使用wok kimchi插件管理kvm（编译安装）

对于KVM（kernel-based virtual machine）大家并不陌生，它是基于内核的虚拟机，在测试或者生产环境中经常用到，由于管理起来不是很方便，我在这里推荐一个kvm web管理工具。

什么是Wok？

Wok基于cherrypy的web框架，可以通过一些插件来进行扩展，例如：虚拟化管理、主机管理、系统管理。它可以在任何支持HTML5的网页浏览器中运行。

什么是Kimchi？

Kimchi是一个基于HTML5的KVM管理工具，是Wok的一个插件（使用Kimchi前一定要先安装了wok），通过Kimchi可以更方便的管理KVM。

github地址：https://github.com/kimchi-project

当前环境介绍：

vm虚拟机安装的Centos7.4（桌面版安装），vm勾选虚拟化Inter VT-x/EPT或AMD-V/RVI(V)

临时关闭selinux

setenforce 0

永久关闭selinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

关闭防火墙（或自行开放相应端口）

systemctl stop firewalld.service

正文开始：

一、编译安装nginx

1、配置好yum源，安装依赖

yum install wget gcc gcc-c++ pcre pcre-devel openssl openssl-devel zlib zlib-devel epel-release

2、创建nginx启动用户

useradd -s /bin/false -M www

3、下载解压nginx

cd /usr/local/src/
wget http://nginx.org/download/nginx-1.12.2.tar.gz
tar zxf nginx-1.12.2.tar.gz

4、编译nginx

cd /usr/local/src/nginx-1.12.2
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module
make
make install

5、添加环境变量

ln -sv /usr/local/nginx/sbin/nginx /usr/local/sbin/

6、设置systemctl

vi /usr/lib/systemd/system/nginx.service

[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target

二、配置nginx

1、编辑nginx配置文件

vi /usr/local/nginx/conf/nginx.conf

http{
......
include vhost/*.conf;
}

2、创建虚拟机

mkdir /usr/local/nginx/conf/vhost
cd /usr/local/nginx/conf/vhost

vi wok.conf

client_max_body_size 4194304k;
proxy_connect_timeout       10m;
proxy_send_timeout          10m;
proxy_read_timeout          10m;
send_timeout                10m;

map $http_upgrade $connection_upgrade {

default upgrade;
'' close;

}
upstream websocket {

server 127.0.0.1:64667;

}
server {

listen 0.0.0.0:8001 ssl;

ssl_certificate /etc/wok/wok-cert.pem;
ssl_certificate_key /etc/wok/wok-key.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:@STRENGTH';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/wok/dhparams.pem;

# Session timeout value must be properly set in /etc/wok/wok.conf as well
ssl_session_timeout 10m;

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

location / {

    # Default cherrypy port for Wok is 8010
    # DO NOT forget to update cherrypy_port parameter in /etc/wok/wok.conf
    # when changing this value
    proxy_pass http://127.0.0.1:8010;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # Update location path for https for relative path
    # e.g.: proxy_redirect http://127.0.0.1:8010/ https://$host:8001/wok/;
    proxy_redirect http://127.0.0.1:8010/ https://$host:8001/;
}

# Update location path for relative path
# e.g.: localtion /wok/websockify
location /websockify {
    proxy_pass http://websocket;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

}
server {

listen 0.0.0.0:8000;
rewrite ^/(.*)$ https://$host:8001/$1 redirect;

}

三、编译安装wok

1、安装依赖

yum install gettext-devel git rpm-python python-psutil sos python-lxml libxslt pyparted python-cherrypy python-configobj python-unittest2 python-ordereddict pyflakes python-pep8 python-requests automake PyPAM fontawesome-fonts python-cheetah python-jsonschema python-websockify python-ldap m2crypto gcc make autoconf rpm-build python-pip libvirt-python libvirt libvirt-daemon-config-network qemu-kvm python-ethtool python-ipaddr nfs-utils iscsi-initiator-utils python-libguestfs libguestfs-tools novnc spice-html5 python-magic python-pillow python-paramiko

2、安装pip模块

在用户目录下创建.pip文件夹

cd /root
mkdir ~/.pip

然后在该目录下创建pip.conf文件

vi ~/.pip/pip.conf

[global]
trusted-host=mirrors.aliyun.com
index-url=http://mirrors.aliyun.com/pypi/simple/

接下来再通过pip安装numpy，如果直接pip安装numpy的话速度会很慢

pip install numpy

3、下载wok源码包并编译wok

cd /usr/local/src/
wget http://down.whsir.com/downloads/wok-2.5.0.tar.gz
tar zxf wok-2.5.0.tar.gz
cd wok-2.5.0
./autogen.sh --system
make
make install
python src/wokd

注意：执行python src/wokd后会生成证书，生成完成后需要手动ctrl+c结束

四、编译kimchi

cd /usr/local/src/
wget http://down.whsir.com/downloads/kimchi-2.5.0.tar.gz
tar zxf kimchi-2.5.0.tar.gz
cd kimchi-2.5.0
./autogen.sh --system
make
make install

五、最后

启动wok

systemctl start wokd

访问 https://IP:8001即可看到登录页面，此登录的帐号密码为当前系统的帐号密码

此时可以通过Virtualization来管理kvm了

关于kvm安装可参考：https://blog.whsir.com/post-286.html