Front-end Installation

This page shows you how to install OpenNebula from the binary packages.

Using the packages provided in our site is the recommended method, to ensure the installation of the latest version and to avoid possible packages divergences of different distributions. There are two alternatives here: you can add our package repositories to your system, or visit the software menu to download the latest package for your Linux distribution.

If there are no packages for your distribution, head to the Building from Source Code guide.

Step 1. SELinux on CentOS/RHEL 7

SELinux can block some operations initiated by the OpenNebula Front-end, which results in their failures. If the administrator isn’t experienced in the SELinux configuration, it’s recommended to disable this functionality to avoid unexpected failures. You can enable SELinux anytime later when you have the installation working.

Enable SELinux

Change the following line in /etc/selinux/config to enable SELinux in enforcing state:


When changing from the disabled state, it’s necessary to trigger filesystem relabel on the next boot by creating a file /.autorelabel, e.g.:

touch /.autorelabel

After the changes, you should reboot the machine.


Follow the SELinux User’s and Administrator’s Guide for more information on how to configure and troubleshoot the SELinux.

Step 2. Add OpenNebula Repositories


To add OpenNebula repository execute the following as root:

# cat << EOT > /etc/yum.repos.d/opennebula.repo


To add OpenNebula repository on Debian/Ubuntu execute as root:

wget -q -O- | apt-key add -

Debian 9

echo "deb stable opennebula" > /etc/apt/sources.list.d/opennebula.list

Ubuntu 16.04

echo "deb stable opennebula" > /etc/apt/sources.list.d/opennebula.list

Ubuntu 18.04

echo "deb stable opennebula" > /etc/apt/sources.list.d/opennebula.list

Ubuntu 18.10

echo "deb stable opennebula" > /etc/apt/sources.list.d/opennebula.list

Step 3. Installing the Software

Installing on CentOS/RHEL 7


Activate the EPEL (Extra Packages for Enterprise Linux) repository before installing the OpenNebula.

On CentOS 7, enabling EPEL is as easy as installation of the package with additional repository configuration:

yum install epel-release

On RHEL 7, first you need the RHEL optional and extras repositories configured:

subscription-manager repos --enable rhel-7-server-optional-rpms
subscription-manager repos --enable rhel-7-server-extras-rpms

and, then you can enable the EPEL:

rpm -ivh

Install the CentOS/RHEL OpenNebula Front-end with packages from our repository by executing the following as root:

yum install opennebula-server opennebula-sunstone opennebula-ruby opennebula-gate opennebula-flow

CentOS/RHEL Package Description

The packages for the OpenNebula front-end and the virtualization host are as follows:

  • opennebula: Command Line Interface.
  • opennebula-server: Main OpenNebula daemon, scheduler, etc.
  • opennebula-sunstone: Sunstone (the GUI) and the EC2 API.
  • opennebula-ruby: Ruby Bindings.
  • opennebula-java: Java Bindings.
  • python-pyone: Python Bindings.
  • opennebula-gate: OneGate server that enables communication between VMs and OpenNebula.
  • opennebula-flow: OneFlow manages services and elasticity.
  • opennebula-node-kvm: Meta-package that installs the oneadmin user, libvirt and kvm.
  • opennebula-common: Common files for OpenNebula packages.


The configuration files are located in /etc/one and /var/lib/one/remotes/etc.

Installing on Debian/Ubuntu

To install OpenNebula on a Debian/Ubuntu Front-end using packages from our repositories execute as root:

apt-get update
apt-get install opennebula opennebula-sunstone opennebula-gate opennebula-flow

Debian/Ubuntu Package Description

These are the packages available for these distributions:


  • opennebula-common: Provides the user and common files.
  • ruby-opennebula: Ruby API.
  • libopennebula-java: Java API.
  • python-pyone: Python API.
  • libopennebula-java-doc: Java API Documentation.
  • opennebula-node: Prepares a node as an opennebula KVM node.
  • opennebula-node-lxd: Prepares a node as an opennebula LXD node.
  • opennebula-lxd-snap: Installs LXD snap (only on Ubuntu 16.04 and 18.04).
  • opennebula-sunstone: Sunstone (the GUI).
  • opennebula-tools: Command Line interface.
  • opennebula-gate: OneGate server that enables communication between VMs and OpenNebula.
  • opennebula-flow: OneFlow manages services and elasticity.
  • opennebula: OpenNebula Daemon.


Besides /etc/one, the following files are marked as configuration files:

  • /var/lib/one/remotes/etc/datastore/ceph/ceph.conf
  • /var/lib/one/remotes/etc/vnm/OpenNebulaNetwork.conf

Step 4. Ruby Runtime Installation

Some OpenNebula components need Ruby libraries. OpenNebula provides a script that installs the required gems as well as some development libraries packages needed.

