~ahasenack/serverguide/use-sasl-external-for-config-changes-973981
» Revision
308
: serverguide/po/lv.po
« back to all changes in this revision
Viewing changes to serverguide/po/lv.po
- browse files at revision 308
- compare with another revision
- download diff
- download tarball
- view history from revision 308
- Committer: Doug Smythies
- Date: 2016-12-22 00:01:42 UTC
- Revision ID: dsmythies@telus.net-20161222000142-x81lfy023vauvtbh
update PO files. Serverguide 16.04 point release.
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/lv.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2016-05-13 09:11-0700\n"
10
"POT-Creation-Date: 2016-12-06 21:37-0800\n"
11
11
"PO-Revision-Date: 2016-01-06 05:53+0000\n"
12
12
"Last-Translator: Peter Matulis <peter.matulis@canonical.com>\n"
13
13
"Language-Team: Latvian <lv@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2016-05-13 21:07+0000\n"
18
"X-Generator: Launchpad (build 18025)\n"
17
"X-Launchpad-Export-Date: 2016-12-21 23:27+0000\n"
18
"X-Generator: Launchpad (build 18298)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
87
87
"for the development and deployment of Web-based applications."
88
88
msgstr ""
89
89
90
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:980(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:838(title) serverguide/C/virtualization.xml:1697(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2798(title) serverguide/C/network-auth.xml:3270(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:288(title) serverguide/C/lamp-applications.xml:435(title) serverguide/C/lamp-applications.xml:549(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
90
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:991(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:906(title) serverguide/C/virtualization.xml:1765(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2791(title) serverguide/C/network-auth.xml:3263(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:401(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
91
91
msgid "Installation"
92
92
msgstr "Instalācija"
93
93
107
107
msgid "sudo apt install apache2"
108
108
msgstr ""
109
109
110
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1007(title) serverguide/C/web-servers.xml:1110(title) serverguide/C/virtualization.xml:869(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2885(title) serverguide/C/network-auth.xml:3291(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:315(title) serverguide/C/lamp-applications.xml:465(title) serverguide/C/lamp-applications.xml:570(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
110
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1018(title) serverguide/C/web-servers.xml:1121(title) serverguide/C/virtualization.xml:937(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2878(title) serverguide/C/network-auth.xml:3284(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:317(title) serverguide/C/lamp-applications.xml:422(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
111
111
msgid "Configuration"
112
112
msgstr "Iestatījumi"
113
113
344
344
msgid "sudo a2ensite mynewsite"
345
345
msgstr ""
346
346
347
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
347
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:462(command)
348
348
msgid "sudo systemctl restart apache2.service"
349
349
msgstr ""
350
350
735
735
"Access Control Lists (ACLs)."
736
736
msgstr ""
737
737
738
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:962(title) serverguide/C/web-servers.xml:1057(title) serverguide/C/web-servers.xml:1282(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
738
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:973(title) serverguide/C/web-servers.xml:1068(title) serverguide/C/web-servers.xml:1293(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:370(title) serverguide/C/lamp-applications.xml:525(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
739
739
msgid "References"
740
740
msgstr ""
741
741
958
958
msgstr ""
959
959
960
960
#: serverguide/C/web-servers.xml:863(command)
961
msgid "sudo apt install squid3"
961
msgid "sudo apt install squid"
962
962
msgstr ""
963
963
964
964
#: serverguide/C/web-servers.xml:869(para)
965
965
msgid ""
966
966
"Squid is configured by editing the directives contained within the "
967
"<filename>/etc/squid3/squid.conf</filename> configuration file. The "
968
"following examples illustrate some of the directives which may be modified "
969
"to affect the behavior of the Squid server. For more in-depth configuration "
970
"of Squid, see the References section."
967
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
968
"examples illustrate some of the directives which may be modified to affect "
969
"the behavior of the Squid server. For more in-depth configuration of Squid, "
970
"see the References section."
971
971
msgstr ""
972
972
973
973
#: serverguide/C/web-servers.xml:875(para)
979
979
msgstr ""
980
980
981
981
#: serverguide/C/web-servers.xml:881(command)
982
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
982
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
983
983
msgstr ""
984
984
985
985
#: serverguide/C/web-servers.xml:882(command)
986
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
986
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
987
987
msgstr ""
988
988
989
989
#: serverguide/C/web-servers.xml:889(para)
1024
1024
#: serverguide/C/web-servers.xml:912(para) serverguide/C/web-servers.xml:932(para)
1025
1025
msgid ""
1026
1026
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1027
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1027
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
1028
1028
msgstr ""
1029
1029
1030
1030
#: serverguide/C/web-servers.xml:915(programlisting)
1037
1037
#: serverguide/C/web-servers.xml:918(para) serverguide/C/web-servers.xml:939(para)
1038
1038
msgid ""
1039
1039
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1040
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1040
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
1041
1041
msgstr ""
1042
1042
1043
1043
#: serverguide/C/web-servers.xml:922(programlisting)
1073
1073
1074
1074
#: serverguide/C/web-servers.xml:950(para)
1075
1075
msgid ""
1076
"After making changes to the <filename>/etc/squid3/squid.conf</filename> "
1077
"file, save the file and restart the <application>squid</application> server "
1076
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
1077
"save the file and restart the <application>squid</application> server "
1078
1078
"application to effect the changes using the following command entered at a "
1079
1079
"terminal prompt:"
1080
1080
msgstr ""
1081
1081
1082
1082
#: serverguide/C/web-servers.xml:956(command)
1083
msgid "sudo systemctl restart squid3.service"
1084
msgstr ""
1085
1086
#: serverguide/C/web-servers.xml:964(ulink)
1083
msgid "sudo systemctl restart squid.service"
1084
msgstr ""
1085
1086
#: serverguide/C/web-servers.xml:961(para)
1087
msgid ""
1088
"If formerly a customized squid3 was used that set up the spool at "
1089
"<filename>/var/log/squid3</filename> to be a mountpoint, but otherwise kept "
1090
"the default configuration the upgrade will fail. The upgrade tries to "
1091
"rename/move files as needed, but it can't do so for an active mountpoint. In "
1092
"that case please either adapt the mountpoint or the config in "
1093
"<filename>/etc/squid/squid.conf</filename> so that they match."
1094
msgstr ""
1095
1096
#: serverguide/C/web-servers.xml:966(para)
1097
msgid ""
1098
"The same applies if the <emphasis role=\"bold\">include</emphasis> config "
1099
"statement was used to pull in more files from the old path at "
1100
"<filename>/etc/squid3/</filename>. In those cases you should move and adapt "
1101
"your configuration accordingly."
1102
msgstr ""
1103
1104
#: serverguide/C/web-servers.xml:975(ulink)
1087
1105
msgid "Squid Website"
1088
1106
msgstr ""
1089
1107
1090
#: serverguide/C/web-servers.xml:966(para)
1108
#: serverguide/C/web-servers.xml:977(para)
1091
1109
msgid ""
1092
1110
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1093
1111
"Squid</ulink> page."
1094
1112
msgstr ""
1095
1113
1096
#: serverguide/C/web-servers.xml:973(title)
1114
#: serverguide/C/web-servers.xml:984(title)
1097
1115
msgid "Ruby on Rails"
1098
1116
msgstr ""
1099
1117
1100
#: serverguide/C/web-servers.xml:974(para)
1118
#: serverguide/C/web-servers.xml:985(para)
1101
1119
msgid ""
1102
1120
"Ruby on Rails is an open source web framework for developing database backed "
1103
1121
"web applications. It is optimized for sustainable productivity of the "
1105
1123
"convention over configuration."
1106
1124
msgstr ""
1107
1125
1108
#: serverguide/C/web-servers.xml:981(para)
1126
#: serverguide/C/web-servers.xml:992(para)
1109
1127
msgid ""
1110
1128
"Before installing <application>Rails</application> you should install "
1111
1129
"<application>Apache</application> and <application>MySQL</application>. To "
1114
1132
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1115
1133
msgstr ""
1116
1134
1117
#: serverguide/C/web-servers.xml:989(para)
1135
#: serverguide/C/web-servers.xml:1000(para)
1118
1136
msgid ""
1119
1137
"Once you have <application>Apache</application> and "
1120
1138
"<application>MySQL</application> packages installed, you are ready to "
1121
1139
"install <application>Ruby on Rails</application> package."
1122
1140
msgstr ""
1123
1141
1124
#: serverguide/C/web-servers.xml:996(para)
1142
#: serverguide/C/web-servers.xml:1007(para)
1125
1143
msgid ""
1126
1144
"To install the <application>Ruby</application> base packages and "
1127
1145
"<application>Ruby on Rails</application>, you can enter the following "
1128
1146
"command in the terminal prompt:"
1129
1147
msgstr ""
1130
1148
1131
#: serverguide/C/web-servers.xml:1002(command)
1149
#: serverguide/C/web-servers.xml:1013(command)
1132
1150
msgid "sudo apt install rails"
1133
1151
msgstr ""
1134
1152
1135
#: serverguide/C/web-servers.xml:1008(para)
1153
#: serverguide/C/web-servers.xml:1019(para)
1136
1154
msgid ""
1137
1155
"Modify the <filename>/etc/apache2/sites-available/000-"
1138
1156
"default.conf</filename> configuration file to setup your domains."
1139
1157
msgstr ""
1140
1158
1141
#: serverguide/C/web-servers.xml:1012(para)
1159
#: serverguide/C/web-servers.xml:1023(para)
1142
1160
msgid ""
1143
1161
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1144
1162
msgstr ""
1145
1163
1146
#: serverguide/C/web-servers.xml:1016(programlisting)
1164
#: serverguide/C/web-servers.xml:1027(programlisting)
1147
1165
#, no-wrap
1148
1166
msgid ""
1149
1167
"\n"
1150
1168
"DocumentRoot /path/to/rails/application/public\n"
1151
1169
msgstr ""
1152
1170
1153
#: serverguide/C/web-servers.xml:1019(para)
1171
#: serverguide/C/web-servers.xml:1030(para)
1154
1172
msgid ""
1155
1173
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1156
1174
"directive:"
1157
1175
msgstr ""
1158
1176
1159
#: serverguide/C/web-servers.xml:1023(programlisting)
1177
#: serverguide/C/web-servers.xml:1034(programlisting)
1160
1178
#, no-wrap
1161
1179
msgid ""
1162
1180
"\n"
1169
1187
"</Directory>\n"
1170
1188
msgstr ""
1171
1189
1172
#: serverguide/C/web-servers.xml:1033(para)
1190
#: serverguide/C/web-servers.xml:1044(para)
1173
1191
msgid ""
1174
1192
"You should also enable the <application>mod_rewrite</application> module for "
1175
1193
"Apache. To enable <application>mod_rewrite</application> module, please "
1176
1194
"enter the following command in a terminal prompt:"
1177
1195
msgstr ""
1178
1196
1179
#: serverguide/C/web-servers.xml:1039(command)
1197
#: serverguide/C/web-servers.xml:1050(command)
1180
1198
msgid "sudo a2enmod rewrite"
1181
1199
msgstr ""
1182
1200
1183
#: serverguide/C/web-servers.xml:1042(para)
1201
#: serverguide/C/web-servers.xml:1053(para)
1184
1202
msgid ""
1185
1203
"Finally you will need to change the ownership of the "
1186
1204
"<filename>/path/to/rails/application/public</filename> and "
1188
1206
"used to run the <application>Apache</application> process:"
1189
1207
msgstr ""
1190
1208
1191
#: serverguide/C/web-servers.xml:1048(command)
1209
#: serverguide/C/web-servers.xml:1059(command)
1192
1210
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1193
1211
msgstr ""
1194
1212
1195
#: serverguide/C/web-servers.xml:1049(command)
1213
#: serverguide/C/web-servers.xml:1060(command)
1196
1214
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1197
1215
msgstr ""
1198
1216
1199
#: serverguide/C/web-servers.xml:1052(para)
1217
#: serverguide/C/web-servers.xml:1063(para)
1200
1218
msgid ""
1201
1219
"That's it! Now you have your Server ready for your <application>Ruby on "
1202
1220
"Rails</application> applications."
1203
1221
msgstr ""
1204
1222
1205
#: serverguide/C/web-servers.xml:1061(para)
1223
#: serverguide/C/web-servers.xml:1072(para)
1206
1224
msgid ""
1207
1225
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1208
1226
"for more information."
1209
1227
msgstr ""
1210
1228
1211
#: serverguide/C/web-servers.xml:1066(para)
1229
#: serverguide/C/web-servers.xml:1077(para)
1212
1230
msgid ""
1213
1231
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1214
1232
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1215
1233
"resource."
1216
1234
msgstr ""
1217
1235
1218
#: serverguide/C/web-servers.xml:1072(para)
1236
#: serverguide/C/web-servers.xml:1083(para)
1219
1237
msgid ""
1220
1238
"Another place for more information is the <ulink "
1221
1239
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1222
1240
"Wiki</ulink> page."
1223
1241
msgstr ""
1224
1242
1225
#: serverguide/C/web-servers.xml:1083(title)
1243
#: serverguide/C/web-servers.xml:1094(title)
1226
1244
msgid "Apache Tomcat"
1227
1245
msgstr ""
1228
1246
1229
#: serverguide/C/web-servers.xml:1084(para)
1247
#: serverguide/C/web-servers.xml:1095(para)
1230
1248
msgid ""
1231
1249
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1232
1250
"JSP (Java Server Pages) web applications."
1233
1251
msgstr ""
1234
1252
1235
#: serverguide/C/web-servers.xml:1086(para)
1253
#: serverguide/C/web-servers.xml:1097(para)
1236
1254
msgid ""
1237
1255
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1238
1256
"legacy version, and Tomcat 7 is the current version where new features are "
1240
1258
"but most configuration details are valid for both versions."
1241
1259
msgstr ""
1242
1260
1243
#: serverguide/C/web-servers.xml:1089(para)
1261
#: serverguide/C/web-servers.xml:1100(para)
1244
1262
msgid ""
1245
1263
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1246
1264
"You can install them as a classic unique system-wide instance, that will be "
1251
1269
"need to test on their own private Tomcat instances."
1252
1270
msgstr ""
1253
1271
1254
#: serverguide/C/web-servers.xml:1099(title)
1272
#: serverguide/C/web-servers.xml:1110(title)
1255
1273
msgid "System-wide installation"
1256
1274
msgstr ""
1257
1275
1258
#: serverguide/C/web-servers.xml:1100(para)
1276
#: serverguide/C/web-servers.xml:1111(para)
1259
1277
msgid ""
1260
1278
"To install the Tomcat server, you can enter the following command in the "
1261
1279
"terminal prompt:"
1262
1280
msgstr ""
1263
1281
1264
#: serverguide/C/web-servers.xml:1103(command)
1282
#: serverguide/C/web-servers.xml:1114(command)
1265
1283
msgid "sudo apt install tomcat7"
1266
1284
msgstr ""
1267
1285
1268
#: serverguide/C/web-servers.xml:1105(para)
1286
#: serverguide/C/web-servers.xml:1116(para)
1269
1287
msgid ""
1270
1288
"This will install a Tomcat server with just a default ROOT webapp that "
1271
1289
"displays a minimal \"It works\" page by default."
1272
1290
msgstr ""
1273
1291
1274
#: serverguide/C/web-servers.xml:1111(para)
1292
#: serverguide/C/web-servers.xml:1122(para)
1275
1293
msgid ""
1276
1294
"Tomcat configuration files can be found in "
1277
1295
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1280
1298
"documentation</ulink> for more."
1281
1299
msgstr ""
1282
1300
1283
#: serverguide/C/web-servers.xml:1117(title)
1301
#: serverguide/C/web-servers.xml:1128(title)
1284
1302
msgid "Changing default ports"
1285
1303
msgstr ""
1286
1304
1287
#: serverguide/C/web-servers.xml:1118(para)
1305
#: serverguide/C/web-servers.xml:1129(para)
1288
1306
msgid ""
1289
1307
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1290
1308
"port 8009. You might want to change those default ports to avoid conflict "
1292
1310
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1293
1311
msgstr ""
1294
1312
1295
#: serverguide/C/web-servers.xml:1123(programlisting)
1313
#: serverguide/C/web-servers.xml:1134(programlisting)
1296
1314
#, no-wrap
1297
1315
msgid ""
1298
1316
"\n"
1304
1322
"/>\n"
1305
1323
msgstr ""
1306
1324
1307
#: serverguide/C/web-servers.xml:1132(title)
1325
#: serverguide/C/web-servers.xml:1143(title)
1308
1326
msgid "Changing JVM used"
1309
1327
msgstr ""
1310
1328
1311
#: serverguide/C/web-servers.xml:1133(para)
1329
#: serverguide/C/web-servers.xml:1144(para)
1312
1330
msgid ""
1313
1331
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1314
1332
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1315
1333
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1316
1334
msgstr ""
1317
1335
1318
#: serverguide/C/web-servers.xml:1137(programlisting)
1336
#: serverguide/C/web-servers.xml:1148(programlisting)
1319
1337
#, no-wrap
1320
1338
msgid ""
1321
1339
"\n"
1322
1340
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1323
1341
msgstr ""
1324
1342
1325
#: serverguide/C/web-servers.xml:1142(title)
1343
#: serverguide/C/web-servers.xml:1153(title)
1326
1344
msgid "Declaring users and roles"
1327
1345
msgstr ""
1328
1346
1329
#: serverguide/C/web-servers.xml:1143(para)
1347
#: serverguide/C/web-servers.xml:1154(para)
1330
1348
msgid ""
1331
1349
"Usernames, passwords and roles (groups) can be defined centrally in a "
1332
1350
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1333
1351
"users.xml</filename> file:"
1334
1352
msgstr ""
1335
1353
1336
#: serverguide/C/web-servers.xml:1146(programlisting)
1354
#: serverguide/C/web-servers.xml:1157(programlisting)
1337
1355
#, no-wrap
1338
1356
msgid ""
1339
1357
"\n"
1341
1359
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1342
1360
msgstr ""
1343
1361
1344
#: serverguide/C/web-servers.xml:1154(title)
1362
#: serverguide/C/web-servers.xml:1165(title)
1345
1363
msgid "Using Tomcat standard webapps"
1346
1364
msgstr ""
1347
1365
1348
#: serverguide/C/web-servers.xml:1155(para)
1366
#: serverguide/C/web-servers.xml:1166(para)
1349
1367
msgid ""
1350
1368
"Tomcat is shipped with webapps that you can install for documentation, "
1351
1369
"administration or demo purposes."
1352
1370
msgstr ""
1353
1371
1354
#: serverguide/C/web-servers.xml:1158(title)
1372
#: serverguide/C/web-servers.xml:1169(title)
1355
1373
msgid "Tomcat documentation"
1356
1374
msgstr ""
1357
1375
1358
#: serverguide/C/web-servers.xml:1159(para)
1376
#: serverguide/C/web-servers.xml:1170(para)
1359
1377
msgid ""
1360
1378
"The <application>tomcat7-docs</application> package contains Tomcat "
1361
1379
"documentation, packaged as a webapp that you can access by default at "
1363
1381
"command in the terminal prompt:"
1364
1382
msgstr ""
1365
1383
1366
#: serverguide/C/web-servers.xml:1164(command)
1384
#: serverguide/C/web-servers.xml:1175(command)
1367
1385
msgid "sudo apt install tomcat7-docs"
1368
1386
msgstr ""
1369
1387
1370
#: serverguide/C/web-servers.xml:1168(title)
1388
#: serverguide/C/web-servers.xml:1179(title)
1371
1389
msgid "Tomcat administration webapps"
1372
1390
msgstr ""
1373
1391
1374
#: serverguide/C/web-servers.xml:1169(para)
1392
#: serverguide/C/web-servers.xml:1180(para)
1375
1393
msgid ""
1376
1394
"The <application>tomcat7-admin</application> package contains two webapps "
1377
1395
"that can be used to administer the Tomcat server using a web interface. You "
1378
1396
"can install them by entering the following command in the terminal prompt:"
1379
1397
msgstr ""
1380
1398
1381
#: serverguide/C/web-servers.xml:1174(command)
1399
#: serverguide/C/web-servers.xml:1185(command)
1382
1400
msgid "sudo apt install tomcat7-admin"
1383
1401
msgstr ""
1384
1402
1385
#: serverguide/C/web-servers.xml:1176(para)
1403
#: serverguide/C/web-servers.xml:1187(para)
1386
1404
msgid ""
1387
1405
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1388
1406
"access by default at http://yourserver:8080/manager/html. It is primarily "
1389
1407
"used to get server status and restart webapps."
1390
1408
msgstr ""
1391
1409
1392
#: serverguide/C/web-servers.xml:1179(para)
1410
#: serverguide/C/web-servers.xml:1190(para)
1393
1411
msgid ""
1394
1412
"Access to the <emphasis>manager</emphasis> application is protected by "
1395
1413
"default: you need to define a user with the role \"manager-gui\" in "
1396
1414
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1397
1415
msgstr ""
1398
1416
1399
#: serverguide/C/web-servers.xml:1183(para)
1417
#: serverguide/C/web-servers.xml:1194(para)
1400
1418
msgid ""
1401
1419
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1402
1420
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1403
1421
"used to create virtual hosts dynamically."
1404
1422
msgstr ""
1405
1423
1406
#: serverguide/C/web-servers.xml:1187(para)
1424
#: serverguide/C/web-servers.xml:1198(para)
1407
1425
msgid ""
1408
1426
"Access to the <emphasis>host-manager</emphasis> application is also "
1409
1427
"protected by default: you need to define a user with the role \"admin-gui\" "
1411
1429
"it."
1412
1430
msgstr ""
1413
1431
1414
#: serverguide/C/web-servers.xml:1192(para)
1432
#: serverguide/C/web-servers.xml:1203(para)
1415
1433
msgid ""
1416
1434
"For security reasons, the tomcat7 user cannot write to the "
1417
1435
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1420
1438
"the following, to give users in the tomcat7 group the necessary rights:"
1421
1439
msgstr ""
1422
1440
1423
#: serverguide/C/web-servers.xml:1199(command)
1441
#: serverguide/C/web-servers.xml:1210(command)
1424
1442
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1425
1443
msgstr ""
1426
1444
1427
#: serverguide/C/web-servers.xml:1200(command)
1445
#: serverguide/C/web-servers.xml:1211(command)
1428
1446
msgid "sudo chmod -R g+w /etc/tomcat7"
1429
1447
msgstr ""
1430
1448
1431
#: serverguide/C/web-servers.xml:1205(title)
1449
#: serverguide/C/web-servers.xml:1216(title)
1432
1450
msgid "Tomcat examples webapps"
1433
1451
msgstr ""
1434
1452
1435
#: serverguide/C/web-servers.xml:1206(para)
1453
#: serverguide/C/web-servers.xml:1217(para)
1436
1454
msgid ""
1437
1455
"The <application>tomcat7-examples</application> package contains two webapps "
1438
1456
"that can be used to test or demonstrate Servlets and JSP features, which you "
1440
1458
"install them by entering the following command in the terminal prompt:"
1441
1459
msgstr ""
1442
1460
1443
#: serverguide/C/web-servers.xml:1212(command)
1461
#: serverguide/C/web-servers.xml:1223(command)
1444
1462
msgid "sudo apt install tomcat7-examples"
1445
1463
msgstr ""
1446
1464
1447
#: serverguide/C/web-servers.xml:1218(title)
1465
#: serverguide/C/web-servers.xml:1229(title)
1448
1466
msgid "Using private instances"
1449
1467
msgstr ""
1450
1468
1451
#: serverguide/C/web-servers.xml:1219(para)
1469
#: serverguide/C/web-servers.xml:1230(para)
1452
1470
msgid ""
1453
1471
"Tomcat is heavily used in development and testing scenarios where using a "
1454
1472
"single system-wide instance doesn't meet the requirements of multiple users "
1458
1476
"system-installed libraries."
1459
1477
msgstr ""
1460
1478
1461
#: serverguide/C/web-servers.xml:1226(para)
1479
#: serverguide/C/web-servers.xml:1237(para)
1462
1480
msgid ""
1463
1481
"It is possible to run the system-wide instance and the private instances in "
1464
1482
"parallel, as long as they do not use the same TCP ports."
1465
1483
msgstr ""
1466
1484
1467
#: serverguide/C/web-servers.xml:1230(title)
1485
#: serverguide/C/web-servers.xml:1241(title)
1468
1486
msgid "Installing private instance support"
1469
1487
msgstr ""
1470
1488
1471
#: serverguide/C/web-servers.xml:1231(para)
1489
#: serverguide/C/web-servers.xml:1242(para)
1472
1490
msgid ""
1473
1491
"You can install everything necessary to run private instances by entering "
1474
1492
"the following command in the terminal prompt:"
1475
1493
msgstr ""
1476
1494
1477
#: serverguide/C/web-servers.xml:1234(command)
1495
#: serverguide/C/web-servers.xml:1245(command)
1478
1496
msgid "sudo apt install tomcat7-user"
1479
1497
msgstr ""
1480
1498
1481
#: serverguide/C/web-servers.xml:1238(title)
1499
#: serverguide/C/web-servers.xml:1249(title)
1482
1500
msgid "Creating a private instance"
1483
1501
msgstr ""
1484
1502
1485
#: serverguide/C/web-servers.xml:1239(para)
1503
#: serverguide/C/web-servers.xml:1250(para)
1486
1504
msgid ""
1487
1505
"You can create a private instance directory by entering the following "
1488
1506
"command in the terminal prompt:"
1489
1507
msgstr ""
1490
1508
1491
#: serverguide/C/web-servers.xml:1242(command)
1509
#: serverguide/C/web-servers.xml:1253(command)
1492
1510
msgid "tomcat7-instance-create my-instance"
1493
1511
msgstr ""
1494
1512
1495
#: serverguide/C/web-servers.xml:1244(para)
1513
#: serverguide/C/web-servers.xml:1255(para)
1496
1514
msgid ""
1497
1515
"This will create a new <filename>my-instance</filename> directory with all "
1498
1516
"the necessary subdirectories and scripts. You can for example install your "
1501
1519
"are deployed by default."
1502
1520
msgstr ""
1503
1521
1504
#: serverguide/C/web-servers.xml:1252(title)
1522
#: serverguide/C/web-servers.xml:1263(title)
1505
1523
msgid "Configuring your private instance"
1506
1524
msgstr ""
1507
1525
1508
#: serverguide/C/web-servers.xml:1253(para)
1526
#: serverguide/C/web-servers.xml:1264(para)
1509
1527
msgid ""
1510
1528
"You will find the classic Tomcat configuration files for your private "
1511
1529
"instance in the <filename>conf/</filename> subdirectory. You should for "
1514
1532
"conflict with other instances that might be running."
1515
1533
msgstr ""
1516
1534
1517
#: serverguide/C/web-servers.xml:1261(title)
1535
#: serverguide/C/web-servers.xml:1272(title)
1518
1536
msgid "Starting/stopping your private instance"
1519
1537
msgstr ""
1520
1538
1521
#: serverguide/C/web-servers.xml:1262(para)
1539
#: serverguide/C/web-servers.xml:1273(para)
1522
1540
msgid ""
1523
1541
"You can start your private instance by entering the following command in the "
1524
1542
"terminal prompt (supposing your instance is located in the <filename>my-"
1525
1543
"instance</filename> directory):"
1526
1544
msgstr ""
1527
1545
1528
#: serverguide/C/web-servers.xml:1266(command)
1546
#: serverguide/C/web-servers.xml:1277(command)
1529
1547
msgid "my-instance/bin/startup.sh"
1530
1548
msgstr ""
1531
1549
1532
#: serverguide/C/web-servers.xml:1268(para)
1550
#: serverguide/C/web-servers.xml:1279(para)
1533
1551
msgid ""
1534
1552
"You should check the <filename>logs/</filename> subdirectory for any error. "
1535
1553
"If you have a <emphasis>java.net.BindException: Address already in "
1537
1555
"is already taken and that you should change it."
1538
1556
msgstr ""
1539
1557
1540
#: serverguide/C/web-servers.xml:1273(para)
1558
#: serverguide/C/web-servers.xml:1284(para)
1541
1559
msgid ""
1542
1560
"You can stop your instance by entering the following command in the terminal "
1543
1561
"prompt (supposing your instance is located in the <filename>my-"
1544
1562
"instance</filename> directory):"
1545
1563
msgstr ""
1546
1564
1547
#: serverguide/C/web-servers.xml:1277(command)
1565
#: serverguide/C/web-servers.xml:1288(command)
1548
1566
msgid "my-instance/bin/shutdown.sh"
1549
1567
msgstr ""
1550
1568
1551
#: serverguide/C/web-servers.xml:1286(para)
1569
#: serverguide/C/web-servers.xml:1297(para)
1552
1570
msgid ""
1553
1571
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1554
1572
"website for more information."
1555
1573
msgstr ""
1556
1574
1557
#: serverguide/C/web-servers.xml:1291(para)
1575
#: serverguide/C/web-servers.xml:1302(para)
1558
1576
msgid ""
1559
1577
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1560
1578
"Definitive Guide</ulink> is a good resource for building web applications "
1561
1579
"with Tomcat."
1562
1580
msgstr ""
1563
1581
1564
#: serverguide/C/web-servers.xml:1297(para)
1582
#: serverguide/C/web-servers.xml:1308(para)
1565
1583
msgid ""
1566
1584
"For additional books see the <ulink "
1567
1585
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
2958
2976
2959
2977
#: serverguide/C/virtualization.xml:95(para)
2960
2978
msgid ""
2979
"In more recent releases (>= Yakkety) the group was renamed to "
2980
"<emphasis>libvirt</emphasis>. Upgraded systems get a new "
2981
"<emphasis>libvirt</emphasis> group with the same gid as the "
2982
"<emphasis>libvirtd</emphasis> group to match that."
2983
msgstr ""
2984
2985
#: serverguide/C/virtualization.xml:98(para)
2986
msgid ""
2961
2987
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2962
2988
"Installing a virtual machine follows the same process as installing the "
2963
2989
"operating system directly on the hardware. You either need a way to automate "
2965
2991
"physical machine."
2966
2992
msgstr ""
2967
2993
2968
#: serverguide/C/virtualization.xml:101(para)
2994
#: serverguide/C/virtualization.xml:104(para)
2969
2995
msgid ""
2970
2996
"In the case of virtual machines a Graphical User Interface (GUI) is "
2971
2997
"analogous to using a physical keyboard and mouse. Instead of installing a "
2974
3000
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
2975
3001
msgstr ""
2976
3002
2977
#: serverguide/C/virtualization.xml:108(para)
3003
#: serverguide/C/virtualization.xml:111(para)
2978
3004
msgid ""
2979
3005
"There are several ways to automate the Ubuntu installation process, for "
2980
3006
"example using preseeds, kickstart, etc. Refer to the <ulink "
2982
3008
"Installation Guide</ulink> for details."
2983
3009
msgstr ""
2984
3010
2985
#: serverguide/C/virtualization.xml:113(para)
3011
#: serverguide/C/virtualization.xml:116(para)
2986
3012
msgid ""
2987
3013
"Yet another way to install an Ubuntu virtual machine is to use "
2988
3014
"<application>uvtool</application>. This application, available as of 14.04, "
2990
3016
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2991
3017
msgstr ""
2992
3018
2993
#: serverguide/C/virtualization.xml:119(para)
3019
#: serverguide/C/virtualization.xml:122(para)
2994
3020
msgid ""
2995
3021
"Libvirt can also be configured work with <application>Xen</application>. For "
2996
3022
"details, see the Xen Ubuntu community page referenced below."
2997
3023
msgstr ""
2998
3024
2999
#: serverguide/C/virtualization.xml:125(title)
3025
#: serverguide/C/virtualization.xml:128(title)
3000
3026
msgid "virt-install"
3001
3027
msgstr ""
3002
3028
3003
#: serverguide/C/virtualization.xml:127(para)
3029
#: serverguide/C/virtualization.xml:130(para)
3004
3030
msgid ""
3005
3031
"<application>virt-install</application> is part of the "
3006
3032
"<application>virtinst</application> package. To install it, from a terminal "
3007
3033
"prompt enter:"
3008
3034
msgstr ""
3009
3035
3010
#: serverguide/C/virtualization.xml:132(command)
3036
#: serverguide/C/virtualization.xml:135(command)
3011
3037
msgid "sudo apt install virtinst"
3012
3038
msgstr ""
3013
3039
3014
#: serverguide/C/virtualization.xml:135(para)
3040
#: serverguide/C/virtualization.xml:138(para)
3015
3041
msgid ""
3016
3042
"There are several options available when using <application>virt-"
3017
3043
"install</application>. For example:"
3018
3044
msgstr ""
3019
3045
3020
#: serverguide/C/virtualization.xml:139(command)
3046
#: serverguide/C/virtualization.xml:142(command)
3021
3047
msgid ""
3022
3048
"sudo virt-install -n web_devel -r 256 \\ --disk "
3023
3049
"path=/var/lib/libvirt/images/web_devel.img,bus=virtio,size=4 -c \\ ubuntu-"
3025
3051
"vnc,listen=0.0.0.0 --noautoconsole -v"
3026
3052
msgstr ""
3027
3053
3028
#: serverguide/C/virtualization.xml:147(para)
3054
#: serverguide/C/virtualization.xml:150(para)
3029
3055
msgid ""
3030
3056
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3031
3057
"be <emphasis>web_devel</emphasis> in this example."
3032
3058
msgstr ""
3033
3059
3034
#: serverguide/C/virtualization.xml:153(para)
3060
#: serverguide/C/virtualization.xml:156(para)
3035
3061
msgid ""
3036
3062
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3037
3063
"machine will use in megabytes."
3038
3064
msgstr ""
3039
3065
3040
#: serverguide/C/virtualization.xml:158(para)
3066
#: serverguide/C/virtualization.xml:161(para)
3041
3067
msgid ""
3042
3068
"<emphasis>--disk "
3043
3069
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
3047
3073
"<emphasis>virtio</emphasis> for the disk bus."
3048
3074
msgstr ""
3049
3075
3050
#: serverguide/C/virtualization.xml:168(para)
3076
#: serverguide/C/virtualization.xml:171(para)
3051
3077
msgid ""
3052
3078
"<emphasis>-c ubuntu-16.04-server-i386.iso:</emphasis> file to be used as a "
3053
3079
"virtual CDROM. The file can be either an ISO file or the path to the host's "
3054
3080
"CDROM device."
3055
3081
msgstr ""
3056
3082
3057
#: serverguide/C/virtualization.xml:174(para)
3083
#: serverguide/C/virtualization.xml:177(para)
3058
3084
msgid ""
3059
3085
"<emphasis>--network</emphasis> provides details related to the VM's network "
3060
3086
"interface. Here the <emphasis>default</emphasis> network is used, and the "
3061
3087
"interface model is configured for <emphasis>virtio</emphasis>."
3062
3088
msgstr ""
3063
3089
3064
#: serverguide/C/virtualization.xml:181(para)
3090
#: serverguide/C/virtualization.xml:184(para)
3065
3091
msgid ""
3066
3092
"<emphasis>--graphics vnc,listen=0.0.0.0:</emphasis> exports the guest's "
3067
3093
"virtual console using VNC and on all host interfaces. Typically servers have "
3069
3095
"connect via VNC to complete the installation."
3070
3096
msgstr ""
3071
3097
3072
#: serverguide/C/virtualization.xml:189(para)
3098
#: serverguide/C/virtualization.xml:192(para)
3073
3099
msgid ""
3074
3100
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3075
3101
"virtual machine's console."
3076
3102
msgstr ""
3077
3103
3078
#: serverguide/C/virtualization.xml:194(para)
3104
#: serverguide/C/virtualization.xml:197(para)
3079
3105
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3080
3106
msgstr ""
3081
3107
3082
#: serverguide/C/virtualization.xml:199(para)
3108
#: serverguide/C/virtualization.xml:202(para)
3083
3109
msgid ""
3084
3110
"After launching <application>virt-install</application> you can connect to "
3085
3111
"the virtual machine's console either locally using a GUI (if your server has "
3086
3112
"a GUI), or via a remote VNC client from a GUI-based computer."
3087
3113
msgstr ""
3088
3114
3089
#: serverguide/C/virtualization.xml:206(title)
3115
#: serverguide/C/virtualization.xml:209(title)
3090
3116
msgid "virt-clone"
3091
3117
msgstr ""
3092
3118
3093
#: serverguide/C/virtualization.xml:208(para)
3119
#: serverguide/C/virtualization.xml:211(para)
3094
3120
msgid ""
3095
3121
"The <application>virt-clone</application> application can be used to copy "
3096
3122
"one virtual machine to another. For example:"
3097
3123
msgstr ""
3098
3124
3099
#: serverguide/C/virtualization.xml:212(command)
3125
#: serverguide/C/virtualization.xml:215(command)
3100
3126
msgid ""
3101
"sudo virt-clone -o web_devel -n database_devel -f "
3102
"/path/to/database_devel.img \\ --connect=qemu:///system"
3127
"sudo virt-clone -o web_devel -n database_devel -f /path/to/database_devel.img"
3103
3128
msgstr ""
3104
3129
3105
#: serverguide/C/virtualization.xml:218(para)
3130
#: serverguide/C/virtualization.xml:220(para)
3106
3131
msgid "<emphasis>-o:</emphasis> original virtual machine."
3107
3132
msgstr ""
3108
3133
3109
#: serverguide/C/virtualization.xml:222(para)
3134
#: serverguide/C/virtualization.xml:224(para)
3110
3135
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3111
3136
msgstr ""
3112
3137
3113
#: serverguide/C/virtualization.xml:227(para)
3138
#: serverguide/C/virtualization.xml:229(para)
3114
3139
msgid ""
3115
3140
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3116
3141
"be used by the new virtual machine."
3117
3142
msgstr ""
3118
3143
3119
#: serverguide/C/virtualization.xml:232(para)
3120
msgid ""
3121
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3122
msgstr ""
3123
3124
#: serverguide/C/virtualization.xml:237(para)
3144
#: serverguide/C/virtualization.xml:234(para)
3125
3145
msgid ""
3126
3146
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3127
3147
"help troubleshoot problems with <application>virt-clone</application>."
3128
3148
msgstr ""
3129
3149
3130
#: serverguide/C/virtualization.xml:242(para)
3150
#: serverguide/C/virtualization.xml:239(para)
3131
3151
msgid ""
3132
3152
"Replace <emphasis>web_devel</emphasis> and "
3133
3153
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3134
3154
msgstr ""
3135
3155
3156
#: serverguide/C/virtualization.xml:246(title)
3157
msgid "Virtual Machine Management"
3158
msgstr ""
3159
3136
3160
#: serverguide/C/virtualization.xml:249(title)
3137
msgid "Virtual Machine Management"
3138
msgstr ""
3139
3140
#: serverguide/C/virtualization.xml:252(title)
3141
3161
msgid "virsh"
3142
3162
msgstr ""
3143
3163
3144
#: serverguide/C/virtualization.xml:254(para)
3164
#: serverguide/C/virtualization.xml:251(para)
3145
3165
msgid ""
3146
3166
"There are several utilities available to manage virtual machines and "
3147
3167
"<application>libvirt</application>. The <application>virsh</application> "
3148
3168
"utility can be used from the command line. Some examples:"
3149
3169
msgstr ""
3150
3170
3151
#: serverguide/C/virtualization.xml:261(para)
3171
#: serverguide/C/virtualization.xml:258(para)
3152
3172
msgid "To list running virtual machines:"
3153
3173
msgstr ""
3154
3174
3155
#: serverguide/C/virtualization.xml:264(command)
3156
msgid "virsh -c qemu:///system list"
3175
#: serverguide/C/virtualization.xml:261(command)
3176
msgid "virsh list"
3157
3177
msgstr ""
3158
3178
3159
#: serverguide/C/virtualization.xml:269(para)
3179
#: serverguide/C/virtualization.xml:266(para)
3160
3180
msgid "To start a virtual machine:"
3161
3181
msgstr ""
3162
3182
3163
#: serverguide/C/virtualization.xml:272(command)
3164
msgid "virsh -c qemu:///system start web_devel"
3183
#: serverguide/C/virtualization.xml:269(command)
3184
msgid "virsh start web_devel"
3165
3185
msgstr ""
3166
3186
3167
#: serverguide/C/virtualization.xml:277(para)
3187
#: serverguide/C/virtualization.xml:274(para)
3168
3188
msgid "Similarly, to start a virtual machine at boot:"
3169
3189
msgstr ""
3170
3190
3171
#: serverguide/C/virtualization.xml:280(command)
3172
msgid "virsh -c qemu:///system autostart web_devel"
3191
#: serverguide/C/virtualization.xml:277(command)
3192
msgid "virsh autostart web_devel"
3173
3193
msgstr ""
3174
3194
3175
#: serverguide/C/virtualization.xml:285(para)
3195
#: serverguide/C/virtualization.xml:282(para)
3176
3196
msgid "Reboot a virtual machine with:"
3177
3197
msgstr ""
3178
3198
3179
#: serverguide/C/virtualization.xml:288(command)
3180
msgid "virsh -c qemu:///system reboot web_devel"
3199
#: serverguide/C/virtualization.xml:285(command)
3200
msgid "virsh reboot web_devel"
3181
3201
msgstr ""
3182
3202
3183
#: serverguide/C/virtualization.xml:293(para)
3203
#: serverguide/C/virtualization.xml:290(para)
3184
3204
msgid ""
3185
3205
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3186
3206
"order to be restored later. The following will save the virtual machine "
3187
3207
"state into a file named according to the date:"
3188
3208
msgstr ""
3189
3209
3190
#: serverguide/C/virtualization.xml:299(command)
3191
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3210
#: serverguide/C/virtualization.xml:296(command)
3211
msgid "virsh save web_devel web_devel-022708.state"
3192
3212
msgstr ""
3193
3213
3194
#: serverguide/C/virtualization.xml:302(para)
3214
#: serverguide/C/virtualization.xml:299(para)
3195
3215
msgid "Once saved the virtual machine will no longer be running."
