~ahasenack/serverguide/use-sasl-external-for-config-changes-973981
» Revision
308
: serverguide/po/en_CA.po
« back to all changes in this revision
Viewing changes to serverguide/po/en_CA.po
- browse files at revision 308
- compare with another revision
- download diff
- download tarball
- view history from revision 308
- Committer: Doug Smythies
- Date: 2016-12-22 00:01:42 UTC
- Revision ID: dsmythies@telus.net-20161222000142-x81lfy023vauvtbh
update PO files. Serverguide 16.04 point release.
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/en_CA.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2016-05-13 09:11-0700\n"
10
"POT-Creation-Date: 2016-12-06 21:37-0800\n"
11
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: English (Canada) <en_CA@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2016-05-13 21:10+0000\n"
18
"X-Generator: Launchpad (build 18025)\n"
17
"X-Launchpad-Export-Date: 2016-12-21 23:30+0000\n"
18
"X-Generator: Launchpad (build 18298)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
102
102
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
103
103
"for the development and deployment of Web-based applications."
104
104
105
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:980(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:838(title) serverguide/C/virtualization.xml:1697(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2798(title) serverguide/C/network-auth.xml:3270(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:288(title) serverguide/C/lamp-applications.xml:435(title) serverguide/C/lamp-applications.xml:549(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
105
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:991(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:906(title) serverguide/C/virtualization.xml:1765(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2791(title) serverguide/C/network-auth.xml:3263(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:401(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
106
106
msgid "Installation"
107
107
msgstr "Installation"
108
108
120
120
msgid "sudo apt install apache2"
121
121
msgstr ""
122
122
123
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1007(title) serverguide/C/web-servers.xml:1110(title) serverguide/C/virtualization.xml:869(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2885(title) serverguide/C/network-auth.xml:3291(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:315(title) serverguide/C/lamp-applications.xml:465(title) serverguide/C/lamp-applications.xml:570(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
123
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1018(title) serverguide/C/web-servers.xml:1121(title) serverguide/C/virtualization.xml:937(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2878(title) serverguide/C/network-auth.xml:3284(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:317(title) serverguide/C/lamp-applications.xml:422(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
124
124
msgid "Configuration"
125
125
msgstr "Configuration"
126
126
375
375
msgid "sudo a2ensite mynewsite"
376
376
msgstr ""
377
377
378
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
378
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:462(command)
379
379
msgid "sudo systemctl restart apache2.service"
380
380
msgstr ""
381
381
766
766
"Access Control Lists (ACLs)."
767
767
msgstr ""
768
768
769
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:962(title) serverguide/C/web-servers.xml:1057(title) serverguide/C/web-servers.xml:1282(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
769
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:973(title) serverguide/C/web-servers.xml:1068(title) serverguide/C/web-servers.xml:1293(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:370(title) serverguide/C/lamp-applications.xml:525(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
770
770
msgid "References"
771
771
msgstr "References"
772
772
989
989
msgstr ""
990
990
991
991
#: serverguide/C/web-servers.xml:863(command)
992
msgid "sudo apt install squid3"
992
msgid "sudo apt install squid"
993
993
msgstr ""
994
994
995
995
#: serverguide/C/web-servers.xml:869(para)
996
996
msgid ""
997
997
"Squid is configured by editing the directives contained within the "
998
"<filename>/etc/squid3/squid.conf</filename> configuration file. The "
999
"following examples illustrate some of the directives which may be modified "
1000
"to affect the behavior of the Squid server. For more in-depth configuration "
1001
"of Squid, see the References section."
998
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
999
"examples illustrate some of the directives which may be modified to affect "
1000
"the behavior of the Squid server. For more in-depth configuration of Squid, "
1001
"see the References section."
1002
1002
msgstr ""
1003
1003
1004
1004
#: serverguide/C/web-servers.xml:875(para)
1010
1010
msgstr ""
1011
1011
1012
1012
#: serverguide/C/web-servers.xml:881(command)
1013
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
1013
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
1014
1014
msgstr ""
1015
1015
1016
1016
#: serverguide/C/web-servers.xml:882(command)
1017
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
1017
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
1018
1018
msgstr ""
1019
1019
1020
1020
#: serverguide/C/web-servers.xml:889(para)
1055
1055
#: serverguide/C/web-servers.xml:912(para) serverguide/C/web-servers.xml:932(para)
1056
1056
msgid ""
1057
1057
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1058
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1058
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
1059
1059
msgstr ""
1060
1060
1061
1061
#: serverguide/C/web-servers.xml:915(programlisting)
1068
1068
#: serverguide/C/web-servers.xml:918(para) serverguide/C/web-servers.xml:939(para)
1069
1069
msgid ""
1070
1070
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1071
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1071
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
1072
1072
msgstr ""
1073
1073
1074
1074
#: serverguide/C/web-servers.xml:922(programlisting)
1104
1104
1105
1105
#: serverguide/C/web-servers.xml:950(para)
1106
1106
msgid ""
1107
"After making changes to the <filename>/etc/squid3/squid.conf</filename> "
1108
"file, save the file and restart the <application>squid</application> server "
1107
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
1108
"save the file and restart the <application>squid</application> server "
1109
1109
"application to effect the changes using the following command entered at a "
1110
1110
"terminal prompt:"
1111
1111
msgstr ""
1112
1112
1113
1113
#: serverguide/C/web-servers.xml:956(command)
1114
msgid "sudo systemctl restart squid3.service"
1115
msgstr ""
1116
1117
#: serverguide/C/web-servers.xml:964(ulink)
1114
msgid "sudo systemctl restart squid.service"
1115
msgstr ""
1116
1117
#: serverguide/C/web-servers.xml:961(para)
1118
msgid ""
1119
"If formerly a customized squid3 was used that set up the spool at "
1120
"<filename>/var/log/squid3</filename> to be a mountpoint, but otherwise kept "
1121
"the default configuration the upgrade will fail. The upgrade tries to "
1122
"rename/move files as needed, but it can't do so for an active mountpoint. In "
1123
"that case please either adapt the mountpoint or the config in "
1124
"<filename>/etc/squid/squid.conf</filename> so that they match."
1125
msgstr ""
1126
1127
#: serverguide/C/web-servers.xml:966(para)
1128
msgid ""
1129
"The same applies if the <emphasis role=\"bold\">include</emphasis> config "
1130
"statement was used to pull in more files from the old path at "
1131
"<filename>/etc/squid3/</filename>. In those cases you should move and adapt "
1132
"your configuration accordingly."
1133
msgstr ""
1134
1135
#: serverguide/C/web-servers.xml:975(ulink)
1118
1136
msgid "Squid Website"
1119
1137
msgstr ""
1120
1138
1121
#: serverguide/C/web-servers.xml:966(para)
1139
#: serverguide/C/web-servers.xml:977(para)
1122
1140
msgid ""
1123
1141
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1124
1142
"Squid</ulink> page."
1125
1143
msgstr ""
1126
1144
1127
#: serverguide/C/web-servers.xml:973(title)
1145
#: serverguide/C/web-servers.xml:984(title)
1128
1146
msgid "Ruby on Rails"
1129
1147
msgstr ""
1130
1148
1131
#: serverguide/C/web-servers.xml:974(para)
1149
#: serverguide/C/web-servers.xml:985(para)
1132
1150
msgid ""
1133
1151
"Ruby on Rails is an open source web framework for developing database backed "
1134
1152
"web applications. It is optimized for sustainable productivity of the "
1136
1154
"convention over configuration."
1137
1155
msgstr ""
1138
1156
1139
#: serverguide/C/web-servers.xml:981(para)
1157
#: serverguide/C/web-servers.xml:992(para)
1140
1158
msgid ""
1141
1159
"Before installing <application>Rails</application> you should install "
1142
1160
"<application>Apache</application> and <application>MySQL</application>. To "
1145
1163
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1146
1164
msgstr ""
1147
1165
1148
#: serverguide/C/web-servers.xml:989(para)
1166
#: serverguide/C/web-servers.xml:1000(para)
1149
1167
msgid ""
1150
1168
"Once you have <application>Apache</application> and "
1151
1169
"<application>MySQL</application> packages installed, you are ready to "
1152
1170
"install <application>Ruby on Rails</application> package."
1153
1171
msgstr ""
1154
1172
1155
#: serverguide/C/web-servers.xml:996(para)
1173
#: serverguide/C/web-servers.xml:1007(para)
1156
1174
msgid ""
1157
1175
"To install the <application>Ruby</application> base packages and "
1158
1176
"<application>Ruby on Rails</application>, you can enter the following "
1159
1177
"command in the terminal prompt:"
1160
1178
msgstr ""
1161
1179
1162
#: serverguide/C/web-servers.xml:1002(command)
1180
#: serverguide/C/web-servers.xml:1013(command)
1163
1181
msgid "sudo apt install rails"
1164
1182
msgstr ""
1165
1183
1166
#: serverguide/C/web-servers.xml:1008(para)
1184
#: serverguide/C/web-servers.xml:1019(para)
1167
1185
msgid ""
1168
1186
"Modify the <filename>/etc/apache2/sites-available/000-"
1169
1187
"default.conf</filename> configuration file to setup your domains."
1170
1188
msgstr ""
1171
1189
1172
#: serverguide/C/web-servers.xml:1012(para)
1190
#: serverguide/C/web-servers.xml:1023(para)
1173
1191
msgid ""
1174
1192
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1175
1193
msgstr ""
1176
1194
1177
#: serverguide/C/web-servers.xml:1016(programlisting)
1195
#: serverguide/C/web-servers.xml:1027(programlisting)
1178
1196
#, no-wrap
1179
1197
msgid ""
1180
1198
"\n"
1181
1199
"DocumentRoot /path/to/rails/application/public\n"
1182
1200
msgstr ""
1183
1201
1184
#: serverguide/C/web-servers.xml:1019(para)
1202
#: serverguide/C/web-servers.xml:1030(para)
1185
1203
msgid ""
1186
1204
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1187
1205
"directive:"
1188
1206
msgstr ""
1189
1207
1190
#: serverguide/C/web-servers.xml:1023(programlisting)
1208
#: serverguide/C/web-servers.xml:1034(programlisting)
1191
1209
#, no-wrap
1192
1210
msgid ""
1193
1211
"\n"
1200
1218
"</Directory>\n"
1201
1219
msgstr ""
1202
1220
1203
#: serverguide/C/web-servers.xml:1033(para)
1221
#: serverguide/C/web-servers.xml:1044(para)
1204
1222
msgid ""
1205
1223
"You should also enable the <application>mod_rewrite</application> module for "
1206
1224
"Apache. To enable <application>mod_rewrite</application> module, please "
1207
1225
"enter the following command in a terminal prompt:"
1208
1226
msgstr ""
1209
1227
1210
#: serverguide/C/web-servers.xml:1039(command)
1228
#: serverguide/C/web-servers.xml:1050(command)
1211
1229
msgid "sudo a2enmod rewrite"
1212
1230
msgstr ""
1213
1231
1214
#: serverguide/C/web-servers.xml:1042(para)
1232
#: serverguide/C/web-servers.xml:1053(para)
1215
1233
msgid ""
1216
1234
"Finally you will need to change the ownership of the "
1217
1235
"<filename>/path/to/rails/application/public</filename> and "
1219
1237
"used to run the <application>Apache</application> process:"
1220
1238
msgstr ""
1221
1239
1222
#: serverguide/C/web-servers.xml:1048(command)
1240
#: serverguide/C/web-servers.xml:1059(command)
1223
1241
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1224
1242
msgstr ""
1225
1243
1226
#: serverguide/C/web-servers.xml:1049(command)
1244
#: serverguide/C/web-servers.xml:1060(command)
1227
1245
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1228
1246
msgstr ""
1229
1247
1230
#: serverguide/C/web-servers.xml:1052(para)
1248
#: serverguide/C/web-servers.xml:1063(para)
1231
1249
msgid ""
1232
1250
"That's it! Now you have your Server ready for your <application>Ruby on "
1233
1251
"Rails</application> applications."
1234
1252
msgstr ""
1235
1253
1236
#: serverguide/C/web-servers.xml:1061(para)
1254
#: serverguide/C/web-servers.xml:1072(para)
1237
1255
msgid ""
1238
1256
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1239
1257
"for more information."
1240
1258
msgstr ""
1241
1259
1242
#: serverguide/C/web-servers.xml:1066(para)
1260
#: serverguide/C/web-servers.xml:1077(para)
1243
1261
msgid ""
1244
1262
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1245
1263
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1246
1264
"resource."
1247
1265
msgstr ""
1248
1266
1249
#: serverguide/C/web-servers.xml:1072(para)
1267
#: serverguide/C/web-servers.xml:1083(para)
1250
1268
msgid ""
1251
1269
"Another place for more information is the <ulink "
1252
1270
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1253
1271
"Wiki</ulink> page."
1254
1272
msgstr ""
1255
1273
1256
#: serverguide/C/web-servers.xml:1083(title)
1274
#: serverguide/C/web-servers.xml:1094(title)
1257
1275
msgid "Apache Tomcat"
1258
1276
msgstr ""
1259
1277
1260
#: serverguide/C/web-servers.xml:1084(para)
1278
#: serverguide/C/web-servers.xml:1095(para)
1261
1279
msgid ""
1262
1280
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1263
1281
"JSP (Java Server Pages) web applications."
1264
1282
msgstr ""
1265
1283
1266
#: serverguide/C/web-servers.xml:1086(para)
1284
#: serverguide/C/web-servers.xml:1097(para)
1267
1285
msgid ""
1268
1286
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1269
1287
"legacy version, and Tomcat 7 is the current version where new features are "
1271
1289
"but most configuration details are valid for both versions."
1272
1290
msgstr ""
1273
1291
1274
#: serverguide/C/web-servers.xml:1089(para)
1292
#: serverguide/C/web-servers.xml:1100(para)
1275
1293
msgid ""
1276
1294
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1277
1295
"You can install them as a classic unique system-wide instance, that will be "
1282
1300
"need to test on their own private Tomcat instances."
1283
1301
msgstr ""
1284
1302
1285
#: serverguide/C/web-servers.xml:1099(title)
1303
#: serverguide/C/web-servers.xml:1110(title)
1286
1304
msgid "System-wide installation"
1287
1305
msgstr ""
1288
1306
1289
#: serverguide/C/web-servers.xml:1100(para)
1307
#: serverguide/C/web-servers.xml:1111(para)
1290
1308
msgid ""
1291
1309
"To install the Tomcat server, you can enter the following command in the "
1292
1310
"terminal prompt:"
1293
1311
msgstr ""
1294
1312
1295
#: serverguide/C/web-servers.xml:1103(command)
1313
#: serverguide/C/web-servers.xml:1114(command)
1296
1314
msgid "sudo apt install tomcat7"
1297
1315
msgstr ""
1298
1316
1299
#: serverguide/C/web-servers.xml:1105(para)
1317
#: serverguide/C/web-servers.xml:1116(para)
1300
1318
msgid ""
1301
1319
"This will install a Tomcat server with just a default ROOT webapp that "
1302
1320
"displays a minimal \"It works\" page by default."
1303
1321
msgstr ""
1304
1322
1305
#: serverguide/C/web-servers.xml:1111(para)
1323
#: serverguide/C/web-servers.xml:1122(para)
1306
1324
msgid ""
1307
1325
"Tomcat configuration files can be found in "
1308
1326
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1311
1329
"documentation</ulink> for more."
1312
1330
msgstr ""
1313
1331
1314
#: serverguide/C/web-servers.xml:1117(title)
1332
#: serverguide/C/web-servers.xml:1128(title)
1315
1333
msgid "Changing default ports"
1316
1334
msgstr ""
1317
1335
1318
#: serverguide/C/web-servers.xml:1118(para)
1336
#: serverguide/C/web-servers.xml:1129(para)
1319
1337
msgid ""
1320
1338
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1321
1339
"port 8009. You might want to change those default ports to avoid conflict "
1323
1341
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1324
1342
msgstr ""
1325
1343
1326
#: serverguide/C/web-servers.xml:1123(programlisting)
1344
#: serverguide/C/web-servers.xml:1134(programlisting)
1327
1345
#, no-wrap
1328
1346
msgid ""
1329
1347
"\n"
1335
1353
"/>\n"
1336
1354
msgstr ""
1337
1355
1338
#: serverguide/C/web-servers.xml:1132(title)
1356
#: serverguide/C/web-servers.xml:1143(title)
1339
1357
msgid "Changing JVM used"
1340
1358
msgstr ""
1341
1359
1342
#: serverguide/C/web-servers.xml:1133(para)
1360
#: serverguide/C/web-servers.xml:1144(para)
1343
1361
msgid ""
1344
1362
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1345
1363
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1346
1364
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1347
1365
msgstr ""
1348
1366
1349
#: serverguide/C/web-servers.xml:1137(programlisting)
1367
#: serverguide/C/web-servers.xml:1148(programlisting)
1350
1368
#, no-wrap
1351
1369
msgid ""
1352
1370
"\n"
1353
1371
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1354
1372
msgstr ""
1355
1373
1356
#: serverguide/C/web-servers.xml:1142(title)
1374
#: serverguide/C/web-servers.xml:1153(title)
1357
1375
msgid "Declaring users and roles"
1358
1376
msgstr ""
1359
1377
1360
#: serverguide/C/web-servers.xml:1143(para)
1378
#: serverguide/C/web-servers.xml:1154(para)
1361
1379
msgid ""
1362
1380
"Usernames, passwords and roles (groups) can be defined centrally in a "
1363
1381
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1364
1382
"users.xml</filename> file:"
1365
1383
msgstr ""
1366
1384
1367
#: serverguide/C/web-servers.xml:1146(programlisting)
1385
#: serverguide/C/web-servers.xml:1157(programlisting)
1368
1386
#, no-wrap
1369
1387
msgid ""
1370
1388
"\n"
1372
1390
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1373
1391
msgstr ""
1374
1392
1375
#: serverguide/C/web-servers.xml:1154(title)
1393
#: serverguide/C/web-servers.xml:1165(title)
1376
1394
msgid "Using Tomcat standard webapps"
1377
1395
msgstr ""
1378
1396
1379
#: serverguide/C/web-servers.xml:1155(para)
1397
#: serverguide/C/web-servers.xml:1166(para)
1380
1398
msgid ""
1381
1399
"Tomcat is shipped with webapps that you can install for documentation, "
1382
1400
"administration or demo purposes."
1383
1401
msgstr ""
1384
1402
1385
#: serverguide/C/web-servers.xml:1158(title)
1403
#: serverguide/C/web-servers.xml:1169(title)
1386
1404
msgid "Tomcat documentation"
1387
1405
msgstr ""
1388
1406
1389
#: serverguide/C/web-servers.xml:1159(para)
1407
#: serverguide/C/web-servers.xml:1170(para)
1390
1408
msgid ""
1391
1409
"The <application>tomcat7-docs</application> package contains Tomcat "
1392
1410
"documentation, packaged as a webapp that you can access by default at "
1394
1412
"command in the terminal prompt:"
1395
1413
msgstr ""
1396
1414
1397
#: serverguide/C/web-servers.xml:1164(command)
1415
#: serverguide/C/web-servers.xml:1175(command)
1398
1416
msgid "sudo apt install tomcat7-docs"
1399
1417
msgstr ""
1400
1418
1401
#: serverguide/C/web-servers.xml:1168(title)
1419
#: serverguide/C/web-servers.xml:1179(title)
1402
1420
msgid "Tomcat administration webapps"
1403
1421
msgstr ""
1404
1422
1405
#: serverguide/C/web-servers.xml:1169(para)
1423
#: serverguide/C/web-servers.xml:1180(para)
1406
1424
msgid ""
1407
1425
"The <application>tomcat7-admin</application> package contains two webapps "
1408
1426
"that can be used to administer the Tomcat server using a web interface. You "
1409
1427
"can install them by entering the following command in the terminal prompt:"
1410
1428
msgstr ""
1411
1429
1412
#: serverguide/C/web-servers.xml:1174(command)
1430
#: serverguide/C/web-servers.xml:1185(command)
1413
1431
msgid "sudo apt install tomcat7-admin"
1414
1432
msgstr ""
1415
1433
1416
#: serverguide/C/web-servers.xml:1176(para)
1434
#: serverguide/C/web-servers.xml:1187(para)
1417
1435
msgid ""
1418
1436
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1419
1437
"access by default at http://yourserver:8080/manager/html. It is primarily "
1420
1438
"used to get server status and restart webapps."
1421
1439
msgstr ""
1422
1440
1423
#: serverguide/C/web-servers.xml:1179(para)
1441
#: serverguide/C/web-servers.xml:1190(para)
1424
1442
msgid ""
1425
1443
"Access to the <emphasis>manager</emphasis> application is protected by "
1426
1444
"default: you need to define a user with the role \"manager-gui\" in "
1427
1445
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1428
1446
msgstr ""
1429
1447
1430
#: serverguide/C/web-servers.xml:1183(para)
1448
#: serverguide/C/web-servers.xml:1194(para)
1431
1449
msgid ""
1432
1450
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1433
1451
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1434
1452
"used to create virtual hosts dynamically."
1435
1453
msgstr ""
1436
1454
1437
#: serverguide/C/web-servers.xml:1187(para)
1455
#: serverguide/C/web-servers.xml:1198(para)
1438
1456
msgid ""
1439
1457
"Access to the <emphasis>host-manager</emphasis> application is also "
1440
1458
"protected by default: you need to define a user with the role \"admin-gui\" "
1442
1460
"it."
1443
1461
msgstr ""
1444
1462
1445
#: serverguide/C/web-servers.xml:1192(para)
1463
#: serverguide/C/web-servers.xml:1203(para)
1446
1464
msgid ""
1447
1465
"For security reasons, the tomcat7 user cannot write to the "
1448
1466
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1451
1469
"the following, to give users in the tomcat7 group the necessary rights:"
1452
1470
msgstr ""
1453
1471
1454
#: serverguide/C/web-servers.xml:1199(command)
1472
#: serverguide/C/web-servers.xml:1210(command)
1455
1473
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1456
1474
msgstr ""
1457
1475
1458
#: serverguide/C/web-servers.xml:1200(command)
1476
#: serverguide/C/web-servers.xml:1211(command)
1459
1477
msgid "sudo chmod -R g+w /etc/tomcat7"
1460
1478
msgstr ""
1461
1479
1462
#: serverguide/C/web-servers.xml:1205(title)
1480
#: serverguide/C/web-servers.xml:1216(title)
1463
1481
msgid "Tomcat examples webapps"
1464
1482
msgstr ""
1465
1483
1466
#: serverguide/C/web-servers.xml:1206(para)
1484
#: serverguide/C/web-servers.xml:1217(para)
1467
1485
msgid ""
1468
1486
"The <application>tomcat7-examples</application> package contains two webapps "
1469
1487
"that can be used to test or demonstrate Servlets and JSP features, which you "
1471
1489
"install them by entering the following command in the terminal prompt:"
1472
1490
msgstr ""
1473
1491
1474
#: serverguide/C/web-servers.xml:1212(command)
1492
#: serverguide/C/web-servers.xml:1223(command)
1475
1493
msgid "sudo apt install tomcat7-examples"
1476
1494
msgstr ""
1477
1495
1478
#: serverguide/C/web-servers.xml:1218(title)
1496
#: serverguide/C/web-servers.xml:1229(title)
1479
1497
msgid "Using private instances"
1480
1498
msgstr ""
1481
1499
1482
#: serverguide/C/web-servers.xml:1219(para)
1500
#: serverguide/C/web-servers.xml:1230(para)
1483
1501
msgid ""
1484
1502
"Tomcat is heavily used in development and testing scenarios where using a "
1485
1503
"single system-wide instance doesn't meet the requirements of multiple users "
1489
1507
"system-installed libraries."
1490
1508
msgstr ""
1491
1509
1492
#: serverguide/C/web-servers.xml:1226(para)
1510
#: serverguide/C/web-servers.xml:1237(para)
1493
1511
msgid ""
1494
1512
"It is possible to run the system-wide instance and the private instances in "
1495
1513
"parallel, as long as they do not use the same TCP ports."
1496
1514
msgstr ""
1497
1515
1498
#: serverguide/C/web-servers.xml:1230(title)
1516
#: serverguide/C/web-servers.xml:1241(title)
1499
1517
msgid "Installing private instance support"
1500
1518
msgstr ""
1501
1519
1502
#: serverguide/C/web-servers.xml:1231(para)
1520
#: serverguide/C/web-servers.xml:1242(para)
1503
1521
msgid ""
1504
1522
"You can install everything necessary to run private instances by entering "
1505
1523
"the following command in the terminal prompt:"
1506
1524
msgstr ""
1507
1525
1508
#: serverguide/C/web-servers.xml:1234(command)
1526
#: serverguide/C/web-servers.xml:1245(command)
1509
1527
msgid "sudo apt install tomcat7-user"
1510
1528
msgstr ""
1511
1529
1512
#: serverguide/C/web-servers.xml:1238(title)
1530
#: serverguide/C/web-servers.xml:1249(title)
1513
1531
msgid "Creating a private instance"
1514
1532
msgstr ""
1515
1533
1516
#: serverguide/C/web-servers.xml:1239(para)
1534
#: serverguide/C/web-servers.xml:1250(para)
1517
1535
msgid ""
1518
1536
"You can create a private instance directory by entering the following "
1519
1537
"command in the terminal prompt:"
1520
1538
msgstr ""
1521
1539
1522
#: serverguide/C/web-servers.xml:1242(command)
1540
#: serverguide/C/web-servers.xml:1253(command)
1523
1541
msgid "tomcat7-instance-create my-instance"
1524
1542
msgstr ""
1525
1543
1526
#: serverguide/C/web-servers.xml:1244(para)
1544
#: serverguide/C/web-servers.xml:1255(para)
1527
1545
msgid ""
1528
1546
"This will create a new <filename>my-instance</filename> directory with all "
1529
1547
"the necessary subdirectories and scripts. You can for example install your "
1532
1550
"are deployed by default."
1533
1551
msgstr ""
1534
1552
1535
#: serverguide/C/web-servers.xml:1252(title)
1553
#: serverguide/C/web-servers.xml:1263(title)
1536
1554
msgid "Configuring your private instance"
1537
1555
msgstr ""
1538
1556
1539
#: serverguide/C/web-servers.xml:1253(para)
1557
#: serverguide/C/web-servers.xml:1264(para)
1540
1558
msgid ""
1541
1559
"You will find the classic Tomcat configuration files for your private "
1542
1560
"instance in the <filename>conf/</filename> subdirectory. You should for "
1545
1563
"conflict with other instances that might be running."
1546
1564
msgstr ""
1547
1565
1548
#: serverguide/C/web-servers.xml:1261(title)
1566
#: serverguide/C/web-servers.xml:1272(title)
1549
1567
msgid "Starting/stopping your private instance"
1550
1568
msgstr ""
1551
1569
1552
#: serverguide/C/web-servers.xml:1262(para)
1570
#: serverguide/C/web-servers.xml:1273(para)
1553
1571
msgid ""
1554
1572
"You can start your private instance by entering the following command in the "
1555
1573
"terminal prompt (supposing your instance is located in the <filename>my-"
1556
1574
"instance</filename> directory):"
1557
1575
msgstr ""
1558
1576
1559
#: serverguide/C/web-servers.xml:1266(command)
1577
#: serverguide/C/web-servers.xml:1277(command)
1560
1578
msgid "my-instance/bin/startup.sh"
1561
1579
msgstr ""
1562
1580
1563
#: serverguide/C/web-servers.xml:1268(para)
1581
#: serverguide/C/web-servers.xml:1279(para)
1564
1582
msgid ""
1565
1583
"You should check the <filename>logs/</filename> subdirectory for any error. "
1566
1584
"If you have a <emphasis>java.net.BindException: Address already in "
1568
1586
"is already taken and that you should change it."
1569
1587
msgstr ""
1570
1588
1571
#: serverguide/C/web-servers.xml:1273(para)
1589
#: serverguide/C/web-servers.xml:1284(para)
1572
1590
msgid ""
1573
1591
"You can stop your instance by entering the following command in the terminal "
1574
1592
"prompt (supposing your instance is located in the <filename>my-"
1575
1593
"instance</filename> directory):"
1576
1594
msgstr ""
1577
1595
1578
#: serverguide/C/web-servers.xml:1277(command)
1596
#: serverguide/C/web-servers.xml:1288(command)
1579
1597
msgid "my-instance/bin/shutdown.sh"
1580
1598
msgstr ""
1581
1599
1582
#: serverguide/C/web-servers.xml:1286(para)
1600
#: serverguide/C/web-servers.xml:1297(para)
1583
1601
msgid ""
1584
1602
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1585
1603
"website for more information."
1586
1604
msgstr ""
1587
1605
1588
#: serverguide/C/web-servers.xml:1291(para)
1606
#: serverguide/C/web-servers.xml:1302(para)
1589
1607
msgid ""
1590
1608
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1591
1609
"Definitive Guide</ulink> is a good resource for building web applications "
1592
1610
"with Tomcat."
1593
1611
msgstr ""
1594
1612
1595
#: serverguide/C/web-servers.xml:1297(para)
1613
#: serverguide/C/web-servers.xml:1308(para)
1596
1614
msgid ""
1597
1615
"For additional books see the <ulink "
1598
1616
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
2989
3007
2990
3008
#: serverguide/C/virtualization.xml:95(para)
2991
3009
msgid ""
3010
"In more recent releases (>= Yakkety) the group was renamed to "
3011
"<emphasis>libvirt</emphasis>. Upgraded systems get a new "
3012
"<emphasis>libvirt</emphasis> group with the same gid as the "
3013
"<emphasis>libvirtd</emphasis> group to match that."
3014
msgstr ""
3015
3016
#: serverguide/C/virtualization.xml:98(para)
3017
msgid ""
2992
3018
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2993
3019
"Installing a virtual machine follows the same process as installing the "
2994
3020
"operating system directly on the hardware. You either need a way to automate "
2996
3022
"physical machine."
2997
3023
msgstr ""
2998
3024
2999
#: serverguide/C/virtualization.xml:101(para)
3025
#: serverguide/C/virtualization.xml:104(para)
3000
3026
msgid ""
3001
3027
"In the case of virtual machines a Graphical User Interface (GUI) is "
3002
3028
"analogous to using a physical keyboard and mouse. Instead of installing a "
3005
3031
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3006
3032
msgstr ""
3007
3033
3008
#: serverguide/C/virtualization.xml:108(para)
3034
#: serverguide/C/virtualization.xml:111(para)
3009
3035
msgid ""
3010
3036
"There are several ways to automate the Ubuntu installation process, for "
3011
3037
"example using preseeds, kickstart, etc. Refer to the <ulink "
3013
3039
"Installation Guide</ulink> for details."
3014
3040
msgstr ""
3015
3041
3016
#: serverguide/C/virtualization.xml:113(para)
3042
#: serverguide/C/virtualization.xml:116(para)
3017
3043
msgid ""
3018
3044
"Yet another way to install an Ubuntu virtual machine is to use "
3019
3045
"<application>uvtool</application>. This application, available as of 14.04, "
3021
3047
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
3022
3048
msgstr ""
3023
3049
3024
#: serverguide/C/virtualization.xml:119(para)
3050
#: serverguide/C/virtualization.xml:122(para)
3025
3051
msgid ""
3026
3052
"Libvirt can also be configured work with <application>Xen</application>. For "
3027
3053
"details, see the Xen Ubuntu community page referenced below."
3028
3054
msgstr ""
3029
3055
3030
#: serverguide/C/virtualization.xml:125(title)
3056
#: serverguide/C/virtualization.xml:128(title)
3031
3057
msgid "virt-install"
3032
3058
msgstr ""
3033
3059
3034
#: serverguide/C/virtualization.xml:127(para)
3060
#: serverguide/C/virtualization.xml:130(para)
3035
3061
msgid ""
3036
3062
"<application>virt-install</application> is part of the "
3037
3063
"<application>virtinst</application> package. To install it, from a terminal "
3038
3064
"prompt enter:"
3039
3065
msgstr ""
3040
3066
3041
#: serverguide/C/virtualization.xml:132(command)
3067
#: serverguide/C/virtualization.xml:135(command)
3042
3068
msgid "sudo apt install virtinst"
3043
3069
msgstr ""
3044
3070
3045
#: serverguide/C/virtualization.xml:135(para)
3071
#: serverguide/C/virtualization.xml:138(para)
3046
3072
msgid ""
3047
3073
"There are several options available when using <application>virt-"
3048
3074
"install</application>. For example:"
3049
3075
msgstr ""
3050
3076
3051
#: serverguide/C/virtualization.xml:139(command)
3077
#: serverguide/C/virtualization.xml:142(command)
3052
3078
msgid ""
3053
3079
"sudo virt-install -n web_devel -r 256 \\ --disk "
3054
3080
"path=/var/lib/libvirt/images/web_devel.img,bus=virtio,size=4 -c \\ ubuntu-"
3056
3082
"vnc,listen=0.0.0.0 --noautoconsole -v"
3057
3083
msgstr ""
3058
3084
3059
#: serverguide/C/virtualization.xml:147(para)
3085
#: serverguide/C/virtualization.xml:150(para)
3060
3086
msgid ""
3061
3087
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3062
3088
"be <emphasis>web_devel</emphasis> in this example."
3063
3089
msgstr ""
3064
3090
3065
#: serverguide/C/virtualization.xml:153(para)
3091
#: serverguide/C/virtualization.xml:156(para)
3066
3092
msgid ""
3067
3093
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3068
3094
"machine will use in megabytes."
3069
3095
msgstr ""
3070
3096
3071
#: serverguide/C/virtualization.xml:158(para)
3097
#: serverguide/C/virtualization.xml:161(para)
3072
3098
msgid ""
3073
3099
"<emphasis>--disk "
3074
3100
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
3078
3104
"<emphasis>virtio</emphasis> for the disk bus."
3079
3105
msgstr ""
3080
3106
3081
#: serverguide/C/virtualization.xml:168(para)
3107
#: serverguide/C/virtualization.xml:171(para)
3082
3108
msgid ""
3083
3109
"<emphasis>-c ubuntu-16.04-server-i386.iso:</emphasis> file to be used as a "
3084
3110
"virtual CDROM. The file can be either an ISO file or the path to the host's "
3085
3111
"CDROM device."
3086
3112
msgstr ""
3087
3113
3088
#: serverguide/C/virtualization.xml:174(para)
3114
#: serverguide/C/virtualization.xml:177(para)
3089
3115
msgid ""
3090
3116
"<emphasis>--network</emphasis> provides details related to the VM's network "
3091
3117
"interface. Here the <emphasis>default</emphasis> network is used, and the "
3092
3118
"interface model is configured for <emphasis>virtio</emphasis>."
3093
3119
msgstr ""
3094
3120
3095
#: serverguide/C/virtualization.xml:181(para)
3121
#: serverguide/C/virtualization.xml:184(para)
3096
3122
msgid ""
3097
3123
"<emphasis>--graphics vnc,listen=0.0.0.0:</emphasis> exports the guest's "
3098
3124
"virtual console using VNC and on all host interfaces. Typically servers have "
3100
3126
"connect via VNC to complete the installation."
3101
3127
msgstr ""
3102
3128
3103
#: serverguide/C/virtualization.xml:189(para)
3129
#: serverguide/C/virtualization.xml:192(para)
3104
3130
msgid ""
3105
3131
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3106
3132
"virtual machine's console."
3107
3133
msgstr ""
3108
3134
3109
#: serverguide/C/virtualization.xml:194(para)
3135
#: serverguide/C/virtualization.xml:197(para)
3110
3136
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3111
3137
msgstr ""
3112
3138
3113
#: serverguide/C/virtualization.xml:199(para)
3139
#: serverguide/C/virtualization.xml:202(para)
3114
3140
msgid ""
3115
3141
"After launching <application>virt-install</application> you can connect to "
3116
3142
"the virtual machine's console either locally using a GUI (if your server has "
3117
3143
"a GUI), or via a remote VNC client from a GUI-based computer."
3118
3144
msgstr ""
3119
3145
3120
#: serverguide/C/virtualization.xml:206(title)
3146
#: serverguide/C/virtualization.xml:209(title)
3121
3147
msgid "virt-clone"
3122
3148
msgstr ""
3123
3149
3124
#: serverguide/C/virtualization.xml:208(para)
3150
#: serverguide/C/virtualization.xml:211(para)
3125
3151
msgid ""
3126
3152
"The <application>virt-clone</application> application can be used to copy "
3127
3153
"one virtual machine to another. For example:"
3128
3154
msgstr ""
3129
3155
3130
#: serverguide/C/virtualization.xml:212(command)
3156
#: serverguide/C/virtualization.xml:215(command)
3131
3157
msgid ""
3132
"sudo virt-clone -o web_devel -n database_devel -f "
3133
"/path/to/database_devel.img \\ --connect=qemu:///system"
3158
"sudo virt-clone -o web_devel -n database_devel -f /path/to/database_devel.img"
3134
3159
msgstr ""
3135
3160
3136
#: serverguide/C/virtualization.xml:218(para)
3161
#: serverguide/C/virtualization.xml:220(para)
3137
3162
msgid "<emphasis>-o:</emphasis> original virtual machine."
3138
3163
msgstr ""
3139
3164
3140
#: serverguide/C/virtualization.xml:222(para)
3165
#: serverguide/C/virtualization.xml:224(para)
3141
3166
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3142
3167
msgstr ""
3143
3168
3144
#: serverguide/C/virtualization.xml:227(para)
3169
#: serverguide/C/virtualization.xml:229(para)
3145
3170
msgid ""
3146
3171
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3147
3172
"be used by the new virtual machine."
3148
3173
msgstr ""
3149
3174
3150
#: serverguide/C/virtualization.xml:232(para)
3151
msgid ""
3152
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3153
msgstr ""
3154
3155
#: serverguide/C/virtualization.xml:237(para)
3175
#: serverguide/C/virtualization.xml:234(para)
3156
3176
msgid ""
3157
3177
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3158
3178
"help troubleshoot problems with <application>virt-clone</application>."
3159
3179
msgstr ""
3160
3180
3161
#: serverguide/C/virtualization.xml:242(para)
3181
#: serverguide/C/virtualization.xml:239(para)
3162
3182
msgid ""
3163
3183
"Replace <emphasis>web_devel</emphasis> and "
3164
3184
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3165
3185
msgstr ""
3166
3186
3187
#: serverguide/C/virtualization.xml:246(title)
3188
msgid "Virtual Machine Management"
3189
msgstr ""
3190
3167
3191
#: serverguide/C/virtualization.xml:249(title)
3168
msgid "Virtual Machine Management"
3169
msgstr ""
3170
3171
#: serverguide/C/virtualization.xml:252(title)
3172
3192
msgid "virsh"
3173
3193
msgstr ""
3174
3194
3175
#: serverguide/C/virtualization.xml:254(para)
3195
#: serverguide/C/virtualization.xml:251(para)
3176
3196
msgid ""
3177
3197
"There are several utilities available to manage virtual machines and "
3178
3198
"<application>libvirt</application>. The <application>virsh</application> "
3179
3199
"utility can be used from the command line. Some examples:"
3180
3200
msgstr ""
3181
3201
3182
#: serverguide/C/virtualization.xml:261(para)
3202
#: serverguide/C/virtualization.xml:258(para)
3183
3203
msgid "To list running virtual machines:"
3184
3204
msgstr ""
3185
3205
3186
#: serverguide/C/virtualization.xml:264(command)
3187
msgid "virsh -c qemu:///system list"
3206
#: serverguide/C/virtualization.xml:261(command)
3207
msgid "virsh list"
3188
3208
msgstr ""
3189
3209
3190
#: serverguide/C/virtualization.xml:269(para)
3210
#: serverguide/C/virtualization.xml:266(para)
3191
3211
msgid "To start a virtual machine:"
3192
3212
msgstr ""
3193
3213
3194
#: serverguide/C/virtualization.xml:272(command)
3195
msgid "virsh -c qemu:///system start web_devel"
3214
#: serverguide/C/virtualization.xml:269(command)
3215
msgid "virsh start web_devel"
3196
3216
msgstr ""
3197
3217
3198
#: serverguide/C/virtualization.xml:277(para)
3218
#: serverguide/C/virtualization.xml:274(para)
3199
3219
msgid "Similarly, to start a virtual machine at boot:"
3200
3220
msgstr ""
3201
3221
3202
#: serverguide/C/virtualization.xml:280(command)
3203
msgid "virsh -c qemu:///system autostart web_devel"
3222
#: serverguide/C/virtualization.xml:277(command)
3223
msgid "virsh autostart web_devel"
3204
3224
msgstr ""
3205
3225
3206
#: serverguide/C/virtualization.xml:285(para)
3226
#: serverguide/C/virtualization.xml:282(para)
3207
3227
msgid "Reboot a virtual machine with:"
3208
3228
msgstr ""
3209
3229
3210
#: serverguide/C/virtualization.xml:288(command)
3211
msgid "virsh -c qemu:///system reboot web_devel"
3230
#: serverguide/C/virtualization.xml:285(command)
3231
msgid "virsh reboot web_devel"
3212
3232
msgstr ""
3213
3233
3214
#: serverguide/C/virtualization.xml:293(para)
3234
#: serverguide/C/virtualization.xml:290(para)
3215
3235
msgid ""
3216
3236
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3217
3237
"order to be restored later. The following will save the virtual machine "
3218
3238
"state into a file named according to the date:"
3219
3239
msgstr ""
3220
3240
3221
#: serverguide/C/virtualization.xml:299(command)
3222
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3241
#: serverguide/C/virtualization.xml:296(command)
3242
msgid "virsh save web_devel web_devel-022708.state"
3223
3243
msgstr ""
3224
3244
3225
#: serverguide/C/virtualization.xml:302(para)
3245
#: serverguide/C/virtualization.xml:299(para)
3226
3246
msgid "Once saved the virtual machine will no longer be running."
