~ahasenack/serverguide/use-sasl-external-for-config-changes-973981
» Revision
308
: serverguide/po/lt.po
« back to all changes in this revision
Viewing changes to serverguide/po/lt.po
- browse files at revision 308
- compare with another revision
- download diff
- download tarball
- view history from revision 308
- Committer: Doug Smythies
- Date: 2016-12-22 00:01:42 UTC
- Revision ID: dsmythies@telus.net-20161222000142-x81lfy023vauvtbh
update PO files. Serverguide 16.04 point release.
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/lt.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2016-05-13 09:11-0700\n"
10
"POT-Creation-Date: 2016-12-06 21:37-0800\n"
11
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Lithuanian <lt@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2016-05-13 21:07+0000\n"
18
"X-Generator: Launchpad (build 18025)\n"
17
"X-Launchpad-Export-Date: 2016-12-21 23:28+0000\n"
18
"X-Generator: Launchpad (build 18298)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
87
87
"for the development and deployment of Web-based applications."
88
88
msgstr ""
89
89
90
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:980(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:838(title) serverguide/C/virtualization.xml:1697(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2798(title) serverguide/C/network-auth.xml:3270(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:288(title) serverguide/C/lamp-applications.xml:435(title) serverguide/C/lamp-applications.xml:549(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
90
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:991(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:906(title) serverguide/C/virtualization.xml:1765(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2791(title) serverguide/C/network-auth.xml:3263(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:401(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
91
91
msgid "Installation"
92
92
msgstr "Įdiegimas"
93
93
105
105
msgid "sudo apt install apache2"
106
106
msgstr ""
107
107
108
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1007(title) serverguide/C/web-servers.xml:1110(title) serverguide/C/virtualization.xml:869(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2885(title) serverguide/C/network-auth.xml:3291(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:315(title) serverguide/C/lamp-applications.xml:465(title) serverguide/C/lamp-applications.xml:570(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
108
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1018(title) serverguide/C/web-servers.xml:1121(title) serverguide/C/virtualization.xml:937(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2878(title) serverguide/C/network-auth.xml:3284(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:317(title) serverguide/C/lamp-applications.xml:422(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
109
109
msgid "Configuration"
110
110
msgstr ""
111
111
342
342
msgid "sudo a2ensite mynewsite"
343
343
msgstr ""
344
344
345
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
345
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:462(command)
346
346
msgid "sudo systemctl restart apache2.service"
347
347
msgstr ""
348
348
733
733
"Access Control Lists (ACLs)."
734
734
msgstr ""
735
735
736
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:962(title) serverguide/C/web-servers.xml:1057(title) serverguide/C/web-servers.xml:1282(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
736
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:973(title) serverguide/C/web-servers.xml:1068(title) serverguide/C/web-servers.xml:1293(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:370(title) serverguide/C/lamp-applications.xml:525(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
737
737
msgid "References"
738
738
msgstr ""
739
739
956
956
msgstr ""
957
957
958
958
#: serverguide/C/web-servers.xml:863(command)
959
msgid "sudo apt install squid3"
959
msgid "sudo apt install squid"
960
960
msgstr ""
961
961
962
962
#: serverguide/C/web-servers.xml:869(para)
963
963
msgid ""
964
964
"Squid is configured by editing the directives contained within the "
965
"<filename>/etc/squid3/squid.conf</filename> configuration file. The "
966
"following examples illustrate some of the directives which may be modified "
967
"to affect the behavior of the Squid server. For more in-depth configuration "
968
"of Squid, see the References section."
965
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
966
"examples illustrate some of the directives which may be modified to affect "
967
"the behavior of the Squid server. For more in-depth configuration of Squid, "
968
"see the References section."
969
969
msgstr ""
970
970
971
971
#: serverguide/C/web-servers.xml:875(para)
977
977
msgstr ""
978
978
979
979
#: serverguide/C/web-servers.xml:881(command)
980
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
980
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
981
981
msgstr ""
982
982
983
983
#: serverguide/C/web-servers.xml:882(command)
984
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
984
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
985
985
msgstr ""
986
986
987
987
#: serverguide/C/web-servers.xml:889(para)
1022
1022
#: serverguide/C/web-servers.xml:912(para) serverguide/C/web-servers.xml:932(para)
1023
1023
msgid ""
1024
1024
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1025
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1025
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
1026
1026
msgstr ""
1027
1027
1028
1028
#: serverguide/C/web-servers.xml:915(programlisting)
1035
1035
#: serverguide/C/web-servers.xml:918(para) serverguide/C/web-servers.xml:939(para)
1036
1036
msgid ""
1037
1037
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1038
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1038
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
1039
1039
msgstr ""
1040
1040
1041
1041
#: serverguide/C/web-servers.xml:922(programlisting)
1071
1071
1072
1072
#: serverguide/C/web-servers.xml:950(para)
1073
1073
msgid ""
1074
"After making changes to the <filename>/etc/squid3/squid.conf</filename> "
1075
"file, save the file and restart the <application>squid</application> server "
1074
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
1075
"save the file and restart the <application>squid</application> server "
1076
1076
"application to effect the changes using the following command entered at a "
1077
1077
"terminal prompt:"
1078
1078
msgstr ""
1079
1079
1080
1080
#: serverguide/C/web-servers.xml:956(command)
1081
msgid "sudo systemctl restart squid3.service"
1082
msgstr ""
1083
1084
#: serverguide/C/web-servers.xml:964(ulink)
1081
msgid "sudo systemctl restart squid.service"
1082
msgstr ""
1083
1084
#: serverguide/C/web-servers.xml:961(para)
1085
msgid ""
1086
"If formerly a customized squid3 was used that set up the spool at "
1087
"<filename>/var/log/squid3</filename> to be a mountpoint, but otherwise kept "
1088
"the default configuration the upgrade will fail. The upgrade tries to "
1089
"rename/move files as needed, but it can't do so for an active mountpoint. In "
1090
"that case please either adapt the mountpoint or the config in "
1091
"<filename>/etc/squid/squid.conf</filename> so that they match."
1092
msgstr ""
1093
1094
#: serverguide/C/web-servers.xml:966(para)
1095
msgid ""
1096
"The same applies if the <emphasis role=\"bold\">include</emphasis> config "
1097
"statement was used to pull in more files from the old path at "
1098
"<filename>/etc/squid3/</filename>. In those cases you should move and adapt "
1099
"your configuration accordingly."
1100
msgstr ""
1101
1102
#: serverguide/C/web-servers.xml:975(ulink)
1085
1103
msgid "Squid Website"
1086
1104
msgstr ""
1087
1105
1088
#: serverguide/C/web-servers.xml:966(para)
1106
#: serverguide/C/web-servers.xml:977(para)
1089
1107
msgid ""
1090
1108
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1091
1109
"Squid</ulink> page."
1092
1110
msgstr ""
1093
1111
1094
#: serverguide/C/web-servers.xml:973(title)
1112
#: serverguide/C/web-servers.xml:984(title)
1095
1113
msgid "Ruby on Rails"
1096
1114
msgstr ""
1097
1115
1098
#: serverguide/C/web-servers.xml:974(para)
1116
#: serverguide/C/web-servers.xml:985(para)
1099
1117
msgid ""
1100
1118
"Ruby on Rails is an open source web framework for developing database backed "
1101
1119
"web applications. It is optimized for sustainable productivity of the "
1103
1121
"convention over configuration."
1104
1122
msgstr ""
1105
1123
1106
#: serverguide/C/web-servers.xml:981(para)
1124
#: serverguide/C/web-servers.xml:992(para)
1107
1125
msgid ""
1108
1126
"Before installing <application>Rails</application> you should install "
1109
1127
"<application>Apache</application> and <application>MySQL</application>. To "
1112
1130
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1113
1131
msgstr ""
1114
1132
1115
#: serverguide/C/web-servers.xml:989(para)
1133
#: serverguide/C/web-servers.xml:1000(para)
1116
1134
msgid ""
1117
1135
"Once you have <application>Apache</application> and "
1118
1136
"<application>MySQL</application> packages installed, you are ready to "
1119
1137
"install <application>Ruby on Rails</application> package."
1120
1138
msgstr ""
1121
1139
1122
#: serverguide/C/web-servers.xml:996(para)
1140
#: serverguide/C/web-servers.xml:1007(para)
1123
1141
msgid ""
1124
1142
"To install the <application>Ruby</application> base packages and "
1125
1143
"<application>Ruby on Rails</application>, you can enter the following "
1126
1144
"command in the terminal prompt:"
1127
1145
msgstr ""
1128
1146
1129
#: serverguide/C/web-servers.xml:1002(command)
1147
#: serverguide/C/web-servers.xml:1013(command)
1130
1148
msgid "sudo apt install rails"
1131
1149
msgstr ""
1132
1150
1133
#: serverguide/C/web-servers.xml:1008(para)
1151
#: serverguide/C/web-servers.xml:1019(para)
1134
1152
msgid ""
1135
1153
"Modify the <filename>/etc/apache2/sites-available/000-"
1136
1154
"default.conf</filename> configuration file to setup your domains."
1137
1155
msgstr ""
1138
1156
1139
#: serverguide/C/web-servers.xml:1012(para)
1157
#: serverguide/C/web-servers.xml:1023(para)
1140
1158
msgid ""
1141
1159
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1142
1160
msgstr ""
1143
1161
1144
#: serverguide/C/web-servers.xml:1016(programlisting)
1162
#: serverguide/C/web-servers.xml:1027(programlisting)
1145
1163
#, no-wrap
1146
1164
msgid ""
1147
1165
"\n"
1148
1166
"DocumentRoot /path/to/rails/application/public\n"
1149
1167
msgstr ""
1150
1168
1151
#: serverguide/C/web-servers.xml:1019(para)
1169
#: serverguide/C/web-servers.xml:1030(para)
1152
1170
msgid ""
1153
1171
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1154
1172
"directive:"
1155
1173
msgstr ""
1156
1174
1157
#: serverguide/C/web-servers.xml:1023(programlisting)
1175
#: serverguide/C/web-servers.xml:1034(programlisting)
1158
1176
#, no-wrap
1159
1177
msgid ""
1160
1178
"\n"
1167
1185
"</Directory>\n"
1168
1186
msgstr ""
1169
1187
1170
#: serverguide/C/web-servers.xml:1033(para)
1188
#: serverguide/C/web-servers.xml:1044(para)
1171
1189
msgid ""
1172
1190
"You should also enable the <application>mod_rewrite</application> module for "
1173
1191
"Apache. To enable <application>mod_rewrite</application> module, please "
1174
1192
"enter the following command in a terminal prompt:"
1175
1193
msgstr ""
1176
1194
1177
#: serverguide/C/web-servers.xml:1039(command)
1195
#: serverguide/C/web-servers.xml:1050(command)
1178
1196
msgid "sudo a2enmod rewrite"
1179
1197
msgstr ""
1180
1198
1181
#: serverguide/C/web-servers.xml:1042(para)
1199
#: serverguide/C/web-servers.xml:1053(para)
1182
1200
msgid ""
1183
1201
"Finally you will need to change the ownership of the "
1184
1202
"<filename>/path/to/rails/application/public</filename> and "
1186
1204
"used to run the <application>Apache</application> process:"
1187
1205
msgstr ""
1188
1206
1189
#: serverguide/C/web-servers.xml:1048(command)
1207
#: serverguide/C/web-servers.xml:1059(command)
1190
1208
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1191
1209
msgstr ""
1192
1210
1193
#: serverguide/C/web-servers.xml:1049(command)
1211
#: serverguide/C/web-servers.xml:1060(command)
1194
1212
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1195
1213
msgstr ""
1196
1214
1197
#: serverguide/C/web-servers.xml:1052(para)
1215
#: serverguide/C/web-servers.xml:1063(para)
1198
1216
msgid ""
1199
1217
"That's it! Now you have your Server ready for your <application>Ruby on "
1200
1218
"Rails</application> applications."
1201
1219
msgstr ""
1202
1220
1203
#: serverguide/C/web-servers.xml:1061(para)
1221
#: serverguide/C/web-servers.xml:1072(para)
1204
1222
msgid ""
1205
1223
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1206
1224
"for more information."
1207
1225
msgstr ""
1208
1226
1209
#: serverguide/C/web-servers.xml:1066(para)
1227
#: serverguide/C/web-servers.xml:1077(para)
1210
1228
msgid ""
1211
1229
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1212
1230
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1213
1231
"resource."
1214
1232
msgstr ""
1215
1233
1216
#: serverguide/C/web-servers.xml:1072(para)
1234
#: serverguide/C/web-servers.xml:1083(para)
1217
1235
msgid ""
1218
1236
"Another place for more information is the <ulink "
1219
1237
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1220
1238
"Wiki</ulink> page."
1221
1239
msgstr ""
1222
1240
1223
#: serverguide/C/web-servers.xml:1083(title)
1241
#: serverguide/C/web-servers.xml:1094(title)
1224
1242
msgid "Apache Tomcat"
1225
1243
msgstr ""
1226
1244
1227
#: serverguide/C/web-servers.xml:1084(para)
1245
#: serverguide/C/web-servers.xml:1095(para)
1228
1246
msgid ""
1229
1247
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1230
1248
"JSP (Java Server Pages) web applications."
1231
1249
msgstr ""
1232
1250
1233
#: serverguide/C/web-servers.xml:1086(para)
1251
#: serverguide/C/web-servers.xml:1097(para)
1234
1252
msgid ""
1235
1253
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1236
1254
"legacy version, and Tomcat 7 is the current version where new features are "
1238
1256
"but most configuration details are valid for both versions."
1239
1257
msgstr ""
1240
1258
1241
#: serverguide/C/web-servers.xml:1089(para)
1259
#: serverguide/C/web-servers.xml:1100(para)
1242
1260
msgid ""
1243
1261
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1244
1262
"You can install them as a classic unique system-wide instance, that will be "
1249
1267
"need to test on their own private Tomcat instances."
1250
1268
msgstr ""
1251
1269
1252
#: serverguide/C/web-servers.xml:1099(title)
1270
#: serverguide/C/web-servers.xml:1110(title)
1253
1271
msgid "System-wide installation"
1254
1272
msgstr ""
1255
1273
1256
#: serverguide/C/web-servers.xml:1100(para)
1274
#: serverguide/C/web-servers.xml:1111(para)
1257
1275
msgid ""
1258
1276
"To install the Tomcat server, you can enter the following command in the "
1259
1277
"terminal prompt:"
1260
1278
msgstr ""
1261
1279
1262
#: serverguide/C/web-servers.xml:1103(command)
1280
#: serverguide/C/web-servers.xml:1114(command)
1263
1281
msgid "sudo apt install tomcat7"
1264
1282
msgstr ""
1265
1283
1266
#: serverguide/C/web-servers.xml:1105(para)
1284
#: serverguide/C/web-servers.xml:1116(para)
1267
1285
msgid ""
1268
1286
"This will install a Tomcat server with just a default ROOT webapp that "
1269
1287
"displays a minimal \"It works\" page by default."
1270
1288
msgstr ""
1271
1289
1272
#: serverguide/C/web-servers.xml:1111(para)
1290
#: serverguide/C/web-servers.xml:1122(para)
1273
1291
msgid ""
1274
1292
"Tomcat configuration files can be found in "
1275
1293
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1278
1296
"documentation</ulink> for more."
1279
1297
msgstr ""
1280
1298
1281
#: serverguide/C/web-servers.xml:1117(title)
1299
#: serverguide/C/web-servers.xml:1128(title)
1282
1300
msgid "Changing default ports"
1283
1301
msgstr ""
1284
1302
1285
#: serverguide/C/web-servers.xml:1118(para)
1303
#: serverguide/C/web-servers.xml:1129(para)
1286
1304
msgid ""
1287
1305
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1288
1306
"port 8009. You might want to change those default ports to avoid conflict "
1290
1308
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1291
1309
msgstr ""
1292
1310
1293
#: serverguide/C/web-servers.xml:1123(programlisting)
1311
#: serverguide/C/web-servers.xml:1134(programlisting)
1294
1312
#, no-wrap
1295
1313
msgid ""
1296
1314
"\n"
1302
1320
"/>\n"
1303
1321
msgstr ""
1304
1322
1305
#: serverguide/C/web-servers.xml:1132(title)
1323
#: serverguide/C/web-servers.xml:1143(title)
1306
1324
msgid "Changing JVM used"
1307
1325
msgstr ""
1308
1326
1309
#: serverguide/C/web-servers.xml:1133(para)
1327
#: serverguide/C/web-servers.xml:1144(para)
1310
1328
msgid ""
1311
1329
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1312
1330
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1313
1331
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1314
1332
msgstr ""
1315
1333
1316
#: serverguide/C/web-servers.xml:1137(programlisting)
1334
#: serverguide/C/web-servers.xml:1148(programlisting)
1317
1335
#, no-wrap
1318
1336
msgid ""
1319
1337
"\n"
1320
1338
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1321
1339
msgstr ""
1322
1340
1323
#: serverguide/C/web-servers.xml:1142(title)
1341
#: serverguide/C/web-servers.xml:1153(title)
1324
1342
msgid "Declaring users and roles"
1325
1343
msgstr ""
1326
1344
1327
#: serverguide/C/web-servers.xml:1143(para)
1345
#: serverguide/C/web-servers.xml:1154(para)
1328
1346
msgid ""
1329
1347
"Usernames, passwords and roles (groups) can be defined centrally in a "
1330
1348
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1331
1349
"users.xml</filename> file:"
1332
1350
msgstr ""
1333
1351
1334
#: serverguide/C/web-servers.xml:1146(programlisting)
1352
#: serverguide/C/web-servers.xml:1157(programlisting)
1335
1353
#, no-wrap
1336
1354
msgid ""
1337
1355
"\n"
1339
1357
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1340
1358
msgstr ""
1341
1359
1342
#: serverguide/C/web-servers.xml:1154(title)
1360
#: serverguide/C/web-servers.xml:1165(title)
1343
1361
msgid "Using Tomcat standard webapps"
1344
1362
msgstr ""
1345
1363
1346
#: serverguide/C/web-servers.xml:1155(para)
1364
#: serverguide/C/web-servers.xml:1166(para)
1347
1365
msgid ""
1348
1366
"Tomcat is shipped with webapps that you can install for documentation, "
1349
1367
"administration or demo purposes."
1350
1368
msgstr ""
1351
1369
1352
#: serverguide/C/web-servers.xml:1158(title)
1370
#: serverguide/C/web-servers.xml:1169(title)
1353
1371
msgid "Tomcat documentation"
1354
1372
msgstr ""
1355
1373
1356
#: serverguide/C/web-servers.xml:1159(para)
1374
#: serverguide/C/web-servers.xml:1170(para)
1357
1375
msgid ""
1358
1376
"The <application>tomcat7-docs</application> package contains Tomcat "
1359
1377
"documentation, packaged as a webapp that you can access by default at "
1361
1379
"command in the terminal prompt:"
1362
1380
msgstr ""
1363
1381
1364
#: serverguide/C/web-servers.xml:1164(command)
1382
#: serverguide/C/web-servers.xml:1175(command)
1365
1383
msgid "sudo apt install tomcat7-docs"
1366
1384
msgstr ""
1367
1385
1368
#: serverguide/C/web-servers.xml:1168(title)
1386
#: serverguide/C/web-servers.xml:1179(title)
1369
1387
msgid "Tomcat administration webapps"
1370
1388
msgstr ""
1371
1389
1372
#: serverguide/C/web-servers.xml:1169(para)
1390
#: serverguide/C/web-servers.xml:1180(para)
1373
1391
msgid ""
1374
1392
"The <application>tomcat7-admin</application> package contains two webapps "
1375
1393
"that can be used to administer the Tomcat server using a web interface. You "
1376
1394
"can install them by entering the following command in the terminal prompt:"
1377
1395
msgstr ""
1378
1396
1379
#: serverguide/C/web-servers.xml:1174(command)
1397
#: serverguide/C/web-servers.xml:1185(command)
1380
1398
msgid "sudo apt install tomcat7-admin"
1381
1399
msgstr ""
1382
1400
1383
#: serverguide/C/web-servers.xml:1176(para)
1401
#: serverguide/C/web-servers.xml:1187(para)
1384
1402
msgid ""
1385
1403
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1386
1404
"access by default at http://yourserver:8080/manager/html. It is primarily "
1387
1405
"used to get server status and restart webapps."
1388
1406
msgstr ""
1389
1407
1390
#: serverguide/C/web-servers.xml:1179(para)
1408
#: serverguide/C/web-servers.xml:1190(para)
1391
1409
msgid ""
1392
1410
"Access to the <emphasis>manager</emphasis> application is protected by "
1393
1411
"default: you need to define a user with the role \"manager-gui\" in "
1394
1412
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1395
1413
msgstr ""
1396
1414
1397
#: serverguide/C/web-servers.xml:1183(para)
1415
#: serverguide/C/web-servers.xml:1194(para)
1398
1416
msgid ""
1399
1417
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1400
1418
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1401
1419
"used to create virtual hosts dynamically."
1402
1420
msgstr ""
1403
1421
1404
#: serverguide/C/web-servers.xml:1187(para)
1422
#: serverguide/C/web-servers.xml:1198(para)
1405
1423
msgid ""
1406
1424
"Access to the <emphasis>host-manager</emphasis> application is also "
1407
1425
"protected by default: you need to define a user with the role \"admin-gui\" "
1409
1427
"it."
1410
1428
msgstr ""
1411
1429
1412
#: serverguide/C/web-servers.xml:1192(para)
1430
#: serverguide/C/web-servers.xml:1203(para)
1413
1431
msgid ""
1414
1432
"For security reasons, the tomcat7 user cannot write to the "
1415
1433
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1418
1436
"the following, to give users in the tomcat7 group the necessary rights:"
1419
1437
msgstr ""
1420
1438
1421
#: serverguide/C/web-servers.xml:1199(command)
1439
#: serverguide/C/web-servers.xml:1210(command)
1422
1440
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1423
1441
msgstr ""
1424
1442
1425
#: serverguide/C/web-servers.xml:1200(command)
1443
#: serverguide/C/web-servers.xml:1211(command)
1426
1444
msgid "sudo chmod -R g+w /etc/tomcat7"
1427
1445
msgstr ""
1428
1446
1429
#: serverguide/C/web-servers.xml:1205(title)
1447
#: serverguide/C/web-servers.xml:1216(title)
1430
1448
msgid "Tomcat examples webapps"
1431
1449
msgstr ""
1432
1450
1433
#: serverguide/C/web-servers.xml:1206(para)
1451
#: serverguide/C/web-servers.xml:1217(para)
1434
1452
msgid ""
1435
1453
"The <application>tomcat7-examples</application> package contains two webapps "
1436
1454
"that can be used to test or demonstrate Servlets and JSP features, which you "
1438
1456
"install them by entering the following command in the terminal prompt:"
1439
1457
msgstr ""
1440
1458
1441
#: serverguide/C/web-servers.xml:1212(command)
1459
#: serverguide/C/web-servers.xml:1223(command)
1442
1460
msgid "sudo apt install tomcat7-examples"
1443
1461
msgstr ""
1444
1462
1445
#: serverguide/C/web-servers.xml:1218(title)
1463
#: serverguide/C/web-servers.xml:1229(title)
1446
1464
msgid "Using private instances"
1447
1465
msgstr ""
1448
1466
1449
#: serverguide/C/web-servers.xml:1219(para)
1467
#: serverguide/C/web-servers.xml:1230(para)
1450
1468
msgid ""
1451
1469
"Tomcat is heavily used in development and testing scenarios where using a "
1452
1470
"single system-wide instance doesn't meet the requirements of multiple users "
1456
1474
"system-installed libraries."
1457
1475
msgstr ""
1458
1476
1459
#: serverguide/C/web-servers.xml:1226(para)
1477
#: serverguide/C/web-servers.xml:1237(para)
1460
1478
msgid ""
1461
1479
"It is possible to run the system-wide instance and the private instances in "
1462
1480
"parallel, as long as they do not use the same TCP ports."
1463
1481
msgstr ""
1464
1482
1465
#: serverguide/C/web-servers.xml:1230(title)
1483
#: serverguide/C/web-servers.xml:1241(title)
1466
1484
msgid "Installing private instance support"
1467
1485
msgstr ""
1468
1486
1469
#: serverguide/C/web-servers.xml:1231(para)
1487
#: serverguide/C/web-servers.xml:1242(para)
1470
1488
msgid ""
1471
1489
"You can install everything necessary to run private instances by entering "
1472
1490
"the following command in the terminal prompt:"
1473
1491
msgstr ""
1474
1492
1475
#: serverguide/C/web-servers.xml:1234(command)
1493
#: serverguide/C/web-servers.xml:1245(command)
1476
1494
msgid "sudo apt install tomcat7-user"
1477
1495
msgstr ""
1478
1496
1479
#: serverguide/C/web-servers.xml:1238(title)
1497
#: serverguide/C/web-servers.xml:1249(title)
1480
1498
msgid "Creating a private instance"
1481
1499
msgstr ""
1482
1500
1483
#: serverguide/C/web-servers.xml:1239(para)
1501
#: serverguide/C/web-servers.xml:1250(para)
1484
1502
msgid ""
1485
1503
"You can create a private instance directory by entering the following "
1486
1504
"command in the terminal prompt:"
1487
1505
msgstr ""
1488
1506
1489
#: serverguide/C/web-servers.xml:1242(command)
1507
#: serverguide/C/web-servers.xml:1253(command)
1490
1508
msgid "tomcat7-instance-create my-instance"
1491
1509
msgstr ""
1492
1510
1493
#: serverguide/C/web-servers.xml:1244(para)
1511
#: serverguide/C/web-servers.xml:1255(para)
1494
1512
msgid ""
1495
1513
"This will create a new <filename>my-instance</filename> directory with all "
1496
1514
"the necessary subdirectories and scripts. You can for example install your "
1499
1517
"are deployed by default."
1500
1518
msgstr ""
1501
1519
1502
#: serverguide/C/web-servers.xml:1252(title)
1520
#: serverguide/C/web-servers.xml:1263(title)
1503
1521
msgid "Configuring your private instance"
1504
1522
msgstr ""
1505
1523
1506
#: serverguide/C/web-servers.xml:1253(para)
1524
#: serverguide/C/web-servers.xml:1264(para)
1507
1525
msgid ""
1508
1526
"You will find the classic Tomcat configuration files for your private "
1509
1527
"instance in the <filename>conf/</filename> subdirectory. You should for "
1512
1530
"conflict with other instances that might be running."
1513
1531
msgstr ""
1514
1532
1515
#: serverguide/C/web-servers.xml:1261(title)
1533
#: serverguide/C/web-servers.xml:1272(title)
1516
1534
msgid "Starting/stopping your private instance"
1517
1535
msgstr ""
1518
1536
1519
#: serverguide/C/web-servers.xml:1262(para)
1537
#: serverguide/C/web-servers.xml:1273(para)
1520
1538
msgid ""
1521
1539
"You can start your private instance by entering the following command in the "
1522
1540
"terminal prompt (supposing your instance is located in the <filename>my-"
1523
1541
"instance</filename> directory):"
1524
1542
msgstr ""
1525
1543
1526
#: serverguide/C/web-servers.xml:1266(command)
1544
#: serverguide/C/web-servers.xml:1277(command)
1527
1545
msgid "my-instance/bin/startup.sh"
1528
1546
msgstr ""
1529
1547
1530
#: serverguide/C/web-servers.xml:1268(para)
1548
#: serverguide/C/web-servers.xml:1279(para)
1531
1549
msgid ""
1532
1550
"You should check the <filename>logs/</filename> subdirectory for any error. "
1533
1551
"If you have a <emphasis>java.net.BindException: Address already in "
1535
1553
"is already taken and that you should change it."
1536
1554
msgstr ""
1537
1555
1538
#: serverguide/C/web-servers.xml:1273(para)
1556
#: serverguide/C/web-servers.xml:1284(para)
1539
1557
msgid ""
1540
1558
"You can stop your instance by entering the following command in the terminal "
1541
1559
"prompt (supposing your instance is located in the <filename>my-"
1542
1560
"instance</filename> directory):"
1543
1561
msgstr ""
1544
1562
1545
#: serverguide/C/web-servers.xml:1277(command)
1563
#: serverguide/C/web-servers.xml:1288(command)
1546
1564
msgid "my-instance/bin/shutdown.sh"
1547
1565
msgstr ""
1548
1566
1549
#: serverguide/C/web-servers.xml:1286(para)
1567
#: serverguide/C/web-servers.xml:1297(para)
1550
1568
msgid ""
1551
1569
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1552
1570
"website for more information."
1553
1571
msgstr ""
1554
1572
1555
#: serverguide/C/web-servers.xml:1291(para)
1573
#: serverguide/C/web-servers.xml:1302(para)
1556
1574
msgid ""
1557
1575
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1558
1576
"Definitive Guide</ulink> is a good resource for building web applications "
1559
1577
"with Tomcat."
1560
1578
msgstr ""
1561
1579
1562
#: serverguide/C/web-servers.xml:1297(para)
1580
#: serverguide/C/web-servers.xml:1308(para)
1563
1581
msgid ""
1564
1582
"For additional books see the <ulink "
1565
1583
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
2956
2974
2957
2975
#: serverguide/C/virtualization.xml:95(para)
2958
2976
msgid ""
2977
"In more recent releases (>= Yakkety) the group was renamed to "
2978
"<emphasis>libvirt</emphasis>. Upgraded systems get a new "
2979
"<emphasis>libvirt</emphasis> group with the same gid as the "
2980
"<emphasis>libvirtd</emphasis> group to match that."
2981
msgstr ""
2982
2983
#: serverguide/C/virtualization.xml:98(para)
2984
msgid ""
2959
2985
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2960
2986
"Installing a virtual machine follows the same process as installing the "
2961
2987
"operating system directly on the hardware. You either need a way to automate "
2963
2989
"physical machine."
2964
2990
msgstr ""
2965
2991
2966
#: serverguide/C/virtualization.xml:101(para)
2992
#: serverguide/C/virtualization.xml:104(para)
2967
2993
msgid ""
2968
2994
"In the case of virtual machines a Graphical User Interface (GUI) is "
2969
2995
"analogous to using a physical keyboard and mouse. Instead of installing a "
2972
2998
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
2973
2999
msgstr ""
2974
3000
2975
#: serverguide/C/virtualization.xml:108(para)
3001
#: serverguide/C/virtualization.xml:111(para)
2976
3002
msgid ""
2977
3003
"There are several ways to automate the Ubuntu installation process, for "
2978
3004
"example using preseeds, kickstart, etc. Refer to the <ulink "
2980
3006
"Installation Guide</ulink> for details."
2981
3007
msgstr ""
2982
3008
2983
#: serverguide/C/virtualization.xml:113(para)
3009
#: serverguide/C/virtualization.xml:116(para)
2984
3010
msgid ""
2985
3011
"Yet another way to install an Ubuntu virtual machine is to use "
2986
3012
"<application>uvtool</application>. This application, available as of 14.04, "
2988
3014
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2989
3015
msgstr ""
2990
3016
2991
#: serverguide/C/virtualization.xml:119(para)
3017
#: serverguide/C/virtualization.xml:122(para)
2992
3018
msgid ""
2993
3019
"Libvirt can also be configured work with <application>Xen</application>. For "
2994
3020
"details, see the Xen Ubuntu community page referenced below."
2995
3021
msgstr ""
2996
3022
2997
#: serverguide/C/virtualization.xml:125(title)
3023
#: serverguide/C/virtualization.xml:128(title)
2998
3024
msgid "virt-install"
2999
3025
msgstr ""
3000
3026
3001
#: serverguide/C/virtualization.xml:127(para)
3027
#: serverguide/C/virtualization.xml:130(para)
3002
3028
msgid ""
3003
3029
"<application>virt-install</application> is part of the "
3004
3030
"<application>virtinst</application> package. To install it, from a terminal "
3005
3031
"prompt enter:"
3006
3032
msgstr ""
3007
3033
3008
#: serverguide/C/virtualization.xml:132(command)
3034
#: serverguide/C/virtualization.xml:135(command)
3009
3035
msgid "sudo apt install virtinst"
3010
3036
msgstr ""
3011
3037
3012
#: serverguide/C/virtualization.xml:135(para)
3038
#: serverguide/C/virtualization.xml:138(para)
3013
3039
msgid ""
3014
3040
"There are several options available when using <application>virt-"
3015
3041
"install</application>. For example:"
3016
3042
msgstr ""
3017
3043
3018
#: serverguide/C/virtualization.xml:139(command)
3044
#: serverguide/C/virtualization.xml:142(command)
3019
3045
msgid ""
3020
3046
"sudo virt-install -n web_devel -r 256 \\ --disk "
3021
3047
"path=/var/lib/libvirt/images/web_devel.img,bus=virtio,size=4 -c \\ ubuntu-"
3023
3049
"vnc,listen=0.0.0.0 --noautoconsole -v"
3024
3050
msgstr ""
3025
3051
3026
#: serverguide/C/virtualization.xml:147(para)
3052
#: serverguide/C/virtualization.xml:150(para)
3027
3053
msgid ""
3028
3054
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3029
3055
"be <emphasis>web_devel</emphasis> in this example."
3030
3056
msgstr ""
3031
3057
3032
#: serverguide/C/virtualization.xml:153(para)
3058
#: serverguide/C/virtualization.xml:156(para)
3033
3059
msgid ""
3034
3060
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3035
3061
"machine will use in megabytes."
3036
3062
msgstr ""
3037
3063
3038
#: serverguide/C/virtualization.xml:158(para)
3064
#: serverguide/C/virtualization.xml:161(para)
3039
3065
msgid ""
3040
3066
"<emphasis>--disk "
3041
3067
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
3045
3071
"<emphasis>virtio</emphasis> for the disk bus."
3046
3072
msgstr ""
3047
3073
3048
#: serverguide/C/virtualization.xml:168(para)
3074
#: serverguide/C/virtualization.xml:171(para)
3049
3075
msgid ""
3050
3076
"<emphasis>-c ubuntu-16.04-server-i386.iso:</emphasis> file to be used as a "
3051
3077
"virtual CDROM. The file can be either an ISO file or the path to the host's "
3052
3078
"CDROM device."
3053
3079
msgstr ""
3054
3080
3055
#: serverguide/C/virtualization.xml:174(para)
3081
#: serverguide/C/virtualization.xml:177(para)
3056
3082
msgid ""
3057
3083
"<emphasis>--network</emphasis> provides details related to the VM's network "
3058
3084
"interface. Here the <emphasis>default</emphasis> network is used, and the "
3059
3085
"interface model is configured for <emphasis>virtio</emphasis>."
3060
3086
msgstr ""
3061
3087
3062
#: serverguide/C/virtualization.xml:181(para)
3088
#: serverguide/C/virtualization.xml:184(para)
3063
3089
msgid ""
3064
3090
"<emphasis>--graphics vnc,listen=0.0.0.0:</emphasis> exports the guest's "
3065
3091
"virtual console using VNC and on all host interfaces. Typically servers have "
3067
3093
"connect via VNC to complete the installation."
3068
3094
msgstr ""
3069
3095
3070
#: serverguide/C/virtualization.xml:189(para)
3096
#: serverguide/C/virtualization.xml:192(para)
3071
3097
msgid ""
3072
3098
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3073
3099
"virtual machine's console."
3074
3100
msgstr ""
3075
3101
3076
#: serverguide/C/virtualization.xml:194(para)
3102
#: serverguide/C/virtualization.xml:197(para)
3077
3103
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3078
3104
msgstr ""
3079
3105
3080
#: serverguide/C/virtualization.xml:199(para)
3106
#: serverguide/C/virtualization.xml:202(para)
3081
3107
msgid ""
3082
3108
"After launching <application>virt-install</application> you can connect to "
3083
3109
"the virtual machine's console either locally using a GUI (if your server has "
3084
3110
"a GUI), or via a remote VNC client from a GUI-based computer."
3085
3111
msgstr ""
3086
3112
3087
#: serverguide/C/virtualization.xml:206(title)
3113
#: serverguide/C/virtualization.xml:209(title)
3088
3114
msgid "virt-clone"
3089
3115
msgstr ""
3090
3116
3091
#: serverguide/C/virtualization.xml:208(para)
3117
#: serverguide/C/virtualization.xml:211(para)
3092
3118
msgid ""
3093
3119
"The <application>virt-clone</application> application can be used to copy "
3094
3120
"one virtual machine to another. For example:"
3095
3121
msgstr ""
3096
3122
3097
#: serverguide/C/virtualization.xml:212(command)
3123
#: serverguide/C/virtualization.xml:215(command)
3098
3124
msgid ""
3099
"sudo virt-clone -o web_devel -n database_devel -f "
3100
"/path/to/database_devel.img \\ --connect=qemu:///system"
3125
"sudo virt-clone -o web_devel -n database_devel -f /path/to/database_devel.img"
3101
3126
msgstr ""
3102
3127
3103
#: serverguide/C/virtualization.xml:218(para)
3128
#: serverguide/C/virtualization.xml:220(para)
3104
3129
msgid "<emphasis>-o:</emphasis> original virtual machine."
3105
3130
msgstr ""
3106
3131
3107
#: serverguide/C/virtualization.xml:222(para)
3132
#: serverguide/C/virtualization.xml:224(para)
3108
3133
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3109
3134
msgstr ""
3110
3135
3111
#: serverguide/C/virtualization.xml:227(para)
3136
#: serverguide/C/virtualization.xml:229(para)
3112
3137
msgid ""
3113
3138
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3114
3139
"be used by the new virtual machine."
3115
3140
msgstr ""
3116
3141
3117
#: serverguide/C/virtualization.xml:232(para)
3118
msgid ""
3119
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3120
msgstr ""
3121
3122
#: serverguide/C/virtualization.xml:237(para)
3142
#: serverguide/C/virtualization.xml:234(para)
3123
3143
msgid ""
3124
3144
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3125
3145
"help troubleshoot problems with <application>virt-clone</application>."
3126
3146
msgstr ""
3127
3147
3128
#: serverguide/C/virtualization.xml:242(para)
3148
#: serverguide/C/virtualization.xml:239(para)
3129
3149
msgid ""
3130
3150
"Replace <emphasis>web_devel</emphasis> and "
3131
3151
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3132
3152
msgstr ""
3133
3153
3154
#: serverguide/C/virtualization.xml:246(title)
3155
msgid "Virtual Machine Management"
3156
msgstr ""
3157
3134
3158
#: serverguide/C/virtualization.xml:249(title)
3135
msgid "Virtual Machine Management"
3136
msgstr ""
3137
3138
#: serverguide/C/virtualization.xml:252(title)
3139
3159
msgid "virsh"
3140
3160
msgstr ""
3141
3161
3142
#: serverguide/C/virtualization.xml:254(para)
3162
#: serverguide/C/virtualization.xml:251(para)
3143
3163
msgid ""
3144
3164
"There are several utilities available to manage virtual machines and "
3145
3165
"<application>libvirt</application>. The <application>virsh</application> "
3146
3166
"utility can be used from the command line. Some examples:"
3147
3167
msgstr ""
3148
3168
3149
#: serverguide/C/virtualization.xml:261(para)
3169
#: serverguide/C/virtualization.xml:258(para)
3150
3170
msgid "To list running virtual machines:"
3151
3171
msgstr ""
3152
3172
3153
#: serverguide/C/virtualization.xml:264(command)
3154
msgid "virsh -c qemu:///system list"
3173
#: serverguide/C/virtualization.xml:261(command)
3174
msgid "virsh list"
3155
3175
msgstr ""
3156
3176
3157
#: serverguide/C/virtualization.xml:269(para)
3177
#: serverguide/C/virtualization.xml:266(para)
3158
3178
msgid "To start a virtual machine:"
3159
3179
msgstr ""
3160
3180
3161
#: serverguide/C/virtualization.xml:272(command)
3162
msgid "virsh -c qemu:///system start web_devel"
3181
#: serverguide/C/virtualization.xml:269(command)
3182
msgid "virsh start web_devel"
3163
3183
msgstr ""
3164
3184
3165
#: serverguide/C/virtualization.xml:277(para)
3185
#: serverguide/C/virtualization.xml:274(para)
3166
3186
msgid "Similarly, to start a virtual machine at boot:"
3167
3187
msgstr ""
3168
3188
3169
#: serverguide/C/virtualization.xml:280(command)
3170
msgid "virsh -c qemu:///system autostart web_devel"
3189
#: serverguide/C/virtualization.xml:277(command)
3190
msgid "virsh autostart web_devel"
3171
3191
msgstr ""
3172
3192
3173
#: serverguide/C/virtualization.xml:285(para)
3193
#: serverguide/C/virtualization.xml:282(para)
3174
3194
msgid "Reboot a virtual machine with:"
3175
3195
msgstr ""
3176
3196
3177
#: serverguide/C/virtualization.xml:288(command)
3178
msgid "virsh -c qemu:///system reboot web_devel"
3197
#: serverguide/C/virtualization.xml:285(command)
3198
msgid "virsh reboot web_devel"
3179
3199
msgstr ""
3180
3200
3181
#: serverguide/C/virtualization.xml:293(para)
3201
#: serverguide/C/virtualization.xml:290(para)
3182
3202
msgid ""
3183
3203
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3184
3204
"order to be restored later. The following will save the virtual machine "
3185
3205
"state into a file named according to the date:"
3186
3206
msgstr ""
3187
3207
3188
#: serverguide/C/virtualization.xml:299(command)
3189
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3208
#: serverguide/C/virtualization.xml:296(command)
3209
msgid "virsh save web_devel web_devel-022708.state"
3190
3210
msgstr ""
3191
3211
3192
#: serverguide/C/virtualization.xml:302(para)
3212
#: serverguide/C/virtualization.xml:299(para)
3193
3213
msgid "Once saved the virtual machine will no longer be running."