3196
3216
msgstr ""
3197
3217
3198
#: serverguide/C/virtualization.xml:307(para)
3218
#: serverguide/C/virtualization.xml:304(para)
3199
3219
msgid "A saved virtual machine can be restored using:"
3200
3220
msgstr ""
3201
3221
3202
#: serverguide/C/virtualization.xml:310(command)
3203
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3222
#: serverguide/C/virtualization.xml:307(command)
3223
msgid "virsh restore web_devel-022708.state"
3204
3224
msgstr ""
3205
3225
3206
#: serverguide/C/virtualization.xml:315(para)
3226
#: serverguide/C/virtualization.xml:312(para)
3207
3227
msgid "To shutdown a virtual machine do:"
3208
3228
msgstr ""
3209
3229
3210
#: serverguide/C/virtualization.xml:318(command)
3211
msgid "virsh -c qemu:///system shutdown web_devel"
3230
#: serverguide/C/virtualization.xml:315(command)
3231
msgid "virsh shutdown web_devel"
3212
3232
msgstr ""
3213
3233
3214
#: serverguide/C/virtualization.xml:323(para)
3234
#: serverguide/C/virtualization.xml:320(para)
3215
3235
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3216
3236
msgstr ""
3217
3237
3218
#: serverguide/C/virtualization.xml:327(command)
3219
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3238
#: serverguide/C/virtualization.xml:324(command)
3239
msgid "virsh attach-disk web_devel /dev/cdrom /media/cdrom"
3220
3240
msgstr ""
3221
3241
3222
#: serverguide/C/virtualization.xml:333(para)
3242
#: serverguide/C/virtualization.xml:330(para)
3223
3243
msgid ""
3224
3244
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3225
3245
"appropriate virtual machine name, and <filename>web_devel-"
3226
3246
"022708.state</filename> with a descriptive file name."
3227
3247
msgstr ""
3228
3248
3249
#: serverguide/C/virtualization.xml:334(para)
3250
msgid ""
3251
"If virsh (or other vir* tools) shall connect to something else than the "
3252
"default qemu-kvm/system hipervisor one can find alternatives for the "
3253
"<emphasis>connect</emphasis> option in <emphasis>man virsh</emphasis> or "
3254
"<ulink url=\"http://libvirt.org/uri.html\">libvirt doc</ulink>"
3255
msgstr ""
3256
3229
3257
#: serverguide/C/virtualization.xml:341(title)
3258
msgid "migration"
3259
msgstr ""
3260
3261
#: serverguide/C/virtualization.xml:342(para)
3262
msgid ""
3263
"There are different types of migration available depending on the versions "
3264
"of libvirt and the hipervisor being used. In general those types are:"
3265
msgstr ""
3266
3267
#: serverguide/C/virtualization.xml:345(ulink)
3268
msgid "offline migration"
3269
msgstr ""
3270
3271
#: serverguide/C/virtualization.xml:346(ulink)
3272
msgid "live migration"
3273
msgstr ""
3274
3275
#: serverguide/C/virtualization.xml:347(ulink)
3276
msgid "postcopy migration"
3277
msgstr ""
3278
3279
#: serverguide/C/virtualization.xml:349(para)
3280
msgid ""
3281
"There are various options to those methods, but the entry point for all of "
3282
"them is <emphasis>virsh migrate</emphasis>. Read the integrated help for "
3283
"more detail."
3284
msgstr ""
3285
3286
#: serverguide/C/virtualization.xml:350(command)
3287
msgid "virsh migrate --help"
3288
msgstr ""
3289
3290
#: serverguide/C/virtualization.xml:351(para)
3291
msgid ""
3292
"Some useful documentation on constraints and considerations about live "
3293
"migration can be found at the <ulink "
3294
"url=\"https://wiki.ubuntu.com/QemuKVMMigration\">Ubuntu Wiki</ulink>"
3295
msgstr ""
3296
3297
#: serverguide/C/virtualization.xml:355(title)
3230
3298
msgid "Virtual Machine Manager"
3231
3299
msgstr ""
3232
3300
3233
#: serverguide/C/virtualization.xml:343(para)
3301
#: serverguide/C/virtualization.xml:357(para)
3234
3302
msgid ""
3235
3303
"The <application>virt-manager</application> package contains a graphical "
3236
3304
"utility to manage local and remote virtual machines. To install virt-manager "
3237
3305
"enter:"
3238
3306
msgstr ""
3239
3307
3240
#: serverguide/C/virtualization.xml:348(command)
3308
#: serverguide/C/virtualization.xml:362(command)
3241
3309
msgid "sudo apt install virt-manager"
3242
3310
msgstr ""
3243
3311
3244
#: serverguide/C/virtualization.xml:351(para)
3312
#: serverguide/C/virtualization.xml:365(para)
3245
3313
msgid ""
3246
3314
"Since <application>virt-manager</application> requires a Graphical User "
3247
3315
"Interface (GUI) environment it is recommended to be installed on a "
3249
3317
"the local <application>libvirt</application> service enter:"
3250
3318
msgstr ""
3251
3319
3252
#: serverguide/C/virtualization.xml:358(command)
3320
#: serverguide/C/virtualization.xml:372(command)
3253
3321
msgid "virt-manager -c qemu:///system"
3254
3322
msgstr ""
3255
3323
3256
#: serverguide/C/virtualization.xml:361(para)
3324
#: serverguide/C/virtualization.xml:375(para)
3257
3325
msgid ""
3258
3326
"You can connect to the <application>libvirt</application> service running on "
3259
3327
"another host by entering the following in a terminal prompt:"
3260
3328
msgstr ""
3261
3329
3262
#: serverguide/C/virtualization.xml:366(command)
3330
#: serverguide/C/virtualization.xml:380(command)
3263
3331
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3264
3332
msgstr ""
3265
3333
3266
#: serverguide/C/virtualization.xml:370(para)
3334
#: serverguide/C/virtualization.xml:384(para)
3267
3335
msgid ""
3268
3336
"The above example assumes that <application>SSH</application> connectivity "
3269
3337
"between the management system and virtnode1.mydomain.com has already been "
3274
3342
"linkend=\"openssh-server\"/>"
3275
3343
msgstr ""
3276
3344
3277
#: serverguide/C/virtualization.xml:383(title)
3345
#: serverguide/C/virtualization.xml:397(title)
3278
3346
msgid "Virtual Machine Viewer"
3279
3347
msgstr ""
3280
3348
3281
#: serverguide/C/virtualization.xml:385(para)
3349
#: serverguide/C/virtualization.xml:399(para)
3282
3350
msgid ""
3283
3351
"The <application>virt-viewer</application> application allows you to connect "
3284
3352
"to a virtual machine's console. <application>virt-viewer</application> does "
3286
3354
"machine."
3287
3355
msgstr ""
3288
3356
3289
#: serverguide/C/virtualization.xml:390(para)
3357
#: serverguide/C/virtualization.xml:404(para)
3290
3358
msgid ""
3291
3359
"To install <application>virt-viewer</application> from a terminal enter:"
3292
3360
msgstr ""
3293
3361
3294
#: serverguide/C/virtualization.xml:394(command)
3362
#: serverguide/C/virtualization.xml:408(command)
3295
3363
msgid "sudo apt install virt-viewer"
3296
3364
msgstr ""
3297
3365
3298
#: serverguide/C/virtualization.xml:397(para)
3366
#: serverguide/C/virtualization.xml:411(para)
3299
3367
msgid ""
3300
3368
"Once a virtual machine is installed and running you can connect to the "
3301
3369
"virtual machine's console by using:"
3302
3370
msgstr ""
3303
3371
3304
#: serverguide/C/virtualization.xml:401(command)
3305
msgid "virt-viewer -c qemu:///system web_devel"
3372
#: serverguide/C/virtualization.xml:415(command)
3373
msgid "virt-viewer web_devel"
3306
3374
msgstr ""
3307
3375
3308
#: serverguide/C/virtualization.xml:404(para)
3376
#: serverguide/C/virtualization.xml:418(para)
3309
3377
msgid ""
3310
3378
"Similar to <application>virt-manager</application>, <application>virt-"
3311
3379
"viewer</application> can connect to a remote host using "
3312
3380
"<emphasis>SSH</emphasis> with key authentication, as well:"
3313
3381
msgstr ""
3314
3382
3315
#: serverguide/C/virtualization.xml:409(command)
3383
#: serverguide/C/virtualization.xml:423(command)
3316
3384
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3317
3385
msgstr ""
3318
3386
3319
#: serverguide/C/virtualization.xml:412(para)
3387
#: serverguide/C/virtualization.xml:426(para)
3320
3388
msgid ""
3321
3389
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3322
3390
"appropriate virtual machine name."
3323
3391
msgstr ""
3324
3392
3325
#: serverguide/C/virtualization.xml:415(para)
3393
#: serverguide/C/virtualization.xml:429(para)
3326
3394
msgid ""
3327
3395
"If configured to use a <emphasis>bridged</emphasis> network interface you "
3328
3396
"can also setup <application>SSH</application> access to the virtual machine."
3329
3397
msgstr ""
3330
3398
3331
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:674(title) serverguide/C/virtualization.xml:745(title) serverguide/C/virtualization.xml:2680(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1691(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2673(title) serverguide/C/network-auth.xml:3389(title) serverguide/C/network-auth.xml:3942(title) serverguide/C/network-auth.xml:4177(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3399
#: serverguide/C/virtualization.xml:435(title) serverguide/C/virtualization.xml:742(title) serverguide/C/virtualization.xml:813(title) serverguide/C/virtualization.xml:2748(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1945(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2666(title) serverguide/C/network-auth.xml:3382(title) serverguide/C/network-auth.xml:3935(title) serverguide/C/network-auth.xml:4170(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3332
3400
msgid "Resources"
3333
3401
msgstr ""
3334
3402
3335
#: serverguide/C/virtualization.xml:425(para)
3403
#: serverguide/C/virtualization.xml:439(para)
3336
3404
msgid ""
3337
3405
"See the <ulink url=\"http://www.linux-kvm.org/\">KVM</ulink> home page for "
3338
3406
"more details."
3339
3407
msgstr ""
3340
3408
3341
#: serverguide/C/virtualization.xml:430(para)
3409
#: serverguide/C/virtualization.xml:444(para)
3342
3410
msgid ""
3343
3411
"For more information on <application>libvirt</application> see the <ulink "
3344
3412
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3345
3413
msgstr ""
3346
3414
3347
#: serverguide/C/virtualization.xml:436(para)
3415
#: serverguide/C/virtualization.xml:450(para)
3348
3416
msgid ""
3349
3417
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3350
3418
"site has more information on <application>virt-manager</application> "
3351
3419
"development."
3352
3420
msgstr ""
3353
3421
3354
#: serverguide/C/virtualization.xml:442(para)
3422
#: serverguide/C/virtualization.xml:456(para)
3355
3423
msgid ""
3356
3424
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3357
3425
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3358
3426
"technology in Ubuntu."
3359
3427
msgstr ""
3360
3428
3361
#: serverguide/C/virtualization.xml:448(para)
3429
#: serverguide/C/virtualization.xml:462(para)
3362
3430
msgid ""
3363
3431
"Another good resource is the <ulink "
3364
3432
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3365
3433
msgstr ""
3366
3434
3367
#: serverguide/C/virtualization.xml:454(para)
3435
#: serverguide/C/virtualization.xml:468(para)
3368
3436
msgid ""
3369
3437
"For information on Xen, including using Xen with libvirt, please see the "
3370
3438
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3371
3439
"page."
3372
3440
msgstr ""
3373
3441
3374
#: serverguide/C/virtualization.xml:464(title)
3442
#: serverguide/C/virtualization.xml:478(title)
3443
msgid "Qemu"
3444
msgstr ""
3445
3446
#: serverguide/C/virtualization.xml:479(para)
3447
msgid ""
3448
"<ulink url=\"http://wiki.qemu.org/Main_Page\">Qemu</ulink> is a machine "
3449
"emulator that can run operating systems and programs for one machine on a "
3450
"different machine. Mostly it is not used as emulator but as virtualizer in "
3451
"collaboration with KVM or XEN kernel components. In that case it utilizes "
3452
"the virtualization technology of the hardware to virtualize guests."
3453
msgstr ""
3454
3455
#: serverguide/C/virtualization.xml:483(para)
3456
msgid ""
3457
"While qemu has a <ulink url=\"http://wiki.qemu.org/download/qemu-"
3458
"doc.html#sec_005finvocation\">command line interface</ulink> and a <ulink "
3459
"url=\"http://wiki.qemu.org/download/qemu-"
3460
"doc.html#pcsys_005fmonitor\">monitor</ulink> to interact with running guests "
3461
"those is rarely used that way for other means than development purposes. "
3462
"<link linkend=\"libvirt\">Libvirt</link> provides an abstraction from "
3463
"specific versions and hiperviors and encapsulates some workarounds and best "
3464
"practises."
3465
msgstr ""
3466
3467
#: serverguide/C/virtualization.xml:488(title)
3468
msgid "Upgrading the machine type"
3469
msgstr ""
3470
3471
#: serverguide/C/virtualization.xml:489(para)
3472
msgid ""
3473
"This also is documented along some more constraints and considerations at "
3474
"the <ulink "
3475
"url=\"https://wiki.ubuntu.com/QemuKVMMigration#Upgrade_machine_type\">Ubuntu "
3476
"Wiki</ulink>"
3477
msgstr ""
3478
3479
#: serverguide/C/virtualization.xml:490(para)
3480
msgid ""
3481
"You might want to update your machine type of an existing defined guest to:"
3482
msgstr ""
3483
3484
#: serverguide/C/virtualization.xml:492(para)
3485
msgid "to pick up latest security fixes and features"
3486
msgstr ""
3487
3488
#: serverguide/C/virtualization.xml:493(para)
3489
msgid "continue using a guest created on a now unsupported release"
3490
msgstr ""
3491
3492
#: serverguide/C/virtualization.xml:495(para)
3493
msgid ""
3494
"In general it is recommended to update machine types when upgrading qemu/kvm "
3495
"to a new major version. But this can likely never be an automated task as "
3496
"this change is guest visible. The guest devices might change in appearance, "
3497
"new features will be announced to the guest and so on. Linux is usually very "
3498
"good at tolerating such changes, but it depends so much on the setup and "
3499
"workload of the guest that this has to be evaluated by the owner/admin of "
3500
"the system. Other operating systems where known to often have severe impacts "
3501
"by changing the hardware. Consider a machine type change similar to "
3502
"replacing all devices and firmware of a physical machine to the latest "
3503
"revision - all considerations that apply there apply to evaluating a machine "
3504
"type upgrade as well."
3505
msgstr ""
3506
3507
#: serverguide/C/virtualization.xml:496(para)
3508
msgid ""
3509
"As usual with major configuration changes it is wise to back up your guest "
3510
"definition and disk state to be able to do a rollback just in case. There is "
3511
"no integrated single command to update the machine type via virsh or similar "
3512
"tools. It is a normal part of your machine definition. And therefore updated "
3513
"the same way as most others."
3514
msgstr ""
3515
3516
#: serverguide/C/virtualization.xml:498(para)
3517
msgid "First shutdown your machine and wait until it has reached that state."
3518
msgstr ""
3519
3520
#: serverguide/C/virtualization.xml:499(screen)
3521
#, no-wrap
3522
msgid ""
3523
"\n"
3524
"virsh shutdown <yourmachine>\n"
3525
"# wait\n"
3526
"virsh list --inactive\n"
3527
"# should now list your machine as \"shut off\"\n"
3528
" "
3529
msgstr ""
3530
3531
#: serverguide/C/virtualization.xml:505(para)
3532
msgid ""
3533
"Then edit the machine definition and find the type in the type tag at the "
3534
"machine attribute."
3535
msgstr ""
3536
3537
#: serverguide/C/virtualization.xml:506(screen)
3538
#, no-wrap
3539
msgid ""
3540
"\n"
3541
"virsh edit <yourmachine>\n"
3542
"<type arch='x86_64' machine='pc-i440fx-xenial'>hvm</type>\n"
3543
" "
3544
msgstr ""
3545
3546
#: serverguide/C/virtualization.xml:510(para)
3547
msgid ""
3548
"Change this to the value you want. If you need to check what types are "
3549
"available via \"-M ?\" Note that while providing upstream types as "
3550
"convenience only Ubuntu types are supported. There you can also see what the "
3551
"current default would be. In general it is strongly recommended that you "
3552
"change to newer types if possible to exploit newer features, but also to "
3553
"benefit of bugfixes that only apply to the newer device virtualization."
3554
msgstr ""
3555
3556
#: serverguide/C/virtualization.xml:511(screen)
3557
#, no-wrap
3558
msgid ""
3559
"\n"
3560
"kvm -M ?\n"
3561
"# lists machine types, e.g.\n"
3562
"pc-i440fx-xenial Ubuntu 16.04 PC (i440FX + PIIX, 1996) (default)\n"
3563
"...\n"
3564
" "
3565
msgstr ""
3566
3567
#: serverguide/C/virtualization.xml:517(para)
3568
msgid ""
3569
"After this you can start your guest again. You can check the current machine "
3570
"type from guest and host depending on your needs."
3571
msgstr ""
3572
3573
#: serverguide/C/virtualization.xml:518(screen)
3574
#, no-wrap
3575
msgid ""
3576
"\n"
3577
"virsh start <yourmachine>\n"
3578
"# check from host, via dumping the active xml definition\n"
3579
"virsh dumpxml <yourmachine> | xmllint --xpath "
3580
"\"string(//domain/os/type/@machine)\" -\n"
3581
"# or from the guest via dmidecode\n"
3582
"sudo dmidecode | grep Product -A 1\n"
3583
" Product Name: Standard PC (i440FX + PIIX, 1996)\n"
3584
" Version: pc-i440fx-xenial\n"
3585
" "
3586
msgstr ""
3587
3588
#: serverguide/C/virtualization.xml:527(para)
3589
msgid ""
3590
"If you keep non-live definitions around like xml files remember to update "
3591
"those as well."
3592
msgstr ""
3593
3594
#: serverguide/C/virtualization.xml:532(title)
3375
3595
msgid "Cloud images and uvtool"
3376
3596
msgstr ""
3377
3597
3378
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3598
#: serverguide/C/virtualization.xml:535(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3379
3599
msgid "Introduction"
3380
3600
msgstr ""
3381
3601
3382
#: serverguide/C/virtualization.xml:469(para)
3602
#: serverguide/C/virtualization.xml:537(para)
3383
3603
msgid ""
3384
3604
"With Ubuntu being one of the most used operating systems on many cloud "
3385
3605
"platforms, the availability of stable and secure cloud images has become "
3389
3609
"installation."
3390
3610
msgstr ""
3391
3611
3392
#: serverguide/C/virtualization.xml:477(title)
3612
#: serverguide/C/virtualization.xml:545(title)
3393
3613
msgid "Creating virtual machines using uvtool"
3394
3614
msgstr ""
3395
3615
3396
#: serverguide/C/virtualization.xml:479(para)
3616
#: serverguide/C/virtualization.xml:547(para)
3397
3617
msgid ""
3398
3618
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3399
3619
"of generating virtual machines (VM) using the cloud images. "
3400
"<application>uvtool</application> provides a simple mechanism to to "
3401
"synchronize cloud-images locally and use them to create new VMs in minutes."
3620
"<application>uvtool</application> provides a simple mechanism to synchronize "
3621
"cloud-images locally and use them to create new VMs in minutes."
3402
3622
msgstr ""
3403
3623
3404
#: serverguide/C/virtualization.xml:486(title)
3624
#: serverguide/C/virtualization.xml:554(title)
3405
3625
msgid "Uvtool packages"
3406
3626
msgstr ""
3407
3627
3408
#: serverguide/C/virtualization.xml:488(para)
3628
#: serverguide/C/virtualization.xml:556(para)
3409
3629
msgid ""
3410
3630
"The following packages and their dependencies will be required in order to "
3411
3631
"use uvtool:"
3412
3632
msgstr ""
3413
3633
3414
#: serverguide/C/virtualization.xml:495(para)
3634
#: serverguide/C/virtualization.xml:563(para)
3415
3635
msgid "uvtool"
3416
3636
msgstr ""
3417
3637
3418
#: serverguide/C/virtualization.xml:499(para)
3638
#: serverguide/C/virtualization.xml:567(para)
3419
3639
msgid "uvtool-libvirt"
3420
3640
msgstr ""
3421
3641
3422
#: serverguide/C/virtualization.xml:504(para)
3642
#: serverguide/C/virtualization.xml:572(para)
3423
3643
msgid "To install <application>uvtool</application>, run:"
3424
3644
msgstr ""
3425
3645
3426
#: serverguide/C/virtualization.xml:505(programlisting)
3646
#: serverguide/C/virtualization.xml:573(programlisting)
3427
3647
#, no-wrap
3428
3648
msgid "$ apt -y install uvtool"
3429
3649
msgstr ""
3430
3650
3431
#: serverguide/C/virtualization.xml:507(para)
3651
#: serverguide/C/virtualization.xml:575(para)
3432
3652
msgid "This will install uvtool's main commands:"
3433
3653
msgstr ""
3434
3654
3435
#: serverguide/C/virtualization.xml:509(application)
3655
#: serverguide/C/virtualization.xml:577(application)
3436
3656
msgid "uvt-simplestreams-libvirt"
3437
3657
msgstr ""
3438
3658
3439
#: serverguide/C/virtualization.xml:510(application)
3659
#: serverguide/C/virtualization.xml:578(application)
3440
3660
msgid "uvt-kvm"
3441
3661
msgstr ""
3442
3662
3443
#: serverguide/C/virtualization.xml:515(title)
3663
#: serverguide/C/virtualization.xml:583(title)
3444
3664
msgid ""
3445
3665
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3446
3666
"libvirt</application>"
3447
3667
msgstr ""
3448
3668
3449
#: serverguide/C/virtualization.xml:517(para)
3669
#: serverguide/C/virtualization.xml:585(para)
3450
3670
msgid ""
3451
3671
"This is one of the major simplifications that "
3452
3672
"<application>uvtool</application> brings. It is aware of where to find the "
3455
3675
"architecture, the uvtool command would be:"
3456
3676
msgstr ""
3457
3677
3458
#: serverguide/C/virtualization.xml:522(programlisting)
3678
#: serverguide/C/virtualization.xml:590(programlisting)
3459
3679
#, no-wrap
3460
3680
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
3461
3681
msgstr ""
3462
3682
3463
#: serverguide/C/virtualization.xml:524(para)
3683
#: serverguide/C/virtualization.xml:592(para)
3464
3684
msgid ""
3465
3685
"After an amount of time required to download all the images from the "
3466
3686
"Internet, you will have a complete set of cloud images stored locally. To "
3467
3687
"see what has been downloaded use the following command:"
3468
3688
msgstr ""
3469
3689
3470
#: serverguide/C/virtualization.xml:528(programlisting)
3690
#: serverguide/C/virtualization.xml:596(programlisting)
3471
3691
#, no-wrap
3472
3692
msgid ""
3473
3693
"$ uvt-simplestreams-libvirt query\n"
3484
3704
"\n"
3485
3705
msgstr ""
3486
3706
3487
#: serverguide/C/virtualization.xml:542(para)
3707
#: serverguide/C/virtualization.xml:610(para)
3488
3708
msgid ""
3489
3709
"In the case where you want to synchronize only one specific cloud-image, you "
3490
3710
"need to use the release= and arch= filters to identify which image needs to "
3491
3711
"be synchronized."
3492
3712
msgstr ""
3493
3713
3494
#: serverguide/C/virtualization.xml:545(programlisting)
3714
#: serverguide/C/virtualization.xml:613(programlisting)
3495
3715
#, no-wrap
3496
3716
msgid "$ uvt-simplestreams-libvirt sync release=xenial arch=amd64\n"
3497
3717
msgstr ""
3498
3718
3499
#: serverguide/C/virtualization.xml:550(title)
3719
#: serverguide/C/virtualization.xml:618(title)
3500
3720
msgid "Create the VM using uvt-kvm"
3501
3721
msgstr ""
3502
3722
3503
#: serverguide/C/virtualization.xml:552(para)
3723
#: serverguide/C/virtualization.xml:620(para)
3504
3724
msgid ""
3505
3725
"In order to connect to the virtual machine once it has been created, you "
3506
3726
"must have a valid SSH key available for the Ubuntu user. If your environment "
3508
3728
"command:"
3509
3729
msgstr ""
3510
3730
3511
#: serverguide/C/virtualization.xml:554(programlisting)
3731
#: serverguide/C/virtualization.xml:622(programlisting)
3512
3732
#, no-wrap
3513
3733
msgid ""
3514
3734
"\n"
3535
3755
"+-----------------+\n"
3536
3756
msgstr ""
3537
3757
3538
#: serverguide/C/virtualization.xml:577(para)
3758
#: serverguide/C/virtualization.xml:645(para)
3539
3759
msgid ""
3540
3760
"To create of a new virtual machine using uvtool, run the following in a "
3541
3761
"terminal:"
3542
3762
msgstr ""
3543
3763
3544
#: serverguide/C/virtualization.xml:579(programlisting)
3764
#: serverguide/C/virtualization.xml:647(programlisting)
3545
3765
#, no-wrap
3546
3766
msgid "$ uvt-kvm create firsttest"
3547
3767
msgstr ""
3548
3768
3549
#: serverguide/C/virtualization.xml:581(para)
3769
#: serverguide/C/virtualization.xml:649(para)
3550
3770
msgid ""
3551
3771
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3552
3772
"using the current LTS cloud image available locally. If you want to specify "
3554
3774
"role=\"bold\">release=</emphasis> filter:"
3555
3775
msgstr ""
3556
3776
3557
#: serverguide/C/virtualization.xml:584(programlisting)
3777
#: serverguide/C/virtualization.xml:652(programlisting)
3558
3778
#, no-wrap
3559
3779
msgid "$ uvt-kvm create secondtest release=xenial"
3560
3780
msgstr ""
3561
3781
3562
#: serverguide/C/virtualization.xml:586(para)
3782
#: serverguide/C/virtualization.xml:654(para)
3563
3783
msgid ""
3564
3784
"<application>uvt-kvm wait</application> can be used to wait until the "
3565
3785
"creation of the VM has completed:"
3566
3786
msgstr ""
3567
3787
3568
#: serverguide/C/virtualization.xml:589(programlisting)
3788
#: serverguide/C/virtualization.xml:657(programlisting)
3569
3789
#, no-wrap
3570
3790
msgid ""
3571
3791
"$ uvt-kvm wait secondttest --insecure\n"
3572
3792
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3573
3793
msgstr ""
3574
3794
3575
#: serverguide/C/virtualization.xml:594(title)
3795
#: serverguide/C/virtualization.xml:662(title)
3576
3796
msgid "Connect to the running VM"
3577
3797
msgstr ""
3578
3798
3579
#: serverguide/C/virtualization.xml:595(para)
3799
#: serverguide/C/virtualization.xml:663(para)
3580
3800
msgid ""
3581
3801
"Once the virtual machine creation is completed, you can connect to it using "
3582
3802
"SSH:"
3583
3803
msgstr ""
3584
3804
3585
#: serverguide/C/virtualization.xml:598(programlisting)
3805
#: serverguide/C/virtualization.xml:666(programlisting)
3586
3806
#, no-wrap
3587
3807
msgid "$ uvt-kvm ssh secondtest --insecure"
3588
3808
msgstr ""
3589
3809
3590
#: serverguide/C/virtualization.xml:600(para)
3810
#: serverguide/C/virtualization.xml:668(para)
3591
3811
msgid ""
3592
3812
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3593
3813
"required, so use this mechanism to connect to your VM only if you completely "
3594
3814
"trust your network infrastructure."
3595
3815
msgstr ""
3596
3816
3597
#: serverguide/C/virtualization.xml:602(para)
3817
#: serverguide/C/virtualization.xml:670(para)
3598
3818
msgid ""
3599
3819
"You can also connect to your VM using a regular SSH session using the IP "
3600
3820
"address of the VM. The address can be queried using the following command:"
3601
3821
msgstr ""
3602
3822
3603
#: serverguide/C/virtualization.xml:604(programlisting)
3823
#: serverguide/C/virtualization.xml:672(programlisting)
3604
3824
#, no-wrap
3605
3825
msgid ""
3606
3826
"\n"
3642
3862
"\n"
3643
3863
msgstr ""
3644
3864
3645
#: serverguide/C/virtualization.xml:639(title)
3865
#: serverguide/C/virtualization.xml:707(title)
3646
3866
msgid "Get the list of running VMs"
3647
3867
msgstr ""
3648
3868
3649
#: serverguide/C/virtualization.xml:640(para)
3869
#: serverguide/C/virtualization.xml:708(para)
3650
3870
msgid "You can get the list of VMs running on your system with this command:"
3651
3871
msgstr ""
3652
3872
3653
#: serverguide/C/virtualization.xml:642(programlisting)
3873
#: serverguide/C/virtualization.xml:710(programlisting)
3654
3874
#, no-wrap
3655
3875
msgid ""
3656
3876
"$ uvt-kvm list\n"
3657
3877
"secondtest\n"
3658
3878
msgstr ""
3659
3879
3660
#: serverguide/C/virtualization.xml:647(title)
3880
#: serverguide/C/virtualization.xml:715(title)
3661
3881
msgid "Destroy your VM"
3662
3882
msgstr ""
3663
3883
3664
#: serverguide/C/virtualization.xml:648(para)
3884
#: serverguide/C/virtualization.xml:716(para)
3665
3885
msgid "Once you are done with your VM, you can destroy it with:"
3666
3886
msgstr ""
3667
3887
3668
#: serverguide/C/virtualization.xml:650(programlisting)
3888
#: serverguide/C/virtualization.xml:718(programlisting)
3669
3889
#, no-wrap
3670
3890
msgid "$ uvt-kvm destroy secondtest"
3671
3891
msgstr ""
3672
3892
3673
#: serverguide/C/virtualization.xml:652(title)
3893
#: serverguide/C/virtualization.xml:720(title)
3674
3894
msgid "More uvt-kvm options"
3675
3895
msgstr ""
3676
3896
3677
#: serverguide/C/virtualization.xml:654(para)
3897
#: serverguide/C/virtualization.xml:722(para)
3678
3898
msgid ""
3679
3899
"The following options can be used to change some of the characteristics of "
3680
3900
"the VM that you are creating:"
3681
3901
msgstr ""
3682
3902
3683
#: serverguide/C/virtualization.xml:657(para)
3903
#: serverguide/C/virtualization.xml:725(para)
3684
3904
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3685
3905
msgstr ""
3686
3906
3687
#: serverguide/C/virtualization.xml:658(para)
3907
#: serverguide/C/virtualization.xml:726(para)
3688
3908
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3689
3909
msgstr ""
3690
3910
3691
#: serverguide/C/virtualization.xml:659(para)
3911
#: serverguide/C/virtualization.xml:727(para)
3692
3912
msgid "--cpu : Number of CPU cores. Default: 1."
3693
3913
msgstr ""
3694
3914
3695
#: serverguide/C/virtualization.xml:662(para)
3915
#: serverguide/C/virtualization.xml:730(para)
3696
3916
msgid ""
3697
3917
"Some other parameters will have an impact on the cloud-init configuration:"
3698
3918
msgstr ""
3699
3919
3700
#: serverguide/C/virtualization.xml:664(para)
3920
#: serverguide/C/virtualization.xml:732(para)
3701
3921
msgid ""
3702
3922
"--password password : Allow login to the VM using the Ubuntu account and "
3703
3923
"this provided password."
3704
3924
msgstr ""
3705
3925
3706
#: serverguide/C/virtualization.xml:665(para)
3926
#: serverguide/C/virtualization.xml:733(para)
3707
3927
msgid ""
3708
3928
"--run-script-once script_file : Run script_file as root on the VM the first "
3709
3929
"time it is booted, but never again."
3710
3930
msgstr ""
3711
3931
3712
#: serverguide/C/virtualization.xml:666(para)
3932
#: serverguide/C/virtualization.xml:734(para)
3713
3933
msgid ""
3714
3934
"--packages package_list : Install the comma-separated packages specified in "
3715
3935
"package_list on first boot."
3716
3936
msgstr ""
3717
3937
3718
#: serverguide/C/virtualization.xml:669(para)
3938
#: serverguide/C/virtualization.xml:737(para)
3719
3939
msgid ""
3720
3940
"A complete description of all available modifiers is available in the "
3721
3941
"manpage of uvt-kvm."
3722
3942
msgstr ""
3723
3943
3724
#: serverguide/C/virtualization.xml:676(para)
3944
#: serverguide/C/virtualization.xml:744(para)
3725
3945
msgid ""
3726
3946
"If you are interested in learning more, have questions or suggestions, "
3727
3947
"please contact the Ubuntu Server Team at:"
3728
3948
msgstr ""
3729
3949
3730
#: serverguide/C/virtualization.xml:681(para)
3950
#: serverguide/C/virtualization.xml:749(para)
3731
3951
msgid "IRC: #ubuntu-server on freenode"
3732
3952
msgstr ""
3733
3953
3734
#: serverguide/C/virtualization.xml:685(para)
3954
#: serverguide/C/virtualization.xml:753(para)
3735
3955
msgid ""
3736
3956
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3737
3957
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3738
3958
msgstr ""
3739
3959
3740
#: serverguide/C/virtualization.xml:694(title)
3960
#: serverguide/C/virtualization.xml:762(title)
3741
3961
msgid "Ubuntu Cloud"
3742
3962
msgstr ""
3743
3963
3744
#: serverguide/C/virtualization.xml:696(para)
3964
#: serverguide/C/virtualization.xml:764(para)
3745
3965
msgid ""
3746
3966
"<application>Cloud computing</application> is a computing model that allows "
3747
3967
"vast pools of resources to be allocated on-demand. These resources such as "
3753
3973
"build highly scalable, cloud computing for both public and private clouds."
3754
3974
msgstr ""
3755
3975
3756
#: serverguide/C/virtualization.xml:707(title)
3976
#: serverguide/C/virtualization.xml:775(title)
3757
3977
msgid "Installation and Configuration"
3758
3978
msgstr ""
3759
3979
3760
#: serverguide/C/virtualization.xml:709(para)
3980
#: serverguide/C/virtualization.xml:777(para)
3761
3981
msgid ""
3762
3982
"Due to the current high rate of development of this complex technology we "
3763
3983
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
3765
3985
"concerning installation and configuration."
3766
3986
msgstr ""
3767
3987
3768
#: serverguide/C/virtualization.xml:718(title) serverguide/C/network-config.xml:1660(title)
3988
#: serverguide/C/virtualization.xml:786(title) serverguide/C/network-config.xml:1698(title)
3769
3989
msgid "Support and Troubleshooting"
3770
3990
msgstr ""
3771
3991
3772
#: serverguide/C/virtualization.xml:720(para)
3992
#: serverguide/C/virtualization.xml:788(para)
3773
3993
msgid "Community Support"
3774
3994
msgstr ""
3775
3995
3776
#: serverguide/C/virtualization.xml:724(ulink)
3996
#: serverguide/C/virtualization.xml:792(ulink)
3777
3997
msgid "OpenStack Mailing list"
3778
3998
msgstr ""
3779
3999
3780
#: serverguide/C/virtualization.xml:729(ulink)
4000
#: serverguide/C/virtualization.xml:797(ulink)
3781
4001
msgid "The OpenStack Wiki search"
3782
4002
msgstr ""
3783
4003
3784
#: serverguide/C/virtualization.xml:734(ulink)
4004
#: serverguide/C/virtualization.xml:802(ulink)
3785
4005
msgid "Launchpad bugs area"
3786
4006
msgstr ""
3787
4007
3788
#: serverguide/C/virtualization.xml:739(para)
4008
#: serverguide/C/virtualization.xml:807(para)
3789
4009
msgid "Join the IRC channel #openstack on freenode."
3790
4010
msgstr ""
3791
4011
3792
#: serverguide/C/virtualization.xml:750(ulink)
4012
#: serverguide/C/virtualization.xml:818(ulink)
3793
4013
msgid "Cloud Computing - Service models"
3794
4014
msgstr ""
3795
4015
3796
#: serverguide/C/virtualization.xml:756(ulink)
4016
#: serverguide/C/virtualization.xml:824(ulink)
3797
4017
msgid "OpenStack Compute"
3798
4018
msgstr ""
3799
4019
3800
#: serverguide/C/virtualization.xml:762(ulink)
4020
#: serverguide/C/virtualization.xml:830(ulink)
3801
4021
msgid "OpenStack Image Service"
3802
4022
msgstr ""
3803
4023
3804
#: serverguide/C/virtualization.xml:768(ulink)
4024
#: serverguide/C/virtualization.xml:836(ulink)
3805
4025
msgid "OpenStack Object Storage Administration Guide"
3806
4026
msgstr ""
3807
4027
3808
#: serverguide/C/virtualization.xml:774(ulink)
4028
#: serverguide/C/virtualization.xml:842(ulink)
3809
4029
msgid "Installing OpenStack Object Storage on Ubuntu"
3810
4030
msgstr ""
3811
4031
3812
#: serverguide/C/virtualization.xml:780(ulink)
4032
#: serverguide/C/virtualization.xml:848(ulink)
3813
4033
msgid "http://cloudglossary.com/"
3814
4034
msgstr ""
3815
4035
3816
#: serverguide/C/virtualization.xml:790(title)
4036
#: serverguide/C/virtualization.xml:858(title)
3817
4037
msgid "LXD"
3818
4038
msgstr ""
3819
4039
3820
#: serverguide/C/virtualization.xml:792(para)
4040
#: serverguide/C/virtualization.xml:860(para)
3821
4041
msgid ""
3822
4042
"LXD (pronounced lex-dee) is the lightervisor, or lightweight container "
3823
4043
"hypervisor. While this claim has been controversial, it has been <ulink "
3827
4047
"url=\"https://help.ubuntu.com/lts/serverguide/lxc.html\">LXC</ulink>."
3828
4048
msgstr ""
3829
4049
3830
#: serverguide/C/virtualization.xml:801(para)
4050
#: serverguide/C/virtualization.xml:869(para)
3831
4051
msgid ""
3832
4052
"LXC (lex-see) is a program which creates and administers \"containers\" on a "
3833
4053
"local system. It also provides an API to allow higher level managers, such "
3835
4055
"while comparing LXD to libvirt."
3836
4056
msgstr ""
3837
4057
3838
#: serverguide/C/virtualization.xml:808(para)
4058
#: serverguide/C/virtualization.xml:876(para)
3839
4059
msgid ""
3840
4060
"The LXC API deals with a 'container'. The LXD API deals with 'remotes', "
3841
4061
"which serve images and containers. This extends the LXC functionality over "
3843
4063
"and container image publishing."