3227
3247
msgstr ""
3228
3248
3229
#: serverguide/C/virtualization.xml:307(para)
3249
#: serverguide/C/virtualization.xml:304(para)
3230
3250
msgid "A saved virtual machine can be restored using:"
3231
3251
msgstr ""
3232
3252
3233
#: serverguide/C/virtualization.xml:310(command)
3234
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3253
#: serverguide/C/virtualization.xml:307(command)
3254
msgid "virsh restore web_devel-022708.state"
3235
3255
msgstr ""
3236
3256
3237
#: serverguide/C/virtualization.xml:315(para)
3257
#: serverguide/C/virtualization.xml:312(para)
3238
3258
msgid "To shutdown a virtual machine do:"
3239
3259
msgstr ""
3240
3260
3241
#: serverguide/C/virtualization.xml:318(command)
3242
msgid "virsh -c qemu:///system shutdown web_devel"
3261
#: serverguide/C/virtualization.xml:315(command)
3262
msgid "virsh shutdown web_devel"
3243
3263
msgstr ""
3244
3264
3245
#: serverguide/C/virtualization.xml:323(para)
3265
#: serverguide/C/virtualization.xml:320(para)
3246
3266
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3247
3267
msgstr ""
3248
3268
3249
#: serverguide/C/virtualization.xml:327(command)
3250
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3269
#: serverguide/C/virtualization.xml:324(command)
3270
msgid "virsh attach-disk web_devel /dev/cdrom /media/cdrom"
3251
3271
msgstr ""
3252
3272
3253
#: serverguide/C/virtualization.xml:333(para)
3273
#: serverguide/C/virtualization.xml:330(para)
3254
3274
msgid ""
3255
3275
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3256
3276
"appropriate virtual machine name, and <filename>web_devel-"
3257
3277
"022708.state</filename> with a descriptive file name."
3258
3278
msgstr ""
3259
3279
3280
#: serverguide/C/virtualization.xml:334(para)
3281
msgid ""
3282
"If virsh (or other vir* tools) shall connect to something else than the "
3283
"default qemu-kvm/system hipervisor one can find alternatives for the "
3284
"<emphasis>connect</emphasis> option in <emphasis>man virsh</emphasis> or "
3285
"<ulink url=\"http://libvirt.org/uri.html\">libvirt doc</ulink>"
3286
msgstr ""
3287
3260
3288
#: serverguide/C/virtualization.xml:341(title)
3289
msgid "migration"
3290
msgstr ""
3291
3292
#: serverguide/C/virtualization.xml:342(para)
3293
msgid ""
3294
"There are different types of migration available depending on the versions "
3295
"of libvirt and the hipervisor being used. In general those types are:"
3296
msgstr ""
3297
3298
#: serverguide/C/virtualization.xml:345(ulink)
3299
msgid "offline migration"
3300
msgstr ""
3301
3302
#: serverguide/C/virtualization.xml:346(ulink)
3303
msgid "live migration"
3304
msgstr ""
3305
3306
#: serverguide/C/virtualization.xml:347(ulink)
3307
msgid "postcopy migration"
3308
msgstr ""
3309
3310
#: serverguide/C/virtualization.xml:349(para)
3311
msgid ""
3312
"There are various options to those methods, but the entry point for all of "
3313
"them is <emphasis>virsh migrate</emphasis>. Read the integrated help for "
3314
"more detail."
3315
msgstr ""
3316
3317
#: serverguide/C/virtualization.xml:350(command)
3318
msgid "virsh migrate --help"
3319
msgstr ""
3320
3321
#: serverguide/C/virtualization.xml:351(para)
3322
msgid ""
3323
"Some useful documentation on constraints and considerations about live "
3324
"migration can be found at the <ulink "
3325
"url=\"https://wiki.ubuntu.com/QemuKVMMigration\">Ubuntu Wiki</ulink>"
3326
msgstr ""
3327
3328
#: serverguide/C/virtualization.xml:355(title)
3261
3329
msgid "Virtual Machine Manager"
3262
3330
msgstr ""
3263
3331
3264
#: serverguide/C/virtualization.xml:343(para)
3332
#: serverguide/C/virtualization.xml:357(para)
3265
3333
msgid ""
3266
3334
"The <application>virt-manager</application> package contains a graphical "
3267
3335
"utility to manage local and remote virtual machines. To install virt-manager "
3268
3336
"enter:"
3269
3337
msgstr ""
3270
3338
3271
#: serverguide/C/virtualization.xml:348(command)
3339
#: serverguide/C/virtualization.xml:362(command)
3272
3340
msgid "sudo apt install virt-manager"
3273
3341
msgstr ""
3274
3342
3275
#: serverguide/C/virtualization.xml:351(para)
3343
#: serverguide/C/virtualization.xml:365(para)
3276
3344
msgid ""
3277
3345
"Since <application>virt-manager</application> requires a Graphical User "
3278
3346
"Interface (GUI) environment it is recommended to be installed on a "
3280
3348
"the local <application>libvirt</application> service enter:"
3281
3349
msgstr ""
3282
3350
3283
#: serverguide/C/virtualization.xml:358(command)
3351
#: serverguide/C/virtualization.xml:372(command)
3284
3352
msgid "virt-manager -c qemu:///system"
3285
3353
msgstr ""
3286
3354
3287
#: serverguide/C/virtualization.xml:361(para)
3355
#: serverguide/C/virtualization.xml:375(para)
3288
3356
msgid ""
3289
3357
"You can connect to the <application>libvirt</application> service running on "
3290
3358
"another host by entering the following in a terminal prompt:"
3291
3359
msgstr ""
3292
3360
3293
#: serverguide/C/virtualization.xml:366(command)
3361
#: serverguide/C/virtualization.xml:380(command)
3294
3362
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3295
3363
msgstr ""
3296
3364
3297
#: serverguide/C/virtualization.xml:370(para)
3365
#: serverguide/C/virtualization.xml:384(para)
3298
3366
msgid ""
3299
3367
"The above example assumes that <application>SSH</application> connectivity "
3300
3368
"between the management system and virtnode1.mydomain.com has already been "
3305
3373
"linkend=\"openssh-server\"/>"
3306
3374
msgstr ""
3307
3375
3308
#: serverguide/C/virtualization.xml:383(title)
3376
#: serverguide/C/virtualization.xml:397(title)
3309
3377
msgid "Virtual Machine Viewer"
3310
3378
msgstr ""
3311
3379
3312
#: serverguide/C/virtualization.xml:385(para)
3380
#: serverguide/C/virtualization.xml:399(para)
3313
3381
msgid ""
3314
3382
"The <application>virt-viewer</application> application allows you to connect "
3315
3383
"to a virtual machine's console. <application>virt-viewer</application> does "
3317
3385
"machine."
3318
3386
msgstr ""
3319
3387
3320
#: serverguide/C/virtualization.xml:390(para)
3388
#: serverguide/C/virtualization.xml:404(para)
3321
3389
msgid ""
3322
3390
"To install <application>virt-viewer</application> from a terminal enter:"
3323
3391
msgstr ""
3324
3392
3325
#: serverguide/C/virtualization.xml:394(command)
3393
#: serverguide/C/virtualization.xml:408(command)
3326
3394
msgid "sudo apt install virt-viewer"
3327
3395
msgstr ""
3328
3396
3329
#: serverguide/C/virtualization.xml:397(para)
3397
#: serverguide/C/virtualization.xml:411(para)
3330
3398
msgid ""
3331
3399
"Once a virtual machine is installed and running you can connect to the "
3332
3400
"virtual machine's console by using:"
3333
3401
msgstr ""
3334
3402
3335
#: serverguide/C/virtualization.xml:401(command)
3336
msgid "virt-viewer -c qemu:///system web_devel"
3403
#: serverguide/C/virtualization.xml:415(command)
3404
msgid "virt-viewer web_devel"
3337
3405
msgstr ""
3338
3406
3339
#: serverguide/C/virtualization.xml:404(para)
3407
#: serverguide/C/virtualization.xml:418(para)
3340
3408
msgid ""
3341
3409
"Similar to <application>virt-manager</application>, <application>virt-"
3342
3410
"viewer</application> can connect to a remote host using "
3343
3411
"<emphasis>SSH</emphasis> with key authentication, as well:"
3344
3412
msgstr ""
3345
3413
3346
#: serverguide/C/virtualization.xml:409(command)
3414
#: serverguide/C/virtualization.xml:423(command)
3347
3415
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3348
3416
msgstr ""
3349
3417
3350
#: serverguide/C/virtualization.xml:412(para)
3418
#: serverguide/C/virtualization.xml:426(para)
3351
3419
msgid ""
3352
3420
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3353
3421
"appropriate virtual machine name."
3354
3422
msgstr ""
3355
3423
3356
#: serverguide/C/virtualization.xml:415(para)
3424
#: serverguide/C/virtualization.xml:429(para)
3357
3425
msgid ""
3358
3426
"If configured to use a <emphasis>bridged</emphasis> network interface you "
3359
3427
"can also setup <application>SSH</application> access to the virtual machine."
3360
3428
msgstr ""
3361
3429
3362
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:674(title) serverguide/C/virtualization.xml:745(title) serverguide/C/virtualization.xml:2680(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1691(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2673(title) serverguide/C/network-auth.xml:3389(title) serverguide/C/network-auth.xml:3942(title) serverguide/C/network-auth.xml:4177(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3430
#: serverguide/C/virtualization.xml:435(title) serverguide/C/virtualization.xml:742(title) serverguide/C/virtualization.xml:813(title) serverguide/C/virtualization.xml:2748(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1945(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2666(title) serverguide/C/network-auth.xml:3382(title) serverguide/C/network-auth.xml:3935(title) serverguide/C/network-auth.xml:4170(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3363
3431
msgid "Resources"
3364
3432
msgstr "Resources"
3365
3433
3366
#: serverguide/C/virtualization.xml:425(para)
3434
#: serverguide/C/virtualization.xml:439(para)
3367
3435
msgid ""
3368
3436
"See the <ulink url=\"http://www.linux-kvm.org/\">KVM</ulink> home page for "
3369
3437
"more details."
3370
3438
msgstr ""
3371
3439
3372
#: serverguide/C/virtualization.xml:430(para)
3440
#: serverguide/C/virtualization.xml:444(para)
3373
3441
msgid ""
3374
3442
"For more information on <application>libvirt</application> see the <ulink "
3375
3443
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3376
3444
msgstr ""
3377
3445
3378
#: serverguide/C/virtualization.xml:436(para)
3446
#: serverguide/C/virtualization.xml:450(para)
3379
3447
msgid ""
3380
3448
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3381
3449
"site has more information on <application>virt-manager</application> "
3382
3450
"development."
3383
3451
msgstr ""
3384
3452
3385
#: serverguide/C/virtualization.xml:442(para)
3453
#: serverguide/C/virtualization.xml:456(para)
3386
3454
msgid ""
3387
3455
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3388
3456
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3389
3457
"technology in Ubuntu."
3390
3458
msgstr ""
3391
3459
3392
#: serverguide/C/virtualization.xml:448(para)
3460
#: serverguide/C/virtualization.xml:462(para)
3393
3461
msgid ""
3394
3462
"Another good resource is the <ulink "
3395
3463
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3396
3464
msgstr ""
3397
3465
3398
#: serverguide/C/virtualization.xml:454(para)
3466
#: serverguide/C/virtualization.xml:468(para)
3399
3467
msgid ""
3400
3468
"For information on Xen, including using Xen with libvirt, please see the "
3401
3469
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3402
3470
"page."
3403
3471
msgstr ""
3404
3472
3405
#: serverguide/C/virtualization.xml:464(title)
3473
#: serverguide/C/virtualization.xml:478(title)
3474
msgid "Qemu"
3475
msgstr ""
3476
3477
#: serverguide/C/virtualization.xml:479(para)
3478
msgid ""
3479
"<ulink url=\"http://wiki.qemu.org/Main_Page\">Qemu</ulink> is a machine "
3480
"emulator that can run operating systems and programs for one machine on a "
3481
"different machine. Mostly it is not used as emulator but as virtualizer in "
3482
"collaboration with KVM or XEN kernel components. In that case it utilizes "
3483
"the virtualization technology of the hardware to virtualize guests."
3484
msgstr ""
3485
3486
#: serverguide/C/virtualization.xml:483(para)
3487
msgid ""
3488
"While qemu has a <ulink url=\"http://wiki.qemu.org/download/qemu-"
3489
"doc.html#sec_005finvocation\">command line interface</ulink> and a <ulink "
3490
"url=\"http://wiki.qemu.org/download/qemu-"
3491
"doc.html#pcsys_005fmonitor\">monitor</ulink> to interact with running guests "
3492
"those is rarely used that way for other means than development purposes. "
3493
"<link linkend=\"libvirt\">Libvirt</link> provides an abstraction from "
3494
"specific versions and hiperviors and encapsulates some workarounds and best "
3495
"practises."
3496
msgstr ""
3497
3498
#: serverguide/C/virtualization.xml:488(title)
3499
msgid "Upgrading the machine type"
3500
msgstr ""
3501
3502
#: serverguide/C/virtualization.xml:489(para)
3503
msgid ""
3504
"This also is documented along some more constraints and considerations at "
3505
"the <ulink "
3506
"url=\"https://wiki.ubuntu.com/QemuKVMMigration#Upgrade_machine_type\">Ubuntu "
3507
"Wiki</ulink>"
3508
msgstr ""
3509
3510
#: serverguide/C/virtualization.xml:490(para)
3511
msgid ""
3512
"You might want to update your machine type of an existing defined guest to:"
3513
msgstr ""
3514
3515
#: serverguide/C/virtualization.xml:492(para)
3516
msgid "to pick up latest security fixes and features"
3517
msgstr ""
3518
3519
#: serverguide/C/virtualization.xml:493(para)
3520
msgid "continue using a guest created on a now unsupported release"
3521
msgstr ""
3522
3523
#: serverguide/C/virtualization.xml:495(para)
3524
msgid ""
3525
"In general it is recommended to update machine types when upgrading qemu/kvm "
3526
"to a new major version. But this can likely never be an automated task as "
3527
"this change is guest visible. The guest devices might change in appearance, "
3528
"new features will be announced to the guest and so on. Linux is usually very "
3529
"good at tolerating such changes, but it depends so much on the setup and "
3530
"workload of the guest that this has to be evaluated by the owner/admin of "
3531
"the system. Other operating systems where known to often have severe impacts "
3532
"by changing the hardware. Consider a machine type change similar to "
3533
"replacing all devices and firmware of a physical machine to the latest "
3534
"revision - all considerations that apply there apply to evaluating a machine "
3535
"type upgrade as well."
3536
msgstr ""
3537
3538
#: serverguide/C/virtualization.xml:496(para)
3539
msgid ""
3540
"As usual with major configuration changes it is wise to back up your guest "
3541
"definition and disk state to be able to do a rollback just in case. There is "
3542
"no integrated single command to update the machine type via virsh or similar "
3543
"tools. It is a normal part of your machine definition. And therefore updated "
3544
"the same way as most others."
3545
msgstr ""
3546
3547
#: serverguide/C/virtualization.xml:498(para)
3548
msgid "First shutdown your machine and wait until it has reached that state."
3549
msgstr ""
3550
3551
#: serverguide/C/virtualization.xml:499(screen)
3552
#, no-wrap
3553
msgid ""
3554
"\n"
3555
"virsh shutdown <yourmachine>\n"
3556
"# wait\n"
3557
"virsh list --inactive\n"
3558
"# should now list your machine as \"shut off\"\n"
3559
" "
3560
msgstr ""
3561
3562
#: serverguide/C/virtualization.xml:505(para)
3563
msgid ""
3564
"Then edit the machine definition and find the type in the type tag at the "
3565
"machine attribute."
3566
msgstr ""
3567
3568
#: serverguide/C/virtualization.xml:506(screen)
3569
#, no-wrap
3570
msgid ""
3571
"\n"
3572
"virsh edit <yourmachine>\n"
3573
"<type arch='x86_64' machine='pc-i440fx-xenial'>hvm</type>\n"
3574
" "
3575
msgstr ""
3576
3577
#: serverguide/C/virtualization.xml:510(para)
3578
msgid ""
3579
"Change this to the value you want. If you need to check what types are "
3580
"available via \"-M ?\" Note that while providing upstream types as "
3581
"convenience only Ubuntu types are supported. There you can also see what the "
3582
"current default would be. In general it is strongly recommended that you "
3583
"change to newer types if possible to exploit newer features, but also to "
3584
"benefit of bugfixes that only apply to the newer device virtualization."
3585
msgstr ""
3586
3587
#: serverguide/C/virtualization.xml:511(screen)
3588
#, no-wrap
3589
msgid ""
3590
"\n"
3591
"kvm -M ?\n"
3592
"# lists machine types, e.g.\n"
3593
"pc-i440fx-xenial Ubuntu 16.04 PC (i440FX + PIIX, 1996) (default)\n"
3594
"...\n"
3595
" "
3596
msgstr ""
3597
3598
#: serverguide/C/virtualization.xml:517(para)
3599
msgid ""
3600
"After this you can start your guest again. You can check the current machine "
3601
"type from guest and host depending on your needs."
3602
msgstr ""
3603
3604
#: serverguide/C/virtualization.xml:518(screen)
3605
#, no-wrap
3606
msgid ""
3607
"\n"
3608
"virsh start <yourmachine>\n"
3609
"# check from host, via dumping the active xml definition\n"
3610
"virsh dumpxml <yourmachine> | xmllint --xpath "
3611
"\"string(//domain/os/type/@machine)\" -\n"
3612
"# or from the guest via dmidecode\n"
3613
"sudo dmidecode | grep Product -A 1\n"
3614
" Product Name: Standard PC (i440FX + PIIX, 1996)\n"
3615
" Version: pc-i440fx-xenial\n"
3616
" "
3617
msgstr ""
3618
3619
#: serverguide/C/virtualization.xml:527(para)
3620
msgid ""
3621
"If you keep non-live definitions around like xml files remember to update "
3622
"those as well."
3623
msgstr ""
3624
3625
#: serverguide/C/virtualization.xml:532(title)
3406
3626
msgid "Cloud images and uvtool"
3407
3627
msgstr ""
3408
3628
3409
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3629
#: serverguide/C/virtualization.xml:535(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3410
3630
msgid "Introduction"
3411
3631
msgstr "Introduction"
3412
3632
3413
#: serverguide/C/virtualization.xml:469(para)
3633
#: serverguide/C/virtualization.xml:537(para)
3414
3634
msgid ""
3415
3635
"With Ubuntu being one of the most used operating systems on many cloud "
3416
3636
"platforms, the availability of stable and secure cloud images has become "
3420
3640
"installation."
3421
3641
msgstr ""
3422
3642
3423
#: serverguide/C/virtualization.xml:477(title)
3643
#: serverguide/C/virtualization.xml:545(title)
3424
3644
msgid "Creating virtual machines using uvtool"
3425
3645
msgstr ""
3426
3646
3427
#: serverguide/C/virtualization.xml:479(para)
3647
#: serverguide/C/virtualization.xml:547(para)
3428
3648
msgid ""
3429
3649
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3430
3650
"of generating virtual machines (VM) using the cloud images. "
3431
"<application>uvtool</application> provides a simple mechanism to to "
3432
"synchronize cloud-images locally and use them to create new VMs in minutes."
3651
"<application>uvtool</application> provides a simple mechanism to synchronize "
3652
"cloud-images locally and use them to create new VMs in minutes."
3433
3653
msgstr ""
3434
3654
3435
#: serverguide/C/virtualization.xml:486(title)
3655
#: serverguide/C/virtualization.xml:554(title)
3436
3656
msgid "Uvtool packages"
3437
3657
msgstr ""
3438
3658
3439
#: serverguide/C/virtualization.xml:488(para)
3659
#: serverguide/C/virtualization.xml:556(para)
3440
3660
msgid ""
3441
3661
"The following packages and their dependencies will be required in order to "
3442
3662
"use uvtool:"
3443
3663
msgstr ""
3444
3664
3445
#: serverguide/C/virtualization.xml:495(para)
3665
#: serverguide/C/virtualization.xml:563(para)
3446
3666
msgid "uvtool"
3447
3667
msgstr ""
3448
3668
3449
#: serverguide/C/virtualization.xml:499(para)
3669
#: serverguide/C/virtualization.xml:567(para)
3450
3670
msgid "uvtool-libvirt"
3451
3671
msgstr ""
3452
3672
3453
#: serverguide/C/virtualization.xml:504(para)
3673
#: serverguide/C/virtualization.xml:572(para)
3454
3674
msgid "To install <application>uvtool</application>, run:"
3455
3675
msgstr ""
3456
3676
3457
#: serverguide/C/virtualization.xml:505(programlisting)
3677
#: serverguide/C/virtualization.xml:573(programlisting)
3458
3678
#, no-wrap
3459
3679
msgid "$ apt -y install uvtool"
3460
3680
msgstr ""
3461
3681
3462
#: serverguide/C/virtualization.xml:507(para)
3682
#: serverguide/C/virtualization.xml:575(para)
3463
3683
msgid "This will install uvtool's main commands:"
3464
3684
msgstr ""
3465
3685
3466
#: serverguide/C/virtualization.xml:509(application)
3686
#: serverguide/C/virtualization.xml:577(application)
3467
3687
msgid "uvt-simplestreams-libvirt"
3468
3688
msgstr ""
3469
3689
3470
#: serverguide/C/virtualization.xml:510(application)
3690
#: serverguide/C/virtualization.xml:578(application)
3471
3691
msgid "uvt-kvm"
3472
3692
msgstr ""
3473
3693
3474
#: serverguide/C/virtualization.xml:515(title)
3694
#: serverguide/C/virtualization.xml:583(title)
3475
3695
msgid ""
3476
3696
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3477
3697
"libvirt</application>"
3478
3698
msgstr ""
3479
3699
3480
#: serverguide/C/virtualization.xml:517(para)
3700
#: serverguide/C/virtualization.xml:585(para)
3481
3701
msgid ""
3482
3702
"This is one of the major simplifications that "
3483
3703
"<application>uvtool</application> brings. It is aware of where to find the "
3486
3706
"architecture, the uvtool command would be:"
3487
3707
msgstr ""
3488
3708
3489
#: serverguide/C/virtualization.xml:522(programlisting)
3709
#: serverguide/C/virtualization.xml:590(programlisting)
3490
3710
#, no-wrap
3491
3711
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
3492
3712
msgstr ""
3493
3713
3494
#: serverguide/C/virtualization.xml:524(para)
3714
#: serverguide/C/virtualization.xml:592(para)
3495
3715
msgid ""
3496
3716
"After an amount of time required to download all the images from the "
3497
3717
"Internet, you will have a complete set of cloud images stored locally. To "
3498
3718
"see what has been downloaded use the following command:"
3499
3719
msgstr ""
3500
3720
3501
#: serverguide/C/virtualization.xml:528(programlisting)
3721
#: serverguide/C/virtualization.xml:596(programlisting)
3502
3722
#, no-wrap
3503
3723
msgid ""
3504
3724
"$ uvt-simplestreams-libvirt query\n"
3515
3735
"\n"
3516
3736
msgstr ""
3517
3737
3518
#: serverguide/C/virtualization.xml:542(para)
3738
#: serverguide/C/virtualization.xml:610(para)
3519
3739
msgid ""
3520
3740
"In the case where you want to synchronize only one specific cloud-image, you "
3521
3741
"need to use the release= and arch= filters to identify which image needs to "
3522
3742
"be synchronized."
3523
3743
msgstr ""
3524
3744
3525
#: serverguide/C/virtualization.xml:545(programlisting)
3745
#: serverguide/C/virtualization.xml:613(programlisting)
3526
3746
#, no-wrap
3527
3747
msgid "$ uvt-simplestreams-libvirt sync release=xenial arch=amd64\n"
3528
3748
msgstr ""
3529
3749
3530
#: serverguide/C/virtualization.xml:550(title)
3750
#: serverguide/C/virtualization.xml:618(title)
3531
3751
msgid "Create the VM using uvt-kvm"
3532
3752
msgstr ""
3533
3753
3534
#: serverguide/C/virtualization.xml:552(para)
3754
#: serverguide/C/virtualization.xml:620(para)
3535
3755
msgid ""
3536
3756
"In order to connect to the virtual machine once it has been created, you "
3537
3757
"must have a valid SSH key available for the Ubuntu user. If your environment "
3539
3759
"command:"
3540
3760
msgstr ""
3541
3761
3542
#: serverguide/C/virtualization.xml:554(programlisting)
3762
#: serverguide/C/virtualization.xml:622(programlisting)
3543
3763
#, no-wrap
3544
3764
msgid ""
3545
3765
"\n"
3566
3786
"+-----------------+\n"
3567
3787
msgstr ""
3568
3788
3569
#: serverguide/C/virtualization.xml:577(para)
3789
#: serverguide/C/virtualization.xml:645(para)
3570
3790
msgid ""
3571
3791
"To create of a new virtual machine using uvtool, run the following in a "
3572
3792
"terminal:"
3573
3793
msgstr ""
3574
3794
3575
#: serverguide/C/virtualization.xml:579(programlisting)
3795
#: serverguide/C/virtualization.xml:647(programlisting)
3576
3796
#, no-wrap
3577
3797
msgid "$ uvt-kvm create firsttest"
3578
3798
msgstr ""
3579
3799
3580
#: serverguide/C/virtualization.xml:581(para)
3800
#: serverguide/C/virtualization.xml:649(para)
3581
3801
msgid ""
3582
3802
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3583
3803
"using the current LTS cloud image available locally. If you want to specify "
3585
3805
"role=\"bold\">release=</emphasis> filter:"
3586
3806
msgstr ""
3587
3807
3588
#: serverguide/C/virtualization.xml:584(programlisting)
3808
#: serverguide/C/virtualization.xml:652(programlisting)
3589
3809
#, no-wrap
3590
3810
msgid "$ uvt-kvm create secondtest release=xenial"
3591
3811
msgstr ""
3592
3812
3593
#: serverguide/C/virtualization.xml:586(para)
3813
#: serverguide/C/virtualization.xml:654(para)
3594
3814
msgid ""
3595
3815
"<application>uvt-kvm wait</application> can be used to wait until the "
3596
3816
"creation of the VM has completed:"
3597
3817
msgstr ""
3598
3818
3599
#: serverguide/C/virtualization.xml:589(programlisting)
3819
#: serverguide/C/virtualization.xml:657(programlisting)
3600
3820
#, no-wrap
3601
3821
msgid ""
3602
3822
"$ uvt-kvm wait secondttest --insecure\n"
3603
3823
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3604
3824
msgstr ""
3605
3825
3606
#: serverguide/C/virtualization.xml:594(title)
3826
#: serverguide/C/virtualization.xml:662(title)
3607
3827
msgid "Connect to the running VM"
3608
3828
msgstr ""
3609
3829
3610
#: serverguide/C/virtualization.xml:595(para)
3830
#: serverguide/C/virtualization.xml:663(para)
3611
3831
msgid ""
3612
3832
"Once the virtual machine creation is completed, you can connect to it using "
3613
3833
"SSH:"
3614
3834
msgstr ""
3615
3835
3616
#: serverguide/C/virtualization.xml:598(programlisting)
3836
#: serverguide/C/virtualization.xml:666(programlisting)
3617
3837
#, no-wrap
3618
3838
msgid "$ uvt-kvm ssh secondtest --insecure"
3619
3839
msgstr ""
3620
3840
3621
#: serverguide/C/virtualization.xml:600(para)
3841
#: serverguide/C/virtualization.xml:668(para)
3622
3842
msgid ""
3623
3843
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3624
3844
"required, so use this mechanism to connect to your VM only if you completely "
3625
3845
"trust your network infrastructure."
3626
3846
msgstr ""
3627
3847
3628
#: serverguide/C/virtualization.xml:602(para)
3848
#: serverguide/C/virtualization.xml:670(para)
3629
3849
msgid ""
3630
3850
"You can also connect to your VM using a regular SSH session using the IP "
3631
3851
"address of the VM. The address can be queried using the following command:"
3632
3852
msgstr ""
3633
3853
3634
#: serverguide/C/virtualization.xml:604(programlisting)
3854
#: serverguide/C/virtualization.xml:672(programlisting)
3635
3855
#, no-wrap
3636
3856
msgid ""
3637
3857
"\n"
3673
3893
"\n"
3674
3894
msgstr ""
3675
3895
3676
#: serverguide/C/virtualization.xml:639(title)
3896
#: serverguide/C/virtualization.xml:707(title)
3677
3897
msgid "Get the list of running VMs"
3678
3898
msgstr ""
3679
3899
3680
#: serverguide/C/virtualization.xml:640(para)
3900
#: serverguide/C/virtualization.xml:708(para)
3681
3901
msgid "You can get the list of VMs running on your system with this command:"
3682
3902
msgstr ""
3683
3903
3684
#: serverguide/C/virtualization.xml:642(programlisting)
3904
#: serverguide/C/virtualization.xml:710(programlisting)
3685
3905
#, no-wrap
3686
3906
msgid ""
3687
3907
"$ uvt-kvm list\n"
3688
3908
"secondtest\n"
3689
3909
msgstr ""
3690
3910
3691
#: serverguide/C/virtualization.xml:647(title)
3911
#: serverguide/C/virtualization.xml:715(title)
3692
3912
msgid "Destroy your VM"
3693
3913
msgstr ""
3694
3914
3695
#: serverguide/C/virtualization.xml:648(para)
3915
#: serverguide/C/virtualization.xml:716(para)
3696
3916
msgid "Once you are done with your VM, you can destroy it with:"
3697
3917
msgstr ""
3698
3918
3699
#: serverguide/C/virtualization.xml:650(programlisting)
3919
#: serverguide/C/virtualization.xml:718(programlisting)
3700
3920
#, no-wrap
3701
3921
msgid "$ uvt-kvm destroy secondtest"
3702
3922
msgstr ""
3703
3923
3704
#: serverguide/C/virtualization.xml:652(title)
3924
#: serverguide/C/virtualization.xml:720(title)
3705
3925
msgid "More uvt-kvm options"
3706
3926
msgstr ""
3707
3927
3708
#: serverguide/C/virtualization.xml:654(para)
3928
#: serverguide/C/virtualization.xml:722(para)
3709
3929
msgid ""
3710
3930
"The following options can be used to change some of the characteristics of "
3711
3931
"the VM that you are creating:"
3712
3932
msgstr ""
3713
3933
3714
#: serverguide/C/virtualization.xml:657(para)
3934
#: serverguide/C/virtualization.xml:725(para)
3715
3935
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3716
3936
msgstr ""
3717
3937
3718
#: serverguide/C/virtualization.xml:658(para)
3938
#: serverguide/C/virtualization.xml:726(para)
3719
3939
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3720
3940
msgstr ""
3721
3941
3722
#: serverguide/C/virtualization.xml:659(para)
3942
#: serverguide/C/virtualization.xml:727(para)
3723
3943
msgid "--cpu : Number of CPU cores. Default: 1."
3724
3944
msgstr ""
3725
3945
3726
#: serverguide/C/virtualization.xml:662(para)
3946
#: serverguide/C/virtualization.xml:730(para)
3727
3947
msgid ""
3728
3948
"Some other parameters will have an impact on the cloud-init configuration:"
3729
3949
msgstr ""
3730
3950
3731
#: serverguide/C/virtualization.xml:664(para)
3951
#: serverguide/C/virtualization.xml:732(para)
3732
3952
msgid ""
3733
3953
"--password password : Allow login to the VM using the Ubuntu account and "
3734
3954
"this provided password."
3735
3955
msgstr ""
3736
3956
3737
#: serverguide/C/virtualization.xml:665(para)
3957
#: serverguide/C/virtualization.xml:733(para)
3738
3958
msgid ""
3739
3959
"--run-script-once script_file : Run script_file as root on the VM the first "
3740
3960
"time it is booted, but never again."
3741
3961
msgstr ""
3742
3962
3743
#: serverguide/C/virtualization.xml:666(para)
3963
#: serverguide/C/virtualization.xml:734(para)
3744
3964
msgid ""
3745
3965
"--packages package_list : Install the comma-separated packages specified in "
3746
3966
"package_list on first boot."
3747
3967
msgstr ""
3748
3968
3749
#: serverguide/C/virtualization.xml:669(para)
3969
#: serverguide/C/virtualization.xml:737(para)
3750
3970
msgid ""
3751
3971
"A complete description of all available modifiers is available in the "
3752
3972
"manpage of uvt-kvm."
3753
3973
msgstr ""
3754
3974
3755
#: serverguide/C/virtualization.xml:676(para)
3975
#: serverguide/C/virtualization.xml:744(para)
3756
3976
msgid ""
3757
3977
"If you are interested in learning more, have questions or suggestions, "
3758
3978
"please contact the Ubuntu Server Team at:"
3759
3979
msgstr ""
3760
3980
3761
#: serverguide/C/virtualization.xml:681(para)
3981
#: serverguide/C/virtualization.xml:749(para)
3762
3982
msgid "IRC: #ubuntu-server on freenode"
3763
3983
msgstr ""
3764
3984
3765
#: serverguide/C/virtualization.xml:685(para)
3985
#: serverguide/C/virtualization.xml:753(para)
3766
3986
msgid ""
3767
3987
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3768
3988
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3769
3989
msgstr ""
3770
3990
3771
#: serverguide/C/virtualization.xml:694(title)
3991
#: serverguide/C/virtualization.xml:762(title)
3772
3992
msgid "Ubuntu Cloud"
3773
3993
msgstr ""
3774
3994
3775
#: serverguide/C/virtualization.xml:696(para)
3995
#: serverguide/C/virtualization.xml:764(para)
3776
3996
msgid ""
3777
3997
"<application>Cloud computing</application> is a computing model that allows "
3778
3998
"vast pools of resources to be allocated on-demand. These resources such as "
3784
4004
"build highly scalable, cloud computing for both public and private clouds."
3785
4005
msgstr ""
3786
4006
3787
#: serverguide/C/virtualization.xml:707(title)
4007
#: serverguide/C/virtualization.xml:775(title)
3788
4008
msgid "Installation and Configuration"
3789
4009
msgstr ""
3790
4010
3791
#: serverguide/C/virtualization.xml:709(para)
4011
#: serverguide/C/virtualization.xml:777(para)
3792
4012
msgid ""
3793
4013
"Due to the current high rate of development of this complex technology we "
3794
4014
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
3796
4016
"concerning installation and configuration."
3797
4017
msgstr ""
3798
4018
3799
#: serverguide/C/virtualization.xml:718(title) serverguide/C/network-config.xml:1660(title)
4019
#: serverguide/C/virtualization.xml:786(title) serverguide/C/network-config.xml:1698(title)
3800
4020
msgid "Support and Troubleshooting"
3801
4021
msgstr ""
3802
4022
3803
#: serverguide/C/virtualization.xml:720(para)
4023
#: serverguide/C/virtualization.xml:788(para)
3804
4024
msgid "Community Support"
3805
4025
msgstr ""
3806
4026
3807
#: serverguide/C/virtualization.xml:724(ulink)
4027
#: serverguide/C/virtualization.xml:792(ulink)
3808
4028
msgid "OpenStack Mailing list"
3809
4029
msgstr ""
3810
4030
3811
#: serverguide/C/virtualization.xml:729(ulink)
4031
#: serverguide/C/virtualization.xml:797(ulink)
3812
4032
msgid "The OpenStack Wiki search"
3813
4033
msgstr ""
3814
4034
3815
#: serverguide/C/virtualization.xml:734(ulink)
4035
#: serverguide/C/virtualization.xml:802(ulink)
3816
4036
msgid "Launchpad bugs area"
3817
4037
msgstr ""
3818
4038
3819
#: serverguide/C/virtualization.xml:739(para)
4039
#: serverguide/C/virtualization.xml:807(para)
3820
4040
msgid "Join the IRC channel #openstack on freenode."
3821
4041
msgstr ""
3822
4042
3823
#: serverguide/C/virtualization.xml:750(ulink)
4043
#: serverguide/C/virtualization.xml:818(ulink)
3824
4044
msgid "Cloud Computing - Service models"
3825
4045
msgstr ""
3826
4046
3827
#: serverguide/C/virtualization.xml:756(ulink)
4047
#: serverguide/C/virtualization.xml:824(ulink)
3828
4048
msgid "OpenStack Compute"
3829
4049
msgstr ""
3830
4050
3831
#: serverguide/C/virtualization.xml:762(ulink)
4051
#: serverguide/C/virtualization.xml:830(ulink)
3832
4052
msgid "OpenStack Image Service"
3833
4053
msgstr ""
3834
4054
3835
#: serverguide/C/virtualization.xml:768(ulink)
4055
#: serverguide/C/virtualization.xml:836(ulink)
3836
4056
msgid "OpenStack Object Storage Administration Guide"
3837
4057
msgstr ""
3838
4058
3839
#: serverguide/C/virtualization.xml:774(ulink)
4059
#: serverguide/C/virtualization.xml:842(ulink)
3840
4060
msgid "Installing OpenStack Object Storage on Ubuntu"
3841
4061
msgstr ""
3842
4062
3843
#: serverguide/C/virtualization.xml:780(ulink)
4063
#: serverguide/C/virtualization.xml:848(ulink)
3844
4064
msgid "http://cloudglossary.com/"
3845
4065
msgstr ""
3846
4066
3847
#: serverguide/C/virtualization.xml:790(title)
4067
#: serverguide/C/virtualization.xml:858(title)
3848
4068
msgid "LXD"
3849
4069
msgstr ""
3850
4070
3851
#: serverguide/C/virtualization.xml:792(para)
4071
#: serverguide/C/virtualization.xml:860(para)
3852
4072
msgid ""
3853
4073
"LXD (pronounced lex-dee) is the lightervisor, or lightweight container "
3854
4074
"hypervisor. While this claim has been controversial, it has been <ulink "
3858
4078
"url=\"https://help.ubuntu.com/lts/serverguide/lxc.html\">LXC</ulink>."
3859
4079
msgstr ""
3860
4080
3861
#: serverguide/C/virtualization.xml:801(para)
4081
#: serverguide/C/virtualization.xml:869(para)
3862
4082
msgid ""
3863
4083
"LXC (lex-see) is a program which creates and administers \"containers\" on a "
3864
4084
"local system. It also provides an API to allow higher level managers, such "
3866
4086
"while comparing LXD to libvirt."
3867
4087
msgstr ""
3868
4088
3869
#: serverguide/C/virtualization.xml:808(para)
4089
#: serverguide/C/virtualization.xml:876(para)
3870
4090
msgid ""
3871
4091
"The LXC API deals with a 'container'. The LXD API deals with 'remotes', "
3872
4092
"which serve images and containers. This extends the LXC functionality over "
3874
4094
"and container image publishing."
