Окак

Signed-off-by: Reisber <admin@reisber.space>
2026-03-22 21:50:37 +00:00
parent 346369f585
commit de0c08f03b
1 changed files with 469 additions and 0 deletions
--- a/NEBULA/nebula2.0.md
+++ b/NEBULA/nebula2.0.md
@@ -0,0 +1,469 @@
 # 🚀 OpenNebula на Debian 13 (Full Setup + Networking)
 <p align="center">
  <img src="https://img.shields.io/badge/OpenNebula-7.1-blue?style=for-the-badge">
  <img src="https://img.shields.io/badge/Debian-13-red?style=for-the-badge">
  <img src="https://img.shields.io/badge/KVM-required-important?style=for-the-badge">
  <img src="https://img.shields.io/badge/status-working-success?style=for-the-badge">
 </p>
 > ⚡ Полный production-ready гайд  
 > 🧠 Подходит для homelab / VPS / infra
 ---
 # 📚 Содержание
 - [📋 Требования](#-требования)
 - [🧰 Базовая установка](#-базовая-установка)
 - [🗄️ MariaDB](#️-mariadb)
 - [🌐 Hostname](#-hostname)
 - [📦 Установка OpenNebula](#-установка-opennebula)
 - [🛠️ Конфигурация](#️-конфигурация)
 - [🧪 Отладка](#-отладка)
 - [🌐 Сеть и интернет для VM](#-сеть-и-интернет-для-vm)
 - [🎉 Готово](#-готово)
 ---
 # 📋 Требования
 - 🖥️ Debian 13
 - ⚠️ KVM (обязательно)
 - 💾 Рекомендуется:
  - 4 CPU
  - 8GB RAM
  - SSD
 ---
 # 🧰 Базовая установка
 ```bash
 apt update
 apt install nginx certbot python3-certbot-nginx -y
 apt install mariadb-server curl gnupg2 -y
 ```
 📌 Пакеты:
 - `nginx` — под веб (FireEdge / прокси)
 - `certbot` — SSL
 - `mariadb` — база OpenNebula
 ---
 # 🗄️ MariaDB
 ```bash
 mysql
 ```
 ```sql
 CREATE DATABASE opennebula;
 GRANT ALL PRIVILEGES ON opennebula.* 
 TO 'oneadmin' IDENTIFIED BY 'password';
 FLUSH PRIVILEGES;
 EXIT;
 ```
 ⚠️ `/etc/mysql/` — здесь конфиги MariaDB
 ---
 # 🌐 Hostname
 ```bash
 hostname opennebula
 ```
 📌 Файл: `/etc/hosts`
 ```bash
 nano /etc/hosts
 ```
 Добавь:
 ```
 <YOUR_IP> opennebula
 ```
 ---
 # 📦 Установка OpenNebula
 ## 🔐 GPG ключ
 ```bash
 curl -fsSL https://downloads.opennebula.io/repo/repo2.key \
 | gpg --dearmor -o /etc/apt/trusted.gpg.d/opennebula.gpg
 ```
 ---
 ## 📥 Репозиторий
 Файл: `/etc/apt/sources.list.d/opennebula.list`
 ```bash
 echo "deb https://downloads.opennebula.io/repo/7.1/Debian/13 stable opennebula" \
 | tee /etc/apt/sources.list.d/opennebula.list
 ```
 ---
 ## 🔄 Установка
 ```bash
 apt update
 apt install opennebula opennebula-fireedge \
 opennebula-gate opennebula-flow -y
 ```
 ---
 ## ⚙️ Зависимости
 ```bash
 /usr/share/one/install_gems
 ```
 📌 Скрипт ставит ruby-зависимости
 ---
 # 🛠️ Конфигурация
 Файл: `/etc/one/oned.conf`
 ```bash
 nano /etc/one/oned.conf
 ```
 ### ❌ Было:
 ```ini
 DB = [ BACKEND = "sqlite",
 TIMEOUT = 2500 ]
 ```
 ### ✅ Стало:
 ```ini
 DB = [ BACKEND = "mysql",
 SERVER = "localhost",
 PORT = 0,
 USER = "oneadmin",
 PASSWD = "password",
 DB_NAME = "opennebula",
 CONNECTIONS = 25,
 COMPARE_BINARY = "no" ]
 ```
 ---
 ## 🔑 Пароль oneadmin
 ```bash
 cat /var/lib/one/.one/one_auth
 ```
 ---
 ## ▶️ Сервисы
 ```bash
 systemctl start opennebula opennebula-fireedge \
 opennebula-flow opennebula-gate
 systemctl enable opennebula opennebula-fireedge \
 opennebula-flow opennebula-gate
 ```
 ---
 # 🧪 Отладка
 ## SSH доступ
 ```bash
 su - oneadmin
 ssh -o StrictHostKeyChecking=no localhost
 ```
 ---
 ## Группы
 ```bash
 usermod -a -G libvirt,kvm oneadmin
 ```
 ---
 ## KVM
 ```bash
 ln -s /usr/bin/qemu-system-x86_64 /usr/bin/qemu-kvm-one
 systemctl restart libvirtd
