~ahasenack/serverguide/use-sasl-external-for-config-changes-973981
» Revision
308
: serverguide/po/ms.po
« back to all changes in this revision
Viewing changes to serverguide/po/ms.po
- browse files at revision 308
- compare with another revision
- download diff
- download tarball
- view history from revision 308
- Committer: Doug Smythies
- Date: 2016-12-22 00:01:42 UTC
- Revision ID: dsmythies@telus.net-20161222000142-x81lfy023vauvtbh
update PO files. Serverguide 16.04 point release.
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/ms.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2016-05-13 09:11-0700\n"
10
"POT-Creation-Date: 2016-12-06 21:37-0800\n"
11
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Malay <ms@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2016-05-13 21:07+0000\n"
18
"X-Generator: Launchpad (build 18025)\n"
17
"X-Launchpad-Export-Date: 2016-12-21 23:28+0000\n"
18
"X-Generator: Launchpad (build 18298)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
87
87
"for the development and deployment of Web-based applications."
88
88
msgstr ""
89
89
90
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:980(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:838(title) serverguide/C/virtualization.xml:1697(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2798(title) serverguide/C/network-auth.xml:3270(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:288(title) serverguide/C/lamp-applications.xml:435(title) serverguide/C/lamp-applications.xml:549(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
90
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:857(title) serverguide/C/web-servers.xml:991(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:906(title) serverguide/C/virtualization.xml:1765(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:291(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:471(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1141(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2791(title) serverguide/C/network-auth.xml:3263(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:401(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:946(title) serverguide/C/installation.xml:1401(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:135(title) serverguide/C/backups.xml:602(title)
91
91
msgid "Installation"
92
92
msgstr "Pemasangan"
93
93
105
105
msgid "sudo apt install apache2"
106
106
msgstr ""
107
107
108
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1007(title) serverguide/C/web-servers.xml:1110(title) serverguide/C/virtualization.xml:869(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2885(title) serverguide/C/network-auth.xml:3291(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:315(title) serverguide/C/lamp-applications.xml:465(title) serverguide/C/lamp-applications.xml:570(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
108
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:868(title) serverguide/C/web-servers.xml:1018(title) serverguide/C/web-servers.xml:1121(title) serverguide/C/virtualization.xml:937(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:308(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1152(title) serverguide/C/network-auth.xml:2878(title) serverguide/C/network-auth.xml:3284(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:317(title) serverguide/C/lamp-applications.xml:422(title) serverguide/C/installation.xml:1446(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:147(title) serverguide/C/backups.xml:631(title)
109
109
msgid "Configuration"
110
110
msgstr "Konfigurasi"
111
111
342
342
msgid "sudo a2ensite mynewsite"
343
343
msgstr ""
344
344
345
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
345
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:462(command)
346
346
msgid "sudo systemctl restart apache2.service"
347
347
msgstr ""
348
348
733
733
"Access Control Lists (ACLs)."
734
734
msgstr ""
735
735
736
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:962(title) serverguide/C/web-servers.xml:1057(title) serverguide/C/web-servers.xml:1282(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
736
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:812(title) serverguide/C/web-servers.xml:973(title) serverguide/C/web-servers.xml:1068(title) serverguide/C/web-servers.xml:1293(title) serverguide/C/vpn.xml:919(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:876(title) serverguide/C/security.xml:1216(title) serverguide/C/security.xml:1630(title) serverguide/C/security.xml:1816(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:820(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1205(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:370(title) serverguide/C/lamp-applications.xml:525(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:106(title) serverguide/C/chat.xml:215(title) serverguide/C/backups.xml:301(title)
737
737
msgid "References"
738
738
msgstr "Rujukan"
739
739
956
956
msgstr ""
957
957
958
958
#: serverguide/C/web-servers.xml:863(command)
959
msgid "sudo apt install squid3"
959
msgid "sudo apt install squid"
960
960
msgstr ""
961
961
962
962
#: serverguide/C/web-servers.xml:869(para)
963
963
msgid ""
964
964
"Squid is configured by editing the directives contained within the "
965
"<filename>/etc/squid3/squid.conf</filename> configuration file. The "
966
"following examples illustrate some of the directives which may be modified "
967
"to affect the behavior of the Squid server. For more in-depth configuration "
968
"of Squid, see the References section."
965
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
966
"examples illustrate some of the directives which may be modified to affect "
967
"the behavior of the Squid server. For more in-depth configuration of Squid, "
968
"see the References section."
969
969
msgstr ""
970
970
971
971
#: serverguide/C/web-servers.xml:875(para)
977
977
msgstr ""
978
978
979
979
#: serverguide/C/web-servers.xml:881(command)
980
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
980
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
981
981
msgstr ""
982
982
983
983
#: serverguide/C/web-servers.xml:882(command)
984
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
984
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
985
985
msgstr ""
986
986
987
987
#: serverguide/C/web-servers.xml:889(para)
1022
1022
#: serverguide/C/web-servers.xml:912(para) serverguide/C/web-servers.xml:932(para)
1023
1023
msgid ""
1024
1024
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1025
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1025
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
1026
1026
msgstr ""
1027
1027
1028
1028
#: serverguide/C/web-servers.xml:915(programlisting)
1035
1035
#: serverguide/C/web-servers.xml:918(para) serverguide/C/web-servers.xml:939(para)
1036
1036
msgid ""
1037
1037
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1038
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1038
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
1039
1039
msgstr ""
1040
1040
1041
1041
#: serverguide/C/web-servers.xml:922(programlisting)
1071
1071
1072
1072
#: serverguide/C/web-servers.xml:950(para)
1073
1073
msgid ""
1074
"After making changes to the <filename>/etc/squid3/squid.conf</filename> "
1075
"file, save the file and restart the <application>squid</application> server "
1074
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
1075
"save the file and restart the <application>squid</application> server "
1076
1076
"application to effect the changes using the following command entered at a "
1077
1077
"terminal prompt:"
1078
1078
msgstr ""
1079
1079
1080
1080
#: serverguide/C/web-servers.xml:956(command)
1081
msgid "sudo systemctl restart squid3.service"
1082
msgstr ""
1083
1084
#: serverguide/C/web-servers.xml:964(ulink)
1081
msgid "sudo systemctl restart squid.service"
1082
msgstr ""
1083
1084
#: serverguide/C/web-servers.xml:961(para)
1085
msgid ""
1086
"If formerly a customized squid3 was used that set up the spool at "
1087
"<filename>/var/log/squid3</filename> to be a mountpoint, but otherwise kept "
1088
"the default configuration the upgrade will fail. The upgrade tries to "
1089
"rename/move files as needed, but it can't do so for an active mountpoint. In "
1090
"that case please either adapt the mountpoint or the config in "
1091
"<filename>/etc/squid/squid.conf</filename> so that they match."
1092
msgstr ""
1093
1094
#: serverguide/C/web-servers.xml:966(para)
1095
msgid ""
1096
"The same applies if the <emphasis role=\"bold\">include</emphasis> config "
1097
"statement was used to pull in more files from the old path at "
1098
"<filename>/etc/squid3/</filename>. In those cases you should move and adapt "
1099
"your configuration accordingly."
1100
msgstr ""
1101
1102
#: serverguide/C/web-servers.xml:975(ulink)
1085
1103
msgid "Squid Website"
1086
1104
msgstr ""
1087
1105
1088
#: serverguide/C/web-servers.xml:966(para)
1106
#: serverguide/C/web-servers.xml:977(para)
1089
1107
msgid ""
1090
1108
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1091
1109
"Squid</ulink> page."
1092
1110
msgstr ""
1093
1111
1094
#: serverguide/C/web-servers.xml:973(title)
1112
#: serverguide/C/web-servers.xml:984(title)
1095
1113
msgid "Ruby on Rails"
1096
1114
msgstr ""
1097
1115
1098
#: serverguide/C/web-servers.xml:974(para)
1116
#: serverguide/C/web-servers.xml:985(para)
1099
1117
msgid ""
1100
1118
"Ruby on Rails is an open source web framework for developing database backed "
1101
1119
"web applications. It is optimized for sustainable productivity of the "
1103
1121
"convention over configuration."
1104
1122
msgstr ""
1105
1123
1106
#: serverguide/C/web-servers.xml:981(para)
1124
#: serverguide/C/web-servers.xml:992(para)
1107
1125
msgid ""
1108
1126
"Before installing <application>Rails</application> you should install "
1109
1127
"<application>Apache</application> and <application>MySQL</application>. To "
1112
1130
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1113
1131
msgstr ""
1114
1132
1115
#: serverguide/C/web-servers.xml:989(para)
1133
#: serverguide/C/web-servers.xml:1000(para)
1116
1134
msgid ""
1117
1135
"Once you have <application>Apache</application> and "
1118
1136
"<application>MySQL</application> packages installed, you are ready to "
1119
1137
"install <application>Ruby on Rails</application> package."
1120
1138
msgstr ""
1121
1139
1122
#: serverguide/C/web-servers.xml:996(para)
1140
#: serverguide/C/web-servers.xml:1007(para)
1123
1141
msgid ""
1124
1142
"To install the <application>Ruby</application> base packages and "
1125
1143
"<application>Ruby on Rails</application>, you can enter the following "
1126
1144
"command in the terminal prompt:"
1127
1145
msgstr ""
1128
1146
1129
#: serverguide/C/web-servers.xml:1002(command)
1147
#: serverguide/C/web-servers.xml:1013(command)
1130
1148
msgid "sudo apt install rails"
1131
1149
msgstr ""
1132
1150
1133
#: serverguide/C/web-servers.xml:1008(para)
1151
#: serverguide/C/web-servers.xml:1019(para)
1134
1152
msgid ""
1135
1153
"Modify the <filename>/etc/apache2/sites-available/000-"
1136
1154
"default.conf</filename> configuration file to setup your domains."
1137
1155
msgstr ""
1138
1156
1139
#: serverguide/C/web-servers.xml:1012(para)
1157
#: serverguide/C/web-servers.xml:1023(para)
1140
1158
msgid ""
1141
1159
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1142
1160
msgstr ""
1143
1161
1144
#: serverguide/C/web-servers.xml:1016(programlisting)
1162
#: serverguide/C/web-servers.xml:1027(programlisting)
1145
1163
#, no-wrap
1146
1164
msgid ""
1147
1165
"\n"
1148
1166
"DocumentRoot /path/to/rails/application/public\n"
1149
1167
msgstr ""
1150
1168
1151
#: serverguide/C/web-servers.xml:1019(para)
1169
#: serverguide/C/web-servers.xml:1030(para)
1152
1170
msgid ""
1153
1171
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1154
1172
"directive:"
1155
1173
msgstr ""
1156
1174
1157
#: serverguide/C/web-servers.xml:1023(programlisting)
1175
#: serverguide/C/web-servers.xml:1034(programlisting)
1158
1176
#, no-wrap
1159
1177
msgid ""
1160
1178
"\n"
1167
1185
"</Directory>\n"
1168
1186
msgstr ""
1169
1187
1170
#: serverguide/C/web-servers.xml:1033(para)
1188
#: serverguide/C/web-servers.xml:1044(para)
1171
1189
msgid ""
1172
1190
"You should also enable the <application>mod_rewrite</application> module for "
1173
1191
"Apache. To enable <application>mod_rewrite</application> module, please "
1174
1192
"enter the following command in a terminal prompt:"
1175
1193
msgstr ""
1176
1194
1177
#: serverguide/C/web-servers.xml:1039(command)
1195
#: serverguide/C/web-servers.xml:1050(command)
1178
1196
msgid "sudo a2enmod rewrite"
1179
1197
msgstr ""
1180
1198
1181
#: serverguide/C/web-servers.xml:1042(para)
1199
#: serverguide/C/web-servers.xml:1053(para)
1182
1200
msgid ""
1183
1201
"Finally you will need to change the ownership of the "
1184
1202
"<filename>/path/to/rails/application/public</filename> and "
1186
1204
"used to run the <application>Apache</application> process:"
1187
1205
msgstr ""
1188
1206
1189
#: serverguide/C/web-servers.xml:1048(command)
1207
#: serverguide/C/web-servers.xml:1059(command)
1190
1208
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1191
1209
msgstr ""
1192
1210
1193
#: serverguide/C/web-servers.xml:1049(command)
1211
#: serverguide/C/web-servers.xml:1060(command)
1194
1212
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1195
1213
msgstr ""
1196
1214
1197
#: serverguide/C/web-servers.xml:1052(para)
1215
#: serverguide/C/web-servers.xml:1063(para)
1198
1216
msgid ""
1199
1217
"That's it! Now you have your Server ready for your <application>Ruby on "
1200
1218
"Rails</application> applications."
1201
1219
msgstr ""
1202
1220
1203
#: serverguide/C/web-servers.xml:1061(para)
1221
#: serverguide/C/web-servers.xml:1072(para)
1204
1222
msgid ""
1205
1223
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1206
1224
"for more information."
1207
1225
msgstr ""
1208
1226
1209
#: serverguide/C/web-servers.xml:1066(para)
1227
#: serverguide/C/web-servers.xml:1077(para)
1210
1228
msgid ""
1211
1229
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1212
1230
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1213
1231
"resource."
1214
1232
msgstr ""
1215
1233
1216
#: serverguide/C/web-servers.xml:1072(para)
1234
#: serverguide/C/web-servers.xml:1083(para)
1217
1235
msgid ""
1218
1236
"Another place for more information is the <ulink "
1219
1237
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1220
1238
"Wiki</ulink> page."
1221
1239
msgstr ""
1222
1240
1223
#: serverguide/C/web-servers.xml:1083(title)
1241
#: serverguide/C/web-servers.xml:1094(title)
1224
1242
msgid "Apache Tomcat"
1225
1243
msgstr ""
1226
1244
1227
#: serverguide/C/web-servers.xml:1084(para)
1245
#: serverguide/C/web-servers.xml:1095(para)
1228
1246
msgid ""
1229
1247
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1230
1248
"JSP (Java Server Pages) web applications."
1231
1249
msgstr ""
1232
1250
1233
#: serverguide/C/web-servers.xml:1086(para)
1251
#: serverguide/C/web-servers.xml:1097(para)
1234
1252
msgid ""
1235
1253
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1236
1254
"legacy version, and Tomcat 7 is the current version where new features are "
1238
1256
"but most configuration details are valid for both versions."
1239
1257
msgstr ""
1240
1258
1241
#: serverguide/C/web-servers.xml:1089(para)
1259
#: serverguide/C/web-servers.xml:1100(para)
1242
1260
msgid ""
1243
1261
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1244
1262
"You can install them as a classic unique system-wide instance, that will be "
1249
1267
"need to test on their own private Tomcat instances."
1250
1268
msgstr ""
1251
1269
1252
#: serverguide/C/web-servers.xml:1099(title)
1270
#: serverguide/C/web-servers.xml:1110(title)
1253
1271
msgid "System-wide installation"
1254
1272
msgstr ""
1255
1273
1256
#: serverguide/C/web-servers.xml:1100(para)
1274
#: serverguide/C/web-servers.xml:1111(para)
1257
1275
msgid ""
1258
1276
"To install the Tomcat server, you can enter the following command in the "
1259
1277
"terminal prompt:"
1260
1278
msgstr ""
1261
1279
1262
#: serverguide/C/web-servers.xml:1103(command)
1280
#: serverguide/C/web-servers.xml:1114(command)
1263
1281
msgid "sudo apt install tomcat7"
1264
1282
msgstr ""
1265
1283
1266
#: serverguide/C/web-servers.xml:1105(para)
1284
#: serverguide/C/web-servers.xml:1116(para)
1267
1285
msgid ""
1268
1286
"This will install a Tomcat server with just a default ROOT webapp that "
1269
1287
"displays a minimal \"It works\" page by default."
1270
1288
msgstr ""
1271
1289
1272
#: serverguide/C/web-servers.xml:1111(para)
1290
#: serverguide/C/web-servers.xml:1122(para)
1273
1291
msgid ""
1274
1292
"Tomcat configuration files can be found in "
1275
1293
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1278
1296
"documentation</ulink> for more."
1279
1297
msgstr ""
1280
1298
1281
#: serverguide/C/web-servers.xml:1117(title)
1299
#: serverguide/C/web-servers.xml:1128(title)
1282
1300
msgid "Changing default ports"
1283
1301
msgstr ""
1284
1302
1285
#: serverguide/C/web-servers.xml:1118(para)
1303
#: serverguide/C/web-servers.xml:1129(para)
1286
1304
msgid ""
1287
1305
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1288
1306
"port 8009. You might want to change those default ports to avoid conflict "
1290
1308
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1291
1309
msgstr ""
1292
1310
1293
#: serverguide/C/web-servers.xml:1123(programlisting)
1311
#: serverguide/C/web-servers.xml:1134(programlisting)
1294
1312
#, no-wrap
1295
1313
msgid ""
1296
1314
"\n"
1302
1320
"/>\n"
1303
1321
msgstr ""
1304
1322
1305
#: serverguide/C/web-servers.xml:1132(title)
1323
#: serverguide/C/web-servers.xml:1143(title)
1306
1324
msgid "Changing JVM used"
1307
1325
msgstr ""
1308
1326
1309
#: serverguide/C/web-servers.xml:1133(para)
1327
#: serverguide/C/web-servers.xml:1144(para)
1310
1328
msgid ""
1311
1329
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1312
1330
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1313
1331
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1314
1332
msgstr ""
1315
1333
1316
#: serverguide/C/web-servers.xml:1137(programlisting)
1334
#: serverguide/C/web-servers.xml:1148(programlisting)
1317
1335
#, no-wrap
1318
1336
msgid ""
1319
1337
"\n"
1320
1338
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1321
1339
msgstr ""
1322
1340
1323
#: serverguide/C/web-servers.xml:1142(title)
1341
#: serverguide/C/web-servers.xml:1153(title)
1324
1342
msgid "Declaring users and roles"
1325
1343
msgstr ""
1326
1344
1327
#: serverguide/C/web-servers.xml:1143(para)
1345
#: serverguide/C/web-servers.xml:1154(para)
1328
1346
msgid ""
1329
1347
"Usernames, passwords and roles (groups) can be defined centrally in a "
1330
1348
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1331
1349
"users.xml</filename> file:"
1332
1350
msgstr ""
1333
1351
1334
#: serverguide/C/web-servers.xml:1146(programlisting)
1352
#: serverguide/C/web-servers.xml:1157(programlisting)
1335
1353
#, no-wrap
1336
1354
msgid ""
1337
1355
"\n"
1339
1357
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1340
1358
msgstr ""
1341
1359
1342
#: serverguide/C/web-servers.xml:1154(title)
1360
#: serverguide/C/web-servers.xml:1165(title)
1343
1361
msgid "Using Tomcat standard webapps"
1344
1362
msgstr ""
1345
1363
1346
#: serverguide/C/web-servers.xml:1155(para)
1364
#: serverguide/C/web-servers.xml:1166(para)
1347
1365
msgid ""
1348
1366
"Tomcat is shipped with webapps that you can install for documentation, "
1349
1367
"administration or demo purposes."
1350
1368
msgstr ""
1351
1369
1352
#: serverguide/C/web-servers.xml:1158(title)
1370
#: serverguide/C/web-servers.xml:1169(title)
1353
1371
msgid "Tomcat documentation"
1354
1372
msgstr ""
1355
1373
1356
#: serverguide/C/web-servers.xml:1159(para)
1374
#: serverguide/C/web-servers.xml:1170(para)
1357
1375
msgid ""
1358
1376
"The <application>tomcat7-docs</application> package contains Tomcat "
1359
1377
"documentation, packaged as a webapp that you can access by default at "
1361
1379
"command in the terminal prompt:"
1362
1380
msgstr ""
1363
1381
1364
#: serverguide/C/web-servers.xml:1164(command)
1382
#: serverguide/C/web-servers.xml:1175(command)
1365
1383
msgid "sudo apt install tomcat7-docs"
1366
1384
msgstr ""
1367
1385
1368
#: serverguide/C/web-servers.xml:1168(title)
1386
#: serverguide/C/web-servers.xml:1179(title)
1369
1387
msgid "Tomcat administration webapps"
1370
1388
msgstr ""
1371
1389
1372
#: serverguide/C/web-servers.xml:1169(para)
1390
#: serverguide/C/web-servers.xml:1180(para)
1373
1391
msgid ""
1374
1392
"The <application>tomcat7-admin</application> package contains two webapps "
1375
1393
"that can be used to administer the Tomcat server using a web interface. You "
1376
1394
"can install them by entering the following command in the terminal prompt:"
1377
1395
msgstr ""
1378
1396
1379
#: serverguide/C/web-servers.xml:1174(command)
1397
#: serverguide/C/web-servers.xml:1185(command)
1380
1398
msgid "sudo apt install tomcat7-admin"
1381
1399
msgstr ""
1382
1400
1383
#: serverguide/C/web-servers.xml:1176(para)
1401
#: serverguide/C/web-servers.xml:1187(para)
1384
1402
msgid ""
1385
1403
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1386
1404
"access by default at http://yourserver:8080/manager/html. It is primarily "
1387
1405
"used to get server status and restart webapps."
1388
1406
msgstr ""
1389
1407
1390
#: serverguide/C/web-servers.xml:1179(para)
1408
#: serverguide/C/web-servers.xml:1190(para)
1391
1409
msgid ""
1392
1410
"Access to the <emphasis>manager</emphasis> application is protected by "
1393
1411
"default: you need to define a user with the role \"manager-gui\" in "
1394
1412
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1395
1413
msgstr ""
1396
1414
1397
#: serverguide/C/web-servers.xml:1183(para)
1415
#: serverguide/C/web-servers.xml:1194(para)
1398
1416
msgid ""
1399
1417
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1400
1418
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1401
1419
"used to create virtual hosts dynamically."
1402
1420
msgstr ""
1403
1421
1404
#: serverguide/C/web-servers.xml:1187(para)
1422
#: serverguide/C/web-servers.xml:1198(para)
1405
1423
msgid ""
1406
1424
"Access to the <emphasis>host-manager</emphasis> application is also "
1407
1425
"protected by default: you need to define a user with the role \"admin-gui\" "
1409
1427
"it."
1410
1428
msgstr ""
1411
1429
1412
#: serverguide/C/web-servers.xml:1192(para)
1430
#: serverguide/C/web-servers.xml:1203(para)
1413
1431
msgid ""
1414
1432
"For security reasons, the tomcat7 user cannot write to the "
1415
1433
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1418
1436
"the following, to give users in the tomcat7 group the necessary rights:"
1419
1437
msgstr ""
1420
1438
1421
#: serverguide/C/web-servers.xml:1199(command)
1439
#: serverguide/C/web-servers.xml:1210(command)
1422
1440
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1423
1441
msgstr ""
1424
1442
1425
#: serverguide/C/web-servers.xml:1200(command)
1443
#: serverguide/C/web-servers.xml:1211(command)
1426
1444
msgid "sudo chmod -R g+w /etc/tomcat7"
1427
1445
msgstr ""
1428
1446
1429
#: serverguide/C/web-servers.xml:1205(title)
1447
#: serverguide/C/web-servers.xml:1216(title)
1430
1448
msgid "Tomcat examples webapps"
1431
1449
msgstr ""
1432
1450
1433
#: serverguide/C/web-servers.xml:1206(para)
1451
#: serverguide/C/web-servers.xml:1217(para)
1434
1452
msgid ""
1435
1453
"The <application>tomcat7-examples</application> package contains two webapps "
1436
1454
"that can be used to test or demonstrate Servlets and JSP features, which you "
1438
1456
"install them by entering the following command in the terminal prompt:"
1439
1457
msgstr ""
1440
1458
1441
#: serverguide/C/web-servers.xml:1212(command)
1459
#: serverguide/C/web-servers.xml:1223(command)
1442
1460
msgid "sudo apt install tomcat7-examples"
1443
1461
msgstr ""
1444
1462
1445
#: serverguide/C/web-servers.xml:1218(title)
1463
#: serverguide/C/web-servers.xml:1229(title)
1446
1464
msgid "Using private instances"
1447
1465
msgstr ""
1448
1466
1449
#: serverguide/C/web-servers.xml:1219(para)
1467
#: serverguide/C/web-servers.xml:1230(para)
1450
1468
msgid ""
1451
1469
"Tomcat is heavily used in development and testing scenarios where using a "
1452
1470
"single system-wide instance doesn't meet the requirements of multiple users "
1456
1474
"system-installed libraries."
1457
1475
msgstr ""
1458
1476
1459
#: serverguide/C/web-servers.xml:1226(para)
1477
#: serverguide/C/web-servers.xml:1237(para)
1460
1478
msgid ""
1461
1479
"It is possible to run the system-wide instance and the private instances in "
1462
1480
"parallel, as long as they do not use the same TCP ports."
1463
1481
msgstr ""
1464
1482
1465
#: serverguide/C/web-servers.xml:1230(title)
1483
#: serverguide/C/web-servers.xml:1241(title)
1466
1484
msgid "Installing private instance support"
1467
1485
msgstr ""
1468
1486
1469
#: serverguide/C/web-servers.xml:1231(para)
1487
#: serverguide/C/web-servers.xml:1242(para)
1470
1488
msgid ""
1471
1489
"You can install everything necessary to run private instances by entering "
1472
1490
"the following command in the terminal prompt:"
1473
1491
msgstr ""
1474
1492
1475
#: serverguide/C/web-servers.xml:1234(command)
1493
#: serverguide/C/web-servers.xml:1245(command)
1476
1494
msgid "sudo apt install tomcat7-user"
1477
1495
msgstr ""
1478
1496
1479
#: serverguide/C/web-servers.xml:1238(title)
1497
#: serverguide/C/web-servers.xml:1249(title)
1480
1498
msgid "Creating a private instance"
1481
1499
msgstr ""
1482
1500
1483
#: serverguide/C/web-servers.xml:1239(para)
1501
#: serverguide/C/web-servers.xml:1250(para)
1484
1502
msgid ""
1485
1503
"You can create a private instance directory by entering the following "
1486
1504
"command in the terminal prompt:"
1487
1505
msgstr ""
1488
1506
1489
#: serverguide/C/web-servers.xml:1242(command)
1507
#: serverguide/C/web-servers.xml:1253(command)
1490
1508
msgid "tomcat7-instance-create my-instance"
1491
1509
msgstr ""
1492
1510
1493
#: serverguide/C/web-servers.xml:1244(para)
1511
#: serverguide/C/web-servers.xml:1255(para)
1494
1512
msgid ""
1495
1513
"This will create a new <filename>my-instance</filename> directory with all "
1496
1514
"the necessary subdirectories and scripts. You can for example install your "
1499
1517
"are deployed by default."
1500
1518
msgstr ""
1501
1519
1502
#: serverguide/C/web-servers.xml:1252(title)
1520
#: serverguide/C/web-servers.xml:1263(title)
1503
1521
msgid "Configuring your private instance"
1504
1522
msgstr ""
1505
1523
1506
#: serverguide/C/web-servers.xml:1253(para)
1524
#: serverguide/C/web-servers.xml:1264(para)
1507
1525
msgid ""
1508
1526
"You will find the classic Tomcat configuration files for your private "
1509
1527
"instance in the <filename>conf/</filename> subdirectory. You should for "
1512
1530
"conflict with other instances that might be running."
1513
1531
msgstr ""
1514
1532
1515
#: serverguide/C/web-servers.xml:1261(title)
1533
#: serverguide/C/web-servers.xml:1272(title)
1516
1534
msgid "Starting/stopping your private instance"
1517
1535
msgstr ""
1518
1536
1519
#: serverguide/C/web-servers.xml:1262(para)
1537
#: serverguide/C/web-servers.xml:1273(para)
1520
1538
msgid ""
1521
1539
"You can start your private instance by entering the following command in the "
1522
1540
"terminal prompt (supposing your instance is located in the <filename>my-"
1523
1541
"instance</filename> directory):"
1524
1542
msgstr ""
1525
1543
1526
#: serverguide/C/web-servers.xml:1266(command)
1544
#: serverguide/C/web-servers.xml:1277(command)
1527
1545
msgid "my-instance/bin/startup.sh"
1528
1546
msgstr ""
1529
1547
1530
#: serverguide/C/web-servers.xml:1268(para)
1548
#: serverguide/C/web-servers.xml:1279(para)
1531
1549
msgid ""
1532
1550
"You should check the <filename>logs/</filename> subdirectory for any error. "
1533
1551
"If you have a <emphasis>java.net.BindException: Address already in "
1535
1553
"is already taken and that you should change it."
1536
1554
msgstr ""
1537
1555
1538
#: serverguide/C/web-servers.xml:1273(para)
1556
#: serverguide/C/web-servers.xml:1284(para)
1539
1557
msgid ""
1540
1558
"You can stop your instance by entering the following command in the terminal "
1541
1559
"prompt (supposing your instance is located in the <filename>my-"
1542
1560
"instance</filename> directory):"
1543
1561
msgstr ""
1544
1562
1545
#: serverguide/C/web-servers.xml:1277(command)
1563
#: serverguide/C/web-servers.xml:1288(command)
1546
1564
msgid "my-instance/bin/shutdown.sh"
1547
1565
msgstr ""
1548
1566
1549
#: serverguide/C/web-servers.xml:1286(para)
1567
#: serverguide/C/web-servers.xml:1297(para)
1550
1568
msgid ""
1551
1569
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1552
1570
"website for more information."
1553
1571
msgstr ""
1554
1572
1555
#: serverguide/C/web-servers.xml:1291(para)
1573
#: serverguide/C/web-servers.xml:1302(para)
1556
1574
msgid ""
1557
1575
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1558
1576
"Definitive Guide</ulink> is a good resource for building web applications "
1559
1577
"with Tomcat."
1560
1578
msgstr ""
1561
1579
1562
#: serverguide/C/web-servers.xml:1297(para)
1580
#: serverguide/C/web-servers.xml:1308(para)
1563
1581
msgid ""
1564
1582
"For additional books see the <ulink "
1565
1583
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
2956
2974
2957
2975
#: serverguide/C/virtualization.xml:95(para)
2958
2976
msgid ""
2977
"In more recent releases (>= Yakkety) the group was renamed to "
2978
"<emphasis>libvirt</emphasis>. Upgraded systems get a new "
2979
"<emphasis>libvirt</emphasis> group with the same gid as the "
2980
"<emphasis>libvirtd</emphasis> group to match that."
2981
msgstr ""
2982
2983
#: serverguide/C/virtualization.xml:98(para)
2984
msgid ""
2959
2985
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2960
2986
"Installing a virtual machine follows the same process as installing the "
2961
2987
"operating system directly on the hardware. You either need a way to automate "
2963
2989
"physical machine."
2964
2990
msgstr ""
2965
2991
2966
#: serverguide/C/virtualization.xml:101(para)
2992
#: serverguide/C/virtualization.xml:104(para)
2967
2993
msgid ""
2968
2994
"In the case of virtual machines a Graphical User Interface (GUI) is "
2969
2995
"analogous to using a physical keyboard and mouse. Instead of installing a "
2972
2998
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
2973
2999
msgstr ""
2974
3000
2975
#: serverguide/C/virtualization.xml:108(para)
3001
#: serverguide/C/virtualization.xml:111(para)
2976
3002
msgid ""
2977
3003
"There are several ways to automate the Ubuntu installation process, for "
2978
3004
"example using preseeds, kickstart, etc. Refer to the <ulink "
2980
3006
"Installation Guide</ulink> for details."
2981
3007
msgstr ""
2982
3008
2983
#: serverguide/C/virtualization.xml:113(para)
3009
#: serverguide/C/virtualization.xml:116(para)
2984
3010
msgid ""
2985
3011
"Yet another way to install an Ubuntu virtual machine is to use "
2986
3012
"<application>uvtool</application>. This application, available as of 14.04, "
2988
3014
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2989
3015
msgstr ""
2990
3016
2991
#: serverguide/C/virtualization.xml:119(para)
3017
#: serverguide/C/virtualization.xml:122(para)
2992
3018
msgid ""
2993
3019
"Libvirt can also be configured work with <application>Xen</application>. For "
2994
3020
"details, see the Xen Ubuntu community page referenced below."
2995
3021
msgstr ""
2996
3022
2997
#: serverguide/C/virtualization.xml:125(title)
3023
#: serverguide/C/virtualization.xml:128(title)
2998
3024
msgid "virt-install"
2999
3025
msgstr ""
3000
3026
3001
#: serverguide/C/virtualization.xml:127(para)
3027
#: serverguide/C/virtualization.xml:130(para)
3002
3028
msgid ""
3003
3029
"<application>virt-install</application> is part of the "
3004
3030
"<application>virtinst</application> package. To install it, from a terminal "
3005
3031
"prompt enter:"
3006
3032
msgstr ""
3007
3033
3008
#: serverguide/C/virtualization.xml:132(command)
3034
#: serverguide/C/virtualization.xml:135(command)
3009
3035
msgid "sudo apt install virtinst"
3010
3036
msgstr ""
3011
3037
3012
#: serverguide/C/virtualization.xml:135(para)
3038
#: serverguide/C/virtualization.xml:138(para)
3013
3039
msgid ""
3014
3040
"There are several options available when using <application>virt-"
3015
3041
"install</application>. For example:"
3016
3042
msgstr ""
3017
3043
3018
#: serverguide/C/virtualization.xml:139(command)
3044
#: serverguide/C/virtualization.xml:142(command)
3019
3045
msgid ""
3020
3046
"sudo virt-install -n web_devel -r 256 \\ --disk "
3021
3047
"path=/var/lib/libvirt/images/web_devel.img,bus=virtio,size=4 -c \\ ubuntu-"
3023
3049
"vnc,listen=0.0.0.0 --noautoconsole -v"
3024
3050
msgstr ""
3025
3051
3026
#: serverguide/C/virtualization.xml:147(para)
3052
#: serverguide/C/virtualization.xml:150(para)
3027
3053
msgid ""
3028
3054
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3029
3055
"be <emphasis>web_devel</emphasis> in this example."
3030
3056
msgstr ""
3031
3057
3032
#: serverguide/C/virtualization.xml:153(para)
3058
#: serverguide/C/virtualization.xml:156(para)
3033
3059
msgid ""
3034
3060
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3035
3061
"machine will use in megabytes."
3036
3062
msgstr ""
3037
3063
3038
#: serverguide/C/virtualization.xml:158(para)
3064
#: serverguide/C/virtualization.xml:161(para)
3039
3065
msgid ""
3040
3066
"<emphasis>--disk "
3041
3067
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
3045
3071
"<emphasis>virtio</emphasis> for the disk bus."
3046
3072
msgstr ""
3047
3073
3048
#: serverguide/C/virtualization.xml:168(para)
3074
#: serverguide/C/virtualization.xml:171(para)
3049
3075
msgid ""
3050
3076
"<emphasis>-c ubuntu-16.04-server-i386.iso:</emphasis> file to be used as a "
3051
3077
"virtual CDROM. The file can be either an ISO file or the path to the host's "
3052
3078
"CDROM device."
3053
3079
msgstr ""
3054
3080
3055
#: serverguide/C/virtualization.xml:174(para)
3081
#: serverguide/C/virtualization.xml:177(para)
3056
3082
msgid ""
3057
3083
"<emphasis>--network</emphasis> provides details related to the VM's network "
3058
3084
"interface. Here the <emphasis>default</emphasis> network is used, and the "
3059
3085
"interface model is configured for <emphasis>virtio</emphasis>."
3060
3086
msgstr ""
3061
3087
3062
#: serverguide/C/virtualization.xml:181(para)
3088
#: serverguide/C/virtualization.xml:184(para)
3063
3089
msgid ""
3064
3090
"<emphasis>--graphics vnc,listen=0.0.0.0:</emphasis> exports the guest's "
3065
3091
"virtual console using VNC and on all host interfaces. Typically servers have "
3067
3093
"connect via VNC to complete the installation."
3068
3094
msgstr ""
3069
3095
3070
#: serverguide/C/virtualization.xml:189(para)
3096
#: serverguide/C/virtualization.xml:192(para)
3071
3097
msgid ""
3072
3098
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3073
3099
"virtual machine's console."
3074
3100
msgstr ""
3075
3101
3076
#: serverguide/C/virtualization.xml:194(para)
3102
#: serverguide/C/virtualization.xml:197(para)
3077
3103
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3078
3104
msgstr ""
3079
3105
3080
#: serverguide/C/virtualization.xml:199(para)
3106
#: serverguide/C/virtualization.xml:202(para)
3081
3107
msgid ""
3082
3108
"After launching <application>virt-install</application> you can connect to "
3083
3109
"the virtual machine's console either locally using a GUI (if your server has "
3084
3110
"a GUI), or via a remote VNC client from a GUI-based computer."
3085
3111
msgstr ""
3086
3112
3087
#: serverguide/C/virtualization.xml:206(title)
3113
#: serverguide/C/virtualization.xml:209(title)
3088
3114
msgid "virt-clone"
3089
3115
msgstr ""
3090
3116
3091
#: serverguide/C/virtualization.xml:208(para)
3117
#: serverguide/C/virtualization.xml:211(para)
3092
3118
msgid ""
3093
3119
"The <application>virt-clone</application> application can be used to copy "
3094
3120
"one virtual machine to another. For example:"
3095
3121
msgstr ""
3096
3122
3097
#: serverguide/C/virtualization.xml:212(command)
3123
#: serverguide/C/virtualization.xml:215(command)
3098
3124
msgid ""
3099
"sudo virt-clone -o web_devel -n database_devel -f "
3100
"/path/to/database_devel.img \\ --connect=qemu:///system"
3125
"sudo virt-clone -o web_devel -n database_devel -f /path/to/database_devel.img"
3101
3126
msgstr ""
3102
3127
3103
#: serverguide/C/virtualization.xml:218(para)
3128
#: serverguide/C/virtualization.xml:220(para)
3104
3129
msgid "<emphasis>-o:</emphasis> original virtual machine."
3105
3130
msgstr ""
3106
3131
3107
#: serverguide/C/virtualization.xml:222(para)
3132
#: serverguide/C/virtualization.xml:224(para)
3108
3133
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3109
3134
msgstr ""
3110
3135
3111
#: serverguide/C/virtualization.xml:227(para)
3136
#: serverguide/C/virtualization.xml:229(para)
3112
3137
msgid ""
3113
3138
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3114
3139
"be used by the new virtual machine."
3115
3140
msgstr ""
3116
3141
3117
#: serverguide/C/virtualization.xml:232(para)
3118
msgid ""
3119
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3120
msgstr ""
3121
3122
#: serverguide/C/virtualization.xml:237(para)
3142
#: serverguide/C/virtualization.xml:234(para)
3123
3143
msgid ""
3124
3144
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3125
3145
"help troubleshoot problems with <application>virt-clone</application>."
3126
3146
msgstr ""
3127
3147
3128
#: serverguide/C/virtualization.xml:242(para)
3148
#: serverguide/C/virtualization.xml:239(para)
3129
3149
msgid ""
3130
3150
"Replace <emphasis>web_devel</emphasis> and "
3131
3151
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3132
3152
msgstr ""
3133
3153
3154
#: serverguide/C/virtualization.xml:246(title)
3155
msgid "Virtual Machine Management"
3156
msgstr ""
3157
3134
3158
#: serverguide/C/virtualization.xml:249(title)
3135
msgid "Virtual Machine Management"
3136
msgstr ""
3137
3138
#: serverguide/C/virtualization.xml:252(title)
3139
3159
msgid "virsh"
3140
3160
msgstr ""
3141
3161
3142
#: serverguide/C/virtualization.xml:254(para)
3162
#: serverguide/C/virtualization.xml:251(para)
3143
3163
msgid ""
3144
3164
"There are several utilities available to manage virtual machines and "
3145
3165
"<application>libvirt</application>. The <application>virsh</application> "
3146
3166
"utility can be used from the command line. Some examples:"
3147
3167
msgstr ""
3148
3168
3149
#: serverguide/C/virtualization.xml:261(para)
3169
#: serverguide/C/virtualization.xml:258(para)
3150
3170
msgid "To list running virtual machines:"
3151
3171
msgstr ""
3152
3172
3153
#: serverguide/C/virtualization.xml:264(command)
3154
msgid "virsh -c qemu:///system list"
3173
#: serverguide/C/virtualization.xml:261(command)
3174
msgid "virsh list"
3155
3175
msgstr ""
3156
3176
3157
#: serverguide/C/virtualization.xml:269(para)
3177
#: serverguide/C/virtualization.xml:266(para)
3158
3178
msgid "To start a virtual machine:"
3159
3179
msgstr ""
3160
3180
3161
#: serverguide/C/virtualization.xml:272(command)
3162
msgid "virsh -c qemu:///system start web_devel"
3181
#: serverguide/C/virtualization.xml:269(command)
3182
msgid "virsh start web_devel"
3163
3183
msgstr ""
3164
3184
3165
#: serverguide/C/virtualization.xml:277(para)
3185
#: serverguide/C/virtualization.xml:274(para)
3166
3186
msgid "Similarly, to start a virtual machine at boot:"
3167
3187
msgstr ""
3168
3188
3169
#: serverguide/C/virtualization.xml:280(command)
3170
msgid "virsh -c qemu:///system autostart web_devel"
3189
#: serverguide/C/virtualization.xml:277(command)
3190
msgid "virsh autostart web_devel"
3171
3191
msgstr ""
3172
3192
3173
#: serverguide/C/virtualization.xml:285(para)
3193
#: serverguide/C/virtualization.xml:282(para)
3174
3194
msgid "Reboot a virtual machine with:"
3175
3195
msgstr ""
3176
3196
3177
#: serverguide/C/virtualization.xml:288(command)
3178
msgid "virsh -c qemu:///system reboot web_devel"
3197
#: serverguide/C/virtualization.xml:285(command)
3198
msgid "virsh reboot web_devel"
3179
3199
msgstr ""
3180
3200
3181
#: serverguide/C/virtualization.xml:293(para)
3201
#: serverguide/C/virtualization.xml:290(para)
3182
3202
msgid ""
3183
3203
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3184
3204
"order to be restored later. The following will save the virtual machine "
3185
3205
"state into a file named according to the date:"
3186
3206
msgstr ""
3187
3207
3188
#: serverguide/C/virtualization.xml:299(command)
3189
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3208
#: serverguide/C/virtualization.xml:296(command)
3209
msgid "virsh save web_devel web_devel-022708.state"
3190
3210
msgstr ""
3191
3211
3192
#: serverguide/C/virtualization.xml:302(para)
3212
#: serverguide/C/virtualization.xml:299(para)
3193
3213
msgid "Once saved the virtual machine will no longer be running."
