####################3.日志分析工具journal####################
systemd-journald ##进程名称
####################
[root@localhost ~]# cd /root/Desktop/
[root@localhost Desktop]# ps aux |grep journald
root 365 0.2 0.2 41164 2608 ? Ss 21:29 0:00 /usr/lib/systemd/systemd-journald
root 2953 0.0 0.0 112644 948 pts/1 S+ 21:36 0:00 grep --color=auto journald
进程名称为"systemd-journald"
####################
journalctl ##直接执行,浏览系统日志(忽略重启前的日志信息)
journalctl -n 3 ##显示最新3条
journalctl -p err ##显示报错
journalctl -f ##监控日志,类似于"tail -f /var/log/messages"
journalctl --since --until ##--since "[YYYY-MM-DD] [hh:mm:ss]" 从什么时间到什么时间的日志
journalctl -o verbose ##显示日志能够使用的详细进程参数
journalctl _SYSTEMD_UNIT=sshd.service ##显示服务名称为"sshd.service"的信息
journalctl _PID=1182 ##显示进程pid为"1182"的信息
journalctl _UID=0 ##显示进程uid为"0"的信息
journalctl _GID=0 ##显示进程gid为"0"的信息
journalctl _HOSTNAME=localhost ##显示进程所在主机为"localhost"的信息
journalctl _COMM=sshd ##显示命令名称为"sshd"的信息
####################
[root@localhost Desktop]# journalctl -n 5
-- Logs begin at Wed 2016-10-19 22:03:05 EDT, end at Wed 2016-10-19 22:05:40 EDT
Oct 19 22:05:40 localhost sshd[1670]: Received signal 15; terminating.
Oct 19 22:05:40 localhost systemd[1]: Starting OpenSSH server daemon...
Oct 19 22:05:40 localhost systemd[1]: Started OpenSSH server daemon.
Oct 19 22:05:40 localhost sshd[1678]: Server listening on 0.0.0.0 port 22.
Oct 19 22:05:40 localhost sshd[1678]: Server listening on :: port 22.
ines 1-6/6 (END)
[root@localhost Desktop]# journalctl -p err
-- Logs begin at Wed 2016-10-19 22:03:05 EDT, end at Wed 2016-10-19 22:05:40 EDT
Oct 19 22:03:05 localhost kernel: Failed to access perfctr msr (MSR c1 is 0)
Oct 19 22:03:06 localhost rpcbind[169]: rpcbind terminating on signal. Restart w
Oct 19 22:03:10 localhost smartd[505]: Problem creating device name scan list
Oct 19 22:03:10 localhost smartd[505]: In the system‘s table of devices NO devic
Oct 19 22:03:16 localhost systemd[1]: Failed to start LSB: Starts the Spacewalk
Oct 19 22:03:16 localhost systemd[1]: Failed to start /etc/rc.d/rc.local Compati
Oct 19 22:03:17 localhost libvirtd[1221]: libvirt version: 1.1.1, package: 29.el
Oct 19 22:03:17 localhost libvirtd[1221]: Module /usr/lib64/libvirt/connection-d
lines 1-9/9 (END)
[root@localhost Desktop]# journalctl -f ##列出最新10条记录,并持续监控
-- Logs begin at Wed 2016-10-19 22:03:05 EDT. --
Oct 19 22:11:10 localhost sshd[2758]: Server listening on :: port 22.
Oct 19 22:11:44 localhost systemd[1]: Stopping System Logging Service...
Oct 19 22:11:44 localhost systemd[1]: Starting System Logging Service...
Oct 19 22:11:44 localhost systemd[1]: Started System Logging Service.
Oct 19 22:12:04 localhost systemd[1]: Stopping OpenSSH server daemon...
Oct 19 22:12:04 localhost sshd[2758]: Received signal 15; terminating.
Oct 19 22:12:04 localhost systemd[1]: Starting OpenSSH server daemon...
Oct 19 22:12:04 localhost systemd[1]: Started OpenSSH server daemon.
Oct 19 22:12:04 localhost sshd[2804]: Server listening on 0.0.0.0 port 22.
Oct 19 22:12:04 localhost sshd[2804]: Server listening on :: port 22.
>>>>>持续监控>>>>>
[root@localhost Desktop]# journalctl --since "2016-10-19 22:12:00" --until "2016-10-19 22:13:00"
-- Logs begin at Wed 2016-10-19 22:03:05 EDT, end at Wed 2016-10-19 22:20:01 EDT
Oct 19 22:12:04 localhost systemd[1]: Stopping OpenSSH server daemon...
