhost libvirtd[1159]: libvirt version: 1.1.1, package: 29.el7 (Red Hat, Inc. <http:/
Mar 28 21:01:06 localhost libvirtd[1159]: Module /usr/lib64/libvirt/connection-driver/libvirt_driver_lxc
Mar 28 21:01:08 localhost systemd[1]: Failed to start /etc/rc.d/rc.local Compatibility.
Mar 28 21:38:20 localhost bluetoothd[2236]: Parsing /etc/bluetooth/input.conf failed: No such file or di
lines 1-10/10 (END)
[root@localhost Desktop]# journalctl -f
[root@localhost Desktop]# journalctl --since 22:31:49 ###显示从22:31:49开始到此刻的日志
-- Logs begin at Tue 2017-03-28 21:00:51 EDT, end at Tue 2017-03-28 22:31:49 EDT. --
Mar 28 22:31:49 localhost rhsmd[32534]: In order for Subscription Manager to provide your system with up
Mar 28 22:31:49 localhost run-parts(/etc/cron.daily)[32536]: finished rhsmd
Mar 28 22:31:49 localhost anacron[4700]: Job `cron.daily' terminated
lines 1-4/4 (END)
[root@localhost Desktop]# journalctl --until 21:00:52 ###显示从系统开机到21:00:52的日志
[root@localhost Desktop]# journalctl _PID=4353 ###显示进程id为4353的日志
-- Logs begin at Tue 2017-03-28 21:00:51 EDT, end at Tue 2017-03-28 22:31:49 EDT. --
Mar 28 21:46:22 localhost sshd[4353]: Accepted password for root from 172.25.254.42 port 43317 ssh2
Mar 28 21:46:22 localhost sshd[4353]: pam_unix(sshd:session): session opened for user root by (uid=0)
[root@localhost Desktop]# journalctl _COMM=sshd ###显示进程名称为sshd的日志
-- Logs begin at Tue 2017-03-28 21:00:51 EDT, end at Tue 2017-03-28 22:31:49 EDT. --
Mar 28 21:01:06 localhost sshd[1201]: Server listening on 0.0.0.0 port 22.
Mar 28 21:01:06 localhost sshd[1201]: Server listening on :: port 22.
Mar 28 21:46:22 localhost sshd[4353]: Accepted password for root from 172.25.254.42 port 43317 ssh2
Mar 28 21:46:22 localhost sshd[4353]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 28 22:22:11 localhost sshd[1201]: Received signal 15; terminating.
Mar 28 22:22:11 localhost sshd[4935]: Server listening on 0.0.0.0 port 22.
Mar 28 22:22:11 localhost sshd[4935]: Server listening on :: port 22.
2.对systemd-journald管理
###默认情况下此程序会忽略重启前的日志信息,如不忽略:
mkdir /var/log/journal
chown root:systemd-journal /var/log/journal
chmod 2755 /var/log/journal
killall -1 systemd-journald
ls /var/log/journal/4513ad59a3b442ffa4b7ea88343fa55f
system.journal user-1000.journal
eg:[root@localhost Desktop]# mkdir /var/log/journal ###创建journal目录
[root@localhost Desktop]# chown root.systemd-journal /var/log/journal ###所有人root用户,所有组systemd-journal组
[root@localhost Desktop]# chmod 2755 /var/log/journal ###权限2755,文件所有人可读可写可执行,所有组和其它人可读可执行
[root@localhost Desktop]# killall -1 systemd-journald ###生成日志信息文件,类型data
[root@localhost Desktop]# ls /var/log/journal/
946cb0e817ea4adb916183df8c4fc817
[root@localhost Desktop]# ls /var/log/journal/946cb0e817ea4adb916183df8c4fc817
system.journal
四、时间同步
1.服务端
yum install chrony -y ###安装服务
vim /etc/chrony.conf ###主配置文件
21 # Allow NTP client access from local network.
22 allow 172.25.0.0/24 ###允许谁去同步我的时间
27 # Serve time even if not synchronized to any NTP server.