3194
3214
msgstr ""
3195
3215
3196
#: serverguide/C/virtualization.xml:307(para)
3216
#: serverguide/C/virtualization.xml:304(para)
3197
3217
msgid "A saved virtual machine can be restored using:"
3198
3218
msgstr ""
3199
3219
3200
#: serverguide/C/virtualization.xml:310(command)
3201
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3220
#: serverguide/C/virtualization.xml:307(command)
3221
msgid "virsh restore web_devel-022708.state"
3202
3222
msgstr ""
3203
3223
3204
#: serverguide/C/virtualization.xml:315(para)
3224
#: serverguide/C/virtualization.xml:312(para)
3205
3225
msgid "To shutdown a virtual machine do:"
3206
3226
msgstr ""
3207
3227
3208
#: serverguide/C/virtualization.xml:318(command)
3209
msgid "virsh -c qemu:///system shutdown web_devel"
3228
#: serverguide/C/virtualization.xml:315(command)
3229
msgid "virsh shutdown web_devel"
3210
3230
msgstr ""
3211
3231
3212
#: serverguide/C/virtualization.xml:323(para)
3232
#: serverguide/C/virtualization.xml:320(para)
3213
3233
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3214
3234
msgstr ""
3215
3235
3216
#: serverguide/C/virtualization.xml:327(command)
3217
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3236
#: serverguide/C/virtualization.xml:324(command)
3237
msgid "virsh attach-disk web_devel /dev/cdrom /media/cdrom"
3218
3238
msgstr ""
3219
3239
3220
#: serverguide/C/virtualization.xml:333(para)
3240
#: serverguide/C/virtualization.xml:330(para)
3221
3241
msgid ""
3222
3242
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3223
3243
"appropriate virtual machine name, and <filename>web_devel-"
3224
3244
"022708.state</filename> with a descriptive file name."
3225
3245
msgstr ""
3226
3246
3247
#: serverguide/C/virtualization.xml:334(para)
3248
msgid ""
3249
"If virsh (or other vir* tools) shall connect to something else than the "
3250
"default qemu-kvm/system hipervisor one can find alternatives for the "
3251
"<emphasis>connect</emphasis> option in <emphasis>man virsh</emphasis> or "
3252
"<ulink url=\"http://libvirt.org/uri.html\">libvirt doc</ulink>"
3253
msgstr ""
3254
3227
3255
#: serverguide/C/virtualization.xml:341(title)
3256
msgid "migration"
3257
msgstr ""
3258
3259
#: serverguide/C/virtualization.xml:342(para)
3260
msgid ""
3261
"There are different types of migration available depending on the versions "
3262
"of libvirt and the hipervisor being used. In general those types are:"
3263
msgstr ""
3264
3265
#: serverguide/C/virtualization.xml:345(ulink)
3266
msgid "offline migration"
3267
msgstr ""
3268
3269
#: serverguide/C/virtualization.xml:346(ulink)
3270
msgid "live migration"
3271
msgstr ""
3272
3273
#: serverguide/C/virtualization.xml:347(ulink)
3274
msgid "postcopy migration"
3275
msgstr ""
3276
3277
#: serverguide/C/virtualization.xml:349(para)
3278
msgid ""
3279
"There are various options to those methods, but the entry point for all of "
3280
"them is <emphasis>virsh migrate</emphasis>. Read the integrated help for "
3281
"more detail."
3282
msgstr ""
3283
3284
#: serverguide/C/virtualization.xml:350(command)
3285
msgid "virsh migrate --help"
3286
msgstr ""
3287
3288
#: serverguide/C/virtualization.xml:351(para)
3289
msgid ""
3290
"Some useful documentation on constraints and considerations about live "
3291
"migration can be found at the <ulink "
3292
"url=\"https://wiki.ubuntu.com/QemuKVMMigration\">Ubuntu Wiki</ulink>"
3293
msgstr ""
3294
3295
#: serverguide/C/virtualization.xml:355(title)
3228
3296
msgid "Virtual Machine Manager"
3229
3297
msgstr ""
3230
3298
3231
#: serverguide/C/virtualization.xml:343(para)
3299
#: serverguide/C/virtualization.xml:357(para)
3232
3300
msgid ""
3233
3301
"The <application>virt-manager</application> package contains a graphical "
3234
3302
"utility to manage local and remote virtual machines. To install virt-manager "
3235
3303
"enter:"
3236
3304
msgstr ""
3237
3305
3238
#: serverguide/C/virtualization.xml:348(command)
3306
#: serverguide/C/virtualization.xml:362(command)
3239
3307
msgid "sudo apt install virt-manager"
3240
3308
msgstr ""
3241
3309
3242
#: serverguide/C/virtualization.xml:351(para)
3310
#: serverguide/C/virtualization.xml:365(para)
3243
3311
msgid ""
3244
3312
"Since <application>virt-manager</application> requires a Graphical User "
3245
3313
"Interface (GUI) environment it is recommended to be installed on a "
3247
3315
"the local <application>libvirt</application> service enter:"
3248
3316
msgstr ""
3249
3317
3250
#: serverguide/C/virtualization.xml:358(command)
3318
#: serverguide/C/virtualization.xml:372(command)
3251
3319
msgid "virt-manager -c qemu:///system"
3252
3320
msgstr ""
3253
3321
3254
#: serverguide/C/virtualization.xml:361(para)
3322
#: serverguide/C/virtualization.xml:375(para)
3255
3323
msgid ""
3256
3324
"You can connect to the <application>libvirt</application> service running on "
3257
3325
"another host by entering the following in a terminal prompt:"
3258
3326
msgstr ""
3259
3327
3260
#: serverguide/C/virtualization.xml:366(command)
3328
#: serverguide/C/virtualization.xml:380(command)
3261
3329
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3262
3330
msgstr ""
3263
3331
3264
#: serverguide/C/virtualization.xml:370(para)
3332
#: serverguide/C/virtualization.xml:384(para)
3265
3333
msgid ""
3266
3334
"The above example assumes that <application>SSH</application> connectivity "
3267
3335
"between the management system and virtnode1.mydomain.com has already been "
3272
3340
"linkend=\"openssh-server\"/>"
3273
3341
msgstr ""
3274
3342
3275
#: serverguide/C/virtualization.xml:383(title)
3343
#: serverguide/C/virtualization.xml:397(title)
3276
3344
msgid "Virtual Machine Viewer"
3277
3345
msgstr ""
3278
3346
3279
#: serverguide/C/virtualization.xml:385(para)
3347
#: serverguide/C/virtualization.xml:399(para)
3280
3348
msgid ""
3281
3349
"The <application>virt-viewer</application> application allows you to connect "
3282
3350
"to a virtual machine's console. <application>virt-viewer</application> does "
3284
3352
"machine."
3285
3353
msgstr ""
3286
3354
3287
#: serverguide/C/virtualization.xml:390(para)
3355
#: serverguide/C/virtualization.xml:404(para)
3288
3356
msgid ""
3289
3357
"To install <application>virt-viewer</application> from a terminal enter:"
3290
3358
msgstr ""
3291
3359
3292
#: serverguide/C/virtualization.xml:394(command)
3360
#: serverguide/C/virtualization.xml:408(command)
3293
3361
msgid "sudo apt install virt-viewer"
3294
3362
msgstr ""
3295
3363
3296
#: serverguide/C/virtualization.xml:397(para)
3364
#: serverguide/C/virtualization.xml:411(para)
3297
3365
msgid ""
3298
3366
"Once a virtual machine is installed and running you can connect to the "
3299
3367
"virtual machine's console by using:"
3300
3368
msgstr ""
3301
3369
3302
#: serverguide/C/virtualization.xml:401(command)
3303
msgid "virt-viewer -c qemu:///system web_devel"
3370
#: serverguide/C/virtualization.xml:415(command)
3371
msgid "virt-viewer web_devel"
3304
3372
msgstr ""
3305
3373
3306
#: serverguide/C/virtualization.xml:404(para)
3374
#: serverguide/C/virtualization.xml:418(para)
3307
3375
msgid ""
3308
3376
"Similar to <application>virt-manager</application>, <application>virt-"
3309
3377
"viewer</application> can connect to a remote host using "
3310
3378
"<emphasis>SSH</emphasis> with key authentication, as well:"
3311
3379
msgstr ""
3312
3380
3313
#: serverguide/C/virtualization.xml:409(command)
3381
#: serverguide/C/virtualization.xml:423(command)
3314
3382
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3315
3383
msgstr ""
3316
3384
3317
#: serverguide/C/virtualization.xml:412(para)
3385
#: serverguide/C/virtualization.xml:426(para)
3318
3386
msgid ""
3319
3387
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3320
3388
"appropriate virtual machine name."
3321
3389
msgstr ""
3322
3390
3323
#: serverguide/C/virtualization.xml:415(para)
3391
#: serverguide/C/virtualization.xml:429(para)
3324
3392
msgid ""
3325
3393
"If configured to use a <emphasis>bridged</emphasis> network interface you "
3326
3394
"can also setup <application>SSH</application> access to the virtual machine."
3327
3395
msgstr ""
3328
3396
3329
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:674(title) serverguide/C/virtualization.xml:745(title) serverguide/C/virtualization.xml:2680(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1691(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2673(title) serverguide/C/network-auth.xml:3389(title) serverguide/C/network-auth.xml:3942(title) serverguide/C/network-auth.xml:4177(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3397
#: serverguide/C/virtualization.xml:435(title) serverguide/C/virtualization.xml:742(title) serverguide/C/virtualization.xml:813(title) serverguide/C/virtualization.xml:2748(title) serverguide/C/samba.xml:247(title) serverguide/C/samba.xml:345(title) serverguide/C/samba.xml:700(title) serverguide/C/samba.xml:1094(title) serverguide/C/samba.xml:1292(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-config.xml:1945(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2666(title) serverguide/C/network-auth.xml:3382(title) serverguide/C/network-auth.xml:3935(title) serverguide/C/network-auth.xml:4170(title) serverguide/C/installation.xml:880(title) serverguide/C/installation.xml:1166(title) serverguide/C/installation.xml:1677(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3330
3398
msgid "Resources"
3331
3399
msgstr "Sumber-sumber"
3332
3400
3333
#: serverguide/C/virtualization.xml:425(para)
3401
#: serverguide/C/virtualization.xml:439(para)
3334
3402
msgid ""
3335
3403
"See the <ulink url=\"http://www.linux-kvm.org/\">KVM</ulink> home page for "
3336
3404
"more details."
3337
3405
msgstr ""
3338
3406
3339
#: serverguide/C/virtualization.xml:430(para)
3407
#: serverguide/C/virtualization.xml:444(para)
3340
3408
msgid ""
3341
3409
"For more information on <application>libvirt</application> see the <ulink "
3342
3410
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3343
3411
msgstr ""
3344
3412
3345
#: serverguide/C/virtualization.xml:436(para)
3413
#: serverguide/C/virtualization.xml:450(para)
3346
3414
msgid ""
3347
3415
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3348
3416
"site has more information on <application>virt-manager</application> "
3349
3417
"development."
3350
3418
msgstr ""
3351
3419
3352
#: serverguide/C/virtualization.xml:442(para)
3420
#: serverguide/C/virtualization.xml:456(para)
3353
3421
msgid ""
3354
3422
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3355
3423
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3356
3424
"technology in Ubuntu."
3357
3425
msgstr ""
3358
3426
3359
#: serverguide/C/virtualization.xml:448(para)
3427
#: serverguide/C/virtualization.xml:462(para)
3360
3428
msgid ""
3361
3429
"Another good resource is the <ulink "
3362
3430
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3363
3431
msgstr ""
3364
3432
3365
#: serverguide/C/virtualization.xml:454(para)
3433
#: serverguide/C/virtualization.xml:468(para)
3366
3434
msgid ""
3367
3435
"For information on Xen, including using Xen with libvirt, please see the "
3368
3436
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3369
3437
"page."
3370
3438
msgstr ""
3371
3439
3372
#: serverguide/C/virtualization.xml:464(title)
3440
#: serverguide/C/virtualization.xml:478(title)
3441
msgid "Qemu"
3442
msgstr ""
3443
3444
#: serverguide/C/virtualization.xml:479(para)
3445
msgid ""
3446
"<ulink url=\"http://wiki.qemu.org/Main_Page\">Qemu</ulink> is a machine "
3447
"emulator that can run operating systems and programs for one machine on a "
3448
"different machine. Mostly it is not used as emulator but as virtualizer in "
3449
"collaboration with KVM or XEN kernel components. In that case it utilizes "
3450
"the virtualization technology of the hardware to virtualize guests."
3451
msgstr ""
3452
3453
#: serverguide/C/virtualization.xml:483(para)
3454
msgid ""
3455
"While qemu has a <ulink url=\"http://wiki.qemu.org/download/qemu-"
3456
"doc.html#sec_005finvocation\">command line interface</ulink> and a <ulink "
3457
"url=\"http://wiki.qemu.org/download/qemu-"
3458
"doc.html#pcsys_005fmonitor\">monitor</ulink> to interact with running guests "
3459
"those is rarely used that way for other means than development purposes. "
3460
"<link linkend=\"libvirt\">Libvirt</link> provides an abstraction from "
3461
"specific versions and hiperviors and encapsulates some workarounds and best "
3462
"practises."
3463
msgstr ""
3464
3465
#: serverguide/C/virtualization.xml:488(title)
3466
msgid "Upgrading the machine type"
3467
msgstr ""
3468
3469
#: serverguide/C/virtualization.xml:489(para)
3470
msgid ""
3471
"This also is documented along some more constraints and considerations at "
3472
"the <ulink "
3473
"url=\"https://wiki.ubuntu.com/QemuKVMMigration#Upgrade_machine_type\">Ubuntu "
3474
"Wiki</ulink>"
3475
msgstr ""
3476
3477
#: serverguide/C/virtualization.xml:490(para)
3478
msgid ""
3479
"You might want to update your machine type of an existing defined guest to:"
3480
msgstr ""
3481
3482
#: serverguide/C/virtualization.xml:492(para)
3483
msgid "to pick up latest security fixes and features"
3484
msgstr ""
3485
3486
#: serverguide/C/virtualization.xml:493(para)
3487
msgid "continue using a guest created on a now unsupported release"
3488
msgstr ""
3489
3490
#: serverguide/C/virtualization.xml:495(para)
3491
msgid ""
3492
"In general it is recommended to update machine types when upgrading qemu/kvm "
3493
"to a new major version. But this can likely never be an automated task as "
3494
"this change is guest visible. The guest devices might change in appearance, "
3495
"new features will be announced to the guest and so on. Linux is usually very "
3496
"good at tolerating such changes, but it depends so much on the setup and "
3497
"workload of the guest that this has to be evaluated by the owner/admin of "
3498
"the system. Other operating systems where known to often have severe impacts "
3499
"by changing the hardware. Consider a machine type change similar to "
3500
"replacing all devices and firmware of a physical machine to the latest "
3501
"revision - all considerations that apply there apply to evaluating a machine "
3502
"type upgrade as well."
3503
msgstr ""
3504
3505
#: serverguide/C/virtualization.xml:496(para)
3506
msgid ""
3507
"As usual with major configuration changes it is wise to back up your guest "
3508
"definition and disk state to be able to do a rollback just in case. There is "
3509
"no integrated single command to update the machine type via virsh or similar "
3510
"tools. It is a normal part of your machine definition. And therefore updated "
3511
"the same way as most others."
3512
msgstr ""
3513
3514
#: serverguide/C/virtualization.xml:498(para)
3515
msgid "First shutdown your machine and wait until it has reached that state."
3516
msgstr ""
3517
3518
#: serverguide/C/virtualization.xml:499(screen)
3519
#, no-wrap
3520
msgid ""
3521
"\n"
3522
"virsh shutdown <yourmachine>\n"
3523
"# wait\n"
3524
"virsh list --inactive\n"
3525
"# should now list your machine as \"shut off\"\n"
3526
" "
3527
msgstr ""
3528
3529
#: serverguide/C/virtualization.xml:505(para)
3530
msgid ""
3531
"Then edit the machine definition and find the type in the type tag at the "
3532
"machine attribute."
3533
msgstr ""
3534
3535
#: serverguide/C/virtualization.xml:506(screen)
3536
#, no-wrap
3537
msgid ""
3538
"\n"
3539
"virsh edit <yourmachine>\n"
3540
"<type arch='x86_64' machine='pc-i440fx-xenial'>hvm</type>\n"
3541
" "
3542
msgstr ""
3543
3544
#: serverguide/C/virtualization.xml:510(para)
3545
msgid ""
3546
"Change this to the value you want. If you need to check what types are "
3547
"available via \"-M ?\" Note that while providing upstream types as "
3548
"convenience only Ubuntu types are supported. There you can also see what the "
3549
"current default would be. In general it is strongly recommended that you "
3550
"change to newer types if possible to exploit newer features, but also to "
3551
"benefit of bugfixes that only apply to the newer device virtualization."
3552
msgstr ""
3553
3554
#: serverguide/C/virtualization.xml:511(screen)
3555
#, no-wrap
3556
msgid ""
3557
"\n"
3558
"kvm -M ?\n"
3559
"# lists machine types, e.g.\n"
3560
"pc-i440fx-xenial Ubuntu 16.04 PC (i440FX + PIIX, 1996) (default)\n"
3561
"...\n"
3562
" "
3563
msgstr ""
3564
3565
#: serverguide/C/virtualization.xml:517(para)
3566
msgid ""
3567
"After this you can start your guest again. You can check the current machine "
3568
"type from guest and host depending on your needs."
3569
msgstr ""
3570
3571
#: serverguide/C/virtualization.xml:518(screen)
3572
#, no-wrap
3573
msgid ""
3574
"\n"
3575
"virsh start <yourmachine>\n"
3576
"# check from host, via dumping the active xml definition\n"
3577
"virsh dumpxml <yourmachine> | xmllint --xpath "
3578
"\"string(//domain/os/type/@machine)\" -\n"
3579
"# or from the guest via dmidecode\n"
3580
"sudo dmidecode | grep Product -A 1\n"
3581
" Product Name: Standard PC (i440FX + PIIX, 1996)\n"
3582
" Version: pc-i440fx-xenial\n"
3583
" "
3584
msgstr ""
3585
3586
#: serverguide/C/virtualization.xml:527(para)
3587
msgid ""
3588
"If you keep non-live definitions around like xml files remember to update "
3589
"those as well."
3590
msgstr ""
3591
3592
#: serverguide/C/virtualization.xml:532(title)
3373
3593
msgid "Cloud images and uvtool"
3374
3594
msgstr ""
3375
3595
3376
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3596
#: serverguide/C/virtualization.xml:535(title) serverguide/C/security.xml:366(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1374(title)
3377
3597
msgid "Introduction"
3378
3598
msgstr "Pengenalan"
3379
3599
3380
#: serverguide/C/virtualization.xml:469(para)
3600
#: serverguide/C/virtualization.xml:537(para)
3381
3601
msgid ""
3382
3602
"With Ubuntu being one of the most used operating systems on many cloud "
3383
3603
"platforms, the availability of stable and secure cloud images has become "
3387
3607
"installation."
3388
3608
msgstr ""
3389
3609
3390
#: serverguide/C/virtualization.xml:477(title)
3610
#: serverguide/C/virtualization.xml:545(title)
3391
3611
msgid "Creating virtual machines using uvtool"
3392
3612
msgstr ""
3393
3613
3394
#: serverguide/C/virtualization.xml:479(para)
3614
#: serverguide/C/virtualization.xml:547(para)
3395
3615
msgid ""
3396
3616
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3397
3617
"of generating virtual machines (VM) using the cloud images. "
3398
"<application>uvtool</application> provides a simple mechanism to to "
3399
"synchronize cloud-images locally and use them to create new VMs in minutes."
3618
"<application>uvtool</application> provides a simple mechanism to synchronize "
3619
"cloud-images locally and use them to create new VMs in minutes."
3400
3620
msgstr ""
3401
3621
3402
#: serverguide/C/virtualization.xml:486(title)
3622
#: serverguide/C/virtualization.xml:554(title)
3403
3623
msgid "Uvtool packages"
3404
3624
msgstr ""
3405
3625
3406
#: serverguide/C/virtualization.xml:488(para)
3626
#: serverguide/C/virtualization.xml:556(para)
3407
3627
msgid ""
3408
3628
"The following packages and their dependencies will be required in order to "
3409
3629
"use uvtool:"
3410
3630
msgstr ""
3411
3631
3412
#: serverguide/C/virtualization.xml:495(para)
3632
#: serverguide/C/virtualization.xml:563(para)
3413
3633
msgid "uvtool"
3414
3634
msgstr ""
3415
3635
3416
#: serverguide/C/virtualization.xml:499(para)
3636
#: serverguide/C/virtualization.xml:567(para)
3417
3637
msgid "uvtool-libvirt"
3418
3638
msgstr ""
3419
3639
3420
#: serverguide/C/virtualization.xml:504(para)
3640
#: serverguide/C/virtualization.xml:572(para)
3421
3641
msgid "To install <application>uvtool</application>, run:"
3422
3642
msgstr ""
3423
3643
3424
#: serverguide/C/virtualization.xml:505(programlisting)
3644
#: serverguide/C/virtualization.xml:573(programlisting)
3425
3645
#, no-wrap
3426
3646
msgid "$ apt -y install uvtool"
3427
3647
msgstr ""
3428
3648
3429
#: serverguide/C/virtualization.xml:507(para)
3649
#: serverguide/C/virtualization.xml:575(para)
3430
3650
msgid "This will install uvtool's main commands:"
3431
3651
msgstr ""
3432
3652
3433
#: serverguide/C/virtualization.xml:509(application)
3653
#: serverguide/C/virtualization.xml:577(application)
3434
3654
msgid "uvt-simplestreams-libvirt"
3435
3655
msgstr ""
3436
3656
3437
#: serverguide/C/virtualization.xml:510(application)
3657
#: serverguide/C/virtualization.xml:578(application)
3438
3658
msgid "uvt-kvm"
3439
3659
msgstr ""
3440
3660
3441
#: serverguide/C/virtualization.xml:515(title)
3661
#: serverguide/C/virtualization.xml:583(title)
3442
3662
msgid ""
3443
3663
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3444
3664
"libvirt</application>"
3445
3665
msgstr ""
3446
3666
3447
#: serverguide/C/virtualization.xml:517(para)
3667
#: serverguide/C/virtualization.xml:585(para)
3448
3668
msgid ""
3449
3669
"This is one of the major simplifications that "
3450
3670
"<application>uvtool</application> brings. It is aware of where to find the "
3453
3673
"architecture, the uvtool command would be:"
3454
3674
msgstr ""
3455
3675
3456
#: serverguide/C/virtualization.xml:522(programlisting)
3676
#: serverguide/C/virtualization.xml:590(programlisting)
3457
3677
#, no-wrap
3458
3678
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
3459
3679
msgstr ""
3460
3680
3461
#: serverguide/C/virtualization.xml:524(para)
3681
#: serverguide/C/virtualization.xml:592(para)
3462
3682
msgid ""
3463
3683
"After an amount of time required to download all the images from the "
3464
3684
"Internet, you will have a complete set of cloud images stored locally. To "
3465
3685
"see what has been downloaded use the following command:"
3466
3686
msgstr ""
3467
3687
3468
#: serverguide/C/virtualization.xml:528(programlisting)
3688
#: serverguide/C/virtualization.xml:596(programlisting)
3469
3689
#, no-wrap
3470
3690
msgid ""
3471
3691
"$ uvt-simplestreams-libvirt query\n"
3482
3702
"\n"
3483
3703
msgstr ""
3484
3704
3485
#: serverguide/C/virtualization.xml:542(para)
3705
#: serverguide/C/virtualization.xml:610(para)
3486
3706
msgid ""
3487
3707
"In the case where you want to synchronize only one specific cloud-image, you "
3488
3708
"need to use the release= and arch= filters to identify which image needs to "
3489
3709
"be synchronized."
3490
3710
msgstr ""
3491
3711
3492
#: serverguide/C/virtualization.xml:545(programlisting)
3712
#: serverguide/C/virtualization.xml:613(programlisting)
3493
3713
#, no-wrap
3494
3714
msgid "$ uvt-simplestreams-libvirt sync release=xenial arch=amd64\n"
3495
3715
msgstr ""
3496
3716
3497
#: serverguide/C/virtualization.xml:550(title)
3717
#: serverguide/C/virtualization.xml:618(title)
3498
3718
msgid "Create the VM using uvt-kvm"
3499
3719
msgstr ""
3500
3720
3501
#: serverguide/C/virtualization.xml:552(para)
3721
#: serverguide/C/virtualization.xml:620(para)
3502
3722
msgid ""
3503
3723
"In order to connect to the virtual machine once it has been created, you "
3504
3724
"must have a valid SSH key available for the Ubuntu user. If your environment "
3506
3726
"command:"
3507
3727
msgstr ""
3508
3728
3509
#: serverguide/C/virtualization.xml:554(programlisting)
3729
#: serverguide/C/virtualization.xml:622(programlisting)
3510
3730
#, no-wrap
3511
3731
msgid ""
3512
3732
"\n"
3533
3753
"+-----------------+\n"
3534
3754
msgstr ""
3535
3755
3536
#: serverguide/C/virtualization.xml:577(para)
3756
#: serverguide/C/virtualization.xml:645(para)
3537
3757
msgid ""
3538
3758
"To create of a new virtual machine using uvtool, run the following in a "
3539
3759
"terminal:"
3540
3760
msgstr ""
3541
3761
3542
#: serverguide/C/virtualization.xml:579(programlisting)
3762
#: serverguide/C/virtualization.xml:647(programlisting)
3543
3763
#, no-wrap
3544
3764
msgid "$ uvt-kvm create firsttest"
3545
3765
msgstr ""
3546
3766
3547
#: serverguide/C/virtualization.xml:581(para)
3767
#: serverguide/C/virtualization.xml:649(para)
3548
3768
msgid ""
3549
3769
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3550
3770
"using the current LTS cloud image available locally. If you want to specify "
3552
3772
"role=\"bold\">release=</emphasis> filter:"
3553
3773
msgstr ""
3554
3774
3555
#: serverguide/C/virtualization.xml:584(programlisting)
3775
#: serverguide/C/virtualization.xml:652(programlisting)
3556
3776
#, no-wrap
3557
3777
msgid "$ uvt-kvm create secondtest release=xenial"
3558
3778
msgstr ""
3559
3779
3560
#: serverguide/C/virtualization.xml:586(para)
3780
#: serverguide/C/virtualization.xml:654(para)
3561
3781
msgid ""
3562
3782
"<application>uvt-kvm wait</application> can be used to wait until the "
3563
3783
"creation of the VM has completed:"
3564
3784
msgstr ""
3565
3785
3566
#: serverguide/C/virtualization.xml:589(programlisting)
3786
#: serverguide/C/virtualization.xml:657(programlisting)
3567
3787
#, no-wrap
3568
3788
msgid ""
3569
3789
"$ uvt-kvm wait secondttest --insecure\n"
3570
3790
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3571
3791
msgstr ""
3572
3792
3573
#: serverguide/C/virtualization.xml:594(title)
3793
#: serverguide/C/virtualization.xml:662(title)
3574
3794
msgid "Connect to the running VM"
3575
3795
msgstr ""
3576
3796
3577
#: serverguide/C/virtualization.xml:595(para)
3797
#: serverguide/C/virtualization.xml:663(para)
3578
3798
msgid ""
3579
3799
"Once the virtual machine creation is completed, you can connect to it using "
3580
3800
"SSH:"
3581
3801
msgstr ""
3582
3802
3583
#: serverguide/C/virtualization.xml:598(programlisting)
3803
#: serverguide/C/virtualization.xml:666(programlisting)
3584
3804
#, no-wrap
3585
3805
msgid "$ uvt-kvm ssh secondtest --insecure"
3586
3806
msgstr ""
3587
3807
3588
#: serverguide/C/virtualization.xml:600(para)
3808
#: serverguide/C/virtualization.xml:668(para)
3589
3809
msgid ""
3590
3810
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3591
3811
"required, so use this mechanism to connect to your VM only if you completely "
3592
3812
"trust your network infrastructure."
3593
3813
msgstr ""
3594
3814
3595
#: serverguide/C/virtualization.xml:602(para)
3815
#: serverguide/C/virtualization.xml:670(para)
3596
3816
msgid ""
3597
3817
"You can also connect to your VM using a regular SSH session using the IP "
3598
3818
"address of the VM. The address can be queried using the following command:"
3599
3819
msgstr ""
3600
3820
3601
#: serverguide/C/virtualization.xml:604(programlisting)
3821
#: serverguide/C/virtualization.xml:672(programlisting)
3602
3822
#, no-wrap
3603
3823
msgid ""
3604
3824
"\n"
3640
3860
"\n"
3641
3861
msgstr ""
3642
3862
3643
#: serverguide/C/virtualization.xml:639(title)
3863
#: serverguide/C/virtualization.xml:707(title)
3644
3864
msgid "Get the list of running VMs"
3645
3865
msgstr ""
3646
3866
3647
#: serverguide/C/virtualization.xml:640(para)
3867
#: serverguide/C/virtualization.xml:708(para)
3648
3868
msgid "You can get the list of VMs running on your system with this command:"
3649
3869
msgstr ""
3650
3870
3651
#: serverguide/C/virtualization.xml:642(programlisting)
3871
#: serverguide/C/virtualization.xml:710(programlisting)
3652
3872
#, no-wrap
3653
3873
msgid ""
3654
3874
"$ uvt-kvm list\n"
3655
3875
"secondtest\n"
3656
3876
msgstr ""
3657
3877
3658
#: serverguide/C/virtualization.xml:647(title)
3878
#: serverguide/C/virtualization.xml:715(title)
3659
3879
msgid "Destroy your VM"
3660
3880
msgstr ""
3661
3881
3662
#: serverguide/C/virtualization.xml:648(para)
3882
#: serverguide/C/virtualization.xml:716(para)
3663
3883
msgid "Once you are done with your VM, you can destroy it with:"
3664
3884
msgstr ""
3665
3885
3666
#: serverguide/C/virtualization.xml:650(programlisting)
3886
#: serverguide/C/virtualization.xml:718(programlisting)
3667
3887
#, no-wrap
3668
3888
msgid "$ uvt-kvm destroy secondtest"
3669
3889
msgstr ""
3670
3890
3671
#: serverguide/C/virtualization.xml:652(title)
3891
#: serverguide/C/virtualization.xml:720(title)
3672
3892
msgid "More uvt-kvm options"
3673
3893
msgstr ""
3674
3894
3675
#: serverguide/C/virtualization.xml:654(para)
3895
#: serverguide/C/virtualization.xml:722(para)
3676
3896
msgid ""
3677
3897
"The following options can be used to change some of the characteristics of "
3678
3898
"the VM that you are creating:"
3679
3899
msgstr ""
3680
3900
3681
#: serverguide/C/virtualization.xml:657(para)
3901
#: serverguide/C/virtualization.xml:725(para)
3682
3902
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3683
3903
msgstr ""
3684
3904
3685
#: serverguide/C/virtualization.xml:658(para)
3905
#: serverguide/C/virtualization.xml:726(para)
3686
3906
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3687
3907
msgstr ""
3688
3908
3689
#: serverguide/C/virtualization.xml:659(para)
3909
#: serverguide/C/virtualization.xml:727(para)
3690
3910
msgid "--cpu : Number of CPU cores. Default: 1."
3691
3911
msgstr ""
3692
3912
3693
#: serverguide/C/virtualization.xml:662(para)
3913
#: serverguide/C/virtualization.xml:730(para)
3694
3914
msgid ""
3695
3915
"Some other parameters will have an impact on the cloud-init configuration:"
3696
3916
msgstr ""
3697
3917
3698
#: serverguide/C/virtualization.xml:664(para)
3918
#: serverguide/C/virtualization.xml:732(para)
3699
3919
msgid ""
3700
3920
"--password password : Allow login to the VM using the Ubuntu account and "
3701
3921
"this provided password."
3702
3922
msgstr ""
3703
3923
3704
#: serverguide/C/virtualization.xml:665(para)
3924
#: serverguide/C/virtualization.xml:733(para)
3705
3925
msgid ""
3706
3926
"--run-script-once script_file : Run script_file as root on the VM the first "
3707
3927
"time it is booted, but never again."
3708
3928
msgstr ""
3709
3929
3710
#: serverguide/C/virtualization.xml:666(para)
3930
#: serverguide/C/virtualization.xml:734(para)
3711
3931
msgid ""
3712
3932
"--packages package_list : Install the comma-separated packages specified in "
3713
3933
"package_list on first boot."
3714
3934
msgstr ""
3715
3935
3716
#: serverguide/C/virtualization.xml:669(para)
3936
#: serverguide/C/virtualization.xml:737(para)
3717
3937
msgid ""
3718
3938
"A complete description of all available modifiers is available in the "
3719
3939
"manpage of uvt-kvm."
3720
3940
msgstr ""
3721
3941
3722
#: serverguide/C/virtualization.xml:676(para)
3942
#: serverguide/C/virtualization.xml:744(para)
3723
3943
msgid ""
3724
3944
"If you are interested in learning more, have questions or suggestions, "
3725
3945
"please contact the Ubuntu Server Team at:"
3726
3946
msgstr ""
3727
3947
3728
#: serverguide/C/virtualization.xml:681(para)
3948
#: serverguide/C/virtualization.xml:749(para)
3729
3949
msgid "IRC: #ubuntu-server on freenode"
3730
3950
msgstr ""
3731
3951
3732
#: serverguide/C/virtualization.xml:685(para)
3952
#: serverguide/C/virtualization.xml:753(para)
3733
3953
msgid ""
3734
3954
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3735
3955
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3736
3956
msgstr ""
3737
3957
3738
#: serverguide/C/virtualization.xml:694(title)
3958
#: serverguide/C/virtualization.xml:762(title)
3739
3959
msgid "Ubuntu Cloud"
3740
3960
msgstr ""
3741
3961
3742
#: serverguide/C/virtualization.xml:696(para)
3962
#: serverguide/C/virtualization.xml:764(para)
3743
3963
msgid ""
3744
3964
"<application>Cloud computing</application> is a computing model that allows "
3745
3965
"vast pools of resources to be allocated on-demand. These resources such as "
3751
3971
"build highly scalable, cloud computing for both public and private clouds."
3752
3972
msgstr ""
3753
3973
3754
#: serverguide/C/virtualization.xml:707(title)
3974
#: serverguide/C/virtualization.xml:775(title)
3755
3975
msgid "Installation and Configuration"
3756
3976
msgstr ""
3757
3977
3758
#: serverguide/C/virtualization.xml:709(para)
3978
#: serverguide/C/virtualization.xml:777(para)
3759
3979
msgid ""
3760
3980
"Due to the current high rate of development of this complex technology we "
3761
3981
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
3763
3983
"concerning installation and configuration."
3764
3984
msgstr ""
3765
3985
3766
#: serverguide/C/virtualization.xml:718(title) serverguide/C/network-config.xml:1660(title)
3986
#: serverguide/C/virtualization.xml:786(title) serverguide/C/network-config.xml:1698(title)
3767
3987
msgid "Support and Troubleshooting"
3768
3988
msgstr ""
3769
3989
3770
#: serverguide/C/virtualization.xml:720(para)
3990
#: serverguide/C/virtualization.xml:788(para)
3771
3991
msgid "Community Support"
3772
3992
msgstr ""
3773
3993
3774
#: serverguide/C/virtualization.xml:724(ulink)
3994
#: serverguide/C/virtualization.xml:792(ulink)
3775
3995
msgid "OpenStack Mailing list"
3776
3996
msgstr ""
3777
3997
3778
#: serverguide/C/virtualization.xml:729(ulink)
3998
#: serverguide/C/virtualization.xml:797(ulink)
3779
3999
msgid "The OpenStack Wiki search"
3780
4000
msgstr ""
3781
4001
3782
#: serverguide/C/virtualization.xml:734(ulink)
4002
#: serverguide/C/virtualization.xml:802(ulink)
3783
4003
msgid "Launchpad bugs area"
3784
4004
msgstr ""
3785
4005
3786
#: serverguide/C/virtualization.xml:739(para)
4006
#: serverguide/C/virtualization.xml:807(para)
3787
4007
msgid "Join the IRC channel #openstack on freenode."
3788
4008
msgstr ""
3789
4009
3790
#: serverguide/C/virtualization.xml:750(ulink)
4010
#: serverguide/C/virtualization.xml:818(ulink)
3791
4011
msgid "Cloud Computing - Service models"
3792
4012
msgstr ""
3793
4013
3794
#: serverguide/C/virtualization.xml:756(ulink)
4014
#: serverguide/C/virtualization.xml:824(ulink)
3795
4015
msgid "OpenStack Compute"
3796
4016
msgstr ""
3797
4017
3798
#: serverguide/C/virtualization.xml:762(ulink)
4018
#: serverguide/C/virtualization.xml:830(ulink)
3799
4019
msgid "OpenStack Image Service"
3800
4020
msgstr ""
3801
4021
3802
#: serverguide/C/virtualization.xml:768(ulink)
4022
#: serverguide/C/virtualization.xml:836(ulink)
3803
4023
msgid "OpenStack Object Storage Administration Guide"
3804
4024
msgstr ""
3805
4025
3806
#: serverguide/C/virtualization.xml:774(ulink)
4026
#: serverguide/C/virtualization.xml:842(ulink)
3807
4027
msgid "Installing OpenStack Object Storage on Ubuntu"
3808
4028
msgstr ""
3809
4029
3810
#: serverguide/C/virtualization.xml:780(ulink)
4030
#: serverguide/C/virtualization.xml:848(ulink)
3811
4031
msgid "http://cloudglossary.com/"
3812
4032
msgstr ""
3813
4033
3814
#: serverguide/C/virtualization.xml:790(title)
4034
#: serverguide/C/virtualization.xml:858(title)
3815
4035
msgid "LXD"
3816
4036
msgstr ""
3817
4037
3818
#: serverguide/C/virtualization.xml:792(para)
4038
#: serverguide/C/virtualization.xml:860(para)
3819
4039
msgid ""
3820
4040
"LXD (pronounced lex-dee) is the lightervisor, or lightweight container "
3821
4041
"hypervisor. While this claim has been controversial, it has been <ulink "
3825
4045
"url=\"https://help.ubuntu.com/lts/serverguide/lxc.html\">LXC</ulink>."
3826
4046
msgstr ""
3827
4047
3828
#: serverguide/C/virtualization.xml:801(para)
4048
#: serverguide/C/virtualization.xml:869(para)
3829
4049
msgid ""
3830
4050
"LXC (lex-see) is a program which creates and administers \"containers\" on a "
3831
4051
"local system. It also provides an API to allow higher level managers, such "
3833
4053
"while comparing LXD to libvirt."
3834
4054
msgstr ""
3835
4055
3836
#: serverguide/C/virtualization.xml:808(para)
4056
#: serverguide/C/virtualization.xml:876(para)
3837
4057
msgid ""
3838
4058
"The LXC API deals with a 'container'. The LXD API deals with 'remotes', "
3839
4059
"which serve images and containers. This extends the LXC functionality over "
3841
4061
"and container image publishing."
