概述
由于实验中需要一系列虚机,例如6-8个Linux VM。虽然在云中运行比较方便,但一是涉及费用,而是还需要上网。为了能够将这些虚机在一台笔记本上运行,我们需要一个占用资源较小的虚机模板,无需图形界面,但又可以与主机互通,必要时也可以上网。
需求概述如下:
- Linux的最小安装,只支持字符界面
- 可以与主机沟通,即主机可以通过SSH客户端如putty连接到VM
- 可以建立主机和VM间的共享目录,这样方便上传SSH公钥,安装介质等
- 必要时可以上网,可以从网络下载和更新软件
- VM可在后台运行,不显示控制台
制作步骤
- 建立一新的Linux虚机,磁盘为默认,即12G,动态分配,VDI模式。建议VDI模式,这是VirtualBox Disk Format,磁盘后续可以扩展。插入Linux安装的ISO(Oracle Linux 7U6),进行最小安装。时区设为上海,另外创建用户oracle,所有口令均设为oracle。以下为过程截图:
最小安装完成后的文件系统空间占用如下:
[oracle@localhost ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 475M 0 475M 0% /dev
tmpfs 488M 0 488M 0% /dev/shm
tmpfs 488M 6.7M 482M 2% /run
tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/mapper/ol-root 9.8G 1.2G 8.7G 12% /
/dev/sda1 1014M 158M 857M 16% /boot
tmpfs 98M 0 98M 0% /run/user/0
tmpfs 98M 0 98M 0% /run/user/1000- 网卡配置
配置3块网卡,分布为Internal Network,Host-only Adapter和NAT Network。
Internal Network用于内网通讯,如果两个VM都配置了此类型网卡,则他们之间可以通讯;Host-only Adapter用于VM和宿主主机通讯,这样宿主主机可以SSH到VM;NAT Network用于访问互联网,可根据需要临时启用,这样可以从网络下载更新或软件。
那么如何知道VirtualBox中配置的Adapter和VM中的网卡是如何对应的呢?可以根据MAC地址。
例如,Adapter 2的MAC地址为080027219EA2:
在VM内部,可以查询网络接口的MAC地址:
因此Adapter 2对于的VM内部网卡设备为enp0s8。
以下为VM内部对于这3块网卡的参考配置:
[oracle@localhost ~]$ cd /etc/sysconfig/network-scripts/
[oracle@localhost network-scripts]$ ls ifcfg-*
ifcfg-enp0s3 ifcfg-enp0s8 ifcfg-enp0s9 ifcfg-lo
[oracle@localhost network-scripts]$ cat ifcfg-enp0s3
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=10.0.0.20
NETMASK=255.255.255.0
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s3
UUID=6038aae9-01a8-46ad-b972-d2408aec5188
DEVICE=enp0s3
ONBOOT=yes
[oracle@localhost network-scripts]$ cat ifcfg-enp0s8
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.0.100
NETMASK=255.255.255.0
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=enp0s8
DEVICE=enp0s8
ONBOOT=yes
[oracle@localhost network-scripts]$ cat ifcfg-enp0s9
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
NETMASK=255.255.255.0
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=enp0s9
DEVICE=enp0s9
ONBOOT=yes如果你需要启用或禁用某一网卡,可以将ONBOOT改为yes或no,然后重新配置网络:
# systemctl restart network另外在网段设置上,NAT Network是依赖DHCP自动配置的,IP地址为10.0.x.15,这个叫简单;Internal Network可以随意设置,建议参照RFC 1918;Host-only Adapter依赖于VirtualBox的设置,在菜单File | Host Network Manager中:
- 实现与宿主机间的共享目录
需要安装VirtualBox Guest Addition,在安装期间依赖的一些Package需要联网更新,因此在安装前需要启用NAT网卡。确保可以上网后,从菜单中选择Insert Guest Addition CD image…:
然后可以mount光盘并执行安装程序:
# mount /dev/cdrom /mnt
# cd /mnt
# ./VBoxLinuxAdditions.run
# umount /mnt以下是执行失败的一次记录:
[root@mgmthost1 mnt]# ./VBoxLinuxAdditions.run
Verifying archive integrity... All good.
Uncompressing VirtualBox 5.2.22 Guest Additions for Linux........
VirtualBox Guest Additions installer
Copying additional installer modules ...
Installing additional modules ...
VirtualBox Guest Additions: Building the VirtualBox Guest Additions kernel modules. This may take a while.
This system is currently not set up to build kernel modules.
Please install the gcc make perl packages from your distribution.
Please install the Linux kernel "header" files matching the current kernel
for adding new hardware support to the system.
The distribution packages containing the headers are probably:
kernel-uek-devel kernel-uek-devel-4.14.35-1818.3.3.el7uek.x86_64
VirtualBox Guest Additions: Starting.
