Centos7.x系统KVM虚拟化(04)Web管理

0x1 安装webvirtmgr准备工作

systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl disable NetworkManager
#关闭SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#如下图
[root@localhost www]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
--2020-01-07 04:06:10--  http://mirrors.aliyun.com/repo/Centos-7.repo
Connecting to 192.168.1.106:1080... connected.
Proxy request sent, awaiting response... 200 OK
Length: 2523 (2.5K) [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/CentOS-Base.repo’

100%[==============================================>] 2,523       --.-K/s   in 0s      

2020-01-07 04:06:11 (559 MB/s) - ‘/etc/yum.repos.d/CentOS-Base.repo’ saved [2523/2523]
#更新epel源
[root@localhost www]# yum -y install epel-release
yum clean all
yum makecache
#安装软件
yum install net-tools vim lrzsz -y
yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm #不用这一步也可
yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx
yum -y install gcc python-devel wget

0x2检查是否开启虚拟化 安装KVM软件

egrep '(vmx|svm)' --color=always /proc/cpuinfo
#安装kvm
yum install qemu-kvm libvirt libvirt-python libguestfs-tools \
virt-install virt-manager python-virtinst libvirt-client virt-viewer -y
#启动libvirtd
[root@localhost src]# systemctl restart     libvirtd
[root@localhost src]# systemctl enable    libvirtd
[root@localhost src]# systemctl status     libvirtd
#或通过lsmod检查kvm安装情况
[root@localhost ~]# lsmod |grep kvm
kvm_intel             183621  3 
kvm                   586948  1 kvm_intel
irqbypass              13503  1 kvm
[root@localhost ~]# 

0x3 更新pip下载源码

[root@localhost src]# mkdir ~/.pip
[root@localhost src]# cat > ~/.pip/pip.conf << EOF
> [global]
> trusted-host=mirrors.aliyun.com
> index-url=https://mirrors.aliyun.com/pypi/simple/
> EOF
[root@localhost src]# pip install --upgrade pip
Collecting pip
  Downloading https://mirrors.aliyun.com/pypi/packages/00/b6/9cfa56b4081ad13874b0c6f96af8ce16cfbc1cb06bedf8e9164ce5551ec1/pip-19.3.1-py2.py3-none-any.whl (1.4MB)
    100% |████████████████████████████████| 1.4MB 2.3MB/s 
Installing collected packages: pip
  Found existing installation: pip 8.1.2
    Uninstalling pip-8.1.2:
      Successfully uninstalled pip-8.1.2
Successfully installed pip-19.3.1
[root@localhost src]# pip install numpy

[root@localhost src]# git clone https://github.com/retspen/webvirtmgr.git
Cloning into 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
Receiving objects: 100% (5614/5614), 2.98 MiB | 1.41 MiB/s, done.
Resolving deltas: 100% (3602/3602), done.
[root@localhost webvirtmgr]# pip install -r requirements.txt
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Requirement already satisfied: django==1.5.5 in /usr/lib/python2.7/site-packages (from -r requirements.txt (line 1)) (1.5.5)
Requirement already satisfied: gunicorn==19.5.0 in /usr/lib/python2.7/site-packages (from -r requirements.txt (line 2)) (19.5.0)
Requirement already satisfied: lockfile>=0.9 in /usr/lib/python2.7/site-packages (from -r requirements.txt (line 5)) (0.12.2)
[root@localhost webvirtmgr]# clear
[root@localhost webvirtmgr]# ls
conf     dev-requirements.txt  interfaces   networks          serverlog  templates
console  hostdetail            locale       README.rst        servers    Vagrantfile
create   images                manage.py    requirements.txt  setup.py   vrtManager
deploy   instance              MANIFEST.in  secrets           storages   webvirtmgr

#初始化管理账号
[root@localhost webvirtmgr]# ./manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'root'): root
Email address: bj_liyanliang@163.com
Password: 
Password (again): 
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)

0x4 配置 Django environment

[root@localhost webvirtmgr]# ./manage.py collectstatic
WARNING:root:No local_settings file found.

You have requested to collect static files at the destination
location as specified in your settings.

This will overwrite existing files!
Are you sure you want to do this?