3842
4062
msgstr ""
3843
4063
3844
#: serverguide/C/virtualization.xml:815(para)
4064
#: serverguide/C/virtualization.xml:883(para)
3845
4065
msgid ""
3846
4066
"LXD uses LXC under the covers for some container management tasks. However, "
3847
4067
"it keeps its own container configuration information and has its own "
3850
4070
"LXD on Ubuntu systems."
3851
4071
msgstr ""
3852
4072
3853
#: serverguide/C/virtualization.xml:823(title)
4073
#: serverguide/C/virtualization.xml:891(title)
3854
4074
msgid "Online Resources"
3855
4075
msgstr ""
3856
4076
3857
#: serverguide/C/virtualization.xml:825(para)
4077
#: serverguide/C/virtualization.xml:893(para)
3858
4078
msgid ""
3859
4079
"There is excellent documentation for <ulink "
3860
4080
"url=\"http://github.com/lxc/lxd\">getting started with LXD</ulink> in the "
3868
4088
"juju</ulink>."
3869
4089
msgstr ""
3870
4090
3871
#: serverguide/C/virtualization.xml:832(para)
4091
#: serverguide/C/virtualization.xml:900(para)
3872
4092
msgid ""
3873
4093
"This document will offer an Ubuntu Server-specific view of LXD, focusing on "
3874
4094
"administration."
3875
4095
msgstr ""
3876
4096
3877
#: serverguide/C/virtualization.xml:840(para)
4097
#: serverguide/C/virtualization.xml:908(para)
3878
4098
msgid ""
3879
4099
"LXD is pre-installed on Ubuntu Server cloud images. On other systems, the "
3880
4100
"lxd package can be installed using:"
3881
4101
msgstr ""
3882
4102
3883
#: serverguide/C/virtualization.xml:846(command)
4103
#: serverguide/C/virtualization.xml:914(command)
3884
4104
msgid "sudo apt install lxd"
3885
4105
msgstr ""
3886
4106
3887
#: serverguide/C/virtualization.xml:851(para)
4107
#: serverguide/C/virtualization.xml:919(para)
3888
4108
msgid ""
3889
4109
"This will install LXD as well as the recommended dependencies, including the "
3890
4110
"LXC library and lxcfs."
3891
4111
msgstr ""
3892
4112
3893
#: serverguide/C/virtualization.xml:857(title)
4113
#: serverguide/C/virtualization.xml:925(title)
3894
4114
msgid "Kernel preparation"
3895
4115
msgstr ""
3896
4116
3897
#: serverguide/C/virtualization.xml:859(para)
4117
#: serverguide/C/virtualization.xml:927(para)
3898
4118
msgid ""
3899
4119
"In general, Ubuntu 16.04 should have all the desired features enabled by "
3900
4120
"default. One exception to this is that in order to enable swap accounting "
3904
4124
"then running 'update-grub' as root and rebooting."
3905
4125
msgstr ""
3906
4126
3907
#: serverguide/C/virtualization.xml:871(para)
4127
#: serverguide/C/virtualization.xml:939(para)
3908
4128
msgid ""
3909
4129
"By default, LXD is installed listening on a local UNIX socket, which members "
3910
4130
"of group LXD can talk to. It has no trust password setup. And it uses the "
3913
4133
"will allow you to choose:"
3914
4134
msgstr ""
3915
4135
3916
#: serverguide/C/virtualization.xml:881(para)
4136
#: serverguide/C/virtualization.xml:949(para)
3917
4137
msgid ""
3918
4138
"Directory or <ulink url=\"http://open-zfs.org\">ZFS</ulink> container "
3919
4139
"backend. If you choose ZFS, you can choose which block devices to use, or "
3920
4140
"the size of a file to use as backing store."
3921
4141
msgstr ""
3922
4142
3923
#: serverguide/C/virtualization.xml:885(para)
4143
#: serverguide/C/virtualization.xml:953(para)
3924
4144
msgid "Availability over the network"
3925
4145
msgstr ""
3926
4146
3927
#: serverguide/C/virtualization.xml:887(para)
4147
#: serverguide/C/virtualization.xml:955(para)
3928
4148
msgid ""
3929
4149
"A 'trust password' used by remote clients to vouch for their client "
3930
4150
"certificate"
3931
4151
msgstr ""
3932
4152
3933
#: serverguide/C/virtualization.xml:891(para)
4153
#: serverguide/C/virtualization.xml:959(para)
3934
4154
msgid ""
3935
4155
"You must run 'lxd init' as root. 'lxc' commands can be run as any user who "
3936
4156
"is member of group lxd. If user joe is not a member of group 'lxd', you may "
3937
4157
"run:"
3938
4158
msgstr ""
3939
4159
3940
#: serverguide/C/virtualization.xml:898(command)
4160
#: serverguide/C/virtualization.xml:966(command)
3941
4161
msgid "adduser joe lxd"
3942
4162
msgstr ""
3943
4163
3944
#: serverguide/C/virtualization.xml:903(para)
4164
#: serverguide/C/virtualization.xml:971(para)
3945
4165
msgid ""
3946
4166
"as root to change it. The new membership will take effect on the next login, "
3947
4167
"or after running 'newgrp lxd' from an existing login."
3948
4168
msgstr ""
3949
4169
3950
#: serverguide/C/virtualization.xml:908(para)
4170
#: serverguide/C/virtualization.xml:976(para)
3951
4171
msgid ""
3952
4172
"For more information on server, container, profile, and device "
3953
4173
"configuration, please refer to the definitive configuration provided with "
3956
4176
"link>"
3957
4177
msgstr ""
3958
4178
3959
#: serverguide/C/virtualization.xml:916(title)
4179
#: serverguide/C/virtualization.xml:984(title)
3960
4180
msgid "Creating your first container"
3961
4181
msgstr ""
3962
4182
3963
#: serverguide/C/virtualization.xml:918(para)
4183
#: serverguide/C/virtualization.xml:986(para)
3964
4184
msgid "This section will describe the simplest container tasks."
3965
4185
msgstr ""
3966
4186
3967
#: serverguide/C/virtualization.xml:922(title)
4187
#: serverguide/C/virtualization.xml:990(title)
3968
4188
msgid "Creating a container"
3969
4189
msgstr ""
3970
4190
3971
#: serverguide/C/virtualization.xml:924(para)
4191
#: serverguide/C/virtualization.xml:992(para)
3972
4192
msgid ""
3973
4193
"Every new container is created based on either an image, an existing "
3974
4194
"container, or a container snapshot. At install time, LXD is configured with "
3975
4195
"the following image servers:"
3976
4196
msgstr ""
3977
4197
3978
#: serverguide/C/virtualization.xml:932(para)
4198
#: serverguide/C/virtualization.xml:1000(para)
3979
4199
msgid ""
3980
4200
"<filename>ubuntu</filename>: this serves official Ubuntu server cloud image "
3981
4201
"releases."
3982
4202
msgstr ""
3983
4203
3984
#: serverguide/C/virtualization.xml:935(para)
4204
#: serverguide/C/virtualization.xml:1003(para)
3985
4205
msgid ""
3986
4206
"<filename>ubuntu-daily</filename>: this serves official Ubuntu server cloud "
3987
4207
"images of the daily development releases."
3988
4208
msgstr ""
3989
4209
3990
#: serverguide/C/virtualization.xml:939(para)
4210
#: serverguide/C/virtualization.xml:1007(para)
3991
4211
msgid ""
3992
4212
"<filename>images</filename>: this is a default-installed alias for "
3993
4213
"images.linuxcontainers.org. This is serves classical lxc images built using "
3996
4216
"recommended server for Ubuntu images."
3997
4217
msgstr ""
3998
4218
3999
#: serverguide/C/virtualization.xml:947(para)
4219
#: serverguide/C/virtualization.xml:1015(para)
4000
4220
msgid "The command to create and start a container is"
4001
4221
msgstr ""
4002
4222
4003
#: serverguide/C/virtualization.xml:952(command)
4223
#: serverguide/C/virtualization.xml:1020(command)
4004
4224
msgid "lxc launch remote:image containername"
4005
4225
msgstr ""
4006
4226
4007
#: serverguide/C/virtualization.xml:957(para)
4227
#: serverguide/C/virtualization.xml:1025(para)
4008
4228
msgid ""
4009
4229
"Images are identified by their hash, but are also aliased. The 'ubuntu' "
4010
4230
"server knows many aliases such as '16.04' and 'xenial'. A list of all images "
4011
4231
"available from the Ubuntu Server can be seen using:"
4012
4232
msgstr ""
4013
4233
4014
#: serverguide/C/virtualization.xml:964(command) serverguide/C/virtualization.xml:1488(command)
4234
#: serverguide/C/virtualization.xml:1032(command) serverguide/C/virtualization.xml:1556(command)
4015
4235
msgid "lxc image list ubuntu:"
4016
4236
msgstr ""
4017
4237
4018
#: serverguide/C/virtualization.xml:969(para)
4238
#: serverguide/C/virtualization.xml:1037(para)
4019
4239
msgid ""
4020
4240
"To see more information about a particular image, including all the aliases "
4021
4241
"it is known by, you can use:"
4022
4242
msgstr ""
4023
4243
4024
#: serverguide/C/virtualization.xml:975(command)
4244
#: serverguide/C/virtualization.xml:1043(command)
4025
4245
msgid "lxc image info ubuntu:xenial"
4026
4246
msgstr ""
4027
4247
4028
#: serverguide/C/virtualization.xml:980(para)
4248
#: serverguide/C/virtualization.xml:1048(para)
4029
4249
msgid ""
4030
4250
"You can generally refer to an Ubuntu image using the release name ('xenial') "
4031
4251
"or the release number (16.04). In addition, 'lts' is an alias for the latest "
4033
4253
"the desired architecture:"
4034
4254
msgstr ""
4035
4255
4036
#: serverguide/C/virtualization.xml:988(command)
4256
#: serverguide/C/virtualization.xml:1056(command)
4037
4257
msgid "lxc image info ubuntu:lts/arm64"
4038
4258
msgstr ""
4039
4259
4040
#: serverguide/C/virtualization.xml:993(para)
4260
#: serverguide/C/virtualization.xml:1061(para)
4041
4261
msgid "Now, let's start our first container:"
4042
4262
msgstr ""
4043
4263
4044
#: serverguide/C/virtualization.xml:998(command)
4264
#: serverguide/C/virtualization.xml:1066(command)
4045
4265
msgid "lxc launch ubuntu:xenial x1"
4046
4266
msgstr ""
4047
4267
4048
#: serverguide/C/virtualization.xml:1003(para)
4268
#: serverguide/C/virtualization.xml:1071(para)
4049
4269
msgid ""
4050
4270
"This will download the official current Xenial cloud image for your current "
4051
4271
"architecture, then create a container using that image, and finally start "
4052
4272
"it. Once the command returns, you can see it using:"
4053
4273
msgstr ""
4054
4274
4055
#: serverguide/C/virtualization.xml:1010(command)
4275
#: serverguide/C/virtualization.xml:1078(command)
4056
4276
msgid "lxc list lxc info x1"
4057
4277
msgstr ""
4058
4278
4059
#: serverguide/C/virtualization.xml:1016(para)
4279
#: serverguide/C/virtualization.xml:1084(para)
4060
4280
msgid "and open a shell in it using:"
4061
4281
msgstr ""
4062
4282
4063
#: serverguide/C/virtualization.xml:1021(command)
4283
#: serverguide/C/virtualization.xml:1089(command)
4064
4284
msgid "lxc exec x1 bash"
4065
4285
msgstr ""
4066
4286
4067
#: serverguide/C/virtualization.xml:1026(para)
4287
#: serverguide/C/virtualization.xml:1094(para)
4068
4288
msgid ""
4069
4289
"The try-it page gives a full synopsis of the commands you can use to "
4070
4290
"administer containers."
4071
4291
msgstr ""
4072
4292
4073
#: serverguide/C/virtualization.xml:1031(para)
4293
#: serverguide/C/virtualization.xml:1099(para)
4074
4294
msgid ""
4075
4295
"Now that the 'xenial' image has been downloaded, it will be kept in sync "
4076
4296
"until no new containers have been created based on it for (by default) 10 "
4077
4297
"days. After that, it will be deleted."
4078
4298
msgstr ""
4079
4299
4080
#: serverguide/C/virtualization.xml:1039(title)
4300
#: serverguide/C/virtualization.xml:1107(title)
4081
4301
msgid "LXD Server Configuration"
4082
4302
msgstr ""
4083
4303
4084
#: serverguide/C/virtualization.xml:1041(para)
4304
#: serverguide/C/virtualization.xml:1109(para)
4085
4305
msgid ""
4086
4306
"By default, LXD is socket activated and configured to listen only on a local "
4087
4307
"UNIX socket. While LXD may not be running when you first look at the process "
4088
4308
"listing, any LXC command will start it up. For instance:"
4089
4309
msgstr ""
4090
4310
4091
#: serverguide/C/virtualization.xml:1048(command)
4311
#: serverguide/C/virtualization.xml:1116(command)
4092
4312
msgid "lxc list"
4093
4313
msgstr ""
4094
4314
4095
#: serverguide/C/virtualization.xml:1053(para)
4315
#: serverguide/C/virtualization.xml:1121(para)
4096
4316
msgid ""
4097
4317
"This will create your client certificate and contact the LXD server for a "
4098
4318
"list of containers. To make the server accessible over the network you can "
4099
4319
"set the http port using:"
4100
4320
msgstr ""
4101
4321
4102
#: serverguide/C/virtualization.xml:1060(command)
4322
#: serverguide/C/virtualization.xml:1128(command)
4103
4323
msgid "lxc config set core.https_address :8443"
4104
4324
msgstr ""
4105
4325
4106
#: serverguide/C/virtualization.xml:1065(para)
4326
#: serverguide/C/virtualization.xml:1133(para)
4107
4327
msgid "This will tell LXD to listen to port 8843 on all addresses."
4108
4328
msgstr ""
4109
4329
4110
#: serverguide/C/virtualization.xml:1069(title)
4330
#: serverguide/C/virtualization.xml:1137(title)
4111
4331
msgid "Authentication"
4112
4332
msgstr ""
4113
4333
4114
#: serverguide/C/virtualization.xml:1071(para)
4334
#: serverguide/C/virtualization.xml:1139(para)
4115
4335
msgid ""
4116
4336
"By default, LXD will allow all members of group 'lxd' (which by default "
4117
4337
"includes all members of group admin) to talk to it over the UNIX socket. "
4119
4339
"certificates."
4120
4340
msgstr ""
4121
4341
4122
#: serverguide/C/virtualization.xml:1077(para)
4342
#: serverguide/C/virtualization.xml:1145(para)
4123
4343
msgid ""
4124
4344
"Before client c1 wishes to use remote r1, r1 must be registered using:"
4125
4345
msgstr ""
4126
4346
4127
#: serverguide/C/virtualization.xml:1082(command)
4347
#: serverguide/C/virtualization.xml:1150(command)
4128
4348
msgid "lxc remote add r1 r1.example.com:8443"
4129
4349
msgstr ""
4130
4350
4131
#: serverguide/C/virtualization.xml:1087(para)
4351
#: serverguide/C/virtualization.xml:1155(para)
4132
4352
msgid ""
4133
4353
"The fingerprint of r1's certificate will be shown, to allow the user at c1 "
4134
4354
"to reject a false certificate. The server in turn will verify that c1 may be "
4136
4356
"already-registered client, using:"
4137
4357
msgstr ""
4138
4358
4139
#: serverguide/C/virtualization.xml:1095(command)
4359
#: serverguide/C/virtualization.xml:1163(command)
4140
4360
msgid "lxc config trust add r1 certfile.crt"
4141
4361
msgstr ""
4142
4362
4143
#: serverguide/C/virtualization.xml:1100(para)
4363
#: serverguide/C/virtualization.xml:1168(para)
4144
4364
msgid ""
4145
4365
"Now when the client adds r1 as a known remote, it will not need to provide a "
4146
4366
"password as it is already trusted by the server."
4147
4367
msgstr ""
4148
4368
4149
#: serverguide/C/virtualization.xml:1105(para)
4369
#: serverguide/C/virtualization.xml:1173(para)
4150
4370
msgid ""
4151
4371
"The other is to configure a 'trust password' with r1, either at initial "
4152
4372
"configuration using 'lxd init', or after the fact using"
4153
4373
msgstr ""
4154
4374
4155
#: serverguide/C/virtualization.xml:1111(command)
4375
#: serverguide/C/virtualization.xml:1179(command)
4156
4376
msgid "lxc config set core.trust_password PASSWORD"
4157
4377
msgstr ""
4158
4378
4159
#: serverguide/C/virtualization.xml:1116(para)
4379
#: serverguide/C/virtualization.xml:1184(para)
4160
4380
msgid ""
4161
4381
"The password can then be provided when the client registers r1 as a known "
4162
4382
"remote."
4163
4383
msgstr ""
4164
4384
4165
#: serverguide/C/virtualization.xml:1123(title)
4385
#: serverguide/C/virtualization.xml:1191(title)
4166
4386
msgid "Backing store"
4167
4387
msgstr ""
4168
4388
4169
#: serverguide/C/virtualization.xml:1125(para)
4389
#: serverguide/C/virtualization.xml:1193(para)
4170
4390
msgid ""
4171
4391
"LXD supports several backing stores. The recommended backing store is ZFS, "
4172
4392
"however this is not available on all platforms. Supported backing stores "
4173
4393
"include:"
4174
4394
msgstr ""
4175
4395
4176
#: serverguide/C/virtualization.xml:1133(para)
4396
#: serverguide/C/virtualization.xml:1201(para)
4177
4397
msgid ""
4178
4398
"ext4: this is the default, and easiest to use. With an ext4 backing store, "
4179
4399
"containers and images are simply stored as directories on the host "
4181
4401
"and 10 containers will take up 10 times as much space as one container."
4182
4402
msgstr ""
4183
4403
4184
#: serverguide/C/virtualization.xml:1142(para)
4404
#: serverguide/C/virtualization.xml:1210(para)
4185
4405
msgid ""
4186
4406
"ZFS: if ZFS is supported on your architecture (amd64, arm64, or ppc64le), "
4187
4407
"you can set LXD up to use it using 'lxd init'. If you already have a ZFS "
4189
4409
"configuration key:"
4190
4410
msgstr ""
4191
4411
4192
#: serverguide/C/virtualization.xml:1150(command)
4412
#: serverguide/C/virtualization.xml:1218(command)
4193
4413
msgid "lxc config set storage.zfs_pool_name lxd"
4194
4414
msgstr ""
4195
4415
4196
#: serverguide/C/virtualization.xml:1155(para)
4416
#: serverguide/C/virtualization.xml:1223(para)
4197
4417
msgid ""
4198
4418
"With ZFS, launching a new container is fast because the filesystem starts as "
4199
4419
"a copy on write clone of the images' filesystem. Note that unless the "
4202
4422
"little of the actual filesystem data."
4203
4423
msgstr ""
4204
4424
4205
#: serverguide/C/virtualization.xml:1165(para)
4425
#: serverguide/C/virtualization.xml:1233(para)
4206
4426
msgid ""
4207
4427
"Btrfs: btrfs can be used with many of the same advantages as ZFS. To use "
4208
4428
"BTRFS as a LXD backing store, simply mount a Btrfs filesystem under "
4211
4431
"container."
4212
4432
msgstr ""
4213
4433
4214
#: serverguide/C/virtualization.xml:1175(para)
4434
#: serverguide/C/virtualization.xml:1243(para)
4215
4435
msgid ""
4216
4436
"LVM: To use a LVM volume group called 'lxd', you may tell LXD to use that "
4217
4437
"for containers and images using the command"
4218
4438
msgstr ""
4219
4439
4220
#: serverguide/C/virtualization.xml:1181(command)
4440
#: serverguide/C/virtualization.xml:1249(command)
4221
4441
msgid "lxc config set storage.lvm_vg_name lxd"
4222
4442
msgstr ""
4223
4443
4224
#: serverguide/C/virtualization.xml:1186(para)
4444
#: serverguide/C/virtualization.xml:1254(para)
4225
4445
msgid ""
4226
4446
"When launching a new container, its rootfs will start as a lv clone. It is "
4227
4447
"immediately mounted so that the file uids can be shifted, then unmounted. "
4228
4448
"Container snapshots also are created as lv snapshots."
4229
4449
msgstr ""
4230
4450
4231
#: serverguide/C/virtualization.xml:1196(title)
4451
#: serverguide/C/virtualization.xml:1264(title)
4232
4452
msgid "Container configuration"
4233
4453
msgstr ""
4234
4454
4235
#: serverguide/C/virtualization.xml:1198(para)
4455
#: serverguide/C/virtualization.xml:1266(para)
4236
4456
msgid ""
4237
4457
"Containers are configured according to a set of profiles, described in the "
4238
4458
"next section, and a set of container-specific configuration. Profiles are "
4240
4460
"configuration."
4241
4461
msgstr ""
4242
4462
4243
#: serverguide/C/virtualization.xml:1205(para)
4463
#: serverguide/C/virtualization.xml:1273(para)
4244
4464
msgid ""
4245
4465
"Container configuration includes properties like the architecture, limits on "
4246
4466
"resources such as CPU and RAM, security details including apparmor "
4247
4467
"restriction overrides, and devices to apply to the container."
4248
4468
msgstr ""
4249
4469
4250
#: serverguide/C/virtualization.xml:1211(para)
4470
#: serverguide/C/virtualization.xml:1279(para)
4251
4471
msgid ""
4252
4472
"Devices can be of several types, including UNIX character, UNIX block, "
4253
4473
"network interface, or 'disk'. In order to insert a host mount into a "
4255
4475
"in container c1 at /opt, you could use:"
4256
4476
msgstr ""
4257
4477
4258
#: serverguide/C/virtualization.xml:1219(command)
4478
#: serverguide/C/virtualization.xml:1287(command)
4259
4479
msgid "lxc config device add c1 opt disk source=/opt path=opt"
4260
4480
msgstr ""
4261
4481
4262
#: serverguide/C/virtualization.xml:1224(para)
4482
#: serverguide/C/virtualization.xml:1292(para)
4263
4483
msgid "See:"
4264
4484
msgstr ""
4265
4485
4266
#: serverguide/C/virtualization.xml:1229(command)
4486
#: serverguide/C/virtualization.xml:1297(command)
4267
4487
msgid "lxc help config"
4268
4488
msgstr ""
4269
4489
4270
#: serverguide/C/virtualization.xml:1234(para)
4490
#: serverguide/C/virtualization.xml:1302(para)
4271
4491
msgid ""
4272
4492
"for more information about editing container configurations. You may also "
4273
4493
"use:"
4274
4494
msgstr ""
4275
4495
4276
#: serverguide/C/virtualization.xml:1240(command)
4496
#: serverguide/C/virtualization.xml:1308(command)
4277
4497
msgid "lxc config edit c1"
4278
4498
msgstr ""
4279
4499
4280
#: serverguide/C/virtualization.xml:1245(para)
4500
#: serverguide/C/virtualization.xml:1313(para)
4281
4501
msgid ""
4282
4502
"to edit the whole of c1's configuration in your specified $EDITOR. Comments "
4283
4503
"at the top of the configuration will show examples of correct syntax to help "
4285
4505
"valid when the $EDITOR is exited, then $EDITOR will be restarted."
4286
4506
msgstr ""
4287
4507
4288
#: serverguide/C/virtualization.xml:1255(title) serverguide/C/security.xml:1065(title)
4508
#: serverguide/C/virtualization.xml:1323(title) serverguide/C/security.xml:1065(title)
4289
4509
msgid "Profiles"
4290
4510
msgstr ""
4291
4511
4292
#: serverguide/C/virtualization.xml:1257(para)
4512
#: serverguide/C/virtualization.xml:1325(para)
4293
4513
msgid ""
4294
4514
"Profiles are named collections of configurations which may be applied to "
4295
4515
"more than one container. For instance, all containers created with 'lxc "
4297
4517
"interface 'eth0'."
4298
4518
msgstr ""
4299
4519
4300
#: serverguide/C/virtualization.xml:1264(para)
4520
#: serverguide/C/virtualization.xml:1332(para)
4301
4521
msgid ""
4302
4522
"To mask a device which would be inherited from a profile but which should "
4303
4523
"not be in the final container, define a device by the same name but of type "
4304
4524
"'none':"
4305
4525
msgstr ""
4306
4526
4307
#: serverguide/C/virtualization.xml:1271(command)
4527
#: serverguide/C/virtualization.xml:1339(command)
4308
4528
msgid "lxc config device add c1 eth1 none"
4309
4529
msgstr ""
4310
4530
4311
#: serverguide/C/virtualization.xml:1277(title) serverguide/C/virtualization.xml:1869(title)
4531
#: serverguide/C/virtualization.xml:1345(title) serverguide/C/virtualization.xml:1937(title)
4312
4532
msgid "Nesting"
4313
4533
msgstr ""
4314
4534
4315
#: serverguide/C/virtualization.xml:1279(para)
4535
#: serverguide/C/virtualization.xml:1347(para)
4316
4536
msgid ""
4317
4537
"Containers all share the same host kernel. This means that there is always "
4318
4538
"an inherent trade-off between features exposed to the container and host "
4322
4542
"must be set to true:"
4323
4543
msgstr ""
4324
4544
4325
#: serverguide/C/virtualization.xml:1289(command)
4545
#: serverguide/C/virtualization.xml:1357(command)
4326
4546
msgid "lxc config set container1 security.nesting true"
4327
4547
msgstr ""
4328
4548
4329
#: serverguide/C/virtualization.xml:1294(para)
4549
#: serverguide/C/virtualization.xml:1362(para)
4330
4550
msgid "Once this is done, container1 will be able to start sub-containers."
4331
4551
msgstr ""
4332
4552
4333
#: serverguide/C/virtualization.xml:1298(para)
4553
#: serverguide/C/virtualization.xml:1366(para)
4334
4554
msgid ""
4335
4555
"In order to run unprivileged (the default in LXD) containers nested under an "
4336
4556
"unprivileged container, you will need to ensure a wide enough UID mapping. "
4337
4557
"Please see the 'UID mapping' section below."
4338
4558
msgstr ""
4339
4559
4340
#: serverguide/C/virtualization.xml:1304(title)
4560
#: serverguide/C/virtualization.xml:1372(title)
4341
4561
msgid "Docker"
4342
4562
msgstr ""
4343
4563
4344
#: serverguide/C/virtualization.xml:1306(para)
4564
#: serverguide/C/virtualization.xml:1374(para)
4345
4565
msgid ""
4346
4566
"In order to facilitate running docker containers inside a LXD container, a "
4347
4567
"'docker' profile is provided. To launch a new container with the docker "
4348
4568
"profile, you can run:"
4349
4569
msgstr ""
4350
4570
4351
#: serverguide/C/virtualization.xml:1313(command)
4571
#: serverguide/C/virtualization.xml:1381(command)
4352
4572
msgid "lxc launch xenial container1 -p default -p docker"
4353
4573
msgstr ""
4354
4574
4355
#: serverguide/C/virtualization.xml:1318(para)
4575
#: serverguide/C/virtualization.xml:1386(para)
4356
4576
msgid ""
4357
4577
"Note that currently the docker package in Ubuntu 16.04 is patched to "
4358
4578
"facilitate running in a container. This support is expected to land upstream "
4359
4579
"soon."
4360
4580
msgstr ""
4361
4581
4362
#: serverguide/C/virtualization.xml:1324(para)
4582
#: serverguide/C/virtualization.xml:1392(para)
4363
4583
msgid ""
4364
4584
"Note that 'cgroup namespace' support is also required. This is available in "
4365
4585
"the 16.04 kernel as well as in the 4.6 upstream source."
4366
4586
msgstr ""
4367
4587
4368
#: serverguide/C/virtualization.xml:1333(title)
4588
#: serverguide/C/virtualization.xml:1401(title)
4369
4589
msgid "Limits"
4370
4590
msgstr ""
4371
4591
4372
#: serverguide/C/virtualization.xml:1335(para)
4592
#: serverguide/C/virtualization.xml:1403(para)
4373
4593
msgid ""
4374
4594
"LXD supports flexible constraints on the resources which containers can "
4375
4595
"consume. The limits come in the following categories:"
4376
4596
msgstr ""
4377
4597
4378
#: serverguide/C/virtualization.xml:1342(para)
4598
#: serverguide/C/virtualization.xml:1410(para)
4379
4599
msgid "CPU: limit cpu available to the container in several ways."
4380
4600
msgstr ""
4381
4601
4382
#: serverguide/C/virtualization.xml:1345(para)
4602
#: serverguide/C/virtualization.xml:1413(para)
4383
4603
msgid "Disk: configure the priority of I/O requests under load"
4384
4604
msgstr ""
4385
4605
4386
#: serverguide/C/virtualization.xml:1348(para)
4606
#: serverguide/C/virtualization.xml:1416(para)
4387
4607
msgid "RAM: configure memory and swap availability"
4388
4608
msgstr ""
4389
4609
4390
#: serverguide/C/virtualization.xml:1351(para)
4610
#: serverguide/C/virtualization.xml:1419(para)
4391
4611
msgid "Network: configure the network priority under load"
4392
4612
msgstr ""
4393
4613
4394
#: serverguide/C/virtualization.xml:1354(para)
4614
#: serverguide/C/virtualization.xml:1422(para)
4395
4615
msgid "Processes: limit the number of concurrent processes in the container."
4396
4616
msgstr ""
4397
4617
4398
#: serverguide/C/virtualization.xml:1358(para)
4618
#: serverguide/C/virtualization.xml:1426(para)
4399
4619
msgid ""
4400
4620
"For a full list of limits known to LXD, see <ulink "
4401
4621
"url=\"https://github.com/lxc/lxd/blob/master/doc/configuration.md\"> the "
4402
4622
"configuration documentation</ulink>."
4403
4623
msgstr ""
4404
4624
4405
#: serverguide/C/virtualization.xml:1366(title)
4625
#: serverguide/C/virtualization.xml:1434(title)
4406
4626
msgid "UID mappings and Privileged containers"
4407
4627
msgstr ""
4408
4628
4409
#: serverguide/C/virtualization.xml:1368(para)
4629
#: serverguide/C/virtualization.xml:1436(para)
4410
4630
msgid ""
4411
4631
"By default, LXD creates unprivileged containers. This means that root in the "
4412
4632
"container is a non-root UID on the host. It is privileged against the "
4416
4636
"the system call interface)"
4417
4637
msgstr ""
4418
4638
4419
#: serverguide/C/virtualization.xml:1377(para)
4639
#: serverguide/C/virtualization.xml:1445(para)
4420
4640
msgid ""
4421
4641
"Briefly, in an unprivileged container, 65536 UIDs are 'shifted' into the "
4422
4642
"container. For instance, UID 0 in the container may be 100000 on the host, "
4428
4648
"subuid(5) manual page</ulink>."
4429
4649
msgstr ""
4430
4650
4431
#: serverguide/C/virtualization.xml:1387(para)
4651
#: serverguide/C/virtualization.xml:1455(para)
4432
4652
msgid ""
4433
4653
"It is possible to request a container to run without a UID mapping by "
4434
4654
"setting the security.privileged flag to true:"
4435
4655
msgstr ""
4436
4656
4437
#: serverguide/C/virtualization.xml:1393(command)
4657
#: serverguide/C/virtualization.xml:1461(command)
4438
4658
msgid "lxc config set c1 security.privileged true"
4439
4659
msgstr ""
4440
4660
4441
#: serverguide/C/virtualization.xml:1398(para)
4661
#: serverguide/C/virtualization.xml:1466(para)
4442
4662
msgid ""
4443
4663
"Note however that in this case the root user in the container is the root "
4444
4664
"user on the host."
4445
4665
msgstr ""
4446
4666
4447
#: serverguide/C/virtualization.xml:1405(title) serverguide/C/virtualization.xml:2144(title)
4667
#: serverguide/C/virtualization.xml:1473(title) serverguide/C/virtualization.xml:2212(title)
4448
4668
msgid "Apparmor"
4449
4669
msgstr ""
4450
4670
4451
#: serverguide/C/virtualization.xml:1407(para)
4671
#: serverguide/C/virtualization.xml:1475(para)
4452
4672
msgid ""
4453
4673
"LXD confines containers by default with an apparmor profile which protects "
4454
4674
"containers from each other and the host from containers. For instance this "
4458
4678
"/proc/sysrq-trigger</filename>."
4459
4679
msgstr ""
4460
4680
4461
#: serverguide/C/virtualization.xml:1416(para)
4681
#: serverguide/C/virtualization.xml:1484(para)
4462
4682
msgid ""
4463
4683
"If the apparmor policy for a container needs to be modified for a container "
4464
4684
"c1, specific apparmor policy lines can be added in the 'raw.apparmor' "
4465
4685
"configuration key."
4466
4686
msgstr ""
4467
4687
4468
#: serverguide/C/virtualization.xml:1424(title)
4688
#: serverguide/C/virtualization.xml:1492(title)
4469
4689
msgid "Seccomp"
4470
4690
msgstr ""
4471
4691
4472
#: serverguide/C/virtualization.xml:1426(para)
4692
#: serverguide/C/virtualization.xml:1494(para)
4473
4693
msgid ""
4474
4694
"All containers are confined by a default seccomp policy. This policy "
4475
4695
"prevents some dangerous actions such as forced umounts, kernel module "
4478
4698
"seccomp policy - or none - can be requested using raw.lxc (see below)."
4479
4699
msgstr ""
4480
4700
4481
#: serverguide/C/virtualization.xml:1436(title)
4701
#: serverguide/C/virtualization.xml:1504(title)
4482
4702
msgid "Raw LXC configuration"
4483
4703
msgstr ""
4484
4704
4485
#: serverguide/C/virtualization.xml:1438(para)
4705
#: serverguide/C/virtualization.xml:1506(para)
4486
4706
msgid ""
4487
4707
"LXD configures containers for the best balance of host safety and container "
4488
4708
"usability. Whenever possible it is highly recommended to use the defaults, "
4495
4715
".html\"> the lxc.container.conf(5) manual page</ulink>."
4496
4716
msgstr ""
4497
4717
4498
#: serverguide/C/virtualization.xml:1457(title)
4718
#: serverguide/C/virtualization.xml:1525(title)
4499
4719
msgid "Images and containers"
4500
4720
msgstr ""
4501
4721
4502
#: serverguide/C/virtualization.xml:1459(para)
4722
#: serverguide/C/virtualization.xml:1527(para)
4503
4723
msgid ""
4504
4724
"LXD is image based. When you create your first container, you will generally "
4505
4725
"do so using an existing image. LXD comes pre-configured with three default "
4506
4726
"image remotes:"
4507
4727
msgstr ""
4508
4728
4509
#: serverguide/C/virtualization.xml:1467(para)
4729
#: serverguide/C/virtualization.xml:1535(para)
4510
4730
msgid ""
4511
4731
"ubuntu: This is a <ulink "
4512
4732
"url=\"https://launchpad.net/simplestreams\">simplestreams-based</ulink> "
4513
4733
"remote serving released ubuntu cloud images."
4514
4734
msgstr ""
4515
4735
4516
#: serverguide/C/virtualization.xml:1472(para)
4736
#: serverguide/C/virtualization.xml:1540(para)
4517
4737
msgid ""
4518
4738
"ubuntu-daily: This is another simplestreams based remote which serves "
4519
4739
"'daily' ubuntu cloud images. These provide quicker but potentially less "
4520
4740
"stable images."
4521
4741
msgstr ""
4522
4742
4523
#: serverguide/C/virtualization.xml:1478(para)
4743
#: serverguide/C/virtualization.xml:1546(para)
4524
4744
msgid ""
4525
4745
"images: This is a remote publishing best-effort container images for many "
4526
4746
"distributions, created using community-provided build scripts."
4527
4747
msgstr ""
4528
4748
4529
#: serverguide/C/virtualization.xml:1483(para)
4749
#: serverguide/C/virtualization.xml:1551(para)
4530
4750
msgid "To view the images available on one of these servers, you can use:"
4531
4751
msgstr ""
4532
4752
4533
#: serverguide/C/virtualization.xml:1493(para)
4753
#: serverguide/C/virtualization.xml:1561(para)
4534
4754
msgid ""
4535
4755
"Most of the images are known by several aliases for easier reference. To see "
4536
4756
"the full list of aliases, you can use"
4537
4757
msgstr ""
4538
4758
4539
#: serverguide/C/virtualization.xml:1499(command)
4759
#: serverguide/C/virtualization.xml:1567(command)
4540
4760
msgid "lxc image alias list images:"
4541
4761
msgstr ""
4542
4762
4543
#: serverguide/C/virtualization.xml:1504(para)
4763
#: serverguide/C/virtualization.xml:1572(para)
4544
4764
msgid ""
4545
4765
"Any alias or image fingerprint can be used to specify how to create the new "
4546
4766
"container. For instance, to create an amd64 Ubuntu 14.04 container, some "
4547
4767
"options are:"
4548
4768
msgstr ""
4549
4769
4550
#: serverguide/C/virtualization.xml:1511(command)
4770
#: serverguide/C/virtualization.xml:1579(command)
4551
4771
msgid ""
4552
4772
"lxc launch ubuntu:14.04 trusty1 lxc launch ubuntu:trusty trusty1 lxc launch "
4553
4773
"ubuntu:trusty/amd64 trusty1 lxc launch ubuntu:lts trusty1"
4554
4774
msgstr ""
4555
4775
4556
#: serverguide/C/virtualization.xml:1519(para)
4776
#: serverguide/C/virtualization.xml:1587(para)
4557
4777
msgid "The 'lts' alias always refers to the latest released LTS image."
4558
4778
msgstr ""
4559
4779
4560
#: serverguide/C/virtualization.xml:1523(title) serverguide/C/virtualization.xml:2352(title)
4780
#: serverguide/C/virtualization.xml:1591(title) serverguide/C/virtualization.xml:2420(title)
4561
4781
msgid "Snapshots"
4562
4782
msgstr ""
4563
4783
4564
#: serverguide/C/virtualization.xml:1525(para)
4784
#: serverguide/C/virtualization.xml:1593(para)
4565
4785
msgid ""
4566
4786
"Containers can be renamed and live-migrated using the 'lxc move' command:"
4567
4787
msgstr ""
4568
4788
4569
#: serverguide/C/virtualization.xml:1530(command)
4789
#: serverguide/C/virtualization.xml:1598(command)
4570
4790
msgid "lxc move c1 final-beta"
4571
4791
msgstr ""
4572
4792
4573
#: serverguide/C/virtualization.xml:1535(para)
4793
#: serverguide/C/virtualization.xml:1603(para)
4574
4794
msgid "They can also be snapshotted:"
4575
4795
msgstr ""
4576
4796
4577
#: serverguide/C/virtualization.xml:1540(command)
4797
#: serverguide/C/virtualization.xml:1608(command)
4578
4798
msgid "lxc snapshot c1 YYYY-MM-DD"
4579
4799
msgstr ""
4580
4800
4581
#: serverguide/C/virtualization.xml:1545(para)
4801
#: serverguide/C/virtualization.xml:1613(para)
4582
4802
msgid "Later changes to c1 can then be reverted by restoring the snapshot:"
4583
4803
msgstr ""
4584
4804
4585
#: serverguide/C/virtualization.xml:1550(command)
4805
#: serverguide/C/virtualization.xml:1618(command)
4586
4806
msgid "lxc restore u1 YYYY-MM-DD"
4587
4807
msgstr ""
4588
4808
4589
#: serverguide/C/virtualization.xml:1555(para)
4809
#: serverguide/C/virtualization.xml:1623(para)
4590
4810
msgid ""
4591
4811
"New containers can also be created by copying a container or snapshot:"
4592
4812
msgstr ""
4593
4813
4594
#: serverguide/C/virtualization.xml:1560(command)
4814
#: serverguide/C/virtualization.xml:1628(command)
4595
4815
msgid "lxc copy u1/YYYY-MM-DD testcontainer"
4596
4816
msgstr ""
4597
4817
4598
#: serverguide/C/virtualization.xml:1567(title)
4818
#: serverguide/C/virtualization.xml:1635(title)
4599
4819
msgid "Publishing images"
4600
4820
msgstr ""
4601
4821
4602
#: serverguide/C/virtualization.xml:1569(para)
4822
#: serverguide/C/virtualization.xml:1637(para)
4603
4823
msgid ""
4604
4824
"When a container or container snapshot is ready for consumption by others, "
4605
4825
"it can be published as a new image using;"
4606
4826
msgstr ""
4607
4827
4608
#: serverguide/C/virtualization.xml:1575(command)
4828
#: serverguide/C/virtualization.xml:1643(command)
4609
4829
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0"
4610
4830
msgstr ""
4611
4831
4612
#: serverguide/C/virtualization.xml:1580(para)
4832
#: serverguide/C/virtualization.xml:1648(para)
4613
4833
msgid ""
4614
4834
"The published image will be private by default, meaning that LXD will not "
4615
4835
"allow clients without a trusted certificate to see them. If the image is "
4617
4837
"'public' flag can be set, either at publish time using"
4618
4838
msgstr ""
4619
4839
4620
#: serverguide/C/virtualization.xml:1588(command)
4840
#: serverguide/C/virtualization.xml:1656(command)
4621
4841
msgid "lxc publish u1/YYYY-MM-DD --alias foo-2.0 public=true"
4622
4842
msgstr ""
4623
4843
4624
#: serverguide/C/virtualization.xml:1593(para)
4844
#: serverguide/C/virtualization.xml:1661(para)
4625
4845
msgid "or after the fact using"
4626
4846
msgstr ""
4627
4847
4628
#: serverguide/C/virtualization.xml:1598(command)
4848
#: serverguide/C/virtualization.xml:1666(command)
4629
4849
msgid "lxc image edit foo-2.0"
4630
4850
msgstr ""
4631
4851
4632
#: serverguide/C/virtualization.xml:1603(para)
4852
#: serverguide/C/virtualization.xml:1671(para)
4633
4853
msgid "and changing the value of the public field."
