• kvm web管理界面安装


    kvm web管理界面安装

    kvm 的 web 管理界面是由 webvirtmgr 程序提供的。

    安装依赖包

    [root@mp ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
    

    升级pip

    [root@mp ~]# pip install --upgrade pip
    //过程省略......
    

    从github上下载webvirtmgr代码

    [root@mp ~]# cd /usr/local/src/
    [root@mp src]# git clone git://github.com/retspen/webvirtmgr.git
    正克隆到 'webvirtmgr'...
    remote: Enumerating objects: 5614, done.
    remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 561
    接收对象中: 100% (5614/5614), 2.98 MiB | 1011.00 KiB/s, done.
    处理 delta 中: 100% (3602/3602), done.
    

    安装webvirtmgr

    [root@mp src]# cd webvirtmgr/
    [root@mp webvirtmgr]# pip install -r requirements.txt
    DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
    //安装过程省略......
    

    检查sqlite3是否安装

    [root@mp webvirtmgr]# python
    Python 2.7.5 (default, Oct 30 2018, 23:45:53) 
    [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import sqlite3
    >>> exit()
    

    初始化帐号信息

    [root@kvm webvirtmgr]# python manage.py syncdb
    WARNING:root:No local_settings file found.
    Creating tables ...
    Creating table auth_permission
    Creating table auth_group_permissions
    Creating table auth_group
    Creating table auth_user_groups
    Creating table auth_user_user_permissions
    Creating table auth_user
    Creating table django_content_type
    Creating table django_session
    Creating table django_site
    Creating table servers_compute
    Creating table instance_instance
    Creating table create_flavor
    
    You just installed Django's auth system, which means you don't have any superusers defined.
    Would you like to create one now? (yes/no): yes     //问你是否创建超级管理员帐号
    Username (leave blank to use 'root'):   //指定超级管理员帐号用户名,默认留空为root
    Email address: bebejo@126.com     //设置超级管理员邮箱
    Password:1       //设置超级管理员密码
    Password (again):1       //再次输入超级管理员密码
    Superuser created successfully.
    Installing custom SQL ...
    Installing indexes ...
    Installed 6 object(s) from 1 fixture(s)
    

    拷贝web网页至指定目录

    [root@mp webvirtmgr]# mkdir /var/www
    [root@mp webvirtmgr]# cp -r /usr/local/src/webvirtmgr/ /var/www/
    [root@mp webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/
    

    生成密钥

    //全部保持默认,回车即可
    [root@mp ~]# ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 
    Created directory '/root/.ssh'.
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:3/LDSmdcrWbrJxAXtt9HJD13UKlz4lTbYrCqzUNVkWQ root@mp
    The key's randomart image is:
    +---[RSA 2048]----+
    |             .E*o|
    |            ..*+=|
    |             =o=*|
    |            +==+o|
    |        S  oo+=+o|
    |         .oo.o .+|
    |         =+.=.+ .|
    |        ..+=oo...|
    |          .o.ooo |
    +----[SHA256]-----+
    

    由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个是它的ip

    [root@mp ~]# ssh-copy-id 192.168.157.99
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    The authenticity of host '192.168.157.99 (192.168.157.99)' can't be established.
    ECDSA key fingerprint is SHA256:I20VCudXLSb+D75FPy0SjjexuAhmPkhN8hO4DZFjaT8.
    ECDSA key fingerprint is MD5:f2:04:78:0f:b3:30:ae:12:66:05:85:97:e6:ab:80:15.
    Are you sure you want to continue connecting (yes/no)? yes
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    root@192.168.157.99's password: 
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.157.99'"
    and check to make sure that only the key(s) you wanted were added.
    

    端口转发

    [root@mp ~]# ssh 192.168.157.99 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
    Last login: Fri Mar 15 02:23:10 2019 from 192.168.157.1
    [root@mp ~]# ss -antl 
    State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
    LISTEN     0      128        *:111                    *:*                  
    LISTEN     0      5      192.168.122.1:53                     *:*                  
    LISTEN     0      128        *:22                     *:*                  
    LISTEN     0      100    127.0.0.1:25                     *:*                  
    LISTEN     0      128    127.0.0.1:6080                   *:*                  
    LISTEN     0      128    127.0.0.1:8000                   *:*                  
    LISTEN     0      128       :::111                   :::*                  
    LISTEN     0      128       :::22                    :::*                  
    LISTEN     0      100      ::1:25                    :::*                  
    LISTEN     0      128      ::1:6080                  :::*                  
    LISTEN     0      128      ::1:8000                  :::*        
    