Oct 19 22:12:04 localhost sshd[2758]: Received signal 15; terminating.
Oct 19 22:12:04 localhost systemd[1]: Starting OpenSSH server daemon...
Oct 19 22:12:04 localhost systemd[1]: Started OpenSSH server daemon.
Oct 19 22:12:04 localhost sshd[2804]: Server listening on 0.0.0.0 port 22.
Oct 19 22:12:04 localhost sshd[2804]: Server listening on :: port 22.
lines 1-7/7 (END)
[root@localhost Desktop]# ps aux |grep sshd
root 1379 0.0 0.4 135680 4884 ? Ss 22:03 0:00 sshd: root@pts/0
root 3025 0.0 0.3 82956 3532 ? Ss 22:29 0:00 /usr/sbin/sshd -D
root 3112 0.0 0.0 112644 944 pts/0 S+ 22:35 0:00 grep --color=auto sshd
[root@localhost Desktop]# systemctl status sshd.service
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Wed 2016-10-19 22:29:12 EDT; 6min ago
Process: 3024 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS)
Main PID: 3025 (sshd)
CGroup: /system.slice/sshd.service
└─3025 /usr/sbin/sshd -D
Oct 19 22:29:12 localhost systemd[1]: Starting OpenSSH server daemon...
Oct 19 22:29:12 localhost systemd[1]: Started OpenSSH server daemon.
Oct 19 22:29:12 localhost sshd[3025]: Server listening on 0.0.0.0 port 22.
Oct 19 22:29:12 localhost sshd[3025]: Server listening on :: port 22.
[root@localhost Desktop]# journalctl -o verbose
------------------------------------------------------------
/3025
按"n"向下查找,可以查找到与"3025"相关的内容
比如:
MESSAGE=Server listening on :: port 22.
SYSLOG_PID=3025
_PID=3025
_SOURCE_REALTIME_TIMESTAMP=1476930552046485
按"q"退出
------------------------------------------------------------
[root@localhost Desktop]# journalctl _PID=3025 _COMM=sshd _HOSTNAME=localhost
-- Logs begin at Wed 2016-10-19 22:03:05 EDT, end at Wed 2016-10-19 22:50:01 EDT
Oct 19 22:29:12 localhost sshd[3025]: Server listening on 0.0.0.0 port 22.
Oct 19 22:29:12 localhost sshd[3025]: Server listening on :: port 22.
lines 1-3/3 (END)
####################
对systemd-journald管理
##默认情况下此程序会忽略重启前的日志信息,如不忽略:
mkdir /var/log/journal
chown root:systemd-journal /var/log/journal
chmod 2755 /var/log/journal
killall -1 systemd-journal ##进程初始化
ls /var/log/journal/4513ad59a3b442ffa4b7ea88343fa55f
system.journal user-1000.journal
####################
com和command的区别:
[root@localhost Desktop]# ps ax -o comm,command | grep journal
systemd-journal /usr/lib/systemd/systemd-journald
grep grep --color=auto journald
comm = systemd-journal
command = /usr/lib/systemd/systemd-journald
[root@localhost Desktop]# mkdir /var/log/journal
[root@localhost Desktop]# ls -ld /var/log/journal
drwxr-xr-x. 2 root root 6 Oct 17 05:39 /var/log/journal
[root@localhost Desktop]# cat /etc/group | grep journal
systemd-journal:x:190:
[root@localhost Desktop]# chown root:systemd-journal /var/log/journal
[root@localhost Desktop]# chmod 2755 /var/log/journal
[root@localhost Desktop]# ls -ld /var/log/journal
drwxr-sr-x. 2 root systemd-journal 6 Oct 17 05:39 /var/log/journal
[root@localhost Desktop]# killall -1 systemd-journald
[root@localhost Desktop]# date
Mon Oct 17 05:42:57 EDT 2016
[root@localhost Desktop]# ll /var/log/journal
total 0
drwxr-sr-x. 2 root systemd-journal 27 Oct 17 05:42 946cb0e817ea4adb916183df8c4fc817
[root@localhost Desktop]# ls /var/log/journal/946cb0e817ea4adb916183df8c4fc817/
system.journal
[root@localhost Desktop]# reboot
==========等待虚拟机重启==========
[root@localhost Desktop]# journalctl
-- Logs begin at Mon 2016-10-17 05:42:50 EDT, end at Mon 2016-10-17 05:49:16 EDT
Oct 17 05:42:50 localhost systemd-journal[31294]: Permanent journal is using 8.0
Oct 17 05:42:50 localhost systemd-journal[31294]: Journal started
Oct 17 05:42:50 localhost systemd[1]: Starting Trigger Flushing of Journal to Pe
Oct 17 05:42:50 localhost systemd[1]: systemd-journald.service: main process exi
Oct 17 05:42:50 localhost systemd[1]: Unit systemd-journald.service entered fail
Oct 17 05:42:50 localhost systemd[1]: Started Trigger Flushing of Journal to Per
Oct 17 05:47:01 localhost anacron[2279]: Job `cron.weekly‘ started
Oct 17 05:47:01 localhost anacron[2279]: Job `cron.weekly‘ terminated
Oct 17 05:47:27 localhost systemd[1]: Stopping Session 4 of user root.