3875
4095
msgstr ""
3876
4096
3877
#: serverguide/C/virtualization.xml:815(para)
4097
#: serverguide/C/virtualization.xml:883(para)
3878
4098
msgid ""
3879
4099
"LXD uses LXC under the covers for some container management tasks. However, "
3880
4100
"it keeps its own container configuration information and has its own "
3883
4103
"LXD on Ubuntu systems."
3884
4104
msgstr ""
3885
4105
3886
#: serverguide/C/virtualization.xml:823(title)
4106
#: serverguide/C/virtualization.xml:891(title)
3887
4107
msgid "Online Resources"
3888
4108
msgstr ""
3889
4109
3890
#: serverguide/C/virtualization.xml:825(para)
4110
#: serverguide/C/virtualization.xml:893(para)
3891
4111
msgid ""
3892
4112
"There is excellent documentation for <ulink "
3893
4113
"url=\"http://github.com/lxc/lxd\">getting started with LXD</ulink> in the "
3901
4121
"juju</ulink>."
3902
4122
msgstr ""
3903
4123
3904
#: serverguide/C/virtualization.xml:832(para)
4124
#: serverguide/C/virtualization.xml:900(para)
3905
4125
msgid ""
3906
4126
"This document will offer an Ubuntu Server-specific view of LXD, focusing on "
3907
4127
"administration."
3908
4128
msgstr ""
3909
4129
3910
#: serverguide/C/virtualization.xml:840(para)
4130
#: serverguide/C/virtualization.xml:908(para)
3911
4131
msgid ""
3912
4132
"LXD is pre-installed on Ubuntu Server cloud images. On other systems, the "
3913
4133
"lxd package can be installed using:"
3914
4134
msgstr ""
3915
4135
3916
#: serverguide/C/virtualization.xml:846(command)
4136
#: serverguide/C/virtualization.xml:914(command)
3917
4137
msgid "sudo apt install lxd"
3918
4138
msgstr ""
3919
4139
3920
#: serverguide/C/virtualization.xml:851(para)
4140
#: serverguide/C/virtualization.xml:919(para)
3921
4141
msgid ""
3922
4142
"This will install LXD as well as the recommended dependencies, including the "
3923
4143
"LXC library and lxcfs."
3924
4144
msgstr ""
3925
4145
3926
#: serverguide/C/virtualization.xml:857(title)
4146
#: serverguide/C/virtualization.xml:925(title)
3927
4147
msgid "Kernel preparation"
3928
4148
msgstr ""
3929
4149
3930
#: serverguide/C/virtualization.xml:859(para)
4150
#: serverguide/C/virtualization.xml:927(para)
3931
4151
msgid ""
3932
4152
"In general, Ubuntu 16.04 should have all the desired features enabled by "
3933
4153
"default. One exception to this is that in order to enable swap accounting "
3937
4157
"then running 'update-grub' as root and rebooting."
3938
4158
msgstr ""
3939
4159
3940
#: serverguide/C/virtualization.xml:871(para)
4160
#: serverguide/C/virtualization.xml:939(para)
3941
4161
msgid ""
3942
4162
"By default, LXD is installed listening on a local UNIX socket, which members "
3943
4163
"of group LXD can talk to. It has no trust password setup. And it uses the "
3946
4166
"will allow you to choose:"
3947
4167
msgstr ""
3948
4168
3949
#: serverguide/C/virtualization.xml:881(para)
4169
#: serverguide/C/virtualization.xml:949(para)
3950
4170
msgid ""
3951
4171
"Directory or <ulink url=\"http://open-zfs.org\">ZFS</ulink> container "
3952
4172
"backend. If you choose ZFS, you can choose which block devices to use, or "
3953
4173
"the size of a file to use as backing store."
3954
4174
msgstr ""
3955
4175
3956
#: serverguide/C/virtualization.xml:885(para)
4176
#: serverguide/C/virtualization.xml:953(para)
3957
4177
msgid "Availability over the network"
3958
4178
msgstr ""
3959
4179
3960
#: serverguide/C/virtualization.xml:887(para)
4180
#: serverguide/C/virtualization.xml:955(para)
3961
4181
msgid ""
3962
4182
"A 'trust password' used by remote clients to vouch for their client "
3963
4183
"certificate"
3964
4184
msgstr ""
3965
4185
3966
#: serverguide/C/virtualization.xml:891(para)
4186
#: serverguide/C/virtualization.xml:959(para)
3967
4187
msgid ""
3968
4188
"You must run 'lxd init' as root. 'lxc' commands can be run as any user who "
3969
4189
"is member of group lxd. If user joe is not a member of group 'lxd', you may "
3970
4190
"run:"
3971
4191
msgstr ""
3972
4192
3973
#: serverguide/C/virtualization.xml:898(command)
4193
#: serverguide/C/virtualization.xml:966(command)
3974
4194
msgid "adduser joe lxd"
3975
4195
msgstr ""
3976
4196
3977
#: serverguide/C/virtualization.xml:903(para)
4197
#: serverguide/C/virtualization.xml:971(para)
3978
4198
msgid ""
3979
4199
"as root to change it. The new membership will take effect on the next login, "
3980
4200
"or after running 'newgrp lxd' from an existing login."
3981
4201
msgstr ""
3982
4202
3983
#: serverguide/C/virtualization.xml:908(para)
4203
#: serverguide/C/virtualization.xml:976(para)
3984
4204
msgid ""
3985
4205
"For more information on server, container, profile, and device "
3986
4206
"configuration, please refer to the definitive configuration provided with "
3989
4209
"link>"
3990
4210
msgstr ""
3991
4211
3992
#: serverguide/C/virtualization.xml:916(title)
4212
#: serverguide/C/virtualization.xml:984(title)
3993
4213
msgid "Creating your first container"
3994
4214
msgstr ""
3995
4215
3996
#: serverguide/C/virtualization.xml:918(para)
4216
#: serverguide/C/virtualization.xml:986(para)
3997
4217
msgid "This section will describe the simplest container tasks."
3998
4218
msgstr ""
3999
4219
4000
#: serverguide/C/virtualization.xml:922(title)
4220
#: serverguide/C/virtualization.xml:990(title)
4001
4221
msgid "Creating a container"
4002
4222
msgstr ""
4003
4223
4004
#: serverguide/C/virtualization.xml:924(para)
4224
#: serverguide/C/virtualization.xml:992(para)
4005
4225
msgid ""
4006
4226
"Every new container is created based on either an image, an existing "
4007
4227
"container, or a container snapshot. At install time, LXD is configured with "
4008
4228
"the following image servers:"
4009
4229
msgstr ""
4010
4230
4011
#: serverguide/C/virtualization.xml:932(para)
4231
#: serverguide/C/virtualization.xml:1000(para)
4012
4232
msgid ""
4013
4233
"<filename>ubuntu</filename>: this serves official Ubuntu server cloud image "
4014
4234
"releases."
4015
4235
msgstr ""
4016
4236
4017
#: serverguide/C/virtualization.xml:935(para)
4237
#: serverguide/C/virtualization.xml:1003(para)
4018
4238
msgid ""
4019
4239
"<filename>ubuntu-daily</filename>: this serves official Ubuntu server cloud "
4020
4240
"images of the daily development releases."
4021
4241
msgstr ""
4022
4242
4023
#: serverguide/C/virtualization.xml:939(para)
4243
#: serverguide/C/virtualization.xml:1007(para)
4024
4244
msgid ""
4025
4245
"<filename>images</filename>: this is a default-installed alias for "
4026
4246
"images.linuxcontainers.org. This is serves classical lxc images built using "
4029
4249
"recommended server for Ubuntu images."
4030
4250
msgstr ""
4031
4251
4032
#: serverguide/C/virtualization.xml:947(para)
4252
#: serverguide/C/virtualization.xml:1015(para)
4033
4253
msgid "The command to create and start a container is"
4034
4254
msgstr ""
4035
4255
4036
#: serverguide/C/virtualization.xml:952(command)
4256
#: serverguide/C/virtualization.xml:1020(command)
4037
4257
msgid "lxc launch remote:image containername"
4038
4258
msgstr ""
4039
4259
4040
#: serverguide/C/virtualization.xml:957(para)
4260
#: serverguide/C/virtualization.xml:1025(para)
4041
4261
msgid ""
4042
4262
"Images are identified by their hash, but are also aliased. The 'ubuntu' "
4043
4263
"server knows many aliases such as '16.04' and 'xenial'. A list of all images "
4044
4264
"available from the Ubuntu Server can be seen using:"
4045
4265
msgstr ""
4046
4266
4047
#: serverguide/C/virtualization.xml:964(command) serverguide/C/virtualization.xml:1488(command)
4267
#: serverguide/C/virtualization.xml:1032(command) serverguide/C/virtualization.xml:1556(command)
4048
4268
msgid "lxc image list ubuntu:"
4049
4269
msgstr ""
4050
4270
4051
#: serverguide/C/virtualization.xml:969(para)
4271
#: serverguide/C/virtualization.xml:1037(para)
4052
4272
msgid ""
4053
4273
"To see more information about a particular image, including all the aliases "
4054
4274
"it is known by, you can use:"
4055
4275
msgstr ""
4056
4276
4057
#: serverguide/C/virtualization.xml:975(command)
4277
#: serverguide/C/virtualization.xml:1043(command)
4058
4278
msgid "lxc image info ubuntu:xenial"
4059
4279
msgstr ""
4060
4280
4061
#: serverguide/C/virtualization.xml:980(para)
4281
#: serverguide/C/virtualization.xml:1048(para)
4062
4282
msgid ""
4063
4283
"You can generally refer to an Ubuntu image using the release name ('xenial') "
4064
4284
"or the release number (16.04). In addition, 'lts' is an alias for the latest "
4066
4286
"the desired architecture:"
4067
4287
msgstr ""
4068
4288
4069
#: serverguide/C/virtualization.xml:988(command)
4289
#: serverguide/C/virtualization.xml:1056(command)
4070
4290
msgid "lxc image info ubuntu:lts/arm64"
4071
4291
msgstr ""
4072
4292
4073
#: serverguide/C/virtualization.xml:993(para)
4293
#: serverguide/C/virtualization.xml:1061(para)
4074
4294
msgid "Now, let's start our first container:"
4075
4295
msgstr ""
4076
4296
4077
#: serverguide/C/virtualization.xml:998(command)
4297
#: serverguide/C/virtualization.xml:1066(command)
4078
4298
msgid "lxc launch ubuntu:xenial x1"
4079
4299
msgstr ""
4080
4300
4081
#: serverguide/C/virtualization.xml:1003(para)
4301
#: serverguide/C/virtualization.xml:1071(para)
4082
4302
msgid ""
4083
4303
"This will download the official current Xenial cloud image for your current "
4084
4304
"architecture, then create a container using that image, and finally start "
4085
4305
"it. Once the command returns, you can see it using:"
4086
4306
msgstr ""
4087
4307
4088
#: serverguide/C/virtualization.xml:1010(command)
4308
#: serverguide/C/virtualization.xml:1078(command)
4089
4309
msgid "lxc list lxc info x1"
4090
4310
msgstr ""
4091
4311
4092
#: serverguide/C/virtualization.xml:1016(para)
4312
#: serverguide/C/virtualization.xml:1084(para)
4093
4313
msgid "and open a shell in it using:"
4094
4314
msgstr ""
4095
4315
4096
#: serverguide/C/virtualization.xml:1021(command)
4316
#: serverguide/C/virtualization.xml:1089(command)
4097
4317
msgid "lxc exec x1 bash"
4098
4318
msgstr ""
4099
4319
4100
#: serverguide/C/virtualization.xml:1026(para)
4320
#: serverguide/C/virtualization.xml:1094(para)
4101
4321
msgid ""
4102
4322
"The try-it page gives a full synopsis of the commands you can use to "
4103
4323
"administer containers."
4104
4324
msgstr ""
4105
4325
4106
#: serverguide/C/virtualization.xml:1031(para)
4326
#: serverguide/C/virtualization.xml:1099(para)
4107
4327
msgid ""
4108
4328
"Now that the 'xenial' image has been downloaded, it will be kept in sync "
4109
4329
"until no new containers have been created based on it for (by default) 10 "
4110
4330
"days. After that, it will be deleted."
4111
4331
msgstr ""
4112
4332
4113
#: serverguide/C/virtualization.xml:1039(title)
4333
#: serverguide/C/virtualization.xml:1107(title)
4114
4334
msgid "LXD Server Configuration"
4115
4335
msgstr ""
4116
4336
4117
#: serverguide/C/virtualization.xml:1041(para)
4337
#: serverguide/C/virtualization.xml:1109(para)
4118
4338
msgid ""
4119
4339
"By default, LXD is socket activated and configured to listen only on a local "
4120
4340
"UNIX socket. While LXD may not be running when you first look at the process "
4121
4341
"listing, any LXC command will start it up. For instance:"
4122
4342
msgstr ""
4123
4343
4124
#: serverguide/C/virtualization.xml:1048(command)
4344
#: serverguide/C/virtualization.xml:1116(command)
4125
4345
msgid "lxc list"
4126
4346
msgstr ""
4127
4347
4128
#: serverguide/C/virtualization.xml:1053(para)
4348
#: serverguide/C/virtualization.xml:1121(para)
4129
4349
msgid ""
4130
4350
"This will create your client certificate and contact the LXD server for a "
4131
4351
"list of containers. To make the server accessible over the network you can "
4132
4352
"set the http port using:"
4133
4353
msgstr ""
4134
4354
4135
#: serverguide/C/virtualization.xml:1060(command)
4355
#: serverguide/C/virtualization.xml:1128(command)
4136
4356
msgid "lxc config set core.https_address :8443"
4137
4357
msgstr ""
4138
4358
4139
#: serverguide/C/virtualization.xml:1065(para)
4359
#: serverguide/C/virtualization.xml:1133(para)
4140
4360
msgid "This will tell LXD to listen to port 8843 on all addresses."
4141
4361
msgstr ""
4142
4362
4143
#: serverguide/C/virtualization.xml:1069(title)
4363
#: serverguide/C/virtualization.xml:1137(title)
4144
4364
msgid "Authentication"
4145
4365
msgstr ""
4146
4366
4147
#: serverguide/C/virtualization.xml:1071(para)
4367
#: serverguide/C/virtualization.xml:1139(para)
4148
4368
msgid ""
4149
4369
"By default, LXD will allow all members of group 'lxd' (which by default "
4150
4370
"includes all members of group admin) to talk to it over the UNIX socket. "
4152
4372
"certificates."
4153
4373
msgstr ""
4154
4374
4155
#: serverguide/C/virtualization.xml:1077(para)
4375
#: serverguide/C/virtualization.xml:1145(para)
4156
4376
msgid ""
4157
4377
"Before client c1 wishes to use remote r1, r1 must be registered using:"
4158
4378
msgstr ""
4159
4379
4160
#: serverguide/C/virtualization.xml:1082(command)
4380
#: serverguide/C/virtualization.xml:1150(command)
4161
4381
msgid "lxc remote add r1 r1.example.com:8443"
4162
4382
msgstr ""
4163
4383
4164
#: serverguide/C/virtualization.xml:1087(para)
4384
#: serverguide/C/virtualization.xml:1155(para)
4165
4385
msgid ""
4166
4386
"The fingerprint of r1's certificate will be shown, to allow the user at c1 "
4167
4387
"to reject a false certificate. The server in turn will verify that c1 may be "
4169
4389
"already-registered client, using:"
4170
4390
msgstr ""
4171
4391
4172
#: serverguide/C/virtualization.xml:1095(command)
4392
#: serverguide/C/virtualization.xml:1163(command)
4173
4393
msgid "lxc config trust add r1 certfile.crt"
4174
4394
msgstr ""
4175
4395
4176
#: serverguide/C/virtualization.xml:1100(para)
4396
#: serverguide/C/virtualization.xml:1168(para)
4177
4397
msgid ""
4178
4398
"Now when the client adds r1 as a known remote, it will not need to provide a "
4179
4399
"password as it is already trusted by the server."
4180
4400
msgstr ""
4181
4401
4182
#: serverguide/C/virtualization.xml:1105(para)
4402
#: serverguide/C/virtualization.xml:1173(para)
4183
4403
msgid ""
4184
4404
"The other is to configure a 'trust password' with r1, either at initial "
4185
4405
"configuration using 'lxd init', or after the fact using"
4186
4406
msgstr ""
4187
4407
4188
#: serverguide/C/virtualization.xml:1111(command)
4408
#: serverguide/C/virtualization.xml:1179(command)
4189
4409
msgid "lxc config set core.trust_password PASSWORD"
4190
4410
msgstr ""
4191
4411
4192
#: serverguide/C/virtualization.xml:1116(para)
4412
#: serverguide/C/virtualization.xml:1184(para)
4193
4413
msgid ""
4194
4414
"The password can then be provided when the client registers r1 as a known "
4195
4415
"remote."
4196
4416
msgstr ""
4197
4417
4198
#: serverguide/C/virtualization.xml:1123(title)
4418
#: serverguide/C/virtualization.xml:1191(title)
4199
4419
msgid "Backing store"
4200
4420
msgstr ""
4201
4421
4202
#: serverguide/C/virtualization.xml:1125(para)
4422
#: serverguide/C/virtualization.xml:1193(para)
4203
4423
msgid ""
4204
4424
"LXD supports several backing stores. The recommended backing store is ZFS, "
4205
4425
"however this is not available on all platforms. Supported backing stores "
4206
4426
"include:"
4207
4427
msgstr ""
4208
4428
4209
#: serverguide/C/virtualization.xml:1133(para)
4429
#: serverguide/C/virtualization.xml:1201(para)
4210
4430
msgid ""
4211
4431
"ext4: this is the default, and easiest to use. With an ext4 backing store, "
4212
4432
"containers and images are simply stored as directories on the host "
4214
4434
"and 10 containers will take up 10 times as much space as one container."
4215
4435
msgstr ""
4216
4436
4217
#: serverguide/C/virtualization.xml:1142(para)
4437
#: serverguide/C/virtualization.xml:1210(para)
4218
4438
msgid ""
4219
4439
"ZFS: if ZFS is supported on your architecture (amd64, arm64, or ppc64le), "
4220
4440
"you can set LXD up to use it using 'lxd init'. If you already have a ZFS "
4222
4442
"configuration key:"
4223
4443
msgstr ""
4224
4444
4225
#: serverguide/C/virtualization.xml:1150(command)
4445
#: serverguide/C/virtualization.xml:1218(command)
4226
4446
msgid "lxc config set storage.zfs_pool_name lxd"
4227
4447
msgstr ""
4228
4448
4229
#: serverguide/C/virtualization.xml:1155(para)
4449
#: serverguide/C/virtualization.xml:1223(para)
4230
4450
msgid ""
4231
4451
"With ZFS, launching a new container is fast because the filesystem starts as "
4232
4452
"a copy on write clone of the images' filesystem. Note that unless the "
4235
4455
"little of the actual filesystem data."
4236
4456
msgstr ""
4237
4457
4238
#: serverguide/C/virtualization.xml:1165(para)
4458
#: serverguide/C/virtualization.xml:1233(para)
4239
4459
msgid ""
4240
4460
"Btrfs: btrfs can be used with many of the same advantages as ZFS. To use "
4241
4461
"BTRFS as a LXD backing store, simply mount a Btrfs filesystem under "
4244
4464
"container."
4245
4465
msgstr ""
4246
4466
4247
#: serverguide/C/virtualization.xml:1175(para)
4467
#: serverguide/C/virtualization.xml:1243(para)
4248
4468
msgid ""
4249
4469
"LVM: To use a LVM volume group called 'lxd', you may tell LXD to use that "
4250
4470
"for containers and images using the command"
4251
4471
msgstr ""
4252
4472
4253
#: serverguide/C/virtualization.xml:1181(command)
4473
#: serverguide/C/virtualization.xml:1249(command)
4254
4474
msgid "lxc config set storage.lvm_vg_name lxd"
4255
4475
msgstr ""
4256
4476
4257
#: serverguide/C/virtualization.xml:1186(para)
4477
#: serverguide/C/virtualization.xml:1254(para)
4258
4478
msgid ""
4259
4479
"When launching a new container, its rootfs will start as a lv clone. It is "
4260
4480
"immediately mounted so that the file uids can be shifted, then unmounted. "
4261
4481
"Container snapshots also are created as lv snapshots."
4262
4482
msgstr ""
4263
4483
4264
#: serverguide/C/virtualization.xml:1196(title)
4484
#: serverguide/C/virtualization.xml:1264(title)
4265
4485
msgid "Container configuration"
4266
4486
msgstr ""
4267
4487
4268
#: serverguide/C/virtualization.xml:1198(para)
4488
#: serverguide/C/virtualization.xml:1266(para)
4269
4489
msgid ""
4270
4490
"Containers are configured according to a set of profiles, described in the "
4271
4491
"next section, and a set of container-specific configuration. Profiles are "
4273
4493
"configuration."
4274
4494
msgstr ""
4275
4495
4276
#: serverguide/C/virtualization.xml:1205(para)
4496
#: serverguide/C/virtualization.xml:1273(para)
4277
4497
msgid ""
4278
4498
"Container configuration includes properties like the architecture, limits on "
4279
4499
"resources such as CPU and RAM, security details including apparmor "
4280
4500
"restriction overrides, and devices to apply to the container."
4281
4501
msgstr ""
4282
4502
4283
#: serverguide/C/virtualization.xml:1211(para)
4503
#: serverguide/C/virtualization.xml:1279(para)
4284
4504
msgid ""
4285
4505
"Devices can be of several types, including UNIX character, UNIX block, "
4286
4506
"network interface, or 'disk'. In order to insert a host mount into a "
4288
4508
"in container c1 at /opt, you could use:"
4289
4509
msgstr ""
4290
4510
4291
#: serverguide/C/virtualization.xml:1219(command)
4511
#: serverguide/C/virtualization.xml:1287(command)
4292
4512
msgid "lxc config device add c1 opt disk source=/opt path=opt"
4293
4513
msgstr ""
4294
4514
4295
#: serverguide/C/virtualization.xml:1224(para)
4515
#: serverguide/C/virtualization.xml:1292(para)
4296
4516
msgid "See:"
4297
4517
msgstr ""
4298
4518
4299
#: serverguide/C/virtualization.xml:1229(command)
4519
#: serverguide/C/virtualization.xml:1297(command)
4300
4520
msgid "lxc help config"
4301
4521
msgstr ""
4302
4522
4303
#: serverguide/C/virtualization.xml:1234(para)
4523
#: serverguide/C/virtualization.xml:1302(para)
4304
4524
msgid ""
4305
4525
"for more information about editing container configurations. You may also "
4306
4526
"use:"
4307
4527
msgstr ""
4308
4528
4309
#: serverguide/C/virtualization.xml:1240(command)
4529
#: serverguide/C/virtualization.xml:1308(command)
4310
4530
msgid "lxc config edit c1"
4311
4531
msgstr ""
4312
4532
4313
#: serverguide/C/virtualization.xml:1245(para)
4533
#: serverguide/C/virtualization.xml:1313(para)
4314
4534
msgid ""
4315
4535
"to edit the whole of c1's configuration in your specified $EDITOR. Comments "
4316
4536
"at the top of the configuration will show examples of correct syntax to help "
4318
4538
"valid when the $EDITOR is exited, then $EDITOR will be restarted."
4319
4539
msgstr ""
4320
4540
4321
#: serverguide/C/virtualization.xml:1255(title) serverguide/C/security.xml:1065(title)
4541
#: serverguide/C/virtualization.xml:1323(title) serverguide/C/security.xml:1065(title)
4322
4542
msgid "Profiles"
4323
4543
msgstr ""
4324
4544
4325
#: serverguide/C/virtualization.xml:1257(para)
4545
#: serverguide/C/virtualization.xml:1325(para)
4326
4546
msgid ""
4327
4547
"Profiles are named collections of configurations which may be applied to "
4328
4548
"more than one container. For instance, all containers created with 'lxc "
4330
4550
"interface 'eth0'."
4331
4551
msgstr ""
4332
4552
4333
#: serverguide/C/virtualization.xml:1264(para)
4553
#: serverguide/C/virtualization.xml:1332(para)
4334
4554
msgid ""
4335
4555
"To mask a device which would be inherited from a profile but which should "
4336
4556
"not be in the final container, define a device by the same name but of type "
4337
4557
"'none':"
4338
4558
msgstr ""
4339
4559
4340
#: serverguide/C/virtualization.xml:1271(command)
4560
#: serverguide/C/virtualization.xml:1339(command)
4341
4561
msgid "lxc config device add c1 eth1 none"
4342
4562
msgstr ""
4343
4563
4344
#: serverguide/C/virtualization.xml:1277(title) serverguide/C/virtualization.xml:1869(title)
4564
#: serverguide/C/virtualization.xml:1345(title) serverguide/C/virtualization.xml:1937(title)
4345
4565
msgid "Nesting"
4346
4566
msgstr ""
4347
4567
4348
#: serverguide/C/virtualization.xml:1279(para)
4568
#: serverguide/C/virtualization.xml:1347(para)
4349
4569
msgid ""
4350
4570
"Containers all share the same host kernel. This means that there is always "
4351
4571
"an inherent trade-off between features exposed to the container and host "
4355
4575
"must be set to true:"
4356
4576
msgstr ""
4357
4577
4358
#: serverguide/C/virtualization.xml:1289(command)
4578
#: serverguide/C/virtualization.xml:1357(command)
4359
4579
msgid "lxc config set container1 security.nesting true"
4360
4580
msgstr ""
4361
4581
4362
#: serverguide/C/virtualization.xml:1294(para)
4582
#: serverguide/C/virtualization.xml:1362(para)
4363
4583
msgid "Once this is done, container1 will be able to start sub-containers."
4364
4584
msgstr ""
4365
4585
4366
#: serverguide/C/virtualization.xml:1298(para)
4586
#: serverguide/C/virtualization.xml:1366(para)
4367
4587
msgid ""
4368
4588
"In order to run unprivileged (the default in LXD) containers nested under an "
4369
4589
"unprivileged container, you will need to ensure a wide enough UID mapping. "
4370
4590
"Please see the 'UID mapping' section below."
4371
4591
msgstr ""
4372
4592
4373
#: serverguide/C/virtualization.xml:1304(title)
4593
#: serverguide/C/virtualization.xml:1372(title)
4374
4594
msgid "Docker"
4375
4595
msgstr ""
4376
4596
4377
#: serverguide/C/virtualization.xml:1306(para)
4597
#: serverguide/C/virtualization.xml:1374(para)
4378
4598
msgid ""
4379
4599
"In order to facilitate running docker containers inside a LXD container, a "
4380
4600
"'docker' profile is provided. To launch a new container with the docker "
4381
4601
"profile, you can run:"
4382
4602
msgstr ""
4383
4603
4384
#: serverguide/C/virtualization.xml:1313(command)
4604
#: serverguide/C/virtualization.xml:1381(command)
4385
4605
msgid "lxc launch xenial container1 -p default -p docker"
4386
4606
msgstr ""
4387
4607
4388
#: serverguide/C/virtualization.xml:1318(para)
4608
#: serverguide/C/virtualization.xml:1386(para)
4389
4609
msgid ""
4390
4610
"Note that currently the docker package in Ubuntu 16.04 is patched to "
4391
4611
"facilitate running in a container. This support is expected to land upstream "
4392
4612
"soon."
4393
4613
msgstr ""
4394
4614
4395
#: serverguide/C/virtualization.xml:1324(para)
4615
#: serverguide/C/virtualization.xml:1392(para)
4396
4616
msgid ""
4397
4617
"Note that 'cgroup namespace' support is also required. This is available in "
4398
4618
"the 16.04 kernel as well as in the 4.6 upstream source."
4399
4619
msgstr ""
4400
4620
4401
#: serverguide/C/virtualization.xml:1333(title)
4621
#: serverguide/C/virtualization.xml:1401(title)
4402
4622
msgid "Limits"
4403
4623
msgstr ""
4404
4624
4405
#: serverguide/C/virtualization.xml:1335(para)
4625
#: serverguide/C/virtualization.xml:1403(para)
4406
4626
msgid ""
4407
4627
"LXD supports flexible constraints on the resources which containers can "
4408
4628
"consume. The limits come in the following categories:"
4409
4629
msgstr ""
4410
4630
4411
#: serverguide/C/virtualization.xml:1342(para)
4631
#: serverguide/C/virtualization.xml:1410(para)
4412
4632
msgid "CPU: limit cpu available to the container in several ways."
4413
4633
msgstr ""
4414
4634
4415
#: serverguide/C/virtualization.xml:1345(para)
4635
#: serverguide/C/virtualization.xml:1413(para)
4416
4636
msgid "Disk: configure the priority of I/O requests under load"
4417
4637
msgstr ""
4418
4638
4419
#: serverguide/C/virtualization.xml:1348(para)
4639
#: serverguide/C/virtualization.xml:1416(para)
4420
4640
msgid "RAM: configure memory and swap availability"
4421
4641
msgstr ""
4422
4642
4423
#: serverguide/C/virtualization.xml:1351(para)
4643
#: serverguide/C/virtualization.xml:1419(para)
4424
4644
msgid "Network: configure the network priority under load"
4425
4645
msgstr ""
4426
4646
4427
#: serverguide/C/virtualization.xml:1354(para)
4647
#: serverguide/C/virtualization.xml:1422(para)
4428
4648
msgid "Processes: limit the number of concurrent processes in the container."
4429
4649
msgstr ""
4430
4650
4431
#: serverguide/C/virtualization.xml:1358(para)
4651
#: serverguide/C/virtualization.xml:1426(para)
4432
4652
msgid ""
4433
4653
"For a full list of limits known to LXD, see <ulink "
4434
4654
"url=\"https://github.com/lxc/lxd/blob/master/doc/configuration.md\"> the "
4435
4655
"configuration documentation</ulink>."
4436
4656
msgstr ""
4437
4657
4438
#: serverguide/C/virtualization.xml:1366(title)
4658
#: serverguide/C/virtualization.xml:1434(title)
4439
4659
msgid "UID mappings and Privileged containers"
4440
4660
msgstr ""
4441
4661
4442
#: serverguide/C/virtualization.xml:1368(para)
4662
#: serverguide/C/virtualization.xml:1436(para)
4443
4663
msgid ""
4444
4664
"By default, LXD creates unprivileged containers. This means that root in the "
4445
4665
"container is a non-root UID on the host. It is privileged against the "
4449
4669
"the system call interface)"
4450
4670
msgstr ""
4451
4671
4452
#: serverguide/C/virtualization.xml:1377(para)
4672
#: serverguide/C/virtualization.xml:1445(para)
4453
4673
msgid ""
4454
4674
"Briefly, in an unprivileged container, 65536 UIDs are 'shifted' into the "
4455
4675
"container. For instance, UID 0 in the container may be 100000 on the host, "
4461
4681
"subuid(5) manual page</ulink>."
4462
4682
msgstr ""
4463
4683
4464
#: serverguide/C/virtualization.xml:1387(para)
4684
#: serverguide/C/virtualization.xml:1455(para)
4465
4685
msgid ""
4466
4686
"It is possible to request a container to run without a UID mapping by "
4467
4687
"setting the security.privileged flag to true:"
4468
4688
msgstr ""
4469
4689
4470
#: serverguide/C/virtualization.xml:1393(command)
4690
#: serverguide/C/virtualization.xml:1461(command)
4471
4691
msgid "lxc config set c1 security.privileged true"
4472
4692
msgstr ""
4473
4693
4474
#: serverguide/C/virtualization.xml:1398(para)
4694
#: serverguide/C/virtualization.xml:1466(para)
4475
4695
msgid ""
4476
4696
"Note however that in this case the root user in the container is the root "
4477
4697
"user on the host."
4478
4698
msgstr ""
4479
4699
4480
#: serverguide/C/virtualization.xml:1405(title) serverguide/C/virtualization.xml:2144(title)
4700
#: serverguide/C/virtualization.xml:1473(title) serverguide/C/virtualization.xml:2212(title)
4481
4701
msgid "Apparmor"
4482
4702
msgstr ""
4483
4703
4484
#: serverguide/C/virtualization.xml:1407(para)
4704
#: serverguide/C/virtualization.xml:1475(para)
4485
4705
msgid ""
4486
4706
"LXD confines containers by default with an apparmor profile which protects "
4487
4707
"containers from each other and the host from containers. For instance this "
4491
4711
"/proc/sysrq-trigger</filename>."
4492
4712
msgstr ""
4493
4713
4494
#: serverguide/C/virtualization.xml:1416(para)
4714
#: serverguide/C/virtualization.xml:1484(para)
4495
4715
msgid ""
4496
4716
"If the apparmor policy for a container needs to be modified for a container "
4497
4717
"c1, specific apparmor policy lines can be added in the 'raw.apparmor' "
4498
4718
"configuration key."
4499
4719
msgstr ""
4500
4720
4501
#: serverguide/C/virtualization.xml:1424(title)
4721
#: serverguide/C/virtualization.xml:1492(title)
4502
4722
msgid "Seccomp"
4503
4723
msgstr ""
4504
4724
4505
#: serverguide/C/virtualization.xml:1426(para)
4725
#: serverguide/C/virtualization.xml:1494(para)
4506
4726
msgid ""
4507
4727
"All containers are confined by a default seccomp policy. This policy "
4508
4728
"prevents some dangerous actions such as forced umounts, kernel module "
4511
4731
"seccomp policy - or none - can be requested using raw.lxc (see below)."
4512
4732
msgstr ""
4513
4733
4514
#: serverguide/C/virtualization.xml:1436(title)
4734
#: serverguide/C/virtualization.xml:1504(title)
4515
4735
msgid "Raw LXC configuration"
4516
4736
msgstr ""
4517
4737
4518
#: serverguide/C/virtualization.xml:1438(para)
4738
#: serverguide/C/virtualization.xml:1506(para)
4519
4739
msgid ""
4520
4740
"LXD configures containers for the best balance of host safety and container "
4521
4741
"usability. Whenever possible it is highly recommended to use the defaults, "
4528
4748
".html\"> the lxc.container.conf(5) manual page</ulink>."
4529
4749
msgstr ""
4530
4750
4531
#: serverguide/C/virtualization.xml:1457(title)
4751
#: serverguide/C/virtualization.xml:1525(title)
4532
4752
msgid "Images and containers"
4533
4753
msgstr ""
4534
4754
4535
#: serverguide/C/virtualization.xml:1459(para)
4755
#: serverguide/C/virtualization.xml:1527(para)
4536
4756
msgid ""
4537
4757
"LXD is image based. When you create your first container, you will generally "
4538
4758
"do so using an existing image. LXD comes pre-configured with three default "
4539
4759
"image remotes:"
4540
4760
msgstr ""
4541
4761
4542
#: serverguide/C/virtualization.xml:1467(para)
4762
#: serverguide/C/virtualization.xml:1535(para)
4543
4763
msgid ""
4544
4764
"ubuntu: This is a <ulink "
4545
4765
"url=\"https://launchpad.net/simplestreams\">simplestreams-based</ulink> "
4546
4766
"remote serving released ubuntu cloud images."
4547
4767
msgstr ""
4548
4768
4549
#: serverguide/C/virtualization.xml:1472(para)
4769
#: serverguide/C/virtualization.xml:1540(para)
4550
4770
msgid ""
4551
4771
"ubuntu-daily: This is another simplestreams based remote which serves "
4552
4772
"'daily' ubuntu cloud images. These provide quicker but potentially less "
4553
4773
"stable images."
4554
4774
msgstr ""
4555
4775
4556
#: serverguide/C/virtualization.xml:1478(para)
4776
#: serverguide/C/virtualization.xml:1546(para)
4557
4777
msgid ""
4558
4778
"images: This is a remote publishing best-effort container images for many "
4559
4779
"distributions, created using community-provided build scripts."
4560
4780
msgstr ""
4561
4781
4562
#: serverguide/C/virtualization.xml:1483(para)
4782
#: serverguide/C/virtualization.xml:1551(para)
4563
4783
msgid "To view the images available on one of these servers, you can use:"
4564
4784
msgstr ""
4565
4785
4566
#: serverguide/C/virtualization.xml:1493(para)
4786
#: serverguide/C/virtualization.xml:1561(para)
4567
4787
msgid ""
4568
4788
"Most of the images are known by several aliases for easier reference. To see "
4569
4789
"the full list of aliases, you can use"
4570
4790
msgstr ""
4571
4791
4572
#: serverguide/C/virtualization.xml:1499(command)
4792
#: serverguide/C/virtualization.xml:1567(command)
4573
4793
msgid "lxc image alias list images:"
4574
4794
msgstr ""
4575
4795
4576
#: serverguide/C/virtualization.xml:1504(para)
4796
#: serverguide/C/virtualization.xml:1572(para)
4577
4797
msgid ""
4578
4798
"Any alias or image fingerprint can be used to specify how to create the new "
4579
4799
"container. For instance, to create an amd64 Ubuntu 14.04 container, some "
4580
4800
"options are:"
4581
4801
msgstr ""
4582
4802
4583
#: serverguide/C/virtualization.xml:1511(command)
4803
#: serverguide/C/virtualization.xml:1579(command)
4584
4804
msgid ""
4585
4805
"lxc launch ubuntu:14.04 trusty1 lxc launch ubuntu:trusty trusty1 lxc launch "
4586
4806
"ubuntu:trusty/amd64 trusty1 lxc launch ubuntu:lts trusty1"
4587
4807
msgstr ""
4588
4808
4589
#: serverguide/C/virtualization.xml:1519(para)
4809
#: serverguide/C/virtualization.xml:1587(para)
4590
4810
msgid "The 'lts' alias always refers to the latest released LTS image."
4591
4811
msgstr ""
4592
4812
4593
#: serverguide/C/virtualization.xml:1523(title) serverguide/C/virtualization.xml:2352(title)
4813
#: serverguide/C/virtualization.xml:1591(title) serverguide/C/virtualization.xml:2420(title)
4594
4814
msgid "Snapshots"
4595
4815
msgstr ""
4596
4816
4597
#: serverguide/C/virtualization.xml:1525(para)
4817
#: serverguide/C/virtualization.xml:1593(para)
4598
4818
msgid ""
4599
4819
"Containers can be renamed and live-migrated using the 'lxc move' command:"
4600
4820
msgstr ""
4601
4821
4602
#: serverguide/C/virtualization.xml:1530(command)
4822
#: serverguide/C/virtualization.xml:1598(command)
4603
4823
msgid "lxc move c1 final-beta"
4604
4824
msgstr ""
4605
4825
4606
#: serverguide/C/virtualization.xml:1535(para)
4826
#: serverguide/C/virtualization.xml:1603(para)
4607
4827
msgid "They can also be snapshotted:"
4608
4828
msgstr ""
4609
4829
4610
#: serverguide/C/virtualization.xml:1540(command)
4830
#: serverguide/C/virtualization.xml:1608(command)
4611
4831
msgid "lxc snapshot c1 YYYY-MM-DD"
4612
4832
msgstr ""
4613
4833
4614
#: serverguide/C/virtualization.xml:1545(para)
4834
#: serverguide/C/virtualization.xml:1613(para)
4615
4835
msgid "Later changes to c1 can then be reverted by restoring the snapshot:"
4616
4836
msgstr ""
4617
4837
4618
#: serverguide/C/virtualization.xml:1550(command)
4838
#: serverguide/C/virtualization.xml:1618(command)
4619
4839
msgid "lxc restore u1 YYYY-MM-DD"
4620
4840
msgstr ""
4621
4841
4622
#: serverguide/C/virtualization.xml:1555(para)
4842
#: serverguide/C/virtualization.xml:1623(para)
4623
4843
msgid ""
4624
4844
"New containers can also be created by copying a container or snapshot:"
4625
4845
msgstr ""
4626
4846
4627
#: serverguide/C/virtualization.xml:1560(command)
4847
#: serverguide/C/virtualization.xml:1628(command)
4628
4848
msgid "lxc copy u1/YYYY-MM-DD testcontainer"
4629
4849
msgstr ""
4630
4850
4631
#: serverguide/C/virtualization.xml:1567(title)
4851
#: serverguide/C/virtualization.xml:1635(title)
4632
4852
msgid "Publishing images"
4633
4853
msgstr ""
4634
4854
4635
#: serverguide/C/virtualization.xml:1569(para)
4855
#: serverguide/C/virtualization.xml:1637(para)
4636
4856
msgid ""
4637
4857
"When a container or container snapshot is ready for consumption by others, "
4638
4858
"it can be published as a new image using;"
4639
4859
msgstr ""
4640
4860
4641
#: serverguide/C/virtualization.xml:1575(command)
4861
#: serverguide/C/virtualization.xml:1643(command)
4642
4862
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0"
4643
4863
msgstr ""
4644
4864
4645
#: serverguide/C/virtualization.xml:1580(para)
4865
#: serverguide/C/virtualization.xml:1648(para)
4646
4866
msgid ""
4647
4867
"The published image will be private by default, meaning that LXD will not "
4648
4868
"allow clients without a trusted certificate to see them. If the image is "
4650
4870
"'public' flag can be set, either at publish time using"
4651
4871
msgstr ""
4652
4872
4653
#: serverguide/C/virtualization.xml:1588(command)
4873
#: serverguide/C/virtualization.xml:1656(command)
4654
4874
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0 public=true"
4655
4875
msgstr ""
4656
4876
4657
#: serverguide/C/virtualization.xml:1593(para)
4877
#: serverguide/C/virtualization.xml:1661(para)
4658
4878
msgid "or after the fact using"
4659
4879
msgstr ""
4660
4880
4661
#: serverguide/C/virtualization.xml:1598(command)
4881
#: serverguide/C/virtualization.xml:1666(command)
4662
4882
msgid "lxc image edit foo-2.0"
4663
4883
msgstr ""
4664
4884
4665
#: serverguide/C/virtualization.xml:1603(para)
4885
#: serverguide/C/virtualization.xml:1671(para)
4666
4886
msgid "and changing the value of the public field."