3844
4064
msgstr ""
3845
4065
3846
#: serverguide/C/virtualization.xml:815(para)
4066
#: serverguide/C/virtualization.xml:883(para)
3847
4067
msgid ""
3848
4068
"LXD uses LXC under the covers for some container management tasks. However, "
3849
4069
"it keeps its own container configuration information and has its own "
3852
4072
"LXD on Ubuntu systems."
3853
4073
msgstr ""
3854
4074
3855
#: serverguide/C/virtualization.xml:823(title)
4075
#: serverguide/C/virtualization.xml:891(title)
3856
4076
msgid "Online Resources"
3857
4077
msgstr ""
3858
4078
3859
#: serverguide/C/virtualization.xml:825(para)
4079
#: serverguide/C/virtualization.xml:893(para)
3860
4080
msgid ""
3861
4081
"There is excellent documentation for <ulink "
3862
4082
"url=\"http://github.com/lxc/lxd\">getting started with LXD</ulink> in the "
3870
4090
"juju</ulink>."
3871
4091
msgstr ""
3872
4092
3873
#: serverguide/C/virtualization.xml:832(para)
4093
#: serverguide/C/virtualization.xml:900(para)
3874
4094
msgid ""
3875
4095
"This document will offer an Ubuntu Server-specific view of LXD, focusing on "
3876
4096
"administration."
3877
4097
msgstr ""
3878
4098
3879
#: serverguide/C/virtualization.xml:840(para)
4099
#: serverguide/C/virtualization.xml:908(para)
3880
4100
msgid ""
3881
4101
"LXD is pre-installed on Ubuntu Server cloud images. On other systems, the "
3882
4102
"lxd package can be installed using:"
3883
4103
msgstr ""
3884
4104
3885
#: serverguide/C/virtualization.xml:846(command)
4105
#: serverguide/C/virtualization.xml:914(command)
3886
4106
msgid "sudo apt install lxd"
3887
4107
msgstr ""
3888
4108
3889
#: serverguide/C/virtualization.xml:851(para)
4109
#: serverguide/C/virtualization.xml:919(para)
3890
4110
msgid ""
3891
4111
"This will install LXD as well as the recommended dependencies, including the "
3892
4112
"LXC library and lxcfs."
3893
4113
msgstr ""
3894
4114
3895
#: serverguide/C/virtualization.xml:857(title)
4115
#: serverguide/C/virtualization.xml:925(title)
3896
4116
msgid "Kernel preparation"
3897
4117
msgstr ""
3898
4118
3899
#: serverguide/C/virtualization.xml:859(para)
4119
#: serverguide/C/virtualization.xml:927(para)
3900
4120
msgid ""
3901
4121
"In general, Ubuntu 16.04 should have all the desired features enabled by "
3902
4122
"default. One exception to this is that in order to enable swap accounting "
3906
4126
"then running 'update-grub' as root and rebooting."
3907
4127
msgstr ""
3908
4128
3909
#: serverguide/C/virtualization.xml:871(para)
4129
#: serverguide/C/virtualization.xml:939(para)
3910
4130
msgid ""
3911
4131
"By default, LXD is installed listening on a local UNIX socket, which members "
3912
4132
"of group LXD can talk to. It has no trust password setup. And it uses the "
3915
4135
"will allow you to choose:"
3916
4136
msgstr ""
3917
4137
3918
#: serverguide/C/virtualization.xml:881(para)
4138
#: serverguide/C/virtualization.xml:949(para)
3919
4139
msgid ""
3920
4140
"Directory or <ulink url=\"http://open-zfs.org\">ZFS</ulink> container "
3921
4141
"backend. If you choose ZFS, you can choose which block devices to use, or "
3922
4142
"the size of a file to use as backing store."
3923
4143
msgstr ""
3924
4144
3925
#: serverguide/C/virtualization.xml:885(para)
4145
#: serverguide/C/virtualization.xml:953(para)
3926
4146
msgid "Availability over the network"
3927
4147
msgstr ""
3928
4148
3929
#: serverguide/C/virtualization.xml:887(para)
4149
#: serverguide/C/virtualization.xml:955(para)
3930
4150
msgid ""
3931
4151
"A 'trust password' used by remote clients to vouch for their client "
3932
4152
"certificate"
3933
4153
msgstr ""
3934
4154
3935
#: serverguide/C/virtualization.xml:891(para)
4155
#: serverguide/C/virtualization.xml:959(para)
3936
4156
msgid ""
3937
4157
"You must run 'lxd init' as root. 'lxc' commands can be run as any user who "
3938
4158
"is member of group lxd. If user joe is not a member of group 'lxd', you may "
3939
4159
"run:"
3940
4160
msgstr ""
3941
4161
3942
#: serverguide/C/virtualization.xml:898(command)
4162
#: serverguide/C/virtualization.xml:966(command)
3943
4163
msgid "adduser joe lxd"
3944
4164
msgstr ""
3945
4165
3946
#: serverguide/C/virtualization.xml:903(para)
4166
#: serverguide/C/virtualization.xml:971(para)
3947
4167
msgid ""
3948
4168
"as root to change it. The new membership will take effect on the next login, "
3949
4169
"or after running 'newgrp lxd' from an existing login."
3950
4170
msgstr ""
3951
4171
3952
#: serverguide/C/virtualization.xml:908(para)
4172
#: serverguide/C/virtualization.xml:976(para)
3953
4173
msgid ""
3954
4174
"For more information on server, container, profile, and device "
3955
4175
"configuration, please refer to the definitive configuration provided with "
3958
4178
"link>"
3959
4179
msgstr ""
3960
4180
3961
#: serverguide/C/virtualization.xml:916(title)
4181
#: serverguide/C/virtualization.xml:984(title)
3962
4182
msgid "Creating your first container"
3963
4183
msgstr ""
3964
4184
3965
#: serverguide/C/virtualization.xml:918(para)
4185
#: serverguide/C/virtualization.xml:986(para)
3966
4186
msgid "This section will describe the simplest container tasks."
3967
4187
msgstr ""
3968
4188
3969
#: serverguide/C/virtualization.xml:922(title)
4189
#: serverguide/C/virtualization.xml:990(title)
3970
4190
msgid "Creating a container"
3971
4191
msgstr ""
3972
4192
3973
#: serverguide/C/virtualization.xml:924(para)
4193
#: serverguide/C/virtualization.xml:992(para)
3974
4194
msgid ""
3975
4195
"Every new container is created based on either an image, an existing "
3976
4196
"container, or a container snapshot. At install time, LXD is configured with "
3977
4197
"the following image servers:"
3978
4198
msgstr ""
3979
4199
3980
#: serverguide/C/virtualization.xml:932(para)
4200
#: serverguide/C/virtualization.xml:1000(para)
3981
4201
msgid ""
3982
4202
"<filename>ubuntu</filename>: this serves official Ubuntu server cloud image "
3983
4203
"releases."
3984
4204
msgstr ""
3985
4205
3986
#: serverguide/C/virtualization.xml:935(para)
4206
#: serverguide/C/virtualization.xml:1003(para)
3987
4207
msgid ""
3988
4208
"<filename>ubuntu-daily</filename>: this serves official Ubuntu server cloud "
3989
4209
"images of the daily development releases."
3990
4210
msgstr ""
3991
4211
3992
#: serverguide/C/virtualization.xml:939(para)
4212
#: serverguide/C/virtualization.xml:1007(para)
3993
4213
msgid ""
3994
4214
"<filename>images</filename>: this is a default-installed alias for "
3995
4215
"images.linuxcontainers.org. This is serves classical lxc images built using "
3998
4218
"recommended server for Ubuntu images."
3999
4219
msgstr ""
4000
4220
4001
#: serverguide/C/virtualization.xml:947(para)
4221
#: serverguide/C/virtualization.xml:1015(para)
4002
4222
msgid "The command to create and start a container is"
4003
4223
msgstr ""
4004
4224
4005
#: serverguide/C/virtualization.xml:952(command)
4225
#: serverguide/C/virtualization.xml:1020(command)
4006
4226
msgid "lxc launch remote:image containername"
4007
4227
msgstr ""
4008
4228
4009
#: serverguide/C/virtualization.xml:957(para)
4229
#: serverguide/C/virtualization.xml:1025(para)
4010
4230
msgid ""
4011
4231
"Images are identified by their hash, but are also aliased. The 'ubuntu' "
4012
4232
"server knows many aliases such as '16.04' and 'xenial'. A list of all images "
4013
4233
"available from the Ubuntu Server can be seen using:"
4014
4234
msgstr ""
4015
4235
4016
#: serverguide/C/virtualization.xml:964(command) serverguide/C/virtualization.xml:1488(command)
4236
#: serverguide/C/virtualization.xml:1032(command) serverguide/C/virtualization.xml:1556(command)
4017
4237
msgid "lxc image list ubuntu:"
4018
4238
msgstr ""
4019
4239
4020
#: serverguide/C/virtualization.xml:969(para)
4240
#: serverguide/C/virtualization.xml:1037(para)
4021
4241
msgid ""
4022
4242
"To see more information about a particular image, including all the aliases "
4023
4243
"it is known by, you can use:"
4024
4244
msgstr ""
4025
4245
4026
#: serverguide/C/virtualization.xml:975(command)
4246
#: serverguide/C/virtualization.xml:1043(command)
4027
4247
msgid "lxc image info ubuntu:xenial"
4028
4248
msgstr ""
4029
4249
4030
#: serverguide/C/virtualization.xml:980(para)
4250
#: serverguide/C/virtualization.xml:1048(para)
4031
4251
msgid ""
4032
4252
"You can generally refer to an Ubuntu image using the release name ('xenial') "
4033
4253
"or the release number (16.04). In addition, 'lts' is an alias for the latest "
4035
4255
"the desired architecture:"
4036
4256
msgstr ""
4037
4257
4038
#: serverguide/C/virtualization.xml:988(command)
4258
#: serverguide/C/virtualization.xml:1056(command)
4039
4259
msgid "lxc image info ubuntu:lts/arm64"
4040
4260
msgstr ""
4041
4261
4042
#: serverguide/C/virtualization.xml:993(para)
4262
#: serverguide/C/virtualization.xml:1061(para)
4043
4263
msgid "Now, let's start our first container:"
4044
4264
msgstr ""
4045
4265
4046
#: serverguide/C/virtualization.xml:998(command)
4266
#: serverguide/C/virtualization.xml:1066(command)
4047
4267
msgid "lxc launch ubuntu:xenial x1"
4048
4268
msgstr ""
4049
4269
4050
#: serverguide/C/virtualization.xml:1003(para)
4270
#: serverguide/C/virtualization.xml:1071(para)
4051
4271
msgid ""
4052
4272
"This will download the official current Xenial cloud image for your current "
4053
4273
"architecture, then create a container using that image, and finally start "
4054
4274
"it. Once the command returns, you can see it using:"
4055
4275
msgstr ""
4056
4276
4057
#: serverguide/C/virtualization.xml:1010(command)
4277
#: serverguide/C/virtualization.xml:1078(command)
4058
4278
msgid "lxc list lxc info x1"
4059
4279
msgstr ""
4060
4280
4061
#: serverguide/C/virtualization.xml:1016(para)
4281
#: serverguide/C/virtualization.xml:1084(para)
4062
4282
msgid "and open a shell in it using:"
4063
4283
msgstr ""
4064
4284
4065
#: serverguide/C/virtualization.xml:1021(command)
4285
#: serverguide/C/virtualization.xml:1089(command)
4066
4286
msgid "lxc exec x1 bash"
4067
4287
msgstr ""
4068
4288
4069
#: serverguide/C/virtualization.xml:1026(para)
4289
#: serverguide/C/virtualization.xml:1094(para)
4070
4290
msgid ""
4071
4291
"The try-it page gives a full synopsis of the commands you can use to "
4072
4292
"administer containers."
4073
4293
msgstr ""
4074
4294
4075
#: serverguide/C/virtualization.xml:1031(para)
4295
#: serverguide/C/virtualization.xml:1099(para)
4076
4296
msgid ""
4077
4297
"Now that the 'xenial' image has been downloaded, it will be kept in sync "
4078
4298
"until no new containers have been created based on it for (by default) 10 "
4079
4299
"days. After that, it will be deleted."
4080
4300
msgstr ""
4081
4301
4082
#: serverguide/C/virtualization.xml:1039(title)
4302
#: serverguide/C/virtualization.xml:1107(title)
4083
4303
msgid "LXD Server Configuration"
4084
4304
msgstr ""
4085
4305
4086
#: serverguide/C/virtualization.xml:1041(para)
4306
#: serverguide/C/virtualization.xml:1109(para)
4087
4307
msgid ""
4088
4308
"By default, LXD is socket activated and configured to listen only on a local "
4089
4309
"UNIX socket. While LXD may not be running when you first look at the process "
4090
4310
"listing, any LXC command will start it up. For instance:"
4091
4311
msgstr ""
4092
4312
4093
#: serverguide/C/virtualization.xml:1048(command)
4313
#: serverguide/C/virtualization.xml:1116(command)
4094
4314
msgid "lxc list"
4095
4315
msgstr ""
4096
4316
4097
#: serverguide/C/virtualization.xml:1053(para)
4317
#: serverguide/C/virtualization.xml:1121(para)
4098
4318
msgid ""
4099
4319
"This will create your client certificate and contact the LXD server for a "
4100
4320
"list of containers. To make the server accessible over the network you can "
4101
4321
"set the http port using:"
4102
4322
msgstr ""
4103
4323
4104
#: serverguide/C/virtualization.xml:1060(command)
4324
#: serverguide/C/virtualization.xml:1128(command)
4105
4325
msgid "lxc config set core.https_address :8443"
4106
4326
msgstr ""
4107
4327
4108
#: serverguide/C/virtualization.xml:1065(para)
4328
#: serverguide/C/virtualization.xml:1133(para)
4109
4329
msgid "This will tell LXD to listen to port 8843 on all addresses."
4110
4330
msgstr ""
4111
4331
4112
#: serverguide/C/virtualization.xml:1069(title)
4332
#: serverguide/C/virtualization.xml:1137(title)
4113
4333
msgid "Authentication"
4114
4334
msgstr ""
4115
4335
4116
#: serverguide/C/virtualization.xml:1071(para)
4336
#: serverguide/C/virtualization.xml:1139(para)
4117
4337
msgid ""
4118
4338
"By default, LXD will allow all members of group 'lxd' (which by default "
4119
4339
"includes all members of group admin) to talk to it over the UNIX socket. "
4121
4341
"certificates."
4122
4342
msgstr ""
4123
4343
4124
#: serverguide/C/virtualization.xml:1077(para)
4344
#: serverguide/C/virtualization.xml:1145(para)
4125
4345
msgid ""
4126
4346
"Before client c1 wishes to use remote r1, r1 must be registered using:"
4127
4347
msgstr ""
4128
4348
4129
#: serverguide/C/virtualization.xml:1082(command)
4349
#: serverguide/C/virtualization.xml:1150(command)
4130
4350
msgid "lxc remote add r1 r1.example.com:8443"
4131
4351
msgstr ""
4132
4352
4133
#: serverguide/C/virtualization.xml:1087(para)
4353
#: serverguide/C/virtualization.xml:1155(para)
4134
4354
msgid ""
4135
4355
"The fingerprint of r1's certificate will be shown, to allow the user at c1 "
4136
4356
"to reject a false certificate. The server in turn will verify that c1 may be "
4138
4358
"already-registered client, using:"
4139
4359
msgstr ""
4140
4360
4141
#: serverguide/C/virtualization.xml:1095(command)
4361
#: serverguide/C/virtualization.xml:1163(command)
4142
4362
msgid "lxc config trust add r1 certfile.crt"
4143
4363
msgstr ""
4144
4364
4145
#: serverguide/C/virtualization.xml:1100(para)
4365
#: serverguide/C/virtualization.xml:1168(para)
4146
4366
msgid ""
4147
4367
"Now when the client adds r1 as a known remote, it will not need to provide a "
4148
4368
"password as it is already trusted by the server."
4149
4369
msgstr ""
4150
4370
4151
#: serverguide/C/virtualization.xml:1105(para)
4371
#: serverguide/C/virtualization.xml:1173(para)
4152
4372
msgid ""
4153
4373
"The other is to configure a 'trust password' with r1, either at initial "
4154
4374
"configuration using 'lxd init', or after the fact using"
4155
4375
msgstr ""
4156
4376
4157
#: serverguide/C/virtualization.xml:1111(command)
4377
#: serverguide/C/virtualization.xml:1179(command)
4158
4378
msgid "lxc config set core.trust_password PASSWORD"
4159
4379
msgstr ""
4160
4380
4161
#: serverguide/C/virtualization.xml:1116(para)
4381
#: serverguide/C/virtualization.xml:1184(para)
4162
4382
msgid ""
4163
4383
"The password can then be provided when the client registers r1 as a known "
4164
4384
"remote."
4165
4385
msgstr ""
4166
4386
4167
#: serverguide/C/virtualization.xml:1123(title)
4387
#: serverguide/C/virtualization.xml:1191(title)
4168
4388
msgid "Backing store"
4169
4389
msgstr ""
4170
4390
4171
#: serverguide/C/virtualization.xml:1125(para)
4391
#: serverguide/C/virtualization.xml:1193(para)
4172
4392
msgid ""
4173
4393
"LXD supports several backing stores. The recommended backing store is ZFS, "
4174
4394
"however this is not available on all platforms. Supported backing stores "
4175
4395
"include:"
4176
4396
msgstr ""
4177
4397
4178
#: serverguide/C/virtualization.xml:1133(para)
4398
#: serverguide/C/virtualization.xml:1201(para)
4179
4399
msgid ""
4180
4400
"ext4: this is the default, and easiest to use. With an ext4 backing store, "
4181
4401
"containers and images are simply stored as directories on the host "
4183
4403
"and 10 containers will take up 10 times as much space as one container."
4184
4404
msgstr ""
4185
4405
4186
#: serverguide/C/virtualization.xml:1142(para)
4406
#: serverguide/C/virtualization.xml:1210(para)
4187
4407
msgid ""
4188
4408
"ZFS: if ZFS is supported on your architecture (amd64, arm64, or ppc64le), "
4189
4409
"you can set LXD up to use it using 'lxd init'. If you already have a ZFS "
4191
4411
"configuration key:"
4192
4412
msgstr ""
4193
4413
4194
#: serverguide/C/virtualization.xml:1150(command)
4414
#: serverguide/C/virtualization.xml:1218(command)
4195
4415
msgid "lxc config set storage.zfs_pool_name lxd"
4196
4416
msgstr ""
4197
4417
4198
#: serverguide/C/virtualization.xml:1155(para)
4418
#: serverguide/C/virtualization.xml:1223(para)
4199
4419
msgid ""
4200
4420
"With ZFS, launching a new container is fast because the filesystem starts as "
4201
4421
"a copy on write clone of the images' filesystem. Note that unless the "
4204
4424
"little of the actual filesystem data."
4205
4425
msgstr ""
4206
4426
4207
#: serverguide/C/virtualization.xml:1165(para)
4427
#: serverguide/C/virtualization.xml:1233(para)
4208
4428
msgid ""
4209
4429
"Btrfs: btrfs can be used with many of the same advantages as ZFS. To use "
4210
4430
"BTRFS as a LXD backing store, simply mount a Btrfs filesystem under "
4213
4433
"container."
4214
4434
msgstr ""
4215
4435
4216
#: serverguide/C/virtualization.xml:1175(para)
4436
#: serverguide/C/virtualization.xml:1243(para)
4217
4437
msgid ""
4218
4438
"LVM: To use a LVM volume group called 'lxd', you may tell LXD to use that "
4219
4439
"for containers and images using the command"
4220
4440
msgstr ""
4221
4441
4222
#: serverguide/C/virtualization.xml:1181(command)
4442
#: serverguide/C/virtualization.xml:1249(command)
4223
4443
msgid "lxc config set storage.lvm_vg_name lxd"
4224
4444
msgstr ""
4225
4445
4226
#: serverguide/C/virtualization.xml:1186(para)
4446
#: serverguide/C/virtualization.xml:1254(para)
4227
4447
msgid ""
4228
4448
"When launching a new container, its rootfs will start as a lv clone. It is "
4229
4449
"immediately mounted so that the file uids can be shifted, then unmounted. "
4230
4450
"Container snapshots also are created as lv snapshots."
4231
4451
msgstr ""
4232
4452
4233
#: serverguide/C/virtualization.xml:1196(title)
4453
#: serverguide/C/virtualization.xml:1264(title)
4234
4454
msgid "Container configuration"
4235
4455
msgstr ""
4236
4456
4237
#: serverguide/C/virtualization.xml:1198(para)
4457
#: serverguide/C/virtualization.xml:1266(para)
4238
4458
msgid ""
4239
4459
"Containers are configured according to a set of profiles, described in the "
4240
4460
"next section, and a set of container-specific configuration. Profiles are "
4242
4462
"configuration."
4243
4463
msgstr ""
4244
4464
4245
#: serverguide/C/virtualization.xml:1205(para)
4465
#: serverguide/C/virtualization.xml:1273(para)
4246
4466
msgid ""
4247
4467
"Container configuration includes properties like the architecture, limits on "
4248
4468
"resources such as CPU and RAM, security details including apparmor "
4249
4469
"restriction overrides, and devices to apply to the container."
4250
4470
msgstr ""
4251
4471
4252
#: serverguide/C/virtualization.xml:1211(para)
4472
#: serverguide/C/virtualization.xml:1279(para)
4253
4473
msgid ""
4254
4474
"Devices can be of several types, including UNIX character, UNIX block, "
4255
4475
"network interface, or 'disk'. In order to insert a host mount into a "
4257
4477
"in container c1 at /opt, you could use:"
4258
4478
msgstr ""
4259
4479
4260
#: serverguide/C/virtualization.xml:1219(command)
4480
#: serverguide/C/virtualization.xml:1287(command)
4261
4481
msgid "lxc config device add c1 opt disk source=/opt path=opt"
4262
4482
msgstr ""
4263
4483
4264
#: serverguide/C/virtualization.xml:1224(para)
4484
#: serverguide/C/virtualization.xml:1292(para)
4265
4485
msgid "See:"
4266
4486
msgstr ""
4267
4487
4268
#: serverguide/C/virtualization.xml:1229(command)
4488
#: serverguide/C/virtualization.xml:1297(command)
4269
4489
msgid "lxc help config"
4270
4490
msgstr ""
4271
4491
4272
#: serverguide/C/virtualization.xml:1234(para)
4492
#: serverguide/C/virtualization.xml:1302(para)
4273
4493
msgid ""
4274
4494
"for more information about editing container configurations. You may also "
4275
4495
"use:"
4276
4496
msgstr ""
4277
4497
4278
#: serverguide/C/virtualization.xml:1240(command)
4498
#: serverguide/C/virtualization.xml:1308(command)
4279
4499
msgid "lxc config edit c1"
4280
4500
msgstr ""
4281
4501
4282
#: serverguide/C/virtualization.xml:1245(para)
4502
#: serverguide/C/virtualization.xml:1313(para)
4283
4503
msgid ""
4284
4504
"to edit the whole of c1's configuration in your specified $EDITOR. Comments "
4285
4505
"at the top of the configuration will show examples of correct syntax to help "
4287
4507
"valid when the $EDITOR is exited, then $EDITOR will be restarted."
4288
4508
msgstr ""
4289
4509
4290
#: serverguide/C/virtualization.xml:1255(title) serverguide/C/security.xml:1065(title)
4510
#: serverguide/C/virtualization.xml:1323(title) serverguide/C/security.xml:1065(title)
4291
4511
msgid "Profiles"
4292
4512
msgstr ""
4293
4513
4294
#: serverguide/C/virtualization.xml:1257(para)
4514
#: serverguide/C/virtualization.xml:1325(para)
4295
4515
msgid ""
4296
4516
"Profiles are named collections of configurations which may be applied to "
4297
4517
"more than one container. For instance, all containers created with 'lxc "
4299
4519
"interface 'eth0'."
4300
4520
msgstr ""
4301
4521
4302
#: serverguide/C/virtualization.xml:1264(para)
4522
#: serverguide/C/virtualization.xml:1332(para)
4303
4523
msgid ""
4304
4524
"To mask a device which would be inherited from a profile but which should "
4305
4525
"not be in the final container, define a device by the same name but of type "
4306
4526
"'none':"
4307
4527
msgstr ""
4308
4528
4309
#: serverguide/C/virtualization.xml:1271(command)
4529
#: serverguide/C/virtualization.xml:1339(command)
4310
4530
msgid "lxc config device add c1 eth1 none"
4311
4531
msgstr ""
4312
4532
4313
#: serverguide/C/virtualization.xml:1277(title) serverguide/C/virtualization.xml:1869(title)
4533
#: serverguide/C/virtualization.xml:1345(title) serverguide/C/virtualization.xml:1937(title)
4314
4534
msgid "Nesting"
4315
4535
msgstr ""
4316
4536
4317
#: serverguide/C/virtualization.xml:1279(para)
4537
#: serverguide/C/virtualization.xml:1347(para)
4318
4538
msgid ""
4319
4539
"Containers all share the same host kernel. This means that there is always "
4320
4540
"an inherent trade-off between features exposed to the container and host "
4324
4544
"must be set to true:"
4325
4545
msgstr ""
4326
4546
4327
#: serverguide/C/virtualization.xml:1289(command)
4547
#: serverguide/C/virtualization.xml:1357(command)
4328
4548
msgid "lxc config set container1 security.nesting true"
4329
4549
msgstr ""
4330
4550
4331
#: serverguide/C/virtualization.xml:1294(para)
4551
#: serverguide/C/virtualization.xml:1362(para)
4332
4552
msgid "Once this is done, container1 will be able to start sub-containers."
4333
4553
msgstr ""
4334
4554
4335
#: serverguide/C/virtualization.xml:1298(para)
4555
#: serverguide/C/virtualization.xml:1366(para)
4336
4556
msgid ""
4337
4557
"In order to run unprivileged (the default in LXD) containers nested under an "
4338
4558
"unprivileged container, you will need to ensure a wide enough UID mapping. "
4339
4559
"Please see the 'UID mapping' section below."
4340
4560
msgstr ""
4341
4561
4342
#: serverguide/C/virtualization.xml:1304(title)
4562
#: serverguide/C/virtualization.xml:1372(title)
4343
4563
msgid "Docker"
4344
4564
msgstr ""
4345
4565
4346
#: serverguide/C/virtualization.xml:1306(para)
4566
#: serverguide/C/virtualization.xml:1374(para)
4347
4567
msgid ""
4348
4568
"In order to facilitate running docker containers inside a LXD container, a "
4349
4569
"'docker' profile is provided. To launch a new container with the docker "
4350
4570
"profile, you can run:"
4351
4571
msgstr ""
4352
4572
4353
#: serverguide/C/virtualization.xml:1313(command)
4573
#: serverguide/C/virtualization.xml:1381(command)
4354
4574
msgid "lxc launch xenial container1 -p default -p docker"
4355
4575
msgstr ""
4356
4576
4357
#: serverguide/C/virtualization.xml:1318(para)
4577
#: serverguide/C/virtualization.xml:1386(para)
4358
4578
msgid ""
4359
4579
"Note that currently the docker package in Ubuntu 16.04 is patched to "
4360
4580
"facilitate running in a container. This support is expected to land upstream "
4361
4581
"soon."
4362
4582
msgstr ""
4363
4583
4364
#: serverguide/C/virtualization.xml:1324(para)
4584
#: serverguide/C/virtualization.xml:1392(para)
4365
4585
msgid ""
4366
4586
"Note that 'cgroup namespace' support is also required. This is available in "
4367
4587
"the 16.04 kernel as well as in the 4.6 upstream source."
4368
4588
msgstr ""
4369
4589
4370
#: serverguide/C/virtualization.xml:1333(title)
4590
#: serverguide/C/virtualization.xml:1401(title)
4371
4591
msgid "Limits"
4372
4592
msgstr ""
4373
4593
4374
#: serverguide/C/virtualization.xml:1335(para)
4594
#: serverguide/C/virtualization.xml:1403(para)
4375
4595
msgid ""
4376
4596
"LXD supports flexible constraints on the resources which containers can "
4377
4597
"consume. The limits come in the following categories:"
4378
4598
msgstr ""
4379
4599
4380
#: serverguide/C/virtualization.xml:1342(para)
4600
#: serverguide/C/virtualization.xml:1410(para)
4381
4601
msgid "CPU: limit cpu available to the container in several ways."
4382
4602
msgstr ""
4383
4603
4384
#: serverguide/C/virtualization.xml:1345(para)
4604
#: serverguide/C/virtualization.xml:1413(para)
4385
4605
msgid "Disk: configure the priority of I/O requests under load"
4386
4606
msgstr ""
4387
4607
4388
#: serverguide/C/virtualization.xml:1348(para)
4608
#: serverguide/C/virtualization.xml:1416(para)
4389
4609
msgid "RAM: configure memory and swap availability"
4390
4610
msgstr ""
4391
4611
4392
#: serverguide/C/virtualization.xml:1351(para)
4612
#: serverguide/C/virtualization.xml:1419(para)
4393
4613
msgid "Network: configure the network priority under load"
4394
4614
msgstr ""
4395
4615
4396
#: serverguide/C/virtualization.xml:1354(para)
4616
#: serverguide/C/virtualization.xml:1422(para)
4397
4617
msgid "Processes: limit the number of concurrent processes in the container."
4398
4618
msgstr ""
4399
4619
4400
#: serverguide/C/virtualization.xml:1358(para)
4620
#: serverguide/C/virtualization.xml:1426(para)
4401
4621
msgid ""
4402
4622
"For a full list of limits known to LXD, see <ulink "
4403
4623
"url=\"https://github.com/lxc/lxd/blob/master/doc/configuration.md\"> the "
4404
4624
"configuration documentation</ulink>."
4405
4625
msgstr ""
4406
4626
4407
#: serverguide/C/virtualization.xml:1366(title)
4627
#: serverguide/C/virtualization.xml:1434(title)
4408
4628
msgid "UID mappings and Privileged containers"
4409
4629
msgstr ""
4410
4630
4411
#: serverguide/C/virtualization.xml:1368(para)
4631
#: serverguide/C/virtualization.xml:1436(para)
4412
4632
msgid ""
4413
4633
"By default, LXD creates unprivileged containers. This means that root in the "
4414
4634
"container is a non-root UID on the host. It is privileged against the "
4418
4638
"the system call interface)"
4419
4639
msgstr ""
4420
4640
4421
#: serverguide/C/virtualization.xml:1377(para)
4641
#: serverguide/C/virtualization.xml:1445(para)
4422
4642
msgid ""
4423
4643
"Briefly, in an unprivileged container, 65536 UIDs are 'shifted' into the "
4424
4644
"container. For instance, UID 0 in the container may be 100000 on the host, "
4430
4650
"subuid(5) manual page</ulink>."
4431
4651
msgstr ""
4432
4652
4433
#: serverguide/C/virtualization.xml:1387(para)
4653
#: serverguide/C/virtualization.xml:1455(para)
4434
4654
msgid ""
4435
4655
"It is possible to request a container to run without a UID mapping by "
4436
4656
"setting the security.privileged flag to true:"
4437
4657
msgstr ""
4438
4658
4439
#: serverguide/C/virtualization.xml:1393(command)
4659
#: serverguide/C/virtualization.xml:1461(command)
4440
4660
msgid "lxc config set c1 security.privileged true"
4441
4661
msgstr ""
4442
4662
4443
#: serverguide/C/virtualization.xml:1398(para)
4663
#: serverguide/C/virtualization.xml:1466(para)
4444
4664
msgid ""
4445
4665
"Note however that in this case the root user in the container is the root "
4446
4666
"user on the host."
4447
4667
msgstr ""
4448
4668
4449
#: serverguide/C/virtualization.xml:1405(title) serverguide/C/virtualization.xml:2144(title)
4669
#: serverguide/C/virtualization.xml:1473(title) serverguide/C/virtualization.xml:2212(title)
4450
4670
msgid "Apparmor"
4451
4671
msgstr ""
4452
4672
4453
#: serverguide/C/virtualization.xml:1407(para)
4673
#: serverguide/C/virtualization.xml:1475(para)
4454
4674
msgid ""
4455
4675
"LXD confines containers by default with an apparmor profile which protects "
4456
4676
"containers from each other and the host from containers. For instance this "
4460
4680
"/proc/sysrq-trigger</filename>."
4461
4681
msgstr ""
4462
4682
4463
#: serverguide/C/virtualization.xml:1416(para)
4683
#: serverguide/C/virtualization.xml:1484(para)
4464
4684
msgid ""
4465
4685
"If the apparmor policy for a container needs to be modified for a container "
4466
4686
"c1, specific apparmor policy lines can be added in the 'raw.apparmor' "
4467
4687
"configuration key."
4468
4688
msgstr ""
4469
4689
4470
#: serverguide/C/virtualization.xml:1424(title)
4690
#: serverguide/C/virtualization.xml:1492(title)
4471
4691
msgid "Seccomp"
4472
4692
msgstr ""
4473
4693
4474
#: serverguide/C/virtualization.xml:1426(para)
4694
#: serverguide/C/virtualization.xml:1494(para)
4475
4695
msgid ""
4476
4696
"All containers are confined by a default seccomp policy. This policy "
4477
4697
"prevents some dangerous actions such as forced umounts, kernel module "
4480
4700
"seccomp policy - or none - can be requested using raw.lxc (see below)."
4481
4701
msgstr ""
4482
4702
4483
#: serverguide/C/virtualization.xml:1436(title)
4703
#: serverguide/C/virtualization.xml:1504(title)
4484
4704
msgid "Raw LXC configuration"
4485
4705
msgstr ""
4486
4706
4487
#: serverguide/C/virtualization.xml:1438(para)
4707
#: serverguide/C/virtualization.xml:1506(para)
4488
4708
msgid ""
4489
4709
"LXD configures containers for the best balance of host safety and container "
4490
4710
"usability. Whenever possible it is highly recommended to use the defaults, "
4497
4717
".html\"> the lxc.container.conf(5) manual page</ulink>."
4498
4718
msgstr ""
4499
4719
4500
#: serverguide/C/virtualization.xml:1457(title)
4720
#: serverguide/C/virtualization.xml:1525(title)
4501
4721
msgid "Images and containers"
4502
4722
msgstr ""
4503
4723
4504
#: serverguide/C/virtualization.xml:1459(para)
4724
#: serverguide/C/virtualization.xml:1527(para)
4505
4725
msgid ""
4506
4726
"LXD is image based. When you create your first container, you will generally "
4507
4727
"do so using an existing image. LXD comes pre-configured with three default "
4508
4728
"image remotes:"
4509
4729
msgstr ""
4510
4730
4511
#: serverguide/C/virtualization.xml:1467(para)
4731
#: serverguide/C/virtualization.xml:1535(para)
4512
4732
msgid ""
4513
4733
"ubuntu: This is a <ulink "
4514
4734
"url=\"https://launchpad.net/simplestreams\">simplestreams-based</ulink> "
4515
4735
"remote serving released ubuntu cloud images."
4516
4736
msgstr ""
4517
4737
4518
#: serverguide/C/virtualization.xml:1472(para)
4738
#: serverguide/C/virtualization.xml:1540(para)
4519
4739
msgid ""
4520
4740
"ubuntu-daily: This is another simplestreams based remote which serves "
4521
4741
"'daily' ubuntu cloud images. These provide quicker but potentially less "
4522
4742
"stable images."
4523
4743
msgstr ""
4524
4744
4525
#: serverguide/C/virtualization.xml:1478(para)
4745
#: serverguide/C/virtualization.xml:1546(para)
4526
4746
msgid ""
4527
4747
"images: This is a remote publishing best-effort container images for many "
4528
4748
"distributions, created using community-provided build scripts."
4529
4749
msgstr ""
4530
4750
4531
#: serverguide/C/virtualization.xml:1483(para)
4751
#: serverguide/C/virtualization.xml:1551(para)
4532
4752
msgid "To view the images available on one of these servers, you can use:"
4533
4753
msgstr ""
4534
4754
4535
#: serverguide/C/virtualization.xml:1493(para)
4755
#: serverguide/C/virtualization.xml:1561(para)
4536
4756
msgid ""
4537
4757
"Most of the images are known by several aliases for easier reference. To see "
4538
4758
"the full list of aliases, you can use"
4539
4759
msgstr ""
4540
4760
4541
#: serverguide/C/virtualization.xml:1499(command)
4761
#: serverguide/C/virtualization.xml:1567(command)
4542
4762
msgid "lxc image alias list images:"
4543
4763
msgstr ""
4544
4764
4545
#: serverguide/C/virtualization.xml:1504(para)
4765
#: serverguide/C/virtualization.xml:1572(para)
4546
4766
msgid ""
4547
4767
"Any alias or image fingerprint can be used to specify how to create the new "
4548
4768
"container. For instance, to create an amd64 Ubuntu 14.04 container, some "
4549
4769
"options are:"
4550
4770
msgstr ""
4551
4771
4552
#: serverguide/C/virtualization.xml:1511(command)
4772
#: serverguide/C/virtualization.xml:1579(command)
4553
4773
msgid ""
4554
4774
"lxc launch ubuntu:14.04 trusty1 lxc launch ubuntu:trusty trusty1 lxc launch "
4555
4775
"ubuntu:trusty/amd64 trusty1 lxc launch ubuntu:lts trusty1"
4556
4776
msgstr ""
4557
4777
4558
#: serverguide/C/virtualization.xml:1519(para)
4778
#: serverguide/C/virtualization.xml:1587(para)
4559
4779
msgid "The 'lts' alias always refers to the latest released LTS image."
4560
4780
msgstr ""
4561
4781
4562
#: serverguide/C/virtualization.xml:1523(title) serverguide/C/virtualization.xml:2352(title)
4782
#: serverguide/C/virtualization.xml:1591(title) serverguide/C/virtualization.xml:2420(title)
4563
4783
msgid "Snapshots"
4564
4784
msgstr ""
4565
4785
4566
#: serverguide/C/virtualization.xml:1525(para)
4786
#: serverguide/C/virtualization.xml:1593(para)
4567
4787
msgid ""
4568
4788
"Containers can be renamed and live-migrated using the 'lxc move' command:"
4569
4789
msgstr ""
4570
4790
4571
#: serverguide/C/virtualization.xml:1530(command)
4791
#: serverguide/C/virtualization.xml:1598(command)
4572
4792
msgid "lxc move c1 final-beta"
4573
4793
msgstr ""
4574
4794
4575
#: serverguide/C/virtualization.xml:1535(para)
4795
#: serverguide/C/virtualization.xml:1603(para)
4576
4796
msgid "They can also be snapshotted:"
4577
4797
msgstr ""
4578
4798
4579
#: serverguide/C/virtualization.xml:1540(command)
4799
#: serverguide/C/virtualization.xml:1608(command)
4580
4800
msgid "lxc snapshot c1 YYYY-MM-DD"
4581
4801
msgstr ""
4582
4802
4583
#: serverguide/C/virtualization.xml:1545(para)
4803
#: serverguide/C/virtualization.xml:1613(para)
4584
4804
msgid "Later changes to c1 can then be reverted by restoring the snapshot:"
4585
4805
msgstr ""
4586
4806
4587
#: serverguide/C/virtualization.xml:1550(command)
4807
#: serverguide/C/virtualization.xml:1618(command)
4588
4808
msgid "lxc restore u1 YYYY-MM-DD"
4589
4809
msgstr ""
4590
4810
4591
#: serverguide/C/virtualization.xml:1555(para)
4811
#: serverguide/C/virtualization.xml:1623(para)
4592
4812
msgid ""
4593
4813
"New containers can also be created by copying a container or snapshot:"
4594
4814
msgstr ""
4595
4815
4596
#: serverguide/C/virtualization.xml:1560(command)
4816
#: serverguide/C/virtualization.xml:1628(command)
4597
4817
msgid "lxc copy u1/YYYY-MM-DD testcontainer"
4598
4818
msgstr ""
4599
4819
4600
#: serverguide/C/virtualization.xml:1567(title)
4820
#: serverguide/C/virtualization.xml:1635(title)
4601
4821
msgid "Publishing images"
4602
4822
msgstr ""
4603
4823
4604
#: serverguide/C/virtualization.xml:1569(para)
4824
#: serverguide/C/virtualization.xml:1637(para)
4605
4825
msgid ""
4606
4826
"When a container or container snapshot is ready for consumption by others, "
4607
4827
"it can be published as a new image using;"
4608
4828
msgstr ""
4609
4829
4610
#: serverguide/C/virtualization.xml:1575(command)
4830
#: serverguide/C/virtualization.xml:1643(command)
4611
4831
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0"
4612
4832
msgstr ""
4613
4833
4614
#: serverguide/C/virtualization.xml:1580(para)
4834
#: serverguide/C/virtualization.xml:1648(para)
4615
4835
msgid ""
4616
4836
"The published image will be private by default, meaning that LXD will not "
4617
4837
"allow clients without a trusted certificate to see them. If the image is "
4619
4839
"'public' flag can be set, either at publish time using"
4620
4840
msgstr ""
4621
4841
4622
#: serverguide/C/virtualization.xml:1588(command)
4842
#: serverguide/C/virtualization.xml:1656(command)
4623
4843
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0 public=true"
4624
4844
msgstr ""
4625
4845
4626
#: serverguide/C/virtualization.xml:1593(para)
4846
#: serverguide/C/virtualization.xml:1661(para)
4627
4847
msgid "or after the fact using"
4628
4848
msgstr ""
4629
4849
4630
#: serverguide/C/virtualization.xml:1598(command)
4850
#: serverguide/C/virtualization.xml:1666(command)
4631
4851
msgid "lxc image edit foo-2.0"
4632
4852
msgstr ""
4633
4853
4634
#: serverguide/C/virtualization.xml:1603(para)
4854
#: serverguide/C/virtualization.xml:1671(para)
4635
4855
msgid "and changing the value of the public field."
