CentOS 7 安裝KVM和WebVirtMgr管理面板

配置靜態IP

此處使用VMware 模擬服務器環境，爲防止IP在啓動時動態分配，須要手動配置靜態IP，若是是物理服務器可直接跳過

編輯虛擬機網絡

編輯 -> 虛擬網絡編輯器

更改

取消勾選此項

進入NAT設置記錄默認網關和子網掩碼

進入虛擬機

設置虛擬機IP

查看虛擬機網卡，lo爲本地迴環口，實際網卡爲ens33

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:02:fe:c5 brd ff:ff:ff:ff:ff:ff
...
複製代碼

編輯網卡配置

$ vi /etc/sysconfig/network-scripts/ifcfg-ens33
複製代碼

加入靜態配置

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=a63224f4-f210-4d84-933d-c4f0ccd68f7a
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.133.128
NETMASK=255.255.255.0
GATEWAY=192.168.133.2
ZONE=public
複製代碼

解釋

ONBOOT：開機啓動

BOOTPROTO：網絡分配方式，靜態

IPPADDR：手動指定ip地址

NETMASK：子網掩碼

GATEWAY：網關ip

DNS配置

$ vi /etc/resolv.conf
複製代碼

加入DNS配置

nameserver=192.168.133.2
nameserver 8.8.8.8
nameserver 114.114.114.114
search localdomain
複製代碼

此處僅加入第一個也能夠正常使用，但沒法ping通域名

修改主機名

沒有需求此步驟能夠跳過

$ vi /etc/sysconfig/network
複製代碼

加入配置

# Created by anaconda
NETWORKING=yes
HOSTNAME=localhost
複製代碼

重啓網卡

$ systemctl restart network
複製代碼

查看網絡信息

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:02:fe:c5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.133.128/24 brd 192.168.133.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe02:fec5/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
複製代碼

靜態IP配置完成

安裝KVM

此處部分參考GitHub的安裝指引，官方wiki也有相關的指南，不過更加複雜

GitHub安裝指引

官方wiki

檢測是否支持KVM

$ cat /proc/cpuinfo | egrep 'vmx|svm'
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ssbd ibrs ibpb stibp tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid mpx rdseed adx smap clflushopt xsaveopt xsavec arat spec_ctrl intel_stibp flush_l1d arch_capabilities
複製代碼

關閉SELinux，將 /etc/sysconfig/selinux 中的 SELinux=enforcing 修改成 SELinux=disabled

$ vi /etc/sysconfig/selinux
複製代碼

安裝 KVM 環境

經過 yum 安裝 kvm 基礎包和管理工具

kvm相關安裝包及其做用:

• qemu-kvm 主要的KVM程序包
• python-virtinst 建立虛擬機所須要的命令行工具和程序庫
• virt-manager GUI虛擬機管理工具
• virt-top 虛擬機統計命令
• virt-viewer GUI鏈接程序，鏈接到已配置好的虛擬機
• libvirt C語言工具包，提供libvirt服務
• libvirt-client 爲虛擬客戶機提供的C語言工具包
• virt-install 基於libvirt服務的虛擬機建立命令
• bridge-utils 建立和管理橋接設備的工具

$ yum -y install qemu-kvm python-virtinst libvirt libvirt-python virt-manager libguestfs-tools bridge-utils virt-install
複製代碼

重啓宿主機，以便加載 kvm 模塊

$ reboot
複製代碼

查看KVM模塊是否被正確加載

$ lsmod | grep kvm
kvm_intel             183621  0
kvm                   586948  1 kvm_intel
irqbypass              13503  1 kvm
複製代碼

配置libvirt以啓用TCP服務

LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf
LIBVIRTD_ARGS="--listen"
複製代碼

同時修改/etc/libvirt/libvirtd.conf配置

...
listen_tls = 0
listen_tcp = 1
tcp_port = "16509"
listen_addr = "0.0.0.0"
auth_tcp = "none"
...
複製代碼

開啓kvm服務，而且設置其開機自動啓動

$ systemctl start libvirtd
$ systemctl enable libvirtd
複製代碼

查看狀態操做結果，如Active: active (running)，說明運行狀況良好

$ systemctl status libvirtd
● libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
   Active: active (running) since 日 2019-08-11 16:09:20 CST; 30min ago
     Docs: man:libvirtd(8)
           https://libvirt.org
 Main PID: 107953 (libvirtd)
    Tasks: 19 (limit: 32768)
   CGroup: /system.slice/libvirtd.service
           ├─105030 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
           ├─105031 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
           └─107953 /usr/sbin/libvirtd --listen
複製代碼

