« back to all changes in this revision
Viewing changes to serverguide/po/ast.po
- browse files at revision 99
- compare with another revision
- download diff
- download tarball
- view history from revision 99
- Committer: Jeremy Bicha
- Date: 2012-10-22 19:42:46 UTC
- Revision ID: jbicha@ubuntu.com-20121022194246-bpuxhh9k24p0hig6
Run scripts/get-pot.sh to update pot
Import translations from LP
Import translations from LP
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/ast.po
7
7
msgstr ""
8
8
"Project-Id-Version: ubuntu-docs\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-08-16 02:06+0000\n"
10
"POT-Creation-Date: 2012-04-03 07:43+0000\n"
11
"PO-Revision-Date: 2012-05-11 01:18+0000\n"
12
12
"Last-Translator: Matthew East <matt@mdke.org>\n"
13
13
"Language-Team: Asturian <ast@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:46+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@list.ubuntu.com (Proyeutu de Documentación d'Ubuntu)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "Guía del Sirvidor Ubuntu"
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "30-09-2007"
17
"X-Launchpad-Export-Date: 2012-10-22 19:35+0000\n"
18
"X-Generator: Launchpad (build 16165)\n"
31
19
32
20
#: serverguide/C/windows-networking.xml:13(title)
33
21
msgid "Windows Networking"
54
42
"principios y preseos emplegaos pa configurar el so sirvidor Ubuntu pa que "
55
43
"pueda compartir recursos na rede con equipos Windows."
56
44
57
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
45
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:405(title) serverguide/C/security.xml:354(title) serverguide/C/remote-administration.xml:20(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title) serverguide/C/installation.xml:1203(title)
58
46
msgid "Introduction"
59
47
msgstr "Introducción"
60
48
161
149
"d'accesu más estrictos, consulte <xref linkend=\"samba-fileprint-"
162
150
"security\"/>."
163
151
164
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
152
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:294(title) serverguide/C/web-servers.xml:53(title) serverguide/C/web-servers.xml:692(title) serverguide/C/web-servers.xml:835(title) serverguide/C/web-servers.xml:959(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:2614(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:48(title) serverguide/C/remote-administration.xml:236(title) serverguide/C/remote-administration.xml:427(title) serverguide/C/network-config.xml:977(title) serverguide/C/network-config.xml:1091(title) serverguide/C/network-auth.xml:121(title) serverguide/C/network-auth.xml:2782(title) serverguide/C/network-auth.xml:3254(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:431(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:492(title) serverguide/C/mail.xml:681(title) serverguide/C/mail.xml:830(title) serverguide/C/mail.xml:1320(title) serverguide/C/lamp-applications.xml:112(title) serverguide/C/lamp-applications.xml:274(title) serverguide/C/lamp-applications.xml:410(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:949(title) serverguide/C/installation.xml:1230(title) serverguide/C/file-server.xml:359(title) serverguide/C/file-server.xml:648(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:39(title) serverguide/C/databases.xml:309(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:136(title) serverguide/C/backups.xml:598(title)
165
153
msgid "Installation"
166
154
msgstr "Instalación"
167
155
173
161
"El primer pasu ye instalar el paquete <application>samba</application>. "
174
162
"Dende un terminal, pon:"
175
163
176
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
164
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:306(command)
177
165
msgid "sudo apt-get install samba"
178
166
msgstr "sudo apt-get install samba"
179
167
184
172
msgstr ""
185
173
"Esto ye too; agora ta preparáu pa configurar Samba y compartir archivos."
186
174
187
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
175
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:311(title) serverguide/C/web-servers.xml:73(title) serverguide/C/web-servers.xml:745(title) serverguide/C/web-servers.xml:846(title) serverguide/C/web-servers.xml:986(title) serverguide/C/web-servers.xml:1086(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:70(title) serverguide/C/remote-administration.xml:256(title) serverguide/C/package-management.xml:402(title) serverguide/C/network-config.xml:999(title) serverguide/C/network-config.xml:1102(title) serverguide/C/network-auth.xml:2869(title) serverguide/C/network-auth.xml:3275(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:457(title) serverguide/C/mail.xml:501(title) serverguide/C/mail.xml:691(title) serverguide/C/mail.xml:913(title) serverguide/C/mail.xml:1349(title) serverguide/C/lamp-applications.xml:132(title) serverguide/C/lamp-applications.xml:301(title) serverguide/C/lamp-applications.xml:440(title) serverguide/C/installation.xml:1246(title) serverguide/C/file-server.xml:372(title) serverguide/C/file-server.xml:674(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:82(title) serverguide/C/databases.xml:325(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:148(title) serverguide/C/backups.xml:627(title)
188
176
msgid "Configuration"
189
177
msgstr "Configuración"
190
178
213
201
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">coleición de "
214
202
"HOWTOs de Samba</ulink> pa más información."
215
203
216
#: serverguide/C/windows-networking.xml:116(para)
204
#: serverguide/C/windows-networking.xml:115(para)
217
205
msgid ""
218
206
"First, edit the following key/value pairs in the "
219
207
"<emphasis>[global]</emphasis> section of "
222
210
"En primer llugar, edite les vinientes pareyes clave/valor na seición "
223
211
"<emphasis>[global]</emphasis> de <filename>/etc/samba/smb.conf</filename>:"
224
212
225
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
213
#: serverguide/C/windows-networking.xml:120(programlisting) serverguide/C/windows-networking.xml:318(programlisting) serverguide/C/windows-networking.xml:786(programlisting) serverguide/C/windows-networking.xml:1025(programlisting)
226
214
#, no-wrap
227
215
msgid ""
228
216
"\n"
235
223
" ...\n"
236
224
" seguridá = usuariu\n"
237
225
238
#: serverguide/C/windows-networking.xml:127(para)
226
#: serverguide/C/windows-networking.xml:126(para)
239
227
msgid ""
240
228
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
241
229
"section, and is commented by default. Also, change "
245
233
"[global], y por omisión ta comentáu. Amás, camude "
246
234
"<emphasis>EXEMPLU</emphasis> por dalgo que s'axuste meyor al so entornu."
247
235
248
#: serverguide/C/windows-networking.xml:135(para)
236
#: serverguide/C/windows-networking.xml:134(para)
249
237
msgid ""
250
238
"Create a new section at the bottom of the file, or uncomment one of the "
251
239
"examples, for the directory to be shared:"
253
241
"Cree una seición nueva al final del archivu (o esborri ún de los exemplos) "
254
242
"pa poder compartir el direutoriu:"
255
243
256
#: serverguide/C/windows-networking.xml:139(programlisting)
244
#: serverguide/C/windows-networking.xml:138(programlisting)
257
245
#, no-wrap
258
246
msgid ""
259
247
"\n"
274
262
" read only = non\n"
275
263
" create mask = 0755\n"
276
264
277
#: serverguide/C/windows-networking.xml:151(para)
265
#: serverguide/C/windows-networking.xml:150(para)
278
266
msgid ""
279
267
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
280
268
"fit your needs."
282
270
"<emphasis>comment:</emphasis> una descripción pequeña del recursu compartíu. "
283
271
"Adáutelu a les sos necesidaes."
284
272
285
#: serverguide/C/windows-networking.xml:156(para)
273
#: serverguide/C/windows-networking.xml:155(para)
286
274
msgid "<emphasis>path:</emphasis> the path to the directory to share."
287
275
msgstr ""
288
276
"<emphasis>path:</emphasis> el camín al direutoriu que se va a compartir."
289
277
290
#: serverguide/C/windows-networking.xml:159(para)
278
#: serverguide/C/windows-networking.xml:158(para)
291
279
msgid ""
292
280
"This example uses <filename>/srv/samba/sharename</filename> because, "
293
281
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
307
295
"cuando los permisos seyan correutos, pero ye encamentable axustase a los "
308
296
"estándares."
309
297
310
#: serverguide/C/windows-networking.xml:168(para)
298
#: serverguide/C/windows-networking.xml:167(para)
311
299
msgid ""
312
300
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
313
301
"directory using <application>Windows Explorer</application>."
316
304
"direutoriu compartíu emplegando l'<application>Explorador de "
317
305
"Windows</application>."
318
306
319
#: serverguide/C/windows-networking.xml:174(para)
307
#: serverguide/C/windows-networking.xml:173(para)
320
308
msgid ""
321
309
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
322
310
"without supplying a password."
324
312
"<emphasis>guest ok:</emphasis> permite que los clientes se puean coneutar al "
325
313
"recursu ensin necesidá d'introducir conseña nenguna."
326
314
327
#: serverguide/C/windows-networking.xml:179(para)
315
#: serverguide/C/windows-networking.xml:178(para)
328
316
msgid ""
329
317
"<emphasis>read only:</emphasis> determines if the share is read only or if "
330
318
"write privileges are granted. Write privileges are allowed only when the "
332
320
"is <emphasis>yes</emphasis>, then access to the share is read only."
333
321
msgstr ""
334
322
335
#: serverguide/C/windows-networking.xml:184(para)
323
#: serverguide/C/windows-networking.xml:183(para)
336
324
msgid ""
337
325
"<emphasis>create mask:</emphasis> determines the permissions new files will "
338
326
"have when created."
340
328
"<emphasis>create mask:</emphasis> determina los permisos que tendrán los "
341
329
"archivos nuevos cuando se creen."
342
330
343
#: serverguide/C/windows-networking.xml:193(para)
331
#: serverguide/C/windows-networking.xml:192(para)
344
332
msgid ""
345
333
"Now that <application>Samba</application> is configured, the directory needs "
346
334
"to be created and the permissions changed. From a terminal enter:"
348
336
"Agora que <application>Samba</application> yá ta configuráu, necesítase "
349
337
"crear el direutoriu y camudar los sos permisos. Dende un terminal, teclee:"
350
338
351
#: serverguide/C/windows-networking.xml:199(command)
339
#: serverguide/C/windows-networking.xml:198(command)
352
340
msgid "sudo mkdir -p /srv/samba/share"
353
341
msgstr "sudo mkdir -p /srv/samba/share"
354
342
355
#: serverguide/C/windows-networking.xml:200(command)
343
#: serverguide/C/windows-networking.xml:199(command)
356
344
msgid "sudo chown nobody.nogroup /srv/samba/share/"
357
345
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
358
346
359
#: serverguide/C/windows-networking.xml:204(para)
347
#: serverguide/C/windows-networking.xml:203(para)
360
348
msgid ""
361
349
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
362
"directory tree if it doesn't exist. Change the share name to fit your "
363
"environment."
350
"directory tree if it doesn't exist."
364
351
msgstr ""
365
"La opción <emphasis>-p</emphasis> indica a mkdir que cree l'árbol completu "
366
"hasta'l direutoriu si nun esistiera. Camude'l nome «share» por otru que "
367
"s'axuste más al so entornu."
368
352
369
#: serverguide/C/windows-networking.xml:213(para)
353
#: serverguide/C/windows-networking.xml:211(para)
370
354
msgid ""
371
355
"Finally, restart the <application>samba</application> services to enable the "
372
356
"new configuration:"
374
358
"A lo último, reanicie los servicios <application>samba</application> "
375
359
"p'afitar la configuración nueva:"
376
360
377
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
361
#: serverguide/C/windows-networking.xml:216(command) serverguide/C/windows-networking.xml:338(command) serverguide/C/windows-networking.xml:476(command) serverguide/C/windows-networking.xml:576(command) serverguide/C/windows-networking.xml:927(command) serverguide/C/windows-networking.xml:1082(command) serverguide/C/windows-networking.xml:1189(command) serverguide/C/network-auth.xml:2515(command)
378
362
msgid "sudo restart smbd"
379
363
msgstr ""
380
364
381
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
365
#: serverguide/C/windows-networking.xml:217(command) serverguide/C/windows-networking.xml:339(command) serverguide/C/windows-networking.xml:477(command) serverguide/C/windows-networking.xml:577(command) serverguide/C/windows-networking.xml:928(command) serverguide/C/windows-networking.xml:1083(command) serverguide/C/windows-networking.xml:1190(command) serverguide/C/network-auth.xml:2516(command)
382
366
msgid "sudo restart nmbd"
383
367
msgstr ""
384
368
385
#: serverguide/C/windows-networking.xml:226(para)
369
#: serverguide/C/windows-networking.xml:224(para)
386
370
msgid ""
387
371
"Once again, the above configuration gives all access to any client on the "
388
372
"local network. For a more secure configuration see <xref linkend=\"samba-"
392
376
"clientes de la rede llocal. Pa una configuración más segura, consulte <xref "
393
377
"linkend=\"samba-fileprint-security\"/>."
394
378
395
#: serverguide/C/windows-networking.xml:232(para)
379
#: serverguide/C/windows-networking.xml:230(para)
396
380
msgid ""
397
381
"From a Windows client you should now be able to browse to the Ubuntu file "
398
"server and see the shared directory. To check that everything is working try "
399
"creating a directory from Windows."
382
"server and see the shared directory. If your client doesn't show your share "
383
"automatically, try to access your server by its IP address, e.g. \\\\"
384
"192.168.1.1, in a Windows Explorer window. To check that everything is "
385
"working try creating a directory from Windows."
400
386
msgstr ""
401
"Dende un cliente Windows habría poder restolar pel sirvidor d'archivos "
402
"d'Ubuntu y ver el direutoriu compartíu. Pa comprobar que too funciona bien, "
403
"pruebe a crear un direutoriu dende Windows."
404
387
405
#: serverguide/C/windows-networking.xml:237(para)
388
#: serverguide/C/windows-networking.xml:234(para)
406
389
msgid ""
407
390
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
408
391
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
414
397
"reanicie <emphasis>Samba</emphasis>. Namái asegúrese que'l direutoriu que "
415
398
"quier compartir esiste daveres, y que los sos permisos son correutos."
416
399
417
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
400
#: serverguide/C/windows-networking.xml:241(para)
401
msgid ""
402
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
403
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
404
"and path names to fit your environment. It is a good idea to name a share "
405
"after a directory on the file system. Another example would be a share name "
406
"of <emphasis>[qa]</emphasis> with a path of "
407
"<filename>/srv/samba/qa</filename>."
408
msgstr ""
409
410
#: serverguide/C/windows-networking.xml:250(title) serverguide/C/windows-networking.xml:349(title) serverguide/C/windows-networking.xml:706(title) serverguide/C/windows-networking.xml:1102(title) serverguide/C/windows-networking.xml:1301(title) serverguide/C/virtualization.xml:369(title) serverguide/C/virtualization.xml:1065(title) serverguide/C/virtualization.xml:2473(title) serverguide/C/virtualization.xml:4385(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/remote-administration.xml:376(title) serverguide/C/network-config.xml:586(title) serverguide/C/network-config.xml:849(title) serverguide/C/network-auth.xml:2115(title) serverguide/C/network-auth.xml:2657(title) serverguide/C/network-auth.xml:3373(title) serverguide/C/network-auth.xml:3926(title) serverguide/C/installation.xml:883(title) serverguide/C/installation.xml:1169(title) serverguide/C/installation.xml:1374(title) serverguide/C/databases.xml:273(title) serverguide/C/databases.xml:411(title) serverguide/C/backups.xml:866(title)
418
411
msgid "Resources"
419
412
msgstr "Recursos"
420
413
421
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
414
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1106(para)
422
415
msgid ""
423
416
"For in depth Samba configurations see the <ulink "
424
417
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
428
421
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">coleición de "
429
422
"HOWTOs de Samba</ulink>."
430
423
431
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
424
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para) serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1112(para)
432
425
msgid ""
433
426
"The guide is also available in <ulink "
434
427
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
438
431
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">formatu "
439
432
"imprentáu</ulink>."
440
433
441
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
434
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:365(para)
442
435
msgid ""
443
436
"O'Reilly's <ulink "
444
437
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
448
441
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> ye "
449
442
"otra fonte bona de referencia."
450
443
451
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
444
#: serverguide/C/windows-networking.xml:272(para) serverguide/C/windows-networking.xml:376(para) serverguide/C/windows-networking.xml:741(para) serverguide/C/windows-networking.xml:1136(para) serverguide/C/windows-networking.xml:1314(para)
452
445
msgid ""
453
446
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
454
447
"</ulink> page."
455
448
msgstr ""
456
449
457
#: serverguide/C/windows-networking.xml:275(title)
450
#: serverguide/C/windows-networking.xml:281(title)
458
451
msgid "Samba Print Server"
459
452
msgstr "Sirvidor d'impresión Samba"
460
453
461
#: serverguide/C/windows-networking.xml:277(para)
454
#: serverguide/C/windows-networking.xml:283(para)
462
455
msgid ""
463
456
"Another common use of Samba is to configure it to share printers installed, "
464
457
"either locally or over the network, on an Ubuntu server. Similar to <xref "
472
465
"permitir que cualquier veceru de la rede llocal puea usar les impresores "
473
466
"instalaes ensin necesidá d'introducir un nome d'usuariu y una conseña."
474
467
475
#: serverguide/C/windows-networking.xml:283(para)
468
#: serverguide/C/windows-networking.xml:289(para)
476
469
msgid ""
477
470
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
478
471
"security\"/>."
480
473
"Pa una configuración más segura, consulta <xref linkend=\"samba-fileprint-"
481
474
"security\"/>."
482
475
483
#: serverguide/C/windows-networking.xml:290(para)
476
#: serverguide/C/windows-networking.xml:296(para)
484
477
msgid ""
485
478
"Before installing and configuring Samba it is best to already have a working "
486
479
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
490
483
"instalación funcional de <application>CUPS</application> Consulte <xref "
491
484
"linkend=\"cups\"/> pa más información."
492
485
493
#: serverguide/C/windows-networking.xml:295(para)
486
#: serverguide/C/windows-networking.xml:301(para)
494
487
msgid ""
495
488
"To install the <application>samba</application> package, from a terminal "
496
489
"enter:"
497
490
msgstr ""
498
491
"Pa instalar el paquete <application>samba</application>, teclee nun terminal:"
499
492
500
#: serverguide/C/windows-networking.xml:306(para)
493
#: serverguide/C/windows-networking.xml:312(para)
501
494
msgid ""
502
495
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
503
496
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
504
497
"network, and change <emphasis>security</emphasis> to <emphasis "
505
"role=\"italic\">share</emphasis>:"
498
"role=\"italic\">user</emphasis>:"
506
499
msgstr ""
507
"N'instalando Samba, edite <filename>/etc/samba/smb.conf</filename>. Camude "
508
"l'atributu <emphasis>workgroup</emphasis> por ún afayadizu pa la so rede, y "
509
"camude <emphasis>security</emphasis> al valor <emphasis "
510
"role=\"italic\">share</emphasis>:"
511
500
512
#: serverguide/C/windows-networking.xml:318(para)
501
#: serverguide/C/windows-networking.xml:324(para)
513
502
msgid ""
514
503
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
515
504
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
517
506
"Na seición <emphasis>[printers]</emphasis> camude la opción <emphasis>guest "
518
507
"ok</emphasis> a <emphasis role=\"italic\">yes</emphasis>:"
519
508
520
#: serverguide/C/windows-networking.xml:322(programlisting)
509
#: serverguide/C/windows-networking.xml:328(programlisting)
521
510
#, no-wrap
522
511
msgid ""
523
512
"\n"
528
517
" browsable = yes\n"
529
518
" guest ok = yes\n"
530
519
531
#: serverguide/C/windows-networking.xml:327(para)
520
#: serverguide/C/windows-networking.xml:333(para)
532
521
msgid "After editing <filename>smb.conf</filename> restart Samba:"
533
522
msgstr "Depués d'editar <filename>smb.conf</filename> reanicie Samba:"
534
523
535
#: serverguide/C/windows-networking.xml:336(para)
524
#: serverguide/C/windows-networking.xml:342(para)
536
525
msgid ""
537
526
"The default Samba configuration will automatically share any printers "
538
527
"installed. Simply install the printer locally on your Windows clients."
541
530
"imprentadora instalada. Simplemente, instale la imprentadora llocalmente nos "
542
531
"sos veceros Windows."
543
532
544
#: serverguide/C/windows-networking.xml:365(para)
533
#: serverguide/C/windows-networking.xml:371(para)
545
534
msgid ""
546
535
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
547
536
"more information on configuring CUPS."
549
538
"Amás, visite la <ulink url=\"http://www.cups.org/\">páxina web de "
550
539
"CUPS</ulink> pa más información sobre cómo configurar CUPS."
551
540
552
#: serverguide/C/windows-networking.xml:379(title)
541
#: serverguide/C/windows-networking.xml:385(title)
553
542
msgid "Securing a Samba File and Print Server"
554
543
msgstr "Asegurar un sirvidor Samba d'archivos ya imprentación"
555
544
556
#: serverguide/C/windows-networking.xml:382(title)
545
#: serverguide/C/windows-networking.xml:388(title)
557
546
msgid "Samba Security Modes"
558
547
msgstr "Moos de seguridá en Samba"
559
548
560
#: serverguide/C/windows-networking.xml:384(para)
549
#: serverguide/C/windows-networking.xml:390(para)
561
550
msgid ""
562
551
"There are two security levels available to the Common Internet Filesystem "
563
552
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
572
561
"mode</emphasis> permite más flexibilidá, yá que proporciona cuatro formes "
573
562
"d'emplegar la seguridá user-level y una forma d'aplicar share-level:"
574
563
575
#: serverguide/C/windows-networking.xml:393(para)
564
#: serverguide/C/windows-networking.xml:399(para)
576
565
msgid ""
577
566
"<emphasis>security = user:</emphasis> requires clients to supply a username "
578
567
"and password to connect to shares. Samba user accounts are separate from "
585
574
"paquete <application>libpam-smbpass</application> sincroniza les cuentes y "
586
575
"conseña del sistema cola base de datos d'usuarios de Samba."
587
576
588
#: serverguide/C/windows-networking.xml:400(para)
577
#: serverguide/C/windows-networking.xml:406(para)
589
578
msgid ""
590
579
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
591
580
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
599
588
"(Domain Member Server, DMS). Consulte <xref linkend=\"samba-dc\"/> pa más "
600
589
"información."
601
590
602
#: serverguide/C/windows-networking.xml:407(para)
591
#: serverguide/C/windows-networking.xml:413(para)
603
592
msgid ""
604
593
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
605
594
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
609
598
"a un dominiu d'Active Directory como si fuera un miembru nativu. Consulte "
610
599
"<xref linkend=\"samba-ad-integration\"/> pa más información."
611
600
612
#: serverguide/C/windows-networking.xml:413(para)
601
#: serverguide/C/windows-networking.xml:419(para)
613
602
msgid ""
614
603
"<emphasis>security = server:</emphasis> this mode is left over from before "
615
604
"Samba could become a member server, and due to some security issues should "
624
613
"Collection/ServerType.html#id349531\">seguridá del sirvidor</ulink> na guía "
625
614
"de Samba pa más información."
626
615
627
#: serverguide/C/windows-networking.xml:421(para)
616
#: serverguide/C/windows-networking.xml:427(para)
628
617
msgid ""
629
618
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
630
619
"without supplying a username and password."
633
622
"coneutase a los recursos compartíos ensin necesidá de proporcionar un nome "
634
623
"d'usuariu y una conseña."
635
624
636
#: serverguide/C/windows-networking.xml:428(para)
625
#: serverguide/C/windows-networking.xml:434(para)
637
626
msgid ""
638
627
"The security mode you choose will depend on your environment and what you "
639
628
"need the Samba server to accomplish."
641
630
"El mou de seguridá que vaya elixir dependerá del so entornu y de lo que "
642
631
"necesite que faiga'l so sirvidor Samba."
643
632
644
#: serverguide/C/windows-networking.xml:434(title)
633
#: serverguide/C/windows-networking.xml:440(title)
645
634
msgid "Security = User"
646
635
msgstr "Seguridá = Usuariu"
647
636
648
#: serverguide/C/windows-networking.xml:436(para)
637
#: serverguide/C/windows-networking.xml:442(para)
649
638
msgid ""
650
639
"This section will reconfigure the Samba file and print server, from <xref "
651
640
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
655
644
"dende <xref linkend=\"samba-fileserver\"/> hasta <xref linkend=\"samba-"
656
645
"printserver\"/>, pa que requiera autenticación."
657
646
658
#: serverguide/C/windows-networking.xml:441(para)
647
#: serverguide/C/windows-networking.xml:447(para)
659
648
msgid ""
660
649
"First, install the <application>libpam-smbpass</application> package which "
661
650
"will sync the system users to the Samba user database:"
664
653
"application>, que sincronizará los usuarios del sistema cola base de datos "
665
654
"d'usuarios de Samba:"
666
655
667
#: serverguide/C/windows-networking.xml:447(command)
656
#: serverguide/C/windows-networking.xml:453(command)
668
657
msgid "sudo apt-get install libpam-smbpass"
669
658
msgstr "sudo apt-get install libpam-smbpass"
670
659
671
#: serverguide/C/windows-networking.xml:451(para)
660
#: serverguide/C/windows-networking.xml:457(para)
672
661
msgid ""
673
662
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
674
663
"<application>libpam-smbpass</application> is already installed."
677
666
"instalación, yá tendrá instaláu'l paquete <application>libpam-"
678
667
"smbpass</application>."
679
668
680
#: serverguide/C/windows-networking.xml:457(para)
669
#: serverguide/C/windows-networking.xml:463(para)
681
670
msgid ""
682
671
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
683
672
"<emphasis>[share]</emphasis> section change:"
685
674
"Edite <filename>/etc/samba/smb.conf</filename>, y na seición "
686
675
"<emphasis>[share]</emphasis> camude:"
687
676
688
#: serverguide/C/windows-networking.xml:461(programlisting)
677
#: serverguide/C/windows-networking.xml:467(programlisting)
689
678
#, no-wrap
690
679
msgid ""
691
680
"\n"
694
683
"\n"
695
684
" guest ok = no\n"
696
685
697
#: serverguide/C/windows-networking.xml:465(para)
686
#: serverguide/C/windows-networking.xml:471(para)
698
687
msgid "Finally, restart Samba for the new settings to take effect:"
699
688
msgstr ""
700
689
"A lo último, reanicie Samba pa que la configuración nueva tenga efeutu:"
701
690
702
#: serverguide/C/windows-networking.xml:474(para)
691
#: serverguide/C/windows-networking.xml:480(para)
703
692
msgid ""
704
693
"Now when connecting to the shared directories or printers you should be "
705
694
"prompted for a username and password."
707
696
"Agora, cuando se coneute a los direutorios o imprentadores compartíes, "
708
697
"solicitaráse-y un nome d'usuariu y una conseña."
709
698
710
#: serverguide/C/windows-networking.xml:479(para)
699
#: serverguide/C/windows-networking.xml:485(para)
711
700
msgid ""
712
701
"If you choose to map a network drive to the share you can check the "
713
702
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
718
707
"que-y esixirá introducir el nome d'usuariu y la conseña una única vegada, "
719
708
"polo menos hasta que la conseña camude."
720
709
721
#: serverguide/C/windows-networking.xml:487(title)
710
#: serverguide/C/windows-networking.xml:493(title)
722
711
msgid "Share Security"
723
712
msgstr "Compartir seguridá"
724
713
725
#: serverguide/C/windows-networking.xml:489(para)
714
#: serverguide/C/windows-networking.xml:495(para)
726
715
msgid ""
727
716
"There are several options available to increase the security for each "
728
717
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
729
718
"this section will cover some common options."
730
719
msgstr ""
731
720
732
#: serverguide/C/windows-networking.xml:495(title)
721
#: serverguide/C/windows-networking.xml:501(title)
733
722
msgid "Groups"
734
723
msgstr "Grupos"
735
724
736
#: serverguide/C/windows-networking.xml:497(para)
725
#: serverguide/C/windows-networking.xml:503(para)
737
726
msgid ""
738
727
"Groups define a collection of computers or users which have a common level "
739
728
"of access to particular network resources and offer a level of granularity "
755
744
"have only access to resources explicitly allowing the group they are part of."
756
745
msgstr ""
757
746
758
#: serverguide/C/windows-networking.xml:511(para)
747
#: serverguide/C/windows-networking.xml:517(para)
759
748
msgid ""
760
749
"By default Samba looks for the local system groups defined in "
761
750
"<filename>/etc/group</filename> to determine which users belong to which "
763
752
"<xref linkend=\"adding-deleting-users\"/>."
764
753
msgstr ""
765
754
766
#: serverguide/C/windows-networking.xml:517(para)
755
#: serverguide/C/windows-networking.xml:523(para)
767
756
msgid ""
768
757
"When defining groups in the Samba configuration file, "
769
758
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
774
763
"role=\"bold\">@sysadmin</emphasis>."
775
764
msgstr ""
776
765
777
#: serverguide/C/windows-networking.xml:526(title)
766
#: serverguide/C/windows-networking.xml:532(title)
778
767
msgid "File Permissions"
779
768
msgstr "Permisos de ficheru"
780
769
781
#: serverguide/C/windows-networking.xml:528(para)
770
#: serverguide/C/windows-networking.xml:534(para)
782
771
msgid ""
783
772
"File Permissions define the explicit rights a computer or user has to a "
784
773
"particular directory, file, or set of files. Such permissions may be defined "
786
775
"the explicit permissions of a defined file share."
787
776
msgstr ""
788
777
789
#: serverguide/C/windows-networking.xml:534(para)
778
#: serverguide/C/windows-networking.xml:540(para)
790
779
msgid ""
791
780
"For example, if you have defined a Samba share called "
792
781
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
798
787
"under the <emphasis>[share]</emphasis> entry:"
799
788
msgstr ""
800
789
801
#: serverguide/C/windows-networking.xml:543(programlisting)
790
#: serverguide/C/windows-networking.xml:549(programlisting)
802
791
#, no-wrap
803
792
msgid ""
804
793
"\n"
809
798
" read list = @qa\n"
810
799
" write list = @sysadmin, vincent\n"
811
800
812
#: serverguide/C/windows-networking.xml:548(para)
801
#: serverguide/C/windows-networking.xml:554(para)
813
802
msgid ""
814
803
"Another possible Samba permission is to declare "
815
804
"<emphasis>administrative</emphasis> permissions to a particular shared "
818
807
"administrative permissions to."
819
808
msgstr ""
820
809
821
#: serverguide/C/windows-networking.xml:554(para)
810
#: serverguide/C/windows-networking.xml:560(para)
822
811
msgid ""
823
812
"For example, if you wanted to give the user <emphasis "
824
813
"role=\"italic\">melissa</emphasis> administrative permissions to the "
827
816
"under the <emphasis>[share]</emphasis> entry:"
828
817
msgstr ""
829
818
830
#: serverguide/C/windows-networking.xml:561(programlisting)
819
#: serverguide/C/windows-networking.xml:567(programlisting)
831
820
#, no-wrap
832
821
msgid ""
833
822
"\n"
836
825
"\n"
837
826
" admin users = llara\n"
838
827
839
#: serverguide/C/windows-networking.xml:565(para)
828
#: serverguide/C/windows-networking.xml:571(para)
840
829
msgid ""
841
830
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
842
831
"the changes to take effect:"
843
832
msgstr ""
844
833
845
#: serverguide/C/windows-networking.xml:575(para)
834
#: serverguide/C/windows-networking.xml:581(para)
846
835
msgid ""
847
836
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
848
837
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
849
838
"<emphasis role=\"italic\">security = share</emphasis>"
850
839
msgstr ""
851
840
852
#: serverguide/C/windows-networking.xml:581(para)
841
#: serverguide/C/windows-networking.xml:587(para)
853
842
msgid ""
854
843
"Now that Samba has been configured to limit which groups have access to the "
855
844
"shared directory, the filesystem permissions need to be updated."
856
845
msgstr ""
857
846
858
#: serverguide/C/windows-networking.xml:586(para)
847
#: serverguide/C/windows-networking.xml:592(para)
859
848
msgid ""
860
849
"Traditional Linux file permissions do not map well to Windows NT Access "
861
850
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
864
853
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
865
854
msgstr ""
866
855
867
#: serverguide/C/windows-networking.xml:593(programlisting)
856
#: serverguide/C/windows-networking.xml:599(programlisting)
868
857
#, no-wrap
869
858
msgid ""
870
859
"\n"
875
864
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
876
865
"0 1\n"
877
866
878
#: serverguide/C/windows-networking.xml:597(para)
867
#: serverguide/C/windows-networking.xml:603(para)
879
868
msgid "Then remount the partition:"
880
869
msgstr "Agora vuelvi a montar la partición:"
881
870
882
#: serverguide/C/windows-networking.xml:602(command)
871
#: serverguide/C/windows-networking.xml:608(command)
883
872
msgid "sudo mount -v -o remount /srv"
884
873
msgstr "sudo mount -v -o remount /srv"
885
874
886
#: serverguide/C/windows-networking.xml:606(para)
875
#: serverguide/C/windows-networking.xml:612(para)
887
876
msgid ""
888
877
"The above example assumes <filename>/srv</filename> on a separate partition. "
889
878
"If <filename>/srv</filename>, or wherever you have configured your share "
891
880
"required."
892
881
msgstr ""
893
882
894
#: serverguide/C/windows-networking.xml:613(para)
883
#: serverguide/C/windows-networking.xml:619(para)
895
884
msgid ""
896
885
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
897
886
"group will be given read, write, and execute permissions to "
900
889
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
901
890
msgstr ""
902
891
903
#: serverguide/C/windows-networking.xml:621(command)
892
#: serverguide/C/windows-networking.xml:627(command)
904
893
msgid "sudo chown -R melissa /srv/samba/share/"
905
894
msgstr "sudo chown -R melissa /srv/samba/share/"
906
895
907
#: serverguide/C/windows-networking.xml:622(command)
896
#: serverguide/C/windows-networking.xml:628(command)
908
897
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
909
898
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
910
899
911
#: serverguide/C/windows-networking.xml:623(command)
900
#: serverguide/C/windows-networking.xml:629(command)
912
901
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
913
902
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
914
903
915
#: serverguide/C/windows-networking.xml:627(para)
904
#: serverguide/C/windows-networking.xml:633(para)
916
905
msgid ""
917
906
"The <application>setfacl</application> command above gives "
918
907
"<emphasis>execute</emphasis> permissions to all files in the "
920
909
"want."
921
910
msgstr ""
922
911
923
#: serverguide/C/windows-networking.xml:633(para)
912
#: serverguide/C/windows-networking.xml:639(para)
924
913
msgid ""
925
914
"Now from a Windows client you should notice the new file permissions are "
926
915
"implemented. See the <application>acl</application> and "
928
917
"ACLs."
929
918
msgstr ""
930
919
931
#: serverguide/C/windows-networking.xml:641(title)
920
#: serverguide/C/windows-networking.xml:647(title)
932
921
msgid "Samba AppArmor Profile"
933
922
msgstr "Perfil Samba AppArmor"
934
923
935
#: serverguide/C/windows-networking.xml:643(para)
924
#: serverguide/C/windows-networking.xml:649(para)
936
925
msgid ""
937
926
"Ubuntu comes with the <application>AppArmor</application> security module, "
938
927
"which provides mandatory access controls. The default AppArmor profile for "
940
929
"using AppArmor see <xref linkend=\"apparmor\"/>."
941
930
msgstr ""
942
931
943
#: serverguide/C/windows-networking.xml:649(para)
932
#: serverguide/C/windows-networking.xml:655(para)
944
933
msgid ""
945
934
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
946
935
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
948
937
"package, from a terminal prompt enter:"
949
938
msgstr ""
950
939
951
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
952
msgid "sudo apt-get install apparmor-profiles"
953
msgstr "sudo apt-get install apparmor-profiles"
940
#: serverguide/C/windows-networking.xml:662(command)
941
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
942
msgstr ""
954
943
955
#: serverguide/C/windows-networking.xml:660(para)
944
#: serverguide/C/windows-networking.xml:666(para)
956
945
msgid "This package contains profiles for several other binaries."
957
946
msgstr ""
958
947
959
#: serverguide/C/windows-networking.xml:665(para)
948
#: serverguide/C/windows-networking.xml:671(para)
960
949
msgid ""
961
950
"By default the profiles for <application>smbd</application> and "
962
951
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
966
955
"profile will need to be modified to reflect any directories that are shared."
967
956
msgstr ""
968
957
969
#: serverguide/C/windows-networking.xml:672(para)
958
#: serverguide/C/windows-networking.xml:678(para)
970
959
msgid ""
971
960
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
972
961
"for <emphasis>[share]</emphasis> from the file server example:"
973
962
msgstr ""
974
963
975
#: serverguide/C/windows-networking.xml:677(programlisting)
964
#: serverguide/C/windows-networking.xml:683(programlisting)
976
965
#, no-wrap
977
966
msgid ""
978
967
"\n"
983
972
" /srv/samba/share/ r,\n"
984
973
" /srv/samba/share/** rwkix,\n"
985
974
986
#: serverguide/C/windows-networking.xml:682(para)
975
#: serverguide/C/windows-networking.xml:688(para)
987
976
msgid ""
988
977
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
989
978
msgstr ""
990
979
991
#: serverguide/C/windows-networking.xml:687(command)
980
#: serverguide/C/windows-networking.xml:693(command)
992
981
msgid "sudo aa-enforce /usr/sbin/smbd"
993
982
msgstr "sudo aa-enforce /usr/sbin/smbd"
994
983
995
#: serverguide/C/windows-networking.xml:688(command)
984
#: serverguide/C/windows-networking.xml:694(command)
996
985
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
997
986
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
998
987
999
#: serverguide/C/windows-networking.xml:691(para)
988
#: serverguide/C/windows-networking.xml:697(para)
1000
989
msgid ""
1001
990
"You should now be able to read, write, and execute files in the shared "
1002
991
"directory as normal, and the <application>smbd</application> binary will "
1005
994
"will be logged to <filename>/var/log/syslog</filename>."
1006
995
msgstr ""
1007
996
1008
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
997
#: serverguide/C/windows-networking.xml:722(para) serverguide/C/windows-networking.xml:1118(para)
1009
998
msgid ""
1010
999
"O'Reilly's <ulink "
1011
1000
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
1014
1003
"<ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Usando "
1015
1004
"Samba</ulink>, de O'Reilly, tamién ye una bona referencia."
1016
1005
1017
#: serverguide/C/windows-networking.xml:722(para)
1006
#: serverguide/C/windows-networking.xml:728(para)
1018
1007
msgid ""
1019
1008
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1020
1009
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
1021
1010
"security."
1022
1011
msgstr ""
1023
1012
1024
#: serverguide/C/windows-networking.xml:728(para)
1013
#: serverguide/C/windows-networking.xml:734(para)
1025
1014
msgid ""
1026
1015
"For more information on Samba and ACLs see the <ulink "
1027
1016
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1028
1017
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
1029
1018
msgstr ""
1030
1019
1031
#: serverguide/C/windows-networking.xml:744(title)
1020
#: serverguide/C/windows-networking.xml:750(title)
1032
1021
msgid "Samba as a Domain Controller"
1033
1022
msgstr "Samba como controlador de dominiu"
1034
1023
1035
#: serverguide/C/windows-networking.xml:746(para)
1024
#: serverguide/C/windows-networking.xml:752(para)
1036
1025
msgid ""
1037
1026
"Although it cannot act as an Active Directory Primary Domain Controller "
1038
1027
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1041
1030
"backends to store the user information."
1042
1031
msgstr ""
1043
1032
1044
#: serverguide/C/windows-networking.xml:753(title)
1033
#: serverguide/C/windows-networking.xml:759(title)
1045
1034
msgid "Primary Domain Controller"
1046
1035
msgstr ""
1047
1036
1048
#: serverguide/C/windows-networking.xml:755(para)
1037
#: serverguide/C/windows-networking.xml:761(para)
1049
1038
msgid ""
1050
1039
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1051
1040
"using the default smbpasswd backend."
1052
1041
msgstr ""
1053
1042
1054
#: serverguide/C/windows-networking.xml:762(para)
1043
#: serverguide/C/windows-networking.xml:768(para)
1055
1044
msgid ""
1056
1045
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1057
1046
"the user accounts, by entering the following in a terminal prompt:"
1058
1047
msgstr ""
1059
1048
1060
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
1049
#: serverguide/C/windows-networking.xml:774(command) serverguide/C/windows-networking.xml:1015(command)
1061
1050
msgid "sudo apt-get install samba libpam-smbpass"
1062
1051
msgstr ""
1063
1052
1064
#: serverguide/C/windows-networking.xml:774(para)
1053
#: serverguide/C/windows-networking.xml:780(para)
1065
1054
msgid ""
1066
1055
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1067
1056
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1069
1058
"should relate to your organization:"
1070
1059
msgstr ""
1071
1060
1072
#: serverguide/C/windows-networking.xml:789(para)
1061
#: serverguide/C/windows-networking.xml:795(para)
1073
1062
msgid ""
1074
1063
"In the commented <quote>Domains</quote> section add or uncomment the "
1075
"following:"
1064
"following (the last line has been split to fit the format of this document):"
1076
1065
msgstr ""
1077
1066
1078
#: serverguide/C/windows-networking.xml:793(programlisting)
1067
#: serverguide/C/windows-networking.xml:799(programlisting)
1079
1068
#, no-wrap
1080
1069
msgid ""
1081
1070
"\n"
1084
1073
" logon drive = H:\n"
1085
1074
" logon home = \\\\%N\\%U\n"
1086
1075
" logon script = logon.cmd\n"
1087
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1088
"/var/lib/samba -s /bin/false %u\n"
1089
msgstr ""
1090
1091
#: serverguide/C/windows-networking.xml:804(para)
1076
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d\n"
1077
" /var/lib/samba -s /bin/false %u\n"
1078
msgstr ""
1079
1080
#: serverguide/C/windows-networking.xml:810(para)
1081
msgid ""
1082
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1083
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1084
"commented."
1085
msgstr ""
1086
1087
#: serverguide/C/windows-networking.xml:818(para)
1092
1088
msgid ""
1093
1089
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1094
1090
"Samba to act as a domain controller."
1095
1091
msgstr ""
1096
1092
1097
#: serverguide/C/windows-networking.xml:809(para)
1093
#: serverguide/C/windows-networking.xml:823(para)
1098
1094
msgid ""
1099
1095
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1100
1096
"their home directory. It is also possible to configure a "
1102
1098
"directory."
1103
1099
msgstr ""
1104
1100
1105
#: serverguide/C/windows-networking.xml:815(para)
1101
#: serverguide/C/windows-networking.xml:829(para)
1106
1102
msgid ""
1107
1103
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1108
1104
msgstr ""
1109
1105
1110
#: serverguide/C/windows-networking.xml:820(para)
1106
#: serverguide/C/windows-networking.xml:834(para)
1111
1107
msgid ""
1112
1108
"<emphasis>logon home:</emphasis> specifies the home directory location."
1113
1109
msgstr ""
1114
1110
1115
#: serverguide/C/windows-networking.xml:825(para)
1111
#: serverguide/C/windows-networking.xml:839(para)
1116
1112
msgid ""
1117
1113
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1118
1114
"once a user has logged in. The script needs to be placed in the "
1119
1115
"<emphasis>[netlogon]</emphasis> share."
1120
1116
msgstr ""
1121
1117
1122
#: serverguide/C/windows-networking.xml:831(para)
1118
#: serverguide/C/windows-networking.xml:845(para)
1123
1119
msgid ""
1124
1120
"<emphasis>add machine script:</emphasis> a script that will automatically "
1125
1121
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1126
1122
"workstation to join the domain."
1127
1123
msgstr ""
1128
1124
1129
#: serverguide/C/windows-networking.xml:835(para)
1125
#: serverguide/C/windows-networking.xml:849(para)
1130
1126
msgid ""
1131
1127
"In this example the <emphasis>machines</emphasis> group will need to be "
1132
1128
"created using the <application>addgroup</application> utility see <xref "
1133
1129
"linkend=\"adding-deleting-users\"/> for details."
1134
1130
msgstr ""
1135
1131
1136
#: serverguide/C/windows-networking.xml:839(para)
1137
msgid ""
1138
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1139
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1140
"(and other admin functions) to work. This is achieved by executing:"
1141
msgstr ""
1142
1143
#: serverguide/C/windows-networking.xml:844(command)
1144
msgid ""
1145
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1146
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1147
"SeRemoteShutdownPrivilege"
1148
msgstr ""
1149
1150
#: serverguide/C/windows-networking.xml:851(para)
1151
msgid ""
1152
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1153
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1154
"commented."
1155
msgstr ""
1156
1157
1132
#: serverguide/C/windows-networking.xml:860(para)
1158
1133
msgid ""
1159
1134
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1221
1196
msgstr ""
1222
1197
1223
1198
#: serverguide/C/windows-networking.xml:922(para)
1199
msgid "Restart Samba to enable the new domain controller:"
1200
msgstr ""
1201
1202
#: serverguide/C/windows-networking.xml:934(para)
1203
msgid ""
1204
"Lastly, there are a few additional commands needed to setup the appropriate "
1205
"rights."
1206
msgstr ""
1207
1208
#: serverguide/C/windows-networking.xml:938(para)
1224
1209
msgid ""
1225
1210
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1226
1211
"workstation to the domain, a system group needs to be mapped to the Windows "
1228
1213
"<application>net</application> utility, from a terminal enter:"
1229
1214
msgstr ""
1230
1215
1231
#: serverguide/C/windows-networking.xml:929(command)
1216
#: serverguide/C/windows-networking.xml:945(command)
1232
1217
msgid ""
1233
1218
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1234
1219
"type=d"
1235
1220
msgstr ""
1236
1221
1237
#: serverguide/C/windows-networking.xml:933(para)
1222
#: serverguide/C/windows-networking.xml:949(para)
1238
1223
msgid ""
1239
1224
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1240
1225
"prefer. Also, the user used to join the domain needs to be a member of the "
1243
1228
"allows <application>sudo</application> use."
1244
1229
msgstr ""
1245
1230
1246
#: serverguide/C/windows-networking.xml:944(para)
1247
msgid "Finally, restart Samba to enable the new domain controller:"
1248
msgstr ""
1249
1250
#: serverguide/C/windows-networking.xml:956(para)
1231
#: serverguide/C/windows-networking.xml:955(para)
1232
msgid ""
1233
"If the user does not have Samba credentials yet, you can add them with the "
1234
"<application>smbpasswd</application> utility, change the "
1235
"<emphasis>sysadmin</emphasis> username appropriately: <screen>\n"
1236
"<command>sudo smbpasswd -a sysadmin</command>\n"
1237
"</screen>"
1238
msgstr ""
1239
1240
#: serverguide/C/windows-networking.xml:965(para)
1241
msgid ""
1242
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1243
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1244
"(and other admin functions) to work. This is achieved by executing:"
1245
msgstr ""
1246
1247
#: serverguide/C/windows-networking.xml:970(command)
1248
msgid ""
1249
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
1250
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
1251
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
1252
msgstr ""
1253
1254
#: serverguide/C/windows-networking.xml:978(para)
1251
1255
msgid ""
1252
1256
"You should now be able to join Windows clients to the Domain in the same "
1253
1257
"manner as joining them to an NT4 domain running on a Windows server."
1254
1258
msgstr ""
1255
1259
1256
#: serverguide/C/windows-networking.xml:966(title)
1260
#: serverguide/C/windows-networking.xml:988(title)
1257
1261
msgid "Backup Domain Controller"
1258
1262
msgstr ""
1259
1263
1260
#: serverguide/C/windows-networking.xml:968(para)
1264
#: serverguide/C/windows-networking.xml:990(para)
1261
1265
msgid ""
1262
1266
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1263
1267
"Backup Domain Controller (BDC) as well. This will allow clients to "
1264
1268
"authenticate in case the PDC becomes unavailable."
1265
1269
msgstr ""
1266
1270
1267
#: serverguide/C/windows-networking.xml:973(para)
1271
#: serverguide/C/windows-networking.xml:995(para)
1268
1272
msgid ""
1269
1273
"When configuring Samba as a BDC you need a way to sync account information "
1270
1274
"with the PDC. There are multiple ways of accomplishing this "
1273
1277
"backend</emphasis>."
1274
1278
msgstr ""
1275
1279
1276
#: serverguide/C/windows-networking.xml:979(para)
1280
#: serverguide/C/windows-networking.xml:1001(para)
1277
1281
msgid ""
1278
1282
"Using LDAP is the most robust way to sync account information, because both "
1279
1283
"domain controllers can use the same information in real time. However, "
1281
1285
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1282
1286
msgstr ""
1283
1287
1284
#: serverguide/C/windows-networking.xml:988(para)
1288
#: serverguide/C/windows-networking.xml:1010(para)
1285
1289
msgid ""
1286
1290
"First, install <application>samba</application> and <application>libpam-"
1287
1291
"smbpass</application>. From a terminal enter:"
1288
1292
msgstr ""
1289
1293
1290
#: serverguide/C/windows-networking.xml:999(para)
1294
#: serverguide/C/windows-networking.xml:1021(para)
1291
1295
msgid ""
1292
1296
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1293
1297
"following in the <emphasis>[global]</emphasis>:"
1294
1298
msgstr ""
1295
1299
1296
#: serverguide/C/windows-networking.xml:1012(para)
1300
#: serverguide/C/windows-networking.xml:1034(para)
1297
1301
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1298
1302
msgstr ""
1299
1303
1300
#: serverguide/C/windows-networking.xml:1016(programlisting)
1304
#: serverguide/C/windows-networking.xml:1038(programlisting)
1301
1305
#, no-wrap
1302
1306
msgid ""
1303
1307
"\n"
1305
1309
" domain master = no\n"
1306
1310
msgstr ""
1307
1311
1308
#: serverguide/C/windows-networking.xml:1024(para)
1312
#: serverguide/C/windows-networking.xml:1046(para)
1309
1313
msgid ""
1310
1314
"Make sure a user has rights to read the files in "
1311
1315
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1313
1317
"files, enter:"
1314
1318
msgstr ""
1315
1319
1316
#: serverguide/C/windows-networking.xml:1030(command)
1320
#: serverguide/C/windows-networking.xml:1052(command)
1317
1321
msgid "sudo chgrp -R admin /var/lib/samba"
1318
1322
msgstr ""
1319
1323
1320
#: serverguide/C/windows-networking.xml:1036(para)
1324
#: serverguide/C/windows-networking.xml:1058(para)
1321
1325
msgid ""
1322
1326
"Next, sync the user accounts, using <application>scp</application> to copy "
1323
1327
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1324
1328
msgstr ""
1325
1329
1326
#: serverguide/C/windows-networking.xml:1042(command)
1330
#: serverguide/C/windows-networking.xml:1064(command)
1327
1331
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1328
1332
msgstr ""
1329
1333
1330
#: serverguide/C/windows-networking.xml:1046(para)
1334
#: serverguide/C/windows-networking.xml:1068(para)
1331
1335
msgid ""
1332
1336
"Replace <emphasis>username</emphasis> with a valid username and "
1333
1337
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1334
1338
msgstr ""
1335
1339
1336
#: serverguide/C/windows-networking.xml:1055(para)
1340
#: serverguide/C/windows-networking.xml:1077(para)
1337
1341
msgid "Finally, restart <application>samba</application>:"
1338
1342
msgstr ""
1339
1343
1340
#: serverguide/C/windows-networking.xml:1067(para)
1344
#: serverguide/C/windows-networking.xml:1089(para)
1341
1345
msgid ""
1342
1346
"You can test that your Backup Domain controller is working by stopping the "
1343
1347
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1344
1348
"the domain."
1345
1349
msgstr ""
1346
1350
1347
#: serverguide/C/windows-networking.xml:1072(para)
1351
#: serverguide/C/windows-networking.xml:1094(para)
1348
1352
msgid ""
1349
1353
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1350
1354
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1353
1357
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1354
1358
msgstr ""
1355
1359
1356
#: serverguide/C/windows-networking.xml:1102(para)
1360
#: serverguide/C/windows-networking.xml:1124(para)
1357
1361
msgid ""
1358
1362
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1359
1363
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1360
1364
"up a Primary Domain Controller."
1361
1365
msgstr ""
1362
1366
1363
#: serverguide/C/windows-networking.xml:1108(para)
1367
#: serverguide/C/windows-networking.xml:1130(para)
1364
1368
msgid ""
1365
1369
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1366
1370
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1367
1371
"explains setting up a Backup Domain Controller."
1368
1372
msgstr ""
1369
1373
1370
#: serverguide/C/windows-networking.xml:1123(title)
1374
#: serverguide/C/windows-networking.xml:1145(title)
1371
1375
msgid "Samba Active Directory Integration"
1372
1376
msgstr ""
1373
1377
1374
#: serverguide/C/windows-networking.xml:1126(title)
1378
#: serverguide/C/windows-networking.xml:1148(title)
1375
1379
msgid "Accessing a Samba Share"
1376
1380
msgstr ""
1377
1381
1378
#: serverguide/C/windows-networking.xml:1128(para)
1382
#: serverguide/C/windows-networking.xml:1150(para)
1379
1383
msgid ""
1380
1384
"Another, use for Samba is to integrate into an existing Windows network. "
1381
1385
"Once part of an Active Directory domain, Samba can provide file and print "
1382
1386
"services to AD users."
1383
1387
msgstr ""
1384
1388
1385
#: serverguide/C/windows-networking.xml:1133(para)
1389
#: serverguide/C/windows-networking.xml:1155(para)
1386
1390
msgid ""
1387
1391
"The simplest way to join an AD domain is to use <application>Likewise-"
1388
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1389
"open\"/>."
1392
"open</application>. For detailed instructions see the <ulink "
1393
"url=\"http://www.likewise.com/resources/documentation_library/manuals/open/li"
1394
"kewise-open-guide.html\"> Likewise Open Installation and Administration "
1395
"Guide</ulink>."
1390
1396
msgstr ""
1391
1397
1392
#: serverguide/C/windows-networking.xml:1138(para)
1398
#: serverguide/C/windows-networking.xml:1161(para)
1393
1399
msgid ""
1394
"Once part of the domain, enter the following command in the terminal prompt:"
1400
"Once part of the Active Directory domain, enter the following command in the "
1401
"terminal prompt:"
1395
1402
msgstr ""
1396
1403
1397
#: serverguide/C/windows-networking.xml:1143(command)
1404
#: serverguide/C/windows-networking.xml:1166(command)
1398
1405
msgid "sudo apt-get install samba smbfs smbclient"
1399
1406
msgstr ""
1400
1407
1401
#: serverguide/C/windows-networking.xml:1146(para)
1402
msgid ""
1403
"Since the <application>likewise-open</application> and "
1404
"<application>samba</application> packages use separate "
1405
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1406
"<filename role=\"directory\">/var/lib/samba</filename>:"
1407
msgstr ""
1408
1409
#: serverguide/C/windows-networking.xml:1152(command)
1410
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1411
msgstr ""
1412
1413
#: serverguide/C/windows-networking.xml:1153(command)
1414
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1415
msgstr ""
1416
1417
#: serverguide/C/windows-networking.xml:1156(para)
1408
#: serverguide/C/windows-networking.xml:1169(para)
1418
1409
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1419
1410
msgstr ""
1420
1411
1421
#: serverguide/C/windows-networking.xml:1160(programlisting)
1412
#: serverguide/C/windows-networking.xml:1173(programlisting)
1422
1413
#, no-wrap
1423
1414
msgid ""
1424
1415
"\n"
1432
1423
" idmap gid = 50-9999999999\n"
1433
1424
msgstr ""
1434
1425
1435
#: serverguide/C/windows-networking.xml:1171(para)
1426
#: serverguide/C/windows-networking.xml:1184(para)
1436
1427
msgid ""
1437
1428
"Restart <application>samba</application> for the new settings to take effect:"
1438
1429
msgstr ""
1439
1430
1440
#: serverguide/C/windows-networking.xml:1180(para)
1431
#: serverguide/C/windows-networking.xml:1193(para)
1441
1432
msgid ""
1442
1433
"You should now be able to access any <application>Samba</application> shares "
1443
1434
"from a Windows client. However, be sure to give the appropriate AD users or "
1445
1436
"security\"/> for more details."
1446
1437
msgstr ""
1447
1438
1448
#: serverguide/C/windows-networking.xml:1188(title)
1439
#: serverguide/C/windows-networking.xml:1201(title)
1449
1440
msgid "Accessing a Windows Share"
1450
1441
msgstr ""
1451
1442
1452
#: serverguide/C/windows-networking.xml:1190(para)
1443
#: serverguide/C/windows-networking.xml:1203(para)
1453
1444
msgid ""
1454
1445
"Now that the Samba server is part of the Active Directory domain you can "
1455
1446
"access any Windows server shares:"
1456
1447
msgstr ""
1457
1448
1458
#: serverguide/C/windows-networking.xml:1197(para)
1449
#: serverguide/C/windows-networking.xml:1210(para)
1459
1450
msgid ""
1460
1451
"To mount a Windows file share enter the following in a terminal prompt:"
1461
1452
msgstr ""
1462
1453
1463
#: serverguide/C/windows-networking.xml:1201(command)
1454
#: serverguide/C/windows-networking.xml:1214(command)
1464
1455
msgid "mount.cifs //fs01.example.com/share mount_point"
1465
1456
msgstr ""
1466
1457
1467
#: serverguide/C/windows-networking.xml:1204(para)
1458
#: serverguide/C/windows-networking.xml:1217(para)
1468
1459
msgid ""
1469
1460
"It is also possible to access shares on computers not part of an AD domain, "
1470
1461
"but a username and password will need to be provided."
1471
1462
msgstr ""
1472
1463
1473
#: serverguide/C/windows-networking.xml:1212(para)
1464
#: serverguide/C/windows-networking.xml:1225(para)
1474
1465
msgid ""
1475
1466
"To mount the share during boot place an entry in "
1476
1467
"<filename>/etc/fstab</filename>, for example:"
1477
1468
msgstr ""
1478
1469
1479
#: serverguide/C/windows-networking.xml:1216(programlisting)
1470
#: serverguide/C/windows-networking.xml:1229(programlisting)
1480
1471
#, no-wrap
1481
1472
msgid ""
1482
1473
"\n"
1484
1475
"0 0\n"
1485
1476
msgstr ""
1486
1477
1487
#: serverguide/C/windows-networking.xml:1223(para)
1478
#: serverguide/C/windows-networking.xml:1236(para)
1488
1479
msgid ""
1489
1480
"Another way to copy files from a Windows server is to use the "
1490
1481
"<application>smbclient</application> utility. To list the files in a Windows "
1491
1482
"share:"
1492
1483
msgstr ""
1493
1484
1494
#: serverguide/C/windows-networking.xml:1229(command)
1485
#: serverguide/C/windows-networking.xml:1242(command)
1495
1486
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1496
1487
msgstr ""
1497
1488
1498
#: serverguide/C/windows-networking.xml:1235(para)
1489
#: serverguide/C/windows-networking.xml:1248(para)
1499
1490
msgid "To copy a file from the share, enter:"
1500
1491
msgstr ""
1501
1492
1502
#: serverguide/C/windows-networking.xml:1240(command)
1493
#: serverguide/C/windows-networking.xml:1253(command)
1503
1494
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1504
1495
msgstr ""
1505
1496
1506
#: serverguide/C/windows-networking.xml:1243(para)
1497
#: serverguide/C/windows-networking.xml:1256(para)
1507
1498
msgid ""
1508
1499
"This will copy the <filename>file.txt</filename> into the current directory."
1509
1500
msgstr ""
1510
1501
1511
#: serverguide/C/windows-networking.xml:1250(para)
1502
#: serverguide/C/windows-networking.xml:1263(para)
1512
1503
msgid "And to copy a file to the share:"
1513
1504
msgstr ""
1514
1505
1515
#: serverguide/C/windows-networking.xml:1255(command)
1506
#: serverguide/C/windows-networking.xml:1268(command)
1516
1507
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1517
1508
msgstr "smbclient //fs01.exemplu.com/share -k -c \"put /etc/hosts hosts\""
1518
1509
1519
#: serverguide/C/windows-networking.xml:1258(para)
1510
#: serverguide/C/windows-networking.xml:1271(para)
1520
1511
msgid ""
1521
1512
"This will copy the <filename>/etc/hosts</filename> to "
1522
1513
"<filename>//fs01.example.com/share/hosts</filename>."
1523
1514
msgstr ""
1524
1515
1525
#: serverguide/C/windows-networking.xml:1265(para)
1516
#: serverguide/C/windows-networking.xml:1278(para)
1526
1517
msgid ""
1527
1518
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1528
1519
"<application>smbclient</application> command all at once. This is useful for "
1531
1522
"and directory commands, simply execute:"
1532
1523
msgstr ""
1533
1524
1534
#: serverguide/C/windows-networking.xml:1272(command)
1525
#: serverguide/C/windows-networking.xml:1285(command)
1535
1526
msgid "smbclient //fs01.example.com/share -k"
1536
1527
msgstr "smbclient //fs01.exemplu.com/share -k"
1537
1528
1538
#: serverguide/C/windows-networking.xml:1279(para)
1529
#: serverguide/C/windows-networking.xml:1292(para)
1539
1530
msgid ""
1540
1531
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1541
1532
"<emphasis>//192.168.0.5/share</emphasis>, "
1544
1535
"file name, and an actual username and password with rights to the share."
1545
1536
msgstr ""
1546
1537
1547
#: serverguide/C/windows-networking.xml:1290(para)
1538
#: serverguide/C/windows-networking.xml:1303(para)
1548
1539
msgid ""
1549
1540
"For more <application>smbclient</application> options see the man page: "
1550
1541
"<command>man smbclient</command>, also available <ulink "
1551
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1552
">online</ulink>."
1542
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man1/smbclient.1.html\">"
1543
"online</ulink>."
1553
1544
msgstr ""
1554
1545
1555
#: serverguide/C/windows-networking.xml:1295(para)
1546
#: serverguide/C/windows-networking.xml:1308(para)
1556
1547
msgid ""
1557
1548
"The <application>mount.cifs</application><ulink "
1558
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1559
"\">man page</ulink> is also useful for more detailed information."
1560
msgstr ""
1561
1562
#: serverguide/C/windows-networking.xml:1308(title)
1563
msgid "Likewise Open"
1564
msgstr "Likewise Open"
1565
1566
#: serverguide/C/windows-networking.xml:1310(para)
1567
msgid ""
1568
"<application>Likewise Open</application> simplifies the necessary "
1569
"configuration needed to authenticate a Linux machine to an Active Directory "
1570
"domain. Based on <application>winbind</application>, the "
1571
"<application>likewise-open</application> package takes the pain out of "
1572
"integrating Ubuntu authentication into an existing Windows network."
1573
msgstr ""
1574
1575
#: serverguide/C/windows-networking.xml:1319(para)
1576
msgid ""
1577
"There are two ways to use Likewise Open, <application>likewise-"
1578
"open</application> the command line utility and <application>likewise-open-"
1579
"gui</application>. This section focuses on the command line utility."
1580
msgstr ""
1581
1582
#: serverguide/C/windows-networking.xml:1324(para)
1583
msgid ""
1584
"To install the <application>likewise-open</application> package, open a "
1585
"terminal prompt and enter:"
1586
msgstr ""
1587
1588
#: serverguide/C/windows-networking.xml:1329(command)
1589
msgid "sudo apt-get install likewise-open"
1590
msgstr "sudo apt-get install likewise-open"
1591
1592
#: serverguide/C/windows-networking.xml:1334(title)
1593
msgid "Joining a Domain"
1594
msgstr "Xunise a un dominiu"
1595
1596
#: serverguide/C/windows-networking.xml:1336(para)
1597
msgid ""
1598
"The main executable file of the <application>likewise-open</application> "
1599
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1600
"join your computer to the domain. Before you join a domain you will need to "
1601
"make sure you have:"
1602
msgstr ""
1603
1604
#: serverguide/C/windows-networking.xml:1344(para)
1605
msgid ""
1606
"Access to an Active Directory user with appropriate rights to join the "
1607
"domain."
1608
msgstr ""
1609
1610
#: serverguide/C/windows-networking.xml:1349(para)
1611
msgid ""
1612
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1613
"you want to join. If your AD domain does not match a valid domain such as "
1614
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1615
"the form of <emphasis>domainname.local</emphasis>."
1616
msgstr ""
1617
1618
#: serverguide/C/windows-networking.xml:1356(para)
1619
msgid ""
1620
"DNS for the domain setup properly. In a production AD environment this "
1621
"should be the case. Proper Microsoft DNS is needed so that client "
1622
"workstations can determine the Active Directory domain is available."
1623
msgstr ""
1624
1625
#: serverguide/C/windows-networking.xml:1360(para)
1626
msgid ""
1627
"If you don't have a Windows DNS server on your network, see <xref "
1628
"linkend=\"likewise-open-ms-dns\"/> for details."
1629
msgstr ""
1630
1631
#: serverguide/C/windows-networking.xml:1367(para)
1632
msgid "To join a domain, from a terminal prompt enter:"
1633
msgstr "Pa xunise a un dominiu, pon nun terminal:"
1634
1635
#: serverguide/C/windows-networking.xml:1372(command)
1636
msgid "sudo domainjoin-cli join example.com Administrator"
1637
msgstr "sudo domainjoin-cli join exemplu.com Alministrador"
1638
1639
#: serverguide/C/windows-networking.xml:1376(para)
1640
msgid ""
1641
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1642
"<emphasis>Administrator</emphasis> with the appropriate user name."
1643
msgstr ""
1644
1645
#: serverguide/C/windows-networking.xml:1382(para)
1646
msgid ""
1647
"You will then be prompted for the user's password. If all goes well a "
1648
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1649
msgstr ""
1650
1651
#: serverguide/C/windows-networking.xml:1388(para)
1652
msgid ""
1653
"After joining the domain, it is necessary to reboot before attempting to "
1654
"authenticate against the domain."
1655
msgstr ""
1656
1657
#: serverguide/C/windows-networking.xml:1394(para)
1658
msgid ""
1659
"After successfully joining an Ubuntu machine to an Active Directory domain "
1660
"you can authenticate using any valid AD user. To login you will need to "
1661
"enter the user name as 'domain\\username'. For example to ssh to a server "
1662
"joined to the domain enter:"
1663
msgstr ""
1664
1665
#: serverguide/C/windows-networking.xml:1401(command)
1666
msgid "ssh 'example\\steve'@hostname"
1667
msgstr "ssh 'exemplu\\enol'@nomedelequipu"
1668
1669
#: serverguide/C/windows-networking.xml:1405(para)
1670
msgid ""
1671
"If configuring a Desktop the user name will need to be prefixed with "
1672
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1673
msgstr ""
1674
1675
#: serverguide/C/windows-networking.xml:1411(para)
1676
msgid ""
1677
"To make likewise-open use a default domain, you can add the following "
1678
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1679
msgstr ""
1680
1681
#: serverguide/C/windows-networking.xml:1415(programlisting)
1682
#, no-wrap
1683
msgid ""
1684
"\n"
1685
"winbind use default domain = yes\n"
1686
msgstr ""
1687
"\n"
1688
"winbind use default domain = yes\n"
1689
1690
#: serverguide/C/windows-networking.xml:1419(para)
1691
msgid "Then restart the <application>likewise-open</application> daemons:"
1692
msgstr ""
1693
"Darréu, rearranca los degorrios de <application>likewise-open</application>:"
1694
1695
#: serverguide/C/windows-networking.xml:1424(command)
1696
msgid "sudo /etc/init.d/likewise-open restart"
1697
msgstr "sudo /etc/init.d/likewise-open restart"
1698
1699
#: serverguide/C/windows-networking.xml:1428(para)
1700
msgid ""
1701
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1702
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1703
"using only their username."
1704
msgstr ""
1705
1706
#: serverguide/C/windows-networking.xml:1434(para)
1707
msgid ""
1708
"The <application>domainjoin-cli</application> utility can also be used to "
1709
"leave the domain. From a terminal:"
1710
msgstr ""
1711
1712
#: serverguide/C/windows-networking.xml:1439(command)
1713
msgid "sudo domainjoin-cli leave"
1714
msgstr "sudo domainjoin-cli leave"
1715
1716
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
1717
msgid "Other Utilities"
1718
msgstr "Otres utilidaes"
1719
1720
#: serverguide/C/windows-networking.xml:1446(para)
1721
msgid ""
1722
"The <application>likewise-open</application> package comes with a few other "
1723
"utilities that may be useful for gathering information about the Active "
1724
"Directory environment. These utilities are used to join the machine to the "
1725
"domain, and are the same as those available in the <application>samba-"
1726
"common</application> and <application>winbind</application> packages:"
1727
msgstr ""
1728
1729
#: serverguide/C/windows-networking.xml:1455(para)
1730
msgid ""
1731
"<application>lwinet</application>: Returns information about the network and "
1732
"the domain."
1733
msgstr ""
1734
"<application>lwinet</application>: Devuelve información sobre la rede y el "
1735
"dominiu."
1736
1737
#: serverguide/C/windows-networking.xml:1460(para)
1738
msgid ""
1739
"<application>lwimsg</application>: Allows interaction with the "
1740
"<application>likewise-winbindd</application> daemon."
1741
msgstr ""
1742
1743
#: serverguide/C/windows-networking.xml:1465(para)
1744
msgid ""
1745
"<application>lwiinfo</application>: Displays information about various parts "
1746
"of the Domain."
1747
msgstr ""
1748
1749
#: serverguide/C/windows-networking.xml:1471(para)
1750
msgid "Please refer to each utility's man page specific for details."
1751
msgstr ""
1752
1753
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
1754
msgid "Troubleshooting"
1755
msgstr "Igua de problemes"
1756
1757
#: serverguide/C/windows-networking.xml:1481(para)
1758
msgid ""
1759
"If the client has trouble joining the domain, double check that the "
1760
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1761
"example:"
1762
msgstr ""
1763
1764
#: serverguide/C/windows-networking.xml:1486(programlisting)
1765
#, no-wrap
1766
msgid ""
1767
"\n"
1768
"nameserver 192.168.0.1\n"
1769
msgstr ""
1770
"\n"
1771
"nameserver 192.168.0.1\n"
1772
1773
#: serverguide/C/windows-networking.xml:1491(para)
1774
msgid ""
1775
"For more information when joining a domain, use the <emphasis>--loglevel "
1776
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1777
"<application>domainjoin-cli</application> utility:"
1778
msgstr ""
1779
1780
#: serverguide/C/windows-networking.xml:1497(command)
1781
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1782
msgstr ""
1783
"sudo domainjoin-cli --loglevel verbose join exemplu.com Alministrador"
1784
1785
#: serverguide/C/windows-networking.xml:1501(para)
1786
msgid ""
1787
"If an Active Directory user has trouble logging in, check the "
1788
"<filename>/var/log/auth.log</filename> for details."