4636
4856
msgstr ""
4637
4857
4638
#: serverguide/C/virtualization.xml:1609(title)
4858
#: serverguide/C/virtualization.xml:1677(title)
4639
4859
msgid "Image export and import"
4640
4860
msgstr ""
4641
4861
4642
#: serverguide/C/virtualization.xml:1611(para)
4862
#: serverguide/C/virtualization.xml:1679(para)
4643
4863
msgid "Image can be exported as, and imported from, tarballs:"
4644
4864
msgstr ""
4645
4865
4646
#: serverguide/C/virtualization.xml:1616(command)
4866
#: serverguide/C/virtualization.xml:1684(command)
4647
4867
msgid ""
4648
4868
"lxc image export foo-2.0 foo-2.0.tar.gz lxc image import foo-2.0.tar.gz --"
4649
4869
"alias foo-2.0 --public"
4650
4870
msgstr ""
4651
4871
4652
#: serverguide/C/virtualization.xml:1625(title) serverguide/C/virtualization.xml:2505(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4872
#: serverguide/C/virtualization.xml:1693(title) serverguide/C/virtualization.xml:2573(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4653
4873
msgid "Troubleshooting"
4654
4874
msgstr ""
4655
4875
4656
#: serverguide/C/virtualization.xml:1627(para)
4876
#: serverguide/C/virtualization.xml:1695(para)
4657
4877
msgid ""
4658
4878
"To view debug information about LXD itself, on a systemd based host use"
4659
4879
msgstr ""
4660
4880
4661
#: serverguide/C/virtualization.xml:1632(command)
4881
#: serverguide/C/virtualization.xml:1700(command)
4662
4882
msgid "journalctl -u LXD"
4663
4883
msgstr ""
4664
4884
4665
#: serverguide/C/virtualization.xml:1637(para)
4885
#: serverguide/C/virtualization.xml:1705(para)
4666
4886
msgid ""
4667
4887
"On an Upstart-based system, you can find the log in "
4668
4888
"<filename>/var/log/upstart/lxd.log</filename>. To make LXD provide much more "
4673
4893
"<filename>/etc/init/lxd.conf</filename>."
4674
4894
msgstr ""
4675
4895
4676
#: serverguide/C/virtualization.xml:1647(para)
4896
#: serverguide/C/virtualization.xml:1715(para)
4677
4897
msgid "Container logfiles for container c1 may be seen using:"
4678
4898
msgstr ""
4679
4899
4680
#: serverguide/C/virtualization.xml:1652(command)
4900
#: serverguide/C/virtualization.xml:1720(command)
4681
4901
msgid "lxc info c1 --show-log"
4682
4902
msgstr ""
4683
4903
4684
#: serverguide/C/virtualization.xml:1657(para)
4904
#: serverguide/C/virtualization.xml:1725(para)
4685
4905
msgid ""
4686
4906
"The configuration file which was used may be found under <filename> "
4687
4907
"/var/log/lxd/c1/lxc.conf</filename> while apparmor profiles can be found in "
4689
4909
"profiles in <filename> /var/lib/lxd/security/seccomp/c1</filename>."
4690
4910
msgstr ""
4691
4911
4692
#: serverguide/C/virtualization.xml:1667(title)
4912
#: serverguide/C/virtualization.xml:1735(title)
4693
4913
msgid "LXC"
4694
4914
msgstr ""
4695
4915
4696
#: serverguide/C/virtualization.xml:1669(para)
4916
#: serverguide/C/virtualization.xml:1737(para)
4697
4917
msgid ""
4698
4918
"Containers are a lightweight virtualization technology. They are more akin "
4699
4919
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
4705
4925
"and OpenVZ functionality."
4706
4926
msgstr ""
4707
4927
4708
#: serverguide/C/virtualization.xml:1679(para)
4928
#: serverguide/C/virtualization.xml:1747(para)
4709
4929
msgid ""
4710
4930
"There are two user-space implementations of containers, each exploiting the "
4711
4931
"same kernel features. Libvirt allows the use of containers through the LXC "
4716
4936
"there are peculiarities which can cause confusion."
4717
4937
msgstr ""
4718
4938
4719
#: serverguide/C/virtualization.xml:1688(para)
4939
#: serverguide/C/virtualization.xml:1756(para)
4720
4940
msgid ""
4721
4941
"In this document we will mainly describe the <application>lxc</application> "
4722
4942
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
4723
4943
"Apparmor protection for libvirt-lxc containers."
4724
4944
msgstr ""
4725
4945
4726
#: serverguide/C/virtualization.xml:1693(para)
4946
#: serverguide/C/virtualization.xml:1761(para)
4727
4947
msgid "In this document, a container name will be shown as CN, C1, or C2."
4728
4948
msgstr ""
4729
4949
4730
#: serverguide/C/virtualization.xml:1699(para)
4950
#: serverguide/C/virtualization.xml:1767(para)
4731
4951
msgid "The <application>lxc</application> package can be installed using"
4732
4952
msgstr ""
4733
4953
4734
#: serverguide/C/virtualization.xml:1703(command)
4954
#: serverguide/C/virtualization.xml:1771(command)
4735
4955
msgid "sudo apt install lxc"
4736
4956
msgstr ""
4737
4957
4738
#: serverguide/C/virtualization.xml:1708(para)
4958
#: serverguide/C/virtualization.xml:1776(para)
4739
4959
msgid ""
4740
4960
"This will pull in the required and recommended dependencies, as well as set "
4741
4961
"up a network bridge for containers to use. If you wish to use unprivileged "
4744
4964
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
4745
4965
msgstr ""
4746
4966
4747
#: serverguide/C/virtualization.xml:1718(title) serverguide/C/vcs.xml:111(title)
4967
#: serverguide/C/virtualization.xml:1786(title) serverguide/C/vcs.xml:111(title)
4748
4968
msgid "Basic usage"
4749
4969
msgstr ""
4750
4970
4751
#: serverguide/C/virtualization.xml:1719(para)
4971
#: serverguide/C/virtualization.xml:1787(para)
4752
4972
msgid ""
4753
4973
"LXC can be used in two distinct ways - privileged, by running the lxc "
4754
4974
"commands as the root user; or unprivileged, by running the lxc commands as a "
4759
4979
"in the container is mapped to a non-root userid on the host."
4760
4980
msgstr ""
4761
4981
4762
#: serverguide/C/virtualization.xml:1731(title)
4982
#: serverguide/C/virtualization.xml:1799(title)
4763
4983
msgid "Basic privileged usage"
4764
4984
msgstr ""
4765
4985
4766
#: serverguide/C/virtualization.xml:1732(para)
4986
#: serverguide/C/virtualization.xml:1800(para)
4767
4987
msgid "To create a privileged container, you can simply do:"
4768
4988
msgstr ""
4769
4989
4770
#: serverguide/C/virtualization.xml:1736(command)
4990
#: serverguide/C/virtualization.xml:1804(command)
4771
4991
msgid "sudo lxc-create --template download --name u1"
4772
4992
msgstr ""
4773
4993
4774
#: serverguide/C/virtualization.xml:1740(command)
4994
#: serverguide/C/virtualization.xml:1808(command)
4775
4995
msgid "sudo lxc-create -t download -n u1"
4776
4996
msgstr ""
4777
4997
4778
#: serverguide/C/virtualization.xml:1735(screen)
4998
#: serverguide/C/virtualization.xml:1803(screen)
4779
4999
#, no-wrap
4780
5000
msgid ""
4781
5001
"\n"
4784
5004
"<placeholder-2/>\n"
4785
5005
msgstr ""
4786
5006
4787
#: serverguide/C/virtualization.xml:1744(para)
5007
#: serverguide/C/virtualization.xml:1812(para)
4788
5008
msgid ""
4789
5009
"This will interactively ask for a container root filesystem type to download "
4790
5010
"- in particular the distribution, release, and architecture. To create the "
4792
5012
"line:"
4793
5013
msgstr ""
4794
5014
4795
#: serverguide/C/virtualization.xml:1751(command)
5015
#: serverguide/C/virtualization.xml:1819(command)
4796
5016
msgid ""
4797
5017
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release xenial --arch "
4798
5018
"amd64"
4799
5019
msgstr ""
4800
5020
4801
#: serverguide/C/virtualization.xml:1755(command)
5021
#: serverguide/C/virtualization.xml:1823(command)
4802
5022
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64"
4803
5023
msgstr ""
4804
5024
4805
#: serverguide/C/virtualization.xml:1750(screen)
5025
#: serverguide/C/virtualization.xml:1818(screen)
4806
5026
#, no-wrap
4807
5027
msgid ""
4808
5028
"\n"
4811
5031
"<placeholder-2/>\n"
4812
5032
msgstr ""
4813
5033
4814
#: serverguide/C/virtualization.xml:1760(para)
5034
#: serverguide/C/virtualization.xml:1828(para)
4815
5035
msgid ""
4816
5036
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
4817
5037
"info</command> to obtain detailed container information, <command>lxc-"
4823
5043
"look like:"
4824
5044
msgstr ""
4825
5045
4826
#: serverguide/C/virtualization.xml:1771(command)
5046
#: serverguide/C/virtualization.xml:1839(command)
4827
5047
msgid ""
4828
5048
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
4829
5049
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
4830
5050
msgstr ""
4831
5051
4832
#: serverguide/C/virtualization.xml:1783(title)
5052
#: serverguide/C/virtualization.xml:1851(title)
4833
5053
msgid "User namespaces"
4834
5054
msgstr ""
4835
5055
4836
#: serverguide/C/virtualization.xml:1784(para)
5056
#: serverguide/C/virtualization.xml:1852(para)
4837
5057
msgid ""
4838
5058
"Unprivileged containers allow users to create and administer containers "
4839
5059
"without having any root privilege. The feature underpinning this is called "
4850
5070
"convention started at id 100000 to avoid conflicting with system users."
4851
5071
msgstr ""
4852
5072
4853
#: serverguide/C/virtualization.xml:1802(para)
5073
#: serverguide/C/virtualization.xml:1870(para)
4854
5074
msgid ""
4855
5075
"If a user was created on an earlier release, it can be granted a range of "
4856
5076
"ids using <command>usermod</command>, as follows:"
4857
5077
msgstr ""
4858
5078
4859
#: serverguide/C/virtualization.xml:1807(command)
5079
#: serverguide/C/virtualization.xml:1875(command)
4860
5080
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
4861
5081
msgstr ""
4862
5082
4863
#: serverguide/C/virtualization.xml:1812(para)
5083
#: serverguide/C/virtualization.xml:1880(para)
4864
5084
msgid ""
4865
5085
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
4866
5086
"are setuid-root programs in the <filename>uidmap</filename> package, which "
4869
5089
"authorized by the host configuration."
4870
5090
msgstr ""
4871
5091
4872
#: serverguide/C/virtualization.xml:1823(title)
5092
#: serverguide/C/virtualization.xml:1891(title)
4873
5093
msgid "Basic unprivileged usage"
4874
5094
msgstr ""
4875
5095
4876
#: serverguide/C/virtualization.xml:1827(para)
5096
#: serverguide/C/virtualization.xml:1895(para)
4877
5097
msgid ""
4878
5098
"To create unprivileged containers, a few first steps are needed. You will "
4879
5099
"need to create a default container configuration file, specifying your "
4883
5103
"your actual user and group id ranges and modify the example accordingly:"
4884
5104
msgstr ""
4885
5105
4886
#: serverguide/C/virtualization.xml:1837(command)
5106
#: serverguide/C/virtualization.xml:1905(command)
4887
5107
msgid "grep $USER /etc/subuid grep $USER /etc/subgid"
4888
5108
msgstr ""
4889
5109
4890
#: serverguide/C/virtualization.xml:1843(command)
5110
#: serverguide/C/virtualization.xml:1911(command)
4891
5111
msgid ""
4892
5112
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
4893
5113
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
4897
5117
"/etc/lxc/lxc-usernet"
4898
5118
msgstr ""
4899
5119
4900
#: serverguide/C/virtualization.xml:1853(para)
5120
#: serverguide/C/virtualization.xml:1921(para)
4901
5121
msgid ""
4902
5122
"After this, you can create unprivileged containers the same way as "
4903
5123
"privileged ones, simply without using sudo."
4904
5124
msgstr ""
4905
5125
4906
#: serverguide/C/virtualization.xml:1858(command)
5126
#: serverguide/C/virtualization.xml:1926(command)
4907
5127
msgid ""
4908
5128
"lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64 lxc-start -n u1 "
4909
5129
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
4910
5130
msgstr ""
4911
5131
4912
#: serverguide/C/virtualization.xml:1870(para)
5132
#: serverguide/C/virtualization.xml:1938(para)
4913
5133
msgid ""
4914
5134
"In order to run containers inside containers - referred to as nested "
4915
5135
"containers - two lines must be present in the parent container configuration "
4926
5146
"information."
4927
5147
msgstr ""
4928
5148
4929
#: serverguide/C/virtualization.xml:1892(title)
5149
#: serverguide/C/virtualization.xml:1960(title)
4930
5150
msgid "Global configuration"
4931
5151
msgstr ""
4932
5152
4933
#: serverguide/C/virtualization.xml:1899(para)
5153
#: serverguide/C/virtualization.xml:1967(para)
4934
5154
msgid ""
4935
5155
"<filename>lxc.conf</filename> may optionally specify alternate values for "
4936
5156
"several lxc settings, including the lxcpath, the default configuration, "
4938
5158
"lvm and zfs."
4939
5159
msgstr ""
4940
5160
4941
#: serverguide/C/virtualization.xml:1905(para)
5161
#: serverguide/C/virtualization.xml:1973(para)
4942
5162
msgid ""
4943
5163
"<filename>default.conf</filename> specifies configuration which every newly "
4944
5164
"created container should contain. This usually contains at least a network "
4945
5165
"section, and, for unprivileged users, an id mapping section"
4946
5166
msgstr ""
4947
5167
4948
#: serverguide/C/virtualization.xml:1911(para)
5168
#: serverguide/C/virtualization.xml:1979(para)
4949
5169
msgid ""
4950
5170
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
4951
5171
"connect their containers to the host-owned network."
4952
5172
msgstr ""
4953
5173
4954
#: serverguide/C/virtualization.xml:1893(para)
5174
#: serverguide/C/virtualization.xml:1961(para)
4955
5175
msgid ""
4956
5176
"The following configuration files are consulted by LXC. For privileged use, "
4957
5177
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
4958
5178
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
4959
5179
msgstr ""
4960
5180
4961
#: serverguide/C/virtualization.xml:1916(para)
5181
#: serverguide/C/virtualization.xml:1984(para)
4962
5182
msgid ""
4963
5183
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
4964
5184
"under <filename>/etc/lxc</filename> and "
4966
5186
"usernet.conf</filename> is only host-wide."
4967
5187
msgstr ""
4968
5188
4969
#: serverguide/C/virtualization.xml:1921(para)
5189
#: serverguide/C/virtualization.xml:1989(para)
4970
5190
msgid ""
4971
5191
"By default, containers are located under /var/lib/lxc for the root user, and "
4972
5192
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
4973
5193
"commands using the \"-P|--lxcpath\" argument."
4974
5194
msgstr ""
4975
5195
4976
#: serverguide/C/virtualization.xml:1930(title) serverguide/C/network-config.xml:11(title)
5196
#: serverguide/C/virtualization.xml:1998(title) serverguide/C/network-config.xml:11(title)
4977
5197
msgid "Networking"
4978
5198
msgstr ""
4979
5199
4980
#: serverguide/C/virtualization.xml:1931(para)
5200
#: serverguide/C/virtualization.xml:1999(para)
4981
5201
msgid ""
4982
5202
"By default LXC creates a private network namespace for each container, which "
4983
5203
"includes a layer 2 networking stack. Containers usually connect to the "
4989
5209
"container is not usable on the host."
4990
5210
msgstr ""
4991
5211
4992
#: serverguide/C/virtualization.xml:1939(para)
5212
#: serverguide/C/virtualization.xml:2007(para)
4993
5213
msgid ""
4994
5214
"It is possible to create a container without a private network namespace. In "
4995
5215
"this case, the container will have access to the host networking like any "
4999
5219
"Unix domain socket to the host's upstart, and shut down the host."
5000
5220
msgstr ""
5001
5221
5002
#: serverguide/C/virtualization.xml:1945(para)
5222
#: serverguide/C/virtualization.xml:2013(para)
5003
5223
msgid ""
5004
5224
"To give containers on lxcbr0 a persistent ip address based on domain name, "
5005
5225
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
5009
5229
"</screen>"
5010
5230
msgstr ""
5011
5231
5012
#: serverguide/C/virtualization.xml:1953(para)
5232
#: serverguide/C/virtualization.xml:2021(para)
5013
5233
msgid ""
5014
5234
"If it is desirable for the container to be publicly accessible, there are a "
5015
5235
"few ways to go about it. One is to use <command>iptables</command> to "
5028
5248
"are preferred and more commonly used."
5029
5249
msgstr ""
5030
5250
5031
#: serverguide/C/virtualization.xml:1974(para)
5251
#: serverguide/C/virtualization.xml:2042(para)
5032
5252
msgid ""
5033
5253
"There are several ways to determine the ip address for a container. First, "
5034
5254
"you can use <command>lxc-ls --fancy</command> which will print the ip "
5044
5264
"</screen>"
5045
5265
msgstr ""
5046
5266
5047
#: serverguide/C/virtualization.xml:1989(para)
5267
#: serverguide/C/virtualization.xml:2057(para)
5048
5268
msgid ""
5049
5269
"For more information, see the lxc.conf manpage as well as the example "
5050
5270
"network configurations under "
5051
5271
"<filename>/usr/share/doc/lxc/examples/</filename>."
5052
5272
msgstr ""
5053
5273
5054
#: serverguide/C/virtualization.xml:1995(title)
5274
#: serverguide/C/virtualization.xml:2063(title)
5055
5275
msgid "LXC startup"
5056
5276
msgstr ""
5057
5277
5058
#: serverguide/C/virtualization.xml:1997(para)
5278
#: serverguide/C/virtualization.xml:2065(para)
5059
5279
msgid ""
5060
5280
"LXC does not have a long-running daemon. However it does have three upstart "
5061
5281
"jobs."
5062
5282
msgstr ""
5063
5283
5064
#: serverguide/C/virtualization.xml:2003(para)
5284
#: serverguide/C/virtualization.xml:2071(para)
5065
5285
msgid ""
5066
5286
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
5067
5287
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
5068
5288
"(true by default). It sets up a NATed bridge for containers to use."
5069
5289
msgstr ""
5070
5290
5071
#: serverguide/C/virtualization.xml:2011(para)
5291
#: serverguide/C/virtualization.xml:2079(para)
5072
5292
msgid ""
5073
5293
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
5074
5294
"optionally starts any autostart containers. The autostart containers will be "
5077
5297
"more information on autostarted containers."
5078
5298
msgstr ""
5079
5299
5080
#: serverguide/C/virtualization.xml:2021(para)
5300
#: serverguide/C/virtualization.xml:2089(para)
5081
5301
msgid ""
5082
5302
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
5083
5303
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
5084
5304
msgstr ""
5085
5305
5086
#: serverguide/C/virtualization.xml:2030(title)
5306
#: serverguide/C/virtualization.xml:2098(title)
5087
5307
msgid "Backing Stores"
5088
5308
msgstr ""
5089
5309
5090
#: serverguide/C/virtualization.xml:2031(para)
5310
#: serverguide/C/virtualization.xml:2099(para)
5091
5311
msgid ""
5092
5312
"LXC supports several backing stores for container root filesystems. The "
5093
5313
"default is a simple directory backing store, because it requires no prior "
5102
5322
"<filename>$lxcpath/C1/rootfs</filename>."
5103
5323
msgstr ""
5104
5324
5105
#: serverguide/C/virtualization.xml:2045(para)
5325
#: serverguide/C/virtualization.xml:2113(para)
5106
5326
msgid ""
5107
5327
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
5108
5328
"backed container, with a rootfs called "
5110
5330
" Other backing store types include loop, btrfs, LVM and zfs."
5111
5331
msgstr ""
5112
5332
5113
#: serverguide/C/virtualization.xml:2053(para)
5333
#: serverguide/C/virtualization.xml:2121(para)
5114
5334
msgid ""
5115
5335
"A btrfs backed container mostly looks like a directory backed container, "
5116
5336
"with its root filesystem in the same location. However, the root filesystem "
5118
5338
"snapshot."
5119
5339
msgstr ""
5120
5340
5121
#: serverguide/C/virtualization.xml:2060(para)
5341
#: serverguide/C/virtualization.xml:2128(para)
5122
5342
msgid ""
5123
5343
"The root filesystem for an LVM backed container can be any separate LV. The "
5124
5344
"default VG name can be specified in lxc.conf. The filesystem type and size "
5125
5345
"are configurable per-container using lxc-create."
5126
5346
msgstr ""
5127
5347
5128
#: serverguide/C/virtualization.xml:2066(para)
5348
#: serverguide/C/virtualization.xml:2134(para)
5129
5349
msgid ""
5130
5350
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
5131
5351
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
5133
5353
"in lxc.system.conf."
5134
5354
msgstr ""
5135
5355
5136
#: serverguide/C/virtualization.xml:2073(para)
5356
#: serverguide/C/virtualization.xml:2141(para)
5137
5357
msgid ""
5138
5358
"More information on creating containers with the various backing stores can "
5139
5359
"be found in the lxc-create manual page."
5140
5360
msgstr ""
5141
5361
5142
#: serverguide/C/virtualization.xml:2080(title)
5362
#: serverguide/C/virtualization.xml:2148(title)
5143
5363
msgid "Templates"
5144
5364
msgstr ""
5145
5365
5146
#: serverguide/C/virtualization.xml:2081(para)
5366
#: serverguide/C/virtualization.xml:2149(para)
5147
5367
msgid ""
5148
5368
"Creating a container generally involves creating a root filesystem for the "
5149
5369
"container. <command>lxc-create</command> delegates this work to "
5154
5374
"others."
5155
5375
msgstr ""
5156
5376
5157
#: serverguide/C/virtualization.xml:2090(para)
5377
#: serverguide/C/virtualization.xml:2158(para)
5158
5378
msgid ""
5159
5379
"Creating distribution images in most cases requires the ability to create "
5160
5380
"device nodes, often requires tools which are not available in other "
5165
5385
"could not for instance easily run the <command>debootstrap</command> command."
5166
5386
msgstr ""
5167
5387
5168
#: serverguide/C/virtualization.xml:2100(para)
5388
#: serverguide/C/virtualization.xml:2168(para)
5169
5389
msgid ""
5170
5390
"When running <command>lxc-create</command>, all options which come after "
5171
5391
"<emphasis>--</emphasis> are passed to the template. In the following "
5178
5398
"</screen>"
5179
5399
msgstr ""
5180
5400
5181
#: serverguide/C/virtualization.xml:2112(para)
5401
#: serverguide/C/virtualization.xml:2180(para)
5182
5402
msgid ""
5183
5403
"You can obtain help for the options supported by any particular container by "
5184
5404
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
5185
5405
"create</command>. For instance, for help with the download template,"
5186
5406
msgstr ""
5187
5407
5188
#: serverguide/C/virtualization.xml:2119(command)
5408
#: serverguide/C/virtualization.xml:2187(command)
5189
5409
msgid "lxc-create --template download --help"
5190
5410
msgstr ""
5191
5411
5192
#: serverguide/C/virtualization.xml:2125(title)
5412
#: serverguide/C/virtualization.xml:2193(title)
5193
5413
msgid "Autostart"
5194
5414
msgstr ""
5195
5415
5196
#: serverguide/C/virtualization.xml:2126(para)
5416
#: serverguide/C/virtualization.xml:2194(para)
5197
5417
msgid ""
5198
5418
"LXC supports marking containers to be started at system boot. Prior to "
5199
5419
"Ubuntu 14.04, this was done using symbolic links under the directory "
5210
5430
"lxc.container.conf for more information."
5211
5431
msgstr ""
5212
5432
5213
#: serverguide/C/virtualization.xml:2146(para)
5433
#: serverguide/C/virtualization.xml:2214(para)
5214
5434
msgid ""
5215
5435
"LXC ships with a default Apparmor profile intended to protect the host from "
5216
5436
"accidental misuses of privilege inside the container. For instance, the "
5218
5438
"trigger</filename> or to most <filename>/sys</filename> files."
5219
5439
msgstr ""
5220
5440
5221
#: serverguide/C/virtualization.xml:2152(para)
5441
#: serverguide/C/virtualization.xml:2220(para)
5222
5442
msgid ""
5223
5443
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
5224
5444
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
5231
5451
"dangerous paths, and from mounting most filesystems."
5232
5452
msgstr ""
5233
5453
5234
#: serverguide/C/virtualization.xml:2163(para)
5454
#: serverguide/C/virtualization.xml:2231(para)
5235
5455
msgid ""
5236
5456
"Programs in a container cannot be further confined - for instance, MySQL "
5237
5457
"runs under the container profile (protecting the host) but will not be able "
5238
5458
"to enter the MySQL profile (to protect the container)."
5239
5459
msgstr ""
5240
5460
5241
#: serverguide/C/virtualization.xml:2168(para)
5461
#: serverguide/C/virtualization.xml:2236(para)
5242
5462
msgid ""
5243
5463
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
5244
5464
"container it spawns will be confined."
5245
5465
msgstr ""
5246
5466
5247
#: serverguide/C/virtualization.xml:2171(title)
5467
#: serverguide/C/virtualization.xml:2239(title)
5248
5468
msgid "Customizing container policies"
5249
5469
msgstr ""
5250
5470
5251
#: serverguide/C/virtualization.xml:2172(para)
5471
#: serverguide/C/virtualization.xml:2240(para)
5252
5472
msgid ""
5253
5473
"If you find that <command>lxc-start</command> is failing due to a legitimate "
5254
5474
"access which is being denied by its Apparmor policy, you can disable the lxc-"
5255
5475
"start profile by doing:"
5256
5476
msgstr ""
5257
5477
5258
#: serverguide/C/virtualization.xml:2176(screen)
5478
#: serverguide/C/virtualization.xml:2244(screen)
5259
5479
#, no-wrap
5260
5480
msgid ""
5261
5481
"\n"
5263
5483
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
5264
5484
msgstr ""
5265
5485
5266
#: serverguide/C/virtualization.xml:2181(para)
5486
#: serverguide/C/virtualization.xml:2249(para)
5267
5487
msgid ""
5268
5488
"This will make <command>lxc-start</command> run unconfined, but continue to "
5269
5489
"confine the container itself. If you also wish to disable confinement of the "
5271
5491
"start</filename> profile, you must add:"
5272
5492
msgstr ""
5273
5493
5274
#: serverguide/C/virtualization.xml:2186(screen)
5494
#: serverguide/C/virtualization.xml:2254(screen)
5275
5495
#, no-wrap
5276
5496
msgid ""
5277
5497
"\n"
5278
5498
"lxc.aa_profile = unconfined\n"
5279
5499
msgstr ""
5280
5500
5281
#: serverguide/C/virtualization.xml:2190(para)
5501
#: serverguide/C/virtualization.xml:2258(para)
5282
5502
msgid "to the container's configuration file."
5283
5503
msgstr ""
5284
5504
5285
#: serverguide/C/virtualization.xml:2192(para)
5505
#: serverguide/C/virtualization.xml:2260(para)
5286
5506
msgid ""
5287
5507
"LXC ships with a few alternate policies for containers. If you wish to run "
5288
5508
"containers inside containers (nesting), then you can use the lxc-container-"
5297
5517
"\t</screen> and re-load the policy."
5298
5518
msgstr ""
5299
5519
5300
#: serverguide/C/virtualization.xml:2209(para)
5520
#: serverguide/C/virtualization.xml:2277(para)
5301
5521
msgid ""
5302
5522
"Note that the nesting policy with privileged containers is far less safe "
5303
5523
"than the default policy, as it allows containers to re-mount "
5307
5527
"<filename>proc</filename> and <filename>sys</filename> files."
5308
5528
msgstr ""
5309
5529
5310
#: serverguide/C/virtualization.xml:2217(para)
5530
#: serverguide/C/virtualization.xml:2285(para)
5311
5531
msgid ""
5312
5532
"Another profile shipped with lxc allows containers to mount block filesystem "
5313
5533
"types like ext4. This can be useful in some cases like maas provisioning, "
5315
5535
"have not been audited for safe handling of untrusted input."
5316
5536
msgstr ""
5317
5537
5318
#: serverguide/C/virtualization.xml:2223(para)
5538
#: serverguide/C/virtualization.xml:2291(para)
5319
5539
msgid ""
5320
5540
"If you need to run a container in a custom profile, you can create a new "
5321
5541
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
5327
5547
"permissions at the bottom of your policy."
5328
5548
msgstr ""
5329
5549
5330
#: serverguide/C/virtualization.xml:2234(para)
5550
#: serverguide/C/virtualization.xml:2302(para)
5331
5551
msgid "After creating the policy, load it using:"
5332
5552
msgstr ""
5333
5553
5334
#: serverguide/C/virtualization.xml:2236(screen)
5554
#: serverguide/C/virtualization.xml:2304(screen)
5335
5555
#, no-wrap
5336
5556
msgid ""
5337
5557
"\n"
5338
5558
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
5339
5559
msgstr ""
5340
5560
5341
#: serverguide/C/virtualization.xml:2240(para)
5561
#: serverguide/C/virtualization.xml:2308(para)
5342
5562
msgid ""
5343
5563
"The profile will automatically be loaded after a reboot, because it is "
5344
5564
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
5347
5567
"configuration file:"
5348
5568
msgstr ""
5349
5569
5350
#: serverguide/C/virtualization.xml:2247(screen)
5570
#: serverguide/C/virtualization.xml:2315(screen)
5351
5571
#, no-wrap
5352
5572
msgid ""
5353
5573
"\n"
5354
5574
"lxc.aa_profile = lxc-CN-profile\n"
5355
5575
msgstr ""
5356
5576
5357
#: serverguide/C/virtualization.xml:2255(title) serverguide/C/cgroups.xml:11(title)
5577
#: serverguide/C/virtualization.xml:2323(title) serverguide/C/cgroups.xml:11(title)
5358
5578
msgid "Control Groups"
5359
5579
msgstr ""
5360
5580
5361
#: serverguide/C/virtualization.xml:2257(para)
5581
#: serverguide/C/virtualization.xml:2325(para)
5362
5582
msgid ""
5363
5583
"Control groups (cgroups) are a kernel feature providing hierarchical task "
5364
5584
"grouping and per-cgroup resource accounting and limits. They are used in "
5367
5587
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
5368
5588
msgstr ""
5369
5589
5370
#: serverguide/C/virtualization.xml:2265(para)
5590
#: serverguide/C/virtualization.xml:2333(para)
5371
5591
msgid ""
5372
5592
"By default, a privileged container CN will be assigned to a cgroup called "
5373
5593
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
5375
5595
"at 0, will be appended to the cgroup name."
5376
5596
msgstr ""
5377
5597
5378
#: serverguide/C/virtualization.xml:2271(para)
5598
#: serverguide/C/virtualization.xml:2339(para)
5379
5599
msgid ""
5380
5600
"By default, a privileged container CN will be assigned to a cgroup called "
5381
5601
"<filename>CN</filename> under the cgroup of the task which started the "
5384
5604
"all files) so that it is allowed to create new child cgroups."
5385
5605
msgstr ""
5386
5606
5387
#: serverguide/C/virtualization.xml:2278(para)
5607
#: serverguide/C/virtualization.xml:2346(para)
5388
5608
msgid ""
5389
5609
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
5390
5610
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
5405
5625
"requests for which they are not authorized."
5406
5626
msgstr ""
5407
5627
5408
#: serverguide/C/virtualization.xml:2302(title)
5628
#: serverguide/C/virtualization.xml:2370(title)
5409
5629
msgid "Cloning"
5410
5630
msgstr ""
5411
5631
5412
#: serverguide/C/virtualization.xml:2304(para)
5632
#: serverguide/C/virtualization.xml:2372(para)
5413
5633
msgid ""
5414
5634
"For rapid provisioning, you may wish to customize a canonical container "
5415
5635
"according to your needs and then make multiple copies of it. This can be "
5416
5636
"done with the <command>lxc-clone</command> program."
5417
5637
msgstr ""
5418
5638
5419
#: serverguide/C/virtualization.xml:2308(para)
5639
#: serverguide/C/virtualization.xml:2376(para)
5420
5640
msgid ""
5421
5641
"Clones are either snapshots or copies of another container. A copy is a new "
5422
5642
"container copied from the original, and takes as much space on the host as "
5432
5652
"and apt to be slower."
5433
5653
msgstr ""
5434
5654
5435
#: serverguide/C/virtualization.xml:2322(para)
5655
#: serverguide/C/virtualization.xml:2390(para)
5436
5656
msgid ""
5437
5657
"Snapshots of directory-packed containers are created using the overlay "
5438
5658
"filesystem. For instance, a privileged directory-backed container C1 will "
5444
5664
"container, and to only use its snapshots."
5445
5665
msgstr ""
5446
5666
5447
#: serverguide/C/virtualization.xml:2334(para)
5667
#: serverguide/C/virtualization.xml:2402(para)
5448
5668
msgid "Given an existing container called C1, a copy can be created using:"
5449
5669
msgstr ""
5450
5670
5451
#: serverguide/C/virtualization.xml:2338(command)
5671
#: serverguide/C/virtualization.xml:2406(command)
5452
5672
msgid "sudo lxc-clone -o C1 -n C2"
5453
5673
msgstr ""
5454
5674
5455
#: serverguide/C/virtualization.xml:2343(para)
5675
#: serverguide/C/virtualization.xml:2411(para)
5456
5676
msgid "A snapshot can be created using:"
5457
5677
msgstr ""
5458
5678
5459
#: serverguide/C/virtualization.xml:2345(command)
5679
#: serverguide/C/virtualization.xml:2413(command)
5460
5680
msgid "sudo lxc-clone -s -o C1 -n C2"
5461
5681
msgstr ""
5462
5682
5463
#: serverguide/C/virtualization.xml:2349(para)
5683
#: serverguide/C/virtualization.xml:2417(para)
5464
5684
msgid "See the lxc-clone manpage for more information."
5465
5685
msgstr ""
5466
5686
5467
#: serverguide/C/virtualization.xml:2353(para)
5687
#: serverguide/C/virtualization.xml:2421(para)
5468
5688
msgid ""
5469
5689
"To more easily support the use of snapshot clones for iterative container "
5470
5690
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
5482
5702
"is erased and replaced with the snap1 snapshot."
5483
5703
msgstr ""
5484
5704
5485
#: serverguide/C/virtualization.xml:2372(para)
5705
#: serverguide/C/virtualization.xml:2440(para)
5486
5706
msgid ""
5487
5707
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
5488
5708
"lxc-snapshot is called on a directory-backed container, an error will be "
5503
5723
"</screen>"
5504
5724
msgstr ""
5505
5725
5506
#: serverguide/C/virtualization.xml:2396(title)
5726
#: serverguide/C/virtualization.xml:2464(title)
5507
5727
msgid "Ephemeral Containers"
5508
5728
msgstr ""
5509
5729
5510
#: serverguide/C/virtualization.xml:2397(para)
5730
#: serverguide/C/virtualization.xml:2465(para)
5511
5731
msgid ""
5512
5732
"While snapshots are useful for longer-term incremental development of "
5513
5733
"images, ephemeral containers utilize snapshots for quick, single-use "
5522
5742
"page for more options."
5523
5743
msgstr ""
5524
5744
5525
#: serverguide/C/virtualization.xml:2415(title)
5745
#: serverguide/C/virtualization.xml:2483(title)
5526
5746
msgid "Lifecycle management hooks"
5527
5747
msgstr ""
5528
5748
5529
#: serverguide/C/virtualization.xml:2417(para)
5749
#: serverguide/C/virtualization.xml:2485(para)
5530
5750
msgid ""
5531
5751
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
5532
5752
"at specific points in a container's lifetime:"
5533
5753
msgstr ""
5534
5754
5535
#: serverguide/C/virtualization.xml:2422(para)
5755
#: serverguide/C/virtualization.xml:2490(para)
5536
5756
msgid ""
5537
5757
"Pre-start hooks are run in the host's namespace before the container ttys, "
5538
5758
"consoles, or mounts are up. If any mounts are done in this hook, they should "
5539
5759
"be cleaned up in the post-stop hook."
5540
5760
msgstr ""
5541
5761
5542
#: serverguide/C/virtualization.xml:2429(para)
5762
#: serverguide/C/virtualization.xml:2497(para)
5543
5763
msgid ""
5544
5764
"Pre-mount hooks are run in the container's namespaces, but before the root "
5545
5765
"filesystem has been mounted. Mounts done in this hook will be automatically "
5546
5766
"cleaned up when the container shuts down."
5547
5767
msgstr ""
5548
5768
5549
#: serverguide/C/virtualization.xml:2436(para)
5769
#: serverguide/C/virtualization.xml:2504(para)
5550
5770
msgid ""
5551
5771
"Mount hooks are run after the container filesystems have been mounted, but "
5552
5772
"before the container has called <command>pivot_root</command> to change its "
5553
5773
"root filesystem."
5554
5774
msgstr ""
5555
5775
5556
#: serverguide/C/virtualization.xml:2443(para)
5776
#: serverguide/C/virtualization.xml:2511(para)
5557
5777
msgid ""
5558
5778
"Start hooks are run immediately before executing the container's init. Since "
5559
5779
"these are executed after pivoting into the container's filesystem, the "
5560
5780
"command to be executed must be copied into the container's filesystem."
5561
5781
msgstr ""
5562
5782
5563
#: serverguide/C/virtualization.xml:2450(para)
5783
#: serverguide/C/virtualization.xml:2518(para)
5564
5784
msgid "Post-stop hooks are executed after the container has been shut down."
5565
5785
msgstr ""
5566
5786
5567
#: serverguide/C/virtualization.xml:2455(para)
5787
#: serverguide/C/virtualization.xml:2523(para)
5568
5788
msgid ""
5569
5789
"If any hook returns an error, the container's run will be aborted. Any "
5570
5790
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
5571
5791
"generated by the script will be logged at the debug priority."
5572
5792
msgstr ""
5573
5793
5574
#: serverguide/C/virtualization.xml:2460(para)
5794
#: serverguide/C/virtualization.xml:2528(para)
5575
5795
msgid ""
5576
5796
"Please see the lxc.container.conf manual page for the configuration file "
5577
5797
"format with which to specify hooks. Some sample hooks are shipped with the "
5578
5798
"lxc package to serve as an example of how to write and use such hooks."