VirtualBox Guest Additions: Building the VirtualBox Guest Additions kernel modules. This may take a while.
This system is currently not set up to build kernel modules.
Please install the gcc make perl packages from your distribution.
Please install the Linux kernel "header" files matching the current kernel
for adding new hardware support to the system.
The distribution packages containing the headers are probably:
kernel-uek-devel kernel-uek-devel-4.14.35-1818.3.3.el7uek.x86_64后续处理及详细的安装过程请参照Oracle Linux 7安装VirtualBox Extension失败问题的处理 安装完成后,在VirtualBox中建立Shared Folder,然后就可以共享文件了:
# mount -t vboxsf downloads /mnt- 让putty可以连接VM
putty是个非常小巧但实用的工具,特别是它的拷贝粘贴功能。如果直接在VirtualBox的Console中是无法拷贝粘贴的。由于最小安装仅支持控制台模式,此模式没有鼠标,因此也不可能支持拷贝粘贴。
这里的关键是通过Shared Folder将公钥文件上传到VM,在VM中,SSH Daemon是默认启动的,我们来看一下相应目录和文件的设置:
# systemctl is-active sshd
active
$ su - oracle
$ cd ~
$ mkdir .ssh
$ chmod 700 .ssh
$ cd .ssh
$ cp /mnt/pubkey.txt authorized_keys
$ chmod 600 authorized_keys设置共享目录需要重新编译内核,因此VM映像会增大。为节省空间,也可以将公钥上传到网络如GitHub,然后下载即可。这样映像会比较小:
curl -O https://raw.githubusercontent.com/XiaoYu-HN/OPCBOOK/master/pubkey.txt顺便把私钥也配好,这样虚机之间可以无口令SSH登录:
[oracle@localhost .ssh]$ curl -O https://raw.githubusercontent.com/XiaoYu-HN/OPCBOOK/master/privatekey.pem
[oracle@localhost .ssh]$ mv privatekey.pem id_rsa
[oracle@localhost .ssh]$ chmod 600 id_rsa
[oracle@localhost .ssh]$ ls
authorized_keys id_rsa known_hosts- 禁止防火墙
[root@localhost ~]# systemctl is-enabled firewalld
enabled
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# systemctl is-enabled firewalld
disabled- 禁止SELinux
修改配置文件,将enforcing改为disabled,然后重启:
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: disabled
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31重启后:
[oracle@localhost ~]$ sestatus
SELinux status: disabled- 配置oracle用户sudo权限
在 /etc/sudoers文件中加入一行:
oracle ALL=(ALL) NOPASSWD: ALL测试oracle用户可以sudo,顺便加上timesten user group:
[oracle@localhost ~]$ sudo groupadd -g 10000 timesten
[oracle@localhost ~]$ sudo usermod -g timesten oracle
[root@localhost ~]# id oracle
uid=1000(oracle) gid=10000(timesten) groups=10000(timesten),1000(oracle)- 导出为OVA
文件大小约为741M。
后来为了ZooKeeper运行和监控,安装了open JDK以及nmap。
文件大小变为785M - 设置VM后台运行
在VirtualBox的术语中称为headless 模式。如下:
c:\Program Files\Oracle\VirtualBox>VBoxManage.exe startvm "OL7U5-TUI" --type headless
Waiting for VM "OL7U5-TUI" to power on...
VM "OL7U5-TUI" has been successfully started.然后在GUI中,显示VM在运行,同时可以使用ssh连接到VM。
其实在管理界面中也可以指定后台启动:
其中headless和detached模式都是后台运行,唯一的区别是在headless模式,你可以关掉GUI,而在detached模式,关掉GUI会一并关掉虚拟机。
升级到图形界面
[oracle@localhost ~]$ yum grouplist
Loaded plugins: ulninfo
There is no installed groups file.
Maybe run: yum groups mark convert (see man yum)
Available Environment Groups:
Minimal Install
Infrastructure Server
File and Print Server
Basic Web Server
Virtualization Host
Server with GUI
Available Groups:
Console Internet Tools
Development Tools
GNU Compiler Collection version 7
Graphical Administration Tools
Legacy UNIX Compatibility
Scientific Support
Security Tools
Smart Card Support
System Administration Tools
System Management
Done
# yum install "Server with GUI"
# systemctl set-default multi-user.target
# systemctl set-default graphical.target重启即可
参考
- How to install VirtualBox Guest Additions on a GUI-less Ubuntu server host
- How do I copy/paste into a minimal installation of CentOS on VirtualBox?
- Paste into Linux Console?
- https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-s8-usgrconf.html
- https://unix.stackexchange.com/questions/29570/how-do-i-remove-a-user-from-a-group
- How to Install GUI with Oracle Linux 7 (文档 ID 2153562.1)
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
