本文详细记录了在Centos7环境中部署KVM虚拟化平台,配置网络、防火墙和SELinux,以及安装并配置Webvirtmgr进行Web界面管理的步骤。包括验证CPU支持、安装依赖、创建虚拟机实例等关键操作。
部署环境说明
| 系统 | IP地址 | 网络模式 | 主机名 |
|---|---|---|---|
| Centos 7 | 192.168.10.10 | NAT | kvm |
| Centos 7 | 192.168.10.11 | NAT | seb |
kvm部署
在vmware的kvm主机上打开虚拟机设置开启虚拟化
配置网络,关闭防火墙
[root@kvm ~]# cd /etc/sysconfig/network-scripts/
[root@kvm network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@kvm network-scripts]# vim ifcfg-br0
[root@kvm ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
NM_CONTROLLED=no
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.10.10
NETMASK=255.255.255.0
GATEWAY=192.168.10.2
DNS1=114.114.114.114
[root@kvm ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no
[root@kvm network-scripts]# systemctl restart networ
[root@kvm ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@kvm ~]# setenforce 0
[root@kvm ~]# vim /etc/selinux/config
SELINUX=disabled
[root@kvm ~]# reboot
安装工具与依赖包,验证CPU是否支持KVM并且安装KVM所需
[root@kvm ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
[root@kvm ~]# egrep -o 'vmx|svm' /proc/cpuinfo
vmx
vmx
vmx
vmx
[root@kvm ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
启动服务
[root@kvm ~]# systemctl enable --now libvirtd
[root@kvm ~]# systemctl status libvirtd
● libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-06-21 04:42:13 EDT; 5s ago
Docs: man:libvirtd(8)
https://libvirt.org
Main PID: 2760 (libvirtd)
Tasks: 19 (limit: 32768)
CGroup: /system.slice/libvirtd.service
├─2760 /usr/sbin/libvirtd
├─2880 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
└─2881 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
Jun 21 04:42:14 kvm.localdomain dnsmasq[2877]: listening on virbr0(#4): 192.168.10.10
Jun 21 04:42:14 kvm.localdomain dnsmasq[2880]: started, version 2.76 cachesize 150
Jun 21 04:42:14 kvm.localdomain dnsmasq[2880]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth nettl...t inotify
Jun 21 04:42:14 kvm.localdomain dnsmasq-dhcp[2880]: DHCP, IP range 192.168.10.2 -- 192.168.10.254, lease time 1h
Jun 21 04:42:14 kvm.localdomain dnsmasq-dhcp[2880]: DHCP, sockets bound exclusively to interface virbr0
Jun 21 04:42:14 kvm.localdomain dnsmasq[2880]: reading /etc/resolv.conf
Jun 21 04:42:14 kvm.localdomain dnsmasq[2880]: using nameserver 114.114.114.114#53
Jun 21 04:42:14 kvm.localdomain dnsmasq[2880]: read /etc/hosts - 2 addresses
Jun 21 04:42:14 kvm.localdomain dnsmasq[2880]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Jun 21 04:42:14 kvm.localdomain dnsmasq-dhcp[2880]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Hint: Some lines were ellipsized, use -l to show in full.
验证结果
[root@kvm ~]# lsmod|grep kvm
kvm_intel 177644 0
kvm 621890 1 kvm_intel
irqbypass 13603 1 kvm
[root@kvm ~]# virsh -c qemu:///system list
Id Name State
----------------------------------------------------
[root@kvm ~]# virsh --version
4.5.0
[root@kvm ~]# virt-install --version
1.5.0
[root@kvm ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@kvm ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx 1 root root 21 Jun 21 04:54 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
查看网桥信息
[root@kvm ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c297b512e no ens33
virbr0 8000.5254009b92d8 yes virbr0-nic
KVM WEB界面安装
安装依赖包
[root@web ~]# yum -y install epel-release
[root@web ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
从github上下载webvirtmgr代码,安装webvirtmgr
[root@web ~]# git clone git://github.com/retspen/webvirtmgr.git
Cloning into 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
Receiving objects: 100% (5614/5614), 2.97 MiB | 650.00 KiB/s, done.