 ```
 📌 Файл: `/etc/libvirt/qemu.conf`
 ```bash
 nano /etc/libvirt/qemu.conf
 ```
 ```ini
 user = "oneadmin"
 group = "oneadmin"
 dynamic_ownership = 1
 ```
 ---
 ## AppArmor
 ```bash
 apt install apparmor-utils -y
 aa-complain /usr/sbin/libvirtd
 systemctl restart libvirtd
 ```
 ---
 ## Datastore
 ```bash
 chown -R oneadmin:oneadmin /var/lib/one/datastores
 chmod -R 770 /var/lib/one/datastores
 ```
 ---
 ## Guacd
 ```bash
 systemctl enable --now opennebula-guacd
 ss -tlnp | grep 4822
 ```
 ---
 ## Sunstone
 Файл: `/etc/one/sunstone-server.conf`
 ```yaml
 :private_fireedge_endpoint: http://localhost:2616
 :public_fireedge_endpoint: http://<YOUR_IP_OR_DOMAIN>:2616
 :fireedge_verify_ssl: false
 ```
 ---
 # 🌐 Сеть и интернет для VM
 # OpenNebula guide up internet for VM
 ---
 ## 1. Создание bridge
 ```bash
 apt install bridge-utils -y
 ```
 📌 Файл: `/etc/network/interfaces`
 ```bash
 nano /etc/network/interfaces
 ```
 ```ini
 # Внутренний мост для OpenNebula
 auto br1
 iface br1 inet static
    address 192.168.100.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
 ```
 ---
 ## 2. Применение сети
 ```bash
 systemctl restart networking
 ```
 ---
 ## 3. NAT (интернет для VM)
 ### Включаем forwarding
 📌 Файл: `/etc/sysctl.d/99-opennebula-nat.conf`
 ```bash
 echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-opennebula-nat.conf
 sysctl -p /etc/sysctl.d/99-opennebula-nat.conf
 ```
 ---
 ### iptables
 📌 Узнать интерфейс:
 ```bash
 ip route | grep default
 ```
 ```bash
 iptables -t nat -F
 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 iptables -A FORWARD -i br1 -o eth0 -j ACCEPT
 iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 ```
 ---
 ### Сохранение
 ```bash
 apt install iptables-persistent -y
 ```
 ---
 ## 4. Проброс портов
 ```bash
 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 \
 -j DNAT --to-destination 192.168.100.10:22
 ```
 ---
 ## 5. Сеть в OpenNebula
 - Network → Virtual Network
 - Mode: **Bridged**
 - Bridge: `br1`
 📌 Addresses → `+ Address Range`
 ---
 ## 6. DNS (bind9)
 ```bash
 apt install bind9 -y
 ```
 📌 Файл: `/etc/bind/named.conf.options`
 ```bash
 nano /etc/bind/named.conf.options
 ```
 ```ini
 options {
    directory "/var/cache/bind";
    forwarders {
        8.8.8.8;
        8.8.4.4;
    };
    dnssec-validation auto;
    listen-on { 127.0.0.1; 192.168.100.1; };
    listen-on-v6 { none; };
 };
 ```
 ```bash
 systemctl restart bind9
 ```
 ---
 ## 7. DHCP
 ```bash
 apt install isc-dhcp-server -y
 ```
 📌 Интерфейс:
 ```bash
 nano /etc/default/isc-dhcp-server
 ```
 ```
 INTERFACESv4="br1"
 ```
 ---
 📌 Конфиг: `/etc/dhcp/dhcpd.conf`
 ```bash
 nano /etc/dhcp/dhcpd.conf
 ```
 ```conf
 subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.2 192.168.100.254;
  option routers 192.168.100.1;
  option domain-name-servers 192.168.100.1;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.100.255;
  default-lease-time 600;
  max-lease-time 7200;
 }
 ```
 ---
 ```bash
 systemctl restart isc-dhcp-server
 systemctl status isc-dhcp-server
 ```
 ---
 # 🎉 Готово!
 ## ✅ У тебя теперь:
 - OpenNebula
 - NAT + интернет для VM
 - DHCP + DNS
 - Полная инфраструктура
 ---
 ## 💡 Debug
 ```bash
 journalctl -u opennebula -f
 journalctl -u libvirtd -f
 journalctl -u isc-dhcp-server -f
 ```
 ---
 <p align="center">
  made with ❤️ for infra geeks
 </p>