标签:roo ebs += 管理员密码 处理 nts tom load efault
3.1 kvm安装
[root@mp ~]# systemctl stop firewalld
[root@mp ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@mp ~]# setenforce 0
[root@mp ~]# sed -ri ‘s/^(SELINUX=).*/\1disabled/g‘ /etc/selinux/config
//配置网络源
[root@mp yum.repos.d]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@mp ~]# sed -i ‘s/\$releasever/7/g‘ /etc/yum.repos.d/CentOS7-Base-163.repo
[root@mp ~]# sed -i ‘s/^enabled=.*/enabled=1/g‘ /etc/yum.repos.d/CentOS7-Base-163.repo
[root@mp ~]# yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++
//验证CPU是否支持KVM;如果结果中有vmx(Intel)或svm(AMD)字样,就说明CPU的支持的
[root@mp ~]# egrep -o ‘vmx|svm‘ /proc/cpuinfo
vmx
vmx
vmx
vmx
//kvm安装
[root@mp ~]# yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools
[root@mp ~]# systemctl restart network
[root@mp ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 00:0c:29:93:a6:6c brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe93:a66c/64 scope link
valid_lft forever preferred_lft forever
3: ens35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:93:a6:76 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:0c:29:93:a6:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.157.99/24 brd 192.168.157.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe93:a66c/64 scope link
valid_lft forever preferred_lft forever
//启动服务
[root@mp ~]# systemctl start libvirtd
[root@mp ~]# systemctl enable libvirtd
//验证安装结果
[root@mp ~]# lsmod|grep kvm
kvm_intel 170086 0
kvm 566340 1 kvm_intel
irqbypass 13503 1 kvm
//测试并验证安[root@mp ~]# virsh -c qemu:///system list
Id 名称 状态
----------------------------------------------------
[root@mp ~]# virsh --version
4.5.0
[root@mp ~]# virt-install --version
1.5.0
[root@mp ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
[root@mp ~]# ll /usr/bin/qemu-kvm
lrwxrwxrwx. 1 root root 21 3月 14 14:17 /usr/bin/qemu-kvm -> /usr/libexec/qemu-kvm
[root@mp ~]# lsmod |grep kvm
kvm_intel 170086 0
kvm 566340 1 kvm_intel
irqbypass 13503 1 kvm
//查看网桥信息
[root@mp ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c2993a66c no ens32
virbr0 8000.5254009df26a yes virbr0-nic
3.2 kvm web管理界面安装
[root@mp ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel
//升级pip
[root@mp ~]# pip install --upgrade pip
//从github上下载webvirtmgr代码
[root@mp ~]# cd /usr/local/src/
[root@mp src]# git clone git://github.com/retspen/webvirtmgr.git
正克隆到 ‘webvirtmgr‘...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 561
接收对象中: 100% (5614/5614), 2.98 MiB | 1011.00 KiB/s, done.
处理 delta 中: 100% (3602/3602), done.
//安装webvirtmgr
[root@mp src]# cd webvirtmgr/
[root@mp webvirtmgr]# pip install -r requirements.txt
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won‘t be maintained after that date. A future version of pip will drop support for Python 2.7.
//检查sqlite3是否安装
[root@mp webvirtmgr]# python
Python 2.7.5 (default, Oct 30 2018, 23:45:53)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sqlite3
>>> exit()
//初始化帐号信息
[root@kvm webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor
You just installed Django‘s auth system, which means you don‘t have any superusers defined.