1789
msgstr ""
1790
1791
#: serverguide/C/windows-networking.xml:1506(para)
1792
msgid ""
1793
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1794
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1795
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1796
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1797
"<emphasis>hosts</emphasis> option. For example:"
1798
msgstr ""
1799
1800
#: serverguide/C/windows-networking.xml:1512(programlisting)
1801
#, no-wrap
1802
msgid ""
1803
"\n"
1804
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1805
msgstr ""
1806
"\n"
1807
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1808
1809
#: serverguide/C/windows-networking.xml:1516(para)
1810
msgid "Change the above to:"
1811
msgstr "Camuda lo anterior por:"
1812
1813
#: serverguide/C/windows-networking.xml:1520(programlisting)
1814
#, no-wrap
1815
msgid ""
1816
"\n"
1817
"hosts: files dns [NOTFOUND=return]\n"
1818
msgstr ""
1819
"\n"
1820
"hosts: files dns [NOTFOUND=return]\n"
1821
1822
#: serverguide/C/windows-networking.xml:1524(para)
1823
msgid "Then restart networking by entering:"
1824
msgstr "Y rearranca la rede tecleando:"
1825
1826
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
1827
msgid "sudo /etc/init.d/networking restart"
1828
msgstr "sudo /etc/init.d/networking restart"
1829
1830
#: serverguide/C/windows-networking.xml:1532(para)
1831
msgid "You should now be able to join the Active Directory domain."
1832
msgstr "Agora tendríes que ser quien a xunite al dominiu d'Active Directory."
1833
1834
#: serverguide/C/windows-networking.xml:1540(title)
1835
msgid "Microsoft DNS"
1836
msgstr "Microsoft DNS"
1837
1838
#: serverguide/C/windows-networking.xml:1542(para)
1839
msgid ""
1840
"The following are instructions for installing DNS on an Active Directory "
1841
"domain controller running Windows Server 2003, but the instructions should "
1842
"be similar for other versions:"
1843
msgstr ""
1844
1845
#: serverguide/C/windows-networking.xml:1551(para)
1846
msgid ""
1847
"Click "
1848
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1849
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1850
"This will open the <application>Server Role Mangement</application> utility."
1851
msgstr ""
1852
1853
#: serverguide/C/windows-networking.xml:1559(para)
1854
msgid "Click <guilabel>Add or remove a role</guilabel>"
1855
msgstr ""
1856
1857
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
1858
msgid "Click Next"
1859
msgstr "Calca «Siguiente»"
1860
1861
#: serverguide/C/windows-networking.xml:1561(para)
1862
msgid "Select \"DNS Server\""
1863
msgstr "Escueyi «Sirvidor DNS»"
1864
1865
#: serverguide/C/windows-networking.xml:1563(para)
1866
msgid "Click Next again to proceed"
1867
msgstr ""
1868
1869
#: serverguide/C/windows-networking.xml:1564(para)
1870
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1871
msgstr ""
1872
1873
#: serverguide/C/windows-networking.xml:1566(para)
1874
msgid ""
1875
"Make sure \"This server maintains the zone\" is selected and click Next."
1876
msgstr ""
1877
1878
#: serverguide/C/windows-networking.xml:1567(para)
1879
msgid "Enter your domain name and click Next"
1880
msgstr ""
1881
1882
#: serverguide/C/windows-networking.xml:1568(para)
1883
msgid "Click Next to \"Allow only secure dynamic updates\""
1884
msgstr ""
1885
1886
#: serverguide/C/windows-networking.xml:1570(para)
1887
msgid ""
1888
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1889
"should not forward queries\" and click Next."
1890
msgstr ""
1891
1892
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
1893
msgid "Click Finish"
1894
msgstr "Calca «Colar»"
1895
1896
#: serverguide/C/windows-networking.xml:1577(para)
1897
msgid ""
1898
"DNS is now installed and can be further configured using the "
1899
"<application>Microsoft Management Console</application> DNS snap-in."
1900
msgstr ""
1901
1902
#: serverguide/C/windows-networking.xml:1585(para)
1903
msgid "Click Start"
1904
msgstr "Calcar «Iniciu»"
1905
1906
#: serverguide/C/windows-networking.xml:1586(para)
1907
msgid "Control Panel"
1908
msgstr "Panel de Control"
1909
1910
#: serverguide/C/windows-networking.xml:1587(para)
1911
msgid "Network Connections"
1912
msgstr "Conexones de rede"
1913
1914
#: serverguide/C/windows-networking.xml:1588(para)
1915
msgid "Right Click \"Local Area Connection\""
1916
msgstr ""
1917
1918
#: serverguide/C/windows-networking.xml:1589(para)
1919
msgid "Click Properties"
1920
msgstr "Calca «Propiedaes»"
1921
1922
#: serverguide/C/windows-networking.xml:1590(para)
1923
msgid "Double click \"Internet Protocol (TCP/IP)\""
1924
msgstr ""
1925
1926
#: serverguide/C/windows-networking.xml:1591(para)
1927
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1928
msgstr ""
1929
1930
#: serverguide/C/windows-networking.xml:1592(para)
1931
msgid "Click Ok"
1932
msgstr "Calca «Aceptar»"
1933
1934
#: serverguide/C/windows-networking.xml:1593(para)
1935
msgid "Click Ok again to save the settings"
1936
msgstr ""
1937
1938
#: serverguide/C/windows-networking.xml:1582(para)
1939
msgid ""
1940
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1941
msgstr ""
1942
1943
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1944
msgid "References"
1945
msgstr "Referencies"
1946
1947
#: serverguide/C/windows-networking.xml:1602(para)
1948
msgid ""
1949
"Please refer to the <ulink "
1950
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1951
"further information."
1952
msgstr ""
1953
1954
#: serverguide/C/windows-networking.xml:1606(para)
1955
msgid ""
1956
"For more <application>domainjoin-cli</application> options see the man page: "
1957
"<command>man domainjoin-cli</command>."
1958
msgstr ""
1959
1960
#: serverguide/C/windows-networking.xml:1610(para)
1961
msgid ""
1962
"Also, see the <ulink "
1963
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1964
"LikewiseOpen</ulink> page."
1549
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/mount.cifs.8.html\""
1550
">man page</ulink> is also useful for more detailed information."
1965
1551
msgstr ""
1966
1552
1967
1553
#: serverguide/C/web-servers.xml:13(title)
1985
1571
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1986
1572
"are used to serve Web Pages requested by client computers. Clients typically "
1987
1573
"request and view Web Pages using Web Browser applications such as "
1988
"<application>Firefox</application>, <application>Opera</application>, or "
1989
"<application>Mozilla</application>."
1574
"<application>Firefox</application>, <application>Opera</application>, "
1575
"<application>Chromium</application>, or <application>Mozilla</application>."
1990
1576
msgstr ""
1991
1577
1992
#: serverguide/C/web-servers.xml:24(para)
1578
#: serverguide/C/web-servers.xml:26(para)
1993
1579
msgid ""
1994
1580
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1995
1581
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1996
1582
"resource. For example, to view the home page of the <ulink "
1997
1583
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1998
"the FQDN. To request specific information about <ulink "
1999
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2000
"enter the FQDN followed by a path."
2001
msgstr ""
2002
2003
#: serverguide/C/web-servers.xml:29(para)
1584
"the FQDN:"
1585
msgstr ""
1586
1587
#: serverguide/C/web-servers.xml:31(userinput)
1588
#, no-wrap
1589
msgid "www.ubuntu.com"
1590
msgstr ""
1591
1592
#: serverguide/C/web-servers.xml:34(para)
1593
msgid ""
1594
"To view the <ulink url=\"http://www.ubuntu.com/community\">community</ulink> "
1595
"sub-page, a user will enter the FQDN followed by a path:"
1596
msgstr ""
1597
1598
#: serverguide/C/web-servers.xml:37(userinput)
1599
#, no-wrap
1600
msgid "www.ubuntu.com/community"
1601
msgstr ""
1602
1603
#: serverguide/C/web-servers.xml:40(para)
2004
1604
msgid ""
2005
1605
"The most common protocol used to transfer Web pages is the Hyper Text "
2006
1606
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2008
1608
"protocol for uploading and downloading files, are also supported."
2009
1609
msgstr ""
2010
1610
2011
#: serverguide/C/web-servers.xml:33(para)
1611
#: serverguide/C/web-servers.xml:45(para)
2012
1612
msgid ""
2013
1613
"Apache Web Servers are often used in combination with the "
2014
1614
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2019
1619
"for the development and deployment of Web-based applications."
2020
1620
msgstr ""
2021
1621
2022
#: serverguide/C/web-servers.xml:42(para)
1622
#: serverguide/C/web-servers.xml:54(para)
2023
1623
msgid ""
2024
1624
"The <application>Apache2</application> web server is available in Ubuntu "
2025
1625
"Linux. To install Apache2:"
2026
1626
msgstr ""
2027
1627
2028
#: serverguide/C/web-servers.xml:48(para)
1628
#: serverguide/C/web-servers.xml:60(para) serverguide/C/lamp-applications.xml:39(para)
2029
1629
msgid "At a terminal prompt enter the following command:"
2030
1630
msgstr "Nun terminal pon el comandu que va darréu:"
2031
1631
2032
#: serverguide/C/web-servers.xml:53(command)
1632
#: serverguide/C/web-servers.xml:65(command)
2033
1633
msgid "sudo apt-get install apache2"
2034
1634
msgstr "sudo apt-get install apache2"
2035
1635
2036
#: serverguide/C/web-servers.xml:63(para)
1636
#: serverguide/C/web-servers.xml:75(para)
2037
1637
msgid ""
2038
1638
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2039
1639
"text configuration files. These <emphasis>directives</emphasis> are "
2040
1640
"separated between the following files and directories:"
2041
1641
msgstr ""
2042
1642
2043
#: serverguide/C/web-servers.xml:71(para)
1643
#: serverguide/C/web-servers.xml:83(para)
2044
1644
msgid ""
2045
1645
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2046
1646
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2047
1647
msgstr ""
2048
1648
2049
#: serverguide/C/web-servers.xml:77(para)
1649
#: serverguide/C/web-servers.xml:89(para)
2050
1650
msgid ""
2051
1651
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2052
1652
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2053
1653
"serve content may add files, or symlinks, to this directory."
2054
1654
msgstr ""
2055
1655
2056
#: serverguide/C/web-servers.xml:83(para)
1656
#: serverguide/C/web-servers.xml:95(para)
2057
1657
msgid ""
2058
1658
"<emphasis>envvars:</emphasis> file where Apache2 "
2059
1659
"<emphasis>environment</emphasis> variables are set."
2060
1660
msgstr ""
2061
1661
2062
#: serverguide/C/web-servers.xml:88(para)
1662
#: serverguide/C/web-servers.xml:100(para)
2063
1663
msgid ""
2064
1664
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2065
"file, named after the <application>httpd</application> daemon. The file can "
2066
"be used for <emphasis>user specific</emphasis> configuration options that "
2067
"globally effect Apache2."
1665
"file, named after the <application>httpd</application> daemon. Now the file "
1666
"is typically empty, as most configuration options have been moved to the "
1667
"below referenced directories. The file can be used for <emphasis>user "
1668
"specific</emphasis> configuration options that globally effect Apache2."
2068
1669
msgstr ""
2069
1670
2070
#: serverguide/C/web-servers.xml:95(para)
1671
#: serverguide/C/web-servers.xml:108(para)
2071
1672
msgid ""
2072
1673
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2073
1674
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2074
1675
"modules will have specific configuration files, however."
2075
1676
msgstr ""
2076
1677
2077
#: serverguide/C/web-servers.xml:101(para)
1678
#: serverguide/C/web-servers.xml:114(para)
2078
1679
msgid ""
2079
1680
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2080
1681
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2082
1683
"<application>apache2</application> is restarted."
2083
1684
msgstr ""
2084
1685
2085
#: serverguide/C/web-servers.xml:108(para)
1686
#: serverguide/C/web-servers.xml:121(para)
2086
1687
msgid ""
2087
1688
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2088
1689
"TCP ports Apache2 is listening on."
2089
1690
msgstr ""
2090
1691
2091
#: serverguide/C/web-servers.xml:113(para)
1692
#: serverguide/C/web-servers.xml:126(para)
2092
1693
msgid ""
2093
1694
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2094
1695
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2095
1696
"to be configured for multiple sites that have separate configurations."
2096
1697
msgstr ""
2097
1698
2098
#: serverguide/C/web-servers.xml:119(para)
1699
#: serverguide/C/web-servers.xml:132(para)
2099
1700
msgid ""
2100
1701
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2101
1702
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2104
1705
"it will be active once Apache2 is restarted."
2105
1706
msgstr ""
2106
1707
2107
#: serverguide/C/web-servers.xml:127(para)
1708
#: serverguide/C/web-servers.xml:140(para)
2108
1709
msgid ""
2109
1710
"In addition, other configuration files may be added using the "
2110
1711
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2113
1714
"recognized by Apache2 when it is started or restarted."
2114
1715
msgstr ""
2115
1716
2116
#: serverguide/C/web-servers.xml:136(para)
1717
#: serverguide/C/web-servers.xml:149(para)
2117
1718
msgid ""
2118
1719
"The server also reads a file containing mime document types; the filename is "
2119
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2120
"<filename>/etc/mime.types</filename> by default."
1720
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
1721
"<filename>/etc/apache2/mods-available/mime.conf</filename>, which might also "
1722
"include additions and overrides, and is <filename>/etc/mime.types</filename> "
1723
"by default."
2121
1724
msgstr ""
2122
1725
2123
#: serverguide/C/web-servers.xml:141(title)
1726
#: serverguide/C/web-servers.xml:157(title)
2124
1727
msgid "Basic Settings"
2125
1728
msgstr "Opciones básiques"
2126
1729
2127
#: serverguide/C/web-servers.xml:142(para)
1730
#: serverguide/C/web-servers.xml:158(para)
2128
1731
msgid ""
2129
1732
"This section explains Apache2 server essential configuration parameters. "
2130
1733
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2131
1734
"Documentation</ulink> for more details."
2132
1735
msgstr ""
2133
1736
2134
#: serverguide/C/web-servers.xml:150(para)
1737
#: serverguide/C/web-servers.xml:166(para)
2135
1738
msgid ""
2136
1739
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2137
1740
"it is configured with a single default virtual host (using the "
2144
1747
"<filename>/etc/apache2/sites-available/default</filename>."
2145
1748
msgstr ""
2146
1749
2147
#: serverguide/C/web-servers.xml:163(para)
1750
#: serverguide/C/web-servers.xml:179(para)
2148
1751
msgid ""
2149
1752
"The directives set for a virtual host only apply to that particular virtual "
2150
1753
"host. If a directive is set server-wide and not defined within the virtual "
2153
1756
"virtual host."
2154
1757
msgstr ""
2155
1758
2156
#: serverguide/C/web-servers.xml:171(para)
1759
#: serverguide/C/web-servers.xml:187(para)
2157
1760
msgid ""
2158
1761
"If you wish to configure a new virtual host or site, copy that file into the "
2159
1762
"same directory with a name you choose. For example:"
2160
1763
msgstr ""
2161
1764
2162
#: serverguide/C/web-servers.xml:177(command)
1765
#: serverguide/C/web-servers.xml:193(command)
2163
1766
msgid ""
2164
1767
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2165
1768
"available/mynewsite"
2167
1770
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2168
1771
"available/mynewsite"
2169
1772
2170
#: serverguide/C/web-servers.xml:180(para)
1773
#: serverguide/C/web-servers.xml:196(para)
2171
1774
msgid ""
2172
1775
"Edit the new file to configure the new site using some of the directives "
2173
1776
"described below."
2174
1777
msgstr ""
2175
1778
2176
#: serverguide/C/web-servers.xml:187(para)
1779
#: serverguide/C/web-servers.xml:203(para)
2177
1780
msgid ""
2178
1781
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2179
1782
"to be advertised for the server's administrator. The default value is "
2184
1787
"configuration file in /etc/apache2/sites-available."
2185
1788
msgstr ""
2186
1789
2187
#: serverguide/C/web-servers.xml:198(para)
1790
#: serverguide/C/web-servers.xml:214(para)
2188
1791
msgid ""
2189
1792
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2190
1793
"the IP address, Apache2 should listen on. If the IP address is not "
2197
1800
"<filename>/etc/apache2/ports.conf</filename>"
2198
1801
msgstr ""
2199
1802
2200
#: serverguide/C/web-servers.xml:211(para)
1803
#: serverguide/C/web-servers.xml:227(para)
2201
1804
msgid ""
2202
1805
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2203
1806
"FQDN your site should answer to. The default virtual host has no ServerName "
2210
1813
"available/mynewsite</filename>)."
2211
1814
msgstr ""
2212
1815
2213
#: serverguide/C/web-servers.xml:223(para)
1816
#: serverguide/C/web-servers.xml:239(para)
2214
1817
msgid ""
2215
1818
"You may also want your site to respond to www.ubunturocks.com, since many "
2216
1819
"users will assume the www prefix is appropriate. Use the "
2218
1821
"wildcards in the ServerAlias directive."
2219
1822
msgstr ""
2220
1823
2221
#: serverguide/C/web-servers.xml:230(para)
1824
#: serverguide/C/web-servers.xml:246(para)
2222
1825
msgid ""
2223
1826
"For example, the following configuration will cause your site to respond to "
2224
1827
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2225
1828
msgstr ""
2226
1829
2227
#: serverguide/C/web-servers.xml:236(programlisting)
1830
#: serverguide/C/web-servers.xml:252(programlisting)
2228
1831
#, no-wrap
2229
1832
msgid ""
2230
1833
"\n"
2233
1836
"\n"
2234
1837
"ServerAlias *.ubunturocks.com\n"
2235
1838
2236
#: serverguide/C/web-servers.xml:242(para)
1839
#: serverguide/C/web-servers.xml:258(para)
2237
1840
msgid ""
2238
1841
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2239
1842
"should look for the files that make up the site. The default value is "
2240
"/var/www. No site is configured there, but if you uncomment the "
2241
"<emphasis>RedirectMatch</emphasis> directive in "
2242
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2243
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2244
"this value in your site's virtual host file, and remember to create that "
2245
"directory if necessary!"
2246
msgstr ""
2247
2248
#: serverguide/C/web-servers.xml:254(para)
2249
msgid ""
2250
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2251
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2252
"enabled point to \"available\" sites."
2253
msgstr ""
2254
2255
#: serverguide/C/web-servers.xml:260(para)
1843
"/var/www, as specified in <filename>/etc/apache2/sites-"
1844
"available/default</filename>. If desired, change this value in your site's "
1845
"virtual host file, and remember to create that directory if necessary!"
1846
msgstr ""
1847
1848
#: serverguide/C/web-servers.xml:267(para)
2256
1849
msgid ""
2257
1850
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2258
1851
"<application>a2ensite</application> utility and restart Apache2:"
2259
1852
msgstr ""
2260
1853
2261
#: serverguide/C/web-servers.xml:266(command)
1854
#: serverguide/C/web-servers.xml:273(command)
2262
1855
msgid "sudo a2ensite mynewsite"
2263
1856
msgstr "sudo a2ensite mynewsite"
2264
1857
2265
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2266
msgid "sudo /etc/init.d/apache2 restart"
2267
msgstr "sudo /etc/init.d/apache2 restart"
1858
#: serverguide/C/web-servers.xml:274(command) serverguide/C/web-servers.xml:292(command) serverguide/C/web-servers.xml:533(command) serverguide/C/web-servers.xml:542(command) serverguide/C/web-servers.xml:601(command) serverguide/C/mail.xml:937(command) serverguide/C/lamp-applications.xml:224(command)
1859
msgid "sudo service apache2 restart"
1860
msgstr ""
2268
1861
2269
#: serverguide/C/web-servers.xml:271(para)
1862
#: serverguide/C/web-servers.xml:278(para)
2270
1863
msgid ""
2271
1864
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2272
1865
"name for the VirtualHost. One method is to name the file after the "
2273
1866
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2274
1867
msgstr ""
2275
1868
2276
#: serverguide/C/web-servers.xml:278(para)
1869
#: serverguide/C/web-servers.xml:285(para)
2277
1870
msgid ""
2278
1871
"Similarly, use the <application>a2dissite</application> utility to disable "
2279
1872
"sites. This is can be useful when troubleshooting configuration problems "
2280
1873
"with multiple VirtualHosts:"
2281
1874
msgstr ""
2282
1875
2283
#: serverguide/C/web-servers.xml:284(command)
1876
#: serverguide/C/web-servers.xml:291(command)
2284
1877
msgid "sudo a2dissite mynewsite"
2285
1878
msgstr "sudo a2dissite mynewsite"
2286
1879
2287
#: serverguide/C/web-servers.xml:290(title)
1880
#: serverguide/C/web-servers.xml:297(title)
2288
1881
msgid "Default Settings"
2289
1882
msgstr "Configuración predeterminada"
2290
1883
2291
#: serverguide/C/web-servers.xml:292(para)
1884
#: serverguide/C/web-servers.xml:299(para)
2292
1885
msgid ""
2293
1886
"This section explains configuration of the Apache2 server default settings. "
2294
1887
"For example, if you add a virtual host, the settings you configure for the "
2296
1889
"defined within the virtual host settings, the default value is used."
2297
1890
msgstr ""
2298
1891
2299
#: serverguide/C/web-servers.xml:304(para)
1892
#: serverguide/C/web-servers.xml:311(para)
2300
1893
msgid ""
2301
1894
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2302
1895
"server when a user requests an index of a directory by specifying a forward "
2303
1896
"slash (/) at the end of the directory name."
2304
1897
msgstr ""
2305
1898
2306
#: serverguide/C/web-servers.xml:311(para)
1899
#: serverguide/C/web-servers.xml:318(para)
2307
1900
msgid ""
2308
1901
"For example, when a user requests the page "
2309
1902
"http://www.example.com/this_directory/, he or she will get either the "
2320
1913
"the first will be displayed."
2321
1914
msgstr ""
2322
1915
2323
#: serverguide/C/web-servers.xml:332(para)
1916
#: serverguide/C/web-servers.xml:339(para)
2324
1917
msgid ""
2325
1918
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2326
1919
"file for Apache2 to use for specific error events. For example, if a user "
2327
"requests a resource that does not exist, a 404 error will occur, and per "
2328
"Apache2's default configuration, the file "
2329
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2330
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2331
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2332
"redirects requests to the /error directory to "
2333
"<filename>/usr/share/apache2/error/</filename>."
1920
"requests a resource that does not exist, a 404 error will occur. By default, "
1921
"Apache2 will simply return a HTTP 404 Return code. Read "
1922
"<filename>/etc/apache2/conf.d/localized-error-pages</filename> for detailed "
1923
"instructions for using ErrorDocument, including locations of example files."
2334
1924
msgstr ""
2335
1925
2336
#: serverguide/C/web-servers.xml:344(para)
2337
msgid ""
2338
"To see a list of the default ErrorDocument directives, use this command:"
2339
msgstr "Pa ver la llista de les direutives ErrorDocument usa esta orde:"
2340
2341
#: serverguide/C/web-servers.xml:350(command)
2342
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2343
msgstr "grep ErrorDocument /etc/apache2/apache2.conf"
2344
2345
#: serverguide/C/web-servers.xml:355(para)
1926
#: serverguide/C/web-servers.xml:349(para)
2346
1927
msgid ""
2347
1928
"By default, the server writes the transfer log to the file "
2348
1929
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2349
1930
"per-site basis in your virtual host configuration files with the "
2350
1931
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2351
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2352
"specify the file to which errors are logged, via the "
2353
"<emphasis>ErrorLog</emphasis> directive, whose default is "
1932
"specified in <filename> /etc/apache2/conf.d/other-vhosts-access-"
1933
"log</filename>. You may also specify the file to which errors are logged, "
1934
"via the <emphasis>ErrorLog</emphasis> directive, whose default is "
2354
1935
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2355
1936
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2356
1937
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2358
1939
"/etc/apache2/apache2.conf</filename> for the default value)."
2359
1940
msgstr ""
2360
1941
2361
#: serverguide/C/web-servers.xml:370(para)
1942
#: serverguide/C/web-servers.xml:364(para)
2362
1943
msgid ""
2363
1944
"Some options are specified on a per-directory basis rather than per-server. "
2364
1945
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2365
1946
"is enclosed in XML-like tags, like so:"
2366
1947
msgstr ""
2367
1948
2368
#: serverguide/C/web-servers.xml:376(programlisting)
1949
#: serverguide/C/web-servers.xml:370(programlisting)
2369
1950
#, no-wrap
2370
1951
msgid ""
2371
1952
"\n"
2378
1959
"...\n"
2379
1960
"</Directory>\n"
2380
1961
2381
#: serverguide/C/web-servers.xml:382(para)
1962
#: serverguide/C/web-servers.xml:376(para)
2382
1963
msgid ""
2383
1964
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2384
1965
"one or more of the following values (among others), separated by spaces:"
2385
1966
msgstr ""
2386
1967
2387
#: serverguide/C/web-servers.xml:394(para)
1968
#: serverguide/C/web-servers.xml:388(para)
2388
1969
msgid ""
2389
1970
"Most files should not be executed as CGI scripts. This would be very "
2390
1971
"dangerous. CGI scripts should kept in a directory separate from and outside "
2393
1974
"<filename>/usr/lib/cgi-bin</filename>."
2394
1975
msgstr ""
2395
1976
2396
#: serverguide/C/web-servers.xml:389(para)
1977
#: serverguide/C/web-servers.xml:383(para)
2397
1978
msgid ""
2398
1979
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2399
1980
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2400
1981
msgstr ""
2401
1982
2402
#: serverguide/C/web-servers.xml:405(para)
1983
#: serverguide/C/web-servers.xml:399(para)
2403
1984
msgid ""
2404
1985
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2405
1986
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2406
"other files. This is not a common option. See <ulink "
2407
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2408
"HOWTO</ulink> for more information."
1987
"other files. See <ulink "
1988
"url=\"https://help.ubuntu.com/community/ServerSideIncludes\">Apache SSI "
1989
"documentation (Ubuntu community)</ulink> for more information."
2409
1990
msgstr ""
2410
1991
2411
#: serverguide/C/web-servers.xml:414(para)
1992
#: serverguide/C/web-servers.xml:408(para)
2412
1993
msgid ""
2413
1994
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2414
1995
"includes, but disable the <emphasis>#exec</emphasis> and "
2415
1996
"<emphasis>#include</emphasis> commands in CGI scripts."
2416
1997
msgstr ""
2417
1998
2418
#: serverguide/C/web-servers.xml:426(para)
1999
#: serverguide/C/web-servers.xml:420(para)
2419
2000
msgid ""
2420
2001
"For security reasons, this should usually not be set, and certainly should "
2421
2002
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2423
2004
"contents of the directory."
2424
2005
msgstr ""
2425
2006
2426
#: serverguide/C/web-servers.xml:421(para)
2007
#: serverguide/C/web-servers.xml:415(para)
2427
2008
msgid ""
2428
2009
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2429
2010
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2430
2011
"index.html) exists in the requested directory. <placeholder-1/>"
2431
2012
msgstr ""
2432
2013
2433
#: serverguide/C/web-servers.xml:436(para)
2014
#: serverguide/C/web-servers.xml:430(para)
2434
2015
msgid ""
2435
2016
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2436
2017
"multiviews; this option is disabled by default for security reasons. See the "
2439
2020
"Apache2 documentation on this option</ulink>."
2440
2021
msgstr ""
2441
2022
2442
#: serverguide/C/web-servers.xml:444(para)
2023
#: serverguide/C/web-servers.xml:438(para)
2443
2024
msgid ""
2444
2025
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2445
2026
"symbolic links if the target file or directory has the same owner as the "
2446
2027
"link."
2447
2028
msgstr ""
2448
2029
2449
#: serverguide/C/web-servers.xml:456(title)
2030
#: serverguide/C/web-servers.xml:450(title)
2450
2031
msgid "httpd Settings"
2451
2032
msgstr "Configuración httpd"
2452
2033
2453
#: serverguide/C/web-servers.xml:458(para)
2034
#: serverguide/C/web-servers.xml:452(para)
2454
2035
msgid ""
2455
2036
"This section explains some basic <application>httpd</application> daemon "
2456
2037
"configuration settings."
2457
2038
msgstr ""
2458
2039
2459
#: serverguide/C/web-servers.xml:462(para)
2040
#: serverguide/C/web-servers.xml:456(para)
2460
2041
msgid ""
2461
2042
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2462
2043
"the path to the lockfile used when the server is compiled with either "
2467
2048
"that is readable only by root."
2468
2049
msgstr ""
2469
2050
2470
#: serverguide/C/web-servers.xml:471(para)
2051
#: serverguide/C/web-servers.xml:465(para)
2471
2052
msgid ""
2472
2053
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2473
2054
"file in which the server records its process ID (pid). This file should only "
2474
2055
"be readable by root. In most cases, it should be left to the default value."
2475
2056
msgstr ""
2476
2057
2477
#: serverguide/C/web-servers.xml:477(para)
2058
#: serverguide/C/web-servers.xml:471(para)
2478
2059
msgid ""
2479
2060
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2480
2061
"used by the server to answer requests. This setting determines the server's "
2481
2062
"access. Any files inaccessible to this user will also be inaccessible to "
2482
"your website's visitors. The default value for User is www-data."
2063
"your website's visitors. The default value for User is \"www-data\"."
2483
2064
msgstr ""
2484
2065
2485
#: serverguide/C/web-servers.xml:484(para)
2066
#: serverguide/C/web-servers.xml:478(para)
2486
2067
msgid ""
2487
2068
"Unless you know exactly what you are doing, do not set the User directive to "
2488
2069
"root. Using root as the User will create large security holes for your Web "
2489
2070
"server."
2490
2071
msgstr ""
2491
2072
2492
#: serverguide/C/web-servers.xml:490(para)
2073
#: serverguide/C/web-servers.xml:484(para)
2493
2074
msgid ""
2494
"The Group directive is similar to the User directive. Group sets the group "
2495
"under which the server will answer requests. The default group is also www-"
2496
"data."
2075
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
2076
"the User directive. Group sets the group under which the server will answer "
2077
"requests. The default group is also \"www-data\"."
2497
2078
msgstr ""
2498
2079
2499
#: serverguide/C/web-servers.xml:496(title)
2080
#: serverguide/C/web-servers.xml:491(title)
2500
2081
msgid "Apache2 Modules"
2501
2082
msgstr ""
2502
2083
2503
#: serverguide/C/web-servers.xml:498(para)
2084
#: serverguide/C/web-servers.xml:493(para)
2504
2085
msgid ""
2505
2086
"Apache2 is a modular server. This implies that only the most basic "
2506
2087
"functionality is included in the core server. Extended features are "
2511
2092
"Apache2 must be recompiled to add or remove modules."
2512
2093
msgstr ""
2513
2094
2514
#: serverguide/C/web-servers.xml:510(para)
2095
#: serverguide/C/web-servers.xml:505(para)
2515
2096
msgid ""
2516
2097
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2517
2098
"Configuration directives may be conditionally included on the presence of a "
2519
2100
"<emphasis><IfModule></emphasis> block."
2520
2101
msgstr ""
2521
2102
2522
#: serverguide/C/web-servers.xml:517(para)
2103
#: serverguide/C/web-servers.xml:512(para)
2523
2104
msgid ""
2524
2105
"You can install additional Apache2 modules and use them with your Web "
2525
2106
"server. For example, run the following command from a terminal prompt to "
2526
2107
"install the <emphasis>MySQL Authentication</emphasis> module:"
2527
2108
msgstr ""
2528
2109
2529
#: serverguide/C/web-servers.xml:524(command)
2110
#: serverguide/C/web-servers.xml:519(command)
2530
2111
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2531
2112
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2532
2113
2533
#: serverguide/C/web-servers.xml:527(para)
2114
#: serverguide/C/web-servers.xml:522(para)
2534
2115
msgid ""
2535
2116
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2536
2117
"additional modules."
2537
2118
msgstr ""
2538
2119
2539
#: serverguide/C/web-servers.xml:531(para)
2120
#: serverguide/C/web-servers.xml:526(para)
2540
2121
msgid ""
2541
2122
"Use the <application>a2enmod</application> utility to enable a module:"
2542
2123
msgstr ""
2543
2124
2544
#: serverguide/C/web-servers.xml:537(command)
2125
#: serverguide/C/web-servers.xml:532(command)
2545
2126
msgid "sudo a2enmod auth_mysql"
2546
2127
msgstr "sudo a2enmod auth_mysql"
2547
2128
2548
#: serverguide/C/web-servers.xml:541(para)
2129
#: serverguide/C/web-servers.xml:536(para)
2549
2130
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2550
2131
msgstr ""
2551
2132
2552
#: serverguide/C/web-servers.xml:546(command)
2133
#: serverguide/C/web-servers.xml:541(command)
2553
2134
msgid "sudo a2dismod auth_mysql"
2554
2135
msgstr "sudo a2dismod auth_mysql"
2555
2136
2556
#: serverguide/C/web-servers.xml:553(title)
2137
#: serverguide/C/web-servers.xml:548(title)
2557
2138
msgid "HTTPS Configuration"
2558
2139
msgstr "Configuración HTTPS"
2559
2140
2560
#: serverguide/C/web-servers.xml:555(para)
2141
#: serverguide/C/web-servers.xml:550(para)
2561
2142
msgid ""
2562
2143
"The <application>mod_ssl</application> module adds an important feature to "
2563
2144
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2566
2147
"bar."
2567
2148
msgstr ""
2568
2149
2569
#: serverguide/C/web-servers.xml:564(para)
2150
#: serverguide/C/web-servers.xml:559(para)
2570
2151
msgid ""
2571
2152
"The <application>mod_ssl</application> module is available in "
2572
2153
"<application>apache2-common</application> package. Execute the following "
2574
2155
"<application>mod_ssl</application> module:"
2575
2156
msgstr ""
2576
2157
2577
#: serverguide/C/web-servers.xml:571(command)
2158
#: serverguide/C/web-servers.xml:566(command)
2578
2159
msgid "sudo a2enmod ssl"
2579
2160
msgstr "sudo a2enmod ssl"
2580
2161
2581
#: serverguide/C/web-servers.xml:574(para)
2162
#: serverguide/C/web-servers.xml:569(para)
2582
2163
msgid ""
2583
2164
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2584
2165
"available/default-ssl</filename>. In order for "
2592
2173
"linkend=\"certificates-and-security\"/>"
2593
2174
msgstr ""
2594
2175
2595
#: serverguide/C/web-servers.xml:584(para)
2176
#: serverguide/C/web-servers.xml:579(para)
2596
2177
msgid ""
2597
2178
"To configure <application>Apache2</application> for HTTPS, enter the "
2598
2179
"following:"
2599
2180
msgstr ""
2600
2181
2601
#: serverguide/C/web-servers.xml:589(command)
2182
#: serverguide/C/web-servers.xml:584(command)
2602
2183
msgid "sudo a2ensite default-ssl"
2603
2184
msgstr "sudo a2ensite default-ssl"
2604
2185
2605
#: serverguide/C/web-servers.xml:593(para)
2186
#: serverguide/C/web-servers.xml:588(para)
2606
2187
msgid ""
2607
2188
"The directories <filename>/etc/ssl/certs</filename> and "
2608
2189
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2611
2192
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2612
2193
msgstr ""
2613
2194
2614
#: serverguide/C/web-servers.xml:600(para)
2195
#: serverguide/C/web-servers.xml:595(para)
2615
2196
msgid ""
2616
2197
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2617
2198
"settings:"
2618
2199
msgstr ""
2619
2200
2620
#: serverguide/C/web-servers.xml:611(para)
2201
#: serverguide/C/web-servers.xml:606(para)
2621
2202
msgid ""
2622
2203
"Depending on how you obtained your certificate you may need to enter a "
2623
2204
"passphrase when <application>Apache2</application> starts."
2624
2205
msgstr ""
2625
2206
2626
#: serverguide/C/web-servers.xml:617(para)
2207
#: serverguide/C/web-servers.xml:612(para)
2627
2208
msgid ""
2628
2209
"You can access the secure server pages by typing https://your_hostname/url/ "
2629
2210
"in your browser address bar."
2630
2211
msgstr ""
2631
2212
2632
#: serverguide/C/web-servers.xml:628(para)
2213
#: serverguide/C/web-servers.xml:619(title)
2214
msgid "Sharing Write Permission"
2215
msgstr ""
2216
2217
#: serverguide/C/web-servers.xml:620(para)
2218
msgid ""
2219
"For more than one user to be able to write to the same directory it will be "
2220
"necessary to grant write permission to a group they share in common. The "
2221
"following example grants shared write permission to "
2222
"<filename>/var/www</filename> to the group \"webmasters\"."
2223
msgstr ""
2224
2225
#: serverguide/C/web-servers.xml:628(command)
2226
msgid "sudo chgrp -R webmasters /var/www"
2227
msgstr ""
2228
2229
#: serverguide/C/web-servers.xml:629(command)
2230
msgid "sudo find /var/www -type d -exec chmod g=rwxs \"{}\" \\;"
2231
msgstr ""
2232
2233
#: serverguide/C/web-servers.xml:630(command)
2234
msgid "sudo find /var/www -type f -exec chmod g=rws \"{}\" \\;"
2235
msgstr ""
2236
2237
#: serverguide/C/web-servers.xml:634(para)
2238
msgid ""
2239
"If access must be granted to more than one group per directory, enable "
2240
"Access Control Lists (ACLs)."
2241
msgstr ""
2242
2243
#: serverguide/C/web-servers.xml:641(title) serverguide/C/web-servers.xml:791(title) serverguide/C/web-servers.xml:941(title) serverguide/C/web-servers.xml:1036(title) serverguide/C/web-servers.xml:1258(title) serverguide/C/vpn.xml:802(title) serverguide/C/virtualization.xml:2072(title) serverguide/C/vcs.xml:540(title) serverguide/C/security.xml:865(title) serverguide/C/security.xml:1199(title) serverguide/C/security.xml:1613(title) serverguide/C/security.xml:1799(title) serverguide/C/remote-administration.xml:198(title) serverguide/C/remote-administration.xml:764(title) serverguide/C/package-management.xml:468(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1037(title) serverguide/C/network-config.xml:1145(title) serverguide/C/monitoring.xml:394(title) serverguide/C/monitoring.xml:530(title) serverguide/C/mail.xml:455(title) serverguide/C/mail.xml:650(title) serverguide/C/mail.xml:802(title) serverguide/C/mail.xml:1222(title) serverguide/C/mail.xml:1693(title) serverguide/C/lamp-applications.xml:246(title) serverguide/C/lamp-applications.xml:375(title) serverguide/C/lamp-applications.xml:483(title) serverguide/C/file-server.xml:307(title) serverguide/C/file-server.xml:448(title) serverguide/C/file-server.xml:618(title) serverguide/C/file-server.xml:805(title) serverguide/C/dns.xml:607(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
2244
msgid "References"
2245
msgstr "Referencies"
2246
2247
#: serverguide/C/web-servers.xml:645(para)
2633
2248
msgid ""
2634
2249
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2635
2250
"Documentation</ulink> contains in depth information on Apache2 configuration "
2637
2252
"the official Apache2 docs."
2638
2253
msgstr ""
2639
2254
2640
#: serverguide/C/web-servers.xml:635(para)
2255
#: serverguide/C/web-servers.xml:652(para)
2641
2256
msgid ""
2642
2257
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2643
2258
"Documentation</ulink> site for more SSL related information."
2644
2259
msgstr ""
2645
2260
2646
#: serverguide/C/web-servers.xml:641(para)
2261
#: serverguide/C/web-servers.xml:658(para)
2647
2262
msgid ""
2648
2263
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2649
2264
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2650
2265
"configurations."
2651
2266
msgstr ""
2652
2267
2653
#: serverguide/C/web-servers.xml:647(para)
2268
#: serverguide/C/web-servers.xml:664(para)
2654
2269
msgid ""
2655
2270
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2656
2271
"server</emphasis> IRC channel on <ulink "
2657
2272
"url=\"http://freenode.net/\">freenode.net</ulink>."
2658
2273
msgstr ""
2659
2274
2660
#: serverguide/C/web-servers.xml:653(para)
2275
#: serverguide/C/web-servers.xml:670(para)
2661
2276
msgid ""
2662
2277
"Usually integrated with PHP and MySQL the <ulink "
2663
2278
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2664
2279
"Ubuntu Wiki </ulink> page is a good resource."
2665
2280
msgstr ""
2666
2281
2667
#: serverguide/C/web-servers.xml:664(title)
2282
#: serverguide/C/web-servers.xml:681(title)
2668
2283
msgid "PHP5 - Scripting Language"
2669
2284
msgstr "PHP5 - Llinguax de scripts"
2670
2285
2671
#: serverguide/C/web-servers.xml:665(para)
2286
#: serverguide/C/web-servers.xml:682(para)
2672
2287
msgid ""
2673
2288
"PHP is a general-purpose scripting language suited for Web development. The "
2674
2289
"PHP script can be embedded into HTML. This section explains how to install "
2675
2290
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2676
2291
msgstr ""
2677
2292
2678
#: serverguide/C/web-servers.xml:669(para)
2293
#: serverguide/C/web-servers.xml:686(para)
2679
2294
msgid ""
2680
2295
"This section assumes you have installed and configured Apache2 Web Server "
2681
2296
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2683
2298
"respectively."
2684
2299
msgstr ""
2685
2300
2686
#: serverguide/C/web-servers.xml:676(para)
2687
msgid "The PHP5 is available in Ubuntu Linux."
2688
msgstr "PHP5 ta disponible n'Ubuntu Linux."
2301
#: serverguide/C/web-servers.xml:693(para)
2302
msgid ""
2303
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
2304
"installed in the base system, PHP must be added."
2305
msgstr ""
2689
2306
2690
#: serverguide/C/web-servers.xml:678(para)
2307
#: serverguide/C/web-servers.xml:697(para)
2691
2308
msgid ""
2692
2309
"To install PHP5 you can enter the following command in the terminal prompt: "
2693
2310
"<screen>\n"
2695
2312
"</screen>"
2696
2313
msgstr ""
2697
2314
2698
#: serverguide/C/web-servers.xml:687(para)
2315
#: serverguide/C/web-servers.xml:706(para)
2699
2316
msgid ""
2700
2317
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2701
2318
"line you should install <application>php5-cli</application> package. To "
2705
2322
"</screen>"
2706
2323
msgstr ""
2707
2324
2708
#: serverguide/C/web-servers.xml:696(para)
2325
#: serverguide/C/web-servers.xml:715(para)
2709
2326
msgid ""
2710
2327
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2711
2328
"accomplish this, you should install <application>php5-cgi</application> "
2715
2332
"</screen>"
2716
2333
msgstr ""
2717
2334
2718
#: serverguide/C/web-servers.xml:706(para)
2335
#: serverguide/C/web-servers.xml:725(para)
2719
2336
msgid ""
2720
2337
"To use <application>MySQL</application> with PHP5 you should install "
2721
2338
"<application>php5-mysql</application> package. To install <application>php5-"
2725
2342
"</screen>"
2726
2343
msgstr ""
2727
2344
2728
#: serverguide/C/web-servers.xml:714(para)
2345
#: serverguide/C/web-servers.xml:733(para)
2729
2346
msgid ""
2730
2347
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2731
2348
"install <application>php5-pgsql</application> package. To install "
2735
2352
"</screen>"
2736
2353
msgstr ""
2737
2354
2738
#: serverguide/C/web-servers.xml:727(para)
2355
#: serverguide/C/web-servers.xml:746(para)
2739
2356
msgid ""
2740
2357
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2741
2358
"you have installed <application>php5-cli</application> package, you can run "
2742
2359
"PHP5 scripts from your command prompt."
2743
2360
msgstr ""
2744
2361
2745
#: serverguide/C/web-servers.xml:734(para)
2362
#: serverguide/C/web-servers.xml:753(para)
2746
2363
msgid ""
2747
2364
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2748
2365
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2753
2370
"command."
2754
2371
msgstr ""
2755
2372
2756
#: serverguide/C/web-servers.xml:745(para)
2373
#: serverguide/C/web-servers.xml:764(para)
2757
2374
msgid ""
2758
2375
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2759
2376
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2760
2377
"following command at a terminal prompt to restart your web server: "
2761
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2378
"<screen><command>sudo service apache2 restart</command> </screen>"
2762
2379
msgstr ""
2763
2380
2764
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2381
#: serverguide/C/web-servers.xml:772(title) serverguide/C/network-auth.xml:1051(title) serverguide/C/mail.xml:316(title) serverguide/C/mail.xml:1616(title) serverguide/C/dns.xml:378(title) serverguide/C/clustering.xml:184(title)
2765
2382
msgid "Testing"
2766
2383
msgstr "Prebes"
2767
2384
2768
#: serverguide/C/web-servers.xml:754(para)
2385
#: serverguide/C/web-servers.xml:773(para)
2769
2386
msgid ""
2770
2387
"To verify your installation, you can run following PHP5 phpinfo script:"
2771
2388
msgstr ""
2772
2389
2773
#: serverguide/C/web-servers.xml:757(programlisting)
2390
#: serverguide/C/web-servers.xml:776(programlisting)
2774
2391
#, no-wrap
2775
2392
msgid ""
2776
2393
"\n"
2783
2400
" phpinfo();\n"
2784
2401
"?>\n"
2785
2402
2786
#: serverguide/C/web-servers.xml:762(para)
2403
#: serverguide/C/web-servers.xml:781(para)
2787
2404
msgid ""
2788
2405
"You can save the content in a file <filename>phpinfo.php</filename> and "
2789
2406
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2792
2409
"various PHP5 configuration parameters."
2793
2410
msgstr ""
2794
2411
2795
#: serverguide/C/web-servers.xml:776(para)
2412
#: serverguide/C/web-servers.xml:795(para)
2796
2413
msgid ""
2797
2414
"For more in depth information see <ulink "
2798
2415
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2799
2416
msgstr ""
2800
2417
2801
#: serverguide/C/web-servers.xml:781(para)
2418
#: serverguide/C/web-servers.xml:800(para)
2802
2419
msgid ""
2803
2420
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2804
2421
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2806
2423
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2807
2424
msgstr ""
2808
2425
2809
#: serverguide/C/web-servers.xml:788(para)
2426
#: serverguide/C/web-servers.xml:807(para)
2810
2427
msgid ""
2811
2428
"Also, see the <ulink "
2812
2429
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2813
2430
"Ubuntu Wiki</ulink> page for more information."
2814
2431
msgstr ""
2815
2432
2816
#: serverguide/C/web-servers.xml:799(title)
2433
#: serverguide/C/web-servers.xml:818(title)
2817
2434
msgid "Squid - Proxy Server"
2818
2435
msgstr "Sirvidor proxy Squid"
2819
2436
2820
#: serverguide/C/web-servers.xml:800(para)
2437
#: serverguide/C/web-servers.xml:819(para)
2821
2438
msgid ""
2822
2439
"Squid is a full-featured web proxy cache server application which provides "
2823
2440
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2830
2447
"Protocol. (WCCP)"
2831
2448
msgstr ""
2832
2449
2833
#: serverguide/C/web-servers.xml:808(para)
2450
#: serverguide/C/web-servers.xml:827(para)
2834
2451
msgid ""
2835
2452
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2836
2453
"and caching server needs, and scales from the branch office to enterprise "
2842
2459
"increased performance."
2843
2460
msgstr ""
2844
2461
2845
#: serverguide/C/web-servers.xml:817(para)
2462
#: serverguide/C/web-servers.xml:836(para)
2846
2463
msgid ""
2847
2464
"At a terminal prompt, enter the following command to install the Squid "
2848
2465
"server:"
2849
2466
msgstr ""
2850
2467
2851
#: serverguide/C/web-servers.xml:822(command)
2468
#: serverguide/C/web-servers.xml:841(command)
2852
2469
msgid "sudo apt-get install squid"
2853
2470
msgstr "sudo apt-get install squid"
2854
2471
2855
#: serverguide/C/web-servers.xml:828(para)
2472
#: serverguide/C/web-servers.xml:847(para)
2856
2473
msgid ""
2857
2474
"Squid is configured by editing the directives contained within the "
2858
2475
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2861
2478
"see the References section."
2862
2479
msgstr ""
2863
2480
2864
#: serverguide/C/web-servers.xml:834(para)
2481
#: serverguide/C/web-servers.xml:853(para)
2865
2482
msgid ""
2866
2483
"Prior to editing the configuration file, you should make a copy of the "
2867
2484
"original file and protect it from writing so you will have the original "
2868
2485
"settings as a reference, and to re-use as necessary."
2869
2486
msgstr ""
2870
2487
2871
#: serverguide/C/web-servers.xml:837(para)
2488
#: serverguide/C/web-servers.xml:856(para)
2872
2489
msgid ""
2873
2490
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2874
2491
"writing with the following commands entered at a terminal prompt:"
2875
2492
msgstr ""
2876
2493
2877
#: serverguide/C/web-servers.xml:842(command)
2494
#: serverguide/C/web-servers.xml:861(command)
2878
2495
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2879
2496
msgstr ""
2880
2497
2881
#: serverguide/C/web-servers.xml:843(command)
2498
#: serverguide/C/web-servers.xml:862(command)
2882
2499
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2883
2500
msgstr ""
2884
2501
2885
#: serverguide/C/web-servers.xml:849(para)
2502
#: serverguide/C/web-servers.xml:868(para)
2886
2503
msgid ""
2887
2504
"To set your Squid server to listen on TCP port 8888 instead of the default "
2888
2505
"TCP port 3128, change the http_port directive as such:"
2889
2506
msgstr ""
2890
2507
2891
#: serverguide/C/web-servers.xml:853(programlisting)
2508
#: serverguide/C/web-servers.xml:872(programlisting)
2892
2509
#, no-wrap
2893
2510
msgid ""
2894
2511
"\n"
2895
2512
"http_port 8888\n"
2896
2513
msgstr ""
2897
2514
2898
#: serverguide/C/web-servers.xml:858(para)
2515
#: serverguide/C/web-servers.xml:877(para)
2899
2516
msgid ""
2900
2517
"Change the visible_hostname directive in order to give the Squid server a "
2901
2518
"specific hostname. This hostname does not necessarily need to be the "
2902
2519
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2903
2520
msgstr ""
2904
2521
2905
#: serverguide/C/web-servers.xml:862(programlisting)
2522
#: serverguide/C/web-servers.xml:881(programlisting)
2906
2523
#, no-wrap
2907
2524
msgid ""
2908
2525
"\n"
2909
2526
"visible_hostname weezie\n"
2910
2527
msgstr ""
2911
2528
2912
#: serverguide/C/web-servers.xml:867(para)
2529
#: serverguide/C/web-servers.xml:886(para)
2913
2530
msgid ""
2914
2531
"Using Squid's access control, you may configure use of Internet services "
2915
2532
"proxied by Squid to be available only users with certain Internet Protocol "
2917
2534
"192.168.42.0/24 subnetwork only:"
2918
2535
msgstr ""
2919
2536
2920
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2537
#: serverguide/C/web-servers.xml:891(para) serverguide/C/web-servers.xml:911(para)
2921
2538
msgid ""
2922
2539
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2923
2540
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2924
2541
msgstr ""
2925
2542
2926
#: serverguide/C/web-servers.xml:875(programlisting)
2543
#: serverguide/C/web-servers.xml:894(programlisting)
2927
2544
#, no-wrap
2928
2545
msgid ""
2929
2546
"\n"
2930
2547
"acl fortytwo_network src 192.168.42.0/24\n"
2931
2548
msgstr ""
2932
2549
2933
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2550
#: serverguide/C/web-servers.xml:897(para) serverguide/C/web-servers.xml:918(para)
2934
2551
msgid ""
2935
2552
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2936
2553
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2937
2554
msgstr ""
2938
2555
2939
#: serverguide/C/web-servers.xml:882(programlisting)
2556
#: serverguide/C/web-servers.xml:901(programlisting)
2940
2557
#, no-wrap
2941
2558
msgid ""
2942
2559
"\n"
2943
2560
"http_access allow fortytwo_network\n"
2944
2561
msgstr ""
2945
2562
2946
#: serverguide/C/web-servers.xml:887(para)
2563
#: serverguide/C/web-servers.xml:906(para)
2947
2564
msgid ""
2948
2565
"Using the excellent access control features of Squid, you may configure use "
2949
2566
"of Internet services proxied by Squid to be available only during normal "
2952
2569
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2953
2570
msgstr ""
2954
2571
2955
#: serverguide/C/web-servers.xml:895(programlisting)
2572
#: serverguide/C/web-servers.xml:914(programlisting)
2956
2573
#, no-wrap
2957
2574
msgid ""
2958
2575
"\n"
2960
2577
"acl biz_hours time M T W T F 9:00-17:00\n"
2961
2578
msgstr ""
2962
2579
2963
#: serverguide/C/web-servers.xml:903(programlisting)
2580
#: serverguide/C/web-servers.xml:922(programlisting)
2964
2581
#, no-wrap
2965
2582
msgid ""
2966
2583
"\n"
2967
2584
"http_access allow biz_network biz_hours\n"
2968
2585
msgstr ""
2969
2586
2970
#: serverguide/C/web-servers.xml:910(para)
2587
#: serverguide/C/web-servers.xml:929(para)
2971
2588
msgid ""
2972
2589
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2973
2590
"save the file and restart the <application>squid</application> server "
2975
2592
"terminal prompt:"
2976
2593
msgstr ""
2977
2594
2978
#: serverguide/C/web-servers.xml:917(command)
2595
#: serverguide/C/web-servers.xml:936(command)
2979
2596
msgid "sudo /etc/init.d/squid restart"
2980
2597
msgstr ""
2981
2598
2982
#: serverguide/C/web-servers.xml:924(ulink)
2599
#: serverguide/C/web-servers.xml:943(ulink)
2983
2600
msgid "Squid Website"
2984
2601
msgstr ""
2985
2602
2986
#: serverguide/C/web-servers.xml:926(para)
2603
#: serverguide/C/web-servers.xml:945(para)
2987
2604
msgid ""
2988
2605
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2989
2606
"Squid</ulink> page."
2990
2607
msgstr ""
2991
2608
2992
#: serverguide/C/web-servers.xml:933(title)
2609
#: serverguide/C/web-servers.xml:952(title)
2993
2610
msgid "Ruby on Rails"
2994
2611
msgstr ""
2995
2612
2996
#: serverguide/C/web-servers.xml:934(para)
2613
#: serverguide/C/web-servers.xml:953(para)
2997
2614
msgid ""
2998
2615
"Ruby on Rails is an open source web framework for developing database backed "
2999
2616
"web applications. It is optimized for sustainable productivity of the "
3001
2618
"convention over configuration."
3002
2619
msgstr ""
3003
2620
3004
#: serverguide/C/web-servers.xml:941(para)
2621
#: serverguide/C/web-servers.xml:960(para)
3005
2622
msgid ""
3006
2623
"Before installing <application>Rails</application> you should install "
3007
2624
"<application>Apache</application> and <application>MySQL</application>. To "
3010
2627
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3011
2628
msgstr ""
3012
2629
3013
#: serverguide/C/web-servers.xml:949(para)
2630
#: serverguide/C/web-servers.xml:968(para)
3014
2631
msgid ""
3015
2632
"Once you have <application>Apache</application> and "
3016
2633
"<application>MySQL</application> packages installed, you are ready to "
3017
2634
"install <application>Ruby on Rails</application> package."
3018
2635
msgstr ""
3019
2636
3020
#: serverguide/C/web-servers.xml:956(para)
2637
#: serverguide/C/web-servers.xml:975(para)
3021
2638
msgid ""
3022
2639
"To install the <application>Ruby</application> base packages and "
3023
2640
"<application>Ruby on Rails</application>, you can enter the following "
3024
2641
"command in the terminal prompt:"
3025
2642
msgstr ""
3026
2643
3027
#: serverguide/C/web-servers.xml:962(command)
2644
#: serverguide/C/web-servers.xml:981(command)
3028
2645
msgid "sudo apt-get install rails"
3029
2646
msgstr ""
3030
2647
3031
#: serverguide/C/web-servers.xml:968(para)
2648
#: serverguide/C/web-servers.xml:987(para)
3032
2649
msgid ""
3033
2650
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3034
2651
"configuration file to setup your domains."
3035
2652
msgstr ""
3036
2653
3037
#: serverguide/C/web-servers.xml:972(para)
2654
#: serverguide/C/web-servers.xml:991(para)
3038
2655
msgid ""
3039
2656
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3040
2657
msgstr ""
3041
2658
3042
#: serverguide/C/web-servers.xml:976(programlisting)
2659
#: serverguide/C/web-servers.xml:995(programlisting)
3043
2660
#, no-wrap
3044
2661
msgid ""
3045
2662
"\n"
3046
2663
"DocumentRoot /path/to/rails/application/public\n"
3047
2664
msgstr ""
3048
2665
3049
#: serverguide/C/web-servers.xml:979(para)
2666
#: serverguide/C/web-servers.xml:998(para)
3050
2667
msgid ""
3051
2668
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3052
2669
"directive:"
3053
2670
msgstr ""
3054
2671
3055
#: serverguide/C/web-servers.xml:983(programlisting)
2672
#: serverguide/C/web-servers.xml:1002(programlisting)
3056
2673
#, no-wrap
3057
2674
msgid ""
3058
2675
"\n"
3065
2682
"</Directory>\n"
3066
2683
msgstr ""
3067
2684
3068
#: serverguide/C/web-servers.xml:993(para)
2685
#: serverguide/C/web-servers.xml:1012(para)
3069
2686
msgid ""
3070
2687
"You should also enable the <application>mod_rewrite</application> module for "
3071
2688
"Apache. To enable <application>mod_rewrite</application> module, please "
3072
2689
"enter the following command in a terminal prompt:"
3073
2690
msgstr ""
3074
2691
3075
#: serverguide/C/web-servers.xml:999(command)
2692
#: serverguide/C/web-servers.xml:1018(command)
3076
2693
msgid "sudo a2enmod rewrite"
3077
2694
msgstr ""
3078
2695
3079
#: serverguide/C/web-servers.xml:1002(para)
2696
#: serverguide/C/web-servers.xml:1021(para)
3080
2697
msgid ""
3081
2698
"Finally you will need to change the ownership of the "
3082
2699
"<filename>/path/to/rails/application/public</filename> and "
3084
2701
"used to run the <application>Apache</application> process:"
3085
2702
msgstr ""
3086
2703
3087
#: serverguide/C/web-servers.xml:1008(command)
2704
#: serverguide/C/web-servers.xml:1027(command)
3088
2705
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
3089
2706
msgstr ""
3090
2707
3091
#: serverguide/C/web-servers.xml:1009(command)
2708
#: serverguide/C/web-servers.xml:1028(command)
3092
2709
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3093
2710
msgstr ""
3094
2711
3095
#: serverguide/C/web-servers.xml:1012(para)
2712
#: serverguide/C/web-servers.xml:1031(para)
3096
2713
msgid ""
3097
2714
"That's it! Now you have your Server ready for your <application>Ruby on "
3098
2715
"Rails</application> applications."
3099
2716
msgstr ""
3100
2717
3101
#: serverguide/C/web-servers.xml:1021(para)
2718
#: serverguide/C/web-servers.xml:1040(para)
3102
2719
msgid ""
3103
2720
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3104
2721
"for more information."
3105
2722
msgstr ""
3106
2723
3107
#: serverguide/C/web-servers.xml:1026(para)
2724
#: serverguide/C/web-servers.xml:1045(para)
3108
2725
msgid ""
3109
2726
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3110
2727
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3111
2728
"resource."
3112
2729
msgstr ""
3113
2730
3114
#: serverguide/C/web-servers.xml:1032(para)
2731
#: serverguide/C/web-servers.xml:1051(para)
3115
2732
msgid ""
3116
2733
"Another place for more information is the <ulink "
3117
2734
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3118
2735
"Wiki</ulink> page."
3119
2736
msgstr ""
3120
2737
3121
#: serverguide/C/web-servers.xml:1043(title)
2738
#: serverguide/C/web-servers.xml:1062(title)
3122
2739
msgid "Apache Tomcat"
3123
2740
msgstr ""
3124
2741
3125
#: serverguide/C/web-servers.xml:1044(para)
2742
#: serverguide/C/web-servers.xml:1063(para)
3126
2743
msgid ""
3127
2744
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3128
2745
"JSP (Java Server Pages) web applications."
3129
2746
msgstr ""
3130
2747
3131
#: serverguide/C/web-servers.xml:1046(para)
2748
#: serverguide/C/web-servers.xml:1065(para)
3132
2749
msgid ""
3133
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3134
"different ways of running Tomcat. You can install them as a classic unique "
3135
"system-wide instance, that will be started at boot time and will run as the "
3136
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3137
"will run with your own user rights, and that you should start and stop by "
3138
"yourself. This second way is particularly useful in a development server "
3139
"context where multiple users need to test on their own private Tomcat "
3140
"instances."
2750
"The Tomcat 6.0 packages in Ubuntu support two different ways of running "
2751
"Tomcat. You can install them as a classic unique system-wide instance, that "
2752
"will be started at boot time will run as the tomcat6 unprivileged user. But "
2753
"you can also deploy private instances that will run with your own user "
2754
"rights, and that you should start and stop by yourself. This second way is "
2755
"particularly useful in a development server context where multiple users "
2756
"need to test on their own private Tomcat instances."
3141
2757
msgstr ""
3142
2758
3143
#: serverguide/C/web-servers.xml:1056(title)
2759
#: serverguide/C/web-servers.xml:1075(title)
3144
2760
msgid "System-wide installation"
3145
2761
msgstr ""
3146
2762
3147
#: serverguide/C/web-servers.xml:1057(para)
2763
#: serverguide/C/web-servers.xml:1076(para)
3148
2764
msgid ""
3149
"To install the <application>Tomcat</application> server, you can enter the "
3150
"following command in the terminal prompt:"
2765
"To install the Tomcat server, you can enter the following command in the "
2766
"terminal prompt:"
3151
2767
msgstr ""
3152
2768
3153
#: serverguide/C/web-servers.xml:1060(command)
2769
#: serverguide/C/web-servers.xml:1079(command)
3154
2770
msgid "sudo apt-get install tomcat6"
3155
2771
msgstr ""
3156
2772
3157
#: serverguide/C/web-servers.xml:1062(para)
2773
#: serverguide/C/web-servers.xml:1081(para)
3158
2774
msgid ""
3159
2775
"This will install a Tomcat server with just a default ROOT webapp that "
3160
2776
"displays a minimal \"It works\" page by default."
3161
2777
msgstr ""
3162
2778
3163
#: serverguide/C/web-servers.xml:1068(para)
2779
#: serverguide/C/web-servers.xml:1087(para)
3164
2780
msgid ""
3165
2781
"Tomcat configuration files can be found in "
3166
2782
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
3169
2785
"documentation</ulink> for more."
3170
2786
msgstr ""
3171
2787
3172
#: serverguide/C/web-servers.xml:1074(title)
2788
#: serverguide/C/web-servers.xml:1093(title)
3173
2789
msgid "Changing default ports"
3174
2790
msgstr ""
3175
2791
3176
#: serverguide/C/web-servers.xml:1075(para)
2792
#: serverguide/C/web-servers.xml:1094(para)
3177
2793
msgid ""
3178
2794
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3179
2795
"connector on port 8009. You might want to change those default ports to "
3181
2797
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3182
2798
msgstr ""
3183
2799
3184
#: serverguide/C/web-servers.xml:1080(programlisting)
2800
#: serverguide/C/web-servers.xml:1099(programlisting)
3185
2801
#, no-wrap
3186
2802
msgid ""
3187
2803
"\n"
3193
2809
"/>\n"
3194
2810
msgstr ""
3195
2811
3196
#: serverguide/C/web-servers.xml:1089(title)
2812
#: serverguide/C/web-servers.xml:1108(title)
3197
2813
msgid "Changing JVM used"
3198
2814
msgstr ""
3199
2815
3200
#: serverguide/C/web-servers.xml:1090(para)
2816
#: serverguide/C/web-servers.xml:1109(para)
3201
2817
msgid ""
3202
2818
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3203
2819
"then try some other JVMs. If you have various JVMs installed, you can set "
3205
2821
"<filename>/etc/default/tomcat6</filename>:"
3206
2822
msgstr ""
3207
2823
3208
#: serverguide/C/web-servers.xml:1094(programlisting)
2824
#: serverguide/C/web-servers.xml:1113(programlisting)
3209
2825
#, no-wrap
3210
2826
msgid ""
3211
2827
"\n"
3212
2828
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3213
2829
msgstr ""
3214
2830
3215
#: serverguide/C/web-servers.xml:1099(title)
2831
#: serverguide/C/web-servers.xml:1118(title)
3216
2832
msgid "Declaring users and roles"
3217
2833
msgstr ""
3218
2834
3219
#: serverguide/C/web-servers.xml:1100(para)
2835
#: serverguide/C/web-servers.xml:1119(para)
3220
2836
msgid ""
3221
2837
"Usernames, passwords and roles (groups) can be defined centrally in a "
3222
2838
"Servlet container. In Tomcat 6.0 this is done in the "
3223
2839
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3224
2840
msgstr ""
3225
2841
3226
#: serverguide/C/web-servers.xml:1103(programlisting)
2842
#: serverguide/C/web-servers.xml:1122(programlisting)
3227
2843
#, no-wrap
3228
2844
msgid ""
3229
2845
"\n"
3231
2847
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3232
2848
msgstr ""
3233
2849
3234
#: serverguide/C/web-servers.xml:1111(title)
2850
#: serverguide/C/web-servers.xml:1130(title)
3235
2851
msgid "Using Tomcat standard webapps"
3236
2852
msgstr ""
3237
2853
3238
#: serverguide/C/web-servers.xml:1112(para)
2854
#: serverguide/C/web-servers.xml:1131(para)
3239
2855
msgid ""
3240
2856
"Tomcat is shipped with webapps that you can install for documentation, "
3241
2857
"administration or demo purposes."
3242
2858
msgstr ""
3243
2859
3244
#: serverguide/C/web-servers.xml:1115(title)
2860
#: serverguide/C/web-servers.xml:1134(title)
3245
2861
msgid "Tomcat documentation"
3246
2862
msgstr ""
3247
2863
3248
#: serverguide/C/web-servers.xml:1116(para)
2864
#: serverguide/C/web-servers.xml:1135(para)
3249
2865
msgid ""
3250
2866
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3251
2867
"documentation, packaged as a webapp that you can access by default at "
3253
2869
"command in the terminal prompt:"
3254
2870
msgstr ""
3255
2871
3256
#: serverguide/C/web-servers.xml:1121(command)
2872
#: serverguide/C/web-servers.xml:1140(command)
3257
2873
msgid "sudo apt-get install tomcat6-docs"
3258
2874
msgstr ""
3259
2875
3260
#: serverguide/C/web-servers.xml:1125(title)
2876
#: serverguide/C/web-servers.xml:1144(title)
3261
2877
msgid "Tomcat administration webapps"
3262
2878
msgstr ""
3263
2879
3264
#: serverguide/C/web-servers.xml:1126(para)
2880
#: serverguide/C/web-servers.xml:1145(para)
3265
2881
msgid ""
3266
2882
"The <application>tomcat6-admin</application> package contains two webapps "
3267
2883
"that can be used to administer the Tomcat server using a web interface. You "
3268
2884
"can install them by entering the following command in the terminal prompt:"
3269
2885
msgstr ""
3270
2886
3271
#: serverguide/C/web-servers.xml:1131(command)
2887
#: serverguide/C/web-servers.xml:1150(command)
3272
2888
msgid "sudo apt-get install tomcat6-admin"
3273
2889
msgstr ""
3274
2890
3275
#: serverguide/C/web-servers.xml:1133(para)
2891
#: serverguide/C/web-servers.xml:1152(para)
3276
2892
msgid ""
3277
2893
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3278
2894
"access by default at http://yourserver:8080/manager/html. It is primarily "
3279
2895
"used to get server status and restart webapps."
3280
2896
msgstr ""
3281
2897
3282
#: serverguide/C/web-servers.xml:1136(para)
2898
#: serverguide/C/web-servers.xml:1155(para)
3283
2899
msgid ""
3284
2900
"Access to the <emphasis>manager</emphasis> application is protected by "
3285
2901
"default: you need to define a user with the role \"manager\" in "
3286
2902
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3287
2903
msgstr ""
3288
2904
3289
#: serverguide/C/web-servers.xml:1140(para)
2905
#: serverguide/C/web-servers.xml:1159(para)
3290
2906
msgid ""
3291
2907
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3292
2908
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3293
2909
"used to create virtual hosts dynamically."
3294
2910
msgstr ""
3295
2911
3296
#: serverguide/C/web-servers.xml:1144(para)
2912
#: serverguide/C/web-servers.xml:1163(para)
3297
2913
msgid ""
3298
2914
"Access to the <emphasis>host-manager</emphasis> application is also "
3299
2915
"protected by default: you need to define a user with the role \"admin\" in "
3300
2916
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3301
2917
msgstr ""
3302
2918
3303
#: serverguide/C/web-servers.xml:1149(para)
2919
#: serverguide/C/web-servers.xml:1168(para)
3304
2920
msgid ""
3305
2921
"For security reasons, the tomcat6 user cannot write to the "
3306
2922
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3309
2925
"the following, to give users in the tomcat6 group the necessary rights:"
3310
2926
msgstr ""
3311
2927
3312
#: serverguide/C/web-servers.xml:1156(command)
2928
#: serverguide/C/web-servers.xml:1175(command)
3313
2929
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3314
2930
msgstr ""
3315
2931
3316
#: serverguide/C/web-servers.xml:1157(command)
2932
#: serverguide/C/web-servers.xml:1176(command)
3317
2933
msgid "sudo chmod -R g+w /etc/tomcat6"
3318
2934
msgstr ""
3319
2935
3320
#: serverguide/C/web-servers.xml:1162(title)
2936
#: serverguide/C/web-servers.xml:1181(title)
3321
2937
msgid "Tomcat examples webapps"
3322
2938
msgstr ""
3323
2939
3324
#: serverguide/C/web-servers.xml:1163(para)
2940
#: serverguide/C/web-servers.xml:1182(para)
3325
2941
msgid ""
3326
2942
"The <application>tomcat6-examples</application> package contains two webapps "
3327
2943
"that can be used to test or demonstrate Servlets and JSP features, which you "
3329
2945
"install them by entering the following command in the terminal prompt:"
3330
2946
msgstr ""
3331
2947
3332
#: serverguide/C/web-servers.xml:1169(command)
2948
#: serverguide/C/web-servers.xml:1188(command)
3333
2949
msgid "sudo apt-get install tomcat6-examples"
3334
2950
msgstr ""
3335
2951
3336
#: serverguide/C/web-servers.xml:1175(title)
2952
#: serverguide/C/web-servers.xml:1194(title)
3337
2953
msgid "Using private instances"
3338
2954
msgstr ""
3339
2955
3340
#: serverguide/C/web-servers.xml:1176(para)
2956
#: serverguide/C/web-servers.xml:1195(para)
3341
2957
msgid ""
3342
2958
"Tomcat is heavily used in development and testing scenarios where using a "
3343
2959
"single system-wide instance doesn't meet the requirements of multiple users "
3347
2963
"using the system-installed libraries."