28 local stratum 10 ###不去同步任何人的时间,时间同步服务器级别
systemctl restart chronyd
systemctl stop firewalld
eg:[root@localhost ~]# date 032911052017.20 ###修改系统时间
Wed Mar 29 11:05:20 EDT 2017
[root@localhost ~]# clock -w ###将系统时间同步到硬件
[root@localhost ~]# date
Wed Mar 29 11:06:09 EDT 2017
[root@localhost ~]# clock -s ###将硬件时间同步到系统
[root@localhost ~]# date
Wed Mar 29 11:06:25 EDT 2017
[root@localhost ~]# vim /etc/chrony.conf ###主配置文件
###allow 172.25.254.0/24 ###允许172.25.254.0网段的ip同步
###local stratum 10
[root@localhost ~]# systemctl restart chronyd.service ###重启chronyd服务
[root@localhost ~]# systemctl status firewalld.service ###查看防火墙状态
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Tue 2017-03-28 22:50:15 EDT; 12h ago ###运行中
Main PID: 475 (firewalld)
CGroup: /system.slice/firewalld.service
└─475 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 28 22:50:15 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]# systemctl stop firewalld.service ###关闭防火墙
[root@localhost ~]# systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead) since Wed 2017-03-29 11:10:30 EDT; 1s ago ###stop
Process: 475 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 475 (code=exited, status=0/SUCCESS)
Mar 28 22:50:15 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 29 11:10:30 localhost systemd[1]: Stopping firewalld - dynamic firewall daemon...
Mar 29 11:10:30 localhost systemd[1]: Stopped firewalld - dynamic firewall daemon.
2.客户端
vim /etc/chrony.conf
3 server 0.rhel.pool.ntp.org iburst
4 server 1.rhel.pool.ntp.org iburst====> server ntpserverip iburst
5 server 2.rhel.pool.ntp.org iburst====>
6 server 3.rhel.pool.ntp.org iburst
systemctl restart chronyd
eg:[root@localhost Desktop]# date
Tue Mar 28 22:56:08 EDT 2017
[root@localhost Desktop]# vim /etc/chrony.conf ###客户端配置文件
###server 172.25.254.242 iburst ###同步172.25.254.242主机上的时间
[root@localhost Desktop]# systemctl restart chronyd.service ###重启chronyd服务
3.测试:
eg:[root@localhost Desktop]# chronyc sources -v ###查看状态
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| / xxxx = adjusted offset,
|| Log2(Polling interval) -. | yyyy = measured offset,
|| | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.25.254.242 10 6 7 52 +1540ns[-43177s] +/- 1829us
[root@localhost Desktop]# date ###同步时间成功
Wed Mar 29 11:11:35 EDT 2017
五、timedatectl命令
timedatectl status ###显示当前时间信息
set-time ###设定当前时间
set-timezone ###设定当前时区
set-local-rtc 0|1 ###设定是否使用utc时间
eg:[root@localhost ~]# date
Wed Mar 29 11:37:16 EDT 2017
[root@localhost ~]# timedatectl status ###显示当前时间信息
Local time: Wed 2017-03-29 11:37:35 EDT ###当地时间
Universal time: Wed 2017-03-29 15:37:35 UTC ###伦敦时间
RTC time: Wed 2017-03-29 15:37:35
Timezone: America/New_York (EDT, -0400) ###当前时区美国纽约,比伦敦早四小时
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2017-03-12 01:59:59 EST
Sun 2017-03-12 03:00:00 EDT
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2017-11-05 01:59:59 EDT
