macvtap使用教程

sockstack / 183 / 2023-11-15 00:50:38

ChatGPT 可用网址，仅供交流学习使用，如对您有所帮助，请收藏并推荐给需要的朋友。 <a href="https://ckai.xyz/?sockstack&section=detail" target="__blank">https://ckai.xyz</a> <article class="_2rhmJa"><a href="https://links.jianshu.com/go?to=sealyun.com" target="_blank">kubernetes一键安装</a>
macvtap是虚拟机网络虚拟化常用的一种技术，当然容器也可以用. MACVTAP 的实现基于传统的 MACVLAN. 和 TAP 设备一样，每一个 MACVTAP 设备拥有一个对应的 Linux 字符设备，并拥有和 TAP 设备一样的 IOCTL 接口，因此能直接被 KVM/Qemu使用，方便地完成网络数据交换工作. 引入 MACVTAP 设备的目标是：简化虚拟化环境中的交换网络，代替传统的 Linux TAP 设备加 Bridge 设备组合，同时支持新的虚拟化网络技术，如 802.1 Qbg.
如kata的虚拟化网络就用了这个技术，以下实践完就会对kata的网络原理比较清楚了，建议对照教程动手实践.
<h1>实验环境介绍</h1>
 
此图非常重要，读整篇文章最好脑海里都有

<h1>初始化环境</h1>
<h2>qemu libvirt环境</h2>
我已经做好了qemu libvirt的镜像，大家可以直接使用： 
在容器中有非常多的好处，环境如果乱了可以快速恢复干净的环境。 
使用设备对也可减少对宿主机网络的影响。
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-jsx"><code class=" language-jsx">docker run -d --privileged -v /dev:/dev -v /home/fanux:/root --name qemu-vm fanux/libvirt:latest init
</code></pre>
</div>
注意：
<ol>
<li>网络等操作需要容器有特权模式</li>
<li>tap网络需要挂载/dev目录</li>
<li>/home/fanux可以作为工作目录，镜像自己编写的libvirt配置等放在里面防止删除容器后丢失</li>
<li>由于libvirt需要systemd所以我们在容器中启动init进程</li>
</ol>
也可自己构建镜像，我提供了一个Dockerfile, -j参数根据你机器CPU来设置编译时的线程数:
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-go"><code class=" language-go">FROM centos:7.6.1810
RUN yum install -y wget &amp;&amp; wget https://download.qemu.org/qemu-4.0.0.tar.xz &amp;&amp; \
 tar xvJf qemu-4.0.0.tar.xz \
 &amp;&amp; yum install -y automake gcc-c++ gcc make autoconf libtool gtk2-devel \
 &amp;&amp; cd qemu-4.0.0 \
 &amp;&amp; ./configure \
 &amp;&amp; make -j 72 &amp;&amp; make install \
 &amp;&amp; yum install -y bridge-utils &amp;&amp; yum install -y net-tools tunctl iproute &amp;&amp; yum -y install openssh-clients \
 cd .. &amp;&amp; rm qemu-4.0.0.tar.xz &amp;&amp; rm -rf qemu-4.0.0
RUN yum install -y libvirt virt-manager gustfish openssh-clients
</code></pre>
</div>
<h2>虚拟机镜像</h2>
进入容器
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-css"><code class=" language-css">[root@compute84 libvirt]# docker exec -it qemu-vm bash
bash-4.2# cd
bash-4.2# ls
CentOS-7-x86_64-GenericCloud.qcow2 centos.qcow2 image nohup.out start.sh vm3.xml
CentOS-7-x86_64-Minimal-1810.iso cloud-init-start.sh kernel qemu vm.xml
Fedora-Cloud-Base-30-1.2.x86_64.qcow2 destroy.sh libvirt run.sh vm2.xml
</code></pre>
</div>
下载虚拟机镜像：
openstack已经提供很多已经装过cloud-init的镜像，地址： 
<a href="https://links.jianshu.com/go?to=https%3A%2F%2Fdocs.openstack.org%2Fimage-guide%2Fobtain-images.html" target="_blank">https://docs.openstack.org/image-guide/obtain-images.html</a>
我用的一个比较新的centos的qcow2格式镜像：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-cpp"><code class=" language-cpp">wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1905.qcow2
</code></pre>
</div>
修改虚拟机root密码：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-css"><code class=" language-css">virt-customize -a CentOS-7-x86_64-GenericCloud.qcow2 --root-password password:coolpass
</code></pre>
</div>
<h2>启动虚拟机</h2>
查看容器网络信息：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-ruby"><code class=" language-ruby">bash-4.2# systemctl start libvirtd
bash-4.2# ip addr
1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
2: virbr0: &lt;NO-CARRIER,BROADCAST,MULTICAST,UP&gt; mtu 1500 qdisc noqueue state DOWN group default qlen 1000