3348
2964
msgstr ""
3349
2965
3350
#: serverguide/C/web-servers.xml:1183(para)
2966
#: serverguide/C/web-servers.xml:1202(para)
3351
2967
msgid ""
3352
2968
"It is possible to run the system-wide instance and the private instances in "
3353
2969
"parallel, as long as they do not use the same TCP ports."
3354
2970
msgstr ""
3355
2971
3356
#: serverguide/C/web-servers.xml:1187(title)
2972
#: serverguide/C/web-servers.xml:1206(title)
3357
2973
msgid "Installing private instance support"
3358
2974
msgstr ""
3359
2975
3360
#: serverguide/C/web-servers.xml:1188(para)
2976
#: serverguide/C/web-servers.xml:1207(para)
3361
2977
msgid ""
3362
2978
"You can install everything necessary to run private instances by entering "
3363
2979
"the following command in the terminal prompt:"
3364
2980
msgstr ""
3365
2981
3366
#: serverguide/C/web-servers.xml:1191(command)
2982
#: serverguide/C/web-servers.xml:1210(command)
3367
2983
msgid "sudo apt-get install tomcat6-user"
3368
2984
msgstr ""
3369
2985
3370
#: serverguide/C/web-servers.xml:1195(title)
2986
#: serverguide/C/web-servers.xml:1214(title)
3371
2987
msgid "Creating a private instance"
3372
2988
msgstr ""
3373
2989
3374
#: serverguide/C/web-servers.xml:1196(para)
2990
#: serverguide/C/web-servers.xml:1215(para)
3375
2991
msgid ""
3376
2992
"You can create a private instance directory by entering the following "
3377
2993
"command in the terminal prompt:"
3378
2994
msgstr ""
3379
2995
3380
#: serverguide/C/web-servers.xml:1199(command)
2996
#: serverguide/C/web-servers.xml:1218(command)
3381
2997
msgid "tomcat6-instance-create my-instance"
3382
2998
msgstr ""
3383
2999
3384
#: serverguide/C/web-servers.xml:1201(para)
3000
#: serverguide/C/web-servers.xml:1220(para)
3385
3001
msgid ""
3386
3002
"This will create a new <filename>my-instance</filename> directory with all "
3387
3003
"the necessary subdirectories and scripts. You can for example install your "
3390
3006
"are deployed by default."
3391
3007
msgstr ""
3392
3008
3393
#: serverguide/C/web-servers.xml:1209(title)
3009
#: serverguide/C/web-servers.xml:1228(title)
3394
3010
msgid "Configuring your private instance"
3395
3011
msgstr ""
3396
3012
3397
#: serverguide/C/web-servers.xml:1210(para)
3013
#: serverguide/C/web-servers.xml:1229(para)
3398
3014
msgid ""
3399
3015
"You will find the classic Tomcat configuration files for your private "
3400
3016
"instance in the <filename>conf/</filename> subdirectory. You should for "
3403
3019
"conflict with other instances that might be running."
3404
3020
msgstr ""
3405
3021
3406
#: serverguide/C/web-servers.xml:1218(title)
3022
#: serverguide/C/web-servers.xml:1237(title)
3407
3023
msgid "Starting/stopping your private instance"
3408
3024
msgstr ""
3409
3025
3410
#: serverguide/C/web-servers.xml:1219(para)
3026
#: serverguide/C/web-servers.xml:1238(para)
3411
3027
msgid ""
3412
3028
"You can start your private instance by entering the following command in the "
3413
3029
"terminal prompt (supposing your instance is located in the <filename>my-"
3414
3030
"instance</filename> directory):"
3415
3031
msgstr ""
3416
3032
3417
#: serverguide/C/web-servers.xml:1223(command)
3033
#: serverguide/C/web-servers.xml:1242(command)
3418
3034
msgid "my-instance/bin/startup.sh"
3419
3035
msgstr ""
3420
3036
3421
#: serverguide/C/web-servers.xml:1225(para)
3037
#: serverguide/C/web-servers.xml:1244(para)
3422
3038
msgid ""
3423
3039
"You should check the <filename>logs/</filename> subdirectory for any error. "
3424
3040
"If you have a <emphasis>java.net.BindException: Address already in "
3426
3042
"is already taken and that you should change it."
3427
3043
msgstr ""
3428
3044
3429
#: serverguide/C/web-servers.xml:1230(para)
3045
#: serverguide/C/web-servers.xml:1249(para)
3430
3046
msgid ""
3431
3047
"You can stop your instance by entering the following command in the terminal "
3432
3048
"prompt (supposing your instance is located in the <filename>my-"
3433
3049
"instance</filename> directory):"
3434
3050
msgstr ""
3435
3051
3436
#: serverguide/C/web-servers.xml:1234(command)
3052
#: serverguide/C/web-servers.xml:1253(command)
3437
3053
msgid "my-instance/bin/shutdown.sh"
3438
3054
msgstr ""
3439
3055
3440
#: serverguide/C/web-servers.xml:1243(para)
3056
#: serverguide/C/web-servers.xml:1262(para)
3441
3057
msgid ""
3442
3058
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3443
3059
"website for more information."
3444
3060
msgstr ""
3445
3061
3446
#: serverguide/C/web-servers.xml:1248(para)
3062
#: serverguide/C/web-servers.xml:1267(para)
3447
3063
msgid ""
3448
3064
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3449
3065
"Definitive Guide</ulink> is a good resource for building web applications "
3450
3066
"with Tomcat."
3451
3067
msgstr ""
3452
3068
3453
#: serverguide/C/web-servers.xml:1254(para)
3069
#: serverguide/C/web-servers.xml:1273(para)
3454
3070
msgid ""
3455
3071
"For additional books see the <ulink "
3456
3072
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3457
3073
"page."
3458
3074
msgstr ""
3459
3075
3460
#: serverguide/C/web-servers.xml:1259(para)
3076
#: serverguide/C/web-servers.xml:1278(para)
3461
3077
msgid ""
3462
3078
"Also, see the<ulink "
3463
3079
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3470
3086
3471
3087
#: serverguide/C/vpn.xml:15(para)
3472
3088
msgid ""
3473
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3474
"network connection between two or more networks. There are several ways to "
3475
"create a VPN using software as well as dedicated hardware appliances. This "
3476
"chapter will cover installing and configuring "
3477
"<application>OpenVPN</application> to create a VPN between two servers."
3089
"OpenVPN is a Virtual Private Networking (VPN) solution provided in the "
3090
"Ubuntu Repositories. It is flexible, reliable and secure. It belongs to the "
3091
"family of SSL/TLS VPN stacks (different from IPSec VPNs). This chapter will "
3092
"cover installing and configuring <application>OpenVPN</application> to "
3093
"create a VPN."
3478
3094
msgstr ""
3479
3095
3480
#: serverguide/C/vpn.xml:23(title)
3096
#: serverguide/C/vpn.xml:21(title)
3481
3097
msgid "OpenVPN"
3482
3098
msgstr ""
3483
3099
3484
#: serverguide/C/vpn.xml:25(para)
3100
#: serverguide/C/vpn.xml:23(para)
3485
3101
msgid ""
3486
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3487
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3488
"clients through a bridge interface on the VPN server. This guide will assume "
3489
"that one VPN node, the server in this case, has a bridge interface "
3490
"configured. For more information on setting up a bridge see <xref "
3491
"linkend=\"bridging\"/>."
3492
msgstr ""
3493
3494
#: serverguide/C/vpn.xml:35(para)
3102
"If you want more than just pre-shared keys "
3103
"<application>OpenVPN</application> makes it easy to setup and use a Public "
3104
"Key Infrastructure (PKI) to use SSL/TLS certificates for authentication and "
3105
"key exchange between the VPN server and clients. "
3106
"<application>OpenVPN</application> can be used in a routed or bridged VPN "
3107
"mode and can be configured to use either UDP or TCP. The port number can be "
3108
"configured as well, but port 1194 is the official one. And it is only using "
3109
"that single port for all communication. VPN client implementations are "
3110
"available for almost anything including all Linux distributions, OS X, "
3111
"Windows and OpenWRT based WLAN routers."
3112
msgstr ""
3113
3114
#: serverguide/C/vpn.xml:31(title)
3115
msgid "Server Installation"
3116
msgstr ""
3117
3118
#: serverguide/C/vpn.xml:33(para)
3495
3119
msgid "To install <application>openvpn</application> in a terminal enter:"
3496
3120
msgstr ""
3497
3121
3498
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3122
#: serverguide/C/vpn.xml:37(command) serverguide/C/vpn.xml:233(command) serverguide/C/vpn.xml:591(command)
3499
3123
msgid "sudo apt-get install openvpn"
3500
3124
msgstr ""
3501
3125
3502
#: serverguide/C/vpn.xml:45(title)
3503
msgid "Server Certificates"
3504
msgstr ""
3505
3506
#: serverguide/C/vpn.xml:47(para)
3507
msgid ""
3508
"Now that the <application>openvpn</application> package is installed, the "
3509
"certificates for the VPN server need to be created."
3126
#: serverguide/C/vpn.xml:42(title)
3127
msgid "Public Key Infrastructure Setup"
3128
msgstr ""
3129
3130
#: serverguide/C/vpn.xml:44(para)
3131
msgid ""
3132
"The first step in building an OpenVPN configuration is to establish a PKI "
3133
"(public key infrastructure). The PKI consists of:"
3134
msgstr ""
3135
3136
#: serverguide/C/vpn.xml:49(para)
3137
msgid ""
3138
"a separate certificate (also known as a public key) and private key for the "
3139
"server and each client, and"
3510
3140
msgstr ""
3511
3141
3512
3142
#: serverguide/C/vpn.xml:52(para)
3513
3143
msgid ""
3514
"First, copy the <filename>easy-rsa</filename> directory to "
3144
"a master Certificate Authority (CA) certificate and key which is used to "
3145
"sign each of the server and client certificates."
3146
msgstr ""
3147
3148
#: serverguide/C/vpn.xml:57(para)
3149
msgid ""
3150
"OpenVPN supports bidirectional authentication based on certificates, meaning "
3151
"that the client must authenticate the server certificate and the server must "
3152
"authenticate the client certificate before mutual trust is established."
3153
msgstr ""
3154
3155
#: serverguide/C/vpn.xml:61(para)
3156
msgid ""
3157
"Both server and client will authenticate the other by first verifying that "
3158
"the presented certificate was signed by the master certificate authority "
3159
"(CA), and then by testing information in the now-authenticated certificate "
3160
"header, such as the certificate common name or certificate type (client or "
3161
"server)."
3162
msgstr ""
3163
3164
#: serverguide/C/vpn.xml:66(title)
3165
msgid "Certificate Authority Setup"
3166
msgstr ""
3167
3168
#: serverguide/C/vpn.xml:68(para)
3169
msgid ""
3170
"To setup your own Certificate Authority (CA) and generating certificates and "
3171
"keys for an OpenVPN server and multiple clients first copy the "
3172
"<filename>easy-rsa</filename> directory to "
3515
3173
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3516
"scripts will not be lost when the package is updated. You will also need to "
3517
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3518
"the current user permission to create files. From a terminal enter:"
3519
msgstr ""
3520
3521
#: serverguide/C/vpn.xml:59(command)
3522
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3523
msgstr ""
3524
3525
#: serverguide/C/vpn.xml:60(command)
3174
"scripts will not be lost when the package is updated. From a terminal change "
3175
"to user root and:"
3176
msgstr ""
3177
3178
#: serverguide/C/vpn.xml:76(command)
3179
msgid "mkdir /etc/openvpn/easy-rsa/"
3180
msgstr ""
3181
3182
#: serverguide/C/vpn.xml:77(command)
3526
3183
msgid ""
3527
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3528
"rsa/"
3529
msgstr ""
3530
3531
#: serverguide/C/vpn.xml:61(command)
3532
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3533
msgstr ""
3534
3535
#: serverguide/C/vpn.xml:64(para)
3184
"cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/"
3185
msgstr ""
3186
3187
#: serverguide/C/vpn.xml:80(para)
3536
3188
msgid ""
3537
3189
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3538
3190
"following to your environment:"
3539
3191
msgstr ""
3540
3192
3541
#: serverguide/C/vpn.xml:68(programlisting)
3193
#: serverguide/C/vpn.xml:84(programlisting)
3542
3194
#, no-wrap
3543
3195
msgid ""
3544
3196
"\n"
3549
3201
"export KEY_EMAIL=\"steve@example.com\"\n"
3550
3202
msgstr ""
3551
3203
3552
#: serverguide/C/vpn.xml:76(para)
3553
msgid "Enter the following to create the server certificates:"
3204
#: serverguide/C/vpn.xml:92(para)
3205
msgid ""
3206
"Enter the following to generate the master Certificate Authority (CA) "
3207
"certificate and key:"
3554
3208
msgstr ""
3555
3209
3556
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3210
#: serverguide/C/vpn.xml:97(command) serverguide/C/vpn.xml:145(command)
3557
3211
msgid "cd /etc/openvpn/easy-rsa/"
3558
3212
msgstr ""
3559
3213
3560
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3214
#: serverguide/C/vpn.xml:98(command) serverguide/C/vpn.xml:146(command)
3561
3215
msgid "source vars"
3562
3216
msgstr ""
3563
3217
3564
#: serverguide/C/vpn.xml:83(command)
3218
#: serverguide/C/vpn.xml:99(command)
3565
3219
msgid "./clean-all"
3566
3220
msgstr ""
3567
3221
3568
#: serverguide/C/vpn.xml:84(command)
3222
#: serverguide/C/vpn.xml:100(command)
3223
msgid "./build-ca"
3224
msgstr ""
3225
3226
#: serverguide/C/vpn.xml:105(title)
3227
msgid "Server Certificates"
3228
msgstr ""
3229
3230
#: serverguide/C/vpn.xml:107(para)
3231
msgid "Next, we will generate a certificate and private key for the server:"
3232
msgstr ""
3233
3234
#: serverguide/C/vpn.xml:112(command)
3235
msgid "./build-key-server myservername"
3236
msgstr ""
3237
3238
#: serverguide/C/vpn.xml:115(para)
3239
msgid ""
3240
"As in the previous step, most parameters can be defaulted. Two other queries "
3241
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
3242
"certificate requests certified, commit? [y/n]\"."
3243
msgstr ""
3244
3245
#: serverguide/C/vpn.xml:119(para)
3246
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
3247
msgstr ""
3248
3249
#: serverguide/C/vpn.xml:124(command)
3569
3250
msgid "./build-dh"
3570
3251
msgstr ""
3571
3252
3572
#: serverguide/C/vpn.xml:85(command)
3573
msgid "./pkitool --initca"
3574
msgstr ""
3575
3576
#: serverguide/C/vpn.xml:86(command)
3577
msgid "./pkitool --server server"
3578
msgstr ""
3579
3580
#: serverguide/C/vpn.xml:87(command)
3581
msgid "cd keys"
3582
msgstr ""
3583
3584
#: serverguide/C/vpn.xml:88(command)
3585
msgid "openvpn --genkey --secret ta.key"
3586
msgstr ""
3587
3588
#: serverguide/C/vpn.xml:89(command)
3589
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3590
msgstr ""
3591
3592
#: serverguide/C/vpn.xml:94(title)
3253
#: serverguide/C/vpn.xml:127(para)
3254
msgid ""
3255
"All certificates and keys have been generated in the subdirectory keys/. "
3256
"Common practice is to copy them to /etc/openvpn/:"
3257
msgstr ""
3258
3259
#: serverguide/C/vpn.xml:131(command)
3260
msgid "cd keys/"
3261
msgstr ""
3262
3263
#: serverguide/C/vpn.xml:132(command)
3264
msgid "cp myservername.crt myservername.key ca.crt dh1024.pem /etc/openvpn/"
3265
msgstr ""
3266
3267
#: serverguide/C/vpn.xml:137(title)
3593
3268
msgid "Client Certificates"
3594
3269
msgstr ""
3595
3270
3596
#: serverguide/C/vpn.xml:96(para)
3271
#: serverguide/C/vpn.xml:139(para)
3597
3272
msgid ""
3598
3273
"The VPN client will also need a certificate to authenticate itself to the "
3599
"server. To create the certificate, enter the following in a terminal:"
3600
msgstr ""
3601
3602
#: serverguide/C/vpn.xml:104(command)
3603
msgid "./pkitool hostname"
3604
msgstr ""
3605
3606
#: serverguide/C/vpn.xml:108(para)
3607
msgid ""
3608
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3609
"machine connecting to the VPN."
3610
msgstr ""
3611
3612
#: serverguide/C/vpn.xml:113(para)
3613
msgid "Copy the following files to the client:"
3614
msgstr ""
3615
3616
#: serverguide/C/vpn.xml:118(para)
3274
"server. Usually you create a different certificate for each client. To "
3275
"create the certificate, enter the following in a terminal while being user "
3276
"root:"
3277
msgstr ""
3278
3279
#: serverguide/C/vpn.xml:147(command)
3280
msgid "./build-key client1"
3281
msgstr ""
3282
3283
#: serverguide/C/vpn.xml:150(para)
3284
msgid "Copy the following files to the client using a secure method:"
3285
msgstr ""
3286
3287
#: serverguide/C/vpn.xml:155(para)
3617
3288
msgid "/etc/openvpn/ca.crt"
3618
3289
msgstr ""
3619
3290
3620
#: serverguide/C/vpn.xml:119(para)
3621
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3622
msgstr ""
3623
3624
#: serverguide/C/vpn.xml:120(para)
3625
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3626
msgstr ""
3627
3628
#: serverguide/C/vpn.xml:121(para)
3629
msgid "/etc/openvpn/ta.key"
3630
msgstr ""
3631
3632
#: serverguide/C/vpn.xml:125(para)
3633
msgid ""
3634
"Remember to adjust the above file names for your client machine's "
3635
"<emphasis>hostname</emphasis>."
3636
msgstr ""
3637
3638
#: serverguide/C/vpn.xml:130(para)
3639
msgid ""
3640
"It is best to use a secure method to copy the certificate and key files. The "
3641
"<application>scp</application> utility is a good choice, but copying the "
3642
"files to removable media then to the client, also works well."
3643
msgstr ""
3644
3645
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3646
msgid "Server Configuration"
3647
msgstr ""
3648
3649
#: serverguide/C/vpn.xml:143(para)
3650
msgid ""
3651
"Now configure the <application>openvpn</application> server by creating "
3652
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3653
"terminal enter:"
3654
msgstr ""
3655
3656
#: serverguide/C/vpn.xml:149(command)
3291
#: serverguide/C/vpn.xml:156(para)
3292
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
3293
msgstr ""
3294
3295
#: serverguide/C/vpn.xml:157(para)
3296
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
3297
msgstr ""
3298
3299
#: serverguide/C/vpn.xml:160(para)
3300
msgid ""
3301
"As the client certificates and keys are only required on the client machine, "
3302
"you should remove them from the server."
3303
msgstr ""
3304
3305
#: serverguide/C/vpn.xml:168(title)
3306
msgid "Simple Server Configuration"
3307
msgstr ""
3308
3309
#: serverguide/C/vpn.xml:170(para)
3310
msgid ""
3311
"Along with your <application>OpenVPN</application> installation you got "
3312
"these sample config files (and many more if if you check):"
3313
msgstr ""
3314
3315
#: serverguide/C/vpn.xml:174(programlisting)
3316
#, no-wrap
3317
msgid ""
3318
"\n"
3319
"root@server:/# ls -l /usr/share/doc/openvpn/examples/sample-config-files/\n"
3320
"total 68\n"
3321
"-rw-r--r-- 1 root root 3427 2011-07-04 15:09 client.conf\n"
3322
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
3323
msgstr ""
3324
3325
#: serverguide/C/vpn.xml:181(para)
3326
msgid ""
3327
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
3328
msgstr ""
3329
3330
#: serverguide/C/vpn.xml:185(command)
3657
3331
msgid ""
3658
3332
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3659
3333
"/etc/openvpn/"
3660
3334
msgstr ""
3661
3335
3662
#: serverguide/C/vpn.xml:150(command)
3336
#: serverguide/C/vpn.xml:186(command)
3663
3337
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3664
3338
msgstr ""
3665
3339
3666
#: serverguide/C/vpn.xml:153(para)
3340
#: serverguide/C/vpn.xml:189(para)
3341
msgid ""
3342
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
3343
"following lines are pointing to the certificates and keys you created in the "
3344
"section above."
3345
msgstr ""
3346
3347
#: serverguide/C/vpn.xml:192(programlisting)
3348
#, no-wrap
3349
msgid ""
3350
"\n"
3351
"ca ca.crt\n"
3352
"cert myservername.crt\n"
3353
"key myservername.key \n"
3354
"dh dh1024.pem\n"
3355
msgstr ""
3356
3357
#: serverguide/C/vpn.xml:199(para)
3358
msgid ""
3359
"That is the minimum you have to configure to get a working OpenVPN server. "
3360
"You can use all the default settings in the sample server.conf file. Now "
3361
"start the server. You will find logging and error messages in your syslog."
3362
msgstr ""
3363
3364
#: serverguide/C/vpn.xml:204(programlisting)
3365
#, no-wrap
3366
msgid ""
3367
"\n"
3368
"root@server:/etc/openvpn# /etc/init.d/openvpn start\n"
3369
" * Starting virtual private network daemon(s)...\n"
3370
" * Autostarting VPN 'server' [ OK ]\n"
3371
msgstr ""
3372
3373
#: serverguide/C/vpn.xml:210(para)
3374
msgid "Now check if OpenVPN created a tun0 interface:"
3375
msgstr ""
3376
3377
#: serverguide/C/vpn.xml:214(programlisting)
3378
#, no-wrap
3379
msgid ""
3380
"\n"
3381
"root@server:/etc/openvpn# ifconfig tun0\n"
3382
"tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-"
3383
"00-00-00 \n"
3384
" inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255\n"
3385
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
3386
"[...]\n"
3387
msgstr ""
3388
3389
#: serverguide/C/vpn.xml:224(title)
3390
msgid "Simple Client Configuration"
3391
msgstr ""
3392
3393
#: serverguide/C/vpn.xml:226(para)
3394
msgid ""
3395
"There are various different <application>OpenVPN</application> client "
3396
"implementations with and without GUIs. You can read more about clients in a "
3397
"later section. For now we use the <application>OpenVPN</application> client "
3398
"for Ubuntu which is the same executable as the server. So you have to "
3399
"install the openvpn package again on the client machine:"
3400
msgstr ""
3401
3402
#: serverguide/C/vpn.xml:236(para)
3403
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
3404
msgstr ""
3405
3406
#: serverguide/C/vpn.xml:240(command)
3407
msgid ""
3408
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3409
"/etc/openvpn/"
3410
msgstr ""
3411
3412
#: serverguide/C/vpn.xml:243(para)
3413
msgid ""
3414
"Copy the client keys and the certificate of the CA you created in the "
3415
"section above to e.g. /etc/openvpn/ and edit "
3416
"<filename>/etc/openvpn/client.conf</filename> to make sure the following "
3417
"lines are pointing to those files. If you have the files in /etc/openvpn/ "
3418
"you can omit the path."
3419
msgstr ""
3420
3421
#: serverguide/C/vpn.xml:246(programlisting)
3422
#, no-wrap
3423
msgid ""
3424
"\n"
3425
"ca ca.crt\n"
3426
"cert client1.crt\n"
3427
"key client1.key\n"
3428
msgstr ""
3429
3430
#: serverguide/C/vpn.xml:252(para)
3431
msgid ""
3432
"And you have to at least specify the OpenVPN server name or address. Make "
3433
"sure the keyword client is in the config. That's what enables client mode."
3434
msgstr ""
3435
3436
#: serverguide/C/vpn.xml:258(programlisting)
3437
#, no-wrap
3438
msgid ""
3439
"\n"
3440
"client\n"
3441
"remote vpnserver.example.com 1194\n"
3442
msgstr ""
3443
3444
#: serverguide/C/vpn.xml:263(para)
3445
msgid "Now start the OpenVPN client:"
3446
msgstr ""
3447
3448
#: serverguide/C/vpn.xml:267(programlisting)
3449
#, no-wrap
3450
msgid ""
3451
"\n"
3452
"root@client:/etc/openvpn# /etc/init.d/openvpn start\n"
3453
" * Starting virtual private network daemon(s)... \n"
3454
" * Autostarting VPN 'client' [ OK ] \n"
3455
msgstr ""
3456
3457
#: serverguide/C/vpn.xml:273(para)
3458
msgid "Check if it created a tun0 interface:"
3459
msgstr ""
3460
3461
#: serverguide/C/vpn.xml:277(programlisting)
3462
#, no-wrap
3463
msgid ""
3464
"\n"
3465
"root@client:/etc/openvpn# ifconfig tun0\n"
3466
"tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-"
3467
"00-00-00 \n"
3468
" inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255\n"
3469
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
3470
msgstr ""
3471
3472
#: serverguide/C/vpn.xml:284(para)
3473
msgid "Check if you can ping the OpenVPN server:"
3474
msgstr ""
3475
3476
#: serverguide/C/vpn.xml:287(programlisting)
3477
#, no-wrap
3478
msgid ""
3479
"\n"
3480
"root@client:/etc/openvpn# ping 10.8.0.1\n"
3481
"PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.\n"
3482
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
3483
msgstr ""
3484
3485
#: serverguide/C/vpn.xml:294(para)
3486
msgid ""
3487
"The OpenVPN server always uses the first usable IP address in the client "
3488
"network and only that IP is pingable. E.g. if you configured a /24 for the "
3489
"client network mask, the .1 address will be used. The P-t-P address you see "
3490
"in the ifconfig output above is usually not answering ping requests."
3491
msgstr ""
3492
3493
#: serverguide/C/vpn.xml:299(para)
3494
msgid "Check out your routes:"
3495
msgstr ""
3496
3497
#: serverguide/C/vpn.xml:302(programlisting)
3498
#, no-wrap
3499
msgid ""
3500
"\n"
3501
"root@client:/etc/openvpn# netstat -rn\n"
3502
"Kernel IP routing table\n"
3503
"Destination Gateway Genmask Flags MSS Window irtt "
3504
"Iface\n"
3505
"10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 "
3506
"tun0\n"
3507
"10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 "
3508
"tun0\n"
3509
"192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 "
3510
"eth0\n"
3511
"0.0.0.0 192.168.42.1 0.0.0.0 UG 0 0 0 "
3512
"eth0\n"
3513
msgstr ""
3514
3515
#: serverguide/C/vpn.xml:314(title)
3516
msgid "First trouble shooting"
3517
msgstr ""
3518
3519
#: serverguide/C/vpn.xml:316(para)
3520
msgid "If the above didn't work for you, check this:"
3521
msgstr ""
3522
3523
#: serverguide/C/vpn.xml:321(para)
3524
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
3525
msgstr ""
3526
3527
#: serverguide/C/vpn.xml:324(para)
3528
msgid ""
3529
"Can the client connect to the server machine? Maybe a firewall is blocking "
3530
"access? Check syslog on server."
3531
msgstr ""
3532
3533
#: serverguide/C/vpn.xml:327(para)
3534
msgid ""
3535
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
3536
"port and proto config option"
3537
msgstr ""
3538
3539
#: serverguide/C/vpn.xml:330(para)
3540
msgid ""
3541
"Client and server must use same config regarding compression, see comp-lzo "
3542
"config option"
3543
msgstr ""
3544
3545
#: serverguide/C/vpn.xml:333(para)
3546
msgid ""
3547
"Client and server must use same config regarding bridged vs routed mode, see "
3548
"server vs server-bridge config option"
3549
msgstr ""
3550
3551
#: serverguide/C/vpn.xml:341(title)
3552
msgid "Advanved configuration"
3553
msgstr ""
3554
3555
#: serverguide/C/vpn.xml:344(title)
3556
msgid "Advanced routed VPN configuration on server"
3557
msgstr ""
3558
3559
#: serverguide/C/vpn.xml:346(para)
3560
msgid ""
3561
"The above is a very simple working VPN. The client can access services on "
3562
"the VPN server machine through an encrypted tunnel. If you want to reach "
3563
"more servers or anything in other networks, push some routes to the clients. "
3564
"E.g. if your company's network can be summarized to the network "
3565
"192.168.0.0/16, you could push this route to the clients. But you will also "
3566
"have to change the routing for the way back - your servers need to know a "
3567
"route to the VPN client-network."
3568
msgstr ""
3569
3570
#: serverguide/C/vpn.xml:350(para)
3571
msgid ""
3572
"Or you might push a default gateway to all the clients to send all their "
3573
"internet traffic to the VPN gateway first and from there via the company "
3574
"firewall into the internet. This section shows you some possible options."
3575
msgstr ""
3576
3577
#: serverguide/C/vpn.xml:354(para)
3578
msgid ""
3579
"Push routes to the client to allow it to reach other private subnets behind "
3580
"the server. Remember that these private subnets will also need to know to "
3581
"route the OpenVPN client address pool (10.8.0.0/24) back to the OpenVPN "
3582
"server."
3583
msgstr ""
3584
3585
#: serverguide/C/vpn.xml:363(programlisting)
3586
#, no-wrap
3587
msgid ""
3588
"\n"
3589
"push \"route 10.0.0.0 255.0.0.0\"\n"
3590
msgstr ""
3591
3592
#: serverguide/C/vpn.xml:367(para)
3593
msgid ""
3594
"If enabled, this directive will configure all clients to redirect their "
3595
"default network gateway through the VPN, causing all IP traffic such as web "
3596
"browsing and and DNS lookups to go through the VPN (the OpenVPN server "
3597
"machine or your central firewall may need to NAT the TUN/TAP interface to "
3598
"the internet in order for this to work properly)."
3599
msgstr ""
3600
3601
#: serverguide/C/vpn.xml:376(programlisting)
3602
#, no-wrap
3603
msgid ""
3604
"\n"
3605
"push \"redirect-gateway def1 bypass-dhcp\"\n"
3606
msgstr ""
3607
3608
#: serverguide/C/vpn.xml:380(para)
3609
msgid ""
3610
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
3611
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
3612
"made available to clients. Each client will be able to reach the server on "
3613
"10.8.0.1. Comment this line out if you are ethernet bridging."
3614
msgstr ""
3615
3616
#: serverguide/C/vpn.xml:389(programlisting)
3617
#, no-wrap
3618
msgid ""
3619
"\n"
3620
"server 10.8.0.0 255.255.255.0\n"
3621
msgstr ""
3622
3623
#: serverguide/C/vpn.xml:393(para)
3624
msgid ""
3625
"Maintain a record of client to virtual IP address associations in this file. "
3626
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
3627
"the same virtual IP address from the pool that was previously assigned."
3628
msgstr ""
3629
3630
#: serverguide/C/vpn.xml:400(programlisting)
3631
#, no-wrap
3632
msgid ""
3633
"\n"
3634
"ifconfig-pool-persist ipp.txt\n"
3635
msgstr ""
3636
3637
#: serverguide/C/vpn.xml:404(para)
3638
msgid "Push DNS servers to the client."
3639
msgstr ""
3640
3641
#: serverguide/C/vpn.xml:407(programlisting)
3642
#, no-wrap
3643
msgid ""
3644
"\n"
3645
"push \"dhcp-option DNS 10.0.0.2\"\n"
3646
"push \"dhcp-option DNS 10.1.0.2\"\n"
3647
msgstr ""
3648
3649
#: serverguide/C/vpn.xml:412(para)
3650
msgid "Allow client to client communication."
3651
msgstr ""
3652
3653
#: serverguide/C/vpn.xml:415(programlisting)
3654
#, no-wrap
3655
msgid ""
3656
"\n"
3657
"client-to-client\n"
3658
msgstr ""
3659
3660
#: serverguide/C/vpn.xml:419(para)
3661
msgid "Enable compression on the VPN link."
3662
msgstr ""
3663
3664
#: serverguide/C/vpn.xml:422(programlisting)
3665
#, no-wrap
3666
msgid ""
3667
"\n"
3668
"comp-lzo\n"
3669
msgstr ""
3670
3671
#: serverguide/C/vpn.xml:426(para)
3672
msgid ""
3673
"The keepalive directive causes ping-like messages to be sent back and forth "
3674
"over the link so that each side knows when the other side has gone down. "
3675
"Ping every 1 second, assume that remote peer is down if no ping received "
3676
"during a 3 second time period."
3677
msgstr ""
3678
3679
#: serverguide/C/vpn.xml:435(programlisting)
3680
#, no-wrap
3681
msgid ""
3682
"\n"
3683
"keepalive 1 3\n"
3684
msgstr ""
3685
3686
#: serverguide/C/vpn.xml:439(para)
3687
msgid ""
3688
"It's a good idea to reduce the OpenVPN daemon's privileges after "
3689
"initialization."
3690
msgstr ""
3691
3692
#: serverguide/C/vpn.xml:442(programlisting)
3693
#, no-wrap
3694
msgid ""
3695
"\n"
3696
"user nobody\n"
3697
"group nogroup\n"
3698
msgstr ""
3699
3700
#: serverguide/C/vpn.xml:447(para)
3701
msgid ""
3702
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
3703
"obtain a username and password from a connecting client, and to use that "
3704
"information as a basis for authenticating the client. To use this "
3705
"authentication method, first add the auth-user-pass directive to the client "
3706
"configuration. It will direct the OpenVPN client to query the user for a "
3707
"username/password, passing it on to the server over the secure TLS channel."
3708
msgstr ""
3709
3710
#: serverguide/C/vpn.xml:451(programlisting)
3711
#, no-wrap
3712
msgid ""
3713
"\n"
3714
"# client config!\n"
3715
"auth-user-pass\n"
3716
msgstr ""
3717
3718
#: serverguide/C/vpn.xml:456(para)
3719
msgid ""
3720
"This will tell the OpenVPN server to validate the username/password entered "
3721
"by clients using the login PAM module. Useful if you have centralized "
3722
"authentication with e.g. Kerberos."
3723
msgstr ""
3724
3725
#: serverguide/C/vpn.xml:461(programlisting)
3726
#, no-wrap
3727
msgid ""
3728
"\n"
3729
"plugin /usr/lib/openvpn/openvpn-auth-pam.so login\n"
3730
msgstr ""
3731
3732
#: serverguide/C/vpn.xml:465(para)
3733
msgid ""
3734
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
3735
"source/documentation/howto.html#security\">hardening security guide</ulink> "
3736
"for further security advice."
3737
msgstr ""
3738
3739
#: serverguide/C/vpn.xml:471(title)
3740
msgid "Advanced bridged VPN configuration on server"
3741
msgstr ""
3742
3743
#: serverguide/C/vpn.xml:473(para)
3744
msgid ""
3745
"<application>OpenVPN</application> can be setup for either a routed or a "
3746
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
3747
"layer-3 VPN. In a bridged VPN all layer-2 frames - e.g. all ethernet frames -"
3748
" are sent to the VPN partners and in a routed VPN only layer-3 packets are "
3749
"sent to VPN partners. In bridged mode all traffic including traffic which "
3750
"was traditionally LAN-local like local network broadcasts, DHCP requests, "
3751
"ARP requests etc. are sent to VPN partners whereas in routed mode this would "
3752
"be filtered."
3753
msgstr ""
3754
3755
#: serverguide/C/vpn.xml:479(title)
3756
msgid "Prepare interface config for bridging on server"
3757
msgstr ""
3758
3759
#: serverguide/C/vpn.xml:481(para)
3760
msgid "Make sure you have the bridge-utils package installed:"
3761
msgstr ""
3762
3763
#: serverguide/C/vpn.xml:485(command) serverguide/C/virtualization.xml:2179(command) serverguide/C/network-config.xml:540(command)
3764
msgid "sudo apt-get install bridge-utils"
3765
msgstr ""
3766
3767
#: serverguide/C/vpn.xml:488(para)
3768
msgid ""
3769
"Before you setup OpenVPN in bridged mode you need to change your interface "
3770
"configuration. Let's assume your server has an interface eth0 connected to "
3771
"the internet and an interface eth1 connected to the LAN you want to bridge. "
3772
"Your /etc/network/interfaces would like this:"
3773
msgstr ""
3774
3775
#: serverguide/C/vpn.xml:492(programlisting)
3776
#, no-wrap
3777
msgid ""
3778
"\n"
3779
"auto eth0\n"
3780
"iface eth0 inet static\n"
3781
" address 1.2.3.4\n"
3782
" netmask 255.255.255.248\n"
3783
" default 1.2.3.1\n"
3784
"\n"
3785
"auto eth1\n"
3786
"iface eth1 inet static\n"
3787
" address 10.0.0.4\n"
3788
" netmask 255.255.255.0\n"
3789
msgstr ""
3790
3791
#: serverguide/C/vpn.xml:505(para)
3792
msgid ""
3793
"This straight forward interface config needs to be changed into a bridged "
3794
"mode like where the config of interface eth1 moves to the new br0 interface. "
3795
"Plus we configure that br0 should bridge interface eth1. We also need to "
3796
"make sure that interface eth1 is always in promiscuous mode - this tells the "
3797
"interface to forward all ethernet frames to the IP stack."
3798
msgstr ""
3799
3800
#: serverguide/C/vpn.xml:509(programlisting)
3801
#, no-wrap
3802
msgid ""
3803
"\n"
3804
"auto eth0\n"
3805
"iface eth0 inet static\n"
3806
" address 1.2.3.4\n"
3807
" netmask 255.255.255.248\n"
3808
" default 1.2.3.1\n"
3809
"\n"
3810
"auto eth1\n"
3811
"iface eth1 inet manual\n"
3812
" up ip link set $IFACE up promisc on\n"
3813
"\n"
3814
"auto br0\n"
3815
"iface br0 inet static\n"
3816
" address 10.0.0.4\n"
3817
" netmask 255.255.255.0\n"
3818
" bridge_ports eth1\n"
3819
msgstr ""
3820
3821
#: serverguide/C/vpn.xml:527(para)
3822
msgid ""
3823
"At this point you need to restart networking. Be prepared that this might "
3824
"not work as expected and that you will lose remote connectivity. Make sure "
3825
"you can solve problems having local access."
3826
msgstr ""
3827
3828
#: serverguide/C/vpn.xml:531(command)
3829
msgid "sudo /etc/init.d/network restart"
3830
msgstr ""
3831
3832
#: serverguide/C/vpn.xml:536(title)
3833
msgid "Prepare server config for bridging"
3834
msgstr ""
3835
3836
#: serverguide/C/vpn.xml:538(para)
3667
3837
msgid ""
3668
3838
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3669
3839
"options to:"
3670
3840
msgstr ""
3671
3841
3672
#: serverguide/C/vpn.xml:157(programlisting)
3842
#: serverguide/C/vpn.xml:542(programlisting)
3673
3843
#, no-wrap
3674
3844
msgid ""
3675
3845
"\n"
3676
"local 172.18.100.101\n"
3677
"dev tap0\n"
3678
"up \"/etc/openvpn/up.sh br0\"\n"
3679
"down \"/etc/openvpn/down.sh br0\"\n"
3846
";dev tun\n"
3847
"dev tap\n"
3848
"up \"/etc/openvpn/up.sh br0 eth1\"\n"
3680
3849
";server 10.8.0.0 255.255.255.0\n"
3681
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3682
"push \"route 172.18.100.1 255.255.255.0\"\n"
3683
"push \"dhcp-option DNS 172.18.100.20\"\n"
3684
"push \"dhcp-option DOMAIN example.com\"\n"
3685
"tls-auth ta.key 0 # This file is secret\n"
3686
"user nobody\n"
3687
"group nogroup\n"
3688
msgstr ""
3689
3690
#: serverguide/C/vpn.xml:174(para)
3691
msgid ""
3692
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3693
msgstr ""
3694
3695
#: serverguide/C/vpn.xml:179(para)
3696
msgid ""
3697
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3698
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3699
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3700
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3701
"to clients."
3702
msgstr ""
3703
3704
#: serverguide/C/vpn.xml:186(para)
3705
msgid ""
3706
"<emphasis>push</emphasis>: are directives to add networking options for "
3707
"clients."
3708
msgstr ""
3709
3710
#: serverguide/C/vpn.xml:191(para)
3711
msgid ""
3712
"<emphasis>user and group</emphasis>: configure which user and group the "
3713
"<application>openvpn</application> daemon executes as."
3714
msgstr ""
3715
3716
#: serverguide/C/vpn.xml:198(para)
3717
msgid ""
3718
"Replace all IP addresses and domain names above with those of your network."
3719
msgstr ""
3720
3721
#: serverguide/C/vpn.xml:203(para)
3722
msgid ""
3723
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3724
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3725
msgstr ""
3726
3727
#: serverguide/C/vpn.xml:207(programlisting)
3728
#, no-wrap
3729
msgid ""
3730
"\n"
3731
"#!/bin/sh\n"
3732
"\n"
3733
"BR=$1\n"
3734
"DEV=$2\n"
3735
"MTU=$3\n"
3736
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3737
"/usr/sbin/brctl addif $BR $DEV\n"
3738
msgstr ""
3739
3740
#: serverguide/C/vpn.xml:217(para)
3741
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3742
msgstr ""
3743
3744
#: serverguide/C/vpn.xml:221(programlisting)
3745
#, no-wrap
3746
msgid ""
3747
"\n"
3748
"#!/bin/sh\n"
3749
"\n"
3750
"BR=$1\n"
3751
"DEV=$2\n"
3752
"\n"
3753
"/usr/sbin/brctl delif $BR $DEV\n"
3754
"/sbin/ifconfig $DEV down\n"
3755
msgstr ""
3756
3757
#: serverguide/C/vpn.xml:231(para)
3758
msgid "Then make them executable:"
3759
msgstr ""
3760
3761
#: serverguide/C/vpn.xml:236(command)
3762
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3763
msgstr ""
3764
3765
#: serverguide/C/vpn.xml:237(command)
3850
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
3851
msgstr ""
3852
3853
#: serverguide/C/vpn.xml:550(para)
3854
msgid ""
3855
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
3856
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
3857
"<filename>/etc/openvpn/up.sh</filename>:"
3858
msgstr ""
3859
3860
#: serverguide/C/vpn.xml:554(programlisting)
3861
#, no-wrap
3862
msgid ""
3863
"\n"
3864
"#!/bin/sh\n"
3865
"\n"
3866
"BR=$1\n"
3867
"ETHDEV=$2\n"
3868
"TAPDEV=$3\n"
3869
"\n"
3870
"/sbin/ip link set \"$TAPDEV\" up\n"
3871
"/sbin/ip link set \"$ETHDEV\" promisc on\n"
3872
"/sbin/brctl addif $BR $TAPDEV\n"
3873
msgstr ""
3874
3875
#: serverguide/C/vpn.xml:566(para)
3876
msgid "Then make it executable:"
3877
msgstr ""
3878
3879
#: serverguide/C/vpn.xml:571(command)
3766
3880
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3767
3881
msgstr ""
3768
3882
3769
#: serverguide/C/vpn.xml:240(para)
3883
#: serverguide/C/vpn.xml:574(para)
3770
3884
msgid ""
3771
3885
"After configuring the server, restart <application>openvpn</application> by "
3772
3886
"entering:"
3773
3887
msgstr ""
3774
3888
3775
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3889
#: serverguide/C/vpn.xml:579(command) serverguide/C/vpn.xml:617(command)
3776
3890
msgid "sudo /etc/init.d/openvpn restart"
3777
3891
msgstr ""
3778
3892
3779
#: serverguide/C/vpn.xml:250(title)
3893
#: serverguide/C/vpn.xml:584(title)
3780
3894
msgid "Client Configuration"
3781
3895
msgstr ""
3782
3896
3783
#: serverguide/C/vpn.xml:252(para)
3897
#: serverguide/C/vpn.xml:586(para)
3784
3898
msgid "First, install <application>openvpn</application> on the client:"
3785
3899
msgstr ""
3786
3900
3787
#: serverguide/C/vpn.xml:260(para)
3901
#: serverguide/C/vpn.xml:594(para)
3788
3902
msgid ""
3789
3903
"Then with the server configured and the client certificates copied to the "
3790
3904
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3791
3905
"file by copying the example. In a terminal on the client machine enter:"
3792
3906
msgstr ""
3793
3907
3794
#: serverguide/C/vpn.xml:266(command)
3908
#: serverguide/C/vpn.xml:600(command)
3795
3909
msgid ""
3796
3910
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3797
3911
"/etc/openvpn"
3798
3912
msgstr ""
3799
3913
3800
#: serverguide/C/vpn.xml:269(para)
3914
#: serverguide/C/vpn.xml:603(para)
3801
3915
msgid ""
3802
3916
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3803
3917
"following options:"
3804
3918
msgstr ""
3805
3919
3806
#: serverguide/C/vpn.xml:273(programlisting)
3920
#: serverguide/C/vpn.xml:607(programlisting)
3807
3921
#, no-wrap
3808
3922
msgid ""
3809
3923
"\n"
3810
3924
"dev tap\n"
3811
"remote vpn.example.com 1194\n"
3812
"cert hostname.crt\n"
3813
"key hostname.key\n"
3814
"tls-auth ta.key 1\n"
3815
msgstr ""
3816
3817
#: serverguide/C/vpn.xml:282(para)
3818
msgid ""
3819
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3820
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3821
"key filenames."
3822
msgstr ""
3823
3824
#: serverguide/C/vpn.xml:288(para)
3925
";dev tun\n"
3926
msgstr ""
3927
3928
#: serverguide/C/vpn.xml:612(para)
3825
3929
msgid "Finally, restart <application>openvpn</application>:"
3826
3930
msgstr ""
3827
3931
3828
#: serverguide/C/vpn.xml:296(para)
3932
#: serverguide/C/vpn.xml:620(para)
3829
3933
msgid "You should now be able to connect to the remote LAN through the VPN."
3830
3934
msgstr ""
3831
3935
3832
#: serverguide/C/vpn.xml:307(para)
3936
#: serverguide/C/vpn.xml:629(title)
3937
msgid "Client software implementations"
3938
msgstr ""
3939
3940
#: serverguide/C/vpn.xml:632(title)
3941
msgid "Linux Network-Manager GUI for OpenVPN"
3942
msgstr ""
3943
3944
#: serverguide/C/vpn.xml:634(para)
3945
msgid ""
3946
"Many Linux distributions including Ubuntu desktop variants come with Network "
3947
"Manager, a nice GUI to configure your network settings. It also can manage "
3948
"your VPN connections. Make sure you have package network-manager-openvpn "
3949
"installed. Here you see that the installation installs all other required "
3950
"packages as well:"
3951
msgstr ""
3952
3953
#: serverguide/C/vpn.xml:639(programlisting)
3954
#, no-wrap
3955
msgid ""
3956
"\n"
3957
"root@client:~# apt-get install network-manager-openvpn\n"
3958
"Reading package lists... Done\n"
3959
"Building dependency tree \n"
3960
"Reading state information... Done\n"
3961
"The following extra packages will be installed:\n"
3962
" liblzo2-2 libpkcs11-helper1 network-manager-openvpn-gnome openvpn\n"
3963
"Suggested packages:\n"
3964
" resolvconf\n"
3965
"The following NEW packages will be installed:\n"
3966
" liblzo2-2 libpkcs11-helper1 network-manager-openvpn\n"
3967
" network-manager-openvpn-gnome openvpn\n"
3968
"0 upgraded, 5 newly installed, 0 to remove and 631 not upgraded.\n"
3969
"Need to get 700 kB of archives.\n"
3970
"After this operation, 3,031 kB of additional disk space will be used.\n"
3971
"Do you want to continue [Y/n]? \n"
3972
msgstr ""
3973
3974
#: serverguide/C/vpn.xml:657(para)
3975
msgid ""
3976
"To inform network-manager about the new installed packages you will have to "
3977
"restart it:"
3978
msgstr ""
3979
3980
#: serverguide/C/vpn.xml:661(programlisting)
3981
#, no-wrap
3982
msgid ""
3983
"\n"
3984
"root@client:~# restart network-manager \n"
3985
"network-manager start/running, process 3078\n"
3986
msgstr ""
3987
3988
#: serverguide/C/vpn.xml:666(para)
3989
msgid ""
3990
"Open the Network Manager GUI, select the VPN tab and then the 'Add' button. "
3991
"Select OpenVPN as the VPN type in the opening requester and press 'Create'. "
3992
"In the next window add the OpenVPN's server name as the 'Gateway', set "
3993
"'Type' to 'Certificates (TLS)', point 'User Certificate' to your user "
3994
"certificate, 'CA Certificate' to your CA certificate and 'Private Key' to "
3995
"your private key file. Use the advanced button to enable compression or "
3996
"other special settings you set on the server. Now try to establish your VPN."
3997
msgstr ""
3998
3999
#: serverguide/C/vpn.xml:678(title)
4000
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
4001
msgstr ""
4002
4003
#: serverguide/C/vpn.xml:680(para)
4004
msgid ""
4005
"Tunnelblick is an excellent free, open source implementation of a GUI for "
4006
"OpenVPN for OS X. The project's homepage is at <ulink "
4007
"url=\"http://code.google.com/p/tunnelblick/\">http://code.google.com/p/tunnel"
4008
"blick/</ulink>. Download the latest OS X installer from there and install "
4009
"it. Then put your client.ovpn config file together with the certificates and "
4010
"keys in /Users/username/Library/Application "
4011
"Support/Tunnelblick/Configurations/ and lauch Tunnelblick from your "
4012
"Application folder."
4013
msgstr ""
4014
4015
#: serverguide/C/vpn.xml:686(programlisting)
4016
#, no-wrap
4017
msgid ""
4018
"\n"
4019
"# sample client.ovpn for Tunnelblick\n"
4020
"client\n"
4021
"remote blue.example.com\n"
4022
"port 1194\n"
4023
"proto udp\n"
4024
"dev tun\n"
4025
"dev-type tun\n"
4026
"ns-cert-type server\n"
4027
"reneg-sec 86400\n"
4028
"auth-user-pass\n"
4029
"auth-nocache\n"
4030
"auth-retry interact\n"
4031
"comp-lzo yes\n"
4032
"verb 3\n"
4033
"ca ca.crt\n"
4034
"cert client.crt\n"
4035
"key client.key\n"
4036
msgstr ""
4037
4038
#: serverguide/C/vpn.xml:708(title)
4039
msgid "OpenVPN with GUI for Win 7"
4040
msgstr ""
4041
4042
#: serverguide/C/vpn.xml:710(para)
4043
msgid ""
4044
"First download and install the latest <ulink "
4045
"url=\"http://www.openvpn.net/index.php/open-source/downloads.html\">OpenVPN "
4046
"Windows Installer</ulink>. OpenVPN 2.2.1 was the latest when this was "
4047
"written. Additionally download an alternative Open VPN Windows GUI. The "
4048
"OpenVPN MI GUI from <ulink url=\"http://openvpn-mi-gui.inside-"
4049
"security.de\">http://openvpn-mi-gui.inside-security.de</ulink> seems to be a "
4050
"nice one for Windows 7. Download the latest version. 20110624 was the latest "
4051
"version when this was written."
4052
msgstr ""
4053
4054
#: serverguide/C/vpn.xml:716(para)
4055
msgid ""
4056
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
4057
"> Services and Applications > Services. Find the OpenVPN service and "
4058
"start it. Set it's startup type to automatic. When you start the OpenVPN MI "
4059
"GUI the first time you need to run it as an administrator. You have to right "
4060
"click on it and you will see that option."
4061
msgstr ""
4062
4063
#: serverguide/C/vpn.xml:720(para)
4064
msgid ""
4065
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
4066
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
4067
"You could put the user certificate in the user's home directory like in the "
4068
"follwing example."
4069
msgstr ""
4070
4071
#: serverguide/C/vpn.xml:724(programlisting)
4072
#, no-wrap
4073
msgid ""
4074
"\n"
4075
"# C:\\Program Files\\OpenVPN\\config\\client.ovpn\n"
4076
"client\n"
4077
"remote server.example.com\n"
4078
"port 1194\n"
4079
"proto udp\n"
4080
"dev tun\n"
4081
"dev-type tun\n"
4082
"ns-cert-type server\n"
4083
"reneg-sec 86400\n"
4084
"auth-user-pass\n"
4085
"auth-retry interact\n"
4086
"comp-lzo yes\n"
4087
"verb 3\n"
4088
"ca ca.crt\n"
4089
"cert \"C:\\\\Users\\\\username\\\\My Documents\\\\openvpn\\\\client.crt\"\n"
4090
"key \"C:\\\\Users\\\\username\\\\My Documents\\\\openvpn\\\\client.key\"\n"
4091
"management 127.0.0.1 1194\n"
4092
"management-hold\n"
4093
"management-query-passwords\n"
4094
"auth-retry interact\n"
4095
msgstr ""
4096
4097
#: serverguide/C/vpn.xml:749(title)
4098
msgid "OpenVPN for OpenWRT"
4099
msgstr ""
4100
4101
#: serverguide/C/vpn.xml:751(para)
4102
msgid ""
4103
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
4104
"router. There are certain types of WLAN routers who can be flashed to run "
4105
"OpenWRT. Depending on the available memory on your OpenWRT router you can "
4106
"run software like OpenVPN and you could for example build a small "
4107
"inexpensive branch office router with VPN connectivity to the central "
4108
"office. More info on OpenVPN on OpenWRT is <ulink "
4109
"url=\"http://wiki.openwrt.org/doc/howto/vpn.overview\">here</ulink>. And "
4110
"here is the OpenWRT project's homepage: <ulink "
4111
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
4112
msgstr ""
4113
4114
#: serverguide/C/vpn.xml:760(para)
4115
msgid "Log into your OpenWRT router and install OpenVPN:"
4116
msgstr ""
4117
4118
#: serverguide/C/vpn.xml:765(command)
4119
msgid "opkg update"
4120
msgstr ""
4121
4122
#: serverguide/C/vpn.xml:766(command)
4123
msgid "opkg install openvpn"
4124
msgstr ""
4125
4126
#: serverguide/C/vpn.xml:769(para)
4127
msgid ""
4128
"Check out /etc/config/openvpn and put you client config in there. Copy "
4129
"certificated and keys to /etc/openvpn/"
4130
msgstr ""
4131
4132
#: serverguide/C/vpn.xml:774(programlisting)
4133
#, no-wrap
4134
msgid ""
4135
"\n"
4136
"config openvpn client1\n"
4137
" option enable 1 \n"
4138
" option client 1 \n"
4139
"# option dev tap \n"
4140
" option dev tun \n"
4141
" option proto udp \n"
4142
" option ca /etc/openvpn/ca.crt \n"
4143
" option cert /etc/openvpn/client.crt\n"
4144
" option key /etc/openvpn/client.key\n"
4145
" option comp_lzo 1 \n"
4146
msgstr ""
4147
4148
#: serverguide/C/vpn.xml:787(para)
4149
msgid "Restart OpenVPN:"
4150
msgstr ""
4151
4152
#: serverguide/C/vpn.xml:792(command)
4153
msgid "/etc/init.d/openvpn restart"
4154
msgstr ""
4155
4156
#: serverguide/C/vpn.xml:795(para)
4157
msgid ""
4158
"You will have to see if you need to adjust your router's routing and "
4159
"firewall rules."
4160
msgstr ""
4161
4162
#: serverguide/C/vpn.xml:805(para)
3833
4163
msgid ""
3834
4164
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3835
4165
"additional information."
3836
4166
msgstr ""
3837
4167
3838
#: serverguide/C/vpn.xml:312(para)
4168
#: serverguide/C/vpn.xml:811(ulink)
4169
msgid "OpenVPN hardening security guide"
4170
msgstr ""
4171
4172
#: serverguide/C/vpn.xml:815(para)
3839
4173
msgid ""
3840
4174
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3841
4175
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3842
4176
msgstr ""
3843
4177
3844
#: serverguide/C/vpn.xml:318(para)
3845
msgid ""
3846
"Another source of further information is the <ulink "
3847
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3848
"OpenVPN</ulink> page."
3849
msgstr ""
3850
3851
4178
#: serverguide/C/virtualization.xml:13(title)
3852
4179
msgid "Virtualization"
3853
4180
msgstr ""
3974
4301
msgid ""
3975
4302
"There are several ways to automate the Ubuntu installation process, for "
3976
4303
"example using preseeds, kickstart, etc. Refer to the <ulink "
3977
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
4304
"url=\"https://help.ubuntu.com/12.04/installation-guide/\">Ubuntu "
3978
4305
"Installation Guide</ulink> for details."
3979
4306
msgstr ""
3980
4307
3993
4320
3994
4321
#: serverguide/C/virtualization.xml:105(para)
3995
4322
msgid ""
3996
"<application>virt-install</application> is part of the <application>python-"
3997
"virtinst</application> package. To install it, from a terminal prompt enter:"
4323
"<application>virt-install</application> is part of the "
4324
"<application>virtinst</application> package. To install it, from a terminal "
4325
"prompt enter:"
3998
4326
msgstr ""
3999
4327
4000
4328
#: serverguide/C/virtualization.xml:109(command)
4001
msgid "sudo apt-get install python-virtinst"
4329
msgid "sudo apt-get install virtinst"
4002
4330
msgstr ""
4003
4331
4004
4332
#: serverguide/C/virtualization.xml:111(para)
4009
4337
4010
4338
#: serverguide/C/virtualization.xml:115(command)
4011
4339
msgid ""
4012
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4013
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4340
"sudo virt-install -n web_devel -r 256 \\ --disk "
4341
"path=/var/lib/libvirt/images/web_devel.img,bus=virtio,size=4 -c \\ jeos.iso -"
4342
"-accelerate --network network=default,model=virtio \\ --"
4343
"connect=qemu:///system --vnc --noautoconsole -v"
4014
4344
msgstr ""
4015
4345
4016
4346
#: serverguide/C/virtualization.xml:122(para)
4022
4352
#: serverguide/C/virtualization.xml:127(para)
4023
4353
msgid ""
4024
4354
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
4025
"machine will use."
4355
"machine will use in megabytes."
4026
4356
msgstr ""
4027
4357
4028
4358
#: serverguide/C/virtualization.xml:132(para)
4029
4359
msgid ""
4030
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
4031
"disk which can be a file, partition, or logical volume. In this example a "
4032
"file named <filename>web_devel.img</filename>."
4033
msgstr ""
4034
4035
#: serverguide/C/virtualization.xml:138(para)
4036
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
4037
msgstr ""
4038
4039
#: serverguide/C/virtualization.xml:143(para)
4360
"<emphasis>--disk "
4361
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
4362
"path to the virtual disk which can be a file, partition, or logical volume. "
4363
"In this example a file named <filename>web_devel.img</filename> in the "
4364
"/var/lib/libvirt/images/ directory, with a size of 4 gigabytes, and using "
4365
"<emphasis>virtio</emphasis> for the disk bus."
4366
msgstr ""
4367
4368
#: serverguide/C/virtualization.xml:139(para)
4040
4369
msgid ""
4041
4370
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
4042
4371
"file can be either an ISO file or the path to the host's CDROM device."
4043
4372
msgstr ""
4044
4373
4045
#: serverguide/C/virtualization.xml:149(para)
4374
#: serverguide/C/virtualization.xml:145(para)
4046
4375
msgid ""
4047
4376
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
4048
4377
"technologies."
4049
4378
msgstr ""
4050
4379
4051
#: serverguide/C/virtualization.xml:154(para)
4380
#: serverguide/C/virtualization.xml:150(para)
4381
msgid ""
4382
"<emphasis>--network</emphasis> provides details related to the VM's network "
4383
"interface. Here the <emphasis>default</emphasis> network is used, and the "
4384
"interface model is configured for <emphasis>virtio</emphasis>."
4385
msgstr ""
4386
4387
#: serverguide/C/virtualization.xml:156(para)
4052
4388
msgid ""
4053
4389
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
4054
4390
msgstr ""
4055
4391
4056
#: serverguide/C/virtualization.xml:159(para)
4392
#: serverguide/C/virtualization.xml:161(para)
4057
4393
msgid ""
4058
4394
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
4059
4395
"virtual machine's console."
4060
4396
msgstr ""
4061
4397
4062
#: serverguide/C/virtualization.xml:164(para)
4398
#: serverguide/C/virtualization.xml:166(para)
4063
4399
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
4064
4400
msgstr ""
4065
4401
4066
#: serverguide/C/virtualization.xml:169(para)
4402
#: serverguide/C/virtualization.xml:171(para)
4067
4403
msgid ""
4068
4404
"After launching <application>virt-install</application> you can connect to "
4069
4405
"the virtual machine's console either locally using a GUI or with the "
4070
4406
"<application>virt-viewer</application> utility."
4071
4407
msgstr ""
4072
4408
4073
#: serverguide/C/virtualization.xml:175(title)
4409
#: serverguide/C/virtualization.xml:177(title)
4074
4410
msgid "virt-clone"
4075
4411
msgstr ""
4076
4412
4077
#: serverguide/C/virtualization.xml:176(para)
4413
#: serverguide/C/virtualization.xml:178(para)
4078
4414
msgid ""
4079
4415
"The <application>virt-clone</application> application can be used to copy "
4080
4416
"one virtual machine to another. For example:"
4081
4417
msgstr ""
4082
4418
4083
#: serverguide/C/virtualization.xml:180(command)
4419
#: serverguide/C/virtualization.xml:182(command)
4084
4420
msgid ""
4085
4421
"sudo virt-clone -o web_devel -n database_devel -f "
4086
"/path/to/database_devel.img --connect=qemu:///system"
4422
"/path/to/database_devel.img \\ --connect=qemu:///system"
4087
4423
msgstr ""
4088
"sudo virt-clone -o web_devel -n database_devel -f /ruta/a/database_devel.img "
4089
"--connect=qemu:///system"
4090
4424
4091
#: serverguide/C/virtualization.xml:184(para)
4425
#: serverguide/C/virtualization.xml:187(para)
4092
4426
msgid "<emphasis>-o:</emphasis> original virtual machine."
4093
4427
msgstr "<emphasis>-o:</emphasis> máquina virtual orixinal."
4094
4428
4095
#: serverguide/C/virtualization.xml:189(para)
4429
#: serverguide/C/virtualization.xml:192(para)
4096
4430
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
4097
4431
msgstr "<emphasis>-n:</emphasis> nome de la nueva máquina virtual."
4098
4432
4099
#: serverguide/C/virtualization.xml:194(para)
4433
#: serverguide/C/virtualization.xml:197(para)
4100
4434
msgid ""
4101
4435
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
4102
4436
"be used by the new virtual machine."
4103
4437
msgstr ""
4104
4438
4105
#: serverguide/C/virtualization.xml:199(para)
4439
#: serverguide/C/virtualization.xml:202(para)
4106
4440
msgid ""
4107
4441
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
4108
4442
msgstr ""
4109
4443
4110
#: serverguide/C/virtualization.xml:204(para)
4444
#: serverguide/C/virtualization.xml:207(para)
4111
4445
msgid ""
4112
4446
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
4113
4447
"help troubleshoot problems with <application>virt-clone</application>."
4114
4448
msgstr ""
4115
4449
4116
#: serverguide/C/virtualization.xml:209(para)
4450
#: serverguide/C/virtualization.xml:212(para)
4117
4451
msgid ""
4118
4452
"Replace <emphasis>web_devel</emphasis> and "
4119
4453
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
4120
4454
msgstr ""
4121
4455
4122
#: serverguide/C/virtualization.xml:215(title)
4456
#: serverguide/C/virtualization.xml:218(title)
4123
4457
msgid "Virtual Machine Management"
4124
4458
msgstr "Xestión de máquines virtuales"
4125
4459
4126
#: serverguide/C/virtualization.xml:217(title)
4460
#: serverguide/C/virtualization.xml:220(title)
4127
4461
msgid "virsh"
4128
4462
msgstr "virsh"
4129
4463
4130
#: serverguide/C/virtualization.xml:218(para)
4464
#: serverguide/C/virtualization.xml:221(para)
4131
4465
msgid ""
4132
4466
"There are several utilities available to manage virtual machines and "
4133
4467
"<application>libvirt</application>. The <application>virsh</application> "
4134
4468
"utility can be used from the command line. Some examples:"
4135
4469
msgstr ""
4136
4470
4137
#: serverguide/C/virtualization.xml:224(para)
4471
#: serverguide/C/virtualization.xml:227(para)
4138
4472
msgid "To list running virtual machines:"
4139
4473
msgstr ""
4140
4474
4141
#: serverguide/C/virtualization.xml:228(command)
4475
#: serverguide/C/virtualization.xml:231(command)
4142
4476
msgid "virsh -c qemu:///system list"
4143
4477
msgstr "virsh -c qemu:///system list"
4144
4478
4145
#: serverguide/C/virtualization.xml:232(para)
4479
#: serverguide/C/virtualization.xml:235(para)
4146
4480
msgid "To start a virtual machine:"
4147
4481
msgstr ""
4148
4482
4149
#: serverguide/C/virtualization.xml:236(command)
4483
#: serverguide/C/virtualization.xml:239(command)
4150
4484
msgid "virsh -c qemu:///system start web_devel"
4151
4485
msgstr "virsh -c qemu:///system start web_devel"
4152
4486
4153
#: serverguide/C/virtualization.xml:240(para)
4487
#: serverguide/C/virtualization.xml:243(para)
4154
4488
msgid "Similarly, to start a virtual machine at boot:"
4155
4489
msgstr ""
4156
4490
4157
#: serverguide/C/virtualization.xml:244(command)
4491
#: serverguide/C/virtualization.xml:247(command)
4158
4492
msgid "virsh -c qemu:///system autostart web_devel"
4159
4493
msgstr "virsh -c qemu:///system autostart web_devel"
4160
4494
4161
#: serverguide/C/virtualization.xml:248(para)
4495
#: serverguide/C/virtualization.xml:251(para)
4162
4496
msgid "Reboot a virtual machine with:"
4163
4497
msgstr "Reanicie una máquina virtual con:"
4164
4498
4165
#: serverguide/C/virtualization.xml:252(command)
4499
#: serverguide/C/virtualization.xml:255(command)
4166
4500
msgid "virsh -c qemu:///system reboot web_devel"
4167
4501
msgstr "virsh -c qemu:///system reboot web_devel"
4168
4502
4169
#: serverguide/C/virtualization.xml:256(para)
4503
#: serverguide/C/virtualization.xml:259(para)
4170
4504
msgid ""
4171
4505
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4172
4506
"order to be restored later. The following will save the virtual machine "
4173
4507
"state into a file named according to the date:"
4174
4508
msgstr ""
4175
4509
4176
#: serverguide/C/virtualization.xml:261(command)
4510
#: serverguide/C/virtualization.xml:264(command)
4177
4511
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4178
4512
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
4179
4513
4180
#: serverguide/C/virtualization.xml:263(para)
4514
#: serverguide/C/virtualization.xml:266(para)
4181
4515
msgid "Once saved the virtual machine will no longer be running."
4182
4516
msgstr ""
4183
4517
4184
#: serverguide/C/virtualization.xml:268(para)
4518
#: serverguide/C/virtualization.xml:271(para)
4185
4519
msgid "A saved virtual machine can be restored using:"
4186
4520
msgstr ""
4187
4521
4188
#: serverguide/C/virtualization.xml:272(command)
4522
#: serverguide/C/virtualization.xml:275(command)
4189
4523
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4190
4524
msgstr ""
4191
4525
4192
#: serverguide/C/virtualization.xml:276(para)
4526
#: serverguide/C/virtualization.xml:279(para)
4193
4527
msgid "To shutdown a virtual machine do:"
4194
4528
msgstr ""
4195
4529
4196
#: serverguide/C/virtualization.xml:280(command)
4530
#: serverguide/C/virtualization.xml:283(command)
4197
4531
msgid "virsh -c qemu:///system shutdown web_devel"
4198
4532
msgstr ""
4199
4533
4200
#: serverguide/C/virtualization.xml:284(para)
4534
#: serverguide/C/virtualization.xml:287(para)
4201
4535
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4202
4536
msgstr ""
4203
4537
4204
#: serverguide/C/virtualization.xml:288(command)
4538
#: serverguide/C/virtualization.xml:291(command)
4205
4539
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4206
4540
msgstr ""
4207
4541
4208
#: serverguide/C/virtualization.xml:293(para)
4542
#: serverguide/C/virtualization.xml:296(para)
4209
4543
msgid ""
4210
4544
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4211
4545
"appropriate virtual machine name, and <filename>web_devel-"
4212
4546
"022708.state</filename> with a descriptive file name."