Would you like to create one now? (yes/no): yes //问你是否创建超级管理员帐号
Username (leave blank to use ‘root‘): //指定超级管理员帐号用户名,默认留空为root
Email address: bebejo@126.com //设置超级管理员邮箱
Password:1 //设置超级管理员密码
Password (again):1 //再次输入超级管理员密码
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)
//拷贝web网页至指定目录
[root@mp webvirtmgr]# mkdir /var/www
[root@mp webvirtmgr]# cp -r /usr/local/src/webvirtmgr/ /var/www/
[root@mp webvirtmgr]# chown -R nginx.nginx /var/www/webvirtmgr/
//生成密钥
//全部保持默认,回车即可
[root@mp ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3/LDSmdcrWbrJxAXtt9HJD13UKlz4lTbYrCqzUNVkWQ root@mp
The key‘s randomart image is:
+---[RSA 2048]----+
| .E*o|
| ..*+=|
| =o=*|
| +==+o|
| S oo+=+o|
| .oo.o .+|
| =+.=.+ .|
| ..+=oo...|
| .o.ooo |
+----[SHA256]-----+
//由于这里webvirtmgr和kvm服务部署在同一台机器,所以这里本地信任。如果kvm部署在其他机器,那么这个是它的ip
[root@mp ~]# ssh-copy-id 192.168.157.99
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host ‘192.168.157.99 (192.168.157.99)‘ can‘t be established.
ECDSA key fingerprint is SHA256:I20VCudXLSb+D75FPy0SjjexuAhmPkhN8hO4DZFjaT8.
ECDSA key fingerprint is MD5:f2:04:78:0f:b3:30:ae:12:66:05:85:97:e6:ab:80:15.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.157.99‘s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh ‘192.168.157.99‘"
and check to make sure that only the key(s) you wanted were added.
//端口转发
[root@mp ~]# ssh 192.168.157.99 -L localhost:8000:localhost:8000 -L localhost:6080:localhost:60
Last login: Fri Mar 15 02:23:10 2019 from 192.168.157.1
[root@mp ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
//配置nginx
[root@mp ~]# vim /etc/nginx/nginx.conf
[root@kvm ~]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
[root@mp ~]# vim /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M;
}
}
//确保bind绑定的是本机的8000端口
[root@mp ~]# vim /var/www/webvirtmgr/conf/gunicorn.conf.py
bind = ‘0.0.0.0:8000‘ //确保此处绑定的是本机的8000端口,这个在nginx配置中定义了,被代理的端口
backlog = 2048
//重启nginx
[root@mp ~]# systemctl start nginx
[root@mp ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
//设置supervisor
[root@mp ~]# vim /etc/supervisord.conf
//在文件最后加上以下内容
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx
[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx
//启动supervisor并设置开机自动启动
[root@mp ~]# systemctl start supervisord
[root@mp ~]# systemctl enable supervisord
Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
[root@mp ~]# systemctl status supervisord
● supervisord.service - Process Monitoring and Control Daemon
Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2019-03-15 03:06:19 CST; 20s ago
Main PID: 3326 (supervisord)
CGroup: /system.slice/supervisord.service
└─3326 /usr/bin/python /usr/bin/supervisord -c /etc/supervisor...
3月 15 03:06:18 mp systemd[1]: Starting Process Monitoring and Control.....
3月 15 03:06:19 mp systemd[1]: Started Process Monitoring and Control ...n.
Hint: Some lines were ellipsized, use -l to show in full.
[root@mp ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6080 *:*
LISTEN 0 128 127.0.0.1:8000 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6080 :::*
LISTEN 0 128 ::1:8000 :::*
//配置nginx用户
//未创建nginx用户,所以用su命令赋予它交互式登录的权限
[root@mp ~]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
//全部保持默认,回车即可,密码除外。
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory ‘/var/lib/nginx/.ssh‘.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:86tvVfX2z7hqCHz/rqVUKMQPReWO26hNWlpZaZOTOgg nginx@mp
The key‘s randomart image is:
+---[RSA 2048]----+
| .o.. |
| . . . .|
| + ...|
| . o +.+o|
| .E . +.@..|
| o+.o.X o.|
| oo+@ oo.|
| o@o+. o|
| .+*.==+. |
+----[SHA256]-----+
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id root@192.168.157.99
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added ‘192.168.157.99‘ (ECDSA) to the list of known hosts.
root@192.168.157.99‘s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh ‘root@192.168.157.99‘"
and check to make sure that only the key(s) you wanted were added.
-bash-4.2$ exit
登出
[root@mp ~]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@mp ~]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@mp ~]# systemctl restart nginx
[root@mp ~]# systemctl restart libvirtd
标签:roo ebs += 管理员密码 处理 nts tom load efault
原文地址:https://www.cnblogs.com/wanglinyan/p/12828642.html