4634
4854
msgstr ""
4635
4855
4636
#: serverguide/C/virtualization.xml:1609(title)
4856
#: serverguide/C/virtualization.xml:1677(title)
4637
4857
msgid "Image export and import"
4638
4858
msgstr ""
4639
4859
4640
#: serverguide/C/virtualization.xml:1611(para)
4860
#: serverguide/C/virtualization.xml:1679(para)
4641
4861
msgid "Image can be exported as, and imported from, tarballs:"
4642
4862
msgstr ""
4643
4863
4644
#: serverguide/C/virtualization.xml:1616(command)
4864
#: serverguide/C/virtualization.xml:1684(command)
4645
4865
msgid ""
4646
4866
"lxc image export foo-2.0 foo-2.0.tar.gz lxc image import foo-2.0.tar.gz --"
4647
4867
"alias foo-2.0 --public"
4648
4868
msgstr ""
4649
4869
4650
#: serverguide/C/virtualization.xml:1625(title) serverguide/C/virtualization.xml:2505(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4870
#: serverguide/C/virtualization.xml:1693(title) serverguide/C/virtualization.xml:2573(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4651
4871
msgid "Troubleshooting"
4652
4872
msgstr ""
4653
4873
4654
#: serverguide/C/virtualization.xml:1627(para)
4874
#: serverguide/C/virtualization.xml:1695(para)
4655
4875
msgid ""
4656
4876
"To view debug information about LXD itself, on a systemd based host use"
4657
4877
msgstr ""
4658
4878
4659
#: serverguide/C/virtualization.xml:1632(command)
4879
#: serverguide/C/virtualization.xml:1700(command)
4660
4880
msgid "journalctl -u LXD"
4661
4881
msgstr ""
4662
4882
4663
#: serverguide/C/virtualization.xml:1637(para)
4883
#: serverguide/C/virtualization.xml:1705(para)
4664
4884
msgid ""
4665
4885
"On an Upstart-based system, you can find the log in "
4666
4886
"<filename>/var/log/upstart/lxd.log</filename>. To make LXD provide much more "
4671
4891
"<filename>/etc/init/lxd.conf</filename>."
4672
4892
msgstr ""
4673
4893
4674
#: serverguide/C/virtualization.xml:1647(para)
4894
#: serverguide/C/virtualization.xml:1715(para)
4675
4895
msgid "Container logfiles for container c1 may be seen using:"
4676
4896
msgstr ""
4677
4897
4678
#: serverguide/C/virtualization.xml:1652(command)
4898
#: serverguide/C/virtualization.xml:1720(command)
4679
4899
msgid "lxc info c1 --show-log"
4680
4900
msgstr ""
4681
4901
4682
#: serverguide/C/virtualization.xml:1657(para)
4902
#: serverguide/C/virtualization.xml:1725(para)
4683
4903
msgid ""
4684
4904
"The configuration file which was used may be found under <filename> "
4685
4905
"/var/log/lxd/c1/lxc.conf</filename> while apparmor profiles can be found in "
4687
4907
"profiles in <filename> /var/lib/lxd/security/seccomp/c1</filename>."
4688
4908
msgstr ""
4689
4909
4690
#: serverguide/C/virtualization.xml:1667(title)
4910
#: serverguide/C/virtualization.xml:1735(title)
4691
4911
msgid "LXC"
4692
4912
msgstr ""
4693
4913
4694
#: serverguide/C/virtualization.xml:1669(para)
4914
#: serverguide/C/virtualization.xml:1737(para)
4695
4915
msgid ""
4696
4916
"Containers are a lightweight virtualization technology. They are more akin "
4697
4917
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
4703
4923
"and OpenVZ functionality."
4704
4924
msgstr ""
4705
4925
4706
#: serverguide/C/virtualization.xml:1679(para)
4926
#: serverguide/C/virtualization.xml:1747(para)
4707
4927
msgid ""
4708
4928
"There are two user-space implementations of containers, each exploiting the "
4709
4929
"same kernel features. Libvirt allows the use of containers through the LXC "
4714
4934
"there are peculiarities which can cause confusion."
4715
4935
msgstr ""
4716
4936
4717
#: serverguide/C/virtualization.xml:1688(para)
4937
#: serverguide/C/virtualization.xml:1756(para)
4718
4938
msgid ""
4719
4939
"In this document we will mainly describe the <application>lxc</application> "
4720
4940
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
4721
4941
"Apparmor protection for libvirt-lxc containers."
4722
4942
msgstr ""
4723
4943
4724
#: serverguide/C/virtualization.xml:1693(para)
4944
#: serverguide/C/virtualization.xml:1761(para)
4725
4945
msgid "In this document, a container name will be shown as CN, C1, or C2."
4726
4946
msgstr ""
4727
4947
4728
#: serverguide/C/virtualization.xml:1699(para)
4948
#: serverguide/C/virtualization.xml:1767(para)
4729
4949
msgid "The <application>lxc</application> package can be installed using"
4730
4950
msgstr ""
4731
4951
4732
#: serverguide/C/virtualization.xml:1703(command)
4952
#: serverguide/C/virtualization.xml:1771(command)
4733
4953
msgid "sudo apt install lxc"
4734
4954
msgstr ""
4735
4955
4736
#: serverguide/C/virtualization.xml:1708(para)
4956
#: serverguide/C/virtualization.xml:1776(para)
4737
4957
msgid ""
4738
4958
"This will pull in the required and recommended dependencies, as well as set "
4739
4959
"up a network bridge for containers to use. If you wish to use unprivileged "
4742
4962
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
4743
4963
msgstr ""
4744
4964
4745
#: serverguide/C/virtualization.xml:1718(title) serverguide/C/vcs.xml:111(title)
4965
#: serverguide/C/virtualization.xml:1786(title) serverguide/C/vcs.xml:111(title)
4746
4966
msgid "Basic usage"
4747
4967
msgstr ""
4748
4968
4749
#: serverguide/C/virtualization.xml:1719(para)
4969
#: serverguide/C/virtualization.xml:1787(para)
4750
4970
msgid ""
4751
4971
"LXC can be used in two distinct ways - privileged, by running the lxc "
4752
4972
"commands as the root user; or unprivileged, by running the lxc commands as a "
4757
4977
"in the container is mapped to a non-root userid on the host."
4758
4978
msgstr ""
4759
4979
4760
#: serverguide/C/virtualization.xml:1731(title)
4980
#: serverguide/C/virtualization.xml:1799(title)
4761
4981
msgid "Basic privileged usage"
4762
4982
msgstr ""
4763
4983
4764
#: serverguide/C/virtualization.xml:1732(para)
4984
#: serverguide/C/virtualization.xml:1800(para)
4765
4985
msgid "To create a privileged container, you can simply do:"
4766
4986
msgstr ""
4767
4987
4768
#: serverguide/C/virtualization.xml:1736(command)
4988
#: serverguide/C/virtualization.xml:1804(command)
4769
4989
msgid "sudo lxc-create --template download --name u1"
4770
4990
msgstr ""
4771
4991
4772
#: serverguide/C/virtualization.xml:1740(command)
4992
#: serverguide/C/virtualization.xml:1808(command)
4773
4993
msgid "sudo lxc-create -t download -n u1"
4774
4994
msgstr ""
4775
4995
4776
#: serverguide/C/virtualization.xml:1735(screen)
4996
#: serverguide/C/virtualization.xml:1803(screen)
4777
4997
#, no-wrap
4778
4998
msgid ""
4779
4999
"\n"
4782
5002
"<placeholder-2/>\n"
4783
5003
msgstr ""
4784
5004
4785
#: serverguide/C/virtualization.xml:1744(para)
5005
#: serverguide/C/virtualization.xml:1812(para)
4786
5006
msgid ""
4787
5007
"This will interactively ask for a container root filesystem type to download "
4788
5008
"- in particular the distribution, release, and architecture. To create the "
4790
5010
"line:"
4791
5011
msgstr ""
4792
5012
4793
#: serverguide/C/virtualization.xml:1751(command)
5013
#: serverguide/C/virtualization.xml:1819(command)
4794
5014
msgid ""
4795
5015
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release xenial --arch "
4796
5016
"amd64"
4797
5017
msgstr ""
4798
5018
4799
#: serverguide/C/virtualization.xml:1755(command)
5019
#: serverguide/C/virtualization.xml:1823(command)
4800
5020
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64"
4801
5021
msgstr ""
4802
5022
4803
#: serverguide/C/virtualization.xml:1750(screen)
5023
#: serverguide/C/virtualization.xml:1818(screen)
4804
5024
#, no-wrap
4805
5025
msgid ""
4806
5026
"\n"
4809
5029
"<placeholder-2/>\n"
4810
5030
msgstr ""
4811
5031
4812
#: serverguide/C/virtualization.xml:1760(para)
5032
#: serverguide/C/virtualization.xml:1828(para)
4813
5033
msgid ""
4814
5034
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
4815
5035
"info</command> to obtain detailed container information, <command>lxc-"
4821
5041
"look like:"
4822
5042
msgstr ""
4823
5043
4824
#: serverguide/C/virtualization.xml:1771(command)
5044
#: serverguide/C/virtualization.xml:1839(command)
4825
5045
msgid ""
4826
5046
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
4827
5047
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
4828
5048
msgstr ""
4829
5049
4830
#: serverguide/C/virtualization.xml:1783(title)
5050
#: serverguide/C/virtualization.xml:1851(title)
4831
5051
msgid "User namespaces"
4832
5052
msgstr ""
4833
5053
4834
#: serverguide/C/virtualization.xml:1784(para)
5054
#: serverguide/C/virtualization.xml:1852(para)
4835
5055
msgid ""
4836
5056
"Unprivileged containers allow users to create and administer containers "
4837
5057
"without having any root privilege. The feature underpinning this is called "
4848
5068
"convention started at id 100000 to avoid conflicting with system users."
4849
5069
msgstr ""
4850
5070
4851
#: serverguide/C/virtualization.xml:1802(para)
5071
#: serverguide/C/virtualization.xml:1870(para)
4852
5072
msgid ""
4853
5073
"If a user was created on an earlier release, it can be granted a range of "
4854
5074
"ids using <command>usermod</command>, as follows:"
4855
5075
msgstr ""
4856
5076
4857
#: serverguide/C/virtualization.xml:1807(command)
5077
#: serverguide/C/virtualization.xml:1875(command)
4858
5078
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
4859
5079
msgstr ""
4860
5080
4861
#: serverguide/C/virtualization.xml:1812(para)
5081
#: serverguide/C/virtualization.xml:1880(para)
4862
5082
msgid ""
4863
5083
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
4864
5084
"are setuid-root programs in the <filename>uidmap</filename> package, which "
4867
5087
"authorized by the host configuration."
4868
5088
msgstr ""
4869
5089
4870
#: serverguide/C/virtualization.xml:1823(title)
5090
#: serverguide/C/virtualization.xml:1891(title)
4871
5091
msgid "Basic unprivileged usage"
4872
5092
msgstr ""
4873
5093
4874
#: serverguide/C/virtualization.xml:1827(para)
5094
#: serverguide/C/virtualization.xml:1895(para)
4875
5095
msgid ""
4876
5096
"To create unprivileged containers, a few first steps are needed. You will "
4877
5097
"need to create a default container configuration file, specifying your "
4881
5101
"your actual user and group id ranges and modify the example accordingly:"
4882
5102
msgstr ""
4883
5103
4884
#: serverguide/C/virtualization.xml:1837(command)
5104
#: serverguide/C/virtualization.xml:1905(command)
4885
5105
msgid "grep $USER /etc/subuid grep $USER /etc/subgid"
4886
5106
msgstr ""
4887
5107
4888
#: serverguide/C/virtualization.xml:1843(command)
5108
#: serverguide/C/virtualization.xml:1911(command)
4889
5109
msgid ""
4890
5110
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
4891
5111
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
4895
5115
"/etc/lxc/lxc-usernet"
4896
5116
msgstr ""
4897
5117
4898
#: serverguide/C/virtualization.xml:1853(para)
5118
#: serverguide/C/virtualization.xml:1921(para)
4899
5119
msgid ""
4900
5120
"After this, you can create unprivileged containers the same way as "
4901
5121
"privileged ones, simply without using sudo."
4902
5122
msgstr ""
4903
5123
4904
#: serverguide/C/virtualization.xml:1858(command)
5124
#: serverguide/C/virtualization.xml:1926(command)
4905
5125
msgid ""
4906
5126
"lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64 lxc-start -n u1 "
4907
5127
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
4908
5128
msgstr ""
4909
5129
4910
#: serverguide/C/virtualization.xml:1870(para)
5130
#: serverguide/C/virtualization.xml:1938(para)
4911
5131
msgid ""
4912
5132
"In order to run containers inside containers - referred to as nested "
4913
5133
"containers - two lines must be present in the parent container configuration "
4924
5144
"information."
4925
5145
msgstr ""
4926
5146
4927
#: serverguide/C/virtualization.xml:1892(title)
5147
#: serverguide/C/virtualization.xml:1960(title)
4928
5148
msgid "Global configuration"
4929
5149
msgstr ""
4930
5150
4931
#: serverguide/C/virtualization.xml:1899(para)
5151
#: serverguide/C/virtualization.xml:1967(para)
4932
5152
msgid ""
4933
5153
"<filename>lxc.conf</filename> may optionally specify alternate values for "
4934
5154
"several lxc settings, including the lxcpath, the default configuration, "
4936
5156
"lvm and zfs."
4937
5157
msgstr ""
4938
5158
4939
#: serverguide/C/virtualization.xml:1905(para)
5159
#: serverguide/C/virtualization.xml:1973(para)
4940
5160
msgid ""
4941
5161
"<filename>default.conf</filename> specifies configuration which every newly "
4942
5162
"created container should contain. This usually contains at least a network "
4943
5163
"section, and, for unprivileged users, an id mapping section"
4944
5164
msgstr ""
4945
5165
4946
#: serverguide/C/virtualization.xml:1911(para)
5166
#: serverguide/C/virtualization.xml:1979(para)
4947
5167
msgid ""
4948
5168
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
4949
5169
"connect their containers to the host-owned network."
4950
5170
msgstr ""
4951
5171
4952
#: serverguide/C/virtualization.xml:1893(para)
5172
#: serverguide/C/virtualization.xml:1961(para)
4953
5173
msgid ""
4954
5174
"The following configuration files are consulted by LXC. For privileged use, "
4955
5175
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
4956
5176
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
4957
5177
msgstr ""
4958
5178
4959
#: serverguide/C/virtualization.xml:1916(para)
5179
#: serverguide/C/virtualization.xml:1984(para)
4960
5180
msgid ""
4961
5181
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
4962
5182
"under <filename>/etc/lxc</filename> and "
4964
5184
"usernet.conf</filename> is only host-wide."
4965
5185
msgstr ""
4966
5186
4967
#: serverguide/C/virtualization.xml:1921(para)
5187
#: serverguide/C/virtualization.xml:1989(para)
4968
5188
msgid ""
4969
5189
"By default, containers are located under /var/lib/lxc for the root user, and "
4970
5190
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
4971
5191
"commands using the \"-P|--lxcpath\" argument."
4972
5192
msgstr ""
4973
5193
4974
#: serverguide/C/virtualization.xml:1930(title) serverguide/C/network-config.xml:11(title)
5194
#: serverguide/C/virtualization.xml:1998(title) serverguide/C/network-config.xml:11(title)
4975
5195
msgid "Networking"
4976
5196
msgstr ""
4977
5197
4978
#: serverguide/C/virtualization.xml:1931(para)
5198
#: serverguide/C/virtualization.xml:1999(para)
4979
5199
msgid ""
4980
5200
"By default LXC creates a private network namespace for each container, which "
4981
5201
"includes a layer 2 networking stack. Containers usually connect to the "
4987
5207
"container is not usable on the host."
4988
5208
msgstr ""
4989
5209
4990
#: serverguide/C/virtualization.xml:1939(para)
5210
#: serverguide/C/virtualization.xml:2007(para)
4991
5211
msgid ""
4992
5212
"It is possible to create a container without a private network namespace. In "
4993
5213
"this case, the container will have access to the host networking like any "
4997
5217
"Unix domain socket to the host's upstart, and shut down the host."
4998
5218
msgstr ""
4999
5219
5000
#: serverguide/C/virtualization.xml:1945(para)
5220
#: serverguide/C/virtualization.xml:2013(para)
5001
5221
msgid ""
5002
5222
"To give containers on lxcbr0 a persistent ip address based on domain name, "
5003
5223
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
5007
5227
"</screen>"
5008
5228
msgstr ""
5009
5229
5010
#: serverguide/C/virtualization.xml:1953(para)
5230
#: serverguide/C/virtualization.xml:2021(para)
5011
5231
msgid ""
5012
5232
"If it is desirable for the container to be publicly accessible, there are a "
5013
5233
"few ways to go about it. One is to use <command>iptables</command> to "
5026
5246
"are preferred and more commonly used."
5027
5247
msgstr ""
5028
5248
5029
#: serverguide/C/virtualization.xml:1974(para)
5249
#: serverguide/C/virtualization.xml:2042(para)
5030
5250
msgid ""
5031
5251
"There are several ways to determine the ip address for a container. First, "
5032
5252
"you can use <command>lxc-ls --fancy</command> which will print the ip "
5042
5262
"</screen>"
5043
5263
msgstr ""
5044
5264
5045
#: serverguide/C/virtualization.xml:1989(para)
5265
#: serverguide/C/virtualization.xml:2057(para)
5046
5266
msgid ""
5047
5267
"For more information, see the lxc.conf manpage as well as the example "
5048
5268
"network configurations under "
5049
5269
"<filename>/usr/share/doc/lxc/examples/</filename>."
5050
5270
msgstr ""
5051
5271
5052
#: serverguide/C/virtualization.xml:1995(title)
5272
#: serverguide/C/virtualization.xml:2063(title)
5053
5273
msgid "LXC startup"
5054
5274
msgstr ""
5055
5275
5056
#: serverguide/C/virtualization.xml:1997(para)
5276
#: serverguide/C/virtualization.xml:2065(para)
5057
5277
msgid ""
5058
5278
"LXC does not have a long-running daemon. However it does have three upstart "
5059
5279
"jobs."
5060
5280
msgstr ""
5061
5281
5062
#: serverguide/C/virtualization.xml:2003(para)
5282
#: serverguide/C/virtualization.xml:2071(para)
5063
5283
msgid ""
5064
5284
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
5065
5285
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
5066
5286
"(true by default). It sets up a NATed bridge for containers to use."
5067
5287
msgstr ""
5068
5288
5069
#: serverguide/C/virtualization.xml:2011(para)
5289
#: serverguide/C/virtualization.xml:2079(para)
5070
5290
msgid ""
5071
5291
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
5072
5292
"optionally starts any autostart containers. The autostart containers will be "
5075
5295
"more information on autostarted containers."
5076
5296
msgstr ""
5077
5297
5078
#: serverguide/C/virtualization.xml:2021(para)
5298
#: serverguide/C/virtualization.xml:2089(para)
5079
5299
msgid ""
5080
5300
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
5081
5301
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
5082
5302
msgstr ""
5083
5303
5084
#: serverguide/C/virtualization.xml:2030(title)
5304
#: serverguide/C/virtualization.xml:2098(title)
5085
5305
msgid "Backing Stores"
5086
5306
msgstr ""
5087
5307
5088
#: serverguide/C/virtualization.xml:2031(para)
5308
#: serverguide/C/virtualization.xml:2099(para)
5089
5309
msgid ""
5090
5310
"LXC supports several backing stores for container root filesystems. The "
5091
5311
"default is a simple directory backing store, because it requires no prior "
5100
5320
"<filename>$lxcpath/C1/rootfs</filename>."
5101
5321
msgstr ""
5102
5322
5103
#: serverguide/C/virtualization.xml:2045(para)
5323
#: serverguide/C/virtualization.xml:2113(para)
5104
5324
msgid ""
5105
5325
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
5106
5326
"backed container, with a rootfs called "
5108
5328
" Other backing store types include loop, btrfs, LVM and zfs."
5109
5329
msgstr ""
5110
5330
5111
#: serverguide/C/virtualization.xml:2053(para)
5331
#: serverguide/C/virtualization.xml:2121(para)
5112
5332
msgid ""
5113
5333
"A btrfs backed container mostly looks like a directory backed container, "
5114
5334
"with its root filesystem in the same location. However, the root filesystem "
5116
5336
"snapshot."
5117
5337
msgstr ""
5118
5338
5119
#: serverguide/C/virtualization.xml:2060(para)
5339
#: serverguide/C/virtualization.xml:2128(para)
5120
5340
msgid ""
5121
5341
"The root filesystem for an LVM backed container can be any separate LV. The "
5122
5342
"default VG name can be specified in lxc.conf. The filesystem type and size "
5123
5343
"are configurable per-container using lxc-create."
5124
5344
msgstr ""
5125
5345
5126
#: serverguide/C/virtualization.xml:2066(para)
5346
#: serverguide/C/virtualization.xml:2134(para)
5127
5347
msgid ""
5128
5348
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
5129
5349
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
5131
5351
"in lxc.system.conf."
5132
5352
msgstr ""
5133
5353
5134
#: serverguide/C/virtualization.xml:2073(para)
5354
#: serverguide/C/virtualization.xml:2141(para)
5135
5355
msgid ""
5136
5356
"More information on creating containers with the various backing stores can "
5137
5357
"be found in the lxc-create manual page."
5138
5358
msgstr ""
5139
5359
5140
#: serverguide/C/virtualization.xml:2080(title)
5360
#: serverguide/C/virtualization.xml:2148(title)
5141
5361
msgid "Templates"
5142
5362
msgstr ""
5143
5363
5144
#: serverguide/C/virtualization.xml:2081(para)
5364
#: serverguide/C/virtualization.xml:2149(para)
5145
5365
msgid ""
5146
5366
"Creating a container generally involves creating a root filesystem for the "
5147
5367
"container. <command>lxc-create</command> delegates this work to "
5152
5372
"others."
5153
5373
msgstr ""
5154
5374
5155
#: serverguide/C/virtualization.xml:2090(para)
5375
#: serverguide/C/virtualization.xml:2158(para)
5156
5376
msgid ""
5157
5377
"Creating distribution images in most cases requires the ability to create "
5158
5378
"device nodes, often requires tools which are not available in other "
5163
5383
"could not for instance easily run the <command>debootstrap</command> command."
5164
5384
msgstr ""
5165
5385
5166
#: serverguide/C/virtualization.xml:2100(para)
5386
#: serverguide/C/virtualization.xml:2168(para)
5167
5387
msgid ""
5168
5388
"When running <command>lxc-create</command>, all options which come after "
5169
5389
"<emphasis>--</emphasis> are passed to the template. In the following "
5176
5396
"</screen>"
5177
5397
msgstr ""
5178
5398
5179
#: serverguide/C/virtualization.xml:2112(para)
5399
#: serverguide/C/virtualization.xml:2180(para)
5180
5400
msgid ""
5181
5401
"You can obtain help for the options supported by any particular container by "
5182
5402
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
5183
5403
"create</command>. For instance, for help with the download template,"
5184
5404
msgstr ""
5185
5405
5186
#: serverguide/C/virtualization.xml:2119(command)
5406
#: serverguide/C/virtualization.xml:2187(command)
5187
5407
msgid "lxc-create --template download --help"
5188
5408
msgstr ""
5189
5409
5190
#: serverguide/C/virtualization.xml:2125(title)
5410
#: serverguide/C/virtualization.xml:2193(title)
5191
5411
msgid "Autostart"
5192
5412
msgstr ""
5193
5413
5194
#: serverguide/C/virtualization.xml:2126(para)
5414
#: serverguide/C/virtualization.xml:2194(para)
5195
5415
msgid ""
5196
5416
"LXC supports marking containers to be started at system boot. Prior to "
5197
5417
"Ubuntu 14.04, this was done using symbolic links under the directory "
5208
5428
"lxc.container.conf for more information."
5209
5429
msgstr ""
5210
5430
5211
#: serverguide/C/virtualization.xml:2146(para)
5431
#: serverguide/C/virtualization.xml:2214(para)
5212
5432
msgid ""
5213
5433
"LXC ships with a default Apparmor profile intended to protect the host from "
5214
5434
"accidental misuses of privilege inside the container. For instance, the "
5216
5436
"trigger</filename> or to most <filename>/sys</filename> files."
5217
5437
msgstr ""
5218
5438
5219
#: serverguide/C/virtualization.xml:2152(para)
5439
#: serverguide/C/virtualization.xml:2220(para)
5220
5440
msgid ""
5221
5441
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
5222
5442
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
5229
5449
"dangerous paths, and from mounting most filesystems."
5230
5450
msgstr ""
5231
5451
5232
#: serverguide/C/virtualization.xml:2163(para)
5452
#: serverguide/C/virtualization.xml:2231(para)
5233
5453
msgid ""
5234
5454
"Programs in a container cannot be further confined - for instance, MySQL "
5235
5455
"runs under the container profile (protecting the host) but will not be able "
5236
5456
"to enter the MySQL profile (to protect the container)."
5237
5457
msgstr ""
5238
5458
5239
#: serverguide/C/virtualization.xml:2168(para)
5459
#: serverguide/C/virtualization.xml:2236(para)
5240
5460
msgid ""
5241
5461
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
5242
5462
"container it spawns will be confined."
5243
5463
msgstr ""
5244
5464
5245
#: serverguide/C/virtualization.xml:2171(title)
5465
#: serverguide/C/virtualization.xml:2239(title)
5246
5466
msgid "Customizing container policies"
5247
5467
msgstr ""
5248
5468
5249
#: serverguide/C/virtualization.xml:2172(para)
5469
#: serverguide/C/virtualization.xml:2240(para)
5250
5470
msgid ""
5251
5471
"If you find that <command>lxc-start</command> is failing due to a legitimate "
5252
5472
"access which is being denied by its Apparmor policy, you can disable the lxc-"
5253
5473
"start profile by doing:"
5254
5474
msgstr ""
5255
5475
5256
#: serverguide/C/virtualization.xml:2176(screen)
5476
#: serverguide/C/virtualization.xml:2244(screen)
5257
5477
#, no-wrap
5258
5478
msgid ""
5259
5479
"\n"
5261
5481
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
5262
5482
msgstr ""
5263
5483
5264
#: serverguide/C/virtualization.xml:2181(para)
5484
#: serverguide/C/virtualization.xml:2249(para)
5265
5485
msgid ""
5266
5486
"This will make <command>lxc-start</command> run unconfined, but continue to "
5267
5487
"confine the container itself. If you also wish to disable confinement of the "
5269
5489
"start</filename> profile, you must add:"
5270
5490
msgstr ""
5271
5491
5272
#: serverguide/C/virtualization.xml:2186(screen)
5492
#: serverguide/C/virtualization.xml:2254(screen)
5273
5493
#, no-wrap
5274
5494
msgid ""
5275
5495
"\n"
5276
5496
"lxc.aa_profile = unconfined\n"
5277
5497
msgstr ""
5278
5498
5279
#: serverguide/C/virtualization.xml:2190(para)
5499
#: serverguide/C/virtualization.xml:2258(para)
5280
5500
msgid "to the container's configuration file."
5281
5501
msgstr ""
5282
5502
5283
#: serverguide/C/virtualization.xml:2192(para)
5503
#: serverguide/C/virtualization.xml:2260(para)
5284
5504
msgid ""
5285
5505
"LXC ships with a few alternate policies for containers. If you wish to run "
5286
5506
"containers inside containers (nesting), then you can use the lxc-container-"
5295
5515
"\t</screen> and re-load the policy."
5296
5516
msgstr ""
5297
5517
5298
#: serverguide/C/virtualization.xml:2209(para)
5518
#: serverguide/C/virtualization.xml:2277(para)
5299
5519
msgid ""
5300
5520
"Note that the nesting policy with privileged containers is far less safe "
5301
5521
"than the default policy, as it allows containers to re-mount "
5305
5525
"<filename>proc</filename> and <filename>sys</filename> files."
5306
5526
msgstr ""
5307
5527
5308
#: serverguide/C/virtualization.xml:2217(para)
5528
#: serverguide/C/virtualization.xml:2285(para)
5309
5529
msgid ""
5310
5530
"Another profile shipped with lxc allows containers to mount block filesystem "
5311
5531
"types like ext4. This can be useful in some cases like maas provisioning, "
5313
5533
"have not been audited for safe handling of untrusted input."
5314
5534
msgstr ""
5315
5535
5316
#: serverguide/C/virtualization.xml:2223(para)
5536
#: serverguide/C/virtualization.xml:2291(para)
5317
5537
msgid ""
5318
5538
"If you need to run a container in a custom profile, you can create a new "
5319
5539
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
5325
5545
"permissions at the bottom of your policy."
5326
5546
msgstr ""
5327
5547
5328
#: serverguide/C/virtualization.xml:2234(para)
5548
#: serverguide/C/virtualization.xml:2302(para)
5329
5549
msgid "After creating the policy, load it using:"
5330
5550
msgstr ""
5331
5551
5332
#: serverguide/C/virtualization.xml:2236(screen)
5552
#: serverguide/C/virtualization.xml:2304(screen)
5333
5553
#, no-wrap
5334
5554
msgid ""
5335
5555
"\n"
5336
5556
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
5337
5557
msgstr ""
5338
5558
5339
#: serverguide/C/virtualization.xml:2240(para)
5559
#: serverguide/C/virtualization.xml:2308(para)
5340
5560
msgid ""
5341
5561
"The profile will automatically be loaded after a reboot, because it is "
5342
5562
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
5345
5565
"configuration file:"
5346
5566
msgstr ""
5347
5567
5348
#: serverguide/C/virtualization.xml:2247(screen)
5568
#: serverguide/C/virtualization.xml:2315(screen)
5349
5569
#, no-wrap
5350
5570
msgid ""
5351
5571
"\n"
5352
5572
"lxc.aa_profile = lxc-CN-profile\n"
5353
5573
msgstr ""
5354
5574
5355
#: serverguide/C/virtualization.xml:2255(title) serverguide/C/cgroups.xml:11(title)
5575
#: serverguide/C/virtualization.xml:2323(title) serverguide/C/cgroups.xml:11(title)
5356
5576
msgid "Control Groups"
5357
5577
msgstr ""
5358
5578
5359
#: serverguide/C/virtualization.xml:2257(para)
5579
#: serverguide/C/virtualization.xml:2325(para)
5360
5580
msgid ""
5361
5581
"Control groups (cgroups) are a kernel feature providing hierarchical task "
5362
5582
"grouping and per-cgroup resource accounting and limits. They are used in "
5365
5585
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
5366
5586
msgstr ""
5367
5587
5368
#: serverguide/C/virtualization.xml:2265(para)
5588
#: serverguide/C/virtualization.xml:2333(para)
5369
5589
msgid ""
5370
5590
"By default, a privileged container CN will be assigned to a cgroup called "
5371
5591
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
5373
5593
"at 0, will be appended to the cgroup name."
5374
5594
msgstr ""
5375
5595
5376
#: serverguide/C/virtualization.xml:2271(para)
5596
#: serverguide/C/virtualization.xml:2339(para)
5377
5597
msgid ""
5378
5598
"By default, a privileged container CN will be assigned to a cgroup called "
5379
5599
"<filename>CN</filename> under the cgroup of the task which started the "
5382
5602
"all files) so that it is allowed to create new child cgroups."
5383
5603
msgstr ""
5384
5604
5385
#: serverguide/C/virtualization.xml:2278(para)
5605
#: serverguide/C/virtualization.xml:2346(para)
5386
5606
msgid ""
5387
5607
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
5388
5608
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
5403
5623
"requests for which they are not authorized."
5404
5624
msgstr ""
5405
5625
5406
#: serverguide/C/virtualization.xml:2302(title)
5626
#: serverguide/C/virtualization.xml:2370(title)
5407
5627
msgid "Cloning"
5408
5628
msgstr ""
5409
5629
5410
#: serverguide/C/virtualization.xml:2304(para)
5630
#: serverguide/C/virtualization.xml:2372(para)
5411
5631
msgid ""
5412
5632
"For rapid provisioning, you may wish to customize a canonical container "
5413
5633
"according to your needs and then make multiple copies of it. This can be "
5414
5634
"done with the <command>lxc-clone</command> program."
5415
5635
msgstr ""
5416
5636
5417
#: serverguide/C/virtualization.xml:2308(para)
5637
#: serverguide/C/virtualization.xml:2376(para)
5418
5638
msgid ""
5419
5639
"Clones are either snapshots or copies of another container. A copy is a new "
5420
5640
"container copied from the original, and takes as much space on the host as "
5430
5650
"and apt to be slower."
5431
5651
msgstr ""
5432
5652
5433
#: serverguide/C/virtualization.xml:2322(para)
5653
#: serverguide/C/virtualization.xml:2390(para)
5434
5654
msgid ""
5435
5655
"Snapshots of directory-packed containers are created using the overlay "
5436
5656
"filesystem. For instance, a privileged directory-backed container C1 will "
5442
5662
"container, and to only use its snapshots."
5443
5663
msgstr ""
5444
5664
5445
#: serverguide/C/virtualization.xml:2334(para)
5665
#: serverguide/C/virtualization.xml:2402(para)
5446
5666
msgid "Given an existing container called C1, a copy can be created using:"
5447
5667
msgstr ""
5448
5668
5449
#: serverguide/C/virtualization.xml:2338(command)
5669
#: serverguide/C/virtualization.xml:2406(command)
5450
5670
msgid "sudo lxc-clone -o C1 -n C2"
5451
5671
msgstr ""
5452
5672
5453
#: serverguide/C/virtualization.xml:2343(para)
5673
#: serverguide/C/virtualization.xml:2411(para)
5454
5674
msgid "A snapshot can be created using:"
5455
5675
msgstr ""
5456
5676
5457
#: serverguide/C/virtualization.xml:2345(command)
5677
#: serverguide/C/virtualization.xml:2413(command)
5458
5678
msgid "sudo lxc-clone -s -o C1 -n C2"
5459
5679
msgstr ""
5460
5680
5461
#: serverguide/C/virtualization.xml:2349(para)
5681
#: serverguide/C/virtualization.xml:2417(para)
5462
5682
msgid "See the lxc-clone manpage for more information."
5463
5683
msgstr ""
5464
5684
5465
#: serverguide/C/virtualization.xml:2353(para)
5685
#: serverguide/C/virtualization.xml:2421(para)
5466
5686
msgid ""
5467
5687
"To more easily support the use of snapshot clones for iterative container "
5468
5688
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
5480
5700
"is erased and replaced with the snap1 snapshot."
5481
5701
msgstr ""
5482
5702
5483
#: serverguide/C/virtualization.xml:2372(para)
5703
#: serverguide/C/virtualization.xml:2440(para)
5484
5704
msgid ""
5485
5705
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
5486
5706
"lxc-snapshot is called on a directory-backed container, an error will be "
5501
5721
"</screen>"
5502
5722
msgstr ""
5503
5723
5504
#: serverguide/C/virtualization.xml:2396(title)
5724
#: serverguide/C/virtualization.xml:2464(title)
5505
5725
msgid "Ephemeral Containers"
5506
5726
msgstr ""
5507
5727
5508
#: serverguide/C/virtualization.xml:2397(para)
5728
#: serverguide/C/virtualization.xml:2465(para)
5509
5729
msgid ""
5510
5730
"While snapshots are useful for longer-term incremental development of "
5511
5731
"images, ephemeral containers utilize snapshots for quick, single-use "
5520
5740
"page for more options."
5521
5741
msgstr ""
5522
5742
5523
#: serverguide/C/virtualization.xml:2415(title)
5743
#: serverguide/C/virtualization.xml:2483(title)
5524
5744
msgid "Lifecycle management hooks"
5525
5745
msgstr ""
5526
5746
5527
#: serverguide/C/virtualization.xml:2417(para)
5747
#: serverguide/C/virtualization.xml:2485(para)
5528
5748
msgid ""
5529
5749
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
5530
5750
"at specific points in a container's lifetime:"
5531
5751
msgstr ""
5532
5752
5533
#: serverguide/C/virtualization.xml:2422(para)
5753
#: serverguide/C/virtualization.xml:2490(para)
5534
5754
msgid ""
5535
5755
"Pre-start hooks are run in the host's namespace before the container ttys, "
5536
5756
"consoles, or mounts are up. If any mounts are done in this hook, they should "
5537
5757
"be cleaned up in the post-stop hook."
5538
5758
msgstr ""
5539
5759
5540
#: serverguide/C/virtualization.xml:2429(para)
5760
#: serverguide/C/virtualization.xml:2497(para)
5541
5761
msgid ""
5542
5762
"Pre-mount hooks are run in the container's namespaces, but before the root "
5543
5763
"filesystem has been mounted. Mounts done in this hook will be automatically "
5544
5764
"cleaned up when the container shuts down."
5545
5765
msgstr ""
5546
5766
5547
#: serverguide/C/virtualization.xml:2436(para)
5767
#: serverguide/C/virtualization.xml:2504(para)
5548
5768
msgid ""
5549
5769
"Mount hooks are run after the container filesystems have been mounted, but "
5550
5770
"before the container has called <command>pivot_root</command> to change its "
5551
5771
"root filesystem."
5552
5772
msgstr ""
5553
5773
5554
#: serverguide/C/virtualization.xml:2443(para)
5774
#: serverguide/C/virtualization.xml:2511(para)
5555
5775
msgid ""
5556
5776
"Start hooks are run immediately before executing the container's init. Since "
5557
5777
"these are executed after pivoting into the container's filesystem, the "
5558
5778
"command to be executed must be copied into the container's filesystem."
5559
5779
msgstr ""
5560
5780
5561
#: serverguide/C/virtualization.xml:2450(para)
5781
#: serverguide/C/virtualization.xml:2518(para)
5562
5782
msgid "Post-stop hooks are executed after the container has been shut down."
5563
5783
msgstr ""
5564
5784
5565
#: serverguide/C/virtualization.xml:2455(para)
5785
#: serverguide/C/virtualization.xml:2523(para)
5566
5786
msgid ""
5567
5787
"If any hook returns an error, the container's run will be aborted. Any "
5568
5788
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
5569
5789
"generated by the script will be logged at the debug priority."
5570
5790
msgstr ""
5571
5791
5572
#: serverguide/C/virtualization.xml:2460(para)
5792
#: serverguide/C/virtualization.xml:2528(para)
5573
5793
msgid ""
5574
5794
"Please see the lxc.container.conf manual page for the configuration file "
5575
5795
"format with which to specify hooks. Some sample hooks are shipped with the "
5576
5796
"lxc package to serve as an example of how to write and use such hooks."
5577
5797
msgstr ""
5578
5798
5579
#: serverguide/C/virtualization.xml:2467(title)
5799
#: serverguide/C/virtualization.xml:2535(title)
5580
5800
msgid "Consoles"
5581
5801
msgstr ""
5582
5802
5583
#: serverguide/C/virtualization.xml:2469(para)
5803
#: serverguide/C/virtualization.xml:2537(para)
5584
5804
msgid ""
5585
5805
"Containers have a configurable number of consoles. One always exists on the "
5586
5806
"container's <filename>/dev/console</filename>. This is shown on the terminal "
5594
5814
"3 from the host, use:"
5595
5815
msgstr ""
5596
5816
5597
#: serverguide/C/virtualization.xml:2482(command)
5817
#: serverguide/C/virtualization.xml:2550(command)
5598
5818
msgid "sudo lxc-console -n container -t 3"
5599
5819
msgstr ""
5600
5820
5601
#: serverguide/C/virtualization.xml:2487(para)
5821
#: serverguide/C/virtualization.xml:2555(para)
5602
5822
msgid ""
5603
5823
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
5604
5824
"console will be automatically chosen. To exit the console, use the escape "
5607
5827
"d</emphasis> option."