5579
5799
msgstr ""
5580
5800
5581
#: serverguide/C/virtualization.xml:2467(title)
5801
#: serverguide/C/virtualization.xml:2535(title)
5582
5802
msgid "Consoles"
5583
5803
msgstr ""
5584
5804
5585
#: serverguide/C/virtualization.xml:2469(para)
5805
#: serverguide/C/virtualization.xml:2537(para)
5586
5806
msgid ""
5587
5807
"Containers have a configurable number of consoles. One always exists on the "
5588
5808
"container's <filename>/dev/console</filename>. This is shown on the terminal "
5596
5816
"3 from the host, use:"
5597
5817
msgstr ""
5598
5818
5599
#: serverguide/C/virtualization.xml:2482(command)
5819
#: serverguide/C/virtualization.xml:2550(command)
5600
5820
msgid "sudo lxc-console -n container -t 3"
5601
5821
msgstr ""
5602
5822
5603
#: serverguide/C/virtualization.xml:2487(para)
5823
#: serverguide/C/virtualization.xml:2555(para)
5604
5824
msgid ""
5605
5825
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
5606
5826
"console will be automatically chosen. To exit the console, use the escape "
5609
5829
"d</emphasis> option."
5610
5830
msgstr ""
5611
5831
5612
#: serverguide/C/virtualization.xml:2493(para)
5832
#: serverguide/C/virtualization.xml:2561(para)
5613
5833
msgid ""
5614
5834
"Each container console is actually a Unix98 pty in the host's (not the "
5615
5835
"guest's) pty mount, bind-mounted over the guest's "
5622
5842
"<filename>/dev</filename>."
5623
5843
msgstr ""
5624
5844
5625
#: serverguide/C/virtualization.xml:2507(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5845
#: serverguide/C/virtualization.xml:2575(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5626
5846
msgid "Logging"
5627
5847
msgstr ""
5628
5848
5629
#: serverguide/C/virtualization.xml:2508(para)
5849
#: serverguide/C/virtualization.xml:2576(para)
5630
5850
msgid ""
5631
5851
"If something goes wrong when starting a container, the first step should be "
5632
5852
"to get full logging from LXC: <screen>\n"
5639
5859
"new log information will be appended."
5640
5860
msgstr ""
5641
5861
5642
#: serverguide/C/virtualization.xml:2523(title)
5862
#: serverguide/C/virtualization.xml:2591(title)
5643
5863
msgid "Monitoring container status"
5644
5864
msgstr ""
5645
5865
5646
#: serverguide/C/virtualization.xml:2525(para)
5866
#: serverguide/C/virtualization.xml:2593(para)
5647
5867
msgid ""
5648
5868
"Two commands are available to monitor container state changes. <command>lxc-"
5649
5869
"monitor</command> monitors one or more containers for any state changes. It "
5655
5875
"instance,"
5656
5876
msgstr ""
5657
5877
5658
#: serverguide/C/virtualization.xml:2535(command)
5878
#: serverguide/C/virtualization.xml:2603(command)
5659
5879
msgid "sudo lxc-monitor -n cont[0-5]*"
5660
5880
msgstr ""
5661
5881
5662
#: serverguide/C/virtualization.xml:2540(para)
5882
#: serverguide/C/virtualization.xml:2608(para)
5663
5883
msgid ""
5664
5884
"would print all state changes to any containers matching the listed regular "
5665
5885
"expression, whereas"
5666
5886
msgstr ""
5667
5887
5668
#: serverguide/C/virtualization.xml:2544(command)
5888
#: serverguide/C/virtualization.xml:2612(command)
5669
5889
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
5670
5890
msgstr ""
5671
5891
5672
#: serverguide/C/virtualization.xml:2549(para)
5892
#: serverguide/C/virtualization.xml:2617(para)
5673
5893
msgid ""
5674
5894
"will wait until container cont1 enters state STOPPED or state FROZEN and "
5675
5895
"then exit."
5676
5896
msgstr ""
5677
5897
5678
#: serverguide/C/virtualization.xml:2554(title)
5898
#: serverguide/C/virtualization.xml:2622(title)
5679
5899
msgid "Attach"
5680
5900
msgstr ""
5681
5901
5682
#: serverguide/C/virtualization.xml:2555(para)
5902
#: serverguide/C/virtualization.xml:2623(para)
5683
5903
msgid ""
5684
5904
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
5685
5905
"The simplest case is to simply do <screen>\n"
5692
5912
"context. See the manual page for more information."
5693
5913
msgstr ""
5694
5914
5695
#: serverguide/C/virtualization.xml:2571(title)
5915
#: serverguide/C/virtualization.xml:2639(title)
5696
5916
msgid "Container init verbosity"
5697
5917
msgstr ""
5698
5918
5699
#: serverguide/C/virtualization.xml:2572(para)
5919
#: serverguide/C/virtualization.xml:2640(para)
5700
5920
msgid ""
5701
5921
"If LXC completes the container startup, but the container init fails to "
5702
5922
"complete (for instance, no login prompt is shown), it can be useful to "
5715
5935
"</screen>"
5716
5936
msgstr ""
5717
5937
5718
#: serverguide/C/virtualization.xml:2596(title)
5938
#: serverguide/C/virtualization.xml:2664(title)
5719
5939
msgid "LXC API"
5720
5940
msgstr ""
5721
5941
5722
#: serverguide/C/virtualization.xml:2598(para)
5942
#: serverguide/C/virtualization.xml:2666(para)
5723
5943
msgid ""
5724
5944
"Most of the LXC functionality can now be accessed through an API exported by "
5725
5945
"<filename>liblxc</filename> for which bindings are available in several "
5726
5946
"languages, including Python, lua, ruby, and go."
5727
5947
msgstr ""
5728
5948
5729
#: serverguide/C/virtualization.xml:2602(para)
5949
#: serverguide/C/virtualization.xml:2670(para)
5730
5950
msgid ""
5731
5951
"Below is an example using the python bindings (which are available in the "
5732
5952
"<application>python3-lxc</application> package) which creates and starts a "
5733
5953
"container, then waits until it has been shut down:"
5734
5954
msgstr ""
5735
5955
5736
#: serverguide/C/virtualization.xml:2608(programlisting)
5956
#: serverguide/C/virtualization.xml:2676(programlisting)
5737
5957
#, no-wrap
5738
5958
msgid ""
5739
5959
"\n"
5755
5975
"True\n"
5756
5976
msgstr ""
5757
5977
5758
#: serverguide/C/virtualization.xml:2628(title) serverguide/C/security.xml:11(title)
5978
#: serverguide/C/virtualization.xml:2696(title) serverguide/C/security.xml:11(title)
5759
5979
msgid "Security"
5760
5980
msgstr ""
5761
5981
5762
#: serverguide/C/virtualization.xml:2630(para)
5982
#: serverguide/C/virtualization.xml:2698(para)
5763
5983
msgid ""
5764
5984
"A namespace maps ids to resources. By not providing a container any id with "
5765
5985
"which to reference a resource, the resource can be protected. This is the "
5770
5990
"host."
5771
5991
msgstr ""
5772
5992
5773
#: serverguide/C/virtualization.xml:2639(para)
5993
#: serverguide/C/virtualization.xml:2707(para)
5774
5994
msgid ""
5775
5995
"By default, LXC containers are started under a Apparmor policy to restrict "
5776
5996
"some actions. The details of AppArmor integration with lxc are in section "
5781
6001
"host."
5782
6002
msgstr ""
5783
6003
5784
#: serverguide/C/virtualization.xml:2650(title)
6004
#: serverguide/C/virtualization.xml:2718(title)
5785
6005
msgid "Exploitable system calls"
5786
6006
msgstr ""
5787
6007
5788
#: serverguide/C/virtualization.xml:2652(para)
6008
#: serverguide/C/virtualization.xml:2720(para)
5789
6009
msgid ""
5790
6010
"It is a core container feature that containers share a kernel with the host. "
5791
6011
"Therefore if the kernel contains any exploitable system calls the container "
5793
6013
"fully control any resource known to the host."
5794
6014
msgstr ""
5795
6015
5796
#: serverguide/C/virtualization.xml:2658(para)
6016
#: serverguide/C/virtualization.xml:2726(para)
5797
6017
msgid ""
5798
6018
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
5799
6019
"seccomp filter. Seccomp is a new kernel feature which filters the system "
5805
6025
"by a list of numbers, one per line."
5806
6026
msgstr ""
5807
6027
5808
#: serverguide/C/virtualization.xml:2668(para)
6028
#: serverguide/C/virtualization.xml:2736(para)
5809
6029
msgid ""
5810
6030
"In general to run a full distribution container a large number of system "
5811
6031
"calls will be needed. However for application containers it may be possible "
5817
6037
"loaded."
5818
6038
msgstr ""
5819
6039
5820
#: serverguide/C/virtualization.xml:2684(para)
6040
#: serverguide/C/virtualization.xml:2752(para)
5821
6041
msgid ""
5822
6042
"The DeveloperWorks article <ulink "
5823
6043
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
5825
6045
"to the use of containers."
5826
6046
msgstr ""
5827
6047
5828
#: serverguide/C/virtualization.xml:2691(para)
6048
#: serverguide/C/virtualization.xml:2759(para)
5829
6049
msgid ""
5830
6050
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
5831
6051
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
5832
6052
"use of security modules to make containers more secure."
5833
6053
msgstr ""
5834
6054
5835
#: serverguide/C/virtualization.xml:2698(para) serverguide/C/cgroups.xml:202(para)
6055
#: serverguide/C/virtualization.xml:2766(para) serverguide/C/cgroups.xml:202(para)
5836
6056
msgid "Manual pages referenced above can be found at:"
5837
6057
msgstr ""
5838
6058
5839
#: serverguide/C/virtualization.xml:2700(ulink)
6059
#: serverguide/C/virtualization.xml:2768(ulink)
5840
6060
msgid "capabilities"
5841
6061
msgstr ""
5842
6062
5843
#: serverguide/C/virtualization.xml:2701(ulink)
6063
#: serverguide/C/virtualization.xml:2769(ulink)
5844
6064
msgid "lxc.conf"
5845
6065
msgstr ""
5846
6066
5847
#: serverguide/C/virtualization.xml:2706(para)
6067
#: serverguide/C/virtualization.xml:2774(para)
5848
6068
msgid ""
5849
6069
"The upstream LXC project is hosted at <ulink "
5850
6070
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
5851
6071
msgstr ""
5852
6072
5853
#: serverguide/C/virtualization.xml:2711(para)
6073
#: serverguide/C/virtualization.xml:2779(para)
5854
6074
msgid ""
5855
6075
"LXC security issues are listed and discussed at <ulink "
5856
6076
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
5857
6077
msgstr ""
5858
6078
5859
#: serverguide/C/virtualization.xml:2717(para)
6079
#: serverguide/C/virtualization.xml:2785(para)
5860
6080
msgid ""
5861
6081
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
5862
6082
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
6413
6633
"service with the following command"
6414
6634
msgstr ""
6415
6635
6416
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:508(command)
6636
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:360(command)
6417
6637
msgid "sudo systemctl reload apache2.service"
6418
6638
msgstr ""
6419
6639
6710
6930
#: serverguide/C/serverguide.xml:11(para)
6711
6931
msgid ""
6712
6932
"A copy of the license is available here: <ulink "
6713
"url=\"http://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6933
"url=\"https://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6714
6934
"ShareAlike License</ulink>."
6715
6935
msgstr ""
6716
6936
9274
9494
msgid ""
9275
9495
"The main Samba configuration file is located in "
9276
9496
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
9277
"a significant amount of comments in order to document various configuration "
9497
"a significant number of comments in order to document various configuration "
9278
9498
"directives."
9279
9499
msgstr ""
9280
9500
9401
9621
"new configuration:"
9402
9622
msgstr ""
9403
9623
9404
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4113(command)
9624
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2525(command) serverguide/C/network-auth.xml:4106(command)
9405
9625
msgid "sudo systemctl restart smbd.service nmbd.service"
9406
9626
msgstr ""
9407
9627
14732
14952
14733
14953
#: serverguide/C/network-config.xml:1418(para)
14734
14954
msgid ""
14735
"The package dpdk provides init scripts that ease configuration of device "
14736
"assignment and huge pages. It also makes them persistent accross reboots."
14955
"The package <emphasis>dpdk</emphasis> provides init scripts that ease "
14956
"configuration of device assignment and huge pages. It also makes them "
14957
"persistent accross reboots."
14737
14958
msgstr ""
14738
14959
14739
14960
#: serverguide/C/network-config.xml:1422(para)
14751
14972
"# <id> Device ID on the specified bus\n"
14752
14973
"# <driver> Driver to bind against (vfio-pci or uio_pci_generic)\n"
14753
14974
"#\n"
14754
"# Be aware that the two dpdk compatible drivers uio_pci_generic and vfio-pci "
14755
"are \n"
14975
"# Be aware that the two DPDK compatible drivers uio_pci_generic and vfio-pci "
14976
"are\n"
14756
14977
"# part of linux-image-extra-<VERSION> package.\n"
14757
14978
"# This package is not always installed by default - for example in cloud-"
14758
"images. \n"
14979
"images.\n"
14759
14980
"# So please install it in case you run into missing module issues.\n"
14760
14981
"#\n"
14761
14982
"# <bus> <id> <driver>\n"
14814
15035
14815
15036
#: serverguide/C/network-config.xml:1471(para)
14816
15037
msgid ""
14817
"The dpdk package has a config file and scripts that try to ease hugepage "
14818
"configuration for dpdk in the form of /etc/dpdk/dpdk.conf. If you have more "
14819
"consumers of hugepages than dpdk in your system or very special requirements "
14820
"how your hugepages are going to be set up you likely want to "
14821
"allocate/control them by yourself. If not this can be a great simplification "
14822
"to get dpdk to run for yourself."
15038
"The <emphasis>dpdk</emphasis> package has a config file and scripts that try "
15039
"to ease hugepage configuration for DPDK in the form of "
15040
"<emphasis>/etc/dpdk/dpdk.conf</emphasis>. If you have more consumers of "
15041
"hugepages than just DPDK in your system or very special requirements how "
15042
"your hugepages are going to be set up you likely want to allocate/control "
15043
"them by yourself. If not this can be a great simplification to get DPDK "
15044
"configured for your needs."
14823
15045
msgstr ""
14824
15046
14825
15047
#: serverguide/C/network-config.xml:1476(para)
14867
15089
14868
15090
#: serverguide/C/network-config.xml:1501(para)
14869
15091
msgid ""
14870
"You will often find guides that tell you to fetch the dpdk sources, build "
14871
"them to your needs and eventually build your application based on dpdk by "
15092
"You will often find guides that tell you to fetch the DPDK sources, build "
15093
"them to your needs and eventually build your application based on DPDK by "
14872
15094
"setting values RTE_* for the build system. Since Ubunutu provides an already "
14873
15095
"compiled DPDK for you can can skip all that. To simplify setting the proper "
14874
15096
"variables you can source the file /usr/share/dpdk/dpdk-sdk-env.sh before "
14889
15111
#: serverguide/C/network-config.xml:1512(para)
14890
15112
msgid ""
14891
15113
"Depending on what you build it might be a good addition to install all of "
14892
"dpdk build dependencies before the make."
15114
"DPDK build dependencies before the make."
14893
15115
msgstr ""
14894
15116
14895
15117
#: serverguide/C/network-config.xml:1515(programlisting)
14939
15161
14940
15162
#: serverguide/C/network-config.xml:1538(para)
14941
15163
msgid ""
14942
"The section ''--vhost-owner libvirt-qemu:kvm --vhost-perm 0664'' will set "
14943
"vhost_user ports up with owner/permissions to be compatible with Ubuntus way "
14944
"of running qemu-kvm/libvirt with reduced privileges for more security."
15164
"The section <emphasis>--vhost-owner libvirt-qemu:kvm --vhost-perm "
15165
"0664</emphasis> will set vhost_user ports up with owner/permissions to be "
15166
"compatible with Ubuntus way of running qemu-kvm/libvirt with reduced "
15167
"privileges for more security."
14945
15168
msgstr ""
14946
15169
14947
15170
#: serverguide/C/network-config.xml:1541(para)
14948
15171
msgid ""
15172
"Please note that the section <emphasis>-m 2048</emphasis> is the most basic "
15173
"numa setup for a single socket system. If you have multiple sockets you "
15174
"might want to define how to split your memory among them, for example "
15175
"<emphasis>-m 1024, 1024</emphasis>. Please be aware that DPDK will try to "
15176
"work only with local memory to the network cards it works with (for "
15177
"performance reasons). That said if you have multiple nodes, but all network "
15178
"cards on one, you should consider spreading your cards. If not at least "
15179
"allocate your memory to the node where the cards reside, for example in a "
15180
"two node all to node #2: <emphasis>-m 0, 2048</emphasis>. You can use the "
15181
"tool <emphasis>lstopo</emphasis> from the package <emphasis>hwloc-"
15182
"nox</emphasis> to see on which socket your cards are located."
15183
msgstr ""
15184
15185
#: serverguide/C/network-config.xml:1549(para)
15186
msgid ""
14949
15187
"The OpenVswitch you now started supports all port types OpenVswitch usually "
14950
15188
"does, plus DPDK port types. Here an example how to create a bridge and - "
14951
15189
"instead of a normal external port - add an external DPDK port to it."
14952
15190
msgstr ""
14953
15191
14954
#: serverguide/C/network-config.xml:1545(programlisting)
15192
#: serverguide/C/network-config.xml:1553(programlisting)
14955
15193
#, no-wrap
14956
15194
msgid ""
14957
15195
"\n"
14960
15198
"\t\t "
14961
15199
msgstr ""
14962
15200
14963
#: serverguide/C/network-config.xml:1552(title)
15201
#: serverguide/C/network-config.xml:1558(para)
15202
msgid ""
15203
"The enablement of DPDK in Open vSwitch has changed in version 2.6. So for "
15204
"users of releases >=16.10, but also for users of the <ulink "
15205
"url=\"https://wiki.ubuntu.com/OpenStack/CloudArchive\">Ubuntu Cloud "
15206
"Archive</ulink> >=neutron the enablement has changed compared to that for "
15207
"users of Ubuntu 16.04. The options formerly passed via "
15208
"<emphasis>DPDK_OPTS</emphasis> are now configured via ovs-vsctl into the "
15209
"Open vSwitch configuration database."
15210
msgstr ""
15211
15212
#: serverguide/C/network-config.xml:1563(para)
15213
msgid "The same example as above would in the new way look like:"
15214
msgstr ""
15215
15216
#: serverguide/C/network-config.xml:1566(programlisting)
15217
#, no-wrap
15218
msgid ""
15219
"\n"
15220
"# Enable DPDK\n"
15221
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-init=true\"\n"
15222
"# run on core 0\n"
15223
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-lcore-mask=0x1\"\n"
15224
"# Allocate 2G huge pages (not Numa node aware)\n"
15225
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-alloc-mem=2048\"\n"
15226
"# group/permissions for vhost-user sockets (required to work with "
15227
"libvirt/qemu)\n"
15228
"ovs-vsctl set Open_vSwitch . \\\n"
15229
" \"other_config:dpdk-extra=--vhost-owner libvirt-qemu:kvm --vhost-perm "
15230
"0666\"\n"
15231
"\t\t "
15232
msgstr ""
15233
15234
#: serverguide/C/network-config.xml:1581(filename)
15235
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK.md.gz"
15236
msgstr ""
15237
15238
#: serverguide/C/network-config.xml:1582(filename)
15239
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK-ADVANCED.md.gz"
15240
msgstr ""
15241
15242
#: serverguide/C/network-config.xml:1583(command)
15243
msgid "man ovs-vswitchd.conf.db"
15244
msgstr ""
15245
15246
#: serverguide/C/network-config.xml:1577(para)
15247
msgid ""
15248
"Please see the associated upstream documentation and the man page of the "
15249
"vswitch configuration as provided by the package for more details: "
15250
"<placeholder-1/>"
15251
msgstr ""
15252
15253
#: serverguide/C/network-config.xml:1590(title)
14964
15254
msgid "OpenVswitch DPDK to KVM Guests"
14965
15255
msgstr ""
14966
15256
14967
#: serverguide/C/network-config.xml:1553(para)
15257
#: serverguide/C/network-config.xml:1591(para)
14968
15258
msgid ""
14969
15259
"If you are not building some sort of SDN switch or NFV on top of DPDK it is "
14970
15260
"very likely that you want to forward traffic to KVM guests. The good news "
14974
15264
"DPDK instance."
14975
15265
msgstr ""
14976
15266
14977
#: serverguide/C/network-config.xml:1558(para)
15267
#: serverguide/C/network-config.xml:1596(para)
14978
15268
msgid ""
14979
15269
"The Guest has to be backed by shared hugepages for DPDK/vhost_user to work. "
14980
15270
"To ensure in general that libvirt/qemu-kvm finds a proper hugepage "
14982
15272
"Afterwards restart the service to pick up the changed configuration."
14983
15273
msgstr ""
14984
15274
14985
#: serverguide/C/network-config.xml:1563(programlisting)
15275
#: serverguide/C/network-config.xml:1601(programlisting)
14986
15276
#, no-wrap
14987
15277
msgid ""
14988
15278
"\n"
14991
15281
"\t\t "
14992
15282
msgstr ""
14993
15283
14994
#: serverguide/C/network-config.xml:1567(para)
15284
#: serverguide/C/network-config.xml:1605(para)
14995
15285
msgid ""
14996
15286
"To let a guest be backed by hugepages is now also supported via recent "
14997
15287
"libvirt, just add the following snippet to your virsh xml (or the equivalent "
14999
15289
"easily spawn guests with \"uvt-kvm create\"."
15000
15290
msgstr ""
15001
15291
15002
#: serverguide/C/network-config.xml:1571(programlisting)
15292
#: serverguide/C/network-config.xml:1609(programlisting)
15003
15293
#, no-wrap
15004
15294
msgid ""
15005
15295
"\n"
15014
15304
"\t\t "
15015
15305
msgstr ""
15016
15306
15017
#: serverguide/C/network-config.xml:1580(para)
15307
#: serverguide/C/network-config.xml:1618(para)
15018
15308
msgid ""
15019
15309
"The new and recommended way to get to a KVM guest is using vhost_user. This "
15020
15310
"will cause DPDK to create a socket that qemu will connect the guest to. Here "
15021
15311
"an example how to add such a port to the bridge you created (see above)."
15022
15312
msgstr ""
15023
15313
15024
#: serverguide/C/network-config.xml:1585(programlisting)
15314
#: serverguide/C/network-config.xml:1623(programlisting)
15025
15315
#, no-wrap
15026
15316
msgid ""
15027
15317
"\n"
15030
15320
"\t\t "
15031
15321
msgstr ""
15032
15322
15033
#: serverguide/C/network-config.xml:1588(para)
15323
#: serverguide/C/network-config.xml:1626(para)
15034
15324
msgid ""
15035
15325
"This will create a vhost_user socket at /var/run/openvswitch/vhost-user-1"
15036
15326
msgstr ""
15037
15327
15038
#: serverguide/C/network-config.xml:1591(para)
15328
#: serverguide/C/network-config.xml:1629(para)
15039
15329
msgid ""
15040
15330
"To let libvirt/kvm consume this socket and create a guest virtio network "
15041
15331
"device for it add a snippet like this to your guest definition as the "
15042
15332
"network definition."
15043
15333
msgstr ""
15044
15334
15045
#: serverguide/C/network-config.xml:1594(programlisting)
15335
#: serverguide/C/network-config.xml:1632(programlisting)
15046
15336
#, no-wrap
15047
15337
msgid ""
15048
15338
"\n"
15055
15345
"\t\t "
15056
15346
msgstr ""
15057
15347
15058
#: serverguide/C/network-config.xml:1605(title)
15348
#: serverguide/C/network-config.xml:1643(title)
15059
15349
msgid "DPDK in KVM Guests"
15060
15350
msgstr ""
15061
15351
15062
#: serverguide/C/network-config.xml:1606(para)
15352
#: serverguide/C/network-config.xml:1644(para)
15063
15353
msgid ""
15064
15354
"If you have no access to DPDK supported network cards you can still work "
15065
15355
"with DPDK by using its support for virtio. To do so you have to create "
15066
15356
"guests backed by hugepages (see above)."
15067
15357
msgstr ""
15068
15358
15069
#: serverguide/C/network-config.xml:1610(para)
15359
#: serverguide/C/network-config.xml:1648(para)
15070
15360
msgid ""
15071
15361
"On top of that there it is required to have at least SSE3. The default CPU "
15072
15362
"model qemu/libvirt uses is only up to SSE2. So you will have to define a "
15075
15365
"virsh xml (or the equivalent virsh interface you use)."
15076
15366
msgstr ""
15077
15367
15078
#: serverguide/C/network-config.xml:1616(programlisting)
15368
#: serverguide/C/network-config.xml:1654(programlisting)
15079
15369
#, no-wrap
15080
15370
msgid ""
15081
15371
"\n"
15083
15373
"\t\t "
15084
15374
msgstr ""
15085
15375
15086
#: serverguide/C/network-config.xml:1619(para)
15376
#: serverguide/C/network-config.xml:1657(para)
15087
15377
msgid ""
15088
15378
"This example is rather offensive and passes all host features. That in turn "
15089
15379
"makes the guest not very migratable as the target would need all the "
15091
15381
"like the following example."
15092
15382
msgstr ""
15093
15383
15094
#: serverguide/C/network-config.xml:1624(programlisting)
15384
#: serverguide/C/network-config.xml:1662(programlisting)
15095
15385
#, no-wrap
15096
15386
msgid ""
15097
15387
"\n"
15102
15392
"\t\t "
15103
15393
msgstr ""
15104
15394
15105
#: serverguide/C/network-config.xml:1630(para)
15395
#: serverguide/C/network-config.xml:1668(para)
15106
15396
msgid ""
15107
15397
"Also virtio nowadays supports multiqueue which DPDK in turn can exploit for "
15108
15398
"better speed. To modify a normal virtio definition to have multiple queues "
15111
15401
"DPDK in the guest."
15112
15402
msgstr ""
15113
15403
15114
#: serverguide/C/network-config.xml:1635(programlisting)
15404
#: serverguide/C/network-config.xml:1673(programlisting)
15115
15405
#, no-wrap
15116
15406
msgid ""
15117
15407
"\n"
15119
15409
"\t\t "
15120
15410
msgstr ""
15121
15411
15122
#: serverguide/C/network-config.xml:1641(title)
15412
#: serverguide/C/network-config.xml:1679(title)
15123
15413
msgid "Tuning Openvswitch-DPDK"
15124
15414
msgstr ""
15125
15415
15126
#: serverguide/C/network-config.xml:1642(para)
15416
#: serverguide/C/network-config.xml:1680(para)
15127
15417
msgid ""
15128
15418
"DPDK has plenty of options - in combination with Openvswitch-DPDK the two "
15129
15419
"most commonly used are:"
15130
15420
msgstr ""
15131
15421
15132
#: serverguide/C/network-config.xml:1645(programlisting)
15422
#: serverguide/C/network-config.xml:1683(programlisting)
15133
15423
#, no-wrap
15134
15424
msgid ""
15135
15425
"\n"
15138
15428
"\t\t "
15139
15429
msgstr ""
15140
15430
15141
#: serverguide/C/network-config.xml:1649(para)
15431
#: serverguide/C/network-config.xml:1687(para)
15142
15432
msgid ""
15143
15433
"The first select how many rx queues are to be used for each DPDK interface, "
15144
15434
"while the second controls how many and where to run PMD threads. The example "
15147
15437
"installation\" at the end of this document for more."
15148
15438
msgstr ""
15149
15439
15150
#: serverguide/C/network-config.xml:1654(para)
15440
#: serverguide/C/network-config.xml:1692(para)
15151
15441
msgid ""
15152
15442
"As usual with tunings you have to know your system and workload really well -"
15153
15443
" so please verify any tunings with workloads matching your real use case."
15154
15444
msgstr ""
15155
15445
15156
#: serverguide/C/network-config.xml:1661(para)
15446
#: serverguide/C/network-config.xml:1699(para)
15157
15447
msgid ""
15158
15448
"DPDK is a fast evolving project. In any case of a search for support and "
15159
15449
"further guides it is highly recommended to first check if they apply to the "
15160
15450
"current version."
15161
15451
msgstr ""
15162
15452
15163
#: serverguide/C/network-config.xml:1668(ulink)
15453
#: serverguide/C/network-config.xml:1707(ulink)
15164
15454
msgid "DPDK Mailing Lists"
15165
15455
msgstr ""
15166
15456
15167
#: serverguide/C/network-config.xml:1672(para)
15457
#: serverguide/C/network-config.xml:1711(para)
15168
15458
msgid ""
15169
15459
"For OpenVswitch-DPDK <ulink url=\"http://openvswitch.org/mlists\">OpenStack "
15170
15460
"Mailing Lists</ulink>"
15171
15461
msgstr ""
15172
15462
15173
#: serverguide/C/network-config.xml:1677(para)
15463
#: serverguide/C/network-config.xml:1716(para)
15174
15464
msgid ""
15175
15465
"Known issues in <ulink "
15176
15466
"url=\"https://bugs.launchpad.net/ubuntu/+source/dpdk\">DPDK Launchpad "
15177
15467
"Area</ulink>"
15178
15468
msgstr ""
15179
15469
15180
#: serverguide/C/network-config.xml:1682(para)
15470
#: serverguide/C/network-config.xml:1721(para)
15181
15471
msgid "Join the IRC channels #DPDK or #openvswitch on freenode."
15182
15472
msgstr ""
15183
15473
15184
#: serverguide/C/network-config.xml:1696(ulink)
15474
#: serverguide/C/network-config.xml:1727(para)
15475
msgid ""
15476
"Issues are often due to missing small details in the general setup. Later "
15477
"on, these missing details cause problems which can be hard to track down to "
15478
"their root cause. A common case seems to be the \"could not open network "
15479
"device dpdk0 (No such device)\" issue. This occurs rather late when setting "
15480
"up a port in Open vSwitch with DPDK. But the root cause most of the time is "
15481
"very early in the setup and initialization. Here an example how a proper "
15482
"initialization of a device looks - this can be found in the syslog/journal "
15483
"when starting Open vSwitch with DPDK enabled."
15484
msgstr ""
15485
15486
#: serverguide/C/network-config.xml:1738(programlisting)
15487
#, no-wrap
15488
msgid ""
15489
"\n"
15490
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15491
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15492
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
15493
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
15494
"\t\t "
15495
msgstr ""
15496
15497
#: serverguide/C/network-config.xml:1745(para)
15498
msgid ""
15499
"If this is missing, either by ignored cards, failed initialization or other "
15500
"reasons, later on there will be no DPDK device to refer to. Unfortunately "
15501
"the logging is spread across syslog/journal and the openvswitch log. To "
15502
"allow some cross checking here an example what can be found in these logs, "
15503
"relative to the entered command."
15504
msgstr ""
15505
15506
#: serverguide/C/network-config.xml:1753(programlisting)
15507
#, no-wrap
15508
msgid ""
15509
"\n"
15510
"#Note: This log was taken with dpdk 2.2 and openvswitch 2.5\n"
15511
"Captions:\n"
15512
"CMD: that you enter\n"
15513
"SYSLOG: (Inlcuding EAL and OVS Messages)\n"
15514
"OVS-LOG: (Openvswitch messages)\n"
15515
"\n"
15516
"#PREPARATION\n"
15517
"Bind an interface to DPDK UIO drivers, make Hugepages available, enable DPDK "
15518
"on OVS\n"
15519
"\n"
15520
"CMD: sudo service openvswitch-switch restart\n"
15521
"\n"
15522
"SYSLOG:\n"
15523
"2016-01-22T08:58:31.372Z|00003|daemon_unix(monitor)|INFO|pid 3329 died, "
15524
"killed (Terminated), exiting\n"
15525
"2016-01-22T08:58:33.377Z|00002|vlog|INFO|opened log file "
15526
"/var/log/openvswitch/ovs-vswitchd.log\n"
15527
"2016-01-22T08:58:33.381Z|00003|ovs_numa|INFO|Discovered 12 CPU cores on NUMA "
15528
"node 0\n"
15529
"2016-01-22T08:58:33.381Z|00004|ovs_numa|INFO|Discovered 1 NUMA nodes and 12 "
15530
"CPU cores\n"
15531
"2016-01-"
15532
"22T08:58:33.381Z|00005|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15533
"connecting...\n"
15534
"2016-01-"
15535
"22T08:58:33.383Z|00006|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15536
"connected\n"
15537
"2016-01-22T08:58:33.386Z|00007|bridge|INFO|ovs-vswitchd (Open vSwitch) "
15538
"2.5.0\n"
15539
"\n"
15540
"OVS-LOG:\n"
15541
"systemd[1]: Stopping Open vSwitch...\n"
15542
"systemd[1]: Stopped Open vSwitch.\n"
15543
"systemd[1]: Stopping Open vSwitch Internal Unit...\n"
15544
"ovs-ctl[3541]: * Killing ovs-vswitchd (3329)\n"
15545
"ovs-ctl[3541]: * Killing ovsdb-server (3318)\n"
15546
"systemd[1]: Stopped Open vSwitch Internal Unit.\n"
15547
"systemd[1]: Starting Open vSwitch Internal Unit...\n"
15548
"ovs-ctl[3560]: * Starting ovsdb-server\n"
15549
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait -- init -- set "
15550
"Open_vSwitch . db-version=7.12.1\n"
15551
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait set "
15552
"Open_vSwitch . ovs-version=2.5.0 \"external-ids:system-id=\\\"e7c5ba80-bb14-"
15553
"45c1-b8eb-628f3ad03903\\\"\" \"system-type=\\\"Ubuntu\\\"\" \"system-"
15554
"version=\\\"16.04-xenial\\\"\"\n"
15555
"ovs-ctl[3560]: * Configuring Open vSwitch system IDs\n"
15556
"ovs-ctl[3560]: 2016-01-22T08:58:31Z|00001|dpdk|INFO|No -vhost_sock_dir "
15557
"provided - defaulting to /var/run/openvswitch\n"
15558
"ovs-vswitchd: ovs|00001|dpdk|INFO|No -vhost_sock_dir provided - defaulting "
15559
"to /var/run/openvswitch\n"
15560
"ovs-ctl[3560]: EAL: Detected lcore 0 as core 0 on socket 0\n"
15561
"ovs-ctl[3560]: EAL: Detected lcore 1 as core 1 on socket 0\n"
15562
"ovs-ctl[3560]: EAL: Detected lcore 2 as core 2 on socket 0\n"
15563
"ovs-ctl[3560]: EAL: Detected lcore 3 as core 3 on socket 0\n"
15564
"ovs-ctl[3560]: EAL: Detected lcore 4 as core 4 on socket 0\n"
15565
"ovs-ctl[3560]: EAL: Detected lcore 5 as core 5 on socket 0\n"
15566
"ovs-ctl[3560]: EAL: Detected lcore 6 as core 0 on socket 0\n"
15567
"ovs-ctl[3560]: EAL: Detected lcore 7 as core 1 on socket 0\n"
15568
"ovs-ctl[3560]: EAL: Detected lcore 8 as core 2 on socket 0\n"
15569
"ovs-ctl[3560]: EAL: Detected lcore 9 as core 3 on socket 0\n"
15570
"ovs-ctl[3560]: EAL: Detected lcore 10 as core 4 on socket 0\n"
15571
"ovs-ctl[3560]: EAL: Detected lcore 11 as core 5 on socket 0\n"
15572
"ovs-ctl[3560]: EAL: Support maximum 128 logical core(s) by configuration.\n"
15573
"ovs-ctl[3560]: EAL: Detected 12 lcore(s)\n"
15574
"ovs-ctl[3560]: EAL: VFIO modules not all loaded, skip VFIO support...\n"
15575
"ovs-ctl[3560]: EAL: Setting up physically contiguous memory...\n"
15576
"ovs-ctl[3560]: EAL: Ask a virtual area of 0x100000000 bytes\n"
15577
"ovs-ctl[3560]: EAL: Virtual area found at 0x7f2040000000 (size = "
15578
"0x100000000)\n"
15579
"ovs-ctl[3560]: EAL: Requesting 4 pages of size 1024MB from socket 0\n"
15580
"ovs-ctl[3560]: EAL: TSC frequency is ~2397202 KHz\n"
15581
"ovs-vswitchd[3592]: EAL: TSC frequency is ~2397202 KHz\n"
15582
"ovs-vswitchd[3592]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
15583
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
15584
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15585
"ovs-vswitchd[3592]: EAL: Not managed by a supported kernel driver, "
15586
"skipped\n"
15587
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15588
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15589
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140000000\n"
15590
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140200000\n"
15591
"ovs-ctl[3560]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
15592
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
15593
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15594
"ovs-ctl[3560]: EAL: Not managed by a supported kernel driver, skipped\n"
15595
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15596
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15597
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
15598
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
15599
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
15600
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
15601
"deviceID=0x1528\n"
15602
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
15603
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
15604
"deviceID=0x1528\n"
15605
"ovs-ctl[3560]: Zone 0: name:<RG_MP_log_history>, phys:0x83fffdec0, "
15606
"len:0x2080, virt:0x7f213fffdec0, socket_id:0, flags:0\n"
15607
"ovs-ctl[3560]: Zone 1: name:<MP_log_history>, phys:0x83fd73d40, "
15608
"len:0x28a0c0, virt:0x7f213fd73d40, socket_id:0, flags:0\n"
15609
"ovs-ctl[3560]: Zone 2: name:<rte_eth_dev_data>, phys:0x83fd43380, "
15610
"len:0x2f700, virt:0x7f213fd43380, socket_id:0, flags:0\n"
15611
"ovs-ctl[3560]: * Starting ovs-vswitchd\n"
15612
"ovs-ctl[3560]: * Enabling remote OVSDB managers\n"
15613
"systemd[1]: Started Open vSwitch Internal Unit.\n"
15614
"systemd[1]: Starting Open vSwitch...\n"
15615
"systemd[1]: Started Open vSwitch.\n"
15616
"\n"
15617
"\n"
15618
"CMD: sudo ovs-vsctl add-br ovsdpdkbr0 -- set bridge ovsdpdkbr0 "
15619
"datapath_type=netdev\n"
15620
"\n"
15621
"SYSLOG:\n"
15622
"2016-01-22T08:58:56.344Z|00008|memory|INFO|37256 kB peak resident set size "
15623
"after 24.5 seconds\n"
15624
"2016-01-22T08:58:56.346Z|00009|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15625
"supports recirculation\n"
15626
"2016-01-22T08:58:56.346Z|00010|ofproto_dpif|INFO|netdev@ovs-netdev: MPLS "
15627
"label stack length probed as 3\n"
15628
"2016-01-22T08:58:56.346Z|00011|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15629
"supports unique flow ids\n"
15630
"2016-01-22T08:58:56.346Z|00012|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15631
"does not support ct_state\n"
15632
"2016-01-22T08:58:56.346Z|00013|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15633
"does not support ct_zone\n"
15634
"2016-01-22T08:58:56.346Z|00014|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15635
"does not support ct_mark\n"
15636
"2016-01-22T08:58:56.346Z|00015|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15637
"does not support ct_label\n"
15638
"2016-01-22T08:58:56.360Z|00016|bridge|INFO|bridge ovsdpdkbr0: added "
15639
"interface ovsdpdkbr0 on port 65534\n"
15640
"2016-01-22T08:58:56.361Z|00017|bridge|INFO|bridge ovsdpdkbr0: using datapath "
15641
"ID 00005a4a1ed0a14d\n"
15642
"2016-01-22T08:58:56.361Z|00018|connmgr|INFO|ovsdpdkbr0: added service "
15643
"controller \"punix:/var/run/openvswitch/ovsdpdkbr0.mgmt\"\n"
15644
"\n"
15645
"OVS-LOG:\n"
15646
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-br ovsdpdkbr0 -- set "
15647
"bridge ovsdpdkbr0 datapath_type=netdev\n"
15648
"systemd-udevd[3607]: Could not generate persistent MAC address for ovs-"
15649
"netdev: No such file or directory\n"
15650
"kernel: [50165.886554] device ovs-netdev entered promiscuous mode\n"
15651
"kernel: [50165.901261] device ovsdpdkbr0 entered promiscuous mode\n"
15652
"\n"
15653
"\n"
15654
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 dpdk0 -- set Interface dpdk0 "
15655
"type=dpdk\n"
15656
"\n"
15657
"SYSLOG:\n"
15658
"2016-01-22T08:59:06.369Z|00019|memory|INFO|peak resident set size grew 155% "
15659
"in last 10.0 seconds, from 37256 kB to 95008 kB\n"
15660
"2016-01-22T08:59:06.369Z|00020|memory|INFO|handlers:4 ports:1 revalidators:2 "
15661
"rules:5\n"
15662
"2016-01-22T08:59:30.989Z|00021|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
15663
"2016-01-22T08:59:31.520Z|00022|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
15664
"2016-01-22T08:59:31.521Z|00023|dpif_netdev|INFO|Created 1 pmd threads on "
15665
"numa node 0\n"
15666
"2016-01-22T08:59:31.522Z|00001|dpif_netdev(pmd16)|INFO|Core 0 processing "
15667
"port 'dpdk0'\n"
15668
"2016-01-22T08:59:31.522Z|00024|bridge|INFO|bridge ovsdpdkbr0: added "
15669
"interface dpdk0 on port 1\n"
15670
"2016-01-22T08:59:31.522Z|00025|bridge|INFO|bridge ovsdpdkbr0: using datapath "
15671
"ID 00008cdcd4b36de9\n"
15672
"2016-01-22T08:59:31.523Z|00002|dpif_netdev(pmd16)|INFO|Core 0 processing "
15673
"port 'dpdk0'\n"
15674
"\n"
15675
"OVS-LOG:\n"
15676
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
15677
"dpdk0 -- set Interface dpdk0 type=dpdk\n"
15678
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
15679
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
15680
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15681
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15682
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
15683
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
15684
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
15685
"make sure RX burst size no less than 4 (port=0).\n"
15686
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
15687
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
15688
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15689
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15690
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a76e4c0 "
15691
"hw_ring=0x7f211a776500 dma_addr=0x81a776500\n"
15692
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15693
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15694
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a756440 "
15695
"hw_ring=0x7f211a75e480 dma_addr=0x81a75e480\n"
15696
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15697
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15698
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a73e3c0 "
15699
"hw_ring=0x7f211a746400 dma_addr=0x81a746400\n"
15700
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15701
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15702
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a726340 "
15703
"hw_ring=0x7f211a72e380 dma_addr=0x81a72e380\n"
15704
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15705
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15706
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a70e2c0 "
15707
"hw_ring=0x7f211a716300 dma_addr=0x81a716300\n"
15708
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15709
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15710
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6f6240 "
15711
"hw_ring=0x7f211a6fe280 dma_addr=0x81a6fe280\n"
15712
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15713
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15714
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6de1c0 "
15715
"hw_ring=0x7f211a6e6200 dma_addr=0x81a6e6200\n"
15716
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15717
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15718
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6c6140 "
15719
"hw_ring=0x7f211a6ce180 dma_addr=0x81a6ce180\n"
15720
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15721
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15722
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6ae0c0 "
15723
"hw_ring=0x7f211a6b6100 dma_addr=0x81a6b6100\n"
15724
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15725
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15726
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a696040 "
15727
"hw_ring=0x7f211a69e080 dma_addr=0x81a69e080\n"
15728
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15729
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15730
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a67dfc0 "
15731
"hw_ring=0x7f211a686000 dma_addr=0x81a686000\n"
15732
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15733
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15734
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a665e40 "
15735
"hw_ring=0x7f211a66de80 dma_addr=0x81a66de80\n"
15736
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15737
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15738
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
15739
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
15740
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
15741
"make sure RX burst size no less than 4 (port=0).\n"
15742
"\n"
15743
"\n"
15744
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 vhost-user-1 -- set Interface vhost-"
15745
"user-1 type=dpdkvhostuser\n"
15746
"\n"
15747
"OVS-LOG:\n"
15748
"2016-01-22T09:00:35.145Z|00026|dpdk|INFO|Socket /var/run/openvswitch/vhost-"
15749
"user-1 created for vhost-user port vhost-user-1\n"
15750
"2016-01-22T09:00:35.145Z|00003|dpif_netdev(pmd16)|INFO|Core 0 processing "
15751
"port 'dpdk0'\n"
15752
"2016-01-22T09:00:35.145Z|00004|dpif_netdev(pmd16)|INFO|Core 0 processing "
15753
"port 'vhost-user-1'\n"
15754
"2016-01-22T09:00:35.145Z|00027|bridge|INFO|bridge ovsdpdkbr0: added "
15755
"interface vhost-user-1 on port 2\n"
15756
"\n"
15757
"SYSLOG:\n"
15758
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
15759
"vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser\n"
15760
"ovs-vswitchd[3595]: VHOST_CONFIG: socket created, fd:46\n"
15761
"ovs-vswitchd[3595]: VHOST_CONFIG: bind to /var/run/openvswitch/vhost-user-1\n"
15762
"\n"
15763
"Eventually we can see the poll thread in top\n"
15764
" PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND\n"
15765
" 3595 root 10 -10 4975344 103936 9916 S 100.0 0.3 33:13.56 ovs-"
15766
"vswitchd\n"
15767
"\t\t "
15768
msgstr ""
15769
15770
#: serverguide/C/network-config.xml:1950(ulink)
15185
15771
msgid "DPDK Documentation"
15186
15772
msgstr ""
15187
15773
15188
#: serverguide/C/network-config.xml:1701(ulink)
15774
#: serverguide/C/network-config.xml:1955(ulink)
15189
15775
msgid "Release Notes matching the version packages in Ubuntu 16.04"
15190
15776
msgstr ""
15191
15777
15192
#: serverguide/C/network-config.xml:1706(ulink)
15778
#: serverguide/C/network-config.xml:1960(ulink)
15193
15779
msgid "Linux DPDK User Getting Started"
15194
15780
msgstr ""
15195
15781
15196
#: serverguide/C/network-config.xml:1711(ulink)
15782
#: serverguide/C/network-config.xml:1965(ulink)
15197
15783
msgid "EAL Command-line Options"
15198
15784
msgstr ""
15199
15785
15200
#: serverguide/C/network-config.xml:1716(ulink)
15786
#: serverguide/C/network-config.xml:1970(ulink)
15201
15787
msgid "DPDK Api Documentation"
15202
15788
msgstr ""
15203
15789
15204
#: serverguide/C/network-config.xml:1721(ulink)
15790
#: serverguide/C/network-config.xml:1975(ulink)
15205
15791
msgid "OpenVswitch DPDK installation"
15206
15792
msgstr ""
15207
15793
15208
#: serverguide/C/network-config.xml:1726(ulink)
15794
#: serverguide/C/network-config.xml:1980(ulink)
15209
15795
msgid "Wikipedias definition of DPDK"
15210
15796
msgstr ""
15211
15797
16221
16807
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
16222
16808
msgstr ""
16223
16809
16224
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3910(command)
16810
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3903(command)
16225
16811
msgid "sudo systemctl restart slapd.service"
16226
16812
msgstr ""
16227
16813
17710
18296
"specifically you want Samba to do for you and then configure it accordingly."
