Окак

Signed-off-by: Reisber <admin@reisber.space>
2026-03-22 21:50:37 +00:00
parent 346369f585
commit de0c08f03b
1 changed files with 469 additions and 0 deletions
--- a/NEBULA/nebula2.0.md
+++ b/NEBULA/nebula2.0.md
@@ -0,0 +1,469 @@
+# 🚀 OpenNebula на Debian 13 (Full Setup + Networking)
+
+<p align="center">
+  <img src="https://img.shields.io/badge/OpenNebula-7.1-blue?style=for-the-badge">
+  <img src="https://img.shields.io/badge/Debian-13-red?style=for-the-badge">
+  <img src="https://img.shields.io/badge/KVM-required-important?style=for-the-badge">
+  <img src="https://img.shields.io/badge/status-working-success?style=for-the-badge">
+</p>
+
+> ⚡ Полный production-ready гайд  
+> 🧠 Подходит для homelab / VPS / infra
+
+---
+
+# 📚 Содержание
+
+- [📋 Требования](#-требования)
+- [🧰 Базовая установка](#-базовая-установка)
+- [🗄️ MariaDB](#️-mariadb)
+- [🌐 Hostname](#-hostname)
+- [📦 Установка OpenNebula](#-установка-opennebula)
+- [🛠️ Конфигурация](#️-конфигурация)
+- [🧪 Отладка](#-отладка)
+- [🌐 Сеть и интернет для VM](#-сеть-и-интернет-для-vm)
+- [🎉 Готово](#-готово)
+
+---
+
+# 📋 Требования
+
+- 🖥️ Debian 13
+- ⚠️ KVM (обязательно)
+- 💾 Рекомендуется:
+  - 4 CPU
+  - 8GB RAM
+  - SSD
+
+---
+
+# 🧰 Базовая установка
+
+```bash
+apt update
+apt install nginx certbot python3-certbot-nginx -y
+apt install mariadb-server curl gnupg2 -y
+```
+
+📌 Пакеты:
+- `nginx` — под веб (FireEdge / прокси)
+- `certbot` — SSL
+- `mariadb` — база OpenNebula
+
+---
+
+# 🗄️ MariaDB
+
+```bash
+mysql
+```
+
+```sql
+CREATE DATABASE opennebula;
+
+GRANT ALL PRIVILEGES ON opennebula.* 
+TO 'oneadmin' IDENTIFIED BY 'password';
+
+FLUSH PRIVILEGES;
+EXIT;
+```
+
+⚠️ `/etc/mysql/` — здесь конфиги MariaDB
+
+---
+
+# 🌐 Hostname
+
+```bash
+hostname opennebula
+```
+
+📌 Файл: `/etc/hosts`
+
+```bash
+nano /etc/hosts
+```
+
+Добавь:
+
+```
+<YOUR_IP> opennebula
+```
+
+---
+
+# 📦 Установка OpenNebula
+
+## 🔐 GPG ключ
+
+```bash
+curl -fsSL https://downloads.opennebula.io/repo/repo2.key \
+| gpg --dearmor -o /etc/apt/trusted.gpg.d/opennebula.gpg
+```
+
+---
+
+## 📥 Репозиторий
+
+Файл: `/etc/apt/sources.list.d/opennebula.list`
+
+```bash
+echo "deb https://downloads.opennebula.io/repo/7.1/Debian/13 stable opennebula" \
+| tee /etc/apt/sources.list.d/opennebula.list
+```
+
+---
+
+## 🔄 Установка
+
+```bash
+apt update
+
+apt install opennebula opennebula-fireedge \
+opennebula-gate opennebula-flow -y
+```
+
+---
+
+## ⚙️ Зависимости
+
+```bash
+/usr/share/one/install_gems
+```
+
+📌 Скрипт ставит ruby-зависимости
+
+---
+
+# 🛠️ Конфигурация
+
+Файл: `/etc/one/oned.conf`
+
+```bash
+nano /etc/one/oned.conf
+```
+
+### ❌ Было:
+
+```ini
+DB = [ BACKEND = "sqlite",
+TIMEOUT = 2500 ]
+```
+
+### ✅ Стало:
+
+```ini
+DB = [ BACKEND = "mysql",
+SERVER = "localhost",
+PORT = 0,
+USER = "oneadmin",
+PASSWD = "password",
+DB_NAME = "opennebula",
+CONNECTIONS = 25,
+COMPARE_BINARY = "no" ]
+```
+
+---
+
+## 🔑 Пароль oneadmin
+
+```bash
+cat /var/lib/one/.one/one_auth
+```
+
+---
+
+## ▶️ Сервисы
+
+```bash
+systemctl start opennebula opennebula-fireedge \
+opennebula-flow opennebula-gate
+
+systemctl enable opennebula opennebula-fireedge \
+opennebula-flow opennebula-gate
+```
+
+---
+
+# 🧪 Отладка
+
+## SSH доступ
+
+```bash
+su - oneadmin
+ssh -o StrictHostKeyChecking=no localhost
+```
+
+---
+
+## Группы
+
+```bash
+usermod -a -G libvirt,kvm oneadmin
+```
+
+---
+
+## KVM
+
+```bash
+ln -s /usr/bin/qemu-system-x86_64 /usr/bin/qemu-kvm-one
+systemctl restart libvirtd
+```
+
