~ahasenack/serverguide/use-sasl-external-for-config-changes-973981
» Revision
308
: serverguide/po/ace.po
« back to all changes in this revision
Viewing changes to serverguide/po/ace.po
- browse files at revision 308
- compare with another revision
- download diff
- download tarball
- view history from revision 308
- Committer: Doug Smythies
- Date: 2016-12-22 00:01:42 UTC
- Revision ID: dsmythies@telus.net-20161222000142-x81lfy023vauvtbh
update PO files. Serverguide 16.04 point release.
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/ace.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2016-05-13 09:11-0700\n"
10
"POT-Creation-Date: 2016-12-06 21:37-0800\n"
11
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Acehnese <ace@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2016-05-13 21:04+0000\n"
18
"X-Generator: Launchpad (build 18025)\n"
17
"X-Launchpad-Export-Date: 2016-12-21 23:24+0000\n"
18
"X-Generator: Launchpad (build 18298)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
87
87
"for the development and deployment of Web-based applications."
88
88
msgstr ""
89
89
90
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:980(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:838(title) serverguide/C/virtualization.xml:1697(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2798(title) serverguide/C/network-auth.xml:3270(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:288(title) serverguide/C/lamp-applications.xml:435(title) serverguide/C/lamp-applications.xml:549(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
90
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:991(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:906(title) serverguide/C/virtualization.xml:1765(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2791(title) serverguide/C/network-auth.xml:3263(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:401(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
91
91
msgid "Installation"
92
92
msgstr "安装"
93
93
105
105
msgid "sudo apt install apache2"
106
106
msgstr ""
107
107
108
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1007(title) serverguide/C/web-servers.xml:1110(title) serverguide/C/virtualization.xml:869(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2885(title) serverguide/C/network-auth.xml:3291(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:315(title) serverguide/C/lamp-applications.xml:465(title) serverguide/C/lamp-applications.xml:570(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
108
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1018(title) serverguide/C/web-servers.xml:1121(title) serverguide/C/virtualization.xml:937(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2878(title) serverguide/C/network-auth.xml:3284(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:317(title) serverguide/C/lamp-applications.xml:422(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
109
109
msgid "Configuration"
110
110
msgstr "配置"
111
111
344
344
msgid "sudo a2ensite mynewsite"
345
345
msgstr "sudo a2ensite mynewsite"
346
346
347
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
347
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:462(command)
348
348
msgid "sudo systemctl restart apache2.service"
349
349
msgstr ""
350
350
735
735
"Access Control Lists (ACLs)."
736
736
msgstr ""
737
737
738
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:962(title) serverguide/C/web-servers.xml:1057(title) serverguide/C/web-servers.xml:1282(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
738
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:973(title) serverguide/C/web-servers.xml:1068(title) serverguide/C/web-servers.xml:1293(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:370(title) serverguide/C/lamp-applications.xml:525(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
739
739
msgid "References"
740
740
msgstr ""
741
741
958
958
msgstr ""
959
959
960
960
#: serverguide/C/web-servers.xml:863(command)
961
msgid "sudo apt install squid3"
961
msgid "sudo apt install squid"
962
962
msgstr ""
963
963
964
964
#: serverguide/C/web-servers.xml:869(para)
965
965
msgid ""
966
966
"Squid is configured by editing the directives contained within the "
967
"<filename>/etc/squid3/squid.conf</filename> configuration file. The "
968
"following examples illustrate some of the directives which may be modified "
969
"to affect the behavior of the Squid server. For more in-depth configuration "
970
"of Squid, see the References section."
967
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
968
"examples illustrate some of the directives which may be modified to affect "
969
"the behavior of the Squid server. For more in-depth configuration of Squid, "
970
"see the References section."
971
971
msgstr ""
972
972
973
973
#: serverguide/C/web-servers.xml:875(para)
979
979
msgstr ""
980
980
981
981
#: serverguide/C/web-servers.xml:881(command)
982
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
982
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
983
983
msgstr ""
984
984
985
985
#: serverguide/C/web-servers.xml:882(command)
986
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
986
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
987
987
msgstr ""
988
988
989
989
#: serverguide/C/web-servers.xml:889(para)
1024
1024
#: serverguide/C/web-servers.xml:912(para) serverguide/C/web-servers.xml:932(para)
1025
1025
msgid ""
1026
1026
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1027
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1027
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
1028
1028
msgstr ""
1029
1029
1030
1030
#: serverguide/C/web-servers.xml:915(programlisting)
1037
1037
#: serverguide/C/web-servers.xml:918(para) serverguide/C/web-servers.xml:939(para)
1038
1038
msgid ""
1039
1039
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1040
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1040
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
1041
1041
msgstr ""
1042
1042
1043
1043
#: serverguide/C/web-servers.xml:922(programlisting)
1073
1073
1074
1074
#: serverguide/C/web-servers.xml:950(para)
1075
1075
msgid ""
1076
"After making changes to the <filename>/etc/squid3/squid.conf</filename> "
1077
"file, save the file and restart the <application>squid</application> server "
1076
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
1077
"save the file and restart the <application>squid</application> server "
1078
1078
"application to effect the changes using the following command entered at a "
1079
1079
"terminal prompt:"
1080
1080
msgstr ""
1081
1081
1082
1082
#: serverguide/C/web-servers.xml:956(command)
1083
msgid "sudo systemctl restart squid3.service"
1084
msgstr ""
1085
1086
#: serverguide/C/web-servers.xml:964(ulink)
1083
msgid "sudo systemctl restart squid.service"
1084
msgstr ""
1085
1086
#: serverguide/C/web-servers.xml:961(para)
1087
msgid ""
1088
"If formerly a customized squid3 was used that set up the spool at "
1089
"<filename>/var/log/squid3</filename> to be a mountpoint, but otherwise kept "
1090
"the default configuration the upgrade will fail. The upgrade tries to "
1091
"rename/move files as needed, but it can't do so for an active mountpoint. In "
1092
"that case please either adapt the mountpoint or the config in "
1093
"<filename>/etc/squid/squid.conf</filename> so that they match."
1094
msgstr ""
1095
1096
#: serverguide/C/web-servers.xml:966(para)
1097
msgid ""
1098
"The same applies if the <emphasis role=\"bold\">include</emphasis> config "
1099
"statement was used to pull in more files from the old path at "
1100
"<filename>/etc/squid3/</filename>. In those cases you should move and adapt "
1101
"your configuration accordingly."
1102
msgstr ""
1103
1104
#: serverguide/C/web-servers.xml:975(ulink)
1087
1105
msgid "Squid Website"
1088
1106
msgstr ""
1089
1107
1090
#: serverguide/C/web-servers.xml:966(para)
1108
#: serverguide/C/web-servers.xml:977(para)
1091
1109
msgid ""
1092
1110
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1093
1111
"Squid</ulink> page."
1094
1112
msgstr ""
1095
1113
1096
#: serverguide/C/web-servers.xml:973(title)
1114
#: serverguide/C/web-servers.xml:984(title)
1097
1115
msgid "Ruby on Rails"
1098
1116
msgstr ""
1099
1117
1100
#: serverguide/C/web-servers.xml:974(para)
1118
#: serverguide/C/web-servers.xml:985(para)
1101
1119
msgid ""
1102
1120
"Ruby on Rails is an open source web framework for developing database backed "
1103
1121
"web applications. It is optimized for sustainable productivity of the "
1105
1123
"convention over configuration."
1106
1124
msgstr ""
1107
1125
1108
#: serverguide/C/web-servers.xml:981(para)
1126
#: serverguide/C/web-servers.xml:992(para)
1109
1127
msgid ""
1110
1128
"Before installing <application>Rails</application> you should install "
1111
1129
"<application>Apache</application> and <application>MySQL</application>. To "
1114
1132
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1115
1133
msgstr ""
1116
1134
1117
#: serverguide/C/web-servers.xml:989(para)
1135
#: serverguide/C/web-servers.xml:1000(para)
1118
1136
msgid ""
1119
1137
"Once you have <application>Apache</application> and "
1120
1138
"<application>MySQL</application> packages installed, you are ready to "
1121
1139
"install <application>Ruby on Rails</application> package."
1122
1140
msgstr ""
1123
1141
1124
#: serverguide/C/web-servers.xml:996(para)
1142
#: serverguide/C/web-servers.xml:1007(para)
1125
1143
msgid ""
1126
1144
"To install the <application>Ruby</application> base packages and "
1127
1145
"<application>Ruby on Rails</application>, you can enter the following "
1128
1146
"command in the terminal prompt:"
1129
1147
msgstr ""
1130
1148
1131
#: serverguide/C/web-servers.xml:1002(command)
1149
#: serverguide/C/web-servers.xml:1013(command)
1132
1150
msgid "sudo apt install rails"
1133
1151
msgstr ""
1134
1152
1135
#: serverguide/C/web-servers.xml:1008(para)
1153
#: serverguide/C/web-servers.xml:1019(para)
1136
1154
msgid ""
1137
1155
"Modify the <filename>/etc/apache2/sites-available/000-"
1138
1156
"default.conf</filename> configuration file to setup your domains."
1139
1157
msgstr ""
1140
1158
1141
#: serverguide/C/web-servers.xml:1012(para)
1159
#: serverguide/C/web-servers.xml:1023(para)
1142
1160
msgid ""
1143
1161
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1144
1162
msgstr ""
1145
1163
1146
#: serverguide/C/web-servers.xml:1016(programlisting)
1164
#: serverguide/C/web-servers.xml:1027(programlisting)
1147
1165
#, no-wrap
1148
1166
msgid ""
1149
1167
"\n"
1150
1168
"DocumentRoot /path/to/rails/application/public\n"
1151
1169
msgstr ""
1152
1170
1153
#: serverguide/C/web-servers.xml:1019(para)
1171
#: serverguide/C/web-servers.xml:1030(para)
1154
1172
msgid ""
1155
1173
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1156
1174
"directive:"
1157
1175
msgstr ""
1158
1176
1159
#: serverguide/C/web-servers.xml:1023(programlisting)
1177
#: serverguide/C/web-servers.xml:1034(programlisting)
1160
1178
#, no-wrap
1161
1179
msgid ""
1162
1180
"\n"
1169
1187
"</Directory>\n"
1170
1188
msgstr ""
1171
1189
1172
#: serverguide/C/web-servers.xml:1033(para)
1190
#: serverguide/C/web-servers.xml:1044(para)
1173
1191
msgid ""
1174
1192
"You should also enable the <application>mod_rewrite</application> module for "
1175
1193
"Apache. To enable <application>mod_rewrite</application> module, please "
1176
1194
"enter the following command in a terminal prompt:"
1177
1195
msgstr ""
1178
1196
1179
#: serverguide/C/web-servers.xml:1039(command)
1197
#: serverguide/C/web-servers.xml:1050(command)
1180
1198
msgid "sudo a2enmod rewrite"
1181
1199
msgstr ""
1182
1200
1183
#: serverguide/C/web-servers.xml:1042(para)
1201
#: serverguide/C/web-servers.xml:1053(para)
1184
1202
msgid ""
1185
1203
"Finally you will need to change the ownership of the "
1186
1204
"<filename>/path/to/rails/application/public</filename> and "
1188
1206
"used to run the <application>Apache</application> process:"
1189
1207
msgstr ""
1190
1208
1191
#: serverguide/C/web-servers.xml:1048(command)
1209
#: serverguide/C/web-servers.xml:1059(command)
1192
1210
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1193
1211
msgstr ""
1194
1212
1195
#: serverguide/C/web-servers.xml:1049(command)
1213
#: serverguide/C/web-servers.xml:1060(command)
1196
1214
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1197
1215
msgstr ""
1198
1216
1199
#: serverguide/C/web-servers.xml:1052(para)
1217
#: serverguide/C/web-servers.xml:1063(para)
1200
1218
msgid ""
1201
1219
"That's it! Now you have your Server ready for your <application>Ruby on "
1202
1220
"Rails</application> applications."
1203
1221
msgstr ""
1204
1222
1205
#: serverguide/C/web-servers.xml:1061(para)
1223
#: serverguide/C/web-servers.xml:1072(para)
1206
1224
msgid ""
1207
1225
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1208
1226
"for more information."
1209
1227
msgstr ""
1210
1228
1211
#: serverguide/C/web-servers.xml:1066(para)
1229
#: serverguide/C/web-servers.xml:1077(para)
1212
1230
msgid ""
1213
1231
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1214
1232
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1215
1233
"resource."
1216
1234
msgstr ""
1217
1235
1218
#: serverguide/C/web-servers.xml:1072(para)
1236
#: serverguide/C/web-servers.xml:1083(para)
1219
1237
msgid ""
1220
1238
"Another place for more information is the <ulink "
1221
1239
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1222
1240
"Wiki</ulink> page."
1223
1241
msgstr ""
1224
1242
1225
#: serverguide/C/web-servers.xml:1083(title)
1243
#: serverguide/C/web-servers.xml:1094(title)
1226
1244
msgid "Apache Tomcat"
1227
1245
msgstr ""
1228
1246
1229
#: serverguide/C/web-servers.xml:1084(para)
1247
#: serverguide/C/web-servers.xml:1095(para)
1230
1248
msgid ""
1231
1249
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1232
1250
"JSP (Java Server Pages) web applications."
1233
1251
msgstr ""
1234
1252
1235
#: serverguide/C/web-servers.xml:1086(para)
1253
#: serverguide/C/web-servers.xml:1097(para)
1236
1254
msgid ""
1237
1255
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1238
1256
"legacy version, and Tomcat 7 is the current version where new features are "
1240
1258
"but most configuration details are valid for both versions."
1241
1259
msgstr ""
1242
1260
1243
#: serverguide/C/web-servers.xml:1089(para)
1261
#: serverguide/C/web-servers.xml:1100(para)
1244
1262
msgid ""
1245
1263
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1246
1264
"You can install them as a classic unique system-wide instance, that will be "
1251
1269
"need to test on their own private Tomcat instances."
1252
1270
msgstr ""
1253
1271
1254
#: serverguide/C/web-servers.xml:1099(title)
1272
#: serverguide/C/web-servers.xml:1110(title)
1255
1273
msgid "System-wide installation"
1256
1274
msgstr ""
1257
1275
1258
#: serverguide/C/web-servers.xml:1100(para)
1276
#: serverguide/C/web-servers.xml:1111(para)
1259
1277
msgid ""
1260
1278
"To install the Tomcat server, you can enter the following command in the "
1261
1279
"terminal prompt:"
1262
1280
msgstr ""
1263
1281
1264
#: serverguide/C/web-servers.xml:1103(command)
1282
#: serverguide/C/web-servers.xml:1114(command)
1265
1283
msgid "sudo apt install tomcat7"
1266
1284
msgstr ""
1267
1285
1268
#: serverguide/C/web-servers.xml:1105(para)
1286
#: serverguide/C/web-servers.xml:1116(para)
1269
1287
msgid ""
1270
1288
"This will install a Tomcat server with just a default ROOT webapp that "
1271
1289
"displays a minimal \"It works\" page by default."
1272
1290
msgstr ""
1273
1291
1274
#: serverguide/C/web-servers.xml:1111(para)
1292
#: serverguide/C/web-servers.xml:1122(para)
1275
1293
msgid ""
1276
1294
"Tomcat configuration files can be found in "
1277
1295
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1280
1298
"documentation</ulink> for more."
1281
1299
msgstr ""
1282
1300
1283
#: serverguide/C/web-servers.xml:1117(title)
1301
#: serverguide/C/web-servers.xml:1128(title)
1284
1302
msgid "Changing default ports"
1285
1303
msgstr ""
1286
1304
1287
#: serverguide/C/web-servers.xml:1118(para)
1305
#: serverguide/C/web-servers.xml:1129(para)
1288
1306
msgid ""
1289
1307
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1290
1308
"port 8009. You might want to change those default ports to avoid conflict "
1292
1310
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1293
1311
msgstr ""
1294
1312
1295
#: serverguide/C/web-servers.xml:1123(programlisting)
1313
#: serverguide/C/web-servers.xml:1134(programlisting)
1296
1314
#, no-wrap
1297
1315
msgid ""
1298
1316
"\n"
1304
1322
"/>\n"
1305
1323
msgstr ""
1306
1324
1307
#: serverguide/C/web-servers.xml:1132(title)
1325
#: serverguide/C/web-servers.xml:1143(title)
1308
1326
msgid "Changing JVM used"
1309
1327
msgstr ""
1310
1328
1311
#: serverguide/C/web-servers.xml:1133(para)
1329
#: serverguide/C/web-servers.xml:1144(para)
1312
1330
msgid ""
1313
1331
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1314
1332
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1315
1333
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1316
1334
msgstr ""
1317
1335
1318
#: serverguide/C/web-servers.xml:1137(programlisting)
1336
#: serverguide/C/web-servers.xml:1148(programlisting)
1319
1337
#, no-wrap
1320
1338
msgid ""
1321
1339
"\n"
1322
1340
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1323
1341
msgstr ""
1324
1342
1325
#: serverguide/C/web-servers.xml:1142(title)
1343
#: serverguide/C/web-servers.xml:1153(title)
1326
1344
msgid "Declaring users and roles"
1327
1345
msgstr ""
1328
1346
1329
#: serverguide/C/web-servers.xml:1143(para)
1347
#: serverguide/C/web-servers.xml:1154(para)
1330
1348
msgid ""
1331
1349
"Usernames, passwords and roles (groups) can be defined centrally in a "
1332
1350
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1333
1351
"users.xml</filename> file:"
1334
1352
msgstr ""
1335
1353
1336
#: serverguide/C/web-servers.xml:1146(programlisting)
1354
#: serverguide/C/web-servers.xml:1157(programlisting)
1337
1355
#, no-wrap
1338
1356
msgid ""
1339
1357
"\n"
1341
1359
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1342
1360
msgstr ""
1343
1361
1344
#: serverguide/C/web-servers.xml:1154(title)
1362
#: serverguide/C/web-servers.xml:1165(title)
1345
1363
msgid "Using Tomcat standard webapps"
1346
1364
msgstr ""
1347
1365
1348
#: serverguide/C/web-servers.xml:1155(para)
1366
#: serverguide/C/web-servers.xml:1166(para)
1349
1367
msgid ""
1350
1368
"Tomcat is shipped with webapps that you can install for documentation, "
1351
1369
"administration or demo purposes."
1352
1370
msgstr ""
1353
1371
1354
#: serverguide/C/web-servers.xml:1158(title)
1372
#: serverguide/C/web-servers.xml:1169(title)
1355
1373
msgid "Tomcat documentation"
1356
1374
msgstr ""
1357
1375
1358
#: serverguide/C/web-servers.xml:1159(para)
1376
#: serverguide/C/web-servers.xml:1170(para)
1359
1377
msgid ""
1360
1378
"The <application>tomcat7-docs</application> package contains Tomcat "
1361
1379
"documentation, packaged as a webapp that you can access by default at "
1363
1381
"command in the terminal prompt:"
1364
1382
msgstr ""
1365
1383
1366
#: serverguide/C/web-servers.xml:1164(command)
1384
#: serverguide/C/web-servers.xml:1175(command)
1367
1385
msgid "sudo apt install tomcat7-docs"
1368
1386
msgstr ""
1369
1387
1370
#: serverguide/C/web-servers.xml:1168(title)
1388
#: serverguide/C/web-servers.xml:1179(title)
1371
1389
msgid "Tomcat administration webapps"
1372
1390
msgstr ""
1373
1391
1374
#: serverguide/C/web-servers.xml:1169(para)
1392
#: serverguide/C/web-servers.xml:1180(para)
1375
1393
msgid ""
1376
1394
"The <application>tomcat7-admin</application> package contains two webapps "
1377
1395
"that can be used to administer the Tomcat server using a web interface. You "
1378
1396
"can install them by entering the following command in the terminal prompt:"
1379
1397
msgstr ""
1380
1398
1381
#: serverguide/C/web-servers.xml:1174(command)
1399
#: serverguide/C/web-servers.xml:1185(command)
1382
1400
msgid "sudo apt install tomcat7-admin"
1383
1401
msgstr ""
1384
1402
1385
#: serverguide/C/web-servers.xml:1176(para)
1403
#: serverguide/C/web-servers.xml:1187(para)
1386
1404
msgid ""
1387
1405
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1388
1406
"access by default at http://yourserver:8080/manager/html. It is primarily "
1389
1407
"used to get server status and restart webapps."
1390
1408
msgstr ""
1391
1409
1392
#: serverguide/C/web-servers.xml:1179(para)
1410
#: serverguide/C/web-servers.xml:1190(para)
1393
1411
msgid ""
1394
1412
"Access to the <emphasis>manager</emphasis> application is protected by "
1395
1413
"default: you need to define a user with the role \"manager-gui\" in "
1396
1414
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1397
1415
msgstr ""
1398
1416
1399
#: serverguide/C/web-servers.xml:1183(para)
1417
#: serverguide/C/web-servers.xml:1194(para)
1400
1418
msgid ""
1401
1419
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1402
1420
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1403
1421
"used to create virtual hosts dynamically."
1404
1422
msgstr ""
1405
1423
1406
#: serverguide/C/web-servers.xml:1187(para)
1424
#: serverguide/C/web-servers.xml:1198(para)
1407
1425
msgid ""
1408
1426
"Access to the <emphasis>host-manager</emphasis> application is also "
1409
1427
"protected by default: you need to define a user with the role \"admin-gui\" "
1411
1429
"it."
1412
1430
msgstr ""
1413
1431
1414
#: serverguide/C/web-servers.xml:1192(para)
1432
#: serverguide/C/web-servers.xml:1203(para)
1415
1433
msgid ""
1416
1434
"For security reasons, the tomcat7 user cannot write to the "
1417
1435
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1420
1438
"the following, to give users in the tomcat7 group the necessary rights:"
1421
1439
msgstr ""
1422
1440
1423
#: serverguide/C/web-servers.xml:1199(command)
1441
#: serverguide/C/web-servers.xml:1210(command)
1424
1442
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1425
1443
msgstr ""
1426
1444
1427
#: serverguide/C/web-servers.xml:1200(command)
1445
#: serverguide/C/web-servers.xml:1211(command)
1428
1446
msgid "sudo chmod -R g+w /etc/tomcat7"
1429
1447
msgstr ""
1430
1448
1431
#: serverguide/C/web-servers.xml:1205(title)
1449
#: serverguide/C/web-servers.xml:1216(title)
1432
1450
msgid "Tomcat examples webapps"
1433
1451
msgstr ""
1434
1452
1435
#: serverguide/C/web-servers.xml:1206(para)
1453
#: serverguide/C/web-servers.xml:1217(para)
1436
1454
msgid ""
1437
1455
"The <application>tomcat7-examples</application> package contains two webapps "
1438
1456
"that can be used to test or demonstrate Servlets and JSP features, which you "
1440
1458
"install them by entering the following command in the terminal prompt:"
1441
1459
msgstr ""
1442
1460
1443
#: serverguide/C/web-servers.xml:1212(command)
1461
#: serverguide/C/web-servers.xml:1223(command)
1444
1462
msgid "sudo apt install tomcat7-examples"
1445
1463
msgstr ""
1446
1464
1447
#: serverguide/C/web-servers.xml:1218(title)
1465
#: serverguide/C/web-servers.xml:1229(title)
1448
1466
msgid "Using private instances"
1449
1467
msgstr ""
1450
1468
1451
#: serverguide/C/web-servers.xml:1219(para)
1469
#: serverguide/C/web-servers.xml:1230(para)
1452
1470
msgid ""
1453
1471
"Tomcat is heavily used in development and testing scenarios where using a "
1454
1472
"single system-wide instance doesn't meet the requirements of multiple users "
1458
1476
"system-installed libraries."
1459
1477
msgstr ""
1460
1478
1461
#: serverguide/C/web-servers.xml:1226(para)
1479
#: serverguide/C/web-servers.xml:1237(para)
1462
1480
msgid ""
1463
1481
"It is possible to run the system-wide instance and the private instances in "
1464
1482
"parallel, as long as they do not use the same TCP ports."
1465
1483
msgstr ""
1466
1484
1467
#: serverguide/C/web-servers.xml:1230(title)
1485
#: serverguide/C/web-servers.xml:1241(title)
1468
1486
msgid "Installing private instance support"
1469
1487
msgstr ""
1470
1488
1471
#: serverguide/C/web-servers.xml:1231(para)
1489
#: serverguide/C/web-servers.xml:1242(para)
1472
1490
msgid ""
1473
1491
"You can install everything necessary to run private instances by entering "
1474
1492
"the following command in the terminal prompt:"
1475
1493
msgstr ""
1476
1494
1477
#: serverguide/C/web-servers.xml:1234(command)
1495
#: serverguide/C/web-servers.xml:1245(command)
1478
1496
msgid "sudo apt install tomcat7-user"
1479
1497
msgstr ""
1480
1498
1481
#: serverguide/C/web-servers.xml:1238(title)
1499
#: serverguide/C/web-servers.xml:1249(title)
1482
1500
msgid "Creating a private instance"
1483
1501
msgstr ""
1484
1502
1485
#: serverguide/C/web-servers.xml:1239(para)
1503
#: serverguide/C/web-servers.xml:1250(para)
1486
1504
msgid ""
1487
1505
"You can create a private instance directory by entering the following "
1488
1506
"command in the terminal prompt:"
1489
1507
msgstr ""
1490
1508
1491
#: serverguide/C/web-servers.xml:1242(command)
1509
#: serverguide/C/web-servers.xml:1253(command)
1492
1510
msgid "tomcat7-instance-create my-instance"
1493
1511
msgstr ""
1494
1512
1495
#: serverguide/C/web-servers.xml:1244(para)
1513
#: serverguide/C/web-servers.xml:1255(para)
1496
1514
msgid ""
1497
1515
"This will create a new <filename>my-instance</filename> directory with all "
1498
1516
"the necessary subdirectories and scripts. You can for example install your "
1501
1519
"are deployed by default."
1502
1520
msgstr ""
1503
1521
1504
#: serverguide/C/web-servers.xml:1252(title)
1522
#: serverguide/C/web-servers.xml:1263(title)
1505
1523
msgid "Configuring your private instance"
1506
1524
msgstr ""
1507
1525
1508
#: serverguide/C/web-servers.xml:1253(para)
1526
#: serverguide/C/web-servers.xml:1264(para)
1509
1527
msgid ""
1510
1528
"You will find the classic Tomcat configuration files for your private "
1511
1529
"instance in the <filename>conf/</filename> subdirectory. You should for "
1514
1532
"conflict with other instances that might be running."
1515
1533
msgstr ""
1516
1534
1517
#: serverguide/C/web-servers.xml:1261(title)
1535
#: serverguide/C/web-servers.xml:1272(title)
1518
1536
msgid "Starting/stopping your private instance"
1519
1537
msgstr ""
1520
1538
1521
#: serverguide/C/web-servers.xml:1262(para)
1539
#: serverguide/C/web-servers.xml:1273(para)
1522
1540
msgid ""
1523
1541
"You can start your private instance by entering the following command in the "
1524
1542
"terminal prompt (supposing your instance is located in the <filename>my-"
1525
1543
"instance</filename> directory):"
1526
1544
msgstr ""
1527
1545
1528
#: serverguide/C/web-servers.xml:1266(command)
1546
#: serverguide/C/web-servers.xml:1277(command)
1529
1547
msgid "my-instance/bin/startup.sh"
1530
1548
msgstr ""
1531
1549
1532
#: serverguide/C/web-servers.xml:1268(para)
1550
#: serverguide/C/web-servers.xml:1279(para)
1533
1551
msgid ""
1534
1552
"You should check the <filename>logs/</filename> subdirectory for any error. "
1535
1553
"If you have a <emphasis>java.net.BindException: Address already in "
1537
1555
"is already taken and that you should change it."
1538
1556
msgstr ""
1539
1557
1540
#: serverguide/C/web-servers.xml:1273(para)
1558
#: serverguide/C/web-servers.xml:1284(para)
1541
1559
msgid ""
1542
1560
"You can stop your instance by entering the following command in the terminal "
1543
1561
"prompt (supposing your instance is located in the <filename>my-"
1544
1562
"instance</filename> directory):"
1545
1563
msgstr ""
1546
1564
1547
#: serverguide/C/web-servers.xml:1277(command)
1565
#: serverguide/C/web-servers.xml:1288(command)
1548
1566
msgid "my-instance/bin/shutdown.sh"
1549
1567
msgstr ""
1550
1568
1551
#: serverguide/C/web-servers.xml:1286(para)
1569
#: serverguide/C/web-servers.xml:1297(para)
1552
1570
msgid ""
1553
1571
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1554
1572
"website for more information."
1555
1573
msgstr ""
1556
1574
1557
#: serverguide/C/web-servers.xml:1291(para)
1575
#: serverguide/C/web-servers.xml:1302(para)
1558
1576
msgid ""
1559
1577
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1560
1578
"Definitive Guide</ulink> is a good resource for building web applications "
1561
1579
"with Tomcat."
1562
1580
msgstr ""
1563
1581
1564
#: serverguide/C/web-servers.xml:1297(para)
1582
#: serverguide/C/web-servers.xml:1308(para)
1565
1583
msgid ""
1566
1584
"For additional books see the <ulink "
1567
1585
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
2958
2976
2959
2977
#: serverguide/C/virtualization.xml:95(para)
2960
2978
msgid ""
2979
"In more recent releases (>= Yakkety) the group was renamed to "
2980
"<emphasis>libvirt</emphasis>. Upgraded systems get a new "
2981
"<emphasis>libvirt</emphasis> group with the same gid as the "
2982
"<emphasis>libvirtd</emphasis> group to match that."
2983
msgstr ""
2984
2985
#: serverguide/C/virtualization.xml:98(para)
2986
msgid ""
2961
2987
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2962
2988
"Installing a virtual machine follows the same process as installing the "
2963
2989
"operating system directly on the hardware. You either need a way to automate "
2965
2991
"physical machine."
2966
2992
msgstr ""
2967
2993
2968
#: serverguide/C/virtualization.xml:101(para)
2994
#: serverguide/C/virtualization.xml:104(para)
2969
2995
msgid ""
2970
2996
"In the case of virtual machines a Graphical User Interface (GUI) is "
2971
2997
"analogous to using a physical keyboard and mouse. Instead of installing a "
2974
3000
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
2975
3001
msgstr ""
2976
3002
2977
#: serverguide/C/virtualization.xml:108(para)
3003
#: serverguide/C/virtualization.xml:111(para)
2978
3004
msgid ""
2979
3005
"There are several ways to automate the Ubuntu installation process, for "
2980
3006
"example using preseeds, kickstart, etc. Refer to the <ulink "
2982
3008
"Installation Guide</ulink> for details."
2983
3009
msgstr ""
2984
3010
2985
#: serverguide/C/virtualization.xml:113(para)
3011
#: serverguide/C/virtualization.xml:116(para)
2986
3012
msgid ""
2987
3013
"Yet another way to install an Ubuntu virtual machine is to use "
2988
3014
"<application>uvtool</application>. This application, available as of 14.04, "
2990
3016
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2991
3017
msgstr ""
2992
3018
2993
#: serverguide/C/virtualization.xml:119(para)
3019
#: serverguide/C/virtualization.xml:122(para)
2994
3020
msgid ""
2995
3021
"Libvirt can also be configured work with <application>Xen</application>. For "
2996
3022
"details, see the Xen Ubuntu community page referenced below."
2997
3023
msgstr ""
2998
3024
2999
#: serverguide/C/virtualization.xml:125(title)
3025
#: serverguide/C/virtualization.xml:128(title)
3000
3026
msgid "virt-install"
3001
3027
msgstr ""
3002
3028
3003
#: serverguide/C/virtualization.xml:127(para)
3029
#: serverguide/C/virtualization.xml:130(para)
3004
3030
msgid ""
3005
3031
"<application>virt-install</application> is part of the "
3006
3032
"<application>virtinst</application> package. To install it, from a terminal "
3007
3033
"prompt enter:"
3008
3034
msgstr ""
3009
3035
3010
#: serverguide/C/virtualization.xml:132(command)
3036
#: serverguide/C/virtualization.xml:135(command)
3011
3037
msgid "sudo apt install virtinst"
3012
3038
msgstr ""
3013
3039
3014
#: serverguide/C/virtualization.xml:135(para)
3040
#: serverguide/C/virtualization.xml:138(para)
3015
3041
msgid ""
3016
3042
"There are several options available when using <application>virt-"
3017
3043
"install</application>. For example:"
3018
3044
msgstr ""
3019
3045
3020
#: serverguide/C/virtualization.xml:139(command)
3046
#: serverguide/C/virtualization.xml:142(command)
3021
3047
msgid ""
3022
3048
"sudo virt-install -n web_devel -r 256 \\ --disk "
3023
3049
"path=/var/lib/libvirt/images/web_devel.img,bus=virtio,size=4 -c \\ ubuntu-"
3025
3051
"vnc,listen=0.0.0.0 --noautoconsole -v"
3026
3052
msgstr ""
3027
3053
3028
#: serverguide/C/virtualization.xml:147(para)
3054
#: serverguide/C/virtualization.xml:150(para)
3029
3055
msgid ""
3030
3056
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3031
3057
"be <emphasis>web_devel</emphasis> in this example."
3032
3058
msgstr ""
3033
3059
3034
#: serverguide/C/virtualization.xml:153(para)
3060
#: serverguide/C/virtualization.xml:156(para)
3035
3061
msgid ""
3036
3062
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3037
3063
"machine will use in megabytes."
3038
3064
msgstr ""
3039
3065
3040
#: serverguide/C/virtualization.xml:158(para)
3066
#: serverguide/C/virtualization.xml:161(para)
3041
3067
msgid ""
3042
3068
"<emphasis>--disk "
3043
3069
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
3047
3073
"<emphasis>virtio</emphasis> for the disk bus."
3048
3074
msgstr ""
3049
3075
3050
#: serverguide/C/virtualization.xml:168(para)
3076
#: serverguide/C/virtualization.xml:171(para)
3051
3077
msgid ""
3052
3078
"<emphasis>-c ubuntu-16.04-server-i386.iso:</emphasis> file to be used as a "
3053
3079
"virtual CDROM. The file can be either an ISO file or the path to the host's "
3054
3080
"CDROM device."
3055
3081
msgstr ""
3056
3082
3057
#: serverguide/C/virtualization.xml:174(para)
3083
#: serverguide/C/virtualization.xml:177(para)
3058
3084
msgid ""
3059
3085
"<emphasis>--network</emphasis> provides details related to the VM's network "
3060
3086
"interface. Here the <emphasis>default</emphasis> network is used, and the "
3061
3087
"interface model is configured for <emphasis>virtio</emphasis>."
3062
3088
msgstr ""
3063
3089
3064
#: serverguide/C/virtualization.xml:181(para)
3090
#: serverguide/C/virtualization.xml:184(para)
3065
3091
msgid ""
3066
3092
"<emphasis>--graphics vnc,listen=0.0.0.0:</emphasis> exports the guest's "
3067
3093
"virtual console using VNC and on all host interfaces. Typically servers have "
3069
3095
"connect via VNC to complete the installation."
3070
3096
msgstr ""
3071
3097
3072
#: serverguide/C/virtualization.xml:189(para)
3098
#: serverguide/C/virtualization.xml:192(para)
3073
3099
msgid ""
3074
3100
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3075
3101
"virtual machine's console."
3076
3102
msgstr ""
3077
3103
3078
#: serverguide/C/virtualization.xml:194(para)
3104
#: serverguide/C/virtualization.xml:197(para)
3079
3105
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3080
3106
msgstr ""
3081
3107
3082
#: serverguide/C/virtualization.xml:199(para)
3108
#: serverguide/C/virtualization.xml:202(para)
3083
3109
msgid ""
3084
3110
"After launching <application>virt-install</application> you can connect to "
3085
3111
"the virtual machine's console either locally using a GUI (if your server has "
3086
3112
"a GUI), or via a remote VNC client from a GUI-based computer."
3087
3113
msgstr ""
3088
3114
3089
#: serverguide/C/virtualization.xml:206(title)
3115
#: serverguide/C/virtualization.xml:209(title)
3090
3116
msgid "virt-clone"
3091
3117
msgstr ""
3092
3118
3093
#: serverguide/C/virtualization.xml:208(para)
3119
#: serverguide/C/virtualization.xml:211(para)
3094
3120
msgid ""
3095
3121
"The <application>virt-clone</application> application can be used to copy "
3096
3122
"one virtual machine to another. For example:"
3097
3123
msgstr ""
3098
3124
3099
#: serverguide/C/virtualization.xml:212(command)
3125
#: serverguide/C/virtualization.xml:215(command)
3100
3126
msgid ""
3101
"sudo virt-clone -o web_devel -n database_devel -f "
3102
"/path/to/database_devel.img \\ --connect=qemu:///system"
3127
"sudo virt-clone -o web_devel -n database_devel -f /path/to/database_devel.img"
3103
3128
msgstr ""
3104
3129
3105
#: serverguide/C/virtualization.xml:218(para)
3130
#: serverguide/C/virtualization.xml:220(para)
3106
3131
msgid "<emphasis>-o:</emphasis> original virtual machine."
3107
3132
msgstr ""
3108
3133
3109
#: serverguide/C/virtualization.xml:222(para)
3134
#: serverguide/C/virtualization.xml:224(para)
3110
3135
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3111
3136
msgstr ""
3112
3137
3113
#: serverguide/C/virtualization.xml:227(para)
3138
#: serverguide/C/virtualization.xml:229(para)
3114
3139
msgid ""
3115
3140
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3116
3141
"be used by the new virtual machine."
3117
3142
msgstr ""
3118
3143
3119
#: serverguide/C/virtualization.xml:232(para)
3120
msgid ""
3121
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3122
msgstr ""
3123
3124
#: serverguide/C/virtualization.xml:237(para)
3144
#: serverguide/C/virtualization.xml:234(para)
3125
3145
msgid ""
3126
3146
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3127
3147
"help troubleshoot problems with <application>virt-clone</application>."
3128
3148
msgstr ""
3129
3149
3130
#: serverguide/C/virtualization.xml:242(para)
3150
#: serverguide/C/virtualization.xml:239(para)
3131
3151
msgid ""
3132
3152
"Replace <emphasis>web_devel</emphasis> and "
3133
3153
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3134
3154
msgstr ""
3135
3155
3156
#: serverguide/C/virtualization.xml:246(title)
3157
msgid "Virtual Machine Management"
3158
msgstr ""
3159
3136
3160
#: serverguide/C/virtualization.xml:249(title)
3137
msgid "Virtual Machine Management"
3138
msgstr ""
3139
3140
#: serverguide/C/virtualization.xml:252(title)
3141
3161
msgid "virsh"
3142
3162
msgstr ""
3143
3163
3144
#: serverguide/C/virtualization.xml:254(para)
3164
#: serverguide/C/virtualization.xml:251(para)
3145
3165
msgid ""
3146
3166
"There are several utilities available to manage virtual machines and "
3147
3167
"<application>libvirt</application>. The <application>virsh</application> "
3148
3168
"utility can be used from the command line. Some examples:"
3149
3169
msgstr ""
3150
3170
3151
#: serverguide/C/virtualization.xml:261(para)
3171
#: serverguide/C/virtualization.xml:258(para)
3152
3172
msgid "To list running virtual machines:"
3153
3173
msgstr ""
3154
3174
3155
#: serverguide/C/virtualization.xml:264(command)
3156
msgid "virsh -c qemu:///system list"
3175
#: serverguide/C/virtualization.xml:261(command)
3176
msgid "virsh list"
3157
3177
msgstr ""
3158
3178
3159
#: serverguide/C/virtualization.xml:269(para)
3179
#: serverguide/C/virtualization.xml:266(para)
3160
3180
msgid "To start a virtual machine:"
3161
3181
msgstr ""
3162
3182
3163
#: serverguide/C/virtualization.xml:272(command)
3164
msgid "virsh -c qemu:///system start web_devel"
3183
#: serverguide/C/virtualization.xml:269(command)
3184
msgid "virsh start web_devel"
3165
3185
msgstr ""
3166
3186
3167
#: serverguide/C/virtualization.xml:277(para)
3187
#: serverguide/C/virtualization.xml:274(para)
3168
3188
msgid "Similarly, to start a virtual machine at boot:"
3169
3189
msgstr ""
3170
3190
3171
#: serverguide/C/virtualization.xml:280(command)
3172
msgid "virsh -c qemu:///system autostart web_devel"
3191
#: serverguide/C/virtualization.xml:277(command)
3192
msgid "virsh autostart web_devel"
3173
3193
msgstr ""
3174
3194
3175
#: serverguide/C/virtualization.xml:285(para)
3195
#: serverguide/C/virtualization.xml:282(para)
3176
3196
msgid "Reboot a virtual machine with:"
3177
3197
msgstr ""
3178
3198
3179
#: serverguide/C/virtualization.xml:288(command)
3180
msgid "virsh -c qemu:///system reboot web_devel"
3199
#: serverguide/C/virtualization.xml:285(command)
3200
msgid "virsh reboot web_devel"
3181
3201
msgstr ""
3182
3202
3183
#: serverguide/C/virtualization.xml:293(para)
3203
#: serverguide/C/virtualization.xml:290(para)
3184
3204
msgid ""
3185
3205
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3186
3206
"order to be restored later. The following will save the virtual machine "
3187
3207
"state into a file named according to the date:"
3188
3208
msgstr ""
3189
3209
3190
#: serverguide/C/virtualization.xml:299(command)
3191
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3210
#: serverguide/C/virtualization.xml:296(command)
3211
msgid "virsh save web_devel web_devel-022708.state"
3192
3212
msgstr ""
3193
3213
3194
#: serverguide/C/virtualization.xml:302(para)
3214
#: serverguide/C/virtualization.xml:299(para)
3195
3215
msgid "Once saved the virtual machine will no longer be running."