    配置nginx

    [root@mp ~]# vim /etc/nginx/nginx.conf
    user nginx;
    worker_processes auto;
    error_log /var/log/nginx/error.log;
    pid /run/nginx.pid;
    
    include /usr/share/nginx/modules/*.conf;
    
    events {
        worker_connections 1024;
    }
    
    http {
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  /var/log/nginx/access.log  main;
    
        sendfile            on;
        tcp_nopush          on;
        tcp_nodelay         on;
        keepalive_timeout   65;
        types_hash_max_size 2048;
    
        include             /etc/nginx/mime.types;
        default_type        application/octet-stream;
    
        include /etc/nginx/conf.d/*.conf;
    
        server {
            listen       80;
            server_name  localhost;
    
            include /etc/nginx/default.d/*.conf;
    
            location / {
                root html;
                index index.html index.htm;
            }
    
            error_page 404 /404.html;
                location = /40x.html {
            }
    
            error_page 500 502 503 504 /50x.html;
                location = /50x.html {
            }
        }
    }
    
    [root@mp ~]# vim /etc/nginx/conf.d/webvirtmgr.conf 
    server {
    listen 80 default_server;
    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log;
    
    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr;
        expires max;
    }
    
    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M;
    }
    }
    

    确保bind绑定的是本机的8000端口

    [root@mp ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
    .....此处省略N行
    bind = '0.0.0.0:8000'     //确保此处绑定的是本机的8000端口,这个在nginx配置中定义了,被代理的端口
    backlog = 2048
    .....此处省略N行
    

    重启nginx

    [root@mp ~]# systemctl start nginx 
    [root@mp ~]# ss -antl
    State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
    LISTEN     0      128        *:111                    *:*                  
    LISTEN     0      128        *:80                     *:*                  
    LISTEN     0      5      192.168.122.1:53                     *:*                  
    LISTEN     0      128        *:22                     *:*                  
    LISTEN     0      100    127.0.0.1:25                     *:*                  
    LISTEN     0      128    127.0.0.1:6080                   *:*                  
    LISTEN     0      128    127.0.0.1:8000                   *:*                  
    LISTEN     0      128       :::111                   :::*                  
    LISTEN     0      128       :::22                    :::*                  
    LISTEN     0      100      ::1:25                    :::*                  
    LISTEN     0      128      ::1:6080                  :::*                  
    LISTEN     0      128      ::1:8000                  :::*        
    

    设置supervisor

    [root@mp ~]# vim /etc/supervisord.conf 
    //.....此处省略上面的内容,在文件最后加上以下内容
    [program:webvirtmgr]
    command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
    directory=/var/www/webvirtmgr
    autostart=true
    autorestart=true
    logfile=/var/log/supervisor/webvirtmgr.log
    log_stderr=true
    user=nginx
    
    [program:webvirtmgr-console]
    command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
    directory=/var/www/webvirtmgr
    autostart=true
    autorestart=true
    stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
    redirect_stderr=true
    user=nginx
    

    启动supervisor并设置开机自动启动

    [root@mp ~]# systemctl start supervisord
    [root@mp ~]# systemctl enable supervisord
    Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
    [root@mp ~]# systemctl status supervisord
    ● supervisord.service - Process Monitoring and Control Daemon
       Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
       Active: active (running) since 五 2019-03-15 03:06:19 CST; 20s ago
     Main PID: 3326 (supervisord)
       CGroup: /system.slice/supervisord.service
               └─3326 /usr/bin/python /usr/bin/supervisord -c /etc/supervisor...
    
    3月 15 03:06:18 mp systemd[1]: Starting Process Monitoring and Control.....
    3月 15 03:06:19 mp systemd[1]: Started Process Monitoring and Control ...n.
    Hint: Some lines were ellipsized, use -l to show in full.
    
    [root@mp ~]# ss -antl 
    State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
    LISTEN     0      128        *:111                    *:*                  
    LISTEN     0      128        *:80                     *:*                  
    LISTEN     0      5      192.168.122.1:53                     *:*                  
    LISTEN     0      128        *:22                     *:*                  
    LISTEN     0      100    127.0.0.1:25                     *:*                  
    LISTEN     0      128    127.0.0.1:6080                   *:*                  
    LISTEN     0      128    127.0.0.1:8000                   *:*                  
    LISTEN     0      128       :::111                   :::*                  
    LISTEN     0      128       :::22                    :::*                  
    LISTEN     0      100      ::1:25                    :::*                  
    LISTEN     0      128      ::1:6080                  :::*                  
    LISTEN     0      128      ::1:8000                  :::*     
    

    配置nginx用户

    //未创建nginx用户,所以用su命令赋予它交互式登录的权限
    [root@mp ~]# su - nginx -s /bin/bash
    -bash-4.2$ ssh-keygen -t rsa
    //全部保持默认,回车即可,密码除外。
    Generating public/private rsa key pair.
    Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa): 
    Created directory '/var/lib/nginx/.ssh'.
    