 link/ether 52:54:00:c6:59:47 brd ff:ff:ff:ff:ff:ff
 inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
 valid_lft forever preferred_lft forever
3: virbr0-nic: &lt;BROADCAST,MULTICAST&gt; mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
 link/ether 52:54:00:c6:59:47 brd ff:ff:ff:ff:ff:ff
1310: eth0@if1311: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP group default 
 link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
 inet 172.17.0.2/16 scope global eth0
 valid_lft forever preferred_lft forever
 inet6 fe80::42:acff:fe11:2/64 scope link 
 valid_lft forever preferred_lft forever
</code></pre>
</div>
1,2,3是libvirt创建的可以忽略，最主要是eth0
<h3>编写libvirt配置</h3>
vm3.xml:
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-xml"><code class=" language-xml">&lt;domain type='kvm'&gt;
 &lt;name&gt;vm3&lt;/name&gt;
 &lt;memory unit='MiB'&gt;2048&lt;/memory&gt;
 &lt;currentMemory unit='MiB'&gt;2048&lt;/currentMemory&gt;
 &lt;os&gt;
 &lt;type arch='x86_64'&gt;hvm&lt;/type&gt;
 &lt;boot dev='hd'/&gt;
 &lt;/os&gt;
 &lt;clock offset='utc'/&gt;
 &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
 &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
 &lt;on_crash&gt;destroy&lt;/on_crash&gt;
 &lt;devices&gt;
 &lt;emulator&gt;/usr/local/bin/qemu-system-x86_64&lt;/emulator&gt;
 &lt;disk type='file' device='disk'&gt;
 &lt;driver name='qemu' type='qcow2'/&gt;
 &lt;source file='/root/CentOS-7-x86_64-GenericCloud.qcow2'/&gt;
 &lt;target dev='vda' bus='virtio'/&gt;
 &lt;/disk&gt;
 &lt;interface type='direct'&gt; 
 &lt;source dev='eth0' mode='bridge' /&gt; 
 &lt;model type='virtio' /&gt; 
 &lt;driver name='vhost' /&gt; 
 &lt;/interface&gt;
 &lt;serial type='pty'&gt;
 &lt;target port='0'/&gt;
 &lt;/serial&gt;
 &lt;console type='pty'&gt;
 &lt;target type='serial' port='0'/&gt;
 &lt;/console&gt;
 &lt;/devices&gt;
&lt;/domain&gt;
</code></pre>
</div>
这里配置正确镜像地址，interface的地方是macvtap相关的配置。
<h3>启动虚拟机</h3>
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-csharp"><code class=" language-csharp">bash-4.2# virsh define vm3.xml 
Domain vm3 defined from vm3.xml
bash-4.2# virsh start vm3 
Domain vm3 started
</code></pre>
</div>
启动完后就可以看到macvtap设备被创建出来了
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-ruby"><code class=" language-ruby">bash-4.2# ip addr
7: macvtap0@eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state UP group default qlen 500
 link/ether 52:54:00:56:e4:20 brd ff:ff:ff:ff:ff:ff
 inet6 fe80::5054:ff:fe56:e420/64 scope link 
 valid_lft forever preferred_lft forever
</code></pre>
</div>
进入到虚拟机：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-jsx"><code class=" language-jsx">virsh console vm3
</code></pre>
</div>
如果卡在这一步：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-kotlin"><code class=" language-kotlin">A start job is running for LSB: Bri... networking
cloud-init[2253]: 2019-06-27 08:37:09,971 - url_helper.py[WARNING]: Calling 'http://192.168.122.1/latest/meta-data/instance-id' failed [87/120s]: request error
</code></pre>
</div>
等它超时就好，因为macvtap时我们需要进入虚拟机去配置网络。 
然后就可以进入虚拟机了：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-css"><code class=" language-css">CentOS Linux 7 (Core)
Kernel 3.10.0-957.1.3.el7.x86_64 on an x86_64