3196
3216
msgstr ""
3197
3217
3198
#: serverguide/C/virtualization.xml:307(para)
3218
#: serverguide/C/virtualization.xml:304(para)
3199
3219
msgid "A saved virtual machine can be restored using:"
3200
3220
msgstr ""
3201
3221
3202
#: serverguide/C/virtualization.xml:310(command)
3203
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3222
#: serverguide/C/virtualization.xml:307(command)
3223
msgid "virsh restore web_devel-022708.state"
3204
3224
msgstr ""
3205
3225
3206
#: serverguide/C/virtualization.xml:315(para)
3226
#: serverguide/C/virtualization.xml:312(para)
3207
3227
msgid "To shutdown a virtual machine do:"
3208
3228
msgstr ""
3209
3229
3210
#: serverguide/C/virtualization.xml:318(command)
3211
msgid "virsh -c qemu:///system shutdown web_devel"
3230
#: serverguide/C/virtualization.xml:315(command)
3231
msgid "virsh shutdown web_devel"
3212
3232
msgstr ""
3213
3233
3214
#: serverguide/C/virtualization.xml:323(para)
3234
#: serverguide/C/virtualization.xml:320(para)
3215
3235
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3216
3236
msgstr ""
3217
3237
3218
#: serverguide/C/virtualization.xml:327(command)
3219
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3238
#: serverguide/C/virtualization.xml:324(command)
3239
msgid "virsh attach-disk web_devel /dev/cdrom /media/cdrom"
3220
3240
msgstr ""
3221
3241
3222
#: serverguide/C/virtualization.xml:333(para)
3242
#: serverguide/C/virtualization.xml:330(para)
3223
3243
msgid ""
3224
3244
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3225
3245
"appropriate virtual machine name, and <filename>web_devel-"
3226
3246
"022708.state</filename> with a descriptive file name."
3227
3247
msgstr ""
3228
3248
3249
#: serverguide/C/virtualization.xml:334(para)
3250
msgid ""
3251
"If virsh (or other vir* tools) shall connect to something else than the "
3252
"default qemu-kvm/system hipervisor one can find alternatives for the "
3253
"<emphasis>connect</emphasis> option in <emphasis>man virsh</emphasis> or "
3254
"<ulink url=\"http://libvirt.org/uri.html\">libvirt doc</ulink>"
3255
msgstr ""
3256
3229
3257
#: serverguide/C/virtualization.xml:341(title)
3258
msgid "migration"
3259
msgstr ""
3260
3261
#: serverguide/C/virtualization.xml:342(para)
3262
msgid ""
3263
"There are different types of migration available depending on the versions "
3264
"of libvirt and the hipervisor being used. In general those types are:"
3265
msgstr ""
3266
3267
#: serverguide/C/virtualization.xml:345(ulink)
3268
msgid "offline migration"
3269
msgstr ""
3270
3271
#: serverguide/C/virtualization.xml:346(ulink)
3272
msgid "live migration"
3273
msgstr ""
3274
3275
#: serverguide/C/virtualization.xml:347(ulink)
3276
msgid "postcopy migration"
3277
msgstr ""
3278
3279
#: serverguide/C/virtualization.xml:349(para)
3280
msgid ""
3281
"There are various options to those methods, but the entry point for all of "
3282
"them is <emphasis>virsh migrate</emphasis>. Read the integrated help for "
3283
"more detail."
3284
msgstr ""
3285
3286
#: serverguide/C/virtualization.xml:350(command)
3287
msgid "virsh migrate --help"
3288
msgstr ""
3289
3290
#: serverguide/C/virtualization.xml:351(para)
3291
msgid ""
3292
"Some useful documentation on constraints and considerations about live "
3293
"migration can be found at the <ulink "
3294
"url=\"https://wiki.ubuntu.com/QemuKVMMigration\">Ubuntu Wiki</ulink>"
3295
msgstr ""
3296
3297
#: serverguide/C/virtualization.xml:355(title)
3230
3298
msgid "Virtual Machine Manager"
3231
3299
msgstr ""
3232
3300
3233
#: serverguide/C/virtualization.xml:343(para)
3301
#: serverguide/C/virtualization.xml:357(para)
3234
3302
msgid ""
3235
3303
"The <application>virt-manager</application> package contains a graphical "
3236
3304
"utility to manage local and remote virtual machines. To install virt-manager "
3237
3305
"enter:"
3238
3306
msgstr ""
3239
3307
3240
#: serverguide/C/virtualization.xml:348(command)
3308
#: serverguide/C/virtualization.xml:362(command)
3241
3309
msgid "sudo apt install virt-manager"
3242
3310
msgstr ""
3243
3311
3244
#: serverguide/C/virtualization.xml:351(para)
3312
#: serverguide/C/virtualization.xml:365(para)
3245
3313
msgid ""
3246
3314
"Since <application>virt-manager</application> requires a Graphical User "
3247
3315
"Interface (GUI) environment it is recommended to be installed on a "
3249
3317
"the local <application>libvirt</application> service enter:"
3250
3318
msgstr ""
3251
3319
3252
#: serverguide/C/virtualization.xml:358(command)
3320
#: serverguide/C/virtualization.xml:372(command)
3253
3321
msgid "virt-manager -c qemu:///system"
3254
3322
msgstr ""
3255
3323
3256
#: serverguide/C/virtualization.xml:361(para)
3324
#: serverguide/C/virtualization.xml:375(para)
3257
3325
msgid ""
3258
3326
"You can connect to the <application>libvirt</application> service running on "
3259
3327
"another host by entering the following in a terminal prompt:"
3260
3328
msgstr ""
3261
3329
3262
#: serverguide/C/virtualization.xml:366(command)
3330
#: serverguide/C/virtualization.xml:380(command)
3263
3331
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3264
3332
msgstr ""
3265
3333
3266
#: serverguide/C/virtualization.xml:370(para)
3334
#: serverguide/C/virtualization.xml:384(para)
3267
3335
msgid ""
3268
3336
"The above example assumes that <application>SSH</application> connectivity "
3269
3337
"between the management system and virtnode1.mydomain.com has already been "
3274
3342
"linkend=\"openssh-server\"/>"
3275
3343
msgstr ""
3276
3344
3277
#: serverguide/C/virtualization.xml:383(title)
3345
#: serverguide/C/virtualization.xml:397(title)
3278
3346
msgid "Virtual Machine Viewer"
3279
3347
msgstr ""
3280
3348
3281
#: serverguide/C/virtualization.xml:385(para)
3349
#: serverguide/C/virtualization.xml:399(para)
3282
3350
msgid ""
3283
3351
"The <application>virt-viewer</application> application allows you to connect "
3284
3352
"to a virtual machine's console. <application>virt-viewer</application> does "
3286
3354
"machine."
3287
3355
msgstr ""
3288
3356
3289
#: serverguide/C/virtualization.xml:390(para)
3357
#: serverguide/C/virtualization.xml:404(para)
3290
3358
msgid ""
3291
3359
"To install <application>virt-viewer</application> from a terminal enter:"
3292
3360
msgstr ""
3293
3361
3294
#: serverguide/C/virtualization.xml:394(command)
3362
#: serverguide/C/virtualization.xml:408(command)
3295
3363
msgid "sudo apt install virt-viewer"
3296
3364
msgstr ""
3297
3365
3298
#: serverguide/C/virtualization.xml:397(para)
3366
#: serverguide/C/virtualization.xml:411(para)
3299
3367
msgid ""
3300
3368
"Once a virtual machine is installed and running you can connect to the "
3301
3369
"virtual machine's console by using:"
3302
3370
msgstr ""
3303
3371
3304
#: serverguide/C/virtualization.xml:401(command)
3305
msgid "virt-viewer -c qemu:///system web_devel"
3372
#: serverguide/C/virtualization.xml:415(command)
3373
msgid "virt-viewer web_devel"
3306
3374
msgstr ""
3307
3375
3308
#: serverguide/C/virtualization.xml:404(para)
3376
#: serverguide/C/virtualization.xml:418(para)
3309
3377
msgid ""
3310
3378
"Similar to <application>virt-manager</application>, <application>virt-"
3311
3379
"viewer</application> can connect to a remote host using "
3312
3380
"<emphasis>SSH</emphasis> with key authentication, as well:"
3313
3381
msgstr ""
3314
3382
3315
#: serverguide/C/virtualization.xml:409(command)
3383
#: serverguide/C/virtualization.xml:423(command)
3316
3384
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3317
3385
msgstr ""
3318
3386
3319
#: serverguide/C/virtualization.xml:412(para)
3387
#: serverguide/C/virtualization.xml:426(para)
3320
3388
msgid ""
3321
3389
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3322
3390
"appropriate virtual machine name."
3323
3391
msgstr ""
3324
3392
3325
#: serverguide/C/virtualization.xml:415(para)
3393
#: serverguide/C/virtualization.xml:429(para)
3326
3394
msgid ""
3327
3395
"If configured to use a <emphasis>bridged</emphasis> network interface you "
3328
3396
"can also setup <application>SSH</application> access to the virtual machine."
3329
3397
msgstr ""
3330
3398
3331
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:674(title) serverguide/C/virtualization.xml:745(title) serverguide/C/virtualization.xml:2680(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1691(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2673(title) serverguide/C/network-auth.xml:3389(title) serverguide/C/network-auth.xml:3942(title) serverguide/C/network-auth.xml:4177(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3399
#: serverguide/C/virtualization.xml:435(title) serverguide/C/virtualization.xml:742(title) serverguide/C/virtualization.xml:813(title) serverguide/C/virtualization.xml:2748(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1945(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2666(title) serverguide/C/network-auth.xml:3382(title) serverguide/C/network-auth.xml:3935(title) serverguide/C/network-auth.xml:4170(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3332
3400
msgid "Resources"
3333
3401
msgstr ""
3334
3402
3335
#: serverguide/C/virtualization.xml:425(para)
3403
#: serverguide/C/virtualization.xml:439(para)
3336
3404
msgid ""
3337
3405
"See the <ulink url=\"http://www.linux-kvm.org/\">KVM</ulink> home page for "
3338
3406
"more details."
3339
3407
msgstr ""
3340
3408
3341
#: serverguide/C/virtualization.xml:430(para)
3409
#: serverguide/C/virtualization.xml:444(para)
3342
3410
msgid ""
3343
3411
"For more information on <application>libvirt</application> see the <ulink "
3344
3412
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3345
3413
msgstr ""
3346
3414
3347
#: serverguide/C/virtualization.xml:436(para)
3415
#: serverguide/C/virtualization.xml:450(para)
3348
3416
msgid ""
3349
3417
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3350
3418
"site has more information on <application>virt-manager</application> "
3351
3419
"development."
3352
3420
msgstr ""
3353
3421
3354
#: serverguide/C/virtualization.xml:442(para)
3422
#: serverguide/C/virtualization.xml:456(para)
3355
3423
msgid ""
3356
3424
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3357
3425
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3358
3426
"technology in Ubuntu."
3359
3427
msgstr ""
3360
3428
3361
#: serverguide/C/virtualization.xml:448(para)
3429
#: serverguide/C/virtualization.xml:462(para)
3362
3430
msgid ""
3363
3431
"Another good resource is the <ulink "
3364
3432
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3365
3433
msgstr ""
3366
3434
3367
#: serverguide/C/virtualization.xml:454(para)
3435
#: serverguide/C/virtualization.xml:468(para)
3368
3436
msgid ""
3369
3437
"For information on Xen, including using Xen with libvirt, please see the "
3370
3438
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3371
3439
"page."
3372
3440
msgstr ""
3373
3441
3374
#: serverguide/C/virtualization.xml:464(title)
3442
#: serverguide/C/virtualization.xml:478(title)
3443
msgid "Qemu"
3444
msgstr ""
3445
3446
#: serverguide/C/virtualization.xml:479(para)
3447
msgid ""
3448
"<ulink url=\"http://wiki.qemu.org/Main_Page\">Qemu</ulink> is a machine "
3449
"emulator that can run operating systems and programs for one machine on a "
3450
"different machine. Mostly it is not used as emulator but as virtualizer in "
3451
"collaboration with KVM or XEN kernel components. In that case it utilizes "
3452
"the virtualization technology of the hardware to virtualize guests."
3453
msgstr ""
3454
3455
#: serverguide/C/virtualization.xml:483(para)
3456
msgid ""
3457
"While qemu has a <ulink url=\"http://wiki.qemu.org/download/qemu-"
3458
"doc.html#sec_005finvocation\">command line interface</ulink> and a <ulink "
3459
"url=\"http://wiki.qemu.org/download/qemu-"
3460
"doc.html#pcsys_005fmonitor\">monitor</ulink> to interact with running guests "
3461
"those is rarely used that way for other means than development purposes. "
3462
"<link linkend=\"libvirt\">Libvirt</link> provides an abstraction from "
3463
"specific versions and hiperviors and encapsulates some workarounds and best "
3464
"practises."
3465
msgstr ""
3466
3467
#: serverguide/C/virtualization.xml:488(title)
3468
msgid "Upgrading the machine type"
3469
msgstr ""
3470
3471
#: serverguide/C/virtualization.xml:489(para)
3472
msgid ""
3473
"This also is documented along some more constraints and considerations at "
3474
"the <ulink "
3475
"url=\"https://wiki.ubuntu.com/QemuKVMMigration#Upgrade_machine_type\">Ubuntu "
3476
"Wiki</ulink>"
3477
msgstr ""
3478
3479
#: serverguide/C/virtualization.xml:490(para)
3480
msgid ""
3481
"You might want to update your machine type of an existing defined guest to:"
3482
msgstr ""
3483
3484
#: serverguide/C/virtualization.xml:492(para)
3485
msgid "to pick up latest security fixes and features"
3486
msgstr ""
3487
3488
#: serverguide/C/virtualization.xml:493(para)
3489
msgid "continue using a guest created on a now unsupported release"
3490
msgstr ""
3491
3492
#: serverguide/C/virtualization.xml:495(para)
3493
msgid ""
3494
"In general it is recommended to update machine types when upgrading qemu/kvm "
3495
"to a new major version. But this can likely never be an automated task as "
3496
"this change is guest visible. The guest devices might change in appearance, "
3497
"new features will be announced to the guest and so on. Linux is usually very "
3498
"good at tolerating such changes, but it depends so much on the setup and "
3499
"workload of the guest that this has to be evaluated by the owner/admin of "
3500
"the system. Other operating systems where known to often have severe impacts "
3501
"by changing the hardware. Consider a machine type change similar to "
3502
"replacing all devices and firmware of a physical machine to the latest "
3503
"revision - all considerations that apply there apply to evaluating a machine "
3504
"type upgrade as well."
3505
msgstr ""
3506
3507
#: serverguide/C/virtualization.xml:496(para)
3508
msgid ""
3509
"As usual with major configuration changes it is wise to back up your guest "
3510
"definition and disk state to be able to do a rollback just in case. There is "
3511
"no integrated single command to update the machine type via virsh or similar "
3512
"tools. It is a normal part of your machine definition. And therefore updated "
3513
"the same way as most others."
3514
msgstr ""
3515
3516
#: serverguide/C/virtualization.xml:498(para)
3517
msgid "First shutdown your machine and wait until it has reached that state."
3518
msgstr ""
3519
3520
#: serverguide/C/virtualization.xml:499(screen)
3521
#, no-wrap
3522
msgid ""
3523
"\n"
3524
"virsh shutdown <yourmachine>\n"
3525
"# wait\n"
3526
"virsh list --inactive\n"
3527
"# should now list your machine as \"shut off\"\n"
3528
" "
3529
msgstr ""
3530
3531
#: serverguide/C/virtualization.xml:505(para)
3532
msgid ""
3533
"Then edit the machine definition and find the type in the type tag at the "
3534
"machine attribute."
3535
msgstr ""
3536
3537
#: serverguide/C/virtualization.xml:506(screen)
3538
#, no-wrap
3539
msgid ""
3540
"\n"
3541
"virsh edit <yourmachine>\n"
3542
"<type arch='x86_64' machine='pc-i440fx-xenial'>hvm</type>\n"
3543
" "
3544
msgstr ""
3545
3546
#: serverguide/C/virtualization.xml:510(para)
3547
msgid ""
3548
"Change this to the value you want. If you need to check what types are "
3549
"available via \"-M ?\" Note that while providing upstream types as "
3550
"convenience only Ubuntu types are supported. There you can also see what the "
3551
"current default would be. In general it is strongly recommended that you "
3552
"change to newer types if possible to exploit newer features, but also to "
3553
"benefit of bugfixes that only apply to the newer device virtualization."
3554
msgstr ""
3555
3556
#: serverguide/C/virtualization.xml:511(screen)
3557
#, no-wrap
3558
msgid ""
3559
"\n"
3560
"kvm -M ?\n"
3561
"# lists machine types, e.g.\n"
3562
"pc-i440fx-xenial Ubuntu 16.04 PC (i440FX + PIIX, 1996) (default)\n"
3563
"...\n"
3564
" "
3565
msgstr ""
3566
3567
#: serverguide/C/virtualization.xml:517(para)
3568
msgid ""
3569
"After this you can start your guest again. You can check the current machine "
3570
"type from guest and host depending on your needs."
3571
msgstr ""
3572
3573
#: serverguide/C/virtualization.xml:518(screen)
3574
#, no-wrap
3575
msgid ""
3576
"\n"
3577
"virsh start <yourmachine>\n"
3578
"# check from host, via dumping the active xml definition\n"
3579
"virsh dumpxml <yourmachine> | xmllint --xpath "
3580
"\"string(//domain/os/type/@machine)\" -\n"
3581
"# or from the guest via dmidecode\n"
3582
"sudo dmidecode | grep Product -A 1\n"
3583
" Product Name: Standard PC (i440FX + PIIX, 1996)\n"
3584
" Version: pc-i440fx-xenial\n"
3585
" "
3586
msgstr ""
3587
3588
#: serverguide/C/virtualization.xml:527(para)
3589
msgid ""
3590
"If you keep non-live definitions around like xml files remember to update "
3591
"those as well."
3592
msgstr ""
3593
3594
#: serverguide/C/virtualization.xml:532(title)
3375
3595
msgid "Cloud images and uvtool"
3376
3596
msgstr ""
3377
3597
3378
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3598
#: serverguide/C/virtualization.xml:535(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3379
3599
msgid "Introduction"
3380
3600
msgstr "介绍"
3381
3601
3382
#: serverguide/C/virtualization.xml:469(para)
3602
#: serverguide/C/virtualization.xml:537(para)
3383
3603
msgid ""
3384
3604
"With Ubuntu being one of the most used operating systems on many cloud "
3385
3605
"platforms, the availability of stable and secure cloud images has become "
3389
3609
"installation."
3390
3610
msgstr ""
3391
3611
3392
#: serverguide/C/virtualization.xml:477(title)
3612
#: serverguide/C/virtualization.xml:545(title)
3393
3613
msgid "Creating virtual machines using uvtool"
3394
3614
msgstr ""
3395
3615
3396
#: serverguide/C/virtualization.xml:479(para)
3616
#: serverguide/C/virtualization.xml:547(para)
3397
3617
msgid ""
3398
3618
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3399
3619
"of generating virtual machines (VM) using the cloud images. "
3400
"<application>uvtool</application> provides a simple mechanism to to "
3401
"synchronize cloud-images locally and use them to create new VMs in minutes."
3620
"<application>uvtool</application> provides a simple mechanism to synchronize "
3621
"cloud-images locally and use them to create new VMs in minutes."
3402
3622
msgstr ""
3403
3623
3404
#: serverguide/C/virtualization.xml:486(title)
3624
#: serverguide/C/virtualization.xml:554(title)
3405
3625
msgid "Uvtool packages"
3406
3626
msgstr ""
3407
3627
3408
#: serverguide/C/virtualization.xml:488(para)
3628
#: serverguide/C/virtualization.xml:556(para)
3409
3629
msgid ""
3410
3630
"The following packages and their dependencies will be required in order to "
3411
3631
"use uvtool:"
3412
3632
msgstr ""
3413
3633
3414
#: serverguide/C/virtualization.xml:495(para)
3634
#: serverguide/C/virtualization.xml:563(para)
3415
3635
msgid "uvtool"
3416
3636
msgstr ""
3417
3637
3418
#: serverguide/C/virtualization.xml:499(para)
3638
#: serverguide/C/virtualization.xml:567(para)
3419
3639
msgid "uvtool-libvirt"
3420
3640
msgstr ""
3421
3641
3422
#: serverguide/C/virtualization.xml:504(para)
3642
#: serverguide/C/virtualization.xml:572(para)
3423
3643
msgid "To install <application>uvtool</application>, run:"
3424
3644
msgstr ""
3425
3645
3426
#: serverguide/C/virtualization.xml:505(programlisting)
3646
#: serverguide/C/virtualization.xml:573(programlisting)
3427
3647
#, no-wrap
3428
3648
msgid "$ apt -y install uvtool"
3429
3649
msgstr ""
3430
3650
3431
#: serverguide/C/virtualization.xml:507(para)
3651
#: serverguide/C/virtualization.xml:575(para)
3432
3652
msgid "This will install uvtool's main commands:"
3433
3653
msgstr ""
3434
3654
3435
#: serverguide/C/virtualization.xml:509(application)
3655
#: serverguide/C/virtualization.xml:577(application)
3436
3656
msgid "uvt-simplestreams-libvirt"
3437
3657
msgstr ""
3438
3658
3439
#: serverguide/C/virtualization.xml:510(application)
3659
#: serverguide/C/virtualization.xml:578(application)
3440
3660
msgid "uvt-kvm"
3441
3661
msgstr ""
3442
3662
3443
#: serverguide/C/virtualization.xml:515(title)
3663
#: serverguide/C/virtualization.xml:583(title)
3444
3664
msgid ""
3445
3665
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3446
3666
"libvirt</application>"
3447
3667
msgstr ""
3448
3668
3449
#: serverguide/C/virtualization.xml:517(para)
3669
#: serverguide/C/virtualization.xml:585(para)
3450
3670
msgid ""
3451
3671
"This is one of the major simplifications that "
3452
3672
"<application>uvtool</application> brings. It is aware of where to find the "
3455
3675
"architecture, the uvtool command would be:"
3456
3676
msgstr ""
3457
3677
3458
#: serverguide/C/virtualization.xml:522(programlisting)
3678
#: serverguide/C/virtualization.xml:590(programlisting)
3459
3679
#, no-wrap
3460
3680
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
3461
3681
msgstr ""
3462
3682
3463
#: serverguide/C/virtualization.xml:524(para)
3683
#: serverguide/C/virtualization.xml:592(para)
3464
3684
msgid ""
3465
3685
"After an amount of time required to download all the images from the "
3466
3686
"Internet, you will have a complete set of cloud images stored locally. To "
3467
3687
"see what has been downloaded use the following command:"
3468
3688
msgstr ""
3469
3689
3470
#: serverguide/C/virtualization.xml:528(programlisting)
3690
#: serverguide/C/virtualization.xml:596(programlisting)
3471
3691
#, no-wrap
3472
3692
msgid ""
3473
3693
"$ uvt-simplestreams-libvirt query\n"
3484
3704
"\n"
3485
3705
msgstr ""
3486
3706
3487
#: serverguide/C/virtualization.xml:542(para)
3707
#: serverguide/C/virtualization.xml:610(para)
3488
3708
msgid ""
3489
3709
"In the case where you want to synchronize only one specific cloud-image, you "
3490
3710
"need to use the release= and arch= filters to identify which image needs to "
3491
3711
"be synchronized."
3492
3712
msgstr ""
3493
3713
3494
#: serverguide/C/virtualization.xml:545(programlisting)
3714
#: serverguide/C/virtualization.xml:613(programlisting)
3495
3715
#, no-wrap
3496
3716
msgid "$ uvt-simplestreams-libvirt sync release=xenial arch=amd64\n"
3497
3717
msgstr ""
3498
3718
3499
#: serverguide/C/virtualization.xml:550(title)
3719
#: serverguide/C/virtualization.xml:618(title)
3500
3720
msgid "Create the VM using uvt-kvm"
3501
3721
msgstr ""
3502
3722
3503
#: serverguide/C/virtualization.xml:552(para)
3723
#: serverguide/C/virtualization.xml:620(para)
3504
3724
msgid ""
3505
3725
"In order to connect to the virtual machine once it has been created, you "
3506
3726
"must have a valid SSH key available for the Ubuntu user. If your environment "
3508
3728
"command:"
3509
3729
msgstr ""
3510
3730
3511
#: serverguide/C/virtualization.xml:554(programlisting)
3731
#: serverguide/C/virtualization.xml:622(programlisting)
3512
3732
#, no-wrap
3513
3733
msgid ""
3514
3734
"\n"
3535
3755
"+-----------------+\n"
3536
3756
msgstr ""
3537
3757
3538
#: serverguide/C/virtualization.xml:577(para)
3758
#: serverguide/C/virtualization.xml:645(para)
3539
3759
msgid ""
3540
3760
"To create of a new virtual machine using uvtool, run the following in a "
3541
3761
"terminal:"
3542
3762
msgstr ""
3543
3763
3544
#: serverguide/C/virtualization.xml:579(programlisting)
3764
#: serverguide/C/virtualization.xml:647(programlisting)
3545
3765
#, no-wrap
3546
3766
msgid "$ uvt-kvm create firsttest"
3547
3767
msgstr ""
3548
3768
3549
#: serverguide/C/virtualization.xml:581(para)
3769
#: serverguide/C/virtualization.xml:649(para)
3550
3770
msgid ""
3551
3771
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3552
3772
"using the current LTS cloud image available locally. If you want to specify "
3554
3774
"role=\"bold\">release=</emphasis> filter:"
3555
3775
msgstr ""
3556
3776
3557
#: serverguide/C/virtualization.xml:584(programlisting)
3777
#: serverguide/C/virtualization.xml:652(programlisting)
3558
3778
#, no-wrap
3559
3779
msgid "$ uvt-kvm create secondtest release=xenial"
3560
3780
msgstr ""
3561
3781
3562
#: serverguide/C/virtualization.xml:586(para)
3782
#: serverguide/C/virtualization.xml:654(para)
3563
3783
msgid ""
3564
3784
"<application>uvt-kvm wait</application> can be used to wait until the "
3565
3785
"creation of the VM has completed:"
3566
3786
msgstr ""
3567
3787
3568
#: serverguide/C/virtualization.xml:589(programlisting)
3788
#: serverguide/C/virtualization.xml:657(programlisting)
3569
3789
#, no-wrap
3570
3790
msgid ""
3571
3791
"$ uvt-kvm wait secondttest --insecure\n"
3572
3792
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3573
3793
msgstr ""
3574
3794
3575
#: serverguide/C/virtualization.xml:594(title)
3795
#: serverguide/C/virtualization.xml:662(title)
3576
3796
msgid "Connect to the running VM"
3577
3797
msgstr ""
3578
3798
3579
#: serverguide/C/virtualization.xml:595(para)
3799
#: serverguide/C/virtualization.xml:663(para)
3580
3800
msgid ""
3581
3801
"Once the virtual machine creation is completed, you can connect to it using "
3582
3802
"SSH:"
3583
3803
msgstr ""
3584
3804
3585
#: serverguide/C/virtualization.xml:598(programlisting)
3805
#: serverguide/C/virtualization.xml:666(programlisting)
3586
3806
#, no-wrap
3587
3807
msgid "$ uvt-kvm ssh secondtest --insecure"
3588
3808
msgstr ""
3589
3809
3590
#: serverguide/C/virtualization.xml:600(para)
3810
#: serverguide/C/virtualization.xml:668(para)
3591
3811
msgid ""
3592
3812
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3593
3813
"required, so use this mechanism to connect to your VM only if you completely "
3594
3814
"trust your network infrastructure."
3595
3815
msgstr ""
3596
3816
3597
#: serverguide/C/virtualization.xml:602(para)
3817
#: serverguide/C/virtualization.xml:670(para)
3598
3818
msgid ""
3599
3819
"You can also connect to your VM using a regular SSH session using the IP "
3600
3820
"address of the VM. The address can be queried using the following command:"
3601
3821
msgstr ""
3602
3822
3603
#: serverguide/C/virtualization.xml:604(programlisting)
3823
#: serverguide/C/virtualization.xml:672(programlisting)
3604
3824
#, no-wrap
3605
3825
msgid ""
3606
3826
"\n"
3642
3862
"\n"
3643
3863
msgstr ""
3644
3864
3645
#: serverguide/C/virtualization.xml:639(title)
3865
#: serverguide/C/virtualization.xml:707(title)
3646
3866
msgid "Get the list of running VMs"
3647
3867
msgstr ""
3648
3868
3649
#: serverguide/C/virtualization.xml:640(para)
3869
#: serverguide/C/virtualization.xml:708(para)
3650
3870
msgid "You can get the list of VMs running on your system with this command:"
3651
3871
msgstr ""
3652
3872
3653
#: serverguide/C/virtualization.xml:642(programlisting)
3873
#: serverguide/C/virtualization.xml:710(programlisting)
3654
3874
#, no-wrap
3655
3875
msgid ""
3656
3876
"$ uvt-kvm list\n"
3657
3877
"secondtest\n"
3658
3878
msgstr ""
3659
3879
3660
#: serverguide/C/virtualization.xml:647(title)
3880
#: serverguide/C/virtualization.xml:715(title)
3661
3881
msgid "Destroy your VM"
3662
3882
msgstr ""
3663
3883
3664
#: serverguide/C/virtualization.xml:648(para)
3884
#: serverguide/C/virtualization.xml:716(para)
3665
3885
msgid "Once you are done with your VM, you can destroy it with:"
3666
3886
msgstr ""
3667
3887
3668
#: serverguide/C/virtualization.xml:650(programlisting)
3888
#: serverguide/C/virtualization.xml:718(programlisting)
3669
3889
#, no-wrap
3670
3890
msgid "$ uvt-kvm destroy secondtest"
3671
3891
msgstr ""
3672
3892
3673
#: serverguide/C/virtualization.xml:652(title)
3893
#: serverguide/C/virtualization.xml:720(title)
3674
3894
msgid "More uvt-kvm options"
3675
3895
msgstr ""
3676
3896
3677
#: serverguide/C/virtualization.xml:654(para)
3897
#: serverguide/C/virtualization.xml:722(para)
3678
3898
msgid ""
3679
3899
"The following options can be used to change some of the characteristics of "
3680
3900
"the VM that you are creating:"
3681
3901
msgstr ""
3682
3902
3683
#: serverguide/C/virtualization.xml:657(para)
3903
#: serverguide/C/virtualization.xml:725(para)
3684
3904
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3685
3905
msgstr ""
3686
3906
3687
#: serverguide/C/virtualization.xml:658(para)
3907
#: serverguide/C/virtualization.xml:726(para)
3688
3908
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3689
3909
msgstr ""
3690
3910
3691
#: serverguide/C/virtualization.xml:659(para)
3911
#: serverguide/C/virtualization.xml:727(para)
3692
3912
msgid "--cpu : Number of CPU cores. Default: 1."
3693
3913
msgstr ""
3694
3914
3695
#: serverguide/C/virtualization.xml:662(para)
3915
#: serverguide/C/virtualization.xml:730(para)
3696
3916
msgid ""
3697
3917
"Some other parameters will have an impact on the cloud-init configuration:"
3698
3918
msgstr ""
3699
3919
3700
#: serverguide/C/virtualization.xml:664(para)
3920
#: serverguide/C/virtualization.xml:732(para)
3701
3921
msgid ""
3702
3922
"--password password : Allow login to the VM using the Ubuntu account and "
3703
3923
"this provided password."
3704
3924
msgstr ""
3705
3925
3706
#: serverguide/C/virtualization.xml:665(para)
3926
#: serverguide/C/virtualization.xml:733(para)
3707
3927
msgid ""
3708
3928
"--run-script-once script_file : Run script_file as root on the VM the first "
3709
3929
"time it is booted, but never again."
3710
3930
msgstr ""
3711
3931
3712
#: serverguide/C/virtualization.xml:666(para)
3932
#: serverguide/C/virtualization.xml:734(para)
3713
3933
msgid ""
3714
3934
"--packages package_list : Install the comma-separated packages specified in "
3715
3935
"package_list on first boot."
3716
3936
msgstr ""
3717
3937
3718
#: serverguide/C/virtualization.xml:669(para)
3938
#: serverguide/C/virtualization.xml:737(para)
3719
3939
msgid ""
3720
3940
"A complete description of all available modifiers is available in the "
3721
3941
"manpage of uvt-kvm."
3722
3942
msgstr ""
3723
3943
3724
#: serverguide/C/virtualization.xml:676(para)
3944
#: serverguide/C/virtualization.xml:744(para)
3725
3945
msgid ""
3726
3946
"If you are interested in learning more, have questions or suggestions, "
3727
3947
"please contact the Ubuntu Server Team at:"
3728
3948
msgstr ""
3729
3949
3730
#: serverguide/C/virtualization.xml:681(para)
3950
#: serverguide/C/virtualization.xml:749(para)
3731
3951
msgid "IRC: #ubuntu-server on freenode"
3732
3952
msgstr ""
3733
3953
3734
#: serverguide/C/virtualization.xml:685(para)
3954
#: serverguide/C/virtualization.xml:753(para)
3735
3955
msgid ""
3736
3956
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3737
3957
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3738
3958
msgstr ""
3739
3959
3740
#: serverguide/C/virtualization.xml:694(title)
3960
#: serverguide/C/virtualization.xml:762(title)
3741
3961
msgid "Ubuntu Cloud"
3742
3962
msgstr ""
3743
3963
3744
#: serverguide/C/virtualization.xml:696(para)
3964
#: serverguide/C/virtualization.xml:764(para)
3745
3965
msgid ""
3746
3966
"<application>Cloud computing</application> is a computing model that allows "
3747
3967
"vast pools of resources to be allocated on-demand. These resources such as "
3753
3973
"build highly scalable, cloud computing for both public and private clouds."
3754
3974
msgstr ""
3755
3975
3756
#: serverguide/C/virtualization.xml:707(title)
3976
#: serverguide/C/virtualization.xml:775(title)
3757
3977
msgid "Installation and Configuration"
3758
3978
msgstr ""
3759
3979
3760
#: serverguide/C/virtualization.xml:709(para)
3980
#: serverguide/C/virtualization.xml:777(para)
3761
3981
msgid ""
3762
3982
"Due to the current high rate of development of this complex technology we "
3763
3983
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
3765
3985
"concerning installation and configuration."
3766
3986
msgstr ""
3767
3987
3768
#: serverguide/C/virtualization.xml:718(title) serverguide/C/network-config.xml:1660(title)
3988
#: serverguide/C/virtualization.xml:786(title) serverguide/C/network-config.xml:1698(title)
3769
3989
msgid "Support and Troubleshooting"
3770
3990
msgstr ""
3771
3991
3772
#: serverguide/C/virtualization.xml:720(para)
3992
#: serverguide/C/virtualization.xml:788(para)
3773
3993
msgid "Community Support"
3774
3994
msgstr ""
3775
3995
3776
#: serverguide/C/virtualization.xml:724(ulink)
3996
#: serverguide/C/virtualization.xml:792(ulink)
3777
3997
msgid "OpenStack Mailing list"
3778
3998
msgstr ""
3779
3999
3780
#: serverguide/C/virtualization.xml:729(ulink)
4000
#: serverguide/C/virtualization.xml:797(ulink)
3781
4001
msgid "The OpenStack Wiki search"
3782
4002
msgstr ""
3783
4003
3784
#: serverguide/C/virtualization.xml:734(ulink)
4004
#: serverguide/C/virtualization.xml:802(ulink)
3785
4005
msgid "Launchpad bugs area"
3786
4006
msgstr ""
3787
4007
3788
#: serverguide/C/virtualization.xml:739(para)
4008
#: serverguide/C/virtualization.xml:807(para)
3789
4009
msgid "Join the IRC channel #openstack on freenode."
3790
4010
msgstr ""
3791
4011
3792
#: serverguide/C/virtualization.xml:750(ulink)
4012
#: serverguide/C/virtualization.xml:818(ulink)
3793
4013
msgid "Cloud Computing - Service models"
3794
4014
msgstr ""
3795
4015
3796
#: serverguide/C/virtualization.xml:756(ulink)
4016
#: serverguide/C/virtualization.xml:824(ulink)
3797
4017
msgid "OpenStack Compute"
3798
4018
msgstr ""
3799
4019
3800
#: serverguide/C/virtualization.xml:762(ulink)
4020
#: serverguide/C/virtualization.xml:830(ulink)
3801
4021
msgid "OpenStack Image Service"
3802
4022
msgstr ""
3803
4023
3804
#: serverguide/C/virtualization.xml:768(ulink)
4024
#: serverguide/C/virtualization.xml:836(ulink)
3805
4025
msgid "OpenStack Object Storage Administration Guide"
3806
4026
msgstr ""
3807
4027
3808
#: serverguide/C/virtualization.xml:774(ulink)
4028
#: serverguide/C/virtualization.xml:842(ulink)
3809
4029
msgid "Installing OpenStack Object Storage on Ubuntu"
3810
4030
msgstr ""
3811
4031
3812
#: serverguide/C/virtualization.xml:780(ulink)
4032
#: serverguide/C/virtualization.xml:848(ulink)
3813
4033
msgid "http://cloudglossary.com/"
3814
4034
msgstr ""
3815
4035
3816
#: serverguide/C/virtualization.xml:790(title)
4036
#: serverguide/C/virtualization.xml:858(title)
3817
4037
msgid "LXD"
3818
4038
msgstr ""
3819
4039
3820
#: serverguide/C/virtualization.xml:792(para)
4040
#: serverguide/C/virtualization.xml:860(para)
3821
4041
msgid ""
3822
4042
"LXD (pronounced lex-dee) is the lightervisor, or lightweight container "
3823
4043
"hypervisor. While this claim has been controversial, it has been <ulink "
3827
4047
"url=\"https://help.ubuntu.com/lts/serverguide/lxc.html\">LXC</ulink>."
3828
4048
msgstr ""
3829
4049
3830
#: serverguide/C/virtualization.xml:801(para)
4050
#: serverguide/C/virtualization.xml:869(para)
3831
4051
msgid ""
3832
4052
"LXC (lex-see) is a program which creates and administers \"containers\" on a "
3833
4053
"local system. It also provides an API to allow higher level managers, such "
3835
4055
"while comparing LXD to libvirt."
3836
4056
msgstr ""
3837
4057
3838
#: serverguide/C/virtualization.xml:808(para)
4058
#: serverguide/C/virtualization.xml:876(para)
3839
4059
msgid ""
3840
4060
"The LXC API deals with a 'container'. The LXD API deals with 'remotes', "
3841
4061
"which serve images and containers. This extends the LXC functionality over "
3843
4063
"and container image publishing."