4213
4547
msgstr ""
4214
4548
4215
#: serverguide/C/virtualization.xml:300(title)
4549
#: serverguide/C/virtualization.xml:303(title)
4216
4550
msgid "Virtual Machine Manager"
4217
4551
msgstr ""
4218
4552
4219
#: serverguide/C/virtualization.xml:301(para)
4553
#: serverguide/C/virtualization.xml:304(para)
4220
4554
msgid ""
4221
4555
"The <application>virt-manager</application> package contains a graphical "
4222
4556
"utility to manage local and remote virtual machines. To install virt-manager "
4223
4557
"enter:"
4224
4558
msgstr ""
4225
4559
4226
#: serverguide/C/virtualization.xml:306(command)
4560
#: serverguide/C/virtualization.xml:309(command)
4227
4561
msgid "sudo apt-get install virt-manager"
4228
4562
msgstr ""
4229
4563
4230
#: serverguide/C/virtualization.xml:308(para)
4564
#: serverguide/C/virtualization.xml:311(para)
4231
4565
msgid ""
4232
4566
"Since <application>virt-manager</application> requires a Graphical User "
4233
4567
"Interface (GUI) environment it is recommended to be installed on a "
4235
4569
"the local <application>libvirt</application> service enter:"
4236
4570
msgstr ""
4237
4571
4238
#: serverguide/C/virtualization.xml:314(command)
4572
#: serverguide/C/virtualization.xml:317(command)
4239
4573
msgid "virt-manager -c qemu:///system"
4240
4574
msgstr ""
4241
4575
4242
#: serverguide/C/virtualization.xml:316(para)
4576
#: serverguide/C/virtualization.xml:319(para)
4243
4577
msgid ""
4244
4578
"You can connect to the <application>libvirt</application> service running on "
4245
4579
"another host by entering the following in a terminal prompt:"
4246
4580
msgstr ""
4247
4581
4248
#: serverguide/C/virtualization.xml:320(command)
4582
#: serverguide/C/virtualization.xml:323(command)
4249
4583
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4250
4584
msgstr ""
4251
4585
4252
#: serverguide/C/virtualization.xml:323(para)
4586
#: serverguide/C/virtualization.xml:326(para)
4253
4587
msgid ""
4254
4588
"The above example assumes that <application>SSH</application> connectivity "
4255
4589
"between the management system and virtnode1.mydomain.com has already been "
4260
4594
"linkend=\"openssh-server\"/>"
4261
4595
msgstr ""
4262
4596
4263
#: serverguide/C/virtualization.xml:333(title)
4597
#: serverguide/C/virtualization.xml:336(title)
4264
4598
msgid "Virtual Machine Viewer"
4265
4599
msgstr ""
4266
4600
4267
#: serverguide/C/virtualization.xml:334(para)
4601
#: serverguide/C/virtualization.xml:337(para)
4268
4602
msgid ""
4269
4603
"The <application>virt-viewer</application> application allows you to connect "
4270
4604
"to a virtual machine's console. <application>virt-viewer</application> does "
4272
4606
"machine."
4273
4607
msgstr ""
4274
4608
4275
#: serverguide/C/virtualization.xml:338(para)
4609
#: serverguide/C/virtualization.xml:341(para)
4276
4610
msgid ""
4277
4611
"To install <application>virt-viewer</application> from a terminal enter:"
4278
4612
msgstr ""
4279
4613
4280
#: serverguide/C/virtualization.xml:342(command)
4614
#: serverguide/C/virtualization.xml:345(command)
4281
4615
msgid "sudo apt-get install virt-viewer"
4282
4616
msgstr ""
4283
4617
4284
#: serverguide/C/virtualization.xml:344(para)
4618
#: serverguide/C/virtualization.xml:347(para)
4285
4619
msgid ""
4286
4620
"Once a virtual machine is installed and running you can connect to the "
4287
4621
"virtual machine's console by using:"
4288
4622
msgstr ""
4289
4623
4290
#: serverguide/C/virtualization.xml:348(command)
4624
#: serverguide/C/virtualization.xml:351(command)
4291
4625
msgid "virt-viewer -c qemu:///system web_devel"
4292
4626
msgstr ""
4293
4627
4294
#: serverguide/C/virtualization.xml:350(para)
4628
#: serverguide/C/virtualization.xml:353(para)
4295
4629
msgid ""
4296
4630
"Similar to <application>virt-manager</application>, <application>virt-"
4297
4631
"viewer</application> can connect to a remote host using "
4298
4632
"<emphasis>SSH</emphasis> with key authentication, as well:"
4299
4633
msgstr ""
4300
4634
4301
#: serverguide/C/virtualization.xml:355(command)
4635
#: serverguide/C/virtualization.xml:358(command)
4302
4636
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4303
4637
msgstr ""
4304
4638
4305
#: serverguide/C/virtualization.xml:357(para)
4639
#: serverguide/C/virtualization.xml:360(para)
4306
4640
msgid ""
4307
4641
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4308
4642
"appropriate virtual machine name."
4309
4643
msgstr ""
4310
4644
4311
#: serverguide/C/virtualization.xml:360(para)
4645
#: serverguide/C/virtualization.xml:363(para)
4312
4646
msgid ""
4313
4647
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4314
4648
"can also setup <application>SSH</application> access to the virtual machine. "
4316
4650
"more details."
4317
4651
msgstr ""
4318
4652
4319
#: serverguide/C/virtualization.xml:369(para)
4653
#: serverguide/C/virtualization.xml:372(para)
4320
4654
msgid ""
4321
4655
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4322
4656
"for more details."
4323
4657
msgstr ""
4324
4658
4325
#: serverguide/C/virtualization.xml:374(para)
4659
#: serverguide/C/virtualization.xml:377(para)
4326
4660
msgid ""
4327
4661
"For more information on <application>libvirt</application> see the <ulink "
4328
4662
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4329
4663
msgstr ""
4330
4664
4331
#: serverguide/C/virtualization.xml:379(para)
4665
#: serverguide/C/virtualization.xml:382(para)
4332
4666
msgid ""
4333
4667
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4334
4668
"Manager</ulink> site has more information on <application>virt-"
4335
4669
"manager</application> development."
4336
4670
msgstr ""
4337
4671
4338
#: serverguide/C/virtualization.xml:385(para)
4672
#: serverguide/C/virtualization.xml:388(para)
4339
4673
msgid ""
4340
4674
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4341
4675
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4342
4676
"technology in Ubuntu."
4343
4677
msgstr ""
4344
4678
4345
#: serverguide/C/virtualization.xml:391(para)
4679
#: serverguide/C/virtualization.xml:394(para)
4346
4680
msgid ""
4347
4681
"Another good resource is the <ulink "
4348
4682
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4349
4683
msgstr ""
4350
4684
4351
#: serverguide/C/virtualization.xml:399(title)
4685
#: serverguide/C/virtualization.xml:402(title)
4352
4686
msgid "JeOS and vmbuilder"
4353
4687
msgstr ""
4354
4688
4355
#: serverguide/C/virtualization.xml:405(title)
4689
#: serverguide/C/virtualization.xml:408(title)
4356
4690
msgid "What is JeOS"
4357
4691
msgstr ""
4358
4692
4359
#: serverguide/C/virtualization.xml:407(para)
4693
#: serverguide/C/virtualization.xml:410(para)
4360
4694
msgid ""
4361
4695
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4362
4696
"variant of the Ubuntu Server operating system, configured specifically for "
4364
4698
"only as an option either:"
4365
4699
msgstr ""
4366
4700
4367
#: serverguide/C/virtualization.xml:414(para)
4701
#: serverguide/C/virtualization.xml:417(para)
4368
4702
msgid ""
4369
4703
"While installing from the Server Edition ISO (pressing "
4370
4704
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4371
4705
"installation\", which is the package selection equivalent to JeOS)."
4372
4706
msgstr ""
4373
4707
4374
#: serverguide/C/virtualization.xml:420(para)
4708
#: serverguide/C/virtualization.xml:423(para)
4375
4709
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4376
4710
msgstr ""
4377
4711
4378
#: serverguide/C/virtualization.xml:426(para)
4712
#: serverguide/C/virtualization.xml:429(para)
4379
4713
msgid ""
4380
4714
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4381
4715
"kernel that only contains the base elements needed to run within a "
4382
4716
"virtualized environment."
4383
4717
msgstr ""
4384
4718
4385
#: serverguide/C/virtualization.xml:431(para)
4719
#: serverguide/C/virtualization.xml:434(para)
4386
4720
msgid ""
4387
4721
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4388
4722
"in the latest virtualization products from VMware. This combination of "
4391
4725
"deployments."
4392
4726
msgstr ""
4393
4727
4394
#: serverguide/C/virtualization.xml:437(para)
4728
#: serverguide/C/virtualization.xml:440(para)
4395
4729
msgid ""
4396
4730
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4397
4731
"can configure their supporting OS exactly as they require. They have the "
4402
4736
"than they would have had to with a standard full installation of a server."
4403
4737
msgstr ""
4404
4738
4405
#: serverguide/C/virtualization.xml:446(title)
4739
#: serverguide/C/virtualization.xml:449(title)
4406
4740
msgid "What is vmbuilder"
4407
4741
msgstr ""
4408
4742
4409
#: serverguide/C/virtualization.xml:448(para)
4743
#: serverguide/C/virtualization.xml:451(para)
4410
4744
msgid ""
4411
4745
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4412
4746
"will fetch the various package and build a virtual machine tailored for your "
4415
4749
"are KVM and Xen."
4416
4750
msgstr ""
4417
4751
4418
#: serverguide/C/virtualization.xml:454(para)
4752
#: serverguide/C/virtualization.xml:457(para)
4419
4753
msgid ""
4420
4754
"You can pass command line options to add extra packages, remove packages, "
4421
4755
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4423
4757
"a local mirror, you can bootstrap a VM in less than a minute."
4424
4758
msgstr ""
4425
4759
4426
#: serverguide/C/virtualization.xml:460(para)
4760
#: serverguide/C/virtualization.xml:463(para)
4427
4761
msgid ""
4428
4762
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4429
4763
"vm-builder</application> started with little emphasis as a hack to help "
4435
4769
"scratch for Intrepid as a python script with a few new design goals:"
4436
4770
msgstr ""
4437
4771
4438
#: serverguide/C/virtualization.xml:470(para)
4772
#: serverguide/C/virtualization.xml:473(para)
4439
4773
msgid "Develop it so that it can be reused by other distributions."
4440
4774
msgstr ""
4441
4775
4442
#: serverguide/C/virtualization.xml:475(para)
4776
#: serverguide/C/virtualization.xml:478(para)
4443
4777
msgid ""
4444
4778
"Use a plugin mechanisms for all virtualization interactions so that others "
4445
4779
"can easily add logic for other virtualization environments."
4446
4780
msgstr ""
4447
4781
4448
#: serverguide/C/virtualization.xml:480(para)
4782
#: serverguide/C/virtualization.xml:483(para)
4449
4783
msgid ""
4450
4784
"Provide an easy to maintain web interface as an option to the command line "
4451
4785
"interface."
4452
4786
msgstr ""
4453
4787
4454
#: serverguide/C/virtualization.xml:486(para)
4788
#: serverguide/C/virtualization.xml:489(para)
4455
4789
msgid "But the general principles and commands remain the same."
4456
4790
msgstr ""
4457
4791
4458
#: serverguide/C/virtualization.xml:493(title)
4792
#: serverguide/C/virtualization.xml:496(title)
4459
4793
msgid "Initial Setup"
4460
4794
msgstr ""
4461
4795
4462
#: serverguide/C/virtualization.xml:495(para)
4796
#: serverguide/C/virtualization.xml:498(para)
4463
4797
msgid ""
4464
4798
"It is assumed that you have installed and configured "
4465
4799
"<application>libvirt</application> and <application>KVM</application> "
4467
4801
"please refer to:"
4468
4802
msgstr ""
4469
4803
4470
#: serverguide/C/virtualization.xml:507(para)
4804
#: serverguide/C/virtualization.xml:510(para)
4471
4805
msgid ""
4472
4806
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4473
4807
"page."
4474
4808
msgstr ""
4475
4809
4476
#: serverguide/C/virtualization.xml:513(para)
4810
#: serverguide/C/virtualization.xml:516(para)
4477
4811
msgid ""
4478
4812
"We also assume that you know how to use a text based text editor such as "
4479
4813
"nano or vi. If you have not used any of them before, you can get an overview "
4483
4817
"principle should remain on other virtualization technologies."
4484
4818
msgstr ""
4485
4819
4486
#: serverguide/C/virtualization.xml:521(title)
4820
#: serverguide/C/virtualization.xml:524(title)
4487
4821
msgid "Install vmbuilder"
4488
4822
msgstr ""
4489
4823
4490
#: serverguide/C/virtualization.xml:523(para)
4824
#: serverguide/C/virtualization.xml:526(para)
4491
4825
msgid ""
4492
4826
"The name of the package that we need to install is <application>python-vm-"
4493
4827
"builder</application>. In a terminal prompt enter:"
4494
4828
msgstr ""
4495
4829
4496
#: serverguide/C/virtualization.xml:528(command)
4830
#: serverguide/C/virtualization.xml:531(command)
4497
4831
msgid "sudo apt-get install python-vm-builder"
4498
4832
msgstr ""
4499
4833
4500
#: serverguide/C/virtualization.xml:532(para)
4834
#: serverguide/C/virtualization.xml:535(para)
4501
4835
msgid ""
4502
4836
"If you are running Hardy, you can still perform most of this using the older "
4503
4837
"version of the package named <application>ubuntu-vm-builder</application>, "
4504
4838
"there are only a few changes to the syntax of the tool."
4505
4839
msgstr ""
4506
4840
4507
#: serverguide/C/virtualization.xml:541(title)
4841
#: serverguide/C/virtualization.xml:544(title)
4508
4842
msgid "Defining Your Virtual Machine"
4509
4843
msgstr ""
4510
4844
4511
#: serverguide/C/virtualization.xml:543(para)
4845
#: serverguide/C/virtualization.xml:546(para)
4512
4846
msgid ""
4513
4847
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4514
4848
"are a few thing to consider:"
4515
4849
msgstr ""
4516
4850
4517
#: serverguide/C/virtualization.xml:549(para)
4851
#: serverguide/C/virtualization.xml:552(para)
4518
4852
msgid ""
4519
4853
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4520
4854
"will know how to extend disk size to fit their need, so either plan for a "
4523
4857
"a good idea to store data on some separate external storage."
4524
4858
msgstr ""
4525
4859
4526
#: serverguide/C/virtualization.xml:556(para)
4860
#: serverguide/C/virtualization.xml:559(para)
4527
4861
msgid ""
4528
4862
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4529
4863
"whatever you think is a safe minimum for your appliance."
4530
4864
msgstr ""
4531
4865
4532
#: serverguide/C/virtualization.xml:562(para)
4866
#: serverguide/C/virtualization.xml:565(para)
4533
4867
msgid ""
4534
4868
"The <application>vmbuilder</application> command has 2 main parameters: the "
4535
4869
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4537
4871
"and can be found using the following command:"
4538
4872
msgstr ""
4539
4873
4540
#: serverguide/C/virtualization.xml:568(command)
4541
msgid "vmbuilder --help"
4542
msgstr "vmbuilder --help"
4874
#: serverguide/C/virtualization.xml:571(command)
4875
msgid "vmbuilder kvm ubuntu --help"
4876
msgstr ""
4543
4877
4544
#: serverguide/C/virtualization.xml:572(title)
4878
#: serverguide/C/virtualization.xml:575(title)
4545
4879
msgid "Base Parameters"
4546
4880
msgstr "Parámetros básicos"
4547
4881
4548
#: serverguide/C/virtualization.xml:574(para)
4882
#: serverguide/C/virtualization.xml:577(para)
4549
4883
msgid ""
4550
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
4551
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
4884
"As this example is based on <application>KVM</application> and Ubuntu 12.04 "
4885
"LTS (Oneiric Ocelot), and we are likely to rebuild the same virtual machine "
4552
4886
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4553
4887
msgstr ""
4554
4888
4555
#: serverguide/C/virtualization.xml:580(command)
4889
#: serverguide/C/virtualization.xml:583(command)
4556
4890
msgid ""
4557
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4558
"-libvirt qemu:///system"
4891
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
4892
"o --libvirt qemu:///system"
4559
4893
msgstr ""
4560
4894
4561
#: serverguide/C/virtualization.xml:583(para)
4895
#: serverguide/C/virtualization.xml:587(para)
4562
4896
msgid ""
4563
4897
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4564
4898
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4569
4903
"add the resulting VM to the list of available machines."
4570
4904
msgstr ""
4571
4905
4572
#: serverguide/C/virtualization.xml:591(para)
4906
#: serverguide/C/virtualization.xml:595(para)
4573
4907
msgid "Notes:"
4574
4908
msgstr "Notes:"
4575
4909
4576
#: serverguide/C/virtualization.xml:597(para)
4910
#: serverguide/C/virtualization.xml:601(para)
4577
4911
msgid ""
4578
4912
"Because of the nature of operations performed by vmbuilder, it needs to have "
4579
4913
"root privilege, hence the use of sudo."
4580
4914
msgstr ""
4581
4915
4582
#: serverguide/C/virtualization.xml:602(para)
4916
#: serverguide/C/virtualization.xml:606(para)
4583
4917
msgid ""
4584
4918
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4585
4919
"a 64 bit machine (--arch amd64)."
4586
4920
msgstr ""
4587
4921
4588
#: serverguide/C/virtualization.xml:607(para)
4922
#: serverguide/C/virtualization.xml:611(para)
4589
4923
msgid ""
4590
4924
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4591
4925
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4592
4926
"use <emphasis>--flavour</emphasis> server instead."
4593
4927
msgstr ""
4594
4928
4595
#: serverguide/C/virtualization.xml:615(title)
4929
#: serverguide/C/virtualization.xml:619(title)
4596
4930
msgid "JeOS Installation Parameters"
4597
4931
msgstr "Parámetros d'instalación de JeOS"
4598
4932
4599
#: serverguide/C/virtualization.xml:618(title)
4933
#: serverguide/C/virtualization.xml:622(title)
4600
4934
msgid "JeOS Networking"
4601
4935
msgstr "Rede JeOS"
4602
4936
4603
#: serverguide/C/virtualization.xml:621(title)
4937
#: serverguide/C/virtualization.xml:625(title)
4604
4938
msgid "Assigning a fixed IP address"
4605
4939
msgstr "Asignar una direición IP fixa"
4606
4940
4607
#: serverguide/C/virtualization.xml:623(para)
4941
#: serverguide/C/virtualization.xml:627(para)
4608
4942
msgid ""
4609
4943
"As a virtual appliance that may be deployed on various very different "
4610
4944
"networks, it is very difficult to know what the actual network will look "
4615
4949
"192.168.0.0/255 is usually a good choice."
4616
4950
msgstr ""
4617
4951
4618
#: serverguide/C/virtualization.xml:630(para)
4952
#: serverguide/C/virtualization.xml:634(para)
4619
4953
msgid "To do this we'll use the following parameters:"
4620
4954
msgstr ""
4621
4955
4622
#: serverguide/C/virtualization.xml:636(para)
4956
#: serverguide/C/virtualization.xml:640(para)
4623
4957
msgid ""
4624
4958
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4625
4959
"dhcp if not specified)"
4626
4960
msgstr ""
4627
4961
4628
#: serverguide/C/virtualization.xml:641(para)
4962
#: serverguide/C/virtualization.xml:645(para)
4963
msgid ""
4964
"<emphasis>--hostname NAME</emphasis>: Set NAME as the hostname of the guest."
4965
msgstr ""
4966
4967
#: serverguide/C/virtualization.xml:650(para)
4629
4968
msgid ""
4630
4969
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4631
4970
"255.255.255.0)"
4632
4971
msgstr ""
4633
4972
4634
#: serverguide/C/virtualization.xml:646(para)
4973
#: serverguide/C/virtualization.xml:655(para)
4635
4974
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4636
4975
msgstr ""
4637
4976
4638
#: serverguide/C/virtualization.xml:651(para)
4977
#: serverguide/C/virtualization.xml:660(para)
4639
4978
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4640
4979
msgstr ""
4641
4980
"<emphasis>--bcast VALUE</ emphasis>: difusión d'IP (predeterminada: "
4642
4981
"X.X.X.255)"
4643
4982
4644
#: serverguide/C/virtualization.xml:656(para)
4983
#: serverguide/C/virtualization.xml:665(para)
4645
4984
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4646
4985
msgstr ""
4647
4986
4648
#: serverguide/C/virtualization.xml:661(para)
4987
#: serverguide/C/virtualization.xml:670(para)
4649
4988
msgid ""
4650
4989
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4651
4990
msgstr ""
4652
4991
4653
#: serverguide/C/virtualization.xml:667(para)
4992
#: serverguide/C/virtualization.xml:676(para)
4654
4993
msgid ""
4655
4994
"We assume for now that default values are good enough, so the resulting "
4656
4995
"invocation becomes:"
4657
4996
msgstr ""
4658
4997
4659
#: serverguide/C/virtualization.xml:672(command)
4998
#: serverguide/C/virtualization.xml:681(command)
4660
4999
msgid ""
4661
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
4662
"-libvirt qemu:///system --ip 192.168.0.100"
4663
msgstr ""
4664
4665
#: serverguide/C/virtualization.xml:677(title)
4666
msgid "Modifying the libvirt Template to use Bridging"
4667
msgstr ""
4668
4669
#: serverguide/C/virtualization.xml:679(para)
5000
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
5001
"o --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm"
5002
msgstr ""
5003
5004
#: serverguide/C/virtualization.xml:687(title) serverguide/C/network-config.xml:525(title)
5005
msgid "Bridging"
5006
msgstr ""
5007
5008
#: serverguide/C/virtualization.xml:689(para)
4670
5009
msgid ""
4671
5010
"Because our appliance will be likely to need to be accessed by remote hosts, "
4672
5011
"we need to configure libvirt so that the appliance uses bridge networking. "
4673
"To do this we use vmbuilder template mechanism to modify the default one."
4674
msgstr ""
4675
4676
#: serverguide/C/virtualization.xml:684(para)
4677
msgid ""
4678
"In our working directory we create the template hierarchy and copy the "
4679
"default template:"
4680
msgstr ""
4681
4682
#: serverguide/C/virtualization.xml:689(command)
4683
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4684
msgstr "mkdir -p VMBuilder/plugins/libvirt/templates"
4685
4686
#: serverguide/C/virtualization.xml:690(command)
4687
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4688
msgstr "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4689
4690
#: serverguide/C/virtualization.xml:693(para)
4691
msgid ""
4692
"We can then edit "
4693
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4694
"change:"
4695
msgstr ""
4696
"Podemos editar <filename> "
4697
"VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl </filename> pa camudar:"
4698
4699
#: serverguide/C/virtualization.xml:697(programlisting)
4700
#, no-wrap
4701
msgid ""
4702
"\n"
4703
" <interface type='network'>\n"
4704
" <source network='default'/>\n"
4705
" </interface>\n"
4706
msgstr ""
4707
"\n"
4708
" <interface type='network'>\n"
4709
" <source network='default'/>\n"
4710
" </interface>\n"
4711
4712
#: serverguide/C/virtualization.xml:703(para)
4713
msgid "To:"
4714
msgstr "Fasta:"
4715
4716
#: serverguide/C/virtualization.xml:707(programlisting)
4717
#, no-wrap
4718
msgid ""
4719
"\n"
4720
" <interface type='bridge'>\n"
4721
" <source bridge='br0'/>\n"
4722
" </interface>\n"
4723
msgstr ""
4724
"\n"
4725
" <interface type='bridge'>\n"
4726
" <source bridge='br0'/>\n"
4727
" </interface>\n"
4728
4729
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
5012
"To do this add the <emphasis>--bridge</emphasis> option to the command:"
5013
msgstr ""
5014
5015
#: serverguide/C/virtualization.xml:695(command)
5016
msgid ""
5017
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
5018
"o --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm --bridge br0"
5019
msgstr ""
5020
5021
#: serverguide/C/virtualization.xml:700(para)
5022
msgid ""
5023
"You will need to have previously setup a bridge interface, see <xref "
5024
"linkend=\"bridging\"/> for more information. Also, if the interface name is "
5025
"different change <emphasis>br0</emphasis> to the actual bridge interface."
5026
msgstr ""
5027
5028
#: serverguide/C/virtualization.xml:709(title) serverguide/C/installation.xml:443(title)
4730
5029
msgid "Partitioning"
4731
5030
msgstr "Particionar"
4732
5031
4733
#: serverguide/C/virtualization.xml:719(para)
5032
#: serverguide/C/virtualization.xml:711(para)
4734
5033
msgid ""
4735
5034
"Partitioning of the virtual appliance will have to take into consideration "
4736
5035
"what you are planning to do with is. Because most appliances want to have a "
4738
5037
"make sense."
4739
5038
msgstr ""
4740
5039
4741
#: serverguide/C/virtualization.xml:724(para)
5040
#: serverguide/C/virtualization.xml:716(para)
4742
5041
msgid ""
4743
5042
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4744
5043
msgstr ""
4745
5044
4746
#: serverguide/C/virtualization.xml:728(programlisting)
5045
#: serverguide/C/virtualization.xml:720(programlisting)
4747
5046
#, no-wrap
4748
5047
msgid ""
4749
5048
"\n"
4750
5049
"--part PATH\n"
4751
5050
" Allows you to specify a partition table in a partition file, located at "
4752
"PATH. Each line of the partition file should specify\n"
4753
" (root first):\n"
5051
"PATH. Each\n"
5052
" line of the partition file should specify (root first):\n"
4754
5053
" mountpoint size\n"
4755
5054
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4756
"disk starts on a\n"
4757
" line with ’---’. ie :\n"
5055
"disk starts\n"
5056
" on a line with ’---’. ie :\n"
4758
5057
" root 1000\n"
4759
5058
" /opt 1000\n"
4760
5059
" swap 256\n"
4763
5062
" /log 1500\n"
4764
5063
msgstr ""
4765
5064
4766
#: serverguide/C/virtualization.xml:743(para)
5065
#: serverguide/C/virtualization.xml:735(para)
4767
5066
msgid ""
4768
5067
"In our case we will define a text file name "
4769
5068
"<filename>vmbuilder.partition</filename> which will contain the following:"
4770
5069
msgstr ""
4771
5070
4772
#: serverguide/C/virtualization.xml:747(programlisting)
5071
#: serverguide/C/virtualization.xml:739(programlisting)
4773
5072
#, no-wrap
4774
5073
msgid ""
4775
5074
"\n"
4784
5083
"---\n"
4785
5084
"/var 20000\n"
4786
5085
4787
#: serverguide/C/virtualization.xml:755(para)
5086
#: serverguide/C/virtualization.xml:747(para)
4788
5087
msgid ""
4789
5088
"Note that as we are using virtual disk images, the actual sizes that we put "
4790
5089
"here are maximum sizes for these volumes."
4791
5090
msgstr ""
4792
5091
4793
#: serverguide/C/virtualization.xml:760(para)
5092
#: serverguide/C/virtualization.xml:752(para)
4794
5093
msgid "Our command line now looks like:"
4795
5094
msgstr ""
4796
5095
4797
#: serverguide/C/virtualization.xml:765(command)
5096
#: serverguide/C/virtualization.xml:757(command)
4798
5097
msgid ""
4799
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4800
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
5098
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
5099
"o --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm --part "
5100
"vmbuilder.partition"
4801
5101
msgstr ""
4802
5102
4803
#: serverguide/C/virtualization.xml:770(para)
5103
#: serverguide/C/virtualization.xml:762(para)
4804
5104
msgid ""
4805
5105
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4806
5106
"next line."
4807
5107
msgstr ""
4808
5108
4809
#: serverguide/C/virtualization.xml:777(title)
5109
#: serverguide/C/virtualization.xml:769(title)
4810
5110
msgid "User and Password"
4811
5111
msgstr "Usuariu y contraseña"
4812
5112
4813
#: serverguide/C/virtualization.xml:779(para)
5113
#: serverguide/C/virtualization.xml:771(para)
4814
5114
msgid ""
4815
5115
"Again setting up a virtual appliance, you will need to provide a default "
4816
5116
"user and password that is generic so that you can include it in your "
4821
5121
"as my user name, and <emphasis>'default'</emphasis> as the password."
4822
5122
msgstr ""
4823
5123
4824
#: serverguide/C/virtualization.xml:787(para)
5124
#: serverguide/C/virtualization.xml:779(para)
4825
5125
msgid "To do this we use the following optional parameters:"
4826
5126
msgstr ""
4827
5127
4828
#: serverguide/C/virtualization.xml:793(para)
5128
#: serverguide/C/virtualization.xml:785(para)
4829
5129
msgid ""
4830
5130
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4831
5131
"Default: ubuntu."
4832
5132
msgstr ""
4833
5133
4834
#: serverguide/C/virtualization.xml:798(para)
5134
#: serverguide/C/virtualization.xml:790(para)
4835
5135
msgid ""
4836
5136
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4837
5137
"added. Default: Ubuntu."
4838
5138
msgstr ""
4839
5139
4840
#: serverguide/C/virtualization.xml:803(para)
5140
#: serverguide/C/virtualization.xml:795(para)
4841
5141
msgid ""
4842
5142
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4843
5143
"Default: ubuntu."
4844
5144
msgstr ""
4845
5145
4846
#: serverguide/C/virtualization.xml:809(para)
5146
#: serverguide/C/virtualization.xml:801(para)
4847
5147
msgid "Our resulting command line becomes:"
4848
5148
msgstr ""
4849
5149
4850
#: serverguide/C/virtualization.xml:814(command)
5150
#: serverguide/C/virtualization.xml:806(command)
4851
5151
msgid ""
4852
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
4853
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4854
"-user user --name user --pass default"
5152
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 \\ -"
5153
"o --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm --part \\ "
5154
"vmbuilder.partition --user user --name user --pass default"
4855
5155
msgstr ""
4856
5156
4857
#: serverguide/C/virtualization.xml:822(title)
5157
#: serverguide/C/virtualization.xml:814(title)
4858
5158
msgid "Installing Required Packages"
4859
5159
msgstr "Instalar los paquetes necesarios"
4860
5160
4861
#: serverguide/C/virtualization.xml:824(para)
5161
#: serverguide/C/virtualization.xml:816(para)
4862
5162
msgid ""
4863
5163
"In this example we will be installing a package "
4864
5164
"<application>(Limesurvey)</application> that accesses a "
4866
5166
"therefore require our OS to provide us with:"
4867
5167
msgstr ""
4868
5168
4869
#: serverguide/C/virtualization.xml:831(para)
5169
#: serverguide/C/virtualization.xml:823(para)
4870
5170
msgid "Apache"
4871
5171
msgstr "Apache"
4872
5172
4873
#: serverguide/C/virtualization.xml:832(para)
5173
#: serverguide/C/virtualization.xml:824(para)
4874
5174
msgid "PHP"
4875
5175
msgstr "PHP"
4876
5176
4877
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
5177
#: serverguide/C/virtualization.xml:825(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4878
5178
msgid "MySQL"
4879
5179
msgstr "MySQL"
4880
5180
4881
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
5181
#: serverguide/C/virtualization.xml:826(para) serverguide/C/remote-administration.xml:18(title)
4882
5182
msgid "OpenSSH Server"
4883
5183
msgstr "Sirvidor OpenSSH"
4884
5184
4885
#: serverguide/C/virtualization.xml:835(para)
5185
#: serverguide/C/virtualization.xml:827(para)
4886
5186
msgid "Limesurvey (as an example application that we have packaged)"
4887
5187
msgstr ""
4888
5188
4889
#: serverguide/C/virtualization.xml:838(para)
5189
#: serverguide/C/virtualization.xml:830(para)
4890
5190
msgid ""
4891
5191
"This is done using vmbuilder by specifying the --addpkg option multiple "
4892
5192
"times:"
4893
5193
msgstr ""
4894
5194
4895
#: serverguide/C/virtualization.xml:842(programlisting)
5195
#: serverguide/C/virtualization.xml:834(programlisting)
4896
5196
#, no-wrap
4897
5197
msgid ""
4898
5198
"\n"
4900
5200
" Install PKG into the guest (can be specfied multiple times)\n"
4901
5201
msgstr ""
4902
5202
4903
#: serverguide/C/virtualization.xml:847(para)
5203
#: serverguide/C/virtualization.xml:839(para)
4904
5204
msgid ""
4905
5205
"However, due to the way vmbuilder operates, packages that have to ask "
4906
5206
"questions to the user during the post install phase are not supported and "
4908
5208
"of Limesurvey, which we will have to install later, once the user logs in."
4909
5209
msgstr ""
4910
5210
4911
#: serverguide/C/virtualization.xml:853(para)
5211
#: serverguide/C/virtualization.xml:845(para)
4912
5212
msgid ""
4913
5213
"Other packages that ask simple debconf question, such as <application>mysql-"
4914
5214
"server</application> asking to set a password, the package can be installed "
4916
5216
"in."
4917
5217
msgstr ""
4918
5218
4919
#: serverguide/C/virtualization.xml:859(para)
5219
#: serverguide/C/virtualization.xml:851(para)
4920
5220
msgid ""
4921
5221
"If some packages that we need to install are not in main, we need to enable "
4922
5222
"the additional repositories using --comp and --ppa:"
4923
5223
msgstr ""
4924
5224
4925
#: serverguide/C/virtualization.xml:863(programlisting)
5225
#: serverguide/C/virtualization.xml:855(programlisting)
4926
5226
#, no-wrap
4927
5227
msgid ""
4928
5228
"\n"
4929
5229
"--components COMP1,COMP2,...,COMPN\n"
4930
5230
" A comma separated list of distro components to include (e.g. "
4931
"main,universe). This defaults\n"
4932
" to \"main\"\n"
5231
"main,universe).\n"
5232
" This defaults to \"main\"\n"
4933
5233
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4934
5234
msgstr ""
4935
5235
4936
#: serverguide/C/virtualization.xml:870(para)
5236
#: serverguide/C/virtualization.xml:862(para)
4937
5237
msgid ""
4938
5238
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4939
5239
"PPA (personal package archive) address so that it is added to the VM "
4941
5241
"to the command line:"
4942
5242
msgstr ""
4943
5243
4944
#: serverguide/C/virtualization.xml:876(command)
4945
msgid ""
4946
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4947
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4948
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4949
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4950
"server --ppa nijaba"
4951
msgstr ""
4952
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4953
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4954
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4955
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4956
"server --ppa nijaba"
4957
4958
#: serverguide/C/virtualization.xml:883(title)
4959
msgid "OpenSSH"
4960
msgstr "OpenSSH"
4961
4962
#: serverguide/C/virtualization.xml:885(para)
4963
msgid ""
4964
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4965
"it will allow our admins to access the appliance remotely. However, pushing "
4966
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4967
"security risk as all these server will share the same secret key, making it "
4968
"very easy for hackers to target our appliance with all the tools they need "
4969
"to crack it open in a breeze. As for the user password, we will instead rely "
4970
"on a script that will install OpenSSH the first time a user logs in so that "
4971
"the key generated will be different for each appliance. For this we'll use a "
4972
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4973
"interaction."
4974
msgstr ""
4975
4976
#: serverguide/C/virtualization.xml:897(title)
5244
#: serverguide/C/virtualization.xml:868(command)
5245
msgid ""
5246
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils \\ --"
5247
"addpkg apache2.2-common --addpkg dbconfig-common --addpkg libapache2-mod-"
5248
"php5 \\ --addpkg mysql-client --addpkg php5-cli --addpkg php5-gd --addpkg "
5249
"php5-ldap \\ --addpkg php5-mysql --addpkg wwwconfig-common --addpkg mysql-"
5250
"server --ppa nijaba"
5251
msgstr ""
5252
5253
#: serverguide/C/virtualization.xml:876(title)
4977
5254
msgid "Speed Considerations"
4978
5255
msgstr "Consideraciones de velocidá"
4979
5256
4980
#: serverguide/C/virtualization.xml:900(title)
5257
#: serverguide/C/virtualization.xml:879(title)
4981
5258
msgid "Package Caching"
4982
5259
msgstr "Caché de paquetes"
4983
5260
4984
#: serverguide/C/virtualization.xml:902(para)
5261
#: serverguide/C/virtualization.xml:881(para)
4985
5262
msgid ""
4986
5263
"When vmbuilder creates builds your system, it has to go fetch each one of "
4987
5264
"the packages that composes it over the network to one of the official "
4994
5271
"we will pick in this tutorial. To install it, simply type:"
4995
5272
msgstr ""
4996
5273
4997
#: serverguide/C/virtualization.xml:912(command)
5274
#: serverguide/C/virtualization.xml:891(command)
4998
5275
msgid "sudo apt-get install apt-proxy"
4999
5276
msgstr "sudo apt-get install apt-proxy"
5000
5277
5001
#: serverguide/C/virtualization.xml:915(para)
5278
#: serverguide/C/virtualization.xml:894(para)
5002
5279
msgid ""
5003
5280
"Once this is complete, your (empty) proxy is ready for use on "
5004
5281
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
5006
5283
"option:"
5007
5284
msgstr ""
5008
5285
5009
#: serverguide/C/virtualization.xml:920(programlisting)
5286
#: serverguide/C/virtualization.xml:899(programlisting)
5010
5287
#, no-wrap
5011
5288
msgid ""
5012
5289
"\n"
5016
5293
" otherwise\n"
5017
5294
msgstr ""
5018
5295
5019
#: serverguide/C/virtualization.xml:927(para)
5296
#: serverguide/C/virtualization.xml:906(para)
5020
5297
msgid "So we add to the command line:"
5021
5298
msgstr ""
5022
5299
5023
#: serverguide/C/virtualization.xml:932(command)
5300
#: serverguide/C/virtualization.xml:911(command)
5024
5301
msgid "--mirror http://mirroraddress:9999/ubuntu"
5025
5302
msgstr "--mirror http://mirroraddress:9999/ubuntu"
5026
5303
5027
#: serverguide/C/virtualization.xml:936(para)
5304
#: serverguide/C/virtualization.xml:915(para)
5028
5305
msgid ""
5029
5306
"The mirror address specified here will also be used in the "
5030
5307
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
5031
5308
"is useful to specify here an address that can be resolved by the guest or to "
5032
"plan on reseting this address later on, such as in a <emphasis>--"
5033
"firstboot</emphasis> script."
5309
"plan on reseting this address later on."
5034
5310
msgstr ""
5035
5311
5036
#: serverguide/C/virtualization.xml:945(title)
5312
#: serverguide/C/virtualization.xml:924(title)
5037
5313
msgid "Install a Local Mirror"
5038
5314
msgstr "Instalar una réplica llocal"
5039
5315
5040
#: serverguide/C/virtualization.xml:947(para)
5316
#: serverguide/C/virtualization.xml:926(para)
5041
5317
msgid ""
5042
5318
"If we are in a larger environment, it may make sense to setup a local mirror "
5043
5319
"of the Ubuntu repositories. The package apt-mirror provides you with a "
5045
5321
"about 20 gigabyte of free space per supported release and architecture."
5046
5322
msgstr ""
5047
5323
5048
#: serverguide/C/virtualization.xml:953(para)
5324
#: serverguide/C/virtualization.xml:932(para)
5049
5325
msgid ""
5050
5326
"By default, <application>apt-mirror</application> uses the configuration "
5051
5327
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
5053
5329
"support other architectures on your mirror, simply duplicate the lines "
5054
5330
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
5055
5331
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
5056
"archives as well, you will have:"
5332
"archives as well, you will have (some lines have been split to fit the "
5333
"format of this document):"
5057
5334
msgstr ""
5058
5335
5059
#: serverguide/C/virtualization.xml:960(programlisting)
5336
#: serverguide/C/virtualization.xml:940(programlisting)
5060
5337
#, no-wrap
5061
5338
msgid ""
5062
5339
"\n"
5063
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
5340
"deb http://archive.ubuntu.com/ubuntu precise main restricted universe "
5064
5341
"multiverse \n"
5065
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
5066
"universe multiverse\n"
5067
"\n"
5068
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5069
"universe multiverse \n"
5070
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5071
"universe multiverse \n"
5072
"\n"
5073
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
5074
"universe multiverse \n"
5075
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
5076
"restricted universe multiverse \n"
5077
"\n"
5078
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
5079
"universe multiverse \n"
5080
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
5081
"restricted universe multiverse \n"
5082
"\n"
5083
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5084
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5342
"/deb-i386 http://archive.ubuntu.com/ubuntu precise main restricted universe "
5343
"multiverse\n"
5344
"\n"
5345
"deb http://archive.ubuntu.com/ubuntu precise-updates main restricted "
5346
"universe multiverse \n"
5347
"/deb-i386 http://archive.ubuntu.com/ubuntu precise-updates main\n"
5348
" restricted universe multiverse \n"
5349
"\n"
5350
"deb http://archive.ubuntu.com/ubuntu/ precise-backports main restricted "
5351
"universe multiverse \n"
5352
"/deb-i386 http://archive.ubuntu.com/ubuntu precise-backports main\n"
5353
" restricted universe multiverse \n"
5354
"\n"
5355
"deb http://security.ubuntu.com/ubuntu precise-security main restricted "
5356
"universe multiverse \n"
5357
"/deb-i386 http://security.ubuntu.com/ubuntu precise-security main\n"
5358
" restricted universe multiverse \n"
5359
"\n"
5360
"deb http://archive.ubuntu.com/ubuntu precise main/debian-installer\n"
5361
" restricted/debian-installer universe/debian-installer multiverse/debian-"
5085
5362
"installer \n"
5086
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5087
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5363
"/deb-i386 http://archive.ubuntu.com/ubuntu precise main/debian-installer\n"
5364
" restricted/debian-installer universe/debian-installer multiverse/debian-"
5088
5365
"installer \n"
5089
5366
msgstr ""
5090
5367
5091
#: serverguide/C/virtualization.xml:977(para)
5368
#: serverguide/C/virtualization.xml:962(para)
5092
5369
msgid ""
5093
5370
"Notice that the source packages are not mirrored as they are seldom used "
5094
5371
"compared to the binaries and they do take a lot more space, but they can be "
5095
5372
"easily added to the list."
5096
5373
msgstr ""
5097
5374
5098
#: serverguide/C/virtualization.xml:982(para)
5375
#: serverguide/C/virtualization.xml:967(para)
5099
5376
msgid ""
5100
5377
"Once the mirror has finished replicating (and this can be quite long), you "
5101
5378
"need to configure Apache so that your mirror files (in "
5104
5381
"Apache see <xref linkend=\"httpd\"/>."
5105
5382
msgstr ""
5106
5383
5107
#: serverguide/C/virtualization.xml:991(title)
5108
msgid "Installing in a RAM Disk"
5109
msgstr "Instalar nun discu RAM"
5110
5111
#: serverguide/C/virtualization.xml:993(para)
5112
msgid ""
5113
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
5114
"faster than writing to disk. If you have some free memory, letting vmbuilder "
5115
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
5116
"-tmpfs</emphasis> will help you do just that:"
5117
msgstr ""
5118
5119
#: serverguide/C/virtualization.xml:999(programlisting)
5120
#, no-wrap
5121
msgid ""
5122
"\n"
5123
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
5124
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
5125
msgstr ""
5126
5127
#: serverguide/C/virtualization.xml:1004(para)
5128
msgid ""
5129
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
5130
"have 1G of free ram."
5131
msgstr ""
5132
5133
#: serverguide/C/virtualization.xml:1011(title)
5384
#: serverguide/C/virtualization.xml:977(title)
5134
5385
msgid "Package the Application"
5135
5386
msgstr "Empaquetar l'aplicación"
5136
5387
5137
#: serverguide/C/virtualization.xml:1013(para)
5388
#: serverguide/C/virtualization.xml:979(para)
5138
5389
msgid "Two option are available to us:"
5139
5390
msgstr ""
5140
5391
5141
#: serverguide/C/virtualization.xml:1019(para)
5392
#: serverguide/C/virtualization.xml:985(para)
5142
5393
msgid ""
5143
5394
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
5144
5395
"package. Since this is outside of the scope of this tutorial, we will not "
5151
5402
"a tutorial on this."
5152
5403
msgstr ""
5153
5404
5154
#: serverguide/C/virtualization.xml:1028(para)
5405
#: serverguide/C/virtualization.xml:994(para)
5155
5406
msgid ""
5156
5407
"Manually install the application under <filename>/opt</filename> as "
5157
5408
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
5158
5409
"guidelines</ulink>."
5159
5410
msgstr ""
5160
5411
5161
#: serverguide/C/virtualization.xml:1035(para)
5412
#: serverguide/C/virtualization.xml:1001(para)
5162
5413
msgid ""
5163
5414
"In our case we'll use <application>Limesurvey</application> as example web "
5164
5415
"application for which we wish to provide a virtual appliance. As noted "
5166
5417
"Package Archive)."
5167
5418
msgstr ""
5168
5419
5169
#: serverguide/C/virtualization.xml:1042(title)
5170
msgid "Finishing Install"
5171
msgstr "Acabar la instalación"
5172
5173
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
5174
msgid "First Boot"
5175
msgstr "Primer arranque"
5176
5177
#: serverguide/C/virtualization.xml:1047(para)
5178
msgid ""
5179
"As we mentioned earlier, the first time the machine boots we'll need to "
5180
"install <application>openssh-server</application> so that the key generated "
5181
"for it is unique for each machine. To do this, we'll write a script called "
5182
"<filename>boot.sh</filename> as follows:"
5183
msgstr ""
5184
5185
#: serverguide/C/virtualization.xml:1053(programlisting)
5186
#, no-wrap
5187
msgid ""
5188
"\n"
5189
"# This script will run the first time the virtual machine boots\n"
5190
"# It is ran as root.\n"
5191
"\n"
5192
"apt-get update\n"
5193
"apt-get install -qqy --force-yes openssh-server\n"
5194
msgstr ""
5195
5196
#: serverguide/C/virtualization.xml:1061(para)
5197
msgid ""
5198
"And we add the <command>--firstboot boot.sh</command> option to our command "
5199
"line."
5200
msgstr ""
5201
5202
#: serverguide/C/virtualization.xml:1067(title)
5203
msgid "First Login"
5204
msgstr "Primera entrada"
5205
5206
#: serverguide/C/virtualization.xml:1069(para)
5207
msgid ""
5208
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5209
"set them up the first time a user logs in using a script named login.sh. "
5210
"We'll also use this script to let the user specify:"
5211
msgstr ""
5212
5213
#: serverguide/C/virtualization.xml:1075(para)
5214
msgid "His own password"
5215
msgstr "La to propia contraseña"
5216
5217
#: serverguide/C/virtualization.xml:1076(para)
5218
msgid "Define the keyboard and other locale info he wants to use"
5219
msgstr ""
5220
5221
#: serverguide/C/virtualization.xml:1079(para)
5222
msgid "So we'll define <filename>login.sh</filename> as follows:"
5223
msgstr ""
5224
5225
#: serverguide/C/virtualization.xml:1083(programlisting)
5226
#, no-wrap
5227
msgid ""
5228
"\n"
5229
"# This script is ran the first time a user logs in\n"
5230
"\n"
5231
"echo \"Your appliance is about to be finished to be set up.\"\n"
5232
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5233
"echo \"starting by changing your user password.\"\n"
5234
"\n"
5235
"passwd\n"
5236
"\n"
5237
"#give the opportunity to change the keyboard\n"
5238
"sudo dpkg-reconfigure console-setup\n"
5239
"\n"
5240
"#configure the mysql server root password\n"
5241
"sudo dpkg-reconfigure mysql-server-5.0\n"
5242
"\n"
5243
"#install limesurvey\n"
5244
"sudo apt-get install -qqy --force-yes limesurvey\n"
5245
"\n"
5246
"echo \"Your appliance is now configured. To use it point your\"\n"
5247
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5248
msgstr ""
5249
5250
#: serverguide/C/virtualization.xml:1105(para)
5251
msgid ""
5252
"And we add the <command>--firstlogin login.sh</command> option to our "
5253
"command line."
5254
msgstr ""
5255
5256
#: serverguide/C/virtualization.xml:1112(title)
5420
#: serverguide/C/virtualization.xml:1008(title)
5257
5421
msgid "Useful Additions"
5258
5422
msgstr "Sumes útiles"
5259
5423
5260
#: serverguide/C/virtualization.xml:1115(title)
5424
#: serverguide/C/virtualization.xml:1011(title)
5261
5425
msgid "Configuring Automatic Updates"
5262
5426
msgstr "Configurar anovamientos automáticos"
5263
5427
5264
#: serverguide/C/virtualization.xml:1117(para)
5428
#: serverguide/C/virtualization.xml:1013(para)
5265
5429
msgid ""
5266
5430
"To have your system be configured to update itself on a regular basis, we "
5267
5431
"will just install <application>unattended-upgrades</application>, so we add "
5268
5432
"the following option to our command line:"
5269
5433
msgstr ""
5270
5434
5271
#: serverguide/C/virtualization.xml:1123(command)
5435
#: serverguide/C/virtualization.xml:1019(command)
5272
5436
msgid "--addpkg unattended-upgrades"
5273
5437
msgstr "--addpkg unattended-upgrades"
5274
5438
5275
#: serverguide/C/virtualization.xml:1126(para)
5439
#: serverguide/C/virtualization.xml:1022(para)
5276
5440
msgid ""
5277
5441
"As we have put our application package in a PPA, the process will update not "
5278
5442
"only the system, but also the application each time we update the version in "
5279
5443
"the PPA."
5280
5444
msgstr ""
5281
5445
5282
#: serverguide/C/virtualization.xml:1133(title)
5446
#: serverguide/C/virtualization.xml:1029(title)
5283
5447
msgid "ACPI Event Handling"
5284
5448
msgstr "Remanamientu d'eventu ACPI"
5285
5449
5286
#: serverguide/C/virtualization.xml:1135(para)
5450
#: serverguide/C/virtualization.xml:1031(para)
5287
5451
msgid ""
5288
5452
"For your virtual machine to be able to handle restart and shutdown events it "
5289
5453
"is being sent, it is a good idea to install the acpid package as well. To do "
5290
5454
"this we just add the following option:"
5291
5455
msgstr ""
5292
5456
5293
#: serverguide/C/virtualization.xml:1141(command)
5457
#: serverguide/C/virtualization.xml:1037(command)
5294
5458
msgid "--addpkg acpid"
5295
5459
msgstr ""
5296
5460
5297
#: serverguide/C/virtualization.xml:1147(title)
5461
#: serverguide/C/virtualization.xml:1043(title)
5298
5462
msgid "Final Command"
5299
5463
msgstr ""
5300
5464
5301
#: serverguide/C/virtualization.xml:1149(para)
5465
#: serverguide/C/virtualization.xml:1045(para)
5302
5466
msgid "Here is the command with all the options discussed above:"
5303
5467
msgstr ""
5304
5468
5305
#: serverguide/C/virtualization.xml:1154(command)
5469
#: serverguide/C/virtualization.xml:1050(command)
5306
5470
msgid ""
5307
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5308
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5309
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5310
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5311
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5312
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5313
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5314
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5315
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5316
"firstlogin login.sh"
5471
"sudo vmbuilder kvm ubuntu --suite precise --flavour virtual --arch i386 -o \\"
5472
" --libvirt qemu:///system --ip 192.168.0.100 --hostname myvm \\ --part "
5473
"vmbuilder.partition --user user --name user --pass default \\ --addpkg "
5474
"apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils \\ --addpkg "
5475
"apache2.2-common --addpkg dbconfig-common \\ --addpkg libapache2-mod-php5 --"
5476
"addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap "
5477
"--addpkg php5-mysql \\ --addpkg wwwconfig-common --addpkg mysql-server \\ --"
5478
"addpkg unattended-upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5479
"http://mirroraddress:9999/ubuntu"
5317
5480
msgstr ""
5318
5481
5319
#: serverguide/C/virtualization.xml:1169(para)
5482
#: serverguide/C/virtualization.xml:1066(para)
5320
5483
msgid ""
5321
5484
"If you are interested in learning more, have questions or suggestions, "
5322
5485
"please contact the Ubuntu Server Team at:"
5323
5486
msgstr ""
5324
5487
5325
#: serverguide/C/virtualization.xml:1174(para)
5488
#: serverguide/C/virtualization.xml:1071(para)
5326
5489
msgid "IRC: #ubuntu-server on freenode"
5327
5490
msgstr ""
5328
5491
5329
#: serverguide/C/virtualization.xml:1179(para)
5492
#: serverguide/C/virtualization.xml:1076(para)
5330
5493
msgid ""
5331
5494
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5332
5495
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5333
5496
msgstr ""
5334
5497
5335
#: serverguide/C/virtualization.xml:1184(para)
5498
#: serverguide/C/virtualization.xml:1081(para)
5336
5499
msgid ""
5337
5500
"Also, see the <ulink "
5338
5501
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5339
5502
"Wiki</ulink> page."
5340
5503
msgstr ""
5341
5504
5342
#: serverguide/C/virtualization.xml:1192(title)
5505
#: serverguide/C/virtualization.xml:1089(title)
5343
5506
msgid "UEC"
5344
5507
msgstr ""
5345
5508
5346
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5509
#: serverguide/C/virtualization.xml:1092(title) serverguide/C/virtualization.xml:2123(title) serverguide/C/network-auth.xml:2713(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:919(title) serverguide/C/dns.xml:64(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:547(title)
5347
5510
msgid "Overview"
5348
5511
msgstr ""
5349
5512
5350
#: serverguide/C/virtualization.xml:1197(para)
5513
#: serverguide/C/virtualization.xml:1095(para)
5514
msgid ""
5515
"UEC (Ubuntu Enterprise Cloud) is now depracated in favour of UC (Ubuntu "
5516
"Cloud). The former is based on Eucalyptus and the latter is based on "
5517
"Openstack. This section of the guide will be removed in future iterations."
5518
msgstr ""
5519
5520
#: serverguide/C/virtualization.xml:1101(para)
5351
5521
msgid ""
5352
5522
"This tutorial covers <application>UEC</application> installation from the "
5353
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5354
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5355
"and one or more nodes attached."
5523
"Ubuntu 12.04 LTS Server Edition CD, and assumes a basic network topology, "
5524
"with a single system serving as the <emphasis>\"all-in-one "
5525
"controller\"</emphasis>, and one or more nodes attached."
5356
5526
msgstr ""
5357
5527
5358
#: serverguide/C/virtualization.xml:1202(para)
5528
#: serverguide/C/virtualization.xml:1106(para)
5359
5529
msgid ""
5360
5530
"From this Tutorial you will learn how to install, configure, register and "
5361
5531
"perform several operations on a basic <application>UEC</application> setup "
5365
5535
"private compute cloud."
5366
5536
msgstr ""
5367
5537
5368
#: serverguide/C/virtualization.xml:1210(title)
5538
#: serverguide/C/virtualization.xml:1114(title) serverguide/C/virtualization.xml:2132(title)
5369
5539
msgid "Prerequisites"
5370
5540
msgstr ""
5371
5541
5372
#: serverguide/C/virtualization.xml:1212(para)
5542
#: serverguide/C/virtualization.xml:1116(para)
5373
5543
msgid ""
5374
5544
"To deploy a minimal cloud infrastructure, you’ll need at least "
5375
5545
"<emphasis>two</emphasis> dedicated systems:"
5376
5546
msgstr ""
5377
5547
5378
#: serverguide/C/virtualization.xml:1218(para)
5548
#: serverguide/C/virtualization.xml:1122(para)
5379
5549
msgid "A front end."
5380
5550
msgstr ""
5381
5551
5382
#: serverguide/C/virtualization.xml:1223(para)
5552
#: serverguide/C/virtualization.xml:1127(para)
5383
5553
msgid "One or more node(s)."
5384
5554
msgstr ""
5385
5555
5386
#: serverguide/C/virtualization.xml:1229(para)
5556
#: serverguide/C/virtualization.xml:1133(para)
5387
5557
msgid ""
5388
5558
"The following are recommendations, rather than fixed requirements. However, "
5389
5559
"our experience in developing this documentation indicated the following "
5390
5560
"suggestions."
5391
5561
msgstr ""
5392
5562
5393
#: serverguide/C/virtualization.xml:1234(title)
5563
#: serverguide/C/virtualization.xml:1138(title)
5394
5564
msgid "Front End Requirements"
5395
5565
msgstr ""
5396
5566
5397
#: serverguide/C/virtualization.xml:1236(para)
5567
#: serverguide/C/virtualization.xml:1140(para)
5398
5568
msgid "Use the following table for a system that will run one or more of:"
5399
5569
msgstr ""
5400
5570
5401
#: serverguide/C/virtualization.xml:1241(para)
5571
#: serverguide/C/virtualization.xml:1145(para)
5402
5572
msgid "Cloud Controller (CLC)"
5403
5573
msgstr ""
5404
5574
5405
#: serverguide/C/virtualization.xml:1242(para)
5575
#: serverguide/C/virtualization.xml:1146(para)
5406
5576
msgid "Cluster Controller (CC)"
5407
5577
msgstr ""
5408
5578
5409
#: serverguide/C/virtualization.xml:1243(para)
5579
#: serverguide/C/virtualization.xml:1147(para)
5410
5580
msgid "Walrus (the S3-like storage service)"
5411
5581
msgstr ""
5412
5582
5413
#: serverguide/C/virtualization.xml:1244(para)
5583
#: serverguide/C/virtualization.xml:1148(para)
5414
5584
msgid "Storage Controller (SC)"
5415
5585
msgstr ""
5416
5586
5417
#: serverguide/C/virtualization.xml:1248(title)
5587
#: serverguide/C/virtualization.xml:1163(title)
5418
5588
msgid "UEC Front End Requirements"
5419
5589
msgstr ""
5420
5590
5421
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5591
#: serverguide/C/virtualization.xml:1171(para) serverguide/C/virtualization.xml:1233(para)
5422
5592
msgid "Hardware"
5423
5593
msgstr ""
5424
5594
5425
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5595
#: serverguide/C/virtualization.xml:1172(para) serverguide/C/virtualization.xml:1234(para)
5426
5596
msgid "Minimum"
5427
5597
msgstr ""
5428
5598
5429
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5599
#: serverguide/C/virtualization.xml:1173(para) serverguide/C/virtualization.xml:1235(para)
5430
5600
msgid "Suggested"
5431
5601
msgstr ""
5432
5602
5433
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5603
#: serverguide/C/virtualization.xml:1174(para) serverguide/C/virtualization.xml:1236(para)
5434
5604
msgid "Notes"
5435
5605
msgstr ""
5436
5606
5437
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5607
#: serverguide/C/virtualization.xml:1179(para) serverguide/C/virtualization.xml:1241(para) serverguide/C/installation.xml:38(para)
5438
5608
msgid "CPU"
5439
5609
msgstr ""
5440
5610
5441
#: serverguide/C/virtualization.xml:1265(para)
5611
#: serverguide/C/virtualization.xml:1180(para)
5442
5612
msgid "1 GHz"
5443
5613
msgstr ""
5444
5614
5445
#: serverguide/C/virtualization.xml:1266(para)
5615
#: serverguide/C/virtualization.xml:1181(para)
5446
5616
msgid "2 x 2 GHz"
5447
5617
msgstr ""
5448
5618
5449
#: serverguide/C/virtualization.xml:1267(para)
5619
#: serverguide/C/virtualization.xml:1182(para)
5450
5620
msgid ""
5451
5621
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5452
5622
"a dual core processor."
5453
5623
msgstr ""
5454
5624
5455
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5625
#: serverguide/C/virtualization.xml:1185(para) serverguide/C/virtualization.xml:1247(para)
5456
5626
msgid "Memory"
5457
5627
msgstr ""
5458
5628
5459
#: serverguide/C/virtualization.xml:1271(para)
5629
#: serverguide/C/virtualization.xml:1186(para)
5460
5630
msgid "2 GB"
5461
5631
msgstr ""
5462
5632
5463
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5633
#: serverguide/C/virtualization.xml:1187(para) serverguide/C/virtualization.xml:1249(para)
5464
5634
msgid "4 GB"
5465
5635
msgstr ""
5466
5636
5467
#: serverguide/C/virtualization.xml:1273(para)
5637
#: serverguide/C/virtualization.xml:1188(para)
5468
5638
msgid "The Java web front end benefits from lots of available memory."
5469
5639
msgstr ""
5470
5640
5471
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5641
#: serverguide/C/virtualization.xml:1191(para) serverguide/C/virtualization.xml:1253(para)
5472
5642
msgid "Disk"
5473
5643
msgstr ""
5474
5644
5475
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5645
#: serverguide/C/virtualization.xml:1192(para) serverguide/C/virtualization.xml:1254(para)
5476
5646
msgid "5400 RPM IDE"
5477
5647
msgstr ""
5478
5648
5479
#: serverguide/C/virtualization.xml:1278(para)
5649
#: serverguide/C/virtualization.xml:1193(para)
5480
5650
msgid "7200 RPM SATA"
5481
5651
msgstr ""
5482
5652
5483
#: serverguide/C/virtualization.xml:1279(para)
5653
#: serverguide/C/virtualization.xml:1194(para)
5484
5654
msgid ""
5485
5655
"Slower disks will work, but will yield much longer instance startup times."
5486
5656
msgstr ""
5487
5657
5488
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5658
#: serverguide/C/virtualization.xml:1197(para) serverguide/C/virtualization.xml:1259(para)
5489
5659
msgid "Disk Space"
5490
5660
msgstr ""
5491
5661
5492
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5662
#: serverguide/C/virtualization.xml:1198(para) serverguide/C/virtualization.xml:1260(para)
5493
5663
msgid "40 GB"
5494
5664
msgstr ""
5495
5665
5496
#: serverguide/C/virtualization.xml:1284(para)
5666
#: serverguide/C/virtualization.xml:1199(para)
5497
5667
msgid "200 GB"
5498
5668
msgstr ""
5499
5669
5500
#: serverguide/C/virtualization.xml:1285(para)
5670
#: serverguide/C/virtualization.xml:1200(para)
5501
5671
msgid ""
5502
5672
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5503
5673
"does not like to run out of disk space."
5504
5674
msgstr ""
5505
5675
5506
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5676
#: serverguide/C/virtualization.xml:1203(para) serverguide/C/virtualization.xml:1265(para) serverguide/C/network-config.xml:13(title)
5507
5677
msgid "Networking"
5508
5678
msgstr ""
5509
5679
5510
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5680
#: serverguide/C/virtualization.xml:1204(para) serverguide/C/virtualization.xml:1266(para)
5511
5681
msgid "100 Mbps"
5512
5682
msgstr ""
5513
5683
5514
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5684
#: serverguide/C/virtualization.xml:1205(para) serverguide/C/virtualization.xml:1267(para)
5515
5685
msgid "1000 Mbps"
5516
5686
msgstr ""
5517
5687
5518
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5688
#: serverguide/C/virtualization.xml:1206(para) serverguide/C/virtualization.xml:1268(para)
5519
5689
msgid ""
5520
5690
"Machine images are hundreds of MB, and need to be copied over the network to "
5521
5691
"nodes."
5522
5692
msgstr ""
5523
5693
5524
#: serverguide/C/virtualization.xml:1299(title)
5694
#: serverguide/C/virtualization.xml:1214(title)
5525
5695
msgid "Node Requirements"
5526
5696
msgstr ""
5527
5697
5528
#: serverguide/C/virtualization.xml:1301(para)
5529
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5698
#: serverguide/C/virtualization.xml:1216(para)
5699
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run:"
5530
5700
msgstr ""
5531
5701
5532
#: serverguide/C/virtualization.xml:1306(para)
5702
#: serverguide/C/virtualization.xml:1221(para)
5533
5703
msgid "the Node Controller (NC)"
5534
5704
msgstr ""
5535
5705
5536
#: serverguide/C/virtualization.xml:1310(title)
5706
#: serverguide/C/virtualization.xml:1225(title)
5537
5707
msgid "UEC Node Requirements"
5538
5708
msgstr ""
5539
5709
5540
#: serverguide/C/virtualization.xml:1327(para)
5710
#: serverguide/C/virtualization.xml:1242(para)
5541
5711
msgid "VT Extensions"
5542
5712
msgstr ""
5543
5713
5544
#: serverguide/C/virtualization.xml:1328(para)
5714
#: serverguide/C/virtualization.xml:1243(para)
5545
5715
msgid "VT, 64-bit, Multicore"
5546
5716
msgstr ""
5547
5717
5548
#: serverguide/C/virtualization.xml:1329(para)
5718
#: serverguide/C/virtualization.xml:1244(para)
5549
5719
msgid ""
5550
5720
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5551
5721
"only run 1 VM per CPU core on a Node."
5552
5722
msgstr ""
5553
5723
5554
#: serverguide/C/virtualization.xml:1333(para)
5724
#: serverguide/C/virtualization.xml:1248(para)
5555
5725
msgid "1 GB"
5556
5726
msgstr ""
5557
5727
5558
#: serverguide/C/virtualization.xml:1335(para)
5728
#: serverguide/C/virtualization.xml:1250(para)
5559
5729
msgid "Additional memory means more, and larger guests."
5560
5730
msgstr ""
5561
5731
5562
#: serverguide/C/virtualization.xml:1340(para)
5732
#: serverguide/C/virtualization.xml:1255(para)
5563
5733
msgid "7200 RPM SATA or SCSI"
5564
5734
msgstr ""
5565
5735
5566
#: serverguide/C/virtualization.xml:1341(para)
5736
#: serverguide/C/virtualization.xml:1256(para)
5567
5737
msgid ""
5568
5738
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5569
5739
"bottleneck."
5570
5740
msgstr ""
5571
5741
5572
#: serverguide/C/virtualization.xml:1346(para)
5742
#: serverguide/C/virtualization.xml:1261(para)
5573
5743
msgid "100 GB"
5574
5744
msgstr ""
5575
5745
5576
#: serverguide/C/virtualization.xml:1347(para)
5746
#: serverguide/C/virtualization.xml:1262(para)
5577
5747
msgid ""
5578
5748
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5579
5749
"space."
5580
5750
msgstr ""
5581
5751
5582
#: serverguide/C/virtualization.xml:1363(title)
5752
#: serverguide/C/virtualization.xml:1278(title)
5583
5753
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5584
5754
msgstr ""
5585
5755
5586
#: serverguide/C/virtualization.xml:1367(para)
5587
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
5756
#: serverguide/C/virtualization.xml:1282(para)
5757
msgid "Download the Ubuntu 12.04 LTS Server ISO file, and burn it to a CD."
5588
5758
msgstr ""
5589
5759
5590
#: serverguide/C/virtualization.xml:1372(para)
5760
#: serverguide/C/virtualization.xml:1287(para)
5591
5761
msgid ""
5592
5762
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
5593
5763
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
5594
5764
"components are present."
5595
5765
msgstr ""
5596
5766
5597
#: serverguide/C/virtualization.xml:1377(para)
5767
#: serverguide/C/virtualization.xml:1292(para)
5598
5768
msgid ""
5599
5769
"You can then choose which components to install, based on your chosen <ulink "
5600
5770
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
5601
5771
msgstr ""
5602
5772
5603
#: serverguide/C/virtualization.xml:1382(para)
5773
#: serverguide/C/virtualization.xml:1297(para)
5604
5774
msgid ""
5605
5775
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5606
5776
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5607
5777
msgstr ""
5608
5778
5609
#: serverguide/C/virtualization.xml:1388(para)
5779
#: serverguide/C/virtualization.xml:1303(para)
5610
5780
msgid ""
5611
5781
"It will ask two other cloud-specific questions during the course of the "
5612
5782
"install:"
5613
5783
msgstr ""
5614
5784
5615
#: serverguide/C/virtualization.xml:1393(para)
5785
#: serverguide/C/virtualization.xml:1308(para)
5616
5786
msgid "Name of your cluster."
5617
5787
msgstr ""
5618
5788
5619
#: serverguide/C/virtualization.xml:1396(para)
5789
#: serverguide/C/virtualization.xml:1311(para)
5620
5790
msgid "e.g. <emphasis>cluster1</emphasis>."
5621
5791
msgstr ""
5622
5792
5623
#: serverguide/C/virtualization.xml:1399(para)
5793
#: serverguide/C/virtualization.xml:1314(para)
5624
5794
msgid ""
5625
5795
"A range of public IP addresses on the LAN that the cloud can allocate to "
5626
5796
"instances."
5627
5797
msgstr ""
5628
5798
5629
#: serverguide/C/virtualization.xml:1402(para)
5799
#: serverguide/C/virtualization.xml:1317(para)
5630
5800
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5631
5801
msgstr ""
5632
5802
5633
#: serverguide/C/virtualization.xml:1410(title)
5803
#: serverguide/C/virtualization.xml:1325(title)
5634
5804
msgid "Installing the Node Controller(s)"
5635
5805
msgstr ""
5636
5806
5637
#: serverguide/C/virtualization.xml:1412(para)
5807
#: serverguide/C/virtualization.xml:1327(para)
5638
5808
msgid ""
5639
5809
"The node controller install is even simpler. Just make sure that you are "
5640
5810
"connected to the network on which the cloud/cluster controller is already "
5641
5811
"running."
5642
5812
msgstr ""
5643
5813
5644
#: serverguide/C/virtualization.xml:1418(para)
5814
#: serverguide/C/virtualization.xml:1333(para)
5645
5815
msgid "Boot from the same ISO on the node(s)."
5646
5816
msgstr ""
5647
5817
5648
#: serverguide/C/virtualization.xml:1423(para)
5818
#: serverguide/C/virtualization.xml:1338(para)
5649
5819
msgid ""
5650
5820
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5651
5821
msgstr ""
5652
5822
5653
#: serverguide/C/virtualization.xml:1428(para)
5823
#: serverguide/C/virtualization.xml:1343(para)
5654
5824
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5655
5825
msgstr ""
5656
5826
5657
#: serverguide/C/virtualization.xml:1433(para)
5827
#: serverguide/C/virtualization.xml:1348(para)
5658
5828
msgid ""
5659
5829
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5660
5830
"install for you."
5661
5831
msgstr ""
5662
5832
5663
#: serverguide/C/virtualization.xml:1438(para)
5833
#: serverguide/C/virtualization.xml:1353(para)
5664
5834
msgid "Confirm the partitioning scheme."
5665
5835
msgstr ""
5666
5836
5667
#: serverguide/C/virtualization.xml:1443(para)
5837
#: serverguide/C/virtualization.xml:1358(para)
5668
5838
msgid ""
5669
5839
"The rest of the installation should proceed uninterrupted; complete the "
5670
5840
"installation and reboot the node."
5671
5841
msgstr ""
5672
5842
5673
#: serverguide/C/virtualization.xml:1451(title)
5843
#: serverguide/C/virtualization.xml:1366(title)
5674
5844
msgid "Register the Node(s)"
5675
5845
msgstr ""
5676
5846
5677
#: serverguide/C/virtualization.xml:1456(para)
5847
#: serverguide/C/virtualization.xml:1371(para)
5678
5848
msgid ""
5679
5849
"Nodes are the physical systems within <application>UEC</application> that "
5680
5850
"actually run the virtual machine instances of the cloud."