5608
5828
msgstr ""
5609
5829
5610
#: serverguide/C/virtualization.xml:2493(para)
5830
#: serverguide/C/virtualization.xml:2561(para)
5611
5831
msgid ""
5612
5832
"Each container console is actually a Unix98 pty in the host's (not the "
5613
5833
"guest's) pty mount, bind-mounted over the guest's "
5620
5840
"<filename>/dev</filename>."
5621
5841
msgstr ""
5622
5842
5623
#: serverguide/C/virtualization.xml:2507(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5843
#: serverguide/C/virtualization.xml:2575(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
5624
5844
msgid "Logging"
5625
5845
msgstr ""
5626
5846
5627
#: serverguide/C/virtualization.xml:2508(para)
5847
#: serverguide/C/virtualization.xml:2576(para)
5628
5848
msgid ""
5629
5849
"If something goes wrong when starting a container, the first step should be "
5630
5850
"to get full logging from LXC: <screen>\n"
5637
5857
"new log information will be appended."
5638
5858
msgstr ""
5639
5859
5640
#: serverguide/C/virtualization.xml:2523(title)
5860
#: serverguide/C/virtualization.xml:2591(title)
5641
5861
msgid "Monitoring container status"
5642
5862
msgstr ""
5643
5863
5644
#: serverguide/C/virtualization.xml:2525(para)
5864
#: serverguide/C/virtualization.xml:2593(para)
5645
5865
msgid ""
5646
5866
"Two commands are available to monitor container state changes. <command>lxc-"
5647
5867
"monitor</command> monitors one or more containers for any state changes. It "
5653
5873
"instance,"
5654
5874
msgstr ""
5655
5875
5656
#: serverguide/C/virtualization.xml:2535(command)
5876
#: serverguide/C/virtualization.xml:2603(command)
5657
5877
msgid "sudo lxc-monitor -n cont[0-5]*"
5658
5878
msgstr ""
5659
5879
5660
#: serverguide/C/virtualization.xml:2540(para)
5880
#: serverguide/C/virtualization.xml:2608(para)
5661
5881
msgid ""
5662
5882
"would print all state changes to any containers matching the listed regular "
5663
5883
"expression, whereas"
5664
5884
msgstr ""
5665
5885
5666
#: serverguide/C/virtualization.xml:2544(command)
5886
#: serverguide/C/virtualization.xml:2612(command)
5667
5887
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
5668
5888
msgstr ""
5669
5889
5670
#: serverguide/C/virtualization.xml:2549(para)
5890
#: serverguide/C/virtualization.xml:2617(para)
5671
5891
msgid ""
5672
5892
"will wait until container cont1 enters state STOPPED or state FROZEN and "
5673
5893
"then exit."
5674
5894
msgstr ""
5675
5895
5676
#: serverguide/C/virtualization.xml:2554(title)
5896
#: serverguide/C/virtualization.xml:2622(title)
5677
5897
msgid "Attach"
5678
5898
msgstr ""
5679
5899
5680
#: serverguide/C/virtualization.xml:2555(para)
5900
#: serverguide/C/virtualization.xml:2623(para)
5681
5901
msgid ""
5682
5902
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
5683
5903
"The simplest case is to simply do <screen>\n"
5690
5910
"context. See the manual page for more information."
5691
5911
msgstr ""
5692
5912
5693
#: serverguide/C/virtualization.xml:2571(title)
5913
#: serverguide/C/virtualization.xml:2639(title)
5694
5914
msgid "Container init verbosity"
5695
5915
msgstr ""
5696
5916
5697
#: serverguide/C/virtualization.xml:2572(para)
5917
#: serverguide/C/virtualization.xml:2640(para)
5698
5918
msgid ""
5699
5919
"If LXC completes the container startup, but the container init fails to "
5700
5920
"complete (for instance, no login prompt is shown), it can be useful to "
5713
5933
"</screen>"
5714
5934
msgstr ""
5715
5935
5716
#: serverguide/C/virtualization.xml:2596(title)
5936
#: serverguide/C/virtualization.xml:2664(title)
5717
5937
msgid "LXC API"
5718
5938
msgstr ""
5719
5939
5720
#: serverguide/C/virtualization.xml:2598(para)
5940
#: serverguide/C/virtualization.xml:2666(para)
5721
5941
msgid ""
5722
5942
"Most of the LXC functionality can now be accessed through an API exported by "
5723
5943
"<filename>liblxc</filename> for which bindings are available in several "
5724
5944
"languages, including Python, lua, ruby, and go."
5725
5945
msgstr ""
5726
5946
5727
#: serverguide/C/virtualization.xml:2602(para)
5947
#: serverguide/C/virtualization.xml:2670(para)
5728
5948
msgid ""
5729
5949
"Below is an example using the python bindings (which are available in the "
5730
5950
"<application>python3-lxc</application> package) which creates and starts a "
5731
5951
"container, then waits until it has been shut down:"
5732
5952
msgstr ""
5733
5953
5734
#: serverguide/C/virtualization.xml:2608(programlisting)
5954
#: serverguide/C/virtualization.xml:2676(programlisting)
5735
5955
#, no-wrap
5736
5956
msgid ""
5737
5957
"\n"
5753
5973
"True\n"
5754
5974
msgstr ""
5755
5975
5756
#: serverguide/C/virtualization.xml:2628(title) serverguide/C/security.xml:11(title)
5976
#: serverguide/C/virtualization.xml:2696(title) serverguide/C/security.xml:11(title)
5757
5977
msgid "Security"
5758
5978
msgstr ""
5759
5979
5760
#: serverguide/C/virtualization.xml:2630(para)
5980
#: serverguide/C/virtualization.xml:2698(para)
5761
5981
msgid ""
5762
5982
"A namespace maps ids to resources. By not providing a container any id with "
5763
5983
"which to reference a resource, the resource can be protected. This is the "
5768
5988
"host."
5769
5989
msgstr ""
5770
5990
5771
#: serverguide/C/virtualization.xml:2639(para)
5991
#: serverguide/C/virtualization.xml:2707(para)
5772
5992
msgid ""
5773
5993
"By default, LXC containers are started under a Apparmor policy to restrict "
5774
5994
"some actions. The details of AppArmor integration with lxc are in section "
5779
5999
"host."
5780
6000
msgstr ""
5781
6001
5782
#: serverguide/C/virtualization.xml:2650(title)
6002
#: serverguide/C/virtualization.xml:2718(title)
5783
6003
msgid "Exploitable system calls"
5784
6004
msgstr ""
5785
6005
5786
#: serverguide/C/virtualization.xml:2652(para)
6006
#: serverguide/C/virtualization.xml:2720(para)
5787
6007
msgid ""
5788
6008
"It is a core container feature that containers share a kernel with the host. "
5789
6009
"Therefore if the kernel contains any exploitable system calls the container "
5791
6011
"fully control any resource known to the host."
5792
6012
msgstr ""
5793
6013
5794
#: serverguide/C/virtualization.xml:2658(para)
6014
#: serverguide/C/virtualization.xml:2726(para)
5795
6015
msgid ""
5796
6016
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
5797
6017
"seccomp filter. Seccomp is a new kernel feature which filters the system "
5803
6023
"by a list of numbers, one per line."
5804
6024
msgstr ""
5805
6025
5806
#: serverguide/C/virtualization.xml:2668(para)
6026
#: serverguide/C/virtualization.xml:2736(para)
5807
6027
msgid ""
5808
6028
"In general to run a full distribution container a large number of system "
5809
6029
"calls will be needed. However for application containers it may be possible "
5815
6035
"loaded."
5816
6036
msgstr ""
5817
6037
5818
#: serverguide/C/virtualization.xml:2684(para)
6038
#: serverguide/C/virtualization.xml:2752(para)
5819
6039
msgid ""
5820
6040
"The DeveloperWorks article <ulink "
5821
6041
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
5823
6043
"to the use of containers."
5824
6044
msgstr ""
5825
6045
5826
#: serverguide/C/virtualization.xml:2691(para)
6046
#: serverguide/C/virtualization.xml:2759(para)
5827
6047
msgid ""
5828
6048
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
5829
6049
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
5830
6050
"use of security modules to make containers more secure."
5831
6051
msgstr ""
5832
6052
5833
#: serverguide/C/virtualization.xml:2698(para) serverguide/C/cgroups.xml:202(para)
6053
#: serverguide/C/virtualization.xml:2766(para) serverguide/C/cgroups.xml:202(para)
5834
6054
msgid "Manual pages referenced above can be found at:"
5835
6055
msgstr ""
5836
6056
5837
#: serverguide/C/virtualization.xml:2700(ulink)
6057
#: serverguide/C/virtualization.xml:2768(ulink)
5838
6058
msgid "capabilities"
5839
6059
msgstr ""
5840
6060
5841
#: serverguide/C/virtualization.xml:2701(ulink)
6061
#: serverguide/C/virtualization.xml:2769(ulink)
5842
6062
msgid "lxc.conf"
5843
6063
msgstr ""
5844
6064
5845
#: serverguide/C/virtualization.xml:2706(para)
6065
#: serverguide/C/virtualization.xml:2774(para)
5846
6066
msgid ""
5847
6067
"The upstream LXC project is hosted at <ulink "
5848
6068
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
5849
6069
msgstr ""
5850
6070
5851
#: serverguide/C/virtualization.xml:2711(para)
6071
#: serverguide/C/virtualization.xml:2779(para)
5852
6072
msgid ""
5853
6073
"LXC security issues are listed and discussed at <ulink "
5854
6074
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
5855
6075
msgstr ""
5856
6076
5857
#: serverguide/C/virtualization.xml:2717(para)
6077
#: serverguide/C/virtualization.xml:2785(para)
5858
6078
msgid ""
5859
6079
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
5860
6080
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
6411
6631
"service with the following command"
6412
6632
msgstr ""
6413
6633
6414
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:508(command)
6634
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:360(command)
6415
6635
msgid "sudo systemctl reload apache2.service"
6416
6636
msgstr ""
6417
6637
6708
6928
#: serverguide/C/serverguide.xml:11(para)
6709
6929
msgid ""
6710
6930
"A copy of the license is available here: <ulink "
6711
"url=\"http://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6931
"url=\"https://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
6712
6932
"ShareAlike License</ulink>."
6713
6933
msgstr ""
6714
6934
9272
9492
msgid ""
9273
9493
"The main Samba configuration file is located in "
9274
9494
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
9275
"a significant amount of comments in order to document various configuration "
9495
"a significant number of comments in order to document various configuration "
9276
9496
"directives."
9277
9497
msgstr ""
9278
9498
9399
9619
"new configuration:"
9400
9620
msgstr ""
9401
9621
9402
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4113(command)
9622
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:335(command) serverguide/C/samba.xml:472(command) serverguide/C/samba.xml:571(command) serverguide/C/samba.xml:921(command) serverguide/C/samba.xml:1075(command) serverguide/C/samba.xml:1181(command) serverguide/C/network-auth.xml:2525(command) serverguide/C/network-auth.xml:4106(command)
9403
9623
msgid "sudo systemctl restart smbd.service nmbd.service"
9404
9624
msgstr ""
9405
9625
14730
14950
14731
14951
#: serverguide/C/network-config.xml:1418(para)
14732
14952
msgid ""
14733
"The package dpdk provides init scripts that ease configuration of device "
14734
"assignment and huge pages. It also makes them persistent accross reboots."
14953
"The package <emphasis>dpdk</emphasis> provides init scripts that ease "
14954
"configuration of device assignment and huge pages. It also makes them "
14955
"persistent accross reboots."
14735
14956
msgstr ""
14736
14957
14737
14958
#: serverguide/C/network-config.xml:1422(para)
14749
14970
"# <id> Device ID on the specified bus\n"
14750
14971
"# <driver> Driver to bind against (vfio-pci or uio_pci_generic)\n"
14751
14972
"#\n"
14752
"# Be aware that the two dpdk compatible drivers uio_pci_generic and vfio-pci "
14753
"are \n"
14973
"# Be aware that the two DPDK compatible drivers uio_pci_generic and vfio-pci "
14974
"are\n"
14754
14975
"# part of linux-image-extra-<VERSION> package.\n"
14755
14976
"# This package is not always installed by default - for example in cloud-"
14756
"images. \n"
14977
"images.\n"
14757
14978
"# So please install it in case you run into missing module issues.\n"
14758
14979
"#\n"
14759
14980
"# <bus> <id> <driver>\n"
14812
15033
14813
15034
#: serverguide/C/network-config.xml:1471(para)
14814
15035
msgid ""
14815
"The dpdk package has a config file and scripts that try to ease hugepage "
14816
"configuration for dpdk in the form of /etc/dpdk/dpdk.conf. If you have more "
14817
"consumers of hugepages than dpdk in your system or very special requirements "
14818
"how your hugepages are going to be set up you likely want to "
14819
"allocate/control them by yourself. If not this can be a great simplification "
14820
"to get dpdk to run for yourself."
15036
"The <emphasis>dpdk</emphasis> package has a config file and scripts that try "
15037
"to ease hugepage configuration for DPDK in the form of "
15038
"<emphasis>/etc/dpdk/dpdk.conf</emphasis>. If you have more consumers of "
15039
"hugepages than just DPDK in your system or very special requirements how "
15040
"your hugepages are going to be set up you likely want to allocate/control "
15041
"them by yourself. If not this can be a great simplification to get DPDK "
15042
"configured for your needs."
14821
15043
msgstr ""
14822
15044
14823
15045
#: serverguide/C/network-config.xml:1476(para)
14865
15087
14866
15088
#: serverguide/C/network-config.xml:1501(para)
14867
15089
msgid ""
14868
"You will often find guides that tell you to fetch the dpdk sources, build "
14869
"them to your needs and eventually build your application based on dpdk by "
15090
"You will often find guides that tell you to fetch the DPDK sources, build "
15091
"them to your needs and eventually build your application based on DPDK by "
14870
15092
"setting values RTE_* for the build system. Since Ubunutu provides an already "
14871
15093
"compiled DPDK for you can can skip all that. To simplify setting the proper "
14872
15094
"variables you can source the file /usr/share/dpdk/dpdk-sdk-env.sh before "
14887
15109
#: serverguide/C/network-config.xml:1512(para)
14888
15110
msgid ""
14889
15111
"Depending on what you build it might be a good addition to install all of "
14890
"dpdk build dependencies before the make."
15112
"DPDK build dependencies before the make."
14891
15113
msgstr ""
14892
15114
14893
15115
#: serverguide/C/network-config.xml:1515(programlisting)
14937
15159
14938
15160
#: serverguide/C/network-config.xml:1538(para)
14939
15161
msgid ""
14940
"The section ''--vhost-owner libvirt-qemu:kvm --vhost-perm 0664'' will set "
14941
"vhost_user ports up with owner/permissions to be compatible with Ubuntus way "
14942
"of running qemu-kvm/libvirt with reduced privileges for more security."
15162
"The section <emphasis>--vhost-owner libvirt-qemu:kvm --vhost-perm "
15163
"0664</emphasis> will set vhost_user ports up with owner/permissions to be "
15164
"compatible with Ubuntus way of running qemu-kvm/libvirt with reduced "
15165
"privileges for more security."
14943
15166
msgstr ""
14944
15167
14945
15168
#: serverguide/C/network-config.xml:1541(para)
14946
15169
msgid ""
15170
"Please note that the section <emphasis>-m 2048</emphasis> is the most basic "
15171
"numa setup for a single socket system. If you have multiple sockets you "
15172
"might want to define how to split your memory among them, for example "
15173
"<emphasis>-m 1024, 1024</emphasis>. Please be aware that DPDK will try to "
15174
"work only with local memory to the network cards it works with (for "
15175
"performance reasons). That said if you have multiple nodes, but all network "
15176
"cards on one, you should consider spreading your cards. If not at least "
15177
"allocate your memory to the node where the cards reside, for example in a "
15178
"two node all to node #2: <emphasis>-m 0, 2048</emphasis>. You can use the "
15179
"tool <emphasis>lstopo</emphasis> from the package <emphasis>hwloc-"
15180
"nox</emphasis> to see on which socket your cards are located."
15181
msgstr ""
15182
15183
#: serverguide/C/network-config.xml:1549(para)
15184
msgid ""
14947
15185
"The OpenVswitch you now started supports all port types OpenVswitch usually "
14948
15186
"does, plus DPDK port types. Here an example how to create a bridge and - "
14949
15187
"instead of a normal external port - add an external DPDK port to it."
14950
15188
msgstr ""
14951
15189
14952
#: serverguide/C/network-config.xml:1545(programlisting)
15190
#: serverguide/C/network-config.xml:1553(programlisting)
14953
15191
#, no-wrap
14954
15192
msgid ""
14955
15193
"\n"
14958
15196
"\t\t "
14959
15197
msgstr ""
14960
15198
14961
#: serverguide/C/network-config.xml:1552(title)
15199
#: serverguide/C/network-config.xml:1558(para)
15200
msgid ""
15201
"The enablement of DPDK in Open vSwitch has changed in version 2.6. So for "
15202
"users of releases >=16.10, but also for users of the <ulink "
15203
"url=\"https://wiki.ubuntu.com/OpenStack/CloudArchive\">Ubuntu Cloud "
15204
"Archive</ulink> >=neutron the enablement has changed compared to that for "
15205
"users of Ubuntu 16.04. The options formerly passed via "
15206
"<emphasis>DPDK_OPTS</emphasis> are now configured via ovs-vsctl into the "
15207
"Open vSwitch configuration database."
15208
msgstr ""
15209
15210
#: serverguide/C/network-config.xml:1563(para)
15211
msgid "The same example as above would in the new way look like:"
15212
msgstr ""
15213
15214
#: serverguide/C/network-config.xml:1566(programlisting)
15215
#, no-wrap
15216
msgid ""
15217
"\n"
15218
"# Enable DPDK\n"
15219
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-init=true\"\n"
15220
"# run on core 0\n"
15221
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-lcore-mask=0x1\"\n"
15222
"# Allocate 2G huge pages (not Numa node aware)\n"
15223
"ovs-vsctl set Open_vSwitch . \"other_config:dpdk-alloc-mem=2048\"\n"
15224
"# group/permissions for vhost-user sockets (required to work with "
15225
"libvirt/qemu)\n"
15226
"ovs-vsctl set Open_vSwitch . \\\n"
15227
" \"other_config:dpdk-extra=--vhost-owner libvirt-qemu:kvm --vhost-perm "
15228
"0666\"\n"
15229
"\t\t "
15230
msgstr ""
15231
15232
#: serverguide/C/network-config.xml:1581(filename)
15233
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK.md.gz"
15234
msgstr ""
15235
15236
#: serverguide/C/network-config.xml:1582(filename)
15237
msgid "/usr/share/doc/openvswitch-common/INSTALL.DPDK-ADVANCED.md.gz"
15238
msgstr ""
15239
15240
#: serverguide/C/network-config.xml:1583(command)
15241
msgid "man ovs-vswitchd.conf.db"
15242
msgstr ""
15243
15244
#: serverguide/C/network-config.xml:1577(para)
15245
msgid ""
15246
"Please see the associated upstream documentation and the man page of the "
15247
"vswitch configuration as provided by the package for more details: "
15248
"<placeholder-1/>"
15249
msgstr ""
15250
15251
#: serverguide/C/network-config.xml:1590(title)
14962
15252
msgid "OpenVswitch DPDK to KVM Guests"
14963
15253
msgstr ""
14964
15254
14965
#: serverguide/C/network-config.xml:1553(para)
15255
#: serverguide/C/network-config.xml:1591(para)
14966
15256
msgid ""
14967
15257
"If you are not building some sort of SDN switch or NFV on top of DPDK it is "
14968
15258
"very likely that you want to forward traffic to KVM guests. The good news "
14972
15262
"DPDK instance."
14973
15263
msgstr ""
14974
15264
14975
#: serverguide/C/network-config.xml:1558(para)
15265
#: serverguide/C/network-config.xml:1596(para)
14976
15266
msgid ""
14977
15267
"The Guest has to be backed by shared hugepages for DPDK/vhost_user to work. "
14978
15268
"To ensure in general that libvirt/qemu-kvm finds a proper hugepage "
14980
15270
"Afterwards restart the service to pick up the changed configuration."
14981
15271
msgstr ""
14982
15272
14983
#: serverguide/C/network-config.xml:1563(programlisting)
15273
#: serverguide/C/network-config.xml:1601(programlisting)
14984
15274
#, no-wrap
14985
15275
msgid ""
14986
15276
"\n"
14989
15279
"\t\t "
14990
15280
msgstr ""
14991
15281
14992
#: serverguide/C/network-config.xml:1567(para)
15282
#: serverguide/C/network-config.xml:1605(para)
14993
15283
msgid ""
14994
15284
"To let a guest be backed by hugepages is now also supported via recent "
14995
15285
"libvirt, just add the following snippet to your virsh xml (or the equivalent "
14997
15287
"easily spawn guests with \"uvt-kvm create\"."
14998
15288
msgstr ""
14999
15289
15000
#: serverguide/C/network-config.xml:1571(programlisting)
15290
#: serverguide/C/network-config.xml:1609(programlisting)
15001
15291
#, no-wrap
15002
15292
msgid ""
15003
15293
"\n"
15012
15302
"\t\t "
15013
15303
msgstr ""
15014
15304
15015
#: serverguide/C/network-config.xml:1580(para)
15305
#: serverguide/C/network-config.xml:1618(para)
15016
15306
msgid ""
15017
15307
"The new and recommended way to get to a KVM guest is using vhost_user. This "
15018
15308
"will cause DPDK to create a socket that qemu will connect the guest to. Here "
15019
15309
"an example how to add such a port to the bridge you created (see above)."
15020
15310
msgstr ""
15021
15311
15022
#: serverguide/C/network-config.xml:1585(programlisting)
15312
#: serverguide/C/network-config.xml:1623(programlisting)
15023
15313
#, no-wrap
15024
15314
msgid ""
15025
15315
"\n"
15028
15318
"\t\t "
15029
15319
msgstr ""
15030
15320
15031
#: serverguide/C/network-config.xml:1588(para)
15321
#: serverguide/C/network-config.xml:1626(para)
15032
15322
msgid ""
15033
15323
"This will create a vhost_user socket at /var/run/openvswitch/vhost-user-1"
15034
15324
msgstr ""
15035
15325
15036
#: serverguide/C/network-config.xml:1591(para)
15326
#: serverguide/C/network-config.xml:1629(para)
15037
15327
msgid ""
15038
15328
"To let libvirt/kvm consume this socket and create a guest virtio network "
15039
15329
"device for it add a snippet like this to your guest definition as the "
15040
15330
"network definition."
15041
15331
msgstr ""
15042
15332
15043
#: serverguide/C/network-config.xml:1594(programlisting)
15333
#: serverguide/C/network-config.xml:1632(programlisting)
15044
15334
#, no-wrap
15045
15335
msgid ""
15046
15336
"\n"
15053
15343
"\t\t "
15054
15344
msgstr ""
15055
15345
15056
#: serverguide/C/network-config.xml:1605(title)
15346
#: serverguide/C/network-config.xml:1643(title)
15057
15347
msgid "DPDK in KVM Guests"
15058
15348
msgstr ""
15059
15349
15060
#: serverguide/C/network-config.xml:1606(para)
15350
#: serverguide/C/network-config.xml:1644(para)
15061
15351
msgid ""
15062
15352
"If you have no access to DPDK supported network cards you can still work "
15063
15353
"with DPDK by using its support for virtio. To do so you have to create "
15064
15354
"guests backed by hugepages (see above)."
15065
15355
msgstr ""
15066
15356
15067
#: serverguide/C/network-config.xml:1610(para)
15357
#: serverguide/C/network-config.xml:1648(para)
15068
15358
msgid ""
15069
15359
"On top of that there it is required to have at least SSE3. The default CPU "
15070
15360
"model qemu/libvirt uses is only up to SSE2. So you will have to define a "
15073
15363
"virsh xml (or the equivalent virsh interface you use)."
15074
15364
msgstr ""
15075
15365
15076
#: serverguide/C/network-config.xml:1616(programlisting)
15366
#: serverguide/C/network-config.xml:1654(programlisting)
15077
15367
#, no-wrap
15078
15368
msgid ""
15079
15369
"\n"
15081
15371
"\t\t "
15082
15372
msgstr ""
15083
15373
15084
#: serverguide/C/network-config.xml:1619(para)
15374
#: serverguide/C/network-config.xml:1657(para)
15085
15375
msgid ""
15086
15376
"This example is rather offensive and passes all host features. That in turn "
15087
15377
"makes the guest not very migratable as the target would need all the "
15089
15379
"like the following example."
15090
15380
msgstr ""
15091
15381
15092
#: serverguide/C/network-config.xml:1624(programlisting)
15382
#: serverguide/C/network-config.xml:1662(programlisting)
15093
15383
#, no-wrap
15094
15384
msgid ""
15095
15385
"\n"
15100
15390
"\t\t "
15101
15391
msgstr ""
15102
15392
15103
#: serverguide/C/network-config.xml:1630(para)
15393
#: serverguide/C/network-config.xml:1668(para)
15104
15394
msgid ""
15105
15395
"Also virtio nowadays supports multiqueue which DPDK in turn can exploit for "
15106
15396
"better speed. To modify a normal virtio definition to have multiple queues "
15109
15399
"DPDK in the guest."
15110
15400
msgstr ""
15111
15401
15112
#: serverguide/C/network-config.xml:1635(programlisting)
15402
#: serverguide/C/network-config.xml:1673(programlisting)
15113
15403
#, no-wrap
15114
15404
msgid ""
15115
15405
"\n"
15117
15407
"\t\t "
15118
15408
msgstr ""
15119
15409
15120
#: serverguide/C/network-config.xml:1641(title)
15410
#: serverguide/C/network-config.xml:1679(title)
15121
15411
msgid "Tuning Openvswitch-DPDK"
15122
15412
msgstr ""
15123
15413
15124
#: serverguide/C/network-config.xml:1642(para)
15414
#: serverguide/C/network-config.xml:1680(para)
15125
15415
msgid ""
15126
15416
"DPDK has plenty of options - in combination with Openvswitch-DPDK the two "
15127
15417
"most commonly used are:"
15128
15418
msgstr ""
15129
15419
15130
#: serverguide/C/network-config.xml:1645(programlisting)
15420
#: serverguide/C/network-config.xml:1683(programlisting)
15131
15421
#, no-wrap
15132
15422
msgid ""
15133
15423
"\n"
15136
15426
"\t\t "
15137
15427
msgstr ""
15138
15428
15139
#: serverguide/C/network-config.xml:1649(para)
15429
#: serverguide/C/network-config.xml:1687(para)
15140
15430
msgid ""
15141
15431
"The first select how many rx queues are to be used for each DPDK interface, "
15142
15432
"while the second controls how many and where to run PMD threads. The example "
15145
15435
"installation\" at the end of this document for more."
15146
15436
msgstr ""
15147
15437
15148
#: serverguide/C/network-config.xml:1654(para)
15438
#: serverguide/C/network-config.xml:1692(para)
15149
15439
msgid ""
15150
15440
"As usual with tunings you have to know your system and workload really well -"
15151
15441
" so please verify any tunings with workloads matching your real use case."
15152
15442
msgstr ""
15153
15443
15154
#: serverguide/C/network-config.xml:1661(para)
15444
#: serverguide/C/network-config.xml:1699(para)
15155
15445
msgid ""
15156
15446
"DPDK is a fast evolving project. In any case of a search for support and "
15157
15447
"further guides it is highly recommended to first check if they apply to the "
15158
15448
"current version."
15159
15449
msgstr ""
15160
15450
15161
#: serverguide/C/network-config.xml:1668(ulink)
15451
#: serverguide/C/network-config.xml:1707(ulink)
15162
15452
msgid "DPDK Mailing Lists"
15163
15453
msgstr ""
15164
15454
15165
#: serverguide/C/network-config.xml:1672(para)
15455
#: serverguide/C/network-config.xml:1711(para)
15166
15456
msgid ""
15167
15457
"For OpenVswitch-DPDK <ulink url=\"http://openvswitch.org/mlists\">OpenStack "
15168
15458
"Mailing Lists</ulink>"
15169
15459
msgstr ""
15170
15460
15171
#: serverguide/C/network-config.xml:1677(para)
15461
#: serverguide/C/network-config.xml:1716(para)
15172
15462
msgid ""
15173
15463
"Known issues in <ulink "
15174
15464
"url=\"https://bugs.launchpad.net/ubuntu/+source/dpdk\">DPDK Launchpad "
15175
15465
"Area</ulink>"
15176
15466
msgstr ""
15177
15467
15178
#: serverguide/C/network-config.xml:1682(para)
15468
#: serverguide/C/network-config.xml:1721(para)
15179
15469
msgid "Join the IRC channels #DPDK or #openvswitch on freenode."
15180
15470
msgstr ""
15181
15471
15182
#: serverguide/C/network-config.xml:1696(ulink)
15472
#: serverguide/C/network-config.xml:1727(para)
15473
msgid ""
15474
"Issues are often due to missing small details in the general setup. Later "
15475
"on, these missing details cause problems which can be hard to track down to "
15476
"their root cause. A common case seems to be the \"could not open network "
15477
"device dpdk0 (No such device)\" issue. This occurs rather late when setting "
15478
"up a port in Open vSwitch with DPDK. But the root cause most of the time is "
15479
"very early in the setup and initialization. Here an example how a proper "
15480
"initialization of a device looks - this can be found in the syslog/journal "
15481
"when starting Open vSwitch with DPDK enabled."
15482
msgstr ""
15483
15484
#: serverguide/C/network-config.xml:1738(programlisting)
15485
#, no-wrap
15486
msgid ""
15487
"\n"
15488
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15489
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15490
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
15491
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
15492
"\t\t "
15493
msgstr ""
15494
15495
#: serverguide/C/network-config.xml:1745(para)
15496
msgid ""
15497
"If this is missing, either by ignored cards, failed initialization or other "
15498
"reasons, later on there will be no DPDK device to refer to. Unfortunately "
15499
"the logging is spread across syslog/journal and the openvswitch log. To "
15500
"allow some cross checking here an example what can be found in these logs, "
15501
"relative to the entered command."
15502
msgstr ""
15503
15504
#: serverguide/C/network-config.xml:1753(programlisting)
15505
#, no-wrap
15506
msgid ""
15507
"\n"
15508
"#Note: This log was taken with dpdk 2.2 and openvswitch 2.5\n"
15509
"Captions:\n"
15510
"CMD: that you enter\n"
15511
"SYSLOG: (Inlcuding EAL and OVS Messages)\n"
15512
"OVS-LOG: (Openvswitch messages)\n"
15513
"\n"
15514
"#PREPARATION\n"
15515
"Bind an interface to DPDK UIO drivers, make Hugepages available, enable DPDK "
15516
"on OVS\n"
15517
"\n"
15518
"CMD: sudo service openvswitch-switch restart\n"
15519
"\n"
15520
"SYSLOG:\n"
15521
"2016-01-22T08:58:31.372Z|00003|daemon_unix(monitor)|INFO|pid 3329 died, "
15522
"killed (Terminated), exiting\n"
15523
"2016-01-22T08:58:33.377Z|00002|vlog|INFO|opened log file "
15524
"/var/log/openvswitch/ovs-vswitchd.log\n"
15525
"2016-01-22T08:58:33.381Z|00003|ovs_numa|INFO|Discovered 12 CPU cores on NUMA "
15526
"node 0\n"
15527
"2016-01-22T08:58:33.381Z|00004|ovs_numa|INFO|Discovered 1 NUMA nodes and 12 "
15528
"CPU cores\n"
15529
"2016-01-"
15530
"22T08:58:33.381Z|00005|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15531
"connecting...\n"
15532
"2016-01-"
15533
"22T08:58:33.383Z|00006|reconnect|INFO|unix:/var/run/openvswitch/db.sock: "
15534
"connected\n"
15535
"2016-01-22T08:58:33.386Z|00007|bridge|INFO|ovs-vswitchd (Open vSwitch) "
15536
"2.5.0\n"
15537
"\n"
15538
"OVS-LOG:\n"
15539
"systemd[1]: Stopping Open vSwitch...\n"
15540
"systemd[1]: Stopped Open vSwitch.\n"
15541
"systemd[1]: Stopping Open vSwitch Internal Unit...\n"
15542
"ovs-ctl[3541]: * Killing ovs-vswitchd (3329)\n"
15543
"ovs-ctl[3541]: * Killing ovsdb-server (3318)\n"
15544
"systemd[1]: Stopped Open vSwitch Internal Unit.\n"
15545
"systemd[1]: Starting Open vSwitch Internal Unit...\n"
15546
"ovs-ctl[3560]: * Starting ovsdb-server\n"
15547
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait -- init -- set "
15548
"Open_vSwitch . db-version=7.12.1\n"
15549
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait set "
15550
"Open_vSwitch . ovs-version=2.5.0 \"external-ids:system-id=\\\"e7c5ba80-bb14-"
15551
"45c1-b8eb-628f3ad03903\\\"\" \"system-type=\\\"Ubuntu\\\"\" \"system-"
15552
"version=\\\"16.04-xenial\\\"\"\n"
15553
"ovs-ctl[3560]: * Configuring Open vSwitch system IDs\n"
15554
"ovs-ctl[3560]: 2016-01-22T08:58:31Z|00001|dpdk|INFO|No -vhost_sock_dir "
15555
"provided - defaulting to /var/run/openvswitch\n"
15556
"ovs-vswitchd: ovs|00001|dpdk|INFO|No -vhost_sock_dir provided - defaulting "
15557
"to /var/run/openvswitch\n"
15558
"ovs-ctl[3560]: EAL: Detected lcore 0 as core 0 on socket 0\n"
15559
"ovs-ctl[3560]: EAL: Detected lcore 1 as core 1 on socket 0\n"
15560
"ovs-ctl[3560]: EAL: Detected lcore 2 as core 2 on socket 0\n"
15561
"ovs-ctl[3560]: EAL: Detected lcore 3 as core 3 on socket 0\n"
15562
"ovs-ctl[3560]: EAL: Detected lcore 4 as core 4 on socket 0\n"
15563
"ovs-ctl[3560]: EAL: Detected lcore 5 as core 5 on socket 0\n"
15564
"ovs-ctl[3560]: EAL: Detected lcore 6 as core 0 on socket 0\n"
15565
"ovs-ctl[3560]: EAL: Detected lcore 7 as core 1 on socket 0\n"
15566
"ovs-ctl[3560]: EAL: Detected lcore 8 as core 2 on socket 0\n"
15567
"ovs-ctl[3560]: EAL: Detected lcore 9 as core 3 on socket 0\n"
15568
"ovs-ctl[3560]: EAL: Detected lcore 10 as core 4 on socket 0\n"
15569
"ovs-ctl[3560]: EAL: Detected lcore 11 as core 5 on socket 0\n"
15570
"ovs-ctl[3560]: EAL: Support maximum 128 logical core(s) by configuration.\n"
15571
"ovs-ctl[3560]: EAL: Detected 12 lcore(s)\n"
15572
"ovs-ctl[3560]: EAL: VFIO modules not all loaded, skip VFIO support...\n"
15573
"ovs-ctl[3560]: EAL: Setting up physically contiguous memory...\n"
15574
"ovs-ctl[3560]: EAL: Ask a virtual area of 0x100000000 bytes\n"
15575
"ovs-ctl[3560]: EAL: Virtual area found at 0x7f2040000000 (size = "
15576
"0x100000000)\n"
15577
"ovs-ctl[3560]: EAL: Requesting 4 pages of size 1024MB from socket 0\n"
15578
"ovs-ctl[3560]: EAL: TSC frequency is ~2397202 KHz\n"
15579
"ovs-vswitchd[3592]: EAL: TSC frequency is ~2397202 KHz\n"
15580
"ovs-vswitchd[3592]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
15581
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
15582
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15583
"ovs-vswitchd[3592]: EAL: Not managed by a supported kernel driver, "
15584
"skipped\n"
15585
"ovs-vswitchd[3592]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15586
"ovs-vswitchd[3592]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15587
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140000000\n"
15588
"ovs-vswitchd[3592]: EAL: PCI memory mapped at 0x7f2140200000\n"
15589
"ovs-ctl[3560]: EAL: Master lcore 0 is ready (tid=fc6cbb00;cpuset=[0])\n"
15590
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.0 on NUMA socket 0\n"
15591
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15592
"ovs-ctl[3560]: EAL: Not managed by a supported kernel driver, skipped\n"
15593
"ovs-ctl[3560]: EAL: PCI device 0000:04:00.1 on NUMA socket 0\n"
15594
"ovs-ctl[3560]: EAL: probe driver: 8086:1528 rte_ixgbe_pmd\n"
15595
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140000000\n"
15596
"ovs-ctl[3560]: EAL: PCI memory mapped at 0x7f2140200000\n"
15597
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
15598
"ovs-vswitchd[3592]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
15599
"deviceID=0x1528\n"
15600
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): MAC: 4, PHY: 3\n"
15601
"ovs-ctl[3560]: PMD: eth_ixgbe_dev_init(): port 0 vendorID=0x8086 "
15602
"deviceID=0x1528\n"
15603
"ovs-ctl[3560]: Zone 0: name:<RG_MP_log_history>, phys:0x83fffdec0, "
15604
"len:0x2080, virt:0x7f213fffdec0, socket_id:0, flags:0\n"
15605
"ovs-ctl[3560]: Zone 1: name:<MP_log_history>, phys:0x83fd73d40, "
15606
"len:0x28a0c0, virt:0x7f213fd73d40, socket_id:0, flags:0\n"
15607
"ovs-ctl[3560]: Zone 2: name:<rte_eth_dev_data>, phys:0x83fd43380, "
15608
"len:0x2f700, virt:0x7f213fd43380, socket_id:0, flags:0\n"
15609
"ovs-ctl[3560]: * Starting ovs-vswitchd\n"
15610
"ovs-ctl[3560]: * Enabling remote OVSDB managers\n"
15611
"systemd[1]: Started Open vSwitch Internal Unit.\n"
15612
"systemd[1]: Starting Open vSwitch...\n"
15613
"systemd[1]: Started Open vSwitch.\n"
15614
"\n"
15615
"\n"
15616
"CMD: sudo ovs-vsctl add-br ovsdpdkbr0 -- set bridge ovsdpdkbr0 "
15617
"datapath_type=netdev\n"
15618
"\n"
15619
"SYSLOG:\n"
15620
"2016-01-22T08:58:56.344Z|00008|memory|INFO|37256 kB peak resident set size "
15621
"after 24.5 seconds\n"
15622
"2016-01-22T08:58:56.346Z|00009|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15623
"supports recirculation\n"
15624
"2016-01-22T08:58:56.346Z|00010|ofproto_dpif|INFO|netdev@ovs-netdev: MPLS "
15625
"label stack length probed as 3\n"
15626
"2016-01-22T08:58:56.346Z|00011|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15627
"supports unique flow ids\n"
15628
"2016-01-22T08:58:56.346Z|00012|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15629
"does not support ct_state\n"
15630
"2016-01-22T08:58:56.346Z|00013|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15631
"does not support ct_zone\n"
15632
"2016-01-22T08:58:56.346Z|00014|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15633
"does not support ct_mark\n"
15634
"2016-01-22T08:58:56.346Z|00015|ofproto_dpif|INFO|netdev@ovs-netdev: Datapath "
15635
"does not support ct_label\n"
15636
"2016-01-22T08:58:56.360Z|00016|bridge|INFO|bridge ovsdpdkbr0: added "
15637
"interface ovsdpdkbr0 on port 65534\n"
15638
"2016-01-22T08:58:56.361Z|00017|bridge|INFO|bridge ovsdpdkbr0: using datapath "
15639
"ID 00005a4a1ed0a14d\n"
15640
"2016-01-22T08:58:56.361Z|00018|connmgr|INFO|ovsdpdkbr0: added service "
15641
"controller \"punix:/var/run/openvswitch/ovsdpdkbr0.mgmt\"\n"
15642
"\n"
15643
"OVS-LOG:\n"
15644
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-br ovsdpdkbr0 -- set "
15645
"bridge ovsdpdkbr0 datapath_type=netdev\n"
15646
"systemd-udevd[3607]: Could not generate persistent MAC address for ovs-"
15647
"netdev: No such file or directory\n"
15648
"kernel: [50165.886554] device ovs-netdev entered promiscuous mode\n"
15649
"kernel: [50165.901261] device ovsdpdkbr0 entered promiscuous mode\n"
15650
"\n"
15651
"\n"
15652
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 dpdk0 -- set Interface dpdk0 "
15653
"type=dpdk\n"
15654
"\n"
15655
"SYSLOG:\n"
15656
"2016-01-22T08:59:06.369Z|00019|memory|INFO|peak resident set size grew 155% "
15657
"in last 10.0 seconds, from 37256 kB to 95008 kB\n"
15658
"2016-01-22T08:59:06.369Z|00020|memory|INFO|handlers:4 ports:1 revalidators:2 "
15659
"rules:5\n"
15660
"2016-01-22T08:59:30.989Z|00021|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
15661
"2016-01-22T08:59:31.520Z|00022|dpdk|INFO|Port 0: 8c:dc:d4:b3:6d:e9\n"
15662
"2016-01-22T08:59:31.521Z|00023|dpif_netdev|INFO|Created 1 pmd threads on "
15663
"numa node 0\n"
15664
"2016-01-22T08:59:31.522Z|00001|dpif_netdev(pmd16)|INFO|Core 0 processing "
15665
"port 'dpdk0'\n"
15666
"2016-01-22T08:59:31.522Z|00024|bridge|INFO|bridge ovsdpdkbr0: added "
15667
"interface dpdk0 on port 1\n"
15668
"2016-01-22T08:59:31.522Z|00025|bridge|INFO|bridge ovsdpdkbr0: using datapath "
15669
"ID 00008cdcd4b36de9\n"
15670
"2016-01-22T08:59:31.523Z|00002|dpif_netdev(pmd16)|INFO|Core 0 processing "
15671
"port 'dpdk0'\n"
15672
"\n"
15673
"OVS-LOG:\n"
15674
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
15675
"dpdk0 -- set Interface dpdk0 type=dpdk\n"
15676
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
15677
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
15678
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15679
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15680
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
15681
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
15682
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
15683
"make sure RX burst size no less than 4 (port=0).\n"
15684
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a79ebc0 "
15685
"hw_ring=0x7f211a7a6c00 dma_addr=0x81a7a6c00\n"
15686
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15687
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15688
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a76e4c0 "
15689
"hw_ring=0x7f211a776500 dma_addr=0x81a776500\n"
15690
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15691
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15692
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a756440 "
15693
"hw_ring=0x7f211a75e480 dma_addr=0x81a75e480\n"
15694
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15695
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15696
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a73e3c0 "
15697
"hw_ring=0x7f211a746400 dma_addr=0x81a746400\n"
15698
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15699
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15700
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a726340 "
15701
"hw_ring=0x7f211a72e380 dma_addr=0x81a72e380\n"
15702
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15703
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15704
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a70e2c0 "
15705
"hw_ring=0x7f211a716300 dma_addr=0x81a716300\n"
15706
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15707
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15708
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6f6240 "
15709
"hw_ring=0x7f211a6fe280 dma_addr=0x81a6fe280\n"
15710
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15711
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15712
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6de1c0 "
15713
"hw_ring=0x7f211a6e6200 dma_addr=0x81a6e6200\n"
15714
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15715
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15716
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6c6140 "
15717
"hw_ring=0x7f211a6ce180 dma_addr=0x81a6ce180\n"
15718
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15719
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15720
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a6ae0c0 "
15721
"hw_ring=0x7f211a6b6100 dma_addr=0x81a6b6100\n"
15722
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15723
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15724
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a696040 "
15725
"hw_ring=0x7f211a69e080 dma_addr=0x81a69e080\n"
15726
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15727
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15728
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a67dfc0 "
15729
"hw_ring=0x7f211a686000 dma_addr=0x81a686000\n"
15730
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15731
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15732
"ovs-vswitchd[3595]: PMD: ixgbe_dev_tx_queue_setup(): sw_ring=0x7f211a665e40 "
15733
"hw_ring=0x7f211a66de80 dma_addr=0x81a66de80\n"
15734
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Using simple tx code path\n"
15735
"ovs-vswitchd[3595]: PMD: ixgbe_set_tx_function(): Vector tx enabled.\n"
15736
"ovs-vswitchd[3595]: PMD: ixgbe_dev_rx_queue_setup(): sw_ring=0x7f211a78a6c0 "
15737
"sw_sc_ring=0x7f211a786580 hw_ring=0x7f211a78e800 dma_addr=0x81a78e800\n"
15738
"ovs-vswitchd[3595]: PMD: ixgbe_set_rx_function(): Vector rx enabled, please "
15739
"make sure RX burst size no less than 4 (port=0).\n"
15740
"\n"
15741
"\n"
15742
"CMD: sudo ovs-vsctl add-port ovsdpdkbr0 vhost-user-1 -- set Interface vhost-"
15743
"user-1 type=dpdkvhostuser\n"
15744
"\n"
15745
"OVS-LOG:\n"
15746
"2016-01-22T09:00:35.145Z|00026|dpdk|INFO|Socket /var/run/openvswitch/vhost-"
15747
"user-1 created for vhost-user port vhost-user-1\n"
15748
"2016-01-22T09:00:35.145Z|00003|dpif_netdev(pmd16)|INFO|Core 0 processing "
15749
"port 'dpdk0'\n"
15750
"2016-01-22T09:00:35.145Z|00004|dpif_netdev(pmd16)|INFO|Core 0 processing "
15751
"port 'vhost-user-1'\n"
15752
"2016-01-22T09:00:35.145Z|00027|bridge|INFO|bridge ovsdpdkbr0: added "
15753
"interface vhost-user-1 on port 2\n"
15754
"\n"
15755
"SYSLOG:\n"
15756
"ovs-vsctl: ovs|00001|vsctl|INFO|Called as ovs-vsctl add-port ovsdpdkbr0 "
15757
"vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser\n"
15758
"ovs-vswitchd[3595]: VHOST_CONFIG: socket created, fd:46\n"
15759
"ovs-vswitchd[3595]: VHOST_CONFIG: bind to /var/run/openvswitch/vhost-user-1\n"
15760
"\n"
15761
"Eventually we can see the poll thread in top\n"
15762
" PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND\n"
15763
" 3595 root 10 -10 4975344 103936 9916 S 100.0 0.3 33:13.56 ovs-"
15764
"vswitchd\n"
15765
"\t\t "
15766
msgstr ""
15767
15768
#: serverguide/C/network-config.xml:1950(ulink)
15183
15769
msgid "DPDK Documentation"
15184
15770
msgstr ""
15185
15771
15186
#: serverguide/C/network-config.xml:1701(ulink)
15772
#: serverguide/C/network-config.xml:1955(ulink)
15187
15773
msgid "Release Notes matching the version packages in Ubuntu 16.04"
15188
15774
msgstr ""
15189
15775
15190
#: serverguide/C/network-config.xml:1706(ulink)
15776
#: serverguide/C/network-config.xml:1960(ulink)
15191
15777
msgid "Linux DPDK User Getting Started"
15192
15778
msgstr ""
15193
15779
15194
#: serverguide/C/network-config.xml:1711(ulink)
15780
#: serverguide/C/network-config.xml:1965(ulink)
15195
15781
msgid "EAL Command-line Options"
15196
15782
msgstr ""
15197
15783
15198
#: serverguide/C/network-config.xml:1716(ulink)
15784
#: serverguide/C/network-config.xml:1970(ulink)
15199
15785
msgid "DPDK Api Documentation"
15200
15786
msgstr ""
15201
15787
15202
#: serverguide/C/network-config.xml:1721(ulink)
15788
#: serverguide/C/network-config.xml:1975(ulink)
15203
15789
msgid "OpenVswitch DPDK installation"
15204
15790
msgstr ""
15205
15791
15206
#: serverguide/C/network-config.xml:1726(ulink)
15792
#: serverguide/C/network-config.xml:1980(ulink)
15207
15793
msgid "Wikipedias definition of DPDK"
15208
15794
msgstr ""
15209
15795
16219
16805
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
16220
16806
msgstr ""
16221
16807
16222
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3910(command)
16808
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3903(command)
16223
16809
msgid "sudo systemctl restart slapd.service"
16224
16810
msgstr ""
16225
16811
17708
18294
"specifically you want Samba to do for you and then configure it accordingly."