3844
4064
msgstr ""
3845
4065
3846
#: serverguide/C/virtualization.xml:815(para)
4066
#: serverguide/C/virtualization.xml:883(para)
3847
4067
msgid ""
3848
4068
"LXD uses LXC under the covers for some container management tasks. However, "
3849
4069
"it keeps its own container configuration information and has its own "
3852
4072
"LXD on Ubuntu systems."
3853
4073
msgstr ""
3854
4074
3855
#: serverguide/C/virtualization.xml:823(title)
4075
#: serverguide/C/virtualization.xml:891(title)
3856
4076
msgid "Online Resources"
3857
4077
msgstr ""
3858
4078
3859
#: serverguide/C/virtualization.xml:825(para)
4079
#: serverguide/C/virtualization.xml:893(para)
3860
4080
msgid ""
3861
4081
"There is excellent documentation for <ulink "
3862
4082
"url=\"http://github.com/lxc/lxd\">getting started with LXD</ulink> in the "
3870
4090
"juju</ulink>."
3871
4091
msgstr ""
3872
4092
3873
#: serverguide/C/virtualization.xml:832(para)
4093
#: serverguide/C/virtualization.xml:900(para)
3874
4094
msgid ""
3875
4095
"This document will offer an Ubuntu Server-specific view of LXD, focusing on "
3876
4096
"administration."
3877
4097
msgstr ""
3878
4098
3879
#: serverguide/C/virtualization.xml:840(para)
4099
#: serverguide/C/virtualization.xml:908(para)
3880
4100
msgid ""
3881
4101
"LXD is pre-installed on Ubuntu Server cloud images. On other systems, the "
3882
4102
"lxd package can be installed using:"
3883
4103
msgstr ""
3884
4104
3885
#: serverguide/C/virtualization.xml:846(command)
4105
#: serverguide/C/virtualization.xml:914(command)
3886
4106
msgid "sudo apt install lxd"
3887
4107
msgstr ""
3888
4108
3889
#: serverguide/C/virtualization.xml:851(para)
4109
#: serverguide/C/virtualization.xml:919(para)
3890
4110
msgid ""
3891
4111
"This will install LXD as well as the recommended dependencies, including the "
3892
4112
"LXC library and lxcfs."
3893
4113
msgstr ""
3894
4114
3895
#: serverguide/C/virtualization.xml:857(title)
4115
#: serverguide/C/virtualization.xml:925(title)
3896
4116
msgid "Kernel preparation"
3897
4117
msgstr ""
3898
4118
3899
#: serverguide/C/virtualization.xml:859(para)
4119
#: serverguide/C/virtualization.xml:927(para)
3900
4120
msgid ""
3901
4121
"In general, Ubuntu 16.04 should have all the desired features enabled by "
3902
4122
"default. One exception to this is that in order to enable swap accounting "
3906
4126
"then running 'update-grub' as root and rebooting."
3907
4127
msgstr ""
3908
4128
3909
#: serverguide/C/virtualization.xml:871(para)
4129
#: serverguide/C/virtualization.xml:939(para)
3910
4130
msgid ""
3911
4131
"By default, LXD is installed listening on a local UNIX socket, which members "
3912
4132
"of group LXD can talk to. It has no trust password setup. And it uses the "
3915
4135
"will allow you to choose:"
3916
4136
msgstr ""
3917
4137
3918
#: serverguide/C/virtualization.xml:881(para)
4138
#: serverguide/C/virtualization.xml:949(para)
3919
4139
msgid ""
3920
4140
"Directory or <ulink url=\"http://open-zfs.org\">ZFS</ulink> container "
3921
4141
"backend. If you choose ZFS, you can choose which block devices to use, or "
3922
4142
"the size of a file to use as backing store."
3923
4143
msgstr ""
3924
4144
3925
#: serverguide/C/virtualization.xml:885(para)
4145
#: serverguide/C/virtualization.xml:953(para)
3926
4146
msgid "Availability over the network"
3927
4147
msgstr ""
3928
4148
3929
#: serverguide/C/virtualization.xml:887(para)
4149
#: serverguide/C/virtualization.xml:955(para)
3930
4150
msgid ""
3931
4151
"A 'trust password' used by remote clients to vouch for their client "
3932
4152
"certificate"
3933
4153
msgstr ""
3934
4154
3935
#: serverguide/C/virtualization.xml:891(para)
4155
#: serverguide/C/virtualization.xml:959(para)
3936
4156
msgid ""
3937
4157
"You must run 'lxd init' as root. 'lxc' commands can be run as any user who "
3938
4158
"is member of group lxd. If user joe is not a member of group 'lxd', you may "
3939
4159
"run:"
3940
4160
msgstr ""
3941
4161
3942
#: serverguide/C/virtualization.xml:898(command)
4162
#: serverguide/C/virtualization.xml:966(command)
3943
4163
msgid "adduser joe lxd"
3944
4164
msgstr ""
3945
4165
3946
#: serverguide/C/virtualization.xml:903(para)
4166
#: serverguide/C/virtualization.xml:971(para)
3947
4167
msgid ""
3948
4168
"as root to change it. The new membership will take effect on the next login, "
3949
4169
"or after running 'newgrp lxd' from an existing login."
3950
4170
msgstr ""
3951
4171
3952
#: serverguide/C/virtualization.xml:908(para)
4172
#: serverguide/C/virtualization.xml:976(para)
3953
4173
msgid ""
3954
4174
"For more information on server, container, profile, and device "
3955
4175
"configuration, please refer to the definitive configuration provided with "
3958
4178
"link>"
3959
4179
msgstr ""
3960
4180
3961
#: serverguide/C/virtualization.xml:916(title)
4181
#: serverguide/C/virtualization.xml:984(title)
3962
4182
msgid "Creating your first container"
3963
4183
msgstr ""
3964
4184
3965
#: serverguide/C/virtualization.xml:918(para)
4185
#: serverguide/C/virtualization.xml:986(para)
3966
4186
msgid "This section will describe the simplest container tasks."
3967
4187
msgstr ""
3968
4188
3969
#: serverguide/C/virtualization.xml:922(title)
4189
#: serverguide/C/virtualization.xml:990(title)
3970
4190
msgid "Creating a container"
3971
4191
msgstr ""
3972
4192
3973
#: serverguide/C/virtualization.xml:924(para)
4193
#: serverguide/C/virtualization.xml:992(para)
3974
4194
msgid ""
3975
4195
"Every new container is created based on either an image, an existing "
3976
4196
"container, or a container snapshot. At install time, LXD is configured with "
3977
4197
"the following image servers:"
3978
4198
msgstr ""
3979
4199
3980
#: serverguide/C/virtualization.xml:932(para)
4200
#: serverguide/C/virtualization.xml:1000(para)
3981
4201
msgid ""
3982
4202
"<filename>ubuntu</filename>: this serves official Ubuntu server cloud image "
3983
4203
"releases."
3984
4204
msgstr ""
3985
4205
3986
#: serverguide/C/virtualization.xml:935(para)
4206
#: serverguide/C/virtualization.xml:1003(para)
3987
4207
msgid ""
3988
4208
"<filename>ubuntu-daily</filename>: this serves official Ubuntu server cloud "
3989
4209
"images of the daily development releases."
3990
4210
msgstr ""
3991
4211
3992
#: serverguide/C/virtualization.xml:939(para)
4212
#: serverguide/C/virtualization.xml:1007(para)
3993
4213
msgid ""
3994
4214
"<filename>images</filename>: this is a default-installed alias for "
3995
4215
"images.linuxcontainers.org. This is serves classical lxc images built using "
3998
4218
"recommended server for Ubuntu images."
3999
4219
msgstr ""
4000
4220
4001
#: serverguide/C/virtualization.xml:947(para)
4221
#: serverguide/C/virtualization.xml:1015(para)
4002
4222
msgid "The command to create and start a container is"
4003
4223
msgstr ""
4004
4224
4005
#: serverguide/C/virtualization.xml:952(command)
4225
#: serverguide/C/virtualization.xml:1020(command)
4006
4226
msgid "lxc launch remote:image containername"
4007
4227
msgstr ""
4008
4228
4009
#: serverguide/C/virtualization.xml:957(para)
4229
#: serverguide/C/virtualization.xml:1025(para)
4010
4230
msgid ""
4011
4231
"Images are identified by their hash, but are also aliased. The 'ubuntu' "
4012
4232
"server knows many aliases such as '16.04' and 'xenial'. A list of all images "
4013
4233
"available from the Ubuntu Server can be seen using:"
4014
4234
msgstr ""
4015
4235
4016
#: serverguide/C/virtualization.xml:964(command) serverguide/C/virtualization.xml:1488(command)
4236
#: serverguide/C/virtualization.xml:1032(command) serverguide/C/virtualization.xml:1556(command)
4017
4237
msgid "lxc image list ubuntu:"
4018
4238
msgstr ""
4019
4239
4020
#: serverguide/C/virtualization.xml:969(para)
4240
#: serverguide/C/virtualization.xml:1037(para)
4021
4241
msgid ""
4022
4242
"To see more information about a particular image, including all the aliases "
4023
4243
"it is known by, you can use:"
4024
4244
msgstr ""
4025
4245
4026
#: serverguide/C/virtualization.xml:975(command)
4246
#: serverguide/C/virtualization.xml:1043(command)
4027
4247
msgid "lxc image info ubuntu:xenial"
4028
4248
msgstr ""
4029
4249
4030
#: serverguide/C/virtualization.xml:980(para)
4250
#: serverguide/C/virtualization.xml:1048(para)
4031
4251
msgid ""
4032
4252
"You can generally refer to an Ubuntu image using the release name ('xenial') "
4033
4253
"or the release number (16.04). In addition, 'lts' is an alias for the latest "
4035
4255
"the desired architecture:"
4036
4256
msgstr ""
4037
4257
4038
#: serverguide/C/virtualization.xml:988(command)
4258
#: serverguide/C/virtualization.xml:1056(command)
4039
4259
msgid "lxc image info ubuntu:lts/arm64"
4040
4260
msgstr ""
4041
4261
4042
#: serverguide/C/virtualization.xml:993(para)
4262
#: serverguide/C/virtualization.xml:1061(para)
4043
4263
msgid "Now, let's start our first container:"
4044
4264
msgstr ""
4045
4265
4046
#: serverguide/C/virtualization.xml:998(command)
4266
#: serverguide/C/virtualization.xml:1066(command)
4047
4267
msgid "lxc launch ubuntu:xenial x1"
4048
4268
msgstr ""
4049
4269
4050
#: serverguide/C/virtualization.xml:1003(para)
4270
#: serverguide/C/virtualization.xml:1071(para)
4051
4271
msgid ""
4052
4272
"This will download the official current Xenial cloud image for your current "
4053
4273
"architecture, then create a container using that image, and finally start "
4054
4274
"it. Once the command returns, you can see it using:"
4055
4275
msgstr ""
4056
4276
4057
#: serverguide/C/virtualization.xml:1010(command)
4277
#: serverguide/C/virtualization.xml:1078(command)
4058
4278
msgid "lxc list lxc info x1"
4059
4279
msgstr ""
4060
4280
4061
#: serverguide/C/virtualization.xml:1016(para)
4281
#: serverguide/C/virtualization.xml:1084(para)
4062
4282
msgid "and open a shell in it using:"
4063
4283
msgstr ""
4064
4284
4065
#: serverguide/C/virtualization.xml:1021(command)
4285
#: serverguide/C/virtualization.xml:1089(command)
4066
4286
msgid "lxc exec x1 bash"
4067
4287
msgstr ""
4068
4288
4069
#: serverguide/C/virtualization.xml:1026(para)
4289
#: serverguide/C/virtualization.xml:1094(para)
4070
4290
msgid ""
4071
4291
"The try-it page gives a full synopsis of the commands you can use to "
4072
4292
"administer containers."
4073
4293
msgstr ""
4074
4294
4075
#: serverguide/C/virtualization.xml:1031(para)
4295
#: serverguide/C/virtualization.xml:1099(para)
4076
4296
msgid ""
4077
4297
"Now that the 'xenial' image has been downloaded, it will be kept in sync "
4078
4298
"until no new containers have been created based on it for (by default) 10 "
4079
4299
"days. After that, it will be deleted."
4080
4300
msgstr ""
4081
4301
4082
#: serverguide/C/virtualization.xml:1039(title)
4302
#: serverguide/C/virtualization.xml:1107(title)
4083
4303
msgid "LXD Server Configuration"
4084
4304
msgstr ""
4085
4305
4086
#: serverguide/C/virtualization.xml:1041(para)
4306
#: serverguide/C/virtualization.xml:1109(para)
4087
4307
msgid ""
4088
4308
"By default, LXD is socket activated and configured to listen only on a local "
4089
4309
"UNIX socket. While LXD may not be running when you first look at the process "
4090
4310
"listing, any LXC command will start it up. For instance:"
4091
4311
msgstr ""
4092
4312
4093
#: serverguide/C/virtualization.xml:1048(command)
4313
#: serverguide/C/virtualization.xml:1116(command)
4094
4314
msgid "lxc list"
4095
4315
msgstr ""
4096
4316
4097
#: serverguide/C/virtualization.xml:1053(para)
4317
#: serverguide/C/virtualization.xml:1121(para)
4098
4318
msgid ""
4099
4319
"This will create your client certificate and contact the LXD server for a "
4100
4320
"list of containers. To make the server accessible over the network you can "
4101
4321
"set the http port using:"
4102
4322
msgstr ""
4103
4323
4104
#: serverguide/C/virtualization.xml:1060(command)
4324
#: serverguide/C/virtualization.xml:1128(command)
4105
4325
msgid "lxc config set core.https_address :8443"
4106
4326
msgstr ""
4107
4327
4108
#: serverguide/C/virtualization.xml:1065(para)
4328
#: serverguide/C/virtualization.xml:1133(para)
4109
4329
msgid "This will tell LXD to listen to port 8843 on all addresses."
4110
4330
msgstr ""
4111
4331
4112
#: serverguide/C/virtualization.xml:1069(title)
4332
#: serverguide/C/virtualization.xml:1137(title)
4113
4333
msgid "Authentication"
4114
4334
msgstr ""
4115
4335
4116
#: serverguide/C/virtualization.xml:1071(para)
4336
#: serverguide/C/virtualization.xml:1139(para)
4117
4337
msgid ""
4118
4338
"By default, LXD will allow all members of group 'lxd' (which by default "
4119
4339
"includes all members of group admin) to talk to it over the UNIX socket. "
4121
4341
"certificates."
4122
4342
msgstr ""
4123
4343
4124
#: serverguide/C/virtualization.xml:1077(para)
4344
#: serverguide/C/virtualization.xml:1145(para)
4125
4345
msgid ""
4126
4346
"Before client c1 wishes to use remote r1, r1 must be registered using:"
4127
4347
msgstr ""
4128
4348
4129
#: serverguide/C/virtualization.xml:1082(command)
4349
#: serverguide/C/virtualization.xml:1150(command)
4130
4350
msgid "lxc remote add r1 r1.example.com:8443"
4131
4351
msgstr ""
4132
4352
4133
#: serverguide/C/virtualization.xml:1087(para)
4353
#: serverguide/C/virtualization.xml:1155(para)
4134
4354
msgid ""
4135
4355
"The fingerprint of r1's certificate will be shown, to allow the user at c1 "
4136
4356
"to reject a false certificate. The server in turn will verify that c1 may be "
4138
4358
"already-registered client, using:"
4139
4359
msgstr ""
4140
4360
4141
#: serverguide/C/virtualization.xml:1095(command)
4361
#: serverguide/C/virtualization.xml:1163(command)
4142
4362
msgid "lxc config trust add r1 certfile.crt"
4143
4363
msgstr ""
4144
4364
4145
#: serverguide/C/virtualization.xml:1100(para)
4365
#: serverguide/C/virtualization.xml:1168(para)
4146
4366
msgid ""
4147
4367
"Now when the client adds r1 as a known remote, it will not need to provide a "
4148
4368
"password as it is already trusted by the server."
4149
4369
msgstr ""
4150
4370
4151
#: serverguide/C/virtualization.xml:1105(para)
4371
#: serverguide/C/virtualization.xml:1173(para)
4152
4372
msgid ""
4153
4373
"The other is to configure a 'trust password' with r1, either at initial "
4154
4374
"configuration using 'lxd init', or after the fact using"
4155
4375
msgstr ""
4156
4376
4157
#: serverguide/C/virtualization.xml:1111(command)
4377
#: serverguide/C/virtualization.xml:1179(command)
4158
4378
msgid "lxc config set core.trust_password PASSWORD"
4159
4379
msgstr ""
4160
4380
4161
#: serverguide/C/virtualization.xml:1116(para)
4381
#: serverguide/C/virtualization.xml:1184(para)
4162
4382
msgid ""
4163
4383
"The password can then be provided when the client registers r1 as a known "
4164
4384
"remote."
4165
4385
msgstr ""
4166
4386
4167
#: serverguide/C/virtualization.xml:1123(title)
4387
#: serverguide/C/virtualization.xml:1191(title)
4168
4388
msgid "Backing store"
4169
4389
msgstr ""
4170
4390
4171
#: serverguide/C/virtualization.xml:1125(para)
4391
#: serverguide/C/virtualization.xml:1193(para)
4172
4392
msgid ""
4173
4393
"LXD supports several backing stores. The recommended backing store is ZFS, "
4174
4394
"however this is not available on all platforms. Supported backing stores "
4175
4395
"include:"
4176
4396
msgstr ""
4177
4397
4178
#: serverguide/C/virtualization.xml:1133(para)
4398
#: serverguide/C/virtualization.xml:1201(para)
4179
4399
msgid ""
4180
4400
"ext4: this is the default, and easiest to use. With an ext4 backing store, "
4181
4401
"containers and images are simply stored as directories on the host "
4183
4403
"and 10 containers will take up 10 times as much space as one container."
4184
4404
msgstr ""
4185
4405
4186
#: serverguide/C/virtualization.xml:1142(para)
4406
#: serverguide/C/virtualization.xml:1210(para)
4187
4407
msgid ""
4188
4408
"ZFS: if ZFS is supported on your architecture (amd64, arm64, or ppc64le), "
4189
4409
"you can set LXD up to use it using 'lxd init'. If you already have a ZFS "
4191
4411
"configuration key:"
4192
4412
msgstr ""
4193
4413
4194
#: serverguide/C/virtualization.xml:1150(command)
4414
#: serverguide/C/virtualization.xml:1218(command)
4195
4415
msgid "lxc config set storage.zfs_pool_name lxd"
4196
4416
msgstr ""
4197
4417
4198
#: serverguide/C/virtualization.xml:1155(para)
4418
#: serverguide/C/virtualization.xml:1223(para)
4199
4419
msgid ""
4200
4420
"With ZFS, launching a new container is fast because the filesystem starts as "
4201
4421
"a copy on write clone of the images' filesystem. Note that unless the "
4204
4424
"little of the actual filesystem data."
4205
4425
msgstr ""
4206
4426
4207
#: serverguide/C/virtualization.xml:1165(para)
4427
#: serverguide/C/virtualization.xml:1233(para)
4208
4428
msgid ""
4209
4429
"Btrfs: btrfs can be used with many of the same advantages as ZFS. To use "
4210
4430
"BTRFS as a LXD backing store, simply mount a Btrfs filesystem under "
4213
4433
"container."
4214
4434
msgstr ""
4215
4435
4216
#: serverguide/C/virtualization.xml:1175(para)
4436
#: serverguide/C/virtualization.xml:1243(para)
4217
4437
msgid ""
4218
4438
"LVM: To use a LVM volume group called 'lxd', you may tell LXD to use that "
4219
4439
"for containers and images using the command"
4220
4440
msgstr ""
4221
4441
4222
#: serverguide/C/virtualization.xml:1181(command)
4442
#: serverguide/C/virtualization.xml:1249(command)
4223
4443
msgid "lxc config set storage.lvm_vg_name lxd"
4224
4444
msgstr ""
4225
4445
4226
#: serverguide/C/virtualization.xml:1186(para)
4446
#: serverguide/C/virtualization.xml:1254(para)
4227
4447
msgid ""
4228
4448
"When launching a new container, its rootfs will start as a lv clone. It is "
4229
4449
"immediately mounted so that the file uids can be shifted, then unmounted. "
4230
4450
"Container snapshots also are created as lv snapshots."
4231
4451
msgstr ""
4232
4452
4233
#: serverguide/C/virtualization.xml:1196(title)
4453
#: serverguide/C/virtualization.xml:1264(title)
4234
4454
msgid "Container configuration"
4235
4455
msgstr ""
4236
4456
4237
#: serverguide/C/virtualization.xml:1198(para)
4457
#: serverguide/C/virtualization.xml:1266(para)
4238
4458
msgid ""
4239
4459
"Containers are configured according to a set of profiles, described in the "
4240
4460
"next section, and a set of container-specific configuration. Profiles are "
4242
4462
"configuration."
4243
4463
msgstr ""
4244
4464
4245
#: serverguide/C/virtualization.xml:1205(para)
4465
#: serverguide/C/virtualization.xml:1273(para)
4246
4466
msgid ""
4247
4467
"Container configuration includes properties like the architecture, limits on "
4248
4468
"resources such as CPU and RAM, security details including apparmor "
4249
4469
"restriction overrides, and devices to apply to the container."
4250
4470
msgstr ""
4251
4471
4252
#: serverguide/C/virtualization.xml:1211(para)
4472
#: serverguide/C/virtualization.xml:1279(para)
4253
4473
msgid ""
4254
4474
"Devices can be of several types, including UNIX character, UNIX block, "
4255
4475
"network interface, or 'disk'. In order to insert a host mount into a "
4257
4477
"in container c1 at /opt, you could use:"
4258
4478
msgstr ""
4259
4479
4260
#: serverguide/C/virtualization.xml:1219(command)
4480
#: serverguide/C/virtualization.xml:1287(command)
4261
4481
msgid "lxc config device add c1 opt disk source=/opt path=opt"
4262
4482
msgstr ""
4263
4483
4264
#: serverguide/C/virtualization.xml:1224(para)
4484
#: serverguide/C/virtualization.xml:1292(para)
4265
4485
msgid "See:"
4266
4486
msgstr ""
4267
4487
4268
#: serverguide/C/virtualization.xml:1229(command)
4488
#: serverguide/C/virtualization.xml:1297(command)
4269
4489
msgid "lxc help config"
4270
4490
msgstr ""
4271
4491
4272
#: serverguide/C/virtualization.xml:1234(para)
4492
#: serverguide/C/virtualization.xml:1302(para)
4273
4493
msgid ""
4274
4494
"for more information about editing container configurations. You may also "
4275
4495
"use:"
4276
4496
msgstr ""
4277
4497
4278
#: serverguide/C/virtualization.xml:1240(command)
4498
#: serverguide/C/virtualization.xml:1308(command)
4279
4499
msgid "lxc config edit c1"
4280
4500
msgstr ""
4281
4501
4282
#: serverguide/C/virtualization.xml:1245(para)
4502
#: serverguide/C/virtualization.xml:1313(para)
4283
4503
msgid ""
4284
4504
"to edit the whole of c1's configuration in your specified $EDITOR. Comments "
4285
4505
"at the top of the configuration will show examples of correct syntax to help "
4287
4507
"valid when the $EDITOR is exited, then $EDITOR will be restarted."
4288
4508
msgstr ""
4289
4509
4290
#: serverguide/C/virtualization.xml:1255(title) serverguide/C/security.xml:1065(title)
4510
#: serverguide/C/virtualization.xml:1323(title) serverguide/C/security.xml:1065(title)
4291
4511
msgid "Profiles"
4292
4512
msgstr ""
4293
4513
4294
#: serverguide/C/virtualization.xml:1257(para)
4514
#: serverguide/C/virtualization.xml:1325(para)
4295
4515
msgid ""
4296
4516
"Profiles are named collections of configurations which may be applied to "
4297
4517
"more than one container. For instance, all containers created with 'lxc "
4299
4519
"interface 'eth0'."
4300
4520
msgstr ""
4301
4521
4302
#: serverguide/C/virtualization.xml:1264(para)
4522
#: serverguide/C/virtualization.xml:1332(para)
4303
4523
msgid ""
4304
4524
"To mask a device which would be inherited from a profile but which should "
4305
4525
"not be in the final container, define a device by the same name but of type "
4306
4526
"'none':"
4307
4527
msgstr ""
4308
4528
4309
#: serverguide/C/virtualization.xml:1271(command)
4529
#: serverguide/C/virtualization.xml:1339(command)
4310
4530
msgid "lxc config device add c1 eth1 none"
4311
4531
msgstr ""
4312
4532
4313
#: serverguide/C/virtualization.xml:1277(title) serverguide/C/virtualization.xml:1869(title)
4533
#: serverguide/C/virtualization.xml:1345(title) serverguide/C/virtualization.xml:1937(title)
4314
4534
msgid "Nesting"
4315
4535
msgstr ""
4316
4536
4317
#: serverguide/C/virtualization.xml:1279(para)
4537
#: serverguide/C/virtualization.xml:1347(para)
4318
4538
msgid ""
4319
4539
"Containers all share the same host kernel. This means that there is always "
4320
4540
"an inherent trade-off between features exposed to the container and host "
4324
4544
"must be set to true:"
4325
4545
msgstr ""
4326
4546
4327
#: serverguide/C/virtualization.xml:1289(command)
4547
#: serverguide/C/virtualization.xml:1357(command)
4328
4548
msgid "lxc config set container1 security.nesting true"
4329
4549
msgstr ""
4330
4550
4331
#: serverguide/C/virtualization.xml:1294(para)
4551
#: serverguide/C/virtualization.xml:1362(para)
4332
4552
msgid "Once this is done, container1 will be able to start sub-containers."
4333
4553
msgstr ""
4334
4554
4335
#: serverguide/C/virtualization.xml:1298(para)
4555
#: serverguide/C/virtualization.xml:1366(para)
4336
4556
msgid ""
4337
4557
"In order to run unprivileged (the default in LXD) containers nested under an "
4338
4558
"unprivileged container, you will need to ensure a wide enough UID mapping. "
4339
4559
"Please see the 'UID mapping' section below."
4340
4560
msgstr ""
4341
4561
4342
#: serverguide/C/virtualization.xml:1304(title)
4562
#: serverguide/C/virtualization.xml:1372(title)
4343
4563
msgid "Docker"
4344
4564
msgstr ""
4345
4565
4346
#: serverguide/C/virtualization.xml:1306(para)
4566
#: serverguide/C/virtualization.xml:1374(para)
4347
4567
msgid ""
4348
4568
"In order to facilitate running docker containers inside a LXD container, a "
4349
4569
"'docker' profile is provided. To launch a new container with the docker "
4350
4570
"profile, you can run:"
4351
4571
msgstr ""
4352
4572
4353
#: serverguide/C/virtualization.xml:1313(command)
4573
#: serverguide/C/virtualization.xml:1381(command)
4354
4574
msgid "lxc launch xenial container1 -p default -p docker"
4355
4575
msgstr ""
4356
4576
4357
#: serverguide/C/virtualization.xml:1318(para)
4577
#: serverguide/C/virtualization.xml:1386(para)
4358
4578
msgid ""
4359
4579
"Note that currently the docker package in Ubuntu 16.04 is patched to "
4360
4580
"facilitate running in a container. This support is expected to land upstream "
4361
4581
"soon."
4362
4582
msgstr ""
4363
4583
4364
#: serverguide/C/virtualization.xml:1324(para)
4584
#: serverguide/C/virtualization.xml:1392(para)
4365
4585
msgid ""
4366
4586
"Note that 'cgroup namespace' support is also required. This is available in "
4367
4587
"the 16.04 kernel as well as in the 4.6 upstream source."
4368
4588
msgstr ""
4369
4589
4370
#: serverguide/C/virtualization.xml:1333(title)
4590
#: serverguide/C/virtualization.xml:1401(title)
4371
4591
msgid "Limits"
4372
4592
msgstr ""
4373
4593
4374
#: serverguide/C/virtualization.xml:1335(para)
4594
#: serverguide/C/virtualization.xml:1403(para)
4375
4595
msgid ""
4376
4596
"LXD supports flexible constraints on the resources which containers can "
4377
4597
"consume. The limits come in the following categories:"
4378
4598
msgstr ""
4379
4599
4380
#: serverguide/C/virtualization.xml:1342(para)
4600
#: serverguide/C/virtualization.xml:1410(para)
4381
4601
msgid "CPU: limit cpu available to the container in several ways."
4382
4602
msgstr ""
4383
4603
4384
#: serverguide/C/virtualization.xml:1345(para)
4604
#: serverguide/C/virtualization.xml:1413(para)
4385
4605
msgid "Disk: configure the priority of I/O requests under load"
4386
4606
msgstr ""
4387
4607
4388
#: serverguide/C/virtualization.xml:1348(para)
4608
#: serverguide/C/virtualization.xml:1416(para)
4389
4609
msgid "RAM: configure memory and swap availability"
4390
4610
msgstr ""
4391
4611
4392
#: serverguide/C/virtualization.xml:1351(para)
4612
#: serverguide/C/virtualization.xml:1419(para)
4393
4613
msgid "Network: configure the network priority under load"
4394
4614
msgstr ""
4395
4615
4396
#: serverguide/C/virtualization.xml:1354(para)
4616
#: serverguide/C/virtualization.xml:1422(para)
4397
4617
msgid "Processes: limit the number of concurrent processes in the container."
4398
4618
msgstr ""
4399
4619
4400
#: serverguide/C/virtualization.xml:1358(para)
4620
#: serverguide/C/virtualization.xml:1426(para)
4401
4621
msgid ""
4402
4622
"For a full list of limits known to LXD, see <ulink "
4403
4623
"url=\"https://github.com/lxc/lxd/blob/master/doc/configuration.md\"> the "
4404
4624
"configuration documentation</ulink>."
4405
4625
msgstr ""
4406
4626
4407
#: serverguide/C/virtualization.xml:1366(title)
4627
#: serverguide/C/virtualization.xml:1434(title)
4408
4628
msgid "UID mappings and Privileged containers"
4409
4629
msgstr ""
4410
4630
4411
#: serverguide/C/virtualization.xml:1368(para)
4631
#: serverguide/C/virtualization.xml:1436(para)
4412
4632
msgid ""
4413
4633
"By default, LXD creates unprivileged containers. This means that root in the "
4414
4634
"container is a non-root UID on the host. It is privileged against the "
4418
4638
"the system call interface)"
4419
4639
msgstr ""
4420
4640
4421
#: serverguide/C/virtualization.xml:1377(para)
4641
#: serverguide/C/virtualization.xml:1445(para)
4422
4642
msgid ""
4423
4643
"Briefly, in an unprivileged container, 65536 UIDs are 'shifted' into the "
4424
4644
"container. For instance, UID 0 in the container may be 100000 on the host, "
4430
4650
"subuid(5) manual page</ulink>."
4431
4651
msgstr ""
4432
4652
4433
#: serverguide/C/virtualization.xml:1387(para)
4653
#: serverguide/C/virtualization.xml:1455(para)
4434
4654
msgid ""
4435
4655
"It is possible to request a container to run without a UID mapping by "
4436
4656
"setting the security.privileged flag to true:"
4437
4657
msgstr ""
4438
4658
4439
#: serverguide/C/virtualization.xml:1393(command)
4659
#: serverguide/C/virtualization.xml:1461(command)
4440
4660
msgid "lxc config set c1 security.privileged true"
4441
4661
msgstr ""
4442
4662
4443
#: serverguide/C/virtualization.xml:1398(para)
4663
#: serverguide/C/virtualization.xml:1466(para)
4444
4664
msgid ""
4445
4665
"Note however that in this case the root user in the container is the root "
4446
4666
"user on the host."
4447
4667
msgstr ""
4448
4668
4449
#: serverguide/C/virtualization.xml:1405(title) serverguide/C/virtualization.xml:2144(title)
4669
#: serverguide/C/virtualization.xml:1473(title) serverguide/C/virtualization.xml:2212(title)
4450
4670
msgid "Apparmor"
4451
4671
msgstr ""
4452
4672
4453
#: serverguide/C/virtualization.xml:1407(para)
4673
#: serverguide/C/virtualization.xml:1475(para)
4454
4674
msgid ""
4455
4675
"LXD confines containers by default with an apparmor profile which protects "
4456
4676
"containers from each other and the host from containers. For instance this "
4460
4680
"/proc/sysrq-trigger</filename>."
4461
4681
msgstr ""
4462
4682
4463
#: serverguide/C/virtualization.xml:1416(para)
4683
#: serverguide/C/virtualization.xml:1484(para)
4464
4684
msgid ""
4465
4685
"If the apparmor policy for a container needs to be modified for a container "
4466
4686
"c1, specific apparmor policy lines can be added in the 'raw.apparmor' "
4467
4687
"configuration key."
4468
4688
msgstr ""
4469
4689
4470
#: serverguide/C/virtualization.xml:1424(title)
4690
#: serverguide/C/virtualization.xml:1492(title)
4471
4691
msgid "Seccomp"
4472
4692
msgstr ""
4473
4693
4474
#: serverguide/C/virtualization.xml:1426(para)
4694
#: serverguide/C/virtualization.xml:1494(para)
4475
4695
msgid ""
4476
4696
"All containers are confined by a default seccomp policy. This policy "
4477
4697
"prevents some dangerous actions such as forced umounts, kernel module "
4480
4700
"seccomp policy - or none - can be requested using raw.lxc (see below)."
4481
4701
msgstr ""
4482
4702
4483
#: serverguide/C/virtualization.xml:1436(title)
4703
#: serverguide/C/virtualization.xml:1504(title)
4484
4704
msgid "Raw LXC configuration"
4485
4705
msgstr ""
4486
4706
4487
#: serverguide/C/virtualization.xml:1438(para)
4707
#: serverguide/C/virtualization.xml:1506(para)
4488
4708
msgid ""
4489
4709
"LXD configures containers for the best balance of host safety and container "
4490
4710
"usability. Whenever possible it is highly recommended to use the defaults, "
4497
4717
".html\"> the lxc.container.conf(5) manual page</ulink>."
4498
4718
msgstr ""
4499
4719
4500
#: serverguide/C/virtualization.xml:1457(title)
4720
#: serverguide/C/virtualization.xml:1525(title)
4501
4721
msgid "Images and containers"
4502
4722
msgstr ""
4503
4723
4504
#: serverguide/C/virtualization.xml:1459(para)
4724
#: serverguide/C/virtualization.xml:1527(para)
4505
4725
msgid ""
4506
4726
"LXD is image based. When you create your first container, you will generally "
4507
4727
"do so using an existing image. LXD comes pre-configured with three default "
4508
4728
"image remotes:"
4509
4729
msgstr ""
4510
4730
4511
#: serverguide/C/virtualization.xml:1467(para)
4731
#: serverguide/C/virtualization.xml:1535(para)
4512
4732
msgid ""
4513
4733
"ubuntu: This is a <ulink "
4514
4734
"url=\"https://launchpad.net/simplestreams\">simplestreams-based</ulink> "
4515
4735
"remote serving released ubuntu cloud images."
4516
4736
msgstr ""
4517
4737
4518
#: serverguide/C/virtualization.xml:1472(para)
4738
#: serverguide/C/virtualization.xml:1540(para)
4519
4739
msgid ""
4520
4740
"ubuntu-daily: This is another simplestreams based remote which serves "
4521
4741
"'daily' ubuntu cloud images. These provide quicker but potentially less "
4522
4742
"stable images."
4523
4743
msgstr ""
4524
4744
4525
#: serverguide/C/virtualization.xml:1478(para)
4745
#: serverguide/C/virtualization.xml:1546(para)
4526
4746
msgid ""
4527
4747
"images: This is a remote publishing best-effort container images for many "
4528
4748
"distributions, created using community-provided build scripts."
4529
4749
msgstr ""
4530
4750
4531
#: serverguide/C/virtualization.xml:1483(para)
4751
#: serverguide/C/virtualization.xml:1551(para)
4532
4752
msgid "To view the images available on one of these servers, you can use:"
4533
4753
msgstr ""
4534
4754
4535
#: serverguide/C/virtualization.xml:1493(para)
4755
#: serverguide/C/virtualization.xml:1561(para)
4536
4756
msgid ""
4537
4757
"Most of the images are known by several aliases for easier reference. To see "
4538
4758
"the full list of aliases, you can use"
4539
4759
msgstr ""
4540
4760
4541
#: serverguide/C/virtualization.xml:1499(command)
4761
#: serverguide/C/virtualization.xml:1567(command)
4542
4762
msgid "lxc image alias list images:"
4543
4763
msgstr ""
4544
4764
4545
#: serverguide/C/virtualization.xml:1504(para)
4765
#: serverguide/C/virtualization.xml:1572(para)
4546
4766
msgid ""
4547
4767
"Any alias or image fingerprint can be used to specify how to create the new "
4548
4768
"container. For instance, to create an amd64 Ubuntu 14.04 container, some "
4549
4769
"options are:"
4550
4770
msgstr ""
4551
4771
4552
#: serverguide/C/virtualization.xml:1511(command)
4772
#: serverguide/C/virtualization.xml:1579(command)
4553
4773
msgid ""
4554
4774
"lxc launch ubuntu:14.04 trusty1 lxc launch ubuntu:trusty trusty1 lxc launch "
4555
4775
"ubuntu:trusty/amd64 trusty1 lxc launch ubuntu:lts trusty1"
4556
4776
msgstr ""
4557
4777
4558
#: serverguide/C/virtualization.xml:1519(para)
4778
#: serverguide/C/virtualization.xml:1587(para)
4559
4779
msgid "The 'lts' alias always refers to the latest released LTS image."
4560
4780
msgstr ""
4561
4781
4562
#: serverguide/C/virtualization.xml:1523(title) serverguide/C/virtualization.xml:2352(title)
4782
#: serverguide/C/virtualization.xml:1591(title) serverguide/C/virtualization.xml:2420(title)
4563
4783
msgid "Snapshots"
4564
4784
msgstr ""
4565
4785
4566
#: serverguide/C/virtualization.xml:1525(para)
4786
#: serverguide/C/virtualization.xml:1593(para)
4567
4787
msgid ""
4568
4788
"Containers can be renamed and live-migrated using the 'lxc move' command:"
4569
4789
msgstr ""
4570
4790
4571
#: serverguide/C/virtualization.xml:1530(command)
4791
#: serverguide/C/virtualization.xml:1598(command)
4572
4792
msgid "lxc move c1 final-beta"
4573
4793
msgstr ""
4574
4794
4575
#: serverguide/C/virtualization.xml:1535(para)
4795
#: serverguide/C/virtualization.xml:1603(para)
4576
4796
msgid "They can also be snapshotted:"
4577
4797
msgstr ""
4578
4798
4579
#: serverguide/C/virtualization.xml:1540(command)
4799
#: serverguide/C/virtualization.xml:1608(command)
4580
4800
msgid "lxc snapshot c1 YYYY-MM-DD"
4581
4801
msgstr ""
4582
4802
4583
#: serverguide/C/virtualization.xml:1545(para)
4803
#: serverguide/C/virtualization.xml:1613(para)
4584
4804
msgid "Later changes to c1 can then be reverted by restoring the snapshot:"
4585
4805
msgstr ""
4586
4806
4587
#: serverguide/C/virtualization.xml:1550(command)
4807
#: serverguide/C/virtualization.xml:1618(command)
4588
4808
msgid "lxc restore u1 YYYY-MM-DD"
4589
4809
msgstr ""
4590
4810
4591
#: serverguide/C/virtualization.xml:1555(para)
4811
#: serverguide/C/virtualization.xml:1623(para)
4592
4812
msgid ""
4593
4813
"New containers can also be created by copying a container or snapshot:"
4594
4814
msgstr ""
4595
4815
4596
#: serverguide/C/virtualization.xml:1560(command)
4816
#: serverguide/C/virtualization.xml:1628(command)
4597
4817
msgid "lxc copy u1/YYYY-MM-DD testcontainer"
4598
4818
msgstr ""
4599
4819
4600
#: serverguide/C/virtualization.xml:1567(title)
4820
#: serverguide/C/virtualization.xml:1635(title)
4601
4821
msgid "Publishing images"
4602
4822
msgstr ""
4603
4823
4604
#: serverguide/C/virtualization.xml:1569(para)
4824
#: serverguide/C/virtualization.xml:1637(para)
4605
4825
msgid ""
4606
4826
"When a container or container snapshot is ready for consumption by others, "
4607
4827
"it can be published as a new image using;"
4608
4828
msgstr ""
4609
4829
4610
#: serverguide/C/virtualization.xml:1575(command)
4830
#: serverguide/C/virtualization.xml:1643(command)
4611
4831
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0"
4612
4832
msgstr ""
4613
4833
4614
#: serverguide/C/virtualization.xml:1580(para)
4834
#: serverguide/C/virtualization.xml:1648(para)
4615
4835
msgid ""
4616
4836
"The published image will be private by default, meaning that LXD will not "
4617
4837
"allow clients without a trusted certificate to see them. If the image is "
4619
4839
"'public' flag can be set, either at publish time using"
4620
4840
msgstr ""
4621
4841
4622
#: serverguide/C/virtualization.xml:1588(command)
4842
#: serverguide/C/virtualization.xml:1656(command)
4623
4843
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0 public=true"
4624
4844
msgstr ""
4625
4845
4626
#: serverguide/C/virtualization.xml:1593(para)
4846
#: serverguide/C/virtualization.xml:1661(para)
4627
4847
msgid "or after the fact using"
4628
4848
msgstr ""
4629
4849
4630
#: serverguide/C/virtualization.xml:1598(command)
4850
#: serverguide/C/virtualization.xml:1666(command)
4631
4851
msgid "lxc image edit foo-2.0"
4632
4852
msgstr ""
4633
4853
4634
#: serverguide/C/virtualization.xml:1603(para)
4854
#: serverguide/C/virtualization.xml:1671(para)
4635
4855
msgid "and changing the value of the public field."