3194
3214
msgstr ""
3195
3215
3196
#: serverguide/C/virtualization.xml:307(para)
3216
#: serverguide/C/virtualization.xml:304(para)
3197
3217
msgid "A saved virtual machine can be restored using:"
3198
3218
msgstr ""
3199
3219
3200
#: serverguide/C/virtualization.xml:310(command)
3201
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3220
#: serverguide/C/virtualization.xml:307(command)
3221
msgid "virsh restore web_devel-022708.state"
3202
3222
msgstr ""
3203
3223
3204
#: serverguide/C/virtualization.xml:315(para)
3224
#: serverguide/C/virtualization.xml:312(para)
3205
3225
msgid "To shutdown a virtual machine do:"
3206
3226
msgstr ""
3207
3227
3208
#: serverguide/C/virtualization.xml:318(command)
3209
msgid "virsh -c qemu:///system shutdown web_devel"
3228
#: serverguide/C/virtualization.xml:315(command)
3229
msgid "virsh shutdown web_devel"
3210
3230
msgstr ""
3211
3231
3212
#: serverguide/C/virtualization.xml:323(para)
3232
#: serverguide/C/virtualization.xml:320(para)
3213
3233
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3214
3234
msgstr ""
3215
3235
3216
#: serverguide/C/virtualization.xml:327(command)
3217
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3236
#: serverguide/C/virtualization.xml:324(command)
3237
msgid "virsh attach-disk web_devel /dev/cdrom /media/cdrom"
3218
3238
msgstr ""
3219
3239
3220
#: serverguide/C/virtualization.xml:333(para)
3240
#: serverguide/C/virtualization.xml:330(para)
3221
3241
msgid ""
3222
3242
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3223
3243
"appropriate virtual machine name, and <filename>web_devel-"
3224
3244
"022708.state</filename> with a descriptive file name."
3225
3245
msgstr ""
3226
3246
3247
#: serverguide/C/virtualization.xml:334(para)
3248
msgid ""
3249
"If virsh (or other vir* tools) shall connect to something else than the "
3250
"default qemu-kvm/system hipervisor one can find alternatives for the "
3251
"<emphasis>connect</emphasis> option in <emphasis>man virsh</emphasis> or "
3252
"<ulink url=\"http://libvirt.org/uri.html\">libvirt doc</ulink>"
3253
msgstr ""
3254
3227
3255
#: serverguide/C/virtualization.xml:341(title)
3256
msgid "migration"
3257
msgstr ""
3258
3259
#: serverguide/C/virtualization.xml:342(para)
3260
msgid ""
3261
"There are different types of migration available depending on the versions "
3262
"of libvirt and the hipervisor being used. In general those types are:"
3263
msgstr ""
3264
3265
#: serverguide/C/virtualization.xml:345(ulink)
3266
msgid "offline migration"
3267
msgstr ""
3268
3269
#: serverguide/C/virtualization.xml:346(ulink)
3270
msgid "live migration"
3271
msgstr ""
3272
3273
#: serverguide/C/virtualization.xml:347(ulink)
3274
msgid "postcopy migration"
3275
msgstr ""
3276
3277
#: serverguide/C/virtualization.xml:349(para)
3278
msgid ""
3279
"There are various options to those methods, but the entry point for all of "
3280
"them is <emphasis>virsh migrate</emphasis>. Read the integrated help for "
3281
"more detail."
3282
msgstr ""
3283
3284
#: serverguide/C/virtualization.xml:350(command)
3285
msgid "virsh migrate --help"
3286
msgstr ""
3287
3288
#: serverguide/C/virtualization.xml:351(para)
3289
msgid ""
3290
"Some useful documentation on constraints and considerations about live "
3291
"migration can be found at the <ulink "
3292
"url=\"https://wiki.ubuntu.com/QemuKVMMigration\">Ubuntu Wiki</ulink>"
3293
msgstr ""
3294
3295
#: serverguide/C/virtualization.xml:355(title)
3228
3296
msgid "Virtual Machine Manager"
3229
3297
msgstr ""
3230
3298
3231
#: serverguide/C/virtualization.xml:343(para)
3299
#: serverguide/C/virtualization.xml:357(para)
3232
3300
msgid ""
3233
3301
"The <application>virt-manager</application> package contains a graphical "
3234
3302
"utility to manage local and remote virtual machines. To install virt-manager "
3235
3303
"enter:"
3236
3304
msgstr ""
3237
3305
3238
#: serverguide/C/virtualization.xml:348(command)
3306
#: serverguide/C/virtualization.xml:362(command)
3239
3307
msgid "sudo apt install virt-manager"
3240
3308
msgstr ""
3241
3309
3242
#: serverguide/C/virtualization.xml:351(para)
3310
#: serverguide/C/virtualization.xml:365(para)
3243
3311
msgid ""
3244
3312
"Since <application>virt-manager</application> requires a Graphical User "
3245
3313
"Interface (GUI) environment it is recommended to be installed on a "
3247
3315
"the local <application>libvirt</application> service enter:"
3248
3316
msgstr ""
3249
3317
3250
#: serverguide/C/virtualization.xml:358(command)
3318
#: serverguide/C/virtualization.xml:372(command)
3251
3319
msgid "virt-manager -c qemu:///system"
3252
3320
msgstr ""
3253
3321
3254
#: serverguide/C/virtualization.xml:361(para)
3322
#: serverguide/C/virtualization.xml:375(para)
3255
3323
msgid ""
3256
3324
"You can connect to the <application>libvirt</application> service running on "
3257
3325
"another host by entering the following in a terminal prompt:"
3258
3326
msgstr ""
3259
3327
3260
#: serverguide/C/virtualization.xml:366(command)
3328
#: serverguide/C/virtualization.xml:380(command)
3261
3329
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3262
3330
msgstr ""
3263
3331
3264
#: serverguide/C/virtualization.xml:370(para)
3332
#: serverguide/C/virtualization.xml:384(para)
3265
3333
msgid ""
3266
3334
"The above example assumes that <application>SSH</application> connectivity "
3267
3335
"between the management system and virtnode1.mydomain.com has already been "
3272
3340
"linkend=\"openssh-server\"/>"
3273
3341
msgstr ""
3274
3342
3275
#: serverguide/C/virtualization.xml:383(title)
3343
#: serverguide/C/virtualization.xml:397(title)
3276
3344
msgid "Virtual Machine Viewer"
3277
3345
msgstr ""
3278
3346
3279
#: serverguide/C/virtualization.xml:385(para)
3347
#: serverguide/C/virtualization.xml:399(para)
3280
3348
msgid ""
3281
3349
"The <application>virt-viewer</application> application allows you to connect "
3282
3350
"to a virtual machine's console. <application>virt-viewer</application> does "
3284
3352
"machine."
3285
3353
msgstr ""
3286
3354
3287
#: serverguide/C/virtualization.xml:390(para)
3355
#: serverguide/C/virtualization.xml:404(para)
3288
3356
msgid ""
3289
3357
"To install <application>virt-viewer</application> from a terminal enter:"
3290
3358
msgstr ""
3291
3359
3292
#: serverguide/C/virtualization.xml:394(command)
3360
#: serverguide/C/virtualization.xml:408(command)
3293
3361
msgid "sudo apt install virt-viewer"
3294
3362
msgstr ""
3295
3363
3296
#: serverguide/C/virtualization.xml:397(para)
3364
#: serverguide/C/virtualization.xml:411(para)
3297
3365
msgid ""
3298
3366
"Once a virtual machine is installed and running you can connect to the "
3299
3367
"virtual machine's console by using:"
3300
3368
msgstr ""
3301
3369
3302
#: serverguide/C/virtualization.xml:401(command)
3303
msgid "virt-viewer -c qemu:///system web_devel"
3370
#: serverguide/C/virtualization.xml:415(command)
3371
msgid "virt-viewer web_devel"
3304
3372
msgstr ""
3305
3373
3306
#: serverguide/C/virtualization.xml:404(para)
3374
#: serverguide/C/virtualization.xml:418(para)
3307
3375
msgid ""
3308
3376
"Similar to <application>virt-manager</application>, <application>virt-"
3309
3377
"viewer</application> can connect to a remote host using "
3310
3378
"<emphasis>SSH</emphasis> with key authentication, as well:"
3311
3379
msgstr ""
3312
3380
3313
#: serverguide/C/virtualization.xml:409(command)
3381
#: serverguide/C/virtualization.xml:423(command)
3314
3382
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3315
3383
msgstr ""
3316
3384
3317
#: serverguide/C/virtualization.xml:412(para)
3385
#: serverguide/C/virtualization.xml:426(para)
3318
3386
msgid ""
3319
3387
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3320
3388
"appropriate virtual machine name."
3321
3389
msgstr ""
3322
3390
3323
#: serverguide/C/virtualization.xml:415(para)
3391
#: serverguide/C/virtualization.xml:429(para)
3324
3392
msgid ""
3325
3393
"If configured to use a <emphasis>bridged</emphasis> network interface you "
3326
3394
"can also setup <application>SSH</application> access to the virtual machine."
3327
3395
msgstr ""
3328
3396
3329
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:674(title) serverguide/C/virtualization.xml:745(title) serverguide/C/virtualization.xml:2680(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1691(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2673(title) serverguide/C/network-auth.xml:3389(title) serverguide/C/network-auth.xml:3942(title) serverguide/C/network-auth.xml:4177(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3397
#: serverguide/C/virtualization.xml:435(title) serverguide/C/virtualization.xml:742(title) serverguide/C/virtualization.xml:813(title) serverguide/C/virtualization.xml:2748(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1945(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2666(title) serverguide/C/network-auth.xml:3382(title) serverguide/C/network-auth.xml:3935(title) serverguide/C/network-auth.xml:4170(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3330
3398
msgid "Resources"
3331
3399
msgstr ""
3332
3400
3333
#: serverguide/C/virtualization.xml:425(para)
3401
#: serverguide/C/virtualization.xml:439(para)
3334
3402
msgid ""
3335
3403
"See the <ulink url=\"http://www.linux-kvm.org/\">KVM</ulink> home page for "
3336
3404
"more details."
3337
3405
msgstr ""
3338
3406
3339
#: serverguide/C/virtualization.xml:430(para)
3407
#: serverguide/C/virtualization.xml:444(para)
3340
3408
msgid ""
3341
3409
"For more information on <application>libvirt</application> see the <ulink "
3342
3410
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3343
3411
msgstr ""
3344
3412
3345
#: serverguide/C/virtualization.xml:436(para)
3413
#: serverguide/C/virtualization.xml:450(para)
3346
3414
msgid ""
3347
3415
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3348
3416
"site has more information on <application>virt-manager</application> "
3349
3417
"development."
3350
3418
msgstr ""
3351
3419
3352
#: serverguide/C/virtualization.xml:442(para)
3420
#: serverguide/C/virtualization.xml:456(para)
3353
3421
msgid ""
3354
3422
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3355
3423
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3356
3424
"technology in Ubuntu."
3357
3425
msgstr ""
3358
3426
3359
#: serverguide/C/virtualization.xml:448(para)
3427
#: serverguide/C/virtualization.xml:462(para)
3360
3428
msgid ""
3361
3429
"Another good resource is the <ulink "
3362
3430
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3363
3431
msgstr ""
3364
3432
3365
#: serverguide/C/virtualization.xml:454(para)
3433
#: serverguide/C/virtualization.xml:468(para)
3366
3434
msgid ""
3367
3435
"For information on Xen, including using Xen with libvirt, please see the "
3368
3436
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3369
3437
"page."
3370
3438
msgstr ""
3371
3439
3372
#: serverguide/C/virtualization.xml:464(title)
3440
#: serverguide/C/virtualization.xml:478(title)
3441
msgid "Qemu"
3442
msgstr ""
3443
3444
#: serverguide/C/virtualization.xml:479(para)
3445
msgid ""
3446
"<ulink url=\"http://wiki.qemu.org/Main_Page\">Qemu</ulink> is a machine "
3447
"emulator that can run operating systems and programs for one machine on a "
3448
"different machine. Mostly it is not used as emulator but as virtualizer in "
3449
"collaboration with KVM or XEN kernel components. In that case it utilizes "
3450
"the virtualization technology of the hardware to virtualize guests."
3451
msgstr ""
3452
3453
#: serverguide/C/virtualization.xml:483(para)
3454
msgid ""
3455
"While qemu has a <ulink url=\"http://wiki.qemu.org/download/qemu-"
3456
"doc.html#sec_005finvocation\">command line interface</ulink> and a <ulink "
3457
"url=\"http://wiki.qemu.org/download/qemu-"
3458
"doc.html#pcsys_005fmonitor\">monitor</ulink> to interact with running guests "
3459
"those is rarely used that way for other means than development purposes. "
3460
"<link linkend=\"libvirt\">Libvirt</link> provides an abstraction from "
3461
"specific versions and hiperviors and encapsulates some workarounds and best "
3462
"practises."
3463
msgstr ""
3464
3465
#: serverguide/C/virtualization.xml:488(title)
3466
msgid "Upgrading the machine type"
3467
msgstr ""
3468
3469
#: serverguide/C/virtualization.xml:489(para)
3470
msgid ""
3471
"This also is documented along some more constraints and considerations at "
3472
"the <ulink "
3473
"url=\"https://wiki.ubuntu.com/QemuKVMMigration#Upgrade_machine_type\">Ubuntu "
3474
"Wiki</ulink>"
3475
msgstr ""
3476
3477
#: serverguide/C/virtualization.xml:490(para)
3478
msgid ""
3479
"You might want to update your machine type of an existing defined guest to:"
3480
msgstr ""
3481
3482
#: serverguide/C/virtualization.xml:492(para)
3483
msgid "to pick up latest security fixes and features"
3484
msgstr ""
3485
3486
#: serverguide/C/virtualization.xml:493(para)
3487
msgid "continue using a guest created on a now unsupported release"
3488
msgstr ""
3489
3490
#: serverguide/C/virtualization.xml:495(para)
3491
msgid ""
3492
"In general it is recommended to update machine types when upgrading qemu/kvm "
3493
"to a new major version. But this can likely never be an automated task as "
3494
"this change is guest visible. The guest devices might change in appearance, "
3495
"new features will be announced to the guest and so on. Linux is usually very "
3496
"good at tolerating such changes, but it depends so much on the setup and "
3497
"workload of the guest that this has to be evaluated by the owner/admin of "
3498
"the system. Other operating systems where known to often have severe impacts "
3499
"by changing the hardware. Consider a machine type change similar to "
3500
"replacing all devices and firmware of a physical machine to the latest "
3501
"revision - all considerations that apply there apply to evaluating a machine "
3502
"type upgrade as well."
3503
msgstr ""
3504
3505
#: serverguide/C/virtualization.xml:496(para)
3506
msgid ""
3507
"As usual with major configuration changes it is wise to back up your guest "
3508
"definition and disk state to be able to do a rollback just in case. There is "
3509
"no integrated single command to update the machine type via virsh or similar "
3510
"tools. It is a normal part of your machine definition. And therefore updated "
3511
"the same way as most others."
3512
msgstr ""
3513
3514
#: serverguide/C/virtualization.xml:498(para)
3515
msgid "First shutdown your machine and wait until it has reached that state."
3516
msgstr ""
3517
3518
#: serverguide/C/virtualization.xml:499(screen)
3519
#, no-wrap
3520
msgid ""
3521
"\n"
3522
"virsh shutdown <yourmachine>\n"
3523
"# wait\n"
3524
"virsh list --inactive\n"
3525
"# should now list your machine as \"shut off\"\n"
3526
" "
3527
msgstr ""
3528
3529
#: serverguide/C/virtualization.xml:505(para)
3530
msgid ""
3531
"Then edit the machine definition and find the type in the type tag at the "
3532
"machine attribute."
3533
msgstr ""
3534
3535
#: serverguide/C/virtualization.xml:506(screen)
3536
#, no-wrap
3537
msgid ""
3538
"\n"
3539
"virsh edit <yourmachine>\n"
3540
"<type arch='x86_64' machine='pc-i440fx-xenial'>hvm</type>\n"
3541
" "
3542
msgstr ""
3543
3544
#: serverguide/C/virtualization.xml:510(para)
3545
msgid ""
3546
"Change this to the value you want. If you need to check what types are "
3547
"available via \"-M ?\" Note that while providing upstream types as "
3548
"convenience only Ubuntu types are supported. There you can also see what the "
3549
"current default would be. In general it is strongly recommended that you "
3550
"change to newer types if possible to exploit newer features, but also to "
3551
"benefit of bugfixes that only apply to the newer device virtualization."
3552
msgstr ""
3553
3554
#: serverguide/C/virtualization.xml:511(screen)
3555
#, no-wrap
3556
msgid ""
3557
"\n"
3558
"kvm -M ?\n"
3559
"# lists machine types, e.g.\n"
3560
"pc-i440fx-xenial Ubuntu 16.04 PC (i440FX + PIIX, 1996) (default)\n"
3561
"...\n"
3562
" "
3563
msgstr ""
3564
3565
#: serverguide/C/virtualization.xml:517(para)
3566
msgid ""
3567
"After this you can start your guest again. You can check the current machine "
3568
"type from guest and host depending on your needs."
3569
msgstr ""
3570
3571
#: serverguide/C/virtualization.xml:518(screen)
3572
#, no-wrap
3573
msgid ""
3574
"\n"
3575
"virsh start <yourmachine>\n"
3576
"# check from host, via dumping the active xml definition\n"
3577
"virsh dumpxml <yourmachine> | xmllint --xpath "
3578
"\"string(//domain/os/type/@machine)\" -\n"
3579
"# or from the guest via dmidecode\n"
3580
"sudo dmidecode | grep Product -A 1\n"
3581
" Product Name: Standard PC (i440FX + PIIX, 1996)\n"
3582
" Version: pc-i440fx-xenial\n"
3583
" "
3584
msgstr ""
3585
3586
#: serverguide/C/virtualization.xml:527(para)
3587
msgid ""
3588
"If you keep non-live definitions around like xml files remember to update "
3589
"those as well."
3590
msgstr ""
3591
3592
#: serverguide/C/virtualization.xml:532(title)
3373
3593
msgid "Cloud images and uvtool"
3374
3594
msgstr ""
3375
3595
3376
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3596
#: serverguide/C/virtualization.xml:535(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3377
3597
msgid "Introduction"
3378
3598
msgstr "Įvadas"
3379
3599
3380
#: serverguide/C/virtualization.xml:469(para)
3600
#: serverguide/C/virtualization.xml:537(para)
3381
3601
msgid ""
3382
3602
"With Ubuntu being one of the most used operating systems on many cloud "
3383
3603
"platforms, the availability of stable and secure cloud images has become "
3387
3607
"installation."
3388
3608
msgstr ""
3389
3609
3390
#: serverguide/C/virtualization.xml:477(title)
3610
#: serverguide/C/virtualization.xml:545(title)
3391
3611
msgid "Creating virtual machines using uvtool"
3392
3612
msgstr ""
3393
3613
3394
#: serverguide/C/virtualization.xml:479(para)
3614
#: serverguide/C/virtualization.xml:547(para)
3395
3615
msgid ""
3396
3616
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3397
3617
"of generating virtual machines (VM) using the cloud images. "
3398
"<application>uvtool</application> provides a simple mechanism to to "
3399
"synchronize cloud-images locally and use them to create new VMs in minutes."
3618
"<application>uvtool</application> provides a simple mechanism to synchronize "
3619
"cloud-images locally and use them to create new VMs in minutes."
3400
3620
msgstr ""
3401
3621
3402
#: serverguide/C/virtualization.xml:486(title)
3622
#: serverguide/C/virtualization.xml:554(title)
3403
3623
msgid "Uvtool packages"
3404
3624
msgstr ""
3405
3625
3406
#: serverguide/C/virtualization.xml:488(para)
3626
#: serverguide/C/virtualization.xml:556(para)
3407
3627
msgid ""
3408
3628
"The following packages and their dependencies will be required in order to "
3409
3629
"use uvtool:"
3410
3630
msgstr ""
3411
3631
3412
#: serverguide/C/virtualization.xml:495(para)
3632
#: serverguide/C/virtualization.xml:563(para)
3413
3633
msgid "uvtool"
3414
3634
msgstr ""
3415
3635
3416
#: serverguide/C/virtualization.xml:499(para)
3636
#: serverguide/C/virtualization.xml:567(para)
3417
3637
msgid "uvtool-libvirt"
3418
3638
msgstr ""
3419
3639
3420
#: serverguide/C/virtualization.xml:504(para)
3640
#: serverguide/C/virtualization.xml:572(para)
3421
3641
msgid "To install <application>uvtool</application>, run:"
3422
3642
msgstr ""
3423
3643
3424
#: serverguide/C/virtualization.xml:505(programlisting)
3644
#: serverguide/C/virtualization.xml:573(programlisting)
3425
3645
#, no-wrap
3426
3646
msgid "$ apt -y install uvtool"
3427
3647
msgstr ""
3428
3648
3429
#: serverguide/C/virtualization.xml:507(para)
3649
#: serverguide/C/virtualization.xml:575(para)
3430
3650
msgid "This will install uvtool's main commands:"
3431
3651
msgstr ""
3432
3652
3433
#: serverguide/C/virtualization.xml:509(application)
3653
#: serverguide/C/virtualization.xml:577(application)
3434
3654
msgid "uvt-simplestreams-libvirt"
3435
3655
msgstr ""
3436
3656
3437
#: serverguide/C/virtualization.xml:510(application)
3657
#: serverguide/C/virtualization.xml:578(application)
3438
3658
msgid "uvt-kvm"
3439
3659
msgstr ""
3440
3660
3441
#: serverguide/C/virtualization.xml:515(title)
3661
#: serverguide/C/virtualization.xml:583(title)
3442
3662
msgid ""
3443
3663
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3444
3664
"libvirt</application>"
3445
3665
msgstr ""
3446
3666
3447
#: serverguide/C/virtualization.xml:517(para)
3667
#: serverguide/C/virtualization.xml:585(para)
3448
3668
msgid ""
3449
3669
"This is one of the major simplifications that "
3450
3670
"<application>uvtool</application> brings. It is aware of where to find the "
3453
3673
"architecture, the uvtool command would be:"
3454
3674
msgstr ""
3455
3675
3456
#: serverguide/C/virtualization.xml:522(programlisting)
3676
#: serverguide/C/virtualization.xml:590(programlisting)
3457
3677
#, no-wrap
3458
3678
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
3459
3679
msgstr ""
3460
3680
3461
#: serverguide/C/virtualization.xml:524(para)
3681
#: serverguide/C/virtualization.xml:592(para)
3462
3682
msgid ""
3463
3683
"After an amount of time required to download all the images from the "
3464
3684
"Internet, you will have a complete set of cloud images stored locally. To "
3465
3685
"see what has been downloaded use the following command:"
3466
3686
msgstr ""
3467
3687
3468
#: serverguide/C/virtualization.xml:528(programlisting)
3688
#: serverguide/C/virtualization.xml:596(programlisting)
3469
3689
#, no-wrap
3470
3690
msgid ""
3471
3691
"$ uvt-simplestreams-libvirt query\n"
3482
3702
"\n"
3483
3703
msgstr ""
3484
3704
3485
#: serverguide/C/virtualization.xml:542(para)
3705
#: serverguide/C/virtualization.xml:610(para)
3486
3706
msgid ""
3487
3707
"In the case where you want to synchronize only one specific cloud-image, you "
3488
3708
"need to use the release= and arch= filters to identify which image needs to "
3489
3709
"be synchronized."
3490
3710
msgstr ""
3491
3711
3492
#: serverguide/C/virtualization.xml:545(programlisting)
3712
#: serverguide/C/virtualization.xml:613(programlisting)
3493
3713
#, no-wrap
3494
3714
msgid "$ uvt-simplestreams-libvirt sync release=xenial arch=amd64\n"
3495
3715
msgstr ""
3496
3716
3497
#: serverguide/C/virtualization.xml:550(title)
3717
#: serverguide/C/virtualization.xml:618(title)
3498
3718
msgid "Create the VM using uvt-kvm"
3499
3719
msgstr ""
3500
3720
3501
#: serverguide/C/virtualization.xml:552(para)
3721
#: serverguide/C/virtualization.xml:620(para)
3502
3722
msgid ""
3503
3723
"In order to connect to the virtual machine once it has been created, you "
3504
3724
"must have a valid SSH key available for the Ubuntu user. If your environment "
3506
3726
"command:"
3507
3727
msgstr ""
3508
3728
3509
#: serverguide/C/virtualization.xml:554(programlisting)
3729
#: serverguide/C/virtualization.xml:622(programlisting)
3510
3730
#, no-wrap
3511
3731
msgid ""
3512
3732
"\n"
3533
3753
"+-----------------+\n"
3534
3754
msgstr ""
3535
3755
3536
#: serverguide/C/virtualization.xml:577(para)
3756
#: serverguide/C/virtualization.xml:645(para)
3537
3757
msgid ""
3538
3758
"To create of a new virtual machine using uvtool, run the following in a "
3539
3759
"terminal:"
3540
3760
msgstr ""
3541
3761
3542
#: serverguide/C/virtualization.xml:579(programlisting)
3762
#: serverguide/C/virtualization.xml:647(programlisting)
3543
3763
#, no-wrap
3544
3764
msgid "$ uvt-kvm create firsttest"
3545
3765
msgstr ""
3546
3766
3547
#: serverguide/C/virtualization.xml:581(para)
3767
#: serverguide/C/virtualization.xml:649(para)
3548
3768
msgid ""
3549
3769
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3550
3770
"using the current LTS cloud image available locally. If you want to specify "
3552
3772
"role=\"bold\">release=</emphasis> filter:"
3553
3773
msgstr ""
3554
3774
3555
#: serverguide/C/virtualization.xml:584(programlisting)
3775
#: serverguide/C/virtualization.xml:652(programlisting)
3556
3776
#, no-wrap
3557
3777
msgid "$ uvt-kvm create secondtest release=xenial"
3558
3778
msgstr ""
3559
3779
3560
#: serverguide/C/virtualization.xml:586(para)
3780
#: serverguide/C/virtualization.xml:654(para)
3561
3781
msgid ""
3562
3782
"<application>uvt-kvm wait</application> can be used to wait until the "
3563
3783
"creation of the VM has completed:"
3564
3784
msgstr ""
3565
3785
3566
#: serverguide/C/virtualization.xml:589(programlisting)
3786
#: serverguide/C/virtualization.xml:657(programlisting)
3567
3787
#, no-wrap
3568
3788
msgid ""
3569
3789
"$ uvt-kvm wait secondttest --insecure\n"
3570
3790
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3571
3791
msgstr ""
3572
3792
3573
#: serverguide/C/virtualization.xml:594(title)
3793
#: serverguide/C/virtualization.xml:662(title)
3574
3794
msgid "Connect to the running VM"
3575
3795
msgstr ""
3576
3796
3577
#: serverguide/C/virtualization.xml:595(para)
3797
#: serverguide/C/virtualization.xml:663(para)
3578
3798
msgid ""
3579
3799
"Once the virtual machine creation is completed, you can connect to it using "
3580
3800
"SSH:"
3581
3801
msgstr ""
3582
3802
3583
#: serverguide/C/virtualization.xml:598(programlisting)
3803
#: serverguide/C/virtualization.xml:666(programlisting)
3584
3804
#, no-wrap
3585
3805
msgid "$ uvt-kvm ssh secondtest --insecure"
3586
3806
msgstr ""
3587
3807
3588
#: serverguide/C/virtualization.xml:600(para)
3808
#: serverguide/C/virtualization.xml:668(para)
3589
3809
msgid ""
3590
3810
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3591
3811
"required, so use this mechanism to connect to your VM only if you completely "
3592
3812
"trust your network infrastructure."
3593
3813
msgstr ""
3594
3814
3595
#: serverguide/C/virtualization.xml:602(para)
3815
#: serverguide/C/virtualization.xml:670(para)
3596
3816
msgid ""
3597
3817
"You can also connect to your VM using a regular SSH session using the IP "
3598
3818
"address of the VM. The address can be queried using the following command:"
3599
3819
msgstr ""
3600
3820
3601
#: serverguide/C/virtualization.xml:604(programlisting)
3821
#: serverguide/C/virtualization.xml:672(programlisting)
3602
3822
#, no-wrap
3603
3823
msgid ""
3604
3824
"\n"
3640
3860
"\n"
3641
3861
msgstr ""
3642
3862
3643
#: serverguide/C/virtualization.xml:639(title)
3863
#: serverguide/C/virtualization.xml:707(title)
3644
3864
msgid "Get the list of running VMs"
3645
3865
msgstr ""
3646
3866
3647
#: serverguide/C/virtualization.xml:640(para)
3867
#: serverguide/C/virtualization.xml:708(para)
3648
3868
msgid "You can get the list of VMs running on your system with this command:"
3649
3869
msgstr ""
3650
3870
3651
#: serverguide/C/virtualization.xml:642(programlisting)
3871
#: serverguide/C/virtualization.xml:710(programlisting)
3652
3872
#, no-wrap
3653
3873
msgid ""
3654
3874
"$ uvt-kvm list\n"
3655
3875
"secondtest\n"
3656
3876
msgstr ""
3657
3877
3658
#: serverguide/C/virtualization.xml:647(title)
3878
#: serverguide/C/virtualization.xml:715(title)
3659
3879
msgid "Destroy your VM"
3660
3880
msgstr ""
3661
3881
3662
#: serverguide/C/virtualization.xml:648(para)
3882
#: serverguide/C/virtualization.xml:716(para)
3663
3883
msgid "Once you are done with your VM, you can destroy it with:"
3664
3884
msgstr ""
3665
3885
3666
#: serverguide/C/virtualization.xml:650(programlisting)
3886
#: serverguide/C/virtualization.xml:718(programlisting)
3667
3887
#, no-wrap
3668
3888
msgid "$ uvt-kvm destroy secondtest"
3669
3889
msgstr ""
3670
3890
3671
#: serverguide/C/virtualization.xml:652(title)
3891
#: serverguide/C/virtualization.xml:720(title)
3672
3892
msgid "More uvt-kvm options"
3673
3893
msgstr ""
3674
3894
3675
#: serverguide/C/virtualization.xml:654(para)
3895
#: serverguide/C/virtualization.xml:722(para)
3676
3896
msgid ""
3677
3897
"The following options can be used to change some of the characteristics of "
3678
3898
"the VM that you are creating:"
3679
3899
msgstr ""
3680
3900
3681
#: serverguide/C/virtualization.xml:657(para)
3901
#: serverguide/C/virtualization.xml:725(para)
3682
3902
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3683
3903
msgstr ""
3684
3904
3685
#: serverguide/C/virtualization.xml:658(para)
3905
#: serverguide/C/virtualization.xml:726(para)
3686
3906
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3687
3907
msgstr ""
3688
3908
3689
#: serverguide/C/virtualization.xml:659(para)
3909
#: serverguide/C/virtualization.xml:727(para)
3690
3910
msgid "--cpu : Number of CPU cores. Default: 1."
3691
3911
msgstr ""
3692
3912
3693
#: serverguide/C/virtualization.xml:662(para)
3913
#: serverguide/C/virtualization.xml:730(para)
3694
3914
msgid ""
3695
3915
"Some other parameters will have an impact on the cloud-init configuration:"
3696
3916
msgstr ""
3697
3917
3698
#: serverguide/C/virtualization.xml:664(para)
3918
#: serverguide/C/virtualization.xml:732(para)
3699
3919
msgid ""
3700
3920
"--password password : Allow login to the VM using the Ubuntu account and "
3701
3921
"this provided password."
3702
3922
msgstr ""
3703
3923
3704
#: serverguide/C/virtualization.xml:665(para)
3924
#: serverguide/C/virtualization.xml:733(para)
3705
3925
msgid ""
3706
3926
"--run-script-once script_file : Run script_file as root on the VM the first "
3707
3927
"time it is booted, but never again."
3708
3928
msgstr ""
3709
3929
3710
#: serverguide/C/virtualization.xml:666(para)
3930
#: serverguide/C/virtualization.xml:734(para)
3711
3931
msgid ""
3712
3932
"--packages package_list : Install the comma-separated packages specified in "
3713
3933
"package_list on first boot."
3714
3934
msgstr ""
3715
3935
3716
#: serverguide/C/virtualization.xml:669(para)
3936
#: serverguide/C/virtualization.xml:737(para)
3717
3937
msgid ""
3718
3938
"A complete description of all available modifiers is available in the "
3719
3939
"manpage of uvt-kvm."
3720
3940
msgstr ""
3721
3941
3722
#: serverguide/C/virtualization.xml:676(para)
3942
#: serverguide/C/virtualization.xml:744(para)
3723
3943
msgid ""
3724
3944
"If you are interested in learning more, have questions or suggestions, "
3725
3945
"please contact the Ubuntu Server Team at:"
3726
3946
msgstr ""
3727
3947
3728
#: serverguide/C/virtualization.xml:681(para)
3948
#: serverguide/C/virtualization.xml:749(para)
3729
3949
msgid "IRC: #ubuntu-server on freenode"
3730
3950
msgstr ""
3731
3951
3732
#: serverguide/C/virtualization.xml:685(para)
3952
#: serverguide/C/virtualization.xml:753(para)
3733
3953
msgid ""
3734
3954
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3735
3955
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3736
3956
msgstr ""
3737
3957
3738
#: serverguide/C/virtualization.xml:694(title)
3958
#: serverguide/C/virtualization.xml:762(title)
3739
3959
msgid "Ubuntu Cloud"
3740
3960
msgstr ""
3741
3961
3742
#: serverguide/C/virtualization.xml:696(para)
3962
#: serverguide/C/virtualization.xml:764(para)
3743
3963
msgid ""
3744
3964
"<application>Cloud computing</application> is a computing model that allows "
3745
3965
"vast pools of resources to be allocated on-demand. These resources such as "
3751
3971
"build highly scalable, cloud computing for both public and private clouds."
3752
3972
msgstr ""
3753
3973
3754
#: serverguide/C/virtualization.xml:707(title)
3974
#: serverguide/C/virtualization.xml:775(title)
3755
3975
msgid "Installation and Configuration"
3756
3976
msgstr ""
3757
3977
3758
#: serverguide/C/virtualization.xml:709(para)
3978
#: serverguide/C/virtualization.xml:777(para)
3759
3979
msgid ""
3760
3980
"Due to the current high rate of development of this complex technology we "
3761
3981
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
3763
3983
"concerning installation and configuration."
3764
3984
msgstr ""
3765
3985
3766
#: serverguide/C/virtualization.xml:718(title) serverguide/C/network-config.xml:1660(title)
3986
#: serverguide/C/virtualization.xml:786(title) serverguide/C/network-config.xml:1698(title)
3767
3987
msgid "Support and Troubleshooting"
3768
3988
msgstr ""
3769
3989
3770
#: serverguide/C/virtualization.xml:720(para)
3990
#: serverguide/C/virtualization.xml:788(para)
3771
3991
msgid "Community Support"
3772
3992
msgstr ""
3773
3993
3774
#: serverguide/C/virtualization.xml:724(ulink)
3994
#: serverguide/C/virtualization.xml:792(ulink)
3775
3995
msgid "OpenStack Mailing list"
3776
3996
msgstr ""
3777
3997
3778
#: serverguide/C/virtualization.xml:729(ulink)
3998
#: serverguide/C/virtualization.xml:797(ulink)
3779
3999
msgid "The OpenStack Wiki search"
3780
4000
msgstr ""
3781
4001
3782
#: serverguide/C/virtualization.xml:734(ulink)
4002
#: serverguide/C/virtualization.xml:802(ulink)
3783
4003
msgid "Launchpad bugs area"
3784
4004
msgstr ""
3785
4005
3786
#: serverguide/C/virtualization.xml:739(para)
4006
#: serverguide/C/virtualization.xml:807(para)
3787
4007
msgid "Join the IRC channel #openstack on freenode."
3788
4008
msgstr ""
3789
4009
3790
#: serverguide/C/virtualization.xml:750(ulink)
4010
#: serverguide/C/virtualization.xml:818(ulink)
3791
4011
msgid "Cloud Computing - Service models"
3792
4012
msgstr ""
3793
4013
3794
#: serverguide/C/virtualization.xml:756(ulink)
4014
#: serverguide/C/virtualization.xml:824(ulink)
3795
4015
msgid "OpenStack Compute"
3796
4016
msgstr ""
3797
4017
3798
#: serverguide/C/virtualization.xml:762(ulink)
4018
#: serverguide/C/virtualization.xml:830(ulink)
3799
4019
msgid "OpenStack Image Service"
3800
4020
msgstr ""
3801
4021
3802
#: serverguide/C/virtualization.xml:768(ulink)
4022
#: serverguide/C/virtualization.xml:836(ulink)
3803
4023
msgid "OpenStack Object Storage Administration Guide"
3804
4024
msgstr ""
3805
4025
3806
#: serverguide/C/virtualization.xml:774(ulink)
4026
#: serverguide/C/virtualization.xml:842(ulink)
3807
4027
msgid "Installing OpenStack Object Storage on Ubuntu"
3808
4028
msgstr ""
3809
4029
3810
#: serverguide/C/virtualization.xml:780(ulink)
4030
#: serverguide/C/virtualization.xml:848(ulink)
3811
4031
msgid "http://cloudglossary.com/"
3812
4032
msgstr ""
3813
4033
3814
#: serverguide/C/virtualization.xml:790(title)
4034
#: serverguide/C/virtualization.xml:858(title)
3815
4035
msgid "LXD"
3816
4036
msgstr ""
3817
4037
3818
#: serverguide/C/virtualization.xml:792(para)
4038
#: serverguide/C/virtualization.xml:860(para)
3819
4039
msgid ""
3820
4040
"LXD (pronounced lex-dee) is the lightervisor, or lightweight container "
3821
4041
"hypervisor. While this claim has been controversial, it has been <ulink "
3825
4045
"url=\"https://help.ubuntu.com/lts/serverguide/lxc.html\">LXC</ulink>."
3826
4046
msgstr ""
3827
4047
3828
#: serverguide/C/virtualization.xml:801(para)
4048
#: serverguide/C/virtualization.xml:869(para)
3829
4049
msgid ""
3830
4050
"LXC (lex-see) is a program which creates and administers \"containers\" on a "
3831
4051
"local system. It also provides an API to allow higher level managers, such "
3833
4053
"while comparing LXD to libvirt."
3834
4054
msgstr ""
3835
4055
3836
#: serverguide/C/virtualization.xml:808(para)
4056
#: serverguide/C/virtualization.xml:876(para)
3837
4057
msgid ""
3838
4058
"The LXC API deals with a 'container'. The LXD API deals with 'remotes', "
3839
4059
"which serve images and containers. This extends the LXC functionality over "
3841
4061
"and container image publishing."