17709
18295
msgstr ""
17710
18296
17711
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3999(title)
18297
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:3992(title)
17712
18298
msgid "Software Installation"
17713
18299
msgstr ""
17714
18300
17960
18546
#: serverguide/C/network-auth.xml:2454(para)
17961
18547
msgid ""
17962
18548
"Next, configure the <application>smbldap-tools</application> package to "
17963
"match your environment. The package is supposed to come with a configuration "
17964
"helper script (smbldap-config.pl, formerly configure.pl) that will ask "
17965
"questions about the needed options but there is a <ulink "
17966
"url=\"https://bugs.launchpad.net/serverguide/+bug/997172\">bug</ulink> "
17967
"whereby it is not installed (but found in the source code; 'apt source "
17968
"smbldap-tools')."
17969
msgstr ""
17970
17971
#: serverguide/C/network-auth.xml:2461(para)
17972
msgid ""
17973
"To manually configure the package, you need to create and edit the files "
17974
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
17975
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
17976
msgstr ""
17977
17978
#: serverguide/C/network-auth.xml:2466(para)
18549
"match your environment. The package comes with a configuration helper "
18550
"script, smbldap-config.pl, that will ask questions."
18551
msgstr ""
18552
18553
#: serverguide/C/network-auth.xml:2459(para)
17979
18554
msgid ""
17980
18555
"The <application>smbldap-populate</application> script will then add the "
17981
18556
"LDAP objects required for Samba. It is a good idea to first make a backup of "
17982
18557
"your DIT using <application>slapcat</application>:"
17983
18558
msgstr ""
17984
18559
17985
#: serverguide/C/network-auth.xml:2472(command)
18560
#: serverguide/C/network-auth.xml:2465(command)
17986
18561
msgid "sudo slapcat -l backup.ldif"
17987
18562
msgstr ""
17988
18563
17989
#: serverguide/C/network-auth.xml:2475(para)
18564
#: serverguide/C/network-auth.xml:2468(para)
17990
18565
msgid "Once you have a backup proceed to populate your directory:"
17991
18566
msgstr ""
17992
18567
17993
#: serverguide/C/network-auth.xml:2480(command)
18568
#: serverguide/C/network-auth.xml:2473(command)
17994
18569
msgid "sudo smbldap-populate"
17995
18570
msgstr ""
17996
18571
17997
#: serverguide/C/network-auth.xml:2483(para)
18572
#: serverguide/C/network-auth.xml:2476(para)
17998
18573
msgid ""
17999
18574
"You can create a LDIF file containing the new Samba objects by executing "
18000
18575
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
18003
18578
"and import its data per usual."
18004
18579
msgstr ""
18005
18580
18006
#: serverguide/C/network-auth.xml:2489(para)
18581
#: serverguide/C/network-auth.xml:2482(para)
18007
18582
msgid ""
18008
18583
"Your LDAP directory now has the necessary information to authenticate Samba "
18009
18584
"users."
18010
18585
msgstr ""
18011
18586
18012
#: serverguide/C/network-auth.xml:2498(title) serverguide/C/network-auth.xml:4031(title)
18587
#: serverguide/C/network-auth.xml:2491(title) serverguide/C/network-auth.xml:4024(title)
18013
18588
msgid "Samba Configuration"
18014
18589
msgstr ""
18015
18590
18016
#: serverguide/C/network-auth.xml:2500(para)
18591
#: serverguide/C/network-auth.xml:2493(para)
18017
18592
msgid ""
18018
18593
"There are multiple ways to configure Samba. For details on some common "
18019
18594
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
18022
18597
"adding some ldap-related ones:"
18023
18598
msgstr ""
18024
18599
18025
#: serverguide/C/network-auth.xml:2506(programlisting)
18600
#: serverguide/C/network-auth.xml:2499(programlisting)
18026
18601
#, no-wrap
18027
18602
msgid ""
18028
18603
"\n"
18042
18617
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
18043
18618
msgstr ""
18044
18619
18045
#: serverguide/C/network-auth.xml:2523(para)
18620
#: serverguide/C/network-auth.xml:2516(para)
18046
18621
msgid "Change the values to match your environment."
18047
18622
msgstr ""
18048
18623
18049
#: serverguide/C/network-auth.xml:2527(para)
18624
#: serverguide/C/network-auth.xml:2520(para)
18050
18625
msgid "Restart <application>samba</application> to enable the new settings:"
18051
18626
msgstr ""
18052
18627
18053
#: serverguide/C/network-auth.xml:2535(para)
18628
#: serverguide/C/network-auth.xml:2528(para)
18054
18629
msgid ""
18055
18630
"Now inform Samba about the rootDN user's password (the one set during the "
18056
18631
"installation of the slapd package):"
18057
18632
msgstr ""
18058
18633
18059
#: serverguide/C/network-auth.xml:2540(command)
18634
#: serverguide/C/network-auth.xml:2533(command)
18060
18635
msgid "sudo smbpasswd -w password"
18061
18636
msgstr ""
18062
18637
18063
#: serverguide/C/network-auth.xml:2543(para)
18638
#: serverguide/C/network-auth.xml:2536(para)
18064
18639
msgid ""
18065
18640
"If you have existing LDAP users that you want to include in your new LDAP-"
18066
18641
"backed Samba they will, of course, also need to be given some of the extra "
18070
18645
"<application>libnss-ldap</application>):"
18071
18646
msgstr ""
18072
18647
18073
#: serverguide/C/network-auth.xml:2551(command)
18648
#: serverguide/C/network-auth.xml:2544(command)
18074
18649
msgid "sudo smbpasswd -a username"
18075
18650
msgstr ""
18076
18651
18077
#: serverguide/C/network-auth.xml:2554(para)
18652
#: serverguide/C/network-auth.xml:2547(para)
18078
18653
msgid ""
18079
18654
"You will prompted to enter a password. It will be considered as the new "
18080
18655
"password for that user. Making it the same as before is reasonable."
18081
18656
msgstr ""
18082
18657
18083
#: serverguide/C/network-auth.xml:2558(para)
18658
#: serverguide/C/network-auth.xml:2551(para)
18084
18659
msgid ""
18085
18660
"To manage user, group, and machine accounts use the utilities provided by "
18086
18661
"the <application>smbldap-tools</application> package. Here are some examples:"
18087
18662
msgstr ""
18088
18663
18089
#: serverguide/C/network-auth.xml:2566(para)
18664
#: serverguide/C/network-auth.xml:2559(para)
18090
18665
msgid "To add a new user:"
18091
18666
msgstr ""
18092
18667
18093
#: serverguide/C/network-auth.xml:2571(command)
18668
#: serverguide/C/network-auth.xml:2564(command)
18094
18669
msgid "sudo smbldap-useradd -a -P username"
18095
18670
msgstr ""
18096
18671
18097
#: serverguide/C/network-auth.xml:2574(para)
18672
#: serverguide/C/network-auth.xml:2567(para)
18098
18673
msgid ""
18099
18674
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
18100
18675
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
18102
18677
"a password for the user."
18103
18678
msgstr ""
18104
18679
18105
#: serverguide/C/network-auth.xml:2581(para)
18680
#: serverguide/C/network-auth.xml:2574(para)
18106
18681
msgid "To remove a user:"
18107
18682
msgstr ""
18108
18683
18109
#: serverguide/C/network-auth.xml:2586(command)
18684
#: serverguide/C/network-auth.xml:2579(command)
18110
18685
msgid "sudo smbldap-userdel username"
18111
18686
msgstr ""
18112
18687
18113
#: serverguide/C/network-auth.xml:2589(para)
18688
#: serverguide/C/network-auth.xml:2582(para)
18114
18689
msgid ""
18115
18690
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
18116
18691
"user's home directory."
18117
18692
msgstr ""
18118
18693
18119
#: serverguide/C/network-auth.xml:2595(para)
18694
#: serverguide/C/network-auth.xml:2588(para)
18120
18695
msgid "To add a group:"
18121
18696
msgstr ""
18122
18697
18123
#: serverguide/C/network-auth.xml:2600(command)
18698
#: serverguide/C/network-auth.xml:2593(command)
18124
18699
msgid "sudo smbldap-groupadd -a groupname"
18125
18700
msgstr ""
18126
18701
18127
#: serverguide/C/network-auth.xml:2603(para)
18702
#: serverguide/C/network-auth.xml:2596(para)
18128
18703
msgid ""
18129
18704
"As for <application>smbldap-useradd</application>, the <emphasis>-"
18130
18705
"a</emphasis> adds the Samba attributes."
18131
18706
msgstr ""
18132
18707
18133
#: serverguide/C/network-auth.xml:2609(para)
18708
#: serverguide/C/network-auth.xml:2602(para)
18134
18709
msgid "To make an existing user a member of a group:"
18135
18710
msgstr ""
18136
18711
18137
#: serverguide/C/network-auth.xml:2614(command)
18712
#: serverguide/C/network-auth.xml:2607(command)
18138
18713
msgid "sudo smbldap-groupmod -m username groupname"
18139
18714
msgstr ""
18140
18715
18141
#: serverguide/C/network-auth.xml:2617(para)
18716
#: serverguide/C/network-auth.xml:2610(para)
18142
18717
msgid ""
18143
18718
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
18144
18719
"listing them in comma-separated format."
18145
18720
msgstr ""
18146
18721
18147
#: serverguide/C/network-auth.xml:2623(para)
18722
#: serverguide/C/network-auth.xml:2616(para)
18148
18723
msgid "To remove a user from a group:"
18149
18724
msgstr ""
18150
18725
18151
#: serverguide/C/network-auth.xml:2628(command)
18726
#: serverguide/C/network-auth.xml:2621(command)
18152
18727
msgid "sudo smbldap-groupmod -x username groupname"
18153
18728
msgstr ""
18154
18729
18155
#: serverguide/C/network-auth.xml:2634(para)
18730
#: serverguide/C/network-auth.xml:2627(para)
18156
18731
msgid "To add a Samba machine account:"
18157
18732
msgstr ""
18158
18733
18159
#: serverguide/C/network-auth.xml:2639(command)
18734
#: serverguide/C/network-auth.xml:2632(command)
18160
18735
msgid "sudo smbldap-useradd -t 0 -w username"
18161
18736
msgstr ""
18162
18737
18163
#: serverguide/C/network-auth.xml:2642(para)
18738
#: serverguide/C/network-auth.xml:2635(para)
18164
18739
msgid ""
18165
18740
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
18166
18741
"<emphasis>-t 0</emphasis> option creates the machine account without a "
18170
18745
"<application>smbldap-useradd</application>."
18171
18746
msgstr ""
18172
18747
18173
#: serverguide/C/network-auth.xml:2651(para)
18748
#: serverguide/C/network-auth.xml:2644(para)
18174
18749
msgid ""
18175
18750
"There are utilities in the <application>smbldap-tools</application> package "
18176
18751
"that were not covered here. Here is a complete list:"
18177
18752
msgstr ""
18178
18753
18179
#: serverguide/C/network-auth.xml:2656(ulink)
18754
#: serverguide/C/network-auth.xml:2649(ulink)
18180
18755
msgid "smbldap-groupadd"
18181
18756
msgstr ""
18182
18757
18183
#: serverguide/C/network-auth.xml:2657(ulink)
18758
#: serverguide/C/network-auth.xml:2650(ulink)
18184
18759
msgid "smbldap-groupdel"
18185
18760
msgstr ""
18186
18761
18187
#: serverguide/C/network-auth.xml:2658(ulink)
18762
#: serverguide/C/network-auth.xml:2651(ulink)
18188
18763
msgid "smbldap-groupmod"
18189
18764
msgstr ""
18190
18765
18191
#: serverguide/C/network-auth.xml:2659(ulink)
18766
#: serverguide/C/network-auth.xml:2652(ulink)
18192
18767
msgid "smbldap-groupshow"
18193
18768
msgstr ""
18194
18769
18195
#: serverguide/C/network-auth.xml:2660(ulink)
18770
#: serverguide/C/network-auth.xml:2653(ulink)
18196
18771
msgid "smbldap-passwd"
18197
18772
msgstr ""
18198
18773
18199
#: serverguide/C/network-auth.xml:2661(ulink)
18774
#: serverguide/C/network-auth.xml:2654(ulink)
18200
18775
msgid "smbldap-populate"
18201
18776
msgstr ""
18202
18777
18203
#: serverguide/C/network-auth.xml:2662(ulink)
18778
#: serverguide/C/network-auth.xml:2655(ulink)
18204
18779
msgid "smbldap-useradd"
18205
18780
msgstr ""
18206
18781
18207
#: serverguide/C/network-auth.xml:2663(ulink)
18782
#: serverguide/C/network-auth.xml:2656(ulink)
18208
18783
msgid "smbldap-userdel"
18209
18784
msgstr ""
18210
18785
18211
#: serverguide/C/network-auth.xml:2664(ulink)
18786
#: serverguide/C/network-auth.xml:2657(ulink)
18212
18787
msgid "smbldap-userinfo"
18213
18788
msgstr ""
18214
18789
18215
#: serverguide/C/network-auth.xml:2665(ulink)
18790
#: serverguide/C/network-auth.xml:2658(ulink)
18216
18791
msgid "smbldap-userlist"
18217
18792
msgstr ""
18218
18793
18219
#: serverguide/C/network-auth.xml:2666(ulink)
18794
#: serverguide/C/network-auth.xml:2659(ulink)
18220
18795
msgid "smbldap-usermod"
18221
18796
msgstr ""
18222
18797
18223
#: serverguide/C/network-auth.xml:2667(ulink)
18798
#: serverguide/C/network-auth.xml:2660(ulink)
18224
18799
msgid "smbldap-usershow"
18225
18800
msgstr ""
18226
18801
18227
#: serverguide/C/network-auth.xml:2678(para)
18802
#: serverguide/C/network-auth.xml:2671(para)
18228
18803
msgid ""
18229
18804
"For more information on installing and configuring Samba see <xref "
18230
18805
"linkend=\"samba\"/> of this Ubuntu Server Guide."
18231
18806
msgstr ""
18232
18807
18233
#: serverguide/C/network-auth.xml:2684(para)
18808
#: serverguide/C/network-auth.xml:2677(para)
18234
18809
msgid ""
18235
18810
"There are multiple places where LDAP and Samba is documented in the upstream "
18236
18811
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
18237
18812
"HOWTO Collection</ulink>."
18238
18813
msgstr ""
18239
18814
18240
#: serverguide/C/network-auth.xml:2691(para)
18815
#: serverguide/C/network-auth.xml:2684(para)
18241
18816
msgid ""
18242
18817
"Regarding the above, see specifically the <ulink "
18243
18818
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
18244
18819
"Collection/passdb.html\">passdb section</ulink>."
18245
18820
msgstr ""
18246
18821
18247
#: serverguide/C/network-auth.xml:2697(para)
18822
#: serverguide/C/network-auth.xml:2690(para)
18248
18823
msgid ""
18249
18824
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
18250
18825
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
18251
18826
"valuable notes."
18252
18827
msgstr ""
18253
18828
18254
#: serverguide/C/network-auth.xml:2703(para)
18829
#: serverguide/C/network-auth.xml:2696(para)
18255
18830
msgid ""
18256
18831
"The main page of the <ulink "
18257
18832
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
18259
18834
"prove useful."
18260
18835
msgstr ""
18261
18836
18262
#: serverguide/C/network-auth.xml:2716(title)
18837
#: serverguide/C/network-auth.xml:2709(title)
18263
18838
msgid "Kerberos"
18264
18839
msgstr "Kerberos"
18265
18840
18266
#: serverguide/C/network-auth.xml:2718(para)
18841
#: serverguide/C/network-auth.xml:2711(para)
18267
18842
msgid ""
18268
18843
"<application>Kerberos</application> is a network authentication system based "
18269
18844
"on the principal of a trusted third party. The other two parties being the "
18272
18847
"network environment one step closer to being Single Sign On (SSO)."
18273
18848
msgstr ""
18274
18849
18275
#: serverguide/C/network-auth.xml:2724(para)
18850
#: serverguide/C/network-auth.xml:2717(para)
18276
18851
msgid ""
18277
18852
"This section covers installation and configuration of a Kerberos server, and "
18278
18853
"some example client configurations."
18279
18854
msgstr ""
18280
18855
18281
#: serverguide/C/network-auth.xml:2729(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
18856
#: serverguide/C/network-auth.xml:2722(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:916(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
18282
18857
msgid "Overview"
18283
18858
msgstr ""
18284
18859
18285
#: serverguide/C/network-auth.xml:2731(para)
18860
#: serverguide/C/network-auth.xml:2724(para)
18286
18861
msgid ""
18287
18862
"If you are new to Kerberos there are a few terms that are good to understand "
18288
18863
"before setting up a Kerberos server. Most of the terms will relate to things "
18289
18864
"you may be familiar with in other environments:"
18290
18865
msgstr ""
18291
18866
18292
#: serverguide/C/network-auth.xml:2738(para)
18867
#: serverguide/C/network-auth.xml:2731(para)
18293
18868
msgid ""
18294
18869
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
18295
18870
"by servers need to be defined as Kerberos Principals."
18296
18871
msgstr ""
18297
18872
18298
#: serverguide/C/network-auth.xml:2743(para)
18873
#: serverguide/C/network-auth.xml:2736(para)
18299
18874
msgid ""
18300
18875
"<emphasis>Instances:</emphasis> are used for service principals and special "
18301
18876
"administrative principals."
18302
18877
msgstr ""
18303
18878
18304
#: serverguide/C/network-auth.xml:2748(para)
18879
#: serverguide/C/network-auth.xml:2741(para)
18305
18880
msgid ""
18306
18881
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
18307
18882
"Kerberos installation. Think of it as the domain or group your hosts and "
18310
18885
"as the realm."
18311
18886
msgstr ""
18312
18887
18313
#: serverguide/C/network-auth.xml:2757(para)
18888
#: serverguide/C/network-auth.xml:2750(para)
18314
18889
msgid ""
18315
18890
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
18316
18891
"a database of all principals, the authentication server, and the ticket "
18317
18892
"granting server. For each realm there must be at least one KDC."
18318
18893
msgstr ""
18319
18894
18320
#: serverguide/C/network-auth.xml:2763(para)
18895
#: serverguide/C/network-auth.xml:2756(para)
18321
18896
msgid ""
18322
18897
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
18323
18898
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
18324
18899
"password which is known only to the user and the KDC."
18325
18900
msgstr ""
18326
18901
18327
#: serverguide/C/network-auth.xml:2769(para)
18902
#: serverguide/C/network-auth.xml:2762(para)
18328
18903
msgid ""
18329
18904
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
18330
18905
"clients upon request."
18331
18906
msgstr ""
18332
18907
18333
#: serverguide/C/network-auth.xml:2774(para)
18908
#: serverguide/C/network-auth.xml:2767(para)
18334
18909
msgid ""
18335
18910
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
18336
18911
"One principal being a user and the other a service requested by the user. "
18338
18913
"authenticated session."
18339
18914
msgstr ""
18340
18915
18341
#: serverguide/C/network-auth.xml:2780(para)
18916
#: serverguide/C/network-auth.xml:2773(para)
18342
18917
msgid ""
18343
18918
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
18344
18919
"principal database and contain the encryption key for a service or host."
18345
18920
msgstr ""
18346
18921
18347
#: serverguide/C/network-auth.xml:2787(para)
18922
#: serverguide/C/network-auth.xml:2780(para)
18348
18923
msgid ""
18349
18924
"To put the pieces together, a Realm has at least one KDC, preferably more "
18350
18925
"for redundancy, which contains a database of Principals. When a user "
18356
18931
"entering another username and password."
18357
18932
msgstr ""
18358
18933
18359
#: serverguide/C/network-auth.xml:2796(title)
18934
#: serverguide/C/network-auth.xml:2789(title)
18360
18935
msgid "Kerberos Server"
18361
18936
msgstr ""
18362
18937
18363
#: serverguide/C/network-auth.xml:2800(para)
18938
#: serverguide/C/network-auth.xml:2793(para)
18364
18939
msgid ""
18365
18940
"For this discussion, we will create a MIT Kerberos domain with the following "
18366
18941
"features (edit them to fit your needs):"
18367
18942
msgstr ""
18368
18943
18369
#: serverguide/C/network-auth.xml:2807(para)
18944
#: serverguide/C/network-auth.xml:2800(para)
18370
18945
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
18371
18946
msgstr ""
18372
18947
18373
#: serverguide/C/network-auth.xml:2812(para)
18948
#: serverguide/C/network-auth.xml:2805(para)
18374
18949
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
18375
18950
msgstr ""
18376
18951
18377
#: serverguide/C/network-auth.xml:2817(para)
18952
#: serverguide/C/network-auth.xml:2810(para)
18378
18953
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
18379
18954
msgstr ""
18380
18955
18381
#: serverguide/C/network-auth.xml:2822(para)
18956
#: serverguide/C/network-auth.xml:2815(para)
18382
18957
msgid "<emphasis>User principal:</emphasis> steve"
18383
18958
msgstr ""
18384
18959
18960
#: serverguide/C/network-auth.xml:2820(para)
18961
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
18962
msgstr ""
18963
18385
18964
#: serverguide/C/network-auth.xml:2827(para)
18386
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
18387
msgstr ""
18388
18389
#: serverguide/C/network-auth.xml:2834(para)
18390
18965
msgid ""
18391
18966
"It is <emphasis>strongly</emphasis> recommended that your network-"
18392
18967
"authenticated users have their uid in a different range (say, starting at "
18393
18968
"5000) than that of your local users."
18394
18969
msgstr ""
18395
18970
18396
#: serverguide/C/network-auth.xml:2840(para)
18971
#: serverguide/C/network-auth.xml:2833(para)
18397
18972
msgid ""
18398
18973
"Before installing the Kerberos server a properly configured DNS server is "
18399
18974
"needed for your domain. Since the Kerberos Realm by convention matches the "
18402
18977
"documentation."
18403
18978
msgstr ""
18404
18979
18405
#: serverguide/C/network-auth.xml:2846(para)
18980
#: serverguide/C/network-auth.xml:2839(para)
18406
18981
msgid ""
18407
18982
"Also, Kerberos is a time sensitive protocol. So if the local system time "
18408
18983
"between a client machine and the server differs by more than five minutes "
18412
18987
"setting up NTP see <xref linkend=\"NTP\"/>."
18413
18988
msgstr ""
18414
18989
18415
#: serverguide/C/network-auth.xml:2854(para)
18990
#: serverguide/C/network-auth.xml:2847(para)
18416
18991
msgid ""
18417
18992
"The first step in creating a Kerberos Realm is to install the "
18418
18993
"<application>krb5-kdc</application> and <application>krb5-admin-"
18419
18994
"server</application> packages. From a terminal enter:"
18420
18995
msgstr ""
18421
18996
18422
#: serverguide/C/network-auth.xml:2860(command) serverguide/C/network-auth.xml:3067(command)
18997
#: serverguide/C/network-auth.xml:2853(command) serverguide/C/network-auth.xml:3060(command)
18423
18998
msgid "sudo apt install krb5-kdc krb5-admin-server"
18424
18999
msgstr ""
18425
19000
18426
#: serverguide/C/network-auth.xml:2863(para)
19001
#: serverguide/C/network-auth.xml:2856(para)
18427
19002
msgid ""
18428
19003
"You will be asked at the end of the install to supply the hostname for the "
18429
19004
"Kerberos and Admin servers, which may or may not be the same server, for the "
18430
19005
"realm."
18431
19006
msgstr ""
18432
19007
18433
#: serverguide/C/network-auth.xml:2870(para)
19008
#: serverguide/C/network-auth.xml:2863(para)
18434
19009
msgid "By default the realm is created from the KDC's domain name."
18435
19010
msgstr ""
18436
19011
18437
#: serverguide/C/network-auth.xml:2875(para)
19012
#: serverguide/C/network-auth.xml:2868(para)
18438
19013
msgid ""
18439
19014
"Next, create the new realm with the <application>kdb5_newrealm</application> "
18440
19015
"utility:"
18441
19016
msgstr ""
18442
19017
18443
#: serverguide/C/network-auth.xml:2880(command)
19018
#: serverguide/C/network-auth.xml:2873(command)
18444
19019
msgid "sudo krb5_newrealm"
18445
19020
msgstr ""
18446
19021
18447
#: serverguide/C/network-auth.xml:2887(para)
19022
#: serverguide/C/network-auth.xml:2880(para)
18448
19023
msgid ""
18449
19024
"The questions asked during installation are used to configure the "
18450
19025
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
18454
19029
"typing"
18455
19030
msgstr ""
18456
19031
18457
#: serverguide/C/network-auth.xml:2894(command)
19032
#: serverguide/C/network-auth.xml:2887(command)
18458
19033
msgid "sudo dpkg-reconfigure krb5-kdc"
18459
19034
msgstr ""
18460
19035
18461
#: serverguide/C/network-auth.xml:2900(para)
19036
#: serverguide/C/network-auth.xml:2893(para)
18462
19037
msgid ""
18463
19038
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
18464
19039
"principal</emphasis> -- is needed. It is recommended to use a different "
18466
19041
"<application>kadmin.local</application> utility in a terminal prompt enter:"
18467
19042
msgstr ""
18468
19043
18469
#: serverguide/C/network-auth.xml:2908(command) serverguide/C/network-auth.xml:3778(command)
19044
#: serverguide/C/network-auth.xml:2901(command) serverguide/C/network-auth.xml:3771(command)
18470
19045
msgid "sudo kadmin.local"
18471
19046
msgstr ""
18472
19047
18473
#: serverguide/C/network-auth.xml:2909(computeroutput)
19048
#: serverguide/C/network-auth.xml:2902(computeroutput)
18474
19049
#, no-wrap
18475
19050
msgid ""
18476
19051
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
18477
19052
"kadmin.local:"
18478
19053
msgstr ""
18479
19054
18480
#: serverguide/C/network-auth.xml:2910(userinput)
19055
#: serverguide/C/network-auth.xml:2903(userinput)
18481
19056
#, no-wrap
18482
19057
msgid " addprinc steve/admin"
18483
19058
msgstr ""
18484
19059
18485
#: serverguide/C/network-auth.xml:2911(computeroutput)
19060
#: serverguide/C/network-auth.xml:2904(computeroutput)
18486
19061
#, no-wrap
18487
19062
msgid ""
18488
19063
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
18493
19068
"kadmin.local:"
18494
19069
msgstr ""
18495
19070
18496
#: serverguide/C/network-auth.xml:2915(userinput)
19071
#: serverguide/C/network-auth.xml:2908(userinput)
18497
19072
#, no-wrap
18498
19073
msgid " quit"
18499
19074
msgstr ""
18500
19075
18501
#: serverguide/C/network-auth.xml:2918(para)
19076
#: serverguide/C/network-auth.xml:2911(para)
18502
19077
msgid ""
18503
19078
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
18504
19079
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
18510
19085
"rights."
18511
19086
msgstr ""
18512
19087
18513
#: serverguide/C/network-auth.xml:2928(para)
19088
#: serverguide/C/network-auth.xml:2921(para)
18514
19089
msgid ""
18515
19090
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
18516
19091
"your Realm and admin username."
18517
19092
msgstr ""
18518
19093
18519
#: serverguide/C/network-auth.xml:2936(para)
19094
#: serverguide/C/network-auth.xml:2929(para)
18520
19095
msgid ""
18521
19096
"Next, the new admin user needs to have the appropriate Access Control List "
18522
19097
"(ACL) permissions. The permissions are configured in the "
18523
19098
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
18524
19099
msgstr ""
18525
19100
18526
#: serverguide/C/network-auth.xml:2941(programlisting)
19101
#: serverguide/C/network-auth.xml:2934(programlisting)
18527
19102
#, no-wrap
18528
19103
msgid ""
18529
19104
"\n"
18530
19105
"steve/admin@EXAMPLE.COM *\n"
18531
19106
msgstr ""
18532
19107
18533
#: serverguide/C/network-auth.xml:2945(para)
19108
#: serverguide/C/network-auth.xml:2938(para)
18534
19109
msgid ""
18535
19110
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
18536
19111
"any operation on all principals in the realm. You can configure principals "
18539
19114
"<emphasis>kadm5.acl</emphasis> man page for details."
18540
19115
msgstr ""
18541
19116
18542
#: serverguide/C/network-auth.xml:2957(para)
19117
#: serverguide/C/network-auth.xml:2950(para)
18543
19118
msgid ""
18544
19119
"Now restart the <application>krb5-admin-server</application> for the new ACL "
18545
19120
"to take affect:"
18546
19121
msgstr ""
18547
19122
18548
#: serverguide/C/network-auth.xml:2962(command)
19123
#: serverguide/C/network-auth.xml:2955(command)
18549
19124
msgid "sudo systemctl restart krb5-admin-server.service"
18550
19125
msgstr ""
18551
19126
18552
#: serverguide/C/network-auth.xml:2968(para)
19127
#: serverguide/C/network-auth.xml:2961(para)
18553
19128
msgid ""
18554
19129
"The new user principal can be tested using the <application>kinit "
18555
19130
"utility</application>:"
18556
19131
msgstr ""
18557
19132
18558
#: serverguide/C/network-auth.xml:2973(command)
19133
#: serverguide/C/network-auth.xml:2966(command)
18559
19134
msgid "kinit steve/admin"
18560
19135
msgstr ""
18561
19136
18562
#: serverguide/C/network-auth.xml:2974(computeroutput)
19137
#: serverguide/C/network-auth.xml:2967(computeroutput)
18563
19138
#, no-wrap
18564
19139
msgid "steve/admin@EXAMPLE.COM's Password:"
18565
19140
msgstr ""
18566
19141
18567
#: serverguide/C/network-auth.xml:2977(para)
19142
#: serverguide/C/network-auth.xml:2970(para)
18568
19143
msgid ""
18569
19144
"After entering the password, use the <application>klist</application> "
18570
19145
"utility to view information about the Ticket Granting Ticket (TGT):"
18571
19146
msgstr ""
18572
19147
18573
#: serverguide/C/network-auth.xml:2983(command) serverguide/C/network-auth.xml:3360(command)
19148
#: serverguide/C/network-auth.xml:2976(command) serverguide/C/network-auth.xml:3353(command)
18574
19149
msgid "klist"
18575
19150
msgstr ""
18576
19151
18577
#: serverguide/C/network-auth.xml:2984(computeroutput)
19152
#: serverguide/C/network-auth.xml:2977(computeroutput)
18578
19153
#, no-wrap
18579
19154
msgid ""
18580
19155
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
18584
19159
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
18585
19160
msgstr ""
18586
19161
18587
#: serverguide/C/network-auth.xml:2991(para)
19162
#: serverguide/C/network-auth.xml:2984(para)
18588
19163
msgid ""
18589
19164
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
18590
19165
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
18593
19168
"For example:"
18594
19169
msgstr ""
18595
19170
18596
#: serverguide/C/network-auth.xml:3000(programlisting)
19171
#: serverguide/C/network-auth.xml:2993(programlisting)
18597
19172
#, no-wrap
18598
19173
msgid ""
18599
19174
"\n"
18600
19175
"192.168.0.1 kdc01.example.com kdc01\n"
18601
19176
msgstr ""
18602
19177
18603
#: serverguide/C/network-auth.xml:3004(para)
19178
#: serverguide/C/network-auth.xml:2997(para)
18604
19179
msgid ""
18605
19180
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
18606
19181
"This usually happens when you have a Kerberos realm encompassing different "
18607
19182
"networks separated by routers."
18608
19183
msgstr ""
18609
19184
18610
#: serverguide/C/network-auth.xml:3013(para)
19185
#: serverguide/C/network-auth.xml:3006(para)
18611
19186
msgid ""
18612
19187
"The best way to allow clients to automatically determine the KDC for the "
18613
19188
"Realm is using DNS SRV records. Add the following to "
18614
19189
"<filename>/etc/named/db.example.com</filename>:"
18615
19190
msgstr ""
18616
19191
18617
#: serverguide/C/network-auth.xml:3019(programlisting)
19192
#: serverguide/C/network-auth.xml:3012(programlisting)
18618
19193
#, no-wrap
18619
19194
msgid ""
18620
19195
"\n"
18626
19201
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
18627
19202
msgstr ""
18628
19203
18629
#: serverguide/C/network-auth.xml:3029(para)
19204
#: serverguide/C/network-auth.xml:3022(para)
18630
19205
msgid ""
18631
19206
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
18632
19207
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
18633
19208
"KDC."
18634
19209
msgstr ""
18635
19210
19211
#: serverguide/C/network-auth.xml:3028(para)
19212
msgid ""
19213
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
19214
msgstr ""
19215
18636
19216
#: serverguide/C/network-auth.xml:3035(para)
18637
msgid ""
18638
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
18639
msgstr ""
18640
18641
#: serverguide/C/network-auth.xml:3042(para)
18642
19217
msgid "Your new Kerberos Realm is now ready to authenticate clients."