localhost login: root
Password: 
Last login: Thu Jun 27 07:19:32 from gateway
</code></pre>
</div>
密码是我们上面设置的镜像密码：coolpass
<h3>配置虚拟机IP</h3>
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-ruby"><code class=" language-ruby">[root@localhost ~]# ip addr
1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
 link/ether 52:54:00:56:e4:20 brd ff:ff:ff:ff:ff:ff
 inet6 fe80::5054:ff:fe56:e420/64 scope link 
 valid_lft forever preferred_lft forever
</code></pre>
</div>
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-ruby"><code class=" language-ruby">[root@localhost ~]# ip addr add 172.17.0.2/16 dev eth0
[root@localhost ~]# ip route add default via 172.17.0.1 dev eth0
[root@localhost ~]# ip addr
1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
 link/ether 52:54:00:56:e4:20 brd ff:ff:ff:ff:ff:ff
 inet 172.17.0.2/16 scope global eth0
 valid_lft forever preferred_lft forever
 inet6 fe80::5054:ff:fe56:e420/64 scope link 
 valid_lft forever preferred_lft forever
[root@localhost ~]# ip route 
default via 172.17.0.1 dev eth0 
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2 
[root@localhost ~]# ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
64 bytes from 172.17.0.1: icmp_seq=1 ttl=64 time=0.622 ms
64 bytes from 172.17.0.1: icmp_seq=2 ttl=64 time=0.194 ms
</code></pre>
</div>
配置完后就可以ping通网关了。
<h4>修改DNS配置</h4>
这个不改可能会导致ssh时非常慢：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-csharp"><code class=" language-csharp">[root@localhost ~]# cat /etc/resolv.conf 
; Created by cloud-init on instance boot automatically, do not edit.
;
; generated by /usr/sbin/dhclient-script
nameserver 114.114.114.114
</code></pre>
</div>
<h4>修改sshd配置</h4>
修改/etc/ssh/sshd-config文件，将其中的PermitRootLogin no修改为yes，PubkeyAuthentication yes修改为no，AuthorizedKeysFile .ssh/authorized_keys前面加上#屏蔽掉，PasswordAuthentication no修改为yes就可以了。
<h4>启动ssh客户端容器</h4>
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-csharp"><code class=" language-csharp">docker run --rm -it fanux/libvirt bash
[root@ee18547e9ed2 /]# ssh root@172.17.0.2
ssh: connect to host 172.17.0.2 port 22: Connection refused
</code></pre>
</div>
会发现不通, 这是因为容器里的eth0和虚拟机里的eth0都配置了相同的地址导致，只需要把容器里的eth0地址删掉即可：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-bash"><code class=" language-bash">bash-4.2# ip addr del 172.17.0.2/16 dev eth0
</code></pre>
</div>
再次ssh即可进入虚拟机：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-ruby"><code class=" language-ruby">[root@ee18547e9ed2 /]# ssh root@172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:kTk3yy8588WQHNtwpzS+h6u0W3RELWC8hJQwIwLOkdc.
ECDSA key fingerprint is MD5:0c:f3:b5:69:c6:08:05:14:f8:da:42:2f:85:29:51:d0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root@172.17.0.2's password: 
Last login: Thu Jun 27 08:38:00 2019
[root@localhost ~]# ip addr
1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
 link/ether 52:54:00:56:e4:20 brd ff:ff:ff:ff:ff:ff
 inet 172.17.0.2/16 scope global eth0
 valid_lft forever preferred_lft forever
 inet6 fe80::5054:ff:fe56:e420/64 scope link 
 valid_lft forever preferred_lft forever
</code></pre>
</div>
<h4>修改虚拟机mac地址</h4>
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-css"><code class=" language-css">[root@localhost ~]# ip link set eth0 address 52:54:00:56:e4:23
</code></pre>
</div>
会发现就连不上虚拟机了
改回：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-css"><code class=" language-css">[root@localhost ~]# ip link set eth0 address 52:54:00:56:e4:20