Sun 2017-11-05 01:00:00 EST
[root@localhost ~]# timedatectl list-timezones ###显示可设置时区列表
[root@localhost ~]# timedatectl set-timezone Asia/Shanghai ###设定当前时区为中国上海
[root@localhost ~]# timedatectl status
Local time: Wed 2017-03-29 23:40:58 CST
Universal time: Wed 2017-03-29 15:40:58 UTC
RTC time: Wed 2017-03-29 15:40:58
Timezone: Asia/Shanghai (CST, +0800) ###已修改为中国上海,比伦敦晚八小时
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
[root@localhost ~]# date
Wed Mar 29 23:41:12 CST 2017
[root@localhost ~]# timedatectl set-time "2017-03-29 11:42:50" ###设定当前时间为"2017-03-29 11:42:50"
[root@localhost ~]# date
Wed Mar 29 11:42:52 CST 2017 ###设定成功
[root@localhost ~]# timedatectl status
Local time: Wed 2017-03-29 11:43:06 CST
Universal time: Wed 2017-03-29 03:43:06 UTC
RTC time: Wed 2017-03-29 03:43:07
Timezone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
[root@localhost ~]# timedatectl set-local-rtc 0 ###使用伦敦时间
[root@localhost ~]# vim /etc/adjtime
[root@localhost ~]# date
Wed Mar 29 11:47:00 CST 2017
[root@localhost ~]# timedatectl set-local-rtc 1 ###使用当地时间
[root@localhost ~]# vim /etc/adjtime
第十五单元 系统虚拟机管理
一、安装
编写的shell文件:
#!/bin/bash ###命令运行环境的指定
virt-install ###安装虚拟机
--name $1 ###虚拟机名称指定,$1表示脚本后的第一串字符
--memory 1000 ###内存
--file /var/lib/libvirt/images/$1.img ###硬盘文件
--file-size 8 ###硬盘文件大小
--cdrom /var/ftp/pub/iso/rhel-server-7.1-x86_64-dvd.iso & ###安装源指定
eg:[root@foundation42 mnt]# vim vm_create.sh ###创建安装shell
### 1 #!/bin/bash
### 2 virt-install
### 3 --name $1
### 4 --memory 1024
### 5 --file /var/lib/libvirt/images/$1.qcow2
### 6 --file-size 8
### 7 --cdrom /home/kiosk/Desktop/rhel-server-7.2-x86_64-dvd.iso &
[root@foundation42 mnt]# ./vm_create.sh virgo ###执行安装虚拟机
[root@foundation42 mnt]#
开始安装......
正在分配 'virgo.qcow2' | 8.0 GB 00:00:00
创建域...... | 0 B 00:00:00
(virt-viewer:8808): GSpice-WARNING **: PulseAudio context failed 拒绝连接
(virt-viewer:8808): GSpice-WARNING **: pa_context_connect() failed: 拒绝连接
(virt-viewer:8808): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:8808): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:8808): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:8808): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:8808): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:8808): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:8808): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
域安装仍在进行。您可以重新连接
到控制台以便完成安装进程。
^C
二、管理
virt-manager ###开启图形管理工具
virt-viewer vmname ###显示虚拟机,vmname表示虚拟机名称
virsh list ###列出正在运行的vm
virsh list --all ###列出所有vm
virsh start vmname ###运行指定vm
virsh shutdown vmname ###正常关闭指定vm
virsh destroy vmname ###强行结束指定vm
virsh create vmname.xml ###临时恢复指定vm,vmname表示前端管理文件
virsh define vmname.xml ###永久恢复vm
virsh undefine vmname ###删除vm的前端管理,不会删除存储
eg:[root@foundation42 mnt]# virt-manager ###开启图形管理工具
[root@foundation42 mnt]# virsh start kzvirgo ###运行kzvirgo虚拟机
域 kzvirgo 已开始
[root@foundation42 mnt]# virsh list ###列出正在运行的虚拟机