5681
5851
msgstr ""
5682
5852
5683
#: serverguide/C/virtualization.xml:1460(para)
5853
#: serverguide/C/virtualization.xml:1375(para)
5684
5854
msgid "All component registration should be automatic, assuming:"
5685
5855
msgstr ""
5686
5856
5687
#: serverguide/C/virtualization.xml:1466(para)
5857
#: serverguide/C/virtualization.xml:1381(para)
5688
5858
msgid "Public SSH keys have been exchanged properly."
5689
5859
msgstr ""
5690
5860
5691
#: serverguide/C/virtualization.xml:1471(para)
5861
#: serverguide/C/virtualization.xml:1386(para)
5692
5862
msgid "The services are configured properly."
5693
5863
msgstr ""
5694
5864
5695
#: serverguide/C/virtualization.xml:1476(para)
5865
#: serverguide/C/virtualization.xml:1391(para)
5696
5866
msgid ""
5697
5867
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
5698
5868
msgstr ""
5699
5869
5700
#: serverguide/C/virtualization.xml:1481(para)
5870
#: serverguide/C/virtualization.xml:1396(para)
5701
5871
msgid "Verify Registration."
5702
5872
msgstr ""
5703
5873
5704
#: serverguide/C/virtualization.xml:1487(para)
5874
#: serverguide/C/virtualization.xml:1402(para)
5705
5875
msgid ""
5706
5876
"Steps a to e should only be required if you're using the <ulink "
5707
5877
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
5710
5880
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
5711
5881
msgstr ""
5712
5882
5713
#: serverguide/C/virtualization.xml:1495(para)
5883
#: serverguide/C/virtualization.xml:1410(para)
5714
5884
msgid "Exchange Public Keys"
5715
5885
msgstr ""
5716
5886
5717
#: serverguide/C/virtualization.xml:1497(para)
5887
#: serverguide/C/virtualization.xml:1412(para)
5718
5888
msgid ""
5719
5889
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
5720
5890
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
5721
5891
"Controller as the eucalyptus user."
5722
5892
msgstr ""
5723
5893
5724
#: serverguide/C/virtualization.xml:1502(para)
5894
#: serverguide/C/virtualization.xml:1417(para)
5725
5895
msgid ""
5726
5896
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
5727
5897
"ssh key by:"
5728
5898
msgstr ""
5729
5899
5730
#: serverguide/C/virtualization.xml:1508(para)
5900
#: serverguide/C/virtualization.xml:1423(para)
5731
5901
msgid ""
5732
5902
"On the target controller, temporarily set a password for the eucalyptus user:"
5733
5903
msgstr ""
5734
5904
5735
#: serverguide/C/virtualization.xml:1512(command)
5905
#: serverguide/C/virtualization.xml:1427(command)
5736
5906
msgid "sudo passwd eucalyptus"
5737
5907
msgstr ""
5738
5908
5739
#: serverguide/C/virtualization.xml:1516(para)
5909
#: serverguide/C/virtualization.xml:1431(para)
5740
5910
msgid "Then, on the Cloud Controller:"
5741
5911
msgstr ""
5742
5912
5743
#: serverguide/C/virtualization.xml:1520(command)
5913
#: serverguide/C/virtualization.xml:1435(command)
5744
5914
msgid ""
5745
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
5915
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub \\ "
5746
5916
"eucalyptus@<IP_OF_NODE>"
5747
5917
msgstr ""
5748
5918
5749
#: serverguide/C/virtualization.xml:1524(para)
5919
#: serverguide/C/virtualization.xml:1440(para)
5750
5920
msgid ""
5751
5921
"You can now remove the password of the eucalyptus account on the target "
5752
5922
"controller, if you wish:"
5753
5923
msgstr ""
5754
5924
5755
#: serverguide/C/virtualization.xml:1528(command)
5925
#: serverguide/C/virtualization.xml:1444(command)
5756
5926
msgid "sudo passwd -d eucalyptus"
5757
5927
msgstr ""
5758
5928
5759
#: serverguide/C/virtualization.xml:1535(para)
5929
#: serverguide/C/virtualization.xml:1451(para)
5760
5930
msgid "Configuring the Services"
5761
5931
msgstr ""
5762
5932
5763
#: serverguide/C/virtualization.xml:1537(para)
5933
#: serverguide/C/virtualization.xml:1453(para)
5764
5934
msgid "On the <emphasis>Cloud Controller</emphasis>:"
5765
5935
msgstr ""
5766
5936
5767
#: serverguide/C/virtualization.xml:1543(para)
5937
#: serverguide/C/virtualization.xml:1459(para)
5768
5938
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
5769
5939
msgstr ""
5770
5940
5771
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
5941
#: serverguide/C/virtualization.xml:1463(para) serverguide/C/virtualization.xml:1491(para)
5772
5942
msgid ""
5773
5943
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
5774
5944
"cc.conf</filename>"
5775
5945
msgstr ""
5776
5946
5777
#: serverguide/C/virtualization.xml:1549(para)
5947
#: serverguide/C/virtualization.xml:1465(para)
5778
5948
msgid ""
5779
5949
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5780
5950
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5781
5951
"addresses."
5782
5952
msgstr ""
5783
5953
5784
#: serverguide/C/virtualization.xml:1556(para)
5954
#: serverguide/C/virtualization.xml:1472(para)
5785
5955
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
5786
5956
msgstr ""
5787
5957
5788
#: serverguide/C/virtualization.xml:1560(para)
5958
#: serverguide/C/virtualization.xml:1476(para)
5789
5959
msgid ""
5790
5960
"Define the shell variable WALRUS_IP_ADDR in "
5791
5961
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
5792
5962
"address."
5793
5963
msgstr ""
5794
5964
5795
#: serverguide/C/virtualization.xml:1565(para)
5965
#: serverguide/C/virtualization.xml:1481(para)
5796
5966
msgid "On the <emphasis>Cluster Controller</emphasis>:"
5797
5967
msgstr ""
5798
5968
5799
#: serverguide/C/virtualization.xml:1571(para)
5969
#: serverguide/C/virtualization.xml:1487(para)
5800
5970
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
5801
5971
msgstr ""
5802
5972
5803
#: serverguide/C/virtualization.xml:1577(para)
5973
#: serverguide/C/virtualization.xml:1493(para)
5804
5974
msgid ""
5805
5975
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
5806
5976
"ipaddr.conf</filename>, as a space separated list of one or more IP "
5807
5977
"addresses."
5808
5978
msgstr ""
5809
5979
5810
#: serverguide/C/virtualization.xml:1587(para)
5980
#: serverguide/C/virtualization.xml:1503(para)
5811
5981
msgid "Publish"
5812
5982
msgstr ""
5813
5983
5814
#: serverguide/C/virtualization.xml:1589(para)
5984
#: serverguide/C/virtualization.xml:1505(para)
5815
5985
msgid "Now start the publication services."
5816
5986
msgstr ""
5817
5987
5818
#: serverguide/C/virtualization.xml:1595(emphasis)
5988
#: serverguide/C/virtualization.xml:1511(emphasis)
5819
5989
msgid "Walrus Controller:"
5820
5990
msgstr ""
5821
5991
5822
#: serverguide/C/virtualization.xml:1597(command)
5992
#: serverguide/C/virtualization.xml:1513(command)
5823
5993
msgid "sudo start eucalyptus-walrus-publication"
5824
5994
msgstr ""
5825
5995
5826
#: serverguide/C/virtualization.xml:1601(emphasis)
5996
#: serverguide/C/virtualization.xml:1517(emphasis)
5827
5997
msgid "Cluster Controller:"
5828
5998
msgstr ""
5829
5999
5830
#: serverguide/C/virtualization.xml:1603(command)
6000
#: serverguide/C/virtualization.xml:1519(command)
5831
6001
msgid "sudo start eucalyptus-cc-publication"
5832
6002
msgstr ""
5833
6003
5834
#: serverguide/C/virtualization.xml:1607(emphasis)
6004
#: serverguide/C/virtualization.xml:1523(emphasis)
5835
6005
msgid "Storage Controller:"
5836
6006
msgstr ""
5837
6007
5838
#: serverguide/C/virtualization.xml:1609(command)
6008
#: serverguide/C/virtualization.xml:1525(command)
5839
6009
msgid "sudo start eucalyptus-sc-publication"
5840
6010
msgstr ""
5841
6011
5842
#: serverguide/C/virtualization.xml:1613(emphasis)
6012
#: serverguide/C/virtualization.xml:1529(emphasis)
5843
6013
msgid "Node Controller:"
5844
6014
msgstr ""
5845
6015
5846
#: serverguide/C/virtualization.xml:1615(command)
6016
#: serverguide/C/virtualization.xml:1531(command)
5847
6017
msgid "sudo start eucalyptus-nc-publication"
5848
6018
msgstr ""
5849
6019
5850
#: serverguide/C/virtualization.xml:1622(para)
6020
#: serverguide/C/virtualization.xml:1538(para)
5851
6021
msgid "Start the Listener"
5852
6022
msgstr ""
5853
6023
5854
#: serverguide/C/virtualization.xml:1624(para)
6024
#: serverguide/C/virtualization.xml:1540(para)
5855
6025
msgid ""
5856
6026
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
5857
6027
"Controller(s)</emphasis>, run:"
5858
6028
msgstr ""
5859
6029
5860
#: serverguide/C/virtualization.xml:1629(command)
6030
#: serverguide/C/virtualization.xml:1545(command)
5861
6031
msgid "sudo start uec-component-listener"
5862
6032
msgstr ""
5863
6033
5864
#: serverguide/C/virtualization.xml:1634(para)
6034
#: serverguide/C/virtualization.xml:1550(para)
5865
6035
msgid "Verify Registration"
5866
6036
msgstr ""
5867
6037
5868
#: serverguide/C/virtualization.xml:1637(command)
6038
#: serverguide/C/virtualization.xml:1553(command)
5869
6039
msgid "cat /var/log/eucalyptus/registration.log"
5870
6040
msgstr ""
5871
6041
5872
#: serverguide/C/virtualization.xml:1638(computeroutput)
6042
#: serverguide/C/virtualization.xml:1554(computeroutput)
5873
6043
#, no-wrap
5874
6044
msgid ""
5875
6045
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
5887
6057
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
5888
6058
msgstr ""
5889
6059
5890
#: serverguide/C/virtualization.xml:1649(para)
6060
#: serverguide/C/virtualization.xml:1565(para)
5891
6061
msgid "The output on your machine will vary from the example above."
5892
6062
msgstr ""
5893
6063
5894
#: serverguide/C/virtualization.xml:1659(title)
6064
#: serverguide/C/virtualization.xml:1575(title)
5895
6065
msgid "Obtain Credentials"
5896
6066
msgstr ""
5897
6067
5898
#: serverguide/C/virtualization.xml:1661(para)
6068
#: serverguide/C/virtualization.xml:1577(para)
5899
6069
msgid ""
5900
6070
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5901
6071
"users of the cloud will need to retrieve their credentials. This can be done "
5902
6072
"either through a web browser, or at the command line."
5903
6073
msgstr ""
5904
6074
5905
#: serverguide/C/virtualization.xml:1667(title)
6075
#: serverguide/C/virtualization.xml:1583(title)
5906
6076
msgid "From a Web Browser"
5907
6077
msgstr ""
5908
6078
5909
#: serverguide/C/virtualization.xml:1671(para)
6079
#: serverguide/C/virtualization.xml:1587(para)
5910
6080
msgid ""
5911
6081
"From your web browser (either remotely or on your Ubuntu server) access the "
5912
6082
"following URL:"
5913
6083
msgstr ""
5914
6084
5915
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
6085
#: serverguide/C/virtualization.xml:1590(programlisting) serverguide/C/virtualization.xml:1720(programlisting)
5916
6086
#, no-wrap
5917
6087
msgid ""
5918
6088
"\n"
5919
6089
"https://<cloud-controller-ip-address>:8443/\n"
5920
6090
msgstr ""
5921
6091
5922
#: serverguide/C/virtualization.xml:1679(para)
6092
#: serverguide/C/virtualization.xml:1595(para)
5923
6093
msgid ""
5924
6094
"You must use a secure connection, so make sure you use \"https\" not "
5925
6095
"\"http\" in your URL. You will get a security certificate warning. You will "
5927
6097
"not be able to view the Eucalyptus configuration page."
5928
6098
msgstr ""
5929
6099
5930
#: serverguide/C/virtualization.xml:1687(para)
6100
#: serverguide/C/virtualization.xml:1603(para)
5931
6101
msgid ""
5932
6102
"Use username <emphasis>'admin'</emphasis> and password "
5933
6103
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5934
6104
"to change your password)."
5935
6105
msgstr ""
5936
6106
5937
#: serverguide/C/virtualization.xml:1693(para)
6107
#: serverguide/C/virtualization.xml:1609(para)
5938
6108
msgid ""
5939
6109
"Then follow the on-screen instructions to update the admin password and "
5940
6110
"email address."
5941
6111
msgstr ""
5942
6112
5943
#: serverguide/C/virtualization.xml:1698(para)
6113
#: serverguide/C/virtualization.xml:1614(para)
5944
6114
msgid ""
5945
6115
"Once the first time configuration process is completed, click the "
5946
6116
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5947
6117
"the screen."
5948
6118
msgstr ""
5949
6119
5950
#: serverguide/C/virtualization.xml:1704(para)
6120
#: serverguide/C/virtualization.xml:1620(para)
5951
6121
msgid ""
5952
6122
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5953
6123
"certificates."
5954
6124
msgstr ""
5955
6125
5956
#: serverguide/C/virtualization.xml:1709(para)
6126
#: serverguide/C/virtualization.xml:1625(para)
5957
6127
msgid "Save them to <filename>~/.euca</filename>."
5958
6128
msgstr ""
5959
6129
5960
#: serverguide/C/virtualization.xml:1714(para)
6130
#: serverguide/C/virtualization.xml:1630(para)
5961
6131
msgid ""
5962
6132
"Unzip the downloaded zip file into a safe location "
5963
6133
"(<filename>~/.euca</filename>)."
5964
6134
msgstr ""
5965
6135
5966
#: serverguide/C/virtualization.xml:1718(command)
6136
#: serverguide/C/virtualization.xml:1634(command)
5967
6137
msgid "unzip -d ~/.euca mycreds.zip"
5968
6138
msgstr ""
5969
6139
5970
#: serverguide/C/virtualization.xml:1725(title)
6140
#: serverguide/C/virtualization.xml:1641(title)
5971
6141
msgid "From a Command Line"
5972
6142
msgstr ""
5973
6143
5974
#: serverguide/C/virtualization.xml:1729(para)
6144
#: serverguide/C/virtualization.xml:1645(para)
5975
6145
msgid ""
5976
6146
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5977
6147
"Controller</emphasis>, you can run:"
5978
6148
msgstr ""
5979
6149
5980
#: serverguide/C/virtualization.xml:1733(command)
6150
#: serverguide/C/virtualization.xml:1649(command)
5981
6151
msgid "mkdir -p ~/.euca"
5982
6152
msgstr ""
5983
6153
5984
#: serverguide/C/virtualization.xml:1734(command)
6154
#: serverguide/C/virtualization.xml:1650(command)
5985
6155
msgid "chmod 700 ~/.euca"
5986
6156
msgstr ""
5987
6157
5988
#: serverguide/C/virtualization.xml:1735(command)
6158
#: serverguide/C/virtualization.xml:1651(command)
5989
6159
msgid "cd ~/.euca"
5990
6160
msgstr ""
5991
6161
5992
#: serverguide/C/virtualization.xml:1736(command)
6162
#: serverguide/C/virtualization.xml:1652(command)
5993
6163
msgid "sudo euca_conf --get-credentials mycreds.zip"
5994
6164
msgstr ""
5995
6165
5996
#: serverguide/C/virtualization.xml:1737(command)
6166
#: serverguide/C/virtualization.xml:1653(command)
5997
6167
msgid "unzip mycreds.zip"
5998
6168
msgstr ""
5999
6169
6000
#: serverguide/C/virtualization.xml:1738(command)
6170
#: serverguide/C/virtualization.xml:1654(command)
6001
6171
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
6002
6172
msgstr ""
6003
6173
6004
#: serverguide/C/virtualization.xml:1739(command)
6174
#: serverguide/C/virtualization.xml:1655(command)
6005
6175
msgid "cd -"
6006
6176
msgstr ""
6007
6177
6008
#: serverguide/C/virtualization.xml:1746(title)
6178
#: serverguide/C/virtualization.xml:1662(title)
6009
6179
msgid "Extracting and Using Your Credentials"
6010
6180
msgstr ""
6011
6181
6012
#: serverguide/C/virtualization.xml:1748(para)
6182
#: serverguide/C/virtualization.xml:1664(para)
6013
6183
msgid ""
6014
6184
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
6015
6185
"certificates."
6016
6186
msgstr ""
6017
6187
6018
#: serverguide/C/virtualization.xml:1754(para)
6188
#: serverguide/C/virtualization.xml:1670(para)
6019
6189
msgid "Install the required cloud user tools:"
6020
6190
msgstr ""
6021
6191
6022
#: serverguide/C/virtualization.xml:1758(command)
6192
#: serverguide/C/virtualization.xml:1674(command)
6023
6193
msgid "sudo apt-get install euca2ools"
6024
6194
msgstr ""
6025
6195
6026
#: serverguide/C/virtualization.xml:1762(para)
6196
#: serverguide/C/virtualization.xml:1678(para)
6027
6197
msgid ""
6028
6198
"To validate that everything is working correctly, get the local cluster "
6029
6199
"availability details:"
6030
6200
msgstr ""
6031
6201
6032
#: serverguide/C/virtualization.xml:1766(command)
6202
#: serverguide/C/virtualization.xml:1682(command)
6033
6203
msgid ". ~/.euca/eucarc"
6034
6204
msgstr ""
6035
6205
6036
#: serverguide/C/virtualization.xml:1767(command)
6206
#: serverguide/C/virtualization.xml:1683(command)
6037
6207
msgid "euca-describe-availability-zones verbose"
6038
6208
msgstr ""
6039
6209
6040
#: serverguide/C/virtualization.xml:1768(computeroutput)
6210
#: serverguide/C/virtualization.xml:1684(computeroutput)
6041
6211
#, no-wrap
6042
6212
msgid ""
6043
6213
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
6049
6219
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
6050
6220
msgstr ""
6051
6221
6052
#: serverguide/C/virtualization.xml:1778(para)
6222
#: serverguide/C/virtualization.xml:1694(para)
6053
6223
msgid "Your output from the above command will vary."
6054
6224
msgstr ""
6055
6225
6056
#: serverguide/C/virtualization.xml:1788(title)
6226
#: serverguide/C/virtualization.xml:1704(title)
6057
6227
msgid "Install an Image from the Store"
6058
6228
msgstr ""
6059
6229
6060
#: serverguide/C/virtualization.xml:1790(para)
6230
#: serverguide/C/virtualization.xml:1706(para)
6061
6231
msgid ""
6062
6232
"The following is by far the simplest way to install an image. However, "
6063
6233
"advanced users may be interested in learning how to <ulink "
6065
6235
"own image</ulink>."
6066
6236
msgstr ""
6067
6237
6068
#: serverguide/C/virtualization.xml:1795(para)
6238
#: serverguide/C/virtualization.xml:1711(para)
6069
6239
msgid ""
6070
6240
"The simplest way to add an image to <application>UEC</application> is to "
6071
6241
"install it from the Image Store on the UEC web interface."
6072
6242
msgstr ""
6073
6243
6074
#: serverguide/C/virtualization.xml:1801(para)
6244
#: serverguide/C/virtualization.xml:1717(para)
6075
6245
msgid ""
6076
6246
"Access the web interface at the following URL (Make sure you specify https):"
6077
6247
msgstr ""
6078
6248
6079
#: serverguide/C/virtualization.xml:1809(para)
6249
#: serverguide/C/virtualization.xml:1725(para)
6080
6250
msgid ""
6081
6251
"Enter your login and password (if requested, as you may still be logged in "
6082
6252
"from earlier)."
6083
6253
msgstr ""
6084
6254
6085
#: serverguide/C/virtualization.xml:1814(para)
6255
#: serverguide/C/virtualization.xml:1730(para)
6086
6256
msgid "Click on the <emphasis>Store</emphasis> tab."
6087
6257
msgstr ""
6088
6258
6089
#: serverguide/C/virtualization.xml:1819(para)
6259
#: serverguide/C/virtualization.xml:1735(para)
6090
6260
msgid "Browse available images."
6091
6261
msgstr ""
6092
6262
6093
#: serverguide/C/virtualization.xml:1824(para)
6263
#: serverguide/C/virtualization.xml:1740(para)
6094
6264
msgid "Click on <emphasis>install</emphasis> for the image you want."
6095
6265
msgstr ""
6096
6266
6097
#: serverguide/C/virtualization.xml:1830(para)
6267
#: serverguide/C/virtualization.xml:1746(para)
6098
6268
msgid ""
6099
6269
"Once the image has been downloaded and installed, you can click on "
6100
6270
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
6103
6273
"tab."
6104
6274
msgstr ""
6105
6275
6106
#: serverguide/C/virtualization.xml:1838(title)
6276
#: serverguide/C/virtualization.xml:1754(title)
6107
6277
msgid "Run an Image"
6108
6278
msgstr ""
6109
6279
6110
#: serverguide/C/virtualization.xml:1840(para)
6280
#: serverguide/C/virtualization.xml:1756(para)
6111
6281
msgid "There are multiple ways to instantiate an image in UEC:"
6112
6282
msgstr ""
6113
6283
6114
#: serverguide/C/virtualization.xml:1845(para)
6284
#: serverguide/C/virtualization.xml:1761(para)
6115
6285
msgid "Use the command line."
6116
6286
msgstr ""
6117
6287
6118
#: serverguide/C/virtualization.xml:1846(para)
6288
#: serverguide/C/virtualization.xml:1762(para)
6119
6289
msgid ""
6120
6290
"Use one of the UEC compatible management tools such as "
6121
6291
"<emphasis>Landscape</emphasis>."
6122
6292
msgstr ""
6123
6293
6124
#: serverguide/C/virtualization.xml:1848(para)
6294
#: serverguide/C/virtualization.xml:1764(para)
6125
6295
msgid ""
6126
6296
"Use the <ulink "
6127
6297
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
6128
6298
"extension to Firefox."
6129
6299
msgstr ""
6130
6300
6131
#: serverguide/C/virtualization.xml:1854(para)
6301
#: serverguide/C/virtualization.xml:1770(para)
6132
6302
msgid "Here we will describe the process from the command line:"
6133
6303
msgstr ""
6134
6304
6135
#: serverguide/C/virtualization.xml:1860(para)
6305
#: serverguide/C/virtualization.xml:1776(para)
6136
6306
msgid ""
6137
6307
"Before running an instance of your image, you should first create a "
6138
6308
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
6140
6310
"do this once."
6141
6311
msgstr ""
6142
6312
6143
#: serverguide/C/virtualization.xml:1864(para)
6313
#: serverguide/C/virtualization.xml:1780(para)
6144
6314
msgid "Run the following command:"
6145
6315
msgstr ""
6146
6316
6147
#: serverguide/C/virtualization.xml:1867(programlisting)
6317
#: serverguide/C/virtualization.xml:1783(programlisting)
6148
6318
#, no-wrap
6149
6319
msgid ""
6150
6320
"\n"
6156
6326
"fi\n"
6157
6327
msgstr ""
6158
6328
6159
#: serverguide/C/virtualization.xml:1876(para)
6329
#: serverguide/C/virtualization.xml:1792(para)
6160
6330
msgid ""
6161
6331
"You can call your key whatever you like (in this example, the key is called "
6162
6332
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6164
6334
"a list of created keys stored in the system."
6165
6335
msgstr ""
6166
6336
6167
#: serverguide/C/virtualization.xml:1883(para)
6337
#: serverguide/C/virtualization.xml:1799(para)
6168
6338
msgid "You must also allow access to port 22 in your instances:"
6169
6339
msgstr ""
6170
6340
6171
#: serverguide/C/virtualization.xml:1887(command)
6341
#: serverguide/C/virtualization.xml:1803(command) serverguide/C/virtualization.xml:2386(command)
6172
6342
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6173
6343
msgstr ""
6174
6344
6175
#: serverguide/C/virtualization.xml:1891(para)
6345
#: serverguide/C/virtualization.xml:1807(para)
6176
6346
msgid "Next, you can create instances of your registered image:"
6177
6347
msgstr ""
6178
6348
6179
#: serverguide/C/virtualization.xml:1895(command)
6349
#: serverguide/C/virtualization.xml:1811(command)
6180
6350
msgid "euca-run-instances $EMI -k mykey -t m1.small"
6181
6351
msgstr ""
6182
6352
6183
#: serverguide/C/virtualization.xml:1898(para)
6353
#: serverguide/C/virtualization.xml:1814(para)
6184
6354
msgid ""
6185
6355
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6186
6356
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6187
6357
"on the <emphasis>Store</emphasis> page to see the sample command."
6188
6358
msgstr ""
6189
6359
6190
#: serverguide/C/virtualization.xml:1905(para)
6360
#: serverguide/C/virtualization.xml:1821(para)
6191
6361
msgid ""
6192
6362
"The first time you run an instance, the system will be setting up caches for "
6193
6363
"the image from which it will be created. This can often take some time the "
6194
6364
"first time an instance is run given that VM images are usually quite large."
6195
6365
msgstr ""
6196
6366
6197
#: serverguide/C/virtualization.xml:1909(para)
6367
#: serverguide/C/virtualization.xml:1825(para)
6198
6368
msgid "To monitor the state of your instance, run:"
6199
6369
msgstr ""
6200
6370
6201
#: serverguide/C/virtualization.xml:1913(command)
6371
#: serverguide/C/virtualization.xml:1829(command)
6202
6372
msgid "watch -n5 euca-describe-instances"
6203
6373
msgstr ""
6204
6374
6205
#: serverguide/C/virtualization.xml:1915(para)
6375
#: serverguide/C/virtualization.xml:1831(para)
6206
6376
msgid ""
6207
6377
"In the output, you should see information about the instance, including its "
6208
6378
"state. While first-time caching is being performed, the instance's state "
6209
6379
"will be <emphasis>'pending'</emphasis>."
6210
6380
msgstr ""
6211
6381
6212
#: serverguide/C/virtualization.xml:1921(para)
6382
#: serverguide/C/virtualization.xml:1837(para)
6213
6383
msgid ""
6214
6384
"When the instance is fully started, the above state will become "
6215
6385
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6216
6386
"instance in the output, then connect to it:"
6217
6387
msgstr ""
6218
6388
6219
#: serverguide/C/virtualization.xml:1926(command)
6389
#: serverguide/C/virtualization.xml:1842(command)
6220
6390
msgid ""
6221
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6222
"'{print $4}')"
6391
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | \\ tail -n1 | "
6392
"awk '{print $4}')"
6223
6393
msgstr ""
6224
6394
6225
#: serverguide/C/virtualization.xml:1927(command)
6395
#: serverguide/C/virtualization.xml:1844(command)
6226
6396
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6227
6397
msgstr ""
6228
6398
6229
#: serverguide/C/virtualization.xml:1931(para)
6399
#: serverguide/C/virtualization.xml:1848(para)
6230
6400
msgid ""
6231
6401
"And when you are done with this instance, exit your SSH connection, then "
6232
6402
"terminate your instance:"
6233
6403
msgstr ""
6234
6404
6235
#: serverguide/C/virtualization.xml:1935(command)
6405
#: serverguide/C/virtualization.xml:1852(command)
6236
6406
msgid ""
6237
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6238
"awk '{print $2}')"
6407
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | \\ tail -"
6408
"n1 | awk '{print $2}')"
6239
6409
msgstr ""
6240
6410
6241
#: serverguide/C/virtualization.xml:1936(command)
6411
#: serverguide/C/virtualization.xml:1854(command)
6242
6412
msgid "euca-terminate-instances $INSTANCEID"
6243
6413
msgstr ""
6244
6414
6245
#: serverguide/C/virtualization.xml:1944(para)
6415
#: serverguide/C/virtualization.xml:1860(title)
6416
msgid "First Boot"
6417
msgstr "Primer arranque"
6418
6419
#: serverguide/C/virtualization.xml:1862(para)
6246
6420
msgid ""
6247
6421
"The <application>cloud-init</application> package provides \"first boot\" "
6248
6422
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6250
6424
"particular instance. That includes things like:"
6251
6425
msgstr ""
6252
6426
6253
#: serverguide/C/virtualization.xml:1952(para)
6427
#: serverguide/C/virtualization.xml:1870(para)
6254
6428
msgid "Setting the hostname."
6255
6429
msgstr ""
6256
6430
6257
#: serverguide/C/virtualization.xml:1957(para)
6431
#: serverguide/C/virtualization.xml:1875(para)
6258
6432
msgid ""
6259
6433
"Putting the provided ssh public keys into "
6260
6434
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6261
6435
msgstr ""
6262
6436
6263
#: serverguide/C/virtualization.xml:1962(para)
6437
#: serverguide/C/virtualization.xml:1880(para)
6264
6438
msgid "Running a user provided script, or otherwise modifying the image."
6265
6439
msgstr ""
6266
6440
6267
#: serverguide/C/virtualization.xml:1968(para)
6441
#: serverguide/C/virtualization.xml:1886(para)
6268
6442
msgid ""
6269
6443
"Setting hostname and configuring a system so the person who launched it can "
6270
6444
"actually log into it are not terribly interesting. The interesting things "
6274
6448
"85\">user-data</ulink>."
6275
6449
msgstr ""
6276
6450
6277
#: serverguide/C/virtualization.xml:1974(para)
6451
#: serverguide/C/virtualization.xml:1892(para)
6278
6452
msgid "First, install the <application>cloud-init</application> package:"
6279
6453
msgstr ""
6280
6454
6281
#: serverguide/C/virtualization.xml:1979(command)
6455
#: serverguide/C/virtualization.xml:1897(command)
6282
6456
msgid "sudo apt-get install cloud-init"
6283
6457
msgstr ""
6284
6458
6285
#: serverguide/C/virtualization.xml:1982(para)
6459
#: serverguide/C/virtualization.xml:1900(para)
6286
6460
msgid ""
6287
6461
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6288
6462
"stored and executed as root late in the boot process of the instance's first "
6290
6464
"directed to the console."
6291
6465
msgstr ""
6292
6466
6293
#: serverguide/C/virtualization.xml:1987(para)
6467
#: serverguide/C/virtualization.xml:1905(para)
6294
6468
msgid ""
6295
6469
"For example, create a file named <filename>ud.txt</filename> containing:"
6296
6470
msgstr ""
6297
6471
6298
#: serverguide/C/virtualization.xml:1991(programlisting)
6472
#: serverguide/C/virtualization.xml:1909(programlisting)
6299
6473
#, no-wrap
6300
6474
msgid ""
6301
6475
"\n"
6304
6478
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6305
6479
msgstr ""
6306
6480
6307
#: serverguide/C/virtualization.xml:1997(para)
6481
#: serverguide/C/virtualization.xml:1915(para)
6308
6482
msgid ""
6309
6483
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6310
6484
msgstr ""
6311
6485
6312
#: serverguide/C/virtualization.xml:2002(command)
6486
#: serverguide/C/virtualization.xml:1920(command)
6313
6487
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6314
6488
msgstr ""
6315
6489
6316
#: serverguide/C/virtualization.xml:2005(para)
6490
#: serverguide/C/virtualization.xml:1923(para)
6317
6491
msgid ""
6318
6492
"Wait now for the system to come up and console to be available. To see the "
6319
6493
"result of the data file commands enter:"
6320
6494
msgstr ""
6321
6495
6322
#: serverguide/C/virtualization.xml:2010(command)
6496
#: serverguide/C/virtualization.xml:1928(command)
6323
6497
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6324
6498
msgstr ""
6325
6499
6326
#: serverguide/C/virtualization.xml:2011(computeroutput)
6500
#: serverguide/C/virtualization.xml:1929(computeroutput)
6327
6501
#, no-wrap
6328
6502
msgid ""
6329
6503
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6330
6504
"I have been up for 28.26 sec"
6331
6505
msgstr ""
6332
6506
6333
#: serverguide/C/virtualization.xml:2016(para)
6507
#: serverguide/C/virtualization.xml:1934(para)
6334
6508
msgid "Your output may vary."
6335
6509
msgstr ""
6336
6510
6337
#: serverguide/C/virtualization.xml:2021(para)
6511
#: serverguide/C/virtualization.xml:1939(para)
6338
6512
msgid ""
6339
6513
"The simple approach shown above gives a great deal of power. The user-data "
6340
6514
"can contain a script in any language where an interpreter already exists in "
6342
6516
")."
6343
6517
msgstr ""
6344
6518
6345
#: serverguide/C/virtualization.xml:2026(para)
6519
#: serverguide/C/virtualization.xml:1944(para)
6346
6520
msgid ""
6347
6521
"For many cases, the user may not be interested in writing a program. For "
6348
6522
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6351
6525
"config'</emphasis>."
6352
6526
msgstr ""
6353
6527
6354
#: serverguide/C/virtualization.xml:2031(para)
6528
#: serverguide/C/virtualization.xml:1949(para)
6355
6529
msgid ""
6356
"For example, create a text file named <filename>clout-config.txt</filename> "
6530
"For example, create a text file named <filename>cloud-config.txt</filename> "
6357
6531
"containing:"
6358
6532
msgstr ""
6359
6533
6360
#: serverguide/C/virtualization.xml:2035(programlisting)
6534
#: serverguide/C/virtualization.xml:1953(programlisting)
6361
6535
#, no-wrap
6362
6536
msgid ""
6363
6537
"\n"
6375
6549
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6376
6550
msgstr ""
6377
6551
6378
#: serverguide/C/virtualization.xml:2050(para)
6552
#: serverguide/C/virtualization.xml:1968(para)
6379
6553
msgid "Create a new instance:"
6380
6554
msgstr ""
6381
6555
6382
#: serverguide/C/virtualization.xml:2055(command)
6556
#: serverguide/C/virtualization.xml:1973(command)
6383
6557
msgid ""
6384
6558
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6385
6559
"config.txt"
6386
6560
msgstr ""
6387
6561
6388
#: serverguide/C/virtualization.xml:2058(para)
6562
#: serverguide/C/virtualization.xml:1976(para)
6389
6563
msgid "Now, when the above system is booted, it will have:"
6390
6564
msgstr ""
6391
6565
6392
#: serverguide/C/virtualization.xml:2063(para)
6566
#: serverguide/C/virtualization.xml:1981(para)
6393
6567
msgid "Added the Apache Edgers PPA."
6394
6568
msgstr ""
6395
6569
6396
#: serverguide/C/virtualization.xml:2064(para)
6570
#: serverguide/C/virtualization.xml:1982(para)
6397
6571
msgid "Run an upgrade to get all updates available"
6398
6572
msgstr ""
6399
6573
6400
#: serverguide/C/virtualization.xml:2065(para)
6574
#: serverguide/C/virtualization.xml:1983(para)
6401
6575
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6402
6576
msgstr ""
6403
6577
6404
#: serverguide/C/virtualization.xml:2066(para)
6578
#: serverguide/C/virtualization.xml:1984(para)
6405
6579
msgid "Printed a similar message to the script above"
6406
6580
msgstr ""
6407
6581
6408
#: serverguide/C/virtualization.xml:2070(para)
6582
#: serverguide/C/virtualization.xml:1988(para)
6409
6583
msgid ""
6410
6584
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6411
6585
"the latest version of Apache from upstream source repositories. Package "
6415
6589
"Edgers</ulink> web page for more details."
6416
6590
msgstr ""
6417
6591
6418
#: serverguide/C/virtualization.xml:2077(para)
6592
#: serverguide/C/virtualization.xml:1995(para)
6419
6593
msgid ""
6420
6594
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6421
6595
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6423
6597
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6424
6598
msgstr ""
6425
6599
6426
#: serverguide/C/virtualization.xml:2082(para)
6600
#: serverguide/C/virtualization.xml:2000(para)
6427
6601
msgid ""
6428
6602
"For more information on what kinds of things can be done with "
6429
6603
"<application>cloud-config</application>, see <ulink "
6431
6605
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6432
6606
msgstr ""
6433
6607
6434
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6608
#: serverguide/C/virtualization.xml:2009(title) serverguide/C/dns.xml:654(title)
6435
6609
msgid "More Information"
6436
6610
msgstr ""
6437
6611
6438
#: serverguide/C/virtualization.xml:2093(para)
6612
#: serverguide/C/virtualization.xml:2011(para)
6439
6613
msgid ""
6440
6614
"How to use the <ulink "
6441
6615
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6442
6616
"Controller</ulink>"
6443
6617
msgstr ""
6444
6618
6445
#: serverguide/C/virtualization.xml:2097(para)
6619
#: serverguide/C/virtualization.xml:2015(para)
6446
6620
msgid "Controlling eucalyptus services:"
6447
6621
msgstr ""
6448
6622
6449
#: serverguide/C/virtualization.xml:2102(para)
6623
#: serverguide/C/virtualization.xml:2020(para)
6450
6624
msgid ""
6451
6625
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6452
6626
msgstr ""
6453
6627
6454
#: serverguide/C/virtualization.xml:2103(para)
6628
#: serverguide/C/virtualization.xml:2021(para)
6455
6629
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6456
6630
msgstr ""
6457
6631
6458
#: serverguide/C/virtualization.xml:2106(para)
6632
#: serverguide/C/virtualization.xml:2024(para)
6459
6633
msgid "Locations of some important files:"
6460
6634
msgstr ""
6461
6635
6462
#: serverguide/C/virtualization.xml:2113(emphasis)
6636
#: serverguide/C/virtualization.xml:2031(emphasis)
6463
6637
msgid "Log files:"
6464
6638
msgstr ""
6465
6639
6466
#: serverguide/C/virtualization.xml:2116(para)
6640
#: serverguide/C/virtualization.xml:2034(para)
6467
6641
msgid "/var/log/eucalyptus"
6468
6642
msgstr ""
6469
6643
6470
#: serverguide/C/virtualization.xml:2121(emphasis)
6644
#: serverguide/C/virtualization.xml:2039(emphasis)
6471
6645
msgid "Configuration files:"
6472
6646
msgstr ""
6473
6647
6474
#: serverguide/C/virtualization.xml:2124(para)
6648
#: serverguide/C/virtualization.xml:2042(para)
6475
6649
msgid "/etc/eucalyptus"
6476
6650
msgstr ""
6477
6651
6478
#: serverguide/C/virtualization.xml:2129(emphasis)
6652
#: serverguide/C/virtualization.xml:2047(emphasis)
6479
6653
msgid "Database:"
6480
6654
msgstr ""
6481
6655
6482
#: serverguide/C/virtualization.xml:2132(para)
6656
#: serverguide/C/virtualization.xml:2050(para)
6483
6657
msgid "/var/lib/eucalyptus/db"
6484
6658
msgstr ""
6485
6659
6486
#: serverguide/C/virtualization.xml:2137(emphasis)
6660
#: serverguide/C/virtualization.xml:2055(emphasis)
6487
6661
msgid "Keys:"
6488
6662
msgstr ""
6489
6663
6490
#: serverguide/C/virtualization.xml:2140(para)
6664
#: serverguide/C/virtualization.xml:2058(para)
6491
6665
msgid "/var/lib/eucalyptus"
6492
6666
msgstr ""
6493
6667
6494
#: serverguide/C/virtualization.xml:2141(para)
6668
#: serverguide/C/virtualization.xml:2059(para)
6495
6669
msgid "/var/lib/eucalyptus/.ssh"
6496
6670
msgstr ""
6497
6671
6498
#: serverguide/C/virtualization.xml:2147(para)
6672
#: serverguide/C/virtualization.xml:2065(para)
6499
6673
msgid ""
6500
6674
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6501
6675
"running the client tools."
6502
6676
msgstr ""
6503
6677
6504
#: serverguide/C/virtualization.xml:2158(para)
6678
#: serverguide/C/virtualization.xml:2076(para)
6505
6679
msgid ""
6506
6680
"For information on loading instances see the <ulink "
6507
6681
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6508
6682
"page."
6509
6683
msgstr ""
6510
6684
6511
#: serverguide/C/virtualization.xml:2163(para)
6685
#: serverguide/C/virtualization.xml:2081(para)
6512
6686
msgid ""
6513
6687
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6514
6688
"documentation, downloads)</ulink>."
6515
6689
msgstr ""
6516
6690
6517
#: serverguide/C/virtualization.xml:2168(para)
6691
#: serverguide/C/virtualization.xml:2086(para)
6518
6692
msgid ""
6519
6693
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6520
6694
"(bugs, code)</ulink>."
6521
6695
msgstr ""
6522
6696
6523
#: serverguide/C/virtualization.xml:2173(para)
6697
#: serverguide/C/virtualization.xml:2091(para)
6524
6698
msgid ""
6525
6699
"<ulink "
6526
6700
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6527
6701
"ptus Troubleshooting (1.5)</ulink>."
6528
6702
msgstr ""
6529
6703
6530
#: serverguide/C/virtualization.xml:2178(para)
6704
#: serverguide/C/virtualization.xml:2096(para)
6531
6705
msgid ""
6532
6706
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6533
6707
"Cloud_Infrastructures/Eucalyptus/03-"
6535
6709
"RightScale</ulink>."
6536
6710
msgstr ""
6537
6711
6538
#: serverguide/C/virtualization.xml:2184(para)
6712
#: serverguide/C/virtualization.xml:2102(para)
6539
6713
msgid ""
6540
6714
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6541
6715
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6542
6716
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6543
6717
msgstr ""
6544
6718
6545
#: serverguide/C/virtualization.xml:2193(title)
6719
#: serverguide/C/virtualization.xml:2112(title)
6720
msgid "Ubuntu Cloud"
6721
msgstr ""
6722
6723
#: serverguide/C/virtualization.xml:2113(para)
6724
msgid ""
6725
"<application>Cloud computing</application> is a computing model that allows "
6726
"vast pools of resources to be allocated on-demand. These resources such as "
6727
"storage, computing power, network and software are abstracted and delivered "
6728
"as a service over the Internet anywhere, anytime. These services are billed "
6729
"per time consumed similar to the ones used by public services such as "
6730
"electricity, water and telephony. <application>Ubuntu Cloud "
6731
"Infrastructure</application> uses OpenStack open source software to help "
6732
"build highly scalable, cloud computing for both public and private clouds."
6733
msgstr ""
6734
6735
#: serverguide/C/virtualization.xml:2124(para)
6736
msgid ""
6737
"This tutorial covers the OpenStack installation from the Ubuntu 12.04 LTS "
6738
"Server Edition CD, and assumes a basic network topology, with a single "
6739
"system serving as the \"all-in-one cloud infrastructure\".Due to the "
6740
"tutorial's simplicity, the instructions as-is are not intended to set up "
6741
"production servers although it allows you to have a POC (proof of concept) "
6742
"of the Ubuntu Cloud using OpenStack."
6743
msgstr ""
6744
6745
#: serverguide/C/virtualization.xml:2133(para)
6746
msgid ""
6747
"To deploy a minimal Ubuntu Cloud infrastructure, you’ll need at least:"
6748
msgstr ""
6749
6750
#: serverguide/C/virtualization.xml:2139(para)
6751
msgid "One dedicated system."
6752
msgstr ""
6753
6754
#: serverguide/C/virtualization.xml:2144(para)
6755
msgid "Two network address ranges (private network and public network)."
6756
msgstr ""
6757
6758
#: serverguide/C/virtualization.xml:2149(para)
6759
msgid ""
6760
"Make sure the host in question supports VT ( Virtualization Technology ) "
6761
"since we will be using KVM as the virtualization technology. Other "
6762
"hypervisors are also supported such as QEMU, UML, Vmware ESX/ESXi and XEN. "
6763
"LXC (Linux Containers) is also supported through libvirt."
6764
msgstr ""
6765
6766
#: serverguide/C/virtualization.xml:2154(para)
6767
msgid ""
6768
"Check if your system supports kvm issuing <application><command>sudo kvm-"
6769
"ok</command></application> in a linux terminal."
6770
msgstr ""
6771
6772
#: serverguide/C/virtualization.xml:2158(para)
6773
msgid ""
6774
"The <command>\"Minimum Topology\"</command> recommended for production use "
6775
"is using three nodes - One master server running nova services (except "
6776
"compute) and two servers running nova-compute. This setup is not redundant "
6777
"and the master server is a SPoF (Single Point of Failure)."
6778
msgstr ""
6779
6780
#: serverguide/C/virtualization.xml:2166(title)
6781
msgid "Preconfiguring the network"
6782
msgstr ""
6783
6784
#: serverguide/C/virtualization.xml:2167(para)
6785
msgid ""
6786
"Before we start installing OpenStack we need to make sure we have bridging "
6787
"support installed, a MySQL database, and a central time server (ntp). This "
6788
"will assure that we have instantiated machines and hosts in sync."
6789
msgstr ""
6790
6791
#: serverguide/C/virtualization.xml:2171(para)
6792
msgid ""
6793
"In this example the “private network” will be in the 10.0.0.0/24 range on "
6794
"eth1. All the internal communication between instances will happen there "
6795
"while the “public network” will be in the 10.153.107.0/29 range on eth0."
6796
msgstr ""
6797
6798
#: serverguide/C/virtualization.xml:2177(title)
6799
msgid "Install bridging support"
6800
msgstr ""
6801
6802
#: serverguide/C/virtualization.xml:2184(title)
6803
msgid "Install and configure NTP"
6804
msgstr ""
6805
6806
#: serverguide/C/virtualization.xml:2186(command) serverguide/C/network-config.xml:1097(command)
6807
msgid "sudo apt-get install ntp"
6808
msgstr ""
6809
6810
#: serverguide/C/virtualization.xml:2188(para)
6811
msgid ""
6812
"Add these two lines at the end of the <filename>/etc/ntp.conf</filename> "
6813
"file."
6814
msgstr ""
6815
6816
#: serverguide/C/virtualization.xml:2191(programlisting)
6817
#, no-wrap
6818
msgid ""
6819
"\n"
6820
"server 127.127.1.0\n"
6821
"fudge 127.127.1.0 stratum 10\n"
6822
msgstr ""
6823
6824
#: serverguide/C/virtualization.xml:2195(para)
6825
msgid "Restart ntp service"
6826
msgstr ""
6827
6828
#: serverguide/C/virtualization.xml:2199(command)
6829
msgid "sudo service ntp restart"
6830
msgstr ""
6831
6832
#: serverguide/C/virtualization.xml:2204(title)
6833
msgid "Install and configure MySQL"
6834
msgstr ""
6835
6836
#: serverguide/C/virtualization.xml:2206(command) serverguide/C/databases.xml:44(command)
6837
msgid "sudo apt-get install mysql-server"
6838
msgstr ""
6839
6840
#: serverguide/C/virtualization.xml:2208(para)
6841
msgid "Create a database and mysql user for OpenStack"
6842
msgstr ""
6843
6844
#: serverguide/C/virtualization.xml:2212(command)
6845
msgid "sudo mysql -uroot -ppassword -e \"CREATE DATABASE nova;\""
6846
msgstr ""
6847
6848
#: serverguide/C/virtualization.xml:2213(command)
6849
msgid ""
6850
"sudo mysql -uroot -ppassword -e \"GRANT ALL ON nova.* TO novauser@localhost "
6851
"\\"
6852
msgstr ""
6853
6854
#: serverguide/C/virtualization.xml:2214(command)
6855
msgid "IDENTIFIED BY 'novapassword' \";"
6856
msgstr ""
6857
6858
#: serverguide/C/virtualization.xml:2216(para)
6859
msgid ""
6860
"The line continuation character <application>\"\\\"</application> implies "
6861
"that you must include the subsequent line as part of the current command."
6862
msgstr ""
6863
6864
#: serverguide/C/virtualization.xml:2225(title)
6865
msgid "Install OpenStack Compute (Nova)"
6866
msgstr ""
6867
6868
#: serverguide/C/virtualization.xml:2226(para)
6869
msgid ""
6870
"<command>OpenStack Compute (Nova)</command> is a cloud computing fabric "
6871
"controller (the main part of an IaaS system). It is written in Python, using "
6872
"the Eventlet and Twisted frameworks, and relies on the standard AMQP "
6873
"messaging protocol, and SQLAlchemy for data store access."
6874
msgstr ""
6875
6876
#: serverguide/C/virtualization.xml:2231(para)
6877
msgid "Install OpenStack Nova components"
6878
msgstr ""
6879
6880
#: serverguide/C/virtualization.xml:2235(command)
6881
msgid ""
6882
"sudo apt-get install nova-api nova-network nova-volume nova-objectstore nova-"
6883
"scheduler \\"
6884
msgstr ""
6885
6886
#: serverguide/C/virtualization.xml:2236(command)
6887
msgid "nova-compute euca2ools unzip"
6888
msgstr ""
6889
6890
#: serverguide/C/virtualization.xml:2238(para)
6891
msgid "Restart libvirt-bin just to make sure libvirtd is aware of ebtables."
6892
msgstr ""
6893
6894
#: serverguide/C/virtualization.xml:2241(command)
6895
msgid "sudo service libvirt-bin restart"
6896
msgstr ""
6897
6898
#: serverguide/C/virtualization.xml:2243(para)
6899
msgid "Install RabbitMQ – Advanced Message Queuing Protocol (AMQP)"
6900
msgstr ""
6901
6902
#: serverguide/C/virtualization.xml:2247(command)
6903
msgid "sudo apt-get install rabbitmq-server"
6904
msgstr ""
6905
6906
#: serverguide/C/virtualization.xml:2250(para)
6907
msgid "Edit <filename>/etc/nova/nova.conf</filename> and add the following:"
6908
msgstr ""
6909
6910
#: serverguide/C/virtualization.xml:2253(programlisting)
6911
#, no-wrap
6912
msgid ""
6913
"\n"
6914
"# Nova config FlatDHCPManager\n"
6915
"--sql_connection=mysql://novauser:novapassword@localhost/nova\n"
6916
"--flat_injected=true\n"
6917
"--network_manager=nova.network.manager.FlatDHCPManager\n"
6918
"--fixed_range=10.0.0.0/24\n"
6919
"--floating_range=10.153.107.72/29\n"
6920
"--flat_network_dhcp_start=10.0.0.2\n"
6921
"--flat_network_bridge=br100\n"
6922
"--flat_interface=eth1\n"
6923
"--public_interface=eth0\n"
6924
msgstr ""
6925
6926
#: serverguide/C/virtualization.xml:2266(para)
6927
msgid "Restart OpenStack services"
6928
msgstr ""
6929
6930
#: serverguide/C/virtualization.xml:2270(command) serverguide/C/virtualization.xml:2274(command)
6931
msgid ""
6932
"for i in nova-api nova-network nova-objectstore nova-scheduler nova-volume "
6933
"nova-compute; \\"
6934
msgstr ""
6935
6936
#: serverguide/C/virtualization.xml:2271(command)
6937
msgid "do sudo stop $i; sleep 2; done"
6938
msgstr ""
6939
6940
#: serverguide/C/virtualization.xml:2275(command)
6941
msgid "do sudo start $i; sleep 2; done"
6942
msgstr ""
6943
6944
#: serverguide/C/virtualization.xml:2277(para)
6945
msgid ""
6946
"Migrate Nova database from sqlite db to MySQL db. It may take a while."
6947
msgstr ""
6948
6949
#: serverguide/C/virtualization.xml:2281(command)
6950
msgid "sudo nova-manage db sync"
6951
msgstr ""
6952
6953
#: serverguide/C/virtualization.xml:2283(para)
6954
msgid ""
6955
"Define a specific <application>private network</application> where all your "
6956
"Instances will run. This will be used in the network of fixed Ips set inside "
6957
"<filename>nova.conf </filename>."
6958
msgstr ""
6959
6960
#: serverguide/C/virtualization.xml:2288(command)
6961
msgid ""
6962
"sudo nova-manage network create --fixed_range_v4 10.0.0.0/24 --label private "
6963
"\\"
6964
msgstr ""
6965
6966
#: serverguide/C/virtualization.xml:2289(command)
6967
msgid "--bridge_interface br100"
6968
msgstr ""
6969
6970
#: serverguide/C/virtualization.xml:2291(para)
6971
msgid ""
6972
"Define a specific public network and allocate 6 (usable) Floating Public IP "
6973
"addresses for use with the instances starting from 10.153.107.72."
6974
msgstr ""
6975
6976
#: serverguide/C/virtualization.xml:2295(command)
6977
msgid "sudo nova-manage floating create --ip_range=10.153.107.72/29"
6978
msgstr ""
6979
6980
#: serverguide/C/virtualization.xml:2297(para)
6981
msgid ""
6982
"Create a user (user1), a project (project1), download credentials and source "
6983
"its configuration file."
6984
msgstr ""
6985
6986
#: serverguide/C/virtualization.xml:2299(command)
6987
msgid "cd ; mkdir nova ; cd nova"
6988
msgstr ""
6989
6990
#: serverguide/C/virtualization.xml:2300(command)
6991
msgid "sudo nova-manage user admin user1"
6992
msgstr ""
6993
6994
#: serverguide/C/virtualization.xml:2301(command)
6995
msgid "sudo nova-manage project create project1 user1"
6996
msgstr ""
6997
6998
#: serverguide/C/virtualization.xml:2302(command)
6999
msgid "sudo nova-manage project zipfile project1 user1"
7000
msgstr ""
7001
7002
#: serverguide/C/virtualization.xml:2303(command)
7003
msgid "unzip nova.zip"
7004
msgstr ""
7005
7006
#: serverguide/C/virtualization.xml:2304(command) serverguide/C/virtualization.xml:2379(command)
7007
msgid "source novarc"
7008
msgstr ""
7009
7010
#: serverguide/C/virtualization.xml:2307(para)
7011
msgid "Verify the OpenStack Compute installation by typing:"
7012
msgstr ""
7013
7014
#: serverguide/C/virtualization.xml:2309(command)
7015
msgid "sudo nova-manage service list"
7016
msgstr ""
7017
7018
#: serverguide/C/virtualization.xml:2310(command)
7019
msgid "sudo nova-manage version list"
7020
msgstr ""
7021
7022
#: serverguide/C/virtualization.xml:2312(para)
7023
msgid ""
7024
"If nova services don’t show up correctly restart OpenStack services as "
7025
"described previously. For more information please refer to the "
7026
"troubleshooting section on this guide."
7027
msgstr ""
7028
7029
#: serverguide/C/virtualization.xml:2318(title)
7030
msgid "Install Imaging Service (Glance)"
7031
msgstr ""
7032
7033
#: serverguide/C/virtualization.xml:2319(para)
7034
msgid ""
7035
"Nova uses Glance service to manage Operating System images that it needs for "
7036
"bringing up instances. Glance can use several types of storage backends such "
7037
"as filestore, s3 etc. Glance has two components - <emphasis>glance-api and "
7038
"glance-registry</emphasis>. These can be controlled using the concerned "
7039
"upstart service jobs. For this specific case we will be using mysql as a "
7040
"storage backend."
7041
msgstr ""
7042
7043
#: serverguide/C/virtualization.xml:2325(para)
7044
msgid "Install Glance"
7045
msgstr ""
7046
7047
#: serverguide/C/virtualization.xml:2327(command)
7048
msgid "sudo apt-get install glance"
7049
msgstr ""
7050
7051
#: serverguide/C/virtualization.xml:2329(para)
7052
msgid "Create a database and user for glance"
7053
msgstr ""
7054
7055
#: serverguide/C/virtualization.xml:2333(command)
7056
msgid "sudo mysql -uroot -ppassword -e \"CREATE DATABASE glance;\""
7057
msgstr ""
7058
7059
#: serverguide/C/virtualization.xml:2334(command)
7060
msgid ""
7061
"sudo mysql -uroot -ppassword -e \"GRANT ALL ON glance.* TO "
7062
"glanceuser@localhost \\"
7063
msgstr ""
7064
7065
#: serverguide/C/virtualization.xml:2335(command)
7066
msgid "IDENTIFIED BY 'glancepassword' \";"
7067
msgstr ""
7068
7069
#: serverguide/C/virtualization.xml:2337(para)
7070
msgid ""
7071
"Edit the file /etc/glance/glance-registry.conf and edit the line which "
7072
"contains the option \"sql_connection =\" to this:"
7073
msgstr ""
7074
7075
#: serverguide/C/virtualization.xml:2341(programlisting)
7076
#, no-wrap
7077
msgid "sql_connection = mysql://glanceuser:glancepassword@localhost/glance"
7078
msgstr ""
7079
7080
#: serverguide/C/virtualization.xml:2343(para)
7081
msgid "Remove the sqlite database"
7082
msgstr ""
7083
7084
#: serverguide/C/virtualization.xml:2345(command)
7085
msgid "rm -rf /var/lib/glance/glance.sqlite"
7086
msgstr ""
7087
7088
#: serverguide/C/virtualization.xml:2350(para)
7089
msgid ""
7090
"Restart glance-registry after making changes to /etc/glance/glance-"
7091
"registry.conf. The MySQL database will be automatically populated."
7092
msgstr ""
7093
7094
#: serverguide/C/virtualization.xml:2353(command)
7095
msgid "sudo restart glance-registry"
7096
msgstr ""
7097
7098
#: serverguide/C/virtualization.xml:2357(para)
7099
msgid ""
7100
"If you find issues take a look at the log file in /var/log/glance/api.log "
7101
"and /var/log/glance/registry.log."
7102
msgstr ""
7103
7104
#: serverguide/C/virtualization.xml:2362(title)
7105
msgid "Running Instances"
7106
msgstr ""
7107
7108
#: serverguide/C/virtualization.xml:2363(para)
7109
msgid ""
7110
"Before you can instantiate images, you first need to setup user credentials. "
7111
"Once this first step is achieved you also need to upload images that you "
7112
"want to run in the cloud. Once you have these images uploaded to the cloud "
7113
"you will be able to run and connect to them. Here are the steps you should "
7114
"follow to get OpenStack Nova running instances:"
7115
msgstr ""
7116
7117
#: serverguide/C/virtualization.xml:2370(para)
7118
msgid "Download, register and publish an Ubuntu cloud image"
7119
msgstr ""
7120
7121
#: serverguide/C/virtualization.xml:2372(command)
7122
msgid "distro=lucid"
7123
msgstr ""
7124
7125
#: serverguide/C/virtualization.xml:2373(command)
7126
msgid ""
7127
"wget http://cloud-images.ubuntu.com/$distro/current/$distro-server-cloudimg-"
7128
"amd64.tar.gz"
7129
msgstr ""
7130
7131
#: serverguide/C/virtualization.xml:2374(command)
7132
msgid ""
7133
"cloud-publish-tarball \"$distro\"-server-cloudimg-amd64.tar.gz "
7134
"\"$distro\"_amd64"
7135
msgstr ""
7136
7137
#: serverguide/C/virtualization.xml:2376(para)
7138
msgid "Create a key pair and start an instance"
7139
msgstr ""
7140
7141
#: serverguide/C/virtualization.xml:2378(command)
7142
msgid "cd ~/nova"
7143
msgstr ""
7144
7145
#: serverguide/C/virtualization.xml:2380(command)
7146
msgid "euca-add-keypair user1 > user1.priv"
7147
msgstr ""
7148
7149
#: serverguide/C/virtualization.xml:2381(command)
7150
msgid "chmod 0600 user1.priv"
7151
msgstr ""
7152
7153
#: serverguide/C/virtualization.xml:2384(para)
7154
msgid "Allow icmp (ping) and ssh access to instances"
7155
msgstr ""
7156
7157
#: serverguide/C/virtualization.xml:2387(command)
7158
msgid "euca-authorize -P icmp -t -1:-1 default"
7159
msgstr ""
7160
7161
#: serverguide/C/virtualization.xml:2389(para)
7162
msgid "Run an instance"
7163
msgstr ""
7164
7165
#: serverguide/C/virtualization.xml:2392(command)
7166
msgid "ami=`euca-describe-images | awk {'print $2'} | grep -m1 ami`"
7167
msgstr ""
7168
7169
#: serverguide/C/virtualization.xml:2393(command)
7170
msgid "euca-run-instances $ami -k user1 -t m1.tiny"
7171
msgstr ""
7172
7173
#: serverguide/C/virtualization.xml:2394(command) serverguide/C/virtualization.xml:2403(command)
7174
msgid "euca-describe-instances"
7175
msgstr ""
7176
7177
#: serverguide/C/virtualization.xml:2397(para)
7178
msgid "Assign public address to the instance."
7179
msgstr ""
7180
7181
#: serverguide/C/virtualization.xml:2401(command)
7182
msgid "euca-allocate-address"
7183
msgstr ""
7184
7185
#: serverguide/C/virtualization.xml:2402(command)
7186
msgid "euca-associate-address -i instance_id public_ip_address"
7187
msgstr ""
7188
7189
#: serverguide/C/virtualization.xml:2406(para)
7190
msgid ""
7191
"You must enter above the <application>instance_id (ami)</application> and "
7192
"<application>public_ip_address</application> shown above by euca-describe-"
7193
"instances and euca-allocate-address commands."
7194
msgstr ""
7195
7196
#: serverguide/C/virtualization.xml:2410(para)
7197
msgid "Now you should be able to SSH to the instance"
7198
msgstr ""
7199
7200
#: serverguide/C/virtualization.xml:2413(application)
7201
msgid "ipaddress"
7202
msgstr ""
7203
7204
#: serverguide/C/virtualization.xml:2413(command)
7205
msgid "ssh -i user1.priv ubuntu@<placeholder-1/>"
7206
msgstr ""
7207
7208
#: serverguide/C/virtualization.xml:2416(para)
7209
msgid "To terminate instances"
7210
msgstr ""
7211
7212
#: serverguide/C/virtualization.xml:2418(application)
7213
msgid "instance_id"
7214
msgstr ""
7215
7216
#: serverguide/C/virtualization.xml:2418(command)
7217
msgid "euca-terminate-instances <placeholder-1/>"
7218
msgstr ""
7219
7220
#: serverguide/C/virtualization.xml:2424(title)
7221
msgid "Install the Storage Infrastructure (Swift)"
7222
msgstr ""
7223
7224
#: serverguide/C/virtualization.xml:2425(para)
7225
msgid ""
7226
"Swift is a highly available, distributed, eventually consistent object/blob "
7227
"store. It is used by the OpenStack Infrastructure to provide S3 like cloud "
7228
"storage services. It is also S3 api compatible with amazon."
7229
msgstr ""
7230
7231
#: serverguide/C/virtualization.xml:2428(para)
7232
msgid ""
7233
"Organizations use Swift to store lots of data efficiently, safely, and "
7234
"cheaply where applications use an special api to interface between the "
7235
"applications and objects stored in Swift."
7236
msgstr ""
7237
7238
#: serverguide/C/virtualization.xml:2432(para)
7239
msgid ""
7240
"Although you can install Swift on a single server, a multiple-server "
7241
"installation is required for production environments. If you want to install "
7242
"OpenStack Object Storage (Swift) on a single node for development or testing "
7243
"purposes, use the Swift All In One instructions on Ubuntu."
7244
msgstr ""
7245
7246
#: serverguide/C/virtualization.xml:2436(para)
7247
msgid ""
7248
"For more information see: <ulink "
7249
"url=\"http://swift.openstack.org/development_saio.html\">http://swift.opensta"
7250
"ck.org/development_saio.html </ulink> ."
7251
msgstr ""
7252
7253
#: serverguide/C/virtualization.xml:2443(title)
7254
msgid "Support and Troubleshooting"
7255
msgstr ""
7256
7257
#: serverguide/C/virtualization.xml:2444(para)
7258
msgid "Community Support"
7259
msgstr ""
7260
7261
#: serverguide/C/virtualization.xml:2448(ulink)
7262
msgid "OpenStack Mailing list"
7263
msgstr ""
7264
7265
#: serverguide/C/virtualization.xml:2453(ulink)
7266
msgid "The OpenStack Wiki search"
7267
msgstr ""
7268
7269
#: serverguide/C/virtualization.xml:2459(ulink)
7270
msgid "Launchpad bugs area"
7271
msgstr ""
7272
7273
#: serverguide/C/virtualization.xml:2463(para)
7274
msgid "Join the IRC channel #openstack on freenode."
7275
msgstr ""
7276
7277
#: serverguide/C/virtualization.xml:2477(ulink)
7278
msgid "Cloud Computing - Service models"
7279
msgstr ""
7280
7281
#: serverguide/C/virtualization.xml:2482(ulink)
7282
msgid "OpenStack Compute"
7283
msgstr ""
7284
7285
#: serverguide/C/virtualization.xml:2487(ulink)
7286
msgid "OpenStack Image Service"
7287
msgstr ""
7288
7289
#: serverguide/C/virtualization.xml:2492(ulink)
7290
msgid "OpenStack Object Storage Administration Guide"
7291
msgstr ""
7292
7293
#: serverguide/C/virtualization.xml:2497(ulink)
7294
msgid "Installing OpenStack Object Storage on Ubuntu"
7295
msgstr ""
7296
7297
#: serverguide/C/virtualization.xml:2502(ulink)
7298
msgid "http://cloudglossary.com/"
7299
msgstr ""
7300
7301
#: serverguide/C/virtualization.xml:2512(title)
6546
7302
msgid "Glossary"
6547
7303
msgstr ""
6548
7304
6549
#: serverguide/C/virtualization.xml:2195(para)
7305
#: serverguide/C/virtualization.xml:2514(para)
6550
7306
msgid ""
6551
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6552
"unfamiliar to some readers. This page is intended to provide a glossary of "
6553
"such terms and acronyms."
7307
"The Ubuntu Cloud documentation uses terminology that might be unfamiliar to "
7308
"some readers. This page is intended to provide a glossary of such terms and "
7309
"acronyms."
6554
7310
msgstr ""
6555
7311
6556
#: serverguide/C/virtualization.xml:2202(para)
7312
#: serverguide/C/virtualization.xml:2521(para)
6557
7313
msgid ""
6558
7314
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6559
7315
"computing resources through virtual machines, provisioned and recollected "
6560
7316
"dynamically."
6561
7317
msgstr ""
6562
7318
6563
#: serverguide/C/virtualization.xml:2208(para)
6564
msgid ""
6565
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6566
"provides the web UI (an https server on port 8443), and implements the "
6567
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6568
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6569
"cloud</application> package."
6570
msgstr ""
6571
6572
#: serverguide/C/virtualization.xml:2215(para)
6573
msgid ""
6574
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6575
"Cluster Controller. There can be more than one Cluster in an installation of "
6576
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6577
"floor2, floor2)."
6578
msgstr ""
6579
6580
#: serverguide/C/virtualization.xml:2221(para)
6581
msgid ""
6582
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6583
"manages collections of node resources. This service is provided by the "
6584
"Ubuntu <application>eucalyptus-cc</application> package."
6585
msgstr ""
6586
6587
#: serverguide/C/virtualization.xml:2227(para)
7319
#: serverguide/C/virtualization.xml:2527(para)
7320
msgid ""
7321
"<emphasis>IaaS</emphasis> - Infrastructure as a Service — Cloud "
7322
"infrastructure services, whereby a virtualized environment is delivered as a "
7323
"service over the Internet by the provider. The infrastructure can include "
7324
"servers, network equipment, and software."
7325
msgstr ""
7326
7327
#: serverguide/C/virtualization.xml:2534(para)
6588
7328
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6589
7329
msgstr ""
6590
7330
6591
#: serverguide/C/virtualization.xml:2232(para)
7331
#: serverguide/C/virtualization.xml:2539(para)
6592
7332
msgid ""
6593
7333
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6594
7334
"pay-by-the-gigabyte public cloud computing offering."
6595
7335
msgstr ""
6596
7336
6597
#: serverguide/C/virtualization.xml:2237(para)
6598
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6599
msgstr ""
6600
6601
#: serverguide/C/virtualization.xml:2242(para)
6602
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6603
msgstr ""
6604
6605
#: serverguide/C/virtualization.xml:2247(para)
6606
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6607
msgstr ""
6608
6609
#: serverguide/C/virtualization.xml:2252(para)
6610
msgid ""
6611
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6612
"Linking Your Programs To Useful Systems. An open source project originally "
6613
"from the University of California at Santa Barbara, now supported by "
6614
"Eucalyptus Systems, a Canonical Partner."
6615
msgstr ""
6616
6617
#: serverguide/C/virtualization.xml:2259(para)
6618
msgid ""
6619
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6620
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6621
"cluster controller)."
6622
msgstr ""
6623
6624
#: serverguide/C/virtualization.xml:2265(para)
7337
#: serverguide/C/virtualization.xml:2544(para)
6625
7338
msgid ""
6626
7339
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6627
7340
"running virtual machines, running a node controller. Within Ubuntu, this "
6629
7342
"hypervisor."
6630
7343
msgstr ""
6631
7344
6632
#: serverguide/C/virtualization.xml:2271(para)
6633
msgid ""
6634
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6635
"on nodes which host the virtual machines that comprise the cloud. This "
6636
"service is provided by the Ubuntu package <application>eucalyptus-"
6637
"nc</application>."
6638
msgstr ""
6639
6640
#: serverguide/C/virtualization.xml:2277(para)
7345
#: serverguide/C/virtualization.xml:2550(para)
6641
7346
msgid ""
6642
7347
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6643
7348
"gigabyte persistent storage solution for EC2."
6644
7349
msgstr ""
6645
7350
6646
#: serverguide/C/virtualization.xml:2282(para)
6647
msgid ""
6648
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6649
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6650
"installation can have its own Storage Controller. This component is provided "
6651
"by the <application>eucalyptus-sc</application> package."
6652
msgstr ""
6653
6654
#: serverguide/C/virtualization.xml:2289(para)
6655
msgid ""
6656
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6657
"solution, based on Eucalyptus."
6658
msgstr ""
6659
6660
#: serverguide/C/virtualization.xml:2294(para)
7351
#: serverguide/C/virtualization.xml:2555(para)
7352
msgid ""
7353
"<emphasis>Ubuntu Cloud</emphasis> - Ubuntu Cloud. Ubuntu's cloud computing "
7354
"solution, based on OpenStack."
7355
msgstr ""
7356
7357
#: serverguide/C/virtualization.xml:2560(para)
6661
7358
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6662
7359
msgstr ""
6663
7360
6664
#: serverguide/C/virtualization.xml:2299(para)
7361
#: serverguide/C/virtualization.xml:2565(para)
6665
7362
msgid ""
6666
7363
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6667
7364
"some modern CPUs, allowing for accelerated virtual machine hosting."