4636
4856
msgstr ""
4637
4857
4638
#: serverguide/C/virtualization.xml:1609(title)
4858
#: serverguide/C/virtualization.xml:1677(title)
4639
4859
msgid "Image export and import"
4640
4860
msgstr ""
4641
4861
4642
#: serverguide/C/virtualization.xml:1611(para)
4862
#: serverguide/C/virtualization.xml:1679(para)
4643
4863
msgid "Image can be exported as, and imported from, tarballs:"
4644
4864
msgstr ""
4645
4865
4646
#: serverguide/C/virtualization.xml:1616(command)
4866
#: serverguide/C/virtualization.xml:1684(command)
4647
4867
msgid ""
4648
4868
"lxc image export foo-2.0 foo-2.0.tar.gz lxc image import foo-2.0.tar.gz --"
4649
4869
"alias foo-2.0 --public"
4650
4870
msgstr ""
4651
4871
4652
#: serverguide/C/virtualization.xml:1625(title) serverguide/C/virtualization.xml:2505(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4872
#: serverguide/C/virtualization.xml:1693(title) serverguide/C/virtualization.xml:2573(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4653
4873
msgid "Troubleshooting"
4654
4874
msgstr ""
4655
4875
4656
#: serverguide/C/virtualization.xml:1627(para)
4876
#: serverguide/C/virtualization.xml:1695(para)
4657
4877
msgid ""
4658
4878
"To view debug information about LXD itself, on a systemd based host use"
4659
4879
msgstr ""
4660
4880
4661
#: serverguide/C/virtualization.xml:1632(command)
4881
#: serverguide/C/virtualization.xml:1700(command)
4662
4882
msgid "journalctl -u LXD"
4663
4883
msgstr ""
4664
4884
4665
#: serverguide/C/virtualization.xml:1637(para)
4885
#: serverguide/C/virtualization.xml:1705(para)
4666
4886
msgid ""
4667
4887
"On an Upstart-based system, you can find the log in "
4668
4888
"<filename>/var/log/upstart/lxd.log</filename>. To make LXD provide much more "
4673
4893
"<filename>/etc/init/lxd.conf</filename>."
4674
4894
msgstr ""
4675
4895
4676
#: serverguide/C/virtualization.xml:1647(para)
4896
#: serverguide/C/virtualization.xml:1715(para)
4677
4897
msgid "Container logfiles for container c1 may be seen using:"
4678
4898
msgstr ""
4679
4899
4680
#: serverguide/C/virtualization.xml:1652(command)
4900
#: serverguide/C/virtualization.xml:1720(command)
4681
4901
msgid "lxc info c1 --show-log"
4682
4902
msgstr ""
4683
4903
4684
#: serverguide/C/virtualization.xml:1657(para)
4904
#: serverguide/C/virtualization.xml:1725(para)
4685
4905
msgid ""
4686
4906
"The configuration file which was used may be found under <filename> "
4687
4907
"/var/log/lxd/c1/lxc.conf</filename> while apparmor profiles can be found in "
4689
4909
"profiles in <filename> /var/lib/lxd/security/seccomp/c1</filename>."
4690
4910
msgstr ""
4691
4911
4692
#: serverguide/C/virtualization.xml:1667(title)
4912
#: serverguide/C/virtualization.xml:1735(title)
4693
4913
msgid "LXC"
4694
4914
msgstr ""
4695
4915
4696
#: serverguide/C/virtualization.xml:1669(para)
4916
#: serverguide/C/virtualization.xml:1737(para)
4697
4917
msgid ""
4698
4918
"Containers are a lightweight virtualization technology. They are more akin "
4699
4919
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
4705
4925
"and OpenVZ functionality."
4706
4926
msgstr ""
4707
4927
4708
#: serverguide/C/virtualization.xml:1679(para)
4928
#: serverguide/C/virtualization.xml:1747(para)
4709
4929
msgid ""
4710
4930
"There are two user-space implementations of containers, each exploiting the "
4711
4931
"same kernel features. Libvirt allows the use of containers through the LXC "
4716
4936
"there are peculiarities which can cause confusion."
4717
4937
msgstr ""
4718
4938
4719
#: serverguide/C/virtualization.xml:1688(para)
4939
#: serverguide/C/virtualization.xml:1756(para)
4720
4940
msgid ""
4721
4941
"In this document we will mainly describe the <application>lxc</application> "
4722
4942
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
4723
4943
"Apparmor protection for libvirt-lxc containers."
4724
4944
msgstr ""
4725
4945
4726
#: serverguide/C/virtualization.xml:1693(para)
4946
#: serverguide/C/virtualization.xml:1761(para)
4727
4947
msgid "In this document, a container name will be shown as CN, C1, or C2."
4728
4948
msgstr ""
4729
4949
4730
#: serverguide/C/virtualization.xml:1699(para)
4950
#: serverguide/C/virtualization.xml:1767(para)
4731
4951
msgid "The <application>lxc</application> package can be installed using"
4732
4952
msgstr ""
4733
4953
4734
#: serverguide/C/virtualization.xml:1703(command)
4954
#: serverguide/C/virtualization.xml:1771(command)
4735
4955
msgid "sudo apt install lxc"
4736
4956
msgstr ""
4737
4957
4738
#: serverguide/C/virtualization.xml:1708(para)
4958
#: serverguide/C/virtualization.xml:1776(para)
4739
4959
msgid ""
4740
4960
"This will pull in the required and recommended dependencies, as well as set "
4741
4961
"up a network bridge for containers to use. If you wish to use unprivileged "
4744
4964
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
4745
4965
msgstr ""
4746
4966
4747
#: serverguide/C/virtualization.xml:1718(title) serverguide/C/vcs.xml:111(title)
4967
#: serverguide/C/virtualization.xml:1786(title) serverguide/C/vcs.xml:111(title)
4748
4968
msgid "Basic usage"
4749
4969
msgstr ""
4750
4970
4751
#: serverguide/C/virtualization.xml:1719(para)
4971
#: serverguide/C/virtualization.xml:1787(para)
4752
4972
msgid ""
4753
4973
"LXC can be used in two distinct ways - privileged, by running the lxc "
4754
4974
"commands as the root user; or unprivileged, by running the lxc commands as a "
4759
4979
"in the container is mapped to a non-root userid on the host."
4760
4980
msgstr ""
4761
4981
4762
#: serverguide/C/virtualization.xml:1731(title)
4982
#: serverguide/C/virtualization.xml:1799(title)
4763
4983
msgid "Basic privileged usage"
4764
4984
msgstr ""
4765
4985
4766
#: serverguide/C/virtualization.xml:1732(para)
4986
#: serverguide/C/virtualization.xml:1800(para)
4767
4987
msgid "To create a privileged container, you can simply do:"
4768
4988
msgstr ""
4769
4989
4770
#: serverguide/C/virtualization.xml:1736(command)
4990
#: serverguide/C/virtualization.xml:1804(command)
4771
4991
msgid "sudo lxc-create --template download --name u1"
4772
4992
msgstr ""
4773
4993
4774
#: serverguide/C/virtualization.xml:1740(command)
4994
#: serverguide/C/virtualization.xml:1808(command)
4775
4995
msgid "sudo lxc-create -t download -n u1"
4776
4996
msgstr ""
4777
4997
4778
#: serverguide/C/virtualization.xml:1735(screen)
4998
#: serverguide/C/virtualization.xml:1803(screen)
4779
4999
#, no-wrap
4780
5000
msgid ""
4781
5001
"\n"
4784
5004
"<placeholder-2/>\n"
4785
5005
msgstr ""
4786
5006
4787
#: serverguide/C/virtualization.xml:1744(para)
5007
#: serverguide/C/virtualization.xml:1812(para)
4788
5008
msgid ""
4789
5009
"This will interactively ask for a container root filesystem type to download "
4790
5010
"- in particular the distribution, release, and architecture. To create the "
4792
5012
"line:"
4793
5013
msgstr ""
4794
5014
4795
#: serverguide/C/virtualization.xml:1751(command)
5015
#: serverguide/C/virtualization.xml:1819(command)
4796
5016
msgid ""
4797
5017
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release xenial --arch "
4798
5018
"amd64"
4799
5019
msgstr ""
4800
5020
4801
#: serverguide/C/virtualization.xml:1755(command)
5021
#: serverguide/C/virtualization.xml:1823(command)
4802
5022
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64"
4803
5023
msgstr ""
4804
5024
4805
#: serverguide/C/virtualization.xml:1750(screen)
5025
#: serverguide/C/virtualization.xml:1818(screen)
4806
5026
#, no-wrap
4807
5027
msgid ""
4808
5028
"\n"
4811
5031
"<placeholder-2/>\n"
4812
5032
msgstr ""
4813
5033
4814
#: serverguide/C/virtualization.xml:1760(para)
5034
#: serverguide/C/virtualization.xml:1828(para)
4815
5035
msgid ""
4816
5036
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
4817
5037
"info</command> to obtain detailed container information, <command>lxc-"
4823
5043
"look like:"
4824
5044
msgstr ""
4825
5045
4826
#: serverguide/C/virtualization.xml:1771(command)
5046
#: serverguide/C/virtualization.xml:1839(command)
4827
5047
msgid ""
4828
5048
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
4829
5049
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
4830
5050
msgstr ""
4831
5051
4832
#: serverguide/C/virtualization.xml:1783(title)
5052
#: serverguide/C/virtualization.xml:1851(title)
4833
5053
msgid "User namespaces"
4834
5054
msgstr ""
4835
5055
4836
#: serverguide/C/virtualization.xml:1784(para)
5056
#: serverguide/C/virtualization.xml:1852(para)
4837
5057
msgid ""
4838
5058
"Unprivileged containers allow users to create and administer containers "
4839
5059
"without having any root privilege. The feature underpinning this is called "
4850
5070
"convention started at id 100000 to avoid conflicting with system users."
4851
5071
msgstr ""
4852
5072
4853
#: serverguide/C/virtualization.xml:1802(para)
5073
#: serverguide/C/virtualization.xml:1870(para)
4854
5074
msgid ""
4855
5075
"If a user was created on an earlier release, it can be granted a range of "
4856
5076
"ids using <command>usermod</command>, as follows:"
4857
5077
msgstr ""
4858
5078
4859
#: serverguide/C/virtualization.xml:1807(command)
5079
#: serverguide/C/virtualization.xml:1875(command)
4860
5080
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
4861
5081
msgstr ""
4862
5082
4863
#: serverguide/C/virtualization.xml:1812(para)
5083
#: serverguide/C/virtualization.xml:1880(para)
4864
5084
msgid ""
4865
5085
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
4866
5086
"are setuid-root programs in the <filename>uidmap</filename> package, which "
4869
5089
"authorized by the host configuration."
4870
5090
msgstr ""
4871
5091
4872
#: serverguide/C/virtualization.xml:1823(title)
5092
#: serverguide/C/virtualization.xml:1891(title)
4873
5093
msgid "Basic unprivileged usage"
4874
5094
msgstr ""
4875
5095
4876
#: serverguide/C/virtualization.xml:1827(para)
5096
#: serverguide/C/virtualization.xml:1895(para)
4877
5097
msgid ""
4878
5098
"To create unprivileged containers, a few first steps are needed. You will "
4879
5099
"need to create a default container configuration file, specifying your "
4883
5103
"your actual user and group id ranges and modify the example accordingly:"
4884
5104
msgstr ""
4885
5105
4886
#: serverguide/C/virtualization.xml:1837(command)
5106
#: serverguide/C/virtualization.xml:1905(command)
4887
5107
msgid "grep $USER /etc/subuid grep $USER /etc/subgid"
4888
5108
msgstr ""
4889
5109
4890
#: serverguide/C/virtualization.xml:1843(command)
5110
#: serverguide/C/virtualization.xml:1911(command)
4891
5111
msgid ""
4892
5112
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
4893
5113
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
4897
5117
"/etc/lxc/lxc-usernet"
4898
5118
msgstr ""
4899
5119
4900
#: serverguide/C/virtualization.xml:1853(para)
5120
#: serverguide/C/virtualization.xml:1921(para)
4901
5121
msgid ""
4902
5122
"After this, you can create unprivileged containers the same way as "
4903
5123
"privileged ones, simply without using sudo."
4904
5124
msgstr ""
4905
5125
4906
#: serverguide/C/virtualization.xml:1858(command)
5126
#: serverguide/C/virtualization.xml:1926(command)
4907
5127
msgid ""
4908
5128
"lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64 lxc-start -n u1 "
4909
5129
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
4910
5130
msgstr ""
4911
5131
4912
#: serverguide/C/virtualization.xml:1870(para)
5132
#: serverguide/C/virtualization.xml:1938(para)
4913
5133
msgid ""
4914
5134
"In order to run containers inside containers - referred to as nested "
4915
5135
"containers - two lines must be present in the parent container configuration "
4926
5146
"information."
4927
5147
msgstr ""
4928
5148
4929
#: serverguide/C/virtualization.xml:1892(title)
5149
#: serverguide/C/virtualization.xml:1960(title)
4930
5150
msgid "Global configuration"
4931
5151
msgstr ""
4932
5152
4933
#: serverguide/C/virtualization.xml:1899(para)
5153
#: serverguide/C/virtualization.xml:1967(para)
4934
5154
msgid ""
4935
5155
"<filename>lxc.conf</filename> may optionally specify alternate values for "
4936
5156
"several lxc settings, including the lxcpath, the default configuration, "
4938
5158
"lvm and zfs."
4939
5159
msgstr ""
4940
5160
4941
#: serverguide/C/virtualization.xml:1905(para)
5161
#: serverguide/C/virtualization.xml:1973(para)
4942
5162
msgid ""
4943
5163
"<filename>default.conf</filename> specifies configuration which every newly "
4944
5164
"created container should contain. This usually contains at least a network "
4945
5165
"section, and, for unprivileged users, an id mapping section"
4946
5166
msgstr ""
4947
5167
4948
#: serverguide/C/virtualization.xml:1911(para)
5168
#: serverguide/C/virtualization.xml:1979(para)
4949
5169
msgid ""
4950
5170
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
4951
5171
"connect their containers to the host-owned network."
4952
5172
msgstr ""
4953
5173
4954
#: serverguide/C/virtualization.xml:1893(para)
5174
#: serverguide/C/virtualization.xml:1961(para)
4955
5175
msgid ""
4956
5176
"The following configuration files are consulted by LXC. For privileged use, "
4957
5177
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
4958
5178
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
4959
5179
msgstr ""
4960
5180
4961
#: serverguide/C/virtualization.xml:1916(para)
5181
#: serverguide/C/virtualization.xml:1984(para)
4962
5182
msgid ""
4963
5183
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
4964
5184
"under <filename>/etc/lxc</filename> and "
4966
5186
"usernet.conf</filename> is only host-wide."
4967
5187
msgstr ""
4968
5188
4969
#: serverguide/C/virtualization.xml:1921(para)
5189
#: serverguide/C/virtualization.xml:1989(para)
4970
5190
msgid ""
4971
5191
"By default, containers are located under /var/lib/lxc for the root user, and "
4972
5192
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
4973
5193
"commands using the \"-P|--lxcpath\" argument."
4974
5194
msgstr ""
4975
5195
4976
#: serverguide/C/virtualization.xml:1930(title) serverguide/C/network-config.xml:11(title)
5196
#: serverguide/C/virtualization.xml:1998(title) serverguide/C/network-config.xml:11(title)
4977
5197
msgid "Networking"
4978
5198
msgstr ""
4979
5199
4980
#: serverguide/C/virtualization.xml:1931(para)
5200
#: serverguide/C/virtualization.xml:1999(para)
4981
5201
msgid ""
4982
5202
"By default LXC creates a private network namespace for each container, which "
4983
5203
"includes a layer 2 networking stack. Containers usually connect to the "
4989
5209
"container is not usable on the host."
4990
5210
msgstr ""
4991
5211
4992
#: serverguide/C/virtualization.xml:1939(para)
5212
#: serverguide/C/virtualization.xml:2007(para)
4993
5213
msgid ""
4994
5214
"It is possible to create a container without a private network namespace. In "
4995
5215
"this case, the container will have access to the host networking like any "
4999
5219
"Unix domain socket to the host's upstart, and shut down the host."
5000
5220
msgstr ""
5001
5221
5002
#: serverguide/C/virtualization.xml:1945(para)
5222
#: serverguide/C/virtualization.xml:2013(para)
5003
5223
msgid ""
5004
5224
"To give containers on lxcbr0 a persistent ip address based on domain name, "
5005
5225
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
5009
5229
"</screen>"
5010
5230
msgstr ""
5011
5231
5012
#: serverguide/C/virtualization.xml:1953(para)
5232
#: serverguide/C/virtualization.xml:2021(para)
5013
5233
msgid ""
5014
5234
"If it is desirable for the container to be publicly accessible, there are a "
5015
5235
"few ways to go about it. One is to use <command>iptables</command> to "
5028
5248
"are preferred and more commonly used."
5029
5249
msgstr ""
5030
5250
5031
#: serverguide/C/virtualization.xml:1974(para)
5251
#: serverguide/C/virtualization.xml:2042(para)
5032
5252
msgid ""
5033
5253
"There are several ways to determine the ip address for a container. First, "
5034
5254
"you can use <command>lxc-ls --fancy</command> which will print the ip "
5044
5264
"</screen>"
5045
5265
msgstr ""
5046
5266
5047
#: serverguide/C/virtualization.xml:1989(para)
5267
#: serverguide/C/virtualization.xml:2057(para)
5048
5268
msgid ""
5049
5269
"For more information, see the lxc.conf manpage as well as the example "
5050
5270
"network configurations under "
5051
5271
"<filename>/usr/share/doc/lxc/examples/</filename>."
5052
5272
msgstr ""
5053
5273
5054
#: serverguide/C/virtualization.xml:1995(title)
5274
#: serverguide/C/virtualization.xml:2063(title)
5055
5275
msgid "LXC startup"
5056
5276
msgstr ""
5057
5277
5058
#: serverguide/C/virtualization.xml:1997(para)
5278
#: serverguide/C/virtualization.xml:2065(para)
5059
5279
msgid ""
5060
5280
"LXC does not have a long-running daemon. However it does have three upstart "
5061
5281
"jobs."
5062
5282
msgstr ""
5063
5283
5064
#: serverguide/C/virtualization.xml:2003(para)
5284
#: serverguide/C/virtualization.xml:2071(para)
5065
5285
msgid ""
5066
5286
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
5067
5287
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
5068
5288
"(true by default). It sets up a NATed bridge for containers to use."
5069
5289
msgstr ""
5070
5290
5071
#: serverguide/C/virtualization.xml:2011(para)
5291
#: serverguide/C/virtualization.xml:2079(para)
5072
5292
msgid ""
5073
5293
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
5074
5294
"optionally starts any autostart containers. The autostart containers will be "
5077
5297
"more information on autostarted containers."
5078
5298
msgstr ""
5079
5299
5080
#: serverguide/C/virtualization.xml:2021(para)
5300
#: serverguide/C/virtualization.xml:2089(para)
5081
5301
msgid ""
5082
5302
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
5083
5303
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
5084
5304
msgstr ""
5085
5305
5086
#: serverguide/C/virtualization.xml:2030(title)
5306
#: serverguide/C/virtualization.xml:2098(title)
5087
5307
msgid "Backing Stores"
5088
5308
msgstr ""
5089
5309
5090
#: serverguide/C/virtualization.xml:2031(para)
5310
#: serverguide/C/virtualization.xml:2099(para)
5091
5311
msgid ""
5092
5312
"LXC supports several backing stores for container root filesystems. The "
5093
5313
"default is a simple directory backing store, because it requires no prior "
5102
5322
"<filename>$lxcpath/C1/rootfs</filename>."
5103
5323
msgstr ""
5104
5324
5105
#: serverguide/C/virtualization.xml:2045(para)
5325
#: serverguide/C/virtualization.xml:2113(para)
5106
5326
msgid ""
5107
5327
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
5108
5328
"backed container, with a rootfs called "
5110
5330
" Other backing store types include loop, btrfs, LVM and zfs."
5111
5331
msgstr ""
5112
5332
5113
#: serverguide/C/virtualization.xml:2053(para)
5333
#: serverguide/C/virtualization.xml:2121(para)
5114
5334
msgid ""
5115
5335
"A btrfs backed container mostly looks like a directory backed container, "
5116
5336
"with its root filesystem in the same location. However, the root filesystem "
5118
5338
"snapshot."
5119
5339
msgstr ""
5120
5340
5121
#: serverguide/C/virtualization.xml:2060(para)
5341
#: serverguide/C/virtualization.xml:2128(para)
5122
5342
msgid ""
5123
5343
"The root filesystem for an LVM backed container can be any separate LV. The "
5124
5344
"default VG name can be specified in lxc.conf. The filesystem type and size "
5125
5345
"are configurable per-container using lxc-create."
5126
5346
msgstr ""
5127
5347
5128
#: serverguide/C/virtualization.xml:2066(para)
5348
#: serverguide/C/virtualization.xml:2134(para)
5129
5349
msgid ""
5130
5350
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
5131
5351
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
5133
5353
"in lxc.system.conf."
5134
5354
msgstr ""
5135
5355
5136
#: serverguide/C/virtualization.xml:2073(para)
5356
#: serverguide/C/virtualization.xml:2141(para)
5137
5357
msgid ""
5138
5358
"More information on creating containers with the various backing stores can "
5139
5359
"be found in the lxc-create manual page."
5140
5360
msgstr ""
5141
5361
5142
#: serverguide/C/virtualization.xml:2080(title)
5362
#: serverguide/C/virtualization.xml:2148(title)
5143
5363
msgid "Templates"
5144
5364
msgstr ""
5145
5365
5146
#: serverguide/C/virtualization.xml:2081(para)
5366
#: serverguide/C/virtualization.xml:2149(para)
5147
5367
msgid ""
5148
5368
"Creating a container generally involves creating a root filesystem for the "
5149
5369
"container. <command>lxc-create</command> delegates this work to "
5154
5374
"others."
5155
5375
msgstr ""
5156
5376
5157
#: serverguide/C/virtualization.xml:2090(para)
5377
#: serverguide/C/virtualization.xml:2158(para)
5158
5378
msgid ""
5159
5379
"Creating distribution images in most cases requires the ability to create "
5160
5380
"device nodes, often requires tools which are not available in other "
5165
5385
"could not for instance easily run the <command>debootstrap</command> command."
5166
5386
msgstr ""
5167
5387
5168
#: serverguide/C/virtualization.xml:2100(para)
5388
#: serverguide/C/virtualization.xml:2168(para)
5169
5389
msgid ""
5170
5390
"When running <command>lxc-create</command>, all options which come after "
5171
5391
"<emphasis>--</emphasis> are passed to the template. In the following "
5178
5398
"</screen>"
5179
5399
msgstr ""
5180
5400
5181
#: serverguide/C/virtualization.xml:2112(para)
5401
#: serverguide/C/virtualization.xml:2180(para)
5182
5402
msgid ""
5183
5403
"You can obtain help for the options supported by any particular container by "
5184
5404
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
5185
5405
"create</command>. For instance, for help with the download template,"
5186
5406
msgstr ""
5187
5407
5188
#: serverguide/C/virtualization.xml:2119(command)
5408
#: serverguide/C/virtualization.xml:2187(command)
5189
5409
msgid "lxc-create --template download --help"
5190
5410
msgstr ""
5191
5411
5192
#: serverguide/C/virtualization.xml:2125(title)
5412
#: serverguide/C/virtualization.xml:2193(title)
5193
5413
msgid "Autostart"
5194
5414
msgstr ""
5195
5415
5196
#: serverguide/C/virtualization.xml:2126(para)
5416
#: serverguide/C/virtualization.xml:2194(para)
5197
5417
msgid ""
5198
5418
"LXC supports marking containers to be started at system boot. Prior to "
5199
5419
"Ubuntu 14.04, this was done using symbolic links under the directory "
5210
5430
"lxc.container.conf for more information."
5211
5431
msgstr ""
5212
5432
5213
#: serverguide/C/virtualization.xml:2146(para)
5433
#: serverguide/C/virtualization.xml:2214(para)
5214
5434
msgid ""
5215
5435
"LXC ships with a default Apparmor profile intended to protect the host from "
5216
5436
"accidental misuses of privilege inside the container. For instance, the "
5218
5438
"trigger</filename> or to most <filename>/sys</filename> files."
5219
5439
msgstr ""
5220
5440
5221
#: serverguide/C/virtualization.xml:2152(para)
5441
#: serverguide/C/virtualization.xml:2220(para)
5222
5442
msgid ""
5223
5443
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
5224
5444
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
5231
5451
"dangerous paths, and from mounting most filesystems."
5232
5452
msgstr ""
5233
5453
5234
#: serverguide/C/virtualization.xml:2163(para)
5454
#: serverguide/C/virtualization.xml:2231(para)
5235
5455
msgid ""
5236
5456
"Programs in a container cannot be further confined - for instance, MySQL "
5237
5457
"runs under the container profile (protecting the host) but will not be able "
5238
5458
"to enter the MySQL profile (to protect the container)."
5239
5459
msgstr ""
5240
5460
5241
#: serverguide/C/virtualization.xml:2168(para)
5461
#: serverguide/C/virtualization.xml:2236(para)
5242
5462
msgid ""
5243
5463
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
5244
5464
"container it spawns will be confined."
5245
5465
msgstr ""
5246
5466
5247
#: serverguide/C/virtualization.xml:2171(title)
5467
#: serverguide/C/virtualization.xml:2239(title)
5248
5468
msgid "Customizing container policies"
5249
5469
msgstr ""
5250
5470
5251
#: serverguide/C/virtualization.xml:2172(para)
5471
#: serverguide/C/virtualization.xml:2240(para)
5252
5472
msgid ""
5253
5473
"If you find that <command>lxc-start</command> is failing due to a legitimate "
5254
5474
"access which is being denied by its Apparmor policy, you can disable the lxc-"
5255
5475
"start profile by doing:"
5256
5476
msgstr ""
5257
5477
5258
#: serverguide/C/virtualization.xml:2176(screen)
5478
#: serverguide/C/virtualization.xml:2244(screen)
5259
5479
#, no-wrap
5260
5480
msgid ""
5261
5481
"\n"
5263
5483
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
5264
5484
msgstr ""
5265
5485
5266
#: serverguide/C/virtualization.xml:2181(para)
5486
#: serverguide/C/virtualization.xml:2249(para)
5267
5487
msgid ""
5268
5488
"This will make <command>lxc-start</command> run unconfined, but continue to "
5269
5489
"confine the container itself. If you also wish to disable confinement of the "
5271
5491
"start</filename> profile, you must add:"
5272
5492
msgstr ""
5273
5493
5274
#: serverguide/C/virtualization.xml:2186(screen)
5494
#: serverguide/C/virtualization.xml:2254(screen)
5275
5495
#, no-wrap
5276
5496
msgid ""
5277
5497
"\n"
5278
5498
"lxc.aa_profile = unconfined\n"
5279
5499
msgstr ""
5280
5500
5281
#: serverguide/C/virtualization.xml:2190(para)
5501
#: serverguide/C/virtualization.xml:2258(para)
5282
5502
msgid "to the container's configuration file."
5283
5503
msgstr ""
5284
5504
5285
#: serverguide/C/virtualization.xml:2192(para)
5505
#: serverguide/C/virtualization.xml:2260(para)
5286
5506
msgid ""
5287
5507
"LXC ships with a few alternate policies for containers. If you wish to run "
5288
5508
"containers inside containers (nesting), then you can use the lxc-container-"
5297
5517
"\t</screen> and re-load the policy."
5298
5518
msgstr ""
5299
5519
5300
#: serverguide/C/virtualization.xml:2209(para)
5520
#: serverguide/C/virtualization.xml:2277(para)
5301
5521
msgid ""
5302
5522
"Note that the nesting policy with privileged containers is far less safe "
5303
5523
"than the default policy, as it allows containers to re-mount "
5307
5527
"<filename>proc</filename> and <filename>sys</filename> files."
5308
5528
msgstr ""
5309
5529
5310
#: serverguide/C/virtualization.xml:2217(para)
5530
#: serverguide/C/virtualization.xml:2285(para)
5311
5531
msgid ""
5312
5532
"Another profile shipped with lxc allows containers to mount block filesystem "
5313
5533
"types like ext4. This can be useful in some cases like maas provisioning, "
5315
5535
"have not been audited for safe handling of untrusted input."
5316
5536
msgstr ""
5317
5537
5318
#: serverguide/C/virtualization.xml:2223(para)
5538
#: serverguide/C/virtualization.xml:2291(para)
5319
5539
msgid ""
5320
5540
"If you need to run a container in a custom profile, you can create a new "
5321
5541
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
5327
5547
"permissions at the bottom of your policy."
5328
5548
msgstr ""
5329
5549
5330
#: serverguide/C/virtualization.xml:2234(para)
5550
#: serverguide/C/virtualization.xml:2302(para)
5331
5551
msgid "After creating the policy, load it using:"
5332
5552
msgstr ""
5333
5553
5334
#: serverguide/C/virtualization.xml:2236(screen)
5554
#: serverguide/C/virtualization.xml:2304(screen)
5335
5555
#, no-wrap
5336
5556
msgid ""
5337
5557
"\n"
5338
5558
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
5339
5559
msgstr ""
5340
5560
5341
#: serverguide/C/virtualization.xml:2240(para)
5561
#: serverguide/C/virtualization.xml:2308(para)
5342
5562
msgid ""
5343
5563
"The profile will automatically be loaded after a reboot, because it is "
5344
5564
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
5347
5567
"configuration file:"
5348
5568
msgstr ""
5349
5569
5350
#: serverguide/C/virtualization.xml:2247(screen)
5570
#: serverguide/C/virtualization.xml:2315(screen)
5351
5571
#, no-wrap
5352
5572
msgid ""
5353
5573
"\n"
5354
5574
"lxc.aa_profile = lxc-CN-profile\n"
5355
5575
msgstr ""
5356
5576
5357
#: serverguide/C/virtualization.xml:2255(title) serverguide/C/cgroups.xml:11(title)
5577
#: serverguide/C/virtualization.xml:2323(title) serverguide/C/cgroups.xml:11(title)
5358
5578
msgid "Control Groups"
5359
5579
msgstr ""
5360
5580
5361
#: serverguide/C/virtualization.xml:2257(para)
5581
#: serverguide/C/virtualization.xml:2325(para)
5362
5582
msgid ""
5363
5583
"Control groups (cgroups) are a kernel feature providing hierarchical task "
5364
5584
"grouping and per-cgroup resource accounting and limits. They are used in "
5367
5587
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
5368
5588
msgstr ""
5369
5589
5370
#: serverguide/C/virtualization.xml:2265(para)
5590
#: serverguide/C/virtualization.xml:2333(para)
5371
5591
msgid ""
5372
5592
"By default, a privileged container CN will be assigned to a cgroup called "
5373
5593
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
5375
5595
"at 0, will be appended to the cgroup name."
5376
5596
msgstr ""
5377
5597
5378
#: serverguide/C/virtualization.xml:2271(para)
5598
#: serverguide/C/virtualization.xml:2339(para)
5379
5599
msgid ""
5380
5600
"By default, a privileged container CN will be assigned to a cgroup called "
5381
5601
"<filename>CN</filename> under the cgroup of the task which started the "
5384
5604
"all files) so that it is allowed to create new child cgroups."
5385
5605
msgstr ""
5386
5606
5387
#: serverguide/C/virtualization.xml:2278(para)
5607
#: serverguide/C/virtualization.xml:2346(para)
5388
5608
msgid ""
5389
5609
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
5390
5610
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
5405
5625
"requests for which they are not authorized."
5406
5626
msgstr ""
5407
5627
5408
#: serverguide/C/virtualization.xml:2302(title)
5628
#: serverguide/C/virtualization.xml:2370(title)
5409
5629
msgid "Cloning"
5410
5630
msgstr ""
5411
5631
5412
#: serverguide/C/virtualization.xml:2304(para)
5632
#: serverguide/C/virtualization.xml:2372(para)
5413
5633
msgid ""
5414
5634
"For rapid provisioning, you may wish to customize a canonical container "
5415
5635
"according to your needs and then make multiple copies of it. This can be "
5416
5636
"done with the <command>lxc-clone</command> program."
5417
5637
msgstr ""
5418
5638
5419
#: serverguide/C/virtualization.xml:2308(para)
5639
#: serverguide/C/virtualization.xml:2376(para)
5420
5640
msgid ""
5421
5641
"Clones are either snapshots or copies of another container. A copy is a new "
5422
5642
"container copied from the original, and takes as much space on the host as "
5432
5652
"and apt to be slower."
5433
5653
msgstr ""
5434
5654
5435
#: serverguide/C/virtualization.xml:2322(para)
5655
#: serverguide/C/virtualization.xml:2390(para)
5436
5656
msgid ""
5437
5657
"Snapshots of directory-packed containers are created using the overlay "
5438
5658
"filesystem. For instance, a privileged directory-backed container C1 will "
5444
5664
"container, and to only use its snapshots."
5445
5665
msgstr ""
5446
5666
5447
#: serverguide/C/virtualization.xml:2334(para)
5667
#: serverguide/C/virtualization.xml:2402(para)
5448
5668
msgid "Given an existing container called C1, a copy can be created using:"
5449
5669
msgstr ""
5450
5670
5451
#: serverguide/C/virtualization.xml:2338(command)
5671
#: serverguide/C/virtualization.xml:2406(command)
5452
5672
msgid "sudo lxc-clone -o C1 -n C2"
5453
5673
msgstr ""
5454
5674
5455
#: serverguide/C/virtualization.xml:2343(para)
5675
#: serverguide/C/virtualization.xml:2411(para)
5456
5676
msgid "A snapshot can be created using:"
5457
5677
msgstr ""
5458
5678
5459
#: serverguide/C/virtualization.xml:2345(command)
5679
#: serverguide/C/virtualization.xml:2413(command)
5460
5680
msgid "sudo lxc-clone -s -o C1 -n C2"
5461
5681
msgstr ""
5462
5682
5463
#: serverguide/C/virtualization.xml:2349(para)
5683
#: serverguide/C/virtualization.xml:2417(para)
5464
5684
msgid "See the lxc-clone manpage for more information."
5465
5685
msgstr ""
5466
5686
5467
#: serverguide/C/virtualization.xml:2353(para)
5687
#: serverguide/C/virtualization.xml:2421(para)
5468
5688
msgid ""
5469
5689
"To more easily support the use of snapshot clones for iterative container "
5470
5690
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
5482
5702
"is erased and replaced with the snap1 snapshot."
5483
5703
msgstr ""
5484
5704
5485
#: serverguide/C/virtualization.xml:2372(para)
5705
#: serverguide/C/virtualization.xml:2440(para)
5486
5706
msgid ""
5487
5707
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
5488
5708
"lxc-snapshot is called on a directory-backed container, an error will be "
5503
5723
"</screen>"
5504
5724
msgstr ""
5505
5725
5506
#: serverguide/C/virtualization.xml:2396(title)
5726
#: serverguide/C/virtualization.xml:2464(title)
5507
5727
msgid "Ephemeral Containers"
5508
5728
msgstr ""
5509
5729
5510
#: serverguide/C/virtualization.xml:2397(para)
5730
#: serverguide/C/virtualization.xml:2465(para)
5511
5731
msgid ""
5512
5732
"While snapshots are useful for longer-term incremental development of "
5513
5733
"images, ephemeral containers utilize snapshots for quick, single-use "
5522
5742
"page for more options."
5523
5743
msgstr ""
5524
5744
5525
#: serverguide/C/virtualization.xml:2415(title)
5745
#: serverguide/C/virtualization.xml:2483(title)
5526
5746
msgid "Lifecycle management hooks"
5527
5747
msgstr ""
5528
5748
5529
#: serverguide/C/virtualization.xml:2417(para)
5749
#: serverguide/C/virtualization.xml:2485(para)
5530
5750
msgid ""
5531
5751
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
5532
5752
"at specific points in a container's lifetime:"
5533
5753
msgstr ""
5534
5754
5535
#: serverguide/C/virtualization.xml:2422(para)
5755
#: serverguide/C/virtualization.xml:2490(para)
5536
5756
msgid ""
5537
5757
"Pre-start hooks are run in the host's namespace before the container ttys, "
5538
5758
"consoles, or mounts are up. If any mounts are done in this hook, they should "
5539
5759
"be cleaned up in the post-stop hook."
5540
5760
msgstr ""
5541
5761
5542
#: serverguide/C/virtualization.xml:2429(para)
5762
#: serverguide/C/virtualization.xml:2497(para)
5543
5763
msgid ""
5544
5764
"Pre-mount hooks are run in the container's namespaces, but before the root "
5545
5765
"filesystem has been mounted. Mounts done in this hook will be automatically "
5546
5766
"cleaned up when the container shuts down."
5547
5767
msgstr ""
5548
5768
5549
#: serverguide/C/virtualization.xml:2436(para)
5769
#: serverguide/C/virtualization.xml:2504(para)
5550
5770
msgid ""
5551
5771
"Mount hooks are run after the container filesystems have been mounted, but "
5552
5772
"before the container has called <command>pivot_root</command> to change its "
5553
5773
"root filesystem."
5554
5774
msgstr ""
5555
5775
5556
#: serverguide/C/virtualization.xml:2443(para)
5776
#: serverguide/C/virtualization.xml:2511(para)
5557
5777
msgid ""
5558
5778
"Start hooks are run immediately before executing the container's init. Since "
5559
5779
"these are executed after pivoting into the container's filesystem, the "
5560
5780
"command to be executed must be copied into the container's filesystem."
5561
5781
msgstr ""
5562
5782
5563
#: serverguide/C/virtualization.xml:2450(para)
5783
#: serverguide/C/virtualization.xml:2518(para)
5564
5784
msgid "Post-stop hooks are executed after the container has been shut down."
5565
5785
msgstr ""
5566
5786
5567
#: serverguide/C/virtualization.xml:2455(para)
5787
#: serverguide/C/virtualization.xml:2523(para)
5568
5788
msgid ""
5569
5789
"If any hook returns an error, the container's run will be aborted. Any "
5570
5790
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
5571
5791
"generated by the script will be logged at the debug priority."
5572
5792
msgstr ""
5573
5793
5574
#: serverguide/C/virtualization.xml:2460(para)
5794
#: serverguide/C/virtualization.xml:2528(para)
5575
5795
msgid ""
5576
5796
"Please see the lxc.container.conf manual page for the configuration file "
5577
5797
"format with which to specify hooks. Some sample hooks are shipped with the "
5578
5798
"lxc package to serve as an example of how to write and use such hooks."