4667
4887
msgstr ""
4668
4888
4669
#: serverguide/C/virtualization.xml:1609(title)
4889
#: serverguide/C/virtualization.xml:1677(title)
4670
4890
msgid "Image export and import"
4671
4891
msgstr ""
4672
4892
4673
#: serverguide/C/virtualization.xml:1611(para)
4893
#: serverguide/C/virtualization.xml:1679(para)
4674
4894
msgid "Image can be exported as, and imported from, tarballs:"
4675
4895
msgstr ""
4676
4896
4677
#: serverguide/C/virtualization.xml:1616(command)
4897
#: serverguide/C/virtualization.xml:1684(command)
4678
4898
msgid ""
4679
4899
"lxc image export foo-2.0 foo-2.0.tar.gz lxc image import foo-2.0.tar.gz --"
4680
4900
"alias foo-2.0 --public"
4681
4901
msgstr ""
4682
4902
4683
#: serverguide/C/virtualization.xml:1625(title) serverguide/C/virtualization.xml:2505(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4903
#: serverguide/C/virtualization.xml:1693(title) serverguide/C/virtualization.xml:2573(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4684
4904
msgid "Troubleshooting"
4685
4905
msgstr "Troubleshooting"
4686
4906
4687
#: serverguide/C/virtualization.xml:1627(para)
4907
#: serverguide/C/virtualization.xml:1695(para)
4688
4908
msgid ""
4689
4909
"To view debug information about LXD itself, on a systemd based host use"
4690
4910
msgstr ""
4691
4911
4692
#: serverguide/C/virtualization.xml:1632(command)
4912
#: serverguide/C/virtualization.xml:1700(command)
4693
4913
msgid "journalctl -u LXD"
4694
4914
msgstr ""
4695
4915
4696
#: serverguide/C/virtualization.xml:1637(para)
4916
#: serverguide/C/virtualization.xml:1705(para)
4697
4917
msgid ""
4698
4918
"On an Upstart-based system, you can find the log in "
4699
4919
"<filename>/var/log/upstart/lxd.log</filename>. To make LXD provide much more "
4704
4924
"<filename>/etc/init/lxd.conf</filename>."
4705
4925
msgstr ""
4706
4926
4707
#: serverguide/C/virtualization.xml:1647(para)
4927
#: serverguide/C/virtualization.xml:1715(para)
4708
4928
msgid "Container logfiles for container c1 may be seen using:"
4709
4929
msgstr ""
4710
4930
4711
#: serverguide/C/virtualization.xml:1652(command)
4931
#: serverguide/C/virtualization.xml:1720(command)
4712
4932
msgid "lxc info c1 --show-log"
4713
4933
msgstr ""
4714
4934
4715
#: serverguide/C/virtualization.xml:1657(para)
4935
#: serverguide/C/virtualization.xml:1725(para)
4716
4936
msgid ""
4717
4937
"The configuration file which was used may be found under <filename> "
4718
4938
"/var/log/lxd/c1/lxc.conf</filename> while apparmor profiles can be found in "
4720
4940
"profiles in <filename> /var/lib/lxd/security/seccomp/c1</filename>."
4721
4941
msgstr ""
4722
4942
4723
#: serverguide/C/virtualization.xml:1667(title)
4943
#: serverguide/C/virtualization.xml:1735(title)
4724
4944
msgid "LXC"
4725
4945
msgstr ""
4726
4946
4727
#: serverguide/C/virtualization.xml:1669(para)
4947
#: serverguide/C/virtualization.xml:1737(para)
4728
4948
msgid ""
4729
4949
"Containers are a lightweight virtualization technology. They are more akin "
4730
4950
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
4736
4956
"and OpenVZ functionality."
4737
4957
msgstr ""
4738
4958
4739
#: serverguide/C/virtualization.xml:1679(para)
4959
#: serverguide/C/virtualization.xml:1747(para)
4740
4960
msgid ""
4741
4961
"There are two user-space implementations of containers, each exploiting the "
4742
4962
"same kernel features. Libvirt allows the use of containers through the LXC "
4747
4967
"there are peculiarities which can cause confusion."
4748
4968
msgstr ""
4749
4969
4750
#: serverguide/C/virtualization.xml:1688(para)
4970
#: serverguide/C/virtualization.xml:1756(para)
4751
4971
msgid ""
4752
4972
"In this document we will mainly describe the <application>lxc</application> "
4753
4973
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
4754
4974
"Apparmor protection for libvirt-lxc containers."
4755
4975
msgstr ""
4756
4976
4757
#: serverguide/C/virtualization.xml:1693(para)
4977
#: serverguide/C/virtualization.xml:1761(para)
4758
4978
msgid "In this document, a container name will be shown as CN, C1, or C2."
4759
4979
msgstr ""
4760
4980
4761
#: serverguide/C/virtualization.xml:1699(para)
4981
#: serverguide/C/virtualization.xml:1767(para)
4762
4982
msgid "The <application>lxc</application> package can be installed using"
4763
4983
msgstr ""
4764
4984
4765
#: serverguide/C/virtualization.xml:1703(command)
4985
#: serverguide/C/virtualization.xml:1771(command)
4766
4986
msgid "sudo apt install lxc"
4767
4987
msgstr ""
4768
4988
4769
#: serverguide/C/virtualization.xml:1708(para)
4989
#: serverguide/C/virtualization.xml:1776(para)
4770
4990
msgid ""
4771
4991
"This will pull in the required and recommended dependencies, as well as set "
4772
4992
"up a network bridge for containers to use. If you wish to use unprivileged "
4775
4995
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
4776
4996
msgstr ""
4777
4997
4778
#: serverguide/C/virtualization.xml:1718(title) serverguide/C/vcs.xml:111(title)
4998
#: serverguide/C/virtualization.xml:1786(title) serverguide/C/vcs.xml:111(title)
4779
4999
msgid "Basic usage"
4780
5000
msgstr ""
4781
5001
4782
#: serverguide/C/virtualization.xml:1719(para)
5002
#: serverguide/C/virtualization.xml:1787(para)
4783
5003
msgid ""
4784
5004
"LXC can be used in two distinct ways - privileged, by running the lxc "
4785
5005
"commands as the root user; or unprivileged, by running the lxc commands as a "
4790
5010
"in the container is mapped to a non-root userid on the host."
4791
5011
msgstr ""
4792
5012
4793
#: serverguide/C/virtualization.xml:1731(title)
5013
#: serverguide/C/virtualization.xml:1799(title)
4794
5014
msgid "Basic privileged usage"
4795
5015
msgstr ""
4796
5016
4797
#: serverguide/C/virtualization.xml:1732(para)
5017
#: serverguide/C/virtualization.xml:1800(para)
4798
5018
msgid "To create a privileged container, you can simply do:"
4799
5019
msgstr ""
4800
5020
4801
#: serverguide/C/virtualization.xml:1736(command)
5021
#: serverguide/C/virtualization.xml:1804(command)
4802
5022
msgid "sudo lxc-create --template download --name u1"
4803
5023
msgstr ""
4804
5024
4805
#: serverguide/C/virtualization.xml:1740(command)
5025
#: serverguide/C/virtualization.xml:1808(command)
4806
5026
msgid "sudo lxc-create -t download -n u1"
4807
5027
msgstr ""
4808
5028
4809
#: serverguide/C/virtualization.xml:1735(screen)
5029
#: serverguide/C/virtualization.xml:1803(screen)
4810
5030
#, no-wrap
4811
5031
msgid ""
4812
5032
"\n"
4815
5035
"<placeholder-2/>\n"
4816
5036
msgstr ""
4817
5037
4818
#: serverguide/C/virtualization.xml:1744(para)
5038
#: serverguide/C/virtualization.xml:1812(para)
4819
5039
msgid ""
4820
5040
"This will interactively ask for a container root filesystem type to download "
4821
5041
"- in particular the distribution, release, and architecture. To create the "
4823
5043
"line:"
4824
5044
msgstr ""
4825
5045
4826
#: serverguide/C/virtualization.xml:1751(command)
5046
#: serverguide/C/virtualization.xml:1819(command)
4827
5047
msgid ""
4828
5048
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release xenial --arch "
4829
5049
"amd64"
4830
5050
msgstr ""
4831
5051
4832
#: serverguide/C/virtualization.xml:1755(command)
5052
#: serverguide/C/virtualization.xml:1823(command)
4833
5053
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64"
4834
5054
msgstr ""
4835
5055
4836
#: serverguide/C/virtualization.xml:1750(screen)
5056
#: serverguide/C/virtualization.xml:1818(screen)
4837
5057
#, no-wrap
4838
5058
msgid ""
4839
5059
"\n"
4842
5062
"<placeholder-2/>\n"
4843
5063
msgstr ""
4844
5064
4845
#: serverguide/C/virtualization.xml:1760(para)
5065
#: serverguide/C/virtualization.xml:1828(para)
4846
5066
msgid ""
4847
5067
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
4848
5068
"info</command> to obtain detailed container information, <command>lxc-"
4854
5074
"look like:"
4855
5075
msgstr ""
4856
5076
4857
#: serverguide/C/virtualization.xml:1771(command)
5077
#: serverguide/C/virtualization.xml:1839(command)
4858
5078
msgid ""
4859
5079
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
4860
5080
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
4861
5081
msgstr ""
4862
5082
4863
#: serverguide/C/virtualization.xml:1783(title)
5083
#: serverguide/C/virtualization.xml:1851(title)
4864
5084
msgid "User namespaces"
4865
5085
msgstr ""
4866
5086
4867
#: serverguide/C/virtualization.xml:1784(para)
5087
#: serverguide/C/virtualization.xml:1852(para)
4868
5088
msgid ""
4869
5089
"Unprivileged containers allow users to create and administer containers "
4870
5090
"without having any root privilege. The feature underpinning this is called "
4881
5101
"convention started at id 100000 to avoid conflicting with system users."
4882
5102
msgstr ""
4883
5103
4884
#: serverguide/C/virtualization.xml:1802(para)
5104
#: serverguide/C/virtualization.xml:1870(para)
4885
5105
msgid ""
4886
5106
"If a user was created on an earlier release, it can be granted a range of "
4887
5107
"ids using <command>usermod</command>, as follows:"
4888
5108
msgstr ""
4889
5109
4890
#: serverguide/C/virtualization.xml:1807(command)
5110
#: serverguide/C/virtualization.xml:1875(command)
4891
5111
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
4892
5112
msgstr ""
4893
5113
4894
#: serverguide/C/virtualization.xml:1812(para)
5114
#: serverguide/C/virtualization.xml:1880(para)
4895
5115
msgid ""
4896
5116
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
4897
5117
"are setuid-root programs in the <filename>uidmap</filename> package, which "
4900
5120
"authorized by the host configuration."
4901
5121
msgstr ""
4902
5122
4903
#: serverguide/C/virtualization.xml:1823(title)
5123
#: serverguide/C/virtualization.xml:1891(title)
4904
5124
msgid "Basic unprivileged usage"
4905
5125
msgstr ""
4906
5126
4907
#: serverguide/C/virtualization.xml:1827(para)
5127
#: serverguide/C/virtualization.xml:1895(para)
4908
5128
msgid ""
4909
5129
"To create unprivileged containers, a few first steps are needed. You will "
4910
5130
"need to create a default container configuration file, specifying your "
4914
5134
"your actual user and group id ranges and modify the example accordingly:"
4915
5135
msgstr ""
4916
5136
4917
#: serverguide/C/virtualization.xml:1837(command)
5137
#: serverguide/C/virtualization.xml:1905(command)
4918
5138
msgid "grep $USER /etc/subuid grep $USER /etc/subgid"
4919
5139
msgstr ""
4920
5140
4921
#: serverguide/C/virtualization.xml:1843(command)
5141
#: serverguide/C/virtualization.xml:1911(command)
4922
5142
msgid ""
4923
5143
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
4924
5144
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
4928
5148
"/etc/lxc/lxc-usernet"
4929
5149
msgstr ""
4930
5150
4931
#: serverguide/C/virtualization.xml:1853(para)
5151
#: serverguide/C/virtualization.xml:1921(para)
4932
5152
msgid ""
4933
5153
"After this, you can create unprivileged containers the same way as "
4934
5154
"privileged ones, simply without using sudo."
4935
5155
msgstr ""
4936
5156
4937
#: serverguide/C/virtualization.xml:1858(command)
5157
#: serverguide/C/virtualization.xml:1926(command)
4938
5158
msgid ""
4939
5159
"lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64 lxc-start -n u1 "
4940
5160
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
4941
5161
msgstr ""
4942
5162
4943
#: serverguide/C/virtualization.xml:1870(para)
5163
#: serverguide/C/virtualization.xml:1938(para)
4944
5164
msgid ""
4945
5165
"In order to run containers inside containers - referred to as nested "
4946
5166
"containers - two lines must be present in the parent container configuration "
4957
5177
"information."
4958
5178
msgstr ""
4959
5179
4960
#: serverguide/C/virtualization.xml:1892(title)
5180
#: serverguide/C/virtualization.xml:1960(title)
4961
5181
msgid "Global configuration"
4962
5182
msgstr ""
4963
5183
4964
#: serverguide/C/virtualization.xml:1899(para)
5184
#: serverguide/C/virtualization.xml:1967(para)
4965
5185
msgid ""
4966
5186
"<filename>lxc.conf</filename> may optionally specify alternate values for "
4967
5187
"several lxc settings, including the lxcpath, the default configuration, "
4969
5189
"lvm and zfs."
4970
5190
msgstr ""
4971
5191
4972
#: serverguide/C/virtualization.xml:1905(para)
5192
#: serverguide/C/virtualization.xml:1973(para)
4973
5193
msgid ""
4974
5194
"<filename>default.conf</filename> specifies configuration which every newly "
4975
5195
"created container should contain. This usually contains at least a network "
4976
5196
"section, and, for unprivileged users, an id mapping section"
4977
5197
msgstr ""
4978
5198
4979
#: serverguide/C/virtualization.xml:1911(para)
5199
#: serverguide/C/virtualization.xml:1979(para)
4980
5200
msgid ""
4981
5201
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
4982
5202
"connect their containers to the host-owned network."
4983
5203
msgstr ""
4984
5204
4985
#: serverguide/C/virtualization.xml:1893(para)
5205
#: serverguide/C/virtualization.xml:1961(para)
4986
5206
msgid ""
4987
5207
"The following configuration files are consulted by LXC. For privileged use, "
4988
5208
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
4989
5209
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
4990
5210
msgstr ""
4991
5211
4992
#: serverguide/C/virtualization.xml:1916(para)
5212
#: serverguide/C/virtualization.xml:1984(para)
4993
5213
msgid ""
4994
5214
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
4995
5215
"under <filename>/etc/lxc</filename> and "
4997
5217
"usernet.conf</filename> is only host-wide."
4998
5218
msgstr ""
4999
5219
5000
#: serverguide/C/virtualization.xml:1921(para)
5220
#: serverguide/C/virtualization.xml:1989(para)
5001
5221
msgid ""
5002
5222
"By default, containers are located under /var/lib/lxc for the root user, and "
5003
5223
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
5004
5224
"commands using the \"-P|--lxcpath\" argument."
5005
5225
msgstr ""
5006
5226
5007
#: serverguide/C/virtualization.xml:1930(title) serverguide/C/network-config.xml:11(title)
5227
#: serverguide/C/virtualization.xml:1998(title) serverguide/C/network-config.xml:11(title)
5008
5228
msgid "Networking"
5009
5229
msgstr ""
5010
5230
5011
#: serverguide/C/virtualization.xml:1931(para)
5231
#: serverguide/C/virtualization.xml:1999(para)
5012
5232
msgid ""
5013
5233
"By default LXC creates a private network namespace for each container, which "
5014
5234
"includes a layer 2 networking stack. Containers usually connect to the "
5020
5240
"container is not usable on the host."
5021
5241
msgstr ""
5022
5242
5023
#: serverguide/C/virtualization.xml:1939(para)
5243
#: serverguide/C/virtualization.xml:2007(para)
5024
5244
msgid ""
5025
5245
"It is possible to create a container without a private network namespace. In "
5026
5246
"this case, the container will have access to the host networking like any "
5030
5250
"Unix domain socket to the host's upstart, and shut down the host."
5031
5251
msgstr ""
5032
5252
5033
#: serverguide/C/virtualization.xml:1945(para)
5253
#: serverguide/C/virtualization.xml:2013(para)
5034
5254
msgid ""
5035
5255
"To give containers on lxcbr0 a persistent ip address based on domain name, "
5036
5256
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
5040
5260
"</screen>"
5041
5261
msgstr ""
5042
5262
5043
#: serverguide/C/virtualization.xml:1953(para)
5263
#: serverguide/C/virtualization.xml:2021(para)
5044
5264
msgid ""
5045
5265
"If it is desirable for the container to be publicly accessible, there are a "
5046
5266
"few ways to go about it. One is to use <command>iptables</command> to "
5059
5279
"are preferred and more commonly used."
5060
5280
msgstr ""
5061
5281
5062
#: serverguide/C/virtualization.xml:1974(para)
5282
#: serverguide/C/virtualization.xml:2042(para)
5063
5283
msgid ""
5064
5284
"There are several ways to determine the ip address for a container. First, "
5065
5285
"you can use <command>lxc-ls --fancy</command> which will print the ip "
5075
5295
"</screen>"
5076
5296
msgstr ""
5077
5297
5078
#: serverguide/C/virtualization.xml:1989(para)
5298
#: serverguide/C/virtualization.xml:2057(para)
5079
5299
msgid ""
5080
5300
"For more information, see the lxc.conf manpage as well as the example "
5081
5301
"network configurations under "
5082
5302
"<filename>/usr/share/doc/lxc/examples/</filename>."
5083
5303
msgstr ""
5084
5304
5085
#: serverguide/C/virtualization.xml:1995(title)
5305
#: serverguide/C/virtualization.xml:2063(title)
5086
5306
msgid "LXC startup"
5087
5307
msgstr ""
5088
5308
5089
#: serverguide/C/virtualization.xml:1997(para)
5309
#: serverguide/C/virtualization.xml:2065(para)
5090
5310
msgid ""
5091
5311
"LXC does not have a long-running daemon. However it does have three upstart "
5092
5312
"jobs."
5093
5313
msgstr ""
5094
5314
5095
#: serverguide/C/virtualization.xml:2003(para)
5315
#: serverguide/C/virtualization.xml:2071(para)
5096
5316
msgid ""
5097
5317
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
5098
5318
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
5099
5319
"(true by default). It sets up a NATed bridge for containers to use."
5100
5320
msgstr ""
5101
5321
5102
#: serverguide/C/virtualization.xml:2011(para)
5322
#: serverguide/C/virtualization.xml:2079(para)
5103
5323
msgid ""
5104
5324
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
5105
5325
"optionally starts any autostart containers. The autostart containers will be "
5108
5328
"more information on autostarted containers."
5109
5329
msgstr ""
5110
5330
5111
#: serverguide/C/virtualization.xml:2021(para)
5331
#: serverguide/C/virtualization.xml:2089(para)
5112
5332
msgid ""
5113
5333
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
5114
5334
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
5115
5335
msgstr ""
5116
5336
5117
#: serverguide/C/virtualization.xml:2030(title)
5337
#: serverguide/C/virtualization.xml:2098(title)
5118
5338
msgid "Backing Stores"
5119
5339
msgstr ""
5120
5340
5121
#: serverguide/C/virtualization.xml:2031(para)
5341
#: serverguide/C/virtualization.xml:2099(para)
5122
5342
msgid ""
5123
5343
"LXC supports several backing stores for container root filesystems. The "
5124
5344
"default is a simple directory backing store, because it requires no prior "
5133
5353
"<filename>$lxcpath/C1/rootfs</filename>."
5134
5354
msgstr ""
5135
5355
5136
#: serverguide/C/virtualization.xml:2045(para)
5356
#: serverguide/C/virtualization.xml:2113(para)
5137
5357
msgid ""
5138
5358
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
5139
5359
"backed container, with a rootfs called "
5141
5361
" Other backing store types include loop, btrfs, LVM and zfs."
5142
5362
msgstr ""
5143
5363
5144
#: serverguide/C/virtualization.xml:2053(para)
5364
#: serverguide/C/virtualization.xml:2121(para)
5145
5365
msgid ""
5146
5366
"A btrfs backed container mostly looks like a directory backed container, "
5147
5367
"with its root filesystem in the same location. However, the root filesystem "
5149
5369
"snapshot."
5150
5370
msgstr ""
5151
5371
5152
#: serverguide/C/virtualization.xml:2060(para)
5372
#: serverguide/C/virtualization.xml:2128(para)
5153
5373
msgid ""
5154
5374
"The root filesystem for an LVM backed container can be any separate LV. The "
5155
5375
"default VG name can be specified in lxc.conf. The filesystem type and size "
5156
5376
"are configurable per-container using lxc-create."
5157
5377
msgstr ""
5158
5378
5159
#: serverguide/C/virtualization.xml:2066(para)
5379
#: serverguide/C/virtualization.xml:2134(para)
5160
5380
msgid ""
5161
5381
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
5162
5382
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
5164
5384
"in lxc.system.conf."
5165
5385
msgstr ""
5166
5386
5167
#: serverguide/C/virtualization.xml:2073(para)
5387
#: serverguide/C/virtualization.xml:2141(para)
5168
5388
msgid ""
5169
5389
"More information on creating containers with the various backing stores can "
5170
5390
"be found in the lxc-create manual page."
5171
5391
msgstr ""
5172
5392
5173
#: serverguide/C/virtualization.xml:2080(title)
5393
#: serverguide/C/virtualization.xml:2148(title)
5174
5394
msgid "Templates"
5175
5395
msgstr ""
5176
5396
5177
#: serverguide/C/virtualization.xml:2081(para)
5397
#: serverguide/C/virtualization.xml:2149(para)
5178
5398
msgid ""
5179
5399
"Creating a container generally involves creating a root filesystem for the "
5180
5400
"container. <command>lxc-create</command> delegates this work to "
5185
5405
"others."
5186
5406
msgstr ""
5187
5407
5188
#: serverguide/C/virtualization.xml:2090(para)
5408
#: serverguide/C/virtualization.xml:2158(para)
5189
5409
msgid ""
5190
5410
"Creating distribution images in most cases requires the ability to create "
5191
5411
"device nodes, often requires tools which are not available in other "
5196
5416
"could not for instance easily run the <command>debootstrap</command> command."
5197
5417
msgstr ""
5198
5418
5199
#: serverguide/C/virtualization.xml:2100(para)
5419
#: serverguide/C/virtualization.xml:2168(para)
5200
5420
msgid ""
5201
5421
"When running <command>lxc-create</command>, all options which come after "
5202
5422
"<emphasis>--</emphasis> are passed to the template. In the following "
5209
5429
"</screen>"
5210
5430
msgstr ""
5211
5431
5212
#: serverguide/C/virtualization.xml:2112(para)
5432
#: serverguide/C/virtualization.xml:2180(para)
5213
5433
msgid ""
5214
5434
"You can obtain help for the options supported by any particular container by "
5215
5435
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
5216
5436
"create</command>. For instance, for help with the download template,"
5217
5437
msgstr ""
5218
5438
5219
#: serverguide/C/virtualization.xml:2119(command)
5439
#: serverguide/C/virtualization.xml:2187(command)
5220
5440
msgid "lxc-create --template download --help"
5221
5441
msgstr ""
5222
5442
5223
#: serverguide/C/virtualization.xml:2125(title)
5443
#: serverguide/C/virtualization.xml:2193(title)
5224
5444
msgid "Autostart"
5225
5445
msgstr ""
5226
5446
5227
#: serverguide/C/virtualization.xml:2126(para)
5447
#: serverguide/C/virtualization.xml:2194(para)
5228
5448
msgid ""
5229
5449
"LXC supports marking containers to be started at system boot. Prior to "
5230
5450
"Ubuntu 14.04, this was done using symbolic links under the directory "
5241
5461
"lxc.container.conf for more information."
5242
5462
msgstr ""
5243
5463
5244
#: serverguide/C/virtualization.xml:2146(para)
5464
#: serverguide/C/virtualization.xml:2214(para)
5245
5465
msgid ""
5246
5466
"LXC ships with a default Apparmor profile intended to protect the host from "
5247
5467
"accidental misuses of privilege inside the container. For instance, the "
5249
5469
"trigger</filename> or to most <filename>/sys</filename> files."
5250
5470
msgstr ""
5251
5471
5252
#: serverguide/C/virtualization.xml:2152(para)
5472
#: serverguide/C/virtualization.xml:2220(para)
5253
5473
msgid ""
5254
5474
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
5255
5475
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
5262
5482
"dangerous paths, and from mounting most filesystems."
5263
5483
msgstr ""
5264
5484
5265
#: serverguide/C/virtualization.xml:2163(para)
5485
#: serverguide/C/virtualization.xml:2231(para)
5266
5486
msgid ""
5267
5487
"Programs in a container cannot be further confined - for instance, MySQL "
5268
5488
"runs under the container profile (protecting the host) but will not be able "
5269
5489
"to enter the MySQL profile (to protect the container)."
5270
5490
msgstr ""
5271
5491
5272
#: serverguide/C/virtualization.xml:2168(para)
5492
#: serverguide/C/virtualization.xml:2236(para)
5273
5493
msgid ""
5274
5494
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
5275
5495
"container it spawns will be confined."
5276
5496
msgstr ""
5277
5497
5278
#: serverguide/C/virtualization.xml:2171(title)
5498
#: serverguide/C/virtualization.xml:2239(title)
5279
5499
msgid "Customizing container policies"
5280
5500
msgstr ""
5281
5501
5282
#: serverguide/C/virtualization.xml:2172(para)
5502
#: serverguide/C/virtualization.xml:2240(para)
5283
5503
msgid ""
5284
5504
"If you find that <command>lxc-start</command> is failing due to a legitimate "
5285
5505
"access which is being denied by its Apparmor policy, you can disable the lxc-"
5286
5506
"start profile by doing:"
5287
5507
msgstr ""
5288
5508
5289
#: serverguide/C/virtualization.xml:2176(screen)
5509
#: serverguide/C/virtualization.xml:2244(screen)
5290
5510
#, no-wrap
5291
5511
msgid ""
5292
5512
"\n"
5294
5514
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
5295
5515
msgstr ""
5296
5516
5297
#: serverguide/C/virtualization.xml:2181(para)
5517
#: serverguide/C/virtualization.xml:2249(para)
5298
5518
msgid ""
5299
5519
"This will make <command>lxc-start</command> run unconfined, but continue to "
5300
5520
"confine the container itself. If you also wish to disable confinement of the "
5302
5522
"start</filename> profile, you must add:"
5303
5523
msgstr ""
5304
5524
5305
#: serverguide/C/virtualization.xml:2186(screen)
5525
#: serverguide/C/virtualization.xml:2254(screen)
5306
5526
#, no-wrap
5307
5527
msgid ""
5308
5528
"\n"
5309
5529
"lxc.aa_profile = unconfined\n"
5310
5530
msgstr ""
5311
5531
5312
#: serverguide/C/virtualization.xml:2190(para)
5532
#: serverguide/C/virtualization.xml:2258(para)
5313
5533
msgid "to the container's configuration file."
5314
5534
msgstr ""
5315
5535
5316
#: serverguide/C/virtualization.xml:2192(para)
5536
#: serverguide/C/virtualization.xml:2260(para)
5317
5537
msgid ""
5318
5538
"LXC ships with a few alternate policies for containers. If you wish to run "
5319
5539
"containers inside containers (nesting), then you can use the lxc-container-"
5328
5548
"\t</screen> and re-load the policy."
5329
5549
msgstr ""
5330
5550
5331
#: serverguide/C/virtualization.xml:2209(para)
5551
#: serverguide/C/virtualization.xml:2277(para)
5332
5552
msgid ""
5333
5553
"Note that the nesting policy with privileged containers is far less safe "
5334
5554
"than the default policy, as it allows containers to re-mount "
5338
5558
"<filename>proc</filename> and <filename>sys</filename> files."
5339
5559
msgstr ""
5340
5560
5341
#: serverguide/C/virtualization.xml:2217(para)
5561
#: serverguide/C/virtualization.xml:2285(para)
5342
5562
msgid ""
5343
5563
"Another profile shipped with lxc allows containers to mount block filesystem "
5344
5564
"types like ext4. This can be useful in some cases like maas provisioning, "
5346
5566
"have not been audited for safe handling of untrusted input."
5347
5567
msgstr ""
5348
5568
5349
#: serverguide/C/virtualization.xml:2223(para)
5569
#: serverguide/C/virtualization.xml:2291(para)
5350
5570
msgid ""
5351
5571
"If you need to run a container in a custom profile, you can create a new "
5352
5572
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
5358
5578
"permissions at the bottom of your policy."
5359
5579
msgstr ""
5360
5580
5361
#: serverguide/C/virtualization.xml:2234(para)
5581
#: serverguide/C/virtualization.xml:2302(para)
5362
5582
msgid "After creating the policy, load it using:"
5363
5583
msgstr ""
5364
5584
5365
#: serverguide/C/virtualization.xml:2236(screen)
5585
#: serverguide/C/virtualization.xml:2304(screen)
5366
5586
#, no-wrap
5367
5587
msgid ""
5368
5588
"\n"
5369
5589
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
5370
5590
msgstr ""
5371
5591
5372
#: serverguide/C/virtualization.xml:2240(para)
5592
#: serverguide/C/virtualization.xml:2308(para)
5373
5593
msgid ""
5374
5594
"The profile will automatically be loaded after a reboot, because it is "
5375
5595
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
5378
5598
"configuration file:"
5379
5599
msgstr ""
5380
5600
5381
#: serverguide/C/virtualization.xml:2247(screen)
5601
#: serverguide/C/virtualization.xml:2315(screen)
5382
5602
#, no-wrap
5383
5603
msgid ""
5384
5604
"\n"
5385
5605
"lxc.aa_profile = lxc-CN-profile\n"
5386
5606
msgstr ""
5387
5607
5388
#: serverguide/C/virtualization.xml:2255(title) serverguide/C/cgroups.xml:11(title)
5608
#: serverguide/C/virtualization.xml:2323(title) serverguide/C/cgroups.xml:11(title)
5389
5609
msgid "Control Groups"
5390
5610
msgstr ""
5391
5611
5392
#: serverguide/C/virtualization.xml:2257(para)
5612
#: serverguide/C/virtualization.xml:2325(para)
5393
5613
msgid ""
5394
5614
"Control groups (cgroups) are a kernel feature providing hierarchical task "
5395
5615
"grouping and per-cgroup resource accounting and limits. They are used in "
5398
5618
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
5399
5619
msgstr ""
5400
5620
5401
#: serverguide/C/virtualization.xml:2265(para)
5621
#: serverguide/C/virtualization.xml:2333(para)
5402
5622
msgid ""
5403
5623
"By default, a privileged container CN will be assigned to a cgroup called "
5404
5624
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
5406
5626
"at 0, will be appended to the cgroup name."
5407
5627
msgstr ""
5408
5628
5409
#: serverguide/C/virtualization.xml:2271(para)
5629
#: serverguide/C/virtualization.xml:2339(para)
5410
5630
msgid ""
5411
5631
"By default, a privileged container CN will be assigned to a cgroup called "
5412
5632
"<filename>CN</filename> under the cgroup of the task which started the "
5415
5635
"all files) so that it is allowed to create new child cgroups."
5416
5636
msgstr ""
5417
5637
5418
#: serverguide/C/virtualization.xml:2278(para)
5638
#: serverguide/C/virtualization.xml:2346(para)
5419
5639
msgid ""
5420
5640
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
5421
5641
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
5436
5656
"requests for which they are not authorized."
5437
5657
msgstr ""
5438
5658
5439
#: serverguide/C/virtualization.xml:2302(title)
5659
#: serverguide/C/virtualization.xml:2370(title)
5440
5660
msgid "Cloning"
5441
5661
msgstr ""
5442
5662
5443
#: serverguide/C/virtualization.xml:2304(para)
5663
#: serverguide/C/virtualization.xml:2372(para)
5444
5664
msgid ""
5445
5665
"For rapid provisioning, you may wish to customize a canonical container "
5446
5666
"according to your needs and then make multiple copies of it. This can be "
5447
5667
"done with the <command>lxc-clone</command> program."
5448
5668
msgstr ""
5449
5669
5450
#: serverguide/C/virtualization.xml:2308(para)
5670
#: serverguide/C/virtualization.xml:2376(para)
5451
5671
msgid ""
5452
5672
"Clones are either snapshots or copies of another container. A copy is a new "
5453
5673
"container copied from the original, and takes as much space on the host as "
5463
5683
"and apt to be slower."
5464
5684
msgstr ""
5465
5685
5466
#: serverguide/C/virtualization.xml:2322(para)
5686
#: serverguide/C/virtualization.xml:2390(para)
5467
5687
msgid ""
5468
5688
"Snapshots of directory-packed containers are created using the overlay "
5469
5689
"filesystem. For instance, a privileged directory-backed container C1 will "
5475
5695
"container, and to only use its snapshots."
5476
5696
msgstr ""
5477
5697
5478
#: serverguide/C/virtualization.xml:2334(para)
5698
#: serverguide/C/virtualization.xml:2402(para)
5479
5699
msgid "Given an existing container called C1, a copy can be created using:"
5480
5700
msgstr ""
5481
5701
5482
#: serverguide/C/virtualization.xml:2338(command)
5702
#: serverguide/C/virtualization.xml:2406(command)
5483
5703
msgid "sudo lxc-clone -o C1 -n C2"
5484
5704
msgstr ""
5485
5705
5486
#: serverguide/C/virtualization.xml:2343(para)
5706
#: serverguide/C/virtualization.xml:2411(para)
5487
5707
msgid "A snapshot can be created using:"
5488
5708
msgstr ""
5489
5709
5490
#: serverguide/C/virtualization.xml:2345(command)
5710
#: serverguide/C/virtualization.xml:2413(command)
5491
5711
msgid "sudo lxc-clone -s -o C1 -n C2"
5492
5712
msgstr ""
5493
5713
5494
#: serverguide/C/virtualization.xml:2349(para)
5714
#: serverguide/C/virtualization.xml:2417(para)
5495
5715
msgid "See the lxc-clone manpage for more information."
5496
5716
msgstr ""
5497
5717
5498
#: serverguide/C/virtualization.xml:2353(para)
5718
#: serverguide/C/virtualization.xml:2421(para)
5499
5719
msgid ""
5500
5720
"To more easily support the use of snapshot clones for iterative container "
5501
5721
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
5513
5733
"is erased and replaced with the snap1 snapshot."
5514
5734
msgstr ""
5515
5735
5516
#: serverguide/C/virtualization.xml:2372(para)
5736
#: serverguide/C/virtualization.xml:2440(para)
5517
5737
msgid ""
5518
5738
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
5519
5739
"lxc-snapshot is called on a directory-backed container, an error will be "
5534
5754
"</screen>"
5535
5755
msgstr ""
5536
5756
5537
#: serverguide/C/virtualization.xml:2396(title)
5757
#: serverguide/C/virtualization.xml:2464(title)
5538
5758
msgid "Ephemeral Containers"
5539
5759
msgstr ""
5540
5760
5541
#: serverguide/C/virtualization.xml:2397(para)
5761
#: serverguide/C/virtualization.xml:2465(para)
5542
5762
msgid ""
5543
5763
"While snapshots are useful for longer-term incremental development of "
5544
5764
"images, ephemeral containers utilize snapshots for quick, single-use "
5553
5773
"page for more options."
5554
5774
msgstr ""
5555
5775
5556
#: serverguide/C/virtualization.xml:2415(title)
5776
#: serverguide/C/virtualization.xml:2483(title)
5557
5777
msgid "Lifecycle management hooks"
5558
5778
msgstr ""
5559
5779
5560
#: serverguide/C/virtualization.xml:2417(para)
5780
#: serverguide/C/virtualization.xml:2485(para)
5561
5781
msgid ""
5562
5782
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
5563
5783
"at specific points in a container's lifetime:"
5564
5784
msgstr ""
5565
5785
5566
#: serverguide/C/virtualization.xml:2422(para)
5786
#: serverguide/C/virtualization.xml:2490(para)
5567
5787
msgid ""
5568
5788
"Pre-start hooks are run in the host's namespace before the container ttys, "
5569
5789
"consoles, or mounts are up. If any mounts are done in this hook, they should "
5570
5790
"be cleaned up in the post-stop hook."
5571
5791
msgstr ""
5572
5792
5573
#: serverguide/C/virtualization.xml:2429(para)
5793
#: serverguide/C/virtualization.xml:2497(para)
5574
5794
msgid ""
5575
5795
"Pre-mount hooks are run in the container's namespaces, but before the root "
5576
5796
"filesystem has been mounted. Mounts done in this hook will be automatically "
5577
5797
"cleaned up when the container shuts down."
5578
5798
msgstr ""
5579
5799
5580
#: serverguide/C/virtualization.xml:2436(para)
5800
#: serverguide/C/virtualization.xml:2504(para)
5581
5801
msgid ""
5582
5802
"Mount hooks are run after the container filesystems have been mounted, but "
5583
5803
"before the container has called <command>pivot_root</command> to change its "
5584
5804
"root filesystem."
5585
5805
msgstr ""
5586
5806
5587
#: serverguide/C/virtualization.xml:2443(para)
5807
#: serverguide/C/virtualization.xml:2511(para)
5588
5808
msgid ""
5589
5809
"Start hooks are run immediately before executing the container's init. Since "
5590
5810
"these are executed after pivoting into the container's filesystem, the "
5591
5811
"command to be executed must be copied into the container's filesystem."
5592
5812
msgstr ""
5593
5813
5594
#: serverguide/C/virtualization.xml:2450(para)
5814
#: serverguide/C/virtualization.xml:2518(para)
5595
5815
msgid "Post-stop hooks are executed after the container has been shut down."
5596
5816
msgstr ""
5597
5817
5598
#: serverguide/C/virtualization.xml:2455(para)
5818
#: serverguide/C/virtualization.xml:2523(para)
5599
5819
msgid ""
5600
5820
"If any hook returns an error, the container's run will be aborted. Any "
5601
5821
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
5602
5822
"generated by the script will be logged at the debug priority."
5603
5823
msgstr ""
5604
5824
5605
#: serverguide/C/virtualization.xml:2460(para)
5825
#: serverguide/C/virtualization.xml:2528(para)
5606
5826
msgid ""
5607
5827
"Please see the lxc.container.conf manual page for the configuration file "
5608
5828
"format with which to specify hooks. Some sample hooks are shipped with the "
5609
5829
"lxc package to serve as an example of how to write and use such hooks."