6668
7365
msgstr ""
6669
7366
6670
#: serverguide/C/virtualization.xml:2304(para)
6671
msgid ""
6672
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6673
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6674
"put/get abstractions."
7367
#: serverguide/C/virtualization.xml:2577(title)
7368
msgid "LXC"
7369
msgstr ""
7370
7371
#: serverguide/C/virtualization.xml:2578(para)
7372
msgid ""
7373
"Containers are a lightweight virtualization technology. They are more akin "
7374
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
7375
"because they do not emulate hardware and because containers share the same "
7376
"operating system as the host. Therefore containers are better compared to "
7377
"Solaris zones or BSD jails. Linux-vserver and OpenVZ are two pre-existing, "
7378
"independently developed implementations of containers-like functionality for "
7379
"Linux. In fact, containers came about as a result of the work to upstream "
7380
"the vserver and OpenVZ functionality. Some vserver and OpenVZ functionality "
7381
"is still missing in containers, however containers can "
7382
"<emphasis>boot</emphasis> many Linux distributions and have the advantage "
7383
"that they can be used with an un-modified upstream kernel."
7384
msgstr ""
7385
7386
#: serverguide/C/virtualization.xml:2593(para)
7387
msgid ""
7388
"There are two user-space implementations of containers, each exploiting the "
7389
"same kernel features. Libvirt allows the use of containers through the LXC "
7390
"driver by connecting to 'lxc:///'. This can be very convenient as it "
7391
"supports the same usage as its other drivers. The other implementation, "
7392
"called simply 'LXC', is not compatible with libvirt, but is more flexible "
7393
"with more userspace tools. It is possible to switch between the two, though "
7394
"there are peculiarities which can cause confusion."
7395
msgstr ""
7396
7397
#: serverguide/C/virtualization.xml:2604(para)
7398
msgid ""
7399
"In this document we will mainly describe the <application>lxc</application> "
7400
"package. Toward the end, we will describe how to use the libvirt LXC driver."
7401
msgstr ""
7402
7403
#: serverguide/C/virtualization.xml:2609(para)
7404
msgid "In this document, a container name will be shown as CN, C1, or C2."
7405
msgstr ""
7406
7407
#: serverguide/C/virtualization.xml:2615(para)
7408
msgid "The <application>lxc</application> package can be installed using"
7409
msgstr ""
7410
7411
#: serverguide/C/virtualization.xml:2620(command)
7412
msgid "sudo apt-get install lxc"
7413
msgstr ""
7414
7415
#: serverguide/C/virtualization.xml:2625(para)
7416
msgid ""
7417
"This will pull in the required and recommended dependencies, including "
7418
"cgroup-lite, lvm2, and debootstrap. To use libvirt-lxc, install libvirt-bin. "
7419
"LXC and libvirt-lxc can be installed and used at the same time."
7420
msgstr ""
7421
7422
#: serverguide/C/virtualization.xml:2633(title)
7423
msgid "Host Setup"
7424
msgstr ""
7425
7426
#: serverguide/C/virtualization.xml:2635(title)
7427
msgid "Basic layout of LXC files"
7428
msgstr ""
7429
7430
#: serverguide/C/virtualization.xml:2636(para)
7431
msgid ""
7432
"Following is a description of the files and directories which are installed "
7433
"and used by LXC."
7434
msgstr ""
7435
7436
#: serverguide/C/virtualization.xml:2643(para)
7437
msgid "There are two upstart jobs:"
7438
msgstr ""
7439
7440
#: serverguide/C/virtualization.xml:2647(para)
7441
msgid ""
7442
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
7443
"runs if <filename> /etc/default/lxc</filename> specifies USE_LXC_BRIDGE "
7444
"(true by default). It sets up a NATed bridge for containers to use."
7445
msgstr ""
7446
7447
#: serverguide/C/virtualization.xml:2656(para)
7448
msgid ""
7449
"<filename>/etc/init/lxc.conf:</filename> runs if LXC_AUTO (true by default) "
7450
"is set to true in <filename>/etc/default/lxc</filename>. It looks for "
7451
"entries under <filename>/etc/lxc/auto/</filename> which are symbolic links "
7452
"to configuration files for the containers which should be started at boot."
7453
msgstr ""
7454
7455
#: serverguide/C/virtualization.xml:2668(para)
7456
msgid ""
7457
"<filename>/etc/lxc/lxc.conf:</filename> There is a default container "
7458
"creation configuration file, <filename>/etc/lxc/lxc.conf</filename>, which "
7459
"directs containers to use the LXC bridge created by the lxc-net upstart job. "
7460
"If no configuration file is specified when creating a container, then this "
7461
"one will be used."
7462
msgstr ""
7463
7464
#: serverguide/C/virtualization.xml:2678(para)
7465
msgid ""
7466
"Examples of other container creation configuration files are found under "
7467
"<filename>/usr/share/doc/lxc/examples</filename>. These show how to create "
7468
"containers without a private network, or using macvlan, vlan, or other "
7469
"network layouts."
7470
msgstr ""
7471
7472
#: serverguide/C/virtualization.xml:2687(para)
7473
msgid ""
7474
"The various container administration tools are found under "
7475
"<filename>/usr/bin</filename>."
7476
msgstr ""
7477
7478
#: serverguide/C/virtualization.xml:2694(para)
7479
msgid ""
7480
"<filename>/usr/lib/lxc/lxc-init</filename> is a very minimal and lightweight "
7481
"init binary which is used by lxc-execute. Rather than `booting' a full "
7482
"container, it manually mounts a few filesystems, especially "
7483
"<filename>/proc</filename>, and executes its arguments. You are not likely "
7484
"to need to manually refer to this file."
7485
msgstr ""
7486
7487
#: serverguide/C/virtualization.xml:2704(para)
7488
msgid ""
7489
"<filename>/usr/lib/lxc/templates/</filename> contains the `templates' which "
7490
"can be used to create new containers of various distributions and flavors. "
7491
"Not all templates are currently supported."
7492
msgstr ""
7493
7494
#: serverguide/C/virtualization.xml:2712(para)
7495
msgid ""
7496
"<filename>/etc/apparmor.d/lxc/lxc-default</filename> contains the default "
7497
"Apparmor MAC policy which works to protect the host from containers. Please "
7498
"see the <xref linkend=\"lxc-apparmor\"/> for more information."
7499
msgstr ""
7500
7501
#: serverguide/C/virtualization.xml:2720(para)
7502
msgid ""
7503
"<filename>/etc/apparmor.d/usr.bin.lxc-start</filename> contains a profile to "
7504
"protect the host from <command>lxc-start</command> while it is setting up "
7505
"the container."
7506
msgstr ""
7507
7508
#: serverguide/C/virtualization.xml:2728(para)
7509
msgid ""
7510
"<filename>/etc/apparmor.d/lxc-containers</filename> causes all the profiles "
7511
"defined under <filename>/etc/apparmor.d/lxc</filename> to be loaded at boot."
7512
msgstr ""
7513
7514
#: serverguide/C/virtualization.xml:2736(para)
7515
msgid ""
7516
"There are various man pages for the LXC administration tools as well as the "
7517
"<filename>lxc.conf</filename> container configuration file."
7518
msgstr ""
7519
7520
#: serverguide/C/virtualization.xml:2743(para)
7521
msgid ""
7522
"<filename>/var/lib/lxc</filename> is where containers and their "
7523
"configuration information are stored."
7524
msgstr ""
7525
7526
#: serverguide/C/virtualization.xml:2750(para)
7527
msgid ""
7528
"<filename>/var/cache/lxc</filename> is where caches of distribution data are "
7529
"stored to speed up multiple container creations."
7530
msgstr ""
7531
7532
#: serverguide/C/virtualization.xml:2759(title)
7533
msgid "lxcbr0"
7534
msgstr ""
7535
7536
#: serverguide/C/virtualization.xml:2760(para)
7537
msgid ""
7538
"When USE_LXC_BRIDGE is set to true in /etc/default/lxc (as it is by "
7539
"default), a bridge called lxcbr0 is created at startup. This bridge is given "
7540
"the private address 10.0.3.1, and containers using this bridge will have a "
7541
"10.0.3.0/24 address. A dnsmasq instance is run listening on that bridge, so "
7542
"if another dnsmasq has bound all interfaces before the lxc-net upstart job "
7543
"runs, lxc-net will fail to start and lxcbr0 will not exist."
7544
msgstr ""
7545
7546
#: serverguide/C/virtualization.xml:2769(para)
7547
msgid ""
7548
"If you have another bridge - libvirt's default virbr0, or a br0 bridge for "
7549
"your default NIC - you can use that bridge in place of lxcbr0 for your "
7550
"containers."
7551
msgstr ""
7552
7553
#: serverguide/C/virtualization.xml:2777(title)
7554
msgid "Using a separate filesystem for the container store"
7555
msgstr ""
7556
7557
#: serverguide/C/virtualization.xml:2778(para)
7558
msgid ""
7559
"LXC stores container information and (with the default backing store) root "
7560
"filesystems under <filename>/var/lib/lxc</filename>. Container creation "
7561
"templates also tend to store cached distribution information under "
7562
"<filename>/var/cache/lxc</filename>."
7563
msgstr ""
7564
7565
#: serverguide/C/virtualization.xml:2785(para)
7566
msgid ""
7567
"If you wish to use another filesystem than <filename>/var</filename>, you "
7568
"can mount a filesystem which has more space into those locations. If you "
7569
"have a disk dedicated for this, you can simply mount it at "
7570
"<filename>/var/lib/lxc</filename>. If you'd like to use another location, "
7571
"like <filename>/srv</filename>, you can bind mount it or use a symbolic "
7572
"link. For instance, if <filename>/srv</filename> is a large mounted "
7573
"filesystem, create and symlink two directories:"
7574
msgstr ""
7575
7576
#: serverguide/C/virtualization.xml:2795(command)
7577
msgid ""
7578
"sudo mkdir /srv/lxclib /srv/lxccache sudo rm -rf /var/lib/lxc /var/cache/lxc "
7579
"sudo ln -s /srv/lxclib /var/lib/lxc sudo ln -s /srv/lxccache /var/cache/lxc"
7580
msgstr ""
7581
7582
#: serverguide/C/virtualization.xml:2803(para)
7583
msgid "or, using bind mounts:"
7584
msgstr ""
7585
7586
#: serverguide/C/virtualization.xml:2808(command)
7587
msgid ""
7588
"sudo mkdir /srv/lxclib /srv/lxccache sudo sed -i '$a \\ /srv/lxclib "
7589
"/var/lib/lxc none defaults,bind 0 0 \\ /srv/lxccache /var/cache/lxc none "
7590
"defaults,bind 0 0' /etc/fstab sudo mount -a"
7591
msgstr ""
7592
7593
#: serverguide/C/virtualization.xml:2820(title)
7594
msgid "Containers backed by lvm"
7595
msgstr ""
7596
7597
#: serverguide/C/virtualization.xml:2822(para)
7598
msgid ""
7599
"It is possible to use LVM partitions as the backing stores for containers. "
7600
"Advantages of this include flexibility in storage management and fast "
7601
"container cloning. The tools default to using a VG (volume group) named "
7602
"<emphasis>lxc</emphasis>, but another VG can be used through command line "
7603
"options. When a LV is used as a container backing store, the container's "
7604
"configuration file is still <filename>/var/lib/lxc/CN/config</filename>, but "
7605
"the root fs entry in that file (<emphasis>lxc.rootfs</emphasis>) will point "
7606
"to the lV block device name, i.e. <filename>/dev/lxc/CN</filename>."
7607
msgstr ""
7608
7609
#: serverguide/C/virtualization.xml:2834(para)
7610
msgid "Containers with directory tree and LVM backing stores can co-exist."
7611
msgstr ""
7612
7613
#: serverguide/C/virtualization.xml:2841(title)
7614
msgid "Btrfs"
7615
msgstr ""
7616
7617
#: serverguide/C/virtualization.xml:2842(para)
7618
msgid ""
7619
"If your host has a btrfs <filename>/var</filename>, the LXC administration "
7620
"tools will detect this and automatically exploit it by cloning containers "
7621
"using btrfs snapshots."
7622
msgstr ""
7623
7624
#: serverguide/C/virtualization.xml:2850(title)
7625
msgid "Apparmor"
7626
msgstr ""
7627
7628
#: serverguide/C/virtualization.xml:2851(para)
7629
msgid ""
7630
"LXC ships with an Apparmor profile intended to protect the host from "
7631
"accidental misuses of privilege inside the container. For instance, the "
7632
"container will not be able to write to <filename>/proc/sysrq-"
7633
"trigger</filename> or to most <filename>/sys</filename> files."
7634
msgstr ""
7635
7636
#: serverguide/C/virtualization.xml:2858(para)
7637
msgid ""
7638
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
7639
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
7640
"start</command> from mounting new filesystems outside of the container's "
7641
"root filesystem. Before executing the container's <command>init</command>, "
7642
"<command>LXC</command> requests a switch to the container's profile. By "
7643
"default, this profile is the <filename>lxc-container-default</filename> "
7644
"policy which is defined in <filename>/etc/apparmor.d/lxc/lxc-"
7645
"default</filename>. This profile prevents the container from accessing many "
7646
"dangerous paths, and from mounting most filesystems."
7647
msgstr ""
7648
7649
#: serverguide/C/virtualization.xml:2870(para)
7650
msgid ""
7651
"If you find that <command>lxc-start</command> is failing due to a legitimate "
7652
"access which is being denied by its Apparmor policy, you can disable the lxc-"
7653
"start profile by doing:"
7654
msgstr ""
7655
7656
#: serverguide/C/virtualization.xml:2876(screen)
7657
#, no-wrap
7658
msgid ""
7659
"\n"
7660
"sudo apparmor_parser -R /etc/apparmor.d/usr.bin.lxc-start\n"
7661
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
7662
msgstr ""
7663
7664
#: serverguide/C/virtualization.xml:2881(para)
7665
msgid ""
7666
"This will make <command>lxc-start</command> run unconfined, but continue to "
7667
"confine the container itself. If you also wish to disable confinement of the "
7668
"container, then in addition to disabling the <filename>usr.bin.lxc-"
7669
"start</filename> profile, you must add:"
7670
msgstr ""
7671
7672
#: serverguide/C/virtualization.xml:2888(screen)
7673
#, no-wrap
7674
msgid ""
7675
"\n"
7676
"lxc.aa_profile = unconfined\n"
7677
msgstr ""
7678
7679
#: serverguide/C/virtualization.xml:2892(para)
7680
msgid ""
7681
"to the container's configuration file. If you wish to run a container in a "
7682
"custom profile, you can create a new profile under "
7683
"<filename>/etc/apparmor.d/lxc/</filename>. Its name must start with "
7684
"<filename>lxc-</filename> in order for <command>lxc-start</command> to be "
7685
"allowed to transition to that profile. After creating the policy, load it "
7686
"using:"
7687
msgstr ""
7688
7689
#: serverguide/C/virtualization.xml:2901(screen)
7690
#, no-wrap
7691
msgid ""
7692
"\n"
7693
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
7694
msgstr ""
7695
7696
#: serverguide/C/virtualization.xml:2905(para)
7697
msgid ""
7698
"The profile will automatically be loaded after a reboot, because it is "
7699
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
7700
"Finally, to make container <filename>CN</filename> use this new "
7701
"<filename>lxc-CN-profile</filename>, add the following line to its "
7702
"configuration file:"
7703
msgstr ""
7704
7705
#: serverguide/C/virtualization.xml:2913(screen)
7706
#, no-wrap
7707
msgid ""
7708
"\n"
7709
"lxc.aa_profile = lxc-CN-profile\n"
7710
msgstr ""
7711
7712
#: serverguide/C/virtualization.xml:2917(para)
7713
msgid ""
7714
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
7715
"container it spawns will be confined."
7716
msgstr ""
7717
7718
#: serverguide/C/virtualization.xml:2925(title)
7719
msgid "Control Groups"
7720
msgstr ""
7721
7722
#: serverguide/C/virtualization.xml:2926(para)
7723
msgid ""
7724
"Control groups (cgroups) are a kernel feature providing hierarchical task "
7725
"grouping and per-cgroup resource accounting and limits. They are used in "
7726
"containers to limit block and character device access and to freeze "
7727
"(suspend) containers. They can be further used to limit memory use and block "
7728
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus. "
7729
"By default, LXC depends on the cgroup-lite package to be installed, which "
7730
"provides the proper cgroup initialization at boot. The cgroup-lite package "
7731
"mounts each cgroup subsystem separately under "
7732
"<filename>/sys/fs/cgroup/SS</filename>, where SS is the subsystem name. For "
7733
"instance the freezer subsystem is mounted under "
7734
"<filename>/sys/fs/cgroup/freezer</filename>. LXC cgroup are kept under "
7735
"<filename>/sys/fs/cgroup/SS/INIT/lxc</filename>, where INIT is the init "
7736
"task's cgroup. This is <filename>/</filename> by default, so in the end the "
7737
"freezer cgroup for container CN would be "
7738
"<filename>/sys/fs/cgroup/freezer/lxc/CN</filename>."
7739
msgstr ""
7740
7741
#: serverguide/C/virtualization.xml:2945(title)
7742
msgid "Privilege"
7743
msgstr ""
7744
7745
#: serverguide/C/virtualization.xml:2946(para)
7746
msgid ""
7747
"The container administration tools must be run with root user privilege. A "
7748
"utility called <filename>lxc-setup</filename> was written with the intention "
7749
"of providing the tools with the needed file capabilities to allow non-root "
7750
"users to run the tools with sufficient privilege. However, as root in a "
7751
"container cannot yet be reliably contained, this is not worthwhile. It is "
7752
"therefore recommended to not use <filename>lxc-setup</filename>, and to "
7753
"provide the LXC administrators the needed sudo privilege."
7754
msgstr ""
7755
7756
#: serverguide/C/virtualization.xml:2957(para)
7757
msgid ""
7758
"The user namespace, which is expected to be available in the next Long Term "
7759
"Support (LTS) release, will allow containment of the container root user, as "
7760
"well as reduce the amount of privilege required for creating and "
7761
"administering containers."
7762
msgstr ""
7763
7764
#: serverguide/C/virtualization.xml:2966(title)
7765
msgid "LXC Upstart Jobs"
7766
msgstr ""
7767
7768
#: serverguide/C/virtualization.xml:2967(para)
7769
msgid ""
7770
"As listed above, the <application>lxc</application> package includes two "
7771
"upstart jobs. The first, <filename>lxc-net</filename>, is always started "
7772
"when the other, <filename>lxc</filename>, is about to begin, and stops when "
7773
"it stops. If the USE_LXC_BRIDGE variable is set to false in "
7774
"<filename>/etc/defaults/lxc</filename>, then it will immediately exit. If it "
7775
"is true, and an error occurs bringing up the LXC bridge, then the "
7776
"<filename>lxc</filename> job will not start. <filename>lxc-net</filename> "
7777
"will bring down the LXC bridge when stopped, unless a container is running "
7778
"which is using that bridge."
7779
msgstr ""
7780
7781
#: serverguide/C/virtualization.xml:2978(para)
7782
msgid ""
7783
"The <filename>lxc</filename> job starts on runlevel 2-5. If the LXC_AUTO "
7784
"variable is set to true, then it will look under "
7785
"<filename>/etc/lxc</filename> for containers which should be started "
7786
"automatically. When the <filename>lxc</filename> job is stopped, either "
7787
"manually or by entering runlevel 0, 1, or 6, it will stop those containers."
7788
msgstr ""
7789
7790
#: serverguide/C/virtualization.xml:2986(para)
7791
msgid ""
7792
"To register a container to start automatically, create a symbolic link "
7793
"<filename>/etc/default/lxc/name.conf</filename> pointing to the container's "
7794
"config file. For instance, the configuration file for a container "
7795
"<filename>CN</filename> is <filename>/var/lib/lxc/CN/config</filename>. To "
7796
"make that container auto-start, use the command:"
7797
msgstr ""
7798
7799
#: serverguide/C/virtualization.xml:2995(command)
7800
msgid "sudo ln -s /var/lib/lxc/CN/config /etc/lxc/auto/CN.conf"
7801
msgstr ""
7802
7803
#: serverguide/C/virtualization.xml:3004(title)
7804
msgid "Container Administration"
7805
msgstr ""
7806
7807
#: serverguide/C/virtualization.xml:3006(title)
7808
msgid "Creating Containers"
7809
msgstr ""
7810
7811
#: serverguide/C/virtualization.xml:3008(para)
7812
msgid ""
7813
"The easiest way to create containers is using <command>lxc-create</command>. "
7814
"This script uses distribution-specific templates under "
7815
"<filename>/usr/lib/lxc/templates/</filename> to set up container-friendly "
7816
"chroots under <filename>/var/lib/lxc/CN/rootfs</filename>, and initialize "
7817
"the configuration in <filename>/var/lib/lxc/CN/fstab</filename> and "
7818
"<filename>/var/lib/lxc/CN/config</filename>, where CN is the container name"
7819
msgstr ""
7820
7821
#: serverguide/C/virtualization.xml:3017(para)
7822
msgid "The simplest container creation command would look like:"
7823
msgstr ""
7824
7825
#: serverguide/C/virtualization.xml:3022(command)
7826
msgid "sudo lxc-create -t ubuntu -n CN"
7827
msgstr ""
7828
7829
#: serverguide/C/virtualization.xml:3027(para)
7830
msgid ""
7831
"This tells lxc-create to use the ubuntu template (-t ubuntu) and to call the "
7832
"container CN (-n CN). Since no configuration file was specified (which would "
7833
"have been done with `-f file'), it will use the default configuration file "
7834
"under <filename>/etc/lxc/lxc.conf</filename>. This gives the container a "
7835
"single veth network interface attached to the lxcbr0 bridge."
7836
msgstr ""
7837
7838
#: serverguide/C/virtualization.xml:3035(para)
7839
msgid ""
7840
"The container creation templates can also accept arguments. These can be "
7841
"listed after --. For instance"
7842
msgstr ""
7843
7844
#: serverguide/C/virtualization.xml:3041(command)
7845
msgid "sudo lxc-create -t ubuntu -n oneiric1 -- -r oneiric"
7846
msgstr ""
7847
7848
#: serverguide/C/virtualization.xml:3046(para)
7849
msgid "passes the arguments '-r oneiric1' to the ubuntu template."
7850
msgstr ""
7851
7852
#: serverguide/C/virtualization.xml:3051(title)
7853
msgid "Help"
7854
msgstr ""
7855
7856
#: serverguide/C/virtualization.xml:3052(para)
7857
msgid ""
7858
"Help on the lxc-create command can be seen by using<command> lxc-create -"
7859
"h</command>. However, the templates also take their own options. If you do"
7860
msgstr ""
7861
7862
#: serverguide/C/virtualization.xml:3058(command)
7863
msgid "sudo lxc-create -t ubuntu -h"
7864
msgstr ""
7865
7866
#: serverguide/C/virtualization.xml:3063(para)
7867
msgid ""
7868
"then the general <command>lxc-create</command> help will be followed by help "
7869
"output specific to the ubuntu template. If no template is specified, then "
7870
"only help for <command>lxc-create</command> itself will be shown."
7871
msgstr ""
7872
7873
#: serverguide/C/virtualization.xml:3071(title)
7874
msgid "Ubuntu template"
7875
msgstr ""
7876
7877
#: serverguide/C/virtualization.xml:3073(para)
7878
msgid ""
7879
"The ubuntu template can be used to create Ubuntu system containers with any "
7880
"release at least as new as 10.04 LTS. It uses debootstrap to create a cached "
7881
"container filesystem which gets copied into place each time a container is "
7882
"created. The cached image is saved and only re-generated when you create a "
7883
"container using the <emphasis>-F</emphasis> (flush) option to the template, "
7884
"i.e.:"
7885
msgstr ""
7886
7887
#: serverguide/C/virtualization.xml:3083(command)
7888
msgid "sudo lxc-create -t ubuntu -n CN -- -F"
7889
msgstr ""
7890
7891
#: serverguide/C/virtualization.xml:3088(para)
7892
msgid ""
7893
"The Ubuntu release installed by the template will be the same as that on the "
7894
"host, unless otherwise specified with the <emphasis>-r</emphasis> option, "
7895
"i.e."
7896
msgstr ""
7897
7898
#: serverguide/C/virtualization.xml:3094(command)
7899
msgid "sudo lxc-create -t ubuntu -n CN -- -r lucid"
7900
msgstr ""
7901
7902
#: serverguide/C/virtualization.xml:3099(para)
7903
msgid ""
7904
"If you want to create a 32-bit container on a 64-bit host, pass <emphasis>-a "
7905
"i386</emphasis> to the container. If you have the qemu-user-static package "
7906
"installed, then you can create a container using any architecture supported "
7907
"by qemu-user-static."
7908
msgstr ""
7909
7910
#: serverguide/C/virtualization.xml:3105(para)
7911
msgid ""
7912
"The container will have a user named <emphasis>ubuntu</emphasis> whose "
7913
"password is <emphasis>ubuntu</emphasis> and who is a member of the "
7914
"<emphasis>sudo</emphasis> group. If you wish to inject a public ssh key for "
7915
"the <emphasis>ubuntu</emphasis> user, you can do so with <emphasis>-S "
7916
"sshkey.pub</emphasis>."
7917
msgstr ""
7918
7919
#: serverguide/C/virtualization.xml:3111(para)
7920
msgid ""
7921
"You can also <emphasis>bind</emphasis> user jdoe from the host into the "
7922
"container using the <emphasis>-b jdoe</emphasis> option. This will copy "
7923
"jdoe's password and shadow entries into the container, make sure his default "
7924
"group and shell are available, add him to the sudo group, and bind-mount his "
7925
"home directory into the container when the container is started."
7926
msgstr ""
7927
7928
#: serverguide/C/virtualization.xml:3119(para)
7929
msgid ""
7930
"When a container is created, the <filename>release-updates</filename> "
7931
"archive is added to the container's <filename>sources.list</filename>, and "
7932
"its package archive will be updated. If the container release is older than "
7933
"12.04 LTS, then the lxcguest package will be automatically installed. "
7934
"Alternatively, if the <emphasis>--trim</emphasis> option is specified, then "
7935
"the lxcguest package will not be installed, and many services will be "
7936
"removed from the container. This will result in a faster-booting, but less "
7937
"upgrade-able container."
7938
msgstr ""
7939
7940
#: serverguide/C/virtualization.xml:3131(title)
7941
msgid "Ubuntu-cloud template"
7942
msgstr ""
7943
7944
#: serverguide/C/virtualization.xml:3133(para)
7945
msgid ""
7946
"The ubuntu-cloud template creates Ubuntu containers by downloading and "
7947
"extracting the published Ubuntu cloud images. It accepts some of the same "
7948
"options as the ubuntu template, namely <emphasis>-r release</emphasis>, "
7949
"<emphasis>-S sshkey.pub</emphasis>, <emphasis>-a arch</emphasis>, and "
7950
"<emphasis>-F</emphasis> to flush the cached image. It also accepts a few "
7951
"extra options. The <emphasis>-C</emphasis> option will create a "
7952
"<emphasis>cloud</emphasis> container, configured for use with a metadata "
7953
"service. The <emphasis>-u</emphasis> option accepts a cloud-init user-data "
7954
"file to configure the container on start. If <emphasis>-L</emphasis> is "
7955
"passed, then no locales will be installed. The <emphasis>-T</emphasis> "
7956
"option can be used to choose a tarball location to extract in place of the "
7957
"published cloud image tarball. Finally the <emphasis>-i</emphasis> option "
7958
"sets a host id for cloud-init, which by default is set to a random string."
7959
msgstr ""
7960
7961
#: serverguide/C/virtualization.xml:3149(title)
7962
msgid "Other templates"
7963
msgstr ""
7964
7965
#: serverguide/C/virtualization.xml:3151(para)
7966
msgid ""
7967
"The ubuntu and ubuntu-cloud templates are well supported. Other templates "
7968
"are available however. The debian template creates a Debian based container, "
7969
"using debootstrap much as the ubuntu template does. By default it installs a "
7970
"<emphasis>debian squeeze</emphasis> image. An alternate release can be "
7971
"chosen by setting the SUITE environment variable, i.e.:"
7972
msgstr ""
7973
7974
#: serverguide/C/virtualization.xml:3161(command)
7975
msgid "sudo SUITE=sid lxc-create -t debian -n d1"
7976
msgstr ""
7977
7978
#: serverguide/C/virtualization.xml:3166(para)
7979
msgid ""
7980
"Since debian cannot be safely booted inside a container, debian containers "
7981
"will be trimmed as with the <emphasis>--trim</emphasis> option to the ubuntu "
7982
"template."
7983
msgstr ""
7984
7985
#: serverguide/C/virtualization.xml:3172(para)
7986
msgid ""
7987
"To purge the container image cache, call the template directly and pass it "
7988
"the <emphasis>--clean</emphasis> option."
7989
msgstr ""
7990
7991
#: serverguide/C/virtualization.xml:3178(command)
7992
msgid "sudo SUITE=sid /usr/lib/lxc/templates/lxc-debian --clean"
7993
msgstr ""
7994
7995
#: serverguide/C/virtualization.xml:3183(para)
7996
msgid ""
7997
"A fedora template exists, which creates containers based on fedora releases "
7998
"<= 14. Fedora release 15 and higher are based on systemd, which the "
7999
"template is not yet able to convert into a container-bootable setup. Before "
8000
"the fedora template is able to run, you'll need to make sure that "
8001
"<command>yum</command> and <command>curl</command> are installed. A fedora "
8002
"12 container can be created with"
8003
msgstr ""
8004
8005
#: serverguide/C/virtualization.xml:3193(command)
8006
msgid "sudo lxc-create -t fedora -n fedora12 -- -R 12"
8007
msgstr ""
8008
8009
#: serverguide/C/virtualization.xml:3198(para)
8010
msgid ""
8011
"A OpenSuSE template exists, but it requires the <command>zypper</command> "
8012
"program, which is not yet packaged. The OpenSuSE template is therefore not "
8013
"supported."
8014
msgstr ""
8015
8016
#: serverguide/C/virtualization.xml:3204(para)
8017
msgid ""
8018
"Two more templates exist mainly for experimental purposes. The busybox "
8019
"template creates a very small system container based entirely on busybox. "
8020
"The sshd template creates an application container running sshd in a private "
8021
"network namespace. The host's library and binary directories are bind-"
8022
"mounted into the container, though not its <filename>/home</filename> or "
8023
"<filename>/root</filename>. To create, start, and ssh into an ssh container, "
8024
"you might:"
8025
msgstr ""
8026
8027
#: serverguide/C/virtualization.xml:3216(command)
8028
msgid ""
8029
"sudo lxc-create -t sshd -n ssh1 ssh-keygen -f id sudo mkdir "
8030
"/var/lib/lxc/ssh1/rootfs/root/.ssh sudo cp id.pub "
8031
"/var/lib/lxc/ssh1/rootfs/root/.ssh/authorized_keys sudo lxc-start -n ssh1 -d "
8032
"ssh -i id root@ssh1."
8033
msgstr ""
8034
8035
#: serverguide/C/virtualization.xml:3229(title)
8036
msgid "Backing Stores"
8037
msgstr ""
8038
8039
#: serverguide/C/virtualization.xml:3231(para)
8040
msgid ""
8041
"By default, <command>lxc-create</command> places the container's root "
8042
"filesystem as a directory tree at "
8043
"<filename>/var/lib/lxc/CN/rootfs.</filename> Another option is to use LVM "
8044
"logical volumes. If a volume group named <emphasis>lxc</emphasis> exists, "
8045
"you can create an lvm-backed container called CN using:"
8046
msgstr ""
8047
8048
#: serverguide/C/virtualization.xml:3239(command)
8049
msgid "sudo lxc-create -t ubuntu -n CN -B lvm"
8050
msgstr ""
8051
8052
#: serverguide/C/virtualization.xml:3244(para)
8053
msgid ""
8054
"If you want to use a volume group named schroots, with a 5G xfs filesystem, "
8055
"then you would use"
8056
msgstr ""
8057
8058
#: serverguide/C/virtualization.xml:3250(command)
8059
msgid ""
8060
"sudo lxc-create -t ubuntu -n CN -B lvm --vgname schroots --fssize 5G --"
8061
"fstype xfs"
8062
msgstr ""
8063
8064
#: serverguide/C/virtualization.xml:3259(title)
8065
msgid "Cloning"
8066
msgstr ""
8067
8068
#: serverguide/C/virtualization.xml:3261(para)
8069
msgid ""
8070
"For rapid provisioning, you may wish to customize a canonical container "
8071
"according to your needs and then make multiple copies of it. This can be "
8072
"done with the <command>lxc-clone</command> program. Given an existing "
8073
"container called C1, a new container called C2 can be created using"
8074
msgstr ""
8075
8076
#: serverguide/C/virtualization.xml:3271(command)
8077
msgid "sudo lxc-clone -o C1 -n C2"
8078
msgstr ""
8079
8080
#: serverguide/C/virtualization.xml:3276(para)
8081
msgid ""
8082
"If <filename>/var/lib/lxc</filename> is a btrfs filesystem, then "
8083
"<command>lxc-clone</command> will create C2's filesystem as a snapshot of "
8084
"C1's. If the container's root filesystem is lvm backed, then you can specify "
8085
"the <emphasis>-s</emphasis> option to create the new rootfs as a lvm "
8086
"snapshot of the original as follows:"
8087
msgstr ""
8088
8089
#: serverguide/C/virtualization.xml:3285(command)
8090
msgid "sudo lxc-clone -s -o C1 -n C2"
8091
msgstr ""
8092
8093
#: serverguide/C/virtualization.xml:3290(para)
8094
msgid ""
8095
"Both lvm and btrfs snapshots will provide fast cloning with very small "
8096
"initial disk usage."
8097
msgstr ""
8098
8099
#: serverguide/C/virtualization.xml:3297(title)
8100
msgid "Starting and stopping"
8101
msgstr ""
8102
8103
#: serverguide/C/virtualization.xml:3299(para)
8104
msgid ""
8105
"To start a container, use <command>lxc-start -n CN</command>. By default "
8106
"<command>lxc-start</command> will execute <filename>/sbin/init</filename> in "
8107
"the container. You can provide a different program to execute, plus "
8108
"arguments, as further arguments to <command>lxc-start</command>:"
8109
msgstr ""
8110
8111
#: serverguide/C/virtualization.xml:3307(command)
8112
msgid "sudo lxc-start -n container /sbin/init loglevel=debug"
8113
msgstr ""
8114
8115
#: serverguide/C/virtualization.xml:3312(para)
8116
msgid ""
8117
"If you do not specify the <emphasis>-d</emphasis> (daemon) option, then you "
8118
"will see a console (on the container's <filename>/dev/console</filename>, "
8119
"see <xref linkend=\"lxc-consoles\"/> for more information) on the terminal. "
8120
"If you specify the <emphasis>-d</emphasis> option, you will not see that "
8121
"console, and lxc-start will immediately exit success - even if a later part "
8122
"of container startup has failed. You can use <command>lxc-wait</command> or "
8123
"<command>lxc-monitor</command> (see <xref linkend=\"lxc-monitoring\"/>) to "
8124
"check on the success or failure of the container startup."
8125
msgstr ""
8126
8127
#: serverguide/C/virtualization.xml:3324(para)
8128
msgid ""
8129
"To obtain LXC debugging information, use <emphasis>-o filename -l "
8130
"debuglevel</emphasis>, for instance:"
8131
msgstr ""
8132
8133
#: serverguide/C/virtualization.xml:3330(command)
8134
msgid "sudo lxc-start -o lxc.debug -l DEBUG -n container"
8135
msgstr ""
8136
8137
#: serverguide/C/virtualization.xml:3335(para)
8138
msgid ""
8139
"Finally, you can specify configuration parameters inline using <emphasis>-"
8140
"s</emphasis>. However, it is generally recommended to place them in the "
8141
"container's configuration file instead. Likewise, an entirely alternate "
8142
"config file can be specified with the <emphasis>-f</emphasis> option, but "
8143
"this is not generally recommended."
8144
msgstr ""
8145
8146
#: serverguide/C/virtualization.xml:3343(para)
8147
msgid ""
8148
"While <command>lxc-start</command> runs the container's "
8149
"<filename>/sbin/init</filename>, <command>lxc-execute</command> uses a "
8150
"minimal init program called <command>lxc-init</command>, which attempts to "
8151
"mount <filename>/proc</filename>, <filename>/dev/mqueue</filename>, and "
8152
"<filename>/dev/shm</filename>, executes the programs specified on the "
8153
"command line, and waits for those to finish executing. <command>lxc-"
8154
"start</command> is intended to be used for <emphasis>system "
8155
"containers</emphasis>, while <command>lxc-execute</command> is intended for "
8156
"<emphasis>application containers</emphasis> (see <ulink "
8157
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-containers/\"> "
8158
"this article</ulink> for more)."
8159
msgstr ""
8160
8161
#: serverguide/C/virtualization.xml:3356(para)
8162
msgid ""
8163
"You can stop a container several ways. You can use "
8164
"<command>shutdown</command>, <command>poweroff</command> and "
8165
"<command>reboot</command> while logged into the container. To cleanly shut "
8166
"down a container externally (i.e. from the host), you can issue the "
8167
"<command>sudo lxc-shutdown -n CN</command> command. This takes an optional "
8168
"timeout value. If not specified, the command issues a SIGPWR signal to the "
8169
"container and immediately returns. If the option is used, as in "
8170
"<command>sudo lxc-shutdown -n CN -t 10</command>, then the command will wait "
8171
"the specified number of seconds for the container to cleanly shut down. "
8172
"Then, if the container is still running, it will kill it (and any running "
8173
"applications). You can also immediately kill the container (without any "
8174
"chance for applications to cleanly shut down) using <command>sudo lxc-stop -"
8175
"n CN</command>. Finally, <command>lxc-kill</command> can be used more "
8176
"generally to send any signal number to the container's init."
8177
msgstr ""
8178
8179
#: serverguide/C/virtualization.xml:3373(para)
8180
msgid ""
8181
"While the container is shutting down, you can expect to see some (harmless) "
8182
"error messages, as follows:"
8183
msgstr ""
8184
8185
#: serverguide/C/virtualization.xml:3378(screen)
8186
#, no-wrap
8187
msgid ""
8188
"\n"
8189
"$ sudo poweroff\n"
8190
"[sudo] password for ubuntu: =\n"
8191
"\n"
8192
"$ =\n"
8193
"\n"
8194
"Broadcast message from ubuntu@cn1\n"
8195
" (/dev/lxc/console) at 18:17 ...\n"
8196
"\n"
8197
"The system is going down for power off NOW!\n"
8198
" * Asking all remaining processes to terminate...\n"
8199
" ...done.\n"
8200
" * All processes ended within 1 seconds....\n"
8201
" ...done.\n"
8202
" * Deconfiguring network interfaces...\n"
8203
" ...done.\n"
8204
" * Deactivating swap...\n"
8205
" ...fail!\n"
8206
"umount: /run/lock: not mounted\n"
8207
"umount: /dev/shm: not mounted\n"
8208
"mount: / is busy\n"
8209
" * Will now halt\n"
8210
msgstr ""
8211
8212
#: serverguide/C/virtualization.xml:3402(para)
8213
msgid ""
8214
"A container can be frozen with <command>sudo lxc-freeze -n CN</command>. "
8215
"This will block all its processes until the container is later unfrozen "
8216
"using <command>sudo lxc-unfreeze -n CN</command>."
8217
msgstr ""
8218
8219
#: serverguide/C/virtualization.xml:3411(title)
8220
msgid "Monitoring container status"
8221
msgstr ""
8222
8223
#: serverguide/C/virtualization.xml:3413(para)
8224
msgid ""
8225
"Two commands are available to monitor container state changes. <command>lxc-"
8226
"monitor</command> monitors one or more containers for any state changes. It "
8227
"takes a container name as usual with the <emphasis>-n</emphasis> option, but "
8228
"in this case the container name can be a posix regular expression to allow "
8229
"monitoring desirable sets of containers. <command>lxc-monitor</command> "
8230
"continues running as it prints container changes. <command>lxc-"
8231
"wait</command> waits for a specific state change and then exits. For "
8232
"instance,"
8233
msgstr ""
8234
8235
#: serverguide/C/virtualization.xml:3426(command)
8236
msgid "sudo lxc-monitor -n cont[0-5]*"
8237
msgstr ""
8238
8239
#: serverguide/C/virtualization.xml:3431(para)
8240
msgid ""
8241
"would print all state changes to any containers matching the listed regular "
8242
"expression, whereas"
8243
msgstr ""
8244
8245
#: serverguide/C/virtualization.xml:3437(command)
8246
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
8247
msgstr ""
8248
8249
#: serverguide/C/virtualization.xml:3442(para)
8250
msgid ""
8251
"will wait until container cont1 enters state STOPPED or state FROZEN and "
8252
"then exit."
8253
msgstr ""
8254
8255
#: serverguide/C/virtualization.xml:3449(title)
8256
msgid "Consoles"
8257
msgstr ""
8258
8259
#: serverguide/C/virtualization.xml:3451(para)
8260
msgid ""
8261
"Containers have a configurable number of consoles. One always exists on the "
8262
"container's <filename>/dev/console.</filename> This is shown on the terminal "
8263
"from which you ran <command>lxc-start</command>, unless the <emphasis>-"
8264
"d</emphasis> option is specified. The output on "
8265
"<filename>/dev/console</filename> can be redirected to a file using the "
8266
"<emphasis>-c console-file</emphasis> option to <command>lxc-start</command>. "
8267
"The number of extra consoles is specified by the <command>lxc.tty</command> "
8268
"variable, and is usually set to 4. Those consoles are shown on "
8269
"<filename>/dev/ttyN</filename> (for 1 <= N <= 4). To log into console "
8270
"3 from the host, use"
8271
msgstr ""
8272
8273
#: serverguide/C/virtualization.xml:3464(command)
8274
msgid "sudo lxc-console -n container -t 3"
8275
msgstr ""
8276
8277
#: serverguide/C/virtualization.xml:3469(para)
8278
msgid ""
8279
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
8280
"console will be automatically chosen. To exit the console, use the escape "
8281
"sequence Ctrl-a q. Note that the escape sequence does not work in the "
8282
"console resulting from <command>lxc-start</command> without the <emphasis>-"
8283
"d</emphasis> option."
8284
msgstr ""
8285
8286
#: serverguide/C/virtualization.xml:3477(para)
8287
msgid ""
8288
"Each container console is actually a Unix98 pty in the host's (not the "
8289
"guest's) pty mount, bind-mounted over the guest's "
8290
"<filename>/dev/ttyN</filename> and <filename>/dev/console</filename>. "
8291
"Therefore, if the guest unmounts those or otherwise tries to access the "
8292
"actual character device <command>4:N</command>, it will not be serving getty "
8293
"to the LXC consoles. (With the default settings, the container will not be "
8294
"able to access that character device and getty will therefore fail.) This "
8295
"can easily happen when a boot script blindly mounts a new "
8296
"<filename>/dev</filename>."
8297
msgstr ""
8298
8299
#: serverguide/C/virtualization.xml:3491(title)
8300
msgid "Container Inspection"
8301
msgstr ""
8302
8303
#: serverguide/C/virtualization.xml:3493(para)
8304
msgid ""
8305
"Several commands are available to gather information on existing containers. "
8306
"<command>lxc-ls</command> will report all existing containers in its first "
8307
"line of output, and all running containers in the second line. <command>lxc-"
8308
"list</command> provides the same information in a more verbose format, "
8309
"listing running containers first and stopped containers next. <command>lxc-"
8310
"ps</command> will provide lists of processes in containers. To provide "
8311
"<command>ps</command> arguments to <command>lxc-ps</command>, prepend them "
8312
"with <command>--</command>. For instance, for listing of all processes in "
8313
"container plain,"
8314
msgstr ""
8315
8316
#: serverguide/C/virtualization.xml:3506(command)
8317
msgid "sudo lxc-ps -n plain -- -ef"
8318
msgstr ""
8319
8320
#: serverguide/C/virtualization.xml:3511(para)
8321
msgid ""
8322
"<command>lxc-info</command> provides the state of a container and the pid of "
8323
"its init process. <command>lxc-cgroup</command> can be used to query or set "
8324
"the values of a container's control group limits and information. This can "
8325
"be more convenient than interacting with the <command>cgroup</command> "
8326
"filesystem. For instance, to query the list of devices which a running "
8327
"container is allowed to access, you could use"
8328
msgstr ""
8329
8330
#: serverguide/C/virtualization.xml:3521(command)
8331
msgid "sudo lxc-cgroup -n CN devices.list"
8332
msgstr ""
8333
8334
#: serverguide/C/virtualization.xml:3526(para)
8335
msgid ""
8336
"or to add mknod, read, and write access to <filename>/dev/sda</filename>,"
8337
msgstr ""
8338
8339
#: serverguide/C/virtualization.xml:3531(command)
8340
msgid "sudo lxc-cgroup -n CN devices.allow \"b 8:* rwm\""
8341
msgstr ""
8342
8343
#: serverguide/C/virtualization.xml:3536(para)
8344
msgid "and, to limit it to 300M of RAM,"
8345
msgstr ""
8346
8347
#: serverguide/C/virtualization.xml:3541(command)
8348
msgid "lxc-cgroup -n CN memory.limit_in_bytes 300000000"
8349
msgstr ""
8350
8351
#: serverguide/C/virtualization.xml:3546(para)
8352
msgid ""
8353
"<command>lxc-netstat</command> executes <command>netstat</command> in the "
8354
"running container, giving you a glimpse of its network state."
8355
msgstr ""
8356
8357
#: serverguide/C/virtualization.xml:3551(para)
8358
msgid ""
8359
"<command>lxc-backup</command> will create backups of the root filesystems of "
8360
"all existing containers (except lvm-based ones), using "
8361
"<command>rsync</command> to back the contents up under "
8362
"<filename>/var/lib/lxc/CN/rootfs.backup.1</filename>. These backups can be "
8363
"restored using <command>lxc-restore.</command> However, <command>lxc-"
8364
"backup</command> and <command>lxc-restore</command> are fragile with respect "
8365
"to customizations and therefore their use is not recommended."
8366
msgstr ""
8367
8368
#: serverguide/C/virtualization.xml:3565(title)
8369
msgid "Destroying containers"
8370
msgstr ""
8371
8372
#: serverguide/C/virtualization.xml:3567(para)
8373
msgid "Use <command>lxc-destroy</command> to destroy an existing container."
8374
msgstr ""
8375
8376
#: serverguide/C/virtualization.xml:3572(command)
8377
msgid "sudo lxc-destroy -n CN"
8378
msgstr ""
8379
8380
#: serverguide/C/virtualization.xml:3577(para)
8381
msgid ""
8382
"If the container is running, <command>lxc-destroy</command> will exit with a "
8383
"message informing you that you can force stopping and destroying the "
8384
"container with"
8385
msgstr ""
8386
8387
#: serverguide/C/virtualization.xml:3584(command)
8388
msgid "sudo lxc-destroy -n CN -f"
8389
msgstr ""
8390
8391
#: serverguide/C/virtualization.xml:3592(title)
8392
msgid "Advanced namespace usage"
8393
msgstr ""
8394
8395
#: serverguide/C/virtualization.xml:3594(para)
8396
msgid ""
8397
"One of the Linux kernel features used by LXC to create containers is private "
8398
"namespaces. Namespaces allow a set of tasks to have private mappings of "
8399
"names to resources for things like pathnames and process IDs. (See <xref "
8400
"linkend=\"lxc-resources\"/> for a link to more information). Unlike control "
8401
"groups and other mount features which are also used to create containers, "
8402
"namespaces cannot be manipulated using a filesystem interface. Therefore, "
8403
"LXC ships with the <command>lxc-unshare</command> program, which is mainly "
8404
"for testing. It provides the ability to create new tasks in private "
8405
"namespaces. For instance,"
8406
msgstr ""
8407
8408
#: serverguide/C/virtualization.xml:3607(command)
8409
msgid "sudo lxc-unshare -s 'MOUNT|PID' /bin/bash"
8410
msgstr ""
8411
8412
#: serverguide/C/virtualization.xml:3612(para)
8413
msgid ""
8414
"creates a bash shell with private pid and mount namespaces. In this shell, "
8415
"you can do"
8416
msgstr ""
8417
8418
#: serverguide/C/virtualization.xml:3617(screen)
8419
#, no-wrap
8420
msgid ""
8421
"\n"
8422
"root@ubuntu:~# mount -t proc proc /proc\n"
8423
"root@ubuntu:~# ps -ef\n"
8424
"UID PID PPID C STIME TTY TIME CMD\n"
8425
"root 1 0 6 10:20 pts/9 00:00:00 /bin/bash\n"
8426
"root 110 1 0 10:20 pts/9 00:00:00 ps -ef\n"
8427
msgstr ""
8428
8429
#: serverguide/C/virtualization.xml:3625(para)
8430
msgid ""
8431
"so that <command>ps</command> shows only the tasks in your new namespace."
8432
msgstr ""
8433
8434
#: serverguide/C/virtualization.xml:3631(title)
8435
msgid "Ephemeral containers"
8436
msgstr ""
8437
8438
#: serverguide/C/virtualization.xml:3633(para)
8439
msgid ""
8440
"Ephemeral containers are one-time containers. Given an existing container "
8441
"CN, you can run a command in an ephemeral container created based on CN, "
8442
"with the host's jdoe user bound into the container, using:"
8443
msgstr ""
8444
8445
#: serverguide/C/virtualization.xml:3641(command)
8446
msgid "lxc-start-ephemeral -b jdoe -o CN -- /home/jdoe/run_my_job"
8447
msgstr ""
8448
8449
#: serverguide/C/virtualization.xml:3646(para)
8450
msgid "When the job is finished, the container will be discarded."
8451
msgstr ""
8452
8453
#: serverguide/C/virtualization.xml:3652(title)
8454
msgid "Container Commands"
8455
msgstr ""
8456
8457
#: serverguide/C/virtualization.xml:3653(para)
8458
msgid "Following is a table of all container commands:"
8459
msgstr ""
8460
8461
#: serverguide/C/virtualization.xml:3657(title)
8462
msgid "Container commands"
8463
msgstr ""
8464
8465
#: serverguide/C/virtualization.xml:3663(para)
8466
msgid "Command"
8467
msgstr ""
8468
8469
#: serverguide/C/virtualization.xml:3664(para)
8470
msgid "Synopsis"
8471
msgstr ""
8472
8473
#: serverguide/C/virtualization.xml:3669(para)
8474
msgid "lxc-attach"
8475
msgstr ""
8476
8477
#: serverguide/C/virtualization.xml:3670(para)
8478
msgid "(NOT SUPPORTED) Run a command in a running container"
8479
msgstr ""
8480
8481
#: serverguide/C/virtualization.xml:3673(para)
8482
msgid "lxc-backup"
8483
msgstr ""
8484
8485
#: serverguide/C/virtualization.xml:3674(para)
8486
msgid "Back up the root filesystems for all lvm-backed containers"
8487
msgstr ""
8488
8489
#: serverguide/C/virtualization.xml:3677(para)
8490
msgid "lxc-cgroup"
8491
msgstr ""
8492
8493
#: serverguide/C/virtualization.xml:3678(para)
8494
msgid "View and set container control group settings"
8495
msgstr ""
8496
8497
#: serverguide/C/virtualization.xml:3681(para)
8498
msgid "lxc-checkconfig"
8499
msgstr ""
8500
8501
#: serverguide/C/virtualization.xml:3682(para)
8502
msgid "Verify host support for containers"
8503
msgstr ""
8504
8505
#: serverguide/C/virtualization.xml:3685(para)
8506
msgid "lxc-checkpoint"
8507
msgstr ""
8508
8509
#: serverguide/C/virtualization.xml:3686(para)
8510
msgid "(NOT SUPPORTED) Checkpoint a running container"
8511
msgstr ""
8512
8513
#: serverguide/C/virtualization.xml:3689(para)
8514
msgid "lxc-clone"
8515
msgstr ""
8516
8517
#: serverguide/C/virtualization.xml:3690(para)
8518
msgid "Clone a new container from an existing one"
8519
msgstr ""
8520
8521
#: serverguide/C/virtualization.xml:3693(para)
8522
msgid "lxc-console"
8523
msgstr ""
8524
8525
#: serverguide/C/virtualization.xml:3694(para)
8526
msgid "Open a console in a running container"
8527
msgstr ""
8528
8529
#: serverguide/C/virtualization.xml:3697(para)
8530
msgid "lxc-create"
8531
msgstr ""
8532
8533
#: serverguide/C/virtualization.xml:3698(para)
8534
msgid "Create a new container"
8535
msgstr ""
8536
8537
#: serverguide/C/virtualization.xml:3701(para)
8538
msgid "lxc-destroy"
8539
msgstr ""
8540
8541
#: serverguide/C/virtualization.xml:3702(para)
8542
msgid "Destroy an existing container"
8543
msgstr ""
8544
8545
#: serverguide/C/virtualization.xml:3705(para)
8546
msgid "lxc-execute"
8547
msgstr ""
8548
8549
#: serverguide/C/virtualization.xml:3706(para)
8550
msgid "Run a command in a (not running) application container"
8551
msgstr ""
8552
8553
#: serverguide/C/virtualization.xml:3709(para)
8554
msgid "lxc-freeze"
8555
msgstr ""
8556
8557
#: serverguide/C/virtualization.xml:3710(para)
8558
msgid "Freeze a running container"
8559
msgstr ""
8560
8561
#: serverguide/C/virtualization.xml:3713(para)
8562
msgid "lxc-info"
8563
msgstr ""
8564
8565
#: serverguide/C/virtualization.xml:3714(para)
8566
msgid "Print information on the state of a container"
8567
msgstr ""
8568
8569
#: serverguide/C/virtualization.xml:3717(para)
8570
msgid "lxc-kill"
8571
msgstr ""
8572
8573
#: serverguide/C/virtualization.xml:3718(para)
8574
msgid "Send a signal to a container's init"
8575
msgstr ""
8576
8577
#: serverguide/C/virtualization.xml:3721(para)
8578
msgid "lxc-list"
8579
msgstr ""
8580
8581
#: serverguide/C/virtualization.xml:3722(para)
8582
msgid "List all containers"
8583
msgstr ""
8584
8585
#: serverguide/C/virtualization.xml:3725(para)
8586
msgid "lxc-ls"
8587
msgstr ""
8588
8589
#: serverguide/C/virtualization.xml:3726(para)
8590
msgid "List all containers with shorter output than lxc-list"
8591
msgstr ""
8592
8593
#: serverguide/C/virtualization.xml:3729(para)
8594
msgid "lxc-monitor"
8595
msgstr ""
8596
8597
#: serverguide/C/virtualization.xml:3730(para)
8598
msgid "Monitor state changes of one or more containers"
8599
msgstr ""
8600
8601
#: serverguide/C/virtualization.xml:3733(para)
8602
msgid "lxc-netstat"
8603
msgstr ""
8604
8605
#: serverguide/C/virtualization.xml:3734(para)
8606
msgid "Execute netstat in a running container"
8607
msgstr ""
8608
8609
#: serverguide/C/virtualization.xml:3737(para)
8610
msgid "lxc-ps"
8611
msgstr ""
8612
8613
#: serverguide/C/virtualization.xml:3738(para)
8614
msgid "View process info in a running container"
8615
msgstr ""
8616
8617
#: serverguide/C/virtualization.xml:3741(para)
8618
msgid "lxc-restart"
8619
msgstr ""
8620
8621
#: serverguide/C/virtualization.xml:3742(para)
8622
msgid "(NOT SUPPORTED) Restart a checkpointed container"
8623
msgstr ""
8624
8625
#: serverguide/C/virtualization.xml:3745(para)
8626
msgid "lxc-restore"
8627
msgstr ""
8628
8629
#: serverguide/C/virtualization.xml:3746(para)
8630
msgid "Restore containers from backups made by lxc-backup"
8631
msgstr ""
8632
8633
#: serverguide/C/virtualization.xml:3749(para)
8634
msgid "lxc-setcap"
8635
msgstr ""
8636
8637
#: serverguide/C/virtualization.xml:3750(para)
8638
msgid "(NOT RECOMMENDED) Set file capabilities on LXC tools"
8639
msgstr ""
8640
8641
#: serverguide/C/virtualization.xml:3753(para)
8642
msgid "lxc-setuid"
8643
msgstr ""
8644
8645
#: serverguide/C/virtualization.xml:3754(para)
8646
msgid "(NOT RECOMMENDED) Set or remove setuid bits on LXC tools"
8647
msgstr ""
8648
8649
#: serverguide/C/virtualization.xml:3757(para)
8650
msgid "lxc-shutdown"
8651
msgstr ""
8652
8653
#: serverguide/C/virtualization.xml:3758(para)
8654
msgid "Safely shut down a container"
8655
msgstr ""
8656
8657
#: serverguide/C/virtualization.xml:3761(para)
8658
msgid "lxc-start"
8659
msgstr ""
8660
8661
#: serverguide/C/virtualization.xml:3762(para)
8662
msgid "Start a stopped container"
8663
msgstr ""
8664
8665
#: serverguide/C/virtualization.xml:3765(para)
8666
msgid "lxc-start-ephemeral"
8667
msgstr ""
8668
8669
#: serverguide/C/virtualization.xml:3766(para)
8670
msgid "Start an ephemeral (one-time) container"
8671
msgstr ""
8672
8673
#: serverguide/C/virtualization.xml:3769(para)
8674
msgid "lxc-stop"
8675
msgstr ""
8676
8677
#: serverguide/C/virtualization.xml:3770(para)
8678
msgid "Immediately stop a running container"
8679
msgstr ""
8680
8681
#: serverguide/C/virtualization.xml:3773(para)
8682
msgid "lxc-unfreeze"
8683
msgstr ""
8684
8685
#: serverguide/C/virtualization.xml:3774(para)
8686
msgid "Unfreeze a frozen container"
8687
msgstr ""
8688
8689
#: serverguide/C/virtualization.xml:3777(para)
8690
msgid "lxc-unshare"
8691
msgstr ""
8692
8693
#: serverguide/C/virtualization.xml:3778(para)
8694
msgid "Testing tool to manually unshare namespaces"
8695
msgstr ""
8696
8697
#: serverguide/C/virtualization.xml:3781(para)
8698
msgid "lxc-version"
8699
msgstr ""
8700
8701
#: serverguide/C/virtualization.xml:3782(para)
8702
msgid "Print the version of the LXC tools"
8703
msgstr ""
8704
8705
#: serverguide/C/virtualization.xml:3785(para)
8706
msgid "lxc-wait"
8707
msgstr ""
8708
8709
#: serverguide/C/virtualization.xml:3786(para)
8710
msgid "Wait for a container to reach a particular state"
8711
msgstr ""
8712
8713
#: serverguide/C/virtualization.xml:3796(title)
8714
msgid "Configuration File"
8715
msgstr ""
8716
8717
#: serverguide/C/virtualization.xml:3798(para)
8718
msgid ""
8719
"LXC containers are very flexible. The Ubuntu <application>lxc</application> "
8720
"package sets defaults to make creation of Ubuntu system containers as simple "
8721
"as possible. If you need more flexibility, this chapter will show how to "
8722
"fine-tune your containers as you need."
8723
msgstr ""
8724
8725
#: serverguide/C/virtualization.xml:3805(para)
8726
msgid ""
8727
"Detailed information is available in the <command>lxc.conf(5)</command> man "
8728
"page. Note that the default configurations created by the ubuntu templates "
8729
"are reasonable for a system container and usually do not need customization."
8730
msgstr ""
8731
8732
#: serverguide/C/virtualization.xml:3813(title)
8733
msgid "Choosing configuration files and options"
8734
msgstr ""
8735
8736
#: serverguide/C/virtualization.xml:3815(para)
8737
msgid ""
8738
"The container setup is controlled by the LXC configuration options. Options "
8739
"can be specified at several points:"
8740
msgstr ""
8741
8742
#: serverguide/C/virtualization.xml:3821(para)
8743
msgid ""
8744
"During container creation, a configuration file can be specified. However, "
8745
"creation templates often insert their own configuration options, so we "
8746
"usually specify only network configuration options at this point. For other "
8747
"configuration, it is usually better to edit the configuration file after "
8748
"container creation."
8749
msgstr ""
8750
8751
#: serverguide/C/virtualization.xml:3829(para)
8752
msgid ""
8753
"The file <filename>/var/lib/lxc/CN/config</filename> is used at container "
8754
"startup by default."
8755
msgstr ""
8756
8757
#: serverguide/C/virtualization.xml:3834(para)
8758
msgid ""
8759
"<command>lxc-start</command> accepts an alternate configuration file with "
8760
"the <emphasis>-f filename</emphasis> option."
8761
msgstr ""
8762
8763
#: serverguide/C/virtualization.xml:3839(para)
8764
msgid ""
8765
"Specific configuration variables can be overridden at <command>lxc-"
8766
"start</command> using <emphasis>-s key=value</emphasis>. It is generally "
8767
"better to edit the container configuration file."
8768
msgstr ""
8769
8770
#: serverguide/C/virtualization.xml:3850(title) serverguide/C/network-config.xml:27(title)
8771
msgid "Network Configuration"
8772
msgstr ""
8773
8774
#: serverguide/C/virtualization.xml:3852(para)
8775
msgid ""
8776
"Container networking in LXC is very flexible. It is triggered by the "
8777
"<command>lxc.network.type</command> configuration file entries. If no such "
8778
"entries exist, then the container will share the host's networking stack. "
8779
"Services and connections started in the container will be using the host's "
8780
"IP address. If at least one <command>lxc.network.type</command> entry is "
8781
"present, then the container will have a private (layer 2) network stack. It "
8782
"will have its own network interfaces and firewall rules. There are several "
8783
"options for <command>lxc.network.type</command>:"
8784
msgstr ""
8785
8786
#: serverguide/C/virtualization.xml:3865(para)
8787
msgid ""
8788
"<command>lxc.network.type=empty</command>: The container will have no "
8789
"network interfaces other than loopback."
8790
msgstr ""
8791
8792
#: serverguide/C/virtualization.xml:3870(para)
8793
msgid ""
8794
"<command>lxc.network.type=veth</command>: This is the default when using the "
8795
"ubuntu or ubuntu-cloud templates, and creates a veth network tunnel. One end "
8796
"of this tunnel becomes the network interface inside the container. The other "
8797
"end is attached to a bridged on the host. Any number of such tunnels can be "
8798
"created by adding more <command>lxc.network.type=veth</command> entries in "
8799
"the container configuration file. The bridge to which the host end of the "
8800
"tunnel will be attached is specified with <command>lxc.network.link = "
8801
"lxcbr0</command>."
8802
msgstr ""
8803
8804
#: serverguide/C/virtualization.xml:3882(para)
8805
msgid ""
8806
"<command>lxc.network.type=phys</command> A physical network interface (i.e. "
8807
"eth2) is passed into the container."
8808
msgstr ""
8809
8810
#: serverguide/C/virtualization.xml:3888(para)
8811
msgid ""
8812
"Two other options are to use vlan or macvlan, however their use is more "
8813
"complicated and is not described here. A few other networking options exist:"
8814
msgstr ""
8815
8816
#: serverguide/C/virtualization.xml:3895(para)
8817
msgid ""
8818
"<command>lxc.network.flags</command> can only be set to "
8819
"<emphasis>up</emphasis> and ensures that the network interface is up."
8820
msgstr ""
8821
8822
#: serverguide/C/virtualization.xml:3899(para)
8823
msgid ""
8824
"<command>lxc.network.hwaddr</command> specifies a mac address to assign the "
8825
"the nic inside the container."
8826
msgstr ""
8827
8828
#: serverguide/C/virtualization.xml:3904(para)
8829
msgid ""
8830
"<command>lxc.network.ipv4</command> and <command>lxc.network.ipv6</command> "
8831
"set the respective IP addresses, if those should be static."
8832
msgstr ""
8833
8834
#: serverguide/C/virtualization.xml:3909(para)
8835
msgid ""
8836
"<command>lxc.network.name</command> specifies a name to assign inside the "
8837
"container. If this is not specified, a good default (i.e. eth0 for the first "
8838
"nic) is chosen."
8839
msgstr ""
8840
8841
#: serverguide/C/virtualization.xml:3915(para)
8842
msgid ""
8843
"<command>lxc.network.lxcscript.up</command> specifies a script to be called "
8844
"after the host side of the networking has been set up. See the "
8845
"<command>lxc.conf(5)</command> manual page for details."
8846
msgstr ""
8847
8848
#: serverguide/C/virtualization.xml:3925(title)
8849
msgid "Control group configuration"
8850
msgstr ""
8851
8852
#: serverguide/C/virtualization.xml:3927(para)
8853
msgid ""
8854
"Cgroup options can be specified using <command>lxc.cgroup</command> entries. "
8855
"<command>lxc.cgroup.subsystem.item = value</command> instructs LXC to set "
8856
"cgroup <command>subsystem</command>'s <command>item</command> to "
8857
"<command>value</command>. It is perhaps simpler to realize that this will "
8858
"simply write <command>value</command> to the file <command>item</command> "
8859
"for the container's control group for subsystem "
8860
"<command>subsystem</command>. For instance, to set the memory limit to 320M, "
8861
"you could add"
8862
msgstr ""
8863
8864
#: serverguide/C/virtualization.xml:3939(command)
8865
msgid "lxc.cgroup.memory.limit_in_bytes = 320000000"
8866
msgstr ""
8867
8868
#: serverguide/C/virtualization.xml:3944(para)
8869
msgid ""
8870
"which will cause 320000000 to be written to the file "
8871
"<filename>/sys/fs/cgroup/memory/lxc/CN/limit_in_bytes</filename>."
8872
msgstr ""
8873
8874
#: serverguide/C/virtualization.xml:3951(title)
8875
msgid "Rootfs, mounts and fstab"
8876
msgstr ""
8877
8878
#: serverguide/C/virtualization.xml:3953(para)
8879
msgid ""
8880
"An important part of container setup is the mounting of various filesystems "
8881
"into place. The following is an example configuration file excerpt "
8882
"demonstrating the commonly used configuration options:"
8883
msgstr ""
8884
8885
#: serverguide/C/virtualization.xml:3960(command)
8886
msgid ""
8887
"lxc.rootfs = /var/lib/lxc/CN/rootfs lxc.mount.entry=proc "
8888
"/var/lib/lxc/CN/rootfs/proc proc nodev,noexec,nosuid 0 0 lxc.mount = "
8889
"/var/lib/lxc/CN/fstab"
8890
msgstr ""
8891
8892
#: serverguide/C/virtualization.xml:3967(para)
8893
msgid ""
8894
"The first line says that the container's root filesystem is already mounted "
8895
"at <filename>/var/lib/lxc/CN/rootfs</filename>. If the filesystem is a block "
8896
"device (such as an LVM logical volume), then the path to the block device "
8897
"must be given instead."
8898
msgstr ""
8899
8900
#: serverguide/C/virtualization.xml:3974(para)
8901
msgid ""
8902
"Each <command>lxc.mount.entry</command> line should contain an item to mount "
8903
"in valid fstab format. The target directory should be prefixed by "
8904
"<filename>/var/lib/lxc/CN/rootfs</filename>, even if "
8905
"<command>lxc.rootfs</command> points to a block device."
8906
msgstr ""
8907
8908
#: serverguide/C/virtualization.xml:3981(para)
8909
msgid ""
8910
"Finally, <command>lxc.mount</command> points to a file, in fstab format, "
8911
"containing further items to mount. Note that all of these entries will be "
8912
"mounted by the host before the container init is started. In this way it is "
8913
"possible to bind mount various directories from the host into the container."
8914
msgstr ""
8915
8916
#: serverguide/C/virtualization.xml:3991(title)
8917
msgid "Other configuration options"
8918
msgstr ""
8919
8920
#: serverguide/C/virtualization.xml:3996(para)
8921
msgid ""
8922
"<command>lxc.cap.drop</command> can be used to prevent the container from "
8923
"having or ever obtaining the listed capabilities. For instance, including"
8924
msgstr ""
8925
8926
#: serverguide/C/virtualization.xml:4002(command)
8927
msgid "lxc.cap.drop = sys_admin"
8928
msgstr ""
8929
8930
#: serverguide/C/virtualization.xml:4007(para)
8931
msgid ""
8932
"will prevent the container from mounting filesystems, as well as all other "
8933
"actions which require cap_sys_admin. See the "
8934
"<command>capabilities(7)</command> manual page for a list of capabilities "
8935
"and their meanings."
8936
msgstr ""
8937
8938
#: serverguide/C/virtualization.xml:4014(para)
8939
msgid ""
8940
"<command>lxc.aa_profile = lxc-CN-profile</command> specifies a custom "
8941
"Apparmor profile in which to start the container. See <xref linkend=\"lxc-"
8942
"apparmor\"/> for more information."
8943
msgstr ""
8944
8945
#: serverguide/C/virtualization.xml:4020(para)
8946
msgid ""
8947
"<command>lxc.console=/path/to/consolefile</command> will cause console "
8948
"messages to be written to the specified file."
8949
msgstr ""
8950
8951
#: serverguide/C/virtualization.xml:4025(para)
8952
msgid ""
8953
"<command>lxc.arch</command> specifies the architecture for the container, "
8954
"for instance x86, or x86_64."
8955
msgstr ""
8956
8957
#: serverguide/C/virtualization.xml:4030(para)
8958
msgid ""
8959
"<command>lxc.tty=5</command> specifies that 5 consoles (in addition to "
8960
"<filename>/dev/console</filename>) should be created. That is, consoles will "
8961
"be available on <filename>/dev/tty1</filename> through "
8962
"<filename>/dev/tty5</filename>. The ubuntu templates set this value to 4."
