# 🚀 OpenNebula на Debian 13 (Full Setup + Networking)

<p align="center">
  <img src="https://img.shields.io/badge/OpenNebula-7.1-blue?style=for-the-badge">
  <img src="https://img.shields.io/badge/Debian-13-red?style=for-the-badge">
  <img src="https://img.shields.io/badge/KVM-required-important?style=for-the-badge">
  <img src="https://img.shields.io/badge/status-working-success?style=for-the-badge">
</p>

> ⚡ Полный production-ready гайд  
> 🧠 Подходит для homelab / VPS / infra

---

# 📚 Содержание

- [📋 Требования](#-требования)
- [🧰 Базовая установка](#-базовая-установка)
- [🗄️ MariaDB](#️-mariadb)
- [🌐 Hostname](#-hostname)
- [📦 Установка OpenNebula](#-установка-opennebula)
- [🛠️ Конфигурация](#️-конфигурация)
- [🧪 Отладка](#-отладка)
- [🌐 Сеть и интернет для VM](#-сеть-и-интернет-для-vm)
- [🎉 Готово](#-готово)

---

# 📋 Требования

- 🖥️ Debian 13
- ⚠️ KVM (обязательно)
- 💾 Рекомендуется:
  - 4 CPU
  - 8GB RAM
  - SSD

---

# 🧰 Базовая установка

```bash
apt update
apt install nginx certbot python3-certbot-nginx -y
apt install mariadb-server curl gnupg2 -y
```

📌 Пакеты:
- `nginx` — под веб (FireEdge / прокси)
- `certbot` — SSL
- `mariadb` — база OpenNebula

---

# 🗄️ MariaDB

```bash
mysql
```

```sql
CREATE DATABASE opennebula;

GRANT ALL PRIVILEGES ON opennebula.* 
TO 'oneadmin' IDENTIFIED BY 'password';

FLUSH PRIVILEGES;
EXIT;
```

⚠️ `/etc/mysql/` — здесь конфиги MariaDB

---

# 🌐 Hostname

```bash
hostname opennebula
```

📌 Файл: `/etc/hosts`

```bash
nano /etc/hosts
```

Добавь:

```
<YOUR_IP> opennebula
```

---

# 📦 Установка OpenNebula

## 🔐 GPG ключ

```bash
curl -fsSL https://downloads.opennebula.io/repo/repo2.key \
| gpg --dearmor -o /etc/apt/trusted.gpg.d/opennebula.gpg
```

---

## 📥 Репозиторий

Файл: `/etc/apt/sources.list.d/opennebula.list`

```bash
echo "deb https://downloads.opennebula.io/repo/7.1/Debian/13 stable opennebula" \
| tee /etc/apt/sources.list.d/opennebula.list
```

---

## 🔄 Установка

```bash
apt update

apt install opennebula opennebula-fireedge \
opennebula-gate opennebula-flow -y
```

---

## ⚙️ Зависимости

```bash
/usr/share/one/install_gems
```

📌 Скрипт ставит ruby-зависимости

---

# 🛠️ Конфигурация

Файл: `/etc/one/oned.conf`

```bash
nano /etc/one/oned.conf
```

### ❌ Было:

```ini
DB = [ BACKEND = "sqlite",
TIMEOUT = 2500 ]
```

### ✅ Стало:

```ini
DB = [ BACKEND = "mysql",
SERVER = "localhost",
PORT = 0,
USER = "oneadmin",
PASSWD = "password",
DB_NAME = "opennebula",
CONNECTIONS = 25,
COMPARE_BINARY = "no" ]
```

---

## 🔑 Пароль oneadmin

```bash
cat /var/lib/one/.one/one_auth
```

---

## ▶️ Сервисы

```bash
systemctl start opennebula opennebula-fireedge \
opennebula-flow opennebula-gate

systemctl enable opennebula opennebula-fireedge \
opennebula-flow opennebula-gate
```