3842
4062
msgstr ""
3843
4063
3844
#: serverguide/C/virtualization.xml:815(para)
4064
#: serverguide/C/virtualization.xml:883(para)
3845
4065
msgid ""
3846
4066
"LXD uses LXC under the covers for some container management tasks. However, "
3847
4067
"it keeps its own container configuration information and has its own "
3850
4070
"LXD on Ubuntu systems."
3851
4071
msgstr ""
3852
4072
3853
#: serverguide/C/virtualization.xml:823(title)
4073
#: serverguide/C/virtualization.xml:891(title)
3854
4074
msgid "Online Resources"
3855
4075
msgstr ""
3856
4076
3857
#: serverguide/C/virtualization.xml:825(para)
4077
#: serverguide/C/virtualization.xml:893(para)
3858
4078
msgid ""
3859
4079
"There is excellent documentation for <ulink "
3860
4080
"url=\"http://github.com/lxc/lxd\">getting started with LXD</ulink> in the "
3868
4088
"juju</ulink>."
3869
4089
msgstr ""
3870
4090
3871
#: serverguide/C/virtualization.xml:832(para)
4091
#: serverguide/C/virtualization.xml:900(para)
3872
4092
msgid ""
3873
4093
"This document will offer an Ubuntu Server-specific view of LXD, focusing on "
3874
4094
"administration."
3875
4095
msgstr ""
3876
4096
3877
#: serverguide/C/virtualization.xml:840(para)
4097
#: serverguide/C/virtualization.xml:908(para)
3878
4098
msgid ""
3879
4099
"LXD is pre-installed on Ubuntu Server cloud images. On other systems, the "
3880
4100
"lxd package can be installed using:"
3881
4101
msgstr ""
3882
4102
3883
#: serverguide/C/virtualization.xml:846(command)
4103
#: serverguide/C/virtualization.xml:914(command)
3884
4104
msgid "sudo apt install lxd"
3885
4105
msgstr ""
3886
4106
3887
#: serverguide/C/virtualization.xml:851(para)
4107
#: serverguide/C/virtualization.xml:919(para)
3888
4108
msgid ""
3889
4109
"This will install LXD as well as the recommended dependencies, including the "
3890
4110
"LXC library and lxcfs."
3891
4111
msgstr ""
3892
4112
3893
#: serverguide/C/virtualization.xml:857(title)
4113
#: serverguide/C/virtualization.xml:925(title)
3894
4114
msgid "Kernel preparation"
3895
4115
msgstr ""
3896
4116
3897
#: serverguide/C/virtualization.xml:859(para)
4117
#: serverguide/C/virtualization.xml:927(para)
3898
4118
msgid ""
3899
4119
"In general, Ubuntu 16.04 should have all the desired features enabled by "
3900
4120
"default. One exception to this is that in order to enable swap accounting "
3904
4124
"then running 'update-grub' as root and rebooting."
3905
4125
msgstr ""
3906
4126
3907
#: serverguide/C/virtualization.xml:871(para)
4127
#: serverguide/C/virtualization.xml:939(para)
3908
4128
msgid ""
3909
4129
"By default, LXD is installed listening on a local UNIX socket, which members "
3910
4130
"of group LXD can talk to. It has no trust password setup. And it uses the "
3913
4133
"will allow you to choose:"
3914
4134
msgstr ""
3915
4135
3916
#: serverguide/C/virtualization.xml:881(para)
4136
#: serverguide/C/virtualization.xml:949(para)
3917
4137
msgid ""
3918
4138
"Directory or <ulink url=\"http://open-zfs.org\">ZFS</ulink> container "
3919
4139
"backend. If you choose ZFS, you can choose which block devices to use, or "
3920
4140
"the size of a file to use as backing store."
3921
4141
msgstr ""
3922
4142
3923
#: serverguide/C/virtualization.xml:885(para)
4143
#: serverguide/C/virtualization.xml:953(para)
3924
4144
msgid "Availability over the network"
3925
4145
msgstr ""
3926
4146
3927
#: serverguide/C/virtualization.xml:887(para)
4147
#: serverguide/C/virtualization.xml:955(para)
3928
4148
msgid ""
3929
4149
"A 'trust password' used by remote clients to vouch for their client "
3930
4150
"certificate"
3931
4151
msgstr ""
3932
4152
3933
#: serverguide/C/virtualization.xml:891(para)
4153
#: serverguide/C/virtualization.xml:959(para)
3934
4154
msgid ""
3935
4155
"You must run 'lxd init' as root. 'lxc' commands can be run as any user who "
3936
4156
"is member of group lxd. If user joe is not a member of group 'lxd', you may "
3937
4157
"run:"
3938
4158
msgstr ""
3939
4159
3940
#: serverguide/C/virtualization.xml:898(command)
4160
#: serverguide/C/virtualization.xml:966(command)
3941
4161
msgid "adduser joe lxd"
3942
4162
msgstr ""
3943
4163
3944
#: serverguide/C/virtualization.xml:903(para)
4164
#: serverguide/C/virtualization.xml:971(para)
3945
4165
msgid ""
3946
4166
"as root to change it. The new membership will take effect on the next login, "
3947
4167
"or after running 'newgrp lxd' from an existing login."
3948
4168
msgstr ""
3949
4169
3950
#: serverguide/C/virtualization.xml:908(para)
4170
#: serverguide/C/virtualization.xml:976(para)
3951
4171
msgid ""
3952
4172
"For more information on server, container, profile, and device "
3953
4173
"configuration, please refer to the definitive configuration provided with "
3956
4176
"link>"
3957
4177
msgstr ""
3958
4178
3959
#: serverguide/C/virtualization.xml:916(title)
4179
#: serverguide/C/virtualization.xml:984(title)
3960
4180
msgid "Creating your first container"
3961
4181
msgstr ""
3962
4182
3963
#: serverguide/C/virtualization.xml:918(para)
4183
#: serverguide/C/virtualization.xml:986(para)
3964
4184
msgid "This section will describe the simplest container tasks."
3965
4185
msgstr ""
3966
4186
3967
#: serverguide/C/virtualization.xml:922(title)
4187
#: serverguide/C/virtualization.xml:990(title)
3968
4188
msgid "Creating a container"
3969
4189
msgstr ""
3970
4190
3971
#: serverguide/C/virtualization.xml:924(para)
4191
#: serverguide/C/virtualization.xml:992(para)
3972
4192
msgid ""
3973
4193
"Every new container is created based on either an image, an existing "
3974
4194
"container, or a container snapshot. At install time, LXD is configured with "
3975
4195
"the following image servers:"
3976
4196
msgstr ""
3977
4197
3978
#: serverguide/C/virtualization.xml:932(para)
4198
#: serverguide/C/virtualization.xml:1000(para)
3979
4199
msgid ""
3980
4200
"<filename>ubuntu</filename>: this serves official Ubuntu server cloud image "
3981
4201
"releases."
3982
4202
msgstr ""
3983
4203
3984
#: serverguide/C/virtualization.xml:935(para)
4204
#: serverguide/C/virtualization.xml:1003(para)
3985
4205
msgid ""
3986
4206
"<filename>ubuntu-daily</filename>: this serves official Ubuntu server cloud "
3987
4207
"images of the daily development releases."
3988
4208
msgstr ""
3989
4209
3990
#: serverguide/C/virtualization.xml:939(para)
4210
#: serverguide/C/virtualization.xml:1007(para)
3991
4211
msgid ""
3992
4212
"<filename>images</filename>: this is a default-installed alias for "
3993
4213
"images.linuxcontainers.org. This is serves classical lxc images built using "
3996
4216
"recommended server for Ubuntu images."
3997
4217
msgstr ""
3998
4218
3999
#: serverguide/C/virtualization.xml:947(para)
4219
#: serverguide/C/virtualization.xml:1015(para)
4000
4220
msgid "The command to create and start a container is"
4001
4221
msgstr ""
4002
4222
4003
#: serverguide/C/virtualization.xml:952(command)
4223
#: serverguide/C/virtualization.xml:1020(command)
4004
4224
msgid "lxc launch remote:image containername"
4005
4225
msgstr ""
4006
4226
4007
#: serverguide/C/virtualization.xml:957(para)
4227
#: serverguide/C/virtualization.xml:1025(para)
4008
4228
msgid ""
4009
4229
"Images are identified by their hash, but are also aliased. The 'ubuntu' "
4010
4230
"server knows many aliases such as '16.04' and 'xenial'. A list of all images "
4011
4231
"available from the Ubuntu Server can be seen using:"
4012
4232
msgstr ""
4013
4233
4014
#: serverguide/C/virtualization.xml:964(command) serverguide/C/virtualization.xml:1488(command)
4234
#: serverguide/C/virtualization.xml:1032(command) serverguide/C/virtualization.xml:1556(command)
4015
4235
msgid "lxc image list ubuntu:"
4016
4236
msgstr ""
4017
4237
4018
#: serverguide/C/virtualization.xml:969(para)
4238
#: serverguide/C/virtualization.xml:1037(para)
4019
4239
msgid ""
4020
4240
"To see more information about a particular image, including all the aliases "
4021
4241
"it is known by, you can use:"
4022
4242
msgstr ""
4023
4243
4024
#: serverguide/C/virtualization.xml:975(command)
4244
#: serverguide/C/virtualization.xml:1043(command)
4025
4245
msgid "lxc image info ubuntu:xenial"
4026
4246
msgstr ""
4027
4247
4028
#: serverguide/C/virtualization.xml:980(para)
4248
#: serverguide/C/virtualization.xml:1048(para)
4029
4249
msgid ""
4030
4250
"You can generally refer to an Ubuntu image using the release name ('xenial') "
4031
4251
"or the release number (16.04). In addition, 'lts' is an alias for the latest "
4033
4253
"the desired architecture:"
4034
4254
msgstr ""
4035
4255
4036
#: serverguide/C/virtualization.xml:988(command)
4256
#: serverguide/C/virtualization.xml:1056(command)
4037
4257
msgid "lxc image info ubuntu:lts/arm64"
4038
4258
msgstr ""
4039
4259
4040
#: serverguide/C/virtualization.xml:993(para)
4260
#: serverguide/C/virtualization.xml:1061(para)
4041
4261
msgid "Now, let's start our first container:"
4042
4262
msgstr ""
4043
4263
4044
#: serverguide/C/virtualization.xml:998(command)
4264
#: serverguide/C/virtualization.xml:1066(command)
4045
4265
msgid "lxc launch ubuntu:xenial x1"
4046
4266
msgstr ""
4047
4267
4048
#: serverguide/C/virtualization.xml:1003(para)
4268
#: serverguide/C/virtualization.xml:1071(para)
4049
4269
msgid ""
4050
4270
"This will download the official current Xenial cloud image for your current "
4051
4271
"architecture, then create a container using that image, and finally start "
4052
4272
"it. Once the command returns, you can see it using:"
4053
4273
msgstr ""
4054
4274
4055
#: serverguide/C/virtualization.xml:1010(command)
4275
#: serverguide/C/virtualization.xml:1078(command)
4056
4276
msgid "lxc list lxc info x1"
4057
4277
msgstr ""
4058
4278
4059
#: serverguide/C/virtualization.xml:1016(para)
4279
#: serverguide/C/virtualization.xml:1084(para)
4060
4280
msgid "and open a shell in it using:"
4061
4281
msgstr ""
4062
4282
4063
#: serverguide/C/virtualization.xml:1021(command)
4283
#: serverguide/C/virtualization.xml:1089(command)
4064
4284
msgid "lxc exec x1 bash"
4065
4285
msgstr ""
4066
4286
4067
#: serverguide/C/virtualization.xml:1026(para)
4287
#: serverguide/C/virtualization.xml:1094(para)
4068
4288
msgid ""
4069
4289
"The try-it page gives a full synopsis of the commands you can use to "
4070
4290
"administer containers."
4071
4291
msgstr ""
4072
4292
4073
#: serverguide/C/virtualization.xml:1031(para)
4293
#: serverguide/C/virtualization.xml:1099(para)
4074
4294
msgid ""
4075
4295
"Now that the 'xenial' image has been downloaded, it will be kept in sync "
4076
4296
"until no new containers have been created based on it for (by default) 10 "
4077
4297
"days. After that, it will be deleted."
4078
4298
msgstr ""
4079
4299
4080
#: serverguide/C/virtualization.xml:1039(title)
4300
#: serverguide/C/virtualization.xml:1107(title)
4081
4301
msgid "LXD Server Configuration"
4082
4302
msgstr ""
4083
4303
4084
#: serverguide/C/virtualization.xml:1041(para)
4304
#: serverguide/C/virtualization.xml:1109(para)
4085
4305
msgid ""
4086
4306
"By default, LXD is socket activated and configured to listen only on a local "
4087
4307
"UNIX socket. While LXD may not be running when you first look at the process "
4088
4308
"listing, any LXC command will start it up. For instance:"
4089
4309
msgstr ""
4090
4310
4091
#: serverguide/C/virtualization.xml:1048(command)
4311
#: serverguide/C/virtualization.xml:1116(command)
4092
4312
msgid "lxc list"
4093
4313
msgstr ""
4094
4314
4095
#: serverguide/C/virtualization.xml:1053(para)
4315
#: serverguide/C/virtualization.xml:1121(para)
4096
4316
msgid ""
4097
4317
"This will create your client certificate and contact the LXD server for a "
4098
4318
"list of containers. To make the server accessible over the network you can "
4099
4319
"set the http port using:"
4100
4320
msgstr ""
4101
4321
4102
#: serverguide/C/virtualization.xml:1060(command)
4322
#: serverguide/C/virtualization.xml:1128(command)
4103
4323
msgid "lxc config set core.https_address :8443"
4104
4324
msgstr ""
4105
4325
4106
#: serverguide/C/virtualization.xml:1065(para)
4326
#: serverguide/C/virtualization.xml:1133(para)
4107
4327
msgid "This will tell LXD to listen to port 8843 on all addresses."
4108
4328
msgstr ""
4109
4329
4110
#: serverguide/C/virtualization.xml:1069(title)
4330
#: serverguide/C/virtualization.xml:1137(title)
4111
4331
msgid "Authentication"
4112
4332
msgstr ""
4113
4333
4114
#: serverguide/C/virtualization.xml:1071(para)
4334
#: serverguide/C/virtualization.xml:1139(para)
4115
4335
msgid ""
4116
4336
"By default, LXD will allow all members of group 'lxd' (which by default "
4117
4337
"includes all members of group admin) to talk to it over the UNIX socket. "
4119
4339
"certificates."
4120
4340
msgstr ""
4121
4341
4122
#: serverguide/C/virtualization.xml:1077(para)
4342
#: serverguide/C/virtualization.xml:1145(para)
4123
4343
msgid ""
4124
4344
"Before client c1 wishes to use remote r1, r1 must be registered using:"
4125
4345
msgstr ""
4126
4346
4127
#: serverguide/C/virtualization.xml:1082(command)
4347
#: serverguide/C/virtualization.xml:1150(command)
4128
4348
msgid "lxc remote add r1 r1.example.com:8443"
4129
4349
msgstr ""
4130
4350
4131
#: serverguide/C/virtualization.xml:1087(para)
4351
#: serverguide/C/virtualization.xml:1155(para)
4132
4352
msgid ""
4133
4353
"The fingerprint of r1's certificate will be shown, to allow the user at c1 "
4134
4354
"to reject a false certificate. The server in turn will verify that c1 may be "
4136
4356
"already-registered client, using:"
4137
4357
msgstr ""
4138
4358
4139
#: serverguide/C/virtualization.xml:1095(command)
4359
#: serverguide/C/virtualization.xml:1163(command)
4140
4360
msgid "lxc config trust add r1 certfile.crt"
4141
4361
msgstr ""
4142
4362
4143
#: serverguide/C/virtualization.xml:1100(para)
4363
#: serverguide/C/virtualization.xml:1168(para)
4144
4364
msgid ""
4145
4365
"Now when the client adds r1 as a known remote, it will not need to provide a "
4146
4366
"password as it is already trusted by the server."
4147
4367
msgstr ""
4148
4368
4149
#: serverguide/C/virtualization.xml:1105(para)
4369
#: serverguide/C/virtualization.xml:1173(para)
4150
4370
msgid ""
4151
4371
"The other is to configure a 'trust password' with r1, either at initial "
4152
4372
"configuration using 'lxd init', or after the fact using"
4153
4373
msgstr ""
4154
4374
4155
#: serverguide/C/virtualization.xml:1111(command)
4375
#: serverguide/C/virtualization.xml:1179(command)
4156
4376
msgid "lxc config set core.trust_password PASSWORD"
4157
4377
msgstr ""
4158
4378
4159
#: serverguide/C/virtualization.xml:1116(para)
4379
#: serverguide/C/virtualization.xml:1184(para)
4160
4380
msgid ""
4161
4381
"The password can then be provided when the client registers r1 as a known "
4162
4382
"remote."
4163
4383
msgstr ""
4164
4384
4165
#: serverguide/C/virtualization.xml:1123(title)
4385
#: serverguide/C/virtualization.xml:1191(title)
4166
4386
msgid "Backing store"
4167
4387
msgstr ""
4168
4388
4169
#: serverguide/C/virtualization.xml:1125(para)
4389
#: serverguide/C/virtualization.xml:1193(para)
4170
4390
msgid ""
4171
4391
"LXD supports several backing stores. The recommended backing store is ZFS, "
4172
4392
"however this is not available on all platforms. Supported backing stores "
4173
4393
"include:"
4174
4394
msgstr ""
4175
4395
4176
#: serverguide/C/virtualization.xml:1133(para)
4396
#: serverguide/C/virtualization.xml:1201(para)
4177
4397
msgid ""
4178
4398
"ext4: this is the default, and easiest to use. With an ext4 backing store, "
4179
4399
"containers and images are simply stored as directories on the host "
4181
4401
"and 10 containers will take up 10 times as much space as one container."
4182
4402
msgstr ""
4183
4403
4184
#: serverguide/C/virtualization.xml:1142(para)
4404
#: serverguide/C/virtualization.xml:1210(para)
4185
4405
msgid ""
4186
4406
"ZFS: if ZFS is supported on your architecture (amd64, arm64, or ppc64le), "
4187
4407
"you can set LXD up to use it using 'lxd init'. If you already have a ZFS "
4189
4409
"configuration key:"
4190
4410
msgstr ""
4191
4411
4192
#: serverguide/C/virtualization.xml:1150(command)
4412
#: serverguide/C/virtualization.xml:1218(command)
4193
4413
msgid "lxc config set storage.zfs_pool_name lxd"
4194
4414
msgstr ""
4195
4415
4196
#: serverguide/C/virtualization.xml:1155(para)
4416
#: serverguide/C/virtualization.xml:1223(para)
4197
4417
msgid ""
4198
4418
"With ZFS, launching a new container is fast because the filesystem starts as "
4199
4419
"a copy on write clone of the images' filesystem. Note that unless the "
4202
4422
"little of the actual filesystem data."
4203
4423
msgstr ""
4204
4424
4205
#: serverguide/C/virtualization.xml:1165(para)
4425
#: serverguide/C/virtualization.xml:1233(para)
4206
4426
msgid ""
4207
4427
"Btrfs: btrfs can be used with many of the same advantages as ZFS. To use "
4208
4428
"BTRFS as a LXD backing store, simply mount a Btrfs filesystem under "
4211
4431
"container."
4212
4432
msgstr ""
4213
4433
4214
#: serverguide/C/virtualization.xml:1175(para)
4434
#: serverguide/C/virtualization.xml:1243(para)
4215
4435
msgid ""
4216
4436
"LVM: To use a LVM volume group called 'lxd', you may tell LXD to use that "
4217
4437
"for containers and images using the command"
4218
4438
msgstr ""
4219
4439
4220
#: serverguide/C/virtualization.xml:1181(command)
4440
#: serverguide/C/virtualization.xml:1249(command)
4221
4441
msgid "lxc config set storage.lvm_vg_name lxd"
4222
4442
msgstr ""
4223
4443
4224
#: serverguide/C/virtualization.xml:1186(para)
4444
#: serverguide/C/virtualization.xml:1254(para)
4225
4445
msgid ""
4226
4446
"When launching a new container, its rootfs will start as a lv clone. It is "
4227
4447
"immediately mounted so that the file uids can be shifted, then unmounted. "
4228
4448
"Container snapshots also are created as lv snapshots."
4229
4449
msgstr ""
4230
4450
4231
#: serverguide/C/virtualization.xml:1196(title)
4451
#: serverguide/C/virtualization.xml:1264(title)
4232
4452
msgid "Container configuration"
4233
4453
msgstr ""
4234
4454
4235
#: serverguide/C/virtualization.xml:1198(para)
4455
#: serverguide/C/virtualization.xml:1266(para)
4236
4456
msgid ""
4237
4457
"Containers are configured according to a set of profiles, described in the "
4238
4458
"next section, and a set of container-specific configuration. Profiles are "
4240
4460
"configuration."
4241
4461
msgstr ""
4242
4462
4243
#: serverguide/C/virtualization.xml:1205(para)
4463
#: serverguide/C/virtualization.xml:1273(para)
4244
4464
msgid ""
4245
4465
"Container configuration includes properties like the architecture, limits on "
4246
4466
"resources such as CPU and RAM, security details including apparmor "
4247
4467
"restriction overrides, and devices to apply to the container."
4248
4468
msgstr ""
4249
4469
4250
#: serverguide/C/virtualization.xml:1211(para)
4470
#: serverguide/C/virtualization.xml:1279(para)
4251
4471
msgid ""
4252
4472
"Devices can be of several types, including UNIX character, UNIX block, "
4253
4473
"network interface, or 'disk'. In order to insert a host mount into a "
4255
4475
"in container c1 at /opt, you could use:"
4256
4476
msgstr ""
4257
4477
4258
#: serverguide/C/virtualization.xml:1219(command)
4478
#: serverguide/C/virtualization.xml:1287(command)
4259
4479
msgid "lxc config device add c1 opt disk source=/opt path=opt"
4260
4480
msgstr ""
4261
4481
4262
#: serverguide/C/virtualization.xml:1224(para)
4482
#: serverguide/C/virtualization.xml:1292(para)
4263
4483
msgid "See:"
4264
4484
msgstr ""
4265
4485
4266
#: serverguide/C/virtualization.xml:1229(command)
4486
#: serverguide/C/virtualization.xml:1297(command)
4267
4487
msgid "lxc help config"
4268
4488
msgstr ""
4269
4489
4270
#: serverguide/C/virtualization.xml:1234(para)
4490
#: serverguide/C/virtualization.xml:1302(para)
4271
4491
msgid ""
4272
4492
"for more information about editing container configurations. You may also "
4273
4493
"use:"
4274
4494
msgstr ""
4275
4495
4276
#: serverguide/C/virtualization.xml:1240(command)
4496
#: serverguide/C/virtualization.xml:1308(command)
4277
4497
msgid "lxc config edit c1"
4278
4498
msgstr ""
4279
4499
4280
#: serverguide/C/virtualization.xml:1245(para)
4500
#: serverguide/C/virtualization.xml:1313(para)
4281
4501
msgid ""
4282
4502
"to edit the whole of c1's configuration in your specified $EDITOR. Comments "
4283
4503
"at the top of the configuration will show examples of correct syntax to help "
4285
4505
"valid when the $EDITOR is exited, then $EDITOR will be restarted."
4286
4506
msgstr ""
4287
4507
4288
#: serverguide/C/virtualization.xml:1255(title) serverguide/C/security.xml:1065(title)
4508
#: serverguide/C/virtualization.xml:1323(title) serverguide/C/security.xml:1065(title)
4289
4509
msgid "Profiles"
4290
4510
msgstr ""
4291
4511
4292
#: serverguide/C/virtualization.xml:1257(para)
4512
#: serverguide/C/virtualization.xml:1325(para)
4293
4513
msgid ""
4294
4514
"Profiles are named collections of configurations which may be applied to "
4295
4515
"more than one container. For instance, all containers created with 'lxc "
4297
4517
"interface 'eth0'."
4298
4518
msgstr ""
4299
4519
4300
#: serverguide/C/virtualization.xml:1264(para)
4520
#: serverguide/C/virtualization.xml:1332(para)
4301
4521
msgid ""
4302
4522
"To mask a device which would be inherited from a profile but which should "
4303
4523
"not be in the final container, define a device by the same name but of type "
4304
4524
"'none':"
4305
4525
msgstr ""
4306
4526
4307
#: serverguide/C/virtualization.xml:1271(command)
4527
#: serverguide/C/virtualization.xml:1339(command)
4308
4528
msgid "lxc config device add c1 eth1 none"
4309
4529
msgstr ""
4310
4530
4311
#: serverguide/C/virtualization.xml:1277(title) serverguide/C/virtualization.xml:1869(title)
4531
#: serverguide/C/virtualization.xml:1345(title) serverguide/C/virtualization.xml:1937(title)
4312
4532
msgid "Nesting"
4313
4533
msgstr ""
4314
4534
4315
#: serverguide/C/virtualization.xml:1279(para)
4535
#: serverguide/C/virtualization.xml:1347(para)
4316
4536
msgid ""
4317
4537
"Containers all share the same host kernel. This means that there is always "
4318
4538
"an inherent trade-off between features exposed to the container and host "
4322
4542
"must be set to true:"
4323
4543
msgstr ""
4324
4544
4325
#: serverguide/C/virtualization.xml:1289(command)
4545
#: serverguide/C/virtualization.xml:1357(command)
4326
4546
msgid "lxc config set container1 security.nesting true"
4327
4547
msgstr ""
4328
4548
4329
#: serverguide/C/virtualization.xml:1294(para)
4549
#: serverguide/C/virtualization.xml:1362(para)
4330
4550
msgid "Once this is done, container1 will be able to start sub-containers."
4331
4551
msgstr ""
4332
4552
4333
#: serverguide/C/virtualization.xml:1298(para)
4553
#: serverguide/C/virtualization.xml:1366(para)
4334
4554
msgid ""
4335
4555
"In order to run unprivileged (the default in LXD) containers nested under an "
4336
4556
"unprivileged container, you will need to ensure a wide enough UID mapping. "
4337
4557
"Please see the 'UID mapping' section below."
4338
4558
msgstr ""
4339
4559
4340
#: serverguide/C/virtualization.xml:1304(title)
4560
#: serverguide/C/virtualization.xml:1372(title)
4341
4561
msgid "Docker"
4342
4562
msgstr ""
4343
4563
4344
#: serverguide/C/virtualization.xml:1306(para)
4564
#: serverguide/C/virtualization.xml:1374(para)
4345
4565
msgid ""
4346
4566
"In order to facilitate running docker containers inside a LXD container, a "
4347
4567
"'docker' profile is provided. To launch a new container with the docker "
4348
4568
"profile, you can run:"
4349
4569
msgstr ""
4350
4570
4351
#: serverguide/C/virtualization.xml:1313(command)
4571
#: serverguide/C/virtualization.xml:1381(command)
4352
4572
msgid "lxc launch xenial container1 -p default -p docker"
4353
4573
msgstr ""
4354
4574
4355
#: serverguide/C/virtualization.xml:1318(para)
4575
#: serverguide/C/virtualization.xml:1386(para)
4356
4576
msgid ""
4357
4577
"Note that currently the docker package in Ubuntu 16.04 is patched to "
4358
4578
"facilitate running in a container. This support is expected to land upstream "
4359
4579
"soon."
4360
4580
msgstr ""
4361
4581
4362
#: serverguide/C/virtualization.xml:1324(para)
4582
#: serverguide/C/virtualization.xml:1392(para)
4363
4583
msgid ""
4364
4584
"Note that 'cgroup namespace' support is also required. This is available in "
4365
4585
"the 16.04 kernel as well as in the 4.6 upstream source."
4366
4586
msgstr ""
4367
4587
4368
#: serverguide/C/virtualization.xml:1333(title)
4588
#: serverguide/C/virtualization.xml:1401(title)
4369
4589
msgid "Limits"
4370
4590
msgstr ""
4371
4591
4372
#: serverguide/C/virtualization.xml:1335(para)
4592
#: serverguide/C/virtualization.xml:1403(para)
4373
4593
msgid ""
4374
4594
"LXD supports flexible constraints on the resources which containers can "
4375
4595
"consume. The limits come in the following categories:"
4376
4596
msgstr ""
4377
4597
4378
#: serverguide/C/virtualization.xml:1342(para)
4598
#: serverguide/C/virtualization.xml:1410(para)
4379
4599
msgid "CPU: limit cpu available to the container in several ways."
4380
4600
msgstr ""
4381
4601
4382
#: serverguide/C/virtualization.xml:1345(para)
4602
#: serverguide/C/virtualization.xml:1413(para)
4383
4603
msgid "Disk: configure the priority of I/O requests under load"
4384
4604
msgstr ""
4385
4605
4386
#: serverguide/C/virtualization.xml:1348(para)
4606
#: serverguide/C/virtualization.xml:1416(para)
4387
4607
msgid "RAM: configure memory and swap availability"
4388
4608
msgstr ""
4389
4609
4390
#: serverguide/C/virtualization.xml:1351(para)
4610
#: serverguide/C/virtualization.xml:1419(para)
4391
4611
msgid "Network: configure the network priority under load"
4392
4612
msgstr ""
4393
4613
4394
#: serverguide/C/virtualization.xml:1354(para)
4614
#: serverguide/C/virtualization.xml:1422(para)
4395
4615
msgid "Processes: limit the number of concurrent processes in the container."
4396
4616
msgstr ""
4397
4617
4398
#: serverguide/C/virtualization.xml:1358(para)
4618
#: serverguide/C/virtualization.xml:1426(para)
4399
4619
msgid ""
4400
4620
"For a full list of limits known to LXD, see <ulink "
4401
4621
"url=\"https://github.com/lxc/lxd/blob/master/doc/configuration.md\"> the "
4402
4622
"configuration documentation</ulink>."
4403
4623
msgstr ""
4404
4624
4405
#: serverguide/C/virtualization.xml:1366(title)
4625
#: serverguide/C/virtualization.xml:1434(title)
4406
4626
msgid "UID mappings and Privileged containers"
4407
4627
msgstr ""
4408
4628
4409
#: serverguide/C/virtualization.xml:1368(para)
4629
#: serverguide/C/virtualization.xml:1436(para)
4410
4630
msgid ""
4411
4631
"By default, LXD creates unprivileged containers. This means that root in the "
4412
4632
"container is a non-root UID on the host. It is privileged against the "
4416
4636
"the system call interface)"
4417
4637
msgstr ""
4418
4638
4419
#: serverguide/C/virtualization.xml:1377(para)
4639
#: serverguide/C/virtualization.xml:1445(para)
4420
4640
msgid ""
4421
4641
"Briefly, in an unprivileged container, 65536 UIDs are 'shifted' into the "
4422
4642
"container. For instance, UID 0 in the container may be 100000 on the host, "
4428
4648
"subuid(5) manual page</ulink>."
4429
4649
msgstr ""
4430
4650
4431
#: serverguide/C/virtualization.xml:1387(para)
4651
#: serverguide/C/virtualization.xml:1455(para)
4432
4652
msgid ""
4433
4653
"It is possible to request a container to run without a UID mapping by "
4434
4654
"setting the security.privileged flag to true:"
4435
4655
msgstr ""
4436
4656
4437
#: serverguide/C/virtualization.xml:1393(command)
4657
#: serverguide/C/virtualization.xml:1461(command)
4438
4658
msgid "lxc config set c1 security.privileged true"
4439
4659
msgstr ""
4440
4660
4441
#: serverguide/C/virtualization.xml:1398(para)
4661
#: serverguide/C/virtualization.xml:1466(para)
4442
4662
msgid ""
4443
4663
"Note however that in this case the root user in the container is the root "
4444
4664
"user on the host."
4445
4665
msgstr ""
4446
4666
4447
#: serverguide/C/virtualization.xml:1405(title) serverguide/C/virtualization.xml:2144(title)
4667
#: serverguide/C/virtualization.xml:1473(title) serverguide/C/virtualization.xml:2212(title)
4448
4668
msgid "Apparmor"
4449
4669
msgstr ""
4450
4670
4451
#: serverguide/C/virtualization.xml:1407(para)
4671
#: serverguide/C/virtualization.xml:1475(para)
4452
4672
msgid ""
4453
4673
"LXD confines containers by default with an apparmor profile which protects "
4454
4674
"containers from each other and the host from containers. For instance this "
4458
4678
"/proc/sysrq-trigger</filename>."
4459
4679
msgstr ""
4460
4680
4461
#: serverguide/C/virtualization.xml:1416(para)
4681
#: serverguide/C/virtualization.xml:1484(para)
4462
4682
msgid ""
4463
4683
"If the apparmor policy for a container needs to be modified for a container "
4464
4684
"c1, specific apparmor policy lines can be added in the 'raw.apparmor' "
4465
4685
"configuration key."
4466
4686
msgstr ""
4467
4687
4468
#: serverguide/C/virtualization.xml:1424(title)
4688
#: serverguide/C/virtualization.xml:1492(title)
4469
4689
msgid "Seccomp"
4470
4690
msgstr ""
4471
4691
4472
#: serverguide/C/virtualization.xml:1426(para)
4692
#: serverguide/C/virtualization.xml:1494(para)
4473
4693
msgid ""
4474
4694
"All containers are confined by a default seccomp policy. This policy "
4475
4695
"prevents some dangerous actions such as forced umounts, kernel module "
4478
4698
"seccomp policy - or none - can be requested using raw.lxc (see below)."
4479
4699
msgstr ""
4480
4700
4481
#: serverguide/C/virtualization.xml:1436(title)
4701
#: serverguide/C/virtualization.xml:1504(title)
4482
4702
msgid "Raw LXC configuration"
4483
4703
msgstr ""
4484
4704
4485
#: serverguide/C/virtualization.xml:1438(para)
4705
#: serverguide/C/virtualization.xml:1506(para)
4486
4706
msgid ""
4487
4707
"LXD configures containers for the best balance of host safety and container "
4488
4708
"usability. Whenever possible it is highly recommended to use the defaults, "
4495
4715
".html\"> the lxc.container.conf(5) manual page</ulink>."
4496
4716
msgstr ""
4497
4717
4498
#: serverguide/C/virtualization.xml:1457(title)
4718
#: serverguide/C/virtualization.xml:1525(title)
4499
4719
msgid "Images and containers"
4500
4720
msgstr ""
4501
4721
4502
#: serverguide/C/virtualization.xml:1459(para)
4722
#: serverguide/C/virtualization.xml:1527(para)
4503
4723
msgid ""
4504
4724
"LXD is image based. When you create your first container, you will generally "
4505
4725
"do so using an existing image. LXD comes pre-configured with three default "
4506
4726
"image remotes:"
4507
4727
msgstr ""
4508
4728
4509
#: serverguide/C/virtualization.xml:1467(para)
4729
#: serverguide/C/virtualization.xml:1535(para)
4510
4730
msgid ""
4511
4731
"ubuntu: This is a <ulink "
4512
4732
"url=\"https://launchpad.net/simplestreams\">simplestreams-based</ulink> "
4513
4733
"remote serving released ubuntu cloud images."
4514
4734
msgstr ""
4515
4735
4516
#: serverguide/C/virtualization.xml:1472(para)
4736
#: serverguide/C/virtualization.xml:1540(para)
4517
4737
msgid ""
4518
4738
"ubuntu-daily: This is another simplestreams based remote which serves "
4519
4739
"'daily' ubuntu cloud images. These provide quicker but potentially less "
4520
4740
"stable images."
4521
4741
msgstr ""
4522
4742
4523
#: serverguide/C/virtualization.xml:1478(para)
4743
#: serverguide/C/virtualization.xml:1546(para)
4524
4744
msgid ""
4525
4745
"images: This is a remote publishing best-effort container images for many "
4526
4746
"distributions, created using community-provided build scripts."
4527
4747
msgstr ""
4528
4748
4529
#: serverguide/C/virtualization.xml:1483(para)
4749
#: serverguide/C/virtualization.xml:1551(para)
4530
4750
msgid "To view the images available on one of these servers, you can use:"
4531
4751
msgstr ""
4532
4752
4533
#: serverguide/C/virtualization.xml:1493(para)
4753
#: serverguide/C/virtualization.xml:1561(para)
4534
4754
msgid ""
4535
4755
"Most of the images are known by several aliases for easier reference. To see "
4536
4756
"the full list of aliases, you can use"
4537
4757
msgstr ""
4538
4758
4539
#: serverguide/C/virtualization.xml:1499(command)
4759
#: serverguide/C/virtualization.xml:1567(command)
4540
4760
msgid "lxc image alias list images:"
4541
4761
msgstr ""
4542
4762
4543
#: serverguide/C/virtualization.xml:1504(para)
4763
#: serverguide/C/virtualization.xml:1572(para)
4544
4764
msgid ""
4545
4765
"Any alias or image fingerprint can be used to specify how to create the new "
4546
4766
"container. For instance, to create an amd64 Ubuntu 14.04 container, some "
4547
4767
"options are:"
4548
4768
msgstr ""
4549
4769
4550
#: serverguide/C/virtualization.xml:1511(command)
4770
#: serverguide/C/virtualization.xml:1579(command)
4551
4771
msgid ""
4552
4772
"lxc launch ubuntu:14.04 trusty1 lxc launch ubuntu:trusty trusty1 lxc launch "
4553
4773
"ubuntu:trusty/amd64 trusty1 lxc launch ubuntu:lts trusty1"
4554
4774
msgstr ""
4555
4775
4556
#: serverguide/C/virtualization.xml:1519(para)
4776
#: serverguide/C/virtualization.xml:1587(para)
4557
4777
msgid "The 'lts' alias always refers to the latest released LTS image."
4558
4778
msgstr ""
4559
4779
4560
#: serverguide/C/virtualization.xml:1523(title) serverguide/C/virtualization.xml:2352(title)
4780
#: serverguide/C/virtualization.xml:1591(title) serverguide/C/virtualization.xml:2420(title)
4561
4781
msgid "Snapshots"
4562
4782
msgstr ""
4563
4783
4564
#: serverguide/C/virtualization.xml:1525(para)
4784
#: serverguide/C/virtualization.xml:1593(para)
4565
4785
msgid ""
4566
4786
"Containers can be renamed and live-migrated using the 'lxc move' command:"
4567
4787
msgstr ""
4568
4788
4569
#: serverguide/C/virtualization.xml:1530(command)
4789
#: serverguide/C/virtualization.xml:1598(command)
4570
4790
msgid "lxc move c1 final-beta"
4571
4791
msgstr ""
4572
4792
4573
#: serverguide/C/virtualization.xml:1535(para)
4793
#: serverguide/C/virtualization.xml:1603(para)
4574
4794
msgid "They can also be snapshotted:"
4575
4795
msgstr ""
4576
4796
4577
#: serverguide/C/virtualization.xml:1540(command)
4797
#: serverguide/C/virtualization.xml:1608(command)
4578
4798
msgid "lxc snapshot c1 YYYY-MM-DD"
4579
4799
msgstr ""
4580
4800
4581
#: serverguide/C/virtualization.xml:1545(para)
4801
#: serverguide/C/virtualization.xml:1613(para)
4582
4802
msgid "Later changes to c1 can then be reverted by restoring the snapshot:"
4583
4803
msgstr ""
4584
4804
4585
#: serverguide/C/virtualization.xml:1550(command)
4805
#: serverguide/C/virtualization.xml:1618(command)
4586
4806
msgid "lxc restore u1 YYYY-MM-DD"
4587
4807
msgstr ""
4588
4808
4589
#: serverguide/C/virtualization.xml:1555(para)
4809
#: serverguide/C/virtualization.xml:1623(para)
4590
4810
msgid ""
4591
4811
"New containers can also be created by copying a container or snapshot:"
4592
4812
msgstr ""
4593
4813
4594
#: serverguide/C/virtualization.xml:1560(command)
4814
#: serverguide/C/virtualization.xml:1628(command)
4595
4815
msgid "lxc copy u1/YYYY-MM-DD testcontainer"
4596
4816
msgstr ""
4597
4817
4598
#: serverguide/C/virtualization.xml:1567(title)
4818
#: serverguide/C/virtualization.xml:1635(title)
4599
4819
msgid "Publishing images"
4600
4820
msgstr ""
4601
4821
4602
#: serverguide/C/virtualization.xml:1569(para)
4822
#: serverguide/C/virtualization.xml:1637(para)
4603
4823
msgid ""
4604
4824
"When a container or container snapshot is ready for consumption by others, "
4605
4825
"it can be published as a new image using;"
4606
4826
msgstr ""
4607
4827
4608
#: serverguide/C/virtualization.xml:1575(command)
4828
#: serverguide/C/virtualization.xml:1643(command)
4609
4829
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0"
4610
4830
msgstr ""
4611
4831
4612
#: serverguide/C/virtualization.xml:1580(para)
4832
#: serverguide/C/virtualization.xml:1648(para)
4613
4833
msgid ""
4614
4834
"The published image will be private by default, meaning that LXD will not "
4615
4835
"allow clients without a trusted certificate to see them. If the image is "
4617
4837
"'public' flag can be set, either at publish time using"
4618
4838
msgstr ""
4619
4839
4620
#: serverguide/C/virtualization.xml:1588(command)
4840
#: serverguide/C/virtualization.xml:1656(command)
4621
4841
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0 public=true"
4622
4842
msgstr ""
4623
4843
4624
#: serverguide/C/virtualization.xml:1593(para)
4844
#: serverguide/C/virtualization.xml:1661(para)
4625
4845
msgid "or after the fact using"
4626
4846
msgstr ""
4627
4847
4628
#: serverguide/C/virtualization.xml:1598(command)
4848
#: serverguide/C/virtualization.xml:1666(command)
4629
4849
msgid "lxc image edit foo-2.0"
4630
4850
msgstr ""
4631
4851
4632
#: serverguide/C/virtualization.xml:1603(para)
4852
#: serverguide/C/virtualization.xml:1671(para)
4633
4853
msgid "and changing the value of the public field."