17711
18297
msgstr ""
17712
18298
17713
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3999(title)
18299
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3992(title)
17714
18300
msgid "Software Installation"
17715
18301
msgstr ""
17716
18302
17962
18548
#: serverguide/C/network-auth.xml:2454(para)
17963
18549
msgid ""
17964
18550
"Next, configure the <application>smbldap-tools</application> package to "
17965
"match your environment. The package is supposed to come with a configuration "
17966
"helper script (smbldap-config.pl, formerly configure.pl) that will ask "
17967
"questions about the needed options but there is a <ulink "
17968
"url=\"https://bugs.launchpad.net/serverguide/+bug/997172\">bug</ulink> "
17969
"whereby it is not installed (but found in the source code; 'apt source "
17970
"smbldap-tools')."
17971
msgstr ""
17972
17973
#: serverguide/C/network-auth.xml:2461(para)
17974
msgid ""
17975
"To manually configure the package, you need to create and edit the files "
17976
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
17977
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
17978
msgstr ""
17979
17980
#: serverguide/C/network-auth.xml:2466(para)
18551
"match your environment. The package comes with a configuration helper "
18552
"script, smbldap-config.pl, that will ask questions."
18553
msgstr ""
18554
18555
#: serverguide/C/network-auth.xml:2459(para)
17981
18556
msgid ""
17982
18557
"The <application>smbldap-populate</application> script will then add the "
17983
18558
"LDAP objects required for Samba. It is a good idea to first make a backup of "
17984
18559
"your DIT using <application>slapcat</application>:"
17985
18560
msgstr ""
17986
18561
17987
#: serverguide/C/network-auth.xml:2472(command)
18562
#: serverguide/C/network-auth.xml:2465(command)
17988
18563
msgid "sudo slapcat -l backup.ldif"
17989
18564
msgstr ""
17990
18565
17991
#: serverguide/C/network-auth.xml:2475(para)
18566
#: serverguide/C/network-auth.xml:2468(para)
17992
18567
msgid "Once you have a backup proceed to populate your directory:"
17993
18568
msgstr ""
17994
18569
17995
#: serverguide/C/network-auth.xml:2480(command)
18570
#: serverguide/C/network-auth.xml:2473(command)
17996
18571
msgid "sudo smbldap-populate"
17997
18572
msgstr ""
17998
18573
17999
#: serverguide/C/network-auth.xml:2483(para)
18574
#: serverguide/C/network-auth.xml:2476(para)
18000
18575
msgid ""
18001
18576
"You can create a LDIF file containing the new Samba objects by executing "
18002
18577
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
18005
18580
"and import its data per usual."
18006
18581
msgstr ""
18007
18582
18008
#: serverguide/C/network-auth.xml:2489(para)
18583
#: serverguide/C/network-auth.xml:2482(para)
18009
18584
msgid ""
18010
18585
"Your LDAP directory now has the necessary information to authenticate Samba "
18011
18586
"users."
18012
18587
msgstr ""
18013
18588
18014
#: serverguide/C/network-auth.xml:2498(title) serverguide/C/network-auth.xml:4031(title)
18589
#: serverguide/C/network-auth.xml:2491(title) serverguide/C/network-auth.xml:4024(title)
18015
18590
msgid "Samba Configuration"
18016
18591
msgstr ""
18017
18592
18018
#: serverguide/C/network-auth.xml:2500(para)
18593
#: serverguide/C/network-auth.xml:2493(para)
18019
18594
msgid ""
18020
18595
"There are multiple ways to configure Samba. For details on some common "
18021
18596
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
18024
18599
"adding some ldap-related ones:"
18025
18600
msgstr ""
18026
18601
18027
#: serverguide/C/network-auth.xml:2506(programlisting)
18602
#: serverguide/C/network-auth.xml:2499(programlisting)
18028
18603
#, no-wrap
18029
18604
msgid ""
18030
18605
"\n"
18044
18619
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
18045
18620
msgstr ""
18046
18621
18047
#: serverguide/C/network-auth.xml:2523(para)
18622
#: serverguide/C/network-auth.xml:2516(para)
18048
18623
msgid "Change the values to match your environment."
18049
18624
msgstr ""
18050
18625
18051
#: serverguide/C/network-auth.xml:2527(para)
18626
#: serverguide/C/network-auth.xml:2520(para)
18052
18627
msgid "Restart <application>samba</application> to enable the new settings:"
18053
18628
msgstr ""
18054
18629
18055
#: serverguide/C/network-auth.xml:2535(para)
18630
#: serverguide/C/network-auth.xml:2528(para)
18056
18631
msgid ""
18057
18632
"Now inform Samba about the rootDN user's password (the one set during the "
18058
18633
"installation of the slapd package):"
18059
18634
msgstr ""
18060
18635
18061
#: serverguide/C/network-auth.xml:2540(command)
18636
#: serverguide/C/network-auth.xml:2533(command)
18062
18637
msgid "sudo smbpasswd -w password"
18063
18638
msgstr ""
18064
18639
18065
#: serverguide/C/network-auth.xml:2543(para)
18640
#: serverguide/C/network-auth.xml:2536(para)
18066
18641
msgid ""
18067
18642
"If you have existing LDAP users that you want to include in your new LDAP-"
18068
18643
"backed Samba they will, of course, also need to be given some of the extra "
18072
18647
"<application>libnss-ldap</application>):"
18073
18648
msgstr ""
18074
18649
18075
#: serverguide/C/network-auth.xml:2551(command)
18650
#: serverguide/C/network-auth.xml:2544(command)
18076
18651
msgid "sudo smbpasswd -a username"
18077
18652
msgstr ""
18078
18653
18079
#: serverguide/C/network-auth.xml:2554(para)
18654
#: serverguide/C/network-auth.xml:2547(para)
18080
18655
msgid ""
18081
18656
"You will prompted to enter a password. It will be considered as the new "
18082
18657
"password for that user. Making it the same as before is reasonable."
18083
18658
msgstr ""
18084
18659
18085
#: serverguide/C/network-auth.xml:2558(para)
18660
#: serverguide/C/network-auth.xml:2551(para)
18086
18661
msgid ""
18087
18662
"To manage user, group, and machine accounts use the utilities provided by "
18088
18663
"the <application>smbldap-tools</application> package. Here are some examples:"
18089
18664
msgstr ""
18090
18665
18091
#: serverguide/C/network-auth.xml:2566(para)
18666
#: serverguide/C/network-auth.xml:2559(para)
18092
18667
msgid "To add a new user:"
18093
18668
msgstr ""
18094
18669
18095
#: serverguide/C/network-auth.xml:2571(command)
18670
#: serverguide/C/network-auth.xml:2564(command)
18096
18671
msgid "sudo smbldap-useradd -a -P username"
18097
18672
msgstr ""
18098
18673
18099
#: serverguide/C/network-auth.xml:2574(para)
18674
#: serverguide/C/network-auth.xml:2567(para)
18100
18675
msgid ""
18101
18676
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
18102
18677
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
18104
18679
"a password for the user."
18105
18680
msgstr ""
18106
18681
18107
#: serverguide/C/network-auth.xml:2581(para)
18682
#: serverguide/C/network-auth.xml:2574(para)
18108
18683
msgid "To remove a user:"
18109
18684
msgstr ""
18110
18685
18111
#: serverguide/C/network-auth.xml:2586(command)
18686
#: serverguide/C/network-auth.xml:2579(command)
18112
18687
msgid "sudo smbldap-userdel username"
18113
18688
msgstr ""
18114
18689
18115
#: serverguide/C/network-auth.xml:2589(para)
18690
#: serverguide/C/network-auth.xml:2582(para)
18116
18691
msgid ""
18117
18692
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
18118
18693
"user's home directory."
18119
18694
msgstr ""
18120
18695
18121
#: serverguide/C/network-auth.xml:2595(para)
18696
#: serverguide/C/network-auth.xml:2588(para)
18122
18697
msgid "To add a group:"
18123
18698
msgstr ""
18124
18699
18125
#: serverguide/C/network-auth.xml:2600(command)
18700
#: serverguide/C/network-auth.xml:2593(command)
18126
18701
msgid "sudo smbldap-groupadd -a groupname"
18127
18702
msgstr ""
18128
18703
18129
#: serverguide/C/network-auth.xml:2603(para)
18704
#: serverguide/C/network-auth.xml:2596(para)
18130
18705
msgid ""
18131
18706
"As for <application>smbldap-useradd</application>, the <emphasis>-"
18132
18707
"a</emphasis> adds the Samba attributes."
18133
18708
msgstr ""
18134
18709
18135
#: serverguide/C/network-auth.xml:2609(para)
18710
#: serverguide/C/network-auth.xml:2602(para)
18136
18711
msgid "To make an existing user a member of a group:"
18137
18712
msgstr ""
18138
18713
18139
#: serverguide/C/network-auth.xml:2614(command)
18714
#: serverguide/C/network-auth.xml:2607(command)
18140
18715
msgid "sudo smbldap-groupmod -m username groupname"
18141
18716
msgstr ""
18142
18717
18143
#: serverguide/C/network-auth.xml:2617(para)
18718
#: serverguide/C/network-auth.xml:2610(para)
18144
18719
msgid ""
18145
18720
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
18146
18721
"listing them in comma-separated format."
18147
18722
msgstr ""
18148
18723
18149
#: serverguide/C/network-auth.xml:2623(para)
18724
#: serverguide/C/network-auth.xml:2616(para)
18150
18725
msgid "To remove a user from a group:"
18151
18726
msgstr ""
18152
18727
18153
#: serverguide/C/network-auth.xml:2628(command)
18728
#: serverguide/C/network-auth.xml:2621(command)
18154
18729
msgid "sudo smbldap-groupmod -x username groupname"
18155
18730
msgstr ""
18156
18731
18157
#: serverguide/C/network-auth.xml:2634(para)
18732
#: serverguide/C/network-auth.xml:2627(para)
18158
18733
msgid "To add a Samba machine account:"
18159
18734
msgstr ""
18160
18735
18161
#: serverguide/C/network-auth.xml:2639(command)
18736
#: serverguide/C/network-auth.xml:2632(command)
18162
18737
msgid "sudo smbldap-useradd -t 0 -w username"
18163
18738
msgstr ""
18164
18739
18165
#: serverguide/C/network-auth.xml:2642(para)
18740
#: serverguide/C/network-auth.xml:2635(para)
18166
18741
msgid ""
18167
18742
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
18168
18743
"<emphasis>-t 0</emphasis> option creates the machine account without a "
18172
18747
"<application>smbldap-useradd</application>."
18173
18748
msgstr ""
18174
18749
18175
#: serverguide/C/network-auth.xml:2651(para)
18750
#: serverguide/C/network-auth.xml:2644(para)
18176
18751
msgid ""
18177
18752
"There are utilities in the <application>smbldap-tools</application> package "
18178
18753
"that were not covered here. Here is a complete list:"
18179
18754
msgstr ""
18180
18755
18181
#: serverguide/C/network-auth.xml:2656(ulink)
18756
#: serverguide/C/network-auth.xml:2649(ulink)
18182
18757
msgid "smbldap-groupadd"
18183
18758
msgstr ""
18184
18759
18185
#: serverguide/C/network-auth.xml:2657(ulink)
18760
#: serverguide/C/network-auth.xml:2650(ulink)
18186
18761
msgid "smbldap-groupdel"
18187
18762
msgstr ""
18188
18763
18189
#: serverguide/C/network-auth.xml:2658(ulink)
18764
#: serverguide/C/network-auth.xml:2651(ulink)
18190
18765
msgid "smbldap-groupmod"
18191
18766
msgstr ""
18192
18767
18193
#: serverguide/C/network-auth.xml:2659(ulink)
18768
#: serverguide/C/network-auth.xml:2652(ulink)
18194
18769
msgid "smbldap-groupshow"
18195
18770
msgstr ""
18196
18771
18197
#: serverguide/C/network-auth.xml:2660(ulink)
18772
#: serverguide/C/network-auth.xml:2653(ulink)
18198
18773
msgid "smbldap-passwd"
18199
18774
msgstr ""
18200
18775
18201
#: serverguide/C/network-auth.xml:2661(ulink)
18776
#: serverguide/C/network-auth.xml:2654(ulink)
18202
18777
msgid "smbldap-populate"
18203
18778
msgstr ""
18204
18779
18205
#: serverguide/C/network-auth.xml:2662(ulink)
18780
#: serverguide/C/network-auth.xml:2655(ulink)
18206
18781
msgid "smbldap-useradd"
18207
18782
msgstr ""
18208
18783
18209
#: serverguide/C/network-auth.xml:2663(ulink)
18784
#: serverguide/C/network-auth.xml:2656(ulink)
18210
18785
msgid "smbldap-userdel"
18211
18786
msgstr ""
18212
18787
18213
#: serverguide/C/network-auth.xml:2664(ulink)
18788
#: serverguide/C/network-auth.xml:2657(ulink)
18214
18789
msgid "smbldap-userinfo"
18215
18790
msgstr ""
18216
18791
18217
#: serverguide/C/network-auth.xml:2665(ulink)
18792
#: serverguide/C/network-auth.xml:2658(ulink)
18218
18793
msgid "smbldap-userlist"
18219
18794
msgstr ""
18220
18795
18221
#: serverguide/C/network-auth.xml:2666(ulink)
18796
#: serverguide/C/network-auth.xml:2659(ulink)
18222
18797
msgid "smbldap-usermod"
18223
18798
msgstr ""
18224
18799
18225
#: serverguide/C/network-auth.xml:2667(ulink)
18800
#: serverguide/C/network-auth.xml:2660(ulink)
18226
18801
msgid "smbldap-usershow"
18227
18802
msgstr ""
18228
18803
18229
#: serverguide/C/network-auth.xml:2678(para)
18804
#: serverguide/C/network-auth.xml:2671(para)
18230
18805
msgid ""
18231
18806
"For more information on installing and configuring Samba see <xref "
18232
18807
"linkend=\"samba\"/> of this Ubuntu Server Guide."
18233
18808
msgstr ""
18234
18809
18235
#: serverguide/C/network-auth.xml:2684(para)
18810
#: serverguide/C/network-auth.xml:2677(para)
18236
18811
msgid ""
18237
18812
"There are multiple places where LDAP and Samba is documented in the upstream "
18238
18813
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
18239
18814
"HOWTO Collection</ulink>."
18240
18815
msgstr ""
18241
18816
18242
#: serverguide/C/network-auth.xml:2691(para)
18817
#: serverguide/C/network-auth.xml:2684(para)
18243
18818
msgid ""
18244
18819
"Regarding the above, see specifically the <ulink "
18245
18820
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
18246
18821
"Collection/passdb.html\">passdb section</ulink>."
18247
18822
msgstr ""
18248
18823
18249
#: serverguide/C/network-auth.xml:2697(para)
18824
#: serverguide/C/network-auth.xml:2690(para)
18250
18825
msgid ""
18251
18826
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
18252
18827
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
18253
18828
"valuable notes."
18254
18829
msgstr ""
18255
18830
18256
#: serverguide/C/network-auth.xml:2703(para)
18831
#: serverguide/C/network-auth.xml:2696(para)
18257
18832
msgid ""
18258
18833
"The main page of the <ulink "
18259
18834
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
18261
18836
"prove useful."
18262
18837
msgstr ""
18263
18838
18264
#: serverguide/C/network-auth.xml:2716(title)
18839
#: serverguide/C/network-auth.xml:2709(title)
18265
18840
msgid "Kerberos"
18266
18841
msgstr ""
18267
18842
18268
#: serverguide/C/network-auth.xml:2718(para)
18843
#: serverguide/C/network-auth.xml:2711(para)
18269
18844
msgid ""
18270
18845
"<application>Kerberos</application> is a network authentication system based "
18271
18846
"on the principal of a trusted third party. The other two parties being the "
18274
18849
"network environment one step closer to being Single Sign On (SSO)."
18275
18850
msgstr ""
18276
18851
18277
#: serverguide/C/network-auth.xml:2724(para)
18852
#: serverguide/C/network-auth.xml:2717(para)
18278
18853
msgid ""
18279
18854
"This section covers installation and configuration of a Kerberos server, and "
18280
18855
"some example client configurations."
18281
18856
msgstr ""
18282
18857
18283
#: serverguide/C/network-auth.xml:2729(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
18858
#: serverguide/C/network-auth.xml:2722(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
18284
18859
msgid "Overview"
18285
18860
msgstr ""
18286
18861
18287
#: serverguide/C/network-auth.xml:2731(para)
18862
#: serverguide/C/network-auth.xml:2724(para)
18288
18863
msgid ""
18289
18864
"If you are new to Kerberos there are a few terms that are good to understand "
18290
18865
"before setting up a Kerberos server. Most of the terms will relate to things "
18291
18866
"you may be familiar with in other environments:"
18292
18867
msgstr ""
18293
18868
18294
#: serverguide/C/network-auth.xml:2738(para)
18869
#: serverguide/C/network-auth.xml:2731(para)
18295
18870
msgid ""
18296
18871
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
18297
18872
"by servers need to be defined as Kerberos Principals."
18298
18873
msgstr ""
18299
18874
18300
#: serverguide/C/network-auth.xml:2743(para)
18875
#: serverguide/C/network-auth.xml:2736(para)
18301
18876
msgid ""
18302
18877
"<emphasis>Instances:</emphasis> are used for service principals and special "
18303
18878
"administrative principals."
18304
18879
msgstr ""
18305
18880
18306
#: serverguide/C/network-auth.xml:2748(para)
18881
#: serverguide/C/network-auth.xml:2741(para)
18307
18882
msgid ""
18308
18883
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
18309
18884
"Kerberos installation. Think of it as the domain or group your hosts and "
18312
18887
"as the realm."
18313
18888
msgstr ""
18314
18889
18315
#: serverguide/C/network-auth.xml:2757(para)
18890
#: serverguide/C/network-auth.xml:2750(para)
18316
18891
msgid ""
18317
18892
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
18318
18893
"a database of all principals, the authentication server, and the ticket "
18319
18894
"granting server. For each realm there must be at least one KDC."
18320
18895
msgstr ""
18321
18896
18322
#: serverguide/C/network-auth.xml:2763(para)
18897
#: serverguide/C/network-auth.xml:2756(para)
18323
18898
msgid ""
18324
18899
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
18325
18900
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
18326
18901
"password which is known only to the user and the KDC."
18327
18902
msgstr ""
18328
18903
18329
#: serverguide/C/network-auth.xml:2769(para)
18904
#: serverguide/C/network-auth.xml:2762(para)
18330
18905
msgid ""
18331
18906
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
18332
18907
"clients upon request."
18333
18908
msgstr ""
18334
18909
18335
#: serverguide/C/network-auth.xml:2774(para)
18910
#: serverguide/C/network-auth.xml:2767(para)
18336
18911
msgid ""
18337
18912
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
18338
18913
"One principal being a user and the other a service requested by the user. "
18340
18915
"authenticated session."
18341
18916
msgstr ""
18342
18917
18343
#: serverguide/C/network-auth.xml:2780(para)
18918
#: serverguide/C/network-auth.xml:2773(para)
18344
18919
msgid ""
18345
18920
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
18346
18921
"principal database and contain the encryption key for a service or host."
18347
18922
msgstr ""
18348
18923
18349
#: serverguide/C/network-auth.xml:2787(para)
18924
#: serverguide/C/network-auth.xml:2780(para)
18350
18925
msgid ""
18351
18926
"To put the pieces together, a Realm has at least one KDC, preferably more "
18352
18927
"for redundancy, which contains a database of Principals. When a user "
18358
18933
"entering another username and password."
18359
18934
msgstr ""
18360
18935
18361
#: serverguide/C/network-auth.xml:2796(title)
18936
#: serverguide/C/network-auth.xml:2789(title)
18362
18937
msgid "Kerberos Server"
18363
18938
msgstr ""
18364
18939
18365
#: serverguide/C/network-auth.xml:2800(para)
18940
#: serverguide/C/network-auth.xml:2793(para)
18366
18941
msgid ""
18367
18942
"For this discussion, we will create a MIT Kerberos domain with the following "
18368
18943
"features (edit them to fit your needs):"
18369
18944
msgstr ""
18370
18945
18371
#: serverguide/C/network-auth.xml:2807(para)
18946
#: serverguide/C/network-auth.xml:2800(para)
18372
18947
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
18373
18948
msgstr ""
18374
18949
18375
#: serverguide/C/network-auth.xml:2812(para)
18950
#: serverguide/C/network-auth.xml:2805(para)
18376
18951
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
18377
18952
msgstr ""
18378
18953
18379
#: serverguide/C/network-auth.xml:2817(para)
18954
#: serverguide/C/network-auth.xml:2810(para)
18380
18955
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
18381
18956
msgstr ""
18382
18957
18383
#: serverguide/C/network-auth.xml:2822(para)
18958
#: serverguide/C/network-auth.xml:2815(para)
18384
18959
msgid "<emphasis>User principal:</emphasis> steve"
18385
18960
msgstr ""
18386
18961
18962
#: serverguide/C/network-auth.xml:2820(para)
18963
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
18964
msgstr ""
18965
18387
18966
#: serverguide/C/network-auth.xml:2827(para)
18388
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
18389
msgstr ""
18390
18391
#: serverguide/C/network-auth.xml:2834(para)
18392
18967
msgid ""
18393
18968
"It is <emphasis>strongly</emphasis> recommended that your network-"
18394
18969
"authenticated users have their uid in a different range (say, starting at "
18395
18970
"5000) than that of your local users."
18396
18971
msgstr ""
18397
18972
18398
#: serverguide/C/network-auth.xml:2840(para)
18973
#: serverguide/C/network-auth.xml:2833(para)
18399
18974
msgid ""
18400
18975
"Before installing the Kerberos server a properly configured DNS server is "
18401
18976
"needed for your domain. Since the Kerberos Realm by convention matches the "
18404
18979
"documentation."
18405
18980
msgstr ""
18406
18981
18407
#: serverguide/C/network-auth.xml:2846(para)
18982
#: serverguide/C/network-auth.xml:2839(para)
18408
18983
msgid ""
18409
18984
"Also, Kerberos is a time sensitive protocol. So if the local system time "
18410
18985
"between a client machine and the server differs by more than five minutes "
18414
18989
"setting up NTP see <xref linkend=\"NTP\"/>."
18415
18990
msgstr ""
18416
18991
18417
#: serverguide/C/network-auth.xml:2854(para)
18992
#: serverguide/C/network-auth.xml:2847(para)
18418
18993
msgid ""
18419
18994
"The first step in creating a Kerberos Realm is to install the "
18420
18995
"<application>krb5-kdc</application> and <application>krb5-admin-"
18421
18996
"server</application> packages. From a terminal enter:"
18422
18997
msgstr ""
18423
18998
18424
#: serverguide/C/network-auth.xml:2860(command) serverguide/C/network-auth.xml:3067(command)
18999
#: serverguide/C/network-auth.xml:2853(command) serverguide/C/network-auth.xml:3060(command)
18425
19000
msgid "sudo apt install krb5-kdc krb5-admin-server"
18426
19001
msgstr ""
18427
19002
18428
#: serverguide/C/network-auth.xml:2863(para)
19003
#: serverguide/C/network-auth.xml:2856(para)
18429
19004
msgid ""
18430
19005
"You will be asked at the end of the install to supply the hostname for the "
18431
19006
"Kerberos and Admin servers, which may or may not be the same server, for the "
18432
19007
"realm."
18433
19008
msgstr ""
18434
19009
18435
#: serverguide/C/network-auth.xml:2870(para)
19010
#: serverguide/C/network-auth.xml:2863(para)
18436
19011
msgid "By default the realm is created from the KDC's domain name."
18437
19012
msgstr ""
18438
19013
18439
#: serverguide/C/network-auth.xml:2875(para)
19014
#: serverguide/C/network-auth.xml:2868(para)
18440
19015
msgid ""
18441
19016
"Next, create the new realm with the <application>kdb5_newrealm</application> "
18442
19017
"utility:"
18443
19018
msgstr ""
18444
19019
18445
#: serverguide/C/network-auth.xml:2880(command)
19020
#: serverguide/C/network-auth.xml:2873(command)
18446
19021
msgid "sudo krb5_newrealm"
18447
19022
msgstr ""
18448
19023
18449
#: serverguide/C/network-auth.xml:2887(para)
19024
#: serverguide/C/network-auth.xml:2880(para)
18450
19025
msgid ""
18451
19026
"The questions asked during installation are used to configure the "
18452
19027
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
18456
19031
"typing"
18457
19032
msgstr ""
18458
19033
18459
#: serverguide/C/network-auth.xml:2894(command)
19034
#: serverguide/C/network-auth.xml:2887(command)
18460
19035
msgid "sudo dpkg-reconfigure krb5-kdc"
18461
19036
msgstr ""
18462
19037
18463
#: serverguide/C/network-auth.xml:2900(para)
19038
#: serverguide/C/network-auth.xml:2893(para)
18464
19039
msgid ""
18465
19040
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
18466
19041
"principal</emphasis> -- is needed. It is recommended to use a different "
18468
19043
"<application>kadmin.local</application> utility in a terminal prompt enter:"
18469
19044
msgstr ""
18470
19045
18471
#: serverguide/C/network-auth.xml:2908(command) serverguide/C/network-auth.xml:3778(command)
19046
#: serverguide/C/network-auth.xml:2901(command) serverguide/C/network-auth.xml:3771(command)
18472
19047
msgid "sudo kadmin.local"
18473
19048
msgstr ""
18474
19049
18475
#: serverguide/C/network-auth.xml:2909(computeroutput)
19050
#: serverguide/C/network-auth.xml:2902(computeroutput)
18476
19051
#, no-wrap
18477
19052
msgid ""
18478
19053
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
18479
19054
"kadmin.local:"
18480
19055
msgstr ""
18481
19056
18482
#: serverguide/C/network-auth.xml:2910(userinput)
19057
#: serverguide/C/network-auth.xml:2903(userinput)
18483
19058
#, no-wrap
18484
19059
msgid " addprinc steve/admin"
18485
19060
msgstr ""
18486
19061
18487
#: serverguide/C/network-auth.xml:2911(computeroutput)
19062
#: serverguide/C/network-auth.xml:2904(computeroutput)
18488
19063
#, no-wrap
18489
19064
msgid ""
18490
19065
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
18495
19070
"kadmin.local:"
18496
19071
msgstr ""
18497
19072
18498
#: serverguide/C/network-auth.xml:2915(userinput)
19073
#: serverguide/C/network-auth.xml:2908(userinput)
18499
19074
#, no-wrap
18500
19075
msgid " quit"
18501
19076
msgstr ""
18502
19077
18503
#: serverguide/C/network-auth.xml:2918(para)
19078
#: serverguide/C/network-auth.xml:2911(para)
18504
19079
msgid ""
18505
19080
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
18506
19081
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
18512
19087
"rights."
18513
19088
msgstr ""
18514
19089
18515
#: serverguide/C/network-auth.xml:2928(para)
19090
#: serverguide/C/network-auth.xml:2921(para)
18516
19091
msgid ""
18517
19092
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
18518
19093
"your Realm and admin username."
18519
19094
msgstr ""
18520
19095
18521
#: serverguide/C/network-auth.xml:2936(para)
19096
#: serverguide/C/network-auth.xml:2929(para)
18522
19097
msgid ""
18523
19098
"Next, the new admin user needs to have the appropriate Access Control List "
18524
19099
"(ACL) permissions. The permissions are configured in the "
18525
19100
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
18526
19101
msgstr ""
18527
19102
18528
#: serverguide/C/network-auth.xml:2941(programlisting)
19103
#: serverguide/C/network-auth.xml:2934(programlisting)
18529
19104
#, no-wrap
18530
19105
msgid ""
18531
19106
"\n"
18532
19107
"steve/admin@EXAMPLE.COM *\n"
18533
19108
msgstr ""
18534
19109
18535
#: serverguide/C/network-auth.xml:2945(para)
19110
#: serverguide/C/network-auth.xml:2938(para)
18536
19111
msgid ""
18537
19112
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
18538
19113
"any operation on all principals in the realm. You can configure principals "
18541
19116
"<emphasis>kadm5.acl</emphasis> man page for details."
18542
19117
msgstr ""
18543
19118
18544
#: serverguide/C/network-auth.xml:2957(para)
19119
#: serverguide/C/network-auth.xml:2950(para)
18545
19120
msgid ""
18546
19121
"Now restart the <application>krb5-admin-server</application> for the new ACL "
18547
19122
"to take affect:"
18548
19123
msgstr ""
18549
19124
18550
#: serverguide/C/network-auth.xml:2962(command)
19125
#: serverguide/C/network-auth.xml:2955(command)
18551
19126
msgid "sudo systemctl restart krb5-admin-server.service"
18552
19127
msgstr ""
18553
19128
18554
#: serverguide/C/network-auth.xml:2968(para)
19129
#: serverguide/C/network-auth.xml:2961(para)
18555
19130
msgid ""
18556
19131
"The new user principal can be tested using the <application>kinit "
18557
19132
"utility</application>:"
18558
19133
msgstr ""
18559
19134
18560
#: serverguide/C/network-auth.xml:2973(command)
19135
#: serverguide/C/network-auth.xml:2966(command)
18561
19136
msgid "kinit steve/admin"
18562
19137
msgstr ""
18563
19138
18564
#: serverguide/C/network-auth.xml:2974(computeroutput)
19139
#: serverguide/C/network-auth.xml:2967(computeroutput)
18565
19140
#, no-wrap
18566
19141
msgid "steve/admin@EXAMPLE.COM's Password:"
18567
19142
msgstr ""
18568
19143
18569
#: serverguide/C/network-auth.xml:2977(para)
19144
#: serverguide/C/network-auth.xml:2970(para)
18570
19145
msgid ""
18571
19146
"After entering the password, use the <application>klist</application> "
18572
19147
"utility to view information about the Ticket Granting Ticket (TGT):"
18573
19148
msgstr ""
18574
19149
18575
#: serverguide/C/network-auth.xml:2983(command) serverguide/C/network-auth.xml:3360(command)
19150
#: serverguide/C/network-auth.xml:2976(command) serverguide/C/network-auth.xml:3353(command)
18576
19151
msgid "klist"
18577
19152
msgstr ""
18578
19153
18579
#: serverguide/C/network-auth.xml:2984(computeroutput)
19154
#: serverguide/C/network-auth.xml:2977(computeroutput)
18580
19155
#, no-wrap
18581
19156
msgid ""
18582
19157
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
18586
19161
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
18587
19162
msgstr ""
18588
19163
18589
#: serverguide/C/network-auth.xml:2991(para)
19164
#: serverguide/C/network-auth.xml:2984(para)
18590
19165
msgid ""
18591
19166
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
18592
19167
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
18595
19170
"For example:"
18596
19171
msgstr ""
18597
19172
18598
#: serverguide/C/network-auth.xml:3000(programlisting)
19173
#: serverguide/C/network-auth.xml:2993(programlisting)
18599
19174
#, no-wrap
18600
19175
msgid ""
18601
19176
"\n"
18602
19177
"192.168.0.1 kdc01.example.com kdc01\n"
18603
19178
msgstr ""
18604
19179
18605
#: serverguide/C/network-auth.xml:3004(para)
19180
#: serverguide/C/network-auth.xml:2997(para)
18606
19181
msgid ""
18607
19182
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
18608
19183
"This usually happens when you have a Kerberos realm encompassing different "
18609
19184
"networks separated by routers."
18610
19185
msgstr ""
18611
19186
18612
#: serverguide/C/network-auth.xml:3013(para)
19187
#: serverguide/C/network-auth.xml:3006(para)
18613
19188
msgid ""
18614
19189
"The best way to allow clients to automatically determine the KDC for the "
18615
19190
"Realm is using DNS SRV records. Add the following to "
18616
19191
"<filename>/etc/named/db.example.com</filename>:"
18617
19192
msgstr ""
18618
19193
18619
#: serverguide/C/network-auth.xml:3019(programlisting)
19194
#: serverguide/C/network-auth.xml:3012(programlisting)
18620
19195
#, no-wrap
18621
19196
msgid ""
18622
19197
"\n"
18628
19203
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
18629
19204
msgstr ""
18630
19205
18631
#: serverguide/C/network-auth.xml:3029(para)
19206
#: serverguide/C/network-auth.xml:3022(para)
18632
19207
msgid ""
18633
19208
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
18634
19209
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
18635
19210
"KDC."
18636
19211
msgstr ""
18637
19212
19213
#: serverguide/C/network-auth.xml:3028(para)
19214
msgid ""
19215
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
19216
msgstr ""
19217
18638
19218
#: serverguide/C/network-auth.xml:3035(para)
18639
msgid ""
18640
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
18641
msgstr ""
18642
18643
#: serverguide/C/network-auth.xml:3042(para)
18644
19219
msgid "Your new Kerberos Realm is now ready to authenticate clients."