Id 名称 状态
----------------------------------------------------
6 kzvirgo running
[root@foundation42 mnt]# virsh list --all ###列出所有的虚拟机
Id 名称 状态
----------------------------------------------------
6 kzvirgo running
- desktop 关闭
- server 关闭
- virgo 关闭
[root@foundation42 mnt]# virt-viewer kzvirgo ###显示kzvirgo虚拟机
(virt-viewer:6849): GSpice-WARNING **: PulseAudio context failed 拒绝连接
(virt-viewer:6849): GSpice-WARNING **: pa_context_connect() failed: 拒绝连接
(virt-viewer:6849): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
^C
[root@foundation42 mnt]# virsh shutdown kzvirgo ###正常关闭虚拟机
域 kzvirgo 被关闭
[root@foundation42 mnt]# virsh list
Id 名称 状态
----------------------------------------------------
[root@foundation42 mnt]# virsh start kzvirgo
域 kzvirgo 已开始
[root@foundation42 mnt]# virsh destroy kzvirgo ###强行关闭虚拟机
域 kzvirgo 被删除
[root@foundation42 mnt]# virsh undefine kzvirgo ###删除kzvirgo虚拟机
域 kzvirgo 已经被取消定义
三、虚拟机快照
qemu-img create -f qcow2 -b vm2.qcow2 node1.qcow2
编写的shell文件:
!/bin/bash
virsh destroy $1 &> /dev/null
virsh undefine $1 &> /dev/null
qemu-img create -f qcow2 -b /var/lib/libvirt/images/$1.qcow2 /var/lib/libvirt/images/$2.qcow2 &> /dev/null
virt-install
--name $2
--ram 1000
--disk /var/lib/libvirt/images/$2.qcow2
--import &> /dev/null &
eg:图形完成虚拟机快照
[root@foundation42 images]# ls
rh124-desktop-vda.ovl rh124-desktop-vdb.qcow2 rh124-server-vda.qcow2 rh124-server.xml
rh124-desktop-vda.qcow2 rh124-desktop.xml rh124-server-vdb.ovl westosred.qcow2
rh124-desktop-vdb.ovl rh124-server-vda.ovl rh124-server-vdb.qcow2
[root@foundation42 images]# qemu-img create -f qcow2 -b westosred.qcow2 westosredkz.qcow2 ###快照
Formatting 'westosredkz.qcow2', fmt=qcow2 size=9663676416 backing_file='westosred.qcow2' encryption=off cluster_size=65536 lazy_refcounts=off
[root@foundation42 images]# ls ###快照文件westosredkz.qcow2生成
rh124-desktop-vda.ovl rh124-desktop-vdb.qcow2 rh124-server-vda.qcow2 rh124-server.xml
rh124-desktop-vda.qcow2 rh124-desktop.xml rh124-server-vdb.ovl westosredkz.qcow2
rh124-desktop-vdb.ovl rh124-server-vda.ovl rh124-server-vdb.qcow2 westosred.qcow2
###进入虚拟系统管理器,创建新的虚拟机-->导入现有(e)磁盘映像-->选择现有路径/var/lib/libvirt/images/westosredkz.qcow2-->前进-->名称westosredkz-->完成
[root@foundation42 images]# virsh destroy generic ###强行结束vm-generic
域 generic 被删除
[root@foundation42 images]# virsh undefine generic ###删除generic的前端管理
域 generic 已经被取消定义
[root@foundation42 images]# rm -fr westosredkz.qcow2 ###删除快照文件
[root@foundation42 images]# ls
rh124-desktop-vda.ovl rh124-desktop-vdb.qcow2 rh124-server-vda.qcow2 rh124-server.xml
rh124-desktop-vda.qcow2 rh124-desktop.xml rh124-server-vdb.ovl westosred.qcow2
rh124-desktop-vdb.ovl rh124-server-vda.ovl rh124-server-vdb.qcow2
eg:从u盘拷贝*xml,*qcow2文件完成虚拟机安装
[root@foundation42 qemu]# scp root@172.25.254.41:/etc/libvirt/qemu/westos.xml /mnt/
The authenticity of host '172.25.254.41 (172.25.254.41)' can't be established.