5610
5830
msgstr ""
5611
5831
5612
#: serverguide/C/virtualization.xml:2467(title)
5832
#: serverguide/C/virtualization.xml:2535(title)
5613
5833
msgid "Consoles"
5614
5834
msgstr ""
5615
5835
5616
#: serverguide/C/virtualization.xml:2469(para)
5836
#: serverguide/C/virtualization.xml:2537(para)
5617
5837
msgid ""
5618
5838
"Containers have a configurable number of consoles. One always exists on the "
5619
5839
"container's <filename>/dev/console</filename>. This is shown on the terminal "
5627
5847
"3 from the host, use:"
5628
5848
msgstr ""
5629
5849
5630
#: serverguide/C/virtualization.xml:2482(command)
5850
#: serverguide/C/virtualization.xml:2550(command)
5631
5851
msgid "sudo lxc-console -n container -t 3"
5632
5852
msgstr ""
5633
5853
5634
#: serverguide/C/virtualization.xml:2487(para)
5854
#: serverguide/C/virtualization.xml:2555(para)
5635
5855
msgid ""
5636
5856
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
5637
5857
"console will be automatically chosen. To exit the console, use the escape "
5640
5860
"d</emphasis> option."
5641
5861
msgstr ""
5642
5862
5643
#: serverguide/C/virtualization.xml:2493(para)
5863
#: serverguide/C/virtualization.xml:2561(para)
5644
5864
msgid ""
5645
5865
"Each container console is actually a Unix98 pty in the host's (not the "
5646
5866
"guest's) pty mount, bind-mounted over the guest's "
5653
5873
"<filename>/dev</filename>."
5654
5874
msgstr ""
5655
5875
5656
#: serverguide/C/virtualization.xml:2507(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5876
#: serverguide/C/virtualization.xml:2575(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5657
5877
msgid "Logging"
5658
5878
msgstr ""
5659
5879
5660
#: serverguide/C/virtualization.xml:2508(para)
5880
#: serverguide/C/virtualization.xml:2576(para)
5661
5881
msgid ""
5662
5882
"If something goes wrong when starting a container, the first step should be "
5663
5883
"to get full logging from LXC: <screen>\n"
5670
5890
"new log information will be appended."
5671
5891
msgstr ""
5672
5892
5673
#: serverguide/C/virtualization.xml:2523(title)
5893
#: serverguide/C/virtualization.xml:2591(title)
5674
5894
msgid "Monitoring container status"
5675
5895
msgstr ""
5676
5896
5677
#: serverguide/C/virtualization.xml:2525(para)
5897
#: serverguide/C/virtualization.xml:2593(para)
5678
5898
msgid ""
5679
5899
"Two commands are available to monitor container state changes. <command>lxc-"
5680
5900
"monitor</command> monitors one or more containers for any state changes. It "
5686
5906
"instance,"
5687
5907
msgstr ""
5688
5908
5689
#: serverguide/C/virtualization.xml:2535(command)
5909
#: serverguide/C/virtualization.xml:2603(command)
5690
5910
msgid "sudo lxc-monitor -n cont[0-5]*"
5691
5911
msgstr ""
5692
5912
5693
#: serverguide/C/virtualization.xml:2540(para)
5913
#: serverguide/C/virtualization.xml:2608(para)
5694
5914
msgid ""
5695
5915
"would print all state changes to any containers matching the listed regular "
5696
5916
"expression, whereas"
5697
5917
msgstr ""
5698
5918
5699
#: serverguide/C/virtualization.xml:2544(command)
5919
#: serverguide/C/virtualization.xml:2612(command)
5700
5920
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
5701
5921
msgstr ""
5702
5922
5703
#: serverguide/C/virtualization.xml:2549(para)
5923
#: serverguide/C/virtualization.xml:2617(para)
5704
5924
msgid ""
5705
5925
"will wait until container cont1 enters state STOPPED or state FROZEN and "
5706
5926
"then exit."
5707
5927
msgstr ""
5708
5928
5709
#: serverguide/C/virtualization.xml:2554(title)
5929
#: serverguide/C/virtualization.xml:2622(title)
5710
5930
msgid "Attach"
5711
5931
msgstr ""
5712
5932
5713
#: serverguide/C/virtualization.xml:2555(para)
5933
#: serverguide/C/virtualization.xml:2623(para)
5714
5934
msgid ""
5715
5935
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
5716
5936
"The simplest case is to simply do <screen>\n"
5723
5943
"context. See the manual page for more information."
5724
5944
msgstr ""
5725
5945
5726
#: serverguide/C/virtualization.xml:2571(title)
5946
#: serverguide/C/virtualization.xml:2639(title)
5727
5947
msgid "Container init verbosity"
5728
5948
msgstr ""
5729
5949
5730
#: serverguide/C/virtualization.xml:2572(para)
5950
#: serverguide/C/virtualization.xml:2640(para)
5731
5951
msgid ""
5732
5952
"If LXC completes the container startup, but the container init fails to "
5733
5953
"complete (for instance, no login prompt is shown), it can be useful to "
5746
5966
"</screen>"
5747
5967
msgstr ""
5748
5968
5749
#: serverguide/C/virtualization.xml:2596(title)
5969
#: serverguide/C/virtualization.xml:2664(title)
5750
5970
msgid "LXC API"
5751
5971
msgstr ""
5752
5972
5753
#: serverguide/C/virtualization.xml:2598(para)
5973
#: serverguide/C/virtualization.xml:2666(para)
5754
5974
msgid ""
5755
5975
"Most of the LXC functionality can now be accessed through an API exported by "
5756
5976
"<filename>liblxc</filename> for which bindings are available in several "
5757
5977
"languages, including Python, lua, ruby, and go."
5758
5978
msgstr ""
5759
5979
5760
#: serverguide/C/virtualization.xml:2602(para)
5980
#: serverguide/C/virtualization.xml:2670(para)
5761
5981
msgid ""
5762
5982
"Below is an example using the python bindings (which are available in the "
5763
5983
"<application>python3-lxc</application> package) which creates and starts a "
5764
5984
"container, then waits until it has been shut down:"
5765
5985
msgstr ""
5766
5986
5767
#: serverguide/C/virtualization.xml:2608(programlisting)
5987
#: serverguide/C/virtualization.xml:2676(programlisting)
5768
5988
#, no-wrap
5769
5989
msgid ""
5770
5990
"\n"
5786
6006
"True\n"
5787
6007
msgstr ""
5788
6008
5789
#: serverguide/C/virtualization.xml:2628(title) serverguide/C/security.xml:11(title)
6009
#: serverguide/C/virtualization.xml:2696(title) serverguide/C/security.xml:11(title)
5790
6010
msgid "Security"
5791
6011
msgstr ""
5792
6012
5793
#: serverguide/C/virtualization.xml:2630(para)
6013
#: serverguide/C/virtualization.xml:2698(para)
5794
6014
msgid ""
5795
6015
"A namespace maps ids to resources. By not providing a container any id with "
5796
6016
"which to reference a resource, the resource can be protected. This is the "
5801
6021
"host."
5802
6022
msgstr ""
5803
6023
5804
#: serverguide/C/virtualization.xml:2639(para)
6024
#: serverguide/C/virtualization.xml:2707(para)
5805
6025
msgid ""
5806
6026
"By default, LXC containers are started under a Apparmor policy to restrict "
5807
6027
"some actions. The details of AppArmor integration with lxc are in section "
5812
6032
"host."
5813
6033
msgstr ""
5814
6034
5815
#: serverguide/C/virtualization.xml:2650(title)
6035
#: serverguide/C/virtualization.xml:2718(title)
5816
6036
msgid "Exploitable system calls"
5817
6037
msgstr ""
5818
6038
5819
#: serverguide/C/virtualization.xml:2652(para)
6039
#: serverguide/C/virtualization.xml:2720(para)
5820
6040
msgid ""
5821
6041
"It is a core container feature that containers share a kernel with the host. "
5822
6042
"Therefore if the kernel contains any exploitable system calls the container "
5824
6044
"fully control any resource known to the host."
5825
6045
msgstr ""
5826
6046
5827
#: serverguide/C/virtualization.xml:2658(para)
6047
#: serverguide/C/virtualization.xml:2726(para)
5828
6048
msgid ""
5829
6049
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
5830
6050
"seccomp filter. Seccomp is a new kernel feature which filters the system "
5836
6056
"by a list of numbers, one per line."
5837
6057
msgstr ""
5838
6058
5839
#: serverguide/C/virtualization.xml:2668(para)
6059
#: serverguide/C/virtualization.xml:2736(para)
5840
6060
msgid ""
5841
6061
"In general to run a full distribution container a large number of system "
5842
6062
"calls will be needed. However for application containers it may be possible "
5848
6068
"loaded."
5849
6069
msgstr ""
5850
6070
5851
#: serverguide/C/virtualization.xml:2684(para)
6071
#: serverguide/C/virtualization.xml:2752(para)
5852
6072
msgid ""
5853
6073
"The DeveloperWorks article <ulink "
5854
6074
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
5856
6076
"to the use of containers."
5857
6077
msgstr ""
5858
6078
5859
#: serverguide/C/virtualization.xml:2691(para)
6079
#: serverguide/C/virtualization.xml:2759(para)
5860
6080
msgid ""
5861
6081
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
5862
6082
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
5863
6083
"use of security modules to make containers more secure."
5864
6084
msgstr ""
5865
6085
5866
#: serverguide/C/virtualization.xml:2698(para) serverguide/C/cgroups.xml:202(para)
6086
#: serverguide/C/virtualization.xml:2766(para) serverguide/C/cgroups.xml:202(para)
5867
6087
msgid "Manual pages referenced above can be found at:"
5868
6088
msgstr ""
5869
6089
5870
#: serverguide/C/virtualization.xml:2700(ulink)
6090
#: serverguide/C/virtualization.xml:2768(ulink)
5871
6091
msgid "capabilities"
5872
6092
msgstr ""
5873
6093
5874
#: serverguide/C/virtualization.xml:2701(ulink)
6094
#: serverguide/C/virtualization.xml:2769(ulink)
5875
6095
msgid "lxc.conf"
5876
6096
msgstr ""
5877
6097
5878
#: serverguide/C/virtualization.xml:2706(para)
6098
#: serverguide/C/virtualization.xml:2774(para)
5879
6099
msgid ""
5880
6100
"The upstream LXC project is hosted at <ulink "
5881
6101
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
5882
6102
msgstr ""
5883
6103
5884
#: serverguide/C/virtualization.xml:2711(para)
6104
#: serverguide/C/virtualization.xml:2779(para)
5885
6105
msgid ""
5886
6106
"LXC security issues are listed and discussed at <ulink "
5887
6107
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
5888
6108
msgstr ""
5889
6109
5890
#: serverguide/C/virtualization.xml:2717(para)
6110
#: serverguide/C/virtualization.xml:2785(para)
5891
6111
msgid ""
5892
6112
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
5893
6113
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
6444
6664
"service with the following command"
6445
6665
msgstr ""
6446
6666
6447
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:508(command)
6667
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:360(command)
6448
6668
msgid "sudo systemctl reload apache2.service"
6449
6669
msgstr ""
6450
6670
6741
6961
#: serverguide/C/serverguide.xml:11(para)
6742
6962
msgid ""
6743
6963
"A copy of the license is available here: <ulink "
6744
"url=\"http://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6964
"url=\"https://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6745
6965
"ShareAlike License</ulink>."
6746
6966
msgstr ""
6747
6967
9346
9566
msgid ""
9347
9567
"The main Samba configuration file is located in "
9348
9568
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
9349
"a significant amount of comments in order to document various configuration "
9569
"a significant number of comments in order to document various configuration "
9350
9570
"directives."
9351
9571
msgstr ""
9352
"The main Samba configuration file is located in "
9353
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
9354
"a significant amount of comments in order to document various configuration "
9355
"directives."
9356
9572
9357
9573
#: serverguide/C/samba.xml:104(para)
9358
9574
msgid ""
9520
9736
"Finally, restart the <application>samba</application> services to enable the "
9521
9737
"new configuration:"
9522
9738
9523
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4113(command)
9739
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2525(command) serverguide/C/network-auth.xml:4106(command)
9524
9740
msgid "sudo systemctl restart smbd.service nmbd.service"
9525
9741
msgstr ""
9526
9742
15194
15410
15195
15411
#: serverguide/C/network-config.xml:1418(para)
15196
15412
msgid ""
15197
"The package dpdk provides init scripts that ease configuration of device "
15198
"assignment and huge pages. It also makes them persistent accross reboots."
15413
"The package <emphasis>dpdk</emphasis> provides init scripts that ease "
15414
"configuration of device assignment and huge pages. It also makes them "
15415
"persistent accross reboots."
15199
15416
msgstr ""
15200
15417
15201
15418
#: serverguide/C/network-config.xml:1422(para)
15213
15430
"# <id> Device ID on the specified bus\n"
15214
15431
"# <driver> Driver to bind against (vfio-pci or uio_pci_generic)\n"
15215
15432
"#\n"
15216
"# Be aware that the two dpdk compatible drivers uio_pci_generic and vfio-pci "
15217
"are \n"
15433
"# Be aware that the two DPDK compatible drivers uio_pci_generic and vfio-pci "
15434
"are\n"
15218
15435
"# part of linux-image-extra-<VERSION> package.\n"
15219
15436
"# This package is not always installed by default - for example in cloud-"
15220
"images. \n"
15437
"images.\n"
15221
15438
"# So please install it in case you run into missing module issues.\n"
15222
15439
"#\n"
15223
15440
"# <bus> <id> <driver>\n"
15276
15493
15277
15494
#: serverguide/C/network-config.xml:1471(para)
15278
15495
msgid ""
15279
"The dpdk package has a config file and scripts that try to ease hugepage "
15280
"configuration for dpdk in the form of /etc/dpdk/dpdk.conf. If you have more "
15281
"consumers of hugepages than dpdk in your system or very special requirements "
15282
"how your hugepages are going to be set up you likely want to "
15283
"allocate/control them by yourself. If not this can be a great simplification "
15284
"to get dpdk to run for yourself."
15496
"The <emphasis>dpdk</emphasis> package has a config file and scripts that try "
15497
"to ease hugepage configuration for DPDK in the form of "
15498
"<emphasis>/etc/dpdk/dpdk.conf</emphasis>. If you have more consumers of "
15499
"hugepages than just DPDK in your system or very special requirements how "
15500
"your hugepages are going to be set up you likely want to allocate/control "
15501
"them by yourself. If not this can be a great simplification to get DPDK "
15502
"configured for your needs."
15285
15503
msgstr ""
15286
15504
15287
15505
#: serverguide/C/network-config.xml:1476(para)
15329
15547
15330
15548
#: serverguide/C/network-config.xml:1501(para)
15331
15549
msgid ""
15332
"You will often find guides that tell you to fetch the dpdk sources, build "
15333
"them to your needs and eventually build your application based on dpdk by "
15550
"You will often find guides that tell you to fetch the DPDK sources, build "
15551
"them to your needs and eventually build your application based on DPDK by "
15334
15552
"setting values RTE_* for the build system. Since Ubunutu provides an already "
15335
15553
"compiled DPDK for you can can skip all that. To simplify setting the proper "
15336
15554
"variables you can source the file /usr/share/dpdk/dpdk-sdk-env.sh before "
15351
15569
#: serverguide/C/network-config.xml:1512(para)
15352
15570
msgid ""
15353
15571
"Depending on what you build it might be a good addition to install all of "
15354
"dpdk build dependencies before the make."
15572
"DPDK build dependencies before the make."
15355
15573
msgstr ""
15356
15574
15357
15575
#: serverguide/C/network-config.xml:1515(programlisting)
15401
15619
15402
15620
#: serverguide/C/network-config.xml:1538(para)
15403
15621
msgid ""
15404
"The section ''--vhost-owner libvirt-qemu:kvm --vhost-perm 0664'' will set "
15405
"vhost_user ports up with owner/permissions to be compatible with Ubuntus way "
15406
"of running qemu-kvm/libvirt with reduced privileges for more security."
15622
"The section <emphasis>--vhost-owner libvirt-qemu:kvm --vhost-perm "
15623
"0664</emphasis> will set vhost_user ports up with owner/permissions to be "
15624
"compatible with Ubuntus way of running qemu-kvm/libvirt with reduced "
15625
"privileges for more security."
15407
15626
msgstr ""
15408
15627
15409
15628
#: serverguide/C/network-config.xml:1541(para)
15410
15629
msgid ""
15630
"Please note that the section <emphasis>-m 2048</emphasis> is the most basic "
15631
"numa setup for a single socket system. If you have multiple sockets you "
15632
"might want to define how to split your memory among them, for example "
15633
"<emphasis>-m 1024, 1024</emphasis>. Please be aware that DPDK will try to "
15634
"work only with local memory to the network cards it works with (for "
15635
"performance reasons). That said if you have multiple nodes, but all network "
15636
"cards on one, you should consider spreading your cards. If not at least "
15637
"allocate your memory to the node where the cards reside, for example in a "
15638
"two node all to node #2: <emphasis>-m 0, 2048</emphasis>. You can use the "
15639
"tool <emphasis>lstopo</emphasis> from the package <emphasis>hwloc-"
15640
"nox</emphasis> to see on which socket your cards are located."
15641
msgstr ""
15642
15643
#: serverguide/C/network-config.xml:1549(para)
15644
msgid ""
15411
15645
"The OpenVswitch you now started supports all port types OpenVswitch usually "
15412
15646
"does, plus DPDK port types. Here an example how to create a bridge and - "
15413
15647
"instead of a normal external port - add an external DPDK port to it."
15414
15648
msgstr ""
15415
15649
15416
#: serverguide/C/network-config.xml:1545(programlisting)
15650
#: serverguide/C/network-config.xml:1553(programlisting)
15417
15651
#, no-wrap
15418
15652
msgid ""
15419
15653
"\n"
15422
15656
"\t\t "
15423
15657
msgstr ""
15424
15658
15425
#: serverguide/C/network-config.xml:1552(title)
15659
#: serverguide/C/network-config.xml:1558(para)
15660
msgid ""
15661
"The enablement of DPDK in Open vSwitch has changed in version 2.6. So for "
15662
"users of releases >=16.10, but also for users of the <ulink "
15663
"url=\"https://wiki.ubuntu.com/OpenStack/CloudArchive\">Ubuntu Cloud "
15664
"Archive</ulink> >=neutron the enablement has changed compared to that for "
15665
"users of Ubuntu 16.04. The options formerly passed via "
15666
"<emphasis>DPDK_OPTS</emphasis> are now configured via ovs-vsctl into the "
15667
"Open vSwitch configuration database."
15668
msgstr ""
15669
15670
#: serverguide/C/network-config.xml:1563(para)
15671
msgid "The same example as above would in the new way look like:"
15672
msgstr ""
15673
15674
#: serverguide/C/network-config.xml:1566(programlisting)
15675
#, no-wrap
15676
msgid ""
15677
"\n"
15678
"# Enable DPDK\n"
15679
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-init=true\"\n"
15680
"# run on core 0\n"
15681
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-lcore-mask=0x1\"\n"
15682
"# Allocate 2G huge pages (not Numa node aware)\n"
15683
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-alloc-mem=2048\"\n"
15684
"# group/permissions for vhost-user sockets (required to work with "
15685
"libvirt/qemu)\n"
15686
"ovs-vsctl set Open_vSwitch . \\\n"
15687
" \"other_config:dpdk-extra=--vhost-owner libvirt-qemu:kvm --vhost-perm "
15688
"0666\"\n"
15689
"\t\t "
15690
msgstr ""
15691
15692
#: serverguide/C/network-config.xml:1581(filename)
15693
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK.md.gz"
15694
msgstr ""
15695
15696
#: serverguide/C/network-config.xml:1582(filename)
15697
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK-ADVANCED.md.gz"
15698
msgstr ""
15699
15700
#: serverguide/C/network-config.xml:1583(command)
15701
msgid "man ovs-vswitchd.conf.db"
15702
msgstr ""
15703
15704
#: serverguide/C/network-config.xml:1577(para)
15705
msgid ""
15706
"Please see the associated upstream documentation and the man page of the "
15707
"vswitch configuration as provided by the package for more details: "
15708
"<placeholder-1/>"
15709
msgstr ""
15710
15711
#: serverguide/C/network-config.xml:1590(title)
15426
15712
msgid "OpenVswitch DPDK to KVM Guests"
15427
15713
msgstr ""
15428
15714
15429
#: serverguide/C/network-config.xml:1553(para)
15715
#: serverguide/C/network-config.xml:1591(para)
15430
15716
msgid ""
15431
15717
"If you are not building some sort of SDN switch or NFV on top of DPDK it is "
15432
15718
"very likely that you want to forward traffic to KVM guests. The good news "
15436
15722
"DPDK instance."
15437
15723
msgstr ""
15438
15724
15439
#: serverguide/C/network-config.xml:1558(para)
15725
#: serverguide/C/network-config.xml:1596(para)
15440
15726
msgid ""
15441
15727
"The Guest has to be backed by shared hugepages for DPDK/vhost_user to work. "
15442
15728
"To ensure in general that libvirt/qemu-kvm finds a proper hugepage "
15444
15730
"Afterwards restart the service to pick up the changed configuration."
15445
15731
msgstr ""
15446
15732
15447
#: serverguide/C/network-config.xml:1563(programlisting)
15733
#: serverguide/C/network-config.xml:1601(programlisting)
15448
15734
#, no-wrap
15449
15735
msgid ""
15450
15736
"\n"
15453
15739
"\t\t "
15454
15740
msgstr ""
15455
15741
15456
#: serverguide/C/network-config.xml:1567(para)
15742
#: serverguide/C/network-config.xml:1605(para)
15457
15743
msgid ""
15458
15744
"To let a guest be backed by hugepages is now also supported via recent "
15459
15745
"libvirt, just add the following snippet to your virsh xml (or the equivalent "
15461
15747
"easily spawn guests with \"uvt-kvm create\"."
15462
15748
msgstr ""
15463
15749
15464
#: serverguide/C/network-config.xml:1571(programlisting)
15750
#: serverguide/C/network-config.xml:1609(programlisting)
15465
15751
#, no-wrap
15466
15752
msgid ""
15467
15753
"\n"
15476
15762
"\t\t "
15477
15763
msgstr ""
15478
15764
15479
#: serverguide/C/network-config.xml:1580(para)
15765
#: serverguide/C/network-config.xml:1618(para)
15480
15766
msgid ""
15481
15767
"The new and recommended way to get to a KVM guest is using vhost_user. This "
15482
15768
"will cause DPDK to create a socket that qemu will connect the guest to. Here "
15483
15769
"an example how to add such a port to the bridge you created (see above)."
15484
15770
msgstr ""
15485
15771
15486
#: serverguide/C/network-config.xml:1585(programlisting)
15772
#: serverguide/C/network-config.xml:1623(programlisting)
15487
15773
#, no-wrap
15488
15774
msgid ""
15489
15775
"\n"
15492
15778
"\t\t "
15493
15779
msgstr ""
15494
15780
15495
#: serverguide/C/network-config.xml:1588(para)
15781
#: serverguide/C/network-config.xml:1626(para)
15496
15782
msgid ""
15497
15783
"This will create a vhost_user socket at /var/run/openvswitch/vhost-user-1"
15498
15784
msgstr ""
15499
15785
15500
#: serverguide/C/network-config.xml:1591(para)
15786
#: serverguide/C/network-config.xml:1629(para)
15501
15787
msgid ""
15502
15788
"To let libvirt/kvm consume this socket and create a guest virtio network "
15503
15789
"device for it add a snippet like this to your guest definition as the "
15504
15790
"network definition."
15505
15791
msgstr ""
15506
15792
15507
#: serverguide/C/network-config.xml:1594(programlisting)
15793
#: serverguide/C/network-config.xml:1632(programlisting)
15508
15794
#, no-wrap
15509
15795
msgid ""
15510
15796
"\n"
15517
15803
"\t\t "
15518
15804
msgstr ""
15519
15805
15520
#: serverguide/C/network-config.xml:1605(title)
15806
#: serverguide/C/network-config.xml:1643(title)
15521
15807
msgid "DPDK in KVM Guests"
15522
15808
msgstr ""
15523
15809
15524
#: serverguide/C/network-config.xml:1606(para)
15810
#: serverguide/C/network-config.xml:1644(para)
15525
15811
msgid ""
15526
15812
"If you have no access to DPDK supported network cards you can still work "
15527
15813
"with DPDK by using its support for virtio. To do so you have to create "
15528
15814
"guests backed by hugepages (see above)."
15529
15815
msgstr ""
15530
15816
15531
#: serverguide/C/network-config.xml:1610(para)
15817
#: serverguide/C/network-config.xml:1648(para)
15532
15818
msgid ""
15533
15819
"On top of that there it is required to have at least SSE3. The default CPU "
15534
15820
"model qemu/libvirt uses is only up to SSE2. So you will have to define a "
15537
15823
"virsh xml (or the equivalent virsh interface you use)."
15538
15824
msgstr ""
15539
15825
15540
#: serverguide/C/network-config.xml:1616(programlisting)
15826
#: serverguide/C/network-config.xml:1654(programlisting)
15541
15827
#, no-wrap
15542
15828
msgid ""
15543
15829
"\n"
15545
15831
"\t\t "
15546
15832
msgstr ""
15547
15833
15548
#: serverguide/C/network-config.xml:1619(para)
15834
#: serverguide/C/network-config.xml:1657(para)
15549
15835
msgid ""
15550
15836
"This example is rather offensive and passes all host features. That in turn "
15551
15837
"makes the guest not very migratable as the target would need all the "
15553
15839
"like the following example."
15554
15840
msgstr ""
15555
15841
15556
#: serverguide/C/network-config.xml:1624(programlisting)
15842
#: serverguide/C/network-config.xml:1662(programlisting)
15557
15843
#, no-wrap
15558
15844
msgid ""
15559
15845
"\n"
15564
15850
"\t\t "
15565
15851
msgstr ""
15566
15852
15567
#: serverguide/C/network-config.xml:1630(para)
15853
#: serverguide/C/network-config.xml:1668(para)
15568
15854
msgid ""
15569
15855
"Also virtio nowadays supports multiqueue which DPDK in turn can exploit for "
15570
15856
"better speed. To modify a normal virtio definition to have multiple queues "
15573
15859
"DPDK in the guest."
15574
15860
msgstr ""
15575
15861
15576
#: serverguide/C/network-config.xml:1635(programlisting)
15862
#: serverguide/C/network-config.xml:1673(programlisting)
15577
15863
#, no-wrap
15578
15864
msgid ""
15579
15865
"\n"
15581
15867
"\t\t "
15582
15868
msgstr ""
15583
15869
15584
#: serverguide/C/network-config.xml:1641(title)
15870
#: serverguide/C/network-config.xml:1679(title)
15585
15871
msgid "Tuning Openvswitch-DPDK"
15586
15872
msgstr ""
15587
15873
15588
#: serverguide/C/network-config.xml:1642(para)
15874
#: serverguide/C/network-config.xml:1680(para)
15589
15875
msgid ""
15590
15876
"DPDK has plenty of options - in combination with Openvswitch-DPDK the two "
15591
15877
"most commonly used are:"
15592
15878
msgstr ""
15593
15879
15594
#: serverguide/C/network-config.xml:1645(programlisting)
15880
#: serverguide/C/network-config.xml:1683(programlisting)
15595
15881
#, no-wrap
15596
15882
msgid ""
15597
15883
"\n"
15600
15886
"\t\t "
15601
15887
msgstr ""
15602
15888
15603
#: serverguide/C/network-config.xml:1649(para)
15889
#: serverguide/C/network-config.xml:1687(para)
15604
15890
msgid ""
15605
15891
"The first select how many rx queues are to be used for each DPDK interface, "
15606
15892
"while the second controls how many and where to run PMD threads. The example "
15609
15895
"installation\" at the end of this document for more."
15610
15896
msgstr ""
15611
15897
15612
#: serverguide/C/network-config.xml:1654(para)
15898
#: serverguide/C/network-config.xml:1692(para)
15613
15899
msgid ""
15614
15900
"As usual with tunings you have to know your system and workload really well -"
15615
15901
" so please verify any tunings with workloads matching your real use case."
15616
15902
msgstr ""
15617
15903
15618
#: serverguide/C/network-config.xml:1661(para)
15904
#: serverguide/C/network-config.xml:1699(para)
15619
15905
msgid ""
15620
15906
"DPDK is a fast evolving project. In any case of a search for support and "
15621
15907
"further guides it is highly recommended to first check if they apply to the "
15622
15908
"current version."
15623
15909
msgstr ""
15624
15910
15625
#: serverguide/C/network-config.xml:1668(ulink)
15911
#: serverguide/C/network-config.xml:1707(ulink)
15626
15912
msgid "DPDK Mailing Lists"
15627
15913
msgstr ""
15628
15914
15629
#: serverguide/C/network-config.xml:1672(para)
15915
#: serverguide/C/network-config.xml:1711(para)
15630
15916
msgid ""
15631
15917
"For OpenVswitch-DPDK <ulink url=\"http://openvswitch.org/mlists\">OpenStack "
15632
15918
"Mailing Lists</ulink>"
15633
15919
msgstr ""
15634
15920
15635
#: serverguide/C/network-config.xml:1677(para)
15921
#: serverguide/C/network-config.xml:1716(para)
15636
15922
msgid ""
15637
15923
"Known issues in <ulink "
15638
15924
"url=\"https://bugs.launchpad.net/ubuntu/+source/dpdk\">DPDK Launchpad "
15639
15925
"Area</ulink>"
15640
15926
msgstr ""
15641
15927
15642
#: serverguide/C/network-config.xml:1682(para)
15928
#: serverguide/C/network-config.xml:1721(para)
15643
15929
msgid "Join the IRC channels #DPDK or #openvswitch on freenode."
15644
15930
msgstr ""
15645
15931
15646
#: serverguide/C/network-config.xml:1696(ulink)
15932
#: serverguide/C/network-config.xml:1727(para)
15933
msgid ""
15934
"Issues are often due to missing small details in the general setup. Later "
15935
"on, these missing details cause problems which can be hard to track down to "
15936
"their root cause. A common case seems to be the \"could not open network "
15937
"device dpdk0 (No such device)\" issue. This occurs rather late when setting "
15938
"up a port in Open vSwitch with DPDK. But the root cause most of the time is "
15939
"very early in the setup and initialization. Here an example how a proper "
15940
"initialization of a device looks - this can be found in the syslog/journal "
15941
"when starting Open vSwitch with DPDK enabled."
15942
msgstr ""
15943
15944
#: serverguide/C/network-config.xml:1738(programlisting)
15945
#, no-wrap
15946
msgid ""
15947
"\n"
15948
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15949
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15950
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
15951
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
15952
"\t\t "
15953
msgstr ""
15954
15955
#: serverguide/C/network-config.xml:1745(para)
15956
msgid ""
15957
"If this is missing, either by ignored cards, failed initialization or other "
15958
"reasons, later on there will be no DPDK device to refer to. Unfortunately "
15959
"the logging is spread across syslog/journal and the openvswitch log. To "
15960
"allow some cross checking here an example what can be found in these logs, "
15961
"relative to the entered command."
15962
msgstr ""
15963
15964
#: serverguide/C/network-config.xml:1753(programlisting)
15965
#, no-wrap
15966
msgid ""
15967
"\n"
15968
"#Note: This log was taken with dpdk 2.2 and openvswitch 2.5\n"
15969
"Captions:\n"
15970
"CMD: that you enter\n"
15971
"SYSLOG: (Inlcuding EAL and OVS Messages)\n"
15972
"OVS-LOG: (Openvswitch messages)\n"
15973
"\n"
15974
"#PREPARATION\n"
15975
"Bind an interface to DPDK UIO drivers, make Hugepages available, enable DPDK "
15976
"on OVS\n"
15977
"\n"
15978
"CMD: sudo service openvswitch-switch restart\n"
15979
"\n"
15980
"SYSLOG:\n"
15981
"2016-01-22T08:58:31.372Z|00003|daemon_unix(monitor)|INFO|pid 3329 died, "
15982
"killed (Terminated), exiting\n"
15983
"2016-01-22T08:58:33.377Z|00002|vlog|INFO|opened log file "
15984
"/var/log/openvswitch/ovs-vswitchd.log\n"
15985
"2016-01-22T08:58:33.381Z|00003|ovs_numa|INFO|Discovered 12 CPU cores on NUMA "
15986
"node 0\n"
15987
"2016-01-22T08:58:33.381Z|00004|ovs_numa|INFO|Discovered 1 NUMA nodes and 12 "
15988
"CPU cores\n"
15989
"2016-01-"
15990
"22T08:58:33.381Z|00005|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15991
"connecting...\n"
15992
"2016-01-"
15993
"22T08:58:33.383Z|00006|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15994
"connected\n"
15995
"2016-01-22T08:58:33.386Z|00007|bridge|INFO|ovs-vswitchd (Open vSwitch) "
15996
"2.5.0\n"
15997
"\n"
15998
"OVS-LOG:\n"
15999
"systemd[1]: Stopping Open vSwitch...\n"
16000
"systemd[1]: Stopped Open vSwitch.\n"
16001
"systemd[1]: Stopping Open vSwitch Internal Unit...\n"
16002
"ovs-ctl[3541]: * Killing ovs-vswitchd (3329)\n"
16003
"ovs-ctl[3541]: * Killing ovsdb-server (3318)\n"
16004
"systemd[1]: Stopped Open vSwitch Internal Unit.\n"
16005
"systemd[1]: Starting Open vSwitch Internal Unit...\n"
16006
"ovs-ctl[3560]: * Starting ovsdb-server\n"
16007
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait -- init -- set "
16008
"Open_vSwitch . db-version=7.12.1\n"
16009
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait set "
16010
"Open_vSwitch . ovs-version=2.5.0 \"external-ids:system-id=\\\"e7c5ba80-bb14-"
16011
"45c1-b8eb-628f3ad03903\\\"\" \"system-type=\\\"Ubuntu\\\"\" \"system-"
16012
"version=\\\"16.04-xenial\\\"\"\n"
16013
"ovs-ctl[3560]: * Configuring Open vSwitch system IDs\n"
16014
"ovs-ctl[3560]: 2016-01-22T08:58:31Z|00001|dpdk|INFO|No -vhost_sock_dir "
16015
"provided - defaulting to /var/run/openvswitch\n"
16016
"ovs-vswitchd: ovs|00001|dpdk|INFO|No -vhost_sock_dir provided - defaulting "
16017
"to /var/run/openvswitch\n"
16018
"ovs-ctl[3560]: EAL: Detected lcore 0 as core 0 on socket 0\n"
16019
"ovs-ctl[3560]: EAL: Detected lcore 1 as core 1 on socket 0\n"
16020
"ovs-ctl[3560]: EAL: Detected lcore 2 as core 2 on socket 0\n"
16021
"ovs-ctl[3560]: EAL: Detected lcore 3 as core 3 on socket 0\n"
16022
"ovs-ctl[3560]: EAL: Detected lcore 4 as core 4 on socket 0\n"
16023
"ovs-ctl[3560]: EAL: Detected lcore 5 as core 5 on socket 0\n"
16024
"ovs-ctl[3560]: EAL: Detected lcore 6 as core 0 on socket 0\n"
16025
"ovs-ctl[3560]: EAL: Detected lcore 7 as core 1 on socket 0\n"
16026
"ovs-ctl[3560]: EAL: Detected lcore 8 as core 2 on socket 0\n"
16027
"ovs-ctl[3560]: EAL: Detected lcore 9 as core 3 on socket 0\n"
16028
"ovs-ctl[3560]: EAL: Detected lcore 10 as core 4 on socket 0\n"
16029
"ovs-ctl[3560]: EAL: Detected lcore 11 as core 5 on socket 0\n"
16030
"ovs-ctl[3560]: EAL: Support maximum 128 logical core(s) by configuration.\n"
16031
"ovs-ctl[3560]: EAL: Detected 12 lcore(s)\n"
16032
"ovs-ctl[3560]: EAL: VFIO modules not all loaded, skip VFIO support...\n"
16033
"ovs-ctl[3560]: EAL: Setting up physically contiguous memory...\n"
16034
"ovs-ctl[3560]: EAL: Ask a virtual area of 0x100000000 bytes\n"
16035
"ovs-ctl[3560]: EAL: Virtual area found at 0x7f2040000000 (size = "
16036
"0x100000000)\n"
16037
"ovs-ctl[3560]: EAL: Requesting 4 pages of size 1024MB from socket 0\n"
16038
"ovs-ctl[3560]: EAL: TSC frequency is ~2397202 KHz\n"
16039
"ovs-vswitchd[3592]: EAL: TSC frequency is ~2397202 KHz\n"
16040
"ovs-vswitchd[3592]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
16041
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
16042
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
16043
"ovs-vswitchd[3592]: EAL: Not managed by a supported kernel driver, "
16044
"skipped\n"
16045
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
16046
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
16047
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140000000\n"
16048
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140200000\n"
16049
"ovs-ctl[3560]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
16050
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
16051
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
16052
"ovs-ctl[3560]: EAL: Not managed by a supported kernel driver, skipped\n"
16053
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
16054
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
16055
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
16056
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
16057
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
16058
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
16059
"deviceID=0x1528\n"
16060
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
16061
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
16062
"deviceID=0x1528\n"
16063
"ovs-ctl[3560]: Zone 0: name:<RG_MP_log_history>, phys:0x83fffdec0, "
16064
"len:0x2080, virt:0x7f213fffdec0, socket_id:0, flags:0\n"
16065
"ovs-ctl[3560]: Zone 1: name:<MP_log_history>, phys:0x83fd73d40, "
16066
"len:0x28a0c0, virt:0x7f213fd73d40, socket_id:0, flags:0\n"
16067
"ovs-ctl[3560]: Zone 2: name:<rte_eth_dev_data>, phys:0x83fd43380, "
16068
"len:0x2f700, virt:0x7f213fd43380, socket_id:0, flags:0\n"
16069
"ovs-ctl[3560]: * Starting ovs-vswitchd\n"
16070
"ovs-ctl[3560]: * Enabling remote OVSDB managers\n"
16071
"systemd[1]: Started Open vSwitch Internal Unit.\n"
16072
"systemd[1]: Starting Open vSwitch...\n"
16073
"systemd[1]: Started Open vSwitch.\n"
16074
"\n"
16075
"\n"
16076
"CMD: sudo ovs-vsctl add-br ovsdpdkbr0 -- set bridge ovsdpdkbr0 "
16077
"datapath_type=netdev\n"
16078
"\n"
16079
"SYSLOG:\n"
16080
"2016-01-22T08:58:56.344Z|00008|memory|INFO|37256 kB peak resident set size "
16081
"after 24.5 seconds\n"
16082
"2016-01-22T08:58:56.346Z|00009|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16083
"supports recirculation\n"
16084
"2016-01-22T08:58:56.346Z|00010|ofproto_dpif|INFO|netdev@ovs-netdev: MPLS "
16085
"label stack length probed as 3\n"
16086
"2016-01-22T08:58:56.346Z|00011|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16087
"supports unique flow ids\n"
16088
"2016-01-22T08:58:56.346Z|00012|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16089
"does not support ct_state\n"
16090
"2016-01-22T08:58:56.346Z|00013|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16091
"does not support ct_zone\n"
16092
"2016-01-22T08:58:56.346Z|00014|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16093
"does not support ct_mark\n"
16094
"2016-01-22T08:58:56.346Z|00015|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
16095
"does not support ct_label\n"
16096
"2016-01-22T08:58:56.360Z|00016|bridge|INFO|bridge ovsdpdkbr0: added "
16097
"interface ovsdpdkbr0 on port 65534\n"
16098
"2016-01-22T08:58:56.361Z|00017|bridge|INFO|bridge ovsdpdkbr0: using datapath "
16099
"ID 00005a4a1ed0a14d\n"
16100
"2016-01-22T08:58:56.361Z|00018|connmgr|INFO|ovsdpdkbr0: added service "
16101
"controller \"punix:/var/run/openvswitch/ovsdpdkbr0.mgmt\"\n"
16102
"\n"
16103
"OVS-LOG:\n"
16104
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-br ovsdpdkbr0 -- set "
16105
"bridge ovsdpdkbr0 datapath_type=netdev\n"
16106
"systemd-udevd[3607]: Could not generate persistent MAC address for ovs-"
16107
"netdev: No such file or directory\n"
16108
"kernel: [50165.886554] device ovs-netdev entered promiscuous mode\n"
16109
"kernel: [50165.901261] device ovsdpdkbr0 entered promiscuous mode\n"
16110
"\n"
16111
"\n"
16112
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 dpdk0 -- set Interface dpdk0 "
16113
"type=dpdk\n"
16114
"\n"
16115
"SYSLOG:\n"
16116
"2016-01-22T08:59:06.369Z|00019|memory|INFO|peak resident set size grew 155% "
16117
"in last 10.0 seconds, from 37256 kB to 95008 kB\n"
16118
"2016-01-22T08:59:06.369Z|00020|memory|INFO|handlers:4 ports:1 revalidators:2 "
16119
"rules:5\n"
16120
"2016-01-22T08:59:30.989Z|00021|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
16121
"2016-01-22T08:59:31.520Z|00022|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
16122
"2016-01-22T08:59:31.521Z|00023|dpif_netdev|INFO|Created 1 pmd threads on "
16123
"numa node 0\n"
16124
"2016-01-22T08:59:31.522Z|00001|dpif_netdev(pmd16)|INFO|Core 0 processing "
16125
"port 'dpdk0'\n"
16126
"2016-01-22T08:59:31.522Z|00024|bridge|INFO|bridge ovsdpdkbr0: added "
16127
"interface dpdk0 on port 1\n"
16128
"2016-01-22T08:59:31.522Z|00025|bridge|INFO|bridge ovsdpdkbr0: using datapath "
16129
"ID 00008cdcd4b36de9\n"
16130
"2016-01-22T08:59:31.523Z|00002|dpif_netdev(pmd16)|INFO|Core 0 processing "
16131
"port 'dpdk0'\n"
16132
"\n"
16133
"OVS-LOG:\n"
16134
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
16135
"dpdk0 -- set Interface dpdk0 type=dpdk\n"
16136
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
16137
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
16138
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16139
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16140
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
16141
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
16142
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
16143
"make sure RX burst size no less than 4 (port=0).\n"
16144
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
16145
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
16146
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16147
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16148
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a76e4c0 "
16149
"hw_ring=0x7f211a776500 dma_addr=0x81a776500\n"
16150
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16151
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16152
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a756440 "
16153
"hw_ring=0x7f211a75e480 dma_addr=0x81a75e480\n"
16154
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16155
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16156
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a73e3c0 "
16157
"hw_ring=0x7f211a746400 dma_addr=0x81a746400\n"
16158
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16159
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16160
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a726340 "
16161
"hw_ring=0x7f211a72e380 dma_addr=0x81a72e380\n"
16162
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16163
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16164
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a70e2c0 "
16165
"hw_ring=0x7f211a716300 dma_addr=0x81a716300\n"
16166
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16167
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16168
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6f6240 "
16169
"hw_ring=0x7f211a6fe280 dma_addr=0x81a6fe280\n"
16170
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16171
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16172
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6de1c0 "
16173
"hw_ring=0x7f211a6e6200 dma_addr=0x81a6e6200\n"
16174
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16175
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16176
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6c6140 "
16177
"hw_ring=0x7f211a6ce180 dma_addr=0x81a6ce180\n"
16178
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16179
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16180
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6ae0c0 "
16181
"hw_ring=0x7f211a6b6100 dma_addr=0x81a6b6100\n"
16182
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16183
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16184
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a696040 "
16185
"hw_ring=0x7f211a69e080 dma_addr=0x81a69e080\n"
16186
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16187
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16188
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a67dfc0 "
16189
"hw_ring=0x7f211a686000 dma_addr=0x81a686000\n"
16190
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16191
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16192
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a665e40 "
16193
"hw_ring=0x7f211a66de80 dma_addr=0x81a66de80\n"
16194
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
16195
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
16196
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
16197
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
16198
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
16199
"make sure RX burst size no less than 4 (port=0).\n"
16200
"\n"
16201
"\n"
16202
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 vhost-user-1 -- set Interface vhost-"
16203
"user-1 type=dpdkvhostuser\n"
16204
"\n"
16205
"OVS-LOG:\n"
16206
"2016-01-22T09:00:35.145Z|00026|dpdk|INFO|Socket /var/run/openvswitch/vhost-"
16207
"user-1 created for vhost-user port vhost-user-1\n"
16208
"2016-01-22T09:00:35.145Z|00003|dpif_netdev(pmd16)|INFO|Core 0 processing "
16209
"port 'dpdk0'\n"
16210
"2016-01-22T09:00:35.145Z|00004|dpif_netdev(pmd16)|INFO|Core 0 processing "
16211
"port 'vhost-user-1'\n"
16212
"2016-01-22T09:00:35.145Z|00027|bridge|INFO|bridge ovsdpdkbr0: added "
16213
"interface vhost-user-1 on port 2\n"
16214
"\n"
16215
"SYSLOG:\n"
16216
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
16217
"vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser\n"
16218
"ovs-vswitchd[3595]: VHOST_CONFIG: socket created, fd:46\n"
16219
"ovs-vswitchd[3595]: VHOST_CONFIG: bind to /var/run/openvswitch/vhost-user-1\n"
16220
"\n"
16221
"Eventually we can see the poll thread in top\n"
16222
" PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND\n"
16223
" 3595 root 10 -10 4975344 103936 9916 S 100.0 0.3 33:13.56 ovs-"
16224
"vswitchd\n"
16225
"\t\t "
16226
msgstr ""
16227
16228
#: serverguide/C/network-config.xml:1950(ulink)
15647
16229
msgid "DPDK Documentation"
15648
16230
msgstr ""
15649
16231
15650
#: serverguide/C/network-config.xml:1701(ulink)
16232
#: serverguide/C/network-config.xml:1955(ulink)
15651
16233
msgid "Release Notes matching the version packages in Ubuntu 16.04"
15652
16234
msgstr ""
15653
16235
15654
#: serverguide/C/network-config.xml:1706(ulink)
16236
#: serverguide/C/network-config.xml:1960(ulink)
15655
16237
msgid "Linux DPDK User Getting Started"
15656
16238
msgstr ""
15657
16239
15658
#: serverguide/C/network-config.xml:1711(ulink)
16240
#: serverguide/C/network-config.xml:1965(ulink)
15659
16241
msgid "EAL Command-line Options"
15660
16242
msgstr ""
15661
16243
15662
#: serverguide/C/network-config.xml:1716(ulink)
16244
#: serverguide/C/network-config.xml:1970(ulink)
15663
16245
msgid "DPDK Api Documentation"
15664
16246
msgstr ""
15665
16247
15666
#: serverguide/C/network-config.xml:1721(ulink)
16248
#: serverguide/C/network-config.xml:1975(ulink)
15667
16249
msgid "OpenVswitch DPDK installation"
15668
16250
msgstr ""
15669
16251
15670
#: serverguide/C/network-config.xml:1726(ulink)
16252
#: serverguide/C/network-config.xml:1980(ulink)
15671
16253
msgid "Wikipedias definition of DPDK"
15672
16254
msgstr ""
15673
16255
16683
17265
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
16684
17266
msgstr ""
16685
17267
16686
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3910(command)
17268
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3903(command)
16687
17269
msgid "sudo systemctl restart slapd.service"
16688
17270
msgstr ""
16689
17271
18172
18754
"specifically you want Samba to do for you and then configure it accordingly."