Resolving deltas: 100% (3606/3606), done.
[root@web ~]# ls
anaconda-ks.cfg webvirtmgr
[root@web ~]# cd webvirtmgr/
[root@web webvirtmgr]# pip install -r requirements.txt
检查sqlite3是否安装
[root@web webvirtmgr]# python
Python 2.7.5 (default, Aug 7 2019, 00:51:29)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3 #只出现这个没有出现别的证明就是安装好了
>>> exit()
初始化账号信息
[root@web webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes #是否创建超级管理员账号
Username (leave blank to use 'root'): #用户名,默认回车为root
Email address: #邮箱
Password: #密码
Password (again): #再次输入密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
将网站移动到对应的目录,设置属组、属主
[root@web webvirtmgr]# mkdir -p /var/www
[root@web webvirtmgr]# cp -r /root/webvirtmgr/ /var/www/
[root@web webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/
免密登录
[root@web webvirtmgr]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ACPBojL6JBp8TXoCM24prkYxLzsP5NnMBk2/asVBGCN root@web
The key's randomart image is:
+---[RSA 2048]----+
| . ooo. |
| . E .o. |
| o.. ... |
| oo.+=. . |
|.o=o*+* S |
|++O*.X. |
|.*=O*. |
|.+ooo |
|..=o |
+----[SHA256]-----+
[root@web webvirtmgr]# ssh-copy-id root@192.168.10.10
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established.
ECDSA key fingerprint is SHA256:qScIS0D/MHXJczgQLJo7DCUkeuEpYBKCPV0DtR3rNCA.
ECDSA key fingerprint is MD5:cf:52:9c:f5:74:1f:54:25:52:a9:ce:50:47:33:16:ad.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.10's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.10.10'"
and check to make sure that only the key(s) you wanted were added.
[root@web webvirtmgr]# ssh 192.168.10.10
Last login: Sun Jun 21 04:56:00 2021 from 192.168.10.1
配置nginx
[root@web ~]# cd /etc/nginx/
[root@web nginx]# mv nginx.conf nginx.conf-bak
[root@web nginx]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
[root@web nginx]# vi /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
修改bind绑定为本机的8000端口,修改supervisord.conf文件
[root@web nginx]# vi /var/www/webvirtmgr/conf/gunicorn.conf.py
bind = '0.0.0.0:8000'
backlog = 2048
[root@web nginx]# cat >> /etc/supervisord.conf <<EOF
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
EOF
启动supervisord
[root@web nginx]# systemctl enable --now supervisord
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
[root@web nginx]# systemctl restart nginx
[root@web nginx]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 100 *:6080 *:*
LISTEN 0 128 *:8000 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:22
配置nginx账户,做免密登录
[root@web nginx]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Dw5K4lBt2Bp8TXoCM24pp5iWbHmUFfDNhQVSXU4Xm+Q nginx@web
The key's randomart image is:
+---[RSA 2048]----+
| ... oo.=+o+OO|
| + o o * .o==*|
| o + . . + o.E+|
| . . . = . |
|. . . . S. B o |
| o o . o oO o |
| . . .o.. |
| |
| |
+----[SHA256]-----+
-bash-4.2$ ssh-copy-id root@192.168.10.10
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established.
ECDSA key fingerprint is SHA256:qScIS0D/MHXJczgQLJo7DCUkeuEpYBKCPV0DtR3rNCA.
ECDSA key fingerprint is MD5:cf:52:9c:f5:74:1f:54:25:52:a9:ce:50:47:33:16:ad.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.10's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.10.10'"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
logout
[root@web nginx]# vi /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@web nginx]# systemctl restart nginx
[root@kvm ~]# systemctl restart libvirtd
关闭防火墙和selinux
[root@web nginx]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@web nginx]# setenforce 0
[root@web nginx]# vim /etc/selinux/config
SELINUX=disabled
WEB界面配置
登录
点击add connection 新建连接
这里填入kvm主机的IP地址
点击New Storage新建存储
点击添加镜像
点击New Network
点击New Instance
点击Custom Instance
设置CPU、内存、磁盘镜像、网络池
点击设置
启动
扫一扫
507
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