4634
4854
msgstr ""
4635
4855
4636
#: serverguide/C/virtualization.xml:1609(title)
4856
#: serverguide/C/virtualization.xml:1677(title)
4637
4857
msgid "Image export and import"
4638
4858
msgstr ""
4639
4859
4640
#: serverguide/C/virtualization.xml:1611(para)
4860
#: serverguide/C/virtualization.xml:1679(para)
4641
4861
msgid "Image can be exported as, and imported from, tarballs:"
4642
4862
msgstr ""
4643
4863
4644
#: serverguide/C/virtualization.xml:1616(command)
4864
#: serverguide/C/virtualization.xml:1684(command)
4645
4865
msgid ""
4646
4866
"lxc image export foo-2.0 foo-2.0.tar.gz lxc image import foo-2.0.tar.gz --"
4647
4867
"alias foo-2.0 --public"
4648
4868
msgstr ""
4649
4869
4650
#: serverguide/C/virtualization.xml:1625(title) serverguide/C/virtualization.xml:2505(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4870
#: serverguide/C/virtualization.xml:1693(title) serverguide/C/virtualization.xml:2573(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4651
4871
msgid "Troubleshooting"
4652
4872
msgstr ""
4653
4873
4654
#: serverguide/C/virtualization.xml:1627(para)
4874
#: serverguide/C/virtualization.xml:1695(para)
4655
4875
msgid ""
4656
4876
"To view debug information about LXD itself, on a systemd based host use"
4657
4877
msgstr ""
4658
4878
4659
#: serverguide/C/virtualization.xml:1632(command)
4879
#: serverguide/C/virtualization.xml:1700(command)
4660
4880
msgid "journalctl -u LXD"
4661
4881
msgstr ""
4662
4882
4663
#: serverguide/C/virtualization.xml:1637(para)
4883
#: serverguide/C/virtualization.xml:1705(para)
4664
4884
msgid ""
4665
4885
"On an Upstart-based system, you can find the log in "
4666
4886
"<filename>/var/log/upstart/lxd.log</filename>. To make LXD provide much more "
4671
4891
"<filename>/etc/init/lxd.conf</filename>."
4672
4892
msgstr ""
4673
4893
4674
#: serverguide/C/virtualization.xml:1647(para)
4894
#: serverguide/C/virtualization.xml:1715(para)
4675
4895
msgid "Container logfiles for container c1 may be seen using:"
4676
4896
msgstr ""
4677
4897
4678
#: serverguide/C/virtualization.xml:1652(command)
4898
#: serverguide/C/virtualization.xml:1720(command)
4679
4899
msgid "lxc info c1 --show-log"
4680
4900
msgstr ""
4681
4901
4682
#: serverguide/C/virtualization.xml:1657(para)
4902
#: serverguide/C/virtualization.xml:1725(para)
4683
4903
msgid ""
4684
4904
"The configuration file which was used may be found under <filename> "
4685
4905
"/var/log/lxd/c1/lxc.conf</filename> while apparmor profiles can be found in "
4687
4907
"profiles in <filename> /var/lib/lxd/security/seccomp/c1</filename>."
4688
4908
msgstr ""
4689
4909
4690
#: serverguide/C/virtualization.xml:1667(title)
4910
#: serverguide/C/virtualization.xml:1735(title)
4691
4911
msgid "LXC"
4692
4912
msgstr ""
4693
4913
4694
#: serverguide/C/virtualization.xml:1669(para)
4914
#: serverguide/C/virtualization.xml:1737(para)
4695
4915
msgid ""
4696
4916
"Containers are a lightweight virtualization technology. They are more akin "
4697
4917
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
4703
4923
"and OpenVZ functionality."
4704
4924
msgstr ""
4705
4925
4706
#: serverguide/C/virtualization.xml:1679(para)
4926
#: serverguide/C/virtualization.xml:1747(para)
4707
4927
msgid ""
4708
4928
"There are two user-space implementations of containers, each exploiting the "
4709
4929
"same kernel features. Libvirt allows the use of containers through the LXC "
4714
4934
"there are peculiarities which can cause confusion."
4715
4935
msgstr ""
4716
4936
4717
#: serverguide/C/virtualization.xml:1688(para)
4937
#: serverguide/C/virtualization.xml:1756(para)
4718
4938
msgid ""
4719
4939
"In this document we will mainly describe the <application>lxc</application> "
4720
4940
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
4721
4941
"Apparmor protection for libvirt-lxc containers."
4722
4942
msgstr ""
4723
4943
4724
#: serverguide/C/virtualization.xml:1693(para)
4944
#: serverguide/C/virtualization.xml:1761(para)
4725
4945
msgid "In this document, a container name will be shown as CN, C1, or C2."
4726
4946
msgstr ""
4727
4947
4728
#: serverguide/C/virtualization.xml:1699(para)
4948
#: serverguide/C/virtualization.xml:1767(para)
4729
4949
msgid "The <application>lxc</application> package can be installed using"
4730
4950
msgstr ""
4731
4951
4732
#: serverguide/C/virtualization.xml:1703(command)
4952
#: serverguide/C/virtualization.xml:1771(command)
4733
4953
msgid "sudo apt install lxc"
4734
4954
msgstr ""
4735
4955
4736
#: serverguide/C/virtualization.xml:1708(para)
4956
#: serverguide/C/virtualization.xml:1776(para)
4737
4957
msgid ""
4738
4958
"This will pull in the required and recommended dependencies, as well as set "
4739
4959
"up a network bridge for containers to use. If you wish to use unprivileged "
4742
4962
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
4743
4963
msgstr ""
4744
4964
4745
#: serverguide/C/virtualization.xml:1718(title) serverguide/C/vcs.xml:111(title)
4965
#: serverguide/C/virtualization.xml:1786(title) serverguide/C/vcs.xml:111(title)
4746
4966
msgid "Basic usage"
4747
4967
msgstr ""
4748
4968
4749
#: serverguide/C/virtualization.xml:1719(para)
4969
#: serverguide/C/virtualization.xml:1787(para)
4750
4970
msgid ""
4751
4971
"LXC can be used in two distinct ways - privileged, by running the lxc "
4752
4972
"commands as the root user; or unprivileged, by running the lxc commands as a "
4757
4977
"in the container is mapped to a non-root userid on the host."
4758
4978
msgstr ""
4759
4979
4760
#: serverguide/C/virtualization.xml:1731(title)
4980
#: serverguide/C/virtualization.xml:1799(title)
4761
4981
msgid "Basic privileged usage"
4762
4982
msgstr ""
4763
4983
4764
#: serverguide/C/virtualization.xml:1732(para)
4984
#: serverguide/C/virtualization.xml:1800(para)
4765
4985
msgid "To create a privileged container, you can simply do:"
4766
4986
msgstr ""
4767
4987
4768
#: serverguide/C/virtualization.xml:1736(command)
4988
#: serverguide/C/virtualization.xml:1804(command)
4769
4989
msgid "sudo lxc-create --template download --name u1"
4770
4990
msgstr ""
4771
4991
4772
#: serverguide/C/virtualization.xml:1740(command)
4992
#: serverguide/C/virtualization.xml:1808(command)
4773
4993
msgid "sudo lxc-create -t download -n u1"
4774
4994
msgstr ""
4775
4995
4776
#: serverguide/C/virtualization.xml:1735(screen)
4996
#: serverguide/C/virtualization.xml:1803(screen)
4777
4997
#, no-wrap
4778
4998
msgid ""
4779
4999
"\n"
4782
5002
"<placeholder-2/>\n"
4783
5003
msgstr ""
4784
5004
4785
#: serverguide/C/virtualization.xml:1744(para)
5005
#: serverguide/C/virtualization.xml:1812(para)
4786
5006
msgid ""
4787
5007
"This will interactively ask for a container root filesystem type to download "
4788
5008
"- in particular the distribution, release, and architecture. To create the "
4790
5010
"line:"
4791
5011
msgstr ""
4792
5012
4793
#: serverguide/C/virtualization.xml:1751(command)
5013
#: serverguide/C/virtualization.xml:1819(command)
4794
5014
msgid ""
4795
5015
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release xenial --arch "
4796
5016
"amd64"
4797
5017
msgstr ""
4798
5018
4799
#: serverguide/C/virtualization.xml:1755(command)
5019
#: serverguide/C/virtualization.xml:1823(command)
4800
5020
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64"
4801
5021
msgstr ""
4802
5022
4803
#: serverguide/C/virtualization.xml:1750(screen)
5023
#: serverguide/C/virtualization.xml:1818(screen)
4804
5024
#, no-wrap
4805
5025
msgid ""
4806
5026
"\n"
4809
5029
"<placeholder-2/>\n"
4810
5030
msgstr ""
4811
5031
4812
#: serverguide/C/virtualization.xml:1760(para)
5032
#: serverguide/C/virtualization.xml:1828(para)
4813
5033
msgid ""
4814
5034
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
4815
5035
"info</command> to obtain detailed container information, <command>lxc-"
4821
5041
"look like:"
4822
5042
msgstr ""
4823
5043
4824
#: serverguide/C/virtualization.xml:1771(command)
5044
#: serverguide/C/virtualization.xml:1839(command)
4825
5045
msgid ""
4826
5046
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
4827
5047
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
4828
5048
msgstr ""
4829
5049
4830
#: serverguide/C/virtualization.xml:1783(title)
5050
#: serverguide/C/virtualization.xml:1851(title)
4831
5051
msgid "User namespaces"
4832
5052
msgstr ""
4833
5053
4834
#: serverguide/C/virtualization.xml:1784(para)
5054
#: serverguide/C/virtualization.xml:1852(para)
4835
5055
msgid ""
4836
5056
"Unprivileged containers allow users to create and administer containers "
4837
5057
"without having any root privilege. The feature underpinning this is called "
4848
5068
"convention started at id 100000 to avoid conflicting with system users."
4849
5069
msgstr ""
4850
5070
4851
#: serverguide/C/virtualization.xml:1802(para)
5071
#: serverguide/C/virtualization.xml:1870(para)
4852
5072
msgid ""
4853
5073
"If a user was created on an earlier release, it can be granted a range of "
4854
5074
"ids using <command>usermod</command>, as follows:"
4855
5075
msgstr ""
4856
5076
4857
#: serverguide/C/virtualization.xml:1807(command)
5077
#: serverguide/C/virtualization.xml:1875(command)
4858
5078
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
4859
5079
msgstr ""
4860
5080
4861
#: serverguide/C/virtualization.xml:1812(para)
5081
#: serverguide/C/virtualization.xml:1880(para)
4862
5082
msgid ""
4863
5083
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
4864
5084
"are setuid-root programs in the <filename>uidmap</filename> package, which "
4867
5087
"authorized by the host configuration."
4868
5088
msgstr ""
4869
5089
4870
#: serverguide/C/virtualization.xml:1823(title)
5090
#: serverguide/C/virtualization.xml:1891(title)
4871
5091
msgid "Basic unprivileged usage"
4872
5092
msgstr ""
4873
5093
4874
#: serverguide/C/virtualization.xml:1827(para)
5094
#: serverguide/C/virtualization.xml:1895(para)
4875
5095
msgid ""
4876
5096
"To create unprivileged containers, a few first steps are needed. You will "
4877
5097
"need to create a default container configuration file, specifying your "
4881
5101
"your actual user and group id ranges and modify the example accordingly:"
4882
5102
msgstr ""
4883
5103
4884
#: serverguide/C/virtualization.xml:1837(command)
5104
#: serverguide/C/virtualization.xml:1905(command)
4885
5105
msgid "grep $USER /etc/subuid grep $USER /etc/subgid"
4886
5106
msgstr ""
4887
5107
4888
#: serverguide/C/virtualization.xml:1843(command)
5108
#: serverguide/C/virtualization.xml:1911(command)
4889
5109
msgid ""
4890
5110
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
4891
5111
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
4895
5115
"/etc/lxc/lxc-usernet"
4896
5116
msgstr ""
4897
5117
4898
#: serverguide/C/virtualization.xml:1853(para)
5118
#: serverguide/C/virtualization.xml:1921(para)
4899
5119
msgid ""
4900
5120
"After this, you can create unprivileged containers the same way as "
4901
5121
"privileged ones, simply without using sudo."
4902
5122
msgstr ""
4903
5123
4904
#: serverguide/C/virtualization.xml:1858(command)
5124
#: serverguide/C/virtualization.xml:1926(command)
4905
5125
msgid ""
4906
5126
"lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64 lxc-start -n u1 "
4907
5127
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
4908
5128
msgstr ""
4909
5129
4910
#: serverguide/C/virtualization.xml:1870(para)
5130
#: serverguide/C/virtualization.xml:1938(para)
4911
5131
msgid ""
4912
5132
"In order to run containers inside containers - referred to as nested "
4913
5133
"containers - two lines must be present in the parent container configuration "
4924
5144
"information."
4925
5145
msgstr ""
4926
5146
4927
#: serverguide/C/virtualization.xml:1892(title)
5147
#: serverguide/C/virtualization.xml:1960(title)
4928
5148
msgid "Global configuration"
4929
5149
msgstr ""
4930
5150
4931
#: serverguide/C/virtualization.xml:1899(para)
5151
#: serverguide/C/virtualization.xml:1967(para)
4932
5152
msgid ""
4933
5153
"<filename>lxc.conf</filename> may optionally specify alternate values for "
4934
5154
"several lxc settings, including the lxcpath, the default configuration, "
4936
5156
"lvm and zfs."
4937
5157
msgstr ""
4938
5158
4939
#: serverguide/C/virtualization.xml:1905(para)
5159
#: serverguide/C/virtualization.xml:1973(para)
4940
5160
msgid ""
4941
5161
"<filename>default.conf</filename> specifies configuration which every newly "
4942
5162
"created container should contain. This usually contains at least a network "
4943
5163
"section, and, for unprivileged users, an id mapping section"
4944
5164
msgstr ""
4945
5165
4946
#: serverguide/C/virtualization.xml:1911(para)
5166
#: serverguide/C/virtualization.xml:1979(para)
4947
5167
msgid ""
4948
5168
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
4949
5169
"connect their containers to the host-owned network."
4950
5170
msgstr ""
4951
5171
4952
#: serverguide/C/virtualization.xml:1893(para)
5172
#: serverguide/C/virtualization.xml:1961(para)
4953
5173
msgid ""
4954
5174
"The following configuration files are consulted by LXC. For privileged use, "
4955
5175
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
4956
5176
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
4957
5177
msgstr ""
4958
5178
4959
#: serverguide/C/virtualization.xml:1916(para)
5179
#: serverguide/C/virtualization.xml:1984(para)
4960
5180
msgid ""
4961
5181
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
4962
5182
"under <filename>/etc/lxc</filename> and "
4964
5184
"usernet.conf</filename> is only host-wide."
4965
5185
msgstr ""
4966
5186
4967
#: serverguide/C/virtualization.xml:1921(para)
5187
#: serverguide/C/virtualization.xml:1989(para)
4968
5188
msgid ""
4969
5189
"By default, containers are located under /var/lib/lxc for the root user, and "
4970
5190
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
4971
5191
"commands using the \"-P|--lxcpath\" argument."
4972
5192
msgstr ""
4973
5193
4974
#: serverguide/C/virtualization.xml:1930(title) serverguide/C/network-config.xml:11(title)
5194
#: serverguide/C/virtualization.xml:1998(title) serverguide/C/network-config.xml:11(title)
4975
5195
msgid "Networking"
4976
5196
msgstr ""
4977
5197
4978
#: serverguide/C/virtualization.xml:1931(para)
5198
#: serverguide/C/virtualization.xml:1999(para)
4979
5199
msgid ""
4980
5200
"By default LXC creates a private network namespace for each container, which "
4981
5201
"includes a layer 2 networking stack. Containers usually connect to the "
4987
5207
"container is not usable on the host."
4988
5208
msgstr ""
4989
5209
4990
#: serverguide/C/virtualization.xml:1939(para)
5210
#: serverguide/C/virtualization.xml:2007(para)
4991
5211
msgid ""
4992
5212
"It is possible to create a container without a private network namespace. In "
4993
5213
"this case, the container will have access to the host networking like any "
4997
5217
"Unix domain socket to the host's upstart, and shut down the host."
4998
5218
msgstr ""
4999
5219
5000
#: serverguide/C/virtualization.xml:1945(para)
5220
#: serverguide/C/virtualization.xml:2013(para)
5001
5221
msgid ""
5002
5222
"To give containers on lxcbr0 a persistent ip address based on domain name, "
5003
5223
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
5007
5227
"</screen>"
5008
5228
msgstr ""
5009
5229
5010
#: serverguide/C/virtualization.xml:1953(para)
5230
#: serverguide/C/virtualization.xml:2021(para)
5011
5231
msgid ""
5012
5232
"If it is desirable for the container to be publicly accessible, there are a "
5013
5233
"few ways to go about it. One is to use <command>iptables</command> to "
5026
5246
"are preferred and more commonly used."
5027
5247
msgstr ""
5028
5248
5029
#: serverguide/C/virtualization.xml:1974(para)
5249
#: serverguide/C/virtualization.xml:2042(para)
5030
5250
msgid ""
5031
5251
"There are several ways to determine the ip address for a container. First, "
5032
5252
"you can use <command>lxc-ls --fancy</command> which will print the ip "
5042
5262
"</screen>"
5043
5263
msgstr ""
5044
5264
5045
#: serverguide/C/virtualization.xml:1989(para)
5265
#: serverguide/C/virtualization.xml:2057(para)
5046
5266
msgid ""
5047
5267
"For more information, see the lxc.conf manpage as well as the example "
5048
5268
"network configurations under "
5049
5269
"<filename>/usr/share/doc/lxc/examples/</filename>."
5050
5270
msgstr ""
5051
5271
5052
#: serverguide/C/virtualization.xml:1995(title)
5272
#: serverguide/C/virtualization.xml:2063(title)
5053
5273
msgid "LXC startup"
5054
5274
msgstr ""
5055
5275
5056
#: serverguide/C/virtualization.xml:1997(para)
5276
#: serverguide/C/virtualization.xml:2065(para)
5057
5277
msgid ""
5058
5278
"LXC does not have a long-running daemon. However it does have three upstart "
5059
5279
"jobs."
5060
5280
msgstr ""
5061
5281
5062
#: serverguide/C/virtualization.xml:2003(para)
5282
#: serverguide/C/virtualization.xml:2071(para)
5063
5283
msgid ""
5064
5284
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
5065
5285
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
5066
5286
"(true by default). It sets up a NATed bridge for containers to use."
5067
5287
msgstr ""
5068
5288
5069
#: serverguide/C/virtualization.xml:2011(para)
5289
#: serverguide/C/virtualization.xml:2079(para)
5070
5290
msgid ""
5071
5291
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
5072
5292
"optionally starts any autostart containers. The autostart containers will be "
5075
5295
"more information on autostarted containers."
5076
5296
msgstr ""
5077
5297
5078
#: serverguide/C/virtualization.xml:2021(para)
5298
#: serverguide/C/virtualization.xml:2089(para)
5079
5299
msgid ""
5080
5300
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
5081
5301
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
5082
5302
msgstr ""
5083
5303
5084
#: serverguide/C/virtualization.xml:2030(title)
5304
#: serverguide/C/virtualization.xml:2098(title)
5085
5305
msgid "Backing Stores"
5086
5306
msgstr ""
5087
5307
5088
#: serverguide/C/virtualization.xml:2031(para)
5308
#: serverguide/C/virtualization.xml:2099(para)
5089
5309
msgid ""
5090
5310
"LXC supports several backing stores for container root filesystems. The "
5091
5311
"default is a simple directory backing store, because it requires no prior "
5100
5320
"<filename>$lxcpath/C1/rootfs</filename>."
5101
5321
msgstr ""
5102
5322
5103
#: serverguide/C/virtualization.xml:2045(para)
5323
#: serverguide/C/virtualization.xml:2113(para)
5104
5324
msgid ""
5105
5325
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
5106
5326
"backed container, with a rootfs called "
5108
5328
" Other backing store types include loop, btrfs, LVM and zfs."
5109
5329
msgstr ""
5110
5330
5111
#: serverguide/C/virtualization.xml:2053(para)
5331
#: serverguide/C/virtualization.xml:2121(para)
5112
5332
msgid ""
5113
5333
"A btrfs backed container mostly looks like a directory backed container, "
5114
5334
"with its root filesystem in the same location. However, the root filesystem "
5116
5336
"snapshot."
5117
5337
msgstr ""
5118
5338
5119
#: serverguide/C/virtualization.xml:2060(para)
5339
#: serverguide/C/virtualization.xml:2128(para)
5120
5340
msgid ""
5121
5341
"The root filesystem for an LVM backed container can be any separate LV. The "
5122
5342
"default VG name can be specified in lxc.conf. The filesystem type and size "
5123
5343
"are configurable per-container using lxc-create."
5124
5344
msgstr ""
5125
5345
5126
#: serverguide/C/virtualization.xml:2066(para)
5346
#: serverguide/C/virtualization.xml:2134(para)
5127
5347
msgid ""
5128
5348
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
5129
5349
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
5131
5351
"in lxc.system.conf."
5132
5352
msgstr ""
5133
5353
5134
#: serverguide/C/virtualization.xml:2073(para)
5354
#: serverguide/C/virtualization.xml:2141(para)
5135
5355
msgid ""
5136
5356
"More information on creating containers with the various backing stores can "
5137
5357
"be found in the lxc-create manual page."
5138
5358
msgstr ""
5139
5359
5140
#: serverguide/C/virtualization.xml:2080(title)
5360
#: serverguide/C/virtualization.xml:2148(title)
5141
5361
msgid "Templates"
5142
5362
msgstr ""
5143
5363
5144
#: serverguide/C/virtualization.xml:2081(para)
5364
#: serverguide/C/virtualization.xml:2149(para)
5145
5365
msgid ""
5146
5366
"Creating a container generally involves creating a root filesystem for the "
5147
5367
"container. <command>lxc-create</command> delegates this work to "
5152
5372
"others."
5153
5373
msgstr ""
5154
5374
5155
#: serverguide/C/virtualization.xml:2090(para)
5375
#: serverguide/C/virtualization.xml:2158(para)
5156
5376
msgid ""
5157
5377
"Creating distribution images in most cases requires the ability to create "
5158
5378
"device nodes, often requires tools which are not available in other "
5163
5383
"could not for instance easily run the <command>debootstrap</command> command."
5164
5384
msgstr ""
5165
5385
5166
#: serverguide/C/virtualization.xml:2100(para)
5386
#: serverguide/C/virtualization.xml:2168(para)
5167
5387
msgid ""
5168
5388
"When running <command>lxc-create</command>, all options which come after "
5169
5389
"<emphasis>--</emphasis> are passed to the template. In the following "
5176
5396
"</screen>"
5177
5397
msgstr ""
5178
5398
5179
#: serverguide/C/virtualization.xml:2112(para)
5399
#: serverguide/C/virtualization.xml:2180(para)
5180
5400
msgid ""
5181
5401
"You can obtain help for the options supported by any particular container by "
5182
5402
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
5183
5403
"create</command>. For instance, for help with the download template,"
5184
5404
msgstr ""
5185
5405
5186
#: serverguide/C/virtualization.xml:2119(command)
5406
#: serverguide/C/virtualization.xml:2187(command)
5187
5407
msgid "lxc-create --template download --help"
5188
5408
msgstr ""
5189
5409
5190
#: serverguide/C/virtualization.xml:2125(title)
5410
#: serverguide/C/virtualization.xml:2193(title)
5191
5411
msgid "Autostart"
5192
5412
msgstr ""
5193
5413
5194
#: serverguide/C/virtualization.xml:2126(para)
5414
#: serverguide/C/virtualization.xml:2194(para)
5195
5415
msgid ""
5196
5416
"LXC supports marking containers to be started at system boot. Prior to "
5197
5417
"Ubuntu 14.04, this was done using symbolic links under the directory "
5208
5428
"lxc.container.conf for more information."
5209
5429
msgstr ""
5210
5430
5211
#: serverguide/C/virtualization.xml:2146(para)
5431
#: serverguide/C/virtualization.xml:2214(para)
5212
5432
msgid ""
5213
5433
"LXC ships with a default Apparmor profile intended to protect the host from "
5214
5434
"accidental misuses of privilege inside the container. For instance, the "
5216
5436
"trigger</filename> or to most <filename>/sys</filename> files."
5217
5437
msgstr ""
5218
5438
5219
#: serverguide/C/virtualization.xml:2152(para)
5439
#: serverguide/C/virtualization.xml:2220(para)
5220
5440
msgid ""
5221
5441
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
5222
5442
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
5229
5449
"dangerous paths, and from mounting most filesystems."
5230
5450
msgstr ""
5231
5451
5232
#: serverguide/C/virtualization.xml:2163(para)
5452
#: serverguide/C/virtualization.xml:2231(para)
5233
5453
msgid ""
5234
5454
"Programs in a container cannot be further confined - for instance, MySQL "
5235
5455
"runs under the container profile (protecting the host) but will not be able "
5236
5456
"to enter the MySQL profile (to protect the container)."
5237
5457
msgstr ""
5238
5458
5239
#: serverguide/C/virtualization.xml:2168(para)
5459
#: serverguide/C/virtualization.xml:2236(para)
5240
5460
msgid ""
5241
5461
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
5242
5462
"container it spawns will be confined."
5243
5463
msgstr ""
5244
5464
5245
#: serverguide/C/virtualization.xml:2171(title)
5465
#: serverguide/C/virtualization.xml:2239(title)
5246
5466
msgid "Customizing container policies"
5247
5467
msgstr ""
5248
5468
5249
#: serverguide/C/virtualization.xml:2172(para)
5469
#: serverguide/C/virtualization.xml:2240(para)
5250
5470
msgid ""
5251
5471
"If you find that <command>lxc-start</command> is failing due to a legitimate "
5252
5472
"access which is being denied by its Apparmor policy, you can disable the lxc-"
5253
5473
"start profile by doing:"
5254
5474
msgstr ""
5255
5475
5256
#: serverguide/C/virtualization.xml:2176(screen)
5476
#: serverguide/C/virtualization.xml:2244(screen)
5257
5477
#, no-wrap
5258
5478
msgid ""
5259
5479
"\n"
5261
5481
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
5262
5482
msgstr ""
5263
5483
5264
#: serverguide/C/virtualization.xml:2181(para)
5484
#: serverguide/C/virtualization.xml:2249(para)
5265
5485
msgid ""
5266
5486
"This will make <command>lxc-start</command> run unconfined, but continue to "
5267
5487
"confine the container itself. If you also wish to disable confinement of the "
5269
5489
"start</filename> profile, you must add:"
5270
5490
msgstr ""
5271
5491
5272
#: serverguide/C/virtualization.xml:2186(screen)
5492
#: serverguide/C/virtualization.xml:2254(screen)
5273
5493
#, no-wrap
5274
5494
msgid ""
5275
5495
"\n"
5276
5496
"lxc.aa_profile = unconfined\n"
5277
5497
msgstr ""
5278
5498
5279
#: serverguide/C/virtualization.xml:2190(para)
5499
#: serverguide/C/virtualization.xml:2258(para)
5280
5500
msgid "to the container's configuration file."
5281
5501
msgstr ""
5282
5502
5283
#: serverguide/C/virtualization.xml:2192(para)
5503
#: serverguide/C/virtualization.xml:2260(para)
5284
5504
msgid ""
5285
5505
"LXC ships with a few alternate policies for containers. If you wish to run "
5286
5506
"containers inside containers (nesting), then you can use the lxc-container-"
5295
5515
"\t</screen> and re-load the policy."
5296
5516
msgstr ""
5297
5517
5298
#: serverguide/C/virtualization.xml:2209(para)
5518
#: serverguide/C/virtualization.xml:2277(para)
5299
5519
msgid ""
5300
5520
"Note that the nesting policy with privileged containers is far less safe "
5301
5521
"than the default policy, as it allows containers to re-mount "
5305
5525
"<filename>proc</filename> and <filename>sys</filename> files."
5306
5526
msgstr ""
5307
5527
5308
#: serverguide/C/virtualization.xml:2217(para)
5528
#: serverguide/C/virtualization.xml:2285(para)
5309
5529
msgid ""
5310
5530
"Another profile shipped with lxc allows containers to mount block filesystem "
5311
5531
"types like ext4. This can be useful in some cases like maas provisioning, "
5313
5533
"have not been audited for safe handling of untrusted input."
5314
5534
msgstr ""
5315
5535
5316
#: serverguide/C/virtualization.xml:2223(para)
5536
#: serverguide/C/virtualization.xml:2291(para)
5317
5537
msgid ""
5318
5538
"If you need to run a container in a custom profile, you can create a new "
5319
5539
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
5325
5545
"permissions at the bottom of your policy."
5326
5546
msgstr ""
5327
5547
5328
#: serverguide/C/virtualization.xml:2234(para)
5548
#: serverguide/C/virtualization.xml:2302(para)
5329
5549
msgid "After creating the policy, load it using:"
5330
5550
msgstr ""
5331
5551
5332
#: serverguide/C/virtualization.xml:2236(screen)
5552
#: serverguide/C/virtualization.xml:2304(screen)
5333
5553
#, no-wrap
5334
5554
msgid ""
5335
5555
"\n"
5336
5556
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
5337
5557
msgstr ""
5338
5558
5339
#: serverguide/C/virtualization.xml:2240(para)
5559
#: serverguide/C/virtualization.xml:2308(para)
5340
5560
msgid ""
5341
5561
"The profile will automatically be loaded after a reboot, because it is "
5342
5562
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
5345
5565
"configuration file:"
5346
5566
msgstr ""
5347
5567
5348
#: serverguide/C/virtualization.xml:2247(screen)
5568
#: serverguide/C/virtualization.xml:2315(screen)
5349
5569
#, no-wrap
5350
5570
msgid ""
5351
5571
"\n"
5352
5572
"lxc.aa_profile = lxc-CN-profile\n"
5353
5573
msgstr ""
5354
5574
5355
#: serverguide/C/virtualization.xml:2255(title) serverguide/C/cgroups.xml:11(title)
5575
#: serverguide/C/virtualization.xml:2323(title) serverguide/C/cgroups.xml:11(title)
5356
5576
msgid "Control Groups"
5357
5577
msgstr ""
5358
5578
5359
#: serverguide/C/virtualization.xml:2257(para)
5579
#: serverguide/C/virtualization.xml:2325(para)
5360
5580
msgid ""
5361
5581
"Control groups (cgroups) are a kernel feature providing hierarchical task "
5362
5582
"grouping and per-cgroup resource accounting and limits. They are used in "
5365
5585
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
5366
5586
msgstr ""
5367
5587
5368
#: serverguide/C/virtualization.xml:2265(para)
5588
#: serverguide/C/virtualization.xml:2333(para)
5369
5589
msgid ""
5370
5590
"By default, a privileged container CN will be assigned to a cgroup called "
5371
5591
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
5373
5593
"at 0, will be appended to the cgroup name."
5374
5594
msgstr ""
5375
5595
5376
#: serverguide/C/virtualization.xml:2271(para)
5596
#: serverguide/C/virtualization.xml:2339(para)
5377
5597
msgid ""
5378
5598
"By default, a privileged container CN will be assigned to a cgroup called "
5379
5599
"<filename>CN</filename> under the cgroup of the task which started the "
5382
5602
"all files) so that it is allowed to create new child cgroups."
5383
5603
msgstr ""
5384
5604
5385
#: serverguide/C/virtualization.xml:2278(para)
5605
#: serverguide/C/virtualization.xml:2346(para)
5386
5606
msgid ""
5387
5607
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
5388
5608
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
5403
5623
"requests for which they are not authorized."
5404
5624
msgstr ""
5405
5625
5406
#: serverguide/C/virtualization.xml:2302(title)
5626
#: serverguide/C/virtualization.xml:2370(title)
5407
5627
msgid "Cloning"
5408
5628
msgstr ""
5409
5629
5410
#: serverguide/C/virtualization.xml:2304(para)
5630
#: serverguide/C/virtualization.xml:2372(para)
5411
5631
msgid ""
5412
5632
"For rapid provisioning, you may wish to customize a canonical container "
5413
5633
"according to your needs and then make multiple copies of it. This can be "
5414
5634
"done with the <command>lxc-clone</command> program."
5415
5635
msgstr ""
5416
5636
5417
#: serverguide/C/virtualization.xml:2308(para)
5637
#: serverguide/C/virtualization.xml:2376(para)
5418
5638
msgid ""
5419
5639
"Clones are either snapshots or copies of another container. A copy is a new "
5420
5640
"container copied from the original, and takes as much space on the host as "
5430
5650
"and apt to be slower."
5431
5651
msgstr ""
5432
5652
5433
#: serverguide/C/virtualization.xml:2322(para)
5653
#: serverguide/C/virtualization.xml:2390(para)
5434
5654
msgid ""
5435
5655
"Snapshots of directory-packed containers are created using the overlay "
5436
5656
"filesystem. For instance, a privileged directory-backed container C1 will "
5442
5662
"container, and to only use its snapshots."
5443
5663
msgstr ""
5444
5664
5445
#: serverguide/C/virtualization.xml:2334(para)
5665
#: serverguide/C/virtualization.xml:2402(para)
5446
5666
msgid "Given an existing container called C1, a copy can be created using:"
5447
5667
msgstr ""
5448
5668
5449
#: serverguide/C/virtualization.xml:2338(command)
5669
#: serverguide/C/virtualization.xml:2406(command)
5450
5670
msgid "sudo lxc-clone -o C1 -n C2"
5451
5671
msgstr ""
5452
5672
5453
#: serverguide/C/virtualization.xml:2343(para)
5673
#: serverguide/C/virtualization.xml:2411(para)
5454
5674
msgid "A snapshot can be created using:"
5455
5675
msgstr ""
5456
5676
5457
#: serverguide/C/virtualization.xml:2345(command)
5677
#: serverguide/C/virtualization.xml:2413(command)
5458
5678
msgid "sudo lxc-clone -s -o C1 -n C2"
5459
5679
msgstr ""
5460
5680
5461
#: serverguide/C/virtualization.xml:2349(para)
5681
#: serverguide/C/virtualization.xml:2417(para)
5462
5682
msgid "See the lxc-clone manpage for more information."
5463
5683
msgstr ""
5464
5684
5465
#: serverguide/C/virtualization.xml:2353(para)
5685
#: serverguide/C/virtualization.xml:2421(para)
5466
5686
msgid ""
5467
5687
"To more easily support the use of snapshot clones for iterative container "
5468
5688
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
5480
5700
"is erased and replaced with the snap1 snapshot."
5481
5701
msgstr ""
5482
5702
5483
#: serverguide/C/virtualization.xml:2372(para)
5703
#: serverguide/C/virtualization.xml:2440(para)
5484
5704
msgid ""
5485
5705
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
5486
5706
"lxc-snapshot is called on a directory-backed container, an error will be "
5501
5721
"</screen>"
5502
5722
msgstr ""
5503
5723
5504
#: serverguide/C/virtualization.xml:2396(title)
5724
#: serverguide/C/virtualization.xml:2464(title)
5505
5725
msgid "Ephemeral Containers"
5506
5726
msgstr ""
5507
5727
5508
#: serverguide/C/virtualization.xml:2397(para)
5728
#: serverguide/C/virtualization.xml:2465(para)
5509
5729
msgid ""
5510
5730
"While snapshots are useful for longer-term incremental development of "
5511
5731
"images, ephemeral containers utilize snapshots for quick, single-use "
5520
5740
"page for more options."
5521
5741
msgstr ""
5522
5742
5523
#: serverguide/C/virtualization.xml:2415(title)
5743
#: serverguide/C/virtualization.xml:2483(title)
5524
5744
msgid "Lifecycle management hooks"
5525
5745
msgstr ""
5526
5746
5527
#: serverguide/C/virtualization.xml:2417(para)
5747
#: serverguide/C/virtualization.xml:2485(para)
5528
5748
msgid ""
5529
5749
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
5530
5750
"at specific points in a container's lifetime:"
5531
5751
msgstr ""
5532
5752
5533
#: serverguide/C/virtualization.xml:2422(para)
5753
#: serverguide/C/virtualization.xml:2490(para)
5534
5754
msgid ""
5535
5755
"Pre-start hooks are run in the host's namespace before the container ttys, "
5536
5756
"consoles, or mounts are up. If any mounts are done in this hook, they should "
5537
5757
"be cleaned up in the post-stop hook."
5538
5758
msgstr ""
5539
5759
5540
#: serverguide/C/virtualization.xml:2429(para)
5760
#: serverguide/C/virtualization.xml:2497(para)
5541
5761
msgid ""
5542
5762
"Pre-mount hooks are run in the container's namespaces, but before the root "
5543
5763
"filesystem has been mounted. Mounts done in this hook will be automatically "
5544
5764
"cleaned up when the container shuts down."
5545
5765
msgstr ""
5546
5766
5547
#: serverguide/C/virtualization.xml:2436(para)
5767
#: serverguide/C/virtualization.xml:2504(para)
5548
5768
msgid ""
5549
5769
"Mount hooks are run after the container filesystems have been mounted, but "
5550
5770
"before the container has called <command>pivot_root</command> to change its "
5551
5771
"root filesystem."
5552
5772
msgstr ""
5553
5773
5554
#: serverguide/C/virtualization.xml:2443(para)
5774
#: serverguide/C/virtualization.xml:2511(para)
5555
5775
msgid ""
5556
5776
"Start hooks are run immediately before executing the container's init. Since "
5557
5777
"these are executed after pivoting into the container's filesystem, the "
5558
5778
"command to be executed must be copied into the container's filesystem."
5559
5779
msgstr ""
5560
5780
5561
#: serverguide/C/virtualization.xml:2450(para)
5781
#: serverguide/C/virtualization.xml:2518(para)
5562
5782
msgid "Post-stop hooks are executed after the container has been shut down."
5563
5783
msgstr ""
5564
5784
5565
#: serverguide/C/virtualization.xml:2455(para)
5785
#: serverguide/C/virtualization.xml:2523(para)
5566
5786
msgid ""
5567
5787
"If any hook returns an error, the container's run will be aborted. Any "
5568
5788
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
5569
5789
"generated by the script will be logged at the debug priority."
5570
5790
msgstr ""
5571
5791
5572
#: serverguide/C/virtualization.xml:2460(para)
5792
#: serverguide/C/virtualization.xml:2528(para)
5573
5793
msgid ""
5574
5794
"Please see the lxc.container.conf manual page for the configuration file "
5575
5795
"format with which to specify hooks. Some sample hooks are shipped with the "
5576
5796
"lxc package to serve as an example of how to write and use such hooks."