ECDSA key fingerprint is 0a:3f:c1:93:d3:8e:1c:70:c5:61:f6:4a:e6:db:10:87.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.41' (ECDSA) to the list of known hosts.
root@172.25.254.41's password:
westos.xml 100% 4259 4.2KB/s 00:00 ###拷贝*.xml文件
[root@foundation42 qemu]# cd /var/lib/libvirt/images/
[root@foundation42 images]# ls
rh124-desktop-vda.ovl rh124-desktop-vdb.qcow2 rh124-server-vda.qcow2 rh124-server.xml
rh124-desktop-vda.qcow2 rh124-desktop.xml rh124-server-vdb.ovl westosred.qcow2
rh124-desktop-vdb.ovl rh124-server-vda.ovl rh124-server-vdb.qcow2
[root@foundation42 images]# scp root@172.25.254.41:/var/lib/libvirt/images/westos.qcow2 /mnt/
root@172.25.254.41's password:
westos.qcow2 100% 9218MB 11.0MB/s 14:02 ###拷贝*.qcow2文件
[root@foundation42 mnt]# ls
westos.qcow2 westos.xml
[root@foundation42 mnt]# virsh create westos.xml ###临时恢复指定vm
错误:从 westos.xml 创建域失败
错误:Cannot access storage file '/var/lib/libvirt/images/westos.qcow2' (as uid:107, gid:107): 没有那个文件或目录
[root@foundation42 mnt]# mv westos.qcow2 /var/lib/libvirt/images/ ###将硬盘文件移动到指定目录
[root@foundation42 mnt]# ls /var/lib/libvirt/images/
rh124-desktop-vda.ovl rh124-desktop-vdb.qcow2 rh124-server-vda.qcow2 rh124-server.xml
rh124-desktop-vda.qcow2 rh124-desktop.xml rh124-server-vdb.ovl westos.qcow2
rh124-desktop-vdb.ovl rh124-server-vda.ovl rh124-server-vdb.qcow2 westosred.qcow2
[root@foundation42 mnt]# virsh define westos.xml ###永久恢复vm
定义域 westos(从 westos.xml)
[root@foundation42 mnt]# virt-manager ###打开vm图形管理,设定配置
[root@foundation42 mnt]# virsh start westos ###开启westos虚拟机
域 westos 已开始
[root@foundation42 mnt]# virsh destroy westos ###强行关闭westos虚拟机
错误:删除域 westos 失败
错误:所需操作无效:域没有在运行
[root@foundation42 qemu]# virsh undefine westos ###删除westos的前端管理
[root@foundation42 mnt]# rm -fr /var/lib/libvirt/images/westos.qcow2 ###删除硬盘文件
eg:利用shell文件安装虚拟机
[root@foundation42 ~]# vim isocreat.sh ###编写虚拟机配置命令
####!/bin/bash ###命令运行环境的指定
###virt-install ###安装虚拟机
###--name $* ###虚拟机名称指定,$*代表命令后跟自定义名称
###--memory 1024 ###内存
###--vcpus 2 ###cpu指定2个
###--file /var/lib/libvirt/images/$*.qcow2 ###硬盘文件
###--file-size 8 ###硬盘文件大小
###--cdrom /var/ftp/pub/iso/rhel-server-7.1-x86_64-dvd.iso & ###安装源指定
[root@foundation42 ~]# chmod +x isocreat.sh ###可执行
[root@foundation42 ~]# ./isocreat.sh redred ###执行shell文件,虚拟机名称自定义为redred
[root@foundation42 ~]#
开始安装......