    Enter passphrase (empty for no passphrase): 
    
    Enter same passphrase again: 
    
    Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
    Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:86tvVfX2z7hqCHz/rqVUKMQPReWO26hNWlpZaZOTOgg nginx@mp
    The key's randomart image is:
    +---[RSA 2048]----+
    |           .o..  |
    |         . . .  .|
    |          +   ...|
    |         . o +.+o|
    |       .E . +.@..|
    |        o+.o.X o.|
    |         oo+@ oo.|
    |          o@o+. o|
    |        .+*.==+. |
    +----[SHA256]-----+
    -bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no
    UserKnownHostsFile=/dev/null" >> ~/.ssh/config
    -bash-4.2$ chmod 0600 ~/.ssh/config
    -bash-4.2$ ssh-copy-id root@192.168.157.99
    /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
    /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    Warning: Permanently added '192.168.157.99' (ECDSA) to the list of known hosts.
    root@192.168.157.99's password: 
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh 'root@192.168.157.99'"
    and check to make sure that only the key(s) you wanted were added.
    
    -bash-4.2$ exit
    登出
    
    [root@mp ~]#  vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
    [Remote libvirt SSH access]
    Identity=unix-user:root
    Action=org.libvirt.unix.manage
    ResultAny=yes
    ResultInactive=yes
    ResultActive=yes
    
    [root@mp ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
    [root@mp ~]# systemctl restart nginx
    [root@mp ~]# systemctl restart libvirtd
    

    kvm web界面管理

    通过ip地址在浏览器上访问kvm,例如我这里就是:http://192.168.157.99

    此处的用户为:root
    密码为:执行python manage syncdb时设置的超级管理员密码

    此处的Label要与下面的FQDN / IP一致!

    点击上方的IP地址,不是点击Host:192.168.157.99

    kvm存储管理

    //创建存储

    点击New Storage

    进入存储

    点击default

    池路径 /var/lib/libvirt/images:磁盘镜像ISO文件存储的位置

    //通过远程连接软件上传ISO镜像文件至存储目录/var/lib/libvirt/images/

    [root@mp ~]# cd /var/lib/libvirt/images/
    [root@mp images]# ll
    总用量 3963904
    -rw-r--r-- 1 root root 4059037696 3月  15 03:50 rhel-server-7.4-x86_64-dvd.iso
    

    在web界面查看ISO镜像文件是否存在

    创建系统安装镜像

    //添加成功如下图

    kvm网络管理

    点击New Network

    实例管理

    实例(虚拟机的创建)

    //虚拟机插入光盘

    //设置在web上访问虚拟机的密码

    //启动虚拟机

    //虚拟机安装

    此步骤为虚拟机的安装步骤,不再阐述

    所遇问题

    4.1 故障一
    第一次通过web访问kvm时可能会一直访问不了,一直转圈,而命令行界面一直报错(too many open files)

    永久生效方法:
    	修改/etc/security/limits.conf,在文件底部添加:
    	* soft nofile 655360
    	* hard nofile 655360
    	星号代表全局, soft为软件,hard为硬件,nofile为这里指可打开文件数。
     
    另外,要使limits.conf文件配置生效,必须要确保 pam_limits.so 文件被加入到启动文件中。
    查看 /etc/pam.d/login 文件中有:
    session required /lib/security/pam_limits.so
    

    4.2 故障二
    web界面配置完成后可能会出现以下错误界面

    解决方法是安装novnc并通过novnc_server启动一个vnc

    方法一

    [root@mp ~]# ll /etc/rc.local
    lrwxrwxrwx. 1 root root 13 Aug  6  2018 /etc/rc.local -> rc.d/rc.local
    [root@mp ~]# ll /etc/rc.d/rc.local
    -rw-r--r-- 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local
    [root@mp ~]# chmod +x /etc/rc.d/rc.local
    [root@mp ~]# ll /etc/rc.d/rc.local
    -rwxr-xr-x 1 root root 513 Mar 11 22:35 /etc/rc.d/rc.local
    
    [root@mp ~]# vim /etc/rc.d/rc.local
    ......此处省略N行
    # that this script will be executed during boot.
    
    touch /var/lock/subsys/local
    nohup novnc_server 172.16.12.128:5920 &
    
    [root@mp ~]# . /etc/rc.d/rc.local
    

    方法二(推荐)

    python /var/www/webvirtmgr/console/webvirtmgr-console
    
  • 相关阅读:
    tcpdump 命令的常用选项:一
    Centos系统中 Systemd 的Unit文件配置说明
    如何使用PowerShell获取物理磁盘的信息
    tcpdump 命令的常用选项:二
    Google报告:大量被入侵的 Google Cloud 实例被用来挖掘加密货币
    Ubuntu中使用pdftk合并、分离PDF文档等操作
    tcpdump 命令的常用选项:三
    优麒麟Ubuntu Kylin 20.04 Pro SP1 上线
    为SSH登录设置电子邮件提醒
    图片上传并显示(兼容ie),图片大小判断
  • 原文地址:https://www.cnblogs.com/opesn/p/12994291.html
Copyright © 2020-2023  润新知