5579
5799
msgstr ""
5580
5800
5581
#: serverguide/C/virtualization.xml:2467(title)
5801
#: serverguide/C/virtualization.xml:2535(title)
5582
5802
msgid "Consoles"
5583
5803
msgstr ""
5584
5804
5585
#: serverguide/C/virtualization.xml:2469(para)
5805
#: serverguide/C/virtualization.xml:2537(para)
5586
5806
msgid ""
5587
5807
"Containers have a configurable number of consoles. One always exists on the "
5588
5808
"container's <filename>/dev/console</filename>. This is shown on the terminal "
5596
5816
"3 from the host, use:"
5597
5817
msgstr ""
5598
5818
5599
#: serverguide/C/virtualization.xml:2482(command)
5819
#: serverguide/C/virtualization.xml:2550(command)
5600
5820
msgid "sudo lxc-console -n container -t 3"
5601
5821
msgstr ""
5602
5822
5603
#: serverguide/C/virtualization.xml:2487(para)
5823
#: serverguide/C/virtualization.xml:2555(para)
5604
5824
msgid ""
5605
5825
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
5606
5826
"console will be automatically chosen. To exit the console, use the escape "
5609
5829
"d</emphasis> option."
5610
5830
msgstr ""
5611
5831
5612
#: serverguide/C/virtualization.xml:2493(para)
5832
#: serverguide/C/virtualization.xml:2561(para)
5613
5833
msgid ""
5614
5834
"Each container console is actually a Unix98 pty in the host's (not the "
5615
5835
"guest's) pty mount, bind-mounted over the guest's "
5622
5842
"<filename>/dev</filename>."
5623
5843
msgstr ""
5624
5844
5625
#: serverguide/C/virtualization.xml:2507(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5845
#: serverguide/C/virtualization.xml:2575(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5626
5846
msgid "Logging"
5627
5847
msgstr ""
5628
5848
5629
#: serverguide/C/virtualization.xml:2508(para)
5849
#: serverguide/C/virtualization.xml:2576(para)
5630
5850
msgid ""
5631
5851
"If something goes wrong when starting a container, the first step should be "
5632
5852
"to get full logging from LXC: <screen>\n"
5639
5859
"new log information will be appended."
5640
5860
msgstr ""
5641
5861
5642
#: serverguide/C/virtualization.xml:2523(title)
5862
#: serverguide/C/virtualization.xml:2591(title)
5643
5863
msgid "Monitoring container status"
5644
5864
msgstr ""
5645
5865
5646
#: serverguide/C/virtualization.xml:2525(para)
5866
#: serverguide/C/virtualization.xml:2593(para)
5647
5867
msgid ""
5648
5868
"Two commands are available to monitor container state changes. <command>lxc-"
5649
5869
"monitor</command> monitors one or more containers for any state changes. It "
5655
5875
"instance,"
5656
5876
msgstr ""
5657
5877
5658
#: serverguide/C/virtualization.xml:2535(command)
5878
#: serverguide/C/virtualization.xml:2603(command)
5659
5879
msgid "sudo lxc-monitor -n cont[0-5]*"
5660
5880
msgstr ""
5661
5881
5662
#: serverguide/C/virtualization.xml:2540(para)
5882
#: serverguide/C/virtualization.xml:2608(para)
5663
5883
msgid ""
5664
5884
"would print all state changes to any containers matching the listed regular "
5665
5885
"expression, whereas"
5666
5886
msgstr ""
5667
5887
5668
#: serverguide/C/virtualization.xml:2544(command)
5888
#: serverguide/C/virtualization.xml:2612(command)
5669
5889
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
5670
5890
msgstr ""
5671
5891
5672
#: serverguide/C/virtualization.xml:2549(para)
5892
#: serverguide/C/virtualization.xml:2617(para)
5673
5893
msgid ""
5674
5894
"will wait until container cont1 enters state STOPPED or state FROZEN and "
5675
5895
"then exit."
5676
5896
msgstr ""
5677
5897
5678
#: serverguide/C/virtualization.xml:2554(title)
5898
#: serverguide/C/virtualization.xml:2622(title)
5679
5899
msgid "Attach"
5680
5900
msgstr ""
5681
5901
5682
#: serverguide/C/virtualization.xml:2555(para)
5902
#: serverguide/C/virtualization.xml:2623(para)
5683
5903
msgid ""
5684
5904
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
5685
5905
"The simplest case is to simply do <screen>\n"
5692
5912
"context. See the manual page for more information."
5693
5913
msgstr ""
5694
5914
5695
#: serverguide/C/virtualization.xml:2571(title)
5915
#: serverguide/C/virtualization.xml:2639(title)
5696
5916
msgid "Container init verbosity"
5697
5917
msgstr ""
5698
5918
5699
#: serverguide/C/virtualization.xml:2572(para)
5919
#: serverguide/C/virtualization.xml:2640(para)
5700
5920
msgid ""
5701
5921
"If LXC completes the container startup, but the container init fails to "
5702
5922
"complete (for instance, no login prompt is shown), it can be useful to "
5715
5935
"</screen>"
5716
5936
msgstr ""
5717
5937
5718
#: serverguide/C/virtualization.xml:2596(title)
5938
#: serverguide/C/virtualization.xml:2664(title)
5719
5939
msgid "LXC API"
5720
5940
msgstr ""
5721
5941
5722
#: serverguide/C/virtualization.xml:2598(para)
5942
#: serverguide/C/virtualization.xml:2666(para)
5723
5943
msgid ""
5724
5944
"Most of the LXC functionality can now be accessed through an API exported by "
5725
5945
"<filename>liblxc</filename> for which bindings are available in several "
5726
5946
"languages, including Python, lua, ruby, and go."
5727
5947
msgstr ""
5728
5948
5729
#: serverguide/C/virtualization.xml:2602(para)
5949
#: serverguide/C/virtualization.xml:2670(para)
5730
5950
msgid ""
5731
5951
"Below is an example using the python bindings (which are available in the "
5732
5952
"<application>python3-lxc</application> package) which creates and starts a "
5733
5953
"container, then waits until it has been shut down:"
5734
5954
msgstr ""
5735
5955
5736
#: serverguide/C/virtualization.xml:2608(programlisting)
5956
#: serverguide/C/virtualization.xml:2676(programlisting)
5737
5957
#, no-wrap
5738
5958
msgid ""
5739
5959
"\n"
5755
5975
"True\n"
5756
5976
msgstr ""
5757
5977
5758
#: serverguide/C/virtualization.xml:2628(title) serverguide/C/security.xml:11(title)
5978
#: serverguide/C/virtualization.xml:2696(title) serverguide/C/security.xml:11(title)
5759
5979
msgid "Security"
5760
5980
msgstr ""
5761
5981
5762
#: serverguide/C/virtualization.xml:2630(para)
5982
#: serverguide/C/virtualization.xml:2698(para)
5763
5983
msgid ""
5764
5984
"A namespace maps ids to resources. By not providing a container any id with "
5765
5985
"which to reference a resource, the resource can be protected. This is the "
5770
5990
"host."
5771
5991
msgstr ""
5772
5992
5773
#: serverguide/C/virtualization.xml:2639(para)
5993
#: serverguide/C/virtualization.xml:2707(para)
5774
5994
msgid ""
5775
5995
"By default, LXC containers are started under a Apparmor policy to restrict "
5776
5996
"some actions. The details of AppArmor integration with lxc are in section "
5781
6001
"host."
5782
6002
msgstr ""
5783
6003
5784
#: serverguide/C/virtualization.xml:2650(title)
6004
#: serverguide/C/virtualization.xml:2718(title)
5785
6005
msgid "Exploitable system calls"
5786
6006
msgstr ""
5787
6007
5788
#: serverguide/C/virtualization.xml:2652(para)
6008
#: serverguide/C/virtualization.xml:2720(para)
5789
6009
msgid ""
5790
6010
"It is a core container feature that containers share a kernel with the host. "
5791
6011
"Therefore if the kernel contains any exploitable system calls the container "
5793
6013
"fully control any resource known to the host."
5794
6014
msgstr ""
5795
6015
5796
#: serverguide/C/virtualization.xml:2658(para)
6016
#: serverguide/C/virtualization.xml:2726(para)
5797
6017
msgid ""
5798
6018
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
5799
6019
"seccomp filter. Seccomp is a new kernel feature which filters the system "
5805
6025
"by a list of numbers, one per line."
5806
6026
msgstr ""
5807
6027
5808
#: serverguide/C/virtualization.xml:2668(para)
6028
#: serverguide/C/virtualization.xml:2736(para)
5809
6029
msgid ""
5810
6030
"In general to run a full distribution container a large number of system "
5811
6031
"calls will be needed. However for application containers it may be possible "
5817
6037
"loaded."
5818
6038
msgstr ""
5819
6039
5820
#: serverguide/C/virtualization.xml:2684(para)
6040
#: serverguide/C/virtualization.xml:2752(para)
5821
6041
msgid ""
5822
6042
"The DeveloperWorks article <ulink "
5823
6043
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
5825
6045
"to the use of containers."
5826
6046
msgstr ""
5827
6047
5828
#: serverguide/C/virtualization.xml:2691(para)
6048
#: serverguide/C/virtualization.xml:2759(para)
5829
6049
msgid ""
5830
6050
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
5831
6051
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
5832
6052
"use of security modules to make containers more secure."
5833
6053
msgstr ""
5834
6054
5835
#: serverguide/C/virtualization.xml:2698(para) serverguide/C/cgroups.xml:202(para)
6055
#: serverguide/C/virtualization.xml:2766(para) serverguide/C/cgroups.xml:202(para)
5836
6056
msgid "Manual pages referenced above can be found at:"
5837
6057
msgstr ""
5838
6058
5839
#: serverguide/C/virtualization.xml:2700(ulink)
6059
#: serverguide/C/virtualization.xml:2768(ulink)
5840
6060
msgid "capabilities"
5841
6061
msgstr ""
5842
6062
5843
#: serverguide/C/virtualization.xml:2701(ulink)
6063
#: serverguide/C/virtualization.xml:2769(ulink)
5844
6064
msgid "lxc.conf"
5845
6065
msgstr ""
5846
6066
5847
#: serverguide/C/virtualization.xml:2706(para)
6067
#: serverguide/C/virtualization.xml:2774(para)
5848
6068
msgid ""
5849
6069
"The upstream LXC project is hosted at <ulink "
5850
6070
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
5851
6071
msgstr ""
5852
6072
5853
#: serverguide/C/virtualization.xml:2711(para)
6073
#: serverguide/C/virtualization.xml:2779(para)
5854
6074
msgid ""
5855
6075
"LXC security issues are listed and discussed at <ulink "
5856
6076
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
5857
6077
msgstr ""
5858
6078
5859
#: serverguide/C/virtualization.xml:2717(para)
6079
#: serverguide/C/virtualization.xml:2785(para)
5860
6080
msgid ""
5861
6081
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
5862
6082
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
6413
6633
"service with the following command"
6414
6634
msgstr ""
6415
6635
6416
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:508(command)
6636
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:360(command)
6417
6637
msgid "sudo systemctl reload apache2.service"
6418
6638
msgstr ""
6419
6639
6710
6930
#: serverguide/C/serverguide.xml:11(para)
6711
6931
msgid ""
6712
6932
"A copy of the license is available here: <ulink "
6713
"url=\"http://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6933
"url=\"https://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6714
6934
"ShareAlike License</ulink>."
6715
6935
msgstr ""
6716
6936
9284
9504
msgid ""
9285
9505
"The main Samba configuration file is located in "
9286
9506
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
9287
"a significant amount of comments in order to document various configuration "
9507
"a significant number of comments in order to document various configuration "
9288
9508
"directives."
9289
9509
msgstr ""
9290
"Samba的主要配置文件在<filename>/etc/samba/smb.conf</filename>中。默认的配置文件中包括了大量的说明来说明不同的"
9291
"配置指令。"
9292
9510
9293
9511
#: serverguide/C/samba.xml:104(para)
9294
9512
msgid ""
9415
9633
"new configuration:"
9416
9634
msgstr ""
9417
9635
9418
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4113(command)
9636
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2525(command) serverguide/C/network-auth.xml:4106(command)
9419
9637
msgid "sudo systemctl restart smbd.service nmbd.service"
9420
9638
msgstr ""
9421
9639
14768
14986
14769
14987
#: serverguide/C/network-config.xml:1418(para)
14770
14988
msgid ""
14771
"The package dpdk provides init scripts that ease configuration of device "
14772
"assignment and huge pages. It also makes them persistent accross reboots."
14989
"The package <emphasis>dpdk</emphasis> provides init scripts that ease "
14990
"configuration of device assignment and huge pages. It also makes them "
14991
"persistent accross reboots."
14773
14992
msgstr ""
14774
14993
14775
14994
#: serverguide/C/network-config.xml:1422(para)
14787
15006
"# <id> Device ID on the specified bus\n"
14788
15007
"# <driver> Driver to bind against (vfio-pci or uio_pci_generic)\n"
14789
15008
"#\n"
14790
"# Be aware that the two dpdk compatible drivers uio_pci_generic and vfio-pci "
14791
"are \n"
15009
"# Be aware that the two DPDK compatible drivers uio_pci_generic and vfio-pci "
15010
"are\n"
14792
15011
"# part of linux-image-extra-<VERSION> package.\n"
14793
15012
"# This package is not always installed by default - for example in cloud-"
14794
"images. \n"
15013
"images.\n"
14795
15014
"# So please install it in case you run into missing module issues.\n"
14796
15015
"#\n"
14797
15016
"# <bus> <id> <driver>\n"
14850
15069
14851
15070
#: serverguide/C/network-config.xml:1471(para)
14852
15071
msgid ""
14853
"The dpdk package has a config file and scripts that try to ease hugepage "
14854
"configuration for dpdk in the form of /etc/dpdk/dpdk.conf. If you have more "
14855
"consumers of hugepages than dpdk in your system or very special requirements "
14856
"how your hugepages are going to be set up you likely want to "
14857
"allocate/control them by yourself. If not this can be a great simplification "
14858
"to get dpdk to run for yourself."
15072
"The <emphasis>dpdk</emphasis> package has a config file and scripts that try "
15073
"to ease hugepage configuration for DPDK in the form of "
15074
"<emphasis>/etc/dpdk/dpdk.conf</emphasis>. If you have more consumers of "
15075
"hugepages than just DPDK in your system or very special requirements how "
15076
"your hugepages are going to be set up you likely want to allocate/control "
15077
"them by yourself. If not this can be a great simplification to get DPDK "
15078
"configured for your needs."
14859
15079
msgstr ""
14860
15080
14861
15081
#: serverguide/C/network-config.xml:1476(para)
14903
15123
14904
15124
#: serverguide/C/network-config.xml:1501(para)
14905
15125
msgid ""
14906
"You will often find guides that tell you to fetch the dpdk sources, build "
14907
"them to your needs and eventually build your application based on dpdk by "
15126
"You will often find guides that tell you to fetch the DPDK sources, build "
15127
"them to your needs and eventually build your application based on DPDK by "
14908
15128
"setting values RTE_* for the build system. Since Ubunutu provides an already "
14909
15129
"compiled DPDK for you can can skip all that. To simplify setting the proper "
14910
15130
"variables you can source the file /usr/share/dpdk/dpdk-sdk-env.sh before "
14925
15145
#: serverguide/C/network-config.xml:1512(para)
14926
15146
msgid ""
14927
15147
"Depending on what you build it might be a good addition to install all of "
14928
"dpdk build dependencies before the make."
15148
"DPDK build dependencies before the make."
14929
15149
msgstr ""
14930
15150
14931
15151
#: serverguide/C/network-config.xml:1515(programlisting)
14975
15195
14976
15196
#: serverguide/C/network-config.xml:1538(para)
14977
15197
msgid ""
14978
"The section ''--vhost-owner libvirt-qemu:kvm --vhost-perm 0664'' will set "
14979
"vhost_user ports up with owner/permissions to be compatible with Ubuntus way "
14980
"of running qemu-kvm/libvirt with reduced privileges for more security."
15198
"The section <emphasis>--vhost-owner libvirt-qemu:kvm --vhost-perm "
15199
"0664</emphasis> will set vhost_user ports up with owner/permissions to be "
15200
"compatible with Ubuntus way of running qemu-kvm/libvirt with reduced "
15201
"privileges for more security."
14981
15202
msgstr ""
14982
15203
14983
15204
#: serverguide/C/network-config.xml:1541(para)
14984
15205
msgid ""
15206
"Please note that the section <emphasis>-m 2048</emphasis> is the most basic "
15207
"numa setup for a single socket system. If you have multiple sockets you "
15208
"might want to define how to split your memory among them, for example "
15209
"<emphasis>-m 1024, 1024</emphasis>. Please be aware that DPDK will try to "
15210
"work only with local memory to the network cards it works with (for "
15211
"performance reasons). That said if you have multiple nodes, but all network "
15212
"cards on one, you should consider spreading your cards. If not at least "
15213
"allocate your memory to the node where the cards reside, for example in a "
15214
"two node all to node #2: <emphasis>-m 0, 2048</emphasis>. You can use the "
15215
"tool <emphasis>lstopo</emphasis> from the package <emphasis>hwloc-"
15216
"nox</emphasis> to see on which socket your cards are located."
15217
msgstr ""
15218
15219
#: serverguide/C/network-config.xml:1549(para)
15220
msgid ""
14985
15221
"The OpenVswitch you now started supports all port types OpenVswitch usually "
14986
15222
"does, plus DPDK port types. Here an example how to create a bridge and - "
14987
15223
"instead of a normal external port - add an external DPDK port to it."
14988
15224
msgstr ""
14989
15225
14990
#: serverguide/C/network-config.xml:1545(programlisting)
15226
#: serverguide/C/network-config.xml:1553(programlisting)
14991
15227
#, no-wrap
14992
15228
msgid ""
14993
15229
"\n"
14996
15232
"\t\t "
14997
15233
msgstr ""
14998
15234
14999
#: serverguide/C/network-config.xml:1552(title)
15235
#: serverguide/C/network-config.xml:1558(para)
15236
msgid ""
15237
"The enablement of DPDK in Open vSwitch has changed in version 2.6. So for "
15238
"users of releases >=16.10, but also for users of the <ulink "
15239
"url=\"https://wiki.ubuntu.com/OpenStack/CloudArchive\">Ubuntu Cloud "
15240
"Archive</ulink> >=neutron the enablement has changed compared to that for "
15241
"users of Ubuntu 16.04. The options formerly passed via "
15242
"<emphasis>DPDK_OPTS</emphasis> are now configured via ovs-vsctl into the "
15243
"Open vSwitch configuration database."
15244
msgstr ""
15245
15246
#: serverguide/C/network-config.xml:1563(para)
15247
msgid "The same example as above would in the new way look like:"
15248
msgstr ""
15249
15250
#: serverguide/C/network-config.xml:1566(programlisting)
15251
#, no-wrap
15252
msgid ""
15253
"\n"
15254
"# Enable DPDK\n"
15255
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-init=true\"\n"
15256
"# run on core 0\n"
15257
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-lcore-mask=0x1\"\n"
15258
"# Allocate 2G huge pages (not Numa node aware)\n"
15259
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-alloc-mem=2048\"\n"
15260
"# group/permissions for vhost-user sockets (required to work with "
15261
"libvirt/qemu)\n"
15262
"ovs-vsctl set Open_vSwitch . \\\n"
15263
" \"other_config:dpdk-extra=--vhost-owner libvirt-qemu:kvm --vhost-perm "
15264
"0666\"\n"
15265
"\t\t "
15266
msgstr ""
15267
15268
#: serverguide/C/network-config.xml:1581(filename)
15269
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK.md.gz"
15270
msgstr ""
15271
15272
#: serverguide/C/network-config.xml:1582(filename)
15273
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK-ADVANCED.md.gz"
15274
msgstr ""
15275
15276
#: serverguide/C/network-config.xml:1583(command)
15277
msgid "man ovs-vswitchd.conf.db"
15278
msgstr ""
15279
15280
#: serverguide/C/network-config.xml:1577(para)
15281
msgid ""
15282
"Please see the associated upstream documentation and the man page of the "
15283
"vswitch configuration as provided by the package for more details: "
15284
"<placeholder-1/>"
15285
msgstr ""
15286
15287
#: serverguide/C/network-config.xml:1590(title)
15000
15288
msgid "OpenVswitch DPDK to KVM Guests"
15001
15289
msgstr ""
15002
15290
15003
#: serverguide/C/network-config.xml:1553(para)
15291
#: serverguide/C/network-config.xml:1591(para)
15004
15292
msgid ""
15005
15293
"If you are not building some sort of SDN switch or NFV on top of DPDK it is "
15006
15294
"very likely that you want to forward traffic to KVM guests. The good news "
15010
15298
"DPDK instance."
15011
15299
msgstr ""
15012
15300
15013
#: serverguide/C/network-config.xml:1558(para)
15301
#: serverguide/C/network-config.xml:1596(para)
15014
15302
msgid ""
15015
15303
"The Guest has to be backed by shared hugepages for DPDK/vhost_user to work. "
15016
15304
"To ensure in general that libvirt/qemu-kvm finds a proper hugepage "
15018
15306
"Afterwards restart the service to pick up the changed configuration."
15019
15307
msgstr ""
15020
15308
15021
#: serverguide/C/network-config.xml:1563(programlisting)
15309
#: serverguide/C/network-config.xml:1601(programlisting)
15022
15310
#, no-wrap
15023
15311
msgid ""
15024
15312
"\n"
15027
15315
"\t\t "
15028
15316
msgstr ""
15029
15317
15030
#: serverguide/C/network-config.xml:1567(para)
15318
#: serverguide/C/network-config.xml:1605(para)
15031
15319
msgid ""
15032
15320
"To let a guest be backed by hugepages is now also supported via recent "
15033
15321
"libvirt, just add the following snippet to your virsh xml (or the equivalent "
15035
15323
"easily spawn guests with \"uvt-kvm create\"."
15036
15324
msgstr ""
15037
15325
15038
#: serverguide/C/network-config.xml:1571(programlisting)
15326
#: serverguide/C/network-config.xml:1609(programlisting)
15039
15327
#, no-wrap
15040
15328
msgid ""
15041
15329
"\n"
15050
15338
"\t\t "
15051
15339
msgstr ""
15052
15340
15053
#: serverguide/C/network-config.xml:1580(para)
15341
#: serverguide/C/network-config.xml:1618(para)
15054
15342
msgid ""
15055
15343
"The new and recommended way to get to a KVM guest is using vhost_user. This "
15056
15344
"will cause DPDK to create a socket that qemu will connect the guest to. Here "
15057
15345
"an example how to add such a port to the bridge you created (see above)."
15058
15346
msgstr ""
15059
15347
15060
#: serverguide/C/network-config.xml:1585(programlisting)
15348
#: serverguide/C/network-config.xml:1623(programlisting)
15061
15349
#, no-wrap
15062
15350
msgid ""
15063
15351
"\n"
15066
15354
"\t\t "
15067
15355
msgstr ""
15068
15356
15069
#: serverguide/C/network-config.xml:1588(para)
15357
#: serverguide/C/network-config.xml:1626(para)
15070
15358
msgid ""
15071
15359
"This will create a vhost_user socket at /var/run/openvswitch/vhost-user-1"
15072
15360
msgstr ""
15073
15361
15074
#: serverguide/C/network-config.xml:1591(para)
15362
#: serverguide/C/network-config.xml:1629(para)
15075
15363
msgid ""
15076
15364
"To let libvirt/kvm consume this socket and create a guest virtio network "
15077
15365
"device for it add a snippet like this to your guest definition as the "
15078
15366
"network definition."
15079
15367
msgstr ""
15080
15368
15081
#: serverguide/C/network-config.xml:1594(programlisting)
15369
#: serverguide/C/network-config.xml:1632(programlisting)
15082
15370
#, no-wrap
15083
15371
msgid ""
15084
15372
"\n"
15091
15379
"\t\t "
15092
15380
msgstr ""
15093
15381
15094
#: serverguide/C/network-config.xml:1605(title)
15382
#: serverguide/C/network-config.xml:1643(title)
15095
15383
msgid "DPDK in KVM Guests"
15096
15384
msgstr ""
15097
15385
15098
#: serverguide/C/network-config.xml:1606(para)
15386
#: serverguide/C/network-config.xml:1644(para)
15099
15387
msgid ""
15100
15388
"If you have no access to DPDK supported network cards you can still work "
15101
15389
"with DPDK by using its support for virtio. To do so you have to create "
15102
15390
"guests backed by hugepages (see above)."
15103
15391
msgstr ""
15104
15392
15105
#: serverguide/C/network-config.xml:1610(para)
15393
#: serverguide/C/network-config.xml:1648(para)
15106
15394
msgid ""
15107
15395
"On top of that there it is required to have at least SSE3. The default CPU "
15108
15396
"model qemu/libvirt uses is only up to SSE2. So you will have to define a "
15111
15399
"virsh xml (or the equivalent virsh interface you use)."
15112
15400
msgstr ""
15113
15401
15114
#: serverguide/C/network-config.xml:1616(programlisting)
15402
#: serverguide/C/network-config.xml:1654(programlisting)
15115
15403
#, no-wrap
15116
15404
msgid ""
15117
15405
"\n"
15119
15407
"\t\t "
15120
15408
msgstr ""
15121
15409
15122
#: serverguide/C/network-config.xml:1619(para)
15410
#: serverguide/C/network-config.xml:1657(para)
15123
15411
msgid ""
15124
15412
"This example is rather offensive and passes all host features. That in turn "
15125
15413
"makes the guest not very migratable as the target would need all the "
15127
15415
"like the following example."
15128
15416
msgstr ""
15129
15417
15130
#: serverguide/C/network-config.xml:1624(programlisting)
15418
#: serverguide/C/network-config.xml:1662(programlisting)
15131
15419
#, no-wrap
15132
15420
msgid ""
15133
15421
"\n"
15138
15426
"\t\t "
15139
15427
msgstr ""
15140
15428
15141
#: serverguide/C/network-config.xml:1630(para)
15429
#: serverguide/C/network-config.xml:1668(para)
15142
15430
msgid ""
15143
15431
"Also virtio nowadays supports multiqueue which DPDK in turn can exploit for "
15144
15432
"better speed. To modify a normal virtio definition to have multiple queues "
15147
15435
"DPDK in the guest."
15148
15436
msgstr ""
15149
15437
15150
#: serverguide/C/network-config.xml:1635(programlisting)
15438
#: serverguide/C/network-config.xml:1673(programlisting)
15151
15439
#, no-wrap
15152
15440
msgid ""
15153
15441
"\n"
15155
15443
"\t\t "
15156
15444
msgstr ""
15157
15445
15158
#: serverguide/C/network-config.xml:1641(title)
15446
#: serverguide/C/network-config.xml:1679(title)
15159
15447
msgid "Tuning Openvswitch-DPDK"
15160
15448
msgstr ""
15161
15449
15162
#: serverguide/C/network-config.xml:1642(para)
15450
#: serverguide/C/network-config.xml:1680(para)
15163
15451
msgid ""
15164
15452
"DPDK has plenty of options - in combination with Openvswitch-DPDK the two "
15165
15453
"most commonly used are:"
15166
15454
msgstr ""
15167
15455
15168
#: serverguide/C/network-config.xml:1645(programlisting)
15456
#: serverguide/C/network-config.xml:1683(programlisting)
15169
15457
#, no-wrap
15170
15458
msgid ""
15171
15459
"\n"
15174
15462
"\t\t "
15175
15463
msgstr ""
15176
15464
15177
#: serverguide/C/network-config.xml:1649(para)
15465
#: serverguide/C/network-config.xml:1687(para)
15178
15466
msgid ""
15179
15467
"The first select how many rx queues are to be used for each DPDK interface, "
15180
15468
"while the second controls how many and where to run PMD threads. The example "
15183
15471
"installation\" at the end of this document for more."
15184
15472
msgstr ""
15185
15473
15186
#: serverguide/C/network-config.xml:1654(para)
15474
#: serverguide/C/network-config.xml:1692(para)
15187
15475
msgid ""
15188
15476
"As usual with tunings you have to know your system and workload really well -"
15189
15477
" so please verify any tunings with workloads matching your real use case."
15190
15478
msgstr ""
15191
15479
15192
#: serverguide/C/network-config.xml:1661(para)
15480
#: serverguide/C/network-config.xml:1699(para)
15193
15481
msgid ""
15194
15482
"DPDK is a fast evolving project. In any case of a search for support and "
15195
15483
"further guides it is highly recommended to first check if they apply to the "
15196
15484
"current version."
15197
15485
msgstr ""
15198
15486
15199
#: serverguide/C/network-config.xml:1668(ulink)
15487
#: serverguide/C/network-config.xml:1707(ulink)
15200
15488
msgid "DPDK Mailing Lists"
15201
15489
msgstr ""
15202
15490
15203
#: serverguide/C/network-config.xml:1672(para)
15491
#: serverguide/C/network-config.xml:1711(para)
15204
15492
msgid ""
15205
15493
"For OpenVswitch-DPDK <ulink url=\"http://openvswitch.org/mlists\">OpenStack "
15206
15494
"Mailing Lists</ulink>"
15207
15495
msgstr ""
15208
15496
15209
#: serverguide/C/network-config.xml:1677(para)
15497
#: serverguide/C/network-config.xml:1716(para)
15210
15498
msgid ""
15211
15499
"Known issues in <ulink "
15212
15500
"url=\"https://bugs.launchpad.net/ubuntu/+source/dpdk\">DPDK Launchpad "
15213
15501
"Area</ulink>"
15214
15502
msgstr ""
15215
15503
15216
#: serverguide/C/network-config.xml:1682(para)
15504
#: serverguide/C/network-config.xml:1721(para)
15217
15505
msgid "Join the IRC channels #DPDK or #openvswitch on freenode."
15218
15506
msgstr ""
15219
15507
15220
#: serverguide/C/network-config.xml:1696(ulink)
15508
#: serverguide/C/network-config.xml:1727(para)
15509
msgid ""
15510
"Issues are often due to missing small details in the general setup. Later "
15511
"on, these missing details cause problems which can be hard to track down to "
15512
"their root cause. A common case seems to be the \"could not open network "
15513
"device dpdk0 (No such device)\" issue. This occurs rather late when setting "
15514
"up a port in Open vSwitch with DPDK. But the root cause most of the time is "
15515
"very early in the setup and initialization. Here an example how a proper "
15516
"initialization of a device looks - this can be found in the syslog/journal "
15517
"when starting Open vSwitch with DPDK enabled."
15518
msgstr ""
15519
15520
#: serverguide/C/network-config.xml:1738(programlisting)
15521
#, no-wrap
15522
msgid ""
15523
"\n"
15524
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15525
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15526
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
15527
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
15528
"\t\t "
15529
msgstr ""
15530
15531
#: serverguide/C/network-config.xml:1745(para)
15532
msgid ""
15533
"If this is missing, either by ignored cards, failed initialization or other "
15534
"reasons, later on there will be no DPDK device to refer to. Unfortunately "
15535
"the logging is spread across syslog/journal and the openvswitch log. To "
15536
"allow some cross checking here an example what can be found in these logs, "
15537
"relative to the entered command."
15538
msgstr ""
15539
15540
#: serverguide/C/network-config.xml:1753(programlisting)
15541
#, no-wrap
15542
msgid ""
15543
"\n"
15544
"#Note: This log was taken with dpdk 2.2 and openvswitch 2.5\n"
15545
"Captions:\n"
15546
"CMD: that you enter\n"
15547
"SYSLOG: (Inlcuding EAL and OVS Messages)\n"
15548
"OVS-LOG: (Openvswitch messages)\n"
15549
"\n"
15550
"#PREPARATION\n"
15551
"Bind an interface to DPDK UIO drivers, make Hugepages available, enable DPDK "
15552
"on OVS\n"
15553
"\n"
15554
"CMD: sudo service openvswitch-switch restart\n"
15555
"\n"
15556
"SYSLOG:\n"
15557
"2016-01-22T08:58:31.372Z|00003|daemon_unix(monitor)|INFO|pid 3329 died, "
15558
"killed (Terminated), exiting\n"
15559
"2016-01-22T08:58:33.377Z|00002|vlog|INFO|opened log file "
15560
"/var/log/openvswitch/ovs-vswitchd.log\n"
15561
"2016-01-22T08:58:33.381Z|00003|ovs_numa|INFO|Discovered 12 CPU cores on NUMA "
15562
"node 0\n"
15563
"2016-01-22T08:58:33.381Z|00004|ovs_numa|INFO|Discovered 1 NUMA nodes and 12 "
15564
"CPU cores\n"
15565
"2016-01-"
15566
"22T08:58:33.381Z|00005|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15567
"connecting...\n"
15568
"2016-01-"
15569
"22T08:58:33.383Z|00006|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15570
"connected\n"
15571
"2016-01-22T08:58:33.386Z|00007|bridge|INFO|ovs-vswitchd (Open vSwitch) "
15572
"2.5.0\n"
15573
"\n"
15574
"OVS-LOG:\n"
15575
"systemd[1]: Stopping Open vSwitch...\n"
15576
"systemd[1]: Stopped Open vSwitch.\n"
15577
"systemd[1]: Stopping Open vSwitch Internal Unit...\n"
15578
"ovs-ctl[3541]: * Killing ovs-vswitchd (3329)\n"
15579
"ovs-ctl[3541]: * Killing ovsdb-server (3318)\n"
15580
"systemd[1]: Stopped Open vSwitch Internal Unit.\n"
15581
"systemd[1]: Starting Open vSwitch Internal Unit...\n"
15582
"ovs-ctl[3560]: * Starting ovsdb-server\n"
15583
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait -- init -- set "
15584
"Open_vSwitch . db-version=7.12.1\n"
15585
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait set "
15586
"Open_vSwitch . ovs-version=2.5.0 \"external-ids:system-id=\\\"e7c5ba80-bb14-"
15587
"45c1-b8eb-628f3ad03903\\\"\" \"system-type=\\\"Ubuntu\\\"\" \"system-"
15588
"version=\\\"16.04-xenial\\\"\"\n"
15589
"ovs-ctl[3560]: * Configuring Open vSwitch system IDs\n"
15590
"ovs-ctl[3560]: 2016-01-22T08:58:31Z|00001|dpdk|INFO|No -vhost_sock_dir "
15591
"provided - defaulting to /var/run/openvswitch\n"
15592
"ovs-vswitchd: ovs|00001|dpdk|INFO|No -vhost_sock_dir provided - defaulting "
15593
"to /var/run/openvswitch\n"
15594
"ovs-ctl[3560]: EAL: Detected lcore 0 as core 0 on socket 0\n"
15595
"ovs-ctl[3560]: EAL: Detected lcore 1 as core 1 on socket 0\n"
15596
"ovs-ctl[3560]: EAL: Detected lcore 2 as core 2 on socket 0\n"
15597
"ovs-ctl[3560]: EAL: Detected lcore 3 as core 3 on socket 0\n"
15598
"ovs-ctl[3560]: EAL: Detected lcore 4 as core 4 on socket 0\n"
15599
"ovs-ctl[3560]: EAL: Detected lcore 5 as core 5 on socket 0\n"
15600
"ovs-ctl[3560]: EAL: Detected lcore 6 as core 0 on socket 0\n"
15601
"ovs-ctl[3560]: EAL: Detected lcore 7 as core 1 on socket 0\n"
15602
"ovs-ctl[3560]: EAL: Detected lcore 8 as core 2 on socket 0\n"
15603
"ovs-ctl[3560]: EAL: Detected lcore 9 as core 3 on socket 0\n"
15604
"ovs-ctl[3560]: EAL: Detected lcore 10 as core 4 on socket 0\n"
15605
"ovs-ctl[3560]: EAL: Detected lcore 11 as core 5 on socket 0\n"
15606
"ovs-ctl[3560]: EAL: Support maximum 128 logical core(s) by configuration.\n"
15607
"ovs-ctl[3560]: EAL: Detected 12 lcore(s)\n"
15608
"ovs-ctl[3560]: EAL: VFIO modules not all loaded, skip VFIO support...\n"
15609
"ovs-ctl[3560]: EAL: Setting up physically contiguous memory...\n"
15610
"ovs-ctl[3560]: EAL: Ask a virtual area of 0x100000000 bytes\n"
15611
"ovs-ctl[3560]: EAL: Virtual area found at 0x7f2040000000 (size = "
15612
"0x100000000)\n"
15613
"ovs-ctl[3560]: EAL: Requesting 4 pages of size 1024MB from socket 0\n"
15614
"ovs-ctl[3560]: EAL: TSC frequency is ~2397202 KHz\n"
15615
"ovs-vswitchd[3592]: EAL: TSC frequency is ~2397202 KHz\n"
15616
"ovs-vswitchd[3592]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
15617
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
15618
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15619
"ovs-vswitchd[3592]: EAL: Not managed by a supported kernel driver, "
15620
"skipped\n"
15621
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15622
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15623
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140000000\n"
15624
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140200000\n"
15625
"ovs-ctl[3560]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
15626
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
15627
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15628
"ovs-ctl[3560]: EAL: Not managed by a supported kernel driver, skipped\n"
15629
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15630
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15631
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
15632
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
15633
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
15634
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
15635
"deviceID=0x1528\n"
15636
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
15637
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
15638
"deviceID=0x1528\n"
15639
"ovs-ctl[3560]: Zone 0: name:<RG_MP_log_history>, phys:0x83fffdec0, "
15640
"len:0x2080, virt:0x7f213fffdec0, socket_id:0, flags:0\n"
15641
"ovs-ctl[3560]: Zone 1: name:<MP_log_history>, phys:0x83fd73d40, "
15642
"len:0x28a0c0, virt:0x7f213fd73d40, socket_id:0, flags:0\n"
15643
"ovs-ctl[3560]: Zone 2: name:<rte_eth_dev_data>, phys:0x83fd43380, "
15644
"len:0x2f700, virt:0x7f213fd43380, socket_id:0, flags:0\n"
15645
"ovs-ctl[3560]: * Starting ovs-vswitchd\n"
15646
"ovs-ctl[3560]: * Enabling remote OVSDB managers\n"
15647
"systemd[1]: Started Open vSwitch Internal Unit.\n"
15648
"systemd[1]: Starting Open vSwitch...\n"
15649
"systemd[1]: Started Open vSwitch.\n"
15650
"\n"
15651
"\n"
15652
"CMD: sudo ovs-vsctl add-br ovsdpdkbr0 -- set bridge ovsdpdkbr0 "
15653
"datapath_type=netdev\n"
15654
"\n"
15655
"SYSLOG:\n"
15656
"2016-01-22T08:58:56.344Z|00008|memory|INFO|37256 kB peak resident set size "
15657
"after 24.5 seconds\n"
15658
"2016-01-22T08:58:56.346Z|00009|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15659
"supports recirculation\n"
15660
"2016-01-22T08:58:56.346Z|00010|ofproto_dpif|INFO|netdev@ovs-netdev: MPLS "
15661
"label stack length probed as 3\n"
15662
"2016-01-22T08:58:56.346Z|00011|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15663
"supports unique flow ids\n"
15664
"2016-01-22T08:58:56.346Z|00012|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15665
"does not support ct_state\n"
15666
"2016-01-22T08:58:56.346Z|00013|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15667
"does not support ct_zone\n"
15668
"2016-01-22T08:58:56.346Z|00014|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15669
"does not support ct_mark\n"
15670
"2016-01-22T08:58:56.346Z|00015|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15671
"does not support ct_label\n"
15672
"2016-01-22T08:58:56.360Z|00016|bridge|INFO|bridge ovsdpdkbr0: added "
15673
"interface ovsdpdkbr0 on port 65534\n"
15674
"2016-01-22T08:58:56.361Z|00017|bridge|INFO|bridge ovsdpdkbr0: using datapath "
15675
"ID 00005a4a1ed0a14d\n"
15676
"2016-01-22T08:58:56.361Z|00018|connmgr|INFO|ovsdpdkbr0: added service "
15677
"controller \"punix:/var/run/openvswitch/ovsdpdkbr0.mgmt\"\n"
15678
"\n"
15679
"OVS-LOG:\n"
15680
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-br ovsdpdkbr0 -- set "
15681
"bridge ovsdpdkbr0 datapath_type=netdev\n"
15682
"systemd-udevd[3607]: Could not generate persistent MAC address for ovs-"
15683
"netdev: No such file or directory\n"
15684
"kernel: [50165.886554] device ovs-netdev entered promiscuous mode\n"
15685
"kernel: [50165.901261] device ovsdpdkbr0 entered promiscuous mode\n"
15686
"\n"
15687
"\n"
15688
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 dpdk0 -- set Interface dpdk0 "
15689
"type=dpdk\n"
15690
"\n"
15691
"SYSLOG:\n"
15692
"2016-01-22T08:59:06.369Z|00019|memory|INFO|peak resident set size grew 155% "
15693
"in last 10.0 seconds, from 37256 kB to 95008 kB\n"
15694
"2016-01-22T08:59:06.369Z|00020|memory|INFO|handlers:4 ports:1 revalidators:2 "
15695
"rules:5\n"
15696
"2016-01-22T08:59:30.989Z|00021|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
15697
"2016-01-22T08:59:31.520Z|00022|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
15698
"2016-01-22T08:59:31.521Z|00023|dpif_netdev|INFO|Created 1 pmd threads on "
15699
"numa node 0\n"
15700
"2016-01-22T08:59:31.522Z|00001|dpif_netdev(pmd16)|INFO|Core 0 processing "
15701
"port 'dpdk0'\n"
15702
"2016-01-22T08:59:31.522Z|00024|bridge|INFO|bridge ovsdpdkbr0: added "
15703
"interface dpdk0 on port 1\n"
15704
"2016-01-22T08:59:31.522Z|00025|bridge|INFO|bridge ovsdpdkbr0: using datapath "
15705
"ID 00008cdcd4b36de9\n"
15706
"2016-01-22T08:59:31.523Z|00002|dpif_netdev(pmd16)|INFO|Core 0 processing "
15707
"port 'dpdk0'\n"
15708
"\n"
15709
"OVS-LOG:\n"
15710
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
15711
"dpdk0 -- set Interface dpdk0 type=dpdk\n"
15712
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
15713
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
15714
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15715
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15716
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
15717
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
15718
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
15719
"make sure RX burst size no less than 4 (port=0).\n"
15720
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
15721
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
15722
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15723
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15724
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a76e4c0 "
15725
"hw_ring=0x7f211a776500 dma_addr=0x81a776500\n"
15726
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15727
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15728
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a756440 "
15729
"hw_ring=0x7f211a75e480 dma_addr=0x81a75e480\n"
15730
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15731
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15732
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a73e3c0 "
15733
"hw_ring=0x7f211a746400 dma_addr=0x81a746400\n"
15734
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15735
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15736
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a726340 "
15737
"hw_ring=0x7f211a72e380 dma_addr=0x81a72e380\n"
15738
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15739
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15740
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a70e2c0 "
15741
"hw_ring=0x7f211a716300 dma_addr=0x81a716300\n"
15742
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15743
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15744
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6f6240 "
15745
"hw_ring=0x7f211a6fe280 dma_addr=0x81a6fe280\n"
15746
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15747
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15748
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6de1c0 "
15749
"hw_ring=0x7f211a6e6200 dma_addr=0x81a6e6200\n"
15750
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15751
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15752
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6c6140 "
15753
"hw_ring=0x7f211a6ce180 dma_addr=0x81a6ce180\n"
15754
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15755
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15756
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6ae0c0 "
15757
"hw_ring=0x7f211a6b6100 dma_addr=0x81a6b6100\n"
15758
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15759
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15760
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a696040 "
15761
"hw_ring=0x7f211a69e080 dma_addr=0x81a69e080\n"
15762
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15763
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15764
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a67dfc0 "
15765
"hw_ring=0x7f211a686000 dma_addr=0x81a686000\n"
15766
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15767
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15768
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a665e40 "
15769
"hw_ring=0x7f211a66de80 dma_addr=0x81a66de80\n"
15770
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15771
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15772
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
15773
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
15774
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
15775
"make sure RX burst size no less than 4 (port=0).\n"
15776
"\n"
15777
"\n"
15778
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 vhost-user-1 -- set Interface vhost-"
15779
"user-1 type=dpdkvhostuser\n"
15780
"\n"
15781
"OVS-LOG:\n"
15782
"2016-01-22T09:00:35.145Z|00026|dpdk|INFO|Socket /var/run/openvswitch/vhost-"
15783
"user-1 created for vhost-user port vhost-user-1\n"
15784
"2016-01-22T09:00:35.145Z|00003|dpif_netdev(pmd16)|INFO|Core 0 processing "
15785
"port 'dpdk0'\n"
15786
"2016-01-22T09:00:35.145Z|00004|dpif_netdev(pmd16)|INFO|Core 0 processing "
15787
"port 'vhost-user-1'\n"
15788
"2016-01-22T09:00:35.145Z|00027|bridge|INFO|bridge ovsdpdkbr0: added "
15789
"interface vhost-user-1 on port 2\n"
15790
"\n"
15791
"SYSLOG:\n"
15792
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
15793
"vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser\n"
15794
"ovs-vswitchd[3595]: VHOST_CONFIG: socket created, fd:46\n"
15795
"ovs-vswitchd[3595]: VHOST_CONFIG: bind to /var/run/openvswitch/vhost-user-1\n"
15796
"\n"
15797
"Eventually we can see the poll thread in top\n"
15798
" PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND\n"
15799
" 3595 root 10 -10 4975344 103936 9916 S 100.0 0.3 33:13.56 ovs-"
15800
"vswitchd\n"
15801
"\t\t "
15802
msgstr ""
15803
15804
#: serverguide/C/network-config.xml:1950(ulink)
15221
15805
msgid "DPDK Documentation"
15222
15806
msgstr ""
15223
15807
15224
#: serverguide/C/network-config.xml:1701(ulink)
15808
#: serverguide/C/network-config.xml:1955(ulink)
15225
15809
msgid "Release Notes matching the version packages in Ubuntu 16.04"
15226
15810
msgstr ""
15227
15811
15228
#: serverguide/C/network-config.xml:1706(ulink)
15812
#: serverguide/C/network-config.xml:1960(ulink)
15229
15813
msgid "Linux DPDK User Getting Started"
15230
15814
msgstr ""
15231
15815
15232
#: serverguide/C/network-config.xml:1711(ulink)
15816
#: serverguide/C/network-config.xml:1965(ulink)
15233
15817
msgid "EAL Command-line Options"
15234
15818
msgstr ""
15235
15819
15236
#: serverguide/C/network-config.xml:1716(ulink)
15820
#: serverguide/C/network-config.xml:1970(ulink)
15237
15821
msgid "DPDK Api Documentation"
15238
15822
msgstr ""
15239
15823
15240
#: serverguide/C/network-config.xml:1721(ulink)
15824
#: serverguide/C/network-config.xml:1975(ulink)
15241
15825
msgid "OpenVswitch DPDK installation"
15242
15826
msgstr ""
15243
15827
15244
#: serverguide/C/network-config.xml:1726(ulink)
15828
#: serverguide/C/network-config.xml:1980(ulink)
15245
15829
msgid "Wikipedias definition of DPDK"
15246
15830
msgstr ""
15247
15831
16257
16841
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
16258
16842
msgstr ""
16259
16843
16260
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3910(command)
16844
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3903(command)
16261
16845
msgid "sudo systemctl restart slapd.service"
16262
16846
msgstr ""
16263
16847
17746
18330
"specifically you want Samba to do for you and then configure it accordingly."