18173
18755
msgstr ""
18174
18756
18175
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3999(title)
18757
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3992(title)
18176
18758
msgid "Software Installation"
18177
18759
msgstr ""
18178
18760
18424
19006
#: serverguide/C/network-auth.xml:2454(para)
18425
19007
msgid ""
18426
19008
"Next, configure the <application>smbldap-tools</application> package to "
18427
"match your environment. The package is supposed to come with a configuration "
18428
"helper script (smbldap-config.pl, formerly configure.pl) that will ask "
18429
"questions about the needed options but there is a <ulink "
18430
"url=\"https://bugs.launchpad.net/serverguide/+bug/997172\">bug</ulink> "
18431
"whereby it is not installed (but found in the source code; 'apt source "
18432
"smbldap-tools')."
18433
msgstr ""
18434
18435
#: serverguide/C/network-auth.xml:2461(para)
18436
msgid ""
18437
"To manually configure the package, you need to create and edit the files "
18438
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
18439
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
18440
msgstr ""
18441
18442
#: serverguide/C/network-auth.xml:2466(para)
19009
"match your environment. The package comes with a configuration helper "
19010
"script, smbldap-config.pl, that will ask questions."
19011
msgstr ""
19012
19013
#: serverguide/C/network-auth.xml:2459(para)
18443
19014
msgid ""
18444
19015
"The <application>smbldap-populate</application> script will then add the "
18445
19016
"LDAP objects required for Samba. It is a good idea to first make a backup of "
18446
19017
"your DIT using <application>slapcat</application>:"
18447
19018
msgstr ""
18448
19019
18449
#: serverguide/C/network-auth.xml:2472(command)
19020
#: serverguide/C/network-auth.xml:2465(command)
18450
19021
msgid "sudo slapcat -l backup.ldif"
18451
19022
msgstr ""
18452
19023
18453
#: serverguide/C/network-auth.xml:2475(para)
19024
#: serverguide/C/network-auth.xml:2468(para)
18454
19025
msgid "Once you have a backup proceed to populate your directory:"
18455
19026
msgstr ""
18456
19027
18457
#: serverguide/C/network-auth.xml:2480(command)
19028
#: serverguide/C/network-auth.xml:2473(command)
18458
19029
msgid "sudo smbldap-populate"
18459
19030
msgstr ""
18460
19031
18461
#: serverguide/C/network-auth.xml:2483(para)
19032
#: serverguide/C/network-auth.xml:2476(para)
18462
19033
msgid ""
18463
19034
"You can create a LDIF file containing the new Samba objects by executing "
18464
19035
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
18467
19038
"and import its data per usual."
18468
19039
msgstr ""
18469
19040
18470
#: serverguide/C/network-auth.xml:2489(para)
19041
#: serverguide/C/network-auth.xml:2482(para)
18471
19042
msgid ""
18472
19043
"Your LDAP directory now has the necessary information to authenticate Samba "
18473
19044
"users."
18474
19045
msgstr ""
18475
19046
18476
#: serverguide/C/network-auth.xml:2498(title) serverguide/C/network-auth.xml:4031(title)
19047
#: serverguide/C/network-auth.xml:2491(title) serverguide/C/network-auth.xml:4024(title)
18477
19048
msgid "Samba Configuration"
18478
19049
msgstr ""
18479
19050
18480
#: serverguide/C/network-auth.xml:2500(para)
19051
#: serverguide/C/network-auth.xml:2493(para)
18481
19052
msgid ""
18482
19053
"There are multiple ways to configure Samba. For details on some common "
18483
19054
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
18486
19057
"adding some ldap-related ones:"
18487
19058
msgstr ""
18488
19059
18489
#: serverguide/C/network-auth.xml:2506(programlisting)
19060
#: serverguide/C/network-auth.xml:2499(programlisting)
18490
19061
#, no-wrap
18491
19062
msgid ""
18492
19063
"\n"
18506
19077
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
18507
19078
msgstr ""
18508
19079
18509
#: serverguide/C/network-auth.xml:2523(para)
19080
#: serverguide/C/network-auth.xml:2516(para)
18510
19081
msgid "Change the values to match your environment."
18511
19082
msgstr ""
18512
19083
18513
#: serverguide/C/network-auth.xml:2527(para)
19084
#: serverguide/C/network-auth.xml:2520(para)
18514
19085
msgid "Restart <application>samba</application> to enable the new settings:"
18515
19086
msgstr ""
18516
19087
18517
#: serverguide/C/network-auth.xml:2535(para)
19088
#: serverguide/C/network-auth.xml:2528(para)
18518
19089
msgid ""
18519
19090
"Now inform Samba about the rootDN user's password (the one set during the "
18520
19091
"installation of the slapd package):"
18521
19092
msgstr ""
18522
19093
18523
#: serverguide/C/network-auth.xml:2540(command)
19094
#: serverguide/C/network-auth.xml:2533(command)
18524
19095
msgid "sudo smbpasswd -w password"
18525
19096
msgstr ""
18526
19097
18527
#: serverguide/C/network-auth.xml:2543(para)
19098
#: serverguide/C/network-auth.xml:2536(para)
18528
19099
msgid ""
18529
19100
"If you have existing LDAP users that you want to include in your new LDAP-"
18530
19101
"backed Samba they will, of course, also need to be given some of the extra "
18534
19105
"<application>libnss-ldap</application>):"
18535
19106
msgstr ""
18536
19107
18537
#: serverguide/C/network-auth.xml:2551(command)
19108
#: serverguide/C/network-auth.xml:2544(command)
18538
19109
msgid "sudo smbpasswd -a username"
18539
19110
msgstr ""
18540
19111
18541
#: serverguide/C/network-auth.xml:2554(para)
19112
#: serverguide/C/network-auth.xml:2547(para)
18542
19113
msgid ""
18543
19114
"You will prompted to enter a password. It will be considered as the new "
18544
19115
"password for that user. Making it the same as before is reasonable."
18545
19116
msgstr ""
18546
19117
18547
#: serverguide/C/network-auth.xml:2558(para)
19118
#: serverguide/C/network-auth.xml:2551(para)
18548
19119
msgid ""
18549
19120
"To manage user, group, and machine accounts use the utilities provided by "
18550
19121
"the <application>smbldap-tools</application> package. Here are some examples:"
18551
19122
msgstr ""
18552
19123
18553
#: serverguide/C/network-auth.xml:2566(para)
19124
#: serverguide/C/network-auth.xml:2559(para)
18554
19125
msgid "To add a new user:"
18555
19126
msgstr ""
18556
19127
18557
#: serverguide/C/network-auth.xml:2571(command)
19128
#: serverguide/C/network-auth.xml:2564(command)
18558
19129
msgid "sudo smbldap-useradd -a -P username"
18559
19130
msgstr ""
18560
19131
18561
#: serverguide/C/network-auth.xml:2574(para)
19132
#: serverguide/C/network-auth.xml:2567(para)
18562
19133
msgid ""
18563
19134
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
18564
19135
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
18566
19137
"a password for the user."
18567
19138
msgstr ""
18568
19139
18569
#: serverguide/C/network-auth.xml:2581(para)
19140
#: serverguide/C/network-auth.xml:2574(para)
18570
19141
msgid "To remove a user:"
18571
19142
msgstr ""
18572
19143
18573
#: serverguide/C/network-auth.xml:2586(command)
19144
#: serverguide/C/network-auth.xml:2579(command)
18574
19145
msgid "sudo smbldap-userdel username"
18575
19146
msgstr ""
18576
19147
18577
#: serverguide/C/network-auth.xml:2589(para)
19148
#: serverguide/C/network-auth.xml:2582(para)
18578
19149
msgid ""
18579
19150
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
18580
19151
"user's home directory."
18581
19152
msgstr ""
18582
19153
18583
#: serverguide/C/network-auth.xml:2595(para)
19154
#: serverguide/C/network-auth.xml:2588(para)
18584
19155
msgid "To add a group:"
18585
19156
msgstr ""
18586
19157
18587
#: serverguide/C/network-auth.xml:2600(command)
19158
#: serverguide/C/network-auth.xml:2593(command)
18588
19159
msgid "sudo smbldap-groupadd -a groupname"
18589
19160
msgstr ""
18590
19161
18591
#: serverguide/C/network-auth.xml:2603(para)
19162
#: serverguide/C/network-auth.xml:2596(para)
18592
19163
msgid ""
18593
19164
"As for <application>smbldap-useradd</application>, the <emphasis>-"
18594
19165
"a</emphasis> adds the Samba attributes."
18595
19166
msgstr ""
18596
19167
18597
#: serverguide/C/network-auth.xml:2609(para)
19168
#: serverguide/C/network-auth.xml:2602(para)
18598
19169
msgid "To make an existing user a member of a group:"
18599
19170
msgstr ""
18600
19171
18601
#: serverguide/C/network-auth.xml:2614(command)
19172
#: serverguide/C/network-auth.xml:2607(command)
18602
19173
msgid "sudo smbldap-groupmod -m username groupname"
18603
19174
msgstr ""
18604
19175
18605
#: serverguide/C/network-auth.xml:2617(para)
19176
#: serverguide/C/network-auth.xml:2610(para)
18606
19177
msgid ""
18607
19178
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
18608
19179
"listing them in comma-separated format."
18609
19180
msgstr ""
18610
19181
18611
#: serverguide/C/network-auth.xml:2623(para)
19182
#: serverguide/C/network-auth.xml:2616(para)
18612
19183
msgid "To remove a user from a group:"
18613
19184
msgstr ""
18614
19185
18615
#: serverguide/C/network-auth.xml:2628(command)
19186
#: serverguide/C/network-auth.xml:2621(command)
18616
19187
msgid "sudo smbldap-groupmod -x username groupname"
18617
19188
msgstr ""
18618
19189
18619
#: serverguide/C/network-auth.xml:2634(para)
19190
#: serverguide/C/network-auth.xml:2627(para)
18620
19191
msgid "To add a Samba machine account:"
18621
19192
msgstr ""
18622
19193
18623
#: serverguide/C/network-auth.xml:2639(command)
19194
#: serverguide/C/network-auth.xml:2632(command)
18624
19195
msgid "sudo smbldap-useradd -t 0 -w username"
18625
19196
msgstr ""
18626
19197
18627
#: serverguide/C/network-auth.xml:2642(para)
19198
#: serverguide/C/network-auth.xml:2635(para)
18628
19199
msgid ""
18629
19200
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
18630
19201
"<emphasis>-t 0</emphasis> option creates the machine account without a "
18634
19205
"<application>smbldap-useradd</application>."
18635
19206
msgstr ""
18636
19207
18637
#: serverguide/C/network-auth.xml:2651(para)
19208
#: serverguide/C/network-auth.xml:2644(para)
18638
19209
msgid ""
18639
19210
"There are utilities in the <application>smbldap-tools</application> package "
18640
19211
"that were not covered here. Here is a complete list:"
18641
19212
msgstr ""
18642
19213
18643
#: serverguide/C/network-auth.xml:2656(ulink)
19214
#: serverguide/C/network-auth.xml:2649(ulink)
18644
19215
msgid "smbldap-groupadd"
18645
19216
msgstr ""
18646
19217
18647
#: serverguide/C/network-auth.xml:2657(ulink)
19218
#: serverguide/C/network-auth.xml:2650(ulink)
18648
19219
msgid "smbldap-groupdel"
18649
19220
msgstr ""
18650
19221
18651
#: serverguide/C/network-auth.xml:2658(ulink)
19222
#: serverguide/C/network-auth.xml:2651(ulink)
18652
19223
msgid "smbldap-groupmod"
18653
19224
msgstr ""
18654
19225
18655
#: serverguide/C/network-auth.xml:2659(ulink)
19226
#: serverguide/C/network-auth.xml:2652(ulink)
18656
19227
msgid "smbldap-groupshow"
18657
19228
msgstr ""
18658
19229
18659
#: serverguide/C/network-auth.xml:2660(ulink)
19230
#: serverguide/C/network-auth.xml:2653(ulink)
18660
19231
msgid "smbldap-passwd"
18661
19232
msgstr ""
18662
19233
18663
#: serverguide/C/network-auth.xml:2661(ulink)
19234
#: serverguide/C/network-auth.xml:2654(ulink)
18664
19235
msgid "smbldap-populate"
18665
19236
msgstr ""
18666
19237
18667
#: serverguide/C/network-auth.xml:2662(ulink)
19238
#: serverguide/C/network-auth.xml:2655(ulink)
18668
19239
msgid "smbldap-useradd"
18669
19240
msgstr ""
18670
19241
18671
#: serverguide/C/network-auth.xml:2663(ulink)
19242
#: serverguide/C/network-auth.xml:2656(ulink)
18672
19243
msgid "smbldap-userdel"
18673
19244
msgstr ""
18674
19245
18675
#: serverguide/C/network-auth.xml:2664(ulink)
19246
#: serverguide/C/network-auth.xml:2657(ulink)
18676
19247
msgid "smbldap-userinfo"
18677
19248
msgstr ""
18678
19249
18679
#: serverguide/C/network-auth.xml:2665(ulink)
19250
#: serverguide/C/network-auth.xml:2658(ulink)
18680
19251
msgid "smbldap-userlist"
18681
19252
msgstr ""
18682
19253
18683
#: serverguide/C/network-auth.xml:2666(ulink)
19254
#: serverguide/C/network-auth.xml:2659(ulink)
18684
19255
msgid "smbldap-usermod"
18685
19256
msgstr ""
18686
19257
18687
#: serverguide/C/network-auth.xml:2667(ulink)
19258
#: serverguide/C/network-auth.xml:2660(ulink)
18688
19259
msgid "smbldap-usershow"
18689
19260
msgstr ""
18690
19261
18691
#: serverguide/C/network-auth.xml:2678(para)
19262
#: serverguide/C/network-auth.xml:2671(para)
18692
19263
msgid ""
18693
19264
"For more information on installing and configuring Samba see <xref "
18694
19265
"linkend=\"samba\"/> of this Ubuntu Server Guide."
18695
19266
msgstr ""
18696
19267
18697
#: serverguide/C/network-auth.xml:2684(para)
19268
#: serverguide/C/network-auth.xml:2677(para)
18698
19269
msgid ""
18699
19270
"There are multiple places where LDAP and Samba is documented in the upstream "
18700
19271
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
18701
19272
"HOWTO Collection</ulink>."
18702
19273
msgstr ""
18703
19274
18704
#: serverguide/C/network-auth.xml:2691(para)
19275
#: serverguide/C/network-auth.xml:2684(para)
18705
19276
msgid ""
18706
19277
"Regarding the above, see specifically the <ulink "
18707
19278
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
18708
19279
"Collection/passdb.html\">passdb section</ulink>."
18709
19280
msgstr ""
18710
19281
18711
#: serverguide/C/network-auth.xml:2697(para)
19282
#: serverguide/C/network-auth.xml:2690(para)
18712
19283
msgid ""
18713
19284
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
18714
19285
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
18715
19286
"valuable notes."
18716
19287
msgstr ""
18717
19288
18718
#: serverguide/C/network-auth.xml:2703(para)
19289
#: serverguide/C/network-auth.xml:2696(para)
18719
19290
msgid ""
18720
19291
"The main page of the <ulink "
18721
19292
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
18723
19294
"prove useful."
18724
19295
msgstr ""
18725
19296
18726
#: serverguide/C/network-auth.xml:2716(title)
19297
#: serverguide/C/network-auth.xml:2709(title)
18727
19298
msgid "Kerberos"
18728
19299
msgstr ""
18729
19300
18730
#: serverguide/C/network-auth.xml:2718(para)
19301
#: serverguide/C/network-auth.xml:2711(para)
18731
19302
msgid ""
18732
19303
"<application>Kerberos</application> is a network authentication system based "
18733
19304
"on the principal of a trusted third party. The other two parties being the "
18736
19307
"network environment one step closer to being Single Sign On (SSO)."
18737
19308
msgstr ""
18738
19309
18739
#: serverguide/C/network-auth.xml:2724(para)
19310
#: serverguide/C/network-auth.xml:2717(para)
18740
19311
msgid ""
18741
19312
"This section covers installation and configuration of a Kerberos server, and "
18742
19313
"some example client configurations."
18743
19314
msgstr ""
18744
19315
18745
#: serverguide/C/network-auth.xml:2729(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
19316
#: serverguide/C/network-auth.xml:2722(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
18746
19317
msgid "Overview"
18747
19318
msgstr ""
18748
19319
18749
#: serverguide/C/network-auth.xml:2731(para)
19320
#: serverguide/C/network-auth.xml:2724(para)
18750
19321
msgid ""
18751
19322
"If you are new to Kerberos there are a few terms that are good to understand "
18752
19323
"before setting up a Kerberos server. Most of the terms will relate to things "
18753
19324
"you may be familiar with in other environments:"
18754
19325
msgstr ""
18755
19326
18756
#: serverguide/C/network-auth.xml:2738(para)
19327
#: serverguide/C/network-auth.xml:2731(para)
18757
19328
msgid ""
18758
19329
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
18759
19330
"by servers need to be defined as Kerberos Principals."
18760
19331
msgstr ""
18761
19332
18762
#: serverguide/C/network-auth.xml:2743(para)
19333
#: serverguide/C/network-auth.xml:2736(para)
18763
19334
msgid ""
18764
19335
"<emphasis>Instances:</emphasis> are used for service principals and special "
18765
19336
"administrative principals."
18766
19337
msgstr ""
18767
19338
18768
#: serverguide/C/network-auth.xml:2748(para)
19339
#: serverguide/C/network-auth.xml:2741(para)
18769
19340
msgid ""
18770
19341
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
18771
19342
"Kerberos installation. Think of it as the domain or group your hosts and "
18774
19345
"as the realm."
18775
19346
msgstr ""
18776
19347
18777
#: serverguide/C/network-auth.xml:2757(para)
19348
#: serverguide/C/network-auth.xml:2750(para)
18778
19349
msgid ""
18779
19350
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
18780
19351
"a database of all principals, the authentication server, and the ticket "
18784
19355
"a database of all principals, the authentication server, and the ticket "
18785
19356
"granting server. For each realm there must be at least one KDC."
18786
19357
18787
#: serverguide/C/network-auth.xml:2763(para)
19358
#: serverguide/C/network-auth.xml:2756(para)
18788
19359
msgid ""
18789
19360
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
18790
19361
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
18791
19362
"password which is known only to the user and the KDC."
18792
19363
msgstr ""
18793
19364
18794
#: serverguide/C/network-auth.xml:2769(para)
19365
#: serverguide/C/network-auth.xml:2762(para)
18795
19366
msgid ""
18796
19367
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
18797
19368
"clients upon request."
18798
19369
msgstr ""
18799
19370
18800
#: serverguide/C/network-auth.xml:2774(para)
19371
#: serverguide/C/network-auth.xml:2767(para)
18801
19372
msgid ""
18802
19373
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
18803
19374
"One principal being a user and the other a service requested by the user. "
18805
19376
"authenticated session."
18806
19377
msgstr ""
18807
19378
18808
#: serverguide/C/network-auth.xml:2780(para)
19379
#: serverguide/C/network-auth.xml:2773(para)
18809
19380
msgid ""
18810
19381
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
18811
19382
"principal database and contain the encryption key for a service or host."
18812
19383
msgstr ""
18813
19384
18814
#: serverguide/C/network-auth.xml:2787(para)
19385
#: serverguide/C/network-auth.xml:2780(para)
18815
19386
msgid ""
18816
19387
"To put the pieces together, a Realm has at least one KDC, preferably more "
18817
19388
"for redundancy, which contains a database of Principals. When a user "
18823
19394
"entering another username and password."
18824
19395
msgstr ""
18825
19396
18826
#: serverguide/C/network-auth.xml:2796(title)
19397
#: serverguide/C/network-auth.xml:2789(title)
18827
19398
msgid "Kerberos Server"
18828
19399
msgstr ""
18829
19400
18830
#: serverguide/C/network-auth.xml:2800(para)
19401
#: serverguide/C/network-auth.xml:2793(para)
18831
19402
msgid ""
18832
19403
"For this discussion, we will create a MIT Kerberos domain with the following "
18833
19404
"features (edit them to fit your needs):"
18834
19405
msgstr ""
18835
19406
18836
#: serverguide/C/network-auth.xml:2807(para)
19407
#: serverguide/C/network-auth.xml:2800(para)
18837
19408
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
18838
19409
msgstr ""
18839
19410
18840
#: serverguide/C/network-auth.xml:2812(para)
19411
#: serverguide/C/network-auth.xml:2805(para)
18841
19412
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
18842
19413
msgstr ""
18843
19414
18844
#: serverguide/C/network-auth.xml:2817(para)
19415
#: serverguide/C/network-auth.xml:2810(para)
18845
19416
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
18846
19417
msgstr ""
18847
19418
18848
#: serverguide/C/network-auth.xml:2822(para)
19419
#: serverguide/C/network-auth.xml:2815(para)
18849
19420
msgid "<emphasis>User principal:</emphasis> steve"
18850
19421
msgstr ""
18851
19422
19423
#: serverguide/C/network-auth.xml:2820(para)
19424
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
19425
msgstr ""
19426
18852
19427
#: serverguide/C/network-auth.xml:2827(para)
18853
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
18854
msgstr ""
18855
18856
#: serverguide/C/network-auth.xml:2834(para)
18857
19428
msgid ""
18858
19429
"It is <emphasis>strongly</emphasis> recommended that your network-"
18859
19430
"authenticated users have their uid in a different range (say, starting at "
18860
19431
"5000) than that of your local users."
18861
19432
msgstr ""
18862
19433
18863
#: serverguide/C/network-auth.xml:2840(para)
19434
#: serverguide/C/network-auth.xml:2833(para)
18864
19435
msgid ""
18865
19436
"Before installing the Kerberos server a properly configured DNS server is "
18866
19437
"needed for your domain. Since the Kerberos Realm by convention matches the "
18869
19440
"documentation."
18870
19441
msgstr ""
18871
19442
18872
#: serverguide/C/network-auth.xml:2846(para)
19443
#: serverguide/C/network-auth.xml:2839(para)
18873
19444
msgid ""
18874
19445
"Also, Kerberos is a time sensitive protocol. So if the local system time "
18875
19446
"between a client machine and the server differs by more than five minutes "
18879
19450
"setting up NTP see <xref linkend=\"NTP\"/>."
18880
19451
msgstr ""
18881
19452
18882
#: serverguide/C/network-auth.xml:2854(para)
19453
#: serverguide/C/network-auth.xml:2847(para)
18883
19454
msgid ""
18884
19455
"The first step in creating a Kerberos Realm is to install the "
18885
19456
"<application>krb5-kdc</application> and <application>krb5-admin-"
18886
19457
"server</application> packages. From a terminal enter:"
18887
19458
msgstr ""
18888
19459
18889
#: serverguide/C/network-auth.xml:2860(command) serverguide/C/network-auth.xml:3067(command)
19460
#: serverguide/C/network-auth.xml:2853(command) serverguide/C/network-auth.xml:3060(command)
18890
19461
msgid "sudo apt install krb5-kdc krb5-admin-server"
18891
19462
msgstr ""
18892
19463
18893
#: serverguide/C/network-auth.xml:2863(para)
19464
#: serverguide/C/network-auth.xml:2856(para)
18894
19465
msgid ""
18895
19466
"You will be asked at the end of the install to supply the hostname for the "
18896
19467
"Kerberos and Admin servers, which may or may not be the same server, for the "
18897
19468
"realm."
18898
19469
msgstr ""
18899
19470
18900
#: serverguide/C/network-auth.xml:2870(para)
19471
#: serverguide/C/network-auth.xml:2863(para)
18901
19472
msgid "By default the realm is created from the KDC's domain name."
18902
19473
msgstr ""
18903
19474
18904
#: serverguide/C/network-auth.xml:2875(para)
19475
#: serverguide/C/network-auth.xml:2868(para)
18905
19476
msgid ""
18906
19477
"Next, create the new realm with the <application>kdb5_newrealm</application> "
18907
19478
"utility:"
18908
19479
msgstr ""
18909
19480
18910
#: serverguide/C/network-auth.xml:2880(command)
19481
#: serverguide/C/network-auth.xml:2873(command)
18911
19482
msgid "sudo krb5_newrealm"
18912
19483
msgstr ""
18913
19484
18914
#: serverguide/C/network-auth.xml:2887(para)
19485
#: serverguide/C/network-auth.xml:2880(para)
18915
19486
msgid ""
18916
19487
"The questions asked during installation are used to configure the "
18917
19488
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
18921
19492
"typing"
18922
19493
msgstr ""
18923
19494
18924
#: serverguide/C/network-auth.xml:2894(command)
19495
#: serverguide/C/network-auth.xml:2887(command)
18925
19496
msgid "sudo dpkg-reconfigure krb5-kdc"
18926
19497
msgstr ""
18927
19498
18928
#: serverguide/C/network-auth.xml:2900(para)
19499
#: serverguide/C/network-auth.xml:2893(para)
18929
19500
msgid ""
18930
19501
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
18931
19502
"principal</emphasis> -- is needed. It is recommended to use a different "
18933
19504
"<application>kadmin.local</application> utility in a terminal prompt enter:"
18934
19505
msgstr ""
18935
19506
18936
#: serverguide/C/network-auth.xml:2908(command) serverguide/C/network-auth.xml:3778(command)
19507
#: serverguide/C/network-auth.xml:2901(command) serverguide/C/network-auth.xml:3771(command)
18937
19508
msgid "sudo kadmin.local"
18938
19509
msgstr ""
18939
19510
18940
#: serverguide/C/network-auth.xml:2909(computeroutput)
19511
#: serverguide/C/network-auth.xml:2902(computeroutput)
18941
19512
#, no-wrap
18942
19513
msgid ""
18943
19514
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
18944
19515
"kadmin.local:"
18945
19516
msgstr ""
18946
19517
18947
#: serverguide/C/network-auth.xml:2910(userinput)
19518
#: serverguide/C/network-auth.xml:2903(userinput)
18948
19519
#, no-wrap
18949
19520
msgid " addprinc steve/admin"
18950
19521
msgstr ""
18951
19522
18952
#: serverguide/C/network-auth.xml:2911(computeroutput)
19523
#: serverguide/C/network-auth.xml:2904(computeroutput)
18953
19524
#, no-wrap
18954
19525
msgid ""
18955
19526
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
18960
19531
"kadmin.local:"
18961
19532
msgstr ""
18962
19533
18963
#: serverguide/C/network-auth.xml:2915(userinput)
19534
#: serverguide/C/network-auth.xml:2908(userinput)
18964
19535
#, no-wrap
18965
19536
msgid " quit"
18966
19537
msgstr ""
18967
19538
18968
#: serverguide/C/network-auth.xml:2918(para)
19539
#: serverguide/C/network-auth.xml:2911(para)
18969
19540
msgid ""
18970
19541
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
18971
19542
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
18977
19548
"rights."
18978
19549
msgstr ""
18979
19550
18980
#: serverguide/C/network-auth.xml:2928(para)
19551
#: serverguide/C/network-auth.xml:2921(para)
18981
19552
msgid ""
18982
19553
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
18983
19554
"your Realm and admin username."
18984
19555
msgstr ""
18985
19556
18986
#: serverguide/C/network-auth.xml:2936(para)
19557
#: serverguide/C/network-auth.xml:2929(para)
18987
19558
msgid ""
18988
19559
"Next, the new admin user needs to have the appropriate Access Control List "
18989
19560
"(ACL) permissions. The permissions are configured in the "
18990
19561
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
18991
19562
msgstr ""
18992
19563
18993
#: serverguide/C/network-auth.xml:2941(programlisting)
19564
#: serverguide/C/network-auth.xml:2934(programlisting)
18994
19565
#, no-wrap
18995
19566
msgid ""
18996
19567
"\n"
18997
19568
"steve/admin@EXAMPLE.COM *\n"
18998
19569
msgstr ""
18999
19570
19000
#: serverguide/C/network-auth.xml:2945(para)
19571
#: serverguide/C/network-auth.xml:2938(para)
19001
19572
msgid ""
19002
19573
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
19003
19574
"any operation on all principals in the realm. You can configure principals "
19006
19577
"<emphasis>kadm5.acl</emphasis> man page for details."
19007
19578
msgstr ""
19008
19579
19009
#: serverguide/C/network-auth.xml:2957(para)
19580
#: serverguide/C/network-auth.xml:2950(para)
19010
19581
msgid ""
19011
19582
"Now restart the <application>krb5-admin-server</application> for the new ACL "
19012
19583
"to take affect:"
19013
19584
msgstr ""
19014
19585
19015
#: serverguide/C/network-auth.xml:2962(command)
19586
#: serverguide/C/network-auth.xml:2955(command)
19016
19587
msgid "sudo systemctl restart krb5-admin-server.service"
19017
19588
msgstr ""
19018
19589
19019
#: serverguide/C/network-auth.xml:2968(para)
19590
#: serverguide/C/network-auth.xml:2961(para)
19020
19591
msgid ""
19021
19592
"The new user principal can be tested using the <application>kinit "
19022
19593
"utility</application>:"
19023
19594
msgstr ""
19024
19595
19025
#: serverguide/C/network-auth.xml:2973(command)
19596
#: serverguide/C/network-auth.xml:2966(command)
19026
19597
msgid "kinit steve/admin"
19027
19598
msgstr ""
19028
19599
19029
#: serverguide/C/network-auth.xml:2974(computeroutput)
19600
#: serverguide/C/network-auth.xml:2967(computeroutput)
19030
19601
#, no-wrap
19031
19602
msgid "steve/admin@EXAMPLE.COM's Password:"
19032
19603
msgstr ""
19033
19604
19034
#: serverguide/C/network-auth.xml:2977(para)
19605
#: serverguide/C/network-auth.xml:2970(para)
19035
19606
msgid ""
19036
19607
"After entering the password, use the <application>klist</application> "
19037
19608
"utility to view information about the Ticket Granting Ticket (TGT):"
19038
19609
msgstr ""
19039
19610
19040
#: serverguide/C/network-auth.xml:2983(command) serverguide/C/network-auth.xml:3360(command)
19611
#: serverguide/C/network-auth.xml:2976(command) serverguide/C/network-auth.xml:3353(command)
19041
19612
msgid "klist"
19042
19613
msgstr ""
19043
19614
19044
#: serverguide/C/network-auth.xml:2984(computeroutput)
19615
#: serverguide/C/network-auth.xml:2977(computeroutput)
19045
19616
#, no-wrap
19046
19617
msgid ""
19047
19618
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
19051
19622
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
19052
19623
msgstr ""
19053
19624
19054
#: serverguide/C/network-auth.xml:2991(para)
19625
#: serverguide/C/network-auth.xml:2984(para)
19055
19626
msgid ""
19056
19627
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
19057
19628
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
19060
19631
"For example:"
19061
19632
msgstr ""
19062
19633
19063
#: serverguide/C/network-auth.xml:3000(programlisting)
19634
#: serverguide/C/network-auth.xml:2993(programlisting)
19064
19635
#, no-wrap
19065
19636
msgid ""
19066
19637
"\n"
19067
19638
"192.168.0.1 kdc01.example.com kdc01\n"
19068
19639
msgstr ""
19069
19640
19070
#: serverguide/C/network-auth.xml:3004(para)
19641
#: serverguide/C/network-auth.xml:2997(para)
19071
19642
msgid ""
19072
19643
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
19073
19644
"This usually happens when you have a Kerberos realm encompassing different "
19074
19645
"networks separated by routers."
19075
19646
msgstr ""
19076
19647
19077
#: serverguide/C/network-auth.xml:3013(para)
19648
#: serverguide/C/network-auth.xml:3006(para)
19078
19649
msgid ""
19079
19650
"The best way to allow clients to automatically determine the KDC for the "
19080
19651
"Realm is using DNS SRV records. Add the following to "
19081
19652
"<filename>/etc/named/db.example.com</filename>:"
19082
19653
msgstr ""
19083
19654
19084
#: serverguide/C/network-auth.xml:3019(programlisting)
19655
#: serverguide/C/network-auth.xml:3012(programlisting)
19085
19656
#, no-wrap
19086
19657
msgid ""
19087
19658
"\n"
19093
19664
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
19094
19665
msgstr ""
19095
19666
19096
#: serverguide/C/network-auth.xml:3029(para)
19667
#: serverguide/C/network-auth.xml:3022(para)
19097
19668
msgid ""
19098
19669
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
19099
19670
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
19100
19671
"KDC."
19101
19672
msgstr ""
19102
19673
19674
#: serverguide/C/network-auth.xml:3028(para)
19675
msgid ""
19676
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
19677
msgstr ""
19678
19103
19679
#: serverguide/C/network-auth.xml:3035(para)
19104
msgid ""
19105
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
19106
msgstr ""
19107
19108
#: serverguide/C/network-auth.xml:3042(para)
19109
19680
msgid "Your new Kerberos Realm is now ready to authenticate clients."
19110
19681
msgstr ""
19111
19682
19112
#: serverguide/C/network-auth.xml:3049(title)
19683
#: serverguide/C/network-auth.xml:3042(title)
19113
19684
msgid "Secondary KDC"
19114
19685
msgstr ""
19115
19686
19116
#: serverguide/C/network-auth.xml:3051(para)
19687
#: serverguide/C/network-auth.xml:3044(para)
19117
19688
msgid ""
19118
19689
"Once you have one Key Distribution Center (KDC) on your network, it is good "
19119
19690
"practice to have a Secondary KDC in case the primary becomes unavailable. "
19122
19693
"of those networks."