18645
19220
msgstr ""
18646
19221
18647
#: serverguide/C/network-auth.xml:3049(title)
19222
#: serverguide/C/network-auth.xml:3042(title)
18648
19223
msgid "Secondary KDC"
18649
19224
msgstr ""
18650
19225
18651
#: serverguide/C/network-auth.xml:3051(para)
19226
#: serverguide/C/network-auth.xml:3044(para)
18652
19227
msgid ""
18653
19228
"Once you have one Key Distribution Center (KDC) on your network, it is good "
18654
19229
"practice to have a Secondary KDC in case the primary becomes unavailable. "
18657
19232
"of those networks."
18658
19233
msgstr ""
18659
19234
18660
#: serverguide/C/network-auth.xml:3062(para)
19235
#: serverguide/C/network-auth.xml:3055(para)
18661
19236
msgid ""
18662
19237
"First, install the packages, and when asked for the Kerberos and Admin "
18663
19238
"server names enter the name of the Primary KDC:"
18664
19239
msgstr ""
18665
19240
18666
#: serverguide/C/network-auth.xml:3073(para)
19241
#: serverguide/C/network-auth.xml:3066(para)
18667
19242
msgid ""
18668
19243
"Once you have the packages installed, create the Secondary KDC's host "
18669
19244
"principal. From a terminal prompt, enter:"
18670
19245
msgstr ""
18671
19246
18672
#: serverguide/C/network-auth.xml:3078(command)
19247
#: serverguide/C/network-auth.xml:3071(command)
18673
19248
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
18674
19249
msgstr ""
18675
19250
18676
#: serverguide/C/network-auth.xml:3082(para)
19251
#: serverguide/C/network-auth.xml:3075(para)
18677
19252
msgid ""
18678
19253
"After, issuing any <application>kadmin</application> commands you will be "
18679
19254
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
18680
19255
"password."
18681
19256
msgstr ""
18682
19257
18683
#: serverguide/C/network-auth.xml:3091(para)
19258
#: serverguide/C/network-auth.xml:3084(para)
18684
19259
msgid "Extract the <emphasis>keytab</emphasis> file:"
18685
19260
msgstr ""
18686
19261
18687
#: serverguide/C/network-auth.xml:3096(command)
19262
#: serverguide/C/network-auth.xml:3089(command)
18688
19263
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
18689
19264
msgstr ""
18690
19265
18691
#: serverguide/C/network-auth.xml:3102(para)
19266
#: serverguide/C/network-auth.xml:3095(para)
18692
19267
msgid ""
18693
19268
"There should now be a <filename>keytab.kdc02</filename> in the current "
18694
19269
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
18695
19270
msgstr ""
18696
19271
18697
#: serverguide/C/network-auth.xml:3108(command)
19272
#: serverguide/C/network-auth.xml:3101(command)
18698
19273
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
18699
19274
msgstr ""
18700
19275
18701
#: serverguide/C/network-auth.xml:3112(para)
19276
#: serverguide/C/network-auth.xml:3105(para)
18702
19277
msgid ""
18703
19278
"If the path to the <filename>keytab.kdc02</filename> file is different "
18704
19279
"adjust accordingly."
18705
19280
msgstr ""
18706
19281
18707
#: serverguide/C/network-auth.xml:3117(para)
19282
#: serverguide/C/network-auth.xml:3110(para)
18708
19283
msgid ""
18709
19284
"Also, you can list the principals in a Keytab file, which can be useful when "
18710
19285
"troubleshooting, using the <application>klist</application> utility:"
18711
19286
msgstr ""
18712
19287
18713
#: serverguide/C/network-auth.xml:3123(command)
19288
#: serverguide/C/network-auth.xml:3116(command)
18714
19289
msgid "sudo klist -k /etc/krb5.keytab"
18715
19290
msgstr ""
18716
19291
19292
#: serverguide/C/network-auth.xml:3119(para)
19293
msgid ""
19294
"The <application>-k</application> option indicates the file is a keytab file."
19295
msgstr ""
19296
18717
19297
#: serverguide/C/network-auth.xml:3126(para)
18718
19298
msgid ""
18719
"The <application>-k</application> option indicates the file is a keytab file."
18720
msgstr ""
18721
18722
#: serverguide/C/network-auth.xml:3133(para)
18723
msgid ""
18724
19299
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
18725
19300
"that lists all KDCs for the Realm. For example, on both primary and "
18726
19301
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
18727
19302
msgstr ""
18728
19303
18729
#: serverguide/C/network-auth.xml:3138(programlisting)
19304
#: serverguide/C/network-auth.xml:3131(programlisting)
18730
19305
#, no-wrap
18731
19306
msgid ""
18732
19307
"\n"
18734
19309
"host/kdc02.example.com@EXAMPLE.COM\n"
18735
19310
msgstr ""
18736
19311
18737
#: serverguide/C/network-auth.xml:3146(para)
19312
#: serverguide/C/network-auth.xml:3139(para)
18738
19313
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
18739
19314
msgstr ""
18740
19315
18741
#: serverguide/C/network-auth.xml:3151(command)
19316
#: serverguide/C/network-auth.xml:3144(command)
18742
19317
msgid "sudo kdb5_util -s create"
18743
19318
msgstr ""
18744
19319
18745
#: serverguide/C/network-auth.xml:3157(para)
19320
#: serverguide/C/network-auth.xml:3150(para)
18746
19321
msgid ""
18747
19322
"Now start the <application>kpropd</application> daemon, which listens for "
18748
19323
"connections from the <application>kprop</application> utility. "
18749
19324
"<application>kprop</application> is used to transfer dump files:"
18750
19325
msgstr ""
18751
19326
18752
#: serverguide/C/network-auth.xml:3164(command)
19327
#: serverguide/C/network-auth.xml:3157(command)
18753
19328
msgid "sudo kpropd -S"
18754
19329
msgstr ""
18755
19330
18756
#: serverguide/C/network-auth.xml:3170(para)
19331
#: serverguide/C/network-auth.xml:3163(para)
18757
19332
msgid ""
18758
19333
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
18759
19334
"of the principal database:"
18760
19335
msgstr ""
18761
19336
18762
#: serverguide/C/network-auth.xml:3175(command)
19337
#: serverguide/C/network-auth.xml:3168(command)
18763
19338
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
18764
19339
msgstr ""
18765
19340
18766
#: serverguide/C/network-auth.xml:3181(para)
19341
#: serverguide/C/network-auth.xml:3174(para)
18767
19342
msgid ""
18768
19343
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
18769
19344
"<filename>/etc/krb5.keytab</filename>:"
18770
19345
msgstr ""
18771
19346
18772
#: serverguide/C/network-auth.xml:3186(command)
19347
#: serverguide/C/network-auth.xml:3179(command)
18773
19348
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
18774
19349
msgstr ""
18775
19350
18776
#: serverguide/C/network-auth.xml:3187(command)
19351
#: serverguide/C/network-auth.xml:3180(command)
18777
19352
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
18778
19353
msgstr ""
18779
19354
18780
#: serverguide/C/network-auth.xml:3191(para)
19355
#: serverguide/C/network-auth.xml:3184(para)
18781
19356
msgid ""
18782
19357
"Make sure there is a <emphasis>host</emphasis> for "
18783
19358
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
18784
19359
msgstr ""
18785
19360
18786
#: serverguide/C/network-auth.xml:3199(para)
19361
#: serverguide/C/network-auth.xml:3192(para)
18787
19362
msgid ""
18788
19363
"Using the <application>kprop</application> utility push the database to the "
18789
19364
"Secondary KDC:"
18790
19365
msgstr ""
18791
19366
18792
#: serverguide/C/network-auth.xml:3204(command)
19367
#: serverguide/C/network-auth.xml:3197(command)
18793
19368
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
18794
19369
msgstr ""
18795
19370
18796
#: serverguide/C/network-auth.xml:3208(para)
19371
#: serverguide/C/network-auth.xml:3201(para)
18797
19372
msgid ""
18798
19373
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
18799
19374
"worked. If there is an error message check "
18801
19376
"information."
18802
19377
msgstr ""
18803
19378
18804
#: serverguide/C/network-auth.xml:3214(para)
19379
#: serverguide/C/network-auth.xml:3207(para)
18805
19380
msgid ""
18806
19381
"You may also want to create a <application>cron</application> job to "
18807
19382
"periodically update the database on the Secondary KDC. For example, the "
18809
19384
"split to fit the format of this document):"
18810
19385
msgstr ""
18811
19386
18812
#: serverguide/C/network-auth.xml:3219(programlisting)
19387
#: serverguide/C/network-auth.xml:3212(programlisting)
18813
19388
#, no-wrap
18814
19389
msgid ""
18815
19390
"\n"
18818
19393
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
18819
19394
msgstr ""
18820
19395
18821
#: serverguide/C/network-auth.xml:3228(para)
19396
#: serverguide/C/network-auth.xml:3221(para)
18822
19397
msgid ""
18823
19398
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
18824
19399
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
18825
19400
msgstr ""
18826
19401
18827
#: serverguide/C/network-auth.xml:3234(command)
19402
#: serverguide/C/network-auth.xml:3227(command)
18828
19403
msgid "sudo kdb5_util stash"
18829
19404
msgstr ""
18830
19405
18831
#: serverguide/C/network-auth.xml:3240(para)
19406
#: serverguide/C/network-auth.xml:3233(para)
18832
19407
msgid ""
18833
19408
"Finally, start the <application>krb5-kdc</application> daemon on the "
18834
19409
"Secondary KDC:"
18835
19410
msgstr ""
18836
19411
18837
#: serverguide/C/network-auth.xml:3245(command) serverguide/C/network-auth.xml:3921(command)
19412
#: serverguide/C/network-auth.xml:3238(command) serverguide/C/network-auth.xml:3914(command)
18838
19413
msgid "sudo systemctl start krb5-kdc.service"
18839
19414
msgstr ""
18840
19415
18841
#: serverguide/C/network-auth.xml:3251(para)
19416
#: serverguide/C/network-auth.xml:3244(para)
18842
19417
msgid ""
18843
19418
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
18844
19419
"for the Realm. You can test this by stopping the <application>krb5-"
18849
19424
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
18850
19425
msgstr ""
18851
19426
18852
#: serverguide/C/network-auth.xml:3262(title)
19427
#: serverguide/C/network-auth.xml:3255(title)
18853
19428
msgid "Kerberos Linux Client"
18854
19429
msgstr ""
18855
19430
18856
#: serverguide/C/network-auth.xml:3264(para)
19431
#: serverguide/C/network-auth.xml:3257(para)
18857
19432
msgid ""
18858
19433
"This section covers configuring a Linux system as a "
18859
19434
"<application>Kerberos</application> client. This will allow access to any "
18860
19435
"kerberized services once a user has successfully logged into the system."
18861
19436
msgstr ""
18862
19437
18863
#: serverguide/C/network-auth.xml:3272(para)
19438
#: serverguide/C/network-auth.xml:3265(para)
18864
19439
msgid ""
18865
19440
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
18866
19441
"user</application> and <application>libpam-krb5</application> packages are "
18869
19444
"prompt:"
18870
19445
msgstr ""
18871
19446
18872
#: serverguide/C/network-auth.xml:3279(command)
19447
#: serverguide/C/network-auth.xml:3272(command)
18873
19448
msgid ""
18874
19449
"sudo apt install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
18875
19450
msgstr ""
18876
19451
18877
#: serverguide/C/network-auth.xml:3282(para)
19452
#: serverguide/C/network-auth.xml:3275(para)
18878
19453
msgid ""
18879
19454
"The <application>auth-client-config</application> package allows simple "
18880
19455
"configuration of PAM for authentication from multiple sources, and the "
18885
19460
"be accessed off the network as well."
18886
19461
msgstr ""
18887
19462
18888
#: serverguide/C/network-auth.xml:3293(para)
19463
#: serverguide/C/network-auth.xml:3286(para)
18889
19464
msgid "To configure the client in a terminal enter:"
18890
19465
msgstr ""
18891
19466
18892
#: serverguide/C/network-auth.xml:3298(command)
19467
#: serverguide/C/network-auth.xml:3291(command)
18893
19468
msgid "sudo dpkg-reconfigure krb5-config"
18894
19469
msgstr ""
18895
19470
18896
#: serverguide/C/network-auth.xml:3301(para)
19471
#: serverguide/C/network-auth.xml:3294(para)
18897
19472
msgid ""
18898
19473
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
18899
19474
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
18901
19476
"Center (KDC) and Realm Administration server."
18902
19477
msgstr ""
18903
19478
18904
#: serverguide/C/network-auth.xml:3307(para)
19479
#: serverguide/C/network-auth.xml:3300(para)
18905
19480
msgid ""
18906
19481
"The <application>dpkg-reconfigure</application> adds entries to the "
18907
19482
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
18908
19483
"entries similar to the following:"
18909
19484
msgstr ""
18910
19485
18911
#: serverguide/C/network-auth.xml:3312(programlisting)
19486
#: serverguide/C/network-auth.xml:3305(programlisting)
18912
19487
#, no-wrap
18913
19488
msgid ""
18914
19489
"\n"
18922
19497
" }\n"
18923
19498
msgstr ""
18924
19499
18925
#: serverguide/C/network-auth.xml:3324(para)
19500
#: serverguide/C/network-auth.xml:3317(para)
18926
19501
msgid ""
18927
19502
"If you set the uid of each of your network-authenticated users to start at "
18928
19503
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
18930
19505
"> 5000:"
18931
19506
msgstr ""
18932
19507
18933
#: serverguide/C/network-auth.xml:3332(command)
19508
#: serverguide/C/network-auth.xml:3325(command)
18934
19509
msgid ""
18935
19510
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
18936
19511
"for i in common-auth common-session common-account common-password; do sudo "
18938
19513
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
18939
19514
msgstr ""
18940
19515
18941
#: serverguide/C/network-auth.xml:3339(para)
19516
#: serverguide/C/network-auth.xml:3332(para)
18942
19517
msgid ""
18943
19518
"This will avoid being asked for the (non-existent) Kerberos password of a "
18944
19519
"locally authenticated user when changing its password using "
18945
19520
"<command>passwd</command>."
18946
19521
msgstr ""
18947
19522
18948
#: serverguide/C/network-auth.xml:3346(para)
19523
#: serverguide/C/network-auth.xml:3339(para)
18949
19524
msgid ""
18950
19525
"You can test the configuration by requesting a ticket using the "
18951
19526
"<application>kinit</application> utility. For example:"
18952
19527
msgstr ""
18953
19528
18954
#: serverguide/C/network-auth.xml:3351(command)
19529
#: serverguide/C/network-auth.xml:3344(command)
18955
19530
msgid "kinit steve@EXAMPLE.COM"
18956
19531
msgstr ""
18957
19532
18958
#: serverguide/C/network-auth.xml:3352(computeroutput)
19533
#: serverguide/C/network-auth.xml:3345(computeroutput)
18959
19534
#, no-wrap
18960
19535
msgid "Password for steve@EXAMPLE.COM:"
18961
19536
msgstr ""
18962
19537
18963
#: serverguide/C/network-auth.xml:3355(para)
19538
#: serverguide/C/network-auth.xml:3348(para)
18964
19539
msgid ""
18965
19540
"When a ticket has been granted, the details can be viewed using "
18966
19541
"<application>klist</application>:"
18967
19542
msgstr ""
18968
19543
18969
#: serverguide/C/network-auth.xml:3361(computeroutput)
19544
#: serverguide/C/network-auth.xml:3354(computeroutput)
18970
19545
#, no-wrap
18971
19546
msgid ""
18972
19547
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
18981
19556
"klist: You have no tickets cached"
18982
19557
msgstr ""
18983
19558
18984
#: serverguide/C/network-auth.xml:3373(para)
19559
#: serverguide/C/network-auth.xml:3366(para)
18985
19560
msgid ""
18986
19561
"Next, use the <application>auth-client-config</application> to configure the "
18987
19562
"<application>libpam-krb5</application> module to request a ticket during "
18988
19563
"login:"
18989
19564
msgstr ""
18990
19565
18991
#: serverguide/C/network-auth.xml:3379(command)
19566
#: serverguide/C/network-auth.xml:3372(command)
18992
19567
msgid "sudo auth-client-config -a -p kerberos_example"
18993
19568
msgstr ""
18994
19569
18995
#: serverguide/C/network-auth.xml:3382(para)
19570
#: serverguide/C/network-auth.xml:3375(para)
18996
19571
msgid ""
18997
19572
"You will should now receive a ticket upon successful login authentication."
18998
19573
msgstr ""
18999
19574
19000
#: serverguide/C/network-auth.xml:3393(para)
19575
#: serverguide/C/network-auth.xml:3386(para)
19001
19576
msgid ""
19002
19577
"For more information on MIT's version of Kerberos, see the <ulink "
19003
19578
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
19004
19579
msgstr ""
19005
19580
19006
#: serverguide/C/network-auth.xml:3398(para)
19581
#: serverguide/C/network-auth.xml:3391(para)
19007
19582
msgid ""
19008
19583
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
19009
19584
"Kerberos</ulink> page has more details."
19010
19585
msgstr ""
19011
19586
19012
#: serverguide/C/network-auth.xml:3403(para)
19587
#: serverguide/C/network-auth.xml:3396(para)
19013
19588
msgid ""
19014
19589
"O'Reilly's <ulink "
19015
19590
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
19016
19591
"Guide</ulink> is a great reference when setting up Kerberos."
19017
19592
msgstr ""
19018
19593
19019
#: serverguide/C/network-auth.xml:3409(para)
19594
#: serverguide/C/network-auth.xml:3402(para)
19020
19595
msgid ""
19021
19596
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
19022
19597
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
19023
19598
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
19024
19599
msgstr ""
19025
19600
19026
#: serverguide/C/network-auth.xml:3421(title)
19601
#: serverguide/C/network-auth.xml:3414(title)
19027
19602
msgid "Kerberos and LDAP"
19028
19603
msgstr ""
19029
19604
19030
#: serverguide/C/network-auth.xml:3423(para)
19605
#: serverguide/C/network-auth.xml:3416(para)
19031
19606
msgid ""
19032
19607
"Most people will not use Kerberos by itself; once an user is authenticated "
19033
19608
"(Kerberos), we need to figure out what this user can do (authorization). And "
19034
19609
"that would be the job of programs such as <application>LDAP</application>."
19035
19610
msgstr ""
19036
19611
19037
#: serverguide/C/network-auth.xml:3430(para)
19612
#: serverguide/C/network-auth.xml:3423(para)
19038
19613
msgid ""
19039
19614
"Replicating a Kerberos principal database between two servers can be "
19040
19615
"complicated, and adds an additional user database to your network. "
19044
19619
"<application>OpenLDAP</application> for the principal database."
19045
19620
msgstr ""
19046
19621
19047
#: serverguide/C/network-auth.xml:3438(para)
19622
#: serverguide/C/network-auth.xml:3431(para)
19048
19623
msgid ""
19049
19624
"The examples presented here assume <application>MIT Kerberos</application> "
19050
19625
"and <application>OpenLDAP</application>."
19051
19626
msgstr ""
19052
19627
19053
#: serverguide/C/network-auth.xml:3446(title)
19628
#: serverguide/C/network-auth.xml:3439(title)
19054
19629
msgid "Configuring OpenLDAP"
19055
19630
msgstr ""
19056
19631
19057
#: serverguide/C/network-auth.xml:3448(para)
19632
#: serverguide/C/network-auth.xml:3441(para)
19058
19633
msgid ""
19059
19634
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
19060
19635
"<application>OpenLDAP</application> server that has network connectivity to "
19063
19638
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
19064
19639
msgstr ""
19065
19640
19066
#: serverguide/C/network-auth.xml:3454(para)
19641
#: serverguide/C/network-auth.xml:3447(para)
19067
19642
msgid ""
19068
19643
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
19069
19644
"that traffic between the KDC and LDAP server is encrypted. See <xref "
19070
19645
"linkend=\"openldap-tls\"/> for details."
19071
19646
msgstr ""
19072
19647
19073
#: serverguide/C/network-auth.xml:3460(para)
19648
#: serverguide/C/network-auth.xml:3453(para)
19074
19649
msgid ""
19075
19650
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
19076
19651
"edit the ldap database. Many times it is the RootDN. Change its value to "
19077
19652
"reflect your setup."
19078
19653
msgstr ""
19079
19654
19080
#: serverguide/C/network-auth.xml:3469(para)
19655
#: serverguide/C/network-auth.xml:3462(para)
19081
19656
msgid ""
19082
19657
"To load the schema into LDAP, on the LDAP server install the "
19083
19658
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
19084
19659
msgstr ""
19085
19660
19086
#: serverguide/C/network-auth.xml:3475(command)
19661
#: serverguide/C/network-auth.xml:3468(command)
19087
19662
msgid "sudo apt install krb5-kdc-ldap"
19088
19663
msgstr ""
19089
19664
19090
#: serverguide/C/network-auth.xml:3480(para)
19665
#: serverguide/C/network-auth.xml:3473(para)
19091
19666
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
19092
19667
msgstr ""
19093
19668
19094
#: serverguide/C/network-auth.xml:3485(command)
19669
#: serverguide/C/network-auth.xml:3478(command)
19095
19670
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
19096
19671
msgstr ""
19097
19672
19098
#: serverguide/C/network-auth.xml:3486(command)
19673
#: serverguide/C/network-auth.xml:3479(command)
19099
19674
msgid ""
19100
19675
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
19101
19676
msgstr ""
19102
19677
19103
#: serverguide/C/network-auth.xml:3492(para)
19678
#: serverguide/C/network-auth.xml:3485(para)
19104
19679
msgid ""
19105
19680
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
19106
19681
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
19108
19683
"linkend=\"openldap-configuration\"/>."
19109
19684
msgstr ""
19110
19685
19111
#: serverguide/C/network-auth.xml:3500(para)
19686
#: serverguide/C/network-auth.xml:3493(para)
19112
19687
msgid ""
19113
19688
"First, create a configuration file named "
19114
19689
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
19115
19690
"containing the following lines:"
19116
19691
msgstr ""
19117
19692
19118
#: serverguide/C/network-auth.xml:3505(programlisting)
19693
#: serverguide/C/network-auth.xml:3498(programlisting)
19119
19694
#, no-wrap
19120
19695
msgid ""
19121
19696
"\n"
19134
19709
"include /etc/ldap/schema/kerberos.schema\n"
19135
19710
msgstr ""
19136
19711
19137
#: serverguide/C/network-auth.xml:3525(para)
19712
#: serverguide/C/network-auth.xml:3518(para)
19138
19713
msgid "Create a temporary directory to hold the LDIF files:"
19139
19714
msgstr ""
19140
19715
19141
#: serverguide/C/network-auth.xml:3529(command)
19716
#: serverguide/C/network-auth.xml:3522(command)
19142
19717
msgid "mkdir /tmp/ldif_output"
19143
19718
msgstr ""
19144
19719
19145
#: serverguide/C/network-auth.xml:3535(para)
19720
#: serverguide/C/network-auth.xml:3528(para)
19146
19721
msgid ""
19147
19722
"Now use <application>slapcat</application> to convert the schema files:"
19148
19723
msgstr ""
19149
19724
19150
#: serverguide/C/network-auth.xml:3540(command)
19725
#: serverguide/C/network-auth.xml:3533(command)
19151
19726
msgid ""
19152
19727
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
19153
19728
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
19154
19729
msgstr ""
19155
19730
19731
#: serverguide/C/network-auth.xml:3537(para)
19732
msgid ""
19733
"Change the above file and path names to match your own if they are different."
19734
msgstr ""
19735
19156
19736
#: serverguide/C/network-auth.xml:3544(para)
19157
19737
msgid ""
19158
"Change the above file and path names to match your own if they are different."
19159
msgstr ""
19160
19161
#: serverguide/C/network-auth.xml:3551(para)
19162
msgid ""
19163
19738
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
19164
19739
"changing the following attributes:"
19165
19740
msgstr ""
19166
19741
19167
#: serverguide/C/network-auth.xml:3555(programlisting)
19742
#: serverguide/C/network-auth.xml:3548(programlisting)
19168
19743
#, no-wrap
19169
19744
msgid ""
19170
19745
"\n"
19173
19748
"cn: kerberos\n"
19174
19749
msgstr ""
19175
19750
19176
#: serverguide/C/network-auth.xml:3561(para)
19751
#: serverguide/C/network-auth.xml:3554(para)
19177
19752
msgid "And remove the following lines from the end of the file:"
19178
19753
msgstr ""
19179
19754
19180
#: serverguide/C/network-auth.xml:3565(programlisting)
19755
#: serverguide/C/network-auth.xml:3558(programlisting)
19181
19756
#, no-wrap
19182
19757
msgid ""
19183
19758
"\n"
19190
19765
"modifyTimestamp: 20090111203515Z\n"
19191
19766
msgstr ""
19192
19767
19768
#: serverguide/C/network-auth.xml:3568(para)
19769
msgid ""
19770
"The attribute values will vary, just be sure the attributes are removed."
19771
msgstr ""
19772
19193
19773
#: serverguide/C/network-auth.xml:3575(para)
19194
msgid ""
19195
"The attribute values will vary, just be sure the attributes are removed."
19196
msgstr ""
19197
19198
#: serverguide/C/network-auth.xml:3582(para)
19199
19774
msgid "Load the new schema with <application>ldapadd</application>:"
19200
19775
msgstr ""
19201
19776
19202
#: serverguide/C/network-auth.xml:3587(command)
19777
#: serverguide/C/network-auth.xml:3580(command)
19203
19778
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
19204
19779
msgstr ""
19205
19780
19206
#: serverguide/C/network-auth.xml:3593(para)
19781
#: serverguide/C/network-auth.xml:3586(para)
19207
19782
msgid ""
19208
19783
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
19209
19784
msgstr ""
19210
19785
19211
#: serverguide/C/network-auth.xml:3598(command) serverguide/C/network-auth.xml:3615(command)
19786
#: serverguide/C/network-auth.xml:3591(command) serverguide/C/network-auth.xml:3608(command)
19212
19787
msgid "ldapmodify -x -D cn=admin,cn=config -W"
19213
19788
msgstr ""
19214
19789
19215
#: serverguide/C/network-auth.xml:3600(userinput)
19790
#: serverguide/C/network-auth.xml:3593(userinput)
19216
19791
#, no-wrap
19217
19792
msgid ""
19218
19793
"dn: olcDatabase={1}hdb,cn=config\n"
19220
19795
"olcDbIndex: krbPrincipalName eq,pres,sub"
19221
19796
msgstr ""
19222
19797
19223
#: serverguide/C/network-auth.xml:3599(computeroutput)
19798
#: serverguide/C/network-auth.xml:3592(computeroutput)
19224
19799
#, no-wrap
19225
19800
msgid ""
19226
19801
"Enter LDAP Password:\n"
19229
19804
"modifying entry \"olcDatabase={1}hdb,cn=config\""
19230
19805
msgstr ""
19231
19806
19232
#: serverguide/C/network-auth.xml:3610(para)
19807
#: serverguide/C/network-auth.xml:3603(para)
19233
19808
msgid "Finally, update the Access Control Lists (ACL):"
19234
19809
msgstr ""
19235
19810
19236
#: serverguide/C/network-auth.xml:3617(userinput)
19811
#: serverguide/C/network-auth.xml:3610(userinput)
19237
19812
#, no-wrap
19238
19813
msgid ""
19239
19814
"dn: olcDatabase={1}hdb,cn=config\n"
19249
19824
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
19250
19825
msgstr ""
19251
19826
19252
#: serverguide/C/network-auth.xml:3616(computeroutput)
19827
#: serverguide/C/network-auth.xml:3609(computeroutput)
19253
19828
#, no-wrap
19254
19829
msgid ""
19255
19830
"Enter LDAP Password: \n"
19258
19833
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
19259
19834
msgstr ""
19260
19835
19261
#: serverguide/C/network-auth.xml:3637(para)
19836
#: serverguide/C/network-auth.xml:3630(para)
19262
19837
msgid ""
19263
19838
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
19264
19839
"database."
19265
19840
msgstr ""
19266
19841
19267
#: serverguide/C/network-auth.xml:3643(title)
19842
#: serverguide/C/network-auth.xml:3636(title)
19268
19843
msgid "Primary KDC Configuration"
19269
19844
msgstr ""
19270
19845
19271
#: serverguide/C/network-auth.xml:3645(para)
19846
#: serverguide/C/network-auth.xml:3638(para)
19272
19847
msgid ""
19273
19848
"With <application>OpenLDAP</application> configured it is time to configure "
19274
19849
"the KDC."
19275
19850
msgstr ""
19276
19851
19277
#: serverguide/C/network-auth.xml:3651(para)
19852
#: serverguide/C/network-auth.xml:3644(para)
19278
19853
msgid "First, install the necessary packages, from a terminal enter:"
19279
19854
msgstr ""
19280
19855
19281
#: serverguide/C/network-auth.xml:3656(command) serverguide/C/network-auth.xml:3815(command)
19856
#: serverguide/C/network-auth.xml:3649(command) serverguide/C/network-auth.xml:3808(command)
19282
19857
msgid "sudo apt install krb5-kdc krb5-admin-server krb5-kdc-ldap"
19283
19858
msgstr ""
19284
19859
19285
#: serverguide/C/network-auth.xml:3662(para)
19860
#: serverguide/C/network-auth.xml:3655(para)
19286
19861
msgid ""
19287
19862
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
19288
19863
"under the appropriate sections:"
19289
19864
msgstr ""
19290
19865
19291
#: serverguide/C/network-auth.xml:3666(programlisting)
19866
#: serverguide/C/network-auth.xml:3659(programlisting)
19292
19867
#, no-wrap
19293
19868
msgid ""
19294
19869
"\n"
19338
19913
" }\n"
19339
19914
msgstr ""
19340
19915
19341
#: serverguide/C/network-auth.xml:3711(para)
19916
#: serverguide/C/network-auth.xml:3704(para)
19342
19917
msgid ""
19343
19918
"Change <emphasis>example.com</emphasis>, "
19344
19919
"<emphasis>dc=example,dc=com</emphasis>, "
19347
19922
"object, and LDAP server for your network."
19348
19923
msgstr ""
19349
19924
19350
#: serverguide/C/network-auth.xml:3720(para)
19925
#: serverguide/C/network-auth.xml:3713(para)
19351
19926
msgid ""
19352
19927
"Next, use the <application>kdb5_ldap_util</application> utility to create "
19353
19928
"the realm:"
19354
19929
msgstr ""
19355
19930
19356
#: serverguide/C/network-auth.xml:3725(command)
19931
#: serverguide/C/network-auth.xml:3718(command)
19357
19932
msgid ""
19358
19933
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
19359
19934
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
19360
19935
msgstr ""
19361
19936
19362
#: serverguide/C/network-auth.xml:3732(para)
19937
#: serverguide/C/network-auth.xml:3725(para)
19363
19938
msgid ""
19364
19939
"Create a stash of the password used to bind to the LDAP server. This "
19365
19940
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
19367
19942
"<filename>/etc/krb5.conf</filename>:"
19368
19943
msgstr ""
19369
19944
19370
#: serverguide/C/network-auth.xml:3738(command) serverguide/C/network-auth.xml:3877(command)
19945
#: serverguide/C/network-auth.xml:3731(command) serverguide/C/network-auth.xml:3870(command)
19371
19946
msgid ""
19372
19947
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
19373
19948
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
19374
19949
msgstr ""
19375
19950
19376
#: serverguide/C/network-auth.xml:3745(para)
19951
#: serverguide/C/network-auth.xml:3738(para)
19377
19952
msgid "Copy the CA certificate from the LDAP server:"
19378
19953
msgstr ""
19379
19954
19380
#: serverguide/C/network-auth.xml:3750(command)
19955
#: serverguide/C/network-auth.xml:3743(command)
19381
19956
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
19382
19957
msgstr ""
19383
19958
19384
#: serverguide/C/network-auth.xml:3751(command)
19959
#: serverguide/C/network-auth.xml:3744(command)
19385
19960
msgid "sudo cp cacert.pem /etc/ssl/certs"
19386
19961
msgstr ""
19387
19962
19388
#: serverguide/C/network-auth.xml:3754(para)
19963
#: serverguide/C/network-auth.xml:3747(para)
19389
19964
msgid ""
19390
19965
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
19391
19966
msgstr ""
19392
19967
19393
#: serverguide/C/network-auth.xml:3758(programlisting)
19968
#: serverguide/C/network-auth.xml:3751(programlisting)
19394
19969
#, no-wrap
19395
19970
msgid ""
19396
19971
"\n"
19397
19972
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
19398
19973
msgstr ""
19399
19974
19400
#: serverguide/C/network-auth.xml:3763(para)
19975
#: serverguide/C/network-auth.xml:3756(para)
19401
19976
msgid ""
19402
19977
"The certificate will also need to be copied to the Secondary KDC, to allow "
19403
19978
"the connection to the LDAP servers using LDAPS."
19404
19979
msgstr ""
19405
19980
19406
#: serverguide/C/network-auth.xml:3772(para)
19981
#: serverguide/C/network-auth.xml:3765(para)
19407
19982
msgid ""
19408
19983
"You can now add Kerberos principals to the LDAP database, and they will be "
19409
19984
"copied to any other LDAP servers configured for replication. To add a "
19410
19985
"principal using the <application>kadmin.local</application> utility enter:"
19411
19986
msgstr ""
19412
19987
19413
#: serverguide/C/network-auth.xml:3780(userinput)
19988
#: serverguide/C/network-auth.xml:3773(userinput)
19414
19989
#, no-wrap
19415
19990
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
19416
19991
msgstr ""
19417
19992
19418
#: serverguide/C/network-auth.xml:3779(computeroutput)
19993
#: serverguide/C/network-auth.xml:3772(computeroutput)
19419
19994
#, no-wrap
19420
19995
msgid ""
19421
19996
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
19426
20001
"Principal \"steve@EXAMPLE.COM\" created."
19427
20002
msgstr ""
19428
20003
19429
#: serverguide/C/network-auth.xml:3787(para)
20004
#: serverguide/C/network-auth.xml:3780(para)
19430
20005
msgid ""
19431
20006
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
19432
20007
"krbExtraData attributes added to the "
19435
20010
"utilities to test that the user is indeed issued a ticket."
19436
20011
msgstr ""
19437
20012
19438
#: serverguide/C/network-auth.xml:3794(para)
20013
#: serverguide/C/network-auth.xml:3787(para)
19439
20014
msgid ""
19440
20015
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
19441
20016
"option is needed to add the Kerberos attributes. Otherwise a new "
19442
20017
"<emphasis>principal</emphasis> object will be created in the realm subtree."
19443
20018
msgstr ""
19444
20019
19445
#: serverguide/C/network-auth.xml:3802(title)
20020
#: serverguide/C/network-auth.xml:3795(title)
19446
20021
msgid "Secondary KDC Configuration"
19447
20022
msgstr ""
19448
20023
19449
#: serverguide/C/network-auth.xml:3804(para)
20024
#: serverguide/C/network-auth.xml:3797(para)
19450
20025
msgid ""
19451
20026
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
19452
20027
"one using the normal Kerberos database."
19453
20028
msgstr ""
19454
20029
19455
#: serverguide/C/network-auth.xml:3810(para)
20030
#: serverguide/C/network-auth.xml:3803(para)
19456
20031
msgid "First, install the necessary packages. In a terminal enter:"
19457
20032
msgstr ""
19458
20033
19459
#: serverguide/C/network-auth.xml:3821(para)
20034
#: serverguide/C/network-auth.xml:3814(para)
19460
20035
msgid ""
19461
20036
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
19462
20037
msgstr ""
19463
20038
19464
#: serverguide/C/network-auth.xml:3825(programlisting)
20039
#: serverguide/C/network-auth.xml:3818(programlisting)
19465
20040
#, no-wrap
19466
20041
msgid ""
19467
20042
"\n"
19510
20085
" }\n"
19511
20086
msgstr ""
19512
20087
19513
#: serverguide/C/network-auth.xml:3872(para)
20088
#: serverguide/C/network-auth.xml:3865(para)
19514
20089
msgid "Create the stash for the LDAP bind password:"
19515
20090
msgstr ""
19516
20091
19517
#: serverguide/C/network-auth.xml:3884(para)
20092
#: serverguide/C/network-auth.xml:3877(para)
19518
20093
msgid ""
19519
20094
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
19520
20095
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
19523
20098
"media."
19524
20099
msgstr ""
19525
20100
19526
#: serverguide/C/network-auth.xml:3891(command)
20101
#: serverguide/C/network-auth.xml:3884(command)
19527
20102
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
19528
20103
msgstr ""
19529
20104
19530
#: serverguide/C/network-auth.xml:3892(command)
20105
#: serverguide/C/network-auth.xml:3885(command)
19531
20106
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
19532
20107
msgstr ""
19533
20108
19534
#: serverguide/C/network-auth.xml:3896(para)
20109
#: serverguide/C/network-auth.xml:3889(para)
19535
20110
msgid ""
19536
20111
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
19537
20112
msgstr ""
19538
20113
19539
#: serverguide/C/network-auth.xml:3904(para)
20114
#: serverguide/C/network-auth.xml:3897(para)
19540
20115
msgid ""
19541
20116
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
19542
20117
"only,"
19543
20118
msgstr ""
19544
20119
19545
#: serverguide/C/network-auth.xml:3916(para)
20120
#: serverguide/C/network-auth.xml:3909(para)
19546
20121
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
19547
20122
msgstr ""
19548
20123
20124
#: serverguide/C/network-auth.xml:3920(para)
20125
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
20126
msgstr ""
20127
19549
20128
#: serverguide/C/network-auth.xml:3927(para)
19550
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
19551
msgstr ""
19552
19553
#: serverguide/C/network-auth.xml:3934(para)
19554
20129
msgid ""
19555
20130
"You now have redundant KDCs on your network, and with redundant LDAP servers "
19556
20131
"you should be able to continue to authenticate users if one LDAP server, one "
19557
20132
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
19558
20133
msgstr ""
19559
20134
19560
#: serverguide/C/network-auth.xml:3946(para)
20135
#: serverguide/C/network-auth.xml:3939(para)
19561
20136
msgid ""
19562
20137
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
19563
20138
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
19564
20139
"Guide</ulink> has some additional details."
19565
20140
msgstr ""
19566
20141
19567
#: serverguide/C/network-auth.xml:3952(para)
20142
#: serverguide/C/network-auth.xml:3945(para)
19568
20143
msgid ""
19569
20144
"For more information on <application>kdb5_ldap_util</application> see <ulink "
19570
20145
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
19574
20149
"l\">kdb5_ldap_util man page</ulink>."
19575
20150
msgstr ""
19576
20151
19577
#: serverguide/C/network-auth.xml:3960(para)
20152
#: serverguide/C/network-auth.xml:3953(para)
19578
20153
msgid ""
19579
20154
"Another useful link is the <ulink "
19580
20155
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/krb5.conf.5.html\">k"
19581
20156
"rb5.conf man page</ulink>."
19582
20157
msgstr ""
19583
20158
19584
#: serverguide/C/network-auth.xml:3965(para)
20159
#: serverguide/C/network-auth.xml:3958(para)
19585
20160
msgid ""
19586
20161
"Also, see the <ulink "
19587
20162
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
19588
20163
"and LDAP</ulink> Ubuntu wiki page."
19589
20164
msgstr ""
19590
20165
19591
#: serverguide/C/network-auth.xml:3974(title)
20166
#: serverguide/C/network-auth.xml:3967(title)
19592
20167
msgid "SSSD and Active Directory"
19593
20168
msgstr ""
19594
20169
19595
#: serverguide/C/network-auth.xml:3975(para)
20170
#: serverguide/C/network-auth.xml:3968(para)
19596
20171
msgid ""
19597
20172
"This section describes the use of sssd to authenticate user logins against "
19598
20173
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
19603
20178
"requires no modifications to the AD structure."
19604
20179
msgstr ""
19605
20180
19606
#: serverguide/C/network-auth.xml:3979(title)
20181
#: serverguide/C/network-auth.xml:3972(title)
19607
20182
msgid "Prerequisites, Assumptions, and Requirements"
19608
20183
msgstr ""
19609
20184
19610
#: serverguide/C/network-auth.xml:3982(para)
20185
#: serverguide/C/network-auth.xml:3975(para)
19611
20186
msgid ""
19612
20187
"This guide does not explain Active Directory, how it works, how to set one "
19613
20188
"up, or how to maintain it. It may not provide <quote>best practices</quote> "
19614
20189
"for your environment."
