功能介绍
WebVirtMgr是一个基于libvirt的Web界面,用于管理虚拟机。它允许您创建和配置新域并调整域的资源分配
环境准备
两台机器都要关闭防火墙,selinux,WebVirtMgr通过SSH传公钥给KVM
WebVirtMgr主机:192.168.202.132
kvm主机:192.168.202.131
关闭防火墙
systemctl status firewalld #查看防火墙状态
systemctl stop firewalld #关闭防火墙,暂时关闭操作
systemctl disable firewalld.service #在这里最好把防火墙开机自启也关了,免了一些不必要的麻烦
关闭selinux
vim /etc/sysconfig/selinux #selinux=enforcing 改为 selinux=disabled
此时再次查看selinux的状态为(注意此时需要关机重启一下(reboot),否则查看到的状态还是和之前一样的了)
/usr/sbin/sestatus 查看一下状态
kvm开启路由转发
[root@kvm ~]# echo "1" > /proc/sys/net/ipv4/ip_forward
永久开启
在 vim /etc/sysctl.conf 下 加入此行 net.ipv4.ip_forward = 1 命令 sysctl -p ----加载一下
[root@kvm ~]# sysctl -a |grep "ip_forward" ----查看一下
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
在KVM端配置ssh
[root@KVM images]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@KVM images]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@KVM images]# systemctl restart libvirtd
部署WebVirtMgr
安装软件工具
[root@WebVirtMgr ~]# yum -y install epel-release
[root@WebVirtMgr ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
安装webvirtmgr
[root@WebVirtMgr ~]# mkdir /webvirtmgr
[root@WebVirtMgr ~]# cd /webvirtmgr/
[root@WebVirtMgr webvirtmgr]# git config --global url."https://github.com".insteadOf git://github.com #需要用https才能读到数据
[root@webvirtmgr webvirtmgr]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
接收对象中: 100% (5614/5614), 2.97 MiB | 80.00 KiB/s, done.
处理 delta 中: 100% (3606/3606), done.
[root@WebVirtMgr webvirtmgr]# cd webvirtmgr/
[root@WebVirtMgr webvirtmgr]# pip install -i https://pypi.douban.com/simple -r requirements.txt# (就是安装一些需要的包和环境)-i指定下载源,不然会非常慢,就会超时失败。
账号初始化
[root@WebVirtMgr webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'root'): admin #创建超级管理员,如果不输入默认就是root
Email address: 123@qq.com
Password: #设置密码
Password (again):
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
配置公钥
[root@webvirtmgr webvirtmgr]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:OaiDlT+VGFr9V8A4nk4O1XguLrNaNMoMBUnfCt0ys+Y root@webvirtmgr
The key's randomart image is:
+---[RSA 2048]----+
| .o. =. |
| .+ + = +. |
| . X +o = . |
| * X.+= .. |
| = * S*... |
| o O +oo+. |
| . o E .+ |
| . o. |
| .. |
+----[SHA256]-----+
[root@webvirtmgr webvirtmgr]# ssh-copy-id -i 192.168.202.131 #kvm地址
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.202.131 (192.168.202.131 )' can't be established.
ECDSA key fingerprint is SHA256:HdZL+HUC3tFCIkOv1cEh4ec9AICqQJ+Q+C4HLFe6SiE.
ECDSA key fingerprint is MD5:eb:f6:ef:d6:72:62:3e:c0:6a:3b:36:07:5b:50:b7:5b.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.202.131 's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.202.131 '"
and check to make sure that only the key(s) you wanted were added.
配置站点
[root@WebVirtMgr webvirtmgr]# rm -rf /usr/share/nginx/html/*
[root@WebVirtMgr webvirtmgr]# cp -r /webvirtmgr/webvirtmgr/ /usr/share/nginx/html/
[root@WebVirtMgr webvirtmgr]# chown -R nginx.nginx /usr/share/nginx/html/webvirtmgr/
配置nginx
[root@sWebVirtMgr html]# vim /etc/nginx/nginx.conf
...
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html/;# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /static/ {
root /usr/share/nginx/html/webvirtmgr/webvirtmgr;
expires max;}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;}
.....
主要是修改上面的内容
# 检查语法[root@webvirtmgr webvirtmgr]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
配置端口
[root@WebVirtMgr html]# vim /usr/share/nginx/html/webvirtmgr/conf/gunicorn.conf.py
...
bind = '0.0.0.0:8000'
设置supervisor
#在配置文件最后加入以下行
[root@WebVirtMgr html]# vim /etc/supervisord.conf
[include]
files = supervisord.d/*.ini
[program:webvirtmgr]
command=/usr/bin/python2 /usr/share/nginx/html/webvirtmgr/manage.py run_gunicorn -c /usr/share/nginx/html/webvirtmgr/conf/gunicorn.conf.py //启动8000端口
directory=/usr/share/nginx/html/webvirtmgr/
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=trueuser=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /usr/share/nginx/html/webvirtmgr/console/webvirtmgr-console //启动6080端口(这是控制台vnc端口)
directory=/usr/share/nginx/html/webvirtmgr/
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
启动服务
[root@WebVirtMgr html]# systemctl start nginx
[root@WebVirtMgr html]# systemctl start supervisord.service
[root@WebVirtMgr html]# systemctl enable supervisord.service
[root@WebVirtMgr html]# systemctl enable nginx
[root@WebVirtMgr html]# ss -antlp
[root@webvirtmgr webvirtmgr]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 19125/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1046/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1131/master
tcp 0 0 0.0.0.0:6080 0.0.0.0:* LISTEN 19450/python2
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 19451/python2
tcp 0 0 127.0.0.1:1514 0.0.0.0:* LISTEN 1813/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 19125/nginx: master
tcp6 0 0 :::22 :::* LISTEN 1046/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1131/master
配置nginx用户
[root@webvirtmgr webvirtmgr]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vPrEbEPpNZ1D6W8ZQBnpx5Jx0K5evZx2PBv8rKKpmsc nginx@webvirtmgr
The key's randomart image is:
+---[RSA 2048]----+
| +* |
| .+.o |
| .+* |
| . . ++o+ |
| S o =+.. |
| = o ..ooo.|
| .O . .=+o|
| =E. .o. B=|
| ++o.o. .oo*|
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.202.131 # 配置ssh-key到kvm服务器
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.202.131' (ECDSA) to the list of known hosts.
root@192.168.202.131's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.202.131'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
logout
web页面
此时访问192.168.202.132即可看到登录页面,输入创建超级用户时的用户名和密码即可登录。
下图为登录后使用SSH连接KVM。
创建实例
创建两个存储池:
(1) 用来存放 iso 文件
(2) 用来存放虚拟磁盘文件
镜像池的目录和里面的镜像文件需要提前在KVM中创建
创建存放虚拟磁盘文件的存储池
测试验证
使用镜像
使用控制台查看虚拟机
安装系统正常