Oct 17 05:47:27 localhost systemd[1]: Stopping Session 3 of user root.
Oct 17 05:47:27 localhost systemd[1]: Stopping Session 1 of user root.
......
##日志从05:42:50开始记录,这个时间是重启前的时间
[root@localhost Desktop]# ls /var/log/journal/946cb0e817ea4adb916183df8c4fc817/
system.journal user-42.journal
####################
###############################
####### 15.系统虚拟机管理 #######
###############################
####################
使用虚拟化软件必须在BIOS里面打开虚拟化功能
有的主机BIOS里面不开放虚拟化,也没有完全虚拟化功能
qemu-kvm ##虚拟化硬件
qemu-img ##虚拟化存储
Linux自带的虚拟化软件叫KVM
virt-manager ##打开虚拟系统管理器
####################
####################
man virt-install
/EXAMPLES
按"n"向下查找,找到如下说明:
Run a Live CD image under Xen fullyvirt, in diskless environment
# virt-install \
--hvm \
--name demo \
--memory 500 \
--disks none \
--livecd \
--graphics vnc \
--cdrom /root/fedora7live.iso ##需要的信息
####################
####################1.安装####################
vim vmcreate
----------------------------------------------------------------------
#!/bin/bash ##命令运行环境的指定
virt-install \ ##安装虚拟机
> --name $1 \ ##虚拟机名称指定,$1表示脚本后的第一串字符
> --ram 1000 \ ##内存
> --file /var/lib/libvirt/images/$1.img \ ##硬盘文件
> --file-size 8 \ ##硬盘文件大小
> --cdrom /home/kiosk/Desktop/rhel-server-7.1-x86_64-dvd.iso & ##安装源指定
----------------------------------------------------------------------
"#!"这个是固定格式
"\"表示换行
"$1"表示脚本后面跟的第一个参数
"&"打入后台
chmod u+x vmcreate
mv vmcreate /usr/local/bin/
vmcreate hello ##"hello"是虚拟机名称,注意:切换到root用户下执行
实验发现:
使用命令创建的虚拟机存储的格式是img
使用virt-manager创建的虚拟机存储的格式是qcow2
####################2.管理####################
virt-manager ##开启图形管理工具
virt-view vmname ##显示虚拟机,vmname表示虚拟机名称
virsh list ##列出正在运行的vm
virsh list --all ##列出所有vm
virsh start vmname ##运行指定vm
virsh shutdown vmname ##正常指定关闭vm,可以被忽略(比如开机后没有登陆,就不能shutdown)
virsh destroy vmname ##强行结束指定vm,不能被忽略
virsh create vmname.xml ##临时恢复指定vm,vmname表示前端管理文件
virsh define vmname.xml ##永久恢复vm
virsh undefine vmname ##删除vm的前端管理,不会删除存储
####################
rhel7.1.xml ##虚拟机前端管理
rhel7.1.img ##虚拟机存储
[root@foundation50 Desktop]# ll /etc/libvirt/qemu/
total 24
-rw-------. 1 root root 2488 Oct 17 16:56 desktop.xml
drwx------. 3 root root 40 Sep 11 09:13 networks
-rw-------. 1 root root 4259 Oct 20 15:05 rhel6.5.xml
-rw-------. 1 root root 4263 Oct 20 13:06 rhel7.1.xml
-rw-------. 1 root root 2536 Oct 17 16:55 server.xml
[root@foundation50 Desktop]# cp -p /etc/libvirt/qemu/rhel7.1.xml /mnt/ ##"-p"复制权限