19615
20190
msgstr ""
19616
20191
19617
#: serverguide/C/network-auth.xml:3984(para)
20192
#: serverguide/C/network-auth.xml:3977(para)
19618
20193
msgid ""
19619
20194
"This guide assumes that a working Active Directory domain is already "
19620
20195
"configured."
19621
20196
msgstr ""
19622
20197
19623
#: serverguide/C/network-auth.xml:3986(para)
20198
#: serverguide/C/network-auth.xml:3979(para)
19624
20199
msgid ""
19625
20200
"The domain controller is acting as an authoritative DNS server for the "
19626
20201
"domain."
19627
20202
msgstr ""
19628
20203
19629
#: serverguide/C/network-auth.xml:3988(para)
20204
#: serverguide/C/network-auth.xml:3981(para)
19630
20205
msgid ""
19631
20206
"The domain controller is the primary DNS resolver as specified in "
19632
20207
"<filename>/etc/resolv.conf</filename>."
19633
20208
msgstr ""
19634
20209
19635
#: serverguide/C/network-auth.xml:3991(para)
20210
#: serverguide/C/network-auth.xml:3984(para)
19636
20211
msgid ""
19637
20212
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
19638
20213
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
19639
20214
"(see Resources section for external links)."
19640
20215
msgstr ""
19641
20216
19642
#: serverguide/C/network-auth.xml:3993(para)
20217
#: serverguide/C/network-auth.xml:3986(para)
19643
20218
msgid ""
19644
20219
"System time is synchronized on the domain controller (necessary for "
19645
20220
"Kerberos)."
19646
20221
msgstr ""
19647
20222
19648
#: serverguide/C/network-auth.xml:3995(para)
20223
#: serverguide/C/network-auth.xml:3988(para)
19649
20224
msgid ""
19650
20225
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
19651
20226
"."
19652
20227
msgstr ""
19653
20228
19654
#: serverguide/C/network-auth.xml:4000(para)
20229
#: serverguide/C/network-auth.xml:3993(para)
19655
20230
msgid ""
19656
20231
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
19657
20232
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
19660
20235
"controllers are needed for this step."
19661
20236
msgstr ""
19662
20237
19663
#: serverguide/C/network-auth.xml:4001(para)
20238
#: serverguide/C/network-auth.xml:3994(para)
19664
20239
msgid "Install these packages now."
19665
20240
msgstr ""
19666
20241
19667
#: serverguide/C/network-auth.xml:4003(command)
20242
#: serverguide/C/network-auth.xml:3996(command)
19668
20243
msgid "sudo apt install krb5-user samba sssd ntp"
19669
20244
msgstr ""
19670
20245
19671
#: serverguide/C/network-auth.xml:4004(para)
20246
#: serverguide/C/network-auth.xml:3997(para)
19672
20247
msgid ""
19673
20248
"See the next section for the answers to the questions asked by the "
19674
20249
"<emphasis>krb5-user</emphasis> postinstall script."
19675
20250
msgstr ""
19676
20251
19677
#: serverguide/C/network-auth.xml:4007(title)
20252
#: serverguide/C/network-auth.xml:4000(title)
19678
20253
msgid "Kerberos Configuration"
19679
20254
msgstr ""
19680
20255
19681
#: serverguide/C/network-auth.xml:4008(para)
20256
#: serverguide/C/network-auth.xml:4001(para)
19682
20257
msgid ""
19683
20258
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
19684
20259
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
19688
20263
"not, then both are needed."
19689
20264
msgstr ""
19690
20265
19691
#: serverguide/C/network-auth.xml:4009(para)
20266
#: serverguide/C/network-auth.xml:4002(para)
19692
20267
msgid ""
19693
20268
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
19694
20269
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
19695
20270
msgstr ""
19696
20271
19697
#: serverguide/C/network-auth.xml:4012(para)
20272
#: serverguide/C/network-auth.xml:4005(para)
19698
20273
msgid ""
19699
20274
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
19700
20275
"settings to specify Kerberos ticket lifetime (these values are safe to use "
19701
20276
"as defaults):"
19702
20277
msgstr ""
19703
20278
19704
#: serverguide/C/network-auth.xml:4013(programlisting)
20279
#: serverguide/C/network-auth.xml:4006(programlisting)
19705
20280
#, no-wrap
19706
20281
msgid ""
19707
20282
"\n"
19713
20288
"\t\t"
19714
20289
msgstr ""
19715
20290
19716
#: serverguide/C/network-auth.xml:4021(para)
20291
#: serverguide/C/network-auth.xml:4014(para)
19717
20292
msgid ""
19718
20293
"If default_realm is not specified, it may be necessary to log in with "
19719
20294
"<quote>username@domain</quote> instead of <quote>username</quote>."
19720
20295
msgstr ""
19721
20296
19722
#: serverguide/C/network-auth.xml:4023(para)
20297
#: serverguide/C/network-auth.xml:4016(para)
19723
20298
msgid ""
19724
20299
"The system time on the Active Directory member needs to be consistent with "
19725
20300
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
19727
20302
"<filename>/etc/ntp.conf</filename>:"
19728
20303
msgstr ""
19729
20304
19730
#: serverguide/C/network-auth.xml:4025(programlisting)
20305
#: serverguide/C/network-auth.xml:4018(programlisting)
19731
20306
#, no-wrap
19732
20307
msgid ""
19733
20308
"\n"
19734
20309
"server dc.myubuntu.example.com\n"
19735
20310
msgstr ""
19736
20311
19737
#: serverguide/C/network-auth.xml:4032(para)
20312
#: serverguide/C/network-auth.xml:4025(para)
19738
20313
msgid ""
19739
20314
"Samba will be used to perform netbios/nmbd services related to Active "
19740
20315
"Directory authentication, even if no file shares are exported. Edit the file "
19742
20317
"<emphasis>[global]</emphasis> section:"
19743
20318
msgstr ""
19744
20319
19745
#: serverguide/C/network-auth.xml:4034(programlisting)
20320
#: serverguide/C/network-auth.xml:4027(programlisting)
19746
20321
#, no-wrap
19747
20322
msgid ""
19748
20323
"\n"
19756
20331
"security = ads\n"
19757
20332
msgstr ""
19758
20333
19759
#: serverguide/C/network-auth.xml:4045(para)
20334
#: serverguide/C/network-auth.xml:4038(para)
19760
20335
msgid ""
19761
20336
"Some guides specify that \"password server\" should be specified and pointed "
19762
20337
"to the domain controller. This is only necessary if DNS is not properly set "
19764
20339
"server\" is specified with \"security = ads\"."
19765
20340
msgstr ""
19766
20341
19767
#: serverguide/C/network-auth.xml:4050(title)
20342
#: serverguide/C/network-auth.xml:4043(title)
19768
20343
msgid "SSSD Configuration"
19769
20344
msgstr ""
19770
20345
19771
#: serverguide/C/network-auth.xml:4052(para)
20346
#: serverguide/C/network-auth.xml:4045(para)
19772
20347
msgid ""
19773
20348
"There is no default/example config file for "
19774
20349
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
19775
20350
"necessary to create one. This is a minimal working config file:"
19776
20351
msgstr ""
19777
20352
19778
#: serverguide/C/network-auth.xml:4054(programlisting)
20353
#: serverguide/C/network-auth.xml:4047(programlisting)
19779
20354
#, no-wrap
19780
20355
msgid ""
19781
20356
"\n"
19807
20382
"# enumerate = true\n"
19808
20383
msgstr ""
19809
20384
19810
#: serverguide/C/network-auth.xml:4081(para)
20385
#: serverguide/C/network-auth.xml:4074(para)
19811
20386
msgid ""
19812
20387
"After saving this file, set the ownership to root and the file permissions "
19813
20388
"to 600:"
19814
20389
msgstr ""
19815
20390
19816
#: serverguide/C/network-auth.xml:4082(command)
20391
#: serverguide/C/network-auth.xml:4075(command)
19817
20392
msgid "sudo chown root:root /etc/sssd/sssd.conf"
19818
20393
msgstr ""
19819
20394
19820
#: serverguide/C/network-auth.xml:4083(command)
20395
#: serverguide/C/network-auth.xml:4076(command)
19821
20396
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
19822
20397
msgstr ""
19823
20398
19824
#: serverguide/C/network-auth.xml:4085(para)
20399
#: serverguide/C/network-auth.xml:4078(para)
19825
20400
msgid ""
19826
20401
"If the ownership or permissions are not correct, sssd will refuse to start."
19827
20402
msgstr ""
19828
20403
19829
#: serverguide/C/network-auth.xml:4089(title)
20404
#: serverguide/C/network-auth.xml:4082(title)
19830
20405
msgid "Verify nsswitch.conf Configuration"
19831
20406
msgstr ""
19832
20407
19833
#: serverguide/C/network-auth.xml:4090(para)
20408
#: serverguide/C/network-auth.xml:4083(para)
19834
20409
msgid ""
19835
20410
"The post-install script for the sssd package makes some modifications to "
19836
20411
"/etc/nsswitch.conf automatically. It should look something like this:"
19837
20412
msgstr ""
19838
20413
19839
#: serverguide/C/network-auth.xml:4092(programlisting)
20414
#: serverguide/C/network-auth.xml:4085(programlisting)
19840
20415
#, no-wrap
19841
20416
msgid ""
19842
20417
"\n"
19847
20422
"sudoers: files sss\n"
19848
20423
msgstr ""
19849
20424
19850
#: serverguide/C/network-auth.xml:4102(title)
20425
#: serverguide/C/network-auth.xml:4095(title)
19851
20426
msgid "Modify /etc/hosts"
19852
20427
msgstr ""
19853
20428
19854
#: serverguide/C/network-auth.xml:4103(para)
20429
#: serverguide/C/network-auth.xml:4096(para)
19855
20430
msgid ""
19856
20431
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
19857
20432
"example:"
19858
20433
msgstr ""
19859
20434
19860
#: serverguide/C/network-auth.xml:4104(programlisting)
20435
#: serverguide/C/network-auth.xml:4097(programlisting)
19861
20436
#, no-wrap
19862
20437
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
19863
20438
msgstr ""
19864
20439
19865
#: serverguide/C/network-auth.xml:4106(para)
20440
#: serverguide/C/network-auth.xml:4099(para)
19866
20441
msgid "This is useful in conjunction with dynamic DNS updates."
19867
20442
msgstr ""
19868
20443
19869
#: serverguide/C/network-auth.xml:4110(title)
20444
#: serverguide/C/network-auth.xml:4103(title)
19870
20445
msgid "Join the Active Directory"
19871
20446
msgstr ""
19872
20447
19873
#: serverguide/C/network-auth.xml:4111(para)
20448
#: serverguide/C/network-auth.xml:4104(para)
19874
20449
msgid "Now, restart ntp and samba and start sssd."
19875
20450
msgstr ""
19876
20451
19877
#: serverguide/C/network-auth.xml:4112(command)
20452
#: serverguide/C/network-auth.xml:4105(command)
19878
20453
msgid "sudo systemctl restart ntp.service"
19879
20454
msgstr ""
19880
20455
19881
#: serverguide/C/network-auth.xml:4114(command)
20456
#: serverguide/C/network-auth.xml:4107(command)
19882
20457
msgid "sudo systemctl start sssd.service"
19883
20458
msgstr ""
19884
20459
19885
#: serverguide/C/network-auth.xml:4116(para)
20460
#: serverguide/C/network-auth.xml:4109(para)
19886
20461
msgid "Test the configuration by obtaining a Kerberos ticket:"
19887
20462
msgstr ""
19888
20463
19889
#: serverguide/C/network-auth.xml:4118(command)
20464
#: serverguide/C/network-auth.xml:4111(command)
19890
20465
msgid "sudo kinit Administrator"
19891
20466
msgstr ""
19892
20467
19893
#: serverguide/C/network-auth.xml:4120(para)
20468
#: serverguide/C/network-auth.xml:4113(para)
19894
20469
msgid "Verify the ticket with:"
19895
20470
msgstr ""
19896
20471
19897
#: serverguide/C/network-auth.xml:4121(command)
20472
#: serverguide/C/network-auth.xml:4114(command)
19898
20473
msgid "sudo klist"
19899
20474
msgstr ""
19900
20475
19901
#: serverguide/C/network-auth.xml:4123(para)
20476
#: serverguide/C/network-auth.xml:4116(para)
19902
20477
msgid ""
19903
20478
"If there is a ticket with an expiration date listed, then it is time to join "
19904
20479
"the domain:"
19905
20480
msgstr ""
19906
20481
19907
#: serverguide/C/network-auth.xml:4125(command)
20482
#: serverguide/C/network-auth.xml:4118(command)
19908
20483
msgid "sudo net ads join -k"
19909
20484
msgstr ""
19910
20485
19911
#: serverguide/C/network-auth.xml:4127(para)
20486
#: serverguide/C/network-auth.xml:4120(para)
19912
20487
msgid ""
19913
20488
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
19914
20489
"probably means that there is no (correct) alias in "
19918
20493
"\"Modify /etc/hosts\" above."
19919
20494
msgstr ""
19920
20495
19921
#: serverguide/C/network-auth.xml:4129(para)
20496
#: serverguide/C/network-auth.xml:4122(para)
19922
20497
msgid ""
19923
20498
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
19924
20499
"something is incorrect. Review the prior steps before proceeding)."
19925
20500
msgstr ""
19926
20501
19927
#: serverguide/C/network-auth.xml:4131(para)
20502
#: serverguide/C/network-auth.xml:4124(para)
19928
20503
msgid ""
19929
20504
"Here are a couple of (optional) checks to verify that the domain join was "
19930
20505
"successful. Note that if the domain was successfully joined but one or both "
19932
20507
"Some of the changes appear to be asynchronous."
19933
20508
msgstr ""
19934
20509
19935
#: serverguide/C/network-auth.xml:4133(para)
20510
#: serverguide/C/network-auth.xml:4126(para)
19936
20511
msgid "Verification option #1:"
19937
20512
msgstr ""
19938
20513
19939
#: serverguide/C/network-auth.xml:4134(para)
20514
#: serverguide/C/network-auth.xml:4127(para)
19940
20515
msgid ""
19941
20516
"Check the default Organizational Unit for computer accounts in the Active "
19942
20517
"Directory to verify that the computer account was created. (Organizational "
19943
20518
"Units in Active Directory is a topic outside the scope of this guide)."
19944
20519
msgstr ""
19945
20520
19946
#: serverguide/C/network-auth.xml:4136(para)
20521
#: serverguide/C/network-auth.xml:4129(para)
19947
20522
msgid "Verification option #2"
19948
20523
msgstr ""
19949
20524
19950
#: serverguide/C/network-auth.xml:4137(para)
20525
#: serverguide/C/network-auth.xml:4130(para)
19951
20526
msgid "Execute this command for a specific AD user (e.g. administrator)"
19952
20527
msgstr ""
19953
20528
19954
#: serverguide/C/network-auth.xml:4138(command)
20529
#: serverguide/C/network-auth.xml:4131(command)
19955
20530
msgid "getent passwd username"
19956
20531
msgstr ""
19957
20532
19958
#: serverguide/C/network-auth.xml:4140(para)
20533
#: serverguide/C/network-auth.xml:4133(para)
19959
20534
msgid ""
19960
20535
"If <emphasis>enumerate = true</emphasis> is set in "
19961
20536
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
19963
20538
"testing, but is slow and not recommended for production."
19964
20539
msgstr ""
19965
20540
19966
#: serverguide/C/network-auth.xml:4144(title)
20541
#: serverguide/C/network-auth.xml:4137(title)
19967
20542
msgid "Test Authentication"
19968
20543
msgstr ""
19969
20544
19970
#: serverguide/C/network-auth.xml:4145(para)
20545
#: serverguide/C/network-auth.xml:4138(para)
19971
20546
msgid ""
19972
20547
"It should now be possible to authenticate using an Active Directory User's "
19973
20548
"credentials:"
19974
20549
msgstr ""
19975
20550
19976
#: serverguide/C/network-auth.xml:4147(command)
20551
#: serverguide/C/network-auth.xml:4140(command)
19977
20552
msgid "su - username"
19978
20553
msgstr ""
19979
20554
19980
#: serverguide/C/network-auth.xml:4149(para)
20555
#: serverguide/C/network-auth.xml:4142(para)
19981
20556
msgid ""
19982
20557
"If this works, then other login methods (getty, ssh) should also work."
19983
20558
msgstr ""
19984
20559
19985
#: serverguide/C/network-auth.xml:4151(para)
20560
#: serverguide/C/network-auth.xml:4144(para)
19986
20561
msgid ""
19987
20562
"If the computer account was created, indicating that the system was "
19988
20563
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
19991
20566
"earlier in this guide."
19992
20567
msgstr ""
19993
20568
19994
#: serverguide/C/network-auth.xml:4155(title)
20569
#: serverguide/C/network-auth.xml:4148(title)
19995
20570
msgid "Home directories with pam_mkhomedir (optional)"
19996
20571
msgstr ""
19997
20572
19998
#: serverguide/C/network-auth.xml:4156(para)
20573
#: serverguide/C/network-auth.xml:4149(para)
19999
20574
msgid ""
20000
20575
"When logging in using an Active Directory user account, it is likely that "
20001
20576
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
20004
20579
"after <emphasis>session required pam_unix.so:</emphasis>"
20005
20580
msgstr ""
20006
20581
20007
#: serverguide/C/network-auth.xml:4157(programlisting)
20582
#: serverguide/C/network-auth.xml:4150(programlisting)
20008
20583
#, no-wrap
20009
20584
msgid ""
20010
20585
"\n"
20011
20586
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
20012
20587
msgstr ""
20013
20588
20014
#: serverguide/C/network-auth.xml:4161(para)
20589
#: serverguide/C/network-auth.xml:4154(para)
20015
20590
msgid ""
20016
20591
"This may also need <emphasis>override_homedir</emphasis> in "
20017
20592
"<filename>sssd.conf</filename> to function correctly, so make sure that's "
20018
20593
"set."
20019
20594
msgstr ""
20020
20595
20021
#: serverguide/C/network-auth.xml:4165(title)
20596
#: serverguide/C/network-auth.xml:4158(title)
20022
20597
msgid "Desktop Ubuntu Authentication"
20023
20598
msgstr ""
20024
20599
20025
#: serverguide/C/network-auth.xml:4166(para)
20600
#: serverguide/C/network-auth.xml:4159(para)
20026
20601
msgid ""
20027
20602
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
20028
20603
"Directory accounts. The AD accounts will not show up in the pick list with "
20031
20606
"append the following two lines:"
20032
20607
msgstr ""
20033
20608
20034
#: serverguide/C/network-auth.xml:4168(programlisting)
20609
#: serverguide/C/network-auth.xml:4161(programlisting)
20035
20610
#, no-wrap
20036
20611
msgid ""
20037
20612
"\n"
20039
20614
"greeter-hide-users=true\n"
20040
20615
msgstr ""
20041
20616
20042
#: serverguide/C/network-auth.xml:4173(para)
20617
#: serverguide/C/network-auth.xml:4166(para)
20043
20618
msgid ""
20044
20619
"Reboot to restart lightdm. It should now be possible to log in using a "
20045
20620
"domain account using either <emphasis>username</emphasis> or "
20046
20621
"<emphasis>username/username@domain</emphasis> format."
20047
20622
msgstr ""
20048
20623
20049
#: serverguide/C/network-auth.xml:4179(ulink)
20624
#: serverguide/C/network-auth.xml:4172(ulink)
20050
20625
msgid "SSSD Project"
20051
20626
msgstr ""
20052
20627
20053
#: serverguide/C/network-auth.xml:4180(ulink)
20628
#: serverguide/C/network-auth.xml:4173(ulink)
20054
20629
msgid "DNS Server Configuration guidelines"
20055
20630
msgstr ""
20056
20631
20057
#: serverguide/C/network-auth.xml:4181(ulink)
20632
#: serverguide/C/network-auth.xml:4174(ulink)
20058
20633
msgid "Active Directory DNS Zone Entries"
20059
20634
msgstr ""
20060
20635
20061
#: serverguide/C/network-auth.xml:4182(ulink)
20636
#: serverguide/C/network-auth.xml:4175(ulink)
20062
20637
msgid "Kerberos config options"
20063
20638
msgstr ""
20064
20639
21628
22203
#: serverguide/C/mail.xml:249(para)
21629
22204
msgid ""
21630
22205
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
21631
"enable Dovecot SASL the <application>dovecot-common</application> package "
21632
"will need to be installed. From a terminal prompt enter the following:"
22206
"enable Dovecot SASL the <application>dovecot-core</application> package will "
22207
"need to be installed. From a terminal prompt enter the following:"
21633
22208
msgstr ""
21634
22209
21635
22210
#: serverguide/C/mail.xml:255(command)
21636
msgid "sudo apt install dovecot-common"
22211
msgid "sudo apt install dovecot-core"
21637
22212
msgstr ""
21638
22213
21639
22214
#: serverguide/C/mail.xml:257(para)
23841
24416
msgstr ""
23842
24417
23843
24418
#: serverguide/C/lamp-applications.xml:278(title)
23844
msgid "MediaWiki"
24419
msgid "phpMyAdmin"
23845
24420
msgstr ""
23846
24421
23847
24422
#: serverguide/C/lamp-applications.xml:280(para)
23848
24423
msgid ""
23849
"MediaWiki is an web based Wiki software written in the PHP language. It can "
23850
"either use <application>MySQL</application> or "
23851
"<application>PostgreSQL</application> Database Management System."
23852
msgstr ""
23853
23854
#: serverguide/C/lamp-applications.xml:290(para)
23855
msgid ""
23856
"Before installing <application>MediaWiki</application> you should also "
23857
"install <application>Apache2</application>, the "
23858
"<application>PHP</application> scripting language and a Database Management "
23859
"System. <application>MySQL</application> or "
23860
"<application>PostgreSQL</application> are the most common, choose one "
23861
"depending on your need. Please refer to those sections in this manual for "
23862
"installation instructions."
23863
msgstr ""
23864
23865
#: serverguide/C/lamp-applications.xml:298(para)
23866
msgid ""
23867
"To install <application>MediaWiki</application>, run the following command "
23868
"in the command prompt:"
23869
msgstr ""
23870
23871
#: serverguide/C/lamp-applications.xml:304(command)
23872
msgid "sudo apt install mediawiki php-gd"
23873
msgstr ""
23874
23875
#: serverguide/C/lamp-applications.xml:307(para)
23876
msgid ""
23877
"For additional <application>MediaWiki</application> functionality see the "
23878
"<application>mediawiki-extensions</application> package."
23879
msgstr ""
23880
23881
#: serverguide/C/lamp-applications.xml:317(para)
23882
msgid ""
23883
"The Apache configuration file <filename>mediawiki.conf</filename> for "
23884
"<application>MediaWiki</application> is installed in "
23885
"<filename>/etc/apache2/conf-available/</filename> directory. To access "
23886
"<application>MediaWiki</application>, uncomment the following line in the "
23887
"file."
23888
msgstr ""
23889
23890
#: serverguide/C/lamp-applications.xml:324(screen)
23891
#, no-wrap
23892
msgid ""
23893
"\n"
23894
"# Alias /mediawiki /var/lib/mediawiki\n"
23895
msgstr ""
23896
23897
#: serverguide/C/lamp-applications.xml:328(para)
23898
msgid ""
23899
"The <application>MediaWiki</application> configuration also needs to be "
23900
"enabled."
23901
msgstr ""
23902
23903
#: serverguide/C/lamp-applications.xml:332(command)
23904
msgid "sudo a2enconf mediawiki.conf"
23905
msgstr ""
23906
23907
#: serverguide/C/lamp-applications.xml:335(para)
23908
msgid "Restart Apache server."
23909
msgstr ""
23910
23911
#: serverguide/C/lamp-applications.xml:342(para)
23912
msgid ""
23913
"Access <application>MediaWiki</application> by visiting <ulink "
23914
"url=\"http://localhost/mediawiki/mw-"
23915
"config/index.php\">http://localhost/mediawiki/mw-config/index.php</ulink>. "
23916
"(Or <ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23917
"config/index.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23918
"config/index.php</ulink> if your server has no GUI.)"
23919
msgstr ""
23920
23921
#: serverguide/C/lamp-applications.xml:350(para)
23922
msgid ""
23923
"Please read the <quote>Environmental checks</quote> section of the "
23924
"configuration page. You should be able to fix many issues by carefully "
23925
"reading this section."
23926
msgstr ""
23927
23928
#: serverguide/C/lamp-applications.xml:357(para)
23929
msgid ""
23930
"Once the configuration is complete, you should copy the "
23931
"<filename>LocalSettings.php</filename> file to "
23932
"<filename>/etc/mediawiki</filename> directory:"
23933
msgstr ""
23934
23935
#: serverguide/C/lamp-applications.xml:364(command)
23936
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
23937
msgstr ""
23938
23939
#: serverguide/C/lamp-applications.xml:367(para)
23940
msgid ""
23941
"You may also want to edit "
23942
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
23943
"memory limit (disabled by default):"
23944
msgstr ""
23945
23946
#: serverguide/C/lamp-applications.xml:372(programlisting)
23947
#, no-wrap
23948
msgid ""
23949
"\n"
23950
"ini_set( 'memory_limit', '64M' );\n"
23951
msgstr ""
23952
23953
#: serverguide/C/lamp-applications.xml:379(title)
23954
msgid "Extensions"
23955
msgstr ""
23956
23957
#: serverguide/C/lamp-applications.xml:380(para)
23958
msgid ""
23959
"The extensions add new features and enhancements for the MediaWiki "
23960
"application. The extensions give wiki administrators and end users the "
23961
"ability to customize MediaWiki to their requirements."
23962
msgstr ""
23963
23964
#: serverguide/C/lamp-applications.xml:386(para)
23965
msgid ""
23966
"You can download MediaWiki extensions as an archive file or checkout from "
23967
"the Subversion repository. You should copy it to "
23968
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
23969
"also add the following line at the end of file: "
23970
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
23971
msgstr ""
23972
23973
#: serverguide/C/lamp-applications.xml:394(programlisting)
23974
#, no-wrap
23975
msgid ""
23976
"\n"
23977
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
23978
msgstr ""
23979
23980
#: serverguide/C/lamp-applications.xml:404(para)
23981
msgid ""
23982
"For more details, please refer to the <ulink "
23983
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
23984
msgstr ""
23985
23986
#: serverguide/C/lamp-applications.xml:410(para)
23987
msgid ""
23988
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
23989
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
23990
"new MediaWiki administrators."
23991
msgstr ""
23992
23993
#: serverguide/C/lamp-applications.xml:416(para)
23994
msgid ""
23995
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
23996
"Wiki MediaWiki</ulink> page is a good resource."
23997
msgstr ""
23998
23999
#: serverguide/C/lamp-applications.xml:426(title)
24000
msgid "phpMyAdmin"
24001
msgstr ""
24002
24003
#: serverguide/C/lamp-applications.xml:428(para)
24004
msgid ""
24005
24424
"<application>phpMyAdmin</application> is a LAMP application specifically "
24006
24425
"written for administering <application>MySQL</application> servers. Written "
24007
24426
"in <application>PHP</application>, and accessed through a web browser, "
24008
24427
"phpMyAdmin provides a graphical interface for database administration tasks."
24009
24428
msgstr ""
24010
24429
24011
#: serverguide/C/lamp-applications.xml:437(para)
24430
#: serverguide/C/lamp-applications.xml:289(para)
24012
24431
msgid ""
24013
24432
"Before installing <application>phpMyAdmin</application> you will need access "
24014
24433
"to a <application>MySQL</application> database either on the same host as "
24017
24436
"enter:"
24018
24437
msgstr ""
24019
24438
24020
#: serverguide/C/lamp-applications.xml:444(command)
24439
#: serverguide/C/lamp-applications.xml:296(command)
24021
24440
msgid "sudo apt install phpmyadmin"
24022
24441
msgstr ""
24023
24442
24024
#: serverguide/C/lamp-applications.xml:447(para)
24443
#: serverguide/C/lamp-applications.xml:299(para)
24025
24444
msgid ""
24026
24445
"At the prompt choose which web server to be configured for "
24027
24446
"<application>phpMyAdmin</application>. The rest of this section will use "
24028
24447
"<application>Apache2</application> for the web server."
24029
24448
msgstr ""
24030
24449
24031
#: serverguide/C/lamp-applications.xml:452(para)
24450
#: serverguide/C/lamp-applications.xml:304(para)
24032
24451
msgid ""
24033
24452
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
24034
24453
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
24038
24457
"user's password."
24039
24458
msgstr ""
24040
24459
24041
#: serverguide/C/lamp-applications.xml:459(para)
24460
#: serverguide/C/lamp-applications.xml:311(para)
24042
24461
msgid ""
24043
24462
"Once logged in you can reset the <emphasis>root</emphasis> password if "
24044
24463
"needed, create users, create/destroy databases and tables, etc."
24045
24464
msgstr ""
24046
24465
24047
#: serverguide/C/lamp-applications.xml:467(para)
24466
#: serverguide/C/lamp-applications.xml:319(para)
24048
24467
msgid ""
24049
24468
"The configuration files for <application>phpMyAdmin</application> are "
24050
24469
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
24053
24472
"<application>phpMyAdmin</application>."
24054
24473
msgstr ""
24055
24474
24056
#: serverguide/C/lamp-applications.xml:473(para)
24475
#: serverguide/C/lamp-applications.xml:325(para)
24057
24476
msgid ""
24058
24477
"To use <application>phpMyAdmin</application> to administer a MySQL database "
24059
24478
"hosted on another server, adjust the following in "
24060
24479
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
24061
24480
msgstr ""
24062
24481
24063
#: serverguide/C/lamp-applications.xml:478(programlisting)
24482
#: serverguide/C/lamp-applications.xml:330(programlisting)
24064
24483
#, no-wrap
24065
24484
msgid ""
24066
24485
"\n"
24067
24486
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
24068
24487
msgstr ""
24069
24488
24070
#: serverguide/C/lamp-applications.xml:483(para)
24489
#: serverguide/C/lamp-applications.xml:335(para)
24071
24490
msgid ""
24072
24491
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
24073
24492
"remote database server name or IP address. Also, be sure that the "
24075
24494
"remote database."
24076
24495
msgstr ""
24077
24496
24078
#: serverguide/C/lamp-applications.xml:489(para)
24497
#: serverguide/C/lamp-applications.xml:341(para)
24079
24498
msgid ""
24080
24499
"Once configured, log out of <application>phpMyAdmin</application> and back "
24081
24500
"in, and you should be accessing the new server."
24082
24501
msgstr ""
24083
24502
24084
#: serverguide/C/lamp-applications.xml:493(para)
24503
#: serverguide/C/lamp-applications.xml:345(para)
24085
24504
msgid ""
24086
24505
"The <filename>config.header.inc.php</filename> and "
24087
24506
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
24088
24507
"header and footer to <application>phpMyAdmin</application>."
24089
24508
msgstr ""
24090
24509
24091
#: serverguide/C/lamp-applications.xml:498(para)
24510
#: serverguide/C/lamp-applications.xml:350(para)
24092
24511
msgid ""
24093
24512
"Another important configuration file is "
24094
24513
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
24099
24518
"a terminal type:"
24100
24519
msgstr ""
24101
24520
24102
#: serverguide/C/lamp-applications.xml:506(command)
24521
#: serverguide/C/lamp-applications.xml:358(command)
24103
24522
msgid ""
24104
24523
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
24105
24524
"available/phpmyadmin.conf"
24106
24525
msgstr ""
24107
24526
24108
#: serverguide/C/lamp-applications.xml:507(command)
24527
#: serverguide/C/lamp-applications.xml:359(command)
24109
24528
msgid "sudo a2enconf phpmyadmin.conf"
24110
24529
msgstr ""
24111
24530
24112
#: serverguide/C/lamp-applications.xml:511(para)
24531
#: serverguide/C/lamp-applications.xml:363(para)
24113
24532
msgid ""
24114
24533
"For more information on configuring <application>Apache2</application> see "
24115
24534
"<xref linkend=\"httpd\"/>."
24116
24535
msgstr ""
24117
24536
24118
#: serverguide/C/lamp-applications.xml:522(para)
24537
#: serverguide/C/lamp-applications.xml:374(para)
24119
24538
msgid ""
24120
24539
"The <application>phpMyAdmin</application> documentation comes installed with "
24121
24540
"the package and can be accessed from the <emphasis>phpMyAdmin "
24124
24543
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
24125
24544
msgstr ""
24126
24545
24127
#: serverguide/C/lamp-applications.xml:529(para)
24546
#: serverguide/C/lamp-applications.xml:381(para)
24128
24547
msgid ""
24129
24548
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
24130
24549
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
24131
24550
msgstr ""
24132
24551
24133
#: serverguide/C/lamp-applications.xml:534(para)
24552
#: serverguide/C/lamp-applications.xml:386(para)
24134
24553
msgid ""
24135
24554
"A third resource is the <ulink "
24136
24555
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
24137
24556
"Wiki</ulink> page."
24138
24557
msgstr ""
24139
24558
24140
#: serverguide/C/lamp-applications.xml:543(title)
24559
#: serverguide/C/lamp-applications.xml:395(title)
24141
24560
msgid "WordPress"
24142
24561
msgstr ""
24143
24562
24144
#: serverguide/C/lamp-applications.xml:544(para)
24563
#: serverguide/C/lamp-applications.xml:396(para)
24145
24564
msgid ""
24146
24565
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
24147
24566
"licensed under the GNU GPLv2."
24148
24567
msgstr ""
24149
24568
24150
#: serverguide/C/lamp-applications.xml:550(para)
24569
#: serverguide/C/lamp-applications.xml:402(para)
24151
24570
msgid ""
24152
24571
"To install <application>WordPress</application>, run the following comand in "
24153
24572
"the command prompt:"
24154
24573
msgstr ""
24155
24574
24156
#: serverguide/C/lamp-applications.xml:555(command)
24575
#: serverguide/C/lamp-applications.xml:407(command)
24157
24576
msgid "sudo apt install wordpress"
24158
24577
msgstr ""
24159
24578
24160
#: serverguide/C/lamp-applications.xml:558(para)
24579
#: serverguide/C/lamp-applications.xml:410(para)
24161
24580
msgid ""
24162
24581
"You should also install <application>apache2</application> web server and "
24163
24582
"<application>mysql</application> server. For installing "
24168
24587
"linkend=\"mysql\"/> section."
24169
24588
msgstr ""
24170
24589
24171
#: serverguide/C/lamp-applications.xml:572(para)
24590
#: serverguide/C/lamp-applications.xml:424(para)
24172
24591
msgid ""
24173
24592
"For configuring your first <application>WordPress</application> application, "
24174
24593
"configure an apache site. Open <filename>/etc/apache2/sites-"
24175
24594
"available/wordpress.conf</filename> and write the following lines:"
24176
24595
msgstr ""
24177
24596
24178
#: serverguide/C/lamp-applications.xml:579(programlisting)
24597
#: serverguide/C/lamp-applications.xml:431(programlisting)
24179
24598
#, no-wrap
24180
24599
msgid ""
24181
24600
"\n"
24195
24614
" "
24196
24615
msgstr ""
24197
24616
24198
#: serverguide/C/lamp-applications.xml:595(para)
24617
#: serverguide/C/lamp-applications.xml:447(para)
24199
24618
msgid "Enable this new <application>WordPress</application> site"
24200
24619
msgstr ""
24201
24620
24202
#: serverguide/C/lamp-applications.xml:598(command)
24621
#: serverguide/C/lamp-applications.xml:450(command)
24203
24622
msgid "sudo a2ensite wordpress"
24204
24623
msgstr ""
24205
24624
24206
#: serverguide/C/lamp-applications.xml:601(para)
24625
#: serverguide/C/lamp-applications.xml:453(para)
24207
24626
msgid ""
24208
24627
"Once you configure the <application>apache2</application> web server and "
24209
24628
"make it ready for your <application>WordPress</application> application, you "
24211
24630
"<application>apache2</application> web server:"
24212
24631
msgstr ""
24213
24632
24214
#: serverguide/C/lamp-applications.xml:613(para)
24633
#: serverguide/C/lamp-applications.xml:465(para)
24215
24634
msgid ""
24216
24635
"To facilitate multiple <application>WordPress</application> installations, "
24217
24636
"the name of this configuration file is based on the Host header of the HTTP "
24224
24643
"NAME_OF_YOUR_VIRTUAL_HOST.php."
24225
24644
msgstr ""
24226
24645
24227
#: serverguide/C/lamp-applications.xml:624(para)
24646
#: serverguide/C/lamp-applications.xml:476(para)
24228
24647
msgid ""
24229
24648
"Once the configuration file is written, it is up to you to choose a "
24230
24649
"convention for username and password to mysql for each "
24232
24651
"shows only one, localhost, example."
24233
24652
msgstr ""
24234
24653
24235
#: serverguide/C/lamp-applications.xml:631(para)
24654
#: serverguide/C/lamp-applications.xml:483(para)
24236
24655
msgid ""
24237
24656
"Now configure <application>WordPress</application> to use a mysql database. "
24238
24657
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
24239
24658
"the following lines:"
24240
24659
msgstr ""
24241
24660
24242
#: serverguide/C/lamp-applications.xml:637(programlisting)
24661
#: serverguide/C/lamp-applications.xml:489(programlisting)
24243
24662
#, no-wrap
24244
24663
msgid ""
24245
24664
"\n"
24252
24671
"?>\n"
24253
24672
msgstr ""
24254
24673
24255
#: serverguide/C/lamp-applications.xml:646(para)
24674
#: serverguide/C/lamp-applications.xml:498(para)
24256
24675
msgid ""
24257
24676
"Now create this mysql database. Open a temporary file with mysql commands "
24258
24677
"<filename>wordpress.sql</filename> and write the following lines:"
24259
24678
msgstr ""
24260
24679
24261
#: serverguide/C/lamp-applications.xml:649(programlisting)
24680
#: serverguide/C/lamp-applications.xml:501(programlisting)
24262
24681
#, no-wrap
24263
24682
msgid ""
24264
24683
"\n"
24270
24689
"FLUSH PRIVILEGES;\n"
24271
24690
msgstr ""
24272
24691
24273
#: serverguide/C/lamp-applications.xml:657(para)
24692
#: serverguide/C/lamp-applications.xml:509(para)
24274
24693
msgid "Execute these commands."
24275
24694
msgstr ""
24276
24695
24277
#: serverguide/C/lamp-applications.xml:659(command)
24696
#: serverguide/C/lamp-applications.xml:511(command)
24278
24697
msgid ""
24279
24698
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
24280
24699
msgstr ""
24281
24700
24282
#: serverguide/C/lamp-applications.xml:661(para)
24701
#: serverguide/C/lamp-applications.xml:513(para)
24283
24702
msgid ""
24284
24703
"Your new <application>WordPress</application> can now be configured by "
24285
24704
"visiting <ulink url=\"http://localhost/blog/wp-"
24292
24711
"mail and click Install WordPress."
24293
24712
msgstr ""
24294
24713
24295
#: serverguide/C/lamp-applications.xml:668(para)
24714
#: serverguide/C/lamp-applications.xml:520(para)
24296
24715
msgid ""
24297
24716
"Note the generated password (if applicable) and click the login password. "
24298
24717
"Your <application>WordPress</application> is now ready for use."
24299
24718
msgstr ""
24300
24719
24301
#: serverguide/C/lamp-applications.xml:678(ulink)
24720
#: serverguide/C/lamp-applications.xml:530(ulink)
24302
24721
msgid "WordPress.org Codex"
24303
24722
msgstr ""
24304
24723
24305
#: serverguide/C/lamp-applications.xml:683(ulink)
24724
#: serverguide/C/lamp-applications.xml:535(ulink)
24306
24725
msgid "Ubuntu Wiki WordPress"
24307
24726
msgstr ""
24308
24727
30718
31137
msgstr ""
30719
31138
30720
31139
#: serverguide/C/clustering.xml:135(command)
30721
msgid "sudo systemctl start drdb.service"
31140
msgid "sudo systemctl start drbd.service"
30722
31141
msgstr ""
30723
31142
30724
31143
#: serverguide/C/clustering.xml:141(para)
Loggerhead is a web-based interface for Breezy
Version: 2.0.1