As root execute:


The previous script is prepared to detect common Linux distributions and install the required libraries. If it fails to find the packages needed in your system, manually install these packages:

  • sqlite3 development library
  • mysql client development library
  • curl development library
  • libxml2 and libxslt development libraries
  • ruby development library
  • gcc and g++
  • make

If you want to install only a set of gems for an specific component read Building from Source Code where it is explained in more depth.

Step 5. Enabling MySQL/MariaDB (Optional)

You can skip this step if you just want to deploy OpenNebula as quickly as possible. However if you are deploying this for production or in a more serious environment, make sure you read the MySQL Setup section.

Note that it is possible to switch from SQLite to MySQL, but since it’s more cumbersome to migrate databases, we suggest that if in doubt, use MySQL from the start.

Step 6. Starting OpenNebula


If you are performing an upgrade skip this and the next steps and go back to the upgrade document.

Log in as the oneadmin user follow these steps:

The /var/lib/one/.one/one_auth fill will have been created with a randomly-generated password. It should contain the following: oneadmin:<password>. Feel free to change the password before starting OpenNebula. For example:

echo "oneadmin:mypassword" > ~/.one/one_auth


This will set the oneadmin password on the first boot. From that point, you must use the oneuser passwd command to change oneadmin’s password. More information on how to change oneadmin password here

You are ready to start the OpenNebula daemons. You can use systemctl for Linux distributions which have adopted systemd:

systemctl start opennebula
systemctl start opennebula-sunstone

Or use service in older Linux systems:

service opennebula start
service opennebula-sunstone start

Step 7. Verifying the Installation

After OpenNebula is started for the first time, you should check that the commands can connect to the OpenNebula daemon. You can do this in the Linux CLI or in the graphical user interface: Sunstone.

Linux CLI

In the Front-end, run the following command as oneadmin:

oneuser show
ID              : 0
NAME            : oneadmin
GROUP           : oneadmin
PASSWORD        : 3bc15c8aae3e4124dd409035f32ea2fd6835efc9
AUTH_DRIVER     : core
ENABLED         : Yes



If you get an error message, then the OpenNebula daemon could not be started properly:

oneuser show
Failed to open TCP connection to localhost:2633 (Connection refused - connect(2) for "localhost" port 2633)

The OpenNebula logs are located in /var/log/one, you should have at least the files oned.log and sched.log, the core and scheduler logs. Check oned.log for any error messages, marked with [E].


Now you can try to log in into Sunstone web interface. To do this point your browser to http://<frontend_address>:9869. If everything is OK you will be greeted with a login page. The user is oneadmin and the password is the one in the file /var/lib/one/.one/one_auth in your Front-end.

If the page does not load, make sure you check /var/log/one/sunstone.log and /var/log/one/sunstone.error. Also, make sure TCP port 9869 is allowed through the firewall.

Directory Structure

The following table lists some notable paths that are available in your Front-end after the installation:

Path Description
/etc/one/ Configuration Files
/var/log/one/ Log files, notably: oned.log, sched.log, sunstone.log and <vmid>.log
/var/lib/one/ oneadmin home directory
/var/lib/one/datastores/<dsid>/ Storage for the datastores
/var/lib/one/vms/<vmid>/ Action files for VMs (deployment file, transfer manager scripts, etc...)
/var/lib/one/.one/one_auth oneadmin credentials
/var/lib/one/remotes/ Probes and scripts that will be synced to the Hosts
/var/lib/one/remotes/hooks/ Hook scripts
/var/lib/one/remotes/vmm/ Virtual Machine Manager Driver scripts
/var/lib/one/remotes/auth/ Authentication Driver scripts
/var/lib/one/remotes/im/ Information Manager (monitoring) Driver scripts
/var/lib/one/remotes/market/ MarketPlace Driver scripts
/var/lib/one/remotes/datastore/ Datastore Driver scripts
/var/lib/one/remotes/vnm/ Networking Driver scripts
/var/lib/one/remotes/tm/ Transfer Manager Driver scripts

Firewall configuration

The list below shows the ports used by OpenNebula, these ports needs to be open for OpenNebula to work properly:

Port Description
9869 Sunstone server.
29876 VNC proxy port, used for translating and redirecting VNC connections to the hypervisors.
2633 OpenNebula daemon, main XML-RPC API endpoint.
2474 OneFlow server. This port only needs to be opened if OneFlow server is used.
5030 OneGate server. This port only needs to be opened if OneGate server is used.

OpenNebula connects to the hypervisors through ssh (port 22). Additionally oned may connect to OpenNebula Marketplace ( and Linux Containers Makerplace ( to get a list of available appliances. You should open outgoing connections to these ports and protocols. Note: These are the default ports, each component can be configure to bind to specific ports or use a HTTP Proxy.

Step 8. Next steps

Now that you have successfully started your OpenNebula service, head over to the Node Installation chapter in order to add hypervisors to your cloud.


To change oneadmin password, follow the next steps:

oneuser passwd 0 <PASSWORD>
echo 'oneadmin:PASSWORD' > /var/lib/one/.one/one_auth

Test that everything works using oneuser show.