安装工具
环境:centos7
搭建:nginx Supervisor libvirtd WebVirtMgr
说明:纯环境可以直接按照步骤走
安装以下工具
关闭防火墙与selinux
1 systemctl stop firewalld 2 systemctl disable firewalld 3 setenforce 0 4 sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config
配置网络源
1 curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo 2 sed -i 's/$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo 3 sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo 4 yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
kvm安装
yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
安装 WebVirtMgr
GITHUB 下载地址:github.com/retspen/webvirtmgr.git (如:git 下载速度慢可以上github上传至服务器即可)
在 /var/www/目录下 安装 WebVirtMgr
1 git clone git://github.com/retspen/webvirtmgr.git 2 cd webvirtmgr 3 yum install python-pip #安装python的pip安装扩展包 4 pip install -r requirements.txt
配置 Django 环境
./manage.py syncdb ./manage.py collectstatic ./manage.py createsuperuser
配置 Nginx
- yum安装nginx
yum install -y nginx
- 在 /etc/nginx/conf.d/ 目录下添加
webvirtmgr.conf
vi /etc/nginx/conf.d/webvirtmgr.conf
server { listen 80 default_server; server_name $hostname; #access_log /var/log/nginx/webvirtmgr_access_log; location /static/ { root /var/www/webvirtmgr/webvirtmgr; # or /srv instead of /var expires max; } location / { proxy_pass http://127.0.0.1:8000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; client_max_body_size 1024M; # Set higher depending on your needs } }
- 修改默认配置
/etc/nginx/nginx.conf
vi /etc/nginx/nginx.conf
# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user root; # 如果不是公有云,将 user 改为 root,否则需要花费大量时间解决权限问题。 worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; # 注释掉该文件中的所有 server 配置,注意不要误将最后一个 } 注释掉了 # server { # listen 80 default_server; # listen [::]:80 default_server; # server_name _; # root /usr/share/nginx/html; # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # # location / { # } # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } # Settings for a TLS enabled server. # # server { # listen 443 ssl http2 default_server; # listen [::]:443 ssl http2 default_server; # server_name _; # root /usr/share/nginx/html; # # ssl_certificate "/etc/pki/nginx/server.crt"; # ssl_certificate_key "/etc/pki/nginx/private/server.key"; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 10m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # # location / { # } # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } }
-
重启 Nginx 并设置开启启动:
systemctl restart nginx && systemctl enable nginx -
修改 SElinux policy:
/usr/sbin/setsebool httpd_can_network_connect true
配置 Supervisor
安装Supervisor
yum install -y supervisor
- 将
/var/www/webvirtmgr拥有者指定为 root:chown -R root:root /var/www/webvirtmgr
[root@localhost www]# ls -l total 4 drwxr-xr-x 21 root root 4096 Jul 18 07:01 webvirtmgr
将 user 指为 root 是为了方便权限设置,否则需要花费大量时间调试权限带来的问题,公有云不要讲 user 指为 root,否则会带来安全风险。
- 添加文件
/etc/supervisord.d/webvirtmgr.ini
vi /etc/supervisord.d/webvirtmgr.ini
[program:webvirtmgr] command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py directory=/var/www/webvirtmgr autostart=true autorestart=true logfile=/var/log/supervisor/webvirtmgr.log log_stderr=true user=root [program:webvirtmgr-console] command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console directory=/var/www/webvirtmgr autostart=true autorestart=true stdout_logfile=/var/log/supervisor/webvirtmgr-console.log redirect_stderr=true user=root
- 在防火墙上开启 80(Web 访问端口) 和 6080(控制台 vnc 端口)
firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=6080/tcp --permanent firewall-cmd --reload [root@localhost www]# firewall-cmd --zone=public --list-ports 80/tcp 6080/tcp
- 重启 supervisor 并设置开机启动:
systemctl restart supervisord && systemctl enbale supervisord
配置 SSH Authorization
-
登录 root 账号:
su root -
生成 SSL key:
ssh-keygen -
修改 SSH 配置文件
- touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no UserKnownHostsFile=/dev/null" >> ~/.ssh/config
- chmod 0600 ~/.ssh/config
-
从 WebVirtMgr 服务器上复制 public key 到 KVM 服务器上,如果装在同一台设备上,就写设备自己的 IP 地址:
ssh-copy-id -P 22 root@kvm-host - 添加文件 vi
/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access] Identity=unix-user:root Action=org.libvirt.unix.manage ResultAny=yes ResultInactive=yes ResultActive=yes
- 重启 libvirtd:
systemctl restart libvirtd
安装已经完成啦!!