Linux：KVM以及web管理界面（WebVirtMgr）的搭建以及使用

KVM以及web管理界面（WebVirtMgr）的搭建以及使用

VM介绍 全称是 Kernel-based Virtual Machine
qemu 是软件虚拟化，即使用软件完全模拟出一个具备 CPU、内存、硬盘等设备的服务器，KVM 是全虚拟化，Xen 是半虚拟化，KVM 在部分设备也支持半虚拟化。
KVM 是基于虚拟化扩展（Intel VT 或者 AMD-V）的 X86 硬件的开源的 Linux 原生的全虚拟化解决方案。
KVM 中，虚拟机被实现为常规的 Linux 进程，由标准 Linux 调度程序进行调度。
虚机的每个虚拟 CPU 被实现为一个常规的 Linux 进程。这使得 KMV 能够使用 Linux 内核的已有功能。
但是，KVM 本身不执行任何硬件模拟，需要客户空间程序通过 /dev/kvm 接口设置一个客户机虚拟服务器的地址空间，向它提供模拟的 I/O，并将它的视频显示映射回宿主的显示屏。目前这个应用程序是 QEMU。
从rhel6开始使用 直接把kvm的模块做成了内核的一部分。
XEN用在rhel6之前的企业版中 默认内核不支持，需要重新安装带xen功能的内核
KVM 针对运行在 x86 硬件上的、驻留在内核中的虚拟化基础结构。
KVM 是第一个成为原生 Linux 内核（2.6.20）的一部分的 hypervisor，它是由 Avi Kivity 开发和维护的，现在归 Red Hat 所有。
这个 hypervisor 提供 x86 虚拟化，同时拥有到 PowerPC® 和 IA64 的通道。
另外，KVM 最近还添加了对对称多处理（SMP）主机（和来宾）的支持，并且支持企业级特性，比如活动迁移（允许来宾操作系统在物理服务器之间迁移）。

【下面我们来部署KVM以及web管理界面】
环境准备：
192.168.186.200 KVM (3G内存，40G硬盘)
192.168.186.167 WebVirtMgr
[两台机器都要关闭防火墙，selinux，WebVirtMgr传公钥给KVM]

192.168.186.200:KVM
安装KVM需要虚拟机开启虚拟化的功能

检查你的系统是否满足以下要求:

#Linux 发行版本必须在64bit环境中才能使用KVM。
[root@KVM ~]# uname -a
Linux KVM 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
#检查CPU是否支持虚拟化功能（执行以下命令，有输出则说明支持）
[root@KVM ~]# cat /proc/cpuinfo | egrep 'vmx|svm'
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single ssbd ibrs ibpb stibp tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid mpx rdseed adx smap clflushopt xsaveopt xsavec arat spec_ctrl intel_stibp flush_l1d arch_capabilities
#需求内核(rhel6以上):
[root@KVM ~]# uname -r
3.10.0-1127.19.1.el7.x86_64

安装KVM及虚拟化软件qemu

[root@KVM ~]# yum install libvirt* virt-* qemu-kvm* -y
[root@KVM ~]# systemctl start libvirtd.service
[root@KVM ~]# virsh list --all
 Id    Name                           State
----------------------------------------------------
#现在还没有任何虚拟机。KVM已经部署完毕，可以用命令行进行使用，但是今天主要分享的是用web界面来管理。

192.168.186.167:部署WebVirtMgr
本次部署采用分离部署，机器不够的话也可以将web和KVM部署在同一台机器
安装所需软件和工具

[root@WebVirtMgr ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor nginx python-devel

从github上拉取webvirtmgr代码

[root@WebVirtMgr ~]# mkdir /webvirtmgr
[root@WebVirtMgr ~]# cd /webvirtmgr/
[root@WebVirtMgr webvirtmgr]# git clone git://github.com/retspen/webvirtmgr.git
Cloning into 'webvirtmgr'...
remote: Enumerating objects: 5614, done.
remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614
Receiving objects: 100% (5614/5614), 2.98 MiB | 12.00 KiB/s, done.
Resolving deltas: 100% (3602/3602), done.

安装WebVirtMgr

[root@WebVirtMgr webvirtmgr]# cd webvirtmgr/
[root@WebVirtMgr webvirtmgr]# pip install -i https://pypi.douban.com/simple -r requirements.txt
(就是安装一些需要的包和环境)-i指定下载源，不然会非常慢，就会超时失败。

账号初始化

[root@WebVirtMgr webvirtmgr]# python manage.py syncdb
WARNING:root:No local_settings file found.
Creating tables ...
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table auth_user_groups
Creating table auth_user_user_permissions
Creating table auth_user
Creating table django_content_type
Creating table django_session
Creating table django_site
Creating table servers_compute
Creating table instance_instance
Creating table create_flavor

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'root'): admin      #创建超级管理员，如果不输入默认就是root      
Email address: [email protected]
Password:             #设置密码
Password (again):
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 6 object(s) from 1 fixture(s)

给KVM的机器传公钥

[root@WebVirtMgr webvirtmgr]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:4fIxaOJsUPl6V8cbfyq2yr8viQ5pCzu8MMot0x+gP/E root@slaver_7
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|     .           |
|    o   .        |
|   . . o . .     |
|  . o = S . +    |
|   =.= o = . +   |
|  ..B++ *  .... .|
| .o=o+E* +. =  o |
|  oooo+o..+++*o  |
+----[SHA256]-----+

[root@WebVirtMgr webvirtmgr]# ssh-copy-id -i 192.168.186.200
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.186.200 (192.168.186.200)' can't be established.
ECDSA key fingerprint is SHA256:7PbHh0Trw/nRBsJVbUhz22O1dIhmdZuTd9gr1NX+h2g.
ECDSA key fingerprint is MD5:89:7e:25:e3:a9:49:a9:43:1d:66:e8:16:35:9e:7d:d2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.186.200'"
and check to make sure that only the key(s) you wanted were added.

