Personal/NEBULA/nebula2.0.md

🚀 OpenNebula на Debian 13 (Full Setup + Networking)

⚡ Полный production-ready гайд
🧠 Подходит для homelab / VPS / infra

---

📚 Содержание

• 📋 Требования
• 🧰 Базовая установка
• 🗄️ MariaDB
• 🌐 Hostname
• 📦 Установка OpenNebula
• 🛠️ Конфигурация
• 🧪 Отладка
• 🌐 Сеть и интернет для VM
• 🎉 Готово

---

📋 Требования

• 🖥️ Debian 13
• ⚠️ KVM (обязательно)
• 💾 Рекомендуется:
  • 4 CPU
  • 8GB RAM
  • SSD

---

🧰 Базовая установка

apt update
apt install nginx certbot python3-certbot-nginx -y
apt install mariadb-server curl gnupg2 -y

📌 Пакеты:

• nginx — под веб (FireEdge / прокси)
• certbot — SSL
• mariadb — база OpenNebula

---

🗄️ MariaDB

mysql

CREATE DATABASE opennebula;

GRANT ALL PRIVILEGES ON opennebula.* 
TO 'oneadmin' IDENTIFIED BY 'password';

FLUSH PRIVILEGES;
EXIT;

⚠️ /etc/mysql/ — здесь конфиги MariaDB

---

🌐 Hostname

hostname opennebula

📌 Файл: /etc/hosts

nano /etc/hosts

Добавь:

<YOUR_IP> opennebula

---

📦 Установка OpenNebula

🔐 GPG ключ

curl -fsSL https://downloads.opennebula.io/repo/repo2.key \
| gpg --dearmor -o /etc/apt/trusted.gpg.d/opennebula.gpg

---

📥 Репозиторий

Файл: /etc/apt/sources.list.d/opennebula.list

echo "deb https://downloads.opennebula.io/repo/7.1/Debian/13 stable opennebula" \
| tee /etc/apt/sources.list.d/opennebula.list

---

🔄 Установка

apt update

apt install opennebula opennebula-fireedge \
opennebula-gate opennebula-flow -y

---

⚙️ Зависимости

/usr/share/one/install_gems

📌 Скрипт ставит ruby-зависимости

---

🛠️ Конфигурация

Файл: /etc/one/oned.conf

nano /etc/one/oned.conf

❌ Было:

DB = [ BACKEND = "sqlite",
TIMEOUT = 2500 ]

✅ Стало:

DB = [ BACKEND = "mysql",
SERVER = "localhost",
PORT = 0,
USER = "oneadmin",
PASSWD = "password",
DB_NAME = "opennebula",
CONNECTIONS = 25,
COMPARE_BINARY = "no" ]

---

🔑 Пароль oneadmin

cat /var/lib/one/.one/one_auth

---

▶️ Сервисы

systemctl start opennebula opennebula-fireedge \
opennebula-flow opennebula-gate

systemctl enable opennebula opennebula-fireedge \
opennebula-flow opennebula-gate

---

🧪 Отладка

SSH доступ

su - oneadmin
ssh -o StrictHostKeyChecking=no localhost

---

Группы

usermod -a -G libvirt,kvm oneadmin

---

KVM

ln -s /usr/bin/qemu-system-x86_64 /usr/bin/qemu-kvm-one
systemctl restart libvirtd

📌 Файл: /etc/libvirt/qemu.conf

nano /etc/libvirt/qemu.conf

user = "oneadmin"
group = "oneadmin"
dynamic_ownership = 1

---

AppArmor

apt install apparmor-utils -y
aa-complain /usr/sbin/libvirtd
systemctl restart libvirtd

---

Datastore

chown -R oneadmin:oneadmin /var/lib/one/datastores
chmod -R 770 /var/lib/one/datastores

---

Guacd

systemctl enable --now opennebula-guacd
ss -tlnp | grep 4822

---

Sunstone

Файл: /etc/one/sunstone-server.conf

:private_fireedge_endpoint: http://localhost:2616
:public_fireedge_endpoint: http://<YOUR_IP_OR_DOMAIN>:2616
:fireedge_verify_ssl: false

---

🌐 Сеть и интернет для VM

OpenNebula guide up internet for VM

---

1. Создание bridge

apt install bridge-utils -y

📌 Файл: /etc/network/interfaces

nano /etc/network/interfaces

# Внутренний мост для OpenNebula
auto br1
iface br1 inet static
    address 192.168.100.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0

---

2. Применение сети

systemctl restart networking

---

3. NAT (интернет для VM)

Включаем forwarding

📌 Файл: /etc/sysctl.d/99-opennebula-nat.conf

echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-opennebula-nat.conf
sysctl -p /etc/sysctl.d/99-opennebula-nat.conf

---

iptables

📌 Узнать интерфейс:

ip route | grep default

iptables -t nat -F

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i br1 -o eth0 -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

---

Сохранение

apt install iptables-persistent -y

---

4. Проброс портов

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 \
-j DNAT --to-destination 192.168.100.10:22

---

5. Сеть в OpenNebula

• Network → Virtual Network
• Mode: Bridged
• Bridge: br1

📌 Addresses → + Address Range

---

6. DNS (bind9)

apt install bind9 -y

📌 Файл: /etc/bind/named.conf.options

nano /etc/bind/named.conf.options

options {
    directory "/var/cache/bind";

    forwarders {
        8.8.8.8;
        8.8.4.4;
    };

    dnssec-validation auto;
    listen-on { 127.0.0.1; 192.168.100.1; };
    listen-on-v6 { none; };
};

systemctl restart bind9

---

7. DHCP

apt install isc-dhcp-server -y

📌 Интерфейс:

nano /etc/default/isc-dhcp-server

INTERFACESv4="br1"

---

📌 Конфиг: /etc/dhcp/dhcpd.conf

nano /etc/dhcp/dhcpd.conf

subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.2 192.168.100.254;
  option routers 192.168.100.1;

  option domain-name-servers 192.168.100.1;

  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.100.255;
  default-lease-time 600;
  max-lease-time 7200;
  abandon-lease-time 0;
}

---

systemctl restart isc-dhcp-server
systemctl status isc-dhcp-server

---

🎉 Готово!

✅ У тебя теперь:

• OpenNebula
• NAT + интернет для VM
• DHCP + DNS
• Полная инфраструктура

---

💡 Debug

journalctl -u opennebula -f
journalctl -u libvirtd -f
journalctl -u isc-dhcp-server -f

---

made with ❤️ for infra geeks