17747
18331
msgstr ""
17748
18332
17749
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3999(title)
18333
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3992(title)
17750
18334
msgid "Software Installation"
17751
18335
msgstr ""
17752
18336
17998
18582
#: serverguide/C/network-auth.xml:2454(para)
17999
18583
msgid ""
18000
18584
"Next, configure the <application>smbldap-tools</application> package to "
18001
"match your environment. The package is supposed to come with a configuration "
18002
"helper script (smbldap-config.pl, formerly configure.pl) that will ask "
18003
"questions about the needed options but there is a <ulink "
18004
"url=\"https://bugs.launchpad.net/serverguide/+bug/997172\">bug</ulink> "
18005
"whereby it is not installed (but found in the source code; 'apt source "
18006
"smbldap-tools')."
18007
msgstr ""
18008
18009
#: serverguide/C/network-auth.xml:2461(para)
18010
msgid ""
18011
"To manually configure the package, you need to create and edit the files "
18012
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
18013
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
18014
msgstr ""
18015
18016
#: serverguide/C/network-auth.xml:2466(para)
18585
"match your environment. The package comes with a configuration helper "
18586
"script, smbldap-config.pl, that will ask questions."
18587
msgstr ""
18588
18589
#: serverguide/C/network-auth.xml:2459(para)
18017
18590
msgid ""
18018
18591
"The <application>smbldap-populate</application> script will then add the "
18019
18592
"LDAP objects required for Samba. It is a good idea to first make a backup of "
18020
18593
"your DIT using <application>slapcat</application>:"
18021
18594
msgstr ""
18022
18595
18023
#: serverguide/C/network-auth.xml:2472(command)
18596
#: serverguide/C/network-auth.xml:2465(command)
18024
18597
msgid "sudo slapcat -l backup.ldif"
18025
18598
msgstr ""
18026
18599
18027
#: serverguide/C/network-auth.xml:2475(para)
18600
#: serverguide/C/network-auth.xml:2468(para)
18028
18601
msgid "Once you have a backup proceed to populate your directory:"
18029
18602
msgstr ""
18030
18603
18031
#: serverguide/C/network-auth.xml:2480(command)
18604
#: serverguide/C/network-auth.xml:2473(command)
18032
18605
msgid "sudo smbldap-populate"
18033
18606
msgstr ""
18034
18607
18035
#: serverguide/C/network-auth.xml:2483(para)
18608
#: serverguide/C/network-auth.xml:2476(para)
18036
18609
msgid ""
18037
18610
"You can create a LDIF file containing the new Samba objects by executing "
18038
18611
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
18041
18614
"and import its data per usual."
18042
18615
msgstr ""
18043
18616
18044
#: serverguide/C/network-auth.xml:2489(para)
18617
#: serverguide/C/network-auth.xml:2482(para)
18045
18618
msgid ""
18046
18619
"Your LDAP directory now has the necessary information to authenticate Samba "
18047
18620
"users."
18048
18621
msgstr ""
18049
18622
18050
#: serverguide/C/network-auth.xml:2498(title) serverguide/C/network-auth.xml:4031(title)
18623
#: serverguide/C/network-auth.xml:2491(title) serverguide/C/network-auth.xml:4024(title)
18051
18624
msgid "Samba Configuration"
18052
18625
msgstr ""
18053
18626
18054
#: serverguide/C/network-auth.xml:2500(para)
18627
#: serverguide/C/network-auth.xml:2493(para)
18055
18628
msgid ""
18056
18629
"There are multiple ways to configure Samba. For details on some common "
18057
18630
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
18060
18633
"adding some ldap-related ones:"
18061
18634
msgstr ""
18062
18635
18063
#: serverguide/C/network-auth.xml:2506(programlisting)
18636
#: serverguide/C/network-auth.xml:2499(programlisting)
18064
18637
#, no-wrap
18065
18638
msgid ""
18066
18639
"\n"
18080
18653
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
18081
18654
msgstr ""
18082
18655
18083
#: serverguide/C/network-auth.xml:2523(para)
18656
#: serverguide/C/network-auth.xml:2516(para)
18084
18657
msgid "Change the values to match your environment."
18085
18658
msgstr ""
18086
18659
18087
#: serverguide/C/network-auth.xml:2527(para)
18660
#: serverguide/C/network-auth.xml:2520(para)
18088
18661
msgid "Restart <application>samba</application> to enable the new settings:"
18089
18662
msgstr ""
18090
18663
18091
#: serverguide/C/network-auth.xml:2535(para)
18664
#: serverguide/C/network-auth.xml:2528(para)
18092
18665
msgid ""
18093
18666
"Now inform Samba about the rootDN user's password (the one set during the "
18094
18667
"installation of the slapd package):"
18095
18668
msgstr ""
18096
18669
18097
#: serverguide/C/network-auth.xml:2540(command)
18670
#: serverguide/C/network-auth.xml:2533(command)
18098
18671
msgid "sudo smbpasswd -w password"
18099
18672
msgstr ""
18100
18673
18101
#: serverguide/C/network-auth.xml:2543(para)
18674
#: serverguide/C/network-auth.xml:2536(para)
18102
18675
msgid ""
18103
18676
"If you have existing LDAP users that you want to include in your new LDAP-"
18104
18677
"backed Samba they will, of course, also need to be given some of the extra "
18108
18681
"<application>libnss-ldap</application>):"
18109
18682
msgstr ""
18110
18683
18111
#: serverguide/C/network-auth.xml:2551(command)
18684
#: serverguide/C/network-auth.xml:2544(command)
18112
18685
msgid "sudo smbpasswd -a username"
18113
18686
msgstr ""
18114
18687
18115
#: serverguide/C/network-auth.xml:2554(para)
18688
#: serverguide/C/network-auth.xml:2547(para)
18116
18689
msgid ""
18117
18690
"You will prompted to enter a password. It will be considered as the new "
18118
18691
"password for that user. Making it the same as before is reasonable."
18119
18692
msgstr ""
18120
18693
18121
#: serverguide/C/network-auth.xml:2558(para)
18694
#: serverguide/C/network-auth.xml:2551(para)
18122
18695
msgid ""
18123
18696
"To manage user, group, and machine accounts use the utilities provided by "
18124
18697
"the <application>smbldap-tools</application> package. Here are some examples:"
18125
18698
msgstr ""
18126
18699
18127
#: serverguide/C/network-auth.xml:2566(para)
18700
#: serverguide/C/network-auth.xml:2559(para)
18128
18701
msgid "To add a new user:"
18129
18702
msgstr ""
18130
18703
18131
#: serverguide/C/network-auth.xml:2571(command)
18704
#: serverguide/C/network-auth.xml:2564(command)
18132
18705
msgid "sudo smbldap-useradd -a -P username"
18133
18706
msgstr ""
18134
18707
18135
#: serverguide/C/network-auth.xml:2574(para)
18708
#: serverguide/C/network-auth.xml:2567(para)
18136
18709
msgid ""
18137
18710
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
18138
18711
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
18140
18713
"a password for the user."
18141
18714
msgstr ""
18142
18715
18143
#: serverguide/C/network-auth.xml:2581(para)
18716
#: serverguide/C/network-auth.xml:2574(para)
18144
18717
msgid "To remove a user:"
18145
18718
msgstr ""
18146
18719
18147
#: serverguide/C/network-auth.xml:2586(command)
18720
#: serverguide/C/network-auth.xml:2579(command)
18148
18721
msgid "sudo smbldap-userdel username"
18149
18722
msgstr ""
18150
18723
18151
#: serverguide/C/network-auth.xml:2589(para)
18724
#: serverguide/C/network-auth.xml:2582(para)
18152
18725
msgid ""
18153
18726
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
18154
18727
"user's home directory."
18155
18728
msgstr ""
18156
18729
18157
#: serverguide/C/network-auth.xml:2595(para)
18730
#: serverguide/C/network-auth.xml:2588(para)
18158
18731
msgid "To add a group:"
18159
18732
msgstr ""
18160
18733
18161
#: serverguide/C/network-auth.xml:2600(command)
18734
#: serverguide/C/network-auth.xml:2593(command)
18162
18735
msgid "sudo smbldap-groupadd -a groupname"
18163
18736
msgstr ""
18164
18737
18165
#: serverguide/C/network-auth.xml:2603(para)
18738
#: serverguide/C/network-auth.xml:2596(para)
18166
18739
msgid ""
18167
18740
"As for <application>smbldap-useradd</application>, the <emphasis>-"
18168
18741
"a</emphasis> adds the Samba attributes."
18169
18742
msgstr ""
18170
18743
18171
#: serverguide/C/network-auth.xml:2609(para)
18744
#: serverguide/C/network-auth.xml:2602(para)
18172
18745
msgid "To make an existing user a member of a group:"
18173
18746
msgstr ""
18174
18747
18175
#: serverguide/C/network-auth.xml:2614(command)
18748
#: serverguide/C/network-auth.xml:2607(command)
18176
18749
msgid "sudo smbldap-groupmod -m username groupname"
18177
18750
msgstr ""
18178
18751
18179
#: serverguide/C/network-auth.xml:2617(para)
18752
#: serverguide/C/network-auth.xml:2610(para)
18180
18753
msgid ""
18181
18754
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
18182
18755
"listing them in comma-separated format."
18183
18756
msgstr ""
18184
18757
18185
#: serverguide/C/network-auth.xml:2623(para)
18758
#: serverguide/C/network-auth.xml:2616(para)
18186
18759
msgid "To remove a user from a group:"
18187
18760
msgstr ""
18188
18761
18189
#: serverguide/C/network-auth.xml:2628(command)
18762
#: serverguide/C/network-auth.xml:2621(command)
18190
18763
msgid "sudo smbldap-groupmod -x username groupname"
18191
18764
msgstr ""
18192
18765
18193
#: serverguide/C/network-auth.xml:2634(para)
18766
#: serverguide/C/network-auth.xml:2627(para)
18194
18767
msgid "To add a Samba machine account:"
18195
18768
msgstr ""
18196
18769
18197
#: serverguide/C/network-auth.xml:2639(command)
18770
#: serverguide/C/network-auth.xml:2632(command)
18198
18771
msgid "sudo smbldap-useradd -t 0 -w username"
18199
18772
msgstr ""
18200
18773
18201
#: serverguide/C/network-auth.xml:2642(para)
18774
#: serverguide/C/network-auth.xml:2635(para)
18202
18775
msgid ""
18203
18776
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
18204
18777
"<emphasis>-t 0</emphasis> option creates the machine account without a "
18208
18781
"<application>smbldap-useradd</application>."
18209
18782
msgstr ""
18210
18783
18211
#: serverguide/C/network-auth.xml:2651(para)
18784
#: serverguide/C/network-auth.xml:2644(para)
18212
18785
msgid ""
18213
18786
"There are utilities in the <application>smbldap-tools</application> package "
18214
18787
"that were not covered here. Here is a complete list:"
18215
18788
msgstr ""
18216
18789
18217
#: serverguide/C/network-auth.xml:2656(ulink)
18790
#: serverguide/C/network-auth.xml:2649(ulink)
18218
18791
msgid "smbldap-groupadd"
18219
18792
msgstr ""
18220
18793
18221
#: serverguide/C/network-auth.xml:2657(ulink)
18794
#: serverguide/C/network-auth.xml:2650(ulink)
18222
18795
msgid "smbldap-groupdel"
18223
18796
msgstr ""
18224
18797
18225
#: serverguide/C/network-auth.xml:2658(ulink)
18798
#: serverguide/C/network-auth.xml:2651(ulink)
18226
18799
msgid "smbldap-groupmod"
18227
18800
msgstr ""
18228
18801
18229
#: serverguide/C/network-auth.xml:2659(ulink)
18802
#: serverguide/C/network-auth.xml:2652(ulink)
18230
18803
msgid "smbldap-groupshow"
18231
18804
msgstr ""
18232
18805
18233
#: serverguide/C/network-auth.xml:2660(ulink)
18806
#: serverguide/C/network-auth.xml:2653(ulink)
18234
18807
msgid "smbldap-passwd"
18235
18808
msgstr ""
18236
18809
18237
#: serverguide/C/network-auth.xml:2661(ulink)
18810
#: serverguide/C/network-auth.xml:2654(ulink)
18238
18811
msgid "smbldap-populate"
18239
18812
msgstr ""
18240
18813
18241
#: serverguide/C/network-auth.xml:2662(ulink)
18814
#: serverguide/C/network-auth.xml:2655(ulink)
18242
18815
msgid "smbldap-useradd"
18243
18816
msgstr ""
18244
18817
18245
#: serverguide/C/network-auth.xml:2663(ulink)
18818
#: serverguide/C/network-auth.xml:2656(ulink)
18246
18819
msgid "smbldap-userdel"
18247
18820
msgstr ""
18248
18821
18249
#: serverguide/C/network-auth.xml:2664(ulink)
18822
#: serverguide/C/network-auth.xml:2657(ulink)
18250
18823
msgid "smbldap-userinfo"
18251
18824
msgstr ""
18252
18825
18253
#: serverguide/C/network-auth.xml:2665(ulink)
18826
#: serverguide/C/network-auth.xml:2658(ulink)
18254
18827
msgid "smbldap-userlist"
18255
18828
msgstr ""
18256
18829
18257
#: serverguide/C/network-auth.xml:2666(ulink)
18830
#: serverguide/C/network-auth.xml:2659(ulink)
18258
18831
msgid "smbldap-usermod"
18259
18832
msgstr ""
18260
18833
18261
#: serverguide/C/network-auth.xml:2667(ulink)
18834
#: serverguide/C/network-auth.xml:2660(ulink)
18262
18835
msgid "smbldap-usershow"
18263
18836
msgstr ""
18264
18837
18265
#: serverguide/C/network-auth.xml:2678(para)
18838
#: serverguide/C/network-auth.xml:2671(para)
18266
18839
msgid ""
18267
18840
"For more information on installing and configuring Samba see <xref "
18268
18841
"linkend=\"samba\"/> of this Ubuntu Server Guide."
18269
18842
msgstr ""
18270
18843
18271
#: serverguide/C/network-auth.xml:2684(para)
18844
#: serverguide/C/network-auth.xml:2677(para)
18272
18845
msgid ""
18273
18846
"There are multiple places where LDAP and Samba is documented in the upstream "
18274
18847
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
18275
18848
"HOWTO Collection</ulink>."
18276
18849
msgstr ""
18277
18850
18278
#: serverguide/C/network-auth.xml:2691(para)
18851
#: serverguide/C/network-auth.xml:2684(para)
18279
18852
msgid ""
18280
18853
"Regarding the above, see specifically the <ulink "
18281
18854
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
18282
18855
"Collection/passdb.html\">passdb section</ulink>."
18283
18856
msgstr ""
18284
18857
18285
#: serverguide/C/network-auth.xml:2697(para)
18858
#: serverguide/C/network-auth.xml:2690(para)
18286
18859
msgid ""
18287
18860
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
18288
18861
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
18289
18862
"valuable notes."
18290
18863
msgstr ""
18291
18864
18292
#: serverguide/C/network-auth.xml:2703(para)
18865
#: serverguide/C/network-auth.xml:2696(para)
18293
18866
msgid ""
18294
18867
"The main page of the <ulink "
18295
18868
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
18297
18870
"prove useful."
18298
18871
msgstr ""
18299
18872
18300
#: serverguide/C/network-auth.xml:2716(title)
18873
#: serverguide/C/network-auth.xml:2709(title)
18301
18874
msgid "Kerberos"
18302
18875
msgstr ""
18303
18876
18304
#: serverguide/C/network-auth.xml:2718(para)
18877
#: serverguide/C/network-auth.xml:2711(para)
18305
18878
msgid ""
18306
18879
"<application>Kerberos</application> is a network authentication system based "
18307
18880
"on the principal of a trusted third party. The other two parties being the "
18310
18883
"network environment one step closer to being Single Sign On (SSO)."
18311
18884
msgstr ""
18312
18885
18313
#: serverguide/C/network-auth.xml:2724(para)
18886
#: serverguide/C/network-auth.xml:2717(para)
18314
18887
msgid ""
18315
18888
"This section covers installation and configuration of a Kerberos server, and "
18316
18889
"some example client configurations."
18317
18890
msgstr ""
18318
18891
18319
#: serverguide/C/network-auth.xml:2729(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
18892
#: serverguide/C/network-auth.xml:2722(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
18320
18893
msgid "Overview"
18321
18894
msgstr ""
18322
18895
18323
#: serverguide/C/network-auth.xml:2731(para)
18896
#: serverguide/C/network-auth.xml:2724(para)
18324
18897
msgid ""
18325
18898
"If you are new to Kerberos there are a few terms that are good to understand "
18326
18899
"before setting up a Kerberos server. Most of the terms will relate to things "
18327
18900
"you may be familiar with in other environments:"
18328
18901
msgstr ""
18329
18902
18330
#: serverguide/C/network-auth.xml:2738(para)
18903
#: serverguide/C/network-auth.xml:2731(para)
18331
18904
msgid ""
18332
18905
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
18333
18906
"by servers need to be defined as Kerberos Principals."
18334
18907
msgstr ""
18335
18908
18336
#: serverguide/C/network-auth.xml:2743(para)
18909
#: serverguide/C/network-auth.xml:2736(para)
18337
18910
msgid ""
18338
18911
"<emphasis>Instances:</emphasis> are used for service principals and special "
18339
18912
"administrative principals."
18340
18913
msgstr ""
18341
18914
18342
#: serverguide/C/network-auth.xml:2748(para)
18915
#: serverguide/C/network-auth.xml:2741(para)
18343
18916
msgid ""
18344
18917
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
18345
18918
"Kerberos installation. Think of it as the domain or group your hosts and "
18348
18921
"as the realm."
18349
18922
msgstr ""
18350
18923
18351
#: serverguide/C/network-auth.xml:2757(para)
18924
#: serverguide/C/network-auth.xml:2750(para)
18352
18925
msgid ""
18353
18926
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
18354
18927
"a database of all principals, the authentication server, and the ticket "
18355
18928
"granting server. For each realm there must be at least one KDC."
18356
18929
msgstr ""
18357
18930
18358
#: serverguide/C/network-auth.xml:2763(para)
18931
#: serverguide/C/network-auth.xml:2756(para)
18359
18932
msgid ""
18360
18933
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
18361
18934
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
18362
18935
"password which is known only to the user and the KDC."
18363
18936
msgstr ""
18364
18937
18365
#: serverguide/C/network-auth.xml:2769(para)
18938
#: serverguide/C/network-auth.xml:2762(para)
18366
18939
msgid ""
18367
18940
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
18368
18941
"clients upon request."
18369
18942
msgstr ""
18370
18943
18371
#: serverguide/C/network-auth.xml:2774(para)
18944
#: serverguide/C/network-auth.xml:2767(para)
18372
18945
msgid ""
18373
18946
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
18374
18947
"One principal being a user and the other a service requested by the user. "
18376
18949
"authenticated session."
18377
18950
msgstr ""
18378
18951
18379
#: serverguide/C/network-auth.xml:2780(para)
18952
#: serverguide/C/network-auth.xml:2773(para)
18380
18953
msgid ""
18381
18954
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
18382
18955
"principal database and contain the encryption key for a service or host."
18383
18956
msgstr ""
18384
18957
18385
#: serverguide/C/network-auth.xml:2787(para)
18958
#: serverguide/C/network-auth.xml:2780(para)
18386
18959
msgid ""
18387
18960
"To put the pieces together, a Realm has at least one KDC, preferably more "
18388
18961
"for redundancy, which contains a database of Principals. When a user "
18394
18967
"entering another username and password."
18395
18968
msgstr ""
18396
18969
18397
#: serverguide/C/network-auth.xml:2796(title)
18970
#: serverguide/C/network-auth.xml:2789(title)
18398
18971
msgid "Kerberos Server"
18399
18972
msgstr ""
18400
18973
18401
#: serverguide/C/network-auth.xml:2800(para)
18974
#: serverguide/C/network-auth.xml:2793(para)
18402
18975
msgid ""
18403
18976
"For this discussion, we will create a MIT Kerberos domain with the following "
18404
18977
"features (edit them to fit your needs):"
18405
18978
msgstr ""
18406
18979
18407
#: serverguide/C/network-auth.xml:2807(para)
18980
#: serverguide/C/network-auth.xml:2800(para)
18408
18981
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
18409
18982
msgstr ""
18410
18983
18411
#: serverguide/C/network-auth.xml:2812(para)
18984
#: serverguide/C/network-auth.xml:2805(para)
18412
18985
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
18413
18986
msgstr ""
18414
18987
18415
#: serverguide/C/network-auth.xml:2817(para)
18988
#: serverguide/C/network-auth.xml:2810(para)
18416
18989
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
18417
18990
msgstr ""
18418
18991
18419
#: serverguide/C/network-auth.xml:2822(para)
18992
#: serverguide/C/network-auth.xml:2815(para)
18420
18993
msgid "<emphasis>User principal:</emphasis> steve"
18421
18994
msgstr ""
18422
18995
18996
#: serverguide/C/network-auth.xml:2820(para)
18997
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
18998
msgstr ""
18999
18423
19000
#: serverguide/C/network-auth.xml:2827(para)
18424
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
18425
msgstr ""
18426
18427
#: serverguide/C/network-auth.xml:2834(para)
18428
19001
msgid ""
18429
19002
"It is <emphasis>strongly</emphasis> recommended that your network-"
18430
19003
"authenticated users have their uid in a different range (say, starting at "
18431
19004
"5000) than that of your local users."
18432
19005
msgstr ""
18433
19006
18434
#: serverguide/C/network-auth.xml:2840(para)
19007
#: serverguide/C/network-auth.xml:2833(para)
18435
19008
msgid ""
18436
19009
"Before installing the Kerberos server a properly configured DNS server is "
18437
19010
"needed for your domain. Since the Kerberos Realm by convention matches the "
18440
19013
"documentation."
18441
19014
msgstr ""
18442
19015
18443
#: serverguide/C/network-auth.xml:2846(para)
19016
#: serverguide/C/network-auth.xml:2839(para)
18444
19017
msgid ""
18445
19018
"Also, Kerberos is a time sensitive protocol. So if the local system time "
18446
19019
"between a client machine and the server differs by more than five minutes "
18450
19023
"setting up NTP see <xref linkend=\"NTP\"/>."
18451
19024
msgstr ""
18452
19025
18453
#: serverguide/C/network-auth.xml:2854(para)
19026
#: serverguide/C/network-auth.xml:2847(para)
18454
19027
msgid ""
18455
19028
"The first step in creating a Kerberos Realm is to install the "
18456
19029
"<application>krb5-kdc</application> and <application>krb5-admin-"
18457
19030
"server</application> packages. From a terminal enter:"
18458
19031
msgstr ""
18459
19032
18460
#: serverguide/C/network-auth.xml:2860(command) serverguide/C/network-auth.xml:3067(command)
19033
#: serverguide/C/network-auth.xml:2853(command) serverguide/C/network-auth.xml:3060(command)
18461
19034
msgid "sudo apt install krb5-kdc krb5-admin-server"
18462
19035
msgstr ""
18463
19036
18464
#: serverguide/C/network-auth.xml:2863(para)
19037
#: serverguide/C/network-auth.xml:2856(para)
18465
19038
msgid ""
18466
19039
"You will be asked at the end of the install to supply the hostname for the "
18467
19040
"Kerberos and Admin servers, which may or may not be the same server, for the "
18468
19041
"realm."
18469
19042
msgstr ""
18470
19043
18471
#: serverguide/C/network-auth.xml:2870(para)
19044
#: serverguide/C/network-auth.xml:2863(para)
18472
19045
msgid "By default the realm is created from the KDC's domain name."
18473
19046
msgstr ""
18474
19047
18475
#: serverguide/C/network-auth.xml:2875(para)
19048
#: serverguide/C/network-auth.xml:2868(para)
18476
19049
msgid ""
18477
19050
"Next, create the new realm with the <application>kdb5_newrealm</application> "
18478
19051
"utility:"
18479
19052
msgstr ""
18480
19053
18481
#: serverguide/C/network-auth.xml:2880(command)
19054
#: serverguide/C/network-auth.xml:2873(command)
18482
19055
msgid "sudo krb5_newrealm"
18483
19056
msgstr ""
18484
19057
18485
#: serverguide/C/network-auth.xml:2887(para)
19058
#: serverguide/C/network-auth.xml:2880(para)
18486
19059
msgid ""
18487
19060
"The questions asked during installation are used to configure the "
18488
19061
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
18492
19065
"typing"
18493
19066
msgstr ""
18494
19067
18495
#: serverguide/C/network-auth.xml:2894(command)
19068
#: serverguide/C/network-auth.xml:2887(command)
18496
19069
msgid "sudo dpkg-reconfigure krb5-kdc"
18497
19070
msgstr ""
18498
19071
18499
#: serverguide/C/network-auth.xml:2900(para)
19072
#: serverguide/C/network-auth.xml:2893(para)
18500
19073
msgid ""
18501
19074
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
18502
19075
"principal</emphasis> -- is needed. It is recommended to use a different "
18504
19077
"<application>kadmin.local</application> utility in a terminal prompt enter:"
18505
19078
msgstr ""
18506
19079
18507
#: serverguide/C/network-auth.xml:2908(command) serverguide/C/network-auth.xml:3778(command)
19080
#: serverguide/C/network-auth.xml:2901(command) serverguide/C/network-auth.xml:3771(command)
18508
19081
msgid "sudo kadmin.local"
18509
19082
msgstr ""
18510
19083
18511
#: serverguide/C/network-auth.xml:2909(computeroutput)
19084
#: serverguide/C/network-auth.xml:2902(computeroutput)
18512
19085
#, no-wrap
18513
19086
msgid ""
18514
19087
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
18515
19088
"kadmin.local:"
18516
19089
msgstr ""
18517
19090
18518
#: serverguide/C/network-auth.xml:2910(userinput)
19091
#: serverguide/C/network-auth.xml:2903(userinput)
18519
19092
#, no-wrap
18520
19093
msgid " addprinc steve/admin"
18521
19094
msgstr ""
18522
19095
18523
#: serverguide/C/network-auth.xml:2911(computeroutput)
19096
#: serverguide/C/network-auth.xml:2904(computeroutput)
18524
19097
#, no-wrap
18525
19098
msgid ""
18526
19099
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
18531
19104
"kadmin.local:"
18532
19105
msgstr ""
18533
19106
18534
#: serverguide/C/network-auth.xml:2915(userinput)
19107
#: serverguide/C/network-auth.xml:2908(userinput)
18535
19108
#, no-wrap
18536
19109
msgid " quit"
18537
19110
msgstr ""
18538
19111
18539
#: serverguide/C/network-auth.xml:2918(para)
19112
#: serverguide/C/network-auth.xml:2911(para)
18540
19113
msgid ""
18541
19114
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
18542
19115
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
18548
19121
"rights."
18549
19122
msgstr ""
18550
19123
18551
#: serverguide/C/network-auth.xml:2928(para)
19124
#: serverguide/C/network-auth.xml:2921(para)
18552
19125
msgid ""
18553
19126
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
18554
19127
"your Realm and admin username."
18555
19128
msgstr ""
18556
19129
18557
#: serverguide/C/network-auth.xml:2936(para)
19130
#: serverguide/C/network-auth.xml:2929(para)
18558
19131
msgid ""
18559
19132
"Next, the new admin user needs to have the appropriate Access Control List "
18560
19133
"(ACL) permissions. The permissions are configured in the "
18561
19134
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
18562
19135
msgstr ""
18563
19136
18564
#: serverguide/C/network-auth.xml:2941(programlisting)
19137
#: serverguide/C/network-auth.xml:2934(programlisting)
18565
19138
#, no-wrap
18566
19139
msgid ""
18567
19140
"\n"
18568
19141
"steve/admin@EXAMPLE.COM *\n"
18569
19142
msgstr ""
18570
19143
18571
#: serverguide/C/network-auth.xml:2945(para)
19144
#: serverguide/C/network-auth.xml:2938(para)
18572
19145
msgid ""
18573
19146
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
18574
19147
"any operation on all principals in the realm. You can configure principals "
18577
19150
"<emphasis>kadm5.acl</emphasis> man page for details."
18578
19151
msgstr ""
18579
19152
18580
#: serverguide/C/network-auth.xml:2957(para)
19153
#: serverguide/C/network-auth.xml:2950(para)
18581
19154
msgid ""
18582
19155
"Now restart the <application>krb5-admin-server</application> for the new ACL "
18583
19156
"to take affect:"
18584
19157
msgstr ""
18585
19158
18586
#: serverguide/C/network-auth.xml:2962(command)
19159
#: serverguide/C/network-auth.xml:2955(command)
18587
19160
msgid "sudo systemctl restart krb5-admin-server.service"
18588
19161
msgstr ""
18589
19162
18590
#: serverguide/C/network-auth.xml:2968(para)
19163
#: serverguide/C/network-auth.xml:2961(para)
18591
19164
msgid ""
18592
19165
"The new user principal can be tested using the <application>kinit "
18593
19166
"utility</application>:"
18594
19167
msgstr ""
18595
19168
18596
#: serverguide/C/network-auth.xml:2973(command)
19169
#: serverguide/C/network-auth.xml:2966(command)
18597
19170
msgid "kinit steve/admin"
18598
19171
msgstr ""
18599
19172
18600
#: serverguide/C/network-auth.xml:2974(computeroutput)
19173
#: serverguide/C/network-auth.xml:2967(computeroutput)
18601
19174
#, no-wrap
18602
19175
msgid "steve/admin@EXAMPLE.COM's Password:"
18603
19176
msgstr ""
18604
19177
18605
#: serverguide/C/network-auth.xml:2977(para)
19178
#: serverguide/C/network-auth.xml:2970(para)
18606
19179
msgid ""
18607
19180
"After entering the password, use the <application>klist</application> "
18608
19181
"utility to view information about the Ticket Granting Ticket (TGT):"
18609
19182
msgstr ""
18610
19183
18611
#: serverguide/C/network-auth.xml:2983(command) serverguide/C/network-auth.xml:3360(command)
19184
#: serverguide/C/network-auth.xml:2976(command) serverguide/C/network-auth.xml:3353(command)
18612
19185
msgid "klist"
18613
19186
msgstr ""
18614
19187
18615
#: serverguide/C/network-auth.xml:2984(computeroutput)
19188
#: serverguide/C/network-auth.xml:2977(computeroutput)
18616
19189
#, no-wrap
18617
19190
msgid ""
18618
19191
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
18622
19195
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
18623
19196
msgstr ""
18624
19197
18625
#: serverguide/C/network-auth.xml:2991(para)
19198
#: serverguide/C/network-auth.xml:2984(para)
18626
19199
msgid ""
18627
19200
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
18628
19201
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
18631
19204
"For example:"
18632
19205
msgstr ""
18633
19206
18634
#: serverguide/C/network-auth.xml:3000(programlisting)
19207
#: serverguide/C/network-auth.xml:2993(programlisting)
18635
19208
#, no-wrap
18636
19209
msgid ""
18637
19210
"\n"
18638
19211
"192.168.0.1 kdc01.example.com kdc01\n"
18639
19212
msgstr ""
18640
19213
18641
#: serverguide/C/network-auth.xml:3004(para)
19214
#: serverguide/C/network-auth.xml:2997(para)
18642
19215
msgid ""
18643
19216
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
18644
19217
"This usually happens when you have a Kerberos realm encompassing different "
18645
19218
"networks separated by routers."
18646
19219
msgstr ""
18647
19220
18648
#: serverguide/C/network-auth.xml:3013(para)
19221
#: serverguide/C/network-auth.xml:3006(para)
18649
19222
msgid ""
18650
19223
"The best way to allow clients to automatically determine the KDC for the "
18651
19224
"Realm is using DNS SRV records. Add the following to "
18652
19225
"<filename>/etc/named/db.example.com</filename>:"
18653
19226
msgstr ""
18654
19227
18655
#: serverguide/C/network-auth.xml:3019(programlisting)
19228
#: serverguide/C/network-auth.xml:3012(programlisting)
18656
19229
#, no-wrap
18657
19230
msgid ""
18658
19231
"\n"
18664
19237
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
18665
19238
msgstr ""
18666
19239
18667
#: serverguide/C/network-auth.xml:3029(para)
19240
#: serverguide/C/network-auth.xml:3022(para)
18668
19241
msgid ""
18669
19242
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
18670
19243
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
18671
19244
"KDC."
18672
19245
msgstr ""
18673
19246
19247
#: serverguide/C/network-auth.xml:3028(para)
19248
msgid ""
19249
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
19250
msgstr ""
19251
18674
19252
#: serverguide/C/network-auth.xml:3035(para)
18675
msgid ""
18676
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
18677
msgstr ""
18678
18679
#: serverguide/C/network-auth.xml:3042(para)
18680
19253
msgid "Your new Kerberos Realm is now ready to authenticate clients."
18681
19254
msgstr ""
18682
19255
18683
#: serverguide/C/network-auth.xml:3049(title)
19256
#: serverguide/C/network-auth.xml:3042(title)
18684
19257
msgid "Secondary KDC"
18685
19258
msgstr ""
18686
19259
18687
#: serverguide/C/network-auth.xml:3051(para)
19260
#: serverguide/C/network-auth.xml:3044(para)
18688
19261
msgid ""
18689
19262
"Once you have one Key Distribution Center (KDC) on your network, it is good "
18690
19263
"practice to have a Secondary KDC in case the primary becomes unavailable. "
18693
19266
"of those networks."