将网页内容放到nginx网站目录下

[root@WebVirtMgr webvirtmgr]# rm -rf /usr/share/nginx/html/*
[root@WebVirtMgr webvirtmgr]# cp -r /webvirtmgr/webvirtmgr/ /usr/share/nginx/html/
[root@WebVirtMgr webvirtmgr]# chown -R nginx.nginx /usr/share/nginx/html/webvirtmgr/

配置nginx

[root@sWebVirtMgr html]# vim /etc/nginx/nginx.conf
...
server {
    
    
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html/;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        location /static/ {
    
    
                root /usr/share/nginx/html/webvirtmgr/webvirtmgr;
                expires max;
}

        location / {
    
    
               proxy_pass http://127.0.0.1:8000;
               proxy_set_header X-Real-IP $remote_addr;
               proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
               proxy_set_header Host $host:$server_port;
               proxy_set_header X-Forwarded-Proto $remote_addr;
               proxy_connect_timeout 600;
               proxy_read_timeout 600;
               proxy_send_timeout 600;
               client_max_body_size 1024M;
         }
.....
主要是修改上面的内容

确保bind绑定的是本机的8000端口

[root@WebVirtMgr html]# vim /usr/share/nginx/html/webvirtmgr/conf/gunicorn.conf.py
...
bind = '0.0.0.0:8000'

设置supervisor

#在配置文件最后加入以下行
[root@WebVirtMgr html]# vim /etc/supervisord.conf
[include]
files = supervisord.d/*.ini
[program:webvirtmgr]
command=/usr/bin/python2 /usr/share/nginx/html/webvirtmgr/manage.py run_gunicorn -c /usr/share/nginx/html/webvirtmgr/conf/gunicorn.conf.py   //启动8000端口
directory=/usr/share/nginx/html/webvirtmgr/
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python2 /usr/share/nginx/html/webvirtmgr/console/webvirtmgr-console //启动6080端口（这是控制台vnc端口）
directory=/usr/share/nginx/html/webvirtmgr/
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx

开启服务

[root@WebVirtMgr html]# systemctl start nginx
[root@WebVirtMgr html]# systemctl start supervisord.service
[root@WebVirtMgr html]# systemctl enable supervisord.service
[root@WebVirtMgr html]# systemctl enable nginx
[root@WebVirtMgr  html]# ss -antlp
State      Recv-Q Send-Q                          Local Address:Port                                         Peer Address:Port
LISTEN     0      128                                         *:80                                                      *:*                   users:(("nginx",pid=32059,fd=6),("nginx",pid=32058,fd=6))
LISTEN     0      128                                         *:22                                                      *:*                   users:(("sshd",pid=865,fd=3))
LISTEN     0      100                                 127.0.0.1:25                                                      *:*                   users:(("master",pid=954,fd=13))
LISTEN     0      128                                 127.0.0.1:8000                                                    *:*                   users:(("python2",pid=30388,fd=5),("python2",pid=30387,fd=5),("python2",pid=30386,fd=5),("python2",pid=30380,fd=5))
LISTEN     0      100                                         *:6080                                                    *:*                   users:(("python2",pid=30379,fd=3))
LISTEN     0      128                                        :::80                                                     :::*                   users:(("nginx",pid=32059,fd=7),("nginx",pid=32058,fd=7))
LISTEN     0      128                                        :::22                                                     :::*                   users:(("sshd",pid=865,fd=4))
LISTEN     0      100                                       ::1:25                                                     :::*                   users:(("master",pid=954,fd=14))

配置nginx用户

[root@WebVirtMgr webvirtmgr]# su - nginx -s /bin/bash
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nginx/.ssh/id_rsa):
Created directory '/var/lib/nginx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nginx/.ssh/id_rsa.
Your public key has been saved in /var/lib/nginx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BNwh4x7WjHw14vWH3WE7vq4wSAaMk/aUTUgj1lKdcRk nginx@slaver_7
The key's randomart image is:
+---[RSA 2048]----+
|     +B==+*Eo  o |
|    .+*@**.+ o..o|
|     =B=*.  o oo.|
|    .o++.    .. .|
|      ..So     . |
|        o .     .|
|         . o   . |
|            o .  |
|             ... |
+----[SHA256]-----+
-bash-4.2$
-bash-4.2$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
-bash-4.2$ chmod 0600 ~/.ssh/config
-bash-4.2$ ssh-copy-id [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/var/lib/nginx/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.186.200' (ECDSA) to the list of known hosts.
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

-bash-4.2$ exit
logout

在KVM端配置ssh

[root@KVM images]# vim /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[Remote libvirt SSH access]
Identity=unix-user:root
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
[root@KVM images]# chown -R root.root /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[root@KVM images]# systemctl restart libvirtd

此时访问192.168.186.167即可看到登录页面，输入创建超级用户时的用户名和密码即可登录。

WebVirtMgr的基本使用

添加需要管理的主机


添加成功后如下：

现在我们在这里创建一台KVM

1、添加存放镜像的存储池


在200的机器创建对应的目录，并上传相应的镜像

[root@KVM images]# cd /iso/
[root@KVM iso]# ls
CentOS-7-x86_64-Minimal-1708.iso  CentOS-7-x86_64-Minimal-2003.iso
注意：这个目录和镜像的权限都要是777

2、创建KVM的磁盘存储池


3、为kvm准备磁盘文件



4、创建KVM




5、开启虚拟机并安装

（就是要显示已断开才能进行安装）



（安装系统的步骤就不赘述了。）
在web界面操作后，在终端用命令也能同样管理KVM。
实验完成！