[root@foundation50 Desktop]# ll /mnt
total 28
-rw-r--r--. 1 root root 18928 Sep 17 14:21 foundation-config-7.0-1.r26059.x86_64.rpm
-rw-------. 1 root root 4263 Oct 20 13:06 rhel7.1.xml
[root@foundation50 Desktop]# ls /var/lib/libvirt/images/ ##"/var"下存放的是系统数据
rh124-desktop-vda.ovl rh124-desktop-vdb.qcow2 rh124-server-vda.qcow2 rh124-server.xml
rh124-desktop-vda.qcow2 rh124-desktop.xml rh124-server-vdb.ovl rhel6.5.qcow2
rh124-desktop-vdb.ovl rh124-server-vda.ovl rh124-server-vdb.qcow2 rhel7.1.img
[root@foundation50 Desktop]# mv /var/lib/libvirt/images/rhel7.1.img /mnt/
[root@foundation50 Desktop]# ls /mnt/
foundation-config-7.0-1.r26059.x86_64.rpm rhel7.1.img rhel7.1.xml
[root@foundation50 Desktop]# virt-manager
手动删除虚拟机"rhel7.1"的前端管理。由于"rhel7.1.img"已经被移走,Storage已经不存在
现在开始恢复:
[root@foundation50 Desktop]# vim /mnt/rhel7.1.xml
------------------------------------------------------------
41 <source file=‘/var/lib/libvirt/images/rhel7.1.img‘/>
------------------------------------------------------------
[root@foundation50 Desktop]# mv /mnt/rhel7.1.img /var/lib/libvirt/images/
[root@foundation50 Desktop]# ls /var/lib/libvirt/images/
rh124-desktop-vda.ovl rh124-desktop-vdb.qcow2 rh124-server-vda.qcow2 rh124-server.xml
rh124-desktop-vda.qcow2 rh124-desktop.xml rh124-server-vdb.ovl rhel6.5.qcow2
rh124-desktop-vdb.ovl rh124-server-vda.ovl rh124-server-vdb.qcow2 rhel7.1.img
[root@foundation50 Desktop]# virsh create /mnt/rhel7.1.xml
Domain rhel7.1 created from /mnt/rhel7.1.xml
[root@foundation50 Desktop]# ls /etc/libvirt/qemu/
desktop.xml networks rhel6.5.xml server.xml ##只是临时开启,并没有恢复前端管理
[root@foundation50 Desktop]# virsh define /mnt/rhel7.1.xml
Domain rhel7.1 defined from /mnt/rhel7.1.xml
[root@foundation50 Desktop]# ls /etc/libvirt/qemu/
desktop.xml networks rhel6.5.xml rhel7.1.xml server.xml ##前端管理已经恢复
[root@foundation50 Desktop]# virsh undefine rhel7.1
Domain rhel7.1 has been undefined
[root@foundation50 Desktop]# ls /etc/libvirt/qemu/
desktop.xml networks rhel6.5.xml server.xml ##前端管理再次被删除
如果找不到文件的路径,可以使用以下命令进行查找:
[root@foundation50 Desktop]# find / -name rhel7.1.xml
/etc/libvirt/qemu/rhel7.1.xml
[root@foundation50 Desktop]# find / -name rhel7.1.img
/var/lib/libvirt/images/rhel7.1.img
####################
如果前端管理被删除,光剩下Storage,就只能在管理器里指定硬盘来恢复
步骤如下:
Create a new virtual machine
-->Import existing disk image-->Forward
-->Provide the existing storage path-->(略)......