</code></pre>
</div>
又可正常连接了，为啥？
这是因为虚拟机的eth0的mac地址是必须与macvtap0的mac地址保持一样，原理很简单
<ol>
<li>ARP时问IP地址是172.17.0.2的机器mac地址是什么</li>
<li>虚拟机回了一个52:54:00:56:e4:20</li>
<li>macvtap0是可以理解成挂在网桥端口上的，这样就把包发给macvtap0了（因为mac地址一样,不一样就不会发给macvtap了）</li>
<li>macvtap0就把包丢给qemu应用进程（最终到虚拟机eth0）</li>
</ol>
<h2>裸用qemu</h2>
以上是通过libvirt进行使用的，这样屏蔽了很多底层的细节，如果是直接使用qemu命令需要如下操作：
创建macvtap设备：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-kotlin"><code class=" language-kotlin">ip link add link eth0 name macvtap0 type macvtap mode bridge
ip link set macvtap0 address 1a:46:0b:ca:bc:7b up
bash-4.2# cat /sys/class/net/macvtap0/ifindex # 对应下面命令的/dev/tap2
2
bash-4.2# cat /sys/class/net/macvtap0/address # 与qemu mac地址配置一致
1a:46:0b:ca:bc:7b
</code></pre>
</div>
启动qemu,然后虚拟机里面的地址配置同libvirt，可以通过vnc客户端（vnc viewer）进入虚拟机配置，不在赘述:
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-objectivec"><code class=" language-objectivec">bash-4.2# qemu-system-x86_64 -enable-kvm /root/CentOS-7-x86_64-GenericCloud.qcow2\
-netdev tap,fd=30,id=hostnet0,vhost=on,vhostfd=4 30&lt;&gt;/dev/tap2 4&lt;&gt;/dev/vhost-net \
-device virtio-net-pci,netdev=hostnet0,id=net0,mac=1a:46:0b:ca:bc:7b \
-monitor telnet:127.0.0.1:5801,server,nowait
VNC server running on ::1:5900
</code></pre>
</div>
<h2>cloud-init介绍</h2>
上文提到，通过macvtap技术配置虚拟机网卡地址是需要进入虚拟机配置的, 然而我们实现一个虚拟机管理系统时显然不会手动进入去配置，这就需要cloud-init了
它可以帮助我们在虚拟机启动时配置虚拟机，如配置密码，配置网络，执行命令和写一些文件等。 
先创建一个user-data文件，里面内容如下：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-cpp"><code class=" language-cpp">#cloud-config
write_files:
 - content: |
 DEVICE=eth0
 ONBOOT=yes
 TYPE=Ethernet
 USERCTL=no
 IPADDR=172.17.0.2
 NETMASK=255.255.0.0
 GATEWAY=172.17.0.1
 BOOTPROTO=static
 DNS1=172.17.0.1
 ONBOOT=yes
 path: /etc/sysconfig/network-scripts/ifcfg-eth0
runcmd:
 - systemctl start network
groups:
 - centos: [root]
 - cloud-users
ssh_pwauth: yes
chpasswd:
 expire: false
 list: |
 user1:222222
 root:333333
</code></pre>
</div>
创建cloud-init镜像文件
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-css"><code class=" language-css">yum install -y cloud-utils
cloud-localds my-seed.img user-data
</code></pre>
</div>
libvirt中使用该镜像
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-xml"><code class=" language-xml"> &lt;disk type='file' device='disk'&gt;
 &lt;driver name='qemu' type='raw'/&gt;
 &lt;source file='/root/my-seed.img'/&gt;
 &lt;target dev='vdb' bus='virtio'/&gt;
 &lt;/disk&gt;
</code></pre>
</div>
为了防止cloud-init走网络获取metadata，因为网卡没设置好所以会卡住五分钟，我们直接把网络获取metadata禁止掉：
vi /etc/cloud/cloud.cfg.d/05_logging.cfg
加上：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-undefined"><code class=" language-undefined">network:
 config: disabled
</code></pre>
</div>
然后启动虚拟机即可
<h2>常见问题</h2>
<blockquote>
Inappropriate ioctl for device
</blockquote>
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-undefined"><code class=" language-undefined">qemu-system-x86_64: -net tap,fd=5: TUNGETIFF ioctl() failed: Inappropriate ioctl for device
TUNSETOFFLOAD ioctl() failed: Inappropriate ioctl for device
</code></pre>
</div>
因为容器没有挂载/dev目录
<blockquote>
KVM bios被禁
</blockquote>
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-csharp"><code class=" language-csharp">[root@helix105 ~]# docker run busybox uname -a
Could not access KVM kernel module: No such file or directory
qemu-lite-system-x86_64: failed to initialize KVM: No such file or directory

