对于KVM(kernel-based virtual machine)大家并不陌生,它是基于内核的虚拟机,在测试或者生产环境中经常用到,由于管理起来不是很方便,我在这里推荐一个kvm web管理工具。
什么是Wok?
Wok基于cherrypy的web框架,可以通过一些插件来进行扩展,例如:虚拟化管理、主机管理、系统管理。它可以在任何支持HTML5的网页浏览器中运行。
什么是Kimchi?
Kimchi是一个基于HTML5的KVM管理工具,是Wok的一个插件(使用Kimchi前一定要先安装了wok),通过Kimchi可以更方便的管理KVM。
github地址:https://github.com/kimchi-project
当前环境介绍:
vm虚拟机安装的Centos7.4(桌面版安装),vm勾选虚拟化Inter VT-x/EPT或AMD-V/RVI(V)
临时关闭selinux
setenforce 0
永久关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
关闭防火墙(或自行开放相应端口)
systemctl stop firewalld.service
正文开始:
一、编译安装nginx
1、配置好yum源,安装依赖
yum install wget gcc gcc-c++ pcre pcre-devel openssl openssl-devel zlib zlib-devel epel-release
2、创建nginx启动用户
useradd -s /bin/false -M www
3、下载解压nginx
cd /usr/local/src/
wget http://nginx.org/download/nginx-1.12.2.tar.gz
tar zxf nginx-1.12.2.tar.gz
4、编译nginx
cd /usr/local/src/nginx-1.12.2
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module
make
make install
5、添加环境变量
ln -sv /usr/local/nginx/sbin/nginx /usr/local/sbin/
6、设置systemctl
vi /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
二、配置nginx
1、编辑nginx配置文件
vi /usr/local/nginx/conf/nginx.conf
http{
......
include vhost/*.conf;
}
2、创建虚拟机
mkdir /usr/local/nginx/conf/vhost
cd /usr/local/nginx/conf/vhost
vi wok.conf
client_max_body_size 4194304k;
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server 127.0.0.1:64667;
}
server {
listen 0.0.0.0:8001 ssl;
ssl_certificate /etc/wok/wok-cert.pem;
ssl_certificate_key /etc/wok/wok-key.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:@STRENGTH';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/wok/dhparams.pem;
# Session timeout value must be properly set in /etc/wok/wok.conf as well
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location / {
# Default cherrypy port for Wok is 8010
# DO NOT forget to update cherrypy_port parameter in /etc/wok/wok.conf
# when changing this value
proxy_pass http://127.0.0.1:8010;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Update location path for https for relative path
# e.g.: proxy_redirect http://127.0.0.1:8010/ https://$host:8001/wok/;
proxy_redirect http://127.0.0.1:8010/ https://$host:8001/;
}
# Update location path for relative path
# e.g.: localtion /wok/websockify
location /websockify {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
server {
listen 0.0.0.0:8000;
rewrite ^/(.*)$ https://$host:8001/$1 redirect;
}
三、编译安装wok
1、安装依赖
yum install gettext-devel git rpm-python python-psutil sos python-lxml libxslt pyparted python-cherrypy python-configobj python-unittest2 python-ordereddict pyflakes python-pep8 python-requests automake PyPAM fontawesome-fonts python-cheetah python-jsonschema python-websockify python-ldap m2crypto gcc make autoconf rpm-build python-pip libvirt-python libvirt libvirt-daemon-config-network qemu-kvm python-ethtool python-ipaddr nfs-utils iscsi-initiator-utils python-libguestfs libguestfs-tools novnc spice-html5 python-magic python-pillow python-paramiko
2、安装pip模块
在用户目录下创建.pip文件夹
cd /root
mkdir ~/.pip
然后在该目录下创建pip.conf文件
vi ~/.pip/pip.conf
[global]
trusted-host=mirrors.aliyun.com
index-url=http://mirrors.aliyun.com/pypi/simple/
接下来再通过pip安装numpy,如果直接pip安装numpy的话速度会很慢
pip install numpy
3、下载wok源码包并编译wok
cd /usr/local/src/
wget http://down.whsir.com/downloads/wok-2.5.0.tar.gz
tar zxf wok-2.5.0.tar.gz
cd wok-2.5.0
./autogen.sh --system
make
make install
python src/wokd
注意:执行python src/wokd后会生成证书,生成完成后需要手动ctrl+c结束
四、编译kimchi
cd /usr/local/src/
wget http://down.whsir.com/downloads/kimchi-2.5.0.tar.gz
tar zxf kimchi-2.5.0.tar.gz
cd kimchi-2.5.0
./autogen.sh --system
make
make install
五、最后
启动wok
systemctl start wokd
访问https://IP:8001即可看到登录页面,此登录的帐号密码为当前系统的帐号密码
此时可以通过Virtualization来管理kvm了
关于kvm安装可参考:https://blog.whsir.com/post-286.html