5577
5797
msgstr ""
5578
5798
5579
#: serverguide/C/virtualization.xml:2467(title)
5799
#: serverguide/C/virtualization.xml:2535(title)
5580
5800
msgid "Consoles"
5581
5801
msgstr ""
5582
5802
5583
#: serverguide/C/virtualization.xml:2469(para)
5803
#: serverguide/C/virtualization.xml:2537(para)
5584
5804
msgid ""
5585
5805
"Containers have a configurable number of consoles. One always exists on the "
5586
5806
"container's <filename>/dev/console</filename>. This is shown on the terminal "
5594
5814
"3 from the host, use:"
5595
5815
msgstr ""
5596
5816
5597
#: serverguide/C/virtualization.xml:2482(command)
5817
#: serverguide/C/virtualization.xml:2550(command)
5598
5818
msgid "sudo lxc-console -n container -t 3"
5599
5819
msgstr ""
5600
5820
5601
#: serverguide/C/virtualization.xml:2487(para)
5821
#: serverguide/C/virtualization.xml:2555(para)
5602
5822
msgid ""
5603
5823
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
5604
5824
"console will be automatically chosen. To exit the console, use the escape "
5607
5827
"d</emphasis> option."
5608
5828
msgstr ""
5609
5829
5610
#: serverguide/C/virtualization.xml:2493(para)
5830
#: serverguide/C/virtualization.xml:2561(para)
5611
5831
msgid ""
5612
5832
"Each container console is actually a Unix98 pty in the host's (not the "
5613
5833
"guest's) pty mount, bind-mounted over the guest's "
5620
5840
"<filename>/dev</filename>."
5621
5841
msgstr ""
5622
5842
5623
#: serverguide/C/virtualization.xml:2507(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5843
#: serverguide/C/virtualization.xml:2575(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5624
5844
msgid "Logging"
5625
5845
msgstr ""
5626
5846
5627
#: serverguide/C/virtualization.xml:2508(para)
5847
#: serverguide/C/virtualization.xml:2576(para)
5628
5848
msgid ""
5629
5849
"If something goes wrong when starting a container, the first step should be "
5630
5850
"to get full logging from LXC: <screen>\n"
5637
5857
"new log information will be appended."
5638
5858
msgstr ""
5639
5859
5640
#: serverguide/C/virtualization.xml:2523(title)
5860
#: serverguide/C/virtualization.xml:2591(title)
5641
5861
msgid "Monitoring container status"
5642
5862
msgstr ""
5643
5863
5644
#: serverguide/C/virtualization.xml:2525(para)
5864
#: serverguide/C/virtualization.xml:2593(para)
5645
5865
msgid ""
5646
5866
"Two commands are available to monitor container state changes. <command>lxc-"
5647
5867
"monitor</command> monitors one or more containers for any state changes. It "
5653
5873
"instance,"
5654
5874
msgstr ""
5655
5875
5656
#: serverguide/C/virtualization.xml:2535(command)
5876
#: serverguide/C/virtualization.xml:2603(command)
5657
5877
msgid "sudo lxc-monitor -n cont[0-5]*"
5658
5878
msgstr ""
5659
5879
5660
#: serverguide/C/virtualization.xml:2540(para)
5880
#: serverguide/C/virtualization.xml:2608(para)
5661
5881
msgid ""
5662
5882
"would print all state changes to any containers matching the listed regular "
5663
5883
"expression, whereas"
5664
5884
msgstr ""
5665
5885
5666
#: serverguide/C/virtualization.xml:2544(command)
5886
#: serverguide/C/virtualization.xml:2612(command)
5667
5887
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
5668
5888
msgstr ""
5669
5889
5670
#: serverguide/C/virtualization.xml:2549(para)
5890
#: serverguide/C/virtualization.xml:2617(para)
5671
5891
msgid ""
5672
5892
"will wait until container cont1 enters state STOPPED or state FROZEN and "
5673
5893
"then exit."
5674
5894
msgstr ""
5675
5895
5676
#: serverguide/C/virtualization.xml:2554(title)
5896
#: serverguide/C/virtualization.xml:2622(title)
5677
5897
msgid "Attach"
5678
5898
msgstr ""
5679
5899
5680
#: serverguide/C/virtualization.xml:2555(para)
5900
#: serverguide/C/virtualization.xml:2623(para)
5681
5901
msgid ""
5682
5902
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
5683
5903
"The simplest case is to simply do <screen>\n"
5690
5910
"context. See the manual page for more information."
5691
5911
msgstr ""
5692
5912
5693
#: serverguide/C/virtualization.xml:2571(title)
5913
#: serverguide/C/virtualization.xml:2639(title)
5694
5914
msgid "Container init verbosity"
5695
5915
msgstr ""
5696
5916
5697
#: serverguide/C/virtualization.xml:2572(para)
5917
#: serverguide/C/virtualization.xml:2640(para)
5698
5918
msgid ""
5699
5919
"If LXC completes the container startup, but the container init fails to "
5700
5920
"complete (for instance, no login prompt is shown), it can be useful to "
5713
5933
"</screen>"
5714
5934
msgstr ""
5715
5935
5716
#: serverguide/C/virtualization.xml:2596(title)
5936
#: serverguide/C/virtualization.xml:2664(title)
5717
5937
msgid "LXC API"
5718
5938
msgstr ""
5719
5939
5720
#: serverguide/C/virtualization.xml:2598(para)
5940
#: serverguide/C/virtualization.xml:2666(para)
5721
5941
msgid ""
5722
5942
"Most of the LXC functionality can now be accessed through an API exported by "
5723
5943
"<filename>liblxc</filename> for which bindings are available in several "
5724
5944
"languages, including Python, lua, ruby, and go."
5725
5945
msgstr ""
5726
5946
5727
#: serverguide/C/virtualization.xml:2602(para)
5947
#: serverguide/C/virtualization.xml:2670(para)
5728
5948
msgid ""
5729
5949
"Below is an example using the python bindings (which are available in the "
5730
5950
"<application>python3-lxc</application> package) which creates and starts a "
5731
5951
"container, then waits until it has been shut down:"
5732
5952
msgstr ""
5733
5953
5734
#: serverguide/C/virtualization.xml:2608(programlisting)
5954
#: serverguide/C/virtualization.xml:2676(programlisting)
5735
5955
#, no-wrap
5736
5956
msgid ""
5737
5957
"\n"
5753
5973
"True\n"
5754
5974
msgstr ""
5755
5975
5756
#: serverguide/C/virtualization.xml:2628(title) serverguide/C/security.xml:11(title)
5976
#: serverguide/C/virtualization.xml:2696(title) serverguide/C/security.xml:11(title)
5757
5977
msgid "Security"
5758
5978
msgstr "Saugumas"
5759
5979
5760
#: serverguide/C/virtualization.xml:2630(para)
5980
#: serverguide/C/virtualization.xml:2698(para)
5761
5981
msgid ""
5762
5982
"A namespace maps ids to resources. By not providing a container any id with "
5763
5983
"which to reference a resource, the resource can be protected. This is the "
5768
5988
"host."
5769
5989
msgstr ""
5770
5990
5771
#: serverguide/C/virtualization.xml:2639(para)
5991
#: serverguide/C/virtualization.xml:2707(para)
5772
5992
msgid ""
5773
5993
"By default, LXC containers are started under a Apparmor policy to restrict "
5774
5994
"some actions. The details of AppArmor integration with lxc are in section "
5779
5999
"host."
5780
6000
msgstr ""
5781
6001
5782
#: serverguide/C/virtualization.xml:2650(title)
6002
#: serverguide/C/virtualization.xml:2718(title)
5783
6003
msgid "Exploitable system calls"
5784
6004
msgstr ""
5785
6005
5786
#: serverguide/C/virtualization.xml:2652(para)
6006
#: serverguide/C/virtualization.xml:2720(para)
5787
6007
msgid ""
5788
6008
"It is a core container feature that containers share a kernel with the host. "
5789
6009
"Therefore if the kernel contains any exploitable system calls the container "
5791
6011
"fully control any resource known to the host."
5792
6012
msgstr ""
5793
6013
5794
#: serverguide/C/virtualization.xml:2658(para)
6014
#: serverguide/C/virtualization.xml:2726(para)
5795
6015
msgid ""
5796
6016
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
5797
6017
"seccomp filter. Seccomp is a new kernel feature which filters the system "
5803
6023
"by a list of numbers, one per line."
5804
6024
msgstr ""
5805
6025
5806
#: serverguide/C/virtualization.xml:2668(para)
6026
#: serverguide/C/virtualization.xml:2736(para)
5807
6027
msgid ""
5808
6028
"In general to run a full distribution container a large number of system "
5809
6029
"calls will be needed. However for application containers it may be possible "
5815
6035
"loaded."
5816
6036
msgstr ""
5817
6037
5818
#: serverguide/C/virtualization.xml:2684(para)
6038
#: serverguide/C/virtualization.xml:2752(para)
5819
6039
msgid ""
5820
6040
"The DeveloperWorks article <ulink "
5821
6041
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
5823
6043
"to the use of containers."
5824
6044
msgstr ""
5825
6045
5826
#: serverguide/C/virtualization.xml:2691(para)
6046
#: serverguide/C/virtualization.xml:2759(para)
5827
6047
msgid ""
5828
6048
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
5829
6049
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
5830
6050
"use of security modules to make containers more secure."
5831
6051
msgstr ""
5832
6052
5833
#: serverguide/C/virtualization.xml:2698(para) serverguide/C/cgroups.xml:202(para)
6053
#: serverguide/C/virtualization.xml:2766(para) serverguide/C/cgroups.xml:202(para)
5834
6054
msgid "Manual pages referenced above can be found at:"
5835
6055
msgstr ""
5836
6056
5837
#: serverguide/C/virtualization.xml:2700(ulink)
6057
#: serverguide/C/virtualization.xml:2768(ulink)
5838
6058
msgid "capabilities"
5839
6059
msgstr ""
5840
6060
5841
#: serverguide/C/virtualization.xml:2701(ulink)
6061
#: serverguide/C/virtualization.xml:2769(ulink)
5842
6062
msgid "lxc.conf"
5843
6063
msgstr ""
5844
6064
5845
#: serverguide/C/virtualization.xml:2706(para)
6065
#: serverguide/C/virtualization.xml:2774(para)
5846
6066
msgid ""
5847
6067
"The upstream LXC project is hosted at <ulink "
5848
6068
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
5849
6069
msgstr ""
5850
6070
5851
#: serverguide/C/virtualization.xml:2711(para)
6071
#: serverguide/C/virtualization.xml:2779(para)
5852
6072
msgid ""
5853
6073
"LXC security issues are listed and discussed at <ulink "
5854
6074
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
5855
6075
msgstr ""
5856
6076
5857
#: serverguide/C/virtualization.xml:2717(para)
6077
#: serverguide/C/virtualization.xml:2785(para)
5858
6078
msgid ""
5859
6079
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
5860
6080
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
6411
6631
"service with the following command"
6412
6632
msgstr ""
6413
6633
6414
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:508(command)
6634
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:360(command)
6415
6635
msgid "sudo systemctl reload apache2.service"
6416
6636
msgstr ""
6417
6637
6708
6928
#: serverguide/C/serverguide.xml:11(para)
6709
6929
msgid ""
6710
6930
"A copy of the license is available here: <ulink "
6711
"url=\"http://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6931
"url=\"https://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6712
6932
"ShareAlike License</ulink>."
6713
6933
msgstr ""
6714
6934
9274
9494
msgid ""
9275
9495
"The main Samba configuration file is located in "
9276
9496
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
9277
"a significant amount of comments in order to document various configuration "
9497
"a significant number of comments in order to document various configuration "
9278
9498
"directives."
9279
9499
msgstr ""
9280
9500
9401
9621
"new configuration:"
9402
9622
msgstr ""
9403
9623
9404
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4113(command)
9624
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2525(command) serverguide/C/network-auth.xml:4106(command)
9405
9625
msgid "sudo systemctl restart smbd.service nmbd.service"
9406
9626
msgstr ""
9407
9627
14732
14952
14733
14953
#: serverguide/C/network-config.xml:1418(para)
14734
14954
msgid ""
14735
"The package dpdk provides init scripts that ease configuration of device "
14736
"assignment and huge pages. It also makes them persistent accross reboots."
14955
"The package <emphasis>dpdk</emphasis> provides init scripts that ease "
14956
"configuration of device assignment and huge pages. It also makes them "
14957
"persistent accross reboots."
14737
14958
msgstr ""
14738
14959
14739
14960
#: serverguide/C/network-config.xml:1422(para)
14751
14972
"# <id> Device ID on the specified bus\n"
14752
14973
"# <driver> Driver to bind against (vfio-pci or uio_pci_generic)\n"
14753
14974
"#\n"
14754
"# Be aware that the two dpdk compatible drivers uio_pci_generic and vfio-pci "
14755
"are \n"
14975
"# Be aware that the two DPDK compatible drivers uio_pci_generic and vfio-pci "
14976
"are\n"
14756
14977
"# part of linux-image-extra-<VERSION> package.\n"
14757
14978
"# This package is not always installed by default - for example in cloud-"
14758
"images. \n"
14979
"images.\n"
14759
14980
"# So please install it in case you run into missing module issues.\n"
14760
14981
"#\n"
14761
14982
"# <bus> <id> <driver>\n"
14814
15035
14815
15036
#: serverguide/C/network-config.xml:1471(para)
14816
15037
msgid ""
14817
"The dpdk package has a config file and scripts that try to ease hugepage "
14818
"configuration for dpdk in the form of /etc/dpdk/dpdk.conf. If you have more "
14819
"consumers of hugepages than dpdk in your system or very special requirements "
14820
"how your hugepages are going to be set up you likely want to "
14821
"allocate/control them by yourself. If not this can be a great simplification "
14822
"to get dpdk to run for yourself."
15038
"The <emphasis>dpdk</emphasis> package has a config file and scripts that try "
15039
"to ease hugepage configuration for DPDK in the form of "
15040
"<emphasis>/etc/dpdk/dpdk.conf</emphasis>. If you have more consumers of "
15041
"hugepages than just DPDK in your system or very special requirements how "
15042
"your hugepages are going to be set up you likely want to allocate/control "
15043
"them by yourself. If not this can be a great simplification to get DPDK "
15044
"configured for your needs."
14823
15045
msgstr ""
14824
15046
14825
15047
#: serverguide/C/network-config.xml:1476(para)
14867
15089
14868
15090
#: serverguide/C/network-config.xml:1501(para)
14869
15091
msgid ""
14870
"You will often find guides that tell you to fetch the dpdk sources, build "
14871
"them to your needs and eventually build your application based on dpdk by "
15092
"You will often find guides that tell you to fetch the DPDK sources, build "
15093
"them to your needs and eventually build your application based on DPDK by "
14872
15094
"setting values RTE_* for the build system. Since Ubunutu provides an already "
14873
15095
"compiled DPDK for you can can skip all that. To simplify setting the proper "
14874
15096
"variables you can source the file /usr/share/dpdk/dpdk-sdk-env.sh before "
14889
15111
#: serverguide/C/network-config.xml:1512(para)
14890
15112
msgid ""
14891
15113
"Depending on what you build it might be a good addition to install all of "
14892
"dpdk build dependencies before the make."
15114
"DPDK build dependencies before the make."
14893
15115
msgstr ""
14894
15116
14895
15117
#: serverguide/C/network-config.xml:1515(programlisting)
14939
15161
14940
15162
#: serverguide/C/network-config.xml:1538(para)
14941
15163
msgid ""
14942
"The section ''--vhost-owner libvirt-qemu:kvm --vhost-perm 0664'' will set "
14943
"vhost_user ports up with owner/permissions to be compatible with Ubuntus way "
14944
"of running qemu-kvm/libvirt with reduced privileges for more security."
15164
"The section <emphasis>--vhost-owner libvirt-qemu:kvm --vhost-perm "
15165
"0664</emphasis> will set vhost_user ports up with owner/permissions to be "
15166
"compatible with Ubuntus way of running qemu-kvm/libvirt with reduced "
15167
"privileges for more security."
14945
15168
msgstr ""
14946
15169
14947
15170
#: serverguide/C/network-config.xml:1541(para)
14948
15171
msgid ""
15172
"Please note that the section <emphasis>-m 2048</emphasis> is the most basic "
15173
"numa setup for a single socket system. If you have multiple sockets you "
15174
"might want to define how to split your memory among them, for example "
15175
"<emphasis>-m 1024, 1024</emphasis>. Please be aware that DPDK will try to "
15176
"work only with local memory to the network cards it works with (for "
15177
"performance reasons). That said if you have multiple nodes, but all network "
15178
"cards on one, you should consider spreading your cards. If not at least "
15179
"allocate your memory to the node where the cards reside, for example in a "
15180
"two node all to node #2: <emphasis>-m 0, 2048</emphasis>. You can use the "
15181
"tool <emphasis>lstopo</emphasis> from the package <emphasis>hwloc-"
15182
"nox</emphasis> to see on which socket your cards are located."
15183
msgstr ""
15184
15185
#: serverguide/C/network-config.xml:1549(para)
15186
msgid ""
14949
15187
"The OpenVswitch you now started supports all port types OpenVswitch usually "
14950
15188
"does, plus DPDK port types. Here an example how to create a bridge and - "
14951
15189
"instead of a normal external port - add an external DPDK port to it."
14952
15190
msgstr ""
14953
15191
14954
#: serverguide/C/network-config.xml:1545(programlisting)
15192
#: serverguide/C/network-config.xml:1553(programlisting)
14955
15193
#, no-wrap
14956
15194
msgid ""
14957
15195
"\n"
14960
15198
"\t\t "
14961
15199
msgstr ""
14962
15200
14963
#: serverguide/C/network-config.xml:1552(title)
15201
#: serverguide/C/network-config.xml:1558(para)
15202
msgid ""
15203
"The enablement of DPDK in Open vSwitch has changed in version 2.6. So for "
15204
"users of releases >=16.10, but also for users of the <ulink "
15205
"url=\"https://wiki.ubuntu.com/OpenStack/CloudArchive\">Ubuntu Cloud "
15206
"Archive</ulink> >=neutron the enablement has changed compared to that for "
15207
"users of Ubuntu 16.04. The options formerly passed via "
15208
"<emphasis>DPDK_OPTS</emphasis> are now configured via ovs-vsctl into the "
15209
"Open vSwitch configuration database."
15210
msgstr ""
15211
15212
#: serverguide/C/network-config.xml:1563(para)
15213
msgid "The same example as above would in the new way look like:"
15214
msgstr ""
15215
15216
#: serverguide/C/network-config.xml:1566(programlisting)
15217
#, no-wrap
15218
msgid ""
15219
"\n"
15220
"# Enable DPDK\n"
15221
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-init=true\"\n"
15222
"# run on core 0\n"
15223
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-lcore-mask=0x1\"\n"
15224
"# Allocate 2G huge pages (not Numa node aware)\n"
15225
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-alloc-mem=2048\"\n"
15226
"# group/permissions for vhost-user sockets (required to work with "
15227
"libvirt/qemu)\n"
15228
"ovs-vsctl set Open_vSwitch . \\\n"
15229
" \"other_config:dpdk-extra=--vhost-owner libvirt-qemu:kvm --vhost-perm "
15230
"0666\"\n"
15231
"\t\t "
15232
msgstr ""
15233
15234
#: serverguide/C/network-config.xml:1581(filename)
15235
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK.md.gz"
15236
msgstr ""
15237
15238
#: serverguide/C/network-config.xml:1582(filename)
15239
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK-ADVANCED.md.gz"
15240
msgstr ""
15241
15242
#: serverguide/C/network-config.xml:1583(command)
15243
msgid "man ovs-vswitchd.conf.db"
15244
msgstr ""
15245
15246
#: serverguide/C/network-config.xml:1577(para)
15247
msgid ""
15248
"Please see the associated upstream documentation and the man page of the "
15249
"vswitch configuration as provided by the package for more details: "
15250
"<placeholder-1/>"
15251
msgstr ""
15252
15253
#: serverguide/C/network-config.xml:1590(title)
14964
15254
msgid "OpenVswitch DPDK to KVM Guests"
14965
15255
msgstr ""
14966
15256
14967
#: serverguide/C/network-config.xml:1553(para)
15257
#: serverguide/C/network-config.xml:1591(para)
14968
15258
msgid ""
14969
15259
"If you are not building some sort of SDN switch or NFV on top of DPDK it is "
14970
15260
"very likely that you want to forward traffic to KVM guests. The good news "
14974
15264
"DPDK instance."
14975
15265
msgstr ""
14976
15266
14977
#: serverguide/C/network-config.xml:1558(para)
15267
#: serverguide/C/network-config.xml:1596(para)
14978
15268
msgid ""
14979
15269
"The Guest has to be backed by shared hugepages for DPDK/vhost_user to work. "
14980
15270
"To ensure in general that libvirt/qemu-kvm finds a proper hugepage "
14982
15272
"Afterwards restart the service to pick up the changed configuration."
14983
15273
msgstr ""
14984
15274
14985
#: serverguide/C/network-config.xml:1563(programlisting)
15275
#: serverguide/C/network-config.xml:1601(programlisting)
14986
15276
#, no-wrap
14987
15277
msgid ""
14988
15278
"\n"
14991
15281
"\t\t "
14992
15282
msgstr ""
14993
15283
14994
#: serverguide/C/network-config.xml:1567(para)
15284
#: serverguide/C/network-config.xml:1605(para)
14995
15285
msgid ""
14996
15286
"To let a guest be backed by hugepages is now also supported via recent "
14997
15287
"libvirt, just add the following snippet to your virsh xml (or the equivalent "
14999
15289
"easily spawn guests with \"uvt-kvm create\"."
15000
15290
msgstr ""
15001
15291
15002
#: serverguide/C/network-config.xml:1571(programlisting)
15292
#: serverguide/C/network-config.xml:1609(programlisting)
15003
15293
#, no-wrap
15004
15294
msgid ""
15005
15295
"\n"
15014
15304
"\t\t "
15015
15305
msgstr ""
15016
15306
15017
#: serverguide/C/network-config.xml:1580(para)
15307
#: serverguide/C/network-config.xml:1618(para)
15018
15308
msgid ""
15019
15309
"The new and recommended way to get to a KVM guest is using vhost_user. This "
15020
15310
"will cause DPDK to create a socket that qemu will connect the guest to. Here "
15021
15311
"an example how to add such a port to the bridge you created (see above)."
15022
15312
msgstr ""
15023
15313
15024
#: serverguide/C/network-config.xml:1585(programlisting)
15314
#: serverguide/C/network-config.xml:1623(programlisting)
15025
15315
#, no-wrap
15026
15316
msgid ""
15027
15317
"\n"
15030
15320
"\t\t "
15031
15321
msgstr ""
15032
15322
15033
#: serverguide/C/network-config.xml:1588(para)
15323
#: serverguide/C/network-config.xml:1626(para)
15034
15324
msgid ""
15035
15325
"This will create a vhost_user socket at /var/run/openvswitch/vhost-user-1"
15036
15326
msgstr ""
15037
15327
15038
#: serverguide/C/network-config.xml:1591(para)
15328
#: serverguide/C/network-config.xml:1629(para)
15039
15329
msgid ""
15040
15330
"To let libvirt/kvm consume this socket and create a guest virtio network "
15041
15331
"device for it add a snippet like this to your guest definition as the "
15042
15332
"network definition."
15043
15333
msgstr ""
15044
15334
15045
#: serverguide/C/network-config.xml:1594(programlisting)
15335
#: serverguide/C/network-config.xml:1632(programlisting)
15046
15336
#, no-wrap
15047
15337
msgid ""
15048
15338
"\n"
15055
15345
"\t\t "
15056
15346
msgstr ""
15057
15347
15058
#: serverguide/C/network-config.xml:1605(title)
15348
#: serverguide/C/network-config.xml:1643(title)
15059
15349
msgid "DPDK in KVM Guests"
15060
15350
msgstr ""
15061
15351
15062
#: serverguide/C/network-config.xml:1606(para)
15352
#: serverguide/C/network-config.xml:1644(para)
15063
15353
msgid ""
15064
15354
"If you have no access to DPDK supported network cards you can still work "
15065
15355
"with DPDK by using its support for virtio. To do so you have to create "
15066
15356
"guests backed by hugepages (see above)."
15067
15357
msgstr ""
15068
15358
15069
#: serverguide/C/network-config.xml:1610(para)
15359
#: serverguide/C/network-config.xml:1648(para)
15070
15360
msgid ""
15071
15361
"On top of that there it is required to have at least SSE3. The default CPU "
15072
15362
"model qemu/libvirt uses is only up to SSE2. So you will have to define a "
15075
15365
"virsh xml (or the equivalent virsh interface you use)."
15076
15366
msgstr ""
15077
15367
15078
#: serverguide/C/network-config.xml:1616(programlisting)
15368
#: serverguide/C/network-config.xml:1654(programlisting)
15079
15369
#, no-wrap
15080
15370
msgid ""
15081
15371
"\n"
15083
15373
"\t\t "
15084
15374
msgstr ""
15085
15375
15086
#: serverguide/C/network-config.xml:1619(para)
15376
#: serverguide/C/network-config.xml:1657(para)
15087
15377
msgid ""
15088
15378
"This example is rather offensive and passes all host features. That in turn "
15089
15379
"makes the guest not very migratable as the target would need all the "
15091
15381
"like the following example."
15092
15382
msgstr ""
15093
15383
15094
#: serverguide/C/network-config.xml:1624(programlisting)
15384
#: serverguide/C/network-config.xml:1662(programlisting)
15095
15385
#, no-wrap
15096
15386
msgid ""
15097
15387
"\n"
15102
15392
"\t\t "
15103
15393
msgstr ""
15104
15394
15105
#: serverguide/C/network-config.xml:1630(para)
15395
#: serverguide/C/network-config.xml:1668(para)
15106
15396
msgid ""
15107
15397
"Also virtio nowadays supports multiqueue which DPDK in turn can exploit for "
15108
15398
"better speed. To modify a normal virtio definition to have multiple queues "
15111
15401
"DPDK in the guest."
15112
15402
msgstr ""
15113
15403
15114
#: serverguide/C/network-config.xml:1635(programlisting)
15404
#: serverguide/C/network-config.xml:1673(programlisting)
15115
15405
#, no-wrap
15116
15406
msgid ""
15117
15407
"\n"
15119
15409
"\t\t "
15120
15410
msgstr ""
15121
15411
15122
#: serverguide/C/network-config.xml:1641(title)
15412
#: serverguide/C/network-config.xml:1679(title)
15123
15413
msgid "Tuning Openvswitch-DPDK"
15124
15414
msgstr ""
15125
15415
15126
#: serverguide/C/network-config.xml:1642(para)
15416
#: serverguide/C/network-config.xml:1680(para)
15127
15417
msgid ""
15128
15418
"DPDK has plenty of options - in combination with Openvswitch-DPDK the two "
15129
15419
"most commonly used are:"
15130
15420
msgstr ""
15131
15421
15132
#: serverguide/C/network-config.xml:1645(programlisting)
15422
#: serverguide/C/network-config.xml:1683(programlisting)
15133
15423
#, no-wrap
15134
15424
msgid ""
15135
15425
"\n"
15138
15428
"\t\t "
15139
15429
msgstr ""
15140
15430
15141
#: serverguide/C/network-config.xml:1649(para)
15431
#: serverguide/C/network-config.xml:1687(para)
15142
15432
msgid ""
15143
15433
"The first select how many rx queues are to be used for each DPDK interface, "
15144
15434
"while the second controls how many and where to run PMD threads. The example "
15147
15437
"installation\" at the end of this document for more."
15148
15438
msgstr ""
15149
15439
15150
#: serverguide/C/network-config.xml:1654(para)
15440
#: serverguide/C/network-config.xml:1692(para)
15151
15441
msgid ""
15152
15442
"As usual with tunings you have to know your system and workload really well -"
15153
15443
" so please verify any tunings with workloads matching your real use case."
15154
15444
msgstr ""
15155
15445
15156
#: serverguide/C/network-config.xml:1661(para)
15446
#: serverguide/C/network-config.xml:1699(para)
15157
15447
msgid ""
15158
15448
"DPDK is a fast evolving project. In any case of a search for support and "
15159
15449
"further guides it is highly recommended to first check if they apply to the "
15160
15450
"current version."
15161
15451
msgstr ""
15162
15452
15163
#: serverguide/C/network-config.xml:1668(ulink)
15453
#: serverguide/C/network-config.xml:1707(ulink)
15164
15454
msgid "DPDK Mailing Lists"
15165
15455
msgstr ""
15166
15456
15167
#: serverguide/C/network-config.xml:1672(para)
15457
#: serverguide/C/network-config.xml:1711(para)
15168
15458
msgid ""
15169
15459
"For OpenVswitch-DPDK <ulink url=\"http://openvswitch.org/mlists\">OpenStack "
15170
15460
"Mailing Lists</ulink>"
15171
15461
msgstr ""
15172
15462
15173
#: serverguide/C/network-config.xml:1677(para)
15463
#: serverguide/C/network-config.xml:1716(para)
15174
15464
msgid ""
15175
15465
"Known issues in <ulink "
15176
15466
"url=\"https://bugs.launchpad.net/ubuntu/+source/dpdk\">DPDK Launchpad "
15177
15467
"Area</ulink>"
15178
15468
msgstr ""
15179
15469
15180
#: serverguide/C/network-config.xml:1682(para)
15470
#: serverguide/C/network-config.xml:1721(para)
15181
15471
msgid "Join the IRC channels #DPDK or #openvswitch on freenode."
15182
15472
msgstr ""
15183
15473
15184
#: serverguide/C/network-config.xml:1696(ulink)
15474
#: serverguide/C/network-config.xml:1727(para)
15475
msgid ""
15476
"Issues are often due to missing small details in the general setup. Later "
15477
"on, these missing details cause problems which can be hard to track down to "
15478
"their root cause. A common case seems to be the \"could not open network "
15479
"device dpdk0 (No such device)\" issue. This occurs rather late when setting "
15480
"up a port in Open vSwitch with DPDK. But the root cause most of the time is "
15481
"very early in the setup and initialization. Here an example how a proper "
15482
"initialization of a device looks - this can be found in the syslog/journal "
15483
"when starting Open vSwitch with DPDK enabled."
15484
msgstr ""
15485
15486
#: serverguide/C/network-config.xml:1738(programlisting)
15487
#, no-wrap
15488
msgid ""
15489
"\n"
15490
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15491
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15492
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
15493
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
15494
"\t\t "
15495
msgstr ""
15496
15497
#: serverguide/C/network-config.xml:1745(para)
15498
msgid ""
15499
"If this is missing, either by ignored cards, failed initialization or other "
15500
"reasons, later on there will be no DPDK device to refer to. Unfortunately "
15501
"the logging is spread across syslog/journal and the openvswitch log. To "
15502
"allow some cross checking here an example what can be found in these logs, "
15503
"relative to the entered command."
15504
msgstr ""
15505
15506
#: serverguide/C/network-config.xml:1753(programlisting)
15507
#, no-wrap
15508
msgid ""
15509
"\n"
15510
"#Note: This log was taken with dpdk 2.2 and openvswitch 2.5\n"
15511
"Captions:\n"
15512
"CMD: that you enter\n"
15513
"SYSLOG: (Inlcuding EAL and OVS Messages)\n"
15514
"OVS-LOG: (Openvswitch messages)\n"
15515
"\n"
15516
"#PREPARATION\n"
15517
"Bind an interface to DPDK UIO drivers, make Hugepages available, enable DPDK "
15518
"on OVS\n"
15519
"\n"
15520
"CMD: sudo service openvswitch-switch restart\n"
15521
"\n"
15522
"SYSLOG:\n"
15523
"2016-01-22T08:58:31.372Z|00003|daemon_unix(monitor)|INFO|pid 3329 died, "
15524
"killed (Terminated), exiting\n"
15525
"2016-01-22T08:58:33.377Z|00002|vlog|INFO|opened log file "
15526
"/var/log/openvswitch/ovs-vswitchd.log\n"
15527
"2016-01-22T08:58:33.381Z|00003|ovs_numa|INFO|Discovered 12 CPU cores on NUMA "
15528
"node 0\n"
15529
"2016-01-22T08:58:33.381Z|00004|ovs_numa|INFO|Discovered 1 NUMA nodes and 12 "
15530
"CPU cores\n"
15531
"2016-01-"
15532
"22T08:58:33.381Z|00005|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15533
"connecting...\n"
15534
"2016-01-"
15535
"22T08:58:33.383Z|00006|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15536
"connected\n"
15537
"2016-01-22T08:58:33.386Z|00007|bridge|INFO|ovs-vswitchd (Open vSwitch) "
15538
"2.5.0\n"
15539
"\n"
15540
"OVS-LOG:\n"
15541
"systemd[1]: Stopping Open vSwitch...\n"
15542
"systemd[1]: Stopped Open vSwitch.\n"
15543
"systemd[1]: Stopping Open vSwitch Internal Unit...\n"
15544
"ovs-ctl[3541]: * Killing ovs-vswitchd (3329)\n"
15545
"ovs-ctl[3541]: * Killing ovsdb-server (3318)\n"
15546
"systemd[1]: Stopped Open vSwitch Internal Unit.\n"
15547
"systemd[1]: Starting Open vSwitch Internal Unit...\n"
15548
"ovs-ctl[3560]: * Starting ovsdb-server\n"
15549
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait -- init -- set "
15550
"Open_vSwitch . db-version=7.12.1\n"
15551
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait set "
15552
"Open_vSwitch . ovs-version=2.5.0 \"external-ids:system-id=\\\"e7c5ba80-bb14-"
15553
"45c1-b8eb-628f3ad03903\\\"\" \"system-type=\\\"Ubuntu\\\"\" \"system-"
15554
"version=\\\"16.04-xenial\\\"\"\n"
15555
"ovs-ctl[3560]: * Configuring Open vSwitch system IDs\n"
15556
"ovs-ctl[3560]: 2016-01-22T08:58:31Z|00001|dpdk|INFO|No -vhost_sock_dir "
15557
"provided - defaulting to /var/run/openvswitch\n"
15558
"ovs-vswitchd: ovs|00001|dpdk|INFO|No -vhost_sock_dir provided - defaulting "
15559
"to /var/run/openvswitch\n"
15560
"ovs-ctl[3560]: EAL: Detected lcore 0 as core 0 on socket 0\n"
15561
"ovs-ctl[3560]: EAL: Detected lcore 1 as core 1 on socket 0\n"
15562
"ovs-ctl[3560]: EAL: Detected lcore 2 as core 2 on socket 0\n"
15563
"ovs-ctl[3560]: EAL: Detected lcore 3 as core 3 on socket 0\n"
15564
"ovs-ctl[3560]: EAL: Detected lcore 4 as core 4 on socket 0\n"
15565
"ovs-ctl[3560]: EAL: Detected lcore 5 as core 5 on socket 0\n"
15566
"ovs-ctl[3560]: EAL: Detected lcore 6 as core 0 on socket 0\n"
15567
"ovs-ctl[3560]: EAL: Detected lcore 7 as core 1 on socket 0\n"
15568
"ovs-ctl[3560]: EAL: Detected lcore 8 as core 2 on socket 0\n"
15569
"ovs-ctl[3560]: EAL: Detected lcore 9 as core 3 on socket 0\n"
15570
"ovs-ctl[3560]: EAL: Detected lcore 10 as core 4 on socket 0\n"
15571
"ovs-ctl[3560]: EAL: Detected lcore 11 as core 5 on socket 0\n"
15572
"ovs-ctl[3560]: EAL: Support maximum 128 logical core(s) by configuration.\n"
15573
"ovs-ctl[3560]: EAL: Detected 12 lcore(s)\n"
15574
"ovs-ctl[3560]: EAL: VFIO modules not all loaded, skip VFIO support...\n"
15575
"ovs-ctl[3560]: EAL: Setting up physically contiguous memory...\n"
15576
"ovs-ctl[3560]: EAL: Ask a virtual area of 0x100000000 bytes\n"
15577
"ovs-ctl[3560]: EAL: Virtual area found at 0x7f2040000000 (size = "
15578
"0x100000000)\n"
15579
"ovs-ctl[3560]: EAL: Requesting 4 pages of size 1024MB from socket 0\n"
15580
"ovs-ctl[3560]: EAL: TSC frequency is ~2397202 KHz\n"
15581
"ovs-vswitchd[3592]: EAL: TSC frequency is ~2397202 KHz\n"
15582
"ovs-vswitchd[3592]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
15583
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
15584
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15585
"ovs-vswitchd[3592]: EAL: Not managed by a supported kernel driver, "
15586
"skipped\n"
15587
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15588
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15589
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140000000\n"
15590
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140200000\n"
15591
"ovs-ctl[3560]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
15592
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
15593
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15594
"ovs-ctl[3560]: EAL: Not managed by a supported kernel driver, skipped\n"
15595
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15596
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15597
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
15598
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
15599
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
15600
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
15601
"deviceID=0x1528\n"
15602
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
15603
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
15604
"deviceID=0x1528\n"
15605
"ovs-ctl[3560]: Zone 0: name:<RG_MP_log_history>, phys:0x83fffdec0, "
15606
"len:0x2080, virt:0x7f213fffdec0, socket_id:0, flags:0\n"
15607
"ovs-ctl[3560]: Zone 1: name:<MP_log_history>, phys:0x83fd73d40, "
15608
"len:0x28a0c0, virt:0x7f213fd73d40, socket_id:0, flags:0\n"
15609
"ovs-ctl[3560]: Zone 2: name:<rte_eth_dev_data>, phys:0x83fd43380, "
15610
"len:0x2f700, virt:0x7f213fd43380, socket_id:0, flags:0\n"
15611
"ovs-ctl[3560]: * Starting ovs-vswitchd\n"
15612
"ovs-ctl[3560]: * Enabling remote OVSDB managers\n"
15613
"systemd[1]: Started Open vSwitch Internal Unit.\n"
15614
"systemd[1]: Starting Open vSwitch...\n"
15615
"systemd[1]: Started Open vSwitch.\n"
15616
"\n"
15617
"\n"
15618
"CMD: sudo ovs-vsctl add-br ovsdpdkbr0 -- set bridge ovsdpdkbr0 "
15619
"datapath_type=netdev\n"
15620
"\n"
15621
"SYSLOG:\n"
15622
"2016-01-22T08:58:56.344Z|00008|memory|INFO|37256 kB peak resident set size "
15623
"after 24.5 seconds\n"
15624
"2016-01-22T08:58:56.346Z|00009|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15625
"supports recirculation\n"
15626
"2016-01-22T08:58:56.346Z|00010|ofproto_dpif|INFO|netdev@ovs-netdev: MPLS "
15627
"label stack length probed as 3\n"
15628
"2016-01-22T08:58:56.346Z|00011|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15629
"supports unique flow ids\n"
15630
"2016-01-22T08:58:56.346Z|00012|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15631
"does not support ct_state\n"
15632
"2016-01-22T08:58:56.346Z|00013|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15633
"does not support ct_zone\n"
15634
"2016-01-22T08:58:56.346Z|00014|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15635
"does not support ct_mark\n"
15636
"2016-01-22T08:58:56.346Z|00015|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15637
"does not support ct_label\n"
15638
"2016-01-22T08:58:56.360Z|00016|bridge|INFO|bridge ovsdpdkbr0: added "
15639
"interface ovsdpdkbr0 on port 65534\n"
15640
"2016-01-22T08:58:56.361Z|00017|bridge|INFO|bridge ovsdpdkbr0: using datapath "
15641
"ID 00005a4a1ed0a14d\n"
15642
"2016-01-22T08:58:56.361Z|00018|connmgr|INFO|ovsdpdkbr0: added service "
15643
"controller \"punix:/var/run/openvswitch/ovsdpdkbr0.mgmt\"\n"
15644
"\n"
15645
"OVS-LOG:\n"
15646
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-br ovsdpdkbr0 -- set "
15647
"bridge ovsdpdkbr0 datapath_type=netdev\n"
15648
"systemd-udevd[3607]: Could not generate persistent MAC address for ovs-"
15649
"netdev: No such file or directory\n"
15650
"kernel: [50165.886554] device ovs-netdev entered promiscuous mode\n"
15651
"kernel: [50165.901261] device ovsdpdkbr0 entered promiscuous mode\n"
15652
"\n"
15653
"\n"
15654
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 dpdk0 -- set Interface dpdk0 "
15655
"type=dpdk\n"
15656
"\n"
15657
"SYSLOG:\n"
15658
"2016-01-22T08:59:06.369Z|00019|memory|INFO|peak resident set size grew 155% "
15659
"in last 10.0 seconds, from 37256 kB to 95008 kB\n"
15660
"2016-01-22T08:59:06.369Z|00020|memory|INFO|handlers:4 ports:1 revalidators:2 "
15661
"rules:5\n"
15662
"2016-01-22T08:59:30.989Z|00021|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
15663
"2016-01-22T08:59:31.520Z|00022|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
15664
"2016-01-22T08:59:31.521Z|00023|dpif_netdev|INFO|Created 1 pmd threads on "
15665
"numa node 0\n"
15666
"2016-01-22T08:59:31.522Z|00001|dpif_netdev(pmd16)|INFO|Core 0 processing "
15667
"port 'dpdk0'\n"
15668
"2016-01-22T08:59:31.522Z|00024|bridge|INFO|bridge ovsdpdkbr0: added "
15669
"interface dpdk0 on port 1\n"
15670
"2016-01-22T08:59:31.522Z|00025|bridge|INFO|bridge ovsdpdkbr0: using datapath "
15671
"ID 00008cdcd4b36de9\n"
15672
"2016-01-22T08:59:31.523Z|00002|dpif_netdev(pmd16)|INFO|Core 0 processing "
15673
"port 'dpdk0'\n"
15674
"\n"
15675
"OVS-LOG:\n"
15676
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
15677
"dpdk0 -- set Interface dpdk0 type=dpdk\n"
15678
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
15679
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
15680
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15681
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15682
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
15683
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
15684
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
15685
"make sure RX burst size no less than 4 (port=0).\n"
15686
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
15687
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
15688
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15689
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15690
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a76e4c0 "
15691
"hw_ring=0x7f211a776500 dma_addr=0x81a776500\n"
15692
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15693
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15694
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a756440 "
15695
"hw_ring=0x7f211a75e480 dma_addr=0x81a75e480\n"
15696
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15697
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15698
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a73e3c0 "
15699
"hw_ring=0x7f211a746400 dma_addr=0x81a746400\n"
15700
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15701
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15702
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a726340 "
15703
"hw_ring=0x7f211a72e380 dma_addr=0x81a72e380\n"
15704
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15705
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15706
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a70e2c0 "
15707
"hw_ring=0x7f211a716300 dma_addr=0x81a716300\n"
15708
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15709
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15710
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6f6240 "
15711
"hw_ring=0x7f211a6fe280 dma_addr=0x81a6fe280\n"
15712
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15713
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15714
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6de1c0 "
15715
"hw_ring=0x7f211a6e6200 dma_addr=0x81a6e6200\n"
15716
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15717
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15718
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6c6140 "
15719
"hw_ring=0x7f211a6ce180 dma_addr=0x81a6ce180\n"
15720
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15721
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15722
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6ae0c0 "
15723
"hw_ring=0x7f211a6b6100 dma_addr=0x81a6b6100\n"
15724
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15725
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15726
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a696040 "
15727
"hw_ring=0x7f211a69e080 dma_addr=0x81a69e080\n"
15728
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15729
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15730
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a67dfc0 "
15731
"hw_ring=0x7f211a686000 dma_addr=0x81a686000\n"
15732
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15733
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15734
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a665e40 "
15735
"hw_ring=0x7f211a66de80 dma_addr=0x81a66de80\n"
15736
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15737
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15738
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
15739
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
15740
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
15741
"make sure RX burst size no less than 4 (port=0).\n"
15742
"\n"
15743
"\n"
15744
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 vhost-user-1 -- set Interface vhost-"
15745
"user-1 type=dpdkvhostuser\n"
15746
"\n"
15747
"OVS-LOG:\n"
15748
"2016-01-22T09:00:35.145Z|00026|dpdk|INFO|Socket /var/run/openvswitch/vhost-"
15749
"user-1 created for vhost-user port vhost-user-1\n"
15750
"2016-01-22T09:00:35.145Z|00003|dpif_netdev(pmd16)|INFO|Core 0 processing "
15751
"port 'dpdk0'\n"
15752
"2016-01-22T09:00:35.145Z|00004|dpif_netdev(pmd16)|INFO|Core 0 processing "
15753
"port 'vhost-user-1'\n"
15754
"2016-01-22T09:00:35.145Z|00027|bridge|INFO|bridge ovsdpdkbr0: added "
15755
"interface vhost-user-1 on port 2\n"
15756
"\n"
15757
"SYSLOG:\n"
15758
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
15759
"vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser\n"
15760
"ovs-vswitchd[3595]: VHOST_CONFIG: socket created, fd:46\n"
15761
"ovs-vswitchd[3595]: VHOST_CONFIG: bind to /var/run/openvswitch/vhost-user-1\n"
15762
"\n"
15763
"Eventually we can see the poll thread in top\n"
15764
" PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND\n"
15765
" 3595 root 10 -10 4975344 103936 9916 S 100.0 0.3 33:13.56 ovs-"
15766
"vswitchd\n"
15767
"\t\t "
15768
msgstr ""
15769
15770
#: serverguide/C/network-config.xml:1950(ulink)
15185
15771
msgid "DPDK Documentation"
15186
15772
msgstr ""
15187
15773
15188
#: serverguide/C/network-config.xml:1701(ulink)
15774
#: serverguide/C/network-config.xml:1955(ulink)
15189
15775
msgid "Release Notes matching the version packages in Ubuntu 16.04"
15190
15776
msgstr ""
15191
15777
15192
#: serverguide/C/network-config.xml:1706(ulink)
15778
#: serverguide/C/network-config.xml:1960(ulink)
15193
15779
msgid "Linux DPDK User Getting Started"
15194
15780
msgstr ""
15195
15781
15196
#: serverguide/C/network-config.xml:1711(ulink)
15782
#: serverguide/C/network-config.xml:1965(ulink)
15197
15783
msgid "EAL Command-line Options"
15198
15784
msgstr ""
15199
15785
15200
#: serverguide/C/network-config.xml:1716(ulink)
15786
#: serverguide/C/network-config.xml:1970(ulink)
15201
15787
msgid "DPDK Api Documentation"
15202
15788
msgstr ""
15203
15789
15204
#: serverguide/C/network-config.xml:1721(ulink)
15790
#: serverguide/C/network-config.xml:1975(ulink)
15205
15791
msgid "OpenVswitch DPDK installation"
15206
15792
msgstr ""
15207
15793
15208
#: serverguide/C/network-config.xml:1726(ulink)
15794
#: serverguide/C/network-config.xml:1980(ulink)
15209
15795
msgid "Wikipedias definition of DPDK"
15210
15796
msgstr ""
15211
15797
16221
16807
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
16222
16808
msgstr ""
16223
16809
16224
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3910(command)
16810
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3903(command)
16225
16811
msgid "sudo systemctl restart slapd.service"
16226
16812
msgstr ""
16227
16813
17710
18296
"specifically you want Samba to do for you and then configure it accordingly."