Type 'yes' to continue, or 'no' to cancel: yes
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/css/bootstrap-multiselect.css'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/css/bootstrap.min.css'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/css/signin.css'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/css/table-sort.css'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/css/webvirtmgr.css'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/fonts/glyphicons-halflings-regular.eot'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/fonts/glyphicons-halflings-regular.svg'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/fonts/glyphicons-halflings-regular.ttf'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/fonts/glyphicons-halflings-regular.woff'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/img/asc.gif'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/img/bg.gif'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/img/desc.gif'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/img/favicon.ico'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/Chart.min.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/bootstrap-multiselect.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/bootstrap.min.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/infrastructure.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/jquery-1.10.2.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/jquery-migrate-1.2.1.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/jquery.tablesorter.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/Orbitron700.ttf'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/Orbitron700.woff'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/base.css'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/base64.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/black.css'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/blue.css'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/des.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/display.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/input.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/jsunzip.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/logo.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/playback.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/rfb.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/ui.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/util.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/websock.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/webutil.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/chrome-app/tcp-client.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/web-socket-js/README.txt'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/web-socket-js/WebSocketMain.swf'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/web-socket-js/swfobject.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/novnc/web-socket-js/web_socket.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/atKeynames.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/bitmap.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/cursor.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/display.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/enums.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/filexfer.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/inputs.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/jsbn.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/lz.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/main.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/playback.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/png.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/prng4.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/quic.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/resize.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/rng.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/rsa.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/sha1.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/simulatecursor.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/spicearraybuffer.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/spiceconn.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/spicedataview.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/spicemsg.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/spicetype.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/ticket.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/utils.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/webm.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/wire.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/thirdparty/jsbn.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/thirdparty/prng4.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/thirdparty/rng.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/thirdparty/rsa.js'
Copying '/usr/local/src/webvirtmgr/webvirtmgr/static/js/spice-html5/thirdparty/sha1.js'

75 static files copied.

0x5 配置管理员账号Adding additional superusers

[root@localhost webvirtmgr]# ./manage.py createsuperuser
WARNING:root:No local_settings file found.
Username: azkaban
Email address: bj_liyanliang@163.com
Password: 
Password (again): 
Superuser created successfully.

0x6移动目录到/home/www/

[root@localhost webvirtmgr]# mkdir -p /home/www
[root@localhost webvirtmgr]# cp -R /usr/local/src/webvirtmgr /home/www/webvirtmgr
#设置权限
[root@localhost webvirtmgr]# chown -R nginx:nginx /home/www/webvirtmgr/
vi /etc/supervisord.d/webvirtmgr.ini
[program:webvirtmgr]
command=/usr/bin/python2 /home/www/webvirtmgr/manage.py run_gunicorn -c /home/www/webvirtmgr/conf/gunicorn.conf.py
directory=/home/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python2 /home/www/webvirtmgr/console/webvirtmgr-console
directory=/home/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx

0x7配置Nginx

[root@localhost webvirtmgr]# vi /etc/nginx/nginx.conf
#修改注释掉server内容
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

#    server {
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;

#        location / {
#        }

#        error_page 404 /404.html;
#           location = /40x.html {
#      }
#
#       error_page 500 502 503 504 /50x.html;
#          location = /50x.html {
#     }
# }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}
[root@localhost webvirtmgr]# vi /etc/nginx/conf.d/webvirtmgr.conf
#写入内容
server {
listen 80 default;
server_name $hostname;
root /home/www/webvirtmgr/webvirtmgr;

location /static/ {
root /home/www/webvirtmgr/webvirtmgr;
expires max;
}

location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
} 
}
#测试
[root@localhost webvirtmgr]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
#开机自启动
systemctl enable supervisord
systemctl enable nginx
#重启服务
systemctl restart supervisord
systemctl restart nginx

0x8 配置Supervisor

创建一个webvirtmgr.ini文件并保存退出
vi /etc/supervisord.d/webvirtmgr.ini
复制下面的代码

[program:webvirtmgr]
command=/usr/bin/python2 /home/www/webvirtmgr/manage.py run_gunicorn -c /home/www/webvirtmgr/conf/gunicorn.conf.py
directory=/home/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python2 /home/www/webvirtmgr/console/webvirtmgr-console
directory=/home/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
#启动服务
systemctl enable supervisord
systemctl restart supervisord
systemctl enable nginx
systemctl restart nginx

0x9 配置ssh

[root@localhost conf.d]# su -s /bin/bash nginx
bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BBDhBkTPmGeZdGARmZJuE+gjFzf/GxCmwkBtCfBKSPY nginx@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|+O*.@Xo          |
|*.*&=+o.         |
|o==EX= ..        |
|o+B+. o.         |
|oo.o   oS        |
|        o        |
|         o       |
|        .        |
|                 |
+----[SHA256]-----+
bash-4.2$ ssh-copy-id root@10.0.0.143
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.143 (10.0.0.143)' can't be established.
ECDSA key fingerprint is SHA256:N99fAx5OoDgmMhJEIaDDT4aPn4cusNFjs5xCmD9cDwc.
ECDSA key fingerprint is MD5:e3:d3:fc:9b:51:56:0d:20:5b:16:1e:1c:b4:38:a1:38.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.143's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.0.143'"
and check to make sure that only the key(s) you wanted were added.

0x10 打开浏览器输入IP显示登陆界面

001.png

登陆以后通过ssh服务连接KVM物理机

005.png

进入管理界面 创建虚拟机

001.png

通过模板创建

002.png

通过控制台web vnc连接虚拟机

003.png

监控虚拟机

004.png