8963
msgstr ""
8964
8965
#: serverguide/C/virtualization.xml:4038(para)
8966
msgid ""
8967
"<command>lxc.pts=1024</command> specifies that the container should have a "
8968
"private (Unix98) devpts filesystem mount. If this is not specified, then the "
8969
"container will share <filename>/dev/pts</filename> with the host, which is "
8970
"rarely desired. The number 1024 means that 1024 ptys should be allowed in "
8971
"the container, however this number is currently ignored. Before starting the "
8972
"container init, LXC will do (essentially) a"
8973
msgstr ""
8974
8975
#: serverguide/C/virtualization.xml:4048(command)
8976
msgid "sudo mount -t devpts -o newinstance devpts /dev/pts"
8977
msgstr ""
8978
8979
#: serverguide/C/virtualization.xml:4053(para)
8980
msgid ""
8981
"inside the container. It is important to realize that the container should "
8982
"not mount devpts filesystems of its own. It may safely do bind or move "
8983
"mounts of its mounted <filename>/dev/pts</filename>. But if it does"
8984
msgstr ""
8985
8986
#: serverguide/C/virtualization.xml:4060(command)
8987
msgid "sudo mount -t devpts devpts /dev/pts"
8988
msgstr ""
8989
8990
#: serverguide/C/virtualization.xml:4065(para)
8991
msgid ""
8992
"it will remount the host's devpts instance. If it adds the newinstance mount "
8993
"option, then it will mount a new private (empty) instance. In neither case "
8994
"will it remount the instance which was set up by LXC. For this reason, and "
8995
"to prevent the container from using the host's ptys, the default Apparmor "
8996
"policy will not allow containers to mount devpts filesystems after the "
8997
"container's init has been started."
8998
msgstr ""
8999
9000
#: serverguide/C/virtualization.xml:4076(para)
9001
msgid ""
9002
"<command>lxc.devttydir</command> specifies a directory under "
9003
"<filename>/dev</filename> in which LXC will create its console devices. If "
9004
"this option is not specified, then the ptys will be bind-mounted over "
9005
"<filename>/dev/console</filename> and <filename>/dev/ttyN.</filename> "
9006
"However, rare package updates may try to blindly <emphasis>rm -f</emphasis> "
9007
"and then <emphasis>mknod</emphasis> those devices. They will fail (because "
9008
"the file has been bind-mounted), causing the package update to fail. When "
9009
"<command>lxc.devttydir</command> is set to LXC, for instance, then LXC will "
9010
"bind-mount the console ptys onto <filename>/dev/lxc/console</filename> and "
9011
"<filename>/dev/lxc/ttyN,</filename> and subsequently symbolically link them "
9012
"to <filename>/dev/console</filename> and <filename>/dev/ttyN.</filename> "
9013
"This allows the package updates to succeed, at the risk of making future "
9014
"gettys on those consoles fail until the next reboot. This problem will be "
9015
"ideally solved with device namespaces."
9016
msgstr ""
9017
9018
#: serverguide/C/virtualization.xml:4100(title)
9019
msgid "Updates in Ubuntu containers"
9020
msgstr ""
9021
9022
#: serverguide/C/virtualization.xml:4102(para)
9023
msgid ""
9024
"Because of some limitations which are placed on containers, package upgrades "
9025
"at times can fail. For instance, a package install or upgrade might fail if "
9026
"it is not allowed to create or open a block device. This often blocks all "
9027
"future upgrades until the issue is resolved. In some cases, you can work "
9028
"around this by chrooting into the container, to avoid the container "
9029
"restrictions, and completing the upgrade in the chroot."
9030
msgstr ""
9031
9032
#: serverguide/C/virtualization.xml:4111(para)
9033
msgid ""
9034
"Some of the specific things known to occasionally impede package upgrades "
9035
"include:"
9036
msgstr ""
9037
9038
#: serverguide/C/virtualization.xml:4117(para)
9039
msgid ""
9040
"The container modifications performed when creating containers with the --"
9041
"trim option."
9042
msgstr ""
9043
9044
#: serverguide/C/virtualization.xml:4121(para)
9045
msgid ""
9046
"Actions performed by lxcguest. For instance, because "
9047
"<filename>/lib/init/fstab</filename> is bind-mounted from another file, "
9048
"mountall upgrades which insist on replacing that file can fail."
9049
msgstr ""
9050
9051
#: serverguide/C/virtualization.xml:4126(para)
9052
msgid ""
9053
"The over-mounting of console devices with ptys from the host can cause "
9054
"trouble with udev upgrades."
9055
msgstr ""
9056
9057
#: serverguide/C/virtualization.xml:4130(para)
9058
msgid ""
9059
"Apparmor policy and devices cgroup restrictions can prevent package upgrades "
9060
"from performing certain actions."
9061
msgstr ""
9062
9063
#: serverguide/C/virtualization.xml:4134(para)
9064
msgid ""
9065
"Capabilities dropped by use of <command>lxc.cap.drop</command> can likewise "
9066
"stop package upgrades from performing certain actions."
9067
msgstr ""
9068
9069
#: serverguide/C/virtualization.xml:4142(title)
9070
msgid "Libvirt LXC"
9071
msgstr ""
9072
9073
#: serverguide/C/virtualization.xml:4144(para)
9074
msgid ""
9075
"Libvirt is a powerful hypervisor management solution with which you can "
9076
"administer Qemu, Xen and LXC virtual machines, both locally and remote. The "
9077
"libvirt LXC driver is a separate implementation from what we normally call "
9078
"<emphasis>LXC</emphasis>. A few differences include:"
9079
msgstr ""
9080
9081
#: serverguide/C/virtualization.xml:4152(para)
9082
msgid "Configuration is stored in xml format"
9083
msgstr ""
9084
9085
#: serverguide/C/virtualization.xml:4155(para)
9086
msgid "There no tools to facilitate container creation"
9087
msgstr ""
9088
9089
#: serverguide/C/virtualization.xml:4158(para)
9090
msgid "By default there is no console on <filename>/dev/console</filename>"
9091
msgstr ""
9092
9093
#: serverguide/C/virtualization.xml:4161(para)
9094
msgid "There is no support (yet) for container reboot or full shutdown"
9095
msgstr ""
9096
9097
#: serverguide/C/virtualization.xml:4179(title)
9098
msgid "Converting a LXC container to libvirt-lxc"
9099
msgstr ""
9100
9101
#: serverguide/C/virtualization.xml:4181(para)
9102
msgid ""
9103
"<xref linkend=\"lxc-creation\"/> showed how to create LXC containers. If "
9104
"you've created a valid LXC container in this way, you can manage it with "
9105
"libvirt. Fetch a sample xml file from"
9106
msgstr ""
9107
9108
#: serverguide/C/virtualization.xml:4189(command) serverguide/C/virtualization.xml:4242(command)
9109
msgid "wget http://people.canonical.com/~serge/o1.xml"
9110
msgstr ""
9111
9112
#: serverguide/C/virtualization.xml:4194(para)
9113
msgid ""
9114
"Edit this file to replace the container name and root filesystem locations. "
9115
"Then you can define the container with:"
9116
msgstr ""
9117
9118
#: serverguide/C/virtualization.xml:4200(command)
9119
msgid "virsh -c lxc:/// define o1.xml"
9120
msgstr ""
9121
9122
#: serverguide/C/virtualization.xml:4207(title)
9123
msgid "Creating a container from cloud image"
9124
msgstr ""
9125
9126
#: serverguide/C/virtualization.xml:4209(para)
9127
msgid ""
9128
"If you prefer to create a pristine new container just for LXC, you can "
9129
"download an ubuntu cloud image, extract it, and point a libvirt LXC xml file "
9130
"to it. For instance, find the url for a root tarball for the latest daily "
9131
"Ubuntu 12.04 LTS cloud image using"
9132
msgstr ""
9133
9134
#: serverguide/C/virtualization.xml:4217(command)
9135
msgid ""
9136
"url1=`ubuntu-cloudimg-query precise daily $arch --format \"%{url}\\n\"` "
9137
"url=`echo $url1 | sed -e 's/.tar.gz/-root\\0/'` wget $url filename=`basename "
9138
"$url`"
9139
msgstr ""
9140
9141
#: serverguide/C/virtualization.xml:4225(para)
9142
msgid "Extract the downloaded tarball, for instance"
9143
msgstr ""
9144
9145
#: serverguide/C/virtualization.xml:4230(command)
9146
msgid "mkdir $HOME/c1 cd $HOME/c1 sudo tar zxf $filename"
9147
msgstr ""
9148
9149
#: serverguide/C/virtualization.xml:4237(para)
9150
msgid "Download the xml template"
9151
msgstr ""
9152
9153
#: serverguide/C/virtualization.xml:4247(para)
9154
msgid ""
9155
"In the xml template, replace the name o1 with c1 and the source directory "
9156
"<filename>/var/lib/lxc/o1/rootfs</filename> with "
9157
"<filename>$HOME/c1</filename>. Then define the container using"
9158
msgstr ""
9159
9160
#: serverguide/C/virtualization.xml:4254(command)
9161
msgid "virsh define o1.xml"
9162
msgstr ""
9163
9164
#: serverguide/C/virtualization.xml:4262(title)
9165
msgid "Interacting with libvirt containers"
9166
msgstr ""
9167
9168
#: serverguide/C/virtualization.xml:4264(para)
9169
msgid "As we've seen, you can create a libvirt-lxc container using"
9170
msgstr ""
9171
9172
#: serverguide/C/virtualization.xml:4269(command)
9173
msgid "virsh -c lxc:/// define container.xml"
9174
msgstr ""
9175
9176
#: serverguide/C/virtualization.xml:4274(para)
9177
msgid "To start a container called <emphasis>container</emphasis>, use"
9178
msgstr ""
9179
9180
#: serverguide/C/virtualization.xml:4279(command)
9181
msgid "virsh -c lxc:/// start container"
9182
msgstr ""
9183
9184
#: serverguide/C/virtualization.xml:4284(para)
9185
msgid "To stop a running container, use"
9186
msgstr ""
9187
9188
#: serverguide/C/virtualization.xml:4289(command)
9189
msgid "virsh -c lxc:/// destroy container"
9190
msgstr ""
9191
9192
#: serverguide/C/virtualization.xml:4294(para)
9193
msgid ""
9194
"Note that whereas the <command>lxc-destroy</command> command deletes the "
9195
"container, the <command>virsh destroy</command> command stops a running "
9196
"container. To delete the container definition, use"
9197
msgstr ""
9198
9199
#: serverguide/C/virtualization.xml:4301(command)
9200
msgid "virsh -c lxc:/// undefine container"
9201
msgstr ""
9202
9203
#: serverguide/C/virtualization.xml:4306(para)
9204
msgid "To get a console to a running container, use"
9205
msgstr ""
9206
9207
#: serverguide/C/virtualization.xml:4311(command)
9208
msgid "virsh -c lxc:/// console container"
9209
msgstr ""
9210
9211
#: serverguide/C/virtualization.xml:4316(para)
9212
msgid "Exit the console by simultaneously pressing control and ]."
9213
msgstr ""
9214
9215
#: serverguide/C/virtualization.xml:4325(title)
9216
msgid "The lxcguest package"
9217
msgstr ""
9218
9219
#: serverguide/C/virtualization.xml:4327(para)
9220
msgid ""
9221
"In the 11.04 (Natty) and 11.10 (Oneiric) releases of Ubuntu, a package was "
9222
"introduced called <emphasis role=\"italic\">lxcguest</emphasis>. An "
9223
"unmodified root image could not be safely booted inside a container, but an "
9224
"image with the lxcguest package installed could be booted as a container, on "
9225
"bare hardware, or in a Xen, kvm, or VMware virtual machine."
9226
msgstr ""
9227
9228
#: serverguide/C/virtualization.xml:4335(para)
9229
msgid ""
9230
"As of the 12.04 LTS release, the work previously done by the lxcguest "
9231
"package was pushed into the core packages, and the lxcguest package was "
9232
"removed. As a result, an unmodified 12.04 LTS image can be booted as a "
9233
"container, on bare hardware, or in a Xen, kvm, or VMware virtual machine. To "
9234
"use an older release, the lxcguest package should still be used."
9235
msgstr ""
9236
9237
#: serverguide/C/virtualization.xml:4346(title) serverguide/C/security.xml:13(title)
9238
msgid "Security"
9239
msgstr ""
9240
9241
#: serverguide/C/virtualization.xml:4348(para)
9242
msgid ""
9243
"A namespace maps ids to resources. By not providing a container any id with "
9244
"which to reference a resource, the resource can be protected. This is the "
9245
"basis of some of the security afforded to container users. For instance, IPC "
9246
"namespaces are completely isolated. Other namespaces, however, have various "
9247
"<emphasis role=\"italic\">leaks</emphasis> which allow privilege to be "
9248
"inappropriately exerted from a container into another container or to the "
9249
"host."
9250
msgstr ""
9251
9252
#: serverguide/C/virtualization.xml:4358(para)
9253
msgid ""
9254
"By default, LXC containers are started under a Apparmor policy to restrict "
9255
"some actions. However, while stronger security is a goal for future "
9256
"releases, in 12.04 LTS the goal of the Apparmor policy is not to stop "
9257
"malicious actions but rather to stop accidental harm of the host by the "
9258
"guest."
9259
msgstr ""
9260
9261
#: serverguide/C/virtualization.xml:4366(para)
9262
msgid ""
9263
"See the <ulink url=\"http://wiki.ubuntu.com/LxcSecurity\">LXC "
9264
"security</ulink> wiki page for more, uptodate information."
9265
msgstr ""
9266
9267
#: serverguide/C/virtualization.xml:4372(title)
9268
msgid "Exploitable system calls"
9269
msgstr ""
9270
9271
#: serverguide/C/virtualization.xml:4374(para)
9272
msgid ""
9273
"It is a core container feature that containers share a kernel with the host. "
9274
"Therefore, if the kernel contains any exploitable system calls, the "
9275
"container can exploit these as well. Once the container controls the kernel "
9276
"it can fully control any resource known to the host."
9277
msgstr ""
9278
9279
#: serverguide/C/virtualization.xml:4389(para)
9280
msgid ""
9281
"The DeveloperWorks article <ulink "
9282
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
9283
"containers/\">LXC: Linux container tools</ulink> was an early introduction "
9284
"to the use of containers."
9285
msgstr ""
9286
9287
#: serverguide/C/virtualization.xml:4395(para)
9288
msgid ""
9289
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
9290
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
9291
"use of security modules to make containers more secure."
9292
msgstr ""
9293
9294
#: serverguide/C/virtualization.xml:4404(ulink)
9295
msgid "capabilities"
9296
msgstr ""
9297
9298
#: serverguide/C/virtualization.xml:4405(ulink)
9299
msgid "lxc.conf"
9300
msgstr ""
9301
9302
#: serverguide/C/virtualization.xml:4401(para)
9303
msgid "Manual pages referenced above can be found at: <placeholder-1/>"
9304
msgstr ""
9305
9306
#: serverguide/C/virtualization.xml:4411(para)
9307
msgid ""
9308
"The upstream LXC project is hosted at <ulink "
9309
"url=\"http://lxc.sf.net\">Sourceforge</ulink>."
9310
msgstr ""
9311
9312
#: serverguide/C/virtualization.xml:4417(para)
9313
msgid ""
9314
"LXC security issues are listed and discussed at <ulink "
9315
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
9316
msgstr ""
9317
9318
#: serverguide/C/virtualization.xml:4423(para)
9319
msgid ""
9320
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
9321
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
9322
"Mainstream Linux. SIGOPS Op- erating Systems Review, 42(5), 2008."
6675
9323
msgstr ""
6676
9324
6677
9325
#: serverguide/C/vcs.xml:13(title)
6787
9435
msgid "sudo apt-get install subversion libapache2-svn"
6788
9436
msgstr ""
6789
9437
9438
#: serverguide/C/vcs.xml:107(title)
9439
msgid "Server Configuration"
9440
msgstr ""
9441
6790
9442
#: serverguide/C/vcs.xml:108(para)
6791
9443
msgid ""
6792
9444
"This step assumes you have installed above mentioned packages on your "
7001
9653
msgstr ""
7002
9654
7003
9655
#: serverguide/C/vcs.xml:264(command)
7004
msgid "sudo htpasswd /etc/subversion/password user_name"
9656
msgid "sudo htpasswd /etc/subversion/passwd user_name"
7005
9657
msgstr ""
7006
9658
7007
9659
#: serverguide/C/vcs.xml:268(para)
7222
9874
" wait = no\n"
7223
9875
" type = UNLISTED\n"
7224
9876
" server = /usr/bin/cvs\n"
7225
" server_args = -f --allow-root /var/lib/cvs pserver\n"
9877
" server_args = -f --allow-root /srv/cvs pserver\n"
7226
9878
" disable = no\n"
7227
9879
"}\n"
7228
9880
msgstr ""
7230
9882
#: serverguide/C/vcs.xml:455(para)
7231
9883
msgid ""
7232
9884
"Be sure to edit the repository if you have changed the default repository "
7233
"(<application>/var/lib/cvs</application>) directory."
9885
"(<application>/srv/cvs</application>) directory."
7234
9886
msgstr ""
7235
9887
7236
9888
#: serverguide/C/vcs.xml:424(para)
7237
9889
msgid ""
7238
9890
"Once you install cvs, the repository will be automatically initialized. By "
7239
9891
"default, the repository resides under the "
7240
"<application>/var/lib/cvs</application> directory. You can change this path "
7241
"by running following command: <screen>\n"
9892
"<application>/srv/cvs</application> directory. You can change this path by "
9893
"running following command: <screen>\n"
7242
9894
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7243
9895
"</screen> Once the initial repository is set up, you can configure "
7244
9896
"<application>xinetd</application> to start the CVS server. You can copy the "
7260
9912
msgid "sudo netstat -tap | grep cvs"
7261
9913
msgstr ""
7262
9914
7263
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
9915
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:67(para)
7264
9916
msgid ""
7265
9917
"When you run this command, you should see the following line or something "
7266
9918
"similar:"
7291
9943
msgid "Add Projects"
7292
9944
msgstr ""
7293
9945
7294
#: serverguide/C/vcs.xml:515(para)
9946
#: serverguide/C/vcs.xml:516(para)
7295
9947
msgid ""
7296
9948
"You can use the CVSROOT environment variable to store the CVS root "
7297
9949
"directory. Once you export the CVSROOT environment variable, you can avoid "
7298
9950
"using -d option in the above cvs command."
7299
9951
msgstr ""
7300
9952
7301
#: serverguide/C/vcs.xml:527(para)
9953
#: serverguide/C/vcs.xml:528(para)
7302
9954
msgid ""
7303
9955
"When you add a new project, the CVS user you use must have write access to "
7304
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7305
"the <application>src</application> group has write access to the CVS "
7306
"repository. So, you can add the user to this group, and he can then add and "
7307
"manage projects in the CVS repository."
9956
"the CVS repository (<application>/srv/cvs</application>). By default, the "
9957
"<application>src</application> group has write access to the CVS repository. "
9958
"So, you can add the user to this group, and he can then add and manage "
9959
"projects in the CVS repository."
7308
9960
msgstr ""
7309
9961
7310
9962
#: serverguide/C/vcs.xml:504(para)
7314
9966
"Now, run the following command to add this project to CVS repository: "
7315
9967
"<screen>\n"
7316
9968
"<command>cd your/project</command>\n"
7317
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
9969
"<command>cvs -d :pserver:username@hostname.com:/srv/cvs import -m \\\n"
7318
9970
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7319
9971
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7320
9972
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7322
9974
"<placeholder-2/>"
7323
9975
msgstr ""
7324
9976
7325
#: serverguide/C/vcs.xml:540(ulink)
9977
#: serverguide/C/vcs.xml:541(ulink)
7326
9978
msgid "Bazaar Home Page"
7327
9979
msgstr ""
7328
9980
7329
#: serverguide/C/vcs.xml:541(ulink)
9981
#: serverguide/C/vcs.xml:542(ulink)
7330
9982
msgid "Launchpad"
7331
9983
msgstr ""
7332
9984
7333
#: serverguide/C/vcs.xml:542(ulink)
9985
#: serverguide/C/vcs.xml:543(ulink)
7334
9986
msgid "Subversion Home Page"
7335
9987
msgstr ""
7336
9988
7337
#: serverguide/C/vcs.xml:543(ulink)
9989
#: serverguide/C/vcs.xml:544(ulink)
7338
9990
msgid "Subversion Book"
7339
9991
msgstr ""
7340
9992
7341
#: serverguide/C/vcs.xml:545(ulink)
9993
#: serverguide/C/vcs.xml:546(ulink)
7342
9994
msgid "CVS Manual"
7343
9995
msgstr ""
7344
9996
7345
#: serverguide/C/vcs.xml:546(ulink)
9997
#: serverguide/C/vcs.xml:547(ulink)
7346
9998
msgid "Easy Bazaar Ubuntu Wiki page"
7347
9999
msgstr ""
7348
10000
7349
#: serverguide/C/vcs.xml:547(ulink)
10001
#: serverguide/C/vcs.xml:548(ulink)
7350
10002
msgid "Ubuntu Wiki Subversion page"
7351
10003
msgstr ""
7352
10004
7353
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
10005
#: serverguide/C/serverguide.xml:14(title)
10006
msgid "Ubuntu Server Guide"
10007
msgstr "Guía del Sirvidor Ubuntu"
10008
10009
#: serverguide/C/serverguide.xml:3(title)
7354
10010
msgid "Credits and License"
7355
10011
msgstr ""
7356
10012
7357
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
10013
#: serverguide/C/serverguide.xml:4(para)
7358
10014
msgid ""
7359
10015
"This document is maintained by the Ubuntu documentation team "
7360
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7361
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
10016
"(https://wiki.ubuntu.com/DocumentationTeam). A list of contributors is below."
7362
10017
msgstr ""
7363
10018
7364
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
10019
#: serverguide/C/serverguide.xml:5(para)
7365
10020
msgid ""
7366
"This document is made available under the Creative Commons ShareAlike 2.5 "
10021
"This document is made available under the Creative Commons ShareAlike 3.0 "
7367
10022
"License (CC-BY-SA)."
7368
10023
msgstr ""
7369
10024
7370
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
10025
#: serverguide/C/serverguide.xml:6(para)
7371
10026
msgid ""
7372
10027
"You are free to modify, extend, and improve the Ubuntu documentation source "
7373
10028
"code under the terms of this license. All derivative works must be released "
7374
10029
"under this license."
7375
10030
msgstr ""
7376
10031
7377
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
10032
#: serverguide/C/serverguide.xml:8(para)
7378
10033
msgid ""
7379
10034
"This documentation is distributed in the hope that it will be useful, but "
7380
10035
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7381
10036
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7382
10037
msgstr ""
7383
10038
7384
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7385
msgid ""
7386
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7387
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7388
msgstr ""
7389
7390
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7391
msgid "2010"
7392
msgstr ""
7393
7394
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7395
msgid "Ubuntu Documentation Project"
7396
msgstr ""
7397
7398
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7399
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7400
msgstr ""
7401
7402
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
10039
#: serverguide/C/serverguide.xml:11(para)
10040
msgid ""
10041
"A copy of the license is available here: <ulink "
10042
"url=\"http://creativecommons.org/licenses/by-sa/3.0/\">Creative Commons "
10043
"ShareAlike License</ulink>."
10044
msgstr ""
10045
10046
#: serverguide/C/serverguide.xml:14(para)
10047
msgid ""
10048
"Members of the <ulink url=\"https://launchpad.net/~ubuntu-core-doc\">Ubuntu "
10049
"Documentation Project</ulink>"
10050
msgstr ""
10051
10052
#: serverguide/C/serverguide.xml:15(para)
10053
msgid ""
10054
"Members of the <ulink url=\"https://launchpad.net/~ubuntu-server\">Ubuntu "
10055
"Server Team</ulink>"
10056
msgstr ""
10057
10058
#: serverguide/C/serverguide.xml:16(para)
10059
msgid ""
10060
"Contributors to the <ulink url=\"https://help.ubuntu.com/community/\">Ubuntu "
10061
"Documentation Wiki</ulink>"
10062
msgstr ""
10063
10064
#: serverguide/C/serverguide.xml:17(para)
10065
msgid ""
10066
"Other contributors can be found in the revision history of the <ulink "
10067
"url=\"https://code.launchpad.net/serverguide\">serverguide</ulink> and "
10068
"<ulink url=\"https://code.launchpad.net/ubuntu-docs\">ubuntu-docs</ulink> "
10069
"bzr branches available on Launchpad."
10070
msgstr ""
10071
10072
#: serverguide/C/serverguide.xml:12(para)
10073
msgid "Contributors to this document are: <placeholder-1/>"
10074
msgstr ""
10075
10076
#: serverguide/C/serverguide.xml:22(year)
10077
msgid "2012"
10078
msgstr ""
10079
10080
#: serverguide/C/serverguide.xml:23(holder)
10081
msgid "Contributors to the document"
10082
msgstr ""
10083
10084
#: serverguide/C/serverguide.xml:26(publishername)
7403
10085
msgid "The Ubuntu Documentation Project"
7404
10086
msgstr ""
7405
10087
7411
10093
"guide for configuring and customizing your system."
7412
10094
msgstr ""
7413
10095
7414
#: serverguide/C/security.xml:13(title)
7415
msgid "Security"
7416
msgstr ""
7417
7418
10096
#: serverguide/C/security.xml:14(para)
7419
10097
msgid ""
7420
10098
"Security should always be considered when installing, deploying, and using "
7427
10105
#: serverguide/C/security.xml:17(para)
7428
10106
msgid ""
7429
10107
"This chapter provides an overview of security related topics as they pertain "
7430
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7431
"protect your server and network from any number of potential security "
10108
"to Ubuntu 12.04 LTS Server Edition, and outlines simple measures you may use "
10109
"to protect your server and network from any number of potential security "
7432
10110
"threats."
7433
10111
msgstr ""
7434
10112
7486
10164
"password for root as shown below:"
7487
10165
msgstr ""
7488
10166
10167
#: serverguide/C/security.xml:44(computeroutput)
10168
#, no-wrap
10169
msgid "[sudo] password for username:"
10170
msgstr ""
10171
7489
10172
#: serverguide/C/security.xml:44(userinput)
7490
10173
#, no-wrap
7491
10174
msgid "(enter your own password)"
7492
10175
msgstr ""
7493
10176
10177
#: serverguide/C/security.xml:45(computeroutput)
10178
#, no-wrap
10179
msgid "Enter new UNIX password:"
10180
msgstr ""
10181
7494
10182
#: serverguide/C/security.xml:45(userinput)
7495
10183
#, no-wrap
7496
10184
msgid "(enter a new password for root)"
7497
10185
msgstr ""
7498
10186
10187
#: serverguide/C/security.xml:46(computeroutput)
10188
#, no-wrap
10189
msgid "Retype new UNIX password:"
10190
msgstr ""
10191
7499
10192
#: serverguide/C/security.xml:46(userinput)
7500
10193
#, no-wrap
7501
10194
msgid "(repeat new password for root)"
7502
10195
msgstr ""
7503
10196
7504
#: serverguide/C/security.xml:44(computeroutput)
10197
#: serverguide/C/security.xml:47(computeroutput)
7505
10198
#, no-wrap
7506
msgid ""
7507
"[sudo] password for username: <placeholder-1/>\n"
7508
"Enter new UNIX password: <placeholder-2/>\n"
7509
"Retype new UNIX password: <placeholder-3/>\n"
7510
"passwd: password updated successfully"
10199
msgid "passwd: password updated successfully"
7511
10200
msgstr ""
7512
10201
7513
10202
#: serverguide/C/security.xml:51(para)
7778
10467
"min=8\n"
7779
10468
msgstr ""
7780
10469
7781
#: serverguide/C/security.xml:215(title)
10470
#: serverguide/C/security.xml:214(para)
10471
msgid ""
10472
"Basic password entropy checks and minimum length rules do not apply to the "
10473
"administrator using sudo level commands to setup a new user."
10474
msgstr ""
10475
10476
#: serverguide/C/security.xml:220(title)
7782
10477
msgid "Password Expiration"
7783
10478
msgstr ""
7784
10479
7785
#: serverguide/C/security.xml:216(para)
10480
#: serverguide/C/security.xml:221(para)
7786
10481
msgid ""
7787
10482
"When creating user accounts, you should make it a policy to have a minimum "
7788
10483
"and maximum password age forcing users to change their passwords when they "
7789
10484
"expire."
7790
10485
msgstr ""
7791
10486
7792
#: serverguide/C/security.xml:221(para)
10487
#: serverguide/C/security.xml:226(para)
7793
10488
msgid ""
7794
10489
"To easily view the current status of a user account, use the following "
7795
10490
"syntax:"
7796
10491
msgstr ""
7797
10492
7798
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
10493
#: serverguide/C/security.xml:230(command) serverguide/C/security.xml:263(command)
7799
10494
msgid "sudo chage -l username"
7800
10495
msgstr ""
7801
10496
7802
#: serverguide/C/security.xml:227(para)
10497
#: serverguide/C/security.xml:232(para)
7803
10498
msgid ""
7804
10499
"The output below shows interesting facts about the user account, namely that "
7805
10500
"there are no policies applied:"
7806
10501
msgstr ""
7807
10502
7808
#: serverguide/C/security.xml:230(computeroutput)
10503
#: serverguide/C/security.xml:235(computeroutput)
7809
10504
#, no-wrap
7810
10505
msgid ""
7811
10506
"Last password change : Jan 20, 2008\n"
7817
10512
"Number of days of warning before password expires : 7"
7818
10513
msgstr ""
7819
10514
7820
#: serverguide/C/security.xml:240(para)
10515
#: serverguide/C/security.xml:245(para)
7821
10516
msgid ""
7822
10517
"To set any of these values, simply use the following syntax, and follow the "
7823
10518
"interactive prompts:"
7824
10519
msgstr ""
7825
10520
7826
#: serverguide/C/security.xml:244(command)
10521
#: serverguide/C/security.xml:249(command)
7827
10522
msgid "sudo chage username"
7828
10523
msgstr ""
7829
10524
7830
#: serverguide/C/security.xml:246(para)
10525
#: serverguide/C/security.xml:251(para)
7831
10526
msgid ""
7832
10527
"The following is also an example of how you can manually change the explicit "
7833
10528
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7836
10531
"password expiration."
7837
10532
msgstr ""
7838
10533
7839
#: serverguide/C/security.xml:250(command)
10534
#: serverguide/C/security.xml:255(command)
7840
10535
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
7841
10536
msgstr ""
7842
10537
7843
#: serverguide/C/security.xml:254(para)
10538
#: serverguide/C/security.xml:259(para)
7844
10539
msgid "To verify changes, use the same syntax as mentioned previously:"
7845
10540
msgstr ""
7846
10541
7847
#: serverguide/C/security.xml:260(para)
10542
#: serverguide/C/security.xml:265(para)
7848
10543
msgid ""
7849
10544
"The output below shows the new policies that have been established for the "
7850
10545
"account:"
7851
10546
msgstr ""
7852
10547
7853
#: serverguide/C/security.xml:263(computeroutput)
10548
#: serverguide/C/security.xml:268(computeroutput)
7854
10549
#, no-wrap
7855
10550
msgid ""
7856
10551
"Last password change : Jan 20, 2008\n"
7862
10557
"Number of days of warning before password expires : 14"
7863
10558
msgstr ""
7864
10559
7865
#: serverguide/C/security.xml:279(title)
10560
#: serverguide/C/security.xml:284(title)
7866
10561
msgid "Other Security Considerations"
7867
10562
msgstr ""
7868
10563
7869
#: serverguide/C/security.xml:280(para)
10564
#: serverguide/C/security.xml:285(para)
7870
10565
msgid ""
7871
10566
"Many applications use alternate authentication mechanisms that can be easily "
7872
10567
"overlooked by even experienced system administrators. Therefore, it is "
7874
10569
"to services and applications on your server."
7875
10570
msgstr ""
7876
10571
7877
#: serverguide/C/security.xml:285(title)
10572
#: serverguide/C/security.xml:290(title)
7878
10573
msgid "SSH Access by Disabled Users"
7879
10574
msgstr ""
7880
10575
7881
#: serverguide/C/security.xml:286(para)
10576
#: serverguide/C/security.xml:291(para)
7882
10577
msgid ""
7883
10578
"Simply disabling/locking a user account will not prevent a user from logging "
7884
10579
"into your server remotely if they have previously set up RSA public key "
7888
10583
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7889
10584
msgstr ""
7890
10585
7891
#: serverguide/C/security.xml:289(para)
10586
#: serverguide/C/security.xml:294(para)
7892
10587
msgid ""
7893
10588
"Remove or rename the directory <filename "
7894
10589
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7895
10590
"further SSH authentication capabilities."
7896
10591
msgstr ""
7897
10592
7898
#: serverguide/C/security.xml:292(para)
10593
#: serverguide/C/security.xml:297(para)
7899
10594
msgid ""
7900
10595
"Be sure to check for any established SSH connections by the disabled user, "
7901
10596
"as it is possible they may have existing inbound or outbound connections. "
7902
10597
"Kill any that are found."
7903
10598
msgstr ""
7904
10599
7905
#: serverguide/C/security.xml:295(para)
10600
#: serverguide/C/security.xml:300(para)
7906
10601
msgid ""
7907
10602
"Restrict SSH access to only user accounts that should have it. For example, "
7908
10603
"you may create a group called \"sshlogin\" and add the group name as the "
7910
10605
"the file <filename>/etc/ssh/sshd_config</filename>."
7911
10606
msgstr ""
7912
10607
7913
#: serverguide/C/security.xml:298(programlisting)
10608
#: serverguide/C/security.xml:303(programlisting)
7914
10609
#, no-wrap
7915
10610
msgid ""
7916
10611
"\n"
7917
10612
"AllowGroups sshlogin\n"
7918
10613
msgstr ""
7919
10614
7920
#: serverguide/C/security.xml:301(para)
10615
#: serverguide/C/security.xml:306(para)
7921
10616
msgid ""
7922
10617
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7923
10618
"SSH service."
7924
10619
msgstr ""
7925
10620
7926
#: serverguide/C/security.xml:305(command)
10621
#: serverguide/C/security.xml:310(command)
7927
10622
msgid "sudo adduser username sshlogin"
7928
10623
msgstr ""
7929
10624
7930
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
7931
msgid "sudo /etc/init.d/ssh restart"
10625
#: serverguide/C/security.xml:311(command)
10626
msgid "sudo service ssh restart"
7932
10627
msgstr ""
7933
10628
7934
#: serverguide/C/security.xml:310(title)
10629
#: serverguide/C/security.xml:315(title)
7935
10630
msgid "External User Database Authentication"
7936
10631
msgstr ""
7937
10632
7938
#: serverguide/C/security.xml:311(para)
10633
#: serverguide/C/security.xml:316(para)
7939
10634
msgid ""
7940
10635
"Most enterprise networks require centralized authentication and access "
7941
10636
"controls for all system resources. If you have configured your server to "
7944
10639
"fallback authentication is not possible."
7945
10640
msgstr ""
7946
10641
7947
#: serverguide/C/security.xml:320(title)
10642
#: serverguide/C/security.xml:325(title)
7948
10643
msgid "Console Security"
7949
10644
msgstr ""
7950
10645
7951
#: serverguide/C/security.xml:321(para)
10646
#: serverguide/C/security.xml:326(para)
7952
10647
msgid ""
7953
10648
"As with any other security barrier you put in place to protect your server, "
7954
10649
"it is pretty tough to defend against untold damage caused by someone with "
7955
10650
"physical access to your environment, for example, theft of hard drives, "
7956
"power or service disruption and so on. Therefore, console security should be "
7957
"addressed merely as one component of your overall physical security "
10651
"power or service disruption, and so on. Therefore, console security should "
10652
"be addressed merely as one component of your overall physical security "
7958
10653
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7959
10654
"very least slow down a determined one, so it is still advisable to perform "
7960
10655
"basic precautions with regard to console security."
7961
10656
msgstr ""
7962
10657
7963
#: serverguide/C/security.xml:324(para)
10658
#: serverguide/C/security.xml:329(para)
7964
10659
msgid ""
7965
10660
"The following instructions will help defend your server against issues that "
7966
10661
"could otherwise yield very serious consequences."
7967
10662
msgstr ""
7968
10663
7969
#: serverguide/C/security.xml:329(title)
10664
#: serverguide/C/security.xml:334(title)
7970
10665
msgid "Disable Ctrl+Alt+Delete"
7971
10666
msgstr ""
7972
10667
7973
#: serverguide/C/security.xml:330(para)
10668
#: serverguide/C/security.xml:335(para)
7974
10669
msgid ""
7975
10670
"First and foremost, anyone that has physical access to the keyboard can "
7976
10671
"simply use the "
7982
10677
"prevent accidental reboots at the same time."
7983
10678
msgstr ""
7984
10679
7985
#: serverguide/C/security.xml:335(para)
10680
#: serverguide/C/security.xml:340(para)
7986
10681
msgid ""
7987
10682
"To disable the reboot action taken by pressing the "
7988
10683
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7990
10685
"<filename>/etc/init/control-alt-delete.conf</filename>."
7991
10686
msgstr ""
7992
10687
7993
#: serverguide/C/security.xml:338(programlisting)
10688
#: serverguide/C/security.xml:343(programlisting)
7994
10689
#, no-wrap
7995
10690
msgid ""
7996
10691
"\n"
7997
10692
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7998
10693
msgstr ""
7999
10694
8000
#: serverguide/C/security.xml:347(title)
10695
#: serverguide/C/security.xml:352(title)
8001
10696
msgid "Firewall"
8002
10697
msgstr ""
8003
10698
8004
#: serverguide/C/security.xml:350(para)
10699
#: serverguide/C/security.xml:355(para)
8005
10700
msgid ""
8006
10701
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
8007
10702
"which is used to manipulate or decide the fate of network traffic headed "
8009
10704
"system for packet filtering."
8010
10705
msgstr ""
8011
10706
8012
#: serverguide/C/security.xml:355(para)
10707
#: serverguide/C/security.xml:360(para)
8013
10708
msgid ""
8014
10709
"The kernel's packet filtering system would be of little use to "
8015
10710
"administrators without a userspace interface to manage it. This is the "
8020
10715
"but many frontends are available to simplify the task."
8021
10716
msgstr ""
8022
10717
8023
#: serverguide/C/security.xml:365(title)
10718
#: serverguide/C/security.xml:370(title)
8024
10719
msgid "ufw - Uncomplicated Firewall"
8025
10720
msgstr ""
8026
10721
8027
#: serverguide/C/security.xml:366(para)
10722
#: serverguide/C/security.xml:371(para)
8028
10723
msgid ""
8029
10724
"The default firewall configuration tool for Ubuntu is "
8030
10725
"<application>ufw</application>. Developed to ease iptables firewall "
8032
10727
"to create an IPv4 or IPv6 host-based firewall."
8033
10728
msgstr ""
8034
10729
8035
#: serverguide/C/security.xml:370(para)
10730
#: serverguide/C/security.xml:375(para)
8036
10731
msgid ""
8037
10732
"<application>ufw</application> by default is initially disabled. From the "
8038
10733
"<application>ufw</application> man page:"
8039
10734
msgstr ""
8040
10735
8041
#: serverguide/C/security.xml:374(quote)
10736
#: serverguide/C/security.xml:379(quote)
8042
10737
msgid ""
8043
10738
"ufw is not intended to provide complete firewall functionality via its "
8044
10739
"command interface, but instead provides an easy way to add or remove simple "
8045
10740
"rules. It is currently mainly used for host-based firewalls."
8046
10741
msgstr ""
8047
10742
8048
#: serverguide/C/security.xml:378(para)
10743
#: serverguide/C/security.xml:383(para)
8049
10744
msgid ""
8050
10745
"The following are some examples of how to use <application>ufw</application>:"
8051
10746
msgstr ""
8052
10747
8053
#: serverguide/C/security.xml:383(para)
10748
#: serverguide/C/security.xml:388(para)
8054
10749
msgid ""
8055
10750
"First, <application>ufw</application> needs to be enabled. From a terminal "
8056
10751
"prompt enter:"
8057
10752
msgstr ""
8058
10753
8059
#: serverguide/C/security.xml:387(command)
10754
#: serverguide/C/security.xml:392(command)
8060
10755
msgid "sudo ufw enable"
8061
10756
msgstr ""
8062
10757
8063
#: serverguide/C/security.xml:391(para)
10758
#: serverguide/C/security.xml:396(para)
8064
10759
msgid "To open a port (ssh in this example):"
8065
10760
msgstr ""
8066
10761
8067
#: serverguide/C/security.xml:395(command)
10762
#: serverguide/C/security.xml:400(command)
8068
10763
msgid "sudo ufw allow 22"
8069
10764
msgstr ""
8070
10765
8071
#: serverguide/C/security.xml:399(para)
10766
#: serverguide/C/security.xml:404(para)
8072
10767
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
8073
10768
msgstr ""
8074
10769
8075
#: serverguide/C/security.xml:403(command)
10770
#: serverguide/C/security.xml:408(command)
8076
10771
msgid "sudo ufw insert 1 allow 80"
8077
10772
msgstr ""
8078
10773
8079
#: serverguide/C/security.xml:407(para)
10774
#: serverguide/C/security.xml:412(para)
8080
10775
msgid "Similarly, to close an opened port:"
8081
10776
msgstr ""
8082
10777
8083
#: serverguide/C/security.xml:411(command)
10778
#: serverguide/C/security.xml:416(command)
8084
10779
msgid "sudo ufw deny 22"
8085
10780
msgstr ""
8086
10781
8087
#: serverguide/C/security.xml:415(para)
10782
#: serverguide/C/security.xml:420(para)
8088
10783
msgid "To remove a rule, use delete followed by the rule:"
8089
10784
msgstr ""
8090
10785
8091
#: serverguide/C/security.xml:419(command)
10786
#: serverguide/C/security.xml:424(command)
8092
10787
msgid "sudo ufw delete deny 22"
8093
10788
msgstr ""
8094
10789
8095
#: serverguide/C/security.xml:423(para)
10790
#: serverguide/C/security.xml:428(para)
8096
10791
msgid ""
8097
10792
"It is also possible to allow access from specific hosts or networks to a "
8098
10793
"port. The following example allows ssh access from host 192.168.0.2 to any "
8099
10794
"ip address on this host:"
8100
10795
msgstr ""
8101
10796
8102
#: serverguide/C/security.xml:428(command)
10797
#: serverguide/C/security.xml:433(command)
8103
10798
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8104
10799
msgstr ""
8105
10800
8106
#: serverguide/C/security.xml:430(para)
10801
#: serverguide/C/security.xml:435(para)
8107
10802
msgid ""
8108
10803
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
8109
10804
"subnet."
8110
10805
msgstr ""
8111
10806
8112
#: serverguide/C/security.xml:436(para)
10807
#: serverguide/C/security.xml:441(para)
8113
10808
msgid ""
8114
10809
"Adding the <emphasis>--dry-run</emphasis> option to a "
8115
10810
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8117
10812
"the HTTP port:"
8118
10813
msgstr ""
8119
10814
8120
#: serverguide/C/security.xml:442(command)
10815
#: serverguide/C/security.xml:447(command)
8121
10816
msgid "sudo ufw --dry-run allow http"
8122
10817
msgstr ""
8123
10818
8124
#: serverguide/C/security.xml:446(computeroutput)
10819
#: serverguide/C/security.xml:451(computeroutput)
8125
10820
#, no-wrap
8126
10821
msgid ""
8127
10822
"*filter\n"
8147
10842
"Rules updated"
8148
10843
msgstr ""
8149
10844
8150
#: serverguide/C/security.xml:470(para)
10845
#: serverguide/C/security.xml:475(para)
8151
10846
msgid "<application>ufw</application> can be disabled by:"
8152
10847
msgstr ""
8153
10848
8154
#: serverguide/C/security.xml:474(command)
10849
#: serverguide/C/security.xml:479(command)
8155
10850
msgid "sudo ufw disable"
8156
10851
msgstr ""
8157
10852
8158
#: serverguide/C/security.xml:478(para)
10853
#: serverguide/C/security.xml:483(para)
8159
10854
msgid "To see the firewall status, enter:"
8160
10855
msgstr ""
8161
10856
8162
#: serverguide/C/security.xml:482(command)
10857
#: serverguide/C/security.xml:487(command)
8163
10858
msgid "sudo ufw status"
8164
10859
msgstr ""
8165
10860
8166
#: serverguide/C/security.xml:486(para)
10861
#: serverguide/C/security.xml:491(para)
8167
10862
msgid "And for more verbose status information use:"
8168
10863
msgstr ""
8169
10864
8170
#: serverguide/C/security.xml:490(command)
10865
#: serverguide/C/security.xml:495(command)
8171
10866
msgid "sudo ufw status verbose"
8172
10867
msgstr ""
8173
10868
8174
#: serverguide/C/security.xml:494(para)
10869
#: serverguide/C/security.xml:499(para)
8175
10870
msgid "To view the <emphasis>numbered</emphasis> format:"
8176
10871
msgstr ""
8177
10872
8178
#: serverguide/C/security.xml:498(command)
10873
#: serverguide/C/security.xml:503(command)
8179
10874
msgid "sudo ufw status numbered"
8180
10875
msgstr ""
8181
10876
8182
#: serverguide/C/security.xml:503(para)
10877
#: serverguide/C/security.xml:508(para)
8183
10878
msgid ""
8184
10879
"If the port you want to open or close is defined in "
8185
10880
"<filename>/etc/services</filename>, you can use the port name instead of the "
8187
10882
"<emphasis>ssh</emphasis>."
8188
10883
msgstr ""
8189
10884
8190
#: serverguide/C/security.xml:509(para)
10885
#: serverguide/C/security.xml:514(para)
8191
10886
msgid ""
8192
10887
"This is a quick introduction to using <application>ufw</application>. Please "
8193
10888
"refer to the <application>ufw</application> man page for more information."
8194
10889
msgstr ""
8195
10890
8196
#: serverguide/C/security.xml:515(title)
10891
#: serverguide/C/security.xml:520(title)
8197
10892
msgid "ufw Application Integration"
8198
10893
msgstr ""
8199
10894
8200
#: serverguide/C/security.xml:517(para)
10895
#: serverguide/C/security.xml:522(para)
8201
10896
msgid ""
8202
10897
"Applications that open ports can include an <application>ufw</application> "
8203
10898
"profile, which details the ports needed for the application to function "
8206
10901
"the default ports have been changed."
8207
10902
msgstr ""
8208
10903
8209
#: serverguide/C/security.xml:526(para)
10904
#: serverguide/C/security.xml:531(para)
8210
10905
msgid ""
8211
10906
"To view which applications have installed a profile, enter the following in "
8212
10907
"a terminal:"
8213
10908
msgstr ""
8214
10909
8215
#: serverguide/C/security.xml:531(command)
10910
#: serverguide/C/security.xml:536(command)
8216
10911
msgid "sudo ufw app list"
8217
10912
msgstr ""
8218
10913
8219
#: serverguide/C/security.xml:537(para)
10914
#: serverguide/C/security.xml:542(para)
8220
10915
msgid ""
8221
10916
"Similar to allowing traffic to a port, using an application profile is "
8222
10917
"accomplished by entering:"
8223
10918
msgstr ""
8224
10919
8225
#: serverguide/C/security.xml:542(command)
10920
#: serverguide/C/security.xml:547(command)
8226
10921
msgid "sudo ufw allow Samba"
8227
10922
msgstr ""
8228
10923
8229
#: serverguide/C/security.xml:548(para)
10924
#: serverguide/C/security.xml:553(para)
8230
10925
msgid "An extended syntax is available as well:"
8231
10926
msgstr ""
8232
10927
8233
#: serverguide/C/security.xml:553(command)
10928
#: serverguide/C/security.xml:558(command)
8234
10929
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8235
10930
msgstr ""
8236
10931
8237
#: serverguide/C/security.xml:556(para)
10932
#: serverguide/C/security.xml:561(para)
8238
10933
msgid ""
8239
10934
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8240
10935
"with the application profile you are using and the IP range for your network."
8241
10936
msgstr ""
8242
10937
8243
#: serverguide/C/security.xml:562(para)
10938
#: serverguide/C/security.xml:567(para)
8244
10939
msgid ""
8245
10940
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8246
10941
"application, because that information is detailed in the profile. Also, note "
8248
10943
"<emphasis>port</emphasis> number."
8249
10944
msgstr ""
8250
10945
8251
#: serverguide/C/security.xml:571(para)
10946
#: serverguide/C/security.xml:576(para)
8252
10947
msgid ""
8253
10948
"To view details about which ports, protocols, etc are defined for an "
8254
10949
"application, enter:"
8255
10950
msgstr ""
8256
10951
8257
#: serverguide/C/security.xml:576(command)
10952
#: serverguide/C/security.xml:581(command)
8258
10953
msgid "sudo ufw app info Samba"
8259
10954
msgstr ""
8260
10955
8261
#: serverguide/C/security.xml:582(para)
10956
#: serverguide/C/security.xml:587(para)
8262
10957
msgid ""
8263
10958
"Not all applications that require opening a network port come with "
8264
10959
"<application>ufw</application> profiles, but if you have profiled an "
8265
10960
"application and want the file to be included with the package, please file a "
8266
"bug against the package in <ulink "
8267
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8268
msgstr ""
8269
8270
#: serverguide/C/security.xml:591(title)
10961
"bug against the package in Launchpad."
10962
msgstr ""
10963
10964
#: serverguide/C/security.xml:593(command)
10965
msgid "ubuntu-bug nameofpackage"
10966
msgstr ""
10967
10968
#: serverguide/C/security.xml:599(title)
8271
10969
msgid "IP Masquerading"
8272
10970
msgstr ""
8273
10971
8274
#: serverguide/C/security.xml:592(para)
10972
#: serverguide/C/security.xml:600(para)
8275
10973
msgid ""
8276
10974
"The purpose of IP Masquerading is to allow machines with private, non-"
8277
10975
"routable IP addresses on your network to access the Internet through the "
8288
10986
"to in Microsoft documentation as Internet Connection Sharing."
8289
10987
msgstr ""
8290
10988
8291
#: serverguide/C/security.xml:608(title)
10989
#: serverguide/C/security.xml:616(title)
8292
10990
msgid "ufw Masquerading"
8293
10991
msgstr ""
8294
10992
8295
#: serverguide/C/security.xml:609(para)
10993
#: serverguide/C/security.xml:617(para)
8296
10994
msgid ""
8297
10995
"IP Masquerading can be achieved using custom <application>ufw</application> "
8298
10996
"rules. This is possible because the current back-end for "
8303
11001
"that are more network gateway or bridge related."
8304
11002
msgstr ""
8305
11003
8306
#: serverguide/C/security.xml:615(para)
11004
#: serverguide/C/security.xml:623(para)
8307
11005
msgid ""
8308
11006
"The rules are split into two different files, rules that should be executed "
8309
11007
"before <application>ufw</application> command line rules, and rules that are "
8310
11008
"executed after <application>ufw</application> command line rules."
8311
11009
msgstr ""
8312
11010
8313
#: serverguide/C/security.xml:621(para)
11011
#: serverguide/C/security.xml:629(para)
8314
11012
msgid ""
8315
11013
"First, packet forwarding needs to be enabled in "
8316
11014
"<application>ufw</application>. Two configuration files will need to be "
8318
11016
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8319
11017
msgstr ""
8320
11018
8321
#: serverguide/C/security.xml:625(programlisting)
11019
#: serverguide/C/security.xml:633(programlisting)
8322
11020
#, no-wrap
8323
11021
msgid ""
8324
11022
"\n"
8325
11023
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8326
11024
msgstr ""
8327
11025
8328
#: serverguide/C/security.xml:628(para)
11026
#: serverguide/C/security.xml:636(para)
8329
11027
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8330
11028
msgstr ""
8331
11029
8332
#: serverguide/C/security.xml:631(programlisting)
11030
#: serverguide/C/security.xml:639(programlisting)
8333
11031
#, no-wrap
8334
11032
msgid ""
8335
11033
"\n"
8336
11034
"net/ipv4/ip_forward=1\n"
8337
11035
msgstr ""
8338
11036
8339
#: serverguide/C/security.xml:634(para)
11037
#: serverguide/C/security.xml:642(para)
8340
11038
msgid "Similarly, for IPv6 forwarding uncomment:"
8341
11039
msgstr ""
8342
11040
8343
#: serverguide/C/security.xml:637(programlisting)
11041
#: serverguide/C/security.xml:645(programlisting)
8344
11042
#, no-wrap
8345
11043
msgid ""
8346
11044
"\n"
8347
11045
"net/ipv6/conf/default/forwarding=1\n"
8348
11046
msgstr ""
8349
11047
8350
#: serverguide/C/security.xml:642(para)
11048
#: serverguide/C/security.xml:650(para)
8351
11049
msgid ""
8352
11050
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8353
11051
"file. The default rules only configure the <emphasis>filter</emphasis> "
8356
11054
"the header comments:"
8357
11055
msgstr ""
8358
11056
8359
#: serverguide/C/security.xml:647(programlisting)
11057
#: serverguide/C/security.xml:655(programlisting)
8360
11058
#, no-wrap
8361
11059
msgid ""
8362
11060
"\n"
8372
11070
"COMMIT\n"
8373
11071
msgstr ""
8374
11072
8375
#: serverguide/C/security.xml:658(para)
11073
#: serverguide/C/security.xml:666(para)
8376
11074
msgid ""
8377
11075
"The comments are not strictly necessary, but it is considered good practice "
8378
11076
"to document your configuration. Also, when modifying any of the "
8381
11079
"line for each table modified:"
8382
11080
msgstr ""
8383
11081
8384
#: serverguide/C/security.xml:664(programlisting)
11082
#: serverguide/C/security.xml:672(programlisting)
8385
11083
#, no-wrap
8386
11084
msgid ""
8387
11085
"\n"
8389
11087
"COMMIT\n"
8390
11088
msgstr ""
8391
11089
8392
#: serverguide/C/security.xml:669(para)
11090
#: serverguide/C/security.xml:677(para)
8393
11091
msgid ""
8394
11092
"For each <emphasis>Table</emphasis> a corresponding "
8395
11093
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8398
11096
"<emphasis>mangle</emphasis> tables."
8399
11097
msgstr ""
8400
11098
8401
#: serverguide/C/security.xml:676(para)
11099
#: serverguide/C/security.xml:684(para)
8402
11100
msgid ""
8403
11101
"In the above example replace <emphasis>eth0</emphasis>, "
8404
11102
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8405
11103
"appropriate interfaces and IP range for your network."
8406
11104
msgstr ""
8407
11105
8408
#: serverguide/C/security.xml:684(para)
11106
#: serverguide/C/security.xml:692(para)
8409
11107
msgid ""
8410
11108
"Finally, disable and re-enable <application>ufw</application> to apply the "
8411
11109
"changes:"
8412
11110
msgstr ""
8413
11111
8414
#: serverguide/C/security.xml:688(command)
11112
#: serverguide/C/security.xml:696(command)
8415
11113
msgid "sudo ufw disable && sudo ufw enable"
8416
11114
msgstr ""
8417
11115
8418
#: serverguide/C/security.xml:692(para)
11116
#: serverguide/C/security.xml:700(para)
8419
11117
msgid ""
8420
11118
"IP Masquerading should now be enabled. You can also add any additional "
8421
11119
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8423
11121
"forward</emphasis> chain."
8424
11122
msgstr ""
8425
11123
8426
#: serverguide/C/security.xml:699(title)
11124
#: serverguide/C/security.xml:707(title)
8427
11125
msgid "iptables Masquerading"
8428
11126
msgstr ""
8429
11127
8430
#: serverguide/C/security.xml:700(para)
11128
#: serverguide/C/security.xml:708(para)
8431
11129
msgid ""
8432
"<application>iptables</application> can also be used to enable masquerading."
11130
"<application>iptables</application> can also be used to enable Masquerading."
8433
11131
msgstr ""
8434
11132
8435
#: serverguide/C/security.xml:705(para)
11133
#: serverguide/C/security.xml:713(para)
8436
11134
msgid ""
8437
11135
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8438
11136
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8439
11137
"uncomment the following line"
8440
11138
msgstr ""
8441
11139
8442
#: serverguide/C/security.xml:709(programlisting)
11140
#: serverguide/C/security.xml:717(programlisting)
8443
11141
#, no-wrap
8444
11142
msgid ""
8445
11143
"\n"
8446
11144
"net.ipv4.ip_forward=1\n"
8447
11145
msgstr ""
8448
11146
8449
#: serverguide/C/security.xml:712(para)
11147
#: serverguide/C/security.xml:720(para)
8450
11148
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8451
11149
msgstr ""
8452
11150
8453
#: serverguide/C/security.xml:715(programlisting)
11151
#: serverguide/C/security.xml:723(programlisting)
8454
11152
#, no-wrap
8455
11153
msgid ""
8456
11154
"\n"
8457
11155
"net.ipv6.conf.default.forwarding=1\n"
8458
11156
msgstr ""
8459
11157
8460
#: serverguide/C/security.xml:720(para)
11158
#: serverguide/C/security.xml:728(para)
8461
11159
msgid ""
8462
11160
"Next, execute the <application>sysctl</application> command to enable the "
8463
11161
"new settings in the configuration file:"
8464
11162
msgstr ""
8465
11163
8466
#: serverguide/C/security.xml:724(command)
11164
#: serverguide/C/security.xml:732(command)
8467
11165
msgid "sudo sysctl -p"
8468
11166
msgstr ""
8469
11167
8470
#: serverguide/C/security.xml:728(para)
11168
#: serverguide/C/security.xml:736(para)
8471
11169
msgid ""
8472
11170
"IP Masquerading can now be accomplished with a single iptables rule, which "
8473
11171
"may differ slightly based on your network configuration:"
8474
11172
msgstr ""
8475
11173
8476
#: serverguide/C/security.xml:731(screen)
11174
#: serverguide/C/security.xml:739(screen)
8477
11175
#, no-wrap
8478
11176
msgid ""
8479
11177
"\n"
8480
11178
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8481
11179
msgstr ""
8482
11180
8483
#: serverguide/C/security.xml:734(para)
11181
#: serverguide/C/security.xml:742(para)
8484
11182
msgid ""
8485
11183
"The above command assumes that your private address space is 192.168.0.0/16 "
8486
11184
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8487
11185
"follows:"
8488
11186
msgstr ""
8489
11187
8490
#: serverguide/C/security.xml:739(para)
11188
#: serverguide/C/security.xml:747(para)
8491
11189
msgid "-t nat -- the rule is to go into the nat table"
8492
11190
msgstr ""
8493
11191
8494
#: serverguide/C/security.xml:740(para)
11192
#: serverguide/C/security.xml:748(para)
8495
11193
msgid ""
8496
11194
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8497
11195
msgstr ""
8498
11196
8499
#: serverguide/C/security.xml:741(para)
11197
#: serverguide/C/security.xml:749(para)
8500
11198
msgid ""
8501
11199
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8502
11200
"specified address space"
8503
11201
msgstr ""
8504
11202
8505
#: serverguide/C/security.xml:742(para)
11203
#: serverguide/C/security.xml:750(para)
8506
11204
msgid ""
8507
11205
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8508
11206
"specified network device"
8509
11207
msgstr ""
8510
11208
8511
#: serverguide/C/security.xml:744(para)
11209
#: serverguide/C/security.xml:752(para)
8512
11210
msgid ""
8513
11211
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8514
11212
"MASQUERADE target to be manipulated as described above"
8515
11213
msgstr ""
8516
11214
8517
#: serverguide/C/security.xml:752(para)
11215
#: serverguide/C/security.xml:760(para)
8518
11216
msgid ""
8519
11217
"Also, each chain in the filter table (the default table, and where most or "
8520
11218
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8524
11222
"above rule to work:"
8525
11223
msgstr ""
8526
11224
8527
#: serverguide/C/security.xml:759(screen)
11225
#: serverguide/C/security.xml:767(screen)
8528
11226
#, no-wrap
8529
11227
msgid ""
8530
11228
"\n"
8531
11229
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8532
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8533
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
11230
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state \\\n"
11231
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8534
11232
msgstr ""
8535
11233
8536
#: serverguide/C/security.xml:763(para)
11234
#: serverguide/C/security.xml:772(para)
8537
11235
msgid ""
8538
11236
"The above commands will allow all connections from your local network to the "
8539
11237
"Internet and all traffic related to those connections to return to the "
8540
11238
"machine that initiated them."
8541
11239
msgstr ""
8542
11240
8543
#: serverguide/C/security.xml:770(para)
11241
#: serverguide/C/security.xml:779(para)
8544
11242
msgid ""
8545
11243
"If you want masquerading to be enabled on reboot, which you probably do, "
8546
11244
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8547
11245
"example add the first command with no filtering:"
8548
11246
msgstr ""
8549
11247
8550
#: serverguide/C/security.xml:774(screen)
11248
#: serverguide/C/security.xml:783(screen)
8551
11249
#, no-wrap
8552
11250
msgid ""
8553
11251
"\n"
8554
11252
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8555
11253
msgstr ""
8556
11254
8557
#: serverguide/C/security.xml:782(title)
11255
#: serverguide/C/security.xml:791(title)
8558
11256
msgid "Logs"
8559
11257
msgstr ""
8560
11258
8561
#: serverguide/C/security.xml:783(para)
11259
#: serverguide/C/security.xml:792(para)
8562
11260
msgid ""
8563
11261
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8564
11262
"firewall rules, and noticing unusual activity on your network. You must "
8568
11266
"REJECT)."
8569
11267
msgstr ""
8570
11268
8571
#: serverguide/C/security.xml:790(para)
11269
#: serverguide/C/security.xml:799(para)
8572
11270
msgid ""
8573
11271
"If you are using <application>ufw</application>, you can turn on logging by "
8574
11272
"entering the following in a terminal:"
8575
11273
msgstr ""
8576
11274
8577
#: serverguide/C/security.xml:794(command)
11275
#: serverguide/C/security.xml:803(command)
8578
11276
msgid "sudo ufw logging on"
8579
11277
msgstr ""
8580
11278
8581
#: serverguide/C/security.xml:796(para)
11279
#: serverguide/C/security.xml:805(para)
8582
11280
msgid ""
8583
11281
"To turn logging off in <application>ufw</application>, simply replace "
8584
11282
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8585
11283
"role=\"italic\">off</emphasis> in the above command."
8586
11284
msgstr ""
8587
11285
8588
#: serverguide/C/security.xml:799(para)
11286
#: serverguide/C/security.xml:808(para)
8589
11287
msgid ""
8590
11288
"If using <application>iptables</application> instead of "
8591
11289
"<application>ufw</application>, enter:"
8592
11290
msgstr ""
8593
11291
8594
#: serverguide/C/security.xml:802(screen)
11292
#: serverguide/C/security.xml:811(screen)
8595
11293
#, no-wrap
8596
11294
msgid ""
8597
11295
"\n"
8598
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8599
"prefix \"NEW_HTTP_CONN: \"\n"
11296
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 \\\n"
11297
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
8600
11298
msgstr ""
8601
11299
8602
#: serverguide/C/security.xml:805(para)
11300
#: serverguide/C/security.xml:815(para)
8603
11301
msgid ""
8604
11302
"A request on port 80 from the local machine, then, would generate a log in "
8605
"dmesg that looks like this:"
11303
"dmesg that looks like this (single line split into 3 to fit this document):"
8606
11304
msgstr ""
8607
11305
8608
#: serverguide/C/security.xml:810(programlisting)
11306
#: serverguide/C/security.xml:820(programlisting)
8609
11307
#, no-wrap
8610
11308
msgid ""
8611
11309
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8612
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8613
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8614
"WINDOW=32767 RES=0x00 SYN URGP=0"
11310
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00\n"
11311
" SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF "
11312
"PROTO=TCP\n"
11313
" SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0"
8615
11314
msgstr ""
8616
11315
8617
#: serverguide/C/security.xml:812(para)
11316
#: serverguide/C/security.xml:824(para)
8618
11317
msgid ""
8619
11318
"The above log will also appear in <filename>/var/log/messages</filename>, "
8620
11319
"<filename>/var/log/syslog</filename>, and "
8626
11325
"for firewalls, and can log to any file you like, or even to a "
8627
11326
"<application>PostgreSQL</application> or <application>MySQL</application> "
8628
11327
"database. Making sense of your firewall logs can be simplified by using a "
8629
"log analyzing tool such as <application>fwanalog</application>, "
8630
"<application> fwlogwatch</application>, or <application>lire</application>."
11328
"log analyzing tool such as <application>logwatch</application>, "
11329
"<application>fwanalog</application>, <application>fwlogwatch</application>, "
11330
"or <application>lire</application>."
8631
11331
msgstr ""
8632
11332
8633
#: serverguide/C/security.xml:827(title)
11333
#: serverguide/C/security.xml:839(title)
8634
11334
msgid "Other Tools"
8635
11335
msgstr ""
8636
11336
8637
#: serverguide/C/security.xml:828(para)
11337
#: serverguide/C/security.xml:840(para)
8638
11338
msgid ""
8639
11339
"There are many tools available to help you construct a complete firewall "
8640
11340
"without intimate knowledge of iptables. For the GUI-inclined:"
8641
11341
msgstr ""
8642
11342
8643
#: serverguide/C/security.xml:834(para)
8644
msgid ""
8645
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8646
"popular and easy to use."
8647
msgstr ""
8648
8649
#: serverguide/C/security.xml:839(para)
11343
#: serverguide/C/security.xml:846(para)
8650
11344
msgid ""
8651
11345
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8652
11346
"and will look familiar to an administrator who has used a commercial "
8653
11347
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8654
11348
msgstr ""
8655
11349
8656
#: serverguide/C/security.xml:845(para)
11350
#: serverguide/C/security.xml:852(para)
8657
11351
msgid ""
8658
11352
"If you prefer a command-line tool with plain-text configuration files:"
8659
11353
msgstr ""
8660
11354
8661
#: serverguide/C/security.xml:850(para)
11355
#: serverguide/C/security.xml:857(para)
8662
11356
msgid ""
8663
11357
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8664
11358
"powerful solution to help you configure an advanced firewall for any network."
8665
11359
msgstr ""
8666
11360
8667
#: serverguide/C/security.xml:856(para)
8668
msgid ""
8669
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8670
"a working firewall \"out of the box\" with zero configuration, and will "
8671
"allow you to easily set up a more advanced firewall by editing simple, well-"
8672
"documented configuration files."
8673
msgstr ""
8674
8675
#: serverguide/C/security.xml:863(para)
8676
msgid ""
8677
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8678
"designed to be a desktop firewall application. It is made up of a server "
8679
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8680
"like many popular interactive firewall applications for Windows."
8681
msgstr ""
8682
8683
#: serverguide/C/security.xml:875(para)
8684
msgid ""
8685
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
11361
#: serverguide/C/security.xml:868(para)
11362
msgid ""
11363
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
8686
11364
"Firewall</ulink> wiki page contains information on the development of "
8687
11365
"<application>ufw</application>."
8688
11366
msgstr ""
8689
11367
8690
#: serverguide/C/security.xml:881(para)
11368
#: serverguide/C/security.xml:874(para)
8691
11369
msgid ""
8692
11370
"Also, the <application>ufw</application> manual page contains some very "
8693
11371
"useful information: <command>man ufw</command>."
8694
11372
msgstr ""
8695
11373
8696
#: serverguide/C/security.xml:886(para)
11374
#: serverguide/C/security.xml:879(para)
8697
11375
msgid ""
8698
11376
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8699
11377
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8700
11378
"on using <application>iptables</application>."
8701
11379
msgstr ""
8702
11380
8703
#: serverguide/C/security.xml:892(para)
11381
#: serverguide/C/security.xml:885(para)
8704
11382
msgid ""
8705
11383
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8706
11384
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8707
11385
msgstr ""
8708
11386
8709
#: serverguide/C/security.xml:898(para)
11387
#: serverguide/C/security.xml:891(para)
8710
11388
msgid ""
8711
11389
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8712
11390
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8713
11391
msgstr ""
8714
11392
8715
#: serverguide/C/security.xml:906(title)
11393
#: serverguide/C/security.xml:899(title)
8716
11394
msgid "AppArmor"
8717
11395
msgstr ""
8718
11396
8719
#: serverguide/C/security.xml:907(para)
11397
#: serverguide/C/security.xml:900(para)
8720
11398
msgid ""
8721
11399
"<application>AppArmor</application> is a Linux Security Module "
8722
11400
"implementation of name-based mandatory access controls. AppArmor confines "
8724
11402
"capabilities."
8725
11403
msgstr ""
8726
11404
8727
#: serverguide/C/security.xml:911(para)
11405
#: serverguide/C/security.xml:904(para)
8728
11406
msgid ""
8729
11407
"<application>AppArmor</application> is installed and loaded by default. It "
8730
11408
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8733
11411
"<application>apparmor-profiles</application> package."
8734
11412
msgstr ""
8735
11413
8736
#: serverguide/C/security.xml:916(para)
11414
#: serverguide/C/security.xml:909(para)
8737
11415
msgid ""
8738
11416
"To install the <application>apparmor-profiles</application> package from a "
8739
11417
"terminal prompt:"
8740
11418
msgstr ""
8741
11419
8742
#: serverguide/C/security.xml:922(para)
11420
#: serverguide/C/security.xml:913(command)
11421
msgid "sudo apt-get install apparmor-profiles"
11422
msgstr "sudo apt-get install apparmor-profiles"
11423
11424
#: serverguide/C/security.xml:915(para)
8743
11425
msgid "AppArmor profiles have two modes of execution:"
8744
11426
msgstr ""
8745
11427
8746
#: serverguide/C/security.xml:927(para)
11428
#: serverguide/C/security.xml:920(para)
8747
11429
msgid ""
8748
11430
"Complaining/Learning: profile violations are permitted and logged. Useful "
8749
11431
"for testing and developing new profiles."
8750
11432
msgstr ""
8751
11433
8752
#: serverguide/C/security.xml:932(para)
11434
#: serverguide/C/security.xml:925(para)
8753
11435
msgid ""
8754
11436
"Enforced/Confined: enforces profile policy as well as logging the violation."
8755
11437
msgstr ""
8756
11438
8757
#: serverguide/C/security.xml:938(title)
11439
#: serverguide/C/security.xml:931(title)
8758
11440
msgid "Using AppArmor"
8759
11441
msgstr ""
8760
11442
8761
#: serverguide/C/security.xml:939(para)
11443
#: serverguide/C/security.xml:932(para)
8762
11444
msgid ""
8763
11445
"The <application>apparmor-utils</application> package contains command line "
8764
11446
"utilities that you can use to change the <application>AppArmor</application> "
8765
11447
"execution mode, find the status of a profile, create new profiles, etc."
8766
11448
msgstr ""
8767
11449
8768
#: serverguide/C/security.xml:945(para)
11450
#: serverguide/C/security.xml:938(para)
8769
11451
msgid ""
8770
11452
"<application>apparmor_status</application> is used to view the current "
8771
11453
"status of AppArmor profiles."