18694
19267
msgstr ""
18695
19268
18696
#: serverguide/C/network-auth.xml:3062(para)
19269
#: serverguide/C/network-auth.xml:3055(para)
18697
19270
msgid ""
18698
19271
"First, install the packages, and when asked for the Kerberos and Admin "
18699
19272
"server names enter the name of the Primary KDC:"
18700
19273
msgstr ""
18701
19274
18702
#: serverguide/C/network-auth.xml:3073(para)
19275
#: serverguide/C/network-auth.xml:3066(para)
18703
19276
msgid ""
18704
19277
"Once you have the packages installed, create the Secondary KDC's host "
18705
19278
"principal. From a terminal prompt, enter:"
18706
19279
msgstr ""
18707
19280
18708
#: serverguide/C/network-auth.xml:3078(command)
19281
#: serverguide/C/network-auth.xml:3071(command)
18709
19282
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
18710
19283
msgstr ""
18711
19284
18712
#: serverguide/C/network-auth.xml:3082(para)
19285
#: serverguide/C/network-auth.xml:3075(para)
18713
19286
msgid ""
18714
19287
"After, issuing any <application>kadmin</application> commands you will be "
18715
19288
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
18716
19289
"password."
18717
19290
msgstr ""
18718
19291
18719
#: serverguide/C/network-auth.xml:3091(para)
19292
#: serverguide/C/network-auth.xml:3084(para)
18720
19293
msgid "Extract the <emphasis>keytab</emphasis> file:"
18721
19294
msgstr ""
18722
19295
18723
#: serverguide/C/network-auth.xml:3096(command)
19296
#: serverguide/C/network-auth.xml:3089(command)
18724
19297
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
18725
19298
msgstr ""
18726
19299
18727
#: serverguide/C/network-auth.xml:3102(para)
19300
#: serverguide/C/network-auth.xml:3095(para)
18728
19301
msgid ""
18729
19302
"There should now be a <filename>keytab.kdc02</filename> in the current "
18730
19303
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
18731
19304
msgstr ""
18732
19305
18733
#: serverguide/C/network-auth.xml:3108(command)
19306
#: serverguide/C/network-auth.xml:3101(command)
18734
19307
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
18735
19308
msgstr ""
18736
19309
18737
#: serverguide/C/network-auth.xml:3112(para)
19310
#: serverguide/C/network-auth.xml:3105(para)
18738
19311
msgid ""
18739
19312
"If the path to the <filename>keytab.kdc02</filename> file is different "
18740
19313
"adjust accordingly."
18741
19314
msgstr ""
18742
19315
18743
#: serverguide/C/network-auth.xml:3117(para)
19316
#: serverguide/C/network-auth.xml:3110(para)
18744
19317
msgid ""
18745
19318
"Also, you can list the principals in a Keytab file, which can be useful when "
18746
19319
"troubleshooting, using the <application>klist</application> utility:"
18747
19320
msgstr ""
18748
19321
18749
#: serverguide/C/network-auth.xml:3123(command)
19322
#: serverguide/C/network-auth.xml:3116(command)
18750
19323
msgid "sudo klist -k /etc/krb5.keytab"
18751
19324
msgstr ""
18752
19325
19326
#: serverguide/C/network-auth.xml:3119(para)
19327
msgid ""
19328
"The <application>-k</application> option indicates the file is a keytab file."
19329
msgstr ""
19330
18753
19331
#: serverguide/C/network-auth.xml:3126(para)
18754
19332
msgid ""
18755
"The <application>-k</application> option indicates the file is a keytab file."
18756
msgstr ""
18757
18758
#: serverguide/C/network-auth.xml:3133(para)
18759
msgid ""
18760
19333
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
18761
19334
"that lists all KDCs for the Realm. For example, on both primary and "
18762
19335
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
18763
19336
msgstr ""
18764
19337
18765
#: serverguide/C/network-auth.xml:3138(programlisting)
19338
#: serverguide/C/network-auth.xml:3131(programlisting)
18766
19339
#, no-wrap
18767
19340
msgid ""
18768
19341
"\n"
18770
19343
"host/kdc02.example.com@EXAMPLE.COM\n"
18771
19344
msgstr ""
18772
19345
18773
#: serverguide/C/network-auth.xml:3146(para)
19346
#: serverguide/C/network-auth.xml:3139(para)
18774
19347
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
18775
19348
msgstr ""
18776
19349
18777
#: serverguide/C/network-auth.xml:3151(command)
19350
#: serverguide/C/network-auth.xml:3144(command)
18778
19351
msgid "sudo kdb5_util -s create"
18779
19352
msgstr ""
18780
19353
18781
#: serverguide/C/network-auth.xml:3157(para)
19354
#: serverguide/C/network-auth.xml:3150(para)
18782
19355
msgid ""
18783
19356
"Now start the <application>kpropd</application> daemon, which listens for "
18784
19357
"connections from the <application>kprop</application> utility. "
18785
19358
"<application>kprop</application> is used to transfer dump files:"
18786
19359
msgstr ""
18787
19360
18788
#: serverguide/C/network-auth.xml:3164(command)
19361
#: serverguide/C/network-auth.xml:3157(command)
18789
19362
msgid "sudo kpropd -S"
18790
19363
msgstr ""
18791
19364
18792
#: serverguide/C/network-auth.xml:3170(para)
19365
#: serverguide/C/network-auth.xml:3163(para)
18793
19366
msgid ""
18794
19367
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
18795
19368
"of the principal database:"
18796
19369
msgstr ""
18797
19370
18798
#: serverguide/C/network-auth.xml:3175(command)
19371
#: serverguide/C/network-auth.xml:3168(command)
18799
19372
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
18800
19373
msgstr ""
18801
19374
18802
#: serverguide/C/network-auth.xml:3181(para)
19375
#: serverguide/C/network-auth.xml:3174(para)
18803
19376
msgid ""
18804
19377
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
18805
19378
"<filename>/etc/krb5.keytab</filename>:"
18806
19379
msgstr ""
18807
19380
18808
#: serverguide/C/network-auth.xml:3186(command)
19381
#: serverguide/C/network-auth.xml:3179(command)
18809
19382
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
18810
19383
msgstr ""
18811
19384
18812
#: serverguide/C/network-auth.xml:3187(command)
19385
#: serverguide/C/network-auth.xml:3180(command)
18813
19386
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
18814
19387
msgstr ""
18815
19388
18816
#: serverguide/C/network-auth.xml:3191(para)
19389
#: serverguide/C/network-auth.xml:3184(para)
18817
19390
msgid ""
18818
19391
"Make sure there is a <emphasis>host</emphasis> for "
18819
19392
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
18820
19393
msgstr ""
18821
19394
18822
#: serverguide/C/network-auth.xml:3199(para)
19395
#: serverguide/C/network-auth.xml:3192(para)
18823
19396
msgid ""
18824
19397
"Using the <application>kprop</application> utility push the database to the "
18825
19398
"Secondary KDC:"
18826
19399
msgstr ""
18827
19400
18828
#: serverguide/C/network-auth.xml:3204(command)
19401
#: serverguide/C/network-auth.xml:3197(command)
18829
19402
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
18830
19403
msgstr ""
18831
19404
18832
#: serverguide/C/network-auth.xml:3208(para)
19405
#: serverguide/C/network-auth.xml:3201(para)
18833
19406
msgid ""
18834
19407
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
18835
19408
"worked. If there is an error message check "
18837
19410
"information."
18838
19411
msgstr ""
18839
19412
18840
#: serverguide/C/network-auth.xml:3214(para)
19413
#: serverguide/C/network-auth.xml:3207(para)
18841
19414
msgid ""
18842
19415
"You may also want to create a <application>cron</application> job to "
18843
19416
"periodically update the database on the Secondary KDC. For example, the "
18845
19418
"split to fit the format of this document):"
18846
19419
msgstr ""
18847
19420
18848
#: serverguide/C/network-auth.xml:3219(programlisting)
19421
#: serverguide/C/network-auth.xml:3212(programlisting)
18849
19422
#, no-wrap
18850
19423
msgid ""
18851
19424
"\n"
18854
19427
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
18855
19428
msgstr ""
18856
19429
18857
#: serverguide/C/network-auth.xml:3228(para)
19430
#: serverguide/C/network-auth.xml:3221(para)
18858
19431
msgid ""
18859
19432
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
18860
19433
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
18861
19434
msgstr ""
18862
19435
18863
#: serverguide/C/network-auth.xml:3234(command)
19436
#: serverguide/C/network-auth.xml:3227(command)
18864
19437
msgid "sudo kdb5_util stash"
18865
19438
msgstr ""
18866
19439
18867
#: serverguide/C/network-auth.xml:3240(para)
19440
#: serverguide/C/network-auth.xml:3233(para)
18868
19441
msgid ""
18869
19442
"Finally, start the <application>krb5-kdc</application> daemon on the "
18870
19443
"Secondary KDC:"
18871
19444
msgstr ""
18872
19445
18873
#: serverguide/C/network-auth.xml:3245(command) serverguide/C/network-auth.xml:3921(command)
19446
#: serverguide/C/network-auth.xml:3238(command) serverguide/C/network-auth.xml:3914(command)
18874
19447
msgid "sudo systemctl start krb5-kdc.service"
18875
19448
msgstr ""
18876
19449
18877
#: serverguide/C/network-auth.xml:3251(para)
19450
#: serverguide/C/network-auth.xml:3244(para)
18878
19451
msgid ""
18879
19452
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
18880
19453
"for the Realm. You can test this by stopping the <application>krb5-"
18885
19458
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
18886
19459
msgstr ""
18887
19460
18888
#: serverguide/C/network-auth.xml:3262(title)
19461
#: serverguide/C/network-auth.xml:3255(title)
18889
19462
msgid "Kerberos Linux Client"
18890
19463
msgstr ""
18891
19464
18892
#: serverguide/C/network-auth.xml:3264(para)
19465
#: serverguide/C/network-auth.xml:3257(para)
18893
19466
msgid ""
18894
19467
"This section covers configuring a Linux system as a "
18895
19468
"<application>Kerberos</application> client. This will allow access to any "
18896
19469
"kerberized services once a user has successfully logged into the system."
18897
19470
msgstr ""
18898
19471
18899
#: serverguide/C/network-auth.xml:3272(para)
19472
#: serverguide/C/network-auth.xml:3265(para)
18900
19473
msgid ""
18901
19474
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
18902
19475
"user</application> and <application>libpam-krb5</application> packages are "
18905
19478
"prompt:"
18906
19479
msgstr ""
18907
19480
18908
#: serverguide/C/network-auth.xml:3279(command)
19481
#: serverguide/C/network-auth.xml:3272(command)
18909
19482
msgid ""
18910
19483
"sudo apt install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
18911
19484
msgstr ""
18912
19485
18913
#: serverguide/C/network-auth.xml:3282(para)
19486
#: serverguide/C/network-auth.xml:3275(para)
18914
19487
msgid ""
18915
19488
"The <application>auth-client-config</application> package allows simple "
18916
19489
"configuration of PAM for authentication from multiple sources, and the "
18921
19494
"be accessed off the network as well."
18922
19495
msgstr ""
18923
19496
18924
#: serverguide/C/network-auth.xml:3293(para)
19497
#: serverguide/C/network-auth.xml:3286(para)
18925
19498
msgid "To configure the client in a terminal enter:"
18926
19499
msgstr ""
18927
19500
18928
#: serverguide/C/network-auth.xml:3298(command)
19501
#: serverguide/C/network-auth.xml:3291(command)
18929
19502
msgid "sudo dpkg-reconfigure krb5-config"
18930
19503
msgstr ""
18931
19504
18932
#: serverguide/C/network-auth.xml:3301(para)
19505
#: serverguide/C/network-auth.xml:3294(para)
18933
19506
msgid ""
18934
19507
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
18935
19508
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
18937
19510
"Center (KDC) and Realm Administration server."
18938
19511
msgstr ""
18939
19512
18940
#: serverguide/C/network-auth.xml:3307(para)
19513
#: serverguide/C/network-auth.xml:3300(para)
18941
19514
msgid ""
18942
19515
"The <application>dpkg-reconfigure</application> adds entries to the "
18943
19516
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
18944
19517
"entries similar to the following:"
18945
19518
msgstr ""
18946
19519
18947
#: serverguide/C/network-auth.xml:3312(programlisting)
19520
#: serverguide/C/network-auth.xml:3305(programlisting)
18948
19521
#, no-wrap
18949
19522
msgid ""
18950
19523
"\n"
18958
19531
" }\n"
18959
19532
msgstr ""
18960
19533
18961
#: serverguide/C/network-auth.xml:3324(para)
19534
#: serverguide/C/network-auth.xml:3317(para)
18962
19535
msgid ""
18963
19536
"If you set the uid of each of your network-authenticated users to start at "
18964
19537
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
18966
19539
"> 5000:"
18967
19540
msgstr ""
18968
19541
18969
#: serverguide/C/network-auth.xml:3332(command)
19542
#: serverguide/C/network-auth.xml:3325(command)
18970
19543
msgid ""
18971
19544
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
18972
19545
"for i in common-auth common-session common-account common-password; do sudo "
18974
19547
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
18975
19548
msgstr ""
18976
19549
18977
#: serverguide/C/network-auth.xml:3339(para)
19550
#: serverguide/C/network-auth.xml:3332(para)
18978
19551
msgid ""
18979
19552
"This will avoid being asked for the (non-existent) Kerberos password of a "
18980
19553
"locally authenticated user when changing its password using "
18981
19554
"<command>passwd</command>."
18982
19555
msgstr ""
18983
19556
18984
#: serverguide/C/network-auth.xml:3346(para)
19557
#: serverguide/C/network-auth.xml:3339(para)
18985
19558
msgid ""
18986
19559
"You can test the configuration by requesting a ticket using the "
18987
19560
"<application>kinit</application> utility. For example:"
18988
19561
msgstr ""
18989
19562
18990
#: serverguide/C/network-auth.xml:3351(command)
19563
#: serverguide/C/network-auth.xml:3344(command)
18991
19564
msgid "kinit steve@EXAMPLE.COM"
18992
19565
msgstr ""
18993
19566
18994
#: serverguide/C/network-auth.xml:3352(computeroutput)
19567
#: serverguide/C/network-auth.xml:3345(computeroutput)
18995
19568
#, no-wrap
18996
19569
msgid "Password for steve@EXAMPLE.COM:"
18997
19570
msgstr ""
18998
19571
18999
#: serverguide/C/network-auth.xml:3355(para)
19572
#: serverguide/C/network-auth.xml:3348(para)
19000
19573
msgid ""
19001
19574
"When a ticket has been granted, the details can be viewed using "
19002
19575
"<application>klist</application>:"
19003
19576
msgstr ""
19004
19577
19005
#: serverguide/C/network-auth.xml:3361(computeroutput)
19578
#: serverguide/C/network-auth.xml:3354(computeroutput)
19006
19579
#, no-wrap
19007
19580
msgid ""
19008
19581
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
19017
19590
"klist: You have no tickets cached"
19018
19591
msgstr ""
19019
19592
19020
#: serverguide/C/network-auth.xml:3373(para)
19593
#: serverguide/C/network-auth.xml:3366(para)
19021
19594
msgid ""
19022
19595
"Next, use the <application>auth-client-config</application> to configure the "
19023
19596
"<application>libpam-krb5</application> module to request a ticket during "
19024
19597
"login:"
19025
19598
msgstr ""
19026
19599
19027
#: serverguide/C/network-auth.xml:3379(command)
19600
#: serverguide/C/network-auth.xml:3372(command)
19028
19601
msgid "sudo auth-client-config -a -p kerberos_example"
19029
19602
msgstr ""
19030
19603
19031
#: serverguide/C/network-auth.xml:3382(para)
19604
#: serverguide/C/network-auth.xml:3375(para)
19032
19605
msgid ""
19033
19606
"You will should now receive a ticket upon successful login authentication."
19034
19607
msgstr ""
19035
19608
19036
#: serverguide/C/network-auth.xml:3393(para)
19609
#: serverguide/C/network-auth.xml:3386(para)
19037
19610
msgid ""
19038
19611
"For more information on MIT's version of Kerberos, see the <ulink "
19039
19612
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
19040
19613
msgstr ""
19041
19614
19042
#: serverguide/C/network-auth.xml:3398(para)
19615
#: serverguide/C/network-auth.xml:3391(para)
19043
19616
msgid ""
19044
19617
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
19045
19618
"Kerberos</ulink> page has more details."
19046
19619
msgstr ""
19047
19620
19048
#: serverguide/C/network-auth.xml:3403(para)
19621
#: serverguide/C/network-auth.xml:3396(para)
19049
19622
msgid ""
19050
19623
"O'Reilly's <ulink "
19051
19624
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
19052
19625
"Guide</ulink> is a great reference when setting up Kerberos."
19053
19626
msgstr ""
19054
19627
19055
#: serverguide/C/network-auth.xml:3409(para)
19628
#: serverguide/C/network-auth.xml:3402(para)
19056
19629
msgid ""
19057
19630
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
19058
19631
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
19059
19632
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
19060
19633
msgstr ""
19061
19634
19062
#: serverguide/C/network-auth.xml:3421(title)
19635
#: serverguide/C/network-auth.xml:3414(title)
19063
19636
msgid "Kerberos and LDAP"
19064
19637
msgstr ""
19065
19638
19066
#: serverguide/C/network-auth.xml:3423(para)
19639
#: serverguide/C/network-auth.xml:3416(para)
19067
19640
msgid ""
19068
19641
"Most people will not use Kerberos by itself; once an user is authenticated "
19069
19642
"(Kerberos), we need to figure out what this user can do (authorization). And "
19070
19643
"that would be the job of programs such as <application>LDAP</application>."
19071
19644
msgstr ""
19072
19645
19073
#: serverguide/C/network-auth.xml:3430(para)
19646
#: serverguide/C/network-auth.xml:3423(para)
19074
19647
msgid ""
19075
19648
"Replicating a Kerberos principal database between two servers can be "
19076
19649
"complicated, and adds an additional user database to your network. "
19080
19653
"<application>OpenLDAP</application> for the principal database."
19081
19654
msgstr ""
19082
19655
19083
#: serverguide/C/network-auth.xml:3438(para)
19656
#: serverguide/C/network-auth.xml:3431(para)
19084
19657
msgid ""
19085
19658
"The examples presented here assume <application>MIT Kerberos</application> "
19086
19659
"and <application>OpenLDAP</application>."
19087
19660
msgstr ""
19088
19661
19089
#: serverguide/C/network-auth.xml:3446(title)
19662
#: serverguide/C/network-auth.xml:3439(title)
19090
19663
msgid "Configuring OpenLDAP"
19091
19664
msgstr ""
19092
19665
19093
#: serverguide/C/network-auth.xml:3448(para)
19666
#: serverguide/C/network-auth.xml:3441(para)
19094
19667
msgid ""
19095
19668
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
19096
19669
"<application>OpenLDAP</application> server that has network connectivity to "
19099
19672
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
19100
19673
msgstr ""
19101
19674
19102
#: serverguide/C/network-auth.xml:3454(para)
19675
#: serverguide/C/network-auth.xml:3447(para)
19103
19676
msgid ""
19104
19677
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
19105
19678
"that traffic between the KDC and LDAP server is encrypted. See <xref "
19106
19679
"linkend=\"openldap-tls\"/> for details."
19107
19680
msgstr ""
19108
19681
19109
#: serverguide/C/network-auth.xml:3460(para)
19682
#: serverguide/C/network-auth.xml:3453(para)
19110
19683
msgid ""
19111
19684
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
19112
19685
"edit the ldap database. Many times it is the RootDN. Change its value to "
19113
19686
"reflect your setup."
19114
19687
msgstr ""
19115
19688
19116
#: serverguide/C/network-auth.xml:3469(para)
19689
#: serverguide/C/network-auth.xml:3462(para)
19117
19690
msgid ""
19118
19691
"To load the schema into LDAP, on the LDAP server install the "
19119
19692
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
19120
19693
msgstr ""
19121
19694
19122
#: serverguide/C/network-auth.xml:3475(command)
19695
#: serverguide/C/network-auth.xml:3468(command)
19123
19696
msgid "sudo apt install krb5-kdc-ldap"
19124
19697
msgstr ""
19125
19698
19126
#: serverguide/C/network-auth.xml:3480(para)
19699
#: serverguide/C/network-auth.xml:3473(para)
19127
19700
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
19128
19701
msgstr ""
19129
19702
19130
#: serverguide/C/network-auth.xml:3485(command)
19703
#: serverguide/C/network-auth.xml:3478(command)
19131
19704
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
19132
19705
msgstr ""
19133
19706
19134
#: serverguide/C/network-auth.xml:3486(command)
19707
#: serverguide/C/network-auth.xml:3479(command)
19135
19708
msgid ""
19136
19709
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
19137
19710
msgstr ""
19138
19711
19139
#: serverguide/C/network-auth.xml:3492(para)
19712
#: serverguide/C/network-auth.xml:3485(para)
19140
19713
msgid ""
19141
19714
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
19142
19715
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
19144
19717
"linkend=\"openldap-configuration\"/>."
19145
19718
msgstr ""
19146
19719
19147
#: serverguide/C/network-auth.xml:3500(para)
19720
#: serverguide/C/network-auth.xml:3493(para)
19148
19721
msgid ""
19149
19722
"First, create a configuration file named "
19150
19723
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
19151
19724
"containing the following lines:"
19152
19725
msgstr ""
19153
19726
19154
#: serverguide/C/network-auth.xml:3505(programlisting)
19727
#: serverguide/C/network-auth.xml:3498(programlisting)
19155
19728
#, no-wrap
19156
19729
msgid ""
19157
19730
"\n"
19170
19743
"include /etc/ldap/schema/kerberos.schema\n"
19171
19744
msgstr ""
19172
19745
19173
#: serverguide/C/network-auth.xml:3525(para)
19746
#: serverguide/C/network-auth.xml:3518(para)
19174
19747
msgid "Create a temporary directory to hold the LDIF files:"
19175
19748
msgstr ""
19176
19749
19177
#: serverguide/C/network-auth.xml:3529(command)
19750
#: serverguide/C/network-auth.xml:3522(command)
19178
19751
msgid "mkdir /tmp/ldif_output"
19179
19752
msgstr ""
19180
19753
19181
#: serverguide/C/network-auth.xml:3535(para)
19754
#: serverguide/C/network-auth.xml:3528(para)
19182
19755
msgid ""
19183
19756
"Now use <application>slapcat</application> to convert the schema files:"
19184
19757
msgstr ""
19185
19758
19186
#: serverguide/C/network-auth.xml:3540(command)
19759
#: serverguide/C/network-auth.xml:3533(command)
19187
19760
msgid ""
19188
19761
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
19189
19762
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
19190
19763
msgstr ""
19191
19764
19765
#: serverguide/C/network-auth.xml:3537(para)
19766
msgid ""
19767
"Change the above file and path names to match your own if they are different."
19768
msgstr ""
19769
19192
19770
#: serverguide/C/network-auth.xml:3544(para)
19193
19771
msgid ""
19194
"Change the above file and path names to match your own if they are different."
19195
msgstr ""
19196
19197
#: serverguide/C/network-auth.xml:3551(para)
19198
msgid ""
19199
19772
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
19200
19773
"changing the following attributes:"
19201
19774
msgstr ""
19202
19775
19203
#: serverguide/C/network-auth.xml:3555(programlisting)
19776
#: serverguide/C/network-auth.xml:3548(programlisting)
19204
19777
#, no-wrap
19205
19778
msgid ""
19206
19779
"\n"
19209
19782
"cn: kerberos\n"
19210
19783
msgstr ""
19211
19784
19212
#: serverguide/C/network-auth.xml:3561(para)
19785
#: serverguide/C/network-auth.xml:3554(para)
19213
19786
msgid "And remove the following lines from the end of the file:"
19214
19787
msgstr ""
19215
19788
19216
#: serverguide/C/network-auth.xml:3565(programlisting)
19789
#: serverguide/C/network-auth.xml:3558(programlisting)
19217
19790
#, no-wrap
19218
19791
msgid ""
19219
19792
"\n"
19226
19799
"modifyTimestamp: 20090111203515Z\n"
19227
19800
msgstr ""
19228
19801
19802
#: serverguide/C/network-auth.xml:3568(para)
19803
msgid ""
19804
"The attribute values will vary, just be sure the attributes are removed."
19805
msgstr ""
19806
19229
19807
#: serverguide/C/network-auth.xml:3575(para)
19230
msgid ""
19231
"The attribute values will vary, just be sure the attributes are removed."
19232
msgstr ""
19233
19234
#: serverguide/C/network-auth.xml:3582(para)
19235
19808
msgid "Load the new schema with <application>ldapadd</application>:"
19236
19809
msgstr ""
19237
19810
19238
#: serverguide/C/network-auth.xml:3587(command)
19811
#: serverguide/C/network-auth.xml:3580(command)
19239
19812
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
19240
19813
msgstr ""
19241
19814
19242
#: serverguide/C/network-auth.xml:3593(para)
19815
#: serverguide/C/network-auth.xml:3586(para)
19243
19816
msgid ""
19244
19817
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
19245
19818
msgstr ""
19246
19819
19247
#: serverguide/C/network-auth.xml:3598(command) serverguide/C/network-auth.xml:3615(command)
19820
#: serverguide/C/network-auth.xml:3591(command) serverguide/C/network-auth.xml:3608(command)
19248
19821
msgid "ldapmodify -x -D cn=admin,cn=config -W"
19249
19822
msgstr ""
19250
19823
19251
#: serverguide/C/network-auth.xml:3600(userinput)
19824
#: serverguide/C/network-auth.xml:3593(userinput)
19252
19825
#, no-wrap
19253
19826
msgid ""
19254
19827
"dn: olcDatabase={1}hdb,cn=config\n"
19256
19829
"olcDbIndex: krbPrincipalName eq,pres,sub"
19257
19830
msgstr ""
19258
19831
19259
#: serverguide/C/network-auth.xml:3599(computeroutput)
19832
#: serverguide/C/network-auth.xml:3592(computeroutput)
19260
19833
#, no-wrap
19261
19834
msgid ""
19262
19835
"Enter LDAP Password:\n"
19265
19838
"modifying entry \"olcDatabase={1}hdb,cn=config\""
19266
19839
msgstr ""
19267
19840
19268
#: serverguide/C/network-auth.xml:3610(para)
19841
#: serverguide/C/network-auth.xml:3603(para)
19269
19842
msgid "Finally, update the Access Control Lists (ACL):"
19270
19843
msgstr ""
19271
19844
19272
#: serverguide/C/network-auth.xml:3617(userinput)
19845
#: serverguide/C/network-auth.xml:3610(userinput)
19273
19846
#, no-wrap
19274
19847
msgid ""
19275
19848
"dn: olcDatabase={1}hdb,cn=config\n"
19285
19858
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
19286
19859
msgstr ""
19287
19860
19288
#: serverguide/C/network-auth.xml:3616(computeroutput)
19861
#: serverguide/C/network-auth.xml:3609(computeroutput)
19289
19862
#, no-wrap
19290
19863
msgid ""
19291
19864
"Enter LDAP Password: \n"
19294
19867
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
19295
19868
msgstr ""
19296
19869
19297
#: serverguide/C/network-auth.xml:3637(para)
19870
#: serverguide/C/network-auth.xml:3630(para)
19298
19871
msgid ""
19299
19872
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
19300
19873
"database."
19301
19874
msgstr ""
19302
19875
19303
#: serverguide/C/network-auth.xml:3643(title)
19876
#: serverguide/C/network-auth.xml:3636(title)
19304
19877
msgid "Primary KDC Configuration"
19305
19878
msgstr ""
19306
19879
19307
#: serverguide/C/network-auth.xml:3645(para)
19880
#: serverguide/C/network-auth.xml:3638(para)
19308
19881
msgid ""
19309
19882
"With <application>OpenLDAP</application> configured it is time to configure "
19310
19883
"the KDC."
19311
19884
msgstr ""
19312
19885
19313
#: serverguide/C/network-auth.xml:3651(para)
19886
#: serverguide/C/network-auth.xml:3644(para)
19314
19887
msgid "First, install the necessary packages, from a terminal enter:"
19315
19888
msgstr ""
19316
19889
19317
#: serverguide/C/network-auth.xml:3656(command) serverguide/C/network-auth.xml:3815(command)
19890
#: serverguide/C/network-auth.xml:3649(command) serverguide/C/network-auth.xml:3808(command)
19318
19891
msgid "sudo apt install krb5-kdc krb5-admin-server krb5-kdc-ldap"
19319
19892
msgstr ""
19320
19893
19321
#: serverguide/C/network-auth.xml:3662(para)
19894
#: serverguide/C/network-auth.xml:3655(para)
19322
19895
msgid ""
19323
19896
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
19324
19897
"under the appropriate sections:"
19325
19898
msgstr ""
19326
19899
19327
#: serverguide/C/network-auth.xml:3666(programlisting)
19900
#: serverguide/C/network-auth.xml:3659(programlisting)
19328
19901
#, no-wrap
19329
19902
msgid ""
19330
19903
"\n"
19374
19947
" }\n"
19375
19948
msgstr ""
19376
19949
19377
#: serverguide/C/network-auth.xml:3711(para)
19950
#: serverguide/C/network-auth.xml:3704(para)
19378
19951
msgid ""
19379
19952
"Change <emphasis>example.com</emphasis>, "
19380
19953
"<emphasis>dc=example,dc=com</emphasis>, "
19383
19956
"object, and LDAP server for your network."
19384
19957
msgstr ""
19385
19958
19386
#: serverguide/C/network-auth.xml:3720(para)
19959
#: serverguide/C/network-auth.xml:3713(para)
19387
19960
msgid ""
19388
19961
"Next, use the <application>kdb5_ldap_util</application> utility to create "
19389
19962
"the realm:"
19390
19963
msgstr ""
19391
19964
19392
#: serverguide/C/network-auth.xml:3725(command)
19965
#: serverguide/C/network-auth.xml:3718(command)
19393
19966
msgid ""
19394
19967
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
19395
19968
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
19396
19969
msgstr ""
19397
19970
19398
#: serverguide/C/network-auth.xml:3732(para)
19971
#: serverguide/C/network-auth.xml:3725(para)
19399
19972
msgid ""
19400
19973
"Create a stash of the password used to bind to the LDAP server. This "
19401
19974
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
19403
19976
"<filename>/etc/krb5.conf</filename>:"
19404
19977
msgstr ""
19405
19978
19406
#: serverguide/C/network-auth.xml:3738(command) serverguide/C/network-auth.xml:3877(command)
19979
#: serverguide/C/network-auth.xml:3731(command) serverguide/C/network-auth.xml:3870(command)
19407
19980
msgid ""
19408
19981
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
19409
19982
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
19410
19983
msgstr ""
19411
19984
19412
#: serverguide/C/network-auth.xml:3745(para)
19985
#: serverguide/C/network-auth.xml:3738(para)
19413
19986
msgid "Copy the CA certificate from the LDAP server:"
19414
19987
msgstr ""
19415
19988
19416
#: serverguide/C/network-auth.xml:3750(command)
19989
#: serverguide/C/network-auth.xml:3743(command)
19417
19990
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
19418
19991
msgstr ""
19419
19992
19420
#: serverguide/C/network-auth.xml:3751(command)
19993
#: serverguide/C/network-auth.xml:3744(command)
19421
19994
msgid "sudo cp cacert.pem /etc/ssl/certs"
19422
19995
msgstr ""
19423
19996
19424
#: serverguide/C/network-auth.xml:3754(para)
19997
#: serverguide/C/network-auth.xml:3747(para)
19425
19998
msgid ""
19426
19999
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
19427
20000
msgstr ""
19428
20001
19429
#: serverguide/C/network-auth.xml:3758(programlisting)
20002
#: serverguide/C/network-auth.xml:3751(programlisting)
19430
20003
#, no-wrap
19431
20004
msgid ""
19432
20005
"\n"
19433
20006
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
19434
20007
msgstr ""
19435
20008
19436
#: serverguide/C/network-auth.xml:3763(para)
20009
#: serverguide/C/network-auth.xml:3756(para)
19437
20010
msgid ""
19438
20011
"The certificate will also need to be copied to the Secondary KDC, to allow "
19439
20012
"the connection to the LDAP servers using LDAPS."
19440
20013
msgstr ""
19441
20014
19442
#: serverguide/C/network-auth.xml:3772(para)
20015
#: serverguide/C/network-auth.xml:3765(para)
19443
20016
msgid ""
19444
20017
"You can now add Kerberos principals to the LDAP database, and they will be "
19445
20018
"copied to any other LDAP servers configured for replication. To add a "
19446
20019
"principal using the <application>kadmin.local</application> utility enter:"
19447
20020
msgstr ""
19448
20021
19449
#: serverguide/C/network-auth.xml:3780(userinput)
20022
#: serverguide/C/network-auth.xml:3773(userinput)
19450
20023
#, no-wrap
19451
20024
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
19452
20025
msgstr ""
19453
20026
19454
#: serverguide/C/network-auth.xml:3779(computeroutput)
20027
#: serverguide/C/network-auth.xml:3772(computeroutput)
19455
20028
#, no-wrap
19456
20029
msgid ""
19457
20030
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
19462
20035
"Principal \"steve@EXAMPLE.COM\" created."
19463
20036
msgstr ""
19464
20037
19465
#: serverguide/C/network-auth.xml:3787(para)
20038
#: serverguide/C/network-auth.xml:3780(para)
19466
20039
msgid ""
19467
20040
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
19468
20041
"krbExtraData attributes added to the "
19471
20044
"utilities to test that the user is indeed issued a ticket."
19472
20045
msgstr ""
19473
20046
19474
#: serverguide/C/network-auth.xml:3794(para)
20047
#: serverguide/C/network-auth.xml:3787(para)
19475
20048
msgid ""
19476
20049
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
19477
20050
"option is needed to add the Kerberos attributes. Otherwise a new "
19478
20051
"<emphasis>principal</emphasis> object will be created in the realm subtree."
19479
20052
msgstr ""
19480
20053
19481
#: serverguide/C/network-auth.xml:3802(title)
20054
#: serverguide/C/network-auth.xml:3795(title)
19482
20055
msgid "Secondary KDC Configuration"
19483
20056
msgstr ""
19484
20057
19485
#: serverguide/C/network-auth.xml:3804(para)
20058
#: serverguide/C/network-auth.xml:3797(para)
19486
20059
msgid ""
19487
20060
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
19488
20061
"one using the normal Kerberos database."
19489
20062
msgstr ""
19490
20063
19491
#: serverguide/C/network-auth.xml:3810(para)
20064
#: serverguide/C/network-auth.xml:3803(para)
19492
20065
msgid "First, install the necessary packages. In a terminal enter:"
19493
20066
msgstr ""
19494
20067
19495
#: serverguide/C/network-auth.xml:3821(para)
20068
#: serverguide/C/network-auth.xml:3814(para)
19496
20069
msgid ""
19497
20070
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
19498
20071
msgstr ""
19499
20072
19500
#: serverguide/C/network-auth.xml:3825(programlisting)
20073
#: serverguide/C/network-auth.xml:3818(programlisting)
19501
20074
#, no-wrap
19502
20075
msgid ""
19503
20076
"\n"
19546
20119
" }\n"
19547
20120
msgstr ""
19548
20121
19549
#: serverguide/C/network-auth.xml:3872(para)
20122
#: serverguide/C/network-auth.xml:3865(para)
19550
20123
msgid "Create the stash for the LDAP bind password:"
19551
20124
msgstr ""
19552
20125
19553
#: serverguide/C/network-auth.xml:3884(para)
20126
#: serverguide/C/network-auth.xml:3877(para)
19554
20127
msgid ""
19555
20128
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
19556
20129
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
19559
20132
"media."
19560
20133
msgstr ""
19561
20134
19562
#: serverguide/C/network-auth.xml:3891(command)
20135
#: serverguide/C/network-auth.xml:3884(command)
19563
20136
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
19564
20137
msgstr ""
19565
20138
19566
#: serverguide/C/network-auth.xml:3892(command)
20139
#: serverguide/C/network-auth.xml:3885(command)
19567
20140
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
19568
20141
msgstr ""
19569
20142
19570
#: serverguide/C/network-auth.xml:3896(para)
20143
#: serverguide/C/network-auth.xml:3889(para)
19571
20144
msgid ""
19572
20145
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
19573
20146
msgstr ""
19574
20147
19575
#: serverguide/C/network-auth.xml:3904(para)
20148
#: serverguide/C/network-auth.xml:3897(para)
19576
20149
msgid ""
19577
20150
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
19578
20151
"only,"
19579
20152
msgstr ""
19580
20153
19581
#: serverguide/C/network-auth.xml:3916(para)
20154
#: serverguide/C/network-auth.xml:3909(para)
19582
20155
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
19583
20156
msgstr ""
19584
20157
20158
#: serverguide/C/network-auth.xml:3920(para)
20159
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
20160
msgstr ""
20161
19585
20162
#: serverguide/C/network-auth.xml:3927(para)
19586
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
19587
msgstr ""
19588
19589
#: serverguide/C/network-auth.xml:3934(para)
19590
20163
msgid ""
19591
20164
"You now have redundant KDCs on your network, and with redundant LDAP servers "
19592
20165
"you should be able to continue to authenticate users if one LDAP server, one "
19593
20166
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
19594
20167
msgstr ""
19595
20168
19596
#: serverguide/C/network-auth.xml:3946(para)
20169
#: serverguide/C/network-auth.xml:3939(para)
19597
20170
msgid ""
19598
20171
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
19599
20172
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
19600
20173
"Guide</ulink> has some additional details."
19601
20174
msgstr ""
19602
20175
19603
#: serverguide/C/network-auth.xml:3952(para)
20176
#: serverguide/C/network-auth.xml:3945(para)
19604
20177
msgid ""
19605
20178
"For more information on <application>kdb5_ldap_util</application> see <ulink "
19606
20179
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
19610
20183
"l\">kdb5_ldap_util man page</ulink>."
19611
20184
msgstr ""
19612
20185
19613
#: serverguide/C/network-auth.xml:3960(para)
20186
#: serverguide/C/network-auth.xml:3953(para)
19614
20187
msgid ""
19615
20188
"Another useful link is the <ulink "
19616
20189
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/krb5.conf.5.html\">k"
19617
20190
"rb5.conf man page</ulink>."
19618
20191
msgstr ""
19619
20192
19620
#: serverguide/C/network-auth.xml:3965(para)
20193
#: serverguide/C/network-auth.xml:3958(para)
19621
20194
msgid ""
19622
20195
"Also, see the <ulink "
19623
20196
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
19624
20197
"and LDAP</ulink> Ubuntu wiki page."
19625
20198
msgstr ""
19626
20199
19627
#: serverguide/C/network-auth.xml:3974(title)
20200
#: serverguide/C/network-auth.xml:3967(title)
19628
20201
msgid "SSSD and Active Directory"
19629
20202
msgstr ""
19630
20203
19631
#: serverguide/C/network-auth.xml:3975(para)
20204
#: serverguide/C/network-auth.xml:3968(para)
19632
20205
msgid ""
19633
20206
"This section describes the use of sssd to authenticate user logins against "
19634
20207
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
19639
20212
"requires no modifications to the AD structure."
19640
20213
msgstr ""
19641
20214
19642
#: serverguide/C/network-auth.xml:3979(title)
20215
#: serverguide/C/network-auth.xml:3972(title)
19643
20216
msgid "Prerequisites, Assumptions, and Requirements"
19644
20217
msgstr ""
19645
20218
19646
#: serverguide/C/network-auth.xml:3982(para)
20219
#: serverguide/C/network-auth.xml:3975(para)
19647
20220
msgid ""
19648
20221
"This guide does not explain Active Directory, how it works, how to set one "
19649
20222
"up, or how to maintain it. It may not provide <quote>best practices</quote> "
19650
20223
"for your environment."
19651
20224
msgstr ""
19652
20225
19653
#: serverguide/C/network-auth.xml:3984(para)
20226
#: serverguide/C/network-auth.xml:3977(para)
19654
20227
msgid ""
19655
20228
"This guide assumes that a working Active Directory domain is already "
19656
20229
"configured."
19657
20230
msgstr ""
19658
20231
19659
#: serverguide/C/network-auth.xml:3986(para)
20232
#: serverguide/C/network-auth.xml:3979(para)
19660
20233
msgid ""
19661
20234
"The domain controller is acting as an authoritative DNS server for the "
19662
20235
"domain."