/usr/bin/docker-current: Error response from daemon: oci runtime error: Unable to launch /usr/bin/qemu-lite-system-x86_64: exit status 1.
ERRO[0001] error getting events from daemon: net/http: request canceled 
[root@helix105 ~]# lsmod |grep kvm
kvm 598016 0 
irqbypass 16384 1 kvm
[root@helix105 ~]# modprobe kvm-intel
modprobe: ERROR: could not insert 'kvm_intel': Operation not supported
You have mail in /var/spool/mail/root
[root@helix105 ~]# dmesg |grep kvm
[ 8.239309] kvm: disabled by bios
</code></pre>
</div>
这个要进bios打开
<blockquote>
KVM: Permission denied
</blockquote>
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-css"><code class=" language-css">bash-4.2# virsh start vm_name1
error: Failed to start domain vm_name1
error: internal error: qemu unexpectedly closed the monitor: Could not access KVM kernel module: Permission denied
2019-06-20T07:26:33.304320Z qemu-system-x86_64: failed to initialize KVM: Permission denied
</code></pre>
</div>
解决办法：
<div class="_2Uzcx_">
<button class="VJbwyy" type="button" aria-label="复制代码"><svg viewbox="64 64 896 896" focusable="false" class="" data-icon="copy" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M832 64H296c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h496v688c0 4.4 3.6 8 8 8h56c4.4 0 8-3.6 8-8V96c0-17.7-14.3-32-32-32zM704 192H192c-17.7 0-32 14.3-32 32v530.7c0 8.5 3.4 16.6 9.4 22.6l173.3 173.3c2.2 2.2 4.7 4 7.4 5.5v1.9h4.2c3.5 1.3 7.2 2 11 2H704c17.7 0 32-14.3 32-32V224c0-17.7-14.3-32-32-32zM350 856.2L263.9 770H350v86.2zM664 888H414V746c0-22.1-17.9-40-40-40H232V264h432v624z"></path></svg></button><pre class="line-numbers language-objectivec"><code class=" language-objectivec">#chown root:kvm /dev/kvm
修改/etc/libvirt/qemu.conf，
#user="root"
user="root"
#group="root"
group="root"
重启服务
#service libvirtd restart，问题解决了
</code></pre>
</div>
扫码关注sealyun
 
 
探讨可加QQ群：98488045

</article>

macvtap使用教程

作者

sockstack

许可协议

CC BY 4.0

发布于

2023-11-15

修改于

2025-06-05

上一篇：软件：常用 Linux 软件汇总，值得收藏下一篇：内事不决问百度，外事不决问谷歌

尚未登录

macvtap使用教程

文章分类

博客重构之路

Spring Boot简单入门

k8s 入门教程

MySQL 知识

NSQ 消息队列

ThinkPHP5 源码分析

使用 Docker 从零开始搭建私人代码仓库

日常开发汇总

标签列表

springboot

hyperf

swoole

webman

php

多线程

数据结构

docker

k8s

thinkphp

mysql

tailwindcss

flowbite

css

前端