---

# 🧪 Отладка

## SSH доступ

```bash
su - oneadmin
ssh -o StrictHostKeyChecking=no localhost
```

---

## Группы

```bash
usermod -a -G libvirt,kvm oneadmin
```

---

## KVM

```bash
ln -s /usr/bin/qemu-system-x86_64 /usr/bin/qemu-kvm-one
systemctl restart libvirtd
```

📌 Файл: `/etc/libvirt/qemu.conf`

```bash
nano /etc/libvirt/qemu.conf
```

```ini
user = "oneadmin"
group = "oneadmin"
dynamic_ownership = 1
```

---

## AppArmor

```bash
apt install apparmor-utils -y
aa-complain /usr/sbin/libvirtd
systemctl restart libvirtd
```

---

## Datastore

```bash
chown -R oneadmin:oneadmin /var/lib/one/datastores
chmod -R 770 /var/lib/one/datastores
```

---

## Guacd

```bash
systemctl enable --now opennebula-guacd
ss -tlnp | grep 4822
```

---

## Sunstone

Файл: `/etc/one/sunstone-server.conf`

```yaml
:private_fireedge_endpoint: http://localhost:2616
:public_fireedge_endpoint: http://<YOUR_IP_OR_DOMAIN>:2616
:fireedge_verify_ssl: false
```

---

# 🌐 Сеть и интернет для VM

# OpenNebula guide up internet for VM

---

## 1. Создание bridge

```bash
apt install bridge-utils -y
```

📌 Файл: `/etc/network/interfaces`

```bash
nano /etc/network/interfaces
```

```ini
# Внутренний мост для OpenNebula
auto br1
iface br1 inet static
    address 192.168.100.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
```

---

## 2. Применение сети

```bash
systemctl restart networking
```

---

## 3. NAT (интернет для VM)

### Включаем forwarding

📌 Файл: `/etc/sysctl.d/99-opennebula-nat.conf`

```bash
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-opennebula-nat.conf
sysctl -p /etc/sysctl.d/99-opennebula-nat.conf
```

---

### iptables

📌 Узнать интерфейс:

```bash
ip route | grep default
```

```bash
iptables -t nat -F

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i br1 -o eth0 -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
```

---

### Сохранение

```bash
apt install iptables-persistent -y
```

---

## 4. Проброс портов

```bash
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 \
-j DNAT --to-destination 192.168.100.10:22
```

---

## 5. Сеть в OpenNebula

- Network → Virtual Network
- Mode: **Bridged**
- Bridge: `br1`

📌 Addresses → `+ Address Range`

---

## 6. DNS (bind9)

```bash
apt install bind9 -y
```

📌 Файл: `/etc/bind/named.conf.options`

```bash
nano /etc/bind/named.conf.options
```

```ini
options {
    directory "/var/cache/bind";

    forwarders {
        8.8.8.8;
        8.8.4.4;
    };

    dnssec-validation auto;
    listen-on { 127.0.0.1; 192.168.100.1; };
    listen-on-v6 { none; };
};
```

```bash
systemctl restart bind9
```

---

## 7. DHCP

```bash
apt install isc-dhcp-server -y
```

📌 Интерфейс:

```bash
nano /etc/default/isc-dhcp-server
```

```
INTERFACESv4="br1"
```

---

📌 Конфиг: `/etc/dhcp/dhcpd.conf`

```bash
nano /etc/dhcp/dhcpd.conf
```

```conf
subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.2 192.168.100.254;
  option routers 192.168.100.1;

  option domain-name-servers 192.168.100.1;

  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.100.255;
  default-lease-time 600;
  max-lease-time 7200;
  abandon-lease-time 0;
}
```

---

```bash
systemctl restart isc-dhcp-server
systemctl status isc-dhcp-server
```

---

# 🎉 Готово!

## ✅ У тебя теперь:

- OpenNebula
- NAT + интернет для VM
- DHCP + DNS
- Полная инфраструктура

---

## 💡 Debug

```bash
journalctl -u opennebula -f
journalctl -u libvirtd -f
journalctl -u isc-dhcp-server -f
```

---

<p align="center">
  made with ❤️ for infra geeks
</p>