19123
19694
msgstr ""
19124
19695
19125
#: serverguide/C/network-auth.xml:3062(para)
19696
#: serverguide/C/network-auth.xml:3055(para)
19126
19697
msgid ""
19127
19698
"First, install the packages, and when asked for the Kerberos and Admin "
19128
19699
"server names enter the name of the Primary KDC:"
19129
19700
msgstr ""
19130
19701
19131
#: serverguide/C/network-auth.xml:3073(para)
19702
#: serverguide/C/network-auth.xml:3066(para)
19132
19703
msgid ""
19133
19704
"Once you have the packages installed, create the Secondary KDC's host "
19134
19705
"principal. From a terminal prompt, enter:"
19135
19706
msgstr ""
19136
19707
19137
#: serverguide/C/network-auth.xml:3078(command)
19708
#: serverguide/C/network-auth.xml:3071(command)
19138
19709
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
19139
19710
msgstr ""
19140
19711
19141
#: serverguide/C/network-auth.xml:3082(para)
19712
#: serverguide/C/network-auth.xml:3075(para)
19142
19713
msgid ""
19143
19714
"After, issuing any <application>kadmin</application> commands you will be "
19144
19715
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
19145
19716
"password."
19146
19717
msgstr ""
19147
19718
19148
#: serverguide/C/network-auth.xml:3091(para)
19719
#: serverguide/C/network-auth.xml:3084(para)
19149
19720
msgid "Extract the <emphasis>keytab</emphasis> file:"
19150
19721
msgstr ""
19151
19722
19152
#: serverguide/C/network-auth.xml:3096(command)
19723
#: serverguide/C/network-auth.xml:3089(command)
19153
19724
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
19154
19725
msgstr ""
19155
19726
19156
#: serverguide/C/network-auth.xml:3102(para)
19727
#: serverguide/C/network-auth.xml:3095(para)
19157
19728
msgid ""
19158
19729
"There should now be a <filename>keytab.kdc02</filename> in the current "
19159
19730
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
19160
19731
msgstr ""
19161
19732
19162
#: serverguide/C/network-auth.xml:3108(command)
19733
#: serverguide/C/network-auth.xml:3101(command)
19163
19734
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
19164
19735
msgstr ""
19165
19736
19166
#: serverguide/C/network-auth.xml:3112(para)
19737
#: serverguide/C/network-auth.xml:3105(para)
19167
19738
msgid ""
19168
19739
"If the path to the <filename>keytab.kdc02</filename> file is different "
19169
19740
"adjust accordingly."
19170
19741
msgstr ""
19171
19742
19172
#: serverguide/C/network-auth.xml:3117(para)
19743
#: serverguide/C/network-auth.xml:3110(para)
19173
19744
msgid ""
19174
19745
"Also, you can list the principals in a Keytab file, which can be useful when "
19175
19746
"troubleshooting, using the <application>klist</application> utility:"
19176
19747
msgstr ""
19177
19748
19178
#: serverguide/C/network-auth.xml:3123(command)
19749
#: serverguide/C/network-auth.xml:3116(command)
19179
19750
msgid "sudo klist -k /etc/krb5.keytab"
19180
19751
msgstr ""
19181
19752
19753
#: serverguide/C/network-auth.xml:3119(para)
19754
msgid ""
19755
"The <application>-k</application> option indicates the file is a keytab file."
19756
msgstr ""
19757
19182
19758
#: serverguide/C/network-auth.xml:3126(para)
19183
19759
msgid ""
19184
"The <application>-k</application> option indicates the file is a keytab file."
19185
msgstr ""
19186
19187
#: serverguide/C/network-auth.xml:3133(para)
19188
msgid ""
19189
19760
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
19190
19761
"that lists all KDCs for the Realm. For example, on both primary and "
19191
19762
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
19192
19763
msgstr ""
19193
19764
19194
#: serverguide/C/network-auth.xml:3138(programlisting)
19765
#: serverguide/C/network-auth.xml:3131(programlisting)
19195
19766
#, no-wrap
19196
19767
msgid ""
19197
19768
"\n"
19199
19770
"host/kdc02.example.com@EXAMPLE.COM\n"
19200
19771
msgstr ""
19201
19772
19202
#: serverguide/C/network-auth.xml:3146(para)
19773
#: serverguide/C/network-auth.xml:3139(para)
19203
19774
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
19204
19775
msgstr ""
19205
19776
19206
#: serverguide/C/network-auth.xml:3151(command)
19777
#: serverguide/C/network-auth.xml:3144(command)
19207
19778
msgid "sudo kdb5_util -s create"
19208
19779
msgstr ""
19209
19780
19210
#: serverguide/C/network-auth.xml:3157(para)
19781
#: serverguide/C/network-auth.xml:3150(para)
19211
19782
msgid ""
19212
19783
"Now start the <application>kpropd</application> daemon, which listens for "
19213
19784
"connections from the <application>kprop</application> utility. "
19214
19785
"<application>kprop</application> is used to transfer dump files:"
19215
19786
msgstr ""
19216
19787
19217
#: serverguide/C/network-auth.xml:3164(command)
19788
#: serverguide/C/network-auth.xml:3157(command)
19218
19789
msgid "sudo kpropd -S"
19219
19790
msgstr ""
19220
19791
19221
#: serverguide/C/network-auth.xml:3170(para)
19792
#: serverguide/C/network-auth.xml:3163(para)
19222
19793
msgid ""
19223
19794
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
19224
19795
"of the principal database:"
19225
19796
msgstr ""
19226
19797
19227
#: serverguide/C/network-auth.xml:3175(command)
19798
#: serverguide/C/network-auth.xml:3168(command)
19228
19799
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
19229
19800
msgstr ""
19230
19801
19231
#: serverguide/C/network-auth.xml:3181(para)
19802
#: serverguide/C/network-auth.xml:3174(para)
19232
19803
msgid ""
19233
19804
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
19234
19805
"<filename>/etc/krb5.keytab</filename>:"
19235
19806
msgstr ""
19236
19807
19237
#: serverguide/C/network-auth.xml:3186(command)
19808
#: serverguide/C/network-auth.xml:3179(command)
19238
19809
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
19239
19810
msgstr ""
19240
19811
19241
#: serverguide/C/network-auth.xml:3187(command)
19812
#: serverguide/C/network-auth.xml:3180(command)
19242
19813
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
19243
19814
msgstr ""
19244
19815
19245
#: serverguide/C/network-auth.xml:3191(para)
19816
#: serverguide/C/network-auth.xml:3184(para)
19246
19817
msgid ""
19247
19818
"Make sure there is a <emphasis>host</emphasis> for "
19248
19819
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
19249
19820
msgstr ""
19250
19821
19251
#: serverguide/C/network-auth.xml:3199(para)
19822
#: serverguide/C/network-auth.xml:3192(para)
19252
19823
msgid ""
19253
19824
"Using the <application>kprop</application> utility push the database to the "
19254
19825
"Secondary KDC:"
19255
19826
msgstr ""
19256
19827
19257
#: serverguide/C/network-auth.xml:3204(command)
19828
#: serverguide/C/network-auth.xml:3197(command)
19258
19829
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
19259
19830
msgstr ""
19260
19831
19261
#: serverguide/C/network-auth.xml:3208(para)
19832
#: serverguide/C/network-auth.xml:3201(para)
19262
19833
msgid ""
19263
19834
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
19264
19835
"worked. If there is an error message check "
19266
19837
"information."
19267
19838
msgstr ""
19268
19839
19269
#: serverguide/C/network-auth.xml:3214(para)
19840
#: serverguide/C/network-auth.xml:3207(para)
19270
19841
msgid ""
19271
19842
"You may also want to create a <application>cron</application> job to "
19272
19843
"periodically update the database on the Secondary KDC. For example, the "
19274
19845
"split to fit the format of this document):"
19275
19846
msgstr ""
19276
19847
19277
#: serverguide/C/network-auth.xml:3219(programlisting)
19848
#: serverguide/C/network-auth.xml:3212(programlisting)
19278
19849
#, no-wrap
19279
19850
msgid ""
19280
19851
"\n"
19283
19854
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
19284
19855
msgstr ""
19285
19856
19286
#: serverguide/C/network-auth.xml:3228(para)
19857
#: serverguide/C/network-auth.xml:3221(para)
19287
19858
msgid ""
19288
19859
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
19289
19860
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
19290
19861
msgstr ""
19291
19862
19292
#: serverguide/C/network-auth.xml:3234(command)
19863
#: serverguide/C/network-auth.xml:3227(command)
19293
19864
msgid "sudo kdb5_util stash"
19294
19865
msgstr ""
19295
19866
19296
#: serverguide/C/network-auth.xml:3240(para)
19867
#: serverguide/C/network-auth.xml:3233(para)
19297
19868
msgid ""
19298
19869
"Finally, start the <application>krb5-kdc</application> daemon on the "
19299
19870
"Secondary KDC:"
19300
19871
msgstr ""
19301
19872
19302
#: serverguide/C/network-auth.xml:3245(command) serverguide/C/network-auth.xml:3921(command)
19873
#: serverguide/C/network-auth.xml:3238(command) serverguide/C/network-auth.xml:3914(command)
19303
19874
msgid "sudo systemctl start krb5-kdc.service"
19304
19875
msgstr ""
19305
19876
19306
#: serverguide/C/network-auth.xml:3251(para)
19877
#: serverguide/C/network-auth.xml:3244(para)
19307
19878
msgid ""
19308
19879
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
19309
19880
"for the Realm. You can test this by stopping the <application>krb5-"
19314
19885
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
19315
19886
msgstr ""
19316
19887
19317
#: serverguide/C/network-auth.xml:3262(title)
19888
#: serverguide/C/network-auth.xml:3255(title)
19318
19889
msgid "Kerberos Linux Client"
19319
19890
msgstr ""
19320
19891
19321
#: serverguide/C/network-auth.xml:3264(para)
19892
#: serverguide/C/network-auth.xml:3257(para)
19322
19893
msgid ""
19323
19894
"This section covers configuring a Linux system as a "
19324
19895
"<application>Kerberos</application> client. This will allow access to any "
19325
19896
"kerberized services once a user has successfully logged into the system."
19326
19897
msgstr ""
19327
19898
19328
#: serverguide/C/network-auth.xml:3272(para)
19899
#: serverguide/C/network-auth.xml:3265(para)
19329
19900
msgid ""
19330
19901
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
19331
19902
"user</application> and <application>libpam-krb5</application> packages are "
19334
19905
"prompt:"
19335
19906
msgstr ""
19336
19907
19337
#: serverguide/C/network-auth.xml:3279(command)
19908
#: serverguide/C/network-auth.xml:3272(command)
19338
19909
msgid ""
19339
19910
"sudo apt install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
19340
19911
msgstr ""
19341
19912
19342
#: serverguide/C/network-auth.xml:3282(para)
19913
#: serverguide/C/network-auth.xml:3275(para)
19343
19914
msgid ""
19344
19915
"The <application>auth-client-config</application> package allows simple "
19345
19916
"configuration of PAM for authentication from multiple sources, and the "
19357
19928
"authenticate using Kerberos while on the corporate network, but will need to "
19358
19929
"be accessed off the network as well."
19359
19930
19360
#: serverguide/C/network-auth.xml:3293(para)
19931
#: serverguide/C/network-auth.xml:3286(para)
19361
19932
msgid "To configure the client in a terminal enter:"
19362
19933
msgstr ""
19363
19934
19364
#: serverguide/C/network-auth.xml:3298(command)
19935
#: serverguide/C/network-auth.xml:3291(command)
19365
19936
msgid "sudo dpkg-reconfigure krb5-config"
19366
19937
msgstr ""
19367
19938
19368
#: serverguide/C/network-auth.xml:3301(para)
19939
#: serverguide/C/network-auth.xml:3294(para)
19369
19940
msgid ""
19370
19941
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
19371
19942
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
19377
19948
"records, the menu will prompt you for the hostname of the Key Distribution "
19378
19949
"Centre (KDC) and Realm Administration server."
19379
19950
19380
#: serverguide/C/network-auth.xml:3307(para)
19951
#: serverguide/C/network-auth.xml:3300(para)
19381
19952
msgid ""
19382
19953
"The <application>dpkg-reconfigure</application> adds entries to the "
19383
19954
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
19384
19955
"entries similar to the following:"
19385
19956
msgstr ""
19386
19957
19387
#: serverguide/C/network-auth.xml:3312(programlisting)
19958
#: serverguide/C/network-auth.xml:3305(programlisting)
19388
19959
#, no-wrap
19389
19960
msgid ""
19390
19961
"\n"
19398
19969
" }\n"
19399
19970
msgstr ""
19400
19971
19401
#: serverguide/C/network-auth.xml:3324(para)
19972
#: serverguide/C/network-auth.xml:3317(para)
19402
19973
msgid ""
19403
19974
"If you set the uid of each of your network-authenticated users to start at "
19404
19975
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
19406
19977
"> 5000:"
19407
19978
msgstr ""
19408
19979
19409
#: serverguide/C/network-auth.xml:3332(command)
19980
#: serverguide/C/network-auth.xml:3325(command)
19410
19981
msgid ""
19411
19982
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
19412
19983
"for i in common-auth common-session common-account common-password; do sudo "
19414
19985
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
19415
19986
msgstr ""
19416
19987
19417
#: serverguide/C/network-auth.xml:3339(para)
19988
#: serverguide/C/network-auth.xml:3332(para)
19418
19989
msgid ""
19419
19990
"This will avoid being asked for the (non-existent) Kerberos password of a "
19420
19991
"locally authenticated user when changing its password using "
19421
19992
"<command>passwd</command>."
19422
19993
msgstr ""
19423
19994
19424
#: serverguide/C/network-auth.xml:3346(para)
19995
#: serverguide/C/network-auth.xml:3339(para)
19425
19996
msgid ""
19426
19997
"You can test the configuration by requesting a ticket using the "
19427
19998
"<application>kinit</application> utility. For example:"
19428
19999
msgstr ""
19429
20000
19430
#: serverguide/C/network-auth.xml:3351(command)
20001
#: serverguide/C/network-auth.xml:3344(command)
19431
20002
msgid "kinit steve@EXAMPLE.COM"
19432
20003
msgstr ""
19433
20004
19434
#: serverguide/C/network-auth.xml:3352(computeroutput)
20005
#: serverguide/C/network-auth.xml:3345(computeroutput)
19435
20006
#, no-wrap
19436
20007
msgid "Password for steve@EXAMPLE.COM:"
19437
20008
msgstr ""
19438
20009
19439
#: serverguide/C/network-auth.xml:3355(para)
20010
#: serverguide/C/network-auth.xml:3348(para)
19440
20011
msgid ""
19441
20012
"When a ticket has been granted, the details can be viewed using "
19442
20013
"<application>klist</application>:"
19443
20014
msgstr ""
19444
20015
19445
#: serverguide/C/network-auth.xml:3361(computeroutput)
20016
#: serverguide/C/network-auth.xml:3354(computeroutput)
19446
20017
#, no-wrap
19447
20018
msgid ""
19448
20019
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
19457
20028
"klist: You have no tickets cached"
19458
20029
msgstr ""
19459
20030
19460
#: serverguide/C/network-auth.xml:3373(para)
20031
#: serverguide/C/network-auth.xml:3366(para)
19461
20032
msgid ""
19462
20033
"Next, use the <application>auth-client-config</application> to configure the "
19463
20034
"<application>libpam-krb5</application> module to request a ticket during "
19464
20035
"login:"
19465
20036
msgstr ""
19466
20037
19467
#: serverguide/C/network-auth.xml:3379(command)
20038
#: serverguide/C/network-auth.xml:3372(command)
19468
20039
msgid "sudo auth-client-config -a -p kerberos_example"
19469
20040
msgstr ""
19470
20041
19471
#: serverguide/C/network-auth.xml:3382(para)
20042
#: serverguide/C/network-auth.xml:3375(para)
19472
20043
msgid ""
19473
20044
"You will should now receive a ticket upon successful login authentication."
19474
20045
msgstr ""
19475
20046
19476
#: serverguide/C/network-auth.xml:3393(para)
20047
#: serverguide/C/network-auth.xml:3386(para)
19477
20048
msgid ""
19478
20049
"For more information on MIT's version of Kerberos, see the <ulink "
19479
20050
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
19480
20051
msgstr ""
19481
20052
19482
#: serverguide/C/network-auth.xml:3398(para)
20053
#: serverguide/C/network-auth.xml:3391(para)
19483
20054
msgid ""
19484
20055
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
19485
20056
"Kerberos</ulink> page has more details."
19486
20057
msgstr ""
19487
20058
19488
#: serverguide/C/network-auth.xml:3403(para)
20059
#: serverguide/C/network-auth.xml:3396(para)
19489
20060
msgid ""
19490
20061
"O'Reilly's <ulink "
19491
20062
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
19492
20063
"Guide</ulink> is a great reference when setting up Kerberos."
19493
20064
msgstr ""
19494
20065
19495
#: serverguide/C/network-auth.xml:3409(para)
20066
#: serverguide/C/network-auth.xml:3402(para)
19496
20067
msgid ""
19497
20068
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
19498
20069
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
19499
20070
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
19500
20071
msgstr ""
19501
20072
19502
#: serverguide/C/network-auth.xml:3421(title)
20073
#: serverguide/C/network-auth.xml:3414(title)
19503
20074
msgid "Kerberos and LDAP"
19504
20075
msgstr ""
19505
20076
19506
#: serverguide/C/network-auth.xml:3423(para)
20077
#: serverguide/C/network-auth.xml:3416(para)
19507
20078
msgid ""
19508
20079
"Most people will not use Kerberos by itself; once an user is authenticated "
19509
20080
"(Kerberos), we need to figure out what this user can do (authorization). And "
19510
20081
"that would be the job of programs such as <application>LDAP</application>."
19511
20082
msgstr ""
19512
20083
19513
#: serverguide/C/network-auth.xml:3430(para)
20084
#: serverguide/C/network-auth.xml:3423(para)
19514
20085
msgid ""
19515
20086
"Replicating a Kerberos principal database between two servers can be "
19516
20087
"complicated, and adds an additional user database to your network. "
19520
20091
"<application>OpenLDAP</application> for the principal database."
19521
20092
msgstr ""
19522
20093
19523
#: serverguide/C/network-auth.xml:3438(para)
20094
#: serverguide/C/network-auth.xml:3431(para)
19524
20095
msgid ""
19525
20096
"The examples presented here assume <application>MIT Kerberos</application> "
19526
20097
"and <application>OpenLDAP</application>."
19527
20098
msgstr ""
19528
20099
19529
#: serverguide/C/network-auth.xml:3446(title)
20100
#: serverguide/C/network-auth.xml:3439(title)
19530
20101
msgid "Configuring OpenLDAP"
19531
20102
msgstr ""
19532
20103
19533
#: serverguide/C/network-auth.xml:3448(para)
20104
#: serverguide/C/network-auth.xml:3441(para)
19534
20105
msgid ""
19535
20106
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
19536
20107
"<application>OpenLDAP</application> server that has network connectivity to "
19539
20110
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
19540
20111
msgstr ""
19541
20112
19542
#: serverguide/C/network-auth.xml:3454(para)
20113
#: serverguide/C/network-auth.xml:3447(para)
19543
20114
msgid ""
19544
20115
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
19545
20116
"that traffic between the KDC and LDAP server is encrypted. See <xref "
19546
20117
"linkend=\"openldap-tls\"/> for details."
19547
20118
msgstr ""
19548
20119
19549
#: serverguide/C/network-auth.xml:3460(para)
20120
#: serverguide/C/network-auth.xml:3453(para)
19550
20121
msgid ""
19551
20122
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
19552
20123
"edit the ldap database. Many times it is the RootDN. Change its value to "
19553
20124
"reflect your setup."
19554
20125
msgstr ""
19555
20126
19556
#: serverguide/C/network-auth.xml:3469(para)
20127
#: serverguide/C/network-auth.xml:3462(para)
19557
20128
msgid ""
19558
20129
"To load the schema into LDAP, on the LDAP server install the "
19559
20130
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
19560
20131
msgstr ""
19561
20132
19562
#: serverguide/C/network-auth.xml:3475(command)
20133
#: serverguide/C/network-auth.xml:3468(command)
19563
20134
msgid "sudo apt install krb5-kdc-ldap"
19564
20135
msgstr ""
19565
20136
19566
#: serverguide/C/network-auth.xml:3480(para)
20137
#: serverguide/C/network-auth.xml:3473(para)
19567
20138
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
19568
20139
msgstr ""
19569
20140
19570
#: serverguide/C/network-auth.xml:3485(command)
20141
#: serverguide/C/network-auth.xml:3478(command)
19571
20142
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
19572
20143
msgstr ""
19573
20144
19574
#: serverguide/C/network-auth.xml:3486(command)
20145
#: serverguide/C/network-auth.xml:3479(command)
19575
20146
msgid ""
19576
20147
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
19577
20148
msgstr ""
19578
20149
19579
#: serverguide/C/network-auth.xml:3492(para)
20150
#: serverguide/C/network-auth.xml:3485(para)
19580
20151
msgid ""
19581
20152
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
19582
20153
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
19584
20155
"linkend=\"openldap-configuration\"/>."
19585
20156
msgstr ""
19586
20157
19587
#: serverguide/C/network-auth.xml:3500(para)
20158
#: serverguide/C/network-auth.xml:3493(para)
19588
20159
msgid ""
19589
20160
"First, create a configuration file named "
19590
20161
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
19591
20162
"containing the following lines:"
19592
20163
msgstr ""
19593
20164
19594
#: serverguide/C/network-auth.xml:3505(programlisting)
20165
#: serverguide/C/network-auth.xml:3498(programlisting)
19595
20166
#, no-wrap
19596
20167
msgid ""
19597
20168
"\n"
19610
20181
"include /etc/ldap/schema/kerberos.schema\n"
19611
20182
msgstr ""
19612
20183
19613
#: serverguide/C/network-auth.xml:3525(para)
20184
#: serverguide/C/network-auth.xml:3518(para)
19614
20185
msgid "Create a temporary directory to hold the LDIF files:"
19615
20186
msgstr ""
19616
20187
19617
#: serverguide/C/network-auth.xml:3529(command)
20188
#: serverguide/C/network-auth.xml:3522(command)
19618
20189
msgid "mkdir /tmp/ldif_output"
19619
20190
msgstr ""
19620
20191
19621
#: serverguide/C/network-auth.xml:3535(para)
20192
#: serverguide/C/network-auth.xml:3528(para)
19622
20193
msgid ""
19623
20194
"Now use <application>slapcat</application> to convert the schema files:"
19624
20195
msgstr ""
19625
20196
19626
#: serverguide/C/network-auth.xml:3540(command)
20197
#: serverguide/C/network-auth.xml:3533(command)
19627
20198
msgid ""
19628
20199
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
19629
20200
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
19630
20201
msgstr ""
19631
20202
20203
#: serverguide/C/network-auth.xml:3537(para)
20204
msgid ""
20205
"Change the above file and path names to match your own if they are different."
20206
msgstr ""
20207
19632
20208
#: serverguide/C/network-auth.xml:3544(para)
19633
20209
msgid ""
19634
"Change the above file and path names to match your own if they are different."
19635
msgstr ""
19636
19637
#: serverguide/C/network-auth.xml:3551(para)
19638
msgid ""
19639
20210
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
19640
20211
"changing the following attributes:"
19641
20212
msgstr ""
19642
20213
19643
#: serverguide/C/network-auth.xml:3555(programlisting)
20214
#: serverguide/C/network-auth.xml:3548(programlisting)
19644
20215
#, no-wrap
19645
20216
msgid ""
19646
20217
"\n"
19649
20220
"cn: kerberos\n"
19650
20221
msgstr ""
19651
20222
19652
#: serverguide/C/network-auth.xml:3561(para)
20223
#: serverguide/C/network-auth.xml:3554(para)
19653
20224
msgid "And remove the following lines from the end of the file:"
19654
20225
msgstr ""
19655
20226
19656
#: serverguide/C/network-auth.xml:3565(programlisting)
20227
#: serverguide/C/network-auth.xml:3558(programlisting)
19657
20228
#, no-wrap
19658
20229
msgid ""
19659
20230
"\n"
19666
20237
"modifyTimestamp: 20090111203515Z\n"
19667
20238
msgstr ""
19668
20239
20240
#: serverguide/C/network-auth.xml:3568(para)
20241
msgid ""
20242
"The attribute values will vary, just be sure the attributes are removed."
20243
msgstr ""
20244
19669
20245
#: serverguide/C/network-auth.xml:3575(para)
19670
msgid ""
19671
"The attribute values will vary, just be sure the attributes are removed."
19672
msgstr ""
19673
19674
#: serverguide/C/network-auth.xml:3582(para)
19675
20246
msgid "Load the new schema with <application>ldapadd</application>:"
19676
20247
msgstr ""
19677
20248
19678
#: serverguide/C/network-auth.xml:3587(command)
20249
#: serverguide/C/network-auth.xml:3580(command)
19679
20250
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
19680
20251
msgstr ""
19681
20252
19682
#: serverguide/C/network-auth.xml:3593(para)
20253
#: serverguide/C/network-auth.xml:3586(para)
19683
20254
msgid ""
19684
20255
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
19685
20256
msgstr ""
19686
20257
19687
#: serverguide/C/network-auth.xml:3598(command) serverguide/C/network-auth.xml:3615(command)
20258
#: serverguide/C/network-auth.xml:3591(command) serverguide/C/network-auth.xml:3608(command)
19688
20259
msgid "ldapmodify -x -D cn=admin,cn=config -W"
19689
20260
msgstr ""
19690
20261
19691
#: serverguide/C/network-auth.xml:3600(userinput)
20262
#: serverguide/C/network-auth.xml:3593(userinput)
19692
20263
#, no-wrap
19693
20264
msgid ""
19694
20265
"dn: olcDatabase={1}hdb,cn=config\n"
19696
20267
"olcDbIndex: krbPrincipalName eq,pres,sub"
19697
20268
msgstr ""
19698
20269
19699
#: serverguide/C/network-auth.xml:3599(computeroutput)
20270
#: serverguide/C/network-auth.xml:3592(computeroutput)
19700
20271
#, no-wrap
19701
20272
msgid ""
19702
20273
"Enter LDAP Password:\n"
19705
20276
"modifying entry \"olcDatabase={1}hdb,cn=config\""
19706
20277
msgstr ""
19707
20278
19708
#: serverguide/C/network-auth.xml:3610(para)
20279
#: serverguide/C/network-auth.xml:3603(para)
19709
20280
msgid "Finally, update the Access Control Lists (ACL):"
19710
20281
msgstr ""
19711
20282
19712
#: serverguide/C/network-auth.xml:3617(userinput)
20283
#: serverguide/C/network-auth.xml:3610(userinput)
19713
20284
#, no-wrap
19714
20285
msgid ""
19715
20286
"dn: olcDatabase={1}hdb,cn=config\n"
19725
20296
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
19726
20297
msgstr ""
19727
20298
19728
#: serverguide/C/network-auth.xml:3616(computeroutput)
20299
#: serverguide/C/network-auth.xml:3609(computeroutput)
19729
20300
#, no-wrap
19730
20301
msgid ""
19731
20302
"Enter LDAP Password: \n"
19734
20305
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
19735
20306
msgstr ""
19736
20307
19737
#: serverguide/C/network-auth.xml:3637(para)
20308
#: serverguide/C/network-auth.xml:3630(para)
19738
20309
msgid ""
19739
20310
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
19740
20311
"database."
19741
20312
msgstr ""
19742
20313
19743
#: serverguide/C/network-auth.xml:3643(title)
20314
#: serverguide/C/network-auth.xml:3636(title)
19744
20315
msgid "Primary KDC Configuration"
19745
20316
msgstr ""
19746
20317
19747
#: serverguide/C/network-auth.xml:3645(para)
20318
#: serverguide/C/network-auth.xml:3638(para)
19748
20319
msgid ""
19749
20320
"With <application>OpenLDAP</application> configured it is time to configure "
19750
20321
"the KDC."
19751
20322
msgstr ""
19752
20323
19753
#: serverguide/C/network-auth.xml:3651(para)
20324
#: serverguide/C/network-auth.xml:3644(para)
19754
20325
msgid "First, install the necessary packages, from a terminal enter:"
19755
20326
msgstr ""
19756
20327
19757
#: serverguide/C/network-auth.xml:3656(command) serverguide/C/network-auth.xml:3815(command)
20328
#: serverguide/C/network-auth.xml:3649(command) serverguide/C/network-auth.xml:3808(command)
19758
20329
msgid "sudo apt install krb5-kdc krb5-admin-server krb5-kdc-ldap"
19759
20330
msgstr ""
19760
20331
19761
#: serverguide/C/network-auth.xml:3662(para)
20332
#: serverguide/C/network-auth.xml:3655(para)
19762
20333
msgid ""
19763
20334
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
19764
20335
"under the appropriate sections:"
19765
20336
msgstr ""
19766
20337
19767
#: serverguide/C/network-auth.xml:3666(programlisting)
20338
#: serverguide/C/network-auth.xml:3659(programlisting)
19768
20339
#, no-wrap
19769
20340
msgid ""
19770
20341
"\n"
19814
20385
" }\n"
19815
20386
msgstr ""
19816
20387
19817
#: serverguide/C/network-auth.xml:3711(para)
20388
#: serverguide/C/network-auth.xml:3704(para)
19818
20389
msgid ""
19819
20390
"Change <emphasis>example.com</emphasis>, "
19820
20391
"<emphasis>dc=example,dc=com</emphasis>, "
19823
20394
"object, and LDAP server for your network."
19824
20395
msgstr ""
19825
20396
19826
#: serverguide/C/network-auth.xml:3720(para)
20397
#: serverguide/C/network-auth.xml:3713(para)
19827
20398
msgid ""
19828
20399
"Next, use the <application>kdb5_ldap_util</application> utility to create "
19829
20400
"the realm:"
19830
20401
msgstr ""
19831
20402
19832
#: serverguide/C/network-auth.xml:3725(command)
20403
#: serverguide/C/network-auth.xml:3718(command)
19833
20404
msgid ""
19834
20405
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
19835
20406
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
19836
20407
msgstr ""
19837
20408
19838
#: serverguide/C/network-auth.xml:3732(para)
20409
#: serverguide/C/network-auth.xml:3725(para)
19839
20410
msgid ""
19840
20411
"Create a stash of the password used to bind to the LDAP server. This "
19841
20412
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
19843
20414
"<filename>/etc/krb5.conf</filename>:"
19844
20415
msgstr ""
19845
20416
19846
#: serverguide/C/network-auth.xml:3738(command) serverguide/C/network-auth.xml:3877(command)
20417
#: serverguide/C/network-auth.xml:3731(command) serverguide/C/network-auth.xml:3870(command)
19847
20418
msgid ""
19848
20419
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
19849
20420
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
19850
20421
msgstr ""
19851
20422
19852
#: serverguide/C/network-auth.xml:3745(para)
20423
#: serverguide/C/network-auth.xml:3738(para)
19853
20424
msgid "Copy the CA certificate from the LDAP server:"
19854
20425
msgstr ""
19855
20426
19856
#: serverguide/C/network-auth.xml:3750(command)
20427
#: serverguide/C/network-auth.xml:3743(command)
19857
20428
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
19858
20429
msgstr ""
19859
20430
19860
#: serverguide/C/network-auth.xml:3751(command)
20431
#: serverguide/C/network-auth.xml:3744(command)
19861
20432
msgid "sudo cp cacert.pem /etc/ssl/certs"
19862
20433
msgstr ""
19863
20434
19864
#: serverguide/C/network-auth.xml:3754(para)
20435
#: serverguide/C/network-auth.xml:3747(para)
19865
20436
msgid ""
19866
20437
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
19867
20438
msgstr ""
19868
20439
19869
#: serverguide/C/network-auth.xml:3758(programlisting)
20440
#: serverguide/C/network-auth.xml:3751(programlisting)
19870
20441
#, no-wrap
19871
20442
msgid ""
19872
20443
"\n"
19873
20444
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
19874
20445
msgstr ""
19875
20446
19876
#: serverguide/C/network-auth.xml:3763(para)
20447
#: serverguide/C/network-auth.xml:3756(para)
19877
20448
msgid ""
19878
20449
"The certificate will also need to be copied to the Secondary KDC, to allow "
19879
20450
"the connection to the LDAP servers using LDAPS."
19880
20451
msgstr ""
19881
20452
19882
#: serverguide/C/network-auth.xml:3772(para)
20453
#: serverguide/C/network-auth.xml:3765(para)
19883
20454
msgid ""
19884
20455
"You can now add Kerberos principals to the LDAP database, and they will be "
19885
20456
"copied to any other LDAP servers configured for replication. To add a "
19886
20457
"principal using the <application>kadmin.local</application> utility enter:"
19887
20458
msgstr ""
19888
20459
19889
#: serverguide/C/network-auth.xml:3780(userinput)
20460
#: serverguide/C/network-auth.xml:3773(userinput)
19890
20461
#, no-wrap
19891
20462
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
19892
20463
msgstr ""
19893
20464
19894
#: serverguide/C/network-auth.xml:3779(computeroutput)
20465
#: serverguide/C/network-auth.xml:3772(computeroutput)
19895
20466
#, no-wrap
19896
20467
msgid ""
19897
20468
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
19902
20473
"Principal \"steve@EXAMPLE.COM\" created."
19903
20474
msgstr ""
19904
20475
19905
#: serverguide/C/network-auth.xml:3787(para)
20476
#: serverguide/C/network-auth.xml:3780(para)
19906
20477
msgid ""
19907
20478
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
19908
20479
"krbExtraData attributes added to the "
19911
20482
"utilities to test that the user is indeed issued a ticket."
19912
20483
msgstr ""
19913
20484
19914
#: serverguide/C/network-auth.xml:3794(para)
20485
#: serverguide/C/network-auth.xml:3787(para)
19915
20486
msgid ""
19916
20487
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
19917
20488
"option is needed to add the Kerberos attributes. Otherwise a new "
19918
20489
"<emphasis>principal</emphasis> object will be created in the realm subtree."
19919
20490
msgstr ""
19920
20491
19921
#: serverguide/C/network-auth.xml:3802(title)
20492
#: serverguide/C/network-auth.xml:3795(title)
19922
20493
msgid "Secondary KDC Configuration"
19923
20494
msgstr ""
19924
20495
19925
#: serverguide/C/network-auth.xml:3804(para)
20496
#: serverguide/C/network-auth.xml:3797(para)
19926
20497
msgid ""
19927
20498
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
19928
20499
"one using the normal Kerberos database."
19929
20500
msgstr ""
19930
20501
19931
#: serverguide/C/network-auth.xml:3810(para)
20502
#: serverguide/C/network-auth.xml:3803(para)
19932
20503
msgid "First, install the necessary packages. In a terminal enter:"
19933
20504
msgstr ""
19934
20505
19935
#: serverguide/C/network-auth.xml:3821(para)
20506
#: serverguide/C/network-auth.xml:3814(para)
19936
20507
msgid ""
19937
20508
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
19938
20509
msgstr ""
19939
20510
19940
#: serverguide/C/network-auth.xml:3825(programlisting)
20511
#: serverguide/C/network-auth.xml:3818(programlisting)
19941
20512
#, no-wrap
19942
20513
msgid ""
19943
20514
"\n"
19986
20557
" }\n"
19987
20558
msgstr ""
19988
20559
19989
#: serverguide/C/network-auth.xml:3872(para)
20560
#: serverguide/C/network-auth.xml:3865(para)
19990
20561
msgid "Create the stash for the LDAP bind password:"
19991
20562
msgstr ""
19992
20563
19993
#: serverguide/C/network-auth.xml:3884(para)
20564
#: serverguide/C/network-auth.xml:3877(para)
19994
20565
msgid ""
19995
20566
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
19996
20567
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
19999
20570
"media."
20000
20571
msgstr ""
20001
20572
20002
#: serverguide/C/network-auth.xml:3891(command)
20573
#: serverguide/C/network-auth.xml:3884(command)
20003
20574
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
20004
20575
msgstr ""
20005
20576
20006
#: serverguide/C/network-auth.xml:3892(command)
20577
#: serverguide/C/network-auth.xml:3885(command)
20007
20578
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
20008
20579
msgstr ""
20009
20580
20010
#: serverguide/C/network-auth.xml:3896(para)
20581
#: serverguide/C/network-auth.xml:3889(para)
20011
20582
msgid ""
20012
20583
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
20013
20584
msgstr ""
20014
20585
20015
#: serverguide/C/network-auth.xml:3904(para)
20586
#: serverguide/C/network-auth.xml:3897(para)
20016
20587
msgid ""
20017
20588
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
20018
20589
"only,"
20019
20590
msgstr ""
20020
20591
20021
#: serverguide/C/network-auth.xml:3916(para)
20592
#: serverguide/C/network-auth.xml:3909(para)
20022
20593
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
20023
20594
msgstr ""
20024
20595
20596
#: serverguide/C/network-auth.xml:3920(para)
20597
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
20598
msgstr ""
20599
20025
20600
#: serverguide/C/network-auth.xml:3927(para)
20026
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
20027
msgstr ""
20028
20029
#: serverguide/C/network-auth.xml:3934(para)
20030
20601
msgid ""
20031
20602
"You now have redundant KDCs on your network, and with redundant LDAP servers "
20032
20603
"you should be able to continue to authenticate users if one LDAP server, one "
20033
20604
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
20034
20605
msgstr ""
20035
20606
20036
#: serverguide/C/network-auth.xml:3946(para)
20607
#: serverguide/C/network-auth.xml:3939(para)
20037
20608
msgid ""
20038
20609
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
20039
20610
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
20040
20611
"Guide</ulink> has some additional details."
20041
20612
msgstr ""
20042
20613
20043
#: serverguide/C/network-auth.xml:3952(para)
20614
#: serverguide/C/network-auth.xml:3945(para)
20044
20615
msgid ""
20045
20616
"For more information on <application>kdb5_ldap_util</application> see <ulink "
20046
20617
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
20050
20621
"l\">kdb5_ldap_util man page</ulink>."
20051
20622
msgstr ""
20052
20623
20053
#: serverguide/C/network-auth.xml:3960(para)
20624
#: serverguide/C/network-auth.xml:3953(para)
20054
20625
msgid ""
20055
20626
"Another useful link is the <ulink "
20056
20627
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/krb5.conf.5.html\">k"
20057
20628
"rb5.conf man page</ulink>."
20058
20629
msgstr ""
20059
20630
20060
#: serverguide/C/network-auth.xml:3965(para)
20631
#: serverguide/C/network-auth.xml:3958(para)
20061
20632
msgid ""
20062
20633
"Also, see the <ulink "
20063
20634
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
20064
20635
"and LDAP</ulink> Ubuntu wiki page."
20065
20636
msgstr ""
20066
20637
20067
#: serverguide/C/network-auth.xml:3974(title)
20638
#: serverguide/C/network-auth.xml:3967(title)
20068
20639
msgid "SSSD and Active Directory"
20069
20640
msgstr ""
20070
20641
20071
#: serverguide/C/network-auth.xml:3975(para)
20642
#: serverguide/C/network-auth.xml:3968(para)
20072
20643
msgid ""
20073
20644
"This section describes the use of sssd to authenticate user logins against "
20074
20645
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
20079
20650
"requires no modifications to the AD structure."
20080
20651
msgstr ""
20081
20652
20082
#: serverguide/C/network-auth.xml:3979(title)
20653
#: serverguide/C/network-auth.xml:3972(title)
20083
20654
msgid "Prerequisites, Assumptions, and Requirements"
20084
20655
msgstr ""
20085
20656
20086
#: serverguide/C/network-auth.xml:3982(para)
20657
#: serverguide/C/network-auth.xml:3975(para)
20087
20658
msgid ""
20088
20659
"This guide does not explain Active Directory, how it works, how to set one "
20089
20660
"up, or how to maintain it. It may not provide <quote>best practices</quote> "
20090
20661
"for your environment."
20091
20662
msgstr ""
20092
20663
20093
#: serverguide/C/network-auth.xml:3984(para)
20664
#: serverguide/C/network-auth.xml:3977(para)
20094
20665
msgid ""
20095
20666
"This guide assumes that a working Active Directory domain is already "
20096
20667
"configured."
20097
20668
msgstr ""
20098
20669
20099
#: serverguide/C/network-auth.xml:3986(para)
20670
#: serverguide/C/network-auth.xml:3979(para)
20100
20671
msgid ""
20101
20672
"The domain controller is acting as an authoritative DNS server for the "
20102
20673
"domain."
