WebVirtMgr

KVM-WebVirtMgr


System Optimization(Only CentOS6.X)

Run

# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# LANG=en
# for root in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $root off;done
# for root in crond network rsyslog sshd;do chkconfig --level 3 $root on;done
# chkconfig --list|grep 3:on

Install WebVirtMgr

1. Installation

CentOS/RHEL 6.x

Run:

# yum -y install epel-release
# yum -y install vim wget ftp git python-pip libvirt-python libxml2-python python-websockify supervisor nginx

CentOS 7.x

Run:

# yum -y install epel-release
# yum -y install vim wget ftp git python-pip libvirt-python libxml2-python python-websockify supervisor nginx  
# yum -y install gcc python-devel
# pip install numpy

2. Install python requirements and setup Django environment

Run:

# git clone git://github.com/retspen/webvirtmgr.git
# cd webvirtmgr
# pip install -r requirements.txt
# ./manage.py syncdb          //Configuration database
# ./manage.py collectstatic   //Add Database administrator for webvirtmagr, no System administrator!

Enter the user information:

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes (Put: yes)
Username (Leave blank to use 'admin'): admin (Put: your username or login)
E-mail address: username@domain.local (Put: your email)
Password: xxxxxx (Put: your password)
Password (again): xxxxxx (Put: confirm password)
Superuser created successfully.

Adding additional superusers

Run:

# ./manage.py createsuperuser     //Create an Account, Account Login and Password Information

3. Setup Nginx

Warning: Usually WebVirtMgr is only available from localhost on port 8000. This step will make WebVirtMgr available to everybody on port 80. The webinterface is also unprotected (no https), which means that everybody in between you and the server (people on the same wifi, your local router, your provider, the servers provider, backbones etc.) can see your login credentials in clear text!

Instead you can also skip this step completely + uninstall nginx. By simply redirecting port 8000 to your local machine via SSH. This is much safer because WebVirtMgr is not available to the public any more and you can only access it over an encrypted connection.

Example:

# ssh user@server:port -L localhost:8000:localhost:8000 -L localhost:6080:localhost:6080

You should be able to access WebVirtMgr by typing localhost:8000 in your browser after completing the install. Port 6080 is forwarded to make noVNC work.

If you really know what you are doing, feel free to ignore the warning and continue setting up the redirect with nginx:

# cd ..  
# mkdir -p /data/www
# mv webvirtmgr /data/www/

Add file webvirtmgr.conf in /etc/nginx/conf.d

server {
    listen 80 default_server;

    server_name $hostname;
    access_log  off; 

    location /static/ {
        root /data/www/webvirtmgr;
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        client_max_body_size 1024M; # Set higher depending on your needs 
    }
}

Delete default.conf

# cd /etc/nginx/conf.d && rm -rf default.conf

Open nginx.conf out of /etc/nginx/nginx.conf (in Ubuntu 14.04 LTS the configuration is in /etc/nginx/sites-enabled/default):

# vim /etc/nginx/nginx.conf

Comment the Server Section as it is shown in the example:

#    server {
#        listen       80 default_server;
#        server_name  localhost;
#        root         /usr/share/nginx/html;
#
#        #charset koi8-r;
#
#        #access_log  /var/log/nginx/host.access.log  main;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        # redirect server error pages to the static page /40x.html
#        #
#        error_page  404              /404.html;
#        location = /40x.html {
#        }
#
#        # redirect server error pages to the static page /50x.html
#        #
#        error_page   500 502 503 504  /50x.html;
#        location = /50x.html {
#        }
#    }

Restart nginx service:

# service nginx restart && chkconfig nginx on

Update SELinux policy

# setsebool httpd_can_network_connect true

make it permanet service:

# chkconfig supervisord on

4. Setup Supervisor

CentOS, RedHat, Fedora

Run:

# chown -R nginx:nginx /data/html/webvirtmgr

Open supervisord.conf in /etc/supervisord.conf with following content:

[program:webvirtmgr]
command=/usr/bin/python /data/www/webvirtmgr/manage.py run_gunicorn -c /data/www/webvirtmgr/conf/gunicorn.conf.py
directory=/data/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python /data/www/webvirtmgr/console/webvirtmgr-console
directory=/data/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx

Restart supervisor daemon

# service supervisord restart && chkconfig supervisord on

WebVirtMgr :Make it permanet service

# vim /etc/rc.d/rc.local
...
nohup ./data/www/webvirtmgr/manage.py runserver 0.0.0.0:8000 & 
...

Reboot System

Setup SSH Authorization


For new versions of webvirtmgr

  1. Create SSH private key and ssh config options (On system where WebVirtMgr is installed):
# cd /var/cahce/nginx
# mkdir .ssh 
# chown -Rf nginx:nginx .ssh 
# chmod -Rf 700 .ssh
# su - nginx -s /bin/bash
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (path-to-id-rsa-in-nginx-home):   Just hit Enter here!
$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config
$ chmod -Rf 0600 ~/.ssh/config
  1. Copy public key to qemu-kvm/libvirt host server:
# su - nginx -s /bin/bash
$ ssh-copy-id root@emu-kvm-libvirt-host
if you changed the default SSH port use:
$ ssh-copy-id -P YOUR_SSH_PORT root@qemu-kvm-libvirt-host

Now you can test the connection by entering:
$ ssh root@qemu-kvm-libvirt-host

Setup TCP Authorization


Setup Host Server

Supported Linux distributions

CentOS 6.3, RedHat 6.3 and above

Fedora 18 and above

Debian Testing, Ubuntu 12.04 and above

Setup libvirt and KVM

# curl http://retspen.github.io/libvirt-bootstrap.sh | sudo sh

or if haven't curl

# wget -O - http://retspen.github.io/libvirt-bootstrap.sh | sudo sh

Configuring the firewall

CentOS 6, Fedora 18, RedHat EL6

Open access to libvirt port

# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 16509 -j ACCEPT

CentOS 7, Fedora 19+, RedHat EL7 (and other distributions utilizing firewalld)

Find your firewalld zones:

# firewall-cmd --get-active-zones

The zone for the interface which connects the libvirt host and the webvirtmgr host is in the public zone by default, so the command is:

# firewall-cmd --zone=public --add-port 16509/tcp --permanent
# firewall-cmd --reload

Otherwise substitute --zone=public in the above for the correct zone.

Adding users and setting their passwords is done with the saslpasswd2 command. When running this command it is important to tell it that the appname is libvirt. As an example, to add a user admin, run

# saslpasswd2 -a libvirt admin
Password: xxxxxx
Again (for verification): xxxxxx

To see a list of all accounts the sasldblistusers2 command can be used. This command expects to be given the path to the libvirt user database, which is kept in /etc/libvirt/passwd.db

# sasldblistusers2 -f /etc/libvirt/passwd.db
admin@webvirtmgr.net: userPassword

To disable a user's access, use the command saslpasswd2 with the -d

# saslpasswd2 -a libvirt -d admin

Verify settings

Before you add the ip address of your server in the control center perform the following test

# virsh -c qemu+tcp://IP_address/system nodeinfo
Please enter your authentication name: admin
Please enter your password: xxxxxx
CPU model:           x86_64
CPU(s):              2
CPU frequency:       2611 MHz
CPU socket(s):       1
Core(s) per socket:  2
Thread(s) per core:  1
NUMA cell(s):        1
Memory size:         2019260 kB

If you have same error:

# virsh -c qemu+tcp://IP_address/system nodeinfo
Please enter your authentication name: admin
Please enter your password:
error: authentication failed: authentication failed
error: failed to connect to the hypervisor

Try input login with domain (hostname):

# sasldblistusers2 -f /etc/libvirt/passwd.db
admin@webvirtmgr.net: userPassword
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 212,080评论 6 493
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,422评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 157,630评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,554评论 1 284
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,662评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,856评论 1 290
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,014评论 3 408
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,752评论 0 268
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,212评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,541评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,687评论 1 341
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,347评论 4 331
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 39,973评论 3 315
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,777评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,006评论 1 266
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,406评论 2 360
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,576评论 2 349

推荐阅读更多精彩内容