18643
19218
msgstr ""
18644
19219
18645
#: serverguide/C/network-auth.xml:3049(title)
19220
#: serverguide/C/network-auth.xml:3042(title)
18646
19221
msgid "Secondary KDC"
18647
19222
msgstr ""
18648
19223
18649
#: serverguide/C/network-auth.xml:3051(para)
19224
#: serverguide/C/network-auth.xml:3044(para)
18650
19225
msgid ""
18651
19226
"Once you have one Key Distribution Center (KDC) on your network, it is good "
18652
19227
"practice to have a Secondary KDC in case the primary becomes unavailable. "
18655
19230
"of those networks."
18656
19231
msgstr ""
18657
19232
18658
#: serverguide/C/network-auth.xml:3062(para)
19233
#: serverguide/C/network-auth.xml:3055(para)
18659
19234
msgid ""
18660
19235
"First, install the packages, and when asked for the Kerberos and Admin "
18661
19236
"server names enter the name of the Primary KDC:"
18662
19237
msgstr ""
18663
19238
18664
#: serverguide/C/network-auth.xml:3073(para)
19239
#: serverguide/C/network-auth.xml:3066(para)
18665
19240
msgid ""
18666
19241
"Once you have the packages installed, create the Secondary KDC's host "
18667
19242
"principal. From a terminal prompt, enter:"
18668
19243
msgstr ""
18669
19244
18670
#: serverguide/C/network-auth.xml:3078(command)
19245
#: serverguide/C/network-auth.xml:3071(command)
18671
19246
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
18672
19247
msgstr ""
18673
19248
18674
#: serverguide/C/network-auth.xml:3082(para)
19249
#: serverguide/C/network-auth.xml:3075(para)
18675
19250
msgid ""
18676
19251
"After, issuing any <application>kadmin</application> commands you will be "
18677
19252
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
18678
19253
"password."
18679
19254
msgstr ""
18680
19255
18681
#: serverguide/C/network-auth.xml:3091(para)
19256
#: serverguide/C/network-auth.xml:3084(para)
18682
19257
msgid "Extract the <emphasis>keytab</emphasis> file:"
18683
19258
msgstr ""
18684
19259
18685
#: serverguide/C/network-auth.xml:3096(command)
19260
#: serverguide/C/network-auth.xml:3089(command)
18686
19261
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
18687
19262
msgstr ""
18688
19263
18689
#: serverguide/C/network-auth.xml:3102(para)
19264
#: serverguide/C/network-auth.xml:3095(para)
18690
19265
msgid ""
18691
19266
"There should now be a <filename>keytab.kdc02</filename> in the current "
18692
19267
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
18693
19268
msgstr ""
18694
19269
18695
#: serverguide/C/network-auth.xml:3108(command)
19270
#: serverguide/C/network-auth.xml:3101(command)
18696
19271
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
18697
19272
msgstr ""
18698
19273
18699
#: serverguide/C/network-auth.xml:3112(para)
19274
#: serverguide/C/network-auth.xml:3105(para)
18700
19275
msgid ""
18701
19276
"If the path to the <filename>keytab.kdc02</filename> file is different "
18702
19277
"adjust accordingly."
18703
19278
msgstr ""
18704
19279
18705
#: serverguide/C/network-auth.xml:3117(para)
19280
#: serverguide/C/network-auth.xml:3110(para)
18706
19281
msgid ""
18707
19282
"Also, you can list the principals in a Keytab file, which can be useful when "
18708
19283
"troubleshooting, using the <application>klist</application> utility:"
18709
19284
msgstr ""
18710
19285
18711
#: serverguide/C/network-auth.xml:3123(command)
19286
#: serverguide/C/network-auth.xml:3116(command)
18712
19287
msgid "sudo klist -k /etc/krb5.keytab"
18713
19288
msgstr ""
18714
19289
19290
#: serverguide/C/network-auth.xml:3119(para)
19291
msgid ""
19292
"The <application>-k</application> option indicates the file is a keytab file."
19293
msgstr ""
19294
18715
19295
#: serverguide/C/network-auth.xml:3126(para)
18716
19296
msgid ""
18717
"The <application>-k</application> option indicates the file is a keytab file."
18718
msgstr ""
18719
18720
#: serverguide/C/network-auth.xml:3133(para)
18721
msgid ""
18722
19297
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
18723
19298
"that lists all KDCs for the Realm. For example, on both primary and "
18724
19299
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
18725
19300
msgstr ""
18726
19301
18727
#: serverguide/C/network-auth.xml:3138(programlisting)
19302
#: serverguide/C/network-auth.xml:3131(programlisting)
18728
19303
#, no-wrap
18729
19304
msgid ""
18730
19305
"\n"
18732
19307
"host/kdc02.example.com@EXAMPLE.COM\n"
18733
19308
msgstr ""
18734
19309
18735
#: serverguide/C/network-auth.xml:3146(para)
19310
#: serverguide/C/network-auth.xml:3139(para)
18736
19311
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
18737
19312
msgstr ""
18738
19313
18739
#: serverguide/C/network-auth.xml:3151(command)
19314
#: serverguide/C/network-auth.xml:3144(command)
18740
19315
msgid "sudo kdb5_util -s create"
18741
19316
msgstr ""
18742
19317
18743
#: serverguide/C/network-auth.xml:3157(para)
19318
#: serverguide/C/network-auth.xml:3150(para)
18744
19319
msgid ""
18745
19320
"Now start the <application>kpropd</application> daemon, which listens for "
18746
19321
"connections from the <application>kprop</application> utility. "
18747
19322
"<application>kprop</application> is used to transfer dump files:"
18748
19323
msgstr ""
18749
19324
18750
#: serverguide/C/network-auth.xml:3164(command)
19325
#: serverguide/C/network-auth.xml:3157(command)
18751
19326
msgid "sudo kpropd -S"
18752
19327
msgstr ""
18753
19328
18754
#: serverguide/C/network-auth.xml:3170(para)
19329
#: serverguide/C/network-auth.xml:3163(para)
18755
19330
msgid ""
18756
19331
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
18757
19332
"of the principal database:"
18758
19333
msgstr ""
18759
19334
18760
#: serverguide/C/network-auth.xml:3175(command)
19335
#: serverguide/C/network-auth.xml:3168(command)
18761
19336
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
18762
19337
msgstr ""
18763
19338
18764
#: serverguide/C/network-auth.xml:3181(para)
19339
#: serverguide/C/network-auth.xml:3174(para)
18765
19340
msgid ""
18766
19341
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
18767
19342
"<filename>/etc/krb5.keytab</filename>:"
18768
19343
msgstr ""
18769
19344
18770
#: serverguide/C/network-auth.xml:3186(command)
19345
#: serverguide/C/network-auth.xml:3179(command)
18771
19346
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
18772
19347
msgstr ""
18773
19348
18774
#: serverguide/C/network-auth.xml:3187(command)
19349
#: serverguide/C/network-auth.xml:3180(command)
18775
19350
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
18776
19351
msgstr ""
18777
19352
18778
#: serverguide/C/network-auth.xml:3191(para)
19353
#: serverguide/C/network-auth.xml:3184(para)
18779
19354
msgid ""
18780
19355
"Make sure there is a <emphasis>host</emphasis> for "
18781
19356
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
18782
19357
msgstr ""
18783
19358
18784
#: serverguide/C/network-auth.xml:3199(para)
19359
#: serverguide/C/network-auth.xml:3192(para)
18785
19360
msgid ""
18786
19361
"Using the <application>kprop</application> utility push the database to the "
18787
19362
"Secondary KDC:"
18788
19363
msgstr ""
18789
19364
18790
#: serverguide/C/network-auth.xml:3204(command)
19365
#: serverguide/C/network-auth.xml:3197(command)
18791
19366
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
18792
19367
msgstr ""
18793
19368
18794
#: serverguide/C/network-auth.xml:3208(para)
19369
#: serverguide/C/network-auth.xml:3201(para)
18795
19370
msgid ""
18796
19371
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
18797
19372
"worked. If there is an error message check "
18799
19374
"information."
18800
19375
msgstr ""
18801
19376
18802
#: serverguide/C/network-auth.xml:3214(para)
19377
#: serverguide/C/network-auth.xml:3207(para)
18803
19378
msgid ""
18804
19379
"You may also want to create a <application>cron</application> job to "
18805
19380
"periodically update the database on the Secondary KDC. For example, the "
18807
19382
"split to fit the format of this document):"
18808
19383
msgstr ""
18809
19384
18810
#: serverguide/C/network-auth.xml:3219(programlisting)
19385
#: serverguide/C/network-auth.xml:3212(programlisting)
18811
19386
#, no-wrap
18812
19387
msgid ""
18813
19388
"\n"
18816
19391
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
18817
19392
msgstr ""
18818
19393
18819
#: serverguide/C/network-auth.xml:3228(para)
19394
#: serverguide/C/network-auth.xml:3221(para)
18820
19395
msgid ""
18821
19396
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
18822
19397
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
18823
19398
msgstr ""
18824
19399
18825
#: serverguide/C/network-auth.xml:3234(command)
19400
#: serverguide/C/network-auth.xml:3227(command)
18826
19401
msgid "sudo kdb5_util stash"
18827
19402
msgstr ""
18828
19403
18829
#: serverguide/C/network-auth.xml:3240(para)
19404
#: serverguide/C/network-auth.xml:3233(para)
18830
19405
msgid ""
18831
19406
"Finally, start the <application>krb5-kdc</application> daemon on the "
18832
19407
"Secondary KDC:"
18833
19408
msgstr ""
18834
19409
18835
#: serverguide/C/network-auth.xml:3245(command) serverguide/C/network-auth.xml:3921(command)
19410
#: serverguide/C/network-auth.xml:3238(command) serverguide/C/network-auth.xml:3914(command)
18836
19411
msgid "sudo systemctl start krb5-kdc.service"
18837
19412
msgstr ""
18838
19413
18839
#: serverguide/C/network-auth.xml:3251(para)
19414
#: serverguide/C/network-auth.xml:3244(para)
18840
19415
msgid ""
18841
19416
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
18842
19417
"for the Realm. You can test this by stopping the <application>krb5-"
18847
19422
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
18848
19423
msgstr ""
18849
19424
18850
#: serverguide/C/network-auth.xml:3262(title)
19425
#: serverguide/C/network-auth.xml:3255(title)
18851
19426
msgid "Kerberos Linux Client"
18852
19427
msgstr ""
18853
19428
18854
#: serverguide/C/network-auth.xml:3264(para)
19429
#: serverguide/C/network-auth.xml:3257(para)
18855
19430
msgid ""
18856
19431
"This section covers configuring a Linux system as a "
18857
19432
"<application>Kerberos</application> client. This will allow access to any "
18858
19433
"kerberized services once a user has successfully logged into the system."
18859
19434
msgstr ""
18860
19435
18861
#: serverguide/C/network-auth.xml:3272(para)
19436
#: serverguide/C/network-auth.xml:3265(para)
18862
19437
msgid ""
18863
19438
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
18864
19439
"user</application> and <application>libpam-krb5</application> packages are "
18867
19442
"prompt:"
18868
19443
msgstr ""
18869
19444
18870
#: serverguide/C/network-auth.xml:3279(command)
19445
#: serverguide/C/network-auth.xml:3272(command)
18871
19446
msgid ""
18872
19447
"sudo apt install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
18873
19448
msgstr ""
18874
19449
18875
#: serverguide/C/network-auth.xml:3282(para)
19450
#: serverguide/C/network-auth.xml:3275(para)
18876
19451
msgid ""
18877
19452
"The <application>auth-client-config</application> package allows simple "
18878
19453
"configuration of PAM for authentication from multiple sources, and the "
18883
19458
"be accessed off the network as well."
18884
19459
msgstr ""
18885
19460
18886
#: serverguide/C/network-auth.xml:3293(para)
19461
#: serverguide/C/network-auth.xml:3286(para)
18887
19462
msgid "To configure the client in a terminal enter:"
18888
19463
msgstr ""
18889
19464
18890
#: serverguide/C/network-auth.xml:3298(command)
19465
#: serverguide/C/network-auth.xml:3291(command)
18891
19466
msgid "sudo dpkg-reconfigure krb5-config"
18892
19467
msgstr ""
18893
19468
18894
#: serverguide/C/network-auth.xml:3301(para)
19469
#: serverguide/C/network-auth.xml:3294(para)
18895
19470
msgid ""
18896
19471
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
18897
19472
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
18899
19474
"Center (KDC) and Realm Administration server."
18900
19475
msgstr ""
18901
19476
18902
#: serverguide/C/network-auth.xml:3307(para)
19477
#: serverguide/C/network-auth.xml:3300(para)
18903
19478
msgid ""
18904
19479
"The <application>dpkg-reconfigure</application> adds entries to the "
18905
19480
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
18906
19481
"entries similar to the following:"
18907
19482
msgstr ""
18908
19483
18909
#: serverguide/C/network-auth.xml:3312(programlisting)
19484
#: serverguide/C/network-auth.xml:3305(programlisting)
18910
19485
#, no-wrap
18911
19486
msgid ""
18912
19487
"\n"
18920
19495
" }\n"
18921
19496
msgstr ""
18922
19497
18923
#: serverguide/C/network-auth.xml:3324(para)
19498
#: serverguide/C/network-auth.xml:3317(para)
18924
19499
msgid ""
18925
19500
"If you set the uid of each of your network-authenticated users to start at "
18926
19501
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
18928
19503
"> 5000:"
18929
19504
msgstr ""
18930
19505
18931
#: serverguide/C/network-auth.xml:3332(command)
19506
#: serverguide/C/network-auth.xml:3325(command)
18932
19507
msgid ""
18933
19508
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
18934
19509
"for i in common-auth common-session common-account common-password; do sudo "
18936
19511
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
18937
19512
msgstr ""
18938
19513
18939
#: serverguide/C/network-auth.xml:3339(para)
19514
#: serverguide/C/network-auth.xml:3332(para)
18940
19515
msgid ""
18941
19516
"This will avoid being asked for the (non-existent) Kerberos password of a "
18942
19517
"locally authenticated user when changing its password using "
18943
19518
"<command>passwd</command>."
18944
19519
msgstr ""
18945
19520
18946
#: serverguide/C/network-auth.xml:3346(para)
19521
#: serverguide/C/network-auth.xml:3339(para)
18947
19522
msgid ""
18948
19523
"You can test the configuration by requesting a ticket using the "
18949
19524
"<application>kinit</application> utility. For example:"
18950
19525
msgstr ""
18951
19526
18952
#: serverguide/C/network-auth.xml:3351(command)
19527
#: serverguide/C/network-auth.xml:3344(command)
18953
19528
msgid "kinit steve@EXAMPLE.COM"
18954
19529
msgstr ""
18955
19530
18956
#: serverguide/C/network-auth.xml:3352(computeroutput)
19531
#: serverguide/C/network-auth.xml:3345(computeroutput)
18957
19532
#, no-wrap
18958
19533
msgid "Password for steve@EXAMPLE.COM:"
18959
19534
msgstr ""
18960
19535
18961
#: serverguide/C/network-auth.xml:3355(para)
19536
#: serverguide/C/network-auth.xml:3348(para)
18962
19537
msgid ""
18963
19538
"When a ticket has been granted, the details can be viewed using "
18964
19539
"<application>klist</application>:"
18965
19540
msgstr ""
18966
19541
18967
#: serverguide/C/network-auth.xml:3361(computeroutput)
19542
#: serverguide/C/network-auth.xml:3354(computeroutput)
18968
19543
#, no-wrap
18969
19544
msgid ""
18970
19545
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
18979
19554
"klist: You have no tickets cached"
18980
19555
msgstr ""
18981
19556
18982
#: serverguide/C/network-auth.xml:3373(para)
19557
#: serverguide/C/network-auth.xml:3366(para)
18983
19558
msgid ""
18984
19559
"Next, use the <application>auth-client-config</application> to configure the "
18985
19560
"<application>libpam-krb5</application> module to request a ticket during "
18986
19561
"login:"
18987
19562
msgstr ""
18988
19563
18989
#: serverguide/C/network-auth.xml:3379(command)
19564
#: serverguide/C/network-auth.xml:3372(command)
18990
19565
msgid "sudo auth-client-config -a -p kerberos_example"
18991
19566
msgstr ""
18992
19567
18993
#: serverguide/C/network-auth.xml:3382(para)
19568
#: serverguide/C/network-auth.xml:3375(para)
18994
19569
msgid ""
18995
19570
"You will should now receive a ticket upon successful login authentication."
18996
19571
msgstr ""
18997
19572
18998
#: serverguide/C/network-auth.xml:3393(para)
19573
#: serverguide/C/network-auth.xml:3386(para)
18999
19574
msgid ""
19000
19575
"For more information on MIT's version of Kerberos, see the <ulink "
19001
19576
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
19002
19577
msgstr ""
19003
19578
19004
#: serverguide/C/network-auth.xml:3398(para)
19579
#: serverguide/C/network-auth.xml:3391(para)
19005
19580
msgid ""
19006
19581
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
19007
19582
"Kerberos</ulink> page has more details."
19008
19583
msgstr ""
19009
19584
19010
#: serverguide/C/network-auth.xml:3403(para)
19585
#: serverguide/C/network-auth.xml:3396(para)
19011
19586
msgid ""
19012
19587
"O'Reilly's <ulink "
19013
19588
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
19014
19589
"Guide</ulink> is a great reference when setting up Kerberos."
19015
19590
msgstr ""
19016
19591
19017
#: serverguide/C/network-auth.xml:3409(para)
19592
#: serverguide/C/network-auth.xml:3402(para)
19018
19593
msgid ""
19019
19594
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
19020
19595
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
19021
19596
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
19022
19597
msgstr ""
19023
19598
19024
#: serverguide/C/network-auth.xml:3421(title)
19599
#: serverguide/C/network-auth.xml:3414(title)
19025
19600
msgid "Kerberos and LDAP"
19026
19601
msgstr ""
19027
19602
19028
#: serverguide/C/network-auth.xml:3423(para)
19603
#: serverguide/C/network-auth.xml:3416(para)
19029
19604
msgid ""
19030
19605
"Most people will not use Kerberos by itself; once an user is authenticated "
19031
19606
"(Kerberos), we need to figure out what this user can do (authorization). And "
19032
19607
"that would be the job of programs such as <application>LDAP</application>."
19033
19608
msgstr ""
19034
19609
19035
#: serverguide/C/network-auth.xml:3430(para)
19610
#: serverguide/C/network-auth.xml:3423(para)
19036
19611
msgid ""
19037
19612
"Replicating a Kerberos principal database between two servers can be "
19038
19613
"complicated, and adds an additional user database to your network. "
19042
19617
"<application>OpenLDAP</application> for the principal database."
19043
19618
msgstr ""
19044
19619
19045
#: serverguide/C/network-auth.xml:3438(para)
19620
#: serverguide/C/network-auth.xml:3431(para)
19046
19621
msgid ""
19047
19622
"The examples presented here assume <application>MIT Kerberos</application> "
19048
19623
"and <application>OpenLDAP</application>."
19049
19624
msgstr ""
19050
19625
19051
#: serverguide/C/network-auth.xml:3446(title)
19626
#: serverguide/C/network-auth.xml:3439(title)
19052
19627
msgid "Configuring OpenLDAP"
19053
19628
msgstr ""
19054
19629
19055
#: serverguide/C/network-auth.xml:3448(para)
19630
#: serverguide/C/network-auth.xml:3441(para)
19056
19631
msgid ""
19057
19632
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
19058
19633
"<application>OpenLDAP</application> server that has network connectivity to "
19061
19636
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
19062
19637
msgstr ""
19063
19638
19064
#: serverguide/C/network-auth.xml:3454(para)
19639
#: serverguide/C/network-auth.xml:3447(para)
19065
19640
msgid ""
19066
19641
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
19067
19642
"that traffic between the KDC and LDAP server is encrypted. See <xref "
19068
19643
"linkend=\"openldap-tls\"/> for details."
19069
19644
msgstr ""
19070
19645
19071
#: serverguide/C/network-auth.xml:3460(para)
19646
#: serverguide/C/network-auth.xml:3453(para)
19072
19647
msgid ""
19073
19648
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
19074
19649
"edit the ldap database. Many times it is the RootDN. Change its value to "
19075
19650
"reflect your setup."
19076
19651
msgstr ""
19077
19652
19078
#: serverguide/C/network-auth.xml:3469(para)
19653
#: serverguide/C/network-auth.xml:3462(para)
19079
19654
msgid ""
19080
19655
"To load the schema into LDAP, on the LDAP server install the "
19081
19656
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
19082
19657
msgstr ""
19083
19658
19084
#: serverguide/C/network-auth.xml:3475(command)
19659
#: serverguide/C/network-auth.xml:3468(command)
19085
19660
msgid "sudo apt install krb5-kdc-ldap"
19086
19661
msgstr ""
19087
19662
19088
#: serverguide/C/network-auth.xml:3480(para)
19663
#: serverguide/C/network-auth.xml:3473(para)
19089
19664
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
19090
19665
msgstr ""
19091
19666
19092
#: serverguide/C/network-auth.xml:3485(command)
19667
#: serverguide/C/network-auth.xml:3478(command)
19093
19668
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
19094
19669
msgstr ""
19095
19670
19096
#: serverguide/C/network-auth.xml:3486(command)
19671
#: serverguide/C/network-auth.xml:3479(command)
19097
19672
msgid ""
19098
19673
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
19099
19674
msgstr ""
19100
19675
19101
#: serverguide/C/network-auth.xml:3492(para)
19676
#: serverguide/C/network-auth.xml:3485(para)
19102
19677
msgid ""
19103
19678
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
19104
19679
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
19106
19681
"linkend=\"openldap-configuration\"/>."
19107
19682
msgstr ""
19108
19683
19109
#: serverguide/C/network-auth.xml:3500(para)
19684
#: serverguide/C/network-auth.xml:3493(para)
19110
19685
msgid ""
19111
19686
"First, create a configuration file named "
19112
19687
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
19113
19688
"containing the following lines:"
19114
19689
msgstr ""
19115
19690
19116
#: serverguide/C/network-auth.xml:3505(programlisting)
19691
#: serverguide/C/network-auth.xml:3498(programlisting)
19117
19692
#, no-wrap
19118
19693
msgid ""
19119
19694
"\n"
19132
19707
"include /etc/ldap/schema/kerberos.schema\n"
19133
19708
msgstr ""
19134
19709
19135
#: serverguide/C/network-auth.xml:3525(para)
19710
#: serverguide/C/network-auth.xml:3518(para)
19136
19711
msgid "Create a temporary directory to hold the LDIF files:"
19137
19712
msgstr ""
19138
19713
19139
#: serverguide/C/network-auth.xml:3529(command)
19714
#: serverguide/C/network-auth.xml:3522(command)
19140
19715
msgid "mkdir /tmp/ldif_output"
19141
19716
msgstr ""
19142
19717
19143
#: serverguide/C/network-auth.xml:3535(para)
19718
#: serverguide/C/network-auth.xml:3528(para)
19144
19719
msgid ""
19145
19720
"Now use <application>slapcat</application> to convert the schema files:"
19146
19721
msgstr ""
19147
19722
19148
#: serverguide/C/network-auth.xml:3540(command)
19723
#: serverguide/C/network-auth.xml:3533(command)
19149
19724
msgid ""
19150
19725
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
19151
19726
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
19152
19727
msgstr ""
19153
19728
19729
#: serverguide/C/network-auth.xml:3537(para)
19730
msgid ""
19731
"Change the above file and path names to match your own if they are different."
19732
msgstr ""
19733
19154
19734
#: serverguide/C/network-auth.xml:3544(para)
19155
19735
msgid ""
19156
"Change the above file and path names to match your own if they are different."
19157
msgstr ""
19158
19159
#: serverguide/C/network-auth.xml:3551(para)
19160
msgid ""
19161
19736
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
19162
19737
"changing the following attributes:"
19163
19738
msgstr ""
19164
19739
19165
#: serverguide/C/network-auth.xml:3555(programlisting)
19740
#: serverguide/C/network-auth.xml:3548(programlisting)
19166
19741
#, no-wrap
19167
19742
msgid ""
19168
19743
"\n"
19171
19746
"cn: kerberos\n"
19172
19747
msgstr ""
19173
19748
19174
#: serverguide/C/network-auth.xml:3561(para)
19749
#: serverguide/C/network-auth.xml:3554(para)
19175
19750
msgid "And remove the following lines from the end of the file:"
19176
19751
msgstr ""
19177
19752
19178
#: serverguide/C/network-auth.xml:3565(programlisting)
19753
#: serverguide/C/network-auth.xml:3558(programlisting)
19179
19754
#, no-wrap
19180
19755
msgid ""
19181
19756
"\n"
19188
19763
"modifyTimestamp: 20090111203515Z\n"
19189
19764
msgstr ""
19190
19765
19766
#: serverguide/C/network-auth.xml:3568(para)
19767
msgid ""
19768
"The attribute values will vary, just be sure the attributes are removed."
19769
msgstr ""
19770
19191
19771
#: serverguide/C/network-auth.xml:3575(para)
19192
msgid ""
19193
"The attribute values will vary, just be sure the attributes are removed."
19194
msgstr ""
19195
19196
#: serverguide/C/network-auth.xml:3582(para)
19197
19772
msgid "Load the new schema with <application>ldapadd</application>:"
19198
19773
msgstr ""
19199
19774
19200
#: serverguide/C/network-auth.xml:3587(command)
19775
#: serverguide/C/network-auth.xml:3580(command)
19201
19776
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
19202
19777
msgstr ""
19203
19778
19204
#: serverguide/C/network-auth.xml:3593(para)
19779
#: serverguide/C/network-auth.xml:3586(para)
19205
19780
msgid ""
19206
19781
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
19207
19782
msgstr ""
19208
19783
19209
#: serverguide/C/network-auth.xml:3598(command) serverguide/C/network-auth.xml:3615(command)
19784
#: serverguide/C/network-auth.xml:3591(command) serverguide/C/network-auth.xml:3608(command)
19210
19785
msgid "ldapmodify -x -D cn=admin,cn=config -W"
19211
19786
msgstr ""
19212
19787
19213
#: serverguide/C/network-auth.xml:3600(userinput)
19788
#: serverguide/C/network-auth.xml:3593(userinput)
19214
19789
#, no-wrap
19215
19790
msgid ""
19216
19791
"dn: olcDatabase={1}hdb,cn=config\n"
19218
19793
"olcDbIndex: krbPrincipalName eq,pres,sub"
19219
19794
msgstr ""
19220
19795
19221
#: serverguide/C/network-auth.xml:3599(computeroutput)
19796
#: serverguide/C/network-auth.xml:3592(computeroutput)
19222
19797
#, no-wrap
19223
19798
msgid ""
19224
19799
"Enter LDAP Password:\n"
19227
19802
"modifying entry \"olcDatabase={1}hdb,cn=config\""
19228
19803
msgstr ""
19229
19804
19230
#: serverguide/C/network-auth.xml:3610(para)
19805
#: serverguide/C/network-auth.xml:3603(para)
19231
19806
msgid "Finally, update the Access Control Lists (ACL):"
19232
19807
msgstr ""
19233
19808
19234
#: serverguide/C/network-auth.xml:3617(userinput)
19809
#: serverguide/C/network-auth.xml:3610(userinput)
19235
19810
#, no-wrap
19236
19811
msgid ""
19237
19812
"dn: olcDatabase={1}hdb,cn=config\n"
19247
19822
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
19248
19823
msgstr ""
19249
19824
19250
#: serverguide/C/network-auth.xml:3616(computeroutput)
19825
#: serverguide/C/network-auth.xml:3609(computeroutput)
19251
19826
#, no-wrap
19252
19827
msgid ""
19253
19828
"Enter LDAP Password: \n"
19256
19831
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
19257
19832
msgstr ""
19258
19833
19259
#: serverguide/C/network-auth.xml:3637(para)
19834
#: serverguide/C/network-auth.xml:3630(para)
19260
19835
msgid ""
19261
19836
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
19262
19837
"database."
19263
19838
msgstr ""
19264
19839
19265
#: serverguide/C/network-auth.xml:3643(title)
19840
#: serverguide/C/network-auth.xml:3636(title)
19266
19841
msgid "Primary KDC Configuration"
19267
19842
msgstr ""
19268
19843
19269
#: serverguide/C/network-auth.xml:3645(para)
19844
#: serverguide/C/network-auth.xml:3638(para)
19270
19845
msgid ""
19271
19846
"With <application>OpenLDAP</application> configured it is time to configure "
19272
19847
"the KDC."
19273
19848
msgstr ""
19274
19849
19275
#: serverguide/C/network-auth.xml:3651(para)
19850
#: serverguide/C/network-auth.xml:3644(para)
19276
19851
msgid "First, install the necessary packages, from a terminal enter:"
19277
19852
msgstr ""
19278
19853
19279
#: serverguide/C/network-auth.xml:3656(command) serverguide/C/network-auth.xml:3815(command)
19854
#: serverguide/C/network-auth.xml:3649(command) serverguide/C/network-auth.xml:3808(command)
19280
19855
msgid "sudo apt install krb5-kdc krb5-admin-server krb5-kdc-ldap"
19281
19856
msgstr ""
19282
19857
19283
#: serverguide/C/network-auth.xml:3662(para)
19858
#: serverguide/C/network-auth.xml:3655(para)
19284
19859
msgid ""
19285
19860
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
19286
19861
"under the appropriate sections:"
19287
19862
msgstr ""
19288
19863
19289
#: serverguide/C/network-auth.xml:3666(programlisting)
19864
#: serverguide/C/network-auth.xml:3659(programlisting)
19290
19865
#, no-wrap
19291
19866
msgid ""
19292
19867
"\n"
19336
19911
" }\n"
19337
19912
msgstr ""
19338
19913
19339
#: serverguide/C/network-auth.xml:3711(para)
19914
#: serverguide/C/network-auth.xml:3704(para)
19340
19915
msgid ""
19341
19916
"Change <emphasis>example.com</emphasis>, "
19342
19917
"<emphasis>dc=example,dc=com</emphasis>, "
19345
19920
"object, and LDAP server for your network."
19346
19921
msgstr ""
19347
19922
19348
#: serverguide/C/network-auth.xml:3720(para)
19923
#: serverguide/C/network-auth.xml:3713(para)
19349
19924
msgid ""
19350
19925
"Next, use the <application>kdb5_ldap_util</application> utility to create "
19351
19926
"the realm:"
19352
19927
msgstr ""
19353
19928
19354
#: serverguide/C/network-auth.xml:3725(command)
19929
#: serverguide/C/network-auth.xml:3718(command)
19355
19930
msgid ""
19356
19931
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
19357
19932
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
19358
19933
msgstr ""
19359
19934
19360
#: serverguide/C/network-auth.xml:3732(para)
19935
#: serverguide/C/network-auth.xml:3725(para)
19361
19936
msgid ""
19362
19937
"Create a stash of the password used to bind to the LDAP server. This "
19363
19938
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
19365
19940
"<filename>/etc/krb5.conf</filename>:"
19366
19941
msgstr ""
19367
19942
19368
#: serverguide/C/network-auth.xml:3738(command) serverguide/C/network-auth.xml:3877(command)
19943
#: serverguide/C/network-auth.xml:3731(command) serverguide/C/network-auth.xml:3870(command)
19369
19944
msgid ""
19370
19945
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
19371
19946
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
19372
19947
msgstr ""
19373
19948
19374
#: serverguide/C/network-auth.xml:3745(para)
19949
#: serverguide/C/network-auth.xml:3738(para)
19375
19950
msgid "Copy the CA certificate from the LDAP server:"
19376
19951
msgstr ""
19377
19952
19378
#: serverguide/C/network-auth.xml:3750(command)
19953
#: serverguide/C/network-auth.xml:3743(command)
19379
19954
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
19380
19955
msgstr ""
19381
19956
19382
#: serverguide/C/network-auth.xml:3751(command)
19957
#: serverguide/C/network-auth.xml:3744(command)
19383
19958
msgid "sudo cp cacert.pem /etc/ssl/certs"
19384
19959
msgstr ""
19385
19960
19386
#: serverguide/C/network-auth.xml:3754(para)
19961
#: serverguide/C/network-auth.xml:3747(para)
19387
19962
msgid ""
19388
19963
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
19389
19964
msgstr ""
19390
19965
19391
#: serverguide/C/network-auth.xml:3758(programlisting)
19966
#: serverguide/C/network-auth.xml:3751(programlisting)
19392
19967
#, no-wrap
19393
19968
msgid ""
19394
19969
"\n"
19395
19970
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
19396
19971
msgstr ""
19397
19972
19398
#: serverguide/C/network-auth.xml:3763(para)
19973
#: serverguide/C/network-auth.xml:3756(para)
19399
19974
msgid ""
19400
19975
"The certificate will also need to be copied to the Secondary KDC, to allow "
19401
19976
"the connection to the LDAP servers using LDAPS."
19402
19977
msgstr ""
19403
19978
19404
#: serverguide/C/network-auth.xml:3772(para)
19979
#: serverguide/C/network-auth.xml:3765(para)
19405
19980
msgid ""
19406
19981
"You can now add Kerberos principals to the LDAP database, and they will be "
19407
19982
"copied to any other LDAP servers configured for replication. To add a "
19408
19983
"principal using the <application>kadmin.local</application> utility enter:"
19409
19984
msgstr ""
19410
19985
19411
#: serverguide/C/network-auth.xml:3780(userinput)
19986
#: serverguide/C/network-auth.xml:3773(userinput)
19412
19987
#, no-wrap
19413
19988
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
19414
19989
msgstr ""
19415
19990
19416
#: serverguide/C/network-auth.xml:3779(computeroutput)
19991
#: serverguide/C/network-auth.xml:3772(computeroutput)
19417
19992
#, no-wrap
19418
19993
msgid ""
19419
19994
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
19424
19999
"Principal \"steve@EXAMPLE.COM\" created."
19425
20000
msgstr ""
19426
20001
19427
#: serverguide/C/network-auth.xml:3787(para)
20002
#: serverguide/C/network-auth.xml:3780(para)
19428
20003
msgid ""
19429
20004
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
19430
20005
"krbExtraData attributes added to the "
19433
20008
"utilities to test that the user is indeed issued a ticket."
19434
20009
msgstr ""
19435
20010
19436
#: serverguide/C/network-auth.xml:3794(para)
20011
#: serverguide/C/network-auth.xml:3787(para)
19437
20012
msgid ""
19438
20013
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
19439
20014
"option is needed to add the Kerberos attributes. Otherwise a new "
19440
20015
"<emphasis>principal</emphasis> object will be created in the realm subtree."
19441
20016
msgstr ""
19442
20017
19443
#: serverguide/C/network-auth.xml:3802(title)
20018
#: serverguide/C/network-auth.xml:3795(title)
19444
20019
msgid "Secondary KDC Configuration"
19445
20020
msgstr ""
19446
20021
19447
#: serverguide/C/network-auth.xml:3804(para)
20022
#: serverguide/C/network-auth.xml:3797(para)
19448
20023
msgid ""
19449
20024
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
19450
20025
"one using the normal Kerberos database."
19451
20026
msgstr ""
19452
20027
19453
#: serverguide/C/network-auth.xml:3810(para)
20028
#: serverguide/C/network-auth.xml:3803(para)
19454
20029
msgid "First, install the necessary packages. In a terminal enter:"
19455
20030
msgstr ""
19456
20031
19457
#: serverguide/C/network-auth.xml:3821(para)
20032
#: serverguide/C/network-auth.xml:3814(para)
19458
20033
msgid ""
19459
20034
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
19460
20035
msgstr ""
19461
20036
19462
#: serverguide/C/network-auth.xml:3825(programlisting)
20037
#: serverguide/C/network-auth.xml:3818(programlisting)
19463
20038
#, no-wrap
19464
20039
msgid ""
19465
20040
"\n"
19508
20083
" }\n"
19509
20084
msgstr ""
19510
20085
19511
#: serverguide/C/network-auth.xml:3872(para)
20086
#: serverguide/C/network-auth.xml:3865(para)
19512
20087
msgid "Create the stash for the LDAP bind password:"
19513
20088
msgstr ""
19514
20089
19515
#: serverguide/C/network-auth.xml:3884(para)
20090
#: serverguide/C/network-auth.xml:3877(para)
19516
20091
msgid ""
19517
20092
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
19518
20093
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
19521
20096
"media."
19522
20097
msgstr ""
19523
20098
19524
#: serverguide/C/network-auth.xml:3891(command)
20099
#: serverguide/C/network-auth.xml:3884(command)
19525
20100
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
19526
20101
msgstr ""
19527
20102
19528
#: serverguide/C/network-auth.xml:3892(command)
20103
#: serverguide/C/network-auth.xml:3885(command)
19529
20104
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
19530
20105
msgstr ""
19531
20106
19532
#: serverguide/C/network-auth.xml:3896(para)
20107
#: serverguide/C/network-auth.xml:3889(para)
19533
20108
msgid ""
19534
20109
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
19535
20110
msgstr ""
19536
20111
19537
#: serverguide/C/network-auth.xml:3904(para)
20112
#: serverguide/C/network-auth.xml:3897(para)
19538
20113
msgid ""
19539
20114
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
19540
20115
"only,"
19541
20116
msgstr ""
19542
20117
19543
#: serverguide/C/network-auth.xml:3916(para)
20118
#: serverguide/C/network-auth.xml:3909(para)
19544
20119
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
19545
20120
msgstr ""
19546
20121
20122
#: serverguide/C/network-auth.xml:3920(para)
20123
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
20124
msgstr ""
20125
19547
20126
#: serverguide/C/network-auth.xml:3927(para)
19548
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
19549
msgstr ""
19550
19551
#: serverguide/C/network-auth.xml:3934(para)
19552
20127
msgid ""
19553
20128
"You now have redundant KDCs on your network, and with redundant LDAP servers "
19554
20129
"you should be able to continue to authenticate users if one LDAP server, one "
19555
20130
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
19556
20131
msgstr ""
19557
20132
19558
#: serverguide/C/network-auth.xml:3946(para)
20133
#: serverguide/C/network-auth.xml:3939(para)
19559
20134
msgid ""
19560
20135
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
19561
20136
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
19562
20137
"Guide</ulink> has some additional details."
19563
20138
msgstr ""
19564
20139
19565
#: serverguide/C/network-auth.xml:3952(para)
20140
#: serverguide/C/network-auth.xml:3945(para)
19566
20141
msgid ""
19567
20142
"For more information on <application>kdb5_ldap_util</application> see <ulink "
19568
20143
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
19572
20147
"l\">kdb5_ldap_util man page</ulink>."
19573
20148
msgstr ""
19574
20149
19575
#: serverguide/C/network-auth.xml:3960(para)
20150
#: serverguide/C/network-auth.xml:3953(para)
19576
20151
msgid ""
19577
20152
"Another useful link is the <ulink "
19578
20153
"url=\"http://manpages.ubuntu.com/manpages/xenial/en/man5/krb5.conf.5.html\">k"
19579
20154
"rb5.conf man page</ulink>."
19580
20155
msgstr ""
19581
20156
19582
#: serverguide/C/network-auth.xml:3965(para)
20157
#: serverguide/C/network-auth.xml:3958(para)
19583
20158
msgid ""
19584
20159
"Also, see the <ulink "
19585
20160
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
19586
20161
"and LDAP</ulink> Ubuntu wiki page."
19587
20162
msgstr ""
19588
20163
19589
#: serverguide/C/network-auth.xml:3974(title)
20164
#: serverguide/C/network-auth.xml:3967(title)
19590
20165
msgid "SSSD and Active Directory"
19591
20166
msgstr ""
19592
20167
19593
#: serverguide/C/network-auth.xml:3975(para)
20168
#: serverguide/C/network-auth.xml:3968(para)
19594
20169
msgid ""
19595
20170
"This section describes the use of sssd to authenticate user logins against "
19596
20171
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
19601
20176
"requires no modifications to the AD structure."
19602
20177
msgstr ""
19603
20178
19604
#: serverguide/C/network-auth.xml:3979(title)
20179
#: serverguide/C/network-auth.xml:3972(title)
19605
20180
msgid "Prerequisites, Assumptions, and Requirements"
19606
20181
msgstr ""
19607
20182
19608
#: serverguide/C/network-auth.xml:3982(para)
20183
#: serverguide/C/network-auth.xml:3975(para)
19609
20184
msgid ""
19610
20185
"This guide does not explain Active Directory, how it works, how to set one "
19611
20186
"up, or how to maintain it. It may not provide <quote>best practices</quote> "
19612
20187
"for your environment."