####################3.虚拟机快照####################
qemu-img create -f qcow2 -b vm1.qcow2 node1.qcow2 ##创建快照"node1.qcow2"
注意:创建的是快照,而不是复制一个Storage出来
####################
[root@foundation50 Desktop]# cd /var/lib/libvirt/images/
[root@foundation50 images]# ls
rh124-desktop-vda.ovl rh124-desktop.xml rh124-server-vdb.qcow2
rh124-desktop-vda.qcow2 rh124-server-vda.ovl rh124-server.xml
rh124-desktop-vdb.ovl rh124-server-vda.qcow2 rhel6.5.qcow2
rh124-desktop-vdb.qcow2 rh124-server-vdb.ovl rhel7.1.img
[root@foundation50 images]# file rhel7.1.img
rhel7.1.img: QEMU QCOW Image (v3), 8589934592 bytes ##格式"QCOW"即"qcow2"
[root@foundation50 images]# qemu-img create -f qcow2 -b rhel7.1.img westos.img
Formatting ‘westos.img‘, fmt=qcow2 size=8589934592 backing_file=‘rhel7.1.img‘ encryption=off cluster_size=65536 lazy_refcounts=off
[root@foundation50 images]# ll rhel7.1.img
-rw-------. 1 root root 8591507456 Oct 20 17:43 rhel7.1.img
[root@foundation50 images]# du -sh rhel7.1.img
3.3G rhel7.1.img
[root@foundation50 images]# ll westos.img
-rw-r--r--. 1 root root 197120 Oct 21 09:30 westos.img
[root@foundation50 images]# du -sh westos.img
196K westos.img ##快照仅196K
[root@foundation50 Desktop]# virt-manager
在管理器里指定硬盘加载"westos.img"进行开机启动
[root@foundation50 images]# du -sh westos.img
4.2M westos.img
[root@foundation50 images]# du -sh westos.img
8.2M westos.img
[root@foundation50 images]# du -sh westos.img
17M westos.img ##随着开机的进行,快照越来越大
假如虚拟机出现故障,比如执行如下操作:
rm -fr /etc/
重启后,发现虚拟机启不起来
不需要操作前端管理
直接删除"westos.img",重新创建快照
[root@foundation50 images]# rm -fr westos.img
[root@foundation50 images]# qemu-img create -f qcow2 -b rhel7.1.img westos.img
Formatting ‘westos.img‘, fmt=qcow2 size=8589934592 backing_file=‘rhel7.1.img‘ encryption=off cluster_size=65536 lazy_refcounts=off
实验发现:
[root@foundation50 images]# qemu-img create -f qcow2 -b westos.img linux.img
Formatting ‘linux.img‘, fmt=qcow2 size=8589934592 backing_file=‘westos.img‘ encryption=off cluster_size=65536 lazy_refcounts=off
[root@foundation50 images]# qemu-img create -f qcow2 -b linux.img linux1.img
Formatting ‘linux1.img‘, fmt=qcow2 size=8589934592 backing_file=‘linux.img‘ encryption=off cluster_size=65536 lazy_refcounts=off
[root@foundation50 images]# qemu-img create -f qcow2 -b linux1.img linux2.img
Formatting ‘linux2.img‘, fmt=qcow2 size=8589934592 backing_file=‘linux1.img‘ encryption=off cluster_size=65536 lazy_refcounts=off
快照可以创建快照,并且被快照创建出来的快照也可以加载启动
但是当前一个快照被删除时,后一个快照就会失效
比如:
[root@foundation50 images]# rm -fr linux1.img
linux2将不能被加载启动
编辑脚本:
vim vmctl
----------------------------------------------------------------------
#!/bin/bash
echo poweroff $1 ...
virsh destroy $1 &> /dev/null
echo del $1.xml ...
virsh undefine $1 &> /dev/null
echo create disk ...
qemu-img create -f qcow2 -b /var/lib/libvirt/images/$1.qcow2 /var/lib/libvirt/images/$2.qcow2 &> /dev/null
echo create $2 vm ...
virt-install \
--name $2 \
--ram 1000 \
--disk /var/lib/libvirt/images/$2.qcow2 \
--import &> /dev/null &
echo created $2 successful !!!
----------------------------------------------------------------------
执行脚本"vmctl":
[root@foundation50 杂]# sh vmctl rhel6.5 test
poweroff rhel6.5 ...
del rhel6.5.xml ...
create disk ...
create test vm ...
created test successful !!!
"-x"表示跟踪脚本的执行:
[root@foundation50 杂]# sh -x vmctl rhel6.5 test
+ echo poweroff rhel6.5 ...
poweroff rhel6.5 ...
+ virsh destroy rhel6.5
+ echo del rhel6.5.xml ...
del rhel6.5.xml ...
+ virsh undefine rhel6.5
+ echo create disk ...
create disk ...
+ qemu-img create -f qcow2 -b /var/lib/libvirt/images/rhel6.5.qcow2 /var/lib/libvirt/images/test.qcow2
+ echo create test vm ...
create test vm ...
+ echo created test successful ‘!!!‘
created test successful !!!
+ virt-install --name test --ram 1000 --disk /var/lib/libvirt/images/test.qcow2 --import
####################
本文出自 “施超Linux学习笔记” 博客,谢绝转载!
原文地址:http://shichao.blog.51cto.com/5804953/1864185