kvm管理工具Webvirtmgr安装

安装工具

环境:centos7

搭建:nginx Supervisor libvirtd WebVirtMgr

说明:纯环境可以直接按照步骤走

 

 

安装以下工具

关闭防火墙与selinux

1 systemctl stop firewalld
2 systemctl disable firewalld
3 setenforce 0
4 sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

 

 

 

配置网络源

1 curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
2 sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
3 sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
4 yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++

 

 

 

kvm安装

yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools

 

 

 

安装 WebVirtMgr

GITHUB 下载地址:github.com/retspen/webvirtmgr.git   (如:git 下载速度慢可以上github上传至服务器即可)

 

在 /var/www/目录下 安装 WebVirtMgr

1 git clone git://github.com/retspen/webvirtmgr.git
2 cd webvirtmgr
3 yum install python-pip          #安装python的pip安装扩展包
4 pip install -r requirements.txt

 

配置 Django 环境

./manage.py syncdb
./manage.py collectstatic
./manage.py createsuperuser

 

 

配置 Nginx

  • yum安装nginx
yum install -y nginx

 

  • /etc/nginx/conf.d/ 目录下添加 webvirtmgr.conf

vi     /etc/nginx/conf.d/webvirtmgr.conf

server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log; 

    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr; # or /srv instead of /var
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M; # Set higher depending on your needs 
    }
}
点击展开

 

 

 

  • 修改默认配置 /etc/nginx/nginx.conf

vi /etc/nginx/nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user root; # 如果不是公有云,将 user 改为 root,否则需要花费大量时间解决权限问题。
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

# 注释掉该文件中的所有 server 配置,注意不要误将最后一个 } 注释掉了
#    server {
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}
点击展开

 

 

 

  • 重启 Nginx 并设置开启启动: systemctl restart nginx && systemctl enable nginx

  • 修改 SElinux policy: /usr/sbin/setsebool httpd_can_network_connect true

 

 

 

配置 Supervisor

安装Supervisor

yum install -y supervisor

  •  /var/www/webvirtmgr 拥有者指定为 root: chown -R root:root /var/www/webvirtmgr
[root@localhost www]# ls -l
total 4
drwxr-xr-x 21 root root 4096 Jul 18 07:01 webvirtmgr

将 user 指为 root 是为了方便权限设置,否则需要花费大量时间调试权限带来的问题,公有云不要讲 user 指为 root,否则会带来安全风险。

 

 

  • 添加文件 /etc/supervisord.d/webvirtmgr.ini

vi /etc/supervisord.d/webvirtmgr.ini

[program:webvirtmgr]
command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=root

[program:webvirtmgr-console]
command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=root

 

 

  • 在防火墙上开启 80(Web 访问端口) 和 6080(控制台 vnc 端口)

firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=6080/tcp --permanent firewall-cmd --reload [root@localhost www]# firewall-cmd --zone=public --list-ports 80/tcp 6080/tcp

  • 重启 supervisor 并设置开机启动: systemctl restart supervisord && systemctl enbale supervisord

 

 

配置 SSH Authorization

  • 登录 root 账号: su root

  • 生成 SSL key: ssh-keygen

  • 修改 SSH 配置文件

  1. touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
  2. chmod 0600 ~/.ssh/config
  • 从 WebVirtMgr 服务器上复制 public key 到 KVM 服务器上,如果装在同一台设备上,就写设备自己的 IP 地址: ssh-copy-id -P 22 root@kvm-host

  • 添加文件 vi  /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
  • 重启 libvirtd: systemctl restart libvirtd
 
 
安装已经完成啦!!
 
 
 
 
 
posted @ 2019-12-24 21:45  暮日温柔  阅读(...)  评论(...编辑  收藏