19613
20188
msgstr ""
19614
20189
19615
#: serverguide/C/network-auth.xml:3984(para)
20190
#: serverguide/C/network-auth.xml:3977(para)
19616
20191
msgid ""
19617
20192
"This guide assumes that a working Active Directory domain is already "
19618
20193
"configured."
19619
20194
msgstr ""
19620
20195
19621
#: serverguide/C/network-auth.xml:3986(para)
20196
#: serverguide/C/network-auth.xml:3979(para)
19622
20197
msgid ""
19623
20198
"The domain controller is acting as an authoritative DNS server for the "
19624
20199
"domain."
19625
20200
msgstr ""
19626
20201
19627
#: serverguide/C/network-auth.xml:3988(para)
20202
#: serverguide/C/network-auth.xml:3981(para)
19628
20203
msgid ""
19629
20204
"The domain controller is the primary DNS resolver as specified in "
19630
20205
"<filename>/etc/resolv.conf</filename>."
19631
20206
msgstr ""
19632
20207
19633
#: serverguide/C/network-auth.xml:3991(para)
20208
#: serverguide/C/network-auth.xml:3984(para)
19634
20209
msgid ""
19635
20210
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
19636
20211
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
19637
20212
"(see Resources section for external links)."
19638
20213
msgstr ""
19639
20214
19640
#: serverguide/C/network-auth.xml:3993(para)
20215
#: serverguide/C/network-auth.xml:3986(para)
19641
20216
msgid ""
19642
20217
"System time is synchronized on the domain controller (necessary for "
19643
20218
"Kerberos)."
19644
20219
msgstr ""
19645
20220
19646
#: serverguide/C/network-auth.xml:3995(para)
20221
#: serverguide/C/network-auth.xml:3988(para)
19647
20222
msgid ""
19648
20223
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
19649
20224
"."
19650
20225
msgstr ""
19651
20226
19652
#: serverguide/C/network-auth.xml:4000(para)
20227
#: serverguide/C/network-auth.xml:3993(para)
19653
20228
msgid ""
19654
20229
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
19655
20230
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
19658
20233
"controllers are needed for this step."
19659
20234
msgstr ""
19660
20235
19661
#: serverguide/C/network-auth.xml:4001(para)
20236
#: serverguide/C/network-auth.xml:3994(para)
19662
20237
msgid "Install these packages now."
19663
20238
msgstr ""
19664
20239
19665
#: serverguide/C/network-auth.xml:4003(command)
20240
#: serverguide/C/network-auth.xml:3996(command)
19666
20241
msgid "sudo apt install krb5-user samba sssd ntp"
19667
20242
msgstr ""
19668
20243
19669
#: serverguide/C/network-auth.xml:4004(para)
20244
#: serverguide/C/network-auth.xml:3997(para)
19670
20245
msgid ""
19671
20246
"See the next section for the answers to the questions asked by the "
19672
20247
"<emphasis>krb5-user</emphasis> postinstall script."
19673
20248
msgstr ""
19674
20249
19675
#: serverguide/C/network-auth.xml:4007(title)
20250
#: serverguide/C/network-auth.xml:4000(title)
19676
20251
msgid "Kerberos Configuration"
19677
20252
msgstr ""
19678
20253
19679
#: serverguide/C/network-auth.xml:4008(para)
20254
#: serverguide/C/network-auth.xml:4001(para)
19680
20255
msgid ""
19681
20256
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
19682
20257
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
19686
20261
"not, then both are needed."
19687
20262
msgstr ""
19688
20263
19689
#: serverguide/C/network-auth.xml:4009(para)
20264
#: serverguide/C/network-auth.xml:4002(para)
19690
20265
msgid ""
19691
20266
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
19692
20267
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
19693
20268
msgstr ""
19694
20269
19695
#: serverguide/C/network-auth.xml:4012(para)
20270
#: serverguide/C/network-auth.xml:4005(para)
19696
20271
msgid ""
19697
20272
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
19698
20273
"settings to specify Kerberos ticket lifetime (these values are safe to use "
19699
20274
"as defaults):"
19700
20275
msgstr ""
19701
20276
19702
#: serverguide/C/network-auth.xml:4013(programlisting)
20277
#: serverguide/C/network-auth.xml:4006(programlisting)
19703
20278
#, no-wrap
19704
20279
msgid ""
19705
20280
"\n"
19711
20286
"\t\t"
19712
20287
msgstr ""
19713
20288
19714
#: serverguide/C/network-auth.xml:4021(para)
20289
#: serverguide/C/network-auth.xml:4014(para)
19715
20290
msgid ""
19716
20291
"If default_realm is not specified, it may be necessary to log in with "
19717
20292
"<quote>username@domain</quote> instead of <quote>username</quote>."
19718
20293
msgstr ""
19719
20294
19720
#: serverguide/C/network-auth.xml:4023(para)
20295
#: serverguide/C/network-auth.xml:4016(para)
19721
20296
msgid ""
19722
20297
"The system time on the Active Directory member needs to be consistent with "
19723
20298
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
19725
20300
"<filename>/etc/ntp.conf</filename>:"
19726
20301
msgstr ""
19727
20302
19728
#: serverguide/C/network-auth.xml:4025(programlisting)
20303
#: serverguide/C/network-auth.xml:4018(programlisting)
19729
20304
#, no-wrap
19730
20305
msgid ""
19731
20306
"\n"
19732
20307
"server dc.myubuntu.example.com\n"
19733
20308
msgstr ""
19734
20309
19735
#: serverguide/C/network-auth.xml:4032(para)
20310
#: serverguide/C/network-auth.xml:4025(para)
19736
20311
msgid ""
19737
20312
"Samba will be used to perform netbios/nmbd services related to Active "
19738
20313
"Directory authentication, even if no file shares are exported. Edit the file "
19740
20315
"<emphasis>[global]</emphasis> section:"
19741
20316
msgstr ""
19742
20317
19743
#: serverguide/C/network-auth.xml:4034(programlisting)
20318
#: serverguide/C/network-auth.xml:4027(programlisting)
19744
20319
#, no-wrap
19745
20320
msgid ""
19746
20321
"\n"
19754
20329
"security = ads\n"
19755
20330
msgstr ""
19756
20331
19757
#: serverguide/C/network-auth.xml:4045(para)
20332
#: serverguide/C/network-auth.xml:4038(para)
19758
20333
msgid ""
19759
20334
"Some guides specify that \"password server\" should be specified and pointed "
19760
20335
"to the domain controller. This is only necessary if DNS is not properly set "
19762
20337
"server\" is specified with \"security = ads\"."
19763
20338
msgstr ""
19764
20339
19765
#: serverguide/C/network-auth.xml:4050(title)
20340
#: serverguide/C/network-auth.xml:4043(title)
19766
20341
msgid "SSSD Configuration"
19767
20342
msgstr ""
19768
20343
19769
#: serverguide/C/network-auth.xml:4052(para)
20344
#: serverguide/C/network-auth.xml:4045(para)
19770
20345
msgid ""
19771
20346
"There is no default/example config file for "
19772
20347
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
19773
20348
"necessary to create one. This is a minimal working config file:"
19774
20349
msgstr ""
19775
20350
19776
#: serverguide/C/network-auth.xml:4054(programlisting)
20351
#: serverguide/C/network-auth.xml:4047(programlisting)
19777
20352
#, no-wrap
19778
20353
msgid ""
19779
20354
"\n"
19805
20380
"# enumerate = true\n"
19806
20381
msgstr ""
19807
20382
19808
#: serverguide/C/network-auth.xml:4081(para)
20383
#: serverguide/C/network-auth.xml:4074(para)
19809
20384
msgid ""
19810
20385
"After saving this file, set the ownership to root and the file permissions "
19811
20386
"to 600:"
19812
20387
msgstr ""
19813
20388
19814
#: serverguide/C/network-auth.xml:4082(command)
20389
#: serverguide/C/network-auth.xml:4075(command)
19815
20390
msgid "sudo chown root:root /etc/sssd/sssd.conf"
19816
20391
msgstr ""
19817
20392
19818
#: serverguide/C/network-auth.xml:4083(command)
20393
#: serverguide/C/network-auth.xml:4076(command)
19819
20394
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
19820
20395
msgstr ""
19821
20396
19822
#: serverguide/C/network-auth.xml:4085(para)
20397
#: serverguide/C/network-auth.xml:4078(para)
19823
20398
msgid ""
19824
20399
"If the ownership or permissions are not correct, sssd will refuse to start."
19825
20400
msgstr ""
19826
20401
19827
#: serverguide/C/network-auth.xml:4089(title)
20402
#: serverguide/C/network-auth.xml:4082(title)
19828
20403
msgid "Verify nsswitch.conf Configuration"
19829
20404
msgstr ""
19830
20405
19831
#: serverguide/C/network-auth.xml:4090(para)
20406
#: serverguide/C/network-auth.xml:4083(para)
19832
20407
msgid ""
19833
20408
"The post-install script for the sssd package makes some modifications to "
19834
20409
"/etc/nsswitch.conf automatically. It should look something like this:"
19835
20410
msgstr ""
19836
20411
19837
#: serverguide/C/network-auth.xml:4092(programlisting)
20412
#: serverguide/C/network-auth.xml:4085(programlisting)
19838
20413
#, no-wrap
19839
20414
msgid ""
19840
20415
"\n"
19845
20420
"sudoers: files sss\n"
19846
20421
msgstr ""
19847
20422
19848
#: serverguide/C/network-auth.xml:4102(title)
20423
#: serverguide/C/network-auth.xml:4095(title)
19849
20424
msgid "Modify /etc/hosts"
19850
20425
msgstr ""
19851
20426
19852
#: serverguide/C/network-auth.xml:4103(para)
20427
#: serverguide/C/network-auth.xml:4096(para)
19853
20428
msgid ""
19854
20429
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
19855
20430
"example:"
19856
20431
msgstr ""
19857
20432
19858
#: serverguide/C/network-auth.xml:4104(programlisting)
20433
#: serverguide/C/network-auth.xml:4097(programlisting)
19859
20434
#, no-wrap
19860
20435
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
19861
20436
msgstr ""
19862
20437
19863
#: serverguide/C/network-auth.xml:4106(para)
20438
#: serverguide/C/network-auth.xml:4099(para)
19864
20439
msgid "This is useful in conjunction with dynamic DNS updates."
19865
20440
msgstr ""
19866
20441
19867
#: serverguide/C/network-auth.xml:4110(title)
20442
#: serverguide/C/network-auth.xml:4103(title)
19868
20443
msgid "Join the Active Directory"
19869
20444
msgstr ""
19870
20445
19871
#: serverguide/C/network-auth.xml:4111(para)
20446
#: serverguide/C/network-auth.xml:4104(para)
19872
20447
msgid "Now, restart ntp and samba and start sssd."
19873
20448
msgstr ""
19874
20449
19875
#: serverguide/C/network-auth.xml:4112(command)
20450
#: serverguide/C/network-auth.xml:4105(command)
19876
20451
msgid "sudo systemctl restart ntp.service"
19877
20452
msgstr ""
19878
20453
19879
#: serverguide/C/network-auth.xml:4114(command)
20454
#: serverguide/C/network-auth.xml:4107(command)
19880
20455
msgid "sudo systemctl start sssd.service"
19881
20456
msgstr ""
19882
20457
19883
#: serverguide/C/network-auth.xml:4116(para)
20458
#: serverguide/C/network-auth.xml:4109(para)
19884
20459
msgid "Test the configuration by obtaining a Kerberos ticket:"
19885
20460
msgstr ""
19886
20461
19887
#: serverguide/C/network-auth.xml:4118(command)
20462
#: serverguide/C/network-auth.xml:4111(command)
19888
20463
msgid "sudo kinit Administrator"
19889
20464
msgstr ""
19890
20465
19891
#: serverguide/C/network-auth.xml:4120(para)
20466
#: serverguide/C/network-auth.xml:4113(para)
19892
20467
msgid "Verify the ticket with:"
19893
20468
msgstr ""
19894
20469
19895
#: serverguide/C/network-auth.xml:4121(command)
20470
#: serverguide/C/network-auth.xml:4114(command)
19896
20471
msgid "sudo klist"
19897
20472
msgstr ""
19898
20473
19899
#: serverguide/C/network-auth.xml:4123(para)
20474
#: serverguide/C/network-auth.xml:4116(para)
19900
20475
msgid ""
19901
20476
"If there is a ticket with an expiration date listed, then it is time to join "
19902
20477
"the domain:"
19903
20478
msgstr ""
19904
20479
19905
#: serverguide/C/network-auth.xml:4125(command)
20480
#: serverguide/C/network-auth.xml:4118(command)
19906
20481
msgid "sudo net ads join -k"
19907
20482
msgstr ""
19908
20483
19909
#: serverguide/C/network-auth.xml:4127(para)
20484
#: serverguide/C/network-auth.xml:4120(para)
19910
20485
msgid ""
19911
20486
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
19912
20487
"probably means that there is no (correct) alias in "
19916
20491
"\"Modify /etc/hosts\" above."
19917
20492
msgstr ""
19918
20493
19919
#: serverguide/C/network-auth.xml:4129(para)
20494
#: serverguide/C/network-auth.xml:4122(para)
19920
20495
msgid ""
19921
20496
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
19922
20497
"something is incorrect. Review the prior steps before proceeding)."
19923
20498
msgstr ""
19924
20499
19925
#: serverguide/C/network-auth.xml:4131(para)
20500
#: serverguide/C/network-auth.xml:4124(para)
19926
20501
msgid ""
19927
20502
"Here are a couple of (optional) checks to verify that the domain join was "
19928
20503
"successful. Note that if the domain was successfully joined but one or both "
19930
20505
"Some of the changes appear to be asynchronous."
19931
20506
msgstr ""
19932
20507
19933
#: serverguide/C/network-auth.xml:4133(para)
20508
#: serverguide/C/network-auth.xml:4126(para)
19934
20509
msgid "Verification option #1:"
19935
20510
msgstr ""
19936
20511
19937
#: serverguide/C/network-auth.xml:4134(para)
20512
#: serverguide/C/network-auth.xml:4127(para)
19938
20513
msgid ""
19939
20514
"Check the default Organizational Unit for computer accounts in the Active "
19940
20515
"Directory to verify that the computer account was created. (Organizational "
19941
20516
"Units in Active Directory is a topic outside the scope of this guide)."
19942
20517
msgstr ""
19943
20518
19944
#: serverguide/C/network-auth.xml:4136(para)
20519
#: serverguide/C/network-auth.xml:4129(para)
19945
20520
msgid "Verification option #2"
19946
20521
msgstr ""
19947
20522
19948
#: serverguide/C/network-auth.xml:4137(para)
20523
#: serverguide/C/network-auth.xml:4130(para)
19949
20524
msgid "Execute this command for a specific AD user (e.g. administrator)"
19950
20525
msgstr ""
19951
20526
19952
#: serverguide/C/network-auth.xml:4138(command)
20527
#: serverguide/C/network-auth.xml:4131(command)
19953
20528
msgid "getent passwd username"
19954
20529
msgstr ""
19955
20530
19956
#: serverguide/C/network-auth.xml:4140(para)
20531
#: serverguide/C/network-auth.xml:4133(para)
19957
20532
msgid ""
19958
20533
"If <emphasis>enumerate = true</emphasis> is set in "
19959
20534
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
19961
20536
"testing, but is slow and not recommended for production."
19962
20537
msgstr ""
19963
20538
19964
#: serverguide/C/network-auth.xml:4144(title)
20539
#: serverguide/C/network-auth.xml:4137(title)
19965
20540
msgid "Test Authentication"
19966
20541
msgstr ""
19967
20542
19968
#: serverguide/C/network-auth.xml:4145(para)
20543
#: serverguide/C/network-auth.xml:4138(para)
19969
20544
msgid ""
19970
20545
"It should now be possible to authenticate using an Active Directory User's "
19971
20546
"credentials:"
19972
20547
msgstr ""
19973
20548
19974
#: serverguide/C/network-auth.xml:4147(command)
20549
#: serverguide/C/network-auth.xml:4140(command)
19975
20550
msgid "su - username"
19976
20551
msgstr ""
19977
20552
19978
#: serverguide/C/network-auth.xml:4149(para)
20553
#: serverguide/C/network-auth.xml:4142(para)
19979
20554
msgid ""
19980
20555
"If this works, then other login methods (getty, ssh) should also work."
19981
20556
msgstr ""
19982
20557
19983
#: serverguide/C/network-auth.xml:4151(para)
20558
#: serverguide/C/network-auth.xml:4144(para)
19984
20559
msgid ""
19985
20560
"If the computer account was created, indicating that the system was "
19986
20561
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
19989
20564
"earlier in this guide."
19990
20565
msgstr ""
19991
20566
19992
#: serverguide/C/network-auth.xml:4155(title)
20567
#: serverguide/C/network-auth.xml:4148(title)
19993
20568
msgid "Home directories with pam_mkhomedir (optional)"
19994
20569
msgstr ""
19995
20570
19996
#: serverguide/C/network-auth.xml:4156(para)
20571
#: serverguide/C/network-auth.xml:4149(para)
19997
20572
msgid ""
19998
20573
"When logging in using an Active Directory user account, it is likely that "
19999
20574
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
20002
20577
"after <emphasis>session required pam_unix.so:</emphasis>"
20003
20578
msgstr ""
20004
20579
20005
#: serverguide/C/network-auth.xml:4157(programlisting)
20580
#: serverguide/C/network-auth.xml:4150(programlisting)
20006
20581
#, no-wrap
20007
20582
msgid ""
20008
20583
"\n"
20009
20584
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
20010
20585
msgstr ""
20011
20586
20012
#: serverguide/C/network-auth.xml:4161(para)
20587
#: serverguide/C/network-auth.xml:4154(para)
20013
20588
msgid ""
20014
20589
"This may also need <emphasis>override_homedir</emphasis> in "
20015
20590
"<filename>sssd.conf</filename> to function correctly, so make sure that's "
20016
20591
"set."
20017
20592
msgstr ""
20018
20593
20019
#: serverguide/C/network-auth.xml:4165(title)
20594
#: serverguide/C/network-auth.xml:4158(title)
20020
20595
msgid "Desktop Ubuntu Authentication"
20021
20596
msgstr ""
20022
20597
20023
#: serverguide/C/network-auth.xml:4166(para)
20598
#: serverguide/C/network-auth.xml:4159(para)
20024
20599
msgid ""
20025
20600
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
20026
20601
"Directory accounts. The AD accounts will not show up in the pick list with "
20029
20604
"append the following two lines:"
20030
20605
msgstr ""
20031
20606
20032
#: serverguide/C/network-auth.xml:4168(programlisting)
20607
#: serverguide/C/network-auth.xml:4161(programlisting)
20033
20608
#, no-wrap
20034
20609
msgid ""
20035
20610
"\n"
20037
20612
"greeter-hide-users=true\n"
20038
20613
msgstr ""
20039
20614
20040
#: serverguide/C/network-auth.xml:4173(para)
20615
#: serverguide/C/network-auth.xml:4166(para)
20041
20616
msgid ""
20042
20617
"Reboot to restart lightdm. It should now be possible to log in using a "
20043
20618
"domain account using either <emphasis>username</emphasis> or "
20044
20619
"<emphasis>username/username@domain</emphasis> format."
20045
20620
msgstr ""
20046
20621
20047
#: serverguide/C/network-auth.xml:4179(ulink)
20622
#: serverguide/C/network-auth.xml:4172(ulink)
20048
20623
msgid "SSSD Project"
20049
20624
msgstr ""
20050
20625
20051
#: serverguide/C/network-auth.xml:4180(ulink)
20626
#: serverguide/C/network-auth.xml:4173(ulink)
20052
20627
msgid "DNS Server Configuration guidelines"
20053
20628
msgstr ""
20054
20629
20055
#: serverguide/C/network-auth.xml:4181(ulink)
20630
#: serverguide/C/network-auth.xml:4174(ulink)
20056
20631
msgid "Active Directory DNS Zone Entries"
20057
20632
msgstr ""
20058
20633
20059
#: serverguide/C/network-auth.xml:4182(ulink)
20634
#: serverguide/C/network-auth.xml:4175(ulink)
20060
20635
msgid "Kerberos config options"
20061
20636
msgstr ""
20062
20637
21626
22201
#: serverguide/C/mail.xml:249(para)
21627
22202
msgid ""
21628
22203
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
21629
"enable Dovecot SASL the <application>dovecot-common</application> package "
21630
"will need to be installed. From a terminal prompt enter the following:"
22204
"enable Dovecot SASL the <application>dovecot-core</application> package will "
22205
"need to be installed. From a terminal prompt enter the following:"
21631
22206
msgstr ""
21632
22207
21633
22208
#: serverguide/C/mail.xml:255(command)
21634
msgid "sudo apt install dovecot-common"
22209
msgid "sudo apt install dovecot-core"
21635
22210
msgstr ""
21636
22211
21637
22212
#: serverguide/C/mail.xml:257(para)
23841
24416
msgstr ""
23842
24417
23843
24418
#: serverguide/C/lamp-applications.xml:278(title)
23844
msgid "MediaWiki"
23845
msgstr "MediaWiki"
24419
msgid "phpMyAdmin"
24420
msgstr ""
23846
24421
23847
24422
#: serverguide/C/lamp-applications.xml:280(para)
23848
24423
msgid ""
23849
"MediaWiki is an web based Wiki software written in the PHP language. It can "
23850
"either use <application>MySQL</application> or "
23851
"<application>PostgreSQL</application> Database Management System."
23852
msgstr ""
23853
23854
#: serverguide/C/lamp-applications.xml:290(para)
23855
msgid ""
23856
"Before installing <application>MediaWiki</application> you should also "
23857
"install <application>Apache2</application>, the "
23858
"<application>PHP</application> scripting language and a Database Management "
23859
"System. <application>MySQL</application> or "
23860
"<application>PostgreSQL</application> are the most common, choose one "
23861
"depending on your need. Please refer to those sections in this manual for "
23862
"installation instructions."
23863
msgstr ""
23864
23865
#: serverguide/C/lamp-applications.xml:298(para)
23866
msgid ""
23867
"To install <application>MediaWiki</application>, run the following command "
23868
"in the command prompt:"
23869
msgstr ""
23870
23871
#: serverguide/C/lamp-applications.xml:304(command)
23872
msgid "sudo apt install mediawiki php-gd"
23873
msgstr ""
23874
23875
#: serverguide/C/lamp-applications.xml:307(para)
23876
msgid ""
23877
"For additional <application>MediaWiki</application> functionality see the "
23878
"<application>mediawiki-extensions</application> package."
23879
msgstr ""
23880
23881
#: serverguide/C/lamp-applications.xml:317(para)
23882
msgid ""
23883
"The Apache configuration file <filename>mediawiki.conf</filename> for "
23884
"<application>MediaWiki</application> is installed in "
23885
"<filename>/etc/apache2/conf-available/</filename> directory. To access "
23886
"<application>MediaWiki</application>, uncomment the following line in the "
23887
"file."
23888
msgstr ""
23889
23890
#: serverguide/C/lamp-applications.xml:324(screen)
23891
#, no-wrap
23892
msgid ""
23893
"\n"
23894
"# Alias /mediawiki /var/lib/mediawiki\n"
23895
msgstr ""
23896
23897
#: serverguide/C/lamp-applications.xml:328(para)
23898
msgid ""
23899
"The <application>MediaWiki</application> configuration also needs to be "
23900
"enabled."
23901
msgstr ""
23902
23903
#: serverguide/C/lamp-applications.xml:332(command)
23904
msgid "sudo a2enconf mediawiki.conf"
23905
msgstr ""
23906
23907
#: serverguide/C/lamp-applications.xml:335(para)
23908
msgid "Restart Apache server."
23909
msgstr ""
23910
23911
#: serverguide/C/lamp-applications.xml:342(para)
23912
msgid ""
23913
"Access <application>MediaWiki</application> by visiting <ulink "
23914
"url=\"http://localhost/mediawiki/mw-"
23915
"config/index.php\">http://localhost/mediawiki/mw-config/index.php</ulink>. "
23916
"(Or <ulink url=\"http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23917
"config/index.php\">http://NAME_OF_YOUR_VIRTUAL_HOST/mediawiki/mw-"
23918
"config/index.php</ulink> if your server has no GUI.)"
23919
msgstr ""
23920
23921
#: serverguide/C/lamp-applications.xml:350(para)
23922
msgid ""
23923
"Please read the <quote>Environmental checks</quote> section of the "
23924
"configuration page. You should be able to fix many issues by carefully "
23925
"reading this section."
23926
msgstr ""
23927
23928
#: serverguide/C/lamp-applications.xml:357(para)
23929
msgid ""
23930
"Once the configuration is complete, you should copy the "
23931
"<filename>LocalSettings.php</filename> file to "
23932
"<filename>/etc/mediawiki</filename> directory:"
23933
msgstr ""
23934
23935
#: serverguide/C/lamp-applications.xml:364(command)
23936
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
23937
msgstr ""
23938
23939
#: serverguide/C/lamp-applications.xml:367(para)
23940
msgid ""
23941
"You may also want to edit "
23942
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
23943
"memory limit (disabled by default):"
23944
msgstr ""
23945
23946
#: serverguide/C/lamp-applications.xml:372(programlisting)
23947
#, no-wrap
23948
msgid ""
23949
"\n"
23950
"ini_set( 'memory_limit', '64M' );\n"
23951
msgstr ""
23952
23953
#: serverguide/C/lamp-applications.xml:379(title)
23954
msgid "Extensions"
23955
msgstr ""
23956
23957
#: serverguide/C/lamp-applications.xml:380(para)
23958
msgid ""
23959
"The extensions add new features and enhancements for the MediaWiki "
23960
"application. The extensions give wiki administrators and end users the "
23961
"ability to customize MediaWiki to their requirements."
23962
msgstr ""
23963
23964
#: serverguide/C/lamp-applications.xml:386(para)
23965
msgid ""
23966
"You can download MediaWiki extensions as an archive file or checkout from "
23967
"the Subversion repository. You should copy it to "
23968
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
23969
"also add the following line at the end of file: "
23970
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
23971
msgstr ""
23972
23973
#: serverguide/C/lamp-applications.xml:394(programlisting)
23974
#, no-wrap
23975
msgid ""
23976
"\n"
23977
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
23978
msgstr ""
23979
23980
#: serverguide/C/lamp-applications.xml:404(para)
23981
msgid ""
23982
"For more details, please refer to the <ulink "
23983
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
23984
msgstr ""
23985
23986
#: serverguide/C/lamp-applications.xml:410(para)
23987
msgid ""
23988
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
23989
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
23990
"new MediaWiki administrators."
23991
msgstr ""
23992
23993
#: serverguide/C/lamp-applications.xml:416(para)
23994
msgid ""
23995
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
23996
"Wiki MediaWiki</ulink> page is a good resource."
23997
msgstr ""
23998
23999
#: serverguide/C/lamp-applications.xml:426(title)
24000
msgid "phpMyAdmin"
24001
msgstr ""
24002
24003
#: serverguide/C/lamp-applications.xml:428(para)
24004
msgid ""
24005
24424
"<application>phpMyAdmin</application> is a LAMP application specifically "
24006
24425
"written for administering <application>MySQL</application> servers. Written "
24007
24426
"in <application>PHP</application>, and accessed through a web browser, "
24008
24427
"phpMyAdmin provides a graphical interface for database administration tasks."
24009
24428
msgstr ""
24010
24429
24011
#: serverguide/C/lamp-applications.xml:437(para)
24430
#: serverguide/C/lamp-applications.xml:289(para)
24012
24431
msgid ""
24013
24432
"Before installing <application>phpMyAdmin</application> you will need access "
24014
24433
"to a <application>MySQL</application> database either on the same host as "
24017
24436
"enter:"
24018
24437
msgstr ""
24019
24438
24020
#: serverguide/C/lamp-applications.xml:444(command)
24439
#: serverguide/C/lamp-applications.xml:296(command)
24021
24440
msgid "sudo apt install phpmyadmin"
24022
24441
msgstr ""
24023
24442
24024
#: serverguide/C/lamp-applications.xml:447(para)
24443
#: serverguide/C/lamp-applications.xml:299(para)
24025
24444
msgid ""
24026
24445
"At the prompt choose which web server to be configured for "
24027
24446
"<application>phpMyAdmin</application>. The rest of this section will use "
24028
24447
"<application>Apache2</application> for the web server."
24029
24448
msgstr ""
24030
24449
24031
#: serverguide/C/lamp-applications.xml:452(para)
24450
#: serverguide/C/lamp-applications.xml:304(para)
24032
24451
msgid ""
24033
24452
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
24034
24453
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
24038
24457
"user's password."
24039
24458
msgstr ""
24040
24459
24041
#: serverguide/C/lamp-applications.xml:459(para)
24460
#: serverguide/C/lamp-applications.xml:311(para)
24042
24461
msgid ""
24043
24462
"Once logged in you can reset the <emphasis>root</emphasis> password if "
24044
24463
"needed, create users, create/destroy databases and tables, etc."
24045
24464
msgstr ""
24046
24465
24047
#: serverguide/C/lamp-applications.xml:467(para)
24466
#: serverguide/C/lamp-applications.xml:319(para)
24048
24467
msgid ""
24049
24468
"The configuration files for <application>phpMyAdmin</application> are "
24050
24469
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
24053
24472
"<application>phpMyAdmin</application>."
24054
24473
msgstr ""
24055
24474
24056
#: serverguide/C/lamp-applications.xml:473(para)
24475
#: serverguide/C/lamp-applications.xml:325(para)
24057
24476
msgid ""
24058
24477
"To use <application>phpMyAdmin</application> to administer a MySQL database "
24059
24478
"hosted on another server, adjust the following in "
24060
24479
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
24061
24480
msgstr ""
24062
24481
24063
#: serverguide/C/lamp-applications.xml:478(programlisting)
24482
#: serverguide/C/lamp-applications.xml:330(programlisting)
24064
24483
#, no-wrap
24065
24484
msgid ""
24066
24485
"\n"
24067
24486
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
24068
24487
msgstr ""
24069
24488
24070
#: serverguide/C/lamp-applications.xml:483(para)
24489
#: serverguide/C/lamp-applications.xml:335(para)
24071
24490
msgid ""
24072
24491
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
24073
24492
"remote database server name or IP address. Also, be sure that the "
24075
24494
"remote database."
24076
24495
msgstr ""
24077
24496
24078
#: serverguide/C/lamp-applications.xml:489(para)
24497
#: serverguide/C/lamp-applications.xml:341(para)
24079
24498
msgid ""
24080
24499
"Once configured, log out of <application>phpMyAdmin</application> and back "
24081
24500
"in, and you should be accessing the new server."
24082
24501
msgstr ""
24083
24502
24084
#: serverguide/C/lamp-applications.xml:493(para)
24503
#: serverguide/C/lamp-applications.xml:345(para)
24085
24504
msgid ""
24086
24505
"The <filename>config.header.inc.php</filename> and "
24087
24506
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
24088
24507
"header and footer to <application>phpMyAdmin</application>."
24089
24508
msgstr ""
24090
24509
24091
#: serverguide/C/lamp-applications.xml:498(para)
24510
#: serverguide/C/lamp-applications.xml:350(para)
24092
24511
msgid ""
24093
24512
"Another important configuration file is "
24094
24513
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
24099
24518
"a terminal type:"
24100
24519
msgstr ""
24101
24520
24102
#: serverguide/C/lamp-applications.xml:506(command)
24521
#: serverguide/C/lamp-applications.xml:358(command)
24103
24522
msgid ""
24104
24523
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
24105
24524
"available/phpmyadmin.conf"
24106
24525
msgstr ""
24107
24526
24108
#: serverguide/C/lamp-applications.xml:507(command)
24527
#: serverguide/C/lamp-applications.xml:359(command)
24109
24528
msgid "sudo a2enconf phpmyadmin.conf"
24110
24529
msgstr ""
24111
24530
24112
#: serverguide/C/lamp-applications.xml:511(para)
24531
#: serverguide/C/lamp-applications.xml:363(para)
24113
24532
msgid ""
24114
24533
"For more information on configuring <application>Apache2</application> see "
24115
24534
"<xref linkend=\"httpd\"/>."
24116
24535
msgstr ""
24117
24536
24118
#: serverguide/C/lamp-applications.xml:522(para)
24537
#: serverguide/C/lamp-applications.xml:374(para)
24119
24538
msgid ""
24120
24539
"The <application>phpMyAdmin</application> documentation comes installed with "
24121
24540
"the package and can be accessed from the <emphasis>phpMyAdmin "
24124
24543
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
24125
24544
msgstr ""
24126
24545
24127
#: serverguide/C/lamp-applications.xml:529(para)
24546
#: serverguide/C/lamp-applications.xml:381(para)
24128
24547
msgid ""
24129
24548
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
24130
24549
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
24131
24550
msgstr ""
24132
24551
24133
#: serverguide/C/lamp-applications.xml:534(para)
24552
#: serverguide/C/lamp-applications.xml:386(para)
24134
24553
msgid ""
24135
24554
"A third resource is the <ulink "
24136
24555
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
24137
24556
"Wiki</ulink> page."
24138
24557
msgstr ""
24139
24558
24140
#: serverguide/C/lamp-applications.xml:543(title)
24559
#: serverguide/C/lamp-applications.xml:395(title)
24141
24560
msgid "WordPress"
24142
24561
msgstr ""
24143
24562
24144
#: serverguide/C/lamp-applications.xml:544(para)
24563
#: serverguide/C/lamp-applications.xml:396(para)
24145
24564
msgid ""
24146
24565
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
24147
24566
"licensed under the GNU GPLv2."
24148
24567
msgstr ""
24149
24568
24150
#: serverguide/C/lamp-applications.xml:550(para)
24569
#: serverguide/C/lamp-applications.xml:402(para)
24151
24570
msgid ""
24152
24571
"To install <application>WordPress</application>, run the following comand in "
24153
24572
"the command prompt:"
24154
24573
msgstr ""
24155
24574
24156
#: serverguide/C/lamp-applications.xml:555(command)
24575
#: serverguide/C/lamp-applications.xml:407(command)
24157
24576
msgid "sudo apt install wordpress"
24158
24577
msgstr ""
24159
24578
24160
#: serverguide/C/lamp-applications.xml:558(para)
24579
#: serverguide/C/lamp-applications.xml:410(para)
24161
24580
msgid ""
24162
24581
"You should also install <application>apache2</application> web server and "
24163
24582
"<application>mysql</application> server. For installing "
24168
24587
"linkend=\"mysql\"/> section."
24169
24588
msgstr ""
24170
24589
24171
#: serverguide/C/lamp-applications.xml:572(para)
24590
#: serverguide/C/lamp-applications.xml:424(para)
24172
24591
msgid ""
24173
24592
"For configuring your first <application>WordPress</application> application, "
24174
24593
"configure an apache site. Open <filename>/etc/apache2/sites-"
24175
24594
"available/wordpress.conf</filename> and write the following lines:"
24176
24595
msgstr ""
24177
24596
24178
#: serverguide/C/lamp-applications.xml:579(programlisting)
24597
#: serverguide/C/lamp-applications.xml:431(programlisting)
24179
24598
#, no-wrap
24180
24599
msgid ""
24181
24600
"\n"
24195
24614
" "
24196
24615
msgstr ""
24197
24616
24198
#: serverguide/C/lamp-applications.xml:595(para)
24617
#: serverguide/C/lamp-applications.xml:447(para)
24199
24618
msgid "Enable this new <application>WordPress</application> site"
24200
24619
msgstr ""
24201
24620
24202
#: serverguide/C/lamp-applications.xml:598(command)
24621
#: serverguide/C/lamp-applications.xml:450(command)
24203
24622
msgid "sudo a2ensite wordpress"
24204
24623
msgstr ""
24205
24624
24206
#: serverguide/C/lamp-applications.xml:601(para)
24625
#: serverguide/C/lamp-applications.xml:453(para)
24207
24626
msgid ""
24208
24627
"Once you configure the <application>apache2</application> web server and "
24209
24628
"make it ready for your <application>WordPress</application> application, you "
24211
24630
"<application>apache2</application> web server:"
24212
24631
msgstr ""
24213
24632
24214
#: serverguide/C/lamp-applications.xml:613(para)
24633
#: serverguide/C/lamp-applications.xml:465(para)
24215
24634
msgid ""
24216
24635
"To facilitate multiple <application>WordPress</application> installations, "
24217
24636
"the name of this configuration file is based on the Host header of the HTTP "
24224
24643
"NAME_OF_YOUR_VIRTUAL_HOST.php."
24225
24644
msgstr ""
24226
24645
24227
#: serverguide/C/lamp-applications.xml:624(para)
24646
#: serverguide/C/lamp-applications.xml:476(para)
24228
24647
msgid ""
24229
24648
"Once the configuration file is written, it is up to you to choose a "
24230
24649
"convention for username and password to mysql for each "
24232
24651
"shows only one, localhost, example."
24233
24652
msgstr ""
24234
24653
24235
#: serverguide/C/lamp-applications.xml:631(para)
24654
#: serverguide/C/lamp-applications.xml:483(para)
24236
24655
msgid ""
24237
24656
"Now configure <application>WordPress</application> to use a mysql database. "
24238
24657
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
24239
24658
"the following lines:"
24240
24659
msgstr ""
24241
24660
24242
#: serverguide/C/lamp-applications.xml:637(programlisting)
24661
#: serverguide/C/lamp-applications.xml:489(programlisting)
24243
24662
#, no-wrap
24244
24663
msgid ""
24245
24664
"\n"
24252
24671
"?>\n"
24253
24672
msgstr ""
24254
24673
24255
#: serverguide/C/lamp-applications.xml:646(para)
24674
#: serverguide/C/lamp-applications.xml:498(para)
24256
24675
msgid ""
24257
24676
"Now create this mysql database. Open a temporary file with mysql commands "
24258
24677
"<filename>wordpress.sql</filename> and write the following lines:"
24259
24678
msgstr ""
24260
24679
24261
#: serverguide/C/lamp-applications.xml:649(programlisting)
24680
#: serverguide/C/lamp-applications.xml:501(programlisting)
24262
24681
#, no-wrap
24263
24682
msgid ""
24264
24683
"\n"
24270
24689
"FLUSH PRIVILEGES;\n"
24271
24690
msgstr ""
24272
24691
24273
#: serverguide/C/lamp-applications.xml:657(para)
24692
#: serverguide/C/lamp-applications.xml:509(para)
24274
24693
msgid "Execute these commands."
24275
24694
msgstr ""
24276
24695
24277
#: serverguide/C/lamp-applications.xml:659(command)
24696
#: serverguide/C/lamp-applications.xml:511(command)
24278
24697
msgid ""
24279
24698
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
24280
24699
msgstr ""
24281
24700
24282
#: serverguide/C/lamp-applications.xml:661(para)
24701
#: serverguide/C/lamp-applications.xml:513(para)
24283
24702
msgid ""
24284
24703
"Your new <application>WordPress</application> can now be configured by "
24285
24704
"visiting <ulink url=\"http://localhost/blog/wp-"
24292
24711
"mail and click Install WordPress."
24293
24712
msgstr ""
24294
24713
24295
#: serverguide/C/lamp-applications.xml:668(para)
24714
#: serverguide/C/lamp-applications.xml:520(para)
24296
24715
msgid ""
24297
24716
"Note the generated password (if applicable) and click the login password. "
24298
24717
"Your <application>WordPress</application> is now ready for use."
24299
24718
msgstr ""
24300
24719
24301
#: serverguide/C/lamp-applications.xml:678(ulink)
24720
#: serverguide/C/lamp-applications.xml:530(ulink)
24302
24721
msgid "WordPress.org Codex"
24303
24722
msgstr ""
24304
24723
24305
#: serverguide/C/lamp-applications.xml:683(ulink)
24724
#: serverguide/C/lamp-applications.xml:535(ulink)
24306
24725
msgid "Ubuntu Wiki WordPress"
24307
24726
msgstr ""
24308
24727
30718
31137
msgstr ""
30719
31138
30720
31139
#: serverguide/C/clustering.xml:135(command)
30721
msgid "sudo systemctl start drdb.service"
31140
msgid "sudo systemctl start drbd.service"
30722
31141
msgstr ""
30723
31142
30724
31143
#: serverguide/C/clustering.xml:141(para)
32466
32885
#~ msgid "sudo apt-get install python-moinmoin"
32467
32886
#~ msgstr "sudo apt-get install python-moinmoin"
32468
32887
32888
#~ msgid "MediaWiki"
32889
#~ msgstr "MediaWiki"
32890
32469
32891
#~ msgid "sudo apt-get install mediawiki php5-gd"
32470
32892
#~ msgstr "sudo apt-get install mediawiki php5-gd"
32471
32893
Loggerhead is a web-based interface for Breezy
Version: 2.0.1