19663
20236
msgstr ""
19664
20237
19665
#: serverguide/C/network-auth.xml:3988(para)
20238
#: serverguide/C/network-auth.xml:3981(para)
19666
20239
msgid ""
19667
20240
"The domain controller is the primary DNS resolver as specified in "
19668
20241
"<filename>/etc/resolv.conf</filename>."
19669
20242
msgstr ""
19670
20243
19671
#: serverguide/C/network-auth.xml:3991(para)
20244
#: serverguide/C/network-auth.xml:3984(para)
19672
20245
msgid ""
19673
20246
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
19674
20247
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
19675
20248
"(see Resources section for external links)."
19676
20249
msgstr ""
19677
20250
19678
#: serverguide/C/network-auth.xml:3993(para)
20251
#: serverguide/C/network-auth.xml:3986(para)
19679
20252
msgid ""
19680
20253
"System time is synchronized on the domain controller (necessary for "
19681
20254
"Kerberos)."
19682
20255
msgstr ""
19683
20256
19684
#: serverguide/C/network-auth.xml:3995(para)
20257
#: serverguide/C/network-auth.xml:3988(para)
19685
20258
msgid ""
19686
20259
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
19687
20260
"."
19688
20261
msgstr ""
19689
20262
19690
#: serverguide/C/network-auth.xml:4000(para)
20263
#: serverguide/C/network-auth.xml:3993(para)
19691
20264
msgid ""
19692
20265
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
19693
20266
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
19696
20269
"controllers are needed for this step."
19697
20270
msgstr ""
19698
20271
19699
#: serverguide/C/network-auth.xml:4001(para)
20272
#: serverguide/C/network-auth.xml:3994(para)
19700
20273
msgid "Install these packages now."
19701
20274
msgstr ""
19702
20275
19703
#: serverguide/C/network-auth.xml:4003(command)
20276
#: serverguide/C/network-auth.xml:3996(command)
19704
20277
msgid "sudo apt install krb5-user samba sssd ntp"
19705
20278
msgstr ""
19706
20279
19707
#: serverguide/C/network-auth.xml:4004(para)
20280
#: serverguide/C/network-auth.xml:3997(para)
19708
20281
msgid ""
19709
20282
"See the next section for the answers to the questions asked by the "
19710
20283
"<emphasis>krb5-user</emphasis> postinstall script."
19711
20284
msgstr ""
19712
20285
19713
#: serverguide/C/network-auth.xml:4007(title)
20286
#: serverguide/C/network-auth.xml:4000(title)
19714
20287
msgid "Kerberos Configuration"
19715
20288
msgstr ""
19716
20289
19717
#: serverguide/C/network-auth.xml:4008(para)
20290
#: serverguide/C/network-auth.xml:4001(para)
19718
20291
msgid ""
19719
20292
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
19720
20293
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
19724
20297
"not, then both are needed."
19725
20298
msgstr ""
19726
20299
19727
#: serverguide/C/network-auth.xml:4009(para)
20300
#: serverguide/C/network-auth.xml:4002(para)
19728
20301
msgid ""
19729
20302
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
19730
20303
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
19731
20304
msgstr ""
19732
20305
19733
#: serverguide/C/network-auth.xml:4012(para)
20306
#: serverguide/C/network-auth.xml:4005(para)
19734
20307
msgid ""
19735
20308
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
19736
20309
"settings to specify Kerberos ticket lifetime (these values are safe to use "
19737
20310
"as defaults):"
19738
20311
msgstr ""
19739
20312
19740
#: serverguide/C/network-auth.xml:4013(programlisting)
20313
#: serverguide/C/network-auth.xml:4006(programlisting)
19741
20314
#, no-wrap
19742
20315
msgid ""
19743
20316
"\n"
19749
20322
"\t\t"
19750
20323
msgstr ""
19751
20324
19752
#: serverguide/C/network-auth.xml:4021(para)
20325
#: serverguide/C/network-auth.xml:4014(para)
19753
20326
msgid ""
19754
20327
"If default_realm is not specified, it may be necessary to log in with "
19755
20328
"<quote>username@domain</quote> instead of <quote>username</quote>."
19756
20329
msgstr ""
19757
20330
19758
#: serverguide/C/network-auth.xml:4023(para)
20331
#: serverguide/C/network-auth.xml:4016(para)
19759
20332
msgid ""
19760
20333
"The system time on the Active Directory member needs to be consistent with "
19761
20334
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
19763
20336
"<filename>/etc/ntp.conf</filename>:"
19764
20337
msgstr ""
19765
20338
19766
#: serverguide/C/network-auth.xml:4025(programlisting)
20339
#: serverguide/C/network-auth.xml:4018(programlisting)
19767
20340
#, no-wrap
19768
20341
msgid ""
19769
20342
"\n"
19770
20343
"server dc.myubuntu.example.com\n"
19771
20344
msgstr ""
19772
20345
19773
#: serverguide/C/network-auth.xml:4032(para)
20346
#: serverguide/C/network-auth.xml:4025(para)
19774
20347
msgid ""
19775
20348
"Samba will be used to perform netbios/nmbd services related to Active "
19776
20349
"Directory authentication, even if no file shares are exported. Edit the file "
19778
20351
"<emphasis>[global]</emphasis> section:"
19779
20352
msgstr ""
19780
20353
19781
#: serverguide/C/network-auth.xml:4034(programlisting)
20354
#: serverguide/C/network-auth.xml:4027(programlisting)
19782
20355
#, no-wrap
19783
20356
msgid ""
19784
20357
"\n"
19792
20365
"security = ads\n"
19793
20366
msgstr ""
19794
20367
19795
#: serverguide/C/network-auth.xml:4045(para)
20368
#: serverguide/C/network-auth.xml:4038(para)
19796
20369
msgid ""
19797
20370
"Some guides specify that \"password server\" should be specified and pointed "
19798
20371
"to the domain controller. This is only necessary if DNS is not properly set "
19800
20373
"server\" is specified with \"security = ads\"."
19801
20374
msgstr ""
19802
20375
19803
#: serverguide/C/network-auth.xml:4050(title)
20376
#: serverguide/C/network-auth.xml:4043(title)
19804
20377
msgid "SSSD Configuration"
19805
20378
msgstr ""
19806
20379
19807
#: serverguide/C/network-auth.xml:4052(para)
20380
#: serverguide/C/network-auth.xml:4045(para)
19808
20381
msgid ""
19809
20382
"There is no default/example config file for "
19810
20383
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
19811
20384
"necessary to create one. This is a minimal working config file:"
19812
20385
msgstr ""
19813
20386
19814
#: serverguide/C/network-auth.xml:4054(programlisting)
20387
#: serverguide/C/network-auth.xml:4047(programlisting)
19815
20388
#, no-wrap
19816
20389
msgid ""
19817
20390
"\n"
19843
20416
"# enumerate = true\n"
19844
20417
msgstr ""
19845
20418
19846
#: serverguide/C/network-auth.xml:4081(para)
20419
#: serverguide/C/network-auth.xml:4074(para)
19847
20420
msgid ""
19848
20421
"After saving this file, set the ownership to root and the file permissions "
19849
20422
"to 600:"
19850
20423
msgstr ""
19851
20424
19852
#: serverguide/C/network-auth.xml:4082(command)
20425
#: serverguide/C/network-auth.xml:4075(command)
19853
20426
msgid "sudo chown root:root /etc/sssd/sssd.conf"
19854
20427
msgstr ""
19855
20428
19856
#: serverguide/C/network-auth.xml:4083(command)
20429
#: serverguide/C/network-auth.xml:4076(command)
19857
20430
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
19858
20431
msgstr ""
19859
20432
19860
#: serverguide/C/network-auth.xml:4085(para)
20433
#: serverguide/C/network-auth.xml:4078(para)
19861
20434
msgid ""
19862
20435
"If the ownership or permissions are not correct, sssd will refuse to start."
19863
20436
msgstr ""
19864
20437
19865
#: serverguide/C/network-auth.xml:4089(title)
20438
#: serverguide/C/network-auth.xml:4082(title)
19866
20439
msgid "Verify nsswitch.conf Configuration"
19867
20440
msgstr ""
19868
20441
19869
#: serverguide/C/network-auth.xml:4090(para)
20442
#: serverguide/C/network-auth.xml:4083(para)
19870
20443
msgid ""
19871
20444
"The post-install script for the sssd package makes some modifications to "
19872
20445
"/etc/nsswitch.conf automatically. It should look something like this:"
19873
20446
msgstr ""
19874
20447
19875
#: serverguide/C/network-auth.xml:4092(programlisting)
20448
#: serverguide/C/network-auth.xml:4085(programlisting)
19876
20449
#, no-wrap
19877
20450
msgid ""
19878
20451
"\n"
19883
20456
"sudoers: files sss\n"
19884
20457
msgstr ""
19885
20458
19886
#: serverguide/C/network-auth.xml:4102(title)
20459
#: serverguide/C/network-auth.xml:4095(title)
19887
20460
msgid "Modify /etc/hosts"
19888
20461
msgstr ""
19889
20462
19890
#: serverguide/C/network-auth.xml:4103(para)
20463
#: serverguide/C/network-auth.xml:4096(para)
19891
20464
msgid ""
19892
20465
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
19893
20466
"example:"
19894
20467
msgstr ""
19895
20468
19896
#: serverguide/C/network-auth.xml:4104(programlisting)
20469
#: serverguide/C/network-auth.xml:4097(programlisting)
19897
20470
#, no-wrap
19898
20471
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
19899
20472
msgstr ""
19900
20473
19901
#: serverguide/C/network-auth.xml:4106(para)
20474
#: serverguide/C/network-auth.xml:4099(para)
19902
20475
msgid "This is useful in conjunction with dynamic DNS updates."
19903
20476
msgstr ""
19904
20477
19905
#: serverguide/C/network-auth.xml:4110(title)
20478
#: serverguide/C/network-auth.xml:4103(title)
19906
20479
msgid "Join the Active Directory"
19907
20480
msgstr ""
19908
20481
19909
#: serverguide/C/network-auth.xml:4111(para)
20482
#: serverguide/C/network-auth.xml:4104(para)
19910
20483
msgid "Now, restart ntp and samba and start sssd."
19911
20484
msgstr ""
19912
20485
19913
#: serverguide/C/network-auth.xml:4112(command)
20486
#: serverguide/C/network-auth.xml:4105(command)
19914
20487
msgid "sudo systemctl restart ntp.service"
19915
20488
msgstr ""
19916
20489
19917
#: serverguide/C/network-auth.xml:4114(command)
20490
#: serverguide/C/network-auth.xml:4107(command)
19918
20491
msgid "sudo systemctl start sssd.service"
19919
20492
msgstr ""
19920
20493
19921
#: serverguide/C/network-auth.xml:4116(para)
20494
#: serverguide/C/network-auth.xml:4109(para)
19922
20495
msgid "Test the configuration by obtaining a Kerberos ticket:"
19923
20496
msgstr ""
19924
20497
19925
#: serverguide/C/network-auth.xml:4118(command)
20498
#: serverguide/C/network-auth.xml:4111(command)
19926
20499
msgid "sudo kinit Administrator"
19927
20500
msgstr ""
19928
20501
19929
#: serverguide/C/network-auth.xml:4120(para)
20502
#: serverguide/C/network-auth.xml:4113(para)
19930
20503
msgid "Verify the ticket with:"
19931
20504
msgstr ""
19932
20505
19933
#: serverguide/C/network-auth.xml:4121(command)
20506
#: serverguide/C/network-auth.xml:4114(command)
19934
20507
msgid "sudo klist"
19935
20508
msgstr ""
19936
20509
19937
#: serverguide/C/network-auth.xml:4123(para)
20510
#: serverguide/C/network-auth.xml:4116(para)
19938
20511
msgid ""
19939
20512
"If there is a ticket with an expiration date listed, then it is time to join "
19940
20513
"the domain:"
19941
20514
msgstr ""
19942
20515
19943
#: serverguide/C/network-auth.xml:4125(command)
20516
#: serverguide/C/network-auth.xml:4118(command)
19944
20517
msgid "sudo net ads join -k"
19945
20518
msgstr ""
19946
20519
19947
#: serverguide/C/network-auth.xml:4127(para)
20520
#: serverguide/C/network-auth.xml:4120(para)
19948
20521
msgid ""
19949
20522
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
19950
20523
"probably means that there is no (correct) alias in "
19954
20527
"\"Modify /etc/hosts\" above."
19955
20528
msgstr ""
19956
20529
19957
#: serverguide/C/network-auth.xml:4129(para)
20530
#: serverguide/C/network-auth.xml:4122(para)
19958
20531
msgid ""
19959
20532
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
19960
20533
"something is incorrect. Review the prior steps before proceeding)."
19961
20534
msgstr ""
19962
20535
19963
#: serverguide/C/network-auth.xml:4131(para)
20536
#: serverguide/C/network-auth.xml:4124(para)
19964
20537
msgid ""
19965
20538
"Here are a couple of (optional) checks to verify that the domain join was "
19966
20539
"successful. Note that if the domain was successfully joined but one or both "
19968
20541
"Some of the changes appear to be asynchronous."
19969
20542
msgstr ""
19970
20543
19971
#: serverguide/C/network-auth.xml:4133(para)
20544
#: serverguide/C/network-auth.xml:4126(para)
19972
20545
msgid "Verification option #1:"
19973
20546
msgstr ""
19974
20547
19975
#: serverguide/C/network-auth.xml:4134(para)
20548
#: serverguide/C/network-auth.xml:4127(para)
19976
20549
msgid ""
19977
20550
"Check the default Organizational Unit for computer accounts in the Active "
19978
20551
"Directory to verify that the computer account was created. (Organizational "
19979
20552
"Units in Active Directory is a topic outside the scope of this guide)."
19980
20553
msgstr ""
19981
20554
19982
#: serverguide/C/network-auth.xml:4136(para)
20555
#: serverguide/C/network-auth.xml:4129(para)
19983
20556
msgid "Verification option #2"
19984
20557
msgstr ""
19985
20558
19986
#: serverguide/C/network-auth.xml:4137(para)
20559
#: serverguide/C/network-auth.xml:4130(para)
19987
20560
msgid "Execute this command for a specific AD user (e.g. administrator)"
19988
20561
msgstr ""
19989
20562
19990
#: serverguide/C/network-auth.xml:4138(command)
20563
#: serverguide/C/network-auth.xml:4131(command)
19991
20564
msgid "getent passwd username"
19992
20565
msgstr ""
19993
20566
19994
#: serverguide/C/network-auth.xml:4140(para)
20567
#: serverguide/C/network-auth.xml:4133(para)
19995
20568
msgid ""
19996
20569
"If <emphasis>enumerate = true</emphasis> is set in "
19997
20570
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
19999
20572
"testing, but is slow and not recommended for production."
20000
20573
msgstr ""
20001
20574
20002
#: serverguide/C/network-auth.xml:4144(title)
20575
#: serverguide/C/network-auth.xml:4137(title)
20003
20576
msgid "Test Authentication"
20004
20577
msgstr ""
20005
20578
20006
#: serverguide/C/network-auth.xml:4145(para)
20579
#: serverguide/C/network-auth.xml:4138(para)
20007
20580
msgid ""
20008
20581
"It should now be possible to authenticate using an Active Directory User's "
20009
20582
"credentials:"
20010
20583
msgstr ""
20011
20584
20012
#: serverguide/C/network-auth.xml:4147(command)
20585
#: serverguide/C/network-auth.xml:4140(command)
20013
20586
msgid "su - username"
20014
20587
msgstr ""
20015
20588
20016
#: serverguide/C/network-auth.xml:4149(para)
20589
#: serverguide/C/network-auth.xml:4142(para)
20017
20590
msgid ""
20018
20591
"If this works, then other login methods (getty, ssh) should also work."
20019
20592
msgstr ""
20020
20593
20021
#: serverguide/C/network-auth.xml:4151(para)
20594
#: serverguide/C/network-auth.xml:4144(para)
20022
20595
msgid ""
20023
20596
"If the computer account was created, indicating that the system was "
20024
20597
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
20027
20600
"earlier in this guide."
20028
20601
msgstr ""
20029
20602
20030
#: serverguide/C/network-auth.xml:4155(title)
20603
#: serverguide/C/network-auth.xml:4148(title)
20031
20604
msgid "Home directories with pam_mkhomedir (optional)"
20032
20605
msgstr ""
20033
20606
20034
#: serverguide/C/network-auth.xml:4156(para)
20607
#: serverguide/C/network-auth.xml:4149(para)
20035
20608
msgid ""
20036
20609
"When logging in using an Active Directory user account, it is likely that "
20037
20610
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
20040
20613
"after <emphasis>session required pam_unix.so:</emphasis>"
20041
20614
msgstr ""
20042
20615
20043
#: serverguide/C/network-auth.xml:4157(programlisting)
20616
#: serverguide/C/network-auth.xml:4150(programlisting)
20044
20617
#, no-wrap
20045
20618
msgid ""
20046
20619
"\n"
20047
20620
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
20048
20621
msgstr ""
20049
20622
20050
#: serverguide/C/network-auth.xml:4161(para)
20623
#: serverguide/C/network-auth.xml:4154(para)
20051
20624
msgid ""
20052
20625
"This may also need <emphasis>override_homedir</emphasis> in "
20053
20626
"<filename>sssd.conf</filename> to function correctly, so make sure that's "
20054
20627
"set."
20055
20628
msgstr ""
20056
20629
20057
#: serverguide/C/network-auth.xml:4165(title)
20630
#: serverguide/C/network-auth.xml:4158(title)
20058
20631
msgid "Desktop Ubuntu Authentication"
20059
20632
msgstr ""
20060
20633
20061
#: serverguide/C/network-auth.xml:4166(para)
20634
#: serverguide/C/network-auth.xml:4159(para)
20062
20635
msgid ""
20063
20636
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
20064
20637
"Directory accounts. The AD accounts will not show up in the pick list with "
20067
20640
"append the following two lines:"
20068
20641
msgstr ""
20069
20642
20070
#: serverguide/C/network-auth.xml:4168(programlisting)
20643
#: serverguide/C/network-auth.xml:4161(programlisting)
20071
20644
#, no-wrap
20072
20645
msgid ""
20073
20646
"\n"
20075
20648
"greeter-hide-users=true\n"
20076
20649
msgstr ""
20077
20650
20078
#: serverguide/C/network-auth.xml:4173(para)
20651
#: serverguide/C/network-auth.xml:4166(para)
20079
20652
msgid ""
20080
20653
"Reboot to restart lightdm. It should now be possible to log in using a "
20081
20654
"domain account using either <emphasis>username</emphasis> or "
20082
20655
"<emphasis>username/username@domain</emphasis> format."
20083
20656
msgstr ""
20084
20657
20085
#: serverguide/C/network-auth.xml:4179(ulink)
20658
#: serverguide/C/network-auth.xml:4172(ulink)
20086
20659
msgid "SSSD Project"
20087
20660
msgstr ""
20088
20661
20089
#: serverguide/C/network-auth.xml:4180(ulink)
20662
#: serverguide/C/network-auth.xml:4173(ulink)
20090
20663
msgid "DNS Server Configuration guidelines"
20091
20664
msgstr ""
20092
20665
20093
#: serverguide/C/network-auth.xml:4181(ulink)
20666
#: serverguide/C/network-auth.xml:4174(ulink)
20094
20667
msgid "Active Directory DNS Zone Entries"
20095
20668
msgstr ""
20096
20669
20097
#: serverguide/C/network-auth.xml:4182(ulink)
20670
#: serverguide/C/network-auth.xml:4175(ulink)
20098
20671
msgid "Kerberos config options"
20099
20672
msgstr ""
20100
20673
21664
22237
#: serverguide/C/mail.xml:249(para)
21665
22238
msgid ""
21666
22239
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
21667
"enable Dovecot SASL the <application>dovecot-common</application> package "
21668
"will need to be installed. From a terminal prompt enter the following:"
22240
"enable Dovecot SASL the <application>dovecot-core</application> package will "
22241
"need to be installed. From a terminal prompt enter the following:"
21669
22242
msgstr ""
21670
22243
21671
22244
#: serverguide/C/mail.xml:255(command)
21672
msgid "sudo apt install dovecot-common"
22245
msgid "sudo apt install dovecot-core"
21673
22246
msgstr ""
21674
22247
21675
22248
#: serverguide/C/mail.xml:257(para)
23877
24450
msgstr ""
23878
24451
23879
24452
#: serverguide/C/lamp-applications.xml:278(title)
23880
msgid "MediaWiki"
24453
msgid "phpMyAdmin"
23881
24454
msgstr ""
23882
24455
23883
24456
#: serverguide/C/lamp-applications.xml:280(para)
23884
24457
msgid ""
23885
"MediaWiki is an web based Wiki software written in the PHP language. It can "
23886
"either use <application>MySQL</application> or "
23887
"<application>PostgreSQL</application> Database Management System."
23888
msgstr ""
23889
23890
#: serverguide/C/lamp-applications.xml:290(para)
23891
msgid ""
23892
"Before installing <application>MediaWiki</application> you should also "
23893
"install <application>Apache2</application>, the "
23894
"<application>PHP</application> scripting language and a Database Management "
23895
"System. <application>MySQL</application> or "
23896
"<application>PostgreSQL</application> are the most common, choose one "
23897
"depending on your need. Please refer to those sections in this manual for "
23898
"installation instructions."
23899
msgstr ""
23900
23901
#: serverguide/C/lamp-applications.xml:298(para)
23902
msgid ""
23903
"To install <application>MediaWiki</application>, run the following command "
23904
"in the command prompt:"
23905
msgstr ""
23906
23907
#: serverguide/C/lamp-applications.xml:304(command)
23908
msgid "sudo apt install mediawiki php-gd"
23909
msgstr ""
23910
23911
#: serverguide/C/lamp-applications.xml:307(para)
23912
msgid ""
23913
"For additional <application>MediaWiki</application> functionality see the "
23914
"<application>mediawiki-extensions</application> package."
23915
msgstr ""
23916
23917
#: serverguide/C/lamp-applications.xml:317(para)
23918
msgid ""
23919
"The Apache configuration file <filename>mediawiki.conf</filename> for "
23920
"<application>MediaWiki</application> is installed in "
23921
"<filename>/etc/apache2/conf-available/</filename> directory. To access "
23922
"<application>MediaWiki</application>, uncomment the following line in the "
23923
"file."
23924
msgstr ""
23925
23926
#: serverguide/C/lamp-applications.xml:324(screen)
23927
#, no-wrap
23928
msgid ""
23929
"\n"
23930
"# Alias /mediawiki /var/lib/mediawiki\n"
23931
msgstr ""
23932
23933
#: serverguide/C/lamp-applications.xml:328(para)
23934
msgid ""
23935
"The <application>MediaWiki</application> configuration also needs to be "
23936
"enabled."
23937
msgstr ""
23938
23939
#: serverguide/C/lamp-applications.xml:332(command)
23940
msgid "sudo a2enconf mediawiki.conf"
23941
msgstr ""
23942
23943
#: serverguide/C/lamp-applications.xml:335(para)
23944
msgid "Restart Apache server."
23945
msgstr ""
23946
23947
#: serverguide/C/lamp-applications.xml:342(para)
23948
msgid ""
23949
"Access <application>MediaWiki</application> by visiting <ulink "
23950
"url=\"http://localhost/mediawiki/mw-"
23951
"config/index.php\">http://localhost/mediawiki/mw-config/index.php</ulink>. "
23952
"(Or <ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23953
"config/index.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23954
"config/index.php</ulink> if your server has no GUI.)"
23955
msgstr ""
23956
23957
#: serverguide/C/lamp-applications.xml:350(para)
23958
msgid ""
23959
"Please read the <quote>Environmental checks</quote> section of the "
23960
"configuration page. You should be able to fix many issues by carefully "
23961
"reading this section."
23962
msgstr ""
23963
23964
#: serverguide/C/lamp-applications.xml:357(para)
23965
msgid ""
23966
"Once the configuration is complete, you should copy the "
23967
"<filename>LocalSettings.php</filename> file to "
23968
"<filename>/etc/mediawiki</filename> directory:"
23969
msgstr ""
23970
23971
#: serverguide/C/lamp-applications.xml:364(command)
23972
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
23973
msgstr ""
23974
23975
#: serverguide/C/lamp-applications.xml:367(para)
23976
msgid ""
23977
"You may also want to edit "
23978
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
23979
"memory limit (disabled by default):"
23980
msgstr ""
23981
23982
#: serverguide/C/lamp-applications.xml:372(programlisting)
23983
#, no-wrap
23984
msgid ""
23985
"\n"
23986
"ini_set( 'memory_limit', '64M' );\n"
23987
msgstr ""
23988
23989
#: serverguide/C/lamp-applications.xml:379(title)
23990
msgid "Extensions"
23991
msgstr ""
23992
23993
#: serverguide/C/lamp-applications.xml:380(para)
23994
msgid ""
23995
"The extensions add new features and enhancements for the MediaWiki "
23996
"application. The extensions give wiki administrators and end users the "
23997
"ability to customize MediaWiki to their requirements."
23998
msgstr ""
23999
24000
#: serverguide/C/lamp-applications.xml:386(para)
24001
msgid ""
24002
"You can download MediaWiki extensions as an archive file or checkout from "
24003
"the Subversion repository. You should copy it to "
24004
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
24005
"also add the following line at the end of file: "
24006
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
24007
msgstr ""
24008
24009
#: serverguide/C/lamp-applications.xml:394(programlisting)
24010
#, no-wrap
24011
msgid ""
24012
"\n"
24013
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
24014
msgstr ""
24015
24016
#: serverguide/C/lamp-applications.xml:404(para)
24017
msgid ""
24018
"For more details, please refer to the <ulink "
24019
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
24020
msgstr ""
24021
24022
#: serverguide/C/lamp-applications.xml:410(para)
24023
msgid ""
24024
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
24025
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
24026
"new MediaWiki administrators."
24027
msgstr ""
24028
24029
#: serverguide/C/lamp-applications.xml:416(para)
24030
msgid ""
24031
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
24032
"Wiki MediaWiki</ulink> page is a good resource."
24033
msgstr ""
24034
24035
#: serverguide/C/lamp-applications.xml:426(title)
24036
msgid "phpMyAdmin"
24037
msgstr ""
24038
24039
#: serverguide/C/lamp-applications.xml:428(para)
24040
msgid ""
24041
24458
"<application>phpMyAdmin</application> is a LAMP application specifically "
24042
24459
"written for administering <application>MySQL</application> servers. Written "
24043
24460
"in <application>PHP</application>, and accessed through a web browser, "
24044
24461
"phpMyAdmin provides a graphical interface for database administration tasks."
24045
24462
msgstr ""
24046
24463
24047
#: serverguide/C/lamp-applications.xml:437(para)
24464
#: serverguide/C/lamp-applications.xml:289(para)
24048
24465
msgid ""
24049
24466
"Before installing <application>phpMyAdmin</application> you will need access "
24050
24467
"to a <application>MySQL</application> database either on the same host as "
24053
24470
"enter:"
24054
24471
msgstr ""
24055
24472
24056
#: serverguide/C/lamp-applications.xml:444(command)
24473
#: serverguide/C/lamp-applications.xml:296(command)
24057
24474
msgid "sudo apt install phpmyadmin"
24058
24475
msgstr ""
24059
24476
24060
#: serverguide/C/lamp-applications.xml:447(para)
24477
#: serverguide/C/lamp-applications.xml:299(para)
24061
24478
msgid ""
24062
24479
"At the prompt choose which web server to be configured for "
24063
24480
"<application>phpMyAdmin</application>. The rest of this section will use "
24064
24481
"<application>Apache2</application> for the web server."
24065
24482
msgstr ""
24066
24483
24067
#: serverguide/C/lamp-applications.xml:452(para)
24484
#: serverguide/C/lamp-applications.xml:304(para)
24068
24485
msgid ""
24069
24486
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
24070
24487
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
24074
24491
"user's password."
24075
24492
msgstr ""
24076
24493
24077
#: serverguide/C/lamp-applications.xml:459(para)
24494
#: serverguide/C/lamp-applications.xml:311(para)
24078
24495
msgid ""
24079
24496
"Once logged in you can reset the <emphasis>root</emphasis> password if "
24080
24497
"needed, create users, create/destroy databases and tables, etc."
24081
24498
msgstr ""
24082
24499
24083
#: serverguide/C/lamp-applications.xml:467(para)
24500
#: serverguide/C/lamp-applications.xml:319(para)
24084
24501
msgid ""
24085
24502
"The configuration files for <application>phpMyAdmin</application> are "
24086
24503
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
24089
24506
"<application>phpMyAdmin</application>."
24090
24507
msgstr ""
24091
24508
24092
#: serverguide/C/lamp-applications.xml:473(para)
24509
#: serverguide/C/lamp-applications.xml:325(para)
24093
24510
msgid ""
24094
24511
"To use <application>phpMyAdmin</application> to administer a MySQL database "
24095
24512
"hosted on another server, adjust the following in "
24096
24513
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
24097
24514
msgstr ""
24098
24515
24099
#: serverguide/C/lamp-applications.xml:478(programlisting)
24516
#: serverguide/C/lamp-applications.xml:330(programlisting)
24100
24517
#, no-wrap
24101
24518
msgid ""
24102
24519
"\n"
24103
24520
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
24104
24521
msgstr ""
24105
24522
24106
#: serverguide/C/lamp-applications.xml:483(para)
24523
#: serverguide/C/lamp-applications.xml:335(para)
24107
24524
msgid ""
24108
24525
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
24109
24526
"remote database server name or IP address. Also, be sure that the "
24111
24528
"remote database."
24112
24529
msgstr ""
24113
24530
24114
#: serverguide/C/lamp-applications.xml:489(para)
24531
#: serverguide/C/lamp-applications.xml:341(para)
24115
24532
msgid ""
24116
24533
"Once configured, log out of <application>phpMyAdmin</application> and back "
24117
24534
"in, and you should be accessing the new server."
24118
24535
msgstr ""
24119
24536
24120
#: serverguide/C/lamp-applications.xml:493(para)
24537
#: serverguide/C/lamp-applications.xml:345(para)
24121
24538
msgid ""
24122
24539
"The <filename>config.header.inc.php</filename> and "
24123
24540
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
24124
24541
"header and footer to <application>phpMyAdmin</application>."
24125
24542
msgstr ""
24126
24543
24127
#: serverguide/C/lamp-applications.xml:498(para)
24544
#: serverguide/C/lamp-applications.xml:350(para)
24128
24545
msgid ""
24129
24546
"Another important configuration file is "
24130
24547
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
24135
24552
"a terminal type:"
24136
24553
msgstr ""
24137
24554
24138
#: serverguide/C/lamp-applications.xml:506(command)
24555
#: serverguide/C/lamp-applications.xml:358(command)
24139
24556
msgid ""
24140
24557
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
24141
24558
"available/phpmyadmin.conf"
24142
24559
msgstr ""
24143
24560
24144
#: serverguide/C/lamp-applications.xml:507(command)
24561
#: serverguide/C/lamp-applications.xml:359(command)
24145
24562
msgid "sudo a2enconf phpmyadmin.conf"
24146
24563
msgstr ""
24147
24564
24148
#: serverguide/C/lamp-applications.xml:511(para)
24565
#: serverguide/C/lamp-applications.xml:363(para)
24149
24566
msgid ""
24150
24567
"For more information on configuring <application>Apache2</application> see "
24151
24568
"<xref linkend=\"httpd\"/>."
24152
24569
msgstr ""
24153
24570
24154
#: serverguide/C/lamp-applications.xml:522(para)
24571
#: serverguide/C/lamp-applications.xml:374(para)
24155
24572
msgid ""
24156
24573
"The <application>phpMyAdmin</application> documentation comes installed with "
24157
24574
"the package and can be accessed from the <emphasis>phpMyAdmin "
24160
24577
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
24161
24578
msgstr ""
24162
24579
24163
#: serverguide/C/lamp-applications.xml:529(para)
24580
#: serverguide/C/lamp-applications.xml:381(para)
24164
24581
msgid ""
24165
24582
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
24166
24583
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
24167
24584
msgstr ""
24168
24585
24169
#: serverguide/C/lamp-applications.xml:534(para)
24586
#: serverguide/C/lamp-applications.xml:386(para)
24170
24587
msgid ""
24171
24588
"A third resource is the <ulink "
24172
24589
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
24173
24590
"Wiki</ulink> page."
24174
24591
msgstr ""
24175
24592
24176
#: serverguide/C/lamp-applications.xml:543(title)
24593
#: serverguide/C/lamp-applications.xml:395(title)
24177
24594
msgid "WordPress"
24178
24595
msgstr ""
24179
24596
24180
#: serverguide/C/lamp-applications.xml:544(para)
24597
#: serverguide/C/lamp-applications.xml:396(para)
24181
24598
msgid ""
24182
24599
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
24183
24600
"licensed under the GNU GPLv2."
24184
24601
msgstr ""
24185
24602
24186
#: serverguide/C/lamp-applications.xml:550(para)
24603
#: serverguide/C/lamp-applications.xml:402(para)
24187
24604
msgid ""
24188
24605
"To install <application>WordPress</application>, run the following comand in "
24189
24606
"the command prompt:"
24190
24607
msgstr ""
24191
24608
24192
#: serverguide/C/lamp-applications.xml:555(command)
24609
#: serverguide/C/lamp-applications.xml:407(command)
24193
24610
msgid "sudo apt install wordpress"
24194
24611
msgstr ""
24195
24612
24196
#: serverguide/C/lamp-applications.xml:558(para)
24613
#: serverguide/C/lamp-applications.xml:410(para)
24197
24614
msgid ""
24198
24615
"You should also install <application>apache2</application> web server and "
24199
24616
"<application>mysql</application> server. For installing "
24204
24621
"linkend=\"mysql\"/> section."
24205
24622
msgstr ""
24206
24623
24207
#: serverguide/C/lamp-applications.xml:572(para)
24624
#: serverguide/C/lamp-applications.xml:424(para)
24208
24625
msgid ""
24209
24626
"For configuring your first <application>WordPress</application> application, "
24210
24627
"configure an apache site. Open <filename>/etc/apache2/sites-"
24211
24628
"available/wordpress.conf</filename> and write the following lines:"
24212
24629
msgstr ""
24213
24630
24214
#: serverguide/C/lamp-applications.xml:579(programlisting)
24631
#: serverguide/C/lamp-applications.xml:431(programlisting)
24215
24632
#, no-wrap
24216
24633
msgid ""
24217
24634
"\n"
24231
24648
" "
24232
24649
msgstr ""
24233
24650
24234
#: serverguide/C/lamp-applications.xml:595(para)
24651
#: serverguide/C/lamp-applications.xml:447(para)
24235
24652
msgid "Enable this new <application>WordPress</application> site"
24236
24653
msgstr ""
24237
24654
24238
#: serverguide/C/lamp-applications.xml:598(command)
24655
#: serverguide/C/lamp-applications.xml:450(command)
24239
24656
msgid "sudo a2ensite wordpress"
24240
24657
msgstr ""
24241
24658
24242
#: serverguide/C/lamp-applications.xml:601(para)
24659
#: serverguide/C/lamp-applications.xml:453(para)
24243
24660
msgid ""
24244
24661
"Once you configure the <application>apache2</application> web server and "
24245
24662
"make it ready for your <application>WordPress</application> application, you "
24247
24664
"<application>apache2</application> web server:"
24248
24665
msgstr ""
24249
24666
24250
#: serverguide/C/lamp-applications.xml:613(para)
24667
#: serverguide/C/lamp-applications.xml:465(para)
24251
24668
msgid ""
24252
24669
"To facilitate multiple <application>WordPress</application> installations, "
24253
24670
"the name of this configuration file is based on the Host header of the HTTP "
24260
24677
"NAME_OF_YOUR_VIRTUAL_HOST.php."
24261
24678
msgstr ""
24262
24679
24263
#: serverguide/C/lamp-applications.xml:624(para)
24680
#: serverguide/C/lamp-applications.xml:476(para)
24264
24681
msgid ""
24265
24682
"Once the configuration file is written, it is up to you to choose a "
24266
24683
"convention for username and password to mysql for each "
24268
24685
"shows only one, localhost, example."
24269
24686
msgstr ""
24270
24687
24271
#: serverguide/C/lamp-applications.xml:631(para)
24688
#: serverguide/C/lamp-applications.xml:483(para)
24272
24689
msgid ""
24273
24690
"Now configure <application>WordPress</application> to use a mysql database. "
24274
24691
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
24275
24692
"the following lines:"
24276
24693
msgstr ""
24277
24694
24278
#: serverguide/C/lamp-applications.xml:637(programlisting)
24695
#: serverguide/C/lamp-applications.xml:489(programlisting)
24279
24696
#, no-wrap
24280
24697
msgid ""
24281
24698
"\n"
24288
24705
"?>\n"
24289
24706
msgstr ""
24290
24707
24291
#: serverguide/C/lamp-applications.xml:646(para)
24708
#: serverguide/C/lamp-applications.xml:498(para)
24292
24709
msgid ""
24293
24710
"Now create this mysql database. Open a temporary file with mysql commands "
24294
24711
"<filename>wordpress.sql</filename> and write the following lines:"
24295
24712
msgstr ""
24296
24713
24297
#: serverguide/C/lamp-applications.xml:649(programlisting)
24714
#: serverguide/C/lamp-applications.xml:501(programlisting)
24298
24715
#, no-wrap
24299
24716
msgid ""
24300
24717
"\n"
24306
24723
"FLUSH PRIVILEGES;\n"
24307
24724
msgstr ""
24308
24725
24309
#: serverguide/C/lamp-applications.xml:657(para)
24726
#: serverguide/C/lamp-applications.xml:509(para)
24310
24727
msgid "Execute these commands."
24311
24728
msgstr ""
24312
24729
24313
#: serverguide/C/lamp-applications.xml:659(command)
24730
#: serverguide/C/lamp-applications.xml:511(command)
24314
24731
msgid ""
24315
24732
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
24316
24733
msgstr ""
24317
24734
24318
#: serverguide/C/lamp-applications.xml:661(para)
24735
#: serverguide/C/lamp-applications.xml:513(para)
24319
24736
msgid ""
24320
24737
"Your new <application>WordPress</application> can now be configured by "
24321
24738
"visiting <ulink url=\"http://localhost/blog/wp-"
24328
24745
"mail and click Install WordPress."
24329
24746
msgstr ""
24330
24747
24331
#: serverguide/C/lamp-applications.xml:668(para)
24748
#: serverguide/C/lamp-applications.xml:520(para)
24332
24749
msgid ""
24333
24750
"Note the generated password (if applicable) and click the login password. "
24334
24751
"Your <application>WordPress</application> is now ready for use."
24335
24752
msgstr ""
24336
24753
24337
#: serverguide/C/lamp-applications.xml:678(ulink)
24754
#: serverguide/C/lamp-applications.xml:530(ulink)
24338
24755
msgid "WordPress.org Codex"
24339
24756
msgstr ""
24340
24757
24341
#: serverguide/C/lamp-applications.xml:683(ulink)
24758
#: serverguide/C/lamp-applications.xml:535(ulink)
24342
24759
msgid "Ubuntu Wiki WordPress"
24343
24760
msgstr ""
24344
24761
30754
31171
msgstr ""
30755
31172
30756
31173
#: serverguide/C/clustering.xml:135(command)
30757
msgid "sudo systemctl start drdb.service"
31174
msgid "sudo systemctl start drbd.service"
30758
31175
msgstr ""
30759
31176
30760
31177
#: serverguide/C/clustering.xml:141(para)
32501
32918
#~ msgid "sudo apt-get install samba"
32502
32919
#~ msgstr "sudo apt-get install samba"
32503
32920
32921
#~ msgid ""
32922
#~ "The main Samba configuration file is located in "
32923
#~ "<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
32924
#~ "a significant amount of comments in order to document various configuration "
32925
#~ "directives."
32926
#~ msgstr ""
32927
#~ "Samba的主要配置文件在<filename>/etc/samba/smb.conf</filename>中。默认的配置文件中包括了大量的说明来说明不同的"
32928
#~ "配置指令。"
32929
32504
32930
#~ msgid "sudo apt-get install libpam-smbpass"
32505
32931
#~ msgstr "sudo apt-get install libpam-smbpass"
32506
32932
Loggerhead is a web-based interface for Breezy
Version: 2.0.1