正在分配 'redred.qcow2' | 8.0 GB 00:00:00
创建域...... | 0 B 00:00:00
(virt-viewer:25952): GSpice-WARNING **: PulseAudio context failed 拒绝连接
(virt-viewer:25952): GSpice-WARNING **: pa_context_connect() failed: 拒绝连接
(virt-viewer:25952): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:25952): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:25952): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
创建域完成。
正在重启虚拟机。 ###安装成功
eg:利用shell,创建快照,并实现reset
[root@foundation42 mnt]# vim vm_kz.sh ###创建快照脚本
### 1 #!/bin/bash
### 2 qemu-img create -f qcow2 -b /var/lib/libvirt/images/$1.qcow2 /var/lib/libvirt/images/$2.qcow2
### 3 virt-install
### 4 --name $2
### 5 --memory 1024
### 6 --file /var/lib/libvirt/images/$2.qcow2
### 7 --import &
[root@foundation42 mnt]# ./vm_kz.sh virgo kzvirgo ###执行shell脚本,创建快照kzvirgo
Formatting '/var/lib/libvirt/images/kzvirgo.qcow2', fmt=qcow2 size=9663676416 backing_file='/var/lib/libvirt/images/virgo.qcow2' encryption=off cluster_size=65536 lazy_refcounts=off
[root@foundation42 mnt]#
开始安装......
创建域...... | 0 B 00:00:00
(virt-viewer:5901): GSpice-WARNING **: PulseAudio context failed 拒绝连接
(virt-viewer:5901): GSpice-WARNING **: pa_context_connect() failed: 拒绝连接
(virt-viewer:5901): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:5901): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:5901): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:5901): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
^C
[root@foundation42 mnt]# vim vm_reset.sh ###创建reset脚本
### 1 #!/bin/bash
### 2 virsh destroy $1
### 3 virsh undefine $1
### 4 rm -fr /var/lib/libvirt/images/$1.qcow2
### 5 qemu-img create -f qcow2 -b /var/lib/libvirt/images/$2.qcow2 /var/lib/libvirt/images /$1.qcow2
### 6 virt-install
### 7 --name $1
### 8 --memory 1024
### 9 --file /var/lib/libvirt/images/$1.qcow2
### 10 --import &
[root@foundation42 mnt]# ./vm_reset.sh kzvirgo virgo ###执行reset脚本
域 kzvirgo 被删除
创建域完成。
可运行以下命令重启您的域:
virsh --connect qemu:///system start kzvirgo
域 kzvirgo 已经被取消定义
Formatting '/var/lib/libvirt/images/kzvirgo.qcow2', fmt=qcow2 size=9663676416 backing_file='/var/lib/libvirt/images/virgo.qcow2' encryption=off cluster_size=65536 lazy_refcounts=off
[root@foundation42 mnt]#
开始安装......
创建域...... | 0 B 00:00:00
(virt-viewer:6180): GSpice-WARNING **: PulseAudio context failed 拒绝连接
(virt-viewer:6180): GSpice-WARNING **: pa_context_connect() failed: 拒绝连接
(virt-viewer:6180): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:6180): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
(virt-viewer:6180): GSpice-WARNING **: Error calling 'org.gnome.SessionManager.Inhibit': GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
创建域完成。
可运行以下命令重启您的域:
virsh --connect qemu:///system start kzvirgo
^C
[root@foundation42 mnt]#
unit7-作业
1.在文件/usr/share/mime/packages/freedesktop.org.xml
中查找所有包含 ich 的行,
将找出的行按照先后顺序拷贝到/root/lines 文件中,
/root/lines 文件不包含空格,并且其中行的内容是源文件/usr/share/mime/packages/freedesktop.org.xml 原始行的准确副
本
[root@localhost ~]# cat /usr/share/mime/packages/freedesktop.org.xml |grep ich|tee /root/lines
[root@localhost home]# cat /usr/share/mime/packages/freedesktop.org.xml |grep ich &>/root/lines
[root@localhost home]# grep ich /usr/share/mime/packages/freedesktop.org.xml >/root/lines
:%s/^ *//g