17711
18297
msgstr ""
17712
18298
17713
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3999(title)
18299
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3992(title)
17714
18300
msgid "Software Installation"
17715
18301
msgstr ""
17716
18302
17962
18548
#: serverguide/C/network-auth.xml:2454(para)
17963
18549
msgid ""
17964
18550
"Next, configure the <application>smbldap-tools</application> package to "
17965
"match your environment. The package is supposed to come with a configuration "
17966
"helper script (smbldap-config.pl, formerly configure.pl) that will ask "
17967
"questions about the needed options but there is a <ulink "
17968
"url=\"https://bugs.launchpad.net/serverguide/+bug/997172\">bug</ulink> "
17969
"whereby it is not installed (but found in the source code; 'apt source "
17970
"smbldap-tools')."
17971
msgstr ""
17972
17973
#: serverguide/C/network-auth.xml:2461(para)
17974
msgid ""
17975
"To manually configure the package, you need to create and edit the files "
17976
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
17977
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
17978
msgstr ""
17979
17980
#: serverguide/C/network-auth.xml:2466(para)
18551
"match your environment. The package comes with a configuration helper "
18552
"script, smbldap-config.pl, that will ask questions."
18553
msgstr ""
18554
18555
#: serverguide/C/network-auth.xml:2459(para)
17981
18556
msgid ""
17982
18557
"The <application>smbldap-populate</application> script will then add the "
17983
18558
"LDAP objects required for Samba. It is a good idea to first make a backup of "
17984
18559
"your DIT using <application>slapcat</application>:"
17985
18560
msgstr ""
17986
18561
17987
#: serverguide/C/network-auth.xml:2472(command)
18562
#: serverguide/C/network-auth.xml:2465(command)
17988
18563
msgid "sudo slapcat -l backup.ldif"
17989
18564
msgstr ""
17990
18565
17991
#: serverguide/C/network-auth.xml:2475(para)
18566
#: serverguide/C/network-auth.xml:2468(para)
17992
18567
msgid "Once you have a backup proceed to populate your directory:"
17993
18568
msgstr ""
17994
18569
17995
#: serverguide/C/network-auth.xml:2480(command)
18570
#: serverguide/C/network-auth.xml:2473(command)
17996
18571
msgid "sudo smbldap-populate"
17997
18572
msgstr ""
17998
18573
17999
#: serverguide/C/network-auth.xml:2483(para)
18574
#: serverguide/C/network-auth.xml:2476(para)
18000
18575
msgid ""
18001
18576
"You can create a LDIF file containing the new Samba objects by executing "
18002
18577
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
18005
18580
"and import its data per usual."
18006
18581
msgstr ""
18007
18582
18008
#: serverguide/C/network-auth.xml:2489(para)
18583
#: serverguide/C/network-auth.xml:2482(para)
18009
18584
msgid ""
18010
18585
"Your LDAP directory now has the necessary information to authenticate Samba "
18011
18586
"users."
18012
18587
msgstr ""
18013
18588
18014
#: serverguide/C/network-auth.xml:2498(title) serverguide/C/network-auth.xml:4031(title)
18589
#: serverguide/C/network-auth.xml:2491(title) serverguide/C/network-auth.xml:4024(title)
18015
18590
msgid "Samba Configuration"
18016
18591
msgstr ""
18017
18592
18018
#: serverguide/C/network-auth.xml:2500(para)
18593
#: serverguide/C/network-auth.xml:2493(para)
18019
18594
msgid ""
18020
18595
"There are multiple ways to configure Samba. For details on some common "
18021
18596
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
18024
18599
"adding some ldap-related ones:"
18025
18600
msgstr ""
18026
18601
18027
#: serverguide/C/network-auth.xml:2506(programlisting)
18602
#: serverguide/C/network-auth.xml:2499(programlisting)
18028
18603
#, no-wrap
18029
18604
msgid ""
18030
18605
"\n"
18044
18619
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
18045
18620
msgstr ""
18046
18621
18047
#: serverguide/C/network-auth.xml:2523(para)
18622
#: serverguide/C/network-auth.xml:2516(para)
18048
18623
msgid "Change the values to match your environment."
18049
18624
msgstr ""
18050
18625
18051
#: serverguide/C/network-auth.xml:2527(para)
18626
#: serverguide/C/network-auth.xml:2520(para)
18052
18627
msgid "Restart <application>samba</application> to enable the new settings:"
18053
18628
msgstr ""
18054
18629
18055
#: serverguide/C/network-auth.xml:2535(para)
18630
#: serverguide/C/network-auth.xml:2528(para)
18056
18631
msgid ""
18057
18632
"Now inform Samba about the rootDN user's password (the one set during the "
18058
18633
"installation of the slapd package):"
18059
18634
msgstr ""
18060
18635
18061
#: serverguide/C/network-auth.xml:2540(command)
18636
#: serverguide/C/network-auth.xml:2533(command)
18062
18637
msgid "sudo smbpasswd -w password"
18063
18638
msgstr ""
18064
18639
18065
#: serverguide/C/network-auth.xml:2543(para)
18640
#: serverguide/C/network-auth.xml:2536(para)
18066
18641
msgid ""
18067
18642
"If you have existing LDAP users that you want to include in your new LDAP-"
18068
18643
"backed Samba they will, of course, also need to be given some of the extra "
18072
18647
"<application>libnss-ldap</application>):"
18073
18648
msgstr ""
18074
18649
18075
#: serverguide/C/network-auth.xml:2551(command)
18650
#: serverguide/C/network-auth.xml:2544(command)
18076
18651
msgid "sudo smbpasswd -a username"
18077
18652
msgstr ""
18078
18653
18079
#: serverguide/C/network-auth.xml:2554(para)
18654
#: serverguide/C/network-auth.xml:2547(para)
18080
18655
msgid ""
18081
18656
"You will prompted to enter a password. It will be considered as the new "
18082
18657
"password for that user. Making it the same as before is reasonable."
18083
18658
msgstr ""
18084
18659
18085
#: serverguide/C/network-auth.xml:2558(para)
18660
#: serverguide/C/network-auth.xml:2551(para)
18086
18661
msgid ""
18087
18662
"To manage user, group, and machine accounts use the utilities provided by "
18088
18663
"the <application>smbldap-tools</application> package. Here are some examples:"
18089
18664
msgstr ""
18090
18665
18091
#: serverguide/C/network-auth.xml:2566(para)
18666
#: serverguide/C/network-auth.xml:2559(para)
18092
18667
msgid "To add a new user:"
18093
18668
msgstr ""
18094
18669
18095
#: serverguide/C/network-auth.xml:2571(command)
18670
#: serverguide/C/network-auth.xml:2564(command)
18096
18671
msgid "sudo smbldap-useradd -a -P username"
18097
18672
msgstr ""
18098
18673
18099
#: serverguide/C/network-auth.xml:2574(para)
18674
#: serverguide/C/network-auth.xml:2567(para)
18100
18675
msgid ""
18101
18676
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
18102
18677
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
18104
18679
"a password for the user."
18105
18680
msgstr ""
18106
18681
18107
#: serverguide/C/network-auth.xml:2581(para)
18682
#: serverguide/C/network-auth.xml:2574(para)
18108
18683
msgid "To remove a user:"
18109
18684
msgstr ""
18110
18685
18111
#: serverguide/C/network-auth.xml:2586(command)
18686
#: serverguide/C/network-auth.xml:2579(command)
18112
18687
msgid "sudo smbldap-userdel username"
18113
18688
msgstr ""
18114
18689
18115
#: serverguide/C/network-auth.xml:2589(para)
18690
#: serverguide/C/network-auth.xml:2582(para)
18116
18691
msgid ""
18117
18692
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
18118
18693
"user's home directory."
18119
18694
msgstr ""
18120
18695
18121
#: serverguide/C/network-auth.xml:2595(para)
18696
#: serverguide/C/network-auth.xml:2588(para)
18122
18697
msgid "To add a group:"
18123
18698
msgstr ""
18124
18699
18125
#: serverguide/C/network-auth.xml:2600(command)
18700
#: serverguide/C/network-auth.xml:2593(command)
18126
18701
msgid "sudo smbldap-groupadd -a groupname"
18127
18702
msgstr ""
18128
18703
18129
#: serverguide/C/network-auth.xml:2603(para)
18704
#: serverguide/C/network-auth.xml:2596(para)
18130
18705
msgid ""
18131
18706
"As for <application>smbldap-useradd</application>, the <emphasis>-"
18132
18707
"a</emphasis> adds the Samba attributes."
18133
18708
msgstr ""
18134
18709
18135
#: serverguide/C/network-auth.xml:2609(para)
18710
#: serverguide/C/network-auth.xml:2602(para)
18136
18711
msgid "To make an existing user a member of a group:"
18137
18712
msgstr ""
18138
18713
18139
#: serverguide/C/network-auth.xml:2614(command)
18714
#: serverguide/C/network-auth.xml:2607(command)
18140
18715
msgid "sudo smbldap-groupmod -m username groupname"
18141
18716
msgstr ""
18142
18717
18143
#: serverguide/C/network-auth.xml:2617(para)
18718
#: serverguide/C/network-auth.xml:2610(para)
18144
18719
msgid ""
18145
18720
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
18146
18721
"listing them in comma-separated format."
18147
18722
msgstr ""
18148
18723
18149
#: serverguide/C/network-auth.xml:2623(para)
18724
#: serverguide/C/network-auth.xml:2616(para)
18150
18725
msgid "To remove a user from a group:"
18151
18726
msgstr ""
18152
18727
18153
#: serverguide/C/network-auth.xml:2628(command)
18728
#: serverguide/C/network-auth.xml:2621(command)
18154
18729
msgid "sudo smbldap-groupmod -x username groupname"
18155
18730
msgstr ""
18156
18731
18157
#: serverguide/C/network-auth.xml:2634(para)
18732
#: serverguide/C/network-auth.xml:2627(para)
18158
18733
msgid "To add a Samba machine account:"
18159
18734
msgstr ""
18160
18735
18161
#: serverguide/C/network-auth.xml:2639(command)
18736
#: serverguide/C/network-auth.xml:2632(command)
18162
18737
msgid "sudo smbldap-useradd -t 0 -w username"
18163
18738
msgstr ""
18164
18739
18165
#: serverguide/C/network-auth.xml:2642(para)
18740
#: serverguide/C/network-auth.xml:2635(para)
18166
18741
msgid ""
18167
18742
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
18168
18743
"<emphasis>-t 0</emphasis> option creates the machine account without a "
18172
18747
"<application>smbldap-useradd</application>."
18173
18748
msgstr ""
18174
18749
18175
#: serverguide/C/network-auth.xml:2651(para)
18750
#: serverguide/C/network-auth.xml:2644(para)
18176
18751
msgid ""
18177
18752
"There are utilities in the <application>smbldap-tools</application> package "
18178
18753
"that were not covered here. Here is a complete list:"
18179
18754
msgstr ""
18180
18755
18181
#: serverguide/C/network-auth.xml:2656(ulink)
18756
#: serverguide/C/network-auth.xml:2649(ulink)
18182
18757
msgid "smbldap-groupadd"
18183
18758
msgstr ""
18184
18759
18185
#: serverguide/C/network-auth.xml:2657(ulink)
18760
#: serverguide/C/network-auth.xml:2650(ulink)
18186
18761
msgid "smbldap-groupdel"
18187
18762
msgstr ""
18188
18763
18189
#: serverguide/C/network-auth.xml:2658(ulink)
18764
#: serverguide/C/network-auth.xml:2651(ulink)
18190
18765
msgid "smbldap-groupmod"
18191
18766
msgstr ""
18192
18767
18193
#: serverguide/C/network-auth.xml:2659(ulink)
18768
#: serverguide/C/network-auth.xml:2652(ulink)
18194
18769
msgid "smbldap-groupshow"
18195
18770
msgstr ""
18196
18771
18197
#: serverguide/C/network-auth.xml:2660(ulink)
18772
#: serverguide/C/network-auth.xml:2653(ulink)
18198
18773
msgid "smbldap-passwd"
18199
18774
msgstr ""
18200
18775
18201
#: serverguide/C/network-auth.xml:2661(ulink)
18776
#: serverguide/C/network-auth.xml:2654(ulink)
18202
18777
msgid "smbldap-populate"
18203
18778
msgstr ""
18204
18779
18205
#: serverguide/C/network-auth.xml:2662(ulink)
18780
#: serverguide/C/network-auth.xml:2655(ulink)
18206
18781
msgid "smbldap-useradd"
18207
18782
msgstr ""
18208
18783
18209
#: serverguide/C/network-auth.xml:2663(ulink)
18784
#: serverguide/C/network-auth.xml:2656(ulink)
18210
18785
msgid "smbldap-userdel"
18211
18786
msgstr ""
18212
18787
18213
#: serverguide/C/network-auth.xml:2664(ulink)
18788
#: serverguide/C/network-auth.xml:2657(ulink)
18214
18789
msgid "smbldap-userinfo"
18215
18790
msgstr ""
18216
18791
18217
#: serverguide/C/network-auth.xml:2665(ulink)
18792
#: serverguide/C/network-auth.xml:2658(ulink)
18218
18793
msgid "smbldap-userlist"
18219
18794
msgstr ""
18220
18795
18221
#: serverguide/C/network-auth.xml:2666(ulink)
18796
#: serverguide/C/network-auth.xml:2659(ulink)
18222
18797
msgid "smbldap-usermod"
18223
18798
msgstr ""
18224
18799
18225
#: serverguide/C/network-auth.xml:2667(ulink)
18800
#: serverguide/C/network-auth.xml:2660(ulink)
18226
18801
msgid "smbldap-usershow"
18227
18802
msgstr ""
18228
18803
18229
#: serverguide/C/network-auth.xml:2678(para)
18804
#: serverguide/C/network-auth.xml:2671(para)
18230
18805
msgid ""
18231
18806
"For more information on installing and configuring Samba see <xref "
18232
18807
"linkend=\"samba\"/> of this Ubuntu Server Guide."
18233
18808
msgstr ""
18234
18809
18235
#: serverguide/C/network-auth.xml:2684(para)
18810
#: serverguide/C/network-auth.xml:2677(para)
18236
18811
msgid ""
18237
18812
"There are multiple places where LDAP and Samba is documented in the upstream "
18238
18813
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
18239
18814
"HOWTO Collection</ulink>."
18240
18815
msgstr ""
18241
18816
18242
#: serverguide/C/network-auth.xml:2691(para)
18817
#: serverguide/C/network-auth.xml:2684(para)
18243
18818
msgid ""
18244
18819
"Regarding the above, see specifically the <ulink "
18245
18820
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
18246
18821
"Collection/passdb.html\">passdb section</ulink>."
18247
18822
msgstr ""
18248
18823
18249
#: serverguide/C/network-auth.xml:2697(para)
18824
#: serverguide/C/network-auth.xml:2690(para)
18250
18825
msgid ""
18251
18826
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
18252
18827
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
18253
18828
"valuable notes."
18254
18829
msgstr ""
18255
18830
18256
#: serverguide/C/network-auth.xml:2703(para)
18831
#: serverguide/C/network-auth.xml:2696(para)
18257
18832
msgid ""
18258
18833
"The main page of the <ulink "
18259
18834
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
18261
18836
"prove useful."
18262
18837
msgstr ""
18263
18838
18264
#: serverguide/C/network-auth.xml:2716(title)
18839
#: serverguide/C/network-auth.xml:2709(title)
18265
18840
msgid "Kerberos"
18266
18841
msgstr ""
18267
18842
18268
#: serverguide/C/network-auth.xml:2718(para)
18843
#: serverguide/C/network-auth.xml:2711(para)
18269
18844
msgid ""
18270
18845
"<application>Kerberos</application> is a network authentication system based "
18271
18846
"on the principal of a trusted third party. The other two parties being the "
18274
18849
"network environment one step closer to being Single Sign On (SSO)."
18275
18850
msgstr ""
18276
18851
18277
#: serverguide/C/network-auth.xml:2724(para)
18852
#: serverguide/C/network-auth.xml:2717(para)
18278
18853
msgid ""
18279
18854
"This section covers installation and configuration of a Kerberos server, and "
18280
18855
"some example client configurations."
18281
18856
msgstr ""
18282
18857
18283
#: serverguide/C/network-auth.xml:2729(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
18858
#: serverguide/C/network-auth.xml:2722(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
18284
18859
msgid "Overview"
18285
18860
msgstr ""
18286
18861
18287
#: serverguide/C/network-auth.xml:2731(para)
18862
#: serverguide/C/network-auth.xml:2724(para)
18288
18863
msgid ""
18289
18864
"If you are new to Kerberos there are a few terms that are good to understand "
18290
18865
"before setting up a Kerberos server. Most of the terms will relate to things "
18291
18866
"you may be familiar with in other environments:"
18292
18867
msgstr ""
18293
18868
18294
#: serverguide/C/network-auth.xml:2738(para)
18869
#: serverguide/C/network-auth.xml:2731(para)
18295
18870
msgid ""
18296
18871
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
18297
18872
"by servers need to be defined as Kerberos Principals."
18298
18873
msgstr ""
18299
18874
18300
#: serverguide/C/network-auth.xml:2743(para)
18875
#: serverguide/C/network-auth.xml:2736(para)
18301
18876
msgid ""
18302
18877
"<emphasis>Instances:</emphasis> are used for service principals and special "
18303
18878
"administrative principals."
18304
18879
msgstr ""
18305
18880
18306
#: serverguide/C/network-auth.xml:2748(para)
18881
#: serverguide/C/network-auth.xml:2741(para)
18307
18882
msgid ""
18308
18883
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
18309
18884
"Kerberos installation. Think of it as the domain or group your hosts and "
18312
18887
"as the realm."
18313
18888
msgstr ""
18314
18889
18315
#: serverguide/C/network-auth.xml:2757(para)
18890
#: serverguide/C/network-auth.xml:2750(para)
18316
18891
msgid ""
18317
18892
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
18318
18893
"a database of all principals, the authentication server, and the ticket "
18319
18894
"granting server. For each realm there must be at least one KDC."
18320
18895
msgstr ""
18321
18896
18322
#: serverguide/C/network-auth.xml:2763(para)
18897
#: serverguide/C/network-auth.xml:2756(para)
18323
18898
msgid ""
18324
18899
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
18325
18900
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
18326
18901
"password which is known only to the user and the KDC."
18327
18902
msgstr ""
18328
18903
18329
#: serverguide/C/network-auth.xml:2769(para)
18904
#: serverguide/C/network-auth.xml:2762(para)
18330
18905
msgid ""
18331
18906
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
18332
18907
"clients upon request."
18333
18908
msgstr ""
18334
18909
18335
#: serverguide/C/network-auth.xml:2774(para)
18910
#: serverguide/C/network-auth.xml:2767(para)
18336
18911
msgid ""
18337
18912
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
18338
18913
"One principal being a user and the other a service requested by the user. "
18340
18915
"authenticated session."
18341
18916
msgstr ""
18342
18917
18343
#: serverguide/C/network-auth.xml:2780(para)
18918
#: serverguide/C/network-auth.xml:2773(para)
18344
18919
msgid ""
18345
18920
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
18346
18921
"principal database and contain the encryption key for a service or host."
18347
18922
msgstr ""
18348
18923
18349
#: serverguide/C/network-auth.xml:2787(para)
18924
#: serverguide/C/network-auth.xml:2780(para)
18350
18925
msgid ""
18351
18926
"To put the pieces together, a Realm has at least one KDC, preferably more "
18352
18927
"for redundancy, which contains a database of Principals. When a user "
18358
18933
"entering another username and password."
18359
18934
msgstr ""
18360
18935
18361
#: serverguide/C/network-auth.xml:2796(title)
18936
#: serverguide/C/network-auth.xml:2789(title)
18362
18937
msgid "Kerberos Server"
18363
18938
msgstr ""
18364
18939
18365
#: serverguide/C/network-auth.xml:2800(para)
18940
#: serverguide/C/network-auth.xml:2793(para)
18366
18941
msgid ""
18367
18942
"For this discussion, we will create a MIT Kerberos domain with the following "
18368
18943
"features (edit them to fit your needs):"
18369
18944
msgstr ""
18370
18945
18371
#: serverguide/C/network-auth.xml:2807(para)
18946
#: serverguide/C/network-auth.xml:2800(para)
18372
18947
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
18373
18948
msgstr ""
18374
18949
18375
#: serverguide/C/network-auth.xml:2812(para)
18950
#: serverguide/C/network-auth.xml:2805(para)
18376
18951
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
18377
18952
msgstr ""
18378
18953
18379
#: serverguide/C/network-auth.xml:2817(para)
18954
#: serverguide/C/network-auth.xml:2810(para)
18380
18955
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
18381
18956
msgstr ""
18382
18957
18383
#: serverguide/C/network-auth.xml:2822(para)
18958
#: serverguide/C/network-auth.xml:2815(para)
18384
18959
msgid "<emphasis>User principal:</emphasis> steve"
18385
18960
msgstr ""
18386
18961
18962
#: serverguide/C/network-auth.xml:2820(para)
18963
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
18964
msgstr ""
18965
18387
18966
#: serverguide/C/network-auth.xml:2827(para)
18388
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
18389
msgstr ""
18390
18391
#: serverguide/C/network-auth.xml:2834(para)
18392
18967
msgid ""
18393
18968
"It is <emphasis>strongly</emphasis> recommended that your network-"
18394
18969
"authenticated users have their uid in a different range (say, starting at "
18395
18970
"5000) than that of your local users."
18396
18971
msgstr ""
18397
18972
18398
#: serverguide/C/network-auth.xml:2840(para)
18973
#: serverguide/C/network-auth.xml:2833(para)
18399
18974
msgid ""
18400
18975
"Before installing the Kerberos server a properly configured DNS server is "
18401
18976
"needed for your domain. Since the Kerberos Realm by convention matches the "
18404
18979
"documentation."
18405
18980
msgstr ""
18406
18981
18407
#: serverguide/C/network-auth.xml:2846(para)
18982
#: serverguide/C/network-auth.xml:2839(para)
18408
18983
msgid ""
18409
18984
"Also, Kerberos is a time sensitive protocol. So if the local system time "
18410
18985
"between a client machine and the server differs by more than five minutes "
18414
18989
"setting up NTP see <xref linkend=\"NTP\"/>."
18415
18990
msgstr ""
18416
18991
18417
#: serverguide/C/network-auth.xml:2854(para)
18992
#: serverguide/C/network-auth.xml:2847(para)
18418
18993
msgid ""
18419
18994
"The first step in creating a Kerberos Realm is to install the "
18420
18995
"<application>krb5-kdc</application> and <application>krb5-admin-"
18421
18996
"server</application> packages. From a terminal enter:"
18422
18997
msgstr ""
18423
18998
18424
#: serverguide/C/network-auth.xml:2860(command) serverguide/C/network-auth.xml:3067(command)
18999
#: serverguide/C/network-auth.xml:2853(command) serverguide/C/network-auth.xml:3060(command)
18425
19000
msgid "sudo apt install krb5-kdc krb5-admin-server"
18426
19001
msgstr ""
18427
19002
18428
#: serverguide/C/network-auth.xml:2863(para)
19003
#: serverguide/C/network-auth.xml:2856(para)
18429
19004
msgid ""
18430
19005
"You will be asked at the end of the install to supply the hostname for the "
18431
19006
"Kerberos and Admin servers, which may or may not be the same server, for the "
18432
19007
"realm."
18433
19008
msgstr ""
18434
19009
18435
#: serverguide/C/network-auth.xml:2870(para)
19010
#: serverguide/C/network-auth.xml:2863(para)
18436
19011
msgid "By default the realm is created from the KDC's domain name."
18437
19012
msgstr ""
18438
19013
18439
#: serverguide/C/network-auth.xml:2875(para)
19014
#: serverguide/C/network-auth.xml:2868(para)
18440
19015
msgid ""
18441
19016
"Next, create the new realm with the <application>kdb5_newrealm</application> "
18442
19017
"utility:"
18443
19018
msgstr ""
18444
19019
18445
#: serverguide/C/network-auth.xml:2880(command)
19020
#: serverguide/C/network-auth.xml:2873(command)
18446
19021
msgid "sudo krb5_newrealm"
18447
19022
msgstr ""
18448
19023
18449
#: serverguide/C/network-auth.xml:2887(para)
19024
#: serverguide/C/network-auth.xml:2880(para)
18450
19025
msgid ""
18451
19026
"The questions asked during installation are used to configure the "
18452
19027
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
18456
19031
"typing"
18457
19032
msgstr ""
18458
19033
18459
#: serverguide/C/network-auth.xml:2894(command)
19034
#: serverguide/C/network-auth.xml:2887(command)
18460
19035
msgid "sudo dpkg-reconfigure krb5-kdc"
18461
19036
msgstr ""
18462
19037
18463
#: serverguide/C/network-auth.xml:2900(para)
19038
#: serverguide/C/network-auth.xml:2893(para)
18464
19039
msgid ""
18465
19040
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
18466
19041
"principal</emphasis> -- is needed. It is recommended to use a different "
18468
19043
"<application>kadmin.local</application> utility in a terminal prompt enter:"
18469
19044
msgstr ""
18470
19045
18471
#: serverguide/C/network-auth.xml:2908(command) serverguide/C/network-auth.xml:3778(command)
19046
#: serverguide/C/network-auth.xml:2901(command) serverguide/C/network-auth.xml:3771(command)
18472
19047
msgid "sudo kadmin.local"
18473
19048
msgstr ""
18474
19049
18475
#: serverguide/C/network-auth.xml:2909(computeroutput)
19050
#: serverguide/C/network-auth.xml:2902(computeroutput)
18476
19051
#, no-wrap
18477
19052
msgid ""
18478
19053
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
18479
19054
"kadmin.local:"
18480
19055
msgstr ""
18481
19056
18482
#: serverguide/C/network-auth.xml:2910(userinput)
19057
#: serverguide/C/network-auth.xml:2903(userinput)
18483
19058
#, no-wrap
18484
19059
msgid " addprinc steve/admin"
18485
19060
msgstr ""
18486
19061
18487
#: serverguide/C/network-auth.xml:2911(computeroutput)
19062
#: serverguide/C/network-auth.xml:2904(computeroutput)
18488
19063
#, no-wrap
18489
19064
msgid ""
18490
19065
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
18495
19070
"kadmin.local:"
18496
19071
msgstr ""
18497
19072
18498
#: serverguide/C/network-auth.xml:2915(userinput)
19073
#: serverguide/C/network-auth.xml:2908(userinput)
18499
19074
#, no-wrap
18500
19075
msgid " quit"
18501
19076
msgstr ""
18502
19077
18503
#: serverguide/C/network-auth.xml:2918(para)
19078
#: serverguide/C/network-auth.xml:2911(para)
18504
19079
msgid ""
18505
19080
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
18506
19081
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
18512
19087
"rights."
18513
19088
msgstr ""
18514
19089
18515
#: serverguide/C/network-auth.xml:2928(para)
19090
#: serverguide/C/network-auth.xml:2921(para)
18516
19091
msgid ""
18517
19092
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
18518
19093
"your Realm and admin username."
18519
19094
msgstr ""
18520
19095
18521
#: serverguide/C/network-auth.xml:2936(para)
19096
#: serverguide/C/network-auth.xml:2929(para)
18522
19097
msgid ""
18523
19098
"Next, the new admin user needs to have the appropriate Access Control List "
18524
19099
"(ACL) permissions. The permissions are configured in the "
18525
19100
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
18526
19101
msgstr ""
18527
19102
18528
#: serverguide/C/network-auth.xml:2941(programlisting)
19103
#: serverguide/C/network-auth.xml:2934(programlisting)
18529
19104
#, no-wrap
18530
19105
msgid ""
18531
19106
"\n"
18532
19107
"steve/admin@EXAMPLE.COM *\n"
18533
19108
msgstr ""
18534
19109
18535
#: serverguide/C/network-auth.xml:2945(para)
19110
#: serverguide/C/network-auth.xml:2938(para)
18536
19111
msgid ""
18537
19112
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
18538
19113
"any operation on all principals in the realm. You can configure principals "
18541
19116
"<emphasis>kadm5.acl</emphasis> man page for details."
18542
19117
msgstr ""
18543
19118
18544
#: serverguide/C/network-auth.xml:2957(para)
19119
#: serverguide/C/network-auth.xml:2950(para)
18545
19120
msgid ""
18546
19121
"Now restart the <application>krb5-admin-server</application> for the new ACL "
18547
19122
"to take affect:"
18548
19123
msgstr ""
18549
19124
18550
#: serverguide/C/network-auth.xml:2962(command)
19125
#: serverguide/C/network-auth.xml:2955(command)
18551
19126
msgid "sudo systemctl restart krb5-admin-server.service"
18552
19127
msgstr ""
18553
19128
18554
#: serverguide/C/network-auth.xml:2968(para)
19129
#: serverguide/C/network-auth.xml:2961(para)
18555
19130
msgid ""
18556
19131
"The new user principal can be tested using the <application>kinit "
18557
19132
"utility</application>:"
18558
19133
msgstr ""
18559
19134
18560
#: serverguide/C/network-auth.xml:2973(command)
19135
#: serverguide/C/network-auth.xml:2966(command)
18561
19136
msgid "kinit steve/admin"
18562
19137
msgstr ""
18563
19138
18564
#: serverguide/C/network-auth.xml:2974(computeroutput)
19139
#: serverguide/C/network-auth.xml:2967(computeroutput)
18565
19140
#, no-wrap
18566
19141
msgid "steve/admin@EXAMPLE.COM's Password:"
18567
19142
msgstr ""
18568
19143
18569
#: serverguide/C/network-auth.xml:2977(para)
19144
#: serverguide/C/network-auth.xml:2970(para)
18570
19145
msgid ""
18571
19146
"After entering the password, use the <application>klist</application> "
18572
19147
"utility to view information about the Ticket Granting Ticket (TGT):"
18573
19148
msgstr ""
18574
19149
18575
#: serverguide/C/network-auth.xml:2983(command) serverguide/C/network-auth.xml:3360(command)
19150
#: serverguide/C/network-auth.xml:2976(command) serverguide/C/network-auth.xml:3353(command)
18576
19151
msgid "klist"
18577
19152
msgstr ""
18578
19153
18579
#: serverguide/C/network-auth.xml:2984(computeroutput)
19154
#: serverguide/C/network-auth.xml:2977(computeroutput)
18580
19155
#, no-wrap
18581
19156
msgid ""
18582
19157
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
18586
19161
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
18587
19162
msgstr ""
18588
19163
18589
#: serverguide/C/network-auth.xml:2991(para)
19164
#: serverguide/C/network-auth.xml:2984(para)
18590
19165
msgid ""
18591
19166
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
18592
19167
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
18595
19170
"For example:"
18596
19171
msgstr ""
18597
19172
18598
#: serverguide/C/network-auth.xml:3000(programlisting)
19173
#: serverguide/C/network-auth.xml:2993(programlisting)
18599
19174
#, no-wrap
18600
19175
msgid ""
18601
19176
"\n"
18602
19177
"192.168.0.1 kdc01.example.com kdc01\n"
18603
19178
msgstr ""
18604
19179
18605
#: serverguide/C/network-auth.xml:3004(para)
19180
#: serverguide/C/network-auth.xml:2997(para)
18606
19181
msgid ""
18607
19182
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
18608
19183
"This usually happens when you have a Kerberos realm encompassing different "
18609
19184
"networks separated by routers."
18610
19185
msgstr ""
18611
19186
18612
#: serverguide/C/network-auth.xml:3013(para)
19187
#: serverguide/C/network-auth.xml:3006(para)
18613
19188
msgid ""
18614
19189
"The best way to allow clients to automatically determine the KDC for the "
18615
19190
"Realm is using DNS SRV records. Add the following to "
18616
19191
"<filename>/etc/named/db.example.com</filename>:"
18617
19192
msgstr ""
18618
19193
18619
#: serverguide/C/network-auth.xml:3019(programlisting)
19194
#: serverguide/C/network-auth.xml:3012(programlisting)
18620
19195
#, no-wrap
18621
19196
msgid ""
18622
19197
"\n"
18628
19203
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
18629
19204
msgstr ""
18630
19205
18631
#: serverguide/C/network-auth.xml:3029(para)
19206
#: serverguide/C/network-auth.xml:3022(para)
18632
19207
msgid ""
18633
19208
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
18634
19209
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
18635
19210
"KDC."
18636
19211
msgstr ""
18637
19212
19213
#: serverguide/C/network-auth.xml:3028(para)
19214
msgid ""
19215
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
19216
msgstr ""
19217
18638
19218
#: serverguide/C/network-auth.xml:3035(para)
18639
msgid ""
18640
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
18641
msgstr ""
18642
18643
#: serverguide/C/network-auth.xml:3042(para)
18644
19219
msgid "Your new Kerberos Realm is now ready to authenticate clients."