$ systemctl is-enabled libvirtd
enabled
複製代碼

安裝WebVirtMgr管理面板

官方指南

更新源

$ yum install -y epel-release
$ yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
複製代碼

安裝依賴

$ yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx
$ yum -y install gcc python-devel
$ pip install numpy
複製代碼

拉取源碼安裝

拉取源碼和安裝環境

$ git clone git://github.com/retspen/webvirtmgr.git
$ cd webvirtmgr
$ sudo pip install -r requirements.txt
複製代碼

執行安裝文件並按照提示設置管理員帳號密碼

$ ./manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Please enter either "yes" or "no": yes
Username (leave blank to use 'root'): root
Email address: 123@abc.com
Password:
Password (again):
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
複製代碼

發佈到Nginx

拷貝文件到nginx web目錄

$ cd .. && cp -r webvirtmgr/ /var/www/webvirtmgr/
複製代碼

建立配置文件

$ vi /etc/nginx/conf.d/webvirtmgr.conf
複製代碼

內容爲

server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log; 

    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr; # or /srv instead of /var
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M; # Set higher depending on your needs 
    }
}
複製代碼

拷貝一份副本並配置nginx.conf

$ mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
複製代碼

寫入配置

#user nobody;
worker_processes  1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    include /etc/nginx/conf.d/*.conf;

    sendfile        on;

    keepalive_timeout  65;

    server {
        listen       80;
        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}
複製代碼

重啓nginx

$ systemctl restart nginx.service
複製代碼

配置用戶組和權限

$ chown -R nginx:nginx /var/www/webvirtmgr
複製代碼

可能出現的報錯——Address already in use

重啓nginx服務出現錯誤，查看狀態以下

$ systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 日 2019-08-11 12:52:42 CST; 2s ago
  Process: 26188 ExecStart=/usr/sbin/nginx (code=exited, status=1/FAILURE)
  Process: 26185 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 26183 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

8月 11 12:52:40 localhost.localdomain nginx[26188]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
8月 11 12:52:40 localhost.localdomain nginx[26188]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
8月 11 12:52:41 localhost.localdomain nginx[26188]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
8月 11 12:52:41 localhost.localdomain nginx[26188]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
8月 11 12:52:42 localhost.localdomain nginx[26188]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
8月 11 12:52:42 localhost.localdomain nginx[26188]: nginx: [emerg] still could not bind()
8月 11 12:52:42 localhost.localdomain systemd[1]: nginx.service: control process exited, code=exited status=1
8月 11 12:52:42 localhost.localdomain systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
8月 11 12:52:42 localhost.localdomain systemd[1]: Unit nginx.service entered failed state.
8月 11 12:52:42 localhost.localdomain systemd[1]: nginx.service failed.
複製代碼

解決方法：殺掉佔用80端口的進程（無論是否是nginx佔用的）

推薦使用fuser命令快速殺掉佔用端口的進程，CentOS可經過如下命令安裝

$ yum install -y psmisc
複製代碼

殺掉佔用端口的進程

$ fuser -k 80/tcp
80/tcp:              18869 18870 18871 18872 18873
複製代碼

再次重啓便可

$ service nginx restart
Redirecting to /bin/systemctl restart nginx.service
複製代碼

更新SELinux策略

$ /usr/sbin/setsebool httpd_can_network_connect true
複製代碼

$ chkconfig supervisord on
注意：正在將請求轉發到「systemctl enable supervisord.service」。
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
複製代碼

配置Supervisor

建立文件/etc/supervisord.d/webvirtmgr.ini

$ /etc/supervisord.d/webvirtmgr.ini
複製代碼

加入配置

[program:webvirtmgr]
command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
複製代碼

啓動supervisor守護線程

$ systemctl start supervisord.service
複製代碼

配置開啓啓動

$ systemctl enable supervisord.service
複製代碼

檢查

查看端口占用，若80、8000、6080已經監聽則正常

$ netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      102045/nginx: maste
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      9243/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      9543/master
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      16011/sshd: root@pt
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      102430/python
tcp        0      0 0.0.0.0:6080            0.0.0.0:*               LISTEN      102429/python
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd
tcp6       0      0 :::22                   :::*                    LISTEN      9243/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      9543/master
tcp6       0      0 ::1:6010                :::*                    LISTEN      16011/sshd: root@pt
複製代碼

開放防火牆

$ firewall-cmd --zone=public --add-port=80/tcp --permanent
$ firewall-cmd --reload
複製代碼

訪問web界面

訪問虛擬機地址http://192.168.133.128/login/ 可見啓動成功

TCP方式鏈接宿主機

鏈接成功