+📌 Файл: `/etc/libvirt/qemu.conf`
+
+```bash
+nano /etc/libvirt/qemu.conf
+```
+
+```ini
+user = "oneadmin"
+group = "oneadmin"
+dynamic_ownership = 1
+```
+
+---
+
+## AppArmor
+
+```bash
+apt install apparmor-utils -y
+aa-complain /usr/sbin/libvirtd
+systemctl restart libvirtd
+```
+
+---
+
+## Datastore
+
+```bash
+chown -R oneadmin:oneadmin /var/lib/one/datastores
+chmod -R 770 /var/lib/one/datastores
+```
+
+---
+
+## Guacd
+
+```bash
+systemctl enable --now opennebula-guacd
+ss -tlnp | grep 4822
+```
+
+---
+
+## Sunstone
+
+Файл: `/etc/one/sunstone-server.conf`
+
+```yaml
+:private_fireedge_endpoint: http://localhost:2616
+:public_fireedge_endpoint: http://<YOUR_IP_OR_DOMAIN>:2616
+:fireedge_verify_ssl: false
+```
+
+---
+
+# 🌐 Сеть и интернет для VM
+
+# OpenNebula guide up internet for VM
+
+---
+
+## 1. Создание bridge
+
+```bash
+apt install bridge-utils -y
+```
+
+📌 Файл: `/etc/network/interfaces`
+
+```bash
+nano /etc/network/interfaces
+```
+
+```ini
+# Внутренний мост для OpenNebula
+auto br1
+iface br1 inet static
+    address 192.168.100.1
+    netmask 255.255.255.0
+    bridge_ports none
+    bridge_stp off
+    bridge_fd 0
+```
+
+---
+
+## 2. Применение сети
+
+```bash
+systemctl restart networking
+```
+
+---
+
+## 3. NAT (интернет для VM)
+
+### Включаем forwarding
+
+📌 Файл: `/etc/sysctl.d/99-opennebula-nat.conf`
+
+```bash
+echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-opennebula-nat.conf
+sysctl -p /etc/sysctl.d/99-opennebula-nat.conf
+```
+
+---
+
+### iptables
+
+📌 Узнать интерфейс:
+
+```bash
+ip route | grep default
+```
+
+```bash
+iptables -t nat -F
+
+iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+
+iptables -A FORWARD -i br1 -o eth0 -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+```
+
+---
+
+### Сохранение
+
+```bash
+apt install iptables-persistent -y
+```
+
+---
+
+## 4. Проброс портов
+
+```bash
+iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 \
+-j DNAT --to-destination 192.168.100.10:22
+```
+
+---
+
+## 5. Сеть в OpenNebula
+
+- Network → Virtual Network
+- Mode: **Bridged**
+- Bridge: `br1`
+
+📌 Addresses → `+ Address Range`
+
+---
+
+## 6. DNS (bind9)
+
+```bash
+apt install bind9 -y
+```
+
+📌 Файл: `/etc/bind/named.conf.options`
+
+```bash
+nano /etc/bind/named.conf.options
+```
+
+```ini
+options {
+    directory "/var/cache/bind";
+
+    forwarders {
+        8.8.8.8;
+        8.8.4.4;
+    };
+
+    dnssec-validation auto;
+    listen-on { 127.0.0.1; 192.168.100.1; };
+    listen-on-v6 { none; };
+};
+```
+
+```bash
+systemctl restart bind9
+```
+
+---
+
+## 7. DHCP
+
+```bash
+apt install isc-dhcp-server -y
+```
+
+📌 Интерфейс:
+
+```bash
+nano /etc/default/isc-dhcp-server
+```
+
+```
+INTERFACESv4="br1"
+```
+
+---
+
+📌 Конфиг: `/etc/dhcp/dhcpd.conf`
+
+```bash
+nano /etc/dhcp/dhcpd.conf
+```
+
+```conf
+subnet 192.168.100.0 netmask 255.255.255.0 {
+  range 192.168.100.2 192.168.100.254;
+  option routers 192.168.100.1;
+
+  option domain-name-servers 192.168.100.1;
+
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.100.255;
+  default-lease-time 600;
+  max-lease-time 7200;
+}
+```
+
+---
+
+```bash
+systemctl restart isc-dhcp-server
+systemctl status isc-dhcp-server
+```
+
+---
+
+# 🎉 Готово!
+
+## ✅ У тебя теперь:
+
+- OpenNebula
+- NAT + интернет для VM
+- DHCP + DNS
+- Полная инфраструктура
+
+---
+
+## 💡 Debug
+
+```bash
+journalctl -u opennebula -f
+journalctl -u libvirtd -f
+journalctl -u isc-dhcp-server -f
+```
+
+---
+
+<p align="center">
+  made with ❤️ for infra geeks
+</p>