18645
19220
msgstr ""
18646
19221
18647
#: serverguide/C/network-auth.xml:3049(title)
19222
#: serverguide/C/network-auth.xml:3042(title)
18648
19223
msgid "Secondary KDC"
18649
19224
msgstr ""
18650
19225
18651
#: serverguide/C/network-auth.xml:3051(para)
19226
#: serverguide/C/network-auth.xml:3044(para)
18652
19227
msgid ""
18653
19228
"Once you have one Key Distribution Center (KDC) on your network, it is good "
18654
19229
"practice to have a Secondary KDC in case the primary becomes unavailable. "
18657
19232
"of those networks."
18658
19233
msgstr ""
18659
19234
18660
#: serverguide/C/network-auth.xml:3062(para)
19235
#: serverguide/C/network-auth.xml:3055(para)
18661
19236
msgid ""
18662
19237
"First, install the packages, and when asked for the Kerberos and Admin "
18663
19238
"server names enter the name of the Primary KDC:"
18664
19239
msgstr ""
18665
19240
18666
#: serverguide/C/network-auth.xml:3073(para)
19241
#: serverguide/C/network-auth.xml:3066(para)
18667
19242
msgid ""
18668
19243
"Once you have the packages installed, create the Secondary KDC's host "
18669
19244
"principal. From a terminal prompt, enter:"
18670
19245
msgstr ""
18671
19246
18672
#: serverguide/C/network-auth.xml:3078(command)
19247
#: serverguide/C/network-auth.xml:3071(command)
18673
19248
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
18674
19249
msgstr ""
18675
19250
18676
#: serverguide/C/network-auth.xml:3082(para)
19251
#: serverguide/C/network-auth.xml:3075(para)
18677
19252
msgid ""
18678
19253
"After, issuing any <application>kadmin</application> commands you will be "
18679
19254
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
18680
19255
"password."
18681
19256
msgstr ""
18682
19257
18683
#: serverguide/C/network-auth.xml:3091(para)
19258
#: serverguide/C/network-auth.xml:3084(para)
18684
19259
msgid "Extract the <emphasis>keytab</emphasis> file:"
18685
19260
msgstr ""
18686
19261
18687
#: serverguide/C/network-auth.xml:3096(command)
19262
#: serverguide/C/network-auth.xml:3089(command)
18688
19263
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
18689
19264
msgstr ""
18690
19265
18691
#: serverguide/C/network-auth.xml:3102(para)
19266
#: serverguide/C/network-auth.xml:3095(para)
18692
19267
msgid ""
18693
19268
"There should now be a <filename>keytab.kdc02</filename> in the current "
18694
19269
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
18695
19270
msgstr ""
18696
19271
18697
#: serverguide/C/network-auth.xml:3108(command)
19272
#: serverguide/C/network-auth.xml:3101(command)
18698
19273
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
18699
19274
msgstr ""
18700
19275
18701
#: serverguide/C/network-auth.xml:3112(para)
19276
#: serverguide/C/network-auth.xml:3105(para)
18702
19277
msgid ""
18703
19278
"If the path to the <filename>keytab.kdc02</filename> file is different "
18704
19279
"adjust accordingly."
18705
19280
msgstr ""
18706
19281
18707
#: serverguide/C/network-auth.xml:3117(para)
19282
#: serverguide/C/network-auth.xml:3110(para)
18708
19283
msgid ""
18709
19284
"Also, you can list the principals in a Keytab file, which can be useful when "
18710
19285
"troubleshooting, using the <application>klist</application> utility:"
18711
19286
msgstr ""
18712
19287
18713
#: serverguide/C/network-auth.xml:3123(command)
19288
#: serverguide/C/network-auth.xml:3116(command)
18714
19289
msgid "sudo klist -k /etc/krb5.keytab"
18715
19290
msgstr ""
18716
19291
19292
#: serverguide/C/network-auth.xml:3119(para)
19293
msgid ""
19294
"The <application>-k</application> option indicates the file is a keytab file."
19295
msgstr ""
19296
18717
19297
#: serverguide/C/network-auth.xml:3126(para)
18718
19298
msgid ""
18719
"The <application>-k</application> option indicates the file is a keytab file."
18720
msgstr ""
18721
18722
#: serverguide/C/network-auth.xml:3133(para)
18723
msgid ""
18724
19299
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
18725
19300
"that lists all KDCs for the Realm. For example, on both primary and "
18726
19301
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
18727
19302
msgstr ""
18728
19303
18729
#: serverguide/C/network-auth.xml:3138(programlisting)
19304
#: serverguide/C/network-auth.xml:3131(programlisting)
18730
19305
#, no-wrap
18731
19306
msgid ""
18732
19307
"\n"
18734
19309
"host/kdc02.example.com@EXAMPLE.COM\n"
18735
19310
msgstr ""
18736
19311
18737
#: serverguide/C/network-auth.xml:3146(para)
19312
#: serverguide/C/network-auth.xml:3139(para)
18738
19313
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
18739
19314
msgstr ""
18740
19315
18741
#: serverguide/C/network-auth.xml:3151(command)
19316
#: serverguide/C/network-auth.xml:3144(command)
18742
19317
msgid "sudo kdb5_util -s create"
18743
19318
msgstr ""
18744
19319
18745
#: serverguide/C/network-auth.xml:3157(para)
19320
#: serverguide/C/network-auth.xml:3150(para)
18746
19321
msgid ""
18747
19322
"Now start the <application>kpropd</application> daemon, which listens for "
18748
19323
"connections from the <application>kprop</application> utility. "
18749
19324
"<application>kprop</application> is used to transfer dump files:"
18750
19325
msgstr ""
18751
19326
18752
#: serverguide/C/network-auth.xml:3164(command)
19327
#: serverguide/C/network-auth.xml:3157(command)
18753
19328
msgid "sudo kpropd -S"
18754
19329
msgstr ""
18755
19330
18756
#: serverguide/C/network-auth.xml:3170(para)
19331
#: serverguide/C/network-auth.xml:3163(para)
18757
19332
msgid ""
18758
19333
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
18759
19334
"of the principal database:"
18760
19335
msgstr ""
18761
19336
18762
#: serverguide/C/network-auth.xml:3175(command)
19337
#: serverguide/C/network-auth.xml:3168(command)
18763
19338
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
18764
19339
msgstr ""
18765
19340
18766
#: serverguide/C/network-auth.xml:3181(para)
19341
#: serverguide/C/network-auth.xml:3174(para)
18767
19342
msgid ""
18768
19343
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
18769
19344
"<filename>/etc/krb5.keytab</filename>:"
18770
19345
msgstr ""
18771
19346
18772
#: serverguide/C/network-auth.xml:3186(command)
19347
#: serverguide/C/network-auth.xml:3179(command)
18773
19348
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
18774
19349
msgstr ""
18775
19350
18776
#: serverguide/C/network-auth.xml:3187(command)
19351
#: serverguide/C/network-auth.xml:3180(command)
18777
19352
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
18778
19353
msgstr ""
18779
19354
18780
#: serverguide/C/network-auth.xml:3191(para)
19355
#: serverguide/C/network-auth.xml:3184(para)
18781
19356
msgid ""
18782
19357
"Make sure there is a <emphasis>host</emphasis> for "
18783
19358
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
18784
19359
msgstr ""
18785
19360
18786
#: serverguide/C/network-auth.xml:3199(para)
19361
#: serverguide/C/network-auth.xml:3192(para)
18787
19362
msgid ""
18788
19363
"Using the <application>kprop</application> utility push the database to the "
18789
19364
"Secondary KDC:"
18790
19365
msgstr ""
18791
19366
18792
#: serverguide/C/network-auth.xml:3204(command)
19367
#: serverguide/C/network-auth.xml:3197(command)
18793
19368
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
18794
19369
msgstr ""
18795
19370
18796
#: serverguide/C/network-auth.xml:3208(para)
19371
#: serverguide/C/network-auth.xml:3201(para)
18797
19372
msgid ""
18798
19373
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
18799
19374
"worked. If there is an error message check "
18801
19376
"information."
18802
19377
msgstr ""
18803
19378
18804
#: serverguide/C/network-auth.xml:3214(para)
19379
#: serverguide/C/network-auth.xml:3207(para)
18805
19380
msgid ""
18806
19381
"You may also want to create a <application>cron</application> job to "
18807
19382
"periodically update the database on the Secondary KDC. For example, the "
18809
19384
"split to fit the format of this document):"
18810
19385
msgstr ""
18811
19386
18812
#: serverguide/C/network-auth.xml:3219(programlisting)
19387
#: serverguide/C/network-auth.xml:3212(programlisting)
18813
19388
#, no-wrap
18814
19389
msgid ""
18815
19390
"\n"
18818
19393
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
18819
19394
msgstr ""
18820
19395
18821
#: serverguide/C/network-auth.xml:3228(para)
19396
#: serverguide/C/network-auth.xml:3221(para)
18822
19397
msgid ""
18823
19398
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
18824
19399
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
18825
19400
msgstr ""
18826
19401
18827
#: serverguide/C/network-auth.xml:3234(command)
19402
#: serverguide/C/network-auth.xml:3227(command)
18828
19403
msgid "sudo kdb5_util stash"
18829
19404
msgstr ""
18830
19405
18831
#: serverguide/C/network-auth.xml:3240(para)
19406
#: serverguide/C/network-auth.xml:3233(para)
18832
19407
msgid ""
18833
19408
"Finally, start the <application>krb5-kdc</application> daemon on the "
18834
19409
"Secondary KDC:"
18835
19410
msgstr ""
18836
19411
18837
#: serverguide/C/network-auth.xml:3245(command) serverguide/C/network-auth.xml:3921(command)
19412
#: serverguide/C/network-auth.xml:3238(command) serverguide/C/network-auth.xml:3914(command)
18838
19413
msgid "sudo systemctl start krb5-kdc.service"
18839
19414
msgstr ""
18840
19415
18841
#: serverguide/C/network-auth.xml:3251(para)
19416
#: serverguide/C/network-auth.xml:3244(para)
18842
19417
msgid ""
18843
19418
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
18844
19419
"for the Realm. You can test this by stopping the <application>krb5-"
18849
19424
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
18850
19425
msgstr ""
18851
19426
18852
#: serverguide/C/network-auth.xml:3262(title)
19427
#: serverguide/C/network-auth.xml:3255(title)
18853
19428
msgid "Kerberos Linux Client"
18854
19429
msgstr ""
18855
19430
18856
#: serverguide/C/network-auth.xml:3264(para)
19431
#: serverguide/C/network-auth.xml:3257(para)
18857
19432
msgid ""
18858
19433
"This section covers configuring a Linux system as a "
18859
19434
"<application>Kerberos</application> client. This will allow access to any "
18860
19435
"kerberized services once a user has successfully logged into the system."
18861
19436
msgstr ""
18862
19437
18863
#: serverguide/C/network-auth.xml:3272(para)
19438
#: serverguide/C/network-auth.xml:3265(para)
18864
19439
msgid ""
18865
19440
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
18866
19441
"user</application> and <application>libpam-krb5</application> packages are "
18869
19444
"prompt:"
18870
19445
msgstr ""
18871
19446
18872
#: serverguide/C/network-auth.xml:3279(command)
19447
#: serverguide/C/network-auth.xml:3272(command)
18873
19448
msgid ""
18874
19449
"sudo apt install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
18875
19450
msgstr ""
18876
19451
18877
#: serverguide/C/network-auth.xml:3282(para)
19452
#: serverguide/C/network-auth.xml:3275(para)
18878
19453
msgid ""
18879
19454
"The <application>auth-client-config</application> package allows simple "
18880
19455
"configuration of PAM for authentication from multiple sources, and the "
18885
19460
"be accessed off the network as well."
18886
19461
msgstr ""
18887
19462
18888
#: serverguide/C/network-auth.xml:3293(para)
19463
#: serverguide/C/network-auth.xml:3286(para)
18889
19464
msgid "To configure the client in a terminal enter:"
18890
19465
msgstr ""
18891
19466
18892
#: serverguide/C/network-auth.xml:3298(command)
19467
#: serverguide/C/network-auth.xml:3291(command)
18893
19468
msgid "sudo dpkg-reconfigure krb5-config"
18894
19469
msgstr ""
18895
19470
18896
#: serverguide/C/network-auth.xml:3301(para)
19471
#: serverguide/C/network-auth.xml:3294(para)
18897
19472
msgid ""
18898
19473
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
18899
19474
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
18901
19476
"Center (KDC) and Realm Administration server."
18902
19477
msgstr ""
18903
19478
18904
#: serverguide/C/network-auth.xml:3307(para)
19479
#: serverguide/C/network-auth.xml:3300(para)
18905
19480
msgid ""
18906
19481
"The <application>dpkg-reconfigure</application> adds entries to the "
18907
19482
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
18908
19483
"entries similar to the following:"
18909
19484
msgstr ""
18910
19485
18911
#: serverguide/C/network-auth.xml:3312(programlisting)
19486
#: serverguide/C/network-auth.xml:3305(programlisting)
18912
19487
#, no-wrap
18913
19488
msgid ""
18914
19489
"\n"
18922
19497
" }\n"
18923
19498
msgstr ""
18924
19499
18925
#: serverguide/C/network-auth.xml:3324(para)
19500
#: serverguide/C/network-auth.xml:3317(para)
18926
19501
msgid ""
18927
19502
"If you set the uid of each of your network-authenticated users to start at "
18928
19503
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
18930
19505
"> 5000:"
18931
19506
msgstr ""
18932
19507
18933
#: serverguide/C/network-auth.xml:3332(command)
19508
#: serverguide/C/network-auth.xml:3325(command)
18934
19509
msgid ""
18935
19510
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
18936
19511
"for i in common-auth common-session common-account common-password; do sudo "
18938
19513
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
18939
19514
msgstr ""
18940
19515
18941
#: serverguide/C/network-auth.xml:3339(para)
19516
#: serverguide/C/network-auth.xml:3332(para)
18942
19517
msgid ""
18943
19518
"This will avoid being asked for the (non-existent) Kerberos password of a "
18944
19519
"locally authenticated user when changing its password using "
18945
19520
"<command>passwd</command>."
18946
19521
msgstr ""
18947
19522
18948
#: serverguide/C/network-auth.xml:3346(para)
19523
#: serverguide/C/network-auth.xml:3339(para)
18949
19524
msgid ""
18950
19525
"You can test the configuration by requesting a ticket using the "
18951
19526
"<application>kinit</application> utility. For example:"
18952
19527
msgstr ""
18953
19528
18954
#: serverguide/C/network-auth.xml:3351(command)
19529
#: serverguide/C/network-auth.xml:3344(command)
18955
19530
msgid "kinit steve@EXAMPLE.COM"
18956
19531
msgstr ""
18957
19532
18958
#: serverguide/C/network-auth.xml:3352(computeroutput)
19533
#: serverguide/C/network-auth.xml:3345(computeroutput)
18959
19534
#, no-wrap
18960
19535
msgid "Password for steve@EXAMPLE.COM:"
18961
19536
msgstr ""
18962
19537
18963
#: serverguide/C/network-auth.xml:3355(para)
19538
#: serverguide/C/network-auth.xml:3348(para)
18964
19539
msgid ""
18965
19540
"When a ticket has been granted, the details can be viewed using "
18966
19541
"<application>klist</application>:"
18967
19542
msgstr ""
18968
19543
18969
#: serverguide/C/network-auth.xml:3361(computeroutput)
19544
#: serverguide/C/network-auth.xml:3354(computeroutput)
18970
19545
#, no-wrap
18971
19546
msgid ""
18972
19547
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
18981
19556
"klist: You have no tickets cached"
18982
19557
msgstr ""
18983
19558
18984
#: serverguide/C/network-auth.xml:3373(para)
19559
#: serverguide/C/network-auth.xml:3366(para)
18985
19560
msgid ""
18986
19561
"Next, use the <application>auth-client-config</application> to configure the "
18987
19562
"<application>libpam-krb5</application> module to request a ticket during "
18988
19563
"login:"
18989
19564
msgstr ""
18990
19565
18991
#: serverguide/C/network-auth.xml:3379(command)
19566
#: serverguide/C/network-auth.xml:3372(command)
18992
19567
msgid "sudo auth-client-config -a -p kerberos_example"
18993
19568
msgstr ""
18994
19569
18995
#: serverguide/C/network-auth.xml:3382(para)
19570
#: serverguide/C/network-auth.xml:3375(para)
18996
19571
msgid ""
18997
19572
"You will should now receive a ticket upon successful login authentication."
18998
19573
msgstr ""
18999
19574
19000
#: serverguide/C/network-auth.xml:3393(para)
19575
#: serverguide/C/network-auth.xml:3386(para)
19001
19576
msgid ""
19002
19577
"For more information on MIT's version of Kerberos, see the <ulink "
19003
19578
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
19004
19579
msgstr ""
19005
19580
19006
#: serverguide/C/network-auth.xml:3398(para)
19581
#: serverguide/C/network-auth.xml:3391(para)
19007
19582
msgid ""
19008
19583
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
19009
19584
"Kerberos</ulink> page has more details."
19010
19585
msgstr ""
19011
19586
19012
#: serverguide/C/network-auth.xml:3403(para)
19587
#: serverguide/C/network-auth.xml:3396(para)
19013
19588
msgid ""
19014
19589
"O'Reilly's <ulink "
19015
19590
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
19016
19591
"Guide</ulink> is a great reference when setting up Kerberos."
19017
19592
msgstr ""
19018
19593
19019
#: serverguide/C/network-auth.xml:3409(para)
19594
#: serverguide/C/network-auth.xml:3402(para)
19020
19595
msgid ""
19021
19596
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
19022
19597
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
19023
19598
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
19024
19599
msgstr ""
19025
19600
19026
#: serverguide/C/network-auth.xml:3421(title)
19601
#: serverguide/C/network-auth.xml:3414(title)
19027
19602
msgid "Kerberos and LDAP"
19028
19603
msgstr ""
19029
19604
19030
#: serverguide/C/network-auth.xml:3423(para)
19605
#: serverguide/C/network-auth.xml:3416(para)
19031
19606
msgid ""
19032
19607
"Most people will not use Kerberos by itself; once an user is authenticated "
19033
19608
"(Kerberos), we need to figure out what this user can do (authorization). And "
19034
19609
"that would be the job of programs such as <application>LDAP</application>."
19035
19610
msgstr ""
19036
19611
19037
#: serverguide/C/network-auth.xml:3430(para)
19612
#: serverguide/C/network-auth.xml:3423(para)
19038
19613
msgid ""
19039
19614
"Replicating a Kerberos principal database between two servers can be "
19040
19615
"complicated, and adds an additional user database to your network. "
19044
19619
"<application>OpenLDAP</application> for the principal database."
19045
19620
msgstr ""
19046
19621
19047
#: serverguide/C/network-auth.xml:3438(para)
19622
#: serverguide/C/network-auth.xml:3431(para)
19048
19623
msgid ""
19049
19624
"The examples presented here assume <application>MIT Kerberos</application> "
19050
19625
"and <application>OpenLDAP</application>."
19051
19626
msgstr ""
19052
19627
19053
#: serverguide/C/network-auth.xml:3446(title)
19628
#: serverguide/C/network-auth.xml:3439(title)
19054
19629
msgid "Configuring OpenLDAP"
19055
19630
msgstr ""
19056
19631
19057
#: serverguide/C/network-auth.xml:3448(para)
19632
#: serverguide/C/network-auth.xml:3441(para)
19058
19633
msgid ""
19059
19634
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
19060
19635
"<application>OpenLDAP</application> server that has network connectivity to "
19063
19638
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
19064
19639
msgstr ""
19065
19640
19066
#: serverguide/C/network-auth.xml:3454(para)
19641
#: serverguide/C/network-auth.xml:3447(para)
19067
19642
msgid ""
19068
19643
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
19069
19644
"that traffic between the KDC and LDAP server is encrypted. See <xref "
19070
19645
"linkend=\"openldap-tls\"/> for details."
19071
19646
msgstr ""
19072
19647
19073
#: serverguide/C/network-auth.xml:3460(para)
19648
#: serverguide/C/network-auth.xml:3453(para)
19074
19649
msgid ""
19075
19650
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
19076
19651
"edit the ldap database. Many times it is the RootDN. Change its value to "
19077
19652
"reflect your setup."
19078
19653
msgstr ""
19079
19654
19080
#: serverguide/C/network-auth.xml:3469(para)
19655
#: serverguide/C/network-auth.xml:3462(para)
19081
19656
msgid ""
19082
19657
"To load the schema into LDAP, on the LDAP server install the "
19083
19658
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
19084
19659
msgstr ""
19085
19660
19086
#: serverguide/C/network-auth.xml:3475(command)
19661
#: serverguide/C/network-auth.xml:3468(command)
19087
19662
msgid "sudo apt install krb5-kdc-ldap"
19088
19663
msgstr ""
19089
19664
19090
#: serverguide/C/network-auth.xml:3480(para)
19665
#: serverguide/C/network-auth.xml:3473(para)
19091
19666
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
19092
19667
msgstr ""
19093
19668
19094
#: serverguide/C/network-auth.xml:3485(command)
19669
#: serverguide/C/network-auth.xml:3478(command)
19095
19670
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
19096
19671
msgstr ""
19097
19672
19098
#: serverguide/C/network-auth.xml:3486(command)
19673
#: serverguide/C/network-auth.xml:3479(command)
19099
19674
msgid ""
19100
19675
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
19101
19676
msgstr ""
19102
19677
19103
#: serverguide/C/network-auth.xml:3492(para)
19678
#: serverguide/C/network-auth.xml:3485(para)
19104
19679
msgid ""
19105
19680
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
19106
19681
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
19108
19683
"linkend=\"openldap-configuration\"/>."
19109
19684
msgstr ""
19110
19685
19111
#: serverguide/C/network-auth.xml:3500(para)
19686
#: serverguide/C/network-auth.xml:3493(para)
19112
19687
msgid ""
19113
19688
"First, create a configuration file named "
19114
19689
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
19115
19690
"containing the following lines:"
19116
19691
msgstr ""
19117
19692
19118
#: serverguide/C/network-auth.xml:3505(programlisting)
19693
#: serverguide/C/network-auth.xml:3498(programlisting)
19119
19694
#, no-wrap
19120
19695
msgid ""
19121
19696
"\n"
19134
19709
"include /etc/ldap/schema/kerberos.schema\n"
19135
19710
msgstr ""
19136
19711
19137
#: serverguide/C/network-auth.xml:3525(para)
19712
#: serverguide/C/network-auth.xml:3518(para)
19138
19713
msgid "Create a temporary directory to hold the LDIF files:"
19139
19714
msgstr ""
19140
19715
19141
#: serverguide/C/network-auth.xml:3529(command)
19716
#: serverguide/C/network-auth.xml:3522(command)
19142
19717
msgid "mkdir /tmp/ldif_output"
19143
19718
msgstr ""
19144
19719
19145
#: serverguide/C/network-auth.xml:3535(para)
19720
#: serverguide/C/network-auth.xml:3528(para)
19146
19721
msgid ""
19147
19722
"Now use <application>slapcat</application> to convert the schema files:"
19148
19723
msgstr ""
19149
19724
19150
#: serverguide/C/network-auth.xml:3540(command)
19725
#: serverguide/C/network-auth.xml:3533(command)
19151
19726
msgid ""
19152
19727
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
19153
19728
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
19154
19729
msgstr ""
19155
19730
19731
#: serverguide/C/network-auth.xml:3537(para)
19732
msgid ""
19733
"Change the above file and path names to match your own if they are different."
19734
msgstr ""
19735
19156
19736
#: serverguide/C/network-auth.xml:3544(para)
19157
19737
msgid ""
19158
"Change the above file and path names to match your own if they are different."
19159
msgstr ""
19160
19161
#: serverguide/C/network-auth.xml:3551(para)
19162
msgid ""
19163
19738
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
19164
19739
"changing the following attributes:"
19165
19740
msgstr ""
19166
19741
19167
#: serverguide/C/network-auth.xml:3555(programlisting)
19742
#: serverguide/C/network-auth.xml:3548(programlisting)
19168
19743
#, no-wrap
19169
19744
msgid ""
19170
19745
"\n"
19173
19748
"cn: kerberos\n"
19174
19749
msgstr ""
19175
19750
19176
#: serverguide/C/network-auth.xml:3561(para)
19751
#: serverguide/C/network-auth.xml:3554(para)
19177
19752
msgid "And remove the following lines from the end of the file:"
19178
19753
msgstr ""
19179
19754
19180
#: serverguide/C/network-auth.xml:3565(programlisting)
19755
#: serverguide/C/network-auth.xml:3558(programlisting)
19181
19756
#, no-wrap
19182
19757
msgid ""
19183
19758
"\n"
19190
19765
"modifyTimestamp: 20090111203515Z\n"
19191
19766
msgstr ""
19192
19767
19768
#: serverguide/C/network-auth.xml:3568(para)
19769
msgid ""
19770
"The attribute values will vary, just be sure the attributes are removed."
19771
msgstr ""
19772
19193
19773
#: serverguide/C/network-auth.xml:3575(para)
19194
msgid ""
19195
"The attribute values will vary, just be sure the attributes are removed."
19196
msgstr ""
19197
19198
#: serverguide/C/network-auth.xml:3582(para)
19199
19774
msgid "Load the new schema with <application>ldapadd</application>:"
19200
19775
msgstr ""
19201
19776
19202
#: serverguide/C/network-auth.xml:3587(command)
19777
#: serverguide/C/network-auth.xml:3580(command)
19203
19778
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
19204
19779
msgstr ""
19205
19780
19206
#: serverguide/C/network-auth.xml:3593(para)
19781
#: serverguide/C/network-auth.xml:3586(para)
19207
19782
msgid ""
19208
19783
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
19209
19784
msgstr ""
19210
19785
19211
#: serverguide/C/network-auth.xml:3598(command) serverguide/C/network-auth.xml:3615(command)
19786
#: serverguide/C/network-auth.xml:3591(command) serverguide/C/network-auth.xml:3608(command)
19212
19787
msgid "ldapmodify -x -D cn=admin,cn=config -W"
19213
19788
msgstr ""
19214
19789
19215
#: serverguide/C/network-auth.xml:3600(userinput)
19790
#: serverguide/C/network-auth.xml:3593(userinput)
19216
19791
#, no-wrap
19217
19792
msgid ""
19218
19793
"dn: olcDatabase={1}hdb,cn=config\n"
19220
19795
"olcDbIndex: krbPrincipalName eq,pres,sub"
19221
19796
msgstr ""
19222
19797
19223
#: serverguide/C/network-auth.xml:3599(computeroutput)
19798
#: serverguide/C/network-auth.xml:3592(computeroutput)
19224
19799
#, no-wrap
19225
19800
msgid ""
19226
19801
"Enter LDAP Password:\n"
19229
19804
"modifying entry \"olcDatabase={1}hdb,cn=config\""
19230
19805
msgstr ""
19231
19806
19232
#: serverguide/C/network-auth.xml:3610(para)
19807
#: serverguide/C/network-auth.xml:3603(para)
19233
19808
msgid "Finally, update the Access Control Lists (ACL):"
19234
19809
msgstr ""
19235
19810
19236
#: serverguide/C/network-auth.xml:3617(userinput)
19811
#: serverguide/C/network-auth.xml:3610(userinput)
19237
19812
#, no-wrap
19238
19813
msgid ""
19239
19814
"dn: olcDatabase={1}hdb,cn=config\n"
19249
19824
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
19250
19825
msgstr ""
19251
19826
19252
#: serverguide/C/network-auth.xml:3616(computeroutput)
19827
#: serverguide/C/network-auth.xml:3609(computeroutput)
19253
19828
#, no-wrap
19254
19829
msgid ""
19255
19830
"Enter LDAP Password: \n"
19258
19833
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
19259
19834
msgstr ""
19260
19835
19261
#: serverguide/C/network-auth.xml:3637(para)
19836
#: serverguide/C/network-auth.xml:3630(para)
19262
19837
msgid ""
19263
19838
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
19264
19839
"database."
19265
19840
msgstr ""
19266
19841
19267
#: serverguide/C/network-auth.xml:3643(title)
19842
#: serverguide/C/network-auth.xml:3636(title)
19268
19843
msgid "Primary KDC Configuration"
19269
19844
msgstr ""
19270
19845
19271
#: serverguide/C/network-auth.xml:3645(para)
19846
#: serverguide/C/network-auth.xml:3638(para)
19272
19847
msgid ""
19273
19848
"With <application>OpenLDAP</application> configured it is time to configure "
19274
19849
"the KDC."
19275
19850
msgstr ""
19276
19851
19277
#: serverguide/C/network-auth.xml:3651(para)
19852
#: serverguide/C/network-auth.xml:3644(para)
19278
19853
msgid "First, install the necessary packages, from a terminal enter:"
19279
19854
msgstr ""
19280
19855
19281
#: serverguide/C/network-auth.xml:3656(command) serverguide/C/network-auth.xml:3815(command)
19856
#: serverguide/C/network-auth.xml:3649(command) serverguide/C/network-auth.xml:3808(command)
19282
19857
msgid "sudo apt install krb5-kdc krb5-admin-server krb5-kdc-ldap"
19283
19858
msgstr ""
19284
19859
19285
#: serverguide/C/network-auth.xml:3662(para)
19860
#: serverguide/C/network-auth.xml:3655(para)
19286
19861
msgid ""
19287
19862
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
19288
19863
"under the appropriate sections:"
19289
19864
msgstr ""
19290
19865
19291
#: serverguide/C/network-auth.xml:3666(programlisting)
19866
#: serverguide/C/network-auth.xml:3659(programlisting)
19292
19867
#, no-wrap
19293
19868
msgid ""
19294
19869
"\n"
19338
19913
" }\n"
19339
19914
msgstr ""
19340
19915
19341
#: serverguide/C/network-auth.xml:3711(para)
19916
#: serverguide/C/network-auth.xml:3704(para)
19342
19917
msgid ""
19343
19918
"Change <emphasis>example.com</emphasis>, "
19344
19919
"<emphasis>dc=example,dc=com</emphasis>, "
19347
19922
"object, and LDAP server for your network."
19348
19923
msgstr ""
19349
19924
19350
#: serverguide/C/network-auth.xml:3720(para)
19925
#: serverguide/C/network-auth.xml:3713(para)
19351
19926
msgid ""
19352
19927
"Next, use the <application>kdb5_ldap_util</application> utility to create "
19353
19928
"the realm:"
19354
19929
msgstr ""
19355
19930
19356
#: serverguide/C/network-auth.xml:3725(command)
19931
#: serverguide/C/network-auth.xml:3718(command)
19357
19932
msgid ""
19358
19933
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
19359
19934
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
19360
19935
msgstr ""
19361
19936
19362
#: serverguide/C/network-auth.xml:3732(para)
19937
#: serverguide/C/network-auth.xml:3725(para)
19363
19938
msgid ""
19364
19939
"Create a stash of the password used to bind to the LDAP server. This "
19365
19940
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
19367
19942
"<filename>/etc/krb5.conf</filename>:"
19368
19943
msgstr ""
19369
19944
19370
#: serverguide/C/network-auth.xml:3738(command) serverguide/C/network-auth.xml:3877(command)
19945
#: serverguide/C/network-auth.xml:3731(command) serverguide/C/network-auth.xml:3870(command)
19371
19946
msgid ""
19372
19947
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
19373
19948
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
19374
19949
msgstr ""
19375
19950
19376
#: serverguide/C/network-auth.xml:3745(para)
19951
#: serverguide/C/network-auth.xml:3738(para)
19377
19952
msgid "Copy the CA certificate from the LDAP server:"
19378
19953
msgstr ""
19379
19954
19380
#: serverguide/C/network-auth.xml:3750(command)
19955
#: serverguide/C/network-auth.xml:3743(command)
19381
19956
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
19382
19957
msgstr ""
19383
19958
19384
#: serverguide/C/network-auth.xml:3751(command)
19959
#: serverguide/C/network-auth.xml:3744(command)
19385
19960
msgid "sudo cp cacert.pem /etc/ssl/certs"
19386
19961
msgstr ""
19387
19962
19388
#: serverguide/C/network-auth.xml:3754(para)
19963
#: serverguide/C/network-auth.xml:3747(para)
19389
19964
msgid ""
19390
19965
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
19391
19966
msgstr ""
19392
19967
19393
#: serverguide/C/network-auth.xml:3758(programlisting)
19968
#: serverguide/C/network-auth.xml:3751(programlisting)
19394
19969
#, no-wrap
19395
19970
msgid ""
19396
19971
"\n"
19397
19972
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
19398
19973
msgstr ""
19399
19974
19400
#: serverguide/C/network-auth.xml:3763(para)
19975
#: serverguide/C/network-auth.xml:3756(para)
19401
19976
msgid ""
19402
19977
"The certificate will also need to be copied to the Secondary KDC, to allow "
19403
19978
"the connection to the LDAP servers using LDAPS."
19404
19979
msgstr ""
19405
19980
19406
#: serverguide/C/network-auth.xml:3772(para)
19981
#: serverguide/C/network-auth.xml:3765(para)
19407
19982
msgid ""
19408
19983
"You can now add Kerberos principals to the LDAP database, and they will be "
19409
19984
"copied to any other LDAP servers configured for replication. To add a "
19410
19985
"principal using the <application>kadmin.local</application> utility enter:"
19411
19986
msgstr ""
19412
19987
19413
#: serverguide/C/network-auth.xml:3780(userinput)
19988
#: serverguide/C/network-auth.xml:3773(userinput)
19414
19989
#, no-wrap
19415
19990
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
19416
19991
msgstr ""
19417
19992
19418
#: serverguide/C/network-auth.xml:3779(computeroutput)
19993
#: serverguide/C/network-auth.xml:3772(computeroutput)
19419
19994
#, no-wrap
19420
19995
msgid ""
19421
19996
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
19426
20001
"Principal \"steve@EXAMPLE.COM\" created."
19427
20002
msgstr ""
19428
20003
19429
#: serverguide/C/network-auth.xml:3787(para)
20004
#: serverguide/C/network-auth.xml:3780(para)
19430
20005
msgid ""
19431
20006
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
19432
20007
"krbExtraData attributes added to the "
19435
20010
"utilities to test that the user is indeed issued a ticket."
19436
20011
msgstr ""
19437
20012
19438
#: serverguide/C/network-auth.xml:3794(para)
20013
#: serverguide/C/network-auth.xml:3787(para)
19439
20014
msgid ""
19440
20015
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
19441
20016
"option is needed to add the Kerberos attributes. Otherwise a new "
19442
20017
"<emphasis>principal</emphasis> object will be created in the realm subtree."
19443
20018
msgstr ""
19444
20019
19445
#: serverguide/C/network-auth.xml:3802(title)
20020
#: serverguide/C/network-auth.xml:3795(title)
19446
20021
msgid "Secondary KDC Configuration"
19447
20022
msgstr ""
19448
20023
19449
#: serverguide/C/network-auth.xml:3804(para)
20024
#: serverguide/C/network-auth.xml:3797(para)
19450
20025
msgid ""
19451
20026
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
19452
20027
"one using the normal Kerberos database."
19453
20028
msgstr ""
19454
20029
19455
#: serverguide/C/network-auth.xml:3810(para)
20030
#: serverguide/C/network-auth.xml:3803(para)
19456
20031
msgid "First, install the necessary packages. In a terminal enter:"
19457
20032
msgstr ""
19458
20033
19459
#: serverguide/C/network-auth.xml:3821(para)
20034
#: serverguide/C/network-auth.xml:3814(para)
19460
20035
msgid ""
19461
20036
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
19462
20037
msgstr ""
19463
20038
19464
#: serverguide/C/network-auth.xml:3825(programlisting)
20039
#: serverguide/C/network-auth.xml:3818(programlisting)
19465
20040
#, no-wrap
19466
20041
msgid ""
19467
20042
"\n"
19510
20085
" }\n"
19511
20086
msgstr ""
19512
20087
19513
#: serverguide/C/network-auth.xml:3872(para)
20088
#: serverguide/C/network-auth.xml:3865(para)
19514
20089
msgid "Create the stash for the LDAP bind password:"
19515
20090
msgstr ""
19516
20091
19517
#: serverguide/C/network-auth.xml:3884(para)
20092
#: serverguide/C/network-auth.xml:3877(para)
19518
20093
msgid ""
19519
20094
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
19520
20095
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
19523
20098
"media."
19524
20099
msgstr ""
19525
20100
19526
#: serverguide/C/network-auth.xml:3891(command)
20101
#: serverguide/C/network-auth.xml:3884(command)
19527
20102
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
19528
20103
msgstr ""
19529
20104
19530
#: serverguide/C/network-auth.xml:3892(command)
20105
#: serverguide/C/network-auth.xml:3885(command)
19531
20106
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
19532
20107
msgstr ""
19533
20108
19534
#: serverguide/C/network-auth.xml:3896(para)
20109
#: serverguide/C/network-auth.xml:3889(para)
19535
20110
msgid ""
19536
20111
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
19537
20112
msgstr ""
19538
20113
19539
#: serverguide/C/network-auth.xml:3904(para)
20114
#: serverguide/C/network-auth.xml:3897(para)
19540
20115
msgid ""
19541
20116
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
19542
20117
"only,"
19543
20118
msgstr ""
19544
20119
19545
#: serverguide/C/network-auth.xml:3916(para)
20120
#: serverguide/C/network-auth.xml:3909(para)
19546
20121
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
19547
20122
msgstr ""
19548
20123
20124
#: serverguide/C/network-auth.xml:3920(para)
20125
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
20126
msgstr ""
20127
19549
20128
#: serverguide/C/network-auth.xml:3927(para)
19550
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
19551
msgstr ""
19552
19553
#: serverguide/C/network-auth.xml:3934(para)
19554
20129
msgid ""
19555
20130
"You now have redundant KDCs on your network, and with redundant LDAP servers "
19556
20131
"you should be able to continue to authenticate users if one LDAP server, one "
19557
20132
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
19558
20133
msgstr ""
19559
20134
19560
#: serverguide/C/network-auth.xml:3946(para)
20135
#: serverguide/C/network-auth.xml:3939(para)
19561
20136
msgid ""
19562
20137
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
19563
20138
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
19564
20139
"Guide</ulink> has some additional details."
19565
20140
msgstr ""
19566
20141
19567
#: serverguide/C/network-auth.xml:3952(para)
20142
#: serverguide/C/network-auth.xml:3945(para)
19568
20143
msgid ""
19569
20144
"For more information on <application>kdb5_ldap_util</application> see <ulink "
19570
20145
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
19574
20149
"l\">kdb5_ldap_util man page</ulink>."
19575
20150
msgstr ""
19576
20151
19577
#: serverguide/C/network-auth.xml:3960(para)
20152
#: serverguide/C/network-auth.xml:3953(para)
19578
20153
msgid ""
19579
20154
"Another useful link is the <ulink "
19580
20155
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/krb5.conf.5.html\">k"
19581
20156
"rb5.conf man page</ulink>."
19582
20157
msgstr ""
19583
20158
19584
#: serverguide/C/network-auth.xml:3965(para)
20159
#: serverguide/C/network-auth.xml:3958(para)
19585
20160
msgid ""
19586
20161
"Also, see the <ulink "
19587
20162
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
19588
20163
"and LDAP</ulink> Ubuntu wiki page."
19589
20164
msgstr ""
19590
20165
19591
#: serverguide/C/network-auth.xml:3974(title)
20166
#: serverguide/C/network-auth.xml:3967(title)
19592
20167
msgid "SSSD and Active Directory"
19593
20168
msgstr ""
19594
20169
19595
#: serverguide/C/network-auth.xml:3975(para)
20170
#: serverguide/C/network-auth.xml:3968(para)
19596
20171
msgid ""
19597
20172
"This section describes the use of sssd to authenticate user logins against "
19598
20173
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
19603
20178
"requires no modifications to the AD structure."
19604
20179
msgstr ""
19605
20180
19606
#: serverguide/C/network-auth.xml:3979(title)
20181
#: serverguide/C/network-auth.xml:3972(title)
19607
20182
msgid "Prerequisites, Assumptions, and Requirements"
19608
20183
msgstr ""
19609
20184
19610
#: serverguide/C/network-auth.xml:3982(para)
20185
#: serverguide/C/network-auth.xml:3975(para)
19611
20186
msgid ""
19612
20187
"This guide does not explain Active Directory, how it works, how to set one "
19613
20188
"up, or how to maintain it. It may not provide <quote>best practices</quote> "
19614
20189
"for your environment."