20103
20674
msgstr ""
20104
20675
20105
#: serverguide/C/network-auth.xml:3988(para)
20676
#: serverguide/C/network-auth.xml:3981(para)
20106
20677
msgid ""
20107
20678
"The domain controller is the primary DNS resolver as specified in "
20108
20679
"<filename>/etc/resolv.conf</filename>."
20109
20680
msgstr ""
20110
20681
20111
#: serverguide/C/network-auth.xml:3991(para)
20682
#: serverguide/C/network-auth.xml:3984(para)
20112
20683
msgid ""
20113
20684
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
20114
20685
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
20115
20686
"(see Resources section for external links)."
20116
20687
msgstr ""
20117
20688
20118
#: serverguide/C/network-auth.xml:3993(para)
20689
#: serverguide/C/network-auth.xml:3986(para)
20119
20690
msgid ""
20120
20691
"System time is synchronized on the domain controller (necessary for "
20121
20692
"Kerberos)."
20122
20693
msgstr ""
20123
20694
20124
#: serverguide/C/network-auth.xml:3995(para)
20695
#: serverguide/C/network-auth.xml:3988(para)
20125
20696
msgid ""
20126
20697
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
20127
20698
"."
20128
20699
msgstr ""
20129
20700
20130
#: serverguide/C/network-auth.xml:4000(para)
20701
#: serverguide/C/network-auth.xml:3993(para)
20131
20702
msgid ""
20132
20703
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
20133
20704
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
20136
20707
"controllers are needed for this step."
20137
20708
msgstr ""
20138
20709
20139
#: serverguide/C/network-auth.xml:4001(para)
20710
#: serverguide/C/network-auth.xml:3994(para)
20140
20711
msgid "Install these packages now."
20141
20712
msgstr ""
20142
20713
20143
#: serverguide/C/network-auth.xml:4003(command)
20714
#: serverguide/C/network-auth.xml:3996(command)
20144
20715
msgid "sudo apt install krb5-user samba sssd ntp"
20145
20716
msgstr ""
20146
20717
20147
#: serverguide/C/network-auth.xml:4004(para)
20718
#: serverguide/C/network-auth.xml:3997(para)
20148
20719
msgid ""
20149
20720
"See the next section for the answers to the questions asked by the "
20150
20721
"<emphasis>krb5-user</emphasis> postinstall script."
20151
20722
msgstr ""
20152
20723
20153
#: serverguide/C/network-auth.xml:4007(title)
20724
#: serverguide/C/network-auth.xml:4000(title)
20154
20725
msgid "Kerberos Configuration"
20155
20726
msgstr ""
20156
20727
20157
#: serverguide/C/network-auth.xml:4008(para)
20728
#: serverguide/C/network-auth.xml:4001(para)
20158
20729
msgid ""
20159
20730
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
20160
20731
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
20164
20735
"not, then both are needed."
20165
20736
msgstr ""
20166
20737
20167
#: serverguide/C/network-auth.xml:4009(para)
20738
#: serverguide/C/network-auth.xml:4002(para)
20168
20739
msgid ""
20169
20740
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
20170
20741
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
20171
20742
msgstr ""
20172
20743
20173
#: serverguide/C/network-auth.xml:4012(para)
20744
#: serverguide/C/network-auth.xml:4005(para)
20174
20745
msgid ""
20175
20746
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
20176
20747
"settings to specify Kerberos ticket lifetime (these values are safe to use "
20177
20748
"as defaults):"
20178
20749
msgstr ""
20179
20750
20180
#: serverguide/C/network-auth.xml:4013(programlisting)
20751
#: serverguide/C/network-auth.xml:4006(programlisting)
20181
20752
#, no-wrap
20182
20753
msgid ""
20183
20754
"\n"
20189
20760
"\t\t"
20190
20761
msgstr ""
20191
20762
20192
#: serverguide/C/network-auth.xml:4021(para)
20763
#: serverguide/C/network-auth.xml:4014(para)
20193
20764
msgid ""
20194
20765
"If default_realm is not specified, it may be necessary to log in with "
20195
20766
"<quote>username@domain</quote> instead of <quote>username</quote>."
20196
20767
msgstr ""
20197
20768
20198
#: serverguide/C/network-auth.xml:4023(para)
20769
#: serverguide/C/network-auth.xml:4016(para)
20199
20770
msgid ""
20200
20771
"The system time on the Active Directory member needs to be consistent with "
20201
20772
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
20203
20774
"<filename>/etc/ntp.conf</filename>:"
20204
20775
msgstr ""
20205
20776
20206
#: serverguide/C/network-auth.xml:4025(programlisting)
20777
#: serverguide/C/network-auth.xml:4018(programlisting)
20207
20778
#, no-wrap
20208
20779
msgid ""
20209
20780
"\n"
20210
20781
"server dc.myubuntu.example.com\n"
20211
20782
msgstr ""
20212
20783
20213
#: serverguide/C/network-auth.xml:4032(para)
20784
#: serverguide/C/network-auth.xml:4025(para)
20214
20785
msgid ""
20215
20786
"Samba will be used to perform netbios/nmbd services related to Active "
20216
20787
"Directory authentication, even if no file shares are exported. Edit the file "
20218
20789
"<emphasis>[global]</emphasis> section:"
20219
20790
msgstr ""
20220
20791
20221
#: serverguide/C/network-auth.xml:4034(programlisting)
20792
#: serverguide/C/network-auth.xml:4027(programlisting)
20222
20793
#, no-wrap
20223
20794
msgid ""
20224
20795
"\n"
20232
20803
"security = ads\n"
20233
20804
msgstr ""
20234
20805
20235
#: serverguide/C/network-auth.xml:4045(para)
20806
#: serverguide/C/network-auth.xml:4038(para)
20236
20807
msgid ""
20237
20808
"Some guides specify that \"password server\" should be specified and pointed "
20238
20809
"to the domain controller. This is only necessary if DNS is not properly set "
20240
20811
"server\" is specified with \"security = ads\"."
20241
20812
msgstr ""
20242
20813
20243
#: serverguide/C/network-auth.xml:4050(title)
20814
#: serverguide/C/network-auth.xml:4043(title)
20244
20815
msgid "SSSD Configuration"
20245
20816
msgstr ""
20246
20817
20247
#: serverguide/C/network-auth.xml:4052(para)
20818
#: serverguide/C/network-auth.xml:4045(para)
20248
20819
msgid ""
20249
20820
"There is no default/example config file for "
20250
20821
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
20251
20822
"necessary to create one. This is a minimal working config file:"
20252
20823
msgstr ""
20253
20824
20254
#: serverguide/C/network-auth.xml:4054(programlisting)
20825
#: serverguide/C/network-auth.xml:4047(programlisting)
20255
20826
#, no-wrap
20256
20827
msgid ""
20257
20828
"\n"
20283
20854
"# enumerate = true\n"
20284
20855
msgstr ""
20285
20856
20286
#: serverguide/C/network-auth.xml:4081(para)
20857
#: serverguide/C/network-auth.xml:4074(para)
20287
20858
msgid ""
20288
20859
"After saving this file, set the ownership to root and the file permissions "
20289
20860
"to 600:"
20290
20861
msgstr ""
20291
20862
20292
#: serverguide/C/network-auth.xml:4082(command)
20863
#: serverguide/C/network-auth.xml:4075(command)
20293
20864
msgid "sudo chown root:root /etc/sssd/sssd.conf"
20294
20865
msgstr ""
20295
20866
20296
#: serverguide/C/network-auth.xml:4083(command)
20867
#: serverguide/C/network-auth.xml:4076(command)
20297
20868
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
20298
20869
msgstr ""
20299
20870
20300
#: serverguide/C/network-auth.xml:4085(para)
20871
#: serverguide/C/network-auth.xml:4078(para)
20301
20872
msgid ""
20302
20873
"If the ownership or permissions are not correct, sssd will refuse to start."
20303
20874
msgstr ""
20304
20875
20305
#: serverguide/C/network-auth.xml:4089(title)
20876
#: serverguide/C/network-auth.xml:4082(title)
20306
20877
msgid "Verify nsswitch.conf Configuration"
20307
20878
msgstr ""
20308
20879
20309
#: serverguide/C/network-auth.xml:4090(para)
20880
#: serverguide/C/network-auth.xml:4083(para)
20310
20881
msgid ""
20311
20882
"The post-install script for the sssd package makes some modifications to "
20312
20883
"/etc/nsswitch.conf automatically. It should look something like this:"
20313
20884
msgstr ""
20314
20885
20315
#: serverguide/C/network-auth.xml:4092(programlisting)
20886
#: serverguide/C/network-auth.xml:4085(programlisting)
20316
20887
#, no-wrap
20317
20888
msgid ""
20318
20889
"\n"
20323
20894
"sudoers: files sss\n"
20324
20895
msgstr ""
20325
20896
20326
#: serverguide/C/network-auth.xml:4102(title)
20897
#: serverguide/C/network-auth.xml:4095(title)
20327
20898
msgid "Modify /etc/hosts"
20328
20899
msgstr ""
20329
20900
20330
#: serverguide/C/network-auth.xml:4103(para)
20901
#: serverguide/C/network-auth.xml:4096(para)
20331
20902
msgid ""
20332
20903
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
20333
20904
"example:"
20334
20905
msgstr ""
20335
20906
20336
#: serverguide/C/network-auth.xml:4104(programlisting)
20907
#: serverguide/C/network-auth.xml:4097(programlisting)
20337
20908
#, no-wrap
20338
20909
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
20339
20910
msgstr ""
20340
20911
20341
#: serverguide/C/network-auth.xml:4106(para)
20912
#: serverguide/C/network-auth.xml:4099(para)
20342
20913
msgid "This is useful in conjunction with dynamic DNS updates."
20343
20914
msgstr ""
20344
20915
20345
#: serverguide/C/network-auth.xml:4110(title)
20916
#: serverguide/C/network-auth.xml:4103(title)
20346
20917
msgid "Join the Active Directory"
20347
20918
msgstr ""
20348
20919
20349
#: serverguide/C/network-auth.xml:4111(para)
20920
#: serverguide/C/network-auth.xml:4104(para)
20350
20921
msgid "Now, restart ntp and samba and start sssd."
20351
20922
msgstr ""
20352
20923
20353
#: serverguide/C/network-auth.xml:4112(command)
20924
#: serverguide/C/network-auth.xml:4105(command)
20354
20925
msgid "sudo systemctl restart ntp.service"
20355
20926
msgstr ""
20356
20927
20357
#: serverguide/C/network-auth.xml:4114(command)
20928
#: serverguide/C/network-auth.xml:4107(command)
20358
20929
msgid "sudo systemctl start sssd.service"
20359
20930
msgstr ""
20360
20931
20361
#: serverguide/C/network-auth.xml:4116(para)
20932
#: serverguide/C/network-auth.xml:4109(para)
20362
20933
msgid "Test the configuration by obtaining a Kerberos ticket:"
20363
20934
msgstr ""
20364
20935
20365
#: serverguide/C/network-auth.xml:4118(command)
20936
#: serverguide/C/network-auth.xml:4111(command)
20366
20937
msgid "sudo kinit Administrator"
20367
20938
msgstr ""
20368
20939
20369
#: serverguide/C/network-auth.xml:4120(para)
20940
#: serverguide/C/network-auth.xml:4113(para)
20370
20941
msgid "Verify the ticket with:"
20371
20942
msgstr ""
20372
20943
20373
#: serverguide/C/network-auth.xml:4121(command)
20944
#: serverguide/C/network-auth.xml:4114(command)
20374
20945
msgid "sudo klist"
20375
20946
msgstr ""
20376
20947
20377
#: serverguide/C/network-auth.xml:4123(para)
20948
#: serverguide/C/network-auth.xml:4116(para)
20378
20949
msgid ""
20379
20950
"If there is a ticket with an expiration date listed, then it is time to join "
20380
20951
"the domain:"
20381
20952
msgstr ""
20382
20953
20383
#: serverguide/C/network-auth.xml:4125(command)
20954
#: serverguide/C/network-auth.xml:4118(command)
20384
20955
msgid "sudo net ads join -k"
20385
20956
msgstr ""
20386
20957
20387
#: serverguide/C/network-auth.xml:4127(para)
20958
#: serverguide/C/network-auth.xml:4120(para)
20388
20959
msgid ""
20389
20960
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
20390
20961
"probably means that there is no (correct) alias in "
20394
20965
"\"Modify /etc/hosts\" above."
20395
20966
msgstr ""
20396
20967
20397
#: serverguide/C/network-auth.xml:4129(para)
20968
#: serverguide/C/network-auth.xml:4122(para)
20398
20969
msgid ""
20399
20970
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
20400
20971
"something is incorrect. Review the prior steps before proceeding)."
20401
20972
msgstr ""
20402
20973
20403
#: serverguide/C/network-auth.xml:4131(para)
20974
#: serverguide/C/network-auth.xml:4124(para)
20404
20975
msgid ""
20405
20976
"Here are a couple of (optional) checks to verify that the domain join was "
20406
20977
"successful. Note that if the domain was successfully joined but one or both "
20408
20979
"Some of the changes appear to be asynchronous."
20409
20980
msgstr ""
20410
20981
20411
#: serverguide/C/network-auth.xml:4133(para)
20982
#: serverguide/C/network-auth.xml:4126(para)
20412
20983
msgid "Verification option #1:"
20413
20984
msgstr ""
20414
20985
20415
#: serverguide/C/network-auth.xml:4134(para)
20986
#: serverguide/C/network-auth.xml:4127(para)
20416
20987
msgid ""
20417
20988
"Check the default Organizational Unit for computer accounts in the Active "
20418
20989
"Directory to verify that the computer account was created. (Organizational "
20419
20990
"Units in Active Directory is a topic outside the scope of this guide)."
20420
20991
msgstr ""
20421
20992
20422
#: serverguide/C/network-auth.xml:4136(para)
20993
#: serverguide/C/network-auth.xml:4129(para)
20423
20994
msgid "Verification option #2"
20424
20995
msgstr ""
20425
20996
20426
#: serverguide/C/network-auth.xml:4137(para)
20997
#: serverguide/C/network-auth.xml:4130(para)
20427
20998
msgid "Execute this command for a specific AD user (e.g. administrator)"
20428
20999
msgstr ""
20429
21000
20430
#: serverguide/C/network-auth.xml:4138(command)
21001
#: serverguide/C/network-auth.xml:4131(command)
20431
21002
msgid "getent passwd username"
20432
21003
msgstr ""
20433
21004
20434
#: serverguide/C/network-auth.xml:4140(para)
21005
#: serverguide/C/network-auth.xml:4133(para)
20435
21006
msgid ""
20436
21007
"If <emphasis>enumerate = true</emphasis> is set in "
20437
21008
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
20439
21010
"testing, but is slow and not recommended for production."
20440
21011
msgstr ""
20441
21012
20442
#: serverguide/C/network-auth.xml:4144(title)
21013
#: serverguide/C/network-auth.xml:4137(title)
20443
21014
msgid "Test Authentication"
20444
21015
msgstr ""
20445
21016
20446
#: serverguide/C/network-auth.xml:4145(para)
21017
#: serverguide/C/network-auth.xml:4138(para)
20447
21018
msgid ""
20448
21019
"It should now be possible to authenticate using an Active Directory User's "
20449
21020
"credentials:"
20450
21021
msgstr ""
20451
21022
20452
#: serverguide/C/network-auth.xml:4147(command)
21023
#: serverguide/C/network-auth.xml:4140(command)
20453
21024
msgid "su - username"
20454
21025
msgstr ""
20455
21026
20456
#: serverguide/C/network-auth.xml:4149(para)
21027
#: serverguide/C/network-auth.xml:4142(para)
20457
21028
msgid ""
20458
21029
"If this works, then other login methods (getty, ssh) should also work."
20459
21030
msgstr ""
20460
21031
20461
#: serverguide/C/network-auth.xml:4151(para)
21032
#: serverguide/C/network-auth.xml:4144(para)
20462
21033
msgid ""
20463
21034
"If the computer account was created, indicating that the system was "
20464
21035
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
20467
21038
"earlier in this guide."
20468
21039
msgstr ""
20469
21040
20470
#: serverguide/C/network-auth.xml:4155(title)
21041
#: serverguide/C/network-auth.xml:4148(title)
20471
21042
msgid "Home directories with pam_mkhomedir (optional)"
20472
21043
msgstr ""
20473
21044
20474
#: serverguide/C/network-auth.xml:4156(para)
21045
#: serverguide/C/network-auth.xml:4149(para)
20475
21046
msgid ""
20476
21047
"When logging in using an Active Directory user account, it is likely that "
20477
21048
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
20480
21051
"after <emphasis>session required pam_unix.so:</emphasis>"
20481
21052
msgstr ""
20482
21053
20483
#: serverguide/C/network-auth.xml:4157(programlisting)
21054
#: serverguide/C/network-auth.xml:4150(programlisting)
20484
21055
#, no-wrap
20485
21056
msgid ""
20486
21057
"\n"
20487
21058
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
20488
21059
msgstr ""
20489
21060
20490
#: serverguide/C/network-auth.xml:4161(para)
21061
#: serverguide/C/network-auth.xml:4154(para)
20491
21062
msgid ""
20492
21063
"This may also need <emphasis>override_homedir</emphasis> in "
20493
21064
"<filename>sssd.conf</filename> to function correctly, so make sure that's "
20494
21065
"set."
20495
21066
msgstr ""
20496
21067
20497
#: serverguide/C/network-auth.xml:4165(title)
21068
#: serverguide/C/network-auth.xml:4158(title)
20498
21069
msgid "Desktop Ubuntu Authentication"
20499
21070
msgstr ""
20500
21071
20501
#: serverguide/C/network-auth.xml:4166(para)
21072
#: serverguide/C/network-auth.xml:4159(para)
20502
21073
msgid ""
20503
21074
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
20504
21075
"Directory accounts. The AD accounts will not show up in the pick list with "
20507
21078
"append the following two lines:"
20508
21079
msgstr ""
20509
21080
20510
#: serverguide/C/network-auth.xml:4168(programlisting)
21081
#: serverguide/C/network-auth.xml:4161(programlisting)
20511
21082
#, no-wrap
20512
21083
msgid ""
20513
21084
"\n"
20515
21086
"greeter-hide-users=true\n"
20516
21087
msgstr ""
20517
21088
20518
#: serverguide/C/network-auth.xml:4173(para)
21089
#: serverguide/C/network-auth.xml:4166(para)
20519
21090
msgid ""
20520
21091
"Reboot to restart lightdm. It should now be possible to log in using a "
20521
21092
"domain account using either <emphasis>username</emphasis> or "
20522
21093
"<emphasis>username/username@domain</emphasis> format."
20523
21094
msgstr ""
20524
21095
20525
#: serverguide/C/network-auth.xml:4179(ulink)
21096
#: serverguide/C/network-auth.xml:4172(ulink)
20526
21097
msgid "SSSD Project"
20527
21098
msgstr ""
20528
21099
20529
#: serverguide/C/network-auth.xml:4180(ulink)
21100
#: serverguide/C/network-auth.xml:4173(ulink)
20530
21101
msgid "DNS Server Configuration guidelines"
20531
21102
msgstr ""
20532
21103
20533
#: serverguide/C/network-auth.xml:4181(ulink)
21104
#: serverguide/C/network-auth.xml:4174(ulink)
20534
21105
msgid "Active Directory DNS Zone Entries"
20535
21106
msgstr ""
20536
21107
20537
#: serverguide/C/network-auth.xml:4182(ulink)
21108
#: serverguide/C/network-auth.xml:4175(ulink)
20538
21109
msgid "Kerberos config options"
20539
21110
msgstr ""
20540
21111
22104
22675
#: serverguide/C/mail.xml:249(para)
22105
22676
msgid ""
22106
22677
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
22107
"enable Dovecot SASL the <application>dovecot-common</application> package "
22108
"will need to be installed. From a terminal prompt enter the following:"
22678
"enable Dovecot SASL the <application>dovecot-core</application> package will "
22679
"need to be installed. From a terminal prompt enter the following:"
22109
22680
msgstr ""
22110
22681
22111
22682
#: serverguide/C/mail.xml:255(command)
22112
msgid "sudo apt install dovecot-common"
22683
msgid "sudo apt install dovecot-core"
22113
22684
msgstr ""
22114
22685
22115
22686
#: serverguide/C/mail.xml:257(para)
24317
24888
msgstr ""
24318
24889
24319
24890
#: serverguide/C/lamp-applications.xml:278(title)
24320
msgid "MediaWiki"
24891
msgid "phpMyAdmin"
24321
24892
msgstr ""
24322
24893
24323
24894
#: serverguide/C/lamp-applications.xml:280(para)
24324
24895
msgid ""
24325
"MediaWiki is an web based Wiki software written in the PHP language. It can "
24326
"either use <application>MySQL</application> or "
24327
"<application>PostgreSQL</application> Database Management System."
24328
msgstr ""
24329
24330
#: serverguide/C/lamp-applications.xml:290(para)
24331
msgid ""
24332
"Before installing <application>MediaWiki</application> you should also "
24333
"install <application>Apache2</application>, the "
24334
"<application>PHP</application> scripting language and a Database Management "
24335
"System. <application>MySQL</application> or "
24336
"<application>PostgreSQL</application> are the most common, choose one "
24337
"depending on your need. Please refer to those sections in this manual for "
24338
"installation instructions."
24339
msgstr ""
24340
24341
#: serverguide/C/lamp-applications.xml:298(para)
24342
msgid ""
24343
"To install <application>MediaWiki</application>, run the following command "
24344
"in the command prompt:"
24345
msgstr ""
24346
24347
#: serverguide/C/lamp-applications.xml:304(command)
24348
msgid "sudo apt install mediawiki php-gd"
24349
msgstr ""
24350
24351
#: serverguide/C/lamp-applications.xml:307(para)
24352
msgid ""
24353
"For additional <application>MediaWiki</application> functionality see the "
24354
"<application>mediawiki-extensions</application> package."
24355
msgstr ""
24356
24357
#: serverguide/C/lamp-applications.xml:317(para)
24358
msgid ""
24359
"The Apache configuration file <filename>mediawiki.conf</filename> for "
24360
"<application>MediaWiki</application> is installed in "
24361
"<filename>/etc/apache2/conf-available/</filename> directory. To access "
24362
"<application>MediaWiki</application>, uncomment the following line in the "
24363
"file."
24364
msgstr ""
24365
24366
#: serverguide/C/lamp-applications.xml:324(screen)
24367
#, no-wrap
24368
msgid ""
24369
"\n"
24370
"# Alias /mediawiki /var/lib/mediawiki\n"
24371
msgstr ""
24372
24373
#: serverguide/C/lamp-applications.xml:328(para)
24374
msgid ""
24375
"The <application>MediaWiki</application> configuration also needs to be "
24376
"enabled."
24377
msgstr ""
24378
24379
#: serverguide/C/lamp-applications.xml:332(command)
24380
msgid "sudo a2enconf mediawiki.conf"
24381
msgstr ""
24382
24383
#: serverguide/C/lamp-applications.xml:335(para)
24384
msgid "Restart Apache server."
24385
msgstr ""
24386
24387
#: serverguide/C/lamp-applications.xml:342(para)
24388
msgid ""
24389
"Access <application>MediaWiki</application> by visiting <ulink "
24390
"url=\"http://localhost/mediawiki/mw-"
24391
"config/index.php\">http://localhost/mediawiki/mw-config/index.php</ulink>. "
24392
"(Or <ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
24393
"config/index.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
24394
"config/index.php</ulink> if your server has no GUI.)"
24395
msgstr ""
24396
24397
#: serverguide/C/lamp-applications.xml:350(para)
24398
msgid ""
24399
"Please read the <quote>Environmental checks</quote> section of the "
24400
"configuration page. You should be able to fix many issues by carefully "
24401
"reading this section."
24402
msgstr ""
24403
24404
#: serverguide/C/lamp-applications.xml:357(para)
24405
msgid ""
24406
"Once the configuration is complete, you should copy the "
24407
"<filename>LocalSettings.php</filename> file to "
24408
"<filename>/etc/mediawiki</filename> directory:"
24409
msgstr ""
24410
24411
#: serverguide/C/lamp-applications.xml:364(command)
24412
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
24413
msgstr ""
24414
24415
#: serverguide/C/lamp-applications.xml:367(para)
24416
msgid ""
24417
"You may also want to edit "
24418
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
24419
"memory limit (disabled by default):"
24420
msgstr ""
24421
24422
#: serverguide/C/lamp-applications.xml:372(programlisting)
24423
#, no-wrap
24424
msgid ""
24425
"\n"
24426
"ini_set( 'memory_limit', '64M' );\n"
24427
msgstr ""
24428
24429
#: serverguide/C/lamp-applications.xml:379(title)
24430
msgid "Extensions"
24431
msgstr ""
24432
24433
#: serverguide/C/lamp-applications.xml:380(para)
24434
msgid ""
24435
"The extensions add new features and enhancements for the MediaWiki "
24436
"application. The extensions give wiki administrators and end users the "
24437
"ability to customize MediaWiki to their requirements."
24438
msgstr ""
24439
24440
#: serverguide/C/lamp-applications.xml:386(para)
24441
msgid ""
24442
"You can download MediaWiki extensions as an archive file or checkout from "
24443
"the Subversion repository. You should copy it to "
24444
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
24445
"also add the following line at the end of file: "
24446
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
24447
msgstr ""
24448
24449
#: serverguide/C/lamp-applications.xml:394(programlisting)
24450
#, no-wrap
24451
msgid ""
24452
"\n"
24453
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
24454
msgstr ""
24455
24456
#: serverguide/C/lamp-applications.xml:404(para)
24457
msgid ""
24458
"For more details, please refer to the <ulink "
24459
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
24460
msgstr ""
24461
24462
#: serverguide/C/lamp-applications.xml:410(para)
24463
msgid ""
24464
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
24465
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
24466
"new MediaWiki administrators."
24467
msgstr ""
24468
24469
#: serverguide/C/lamp-applications.xml:416(para)
24470
msgid ""
24471
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
24472
"Wiki MediaWiki</ulink> page is a good resource."
24473
msgstr ""
24474
24475
#: serverguide/C/lamp-applications.xml:426(title)
24476
msgid "phpMyAdmin"
24477
msgstr ""
24478
24479
#: serverguide/C/lamp-applications.xml:428(para)
24480
msgid ""
24481
24896
"<application>phpMyAdmin</application> is a LAMP application specifically "
24482
24897
"written for administering <application>MySQL</application> servers. Written "
24483
24898
"in <application>PHP</application>, and accessed through a web browser, "
24484
24899
"phpMyAdmin provides a graphical interface for database administration tasks."
24485
24900
msgstr ""
24486
24901
24487
#: serverguide/C/lamp-applications.xml:437(para)
24902
#: serverguide/C/lamp-applications.xml:289(para)
24488
24903
msgid ""
24489
24904
"Before installing <application>phpMyAdmin</application> you will need access "
24490
24905
"to a <application>MySQL</application> database either on the same host as "
24493
24908
"enter:"
24494
24909
msgstr ""
24495
24910
24496
#: serverguide/C/lamp-applications.xml:444(command)
24911
#: serverguide/C/lamp-applications.xml:296(command)
24497
24912
msgid "sudo apt install phpmyadmin"
24498
24913
msgstr ""
24499
24914
24500
#: serverguide/C/lamp-applications.xml:447(para)
24915
#: serverguide/C/lamp-applications.xml:299(para)
24501
24916
msgid ""
24502
24917
"At the prompt choose which web server to be configured for "
24503
24918
"<application>phpMyAdmin</application>. The rest of this section will use "
24504
24919
"<application>Apache2</application> for the web server."
24505
24920
msgstr ""
24506
24921
24507
#: serverguide/C/lamp-applications.xml:452(para)
24922
#: serverguide/C/lamp-applications.xml:304(para)
24508
24923
msgid ""
24509
24924
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
24510
24925
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
24514
24929
"user's password."
24515
24930
msgstr ""
24516
24931
24517
#: serverguide/C/lamp-applications.xml:459(para)
24932
#: serverguide/C/lamp-applications.xml:311(para)
24518
24933
msgid ""
24519
24934
"Once logged in you can reset the <emphasis>root</emphasis> password if "
24520
24935
"needed, create users, create/destroy databases and tables, etc."
24521
24936
msgstr ""
24522
24937
24523
#: serverguide/C/lamp-applications.xml:467(para)
24938
#: serverguide/C/lamp-applications.xml:319(para)
24524
24939
msgid ""
24525
24940
"The configuration files for <application>phpMyAdmin</application> are "
24526
24941
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
24529
24944
"<application>phpMyAdmin</application>."
24530
24945
msgstr ""
24531
24946
24532
#: serverguide/C/lamp-applications.xml:473(para)
24947
#: serverguide/C/lamp-applications.xml:325(para)
24533
24948
msgid ""
24534
24949
"To use <application>phpMyAdmin</application> to administer a MySQL database "
24535
24950
"hosted on another server, adjust the following in "
24536
24951
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
24537
24952
msgstr ""
24538
24953
24539
#: serverguide/C/lamp-applications.xml:478(programlisting)
24954
#: serverguide/C/lamp-applications.xml:330(programlisting)
24540
24955
#, no-wrap
24541
24956
msgid ""
24542
24957
"\n"
24543
24958
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
24544
24959
msgstr ""
24545
24960
24546
#: serverguide/C/lamp-applications.xml:483(para)
24961
#: serverguide/C/lamp-applications.xml:335(para)
24547
24962
msgid ""
24548
24963
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
24549
24964
"remote database server name or IP address. Also, be sure that the "
24551
24966
"remote database."
24552
24967
msgstr ""
24553
24968
24554
#: serverguide/C/lamp-applications.xml:489(para)
24969
#: serverguide/C/lamp-applications.xml:341(para)
24555
24970
msgid ""
24556
24971
"Once configured, log out of <application>phpMyAdmin</application> and back "
24557
24972
"in, and you should be accessing the new server."
24558
24973
msgstr ""
24559
24974
24560
#: serverguide/C/lamp-applications.xml:493(para)
24975
#: serverguide/C/lamp-applications.xml:345(para)
24561
24976
msgid ""
24562
24977
"The <filename>config.header.inc.php</filename> and "
24563
24978
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
24564
24979
"header and footer to <application>phpMyAdmin</application>."
24565
24980
msgstr ""
24566
24981
24567
#: serverguide/C/lamp-applications.xml:498(para)
24982
#: serverguide/C/lamp-applications.xml:350(para)
24568
24983
msgid ""
24569
24984
"Another important configuration file is "
24570
24985
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
24575
24990
"a terminal type:"
24576
24991
msgstr ""
24577
24992
24578
#: serverguide/C/lamp-applications.xml:506(command)
24993
#: serverguide/C/lamp-applications.xml:358(command)
24579
24994
msgid ""
24580
24995
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
24581
24996
"available/phpmyadmin.conf"
24582
24997
msgstr ""
24583
24998
24584
#: serverguide/C/lamp-applications.xml:507(command)
24999
#: serverguide/C/lamp-applications.xml:359(command)
24585
25000
msgid "sudo a2enconf phpmyadmin.conf"
24586
25001
msgstr ""
24587
25002
24588
#: serverguide/C/lamp-applications.xml:511(para)
25003
#: serverguide/C/lamp-applications.xml:363(para)
24589
25004
msgid ""
24590
25005
"For more information on configuring <application>Apache2</application> see "
24591
25006
"<xref linkend=\"httpd\"/>."
24592
25007
msgstr ""
24593
25008
24594
#: serverguide/C/lamp-applications.xml:522(para)
25009
#: serverguide/C/lamp-applications.xml:374(para)
24595
25010
msgid ""
24596
25011
"The <application>phpMyAdmin</application> documentation comes installed with "
24597
25012
"the package and can be accessed from the <emphasis>phpMyAdmin "
24600
25015
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
24601
25016
msgstr ""
24602
25017
24603
#: serverguide/C/lamp-applications.xml:529(para)
25018
#: serverguide/C/lamp-applications.xml:381(para)
24604
25019
msgid ""
24605
25020
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
24606
25021
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
24607
25022
msgstr ""
24608
25023
24609
#: serverguide/C/lamp-applications.xml:534(para)
25024
#: serverguide/C/lamp-applications.xml:386(para)
24610
25025
msgid ""
24611
25026
"A third resource is the <ulink "
24612
25027
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
24613
25028
"Wiki</ulink> page."
24614
25029
msgstr ""
24615
25030
24616
#: serverguide/C/lamp-applications.xml:543(title)
25031
#: serverguide/C/lamp-applications.xml:395(title)
24617
25032
msgid "WordPress"
24618
25033
msgstr ""
24619
25034
24620
#: serverguide/C/lamp-applications.xml:544(para)
25035
#: serverguide/C/lamp-applications.xml:396(para)
24621
25036
msgid ""
24622
25037
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
24623
25038
"licensed under the GNU GPLv2."
24624
25039
msgstr ""
24625
25040
24626
#: serverguide/C/lamp-applications.xml:550(para)
25041
#: serverguide/C/lamp-applications.xml:402(para)
24627
25042
msgid ""
24628
25043
"To install <application>WordPress</application>, run the following comand in "
24629
25044
"the command prompt:"
24630
25045
msgstr ""
24631
25046
24632
#: serverguide/C/lamp-applications.xml:555(command)
25047
#: serverguide/C/lamp-applications.xml:407(command)
24633
25048
msgid "sudo apt install wordpress"
24634
25049
msgstr ""
24635
25050
24636
#: serverguide/C/lamp-applications.xml:558(para)
25051
#: serverguide/C/lamp-applications.xml:410(para)
24637
25052
msgid ""
24638
25053
"You should also install <application>apache2</application> web server and "
24639
25054
"<application>mysql</application> server. For installing "
24644
25059
"linkend=\"mysql\"/> section."
24645
25060
msgstr ""
24646
25061
24647
#: serverguide/C/lamp-applications.xml:572(para)
25062
#: serverguide/C/lamp-applications.xml:424(para)
24648
25063
msgid ""
24649
25064
"For configuring your first <application>WordPress</application> application, "
24650
25065
"configure an apache site. Open <filename>/etc/apache2/sites-"
24651
25066
"available/wordpress.conf</filename> and write the following lines:"
24652
25067
msgstr ""
24653
25068
24654
#: serverguide/C/lamp-applications.xml:579(programlisting)
25069
#: serverguide/C/lamp-applications.xml:431(programlisting)
24655
25070
#, no-wrap
24656
25071
msgid ""
24657
25072
"\n"
24671
25086
" "
24672
25087
msgstr ""
24673
25088
24674
#: serverguide/C/lamp-applications.xml:595(para)
25089
#: serverguide/C/lamp-applications.xml:447(para)
24675
25090
msgid "Enable this new <application>WordPress</application> site"
24676
25091
msgstr ""
24677
25092
24678
#: serverguide/C/lamp-applications.xml:598(command)
25093
#: serverguide/C/lamp-applications.xml:450(command)
24679
25094
msgid "sudo a2ensite wordpress"
24680
25095
msgstr ""
24681
25096
24682
#: serverguide/C/lamp-applications.xml:601(para)
25097
#: serverguide/C/lamp-applications.xml:453(para)
24683
25098
msgid ""
24684
25099
"Once you configure the <application>apache2</application> web server and "
24685
25100
"make it ready for your <application>WordPress</application> application, you "
24687
25102
"<application>apache2</application> web server:"
24688
25103
msgstr ""
24689
25104
24690
#: serverguide/C/lamp-applications.xml:613(para)
25105
#: serverguide/C/lamp-applications.xml:465(para)
24691
25106
msgid ""
24692
25107
"To facilitate multiple <application>WordPress</application> installations, "
24693
25108
"the name of this configuration file is based on the Host header of the HTTP "
24700
25115
"NAME_OF_YOUR_VIRTUAL_HOST.php."
24701
25116
msgstr ""
24702
25117
24703
#: serverguide/C/lamp-applications.xml:624(para)
25118
#: serverguide/C/lamp-applications.xml:476(para)
24704
25119
msgid ""
24705
25120
"Once the configuration file is written, it is up to you to choose a "
24706
25121
"convention for username and password to mysql for each "
24708
25123
"shows only one, localhost, example."
24709
25124
msgstr ""
24710
25125
24711
#: serverguide/C/lamp-applications.xml:631(para)
25126
#: serverguide/C/lamp-applications.xml:483(para)
24712
25127
msgid ""
24713
25128
"Now configure <application>WordPress</application> to use a mysql database. "
24714
25129
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
24715
25130
"the following lines:"
24716
25131
msgstr ""
24717
25132
24718
#: serverguide/C/lamp-applications.xml:637(programlisting)
25133
#: serverguide/C/lamp-applications.xml:489(programlisting)
24719
25134
#, no-wrap
24720
25135
msgid ""
24721
25136
"\n"
24728
25143
"?>\n"
24729
25144
msgstr ""
24730
25145
24731
#: serverguide/C/lamp-applications.xml:646(para)
25146
#: serverguide/C/lamp-applications.xml:498(para)
24732
25147
msgid ""
24733
25148
"Now create this mysql database. Open a temporary file with mysql commands "
24734
25149
"<filename>wordpress.sql</filename> and write the following lines:"
24735
25150
msgstr ""
24736
25151
24737
#: serverguide/C/lamp-applications.xml:649(programlisting)
25152
#: serverguide/C/lamp-applications.xml:501(programlisting)
24738
25153
#, no-wrap
24739
25154
msgid ""
24740
25155
"\n"
24746
25161
"FLUSH PRIVILEGES;\n"
24747
25162
msgstr ""
24748
25163
24749
#: serverguide/C/lamp-applications.xml:657(para)
25164
#: serverguide/C/lamp-applications.xml:509(para)
24750
25165
msgid "Execute these commands."
24751
25166
msgstr ""
24752
25167
24753
#: serverguide/C/lamp-applications.xml:659(command)
25168
#: serverguide/C/lamp-applications.xml:511(command)
24754
25169
msgid ""
24755
25170
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
24756
25171
msgstr ""
24757
25172
24758
#: serverguide/C/lamp-applications.xml:661(para)
25173
#: serverguide/C/lamp-applications.xml:513(para)
24759
25174
msgid ""
24760
25175
"Your new <application>WordPress</application> can now be configured by "
24761
25176
"visiting <ulink url=\"http://localhost/blog/wp-"
24768
25183
"mail and click Install WordPress."
24769
25184
msgstr ""
24770
25185
24771
#: serverguide/C/lamp-applications.xml:668(para)
25186
#: serverguide/C/lamp-applications.xml:520(para)
24772
25187
msgid ""
24773
25188
"Note the generated password (if applicable) and click the login password. "
24774
25189
"Your <application>WordPress</application> is now ready for use."
24775
25190
msgstr ""
24776
25191
24777
#: serverguide/C/lamp-applications.xml:678(ulink)
25192
#: serverguide/C/lamp-applications.xml:530(ulink)
24778
25193
msgid "WordPress.org Codex"
24779
25194
msgstr ""
24780
25195
24781
#: serverguide/C/lamp-applications.xml:683(ulink)
25196
#: serverguide/C/lamp-applications.xml:535(ulink)
24782
25197
msgid "Ubuntu Wiki WordPress"
24783
25198
msgstr ""
24784
25199
31198
31613
msgstr ""
31199
31614
31200
31615
#: serverguide/C/clustering.xml:135(command)
31201
msgid "sudo systemctl start drdb.service"
31616
msgid "sudo systemctl start drbd.service"
31202
31617
msgstr ""
31203
31618
31204
31619
#: serverguide/C/clustering.xml:141(para)
32946
33361
#~ msgid "sudo apt-get install samba"
32947
33362
#~ msgstr "sudo apt-get install samba"
32948
33363
33364
#~ msgid ""
33365
#~ "The main Samba configuration file is located in "
33366
#~ "<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
33367
#~ "a significant amount of comments in order to document various configuration "
33368
#~ "directives."
33369
#~ msgstr ""
33370
#~ "The main Samba configuration file is located in "
33371
#~ "<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
33372
#~ "a significant amount of comments in order to document various configuration "
33373
#~ "directives."
33374
32949
33375
#~ msgid "sudo chown nobody.nogroup /srv/samba/share/"
32950
33376
#~ msgstr "sudo chown nobody.nogroup /srv/samba/share/"
32951
33377
Loggerhead is a web-based interface for Breezy
Version: 2.0.1