====== Installation frontend One ======
{{tag>Virtualisation One front install}}

Le front Open Nebula permet de gérer la virtualisation.

===== Prérequis =====

Nous utilisons une installation minimale de Debian 11 sur une machine dédiée.

===== Configuration du dépôt APT =====

Nous installons les paquets dont nous avons besoin
<code>
apt install gpg wget apt-transport-https
</code>

Nous récupérons la clé publique du dépôt
<code>
wget -q -O- https://downloads.opennebula.io/repo/repo2.key | gpg --dearmor -o /usr/share/keyrings/one-archive-keyring.gpg
</code>

Nous créons le fichier de dépôt
<code>
cat > /etc/apt/sources.list.d/opennebula.list <<EOF
##
# APT OpenNebula repository
##

deb [signed-by=/usr/share/keyrings/one-archive-keyring.gpg] https://downloads.opennebula.io/repo/6.6/Debian/11 stable opennebula
EOF
</code>

Nous mettons à jour la liste des paquets
<code>
apt update
</code>

===== Installation base de données =====

<code>
apt install mariadb-server
</code>

Nous nous connectons au client MariaDB
<code>
mysql
</code>

<code>
CREATE USER 'oneadmin' IDENTIFIED BY '<thepassword>';
GRANT ALL PRIVILEGES ON opennebula.* TO 'oneadmin';
</code>

Nous sortons du client
<code>
QUIT
</code>

Nous configurons l'isolation des transactions
<code>
SET GLOBAL TRANSACTION ISOLATION LEVEL READ COMMITTED;
</code>

===== Installation OpenNebula =====

Nous installons les paquets OpenNebula à proprement parler
<code>
apt install opennebula opennebula-sunstone opennebula-fireedge opennebula-gate opennebula-flow opennebula-provision
</code>

===== Configuration OpenNebula =====

Nous ajoutons la configuration de la base de données dans le fichier /etc/one/oned.conf
<code>
vi /etc/one/oned.conf
</code>

Nous remplaçons la configuration avec sqlite par
<code>
DB = [ BACKEND = "mysql",
       SERVER  = "localhost",
       PORT    = 0,
       USER    = "oneadmin",
       PASSWD  = "<thepassword>",
       DB_NAME = "opennebula",
       CONNECTIONS = 25,
       COMPARE_BINARY = "no" ]
</code>

Nous configurons FireEdge
<code>
vi /etc/one/sunstone-server.conf
</code>

<code>
:public_fireedge_endpoint: http://one.example.com:443
</code>

Nous configurons onegate server
<code>
vi /etc/one/onegate-server.conf
</code>

<code>
:host: 0.0.0.0
</code>

Nous configurons onegate endpoint
<code>
vi /etc/one/oned.conf
</code>

<code>
ONEGATE_ENDPOINT = "http://one.example.com:5030"
</code>

===== Démarrage et activation des services =====

Nous démarrons les services
<code>
systemctl start opennebula opennebula-sunstone opennebula-fireedge opennebula-gate opennebula-flow
</code>

Nous activons les services
<code>
systemctl enable opennebula opennebula-sunstone opennebula-fireedge opennebula-gate opennebula-flow
</code>

===== Proxy Nginx =====

Nous installons Nginx
<code>
apt install nginx
</code>

Nous configurons le vHost

<code>
vi /etc/nginx/site-available/one.example.com.conf
</code>

<code>
##
# Nginx vHost
# Application: OpenNebula Sunstone
# Sources:
# https://github.com/storpool/addon-vnctoken/blob/master/vnctoken.conf.nginx
# https://forum.opennebula.io/t/fireedge-public-endpoint-is-not-working/9611/5
##

# No squealing.
server_tokens off;

# OpenNebula Sunstone upstream
upstream sunstone {
  server 127.0.0.1:9869;
}

# OpenNebula fireedge upstream
upstream fireedge {
  server 127.0.0.1:2616;
}

# OpenNebula websocketproxy upstream
upstream websocketproxy {
  server 127.0.0.1:29876;
}

# HTTP virtual host, redirect to HTTPS
server {
    listen 80;
    server_name one.example.com;
    return 301 https://one.example.com;
}

#
# Example Sunstone configuration (/etc/one/sunstone-server.conf)
#
#:vnc_proxy_port: 127.0.0.1:29876
#:vnc_proxy_support_wss: only
#:vnc_proxy_cert: /etc/letsencrypt/live/frontend/fullchain.pem
#:vnc_proxy_key: /etc/letsencrypt/live/frontend/privkey.pem
#:vnc_proxy_ipv6: false
#:vnc_request_password: false
#:vnc_client_port: 443

# HTTPS virtual host, proxy to Sunstone
server {
    listen 443 ssl;
    server_name one.example.com;
    ssl_certificate     /etc/ssl/certs/one.example.com.crt;
    ssl_certificate_key /etc/ssl/private/one.example.com.key;

    location / {
        proxy_pass http://sunstone;
        proxy_redirect     off;
        log_not_found      off;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_set_header   X-Forwarded-FOR $proxy_add_x_forwarded_for;
    }
  
    location /websockify {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header x-forwarded-proto  $scheme;
        proxy_set_header Host $host;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_read_timeout 86400;
        proxy_pass https://websocketproxy;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

# HTTPS virtual host, proxy to FireEdge 
server {
    listen 443 ssl;
    server_name fireedge.example.com;
    ssl_certificate     /etc/ssl/certs/fireedge.example.com.crt;
    ssl_certificate_key /etc/ssl/private/fireedge.example.com.key;

    location / {
        proxy_pass http://fireedge;
        proxy_redirect     off;
        log_not_found      off;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_set_header   X-Forwarded-FOR $proxy_add_x_forwarded_for;
    }
}
</code>

<code>
cd /etc/nginx/site-enabled
ln -s /etc/nginx/site-available/one.example.com.conf
</code>

Nous testons la configuration et redémarrons
<code>
nginx -t
systemctl reload nginx.service
</code>

===== Liens =====

  * [[https://docs.opennebula.io/6.6/|documentation Open Nebula]]
  * [[https://docs.opennebula.io/6.6/installation_and_configuration/frontend_installation/database.html#mysql|configuration MariaDB]]
  * [[https://docs.opennebula.io/6.6/installation_and_configuration/frontend_installation/install.html|single frontend installation]]