标签：log CentOS etc kvm webvirtmgr nginx server root WebVirtMgr

安装工具

环境：centos7

搭建：nginx Supervisor libvirtd WebVirtMgr

说明：纯环境可以直接按照步骤走

 

 

安装以下工具

 

关闭防火墙与selinux

systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config

 

 

 

配置网络源

curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
yum -y install epel-release vim wget net-tools unzip zip gcc gcc-c++

 

 

 

kvm安装

yum -y install qemu-kvm qemu-kvm-tools qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils libguestfs-tools

 

 

 

安装 WebVirtMgr

GITHUB 下载地址：github.com/retspen/webvirtmgr.git   （如：git 下载速度慢可以上github上传至服务器即可）

 

在 /var/www/目录下 安装 WebVirtMgr

git clone git://github.com/retspen/webvirtmgr.git
cd webvirtmgr
pip install -r requirements.txt

 

配置 Django 环境

./manage.py syncdb
./manage.py collectstatic
./manage.py createsuperuser

 

 

配置 Nginx

• yum安装nginx

yum install -y nginx

 

• 在 /etc/nginx/conf.d/ 目录下添加 webvirtmgr.conf

vi  /etc/nginx/conf.d /webvirtmgr.conf

server {
    listen 80 default_server;

    server_name $hostname;
    #access_log /var/log/nginx/webvirtmgr_access_log; 

    location /static/ {
        root /var/www/webvirtmgr/webvirtmgr; # or /srv instead of /var
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M; # Set higher depending on your needs 
    }
}

 

 

• 修改默认配置 /etc/nginx/nginx.conf

vi /etc/nginx/nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user root; # 如果不是公有云，将 user 改为 root，否则需要花费大量时间解决权限问题。
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

# 注释掉该文件中的所有 server 配置，注意不要误将最后一个 } 注释掉了
#    server {
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

 

 

• 重启 Nginx 并设置开启启动: systemctl restart nginx && systemctl enable nginx

• 修改 SElinux policy: /usr/sbin/setsebool httpd_can_network_connect true

 

 

 

配置 Supervisor

安装Supervisor

wget --no-check-certificate https://bootstrap.pypa.io/ez_setup.py -O - | sudo python
easy_install supervisor

• 将 /var/www/webvirtmgr 拥有者指定为 root: chown -R root:root /var/www/webvirtmgr

[root@localhost www]# ls -l
total 4
drwxr-xr-x 21 root root 4096 Jul 18 07:01 webvirtmgr

将 user 指为 root 是为了方便权限设置，否则需要花费大量时间调试权限带来的问题，公有云不要讲 user 指为 root，否则会带来安全风险。

 

 

• 添加文件 /etc/supervisord.d/webvirtmgr.ini

vi /etc/supervisord.d/webvirtmgr.ini

[program:webvirtmgr]
command=/usr/bin/python /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=root

[program:webvirtmgr-console]
command=/usr/bin/python /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=root

 

 

• 在防火墙上开启 80（Web 访问端口） 和 6080（控制台 vnc 端口）

firewall-cmd --zone=public --add-port=80/tcp --permanent 
firewall-cmd --zone=public --add-port=6080/tcp --permanent 
firewall-cmd --reload

[root@localhost www]# firewall-cmd --zone=public --list-ports
80/tcp 6080/tcp

• 重启 supervisor 并设置开机启动: systemctl restart supervisord && systemctl enbale supervisord

 

 

配置 SSH Authorization

• 登录 root 账号: su root

• 生成 SSL key: ssh-keygen

• 修改 SSH 配置文件

touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
chmod 0600 ~/.ssh/config

• 从 WebVirtMgr 服务器上复制 public key 到 KVM 服务器上，如果装在同一台设备上，就写设备自己的 IP 地址: ssh-copy-id -P 22 root@kvm-host

• 添加文件 /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla

[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

• 重启 libvirtd: systemctl restart libvirtd

        安装已经完成啦！！              

标签：log,CentOS,etc,kvm,webvirtmgr,nginx,server,root,WebVirtMgr
来源： https://www.cnblogs.com/daiorz/p/12093743.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。