2.在/home 目录中创建目录 materials, 配置该目录的所属组为
sysadms, 要求隶属于 sysadms 组当中的成员对该目录有读写权限,在
sysadms 目录当中创建的文件或者文件夹, 其所属组也自动继承
sysadms 的所属组
[root@localhost home]# mkdir /home/materials
[root@localhost home]# ls -ld /home/materials
drwxr-xr-x. 2 root root 6 Mar 30 02:04 /home/materials
[root@localhost home]# chgrp sysadms /home/materials
chgrp: 无效的组:"sysadms"
[root@localhost home]# groupadd sysadms
[root@localhost home]# chgrp sysadms /home/materials
[root@localhost home]# ls -ld /home/materials
drwxr-xr-x. 2 root sysadms 6 Mar 30 02:04 /home/materials
[root@localhost home]# chmod 2760 /home/materials
[root@localhost home]# ls -ld /home/materials
drwxrwS---. 2 root sysadms 6 Mar 30 02:04 /home/materials
[root@localhost home]#
4.查看80天以前的日期,重定向到文件/mnt/datafile,然后查看80天以后的日期,
追加到文件/mnt/datafile;
[root@localhost home]# date -d -80day >/mnt/datafile
[root@localhost home]# date -d +80day >>/mnt/datafile
5.用户与用户组操作
- 创建用户组phone,指定gid为888,下面新建用户均属于phone用户组;
[root@localhost home]# groupadd -g 888 phone
- 创建用户mi,设置uid=1800,shell类型为/bin/sh;
- 创建用户iphone,设置uid=1801,用户描述为“User iphone“;
- 创建用户huawei,设置用户描述为“华为”,用户家目录为/huawei;
**因业务需要,执行以下操作:
- 修改用户mi的uid为1700,shell另外类型为/sbin/nologin;
- 修改用户iphone的用户描述为“苹果手机”;
- 修改用户huawei的用户家目录为/home/huawei;
[root@localhost home]# groupadd -g 888 phone
[root@localhost home]# useradd -g 888 -u 1800 -s /bin/sh mi
[root@localhost home]# useradd -g 888 -u 1801 -c "User iphone" iphone
[root@localhost home]# useradd -g 888 -c "华为" -d /huawei huawei
[root@localhost home]# usermod -u 1700 -s /sbin/nologin mi
[root@localhost home]# usermod -c "苹果手机" iphone
[root@localhost home]# usermod -d /home/huawei huawei
6. 设置ssh服务器端,不允许通过密码认证进行远程连接;
[root@localhost home]# vim /etc/ssh/sshd_config
78 PasswordAuthentication no
[root@localhost home]# systemctl restart sshd.service
7.实现你的虚拟机和你的真机时间同步
真机
[root@foundation42 ~]# vim /etc/chrony.conf
22 # Allow NTP client access from local network.
23 allow 172.25.254.142
24
25 # Listen for commands only on localhost.
26 bindcmdaddress 127.0.0.1
27 bindcmdaddress ::1
28
29 # Serve time even if not synchronized to any NTP server.
30 local stratum 10
[root@foundation42 ~]# systemctl restart chronyd.service
[root@foundation42 ~]# systemctl stop firewalld
虚拟机
[root@localhost home]# vim /etc/chrony.conf
7 server 172.25.254.42 iburst
[root@localhost home]# systemctl restart chronyd.service
[root@localhost home]# date
Thu Mar 30 03:10:10 EDT 2017
[root@localhost home]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| / xxxx = adjusted offset,
|| Log2(Polling interval) -. | yyyy = measured offset,
|| | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.25.254.42 10 6 17 60 -29ns[ +11us] +/- 114us
[root@localhost home]# date
Thu Nov 23 22:26:00 EST 2017
8.将你主机上的所有日志信息同步到真机上;
真机
[root@foundation42 ~]# systemctl stop firewalld.service
[root@foundation42 ~]# vim /etc/rsyslog.conf
14 # Provides UDP syslog reception
15 $ModLoad imudp
16 $UDPServerRun 514
[root@foundation42 ~]# systemctl restart rsyslog.service
[root@foundation42 ~]# tail -f /var/log/messages
虚拟机
[root@localhost home]# systemctl stop firewalld.service
[root@localhost home]# vim /etc/rsyslog.conf
*.* @172.25.254.42
[root@localhost home]# systemctl restart rsyslog.service
[root@localhost home]# logger test