19615
20190
msgstr ""
19616
20191
19617
#: serverguide/C/network-auth.xml:3984(para)
20192
#: serverguide/C/network-auth.xml:3977(para)
19618
20193
msgid ""
19619
20194
"This guide assumes that a working Active Directory domain is already "
19620
20195
"configured."
19621
20196
msgstr ""
19622
20197
19623
#: serverguide/C/network-auth.xml:3986(para)
20198
#: serverguide/C/network-auth.xml:3979(para)
19624
20199
msgid ""
19625
20200
"The domain controller is acting as an authoritative DNS server for the "
19626
20201
"domain."
19627
20202
msgstr ""
19628
20203
19629
#: serverguide/C/network-auth.xml:3988(para)
20204
#: serverguide/C/network-auth.xml:3981(para)
19630
20205
msgid ""
19631
20206
"The domain controller is the primary DNS resolver as specified in "
19632
20207
"<filename>/etc/resolv.conf</filename>."
19633
20208
msgstr ""
19634
20209
19635
#: serverguide/C/network-auth.xml:3991(para)
20210
#: serverguide/C/network-auth.xml:3984(para)
19636
20211
msgid ""
19637
20212
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
19638
20213
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
19639
20214
"(see Resources section for external links)."
19640
20215
msgstr ""
19641
20216
19642
#: serverguide/C/network-auth.xml:3993(para)
20217
#: serverguide/C/network-auth.xml:3986(para)
19643
20218
msgid ""
19644
20219
"System time is synchronized on the domain controller (necessary for "
19645
20220
"Kerberos)."
19646
20221
msgstr ""
19647
20222
19648
#: serverguide/C/network-auth.xml:3995(para)
20223
#: serverguide/C/network-auth.xml:3988(para)
19649
20224
msgid ""
19650
20225
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
19651
20226
"."
19652
20227
msgstr ""
19653
20228
19654
#: serverguide/C/network-auth.xml:4000(para)
20229
#: serverguide/C/network-auth.xml:3993(para)
19655
20230
msgid ""
19656
20231
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
19657
20232
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
19660
20235
"controllers are needed for this step."
19661
20236
msgstr ""
19662
20237
19663
#: serverguide/C/network-auth.xml:4001(para)
20238
#: serverguide/C/network-auth.xml:3994(para)
19664
20239
msgid "Install these packages now."
19665
20240
msgstr ""
19666
20241
19667
#: serverguide/C/network-auth.xml:4003(command)
20242
#: serverguide/C/network-auth.xml:3996(command)
19668
20243
msgid "sudo apt install krb5-user samba sssd ntp"
19669
20244
msgstr ""
19670
20245
19671
#: serverguide/C/network-auth.xml:4004(para)
20246
#: serverguide/C/network-auth.xml:3997(para)
19672
20247
msgid ""
19673
20248
"See the next section for the answers to the questions asked by the "
19674
20249
"<emphasis>krb5-user</emphasis> postinstall script."
19675
20250
msgstr ""
19676
20251
19677
#: serverguide/C/network-auth.xml:4007(title)
20252
#: serverguide/C/network-auth.xml:4000(title)
19678
20253
msgid "Kerberos Configuration"
19679
20254
msgstr ""
19680
20255
19681
#: serverguide/C/network-auth.xml:4008(para)
20256
#: serverguide/C/network-auth.xml:4001(para)
19682
20257
msgid ""
19683
20258
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
19684
20259
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
19688
20263
"not, then both are needed."
19689
20264
msgstr ""
19690
20265
19691
#: serverguide/C/network-auth.xml:4009(para)
20266
#: serverguide/C/network-auth.xml:4002(para)
19692
20267
msgid ""
19693
20268
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
19694
20269
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
19695
20270
msgstr ""
19696
20271
19697
#: serverguide/C/network-auth.xml:4012(para)
20272
#: serverguide/C/network-auth.xml:4005(para)
19698
20273
msgid ""
19699
20274
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
19700
20275
"settings to specify Kerberos ticket lifetime (these values are safe to use "
19701
20276
"as defaults):"
19702
20277
msgstr ""
19703
20278
19704
#: serverguide/C/network-auth.xml:4013(programlisting)
20279
#: serverguide/C/network-auth.xml:4006(programlisting)
19705
20280
#, no-wrap
19706
20281
msgid ""
19707
20282
"\n"
19713
20288
"\t\t"
19714
20289
msgstr ""
19715
20290
19716
#: serverguide/C/network-auth.xml:4021(para)
20291
#: serverguide/C/network-auth.xml:4014(para)
19717
20292
msgid ""
19718
20293
"If default_realm is not specified, it may be necessary to log in with "
19719
20294
"<quote>username@domain</quote> instead of <quote>username</quote>."
19720
20295
msgstr ""
19721
20296
19722
#: serverguide/C/network-auth.xml:4023(para)
20297
#: serverguide/C/network-auth.xml:4016(para)
19723
20298
msgid ""
19724
20299
"The system time on the Active Directory member needs to be consistent with "
19725
20300
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
19727
20302
"<filename>/etc/ntp.conf</filename>:"
19728
20303
msgstr ""
19729
20304
19730
#: serverguide/C/network-auth.xml:4025(programlisting)
20305
#: serverguide/C/network-auth.xml:4018(programlisting)
19731
20306
#, no-wrap
19732
20307
msgid ""
19733
20308
"\n"
19734
20309
"server dc.myubuntu.example.com\n"
19735
20310
msgstr ""
19736
20311
19737
#: serverguide/C/network-auth.xml:4032(para)
20312
#: serverguide/C/network-auth.xml:4025(para)
19738
20313
msgid ""
19739
20314
"Samba will be used to perform netbios/nmbd services related to Active "
19740
20315
"Directory authentication, even if no file shares are exported. Edit the file "
19742
20317
"<emphasis>[global]</emphasis> section:"
19743
20318
msgstr ""
19744
20319
19745
#: serverguide/C/network-auth.xml:4034(programlisting)
20320
#: serverguide/C/network-auth.xml:4027(programlisting)
19746
20321
#, no-wrap
19747
20322
msgid ""
19748
20323
"\n"
19756
20331
"security = ads\n"
19757
20332
msgstr ""
19758
20333
19759
#: serverguide/C/network-auth.xml:4045(para)
20334
#: serverguide/C/network-auth.xml:4038(para)
19760
20335
msgid ""
19761
20336
"Some guides specify that \"password server\" should be specified and pointed "
19762
20337
"to the domain controller. This is only necessary if DNS is not properly set "
19764
20339
"server\" is specified with \"security = ads\"."
19765
20340
msgstr ""
19766
20341
19767
#: serverguide/C/network-auth.xml:4050(title)
20342
#: serverguide/C/network-auth.xml:4043(title)
19768
20343
msgid "SSSD Configuration"
19769
20344
msgstr ""
19770
20345
19771
#: serverguide/C/network-auth.xml:4052(para)
20346
#: serverguide/C/network-auth.xml:4045(para)
19772
20347
msgid ""
19773
20348
"There is no default/example config file for "
19774
20349
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
19775
20350
"necessary to create one. This is a minimal working config file:"
19776
20351
msgstr ""
19777
20352
19778
#: serverguide/C/network-auth.xml:4054(programlisting)
20353
#: serverguide/C/network-auth.xml:4047(programlisting)
19779
20354
#, no-wrap
19780
20355
msgid ""
19781
20356
"\n"
19807
20382
"# enumerate = true\n"
19808
20383
msgstr ""
19809
20384
19810
#: serverguide/C/network-auth.xml:4081(para)
20385
#: serverguide/C/network-auth.xml:4074(para)
19811
20386
msgid ""
19812
20387
"After saving this file, set the ownership to root and the file permissions "
19813
20388
"to 600:"
19814
20389
msgstr ""
19815
20390
19816
#: serverguide/C/network-auth.xml:4082(command)
20391
#: serverguide/C/network-auth.xml:4075(command)
19817
20392
msgid "sudo chown root:root /etc/sssd/sssd.conf"
19818
20393
msgstr ""
19819
20394
19820
#: serverguide/C/network-auth.xml:4083(command)
20395
#: serverguide/C/network-auth.xml:4076(command)
19821
20396
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
19822
20397
msgstr ""
19823
20398
19824
#: serverguide/C/network-auth.xml:4085(para)
20399
#: serverguide/C/network-auth.xml:4078(para)
19825
20400
msgid ""
19826
20401
"If the ownership or permissions are not correct, sssd will refuse to start."
19827
20402
msgstr ""
19828
20403
19829
#: serverguide/C/network-auth.xml:4089(title)
20404
#: serverguide/C/network-auth.xml:4082(title)
19830
20405
msgid "Verify nsswitch.conf Configuration"
19831
20406
msgstr ""
19832
20407
19833
#: serverguide/C/network-auth.xml:4090(para)
20408
#: serverguide/C/network-auth.xml:4083(para)
19834
20409
msgid ""
19835
20410
"The post-install script for the sssd package makes some modifications to "
19836
20411
"/etc/nsswitch.conf automatically. It should look something like this:"
19837
20412
msgstr ""
19838
20413
19839
#: serverguide/C/network-auth.xml:4092(programlisting)
20414
#: serverguide/C/network-auth.xml:4085(programlisting)
19840
20415
#, no-wrap
19841
20416
msgid ""
19842
20417
"\n"
19847
20422
"sudoers: files sss\n"
19848
20423
msgstr ""
19849
20424
19850
#: serverguide/C/network-auth.xml:4102(title)
20425
#: serverguide/C/network-auth.xml:4095(title)
19851
20426
msgid "Modify /etc/hosts"
19852
20427
msgstr ""
19853
20428
19854
#: serverguide/C/network-auth.xml:4103(para)
20429
#: serverguide/C/network-auth.xml:4096(para)
19855
20430
msgid ""
19856
20431
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
19857
20432
"example:"
19858
20433
msgstr ""
19859
20434
19860
#: serverguide/C/network-auth.xml:4104(programlisting)
20435
#: serverguide/C/network-auth.xml:4097(programlisting)
19861
20436
#, no-wrap
19862
20437
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
19863
20438
msgstr ""
19864
20439
19865
#: serverguide/C/network-auth.xml:4106(para)
20440
#: serverguide/C/network-auth.xml:4099(para)
19866
20441
msgid "This is useful in conjunction with dynamic DNS updates."
19867
20442
msgstr ""
19868
20443
19869
#: serverguide/C/network-auth.xml:4110(title)
20444
#: serverguide/C/network-auth.xml:4103(title)
19870
20445
msgid "Join the Active Directory"
19871
20446
msgstr ""
19872
20447
19873
#: serverguide/C/network-auth.xml:4111(para)
20448
#: serverguide/C/network-auth.xml:4104(para)
19874
20449
msgid "Now, restart ntp and samba and start sssd."
19875
20450
msgstr ""
19876
20451
19877
#: serverguide/C/network-auth.xml:4112(command)
20452
#: serverguide/C/network-auth.xml:4105(command)
19878
20453
msgid "sudo systemctl restart ntp.service"
19879
20454
msgstr ""
19880
20455
19881
#: serverguide/C/network-auth.xml:4114(command)
20456
#: serverguide/C/network-auth.xml:4107(command)
19882
20457
msgid "sudo systemctl start sssd.service"
19883
20458
msgstr ""
19884
20459
19885
#: serverguide/C/network-auth.xml:4116(para)
20460
#: serverguide/C/network-auth.xml:4109(para)
19886
20461
msgid "Test the configuration by obtaining a Kerberos ticket:"
19887
20462
msgstr ""
19888
20463
19889
#: serverguide/C/network-auth.xml:4118(command)
20464
#: serverguide/C/network-auth.xml:4111(command)
19890
20465
msgid "sudo kinit Administrator"
19891
20466
msgstr ""
19892
20467
19893
#: serverguide/C/network-auth.xml:4120(para)
20468
#: serverguide/C/network-auth.xml:4113(para)
19894
20469
msgid "Verify the ticket with:"
19895
20470
msgstr ""
19896
20471
19897
#: serverguide/C/network-auth.xml:4121(command)
20472
#: serverguide/C/network-auth.xml:4114(command)
19898
20473
msgid "sudo klist"
19899
20474
msgstr ""
19900
20475
19901
#: serverguide/C/network-auth.xml:4123(para)
20476
#: serverguide/C/network-auth.xml:4116(para)
19902
20477
msgid ""
19903
20478
"If there is a ticket with an expiration date listed, then it is time to join "
19904
20479
"the domain:"
19905
20480
msgstr ""
19906
20481
19907
#: serverguide/C/network-auth.xml:4125(command)
20482
#: serverguide/C/network-auth.xml:4118(command)
19908
20483
msgid "sudo net ads join -k"
19909
20484
msgstr ""
19910
20485
19911
#: serverguide/C/network-auth.xml:4127(para)
20486
#: serverguide/C/network-auth.xml:4120(para)
19912
20487
msgid ""
19913
20488
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
19914
20489
"probably means that there is no (correct) alias in "
19918
20493
"\"Modify /etc/hosts\" above."
19919
20494
msgstr ""
19920
20495
19921
#: serverguide/C/network-auth.xml:4129(para)
20496
#: serverguide/C/network-auth.xml:4122(para)
19922
20497
msgid ""
19923
20498
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
19924
20499
"something is incorrect. Review the prior steps before proceeding)."
19925
20500
msgstr ""
19926
20501
19927
#: serverguide/C/network-auth.xml:4131(para)
20502
#: serverguide/C/network-auth.xml:4124(para)
19928
20503
msgid ""
19929
20504
"Here are a couple of (optional) checks to verify that the domain join was "
19930
20505
"successful. Note that if the domain was successfully joined but one or both "
19932
20507
"Some of the changes appear to be asynchronous."
19933
20508
msgstr ""
19934
20509
19935
#: serverguide/C/network-auth.xml:4133(para)
20510
#: serverguide/C/network-auth.xml:4126(para)
19936
20511
msgid "Verification option #1:"
19937
20512
msgstr ""
19938
20513
19939
#: serverguide/C/network-auth.xml:4134(para)
20514
#: serverguide/C/network-auth.xml:4127(para)
19940
20515
msgid ""
19941
20516
"Check the default Organizational Unit for computer accounts in the Active "
19942
20517
"Directory to verify that the computer account was created. (Organizational "
19943
20518
"Units in Active Directory is a topic outside the scope of this guide)."
19944
20519
msgstr ""
19945
20520
19946
#: serverguide/C/network-auth.xml:4136(para)
20521
#: serverguide/C/network-auth.xml:4129(para)
19947
20522
msgid "Verification option #2"
19948
20523
msgstr ""
19949
20524
19950
#: serverguide/C/network-auth.xml:4137(para)
20525
#: serverguide/C/network-auth.xml:4130(para)
19951
20526
msgid "Execute this command for a specific AD user (e.g. administrator)"
19952
20527
msgstr ""
19953
20528
19954
#: serverguide/C/network-auth.xml:4138(command)
20529
#: serverguide/C/network-auth.xml:4131(command)
19955
20530
msgid "getent passwd username"
19956
20531
msgstr ""
19957
20532
19958
#: serverguide/C/network-auth.xml:4140(para)
20533
#: serverguide/C/network-auth.xml:4133(para)
19959
20534
msgid ""
19960
20535
"If <emphasis>enumerate = true</emphasis> is set in "
19961
20536
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
19963
20538
"testing, but is slow and not recommended for production."
19964
20539
msgstr ""
19965
20540
19966
#: serverguide/C/network-auth.xml:4144(title)
20541
#: serverguide/C/network-auth.xml:4137(title)
19967
20542
msgid "Test Authentication"
19968
20543
msgstr ""
19969
20544
19970
#: serverguide/C/network-auth.xml:4145(para)
20545
#: serverguide/C/network-auth.xml:4138(para)
19971
20546
msgid ""
19972
20547
"It should now be possible to authenticate using an Active Directory User's "
19973
20548
"credentials:"
19974
20549
msgstr ""
19975
20550
19976
#: serverguide/C/network-auth.xml:4147(command)
20551
#: serverguide/C/network-auth.xml:4140(command)
19977
20552
msgid "su - username"
19978
20553
msgstr ""
19979
20554
19980
#: serverguide/C/network-auth.xml:4149(para)
20555
#: serverguide/C/network-auth.xml:4142(para)
19981
20556
msgid ""
19982
20557
"If this works, then other login methods (getty, ssh) should also work."
19983
20558
msgstr ""
19984
20559
19985
#: serverguide/C/network-auth.xml:4151(para)
20560
#: serverguide/C/network-auth.xml:4144(para)
19986
20561
msgid ""
19987
20562
"If the computer account was created, indicating that the system was "
19988
20563
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
19991
20566
"earlier in this guide."
19992
20567
msgstr ""
19993
20568
19994
#: serverguide/C/network-auth.xml:4155(title)
20569
#: serverguide/C/network-auth.xml:4148(title)
19995
20570
msgid "Home directories with pam_mkhomedir (optional)"
19996
20571
msgstr ""
19997
20572
19998
#: serverguide/C/network-auth.xml:4156(para)
20573
#: serverguide/C/network-auth.xml:4149(para)
19999
20574
msgid ""
20000
20575
"When logging in using an Active Directory user account, it is likely that "
20001
20576
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
20004
20579
"after <emphasis>session required pam_unix.so:</emphasis>"
20005
20580
msgstr ""
20006
20581
20007
#: serverguide/C/network-auth.xml:4157(programlisting)
20582
#: serverguide/C/network-auth.xml:4150(programlisting)
20008
20583
#, no-wrap
20009
20584
msgid ""
20010
20585
"\n"
20011
20586
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
20012
20587
msgstr ""
20013
20588
20014
#: serverguide/C/network-auth.xml:4161(para)
20589
#: serverguide/C/network-auth.xml:4154(para)
20015
20590
msgid ""
20016
20591
"This may also need <emphasis>override_homedir</emphasis> in "
20017
20592
"<filename>sssd.conf</filename> to function correctly, so make sure that's "
20018
20593
"set."
20019
20594
msgstr ""
20020
20595
20021
#: serverguide/C/network-auth.xml:4165(title)
20596
#: serverguide/C/network-auth.xml:4158(title)
20022
20597
msgid "Desktop Ubuntu Authentication"
20023
20598
msgstr ""
20024
20599
20025
#: serverguide/C/network-auth.xml:4166(para)
20600
#: serverguide/C/network-auth.xml:4159(para)
20026
20601
msgid ""
20027
20602
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
20028
20603
"Directory accounts. The AD accounts will not show up in the pick list with "
20031
20606
"append the following two lines:"
20032
20607
msgstr ""
20033
20608
20034
#: serverguide/C/network-auth.xml:4168(programlisting)
20609
#: serverguide/C/network-auth.xml:4161(programlisting)
20035
20610
#, no-wrap
20036
20611
msgid ""
20037
20612
"\n"
20039
20614
"greeter-hide-users=true\n"
20040
20615
msgstr ""
20041
20616
20042
#: serverguide/C/network-auth.xml:4173(para)
20617
#: serverguide/C/network-auth.xml:4166(para)
20043
20618
msgid ""
20044
20619
"Reboot to restart lightdm. It should now be possible to log in using a "
20045
20620
"domain account using either <emphasis>username</emphasis> or "
20046
20621
"<emphasis>username/username@domain</emphasis> format."
20047
20622
msgstr ""
20048
20623
20049
#: serverguide/C/network-auth.xml:4179(ulink)
20624
#: serverguide/C/network-auth.xml:4172(ulink)
20050
20625
msgid "SSSD Project"
20051
20626
msgstr ""
20052
20627
20053
#: serverguide/C/network-auth.xml:4180(ulink)
20628
#: serverguide/C/network-auth.xml:4173(ulink)
20054
20629
msgid "DNS Server Configuration guidelines"
20055
20630
msgstr ""
20056
20631
20057
#: serverguide/C/network-auth.xml:4181(ulink)
20632
#: serverguide/C/network-auth.xml:4174(ulink)
20058
20633
msgid "Active Directory DNS Zone Entries"
20059
20634
msgstr ""
20060
20635
20061
#: serverguide/C/network-auth.xml:4182(ulink)
20636
#: serverguide/C/network-auth.xml:4175(ulink)
20062
20637
msgid "Kerberos config options"
20063
20638
msgstr ""
20064
20639
21628
22203
#: serverguide/C/mail.xml:249(para)
21629
22204
msgid ""
21630
22205
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
21631
"enable Dovecot SASL the <application>dovecot-common</application> package "
21632
"will need to be installed. From a terminal prompt enter the following:"
22206
"enable Dovecot SASL the <application>dovecot-core</application> package will "
22207
"need to be installed. From a terminal prompt enter the following:"
21633
22208
msgstr ""
21634
22209
21635
22210
#: serverguide/C/mail.xml:255(command)
21636
msgid "sudo apt install dovecot-common"
22211
msgid "sudo apt install dovecot-core"
21637
22212
msgstr ""
21638
22213
21639
22214
#: serverguide/C/mail.xml:257(para)
23843
24418
msgstr ""
23844
24419
23845
24420
#: serverguide/C/lamp-applications.xml:278(title)
23846
msgid "MediaWiki"
24421
msgid "phpMyAdmin"
23847
24422
msgstr ""
23848
24423
23849
24424
#: serverguide/C/lamp-applications.xml:280(para)
23850
24425
msgid ""
23851
"MediaWiki is an web based Wiki software written in the PHP language. It can "
23852
"either use <application>MySQL</application> or "
23853
"<application>PostgreSQL</application> Database Management System."
23854
msgstr ""
23855
23856
#: serverguide/C/lamp-applications.xml:290(para)
23857
msgid ""
23858
"Before installing <application>MediaWiki</application> you should also "
23859
"install <application>Apache2</application>, the "
23860
"<application>PHP</application> scripting language and a Database Management "
23861
"System. <application>MySQL</application> or "
23862
"<application>PostgreSQL</application> are the most common, choose one "
23863
"depending on your need. Please refer to those sections in this manual for "
23864
"installation instructions."
23865
msgstr ""
23866
23867
#: serverguide/C/lamp-applications.xml:298(para)
23868
msgid ""
23869
"To install <application>MediaWiki</application>, run the following command "
23870
"in the command prompt:"
23871
msgstr ""
23872
23873
#: serverguide/C/lamp-applications.xml:304(command)
23874
msgid "sudo apt install mediawiki php-gd"
23875
msgstr ""
23876
23877
#: serverguide/C/lamp-applications.xml:307(para)
23878
msgid ""
23879
"For additional <application>MediaWiki</application> functionality see the "
23880
"<application>mediawiki-extensions</application> package."
23881
msgstr ""
23882
23883
#: serverguide/C/lamp-applications.xml:317(para)
23884
msgid ""
23885
"The Apache configuration file <filename>mediawiki.conf</filename> for "
23886
"<application>MediaWiki</application> is installed in "
23887
"<filename>/etc/apache2/conf-available/</filename> directory. To access "
23888
"<application>MediaWiki</application>, uncomment the following line in the "
23889
"file."
23890
msgstr ""
23891
23892
#: serverguide/C/lamp-applications.xml:324(screen)
23893
#, no-wrap
23894
msgid ""
23895
"\n"
23896
"# Alias /mediawiki /var/lib/mediawiki\n"
23897
msgstr ""
23898
23899
#: serverguide/C/lamp-applications.xml:328(para)
23900
msgid ""
23901
"The <application>MediaWiki</application> configuration also needs to be "
23902
"enabled."
23903
msgstr ""
23904
23905
#: serverguide/C/lamp-applications.xml:332(command)
23906
msgid "sudo a2enconf mediawiki.conf"
23907
msgstr ""
23908
23909
#: serverguide/C/lamp-applications.xml:335(para)
23910
msgid "Restart Apache server."
23911
msgstr ""
23912
23913
#: serverguide/C/lamp-applications.xml:342(para)
23914
msgid ""
23915
"Access <application>MediaWiki</application> by visiting <ulink "
23916
"url=\"http://localhost/mediawiki/mw-"
23917
"config/index.php\">http://localhost/mediawiki/mw-config/index.php</ulink>. "
23918
"(Or <ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23919
"config/index.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23920
"config/index.php</ulink> if your server has no GUI.)"
23921
msgstr ""
23922
23923
#: serverguide/C/lamp-applications.xml:350(para)
23924
msgid ""
23925
"Please read the <quote>Environmental checks</quote> section of the "
23926
"configuration page. You should be able to fix many issues by carefully "
23927
"reading this section."
23928
msgstr ""
23929
23930
#: serverguide/C/lamp-applications.xml:357(para)
23931
msgid ""
23932
"Once the configuration is complete, you should copy the "
23933
"<filename>LocalSettings.php</filename> file to "
23934
"<filename>/etc/mediawiki</filename> directory:"
23935
msgstr ""
23936
23937
#: serverguide/C/lamp-applications.xml:364(command)
23938
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
23939
msgstr ""
23940
23941
#: serverguide/C/lamp-applications.xml:367(para)
23942
msgid ""
23943
"You may also want to edit "
23944
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
23945
"memory limit (disabled by default):"
23946
msgstr ""
23947
23948
#: serverguide/C/lamp-applications.xml:372(programlisting)
23949
#, no-wrap
23950
msgid ""
23951
"\n"
23952
"ini_set( 'memory_limit', '64M' );\n"
23953
msgstr ""
23954
23955
#: serverguide/C/lamp-applications.xml:379(title)
23956
msgid "Extensions"
23957
msgstr ""
23958
23959
#: serverguide/C/lamp-applications.xml:380(para)
23960
msgid ""
23961
"The extensions add new features and enhancements for the MediaWiki "
23962
"application. The extensions give wiki administrators and end users the "
23963
"ability to customize MediaWiki to their requirements."
23964
msgstr ""
23965
23966
#: serverguide/C/lamp-applications.xml:386(para)
23967
msgid ""
23968
"You can download MediaWiki extensions as an archive file or checkout from "
23969
"the Subversion repository. You should copy it to "
23970
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
23971
"also add the following line at the end of file: "
23972
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
23973
msgstr ""
23974
23975
#: serverguide/C/lamp-applications.xml:394(programlisting)
23976
#, no-wrap
23977
msgid ""
23978
"\n"
23979
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
23980
msgstr ""
23981
23982
#: serverguide/C/lamp-applications.xml:404(para)
23983
msgid ""
23984
"For more details, please refer to the <ulink "
23985
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
23986
msgstr ""
23987
23988
#: serverguide/C/lamp-applications.xml:410(para)
23989
msgid ""
23990
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
23991
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
23992
"new MediaWiki administrators."
23993
msgstr ""
23994
23995
#: serverguide/C/lamp-applications.xml:416(para)
23996
msgid ""
23997
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
23998
"Wiki MediaWiki</ulink> page is a good resource."
23999
msgstr ""
24000
24001
#: serverguide/C/lamp-applications.xml:426(title)
24002
msgid "phpMyAdmin"
24003
msgstr ""
24004
24005
#: serverguide/C/lamp-applications.xml:428(para)
24006
msgid ""
24007
24426
"<application>phpMyAdmin</application> is a LAMP application specifically "
24008
24427
"written for administering <application>MySQL</application> servers. Written "
24009
24428
"in <application>PHP</application>, and accessed through a web browser, "
24010
24429
"phpMyAdmin provides a graphical interface for database administration tasks."
24011
24430
msgstr ""
24012
24431
24013
#: serverguide/C/lamp-applications.xml:437(para)
24432
#: serverguide/C/lamp-applications.xml:289(para)
24014
24433
msgid ""
24015
24434
"Before installing <application>phpMyAdmin</application> you will need access "
24016
24435
"to a <application>MySQL</application> database either on the same host as "
24019
24438
"enter:"
24020
24439
msgstr ""
24021
24440
24022
#: serverguide/C/lamp-applications.xml:444(command)
24441
#: serverguide/C/lamp-applications.xml:296(command)
24023
24442
msgid "sudo apt install phpmyadmin"
24024
24443
msgstr ""
24025
24444
24026
#: serverguide/C/lamp-applications.xml:447(para)
24445
#: serverguide/C/lamp-applications.xml:299(para)
24027
24446
msgid ""
24028
24447
"At the prompt choose which web server to be configured for "
24029
24448
"<application>phpMyAdmin</application>. The rest of this section will use "
24030
24449
"<application>Apache2</application> for the web server."
24031
24450
msgstr ""
24032
24451
24033
#: serverguide/C/lamp-applications.xml:452(para)
24452
#: serverguide/C/lamp-applications.xml:304(para)
24034
24453
msgid ""
24035
24454
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
24036
24455
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
24040
24459
"user's password."
24041
24460
msgstr ""
24042
24461
24043
#: serverguide/C/lamp-applications.xml:459(para)
24462
#: serverguide/C/lamp-applications.xml:311(para)
24044
24463
msgid ""
24045
24464
"Once logged in you can reset the <emphasis>root</emphasis> password if "
24046
24465
"needed, create users, create/destroy databases and tables, etc."
24047
24466
msgstr ""
24048
24467
24049
#: serverguide/C/lamp-applications.xml:467(para)
24468
#: serverguide/C/lamp-applications.xml:319(para)
24050
24469
msgid ""
24051
24470
"The configuration files for <application>phpMyAdmin</application> are "
24052
24471
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
24055
24474
"<application>phpMyAdmin</application>."
24056
24475
msgstr ""
24057
24476
24058
#: serverguide/C/lamp-applications.xml:473(para)
24477
#: serverguide/C/lamp-applications.xml:325(para)
24059
24478
msgid ""
24060
24479
"To use <application>phpMyAdmin</application> to administer a MySQL database "
24061
24480
"hosted on another server, adjust the following in "
24062
24481
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
24063
24482
msgstr ""
24064
24483
24065
#: serverguide/C/lamp-applications.xml:478(programlisting)
24484
#: serverguide/C/lamp-applications.xml:330(programlisting)
24066
24485
#, no-wrap
24067
24486
msgid ""
24068
24487
"\n"
24069
24488
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
24070
24489
msgstr ""
24071
24490
24072
#: serverguide/C/lamp-applications.xml:483(para)
24491
#: serverguide/C/lamp-applications.xml:335(para)
24073
24492
msgid ""
24074
24493
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
24075
24494
"remote database server name or IP address. Also, be sure that the "
24077
24496
"remote database."
24078
24497
msgstr ""
24079
24498
24080
#: serverguide/C/lamp-applications.xml:489(para)
24499
#: serverguide/C/lamp-applications.xml:341(para)
24081
24500
msgid ""
24082
24501
"Once configured, log out of <application>phpMyAdmin</application> and back "
24083
24502
"in, and you should be accessing the new server."
24084
24503
msgstr ""
24085
24504
24086
#: serverguide/C/lamp-applications.xml:493(para)
24505
#: serverguide/C/lamp-applications.xml:345(para)
24087
24506
msgid ""
24088
24507
"The <filename>config.header.inc.php</filename> and "
24089
24508
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
24090
24509
"header and footer to <application>phpMyAdmin</application>."
24091
24510
msgstr ""
24092
24511
24093
#: serverguide/C/lamp-applications.xml:498(para)
24512
#: serverguide/C/lamp-applications.xml:350(para)
24094
24513
msgid ""
24095
24514
"Another important configuration file is "
24096
24515
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
24101
24520
"a terminal type:"
24102
24521
msgstr ""
24103
24522
24104
#: serverguide/C/lamp-applications.xml:506(command)
24523
#: serverguide/C/lamp-applications.xml:358(command)
24105
24524
msgid ""
24106
24525
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
24107
24526
"available/phpmyadmin.conf"
24108
24527
msgstr ""
24109
24528
24110
#: serverguide/C/lamp-applications.xml:507(command)
24529
#: serverguide/C/lamp-applications.xml:359(command)
24111
24530
msgid "sudo a2enconf phpmyadmin.conf"
24112
24531
msgstr ""
24113
24532
24114
#: serverguide/C/lamp-applications.xml:511(para)
24533
#: serverguide/C/lamp-applications.xml:363(para)
24115
24534
msgid ""
24116
24535
"For more information on configuring <application>Apache2</application> see "
24117
24536
"<xref linkend=\"httpd\"/>."
24118
24537
msgstr ""
24119
24538
24120
#: serverguide/C/lamp-applications.xml:522(para)
24539
#: serverguide/C/lamp-applications.xml:374(para)
24121
24540
msgid ""
24122
24541
"The <application>phpMyAdmin</application> documentation comes installed with "
24123
24542
"the package and can be accessed from the <emphasis>phpMyAdmin "
24126
24545
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
24127
24546
msgstr ""
24128
24547
24129
#: serverguide/C/lamp-applications.xml:529(para)
24548
#: serverguide/C/lamp-applications.xml:381(para)
24130
24549
msgid ""
24131
24550
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
24132
24551
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
24133
24552
msgstr ""
24134
24553
24135
#: serverguide/C/lamp-applications.xml:534(para)
24554
#: serverguide/C/lamp-applications.xml:386(para)
24136
24555
msgid ""
24137
24556
"A third resource is the <ulink "
24138
24557
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
24139
24558
"Wiki</ulink> page."
24140
24559
msgstr ""
24141
24560
24142
#: serverguide/C/lamp-applications.xml:543(title)
24561
#: serverguide/C/lamp-applications.xml:395(title)
24143
24562
msgid "WordPress"
24144
24563
msgstr ""
24145
24564
24146
#: serverguide/C/lamp-applications.xml:544(para)
24565
#: serverguide/C/lamp-applications.xml:396(para)
24147
24566
msgid ""
24148
24567
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
24149
24568
"licensed under the GNU GPLv2."
24150
24569
msgstr ""
24151
24570
24152
#: serverguide/C/lamp-applications.xml:550(para)
24571
#: serverguide/C/lamp-applications.xml:402(para)
24153
24572
msgid ""
24154
24573
"To install <application>WordPress</application>, run the following comand in "
24155
24574
"the command prompt:"
24156
24575
msgstr ""
24157
24576
24158
#: serverguide/C/lamp-applications.xml:555(command)
24577
#: serverguide/C/lamp-applications.xml:407(command)
24159
24578
msgid "sudo apt install wordpress"
24160
24579
msgstr ""
24161
24580
24162
#: serverguide/C/lamp-applications.xml:558(para)
24581
#: serverguide/C/lamp-applications.xml:410(para)
24163
24582
msgid ""
24164
24583
"You should also install <application>apache2</application> web server and "
24165
24584
"<application>mysql</application> server. For installing "
24170
24589
"linkend=\"mysql\"/> section."
24171
24590
msgstr ""
24172
24591
24173
#: serverguide/C/lamp-applications.xml:572(para)
24592
#: serverguide/C/lamp-applications.xml:424(para)
24174
24593
msgid ""
24175
24594
"For configuring your first <application>WordPress</application> application, "
24176
24595
"configure an apache site. Open <filename>/etc/apache2/sites-"
24177
24596
"available/wordpress.conf</filename> and write the following lines:"
24178
24597
msgstr ""
24179
24598
24180
#: serverguide/C/lamp-applications.xml:579(programlisting)
24599
#: serverguide/C/lamp-applications.xml:431(programlisting)
24181
24600
#, no-wrap
24182
24601
msgid ""
24183
24602
"\n"
24197
24616
" "
24198
24617
msgstr ""
24199
24618
24200
#: serverguide/C/lamp-applications.xml:595(para)
24619
#: serverguide/C/lamp-applications.xml:447(para)
24201
24620
msgid "Enable this new <application>WordPress</application> site"
24202
24621
msgstr ""
24203
24622
24204
#: serverguide/C/lamp-applications.xml:598(command)
24623
#: serverguide/C/lamp-applications.xml:450(command)
24205
24624
msgid "sudo a2ensite wordpress"
24206
24625
msgstr ""
24207
24626
24208
#: serverguide/C/lamp-applications.xml:601(para)
24627
#: serverguide/C/lamp-applications.xml:453(para)
24209
24628
msgid ""
24210
24629
"Once you configure the <application>apache2</application> web server and "
24211
24630
"make it ready for your <application>WordPress</application> application, you "
24213
24632
"<application>apache2</application> web server:"
24214
24633
msgstr ""
24215
24634
24216
#: serverguide/C/lamp-applications.xml:613(para)
24635
#: serverguide/C/lamp-applications.xml:465(para)
24217
24636
msgid ""
24218
24637
"To facilitate multiple <application>WordPress</application> installations, "
24219
24638
"the name of this configuration file is based on the Host header of the HTTP "
24226
24645
"NAME_OF_YOUR_VIRTUAL_HOST.php."
24227
24646
msgstr ""
24228
24647
24229
#: serverguide/C/lamp-applications.xml:624(para)
24648
#: serverguide/C/lamp-applications.xml:476(para)
24230
24649
msgid ""
24231
24650
"Once the configuration file is written, it is up to you to choose a "
24232
24651
"convention for username and password to mysql for each "
24234
24653
"shows only one, localhost, example."
24235
24654
msgstr ""
24236
24655
24237
#: serverguide/C/lamp-applications.xml:631(para)
24656
#: serverguide/C/lamp-applications.xml:483(para)
24238
24657
msgid ""
24239
24658
"Now configure <application>WordPress</application> to use a mysql database. "
24240
24659
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
24241
24660
"the following lines:"
24242
24661
msgstr ""
24243
24662
24244
#: serverguide/C/lamp-applications.xml:637(programlisting)
24663
#: serverguide/C/lamp-applications.xml:489(programlisting)
24245
24664
#, no-wrap
24246
24665
msgid ""
24247
24666
"\n"
24254
24673
"?>\n"
24255
24674
msgstr ""
24256
24675
24257
#: serverguide/C/lamp-applications.xml:646(para)
24676
#: serverguide/C/lamp-applications.xml:498(para)
24258
24677
msgid ""
24259
24678
"Now create this mysql database. Open a temporary file with mysql commands "
24260
24679
"<filename>wordpress.sql</filename> and write the following lines:"
24261
24680
msgstr ""
24262
24681
24263
#: serverguide/C/lamp-applications.xml:649(programlisting)
24682
#: serverguide/C/lamp-applications.xml:501(programlisting)
24264
24683
#, no-wrap
24265
24684
msgid ""
24266
24685
"\n"
24272
24691
"FLUSH PRIVILEGES;\n"
24273
24692
msgstr ""
24274
24693
24275
#: serverguide/C/lamp-applications.xml:657(para)
24694
#: serverguide/C/lamp-applications.xml:509(para)
24276
24695
msgid "Execute these commands."
24277
24696
msgstr ""
24278
24697
24279
#: serverguide/C/lamp-applications.xml:659(command)
24698
#: serverguide/C/lamp-applications.xml:511(command)
24280
24699
msgid ""
24281
24700
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
24282
24701
msgstr ""
24283
24702
24284
#: serverguide/C/lamp-applications.xml:661(para)
24703
#: serverguide/C/lamp-applications.xml:513(para)
24285
24704
msgid ""
24286
24705
"Your new <application>WordPress</application> can now be configured by "
24287
24706
"visiting <ulink url=\"http://localhost/blog/wp-"
24294
24713
"mail and click Install WordPress."
24295
24714
msgstr ""
24296
24715
24297
#: serverguide/C/lamp-applications.xml:668(para)
24716
#: serverguide/C/lamp-applications.xml:520(para)
24298
24717
msgid ""
24299
24718
"Note the generated password (if applicable) and click the login password. "
24300
24719
"Your <application>WordPress</application> is now ready for use."
24301
24720
msgstr ""
24302
24721
24303
#: serverguide/C/lamp-applications.xml:678(ulink)
24722
#: serverguide/C/lamp-applications.xml:530(ulink)
24304
24723
msgid "WordPress.org Codex"
24305
24724
msgstr ""
24306
24725
24307
#: serverguide/C/lamp-applications.xml:683(ulink)
24726
#: serverguide/C/lamp-applications.xml:535(ulink)
24308
24727
msgid "Ubuntu Wiki WordPress"
24309
24728
msgstr ""
24310
24729
30720
31139
msgstr ""
30721
31140
30722
31141
#: serverguide/C/clustering.xml:135(command)
30723
msgid "sudo systemctl start drdb.service"
31142
msgid "sudo systemctl start drbd.service"
30724
31143
msgstr ""
30725
31144
30726
31145
#: serverguide/C/clustering.xml:141(para)
Loggerhead is a web-based interface for Breezy
Version: 2.0.1