8772
11454
msgstr ""
8773
11455
8774
#: serverguide/C/security.xml:949(command)
11456
#: serverguide/C/security.xml:942(command)
8775
11457
msgid "sudo apparmor_status"
8776
11458
msgstr ""
8777
11459
8778
#: serverguide/C/security.xml:953(para)
11460
#: serverguide/C/security.xml:946(para)
8779
11461
msgid ""
8780
11462
"<application>aa-complain</application> places a profile into "
8781
11463
"<emphasis>complain</emphasis> mode."
8782
11464
msgstr ""
8783
11465
8784
#: serverguide/C/security.xml:957(command)
11466
#: serverguide/C/security.xml:950(command)
8785
11467
msgid "sudo aa-complain /path/to/bin"
8786
11468
msgstr ""
8787
11469
8788
#: serverguide/C/security.xml:961(para)
11470
#: serverguide/C/security.xml:954(para)
8789
11471
msgid ""
8790
11472
"<application>aa-enforce</application> places a profile into "
8791
11473
"<emphasis>enforce</emphasis> mode."
8792
11474
msgstr ""
8793
11475
8794
#: serverguide/C/security.xml:965(command)
11476
#: serverguide/C/security.xml:958(command)
8795
11477
msgid "sudo aa-enforce /path/to/bin"
8796
11478
msgstr ""
8797
11479
8798
#: serverguide/C/security.xml:969(para)
11480
#: serverguide/C/security.xml:962(para)
8799
11481
msgid ""
8800
11482
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8801
11483
"profiles are located. It can be used to manipulate the "
8802
11484
"<emphasis>mode</emphasis> of all profiles."
8803
11485
msgstr ""
8804
11486
8805
#: serverguide/C/security.xml:973(para)
11487
#: serverguide/C/security.xml:966(para)
8806
11488
msgid "Enter the following to place all profiles into complain mode:"
8807
11489
msgstr ""
8808
11490
8809
#: serverguide/C/security.xml:977(command)
11491
#: serverguide/C/security.xml:970(command)
8810
11492
msgid "sudo aa-complain /etc/apparmor.d/*"
8811
11493
msgstr ""
8812
11494
8813
#: serverguide/C/security.xml:979(para)
11495
#: serverguide/C/security.xml:972(para)
8814
11496
msgid "To place all profiles in enforce mode:"
8815
11497
msgstr ""
8816
11498
8817
#: serverguide/C/security.xml:983(command)
11499
#: serverguide/C/security.xml:976(command)
8818
11500
msgid "sudo aa-enforce /etc/apparmor.d/*"
8819
11501
msgstr "sudo aa-enforce /etc/apparmor.d/*"
8820
11502
8821
#: serverguide/C/security.xml:987(para)
11503
#: serverguide/C/security.xml:980(para)
8822
11504
msgid ""
8823
11505
"<application>apparmor_parser</application> is used to load a profile into "
8824
11506
"the kernel. It can also be used to reload a currently loaded profile using "
8825
11507
"the <emphasis>-r</emphasis> option. To load a profile:"
8826
11508
msgstr ""
8827
11509
8828
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
11510
#: serverguide/C/security.xml:985(command) serverguide/C/security.xml:1017(command)
8829
11511
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8830
11512
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8831
11513
8832
#: serverguide/C/security.xml:994(para)
11514
#: serverguide/C/security.xml:987(para)
8833
11515
msgid "To reload a profile:"
8834
11516
msgstr "Pa recargar un perfil:"
8835
11517
8836
#: serverguide/C/security.xml:998(command)
11518
#: serverguide/C/security.xml:991(command)
8837
11519
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8838
11520
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8839
11521
8840
#: serverguide/C/security.xml:1002(para)
11522
#: serverguide/C/security.xml:995(para)
8841
11523
msgid ""
8842
11524
"<filename>/etc/init.d/apparmor</filename> can be used to "
8843
11525
"<emphasis>reload</emphasis> all profiles:"
8845
11527
"<filename>/etc/init.d/apparmor</filename> puede usase pa "
8846
11528
"<emphasis>recargar</emphasis> tolos perfiles:"
8847
11529
8848
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
11530
#: serverguide/C/security.xml:999(command)
8849
11531
msgid "sudo /etc/init.d/apparmor reload"
8850
11532
msgstr "sudo /etc/init.d/apparmor reload"
8851
11533
8852
#: serverguide/C/security.xml:1010(para)
11534
#: serverguide/C/security.xml:1003(para)
8853
11535
msgid ""
8854
11536
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8855
11537
"with the <application>apparmor_parser -R</application> option to "
8856
11538
"<emphasis>disable</emphasis> a profile."
8857
11539
msgstr ""
8858
11540
8859
#: serverguide/C/security.xml:1015(command)
11541
#: serverguide/C/security.xml:1008(command)
8860
11542
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8861
11543
msgstr "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8862
11544
8863
#: serverguide/C/security.xml:1016(command)
11545
#: serverguide/C/security.xml:1009(command)
8864
11546
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8865
11547
msgstr ""
8866
11548
8867
#: serverguide/C/security.xml:1018(para)
11549
#: serverguide/C/security.xml:1011(para)
8868
11550
msgid ""
8869
11551
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8870
11552
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8871
11553
"load the profile using the <emphasis>-a</emphasis> option."
8872
11554
msgstr ""
8873
11555
8874
#: serverguide/C/security.xml:1023(command)
11556
#: serverguide/C/security.xml:1016(command)
8875
11557
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8876
11558
msgstr ""
8877
11559
8878
#: serverguide/C/security.xml:1028(para)
11560
#: serverguide/C/security.xml:1021(para)
8879
11561
msgid ""
8880
11562
"<application>AppArmor</application> can be disabled, and the kernel module "
8881
11563
"unloaded by entering the following:"
8882
11564
msgstr ""
8883
11565
8884
#: serverguide/C/security.xml:1032(command)
11566
#: serverguide/C/security.xml:1025(command)
8885
11567
msgid "sudo /etc/init.d/apparmor stop"
8886
11568
msgstr "sudo /etc/init.d/apparmor stop"
8887
11569
8888
#: serverguide/C/security.xml:1033(command)
11570
#: serverguide/C/security.xml:1026(command)
8889
11571
msgid "sudo update-rc.d -f apparmor remove"
8890
11572
msgstr "sudo update-rc.d -f apparmor remove"
8891
11573
8892
#: serverguide/C/security.xml:1037(para)
11574
#: serverguide/C/security.xml:1030(para)
8893
11575
msgid "To re-enable <application>AppArmor</application> enter:"
8894
11576
msgstr "Pa rehabilitar <application>AppArmor</application> pon:"
8895
11577
8896
#: serverguide/C/security.xml:1041(command)
11578
#: serverguide/C/security.xml:1034(command)
8897
11579
msgid "sudo /etc/init.d/apparmor start"
8898
11580
msgstr "sudo /etc/init.d/apparmor start"
8899
11581
8900
#: serverguide/C/security.xml:1042(command)
11582
#: serverguide/C/security.xml:1035(command)
8901
11583
msgid "sudo update-rc.d apparmor defaults"
8902
11584
msgstr "sudo update-rc.d apparmor defaults"
8903
11585
8904
#: serverguide/C/security.xml:1047(para)
11586
#: serverguide/C/security.xml:1040(para)
8905
11587
msgid ""
8906
11588
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8907
11589
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8909
11591
"<application>ping</application> command use <filename>/bin/ping</filename>"
8910
11592
msgstr ""
8911
11593
8912
#: serverguide/C/security.xml:1055(title)
11594
#: serverguide/C/security.xml:1048(title)
8913
11595
msgid "Profiles"
8914
11596
msgstr "Perfiles"
8915
11597
8916
#: serverguide/C/security.xml:1056(para)
11598
#: serverguide/C/security.xml:1049(para)
8917
11599
msgid ""
8918
11600
"<application>AppArmor</application> profiles are simple text files located "
8919
11601
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8922
11604
"profile for the <filename>/bin/ping</filename> command."
8923
11605
msgstr ""
8924
11606
8925
#: serverguide/C/security.xml:1062(para)
11607
#: serverguide/C/security.xml:1055(para)
8926
11608
msgid "There are two main type of rules used in profiles:"
8927
11609
msgstr "Hai dos tribes principales de regles usaes en pefiles:"
8928
11610
8929
#: serverguide/C/security.xml:1067(para)
11611
#: serverguide/C/security.xml:1060(para)
8930
11612
msgid ""
8931
11613
"<emphasis>Path entries:</emphasis> which detail which files an application "
8932
11614
"can access in the file system."
8933
11615
msgstr ""
8934
11616
8935
#: serverguide/C/security.xml:1072(para)
11617
#: serverguide/C/security.xml:1065(para)
8936
11618
msgid ""
8937
11619
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8938
11620
"confined process is allowed to use."
8939
11621
msgstr ""
8940
11622
8941
#: serverguide/C/security.xml:1077(para)
11623
#: serverguide/C/security.xml:1070(para)
8942
11624
msgid ""
8943
11625
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8944
11626
msgstr ""
8945
11627
8946
#: serverguide/C/security.xml:1080(programlisting)
11628
#: serverguide/C/security.xml:1073(programlisting)
8947
11629
#, no-wrap
8948
11630
msgid ""
8949
11631
"\n"
8976
11658
" /etc/modules.conf r,\n"
8977
11659
"}\n"
8978
11660
8979
#: serverguide/C/security.xml:1097(para)
11661
#: serverguide/C/security.xml:1090(para)
8980
11662
msgid ""
8981
11663
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8982
11664
"from other files. This allows statements pertaining to multiple applications "
8983
11665
"to be placed in a common file."
8984
11666
msgstr ""
8985
11667
8986
#: serverguide/C/security.xml:1103(para)
11668
#: serverguide/C/security.xml:1096(para)
8987
11669
msgid ""
8988
11670
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8989
11671
"program, also setting the mode to <emphasis>complain</emphasis>."
8990
11672
msgstr ""
8991
11673
8992
#: serverguide/C/security.xml:1109(para)
11674
#: serverguide/C/security.xml:1102(para)
8993
11675
msgid ""
8994
11676
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8995
11677
"the CAP_NET_RAW Posix.1e capability."
8996
11678
msgstr ""
8997
11679
8998
#: serverguide/C/security.xml:1114(para)
11680
#: serverguide/C/security.xml:1107(para)
8999
11681
msgid ""
9000
11682
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
9001
11683
"execute access to the file."
9002
11684
msgstr ""
9003
11685
9004
#: serverguide/C/security.xml:1120(para)
11686
#: serverguide/C/security.xml:1113(para)
9005
11687
msgid ""
9006
11688
"After editing a profile file the profile must be reloaded. See <xref "
9007
11689
"linkend=\"apparmor-usage\"/> for details."
9008
11690
msgstr ""
9009
11691
9010
#: serverguide/C/security.xml:1125(title)
11692
#: serverguide/C/security.xml:1118(title)
9011
11693
msgid "Creating a Profile"
9012
11694
msgstr "Crear un perfil"
9013
11695
9014
#: serverguide/C/security.xml:1128(para)
11696
#: serverguide/C/security.xml:1121(para)
9015
11697
msgid ""
9016
11698
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
9017
11699
"application should be exercised. The test plan should be divided into small "
9019
11701
"steps to follow."
9020
11702
msgstr ""
9021
11703
9022
#: serverguide/C/security.xml:1132(para)
11704
#: serverguide/C/security.xml:1125(para)
9023
11705
msgid "Some standard test cases are:"
9024
11706
msgstr "Dellos casos estándar de preba son:"
9025
11707
9026
#: serverguide/C/security.xml:1137(para)
11708
#: serverguide/C/security.xml:1130(para)
9027
11709
msgid "Starting the program."
9028
11710
msgstr "Arrancando'l programa."
9029
11711
9030
#: serverguide/C/security.xml:1142(para)
11712
#: serverguide/C/security.xml:1135(para)
9031
11713
msgid "Stopping the program."
9032
11714
msgstr ""
9033
11715
9034
#: serverguide/C/security.xml:1147(para)
11716
#: serverguide/C/security.xml:1140(para)
9035
11717
msgid "Reloading the program."
9036
11718
msgstr ""
9037
11719
11720
#: serverguide/C/security.xml:1145(para)
11721
msgid "Testing all the commands supported by the init script."
11722
msgstr ""
11723
9038
11724
#: serverguide/C/security.xml:1152(para)
9039
msgid "Testing all the commands supported by the init script."
9040
msgstr ""
9041
9042
#: serverguide/C/security.xml:1159(para)
9043
11725
msgid ""
9044
11726
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
9045
11727
"genprof</application> to generate a new profile. From a terminal:"
9046
11728
msgstr ""
9047
11729
9048
#: serverguide/C/security.xml:1164(command)
11730
#: serverguide/C/security.xml:1157(command)
9049
11731
msgid "sudo aa-genprof executable"
9050
11732
msgstr ""
9051
11733
9052
#: serverguide/C/security.xml:1166(para)
11734
#: serverguide/C/security.xml:1159(para)
9053
11735
msgid "For example:"
9054
11736
msgstr ""
9055
11737
9056
#: serverguide/C/security.xml:1170(command)
11738
#: serverguide/C/security.xml:1163(command)
9057
11739
msgid "sudo aa-genprof slapd"
9058
11740
msgstr "sudo aa-genprof slapd"
9059
11741
9060
#: serverguide/C/security.xml:1174(para)
11742
#: serverguide/C/security.xml:1167(para)
9061
11743
msgid ""
9062
11744
"To get your new profile included in the <application>apparmor-"
9063
11745
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
9066
11748
"/ulink> package:"
9067
11749
msgstr ""
9068
11750
9069
#: serverguide/C/security.xml:1181(para)
11751
#: serverguide/C/security.xml:1174(para)
9070
11752
msgid "Include your test plan and test cases."
9071
11753
msgstr ""
9072
11754
9073
#: serverguide/C/security.xml:1186(para)
11755
#: serverguide/C/security.xml:1179(para)
9074
11756
msgid "Attach your new profile to the bug."
9075
11757
msgstr ""
9076
11758
9077
#: serverguide/C/security.xml:1195(title)
11759
#: serverguide/C/security.xml:1188(title)
9078
11760
msgid "Updating Profiles"
9079
11761
msgstr "Anovando perfiles"
9080
11762
9081
#: serverguide/C/security.xml:1196(para)
11763
#: serverguide/C/security.xml:1189(para)
9082
11764
msgid ""
9083
11765
"When the program is misbehaving, audit messages are sent to the log files. "
9084
11766
"The program <application>aa-logprof</application> can be used to scan log "
9086
11768
"and update the profiles. From a terminal:"
9087
11769
msgstr ""
9088
11770
9089
#: serverguide/C/security.xml:1201(command)
11771
#: serverguide/C/security.xml:1194(command)
9090
11772
msgid "sudo aa-logprof"
9091
11773
msgstr "sudo aa-logprof"
9092
11774
9093
#: serverguide/C/security.xml:1209(para)
11775
#: serverguide/C/security.xml:1202(para)
9094
11776
msgid ""
9095
11777
"See the <ulink "
9096
11778
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
9099
11781
"configuration options."
9100
11782
msgstr ""
9101
11783
9102
#: serverguide/C/security.xml:1216(para)
11784
#: serverguide/C/security.xml:1209(para)
9103
11785
msgid ""
9104
11786
"For details using AppArmor with other Ubuntu releases see the <ulink "
9105
11787
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
9106
11788
"Wiki</ulink> page."
9107
11789
msgstr ""
9108
11790
11791
#: serverguide/C/security.xml:1217(para)
11792
msgid ""
11793
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
11794
"AppArmor</ulink> page is another introduction to AppArmor."
11795
msgstr ""
11796
9109
11797
#: serverguide/C/security.xml:1224(para)
9110
11798
msgid ""
9111
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
9112
"page is another introduction to AppArmor."
9113
msgstr ""
9114
9115
#: serverguide/C/security.xml:1231(para)
9116
msgid ""
9117
11799
"A great place to ask for <application>AppArmor</application> assistance, and "
9118
11800
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
9119
11801
"server</emphasis> IRC channel on <ulink "
9120
11802
"url=\"http://freenode.net\">freenode</ulink>."
9121
11803
msgstr ""
9122
11804
9123
#: serverguide/C/security.xml:1241(title)
11805
#: serverguide/C/security.xml:1234(title)
9124
11806
msgid "Certificates"
9125
11807
msgstr ""
9126
11808
9127
#: serverguide/C/security.xml:1242(para)
11809
#: serverguide/C/security.xml:1235(para)
9128
11810
msgid ""
9129
11811
"One of the most common forms of cryptography today is <emphasis>public-"
9130
11812
"key</emphasis> cryptography. Public-key cryptography utilizes a "
9134
11816
"the private key."
9135
11817
msgstr ""
9136
11818
9137
#: serverguide/C/security.xml:1248(para)
11819
#: serverguide/C/security.xml:1241(para)
9138
11820
msgid ""
9139
11821
"A common use for public-key cryptography is encrypting application traffic "
9140
11822
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
9143
11825
"encrypt traffic using a protocol that does not itself provide encryption."
9144
11826
msgstr ""
9145
11827
9146
#: serverguide/C/security.xml:1253(para)
11828
#: serverguide/C/security.xml:1246(para)
9147
11829
msgid ""
9148
11830
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
9149
11831
"<emphasis>public key</emphasis> and other information about a server and the "
9153
11835
"certificate is accurate."
9154
11836
msgstr ""
9155
11837
9156
#: serverguide/C/security.xml:1260(title)
11838
#: serverguide/C/security.xml:1253(title)
9157
11839
msgid "Types of Certificates"
9158
11840
msgstr ""
9159
11841
9160
#: serverguide/C/security.xml:1261(para)
11842
#: serverguide/C/security.xml:1254(para)
9161
11843
msgid ""
9162
11844
"To set up a secure server using public-key cryptography, in most cases, you "
9163
11845
"send your certificate request (including your public key), proof of your "
9167
11849
"signed</emphasis> certificate."
9168
11850
msgstr ""
9169
11851
9170
#: serverguide/C/security.xml:1271(para)
11852
#: serverguide/C/security.xml:1264(para)
9171
11853
msgid ""
9172
11854
"Note, that self-signed certificates should not be used in most production "
9173
11855
"environments."
9174
11856
msgstr ""
9175
11857
9176
#: serverguide/C/security.xml:1275(para)
11858
#: serverguide/C/security.xml:1268(para)
9177
11859
msgid ""
9178
11860
"Continuing the HTTPS example, a CA-signed certificate provides two important "
9179
11861
"capabilities that a self-signed certificate does not:"
9180
11862
msgstr ""
9181
11863
9182
#: serverguide/C/security.xml:1282(para)
11864
#: serverguide/C/security.xml:1275(para)
9183
11865
msgid ""
9184
11866
"Browsers (usually) automatically recognize the certificate and allow a "
9185
11867
"secure connection to be made without prompting the user."
9186
11868
msgstr ""
9187
11869
9188
#: serverguide/C/security.xml:1289(para)
11870
#: serverguide/C/security.xml:1282(para)
9189
11871
msgid ""
9190
11872
"When a CA issues a signed certificate, it is guaranteeing the identity of "
9191
11873
"the organization that is providing the web pages to the browser."
9192
11874
msgstr ""
9193
11875
9194
#: serverguide/C/security.xml:1297(para)
11876
#: serverguide/C/security.xml:1290(para)
9195
11877
msgid ""
9196
11878
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
9197
11879
"certificates they automatically accept. If a browser encounters a "
9200
11882
"may generate an error message when using a self-singed certificate."
9201
11883
msgstr ""
9202
11884
9203
#: serverguide/C/security.xml:1305(para)
11885
#: serverguide/C/security.xml:1298(para)
9204
11886
msgid ""
9205
11887
"The process of getting a certificate from a CA is fairly easy. A quick "
9206
11888
"overview is as follows:"
9207
11889
msgstr ""
9208
11890
9209
#: serverguide/C/security.xml:1312(para)
11891
#: serverguide/C/security.xml:1305(para)
9210
11892
msgid "Create a private and public encryption key pair."
9211
11893
msgstr ""
9212
11894
9213
#: serverguide/C/security.xml:1315(para)
11895
#: serverguide/C/security.xml:1308(para)
9214
11896
msgid ""
9215
11897
"Create a certificate request based on the public key. The certificate "
9216
11898
"request contains information about your server and the company hosting it."
9217
11899
msgstr ""
9218
11900
9219
#: serverguide/C/security.xml:1320(para)
11901
#: serverguide/C/security.xml:1313(para)
9220
11902
msgid ""
9221
11903
"Send the certificate request, along with documents proving your identity, to "
9222
11904
"a CA. We cannot tell you which certificate authority to choose. Your "
9224
11906
"your friends or colleagues, or purely on monetary factors."
9225
11907
msgstr ""
9226
11908
9227
#: serverguide/C/security.xml:1326(para)
11909
#: serverguide/C/security.xml:1319(para)
9228
11910
msgid ""
9229
11911
"Once you have decided upon a CA, you need to follow the instructions they "
9230
11912
"provide on how to obtain a certificate from them."
9231
11913
msgstr ""
9232
11914
9233
#: serverguide/C/security.xml:1331(para)
11915
#: serverguide/C/security.xml:1324(para)
9234
11916
msgid ""
9235
11917
"When the CA is satisfied that you are indeed who you claim to be, they send "
9236
11918
"you a digital certificate."
9237
11919
msgstr ""
9238
11920
9239
#: serverguide/C/security.xml:1335(para)
11921
#: serverguide/C/security.xml:1328(para)
9240
11922
msgid ""
9241
11923
"Install this certificate on your secure server, and configure the "
9242
11924
"appropriate applications to use the certificate."
9243
11925
msgstr ""
9244
11926
9245
#: serverguide/C/security.xml:1344(title)
11927
#: serverguide/C/security.xml:1337(title)
9246
11928
msgid "Generating a Certificate Signing Request (CSR)"
9247
11929
msgstr ""
9248
11930
9249
#: serverguide/C/security.xml:1346(para)
11931
#: serverguide/C/security.xml:1339(para)
9250
11932
msgid ""
9251
11933
"Whether you are getting a certificate from a CA or generating your own self-"
9252
11934
"signed certificate, the first step is to generate a key."
9253
11935
msgstr ""
9254
11936
9255
#: serverguide/C/security.xml:1351(para)
11937
#: serverguide/C/security.xml:1344(para)
9256
11938
msgid ""
9257
11939
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9258
11940
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9260
11942
"the preferred way to start a daemon."
9261
11943
msgstr ""
9262
11944
9263
#: serverguide/C/security.xml:1357(para)
11945
#: serverguide/C/security.xml:1350(para)
9264
11946
msgid ""
9265
11947
"This section will cover generating a key with a passphrase, and one without. "
9266
11948
"The non-passphrase key will then be used to generate a certificate that can "
9267
11949
"be used with various service daemons."
9268
11950
msgstr ""
9269
11951
9270
#: serverguide/C/security.xml:1363(para)
11952
#: serverguide/C/security.xml:1356(para)
9271
11953
msgid ""
9272
11954
"Running your secure service without a passphrase is convenient because you "
9273
11955
"will not need to enter the passphrase every time you start your secure "
9275
11957
"of the server as well."
9276
11958
msgstr ""
9277
11959
9278
#: serverguide/C/security.xml:1370(para)
11960
#: serverguide/C/security.xml:1363(para)
9279
11961
msgid ""
9280
11962
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9281
11963
"Request (CSR) run the following command from a terminal prompt:"
9282
11964
msgstr ""
9283
11965
9284
#: serverguide/C/security.xml:1376(command)
9285
msgid "openssl genrsa -des3 -out server.key 1024"
9286
msgstr "openssl genrsa -des3 -out server.key 1024"
11966
#: serverguide/C/security.xml:1369(command)
11967
msgid "openssl genrsa -des3 -out server.key 2048"
11968
msgstr ""
9287
11969
9288
#: serverguide/C/security.xml:1379(programlisting)
11970
#: serverguide/C/security.xml:1372(programlisting)
9289
11971
#, no-wrap
9290
11972
msgid ""
9291
11973
"\n"
9292
"Generating RSA private key, 1024 bit long modulus\n"
9293
".....................++++++\n"
9294
".................++++++\n"
9295
"unable to write 'random state'\n"
11974
"Generating RSA private key, 2048 bit long modulus\n"
11975
"..........................++++++\n"
11976
".......++++++\n"
9296
11977
"e is 65537 (0x10001)\n"
9297
11978
"Enter pass phrase for server.key:\n"
9298
11979
msgstr ""
9299
"\n"
9300
"Generating RSA private key, 1024 bit long modulus\n"
9301
"\n"
9302
".....................++++++\n"
9303
"\n"
9304
".................++++++\n"
9305
"\n"
9306
"unable to write 'random state'\n"
9307
"\n"
9308
"e is 65537 (0x10001)\n"
9309
"\n"
9310
"Enter pass phrase for server.key:\n"
9311
11980
9312
#: serverguide/C/security.xml:1388(para)
11981
#: serverguide/C/security.xml:1380(para)
9313
11982
msgid ""
9314
11983
"You can now enter your passphrase. For best security, it should at least "
9315
11984
"contain eight characters. The minimum length when specifying -des3 is four "
9317
11986
"in a dictionary. Also remember that your passphrase is case-sensitive."
9318
11987
msgstr ""
9319
11988
9320
#: serverguide/C/security.xml:1396(para)
11989
#: serverguide/C/security.xml:1388(para)
9321
11990
msgid ""
9322
11991
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9323
11992
"server key is generated and stored in the <filename>server.key</filename> "
9324
11993
"file."
9325
11994
msgstr ""
9326
11995
9327
#: serverguide/C/security.xml:1402(para)
11996
#: serverguide/C/security.xml:1394(para)
9328
11997
msgid ""
9329
11998
"Now create the insecure key, the one without a passphrase, and shuffle the "
9330
11999
"key names:"
9331
12000
msgstr ""
9332
12001
9333
#: serverguide/C/security.xml:1408(command)
12002
#: serverguide/C/security.xml:1400(command)
9334
12003
msgid "openssl rsa -in server.key -out server.key.insecure"
9335
12004
msgstr "openssl rsa -in server.key -out server.key.insecure"
9336
12005
9337
#: serverguide/C/security.xml:1409(command)
12006
#: serverguide/C/security.xml:1401(command)
9338
12007
msgid "mv server.key server.key.secure"
9339
12008
msgstr ""
9340
12009
9341
#: serverguide/C/security.xml:1410(command)
12010
#: serverguide/C/security.xml:1402(command)
9342
12011
msgid "mv server.key.insecure server.key"
9343
12012
msgstr ""
9344
12013
9345
#: serverguide/C/security.xml:1413(para)
12014
#: serverguide/C/security.xml:1405(para)
9346
12015
msgid ""
9347
12016
"The insecure key is now named <filename>server.key</filename>, and you can "
9348
12017
"use this file to generate the CSR without passphrase."
9349
12018
msgstr ""
9350
12019
9351
#: serverguide/C/security.xml:1418(para)
12020
#: serverguide/C/security.xml:1410(para)
9352
12021
msgid "To create the CSR, run the following command at a terminal prompt:"
9353
12022
msgstr ""
9354
12023
9355
#: serverguide/C/security.xml:1423(command)
12024
#: serverguide/C/security.xml:1415(command)
9356
12025
msgid "openssl req -new -key server.key -out server.csr"
9357
12026
msgstr ""
9358
12027
9359
#: serverguide/C/security.xml:1426(para)
12028
#: serverguide/C/security.xml:1418(para)
9360
12029
msgid ""
9361
12030
"It will prompt you enter the passphrase. If you enter the correct "
9362
12031
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9364
12033
"be stored in the <filename>server.csr</filename> file."
9365
12034
msgstr ""
9366
12035
9367
#: serverguide/C/security.xml:1434(para)
12036
#: serverguide/C/security.xml:1426(para)
9368
12037
msgid ""
9369
12038
"You can now submit this CSR file to a CA for processing. The CA will use "
9370
12039
"this CSR file and issue the certificate. On the other hand, you can create "
9371
12040
"self-signed certificate using this CSR."
9372
12041
msgstr ""
9373
12042
9374
#: serverguide/C/security.xml:1442(title)
12043
#: serverguide/C/security.xml:1434(title)
9375
12044
msgid "Creating a Self-Signed Certificate"
9376
12045
msgstr ""
9377
12046
9378
#: serverguide/C/security.xml:1443(para)
12047
#: serverguide/C/security.xml:1435(para)
9379
12048
msgid ""
9380
12049
"To create the self-signed certificate, run the following command at a "
9381
12050
"terminal prompt:"
9382
12051
msgstr ""
9383
12052
9384
#: serverguide/C/security.xml:1448(command)
12053
#: serverguide/C/security.xml:1440(command)
9385
12054
msgid ""
9386
12055
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9387
12056
"server.crt"
9389
12058
"openssl·x509·-req·-days·365·-in·server.csr·-signkey·server.key·-"
9390
12059
"out·server.crt"
9391
12060
9392
#: serverguide/C/security.xml:1451(para)
12061
#: serverguide/C/security.xml:1443(para)
9393
12062
msgid ""
9394
12063
"The above command will prompt you to enter the passphrase. Once you enter "
9395
12064
"the correct passphrase, your certificate will be created and it will be "
9396
12065
"stored in the <filename>server.crt</filename> file."
9397
12066
msgstr ""
9398
12067
9399
#: serverguide/C/security.xml:1456(para)
12068
#: serverguide/C/security.xml:1448(para)
9400
12069
msgid ""
9401
12070
"If your secure server is to be used in a production environment, you "
9402
12071
"probably need a CA-signed certificate. It is not recommended to use self-"
9403
12072
"signed certificate."
9404
12073
msgstr ""
9405
12074
9406
#: serverguide/C/security.xml:1464(title)
12075
#: serverguide/C/security.xml:1456(title)
9407
12076
msgid "Installing the Certificate"
9408
12077
msgstr "Instalar el Certificáu"
9409
12078
9410
#: serverguide/C/security.xml:1466(para)
12079
#: serverguide/C/security.xml:1458(para)
9411
12080
msgid ""
9412
12081
"You can install the key file <filename>server.key</filename> and certificate "
9413
12082
"file <filename>server.crt</filename>, or the certificate file issued by your "
9414
12083
"CA, by running following commands at a terminal prompt:"
9415
12084
msgstr ""
9416
12085
9417
#: serverguide/C/security.xml:1472(command)
12086
#: serverguide/C/security.xml:1464(command)
9418
12087
msgid "sudo cp server.crt /etc/ssl/certs"
9419
12088
msgstr "sudo cp server.crt /etc/ssl/certs"
9420
12089
9421
#: serverguide/C/security.xml:1473(command)
12090
#: serverguide/C/security.xml:1465(command)
9422
12091
msgid "sudo cp server.key /etc/ssl/private"
9423
12092
msgstr "sudo cp server.key /etc/ssl/private"
9424
12093
9425
#: serverguide/C/security.xml:1475(para)
12094
#: serverguide/C/security.xml:1467(para)
9426
12095
msgid ""
9427
12096
"Now simply configure any applications, with the ability to use public-key "
9428
12097
"cryptography, to use the <emphasis>certificate</emphasis> and "
9431
12100
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9432
12101
msgstr ""
9433
12102
9434
#: serverguide/C/security.xml:1482(title)
12103
#: serverguide/C/security.xml:1474(title)
9435
12104
msgid "Certification Authority"
9436
12105
msgstr "Autoridá de certificación"
9437
12106
9438
#: serverguide/C/security.xml:1484(para)
12107
#: serverguide/C/security.xml:1476(para)
9439
12108
msgid ""
9440
12109
"If the services on your network require more than a few self-signed "
9441
12110
"certificates it may be worth the additional effort to setup your own "
9445
12114
"the same CA."
9446
12115
msgstr ""
9447
12116
9448
#: serverguide/C/security.xml:1494(para)
12117
#: serverguide/C/security.xml:1486(para)
9449
12118
msgid ""
9450
12119
"First, create the directories to hold the CA certificate and related files:"
9451
12120
msgstr ""
9452
12121
9453
#: serverguide/C/security.xml:1499(command)
12122
#: serverguide/C/security.xml:1491(command)
9454
12123
msgid "sudo mkdir /etc/ssl/CA"
9455
12124
msgstr ""
9456
12125
9457
#: serverguide/C/security.xml:1500(command)
12126
#: serverguide/C/security.xml:1492(command)
9458
12127
msgid "sudo mkdir /etc/ssl/newcerts"
9459
12128
msgstr ""
9460
12129
9461
#: serverguide/C/security.xml:1506(para)
12130
#: serverguide/C/security.xml:1498(para)
9462
12131
msgid ""
9463
12132
"The CA needs a few additional files to operate, one to keep track of the "
9464
12133
"last serial number used by the CA, each certificate must have a unique "
9466
12135
"issued:"
9467
12136
msgstr ""
9468
12137
9469
#: serverguide/C/security.xml:1513(command)
12138
#: serverguide/C/security.xml:1505(command)
9470
12139
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9471
12140
msgstr "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9472
12141
9473
#: serverguide/C/security.xml:1514(command)
12142
#: serverguide/C/security.xml:1506(command)
9474
12143
msgid "sudo touch /etc/ssl/CA/index.txt"
9475
12144
msgstr "sudo touch /etc/ssl/CA/index.txt"
9476
12145
9477
#: serverguide/C/security.xml:1520(para)
12146
#: serverguide/C/security.xml:1512(para)
9478
12147
msgid ""
9479
12148
"The third file is a CA configuration file. Though not strictly necessary, it "
9480
12149
"is very convenient when issuing multiple certificates. Edit "
9482
12151
"]</emphasis> change:"
9483
12152
msgstr ""
9484
12153
9485
#: serverguide/C/security.xml:1526(programlisting)
12154
#: serverguide/C/security.xml:1518(programlisting)
9486
12155
#, no-wrap
9487
12156
msgid ""
9488
12157
"\n"
9493
12162
"private_key = $dir/private/cakey.pem# The private key\n"
9494
12163
msgstr ""
9495
12164
12165
#: serverguide/C/security.xml:1529(para)
12166
msgid "Next, create the self-singed root certificate:"
12167
msgstr ""
12168
12169
#: serverguide/C/security.xml:1534(command)
12170
msgid ""
12171
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
12172
"days 3650"
12173
msgstr ""
12174
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
12175
"days 3650"
12176
9496
12177
#: serverguide/C/security.xml:1537(para)
9497
msgid "Next, create the self-singed root certificate:"
9498
msgstr ""
9499
9500
#: serverguide/C/security.xml:1542(command)
9501
msgid ""
9502
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9503
"days 3650"
9504
msgstr ""
9505
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9506
"days 3650"
9507
9508
#: serverguide/C/security.xml:1545(para)
9509
12178
msgid "You will then be asked to enter the details about the certificate."
9510
12179
msgstr ""
9511
12180
9512
#: serverguide/C/security.xml:1552(para)
12181
#: serverguide/C/security.xml:1544(para)
9513
12182
msgid "Now install the root certificate and key:"
9514
12183
msgstr "Agora instala'l certificáu raigañu y la clave:"
9515
12184
9516
#: serverguide/C/security.xml:1557(command)
12185
#: serverguide/C/security.xml:1549(command)
9517
12186
msgid "sudo mv cakey.pem /etc/ssl/private/"
9518
12187
msgstr "sudo mv cakey.pem /etc/ssl/private/"
9519
12188
9520
#: serverguide/C/security.xml:1558(command)
12189
#: serverguide/C/security.xml:1550(command)
9521
12190
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9522
12191
msgstr "sudo mv cacert.pem /etc/ssl/certs/"
9523
12192
9524
#: serverguide/C/security.xml:1564(para)
12193
#: serverguide/C/security.xml:1556(para)
9525
12194
msgid ""
9526
12195
"You are now ready to start signing certificates. The first item needed is a "
9527
12196
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9529
12198
"certificate signed by the CA:"
9530
12199
msgstr ""
9531
12200
9532
#: serverguide/C/security.xml:1571(command)
12201
#: serverguide/C/security.xml:1563(command)
9533
12202
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9534
12203
msgstr "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9535
12204
9536
#: serverguide/C/security.xml:1574(para)
12205
#: serverguide/C/security.xml:1566(para)
9537
12206
msgid ""
9538
12207
"After entering the password for the CA key, you will be prompted to sign the "
9539
12208
"certificate, and again to commit the new certificate. You should then see a "
9540
12209
"somewhat large amount of output related to the certificate creation."
9541
12210
msgstr ""
9542
12211
9543
#: serverguide/C/security.xml:1583(para)
12212
#: serverguide/C/security.xml:1575(para)
9544
12213
msgid ""
9545
12214
"There should now be a new file, "
9546
12215
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9551
12220
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
9552
12221
msgstr ""
9553
12222
9554
#: serverguide/C/security.xml:1591(para)
12223
#: serverguide/C/security.xml:1583(para)
9555
12224
msgid ""
9556
12225
"Subsequent certificates will be named <filename>02.pem</filename>, "
9557
12226
"<filename>03.pem</filename>, etc."
9558
12227
msgstr ""
9559
12228
9560
#: serverguide/C/security.xml:1596(para)
12229
#: serverguide/C/security.xml:1588(para)
9561
12230
msgid ""
9562
12231
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9563
12232
"name."
9564
12233
msgstr ""
9565
12234
9566
#: serverguide/C/security.xml:1604(para)
12235
#: serverguide/C/security.xml:1596(para)
9567
12236
msgid ""
9568
12237
"Finally, copy the new certificate to the host that needs it, and configure "
9569
12238
"the appropriate applications to use it. The default location to install "
9572
12241
"complicated file permissions."
9573
12242
msgstr ""
9574
12243
9575
#: serverguide/C/security.xml:1610(para)
12244
#: serverguide/C/security.xml:1602(para)
9576
12245
msgid ""
9577
12246
"For applications that can be configured to use a CA certificate, you should "
9578
12247
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9580
12249
"server."
9581
12250
msgstr ""
9582
12251
9583
#: serverguide/C/security.xml:1624(para)
12252
#: serverguide/C/security.xml:1616(para)
9584
12253
msgid ""
9585
12254
"For more detailed instructions on using cryptography see the <ulink "
9586
12255
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9587
12256
"Certificates HOWTO</ulink> by tlpd.org"
9588
12257
msgstr ""
9589
12258
9590
#: serverguide/C/security.xml:1630(para)
9591
msgid ""
9592
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9593
"of Certificate Authorities."
9594
msgstr ""
9595
9596
#: serverguide/C/security.xml:1635(para)
12259
#: serverguide/C/security.xml:1622(para)
9597
12260
msgid ""
9598
12261
"The Wikipedia <ulink "
9599
12262
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9600
12263
"information regarding HTTPS."
9601
12264
msgstr ""
9602
12265
9603
#: serverguide/C/security.xml:1640(para)
12266
#: serverguide/C/security.xml:1627(para)
9604
12267
msgid ""
9605
12268
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9606
12269
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9607
12270
msgstr ""
9608
12271
9609
#: serverguide/C/security.xml:1645(para)
12272
#: serverguide/C/security.xml:1632(para)
9610
12273
msgid ""
9611
12274
"Also, O'Reilly's <ulink "
9612
12275
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9613
12276
"OpenSSL</ulink> is a good in depth reference."
9614
12277
msgstr ""
9615
12278
9616
#: serverguide/C/security.xml:1654(title)
12279
#: serverguide/C/security.xml:1641(title)
9617
12280
msgid "eCryptfs"
9618
12281
msgstr "eCryptfs"
9619
12282
9620
#: serverguide/C/security.xml:1656(para)
12283
#: serverguide/C/security.xml:1643(para)
9621
12284
msgid ""
9622
12285
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9623
12286
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9625
12288
"filesystem, partition type, etc."
9626
12289
msgstr ""
9627
12290
9628
#: serverguide/C/security.xml:1662(para)
12291
#: serverguide/C/security.xml:1649(para)
9629
12292
msgid ""
9630
12293
"During installation there is an option to encrypt the <filename "
9631
12294
"role=\"directory\">/home</filename> partition. This will automatically "
9632
12295
"configure everything needed to encrypt and mount the partition."
9633
12296
msgstr ""
9634
12297
9635
#: serverguide/C/security.xml:1667(para)
12298
#: serverguide/C/security.xml:1654(para)
9636
12299
msgid ""
9637
12300
"As an example, this section will cover configuring <filename "
9638
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
12301
"role=\"directory\">/srv</filename> to be encrypted using "
12302
"<emphasis>eCryptfs</emphasis>."
9639
12303
msgstr ""
9640
12304
9641
#: serverguide/C/security.xml:1672(title)
12305
#: serverguide/C/security.xml:1659(title)
9642
12306
msgid "Using eCryptfs"
9643
12307
msgstr "Usar eCryptfs"
9644
12308
9645
#: serverguide/C/security.xml:1674(para)
12309
#: serverguide/C/security.xml:1661(para)
9646
12310
msgid "First, install the necessary packages. From a terminal prompt enter:"
9647
12311
msgstr ""
9648
12312
9649
#: serverguide/C/security.xml:1679(command)
12313
#: serverguide/C/security.xml:1666(command)
9650
12314
msgid "sudo apt-get install ecryptfs-utils"
9651
12315
msgstr "sudo apt-get install ecryptfs-utils"
9652
12316
9653
#: serverguide/C/security.xml:1682(para)
12317
#: serverguide/C/security.xml:1669(para)
9654
12318
msgid "Now mount the partition to be encrypted:"
9655
12319
msgstr "Agora monta la partición pa cifrar:"
9656
12320
9657
#: serverguide/C/security.xml:1687(command)
12321
#: serverguide/C/security.xml:1674(command)
9658
12322
msgid "sudo mount -t ecryptfs /srv /srv"
9659
12323
msgstr "sudo mount -t ecryptfs /srv /srv"
9660
12324
9661
#: serverguide/C/security.xml:1690(para)
12325
#: serverguide/C/security.xml:1677(para)
9662
12326
msgid ""
9663
12327
"You will then be prompted for some details on how "
9664
12328
"<application>ecryptfs</application> should encrypt the data."
9665
12329
msgstr ""
9666
12330
9667
#: serverguide/C/security.xml:1694(para)
12331
#: serverguide/C/security.xml:1681(para)
9668
12332
msgid ""
9669
12333
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9670
12334
"copy the <filename>/etc/default</filename> folder to "
9671
12335
"<filename>/srv</filename>:"
9672
12336
msgstr ""
9673
12337
9674
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
12338
#: serverguide/C/security.xml:1687(command) serverguide/C/clustering.xml:192(command)
9675
12339
msgid "sudo cp -r /etc/default /srv"
9676
12340
msgstr "sudo cp -r /etc/default /srv"
9677
12341
9678
#: serverguide/C/security.xml:1703(para)
12342
#: serverguide/C/security.xml:1690(para)
9679
12343
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9680
12344
msgstr ""
9681
12345
9682
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
12346
#: serverguide/C/security.xml:1695(command) serverguide/C/installation.xml:1134(command) serverguide/C/clustering.xml:200(command)
9683
12347
msgid "sudo umount /srv"
9684
12348
msgstr "sudo umount /srv"
9685
12349
9686
#: serverguide/C/security.xml:1709(command)
12350
#: serverguide/C/security.xml:1696(command)
9687
12351
msgid "cat /srv/default/cron"
9688
12352
msgstr "cat /srv/default/cron"
9689
12353
9690
#: serverguide/C/security.xml:1712(para)
12354
#: serverguide/C/security.xml:1699(para)
9691
12355
msgid ""
9692
12356
"Remounting <filename>/srv</filename> using "
9693
12357
"<application>ecryptfs</application> will make the data viewable once again."
9694
12358
msgstr ""
9695
12359
9696
#: serverguide/C/security.xml:1718(title)
12360
#: serverguide/C/security.xml:1705(title)
9697
12361
msgid "Automatically Mounting Encrypted Partitions"
9698
12362
msgstr "Montar automáticamente particiones cifraes"
9699
12363
9700
#: serverguide/C/security.xml:1720(para)
12364
#: serverguide/C/security.xml:1707(para)
9701
12365
msgid ""
9702
12366
"There are a couple of ways to automatically mount an "
9703
12367
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9705
12369
"mount options, along with a passphrase file residing on a USB key."
9706
12370
msgstr ""
9707
12371
9708
#: serverguide/C/security.xml:1726(para)
12372
#: serverguide/C/security.xml:1713(para)
9709
12373
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9710
12374
msgstr ""
9711
12375
9712
#: serverguide/C/security.xml:1730(programlisting)
12376
#: serverguide/C/security.xml:1717(programlisting)
9713
12377
#, no-wrap
9714
12378
msgid ""
9715
12379
"\n"
9728
12392
"ecryptfs_passthrough=n\n"
9729
12393
"ecryptfs_enable_filename_crypto=n\n"
9730
12394
9731
#: serverguide/C/security.xml:1740(para)
12395
#: serverguide/C/security.xml:1727(para)
9732
12396
msgid ""
9733
12397
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9734
12398
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9735
12399
msgstr ""
9736
12400
9737
#: serverguide/C/security.xml:1745(para)
12401
#: serverguide/C/security.xml:1732(para)
9738
12402
msgid ""
9739
12403
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9740
12404
"file:"
9741
12405
msgstr ""
9742
12406
9743
#: serverguide/C/security.xml:1749(programlisting)
12407
#: serverguide/C/security.xml:1736(programlisting)
9744
12408
#, no-wrap
9745
12409
msgid ""
9746
12410
"\n"
9749
12413
"\n"
9750
12414
"passphrase_passwd=[secrets]\n"
9751
12415
9752
#: serverguide/C/security.xml:1753(para)
12416
#: serverguide/C/security.xml:1740(para)
9753
12417
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9754
12418
msgstr ""
9755
12419
9756
#: serverguide/C/security.xml:1757(programlisting)
12420
#: serverguide/C/security.xml:1744(programlisting)
9757
12421
#, no-wrap
9758
12422
msgid ""
9759
12423
"\n"
9764
12428
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9765
12429
"/srv /srv ecryptfs defaults 0 0\n"
9766
12430
9767
#: serverguide/C/security.xml:1762(para)
12431
#: serverguide/C/security.xml:1749(para)
9768
12432
msgid "Make sure the USB drive is mounted before the encrypted partition."
9769
12433
msgstr ""
9770
12434
9771
#: serverguide/C/security.xml:1766(para)
12435
#: serverguide/C/security.xml:1753(para)
9772
12436
msgid ""
9773
12437
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9774
"ecryptfs."
12438
"<emphasis>eCryptfs</emphasis>."
9775
12439
msgstr ""
9776
12440
9777
#: serverguide/C/security.xml:1774(para)
12441
#: serverguide/C/security.xml:1759(title)
12442
msgid "Other Utilities"
12443
msgstr "Otres utilidaes"
12444
12445
#: serverguide/C/security.xml:1761(para)
9778
12446
msgid ""
9779
12447
"The <application>ecryptfs-utils</application> package includes several other "
9780
12448
"useful utilities:"
9781
12449
msgstr ""
9782
12450
9783
#: serverguide/C/security.xml:1780(para)
12451
#: serverguide/C/security.xml:1767(para)
9784
12452
msgid ""
9785
12453
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9786
12454
"<filename>~/Private</filename> directory to contain encrypted information. "
9788
12456
"other users on the system."
9789
12457
msgstr ""
9790
12458
9791
#: serverguide/C/security.xml:1787(para)
12459
#: serverguide/C/security.xml:1774(para)
9792
12460
msgid ""
9793
12461
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9794
12462
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9795
12463
"directory."
9796
12464
msgstr ""
9797
12465
9798
#: serverguide/C/security.xml:1793(para)
12466
#: serverguide/C/security.xml:1780(para)
9799
12467
msgid ""
9800
12468
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9801
12469
"kernel keyring."
9802
12470
msgstr ""
9803
12471
9804
#: serverguide/C/security.xml:1798(para)
12472
#: serverguide/C/security.xml:1785(para)
9805
12473
msgid ""
9806
12474
"<emphasis>ecryptfs-manager:</emphasis> manages "
9807
12475
"<application>eCryptfs</application> objects such as keys."
9808
12476
msgstr ""
9809
12477
9810
#: serverguide/C/security.xml:1803(para)
12478
#: serverguide/C/security.xml:1790(para)
9811
12479
msgid ""
9812
12480
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9813
12481
"<application>ecryptfs</application> meta information for a file."
9814
12482
msgstr ""
9815
12483
9816
#: serverguide/C/security.xml:1816(para)
12484
#: serverguide/C/security.xml:1803(para)
9817
12485
msgid ""
9818
"For more information on eCryptfs see the <ulink "
12486
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
9819
12487
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9820
12488
msgstr ""
9821
12489
9822
#: serverguide/C/security.xml:1821(para)
12490
#: serverguide/C/security.xml:1808(para)
9823
12491
msgid ""
9824
12492
"There is also a <ulink "
9825
12493
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9826
"article covering eCryptfs."
12494
"article covering <emphasis>eCryptfs</emphasis>."
9827
12495
msgstr ""
9828
12496
9829
#: serverguide/C/security.xml:1826(para)
12497
#: serverguide/C/security.xml:1813(para)
9830
12498
msgid ""
9831
12499
"Also, for more <application>ecryptfs</application> options see the <ulink "
9832
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
9833
"ecryptfs man page</ulink>."
12500
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man7/ecryptfs.7.html\">e"
12501
"cryptfs man page</ulink>."
9834
12502
msgstr ""
9835
12503
9836
#: serverguide/C/security.xml:1832(para)
12504
#: serverguide/C/security.xml:1819(para)
9837
12505
msgid ""
9838
12506
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9839
12507
"Ubuntu Wiki</ulink> page also has more details."
9962
12630
"\n"
9963
12631
"*** To continue, you must visit the following URL:\n"
9964
12632
"\n"
9965
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
12633
"https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9966
12634
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9967
12635
"\n"
9968
12636
"You can launch a browser now, or copy this URL into a browser on another\n"
10176
12844
#: serverguide/C/remote-administration.xml:14(para)
10177
12845
msgid ""
10178
12846
"There are many ways to remotely administer a Linux server. This chapter will "
10179
"cover one of the most popular <application>OpenSSH</application>."
12847
"cover two of the most popular applications "
12848
"<application>OpenSSH</application>, and <application>Puppet</application>."
10180
12849
msgstr ""
10181
12850
10182
#: serverguide/C/remote-administration.xml:22(para)
12851
#: serverguide/C/remote-administration.xml:21(para)
10183
12852
msgid ""
10184
12853
"This section of the Ubuntu Server Guide introduces a powerful collection of "
10185
"tools for the remote control of networked computers and transfer of data "
10186
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
10187
"also learn about some of the configuration settings possible with the "
10188
"OpenSSH server application and how to change them on your Ubuntu system."
12854
"tools for the remote control of, and transfer of data between, networked "
12855
"computers called <emphasis>OpenSSH</emphasis>. You will also learn about "
12856
"some of the configuration settings possible with the OpenSSH server "
12857
"application and how to change them on your Ubuntu system."
10189
12858
msgstr ""
10190
12859
10191
#: serverguide/C/remote-administration.xml:29(para)
12860
#: serverguide/C/remote-administration.xml:26(para)
10192
12861
msgid ""
10193
12862
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
10194
"family of tools for remotely controlling a computer or transferring files "
10195
"between computers. Traditional tools used to accomplish these functions, "
10196
"such as <application>telnet</application> or <application>rcp</application>, "
10197
"are insecure and transmit the user's password in cleartext when used. "
10198
"OpenSSH provides a server daemon and client tools to facilitate secure, "
10199
"encrypted remote control and file transfer operations, effectively replacing "
10200
"the legacy tools."
12863
"family of tools for remotely controlling, or transferring files between, "
12864
"computers. Traditional tools used to accomplish these functions, such as "
12865
"<application>telnet</application> or <application>rcp</application>, are "
12866
"insecure and transmit the user's password in cleartext when used. OpenSSH "
12867
"provides a server daemon and client tools to facilitate secure, encrypted "
12868
"remote control and file transfer operations, effectively replacing the "
12869
"legacy tools."
10201
12870
msgstr ""
10202
12871
10203
#: serverguide/C/remote-administration.xml:38(para)
12872
#: serverguide/C/remote-administration.xml:35(para)
10204
12873
msgid ""
10205
12874
"The OpenSSH server component, <application>sshd</application>, listens "
10206
12875
"continuously for client connections from any of the client tools. When a "
10215
12884
"password, public key, and <application>Kerberos</application> tickets."
10216
12885
msgstr ""
10217
12886
10218
#: serverguide/C/remote-administration.xml:52(para)
12887
#: serverguide/C/remote-administration.xml:49(para)
10219
12888
msgid ""
10220
12889
"Installation of the OpenSSH client and server applications is simple. To "
10221
12890
"install the OpenSSH client applications on your Ubuntu system, use this "
10222
12891
"command at a terminal prompt:"
10223
12892
msgstr ""
10224
12893
10225
#: serverguide/C/remote-administration.xml:58(command)
12894
#: serverguide/C/remote-administration.xml:55(command)
10226
12895
msgid "sudo apt-get install openssh-client"
10227
12896
msgstr ""
10228
12897
10229
#: serverguide/C/remote-administration.xml:60(para)
12898
#: serverguide/C/remote-administration.xml:57(para)
10230
12899
msgid ""
10231
12900
"To install the OpenSSH server application, and related support files, use "
10232
12901
"this command at a terminal prompt:"
10233
12902
msgstr ""
10234
12903
10235
#: serverguide/C/remote-administration.xml:65(command)
12904
#: serverguide/C/remote-administration.xml:62(command)
10236
12905
msgid "sudo apt-get install openssh-server"
10237
12906
msgstr ""
10238
12907
10239
#: serverguide/C/remote-administration.xml:67(para)
12908
#: serverguide/C/remote-administration.xml:64(para)
10240
12909
msgid ""
10241
12910
"The <application>openssh-server</application> package can also be selected "
10242
12911
"to install during the Server Edition installation process."
10243
12912
msgstr ""
10244
12913
10245
#: serverguide/C/remote-administration.xml:74(para)
12914
#: serverguide/C/remote-administration.xml:71(para)
10246
12915
msgid ""
10247
12916
"You may configure the default behavior of the OpenSSH server application, "
10248
12917
"<application>sshd</application>, by editing the file "
10251
12920
"manual page with the following command, issued at a terminal prompt:"
10252
12921
msgstr ""
10253
12922
10254
#: serverguide/C/remote-administration.xml:82(command)
12923
#: serverguide/C/remote-administration.xml:79(command)
10255
12924
msgid "man sshd_config"
10256
12925
msgstr "man sshd_config"
10257
12926
10258
#: serverguide/C/remote-administration.xml:84(para)
12927
#: serverguide/C/remote-administration.xml:81(para)
10259
12928
msgid ""
10260
12929
"There are many directives in the <application>sshd</application> "
10261
"configuration file controlling such things as communication settings and "
12930
"configuration file controlling such things as communication settings, and "
10262
12931
"authentication modes. The following are examples of configuration directives "
10263
12932
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
10264
12933
"file."
10265
12934
msgstr ""
10266
12935
10267
#: serverguide/C/remote-administration.xml:91(para)
12936
#: serverguide/C/remote-administration.xml:88(para)
10268
12937
msgid ""
10269
12938
"Prior to editing the configuration file, you should make a copy of the "
10270
12939
"original file and protect it from writing so you will have the original "
10271
12940
"settings as a reference and to reuse as necessary."
10272
12941
msgstr ""
10273
12942
10274
#: serverguide/C/remote-administration.xml:95(para)
12943
#: serverguide/C/remote-administration.xml:92(para)
10275
12944
msgid ""
10276
12945
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10277
12946
"writing with the following commands, issued at a terminal prompt:"
10278
12947
msgstr ""
10279
12948
10280
#: serverguide/C/remote-administration.xml:100(command)
12949
#: serverguide/C/remote-administration.xml:97(command)
10281
12950
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10282
12951
msgstr "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10283
12952
10284
#: serverguide/C/remote-administration.xml:101(command)
12953
#: serverguide/C/remote-administration.xml:98(command)
10285
12954
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10286
12955
msgstr "sudo chmod a-w /etc/ssh/sshd_config.original"
10287
12956
10288
#: serverguide/C/remote-administration.xml:103(para)
12957
#: serverguide/C/remote-administration.xml:101(para)
10289
12958
msgid ""
10290
12959
"The following are examples of configuration directives you may change:"
10291
12960
msgstr ""
10292
12961
10293
#: serverguide/C/remote-administration.xml:108(para)
12962
#: serverguide/C/remote-administration.xml:106(para)
10294
12963
msgid ""
10295
12964
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10296
12965
"port 22, change the Port directive as such:"
10297
12966
msgstr ""
10298
12967
10299
#: serverguide/C/remote-administration.xml:112(para)
12968
#: serverguide/C/remote-administration.xml:110(para)
10300
12969
msgid "Port 2222"
10301
12970
msgstr "Port 2222"
10302
12971
10303
#: serverguide/C/remote-administration.xml:117(para)
12972
#: serverguide/C/remote-administration.xml:115(para)
10304
12973
msgid ""
10305
12974
"To have <application>sshd</application> allow public key-based login "
10306
12975
"credentials, simply add or modify the line:"
10307
12976
msgstr ""
10308
12977
10309
#: serverguide/C/remote-administration.xml:121(para)
12978
#: serverguide/C/remote-administration.xml:119(para)
10310
12979
msgid "PubkeyAuthentication yes"
10311
12980
msgstr ""
10312
12981
10313
#: serverguide/C/remote-administration.xml:124(para)
10314
msgid ""
10315
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10316
"present, ensure the line is not commented out."
12982
#: serverguide/C/remote-administration.xml:122(para)
12983
msgid "If the line is already present, then ensure it is not commented out."
10317
12984
msgstr ""
10318
12985
10319
#: serverguide/C/remote-administration.xml:130(para)
12986
#: serverguide/C/remote-administration.xml:127(para)
10320
12987
msgid ""
10321
12988
"To make your OpenSSH server display the contents of the "
10322
12989
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10323
12990
"or modify the line:"
10324
12991
msgstr ""
10325
12992
10326
#: serverguide/C/remote-administration.xml:135(para)
12993
#: serverguide/C/remote-administration.xml:132(para)
10327
12994
msgid "Banner /etc/issue.net"
10328
12995
msgstr "Banner /etc/issue.net"
10329
12996
10330
#: serverguide/C/remote-administration.xml:138(para)
12997
#: serverguide/C/remote-administration.xml:135(para)
10331
12998
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10332
12999
msgstr ""
10333
13000
10334
#: serverguide/C/remote-administration.xml:143(para)
13001
#: serverguide/C/remote-administration.xml:140(para)
10335
13002
msgid ""
10336
13003
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10337
13004
"save the file, and restart the <application>sshd</application> server "
10339
13006
"prompt:"
10340
13007
msgstr ""
10341
13008
10342
#: serverguide/C/remote-administration.xml:152(para)
13009
#: serverguide/C/remote-administration.xml:146(command)
13010
msgid "sudo /etc/init.d/ssh restart"
13011
msgstr ""
13012
13013
#: serverguide/C/remote-administration.xml:149(para)
10343
13014
msgid ""
10344
13015
"Many other configuration directives for <application>sshd</application> are "
10345
"available for changing the server application's behavior to fit your needs. "
10346
"Be advised, however, if your only method of access to a server is "
13016
"available to change the server application's behavior to fit your needs. Be "
13017
"advised, however, if your only method of access to a server is "
10347
13018
"<application>ssh</application>, and you make a mistake in configuring "
10348
13019
"<application>sshd</application> via the "
10349
13020
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10350
"out of the server upon restarting it, or that the "
10351
"<application>sshd</application> server refuses to start due to an incorrect "
10352
"configuration directive, so be extra careful when editing this file on a "
13021
"out of the server upon restarting it. Additionally, if an incorrect "
13022
"configuration directive is supplied, the <application>sshd</application> "
13023
"server may refuse to start, so be extra careful when editing this file on a "
10353
13024
"remote server."
10354
13025
msgstr ""
10355
13026
10356
#: serverguide/C/remote-administration.xml:167(title)
13027
#: serverguide/C/remote-administration.xml:163(title)
10357
13028
msgid "SSH Keys"
10358
13029
msgstr "Claves SSH"
10359
13030
10360
#: serverguide/C/remote-administration.xml:168(para)
13031
#: serverguide/C/remote-administration.xml:164(para)
10361
13032
msgid ""
10362
13033
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10363
"the need of a password. SSH key authentication uses two keys a "
13034
"the need of a password. SSH key authentication uses two keys, a "
10364
13035
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10365
13036
msgstr ""
10366
13037
10367
#: serverguide/C/remote-administration.xml:172(para)
13038
#: serverguide/C/remote-administration.xml:168(para)
10368
13039
msgid "To generate the keys, from a terminal prompt enter:"
10369
13040
msgstr "Pa xenerar les claves, escribi nun terminal:"
10370
13041
10371
#: serverguide/C/remote-administration.xml:176(command)
13042
#: serverguide/C/remote-administration.xml:172(command)
10372
13043
msgid "ssh-keygen -t dsa"
10373
13044
msgstr "ssh-keygen -t dsa"
10374
13045
10375
#: serverguide/C/remote-administration.xml:178(para)
13046
#: serverguide/C/remote-administration.xml:174(para)
10376
13047
msgid ""
10377
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10378
"identity of the user. During the process you will be prompted for a "
13048
"This will generate the keys using the <emphasis>Digital Signature Algorithm "
13049
"(DSA)</emphasis> method. During the process you will be prompted for a "
10379
13050
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10380
13051
"key."
10381
13052
msgstr ""
10382
13053
10383
#: serverguide/C/remote-administration.xml:182(para)
13054
#: serverguide/C/remote-administration.xml:178(para)
10384
13055
msgid ""
10385
13056
"By default the <emphasis>public</emphasis> key is saved in the file "
10386
13057
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10389
13060
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10390
13061
msgstr ""
10391
13062
10392
#: serverguide/C/remote-administration.xml:188(command)
13063
#: serverguide/C/remote-administration.xml:184(command)
10393
13064
msgid "ssh-copy-id username@remotehost"
10394
13065
msgstr "ssh-copy-id username@remotehost"
10395
13066
10396
#: serverguide/C/remote-administration.xml:190(para)
13067
#: serverguide/C/remote-administration.xml:186(para)
10397
13068
msgid ""
10398
13069
"Finally, double check the permissions on the "
10399
13070
"<filename>authorized_keys</filename> file, only the authenticated user "
10401
13072
"change them by:"
10402
13073
msgstr ""
10403
13074
10404
#: serverguide/C/remote-administration.xml:195(command)
13075
#: serverguide/C/remote-administration.xml:191(command)
10405
13076
msgid "chmod 600 .ssh/authorized_keys"
10406
13077
msgstr ""
10407
13078
10408
#: serverguide/C/remote-administration.xml:197(para)
13079
#: serverguide/C/remote-administration.xml:193(para)
10409
13080
msgid ""
10410
13081
"You should now be able to SSH to the host without being prompted for a "
10411
13082
"password."
10412
13083
msgstr ""
10413
13084
10414
#: serverguide/C/remote-administration.xml:206(para)
13085
#: serverguide/C/remote-administration.xml:202(para)
10415
13086
msgid ""
10416
13087
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10417
13088
"page."
10418
13089
msgstr ""
10419
13090
10420
#: serverguide/C/remote-administration.xml:212(ulink)
13091
#: serverguide/C/remote-administration.xml:208(ulink)
10421
13092
msgid "OpenSSH Website"
10422
13093
msgstr "Sitiu web d'OpenSSH"
10423
13094
10424
#: serverguide/C/remote-administration.xml:217(ulink)
13095
#: serverguide/C/remote-administration.xml:213(ulink)
10425
13096
msgid "Advanced OpenSSH Wiki Page"
10426
13097
msgstr "Páxina Wiki Avanzada d'OpenSSH"
10427
13098
13099
#: serverguide/C/remote-administration.xml:221(title)
13100
msgid "Puppet"
13101
msgstr ""
13102
13103
#: serverguide/C/remote-administration.xml:223(para)
13104
msgid ""
13105
"<application>Puppet</application> is a cross platform framework enabling "
13106
"system administrators to perform common tasks using code. The code can do a "
13107
"variety of tasks from installing new software, to checking file permissions, "
13108
"or updating user accounts. Puppet is great not only during the initial "
13109
"installation of a system, but also throughout the system's entire life "
13110
"cycle. In most circumstances <application>puppet</application> will be used "
13111
"in a client/server configuration."
13112
msgstr ""
13113
13114
#: serverguide/C/remote-administration.xml:230(para)
13115
msgid ""
13116
"This section will cover installing and configuring "
13117
"<application>Puppet</application> in a client/server configuration. This "
13118
"simple example will demonstrate how to install "
13119
"<application>Apache</application> using <application>Puppet</application>."
13120
msgstr ""
13121
13122
#: serverguide/C/remote-administration.xml:238(para)
13123
msgid ""
13124
"To install <application>Puppet</application>, in a terminal on the "
13125
"<emphasis>server</emphasis> enter:"
13126
msgstr ""
13127
13128
#: serverguide/C/remote-administration.xml:243(command)
13129
msgid "sudo apt-get install puppetmaster"
13130
msgstr ""
13131
13132
#: serverguide/C/remote-administration.xml:246(para)
13133
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
13134
msgstr ""
13135
13136
#: serverguide/C/remote-administration.xml:251(command)
13137
msgid "sudo apt-get install puppet"
13138
msgstr ""
13139
13140
#: serverguide/C/remote-administration.xml:258(para)
13141
msgid ""
13142
"Prior to configuring <application>puppet</application> you may want to add a "
13143
"DNS <emphasis>CNAME</emphasis> record for "
13144
"<emphasis>puppet.example.com</emphasis>, where "
13145
"<emphasis>example.com</emphasis> is your domain. By default "
13146
"<application>Puppet</application> clients check DNS for puppet.example.com "
13147
"as the puppet server name, or <emphasis>Puppet Master</emphasis>. See <xref "
13148
"linkend=\"dns\"/> for more DNS details."
13149
msgstr ""
13150
13151
#: serverguide/C/remote-administration.xml:265(para)
13152
msgid ""
13153
"If you do not wish to use DNS, you can add entries to the server and client "
13154
"<filename>/etc/hosts</filename> file. For example, in the "
13155
"<application>Puppet</application> server's <filename>/etc/hosts</filename> "
13156
"file add:"
13157
msgstr ""
13158
13159
#: serverguide/C/remote-administration.xml:270(programlisting)
13160
#, no-wrap
13161
msgid ""
13162
"\n"
13163
"127.0.0.1 localhost.localdomain localhost puppet\n"
13164
"192.168.1.17 meercat02.example.com meercat02\n"
13165
msgstr ""
13166
13167
#: serverguide/C/remote-administration.xml:275(para)
13168
msgid ""
13169
"On each <application>Puppet</application> client, add an entry for the "
13170
"server:"
13171
msgstr ""
13172
13173
#: serverguide/C/remote-administration.xml:279(programlisting)
13174
#, no-wrap
13175
msgid ""
13176
"\n"
13177
"192.168.1.16 meercat.example.com meercat puppet\n"
13178
msgstr ""
13179
13180
#: serverguide/C/remote-administration.xml:284(para)
13181
msgid ""
13182
"Replace the example IP addresses and domain names above with your actual "
13183
"server and client addresses and domain names."
13184
msgstr ""
13185
13186
#: serverguide/C/remote-administration.xml:289(para)
13187
msgid ""
13188
"Now setup some resources for <application>apache2</application>. Create a "
13189
"file <filename>/etc/puppet/manifests/site.pp</filename> containing the "
13190
"following:"
13191
msgstr ""
13192
13193
#: serverguide/C/remote-administration.xml:294(programlisting)
13194
#, no-wrap
13195
msgid ""
13196
"\n"
13197
"package {\n"
13198
" 'apache2':\n"
13199
" ensure => installed\n"
13200
"}\n"
13201
"\n"
13202
"service {\n"
13203
" 'apache2':\n"
13204
" ensure => true,\n"
13205
" enable => true,\n"
13206
" require => Package['apache2']\n"
13207
"}\n"
13208
msgstr ""
13209
13210
#: serverguide/C/remote-administration.xml:309(para)
13211
msgid ""
13212
"Next, create a node file <filename>/etc/puppet/manifests/nodes.pp</filename> "
13213
"with:"
13214
msgstr ""
13215
13216
#: serverguide/C/remote-administration.xml:313(programlisting)
13217
#, no-wrap
13218
msgid ""
13219
"\n"
13220
"node 'meercat02.example.com' {\n"
13221
" include apache2\n"
13222
"}\n"
13223
msgstr ""
13224
13225
#: serverguide/C/remote-administration.xml:320(para)
13226
msgid ""
13227
"Replace <emphasis>meercat02.example.com</emphasis> with your actual "
13228
"<application>Puppet</application> client's host name."
13229
msgstr ""
13230
13231
#: serverguide/C/remote-administration.xml:325(para)
13232
msgid ""
13233
"The final step for this simple <application>Puppet</application> server is "
13234
"to restart the daemon:"
13235
msgstr ""
13236
13237
#: serverguide/C/remote-administration.xml:330(command)
13238
msgid "sudo /etc/init.d/puppetmaster restart"
13239
msgstr ""
13240
13241
#: serverguide/C/remote-administration.xml:333(para)
13242
msgid ""
13243
"Now everything is configured on the <application>Puppet</application> "
13244
"server, it is time to configure the client."
13245
msgstr ""
13246
13247
#: serverguide/C/remote-administration.xml:337(para)
13248
msgid ""
13249
"First, configure the <application>Puppet</application>agent daemon to start. "
13250
"Edit <filename>/etc/default/puppet</filename>, changing "
13251
"<emphasis>START</emphasis> to yes:"
13252
msgstr ""
13253
13254
#: serverguide/C/remote-administration.xml:342(programlisting) serverguide/C/mail.xml:629(programlisting)
13255
#, no-wrap
13256
msgid ""
13257
"\n"
13258
"START=yes\n"
13259
msgstr ""
13260
"\n"
13261
"START=yes\n"
13262
13263
#: serverguide/C/remote-administration.xml:346(para)
13264
msgid "Then start the service:"
13265
msgstr ""
13266
13267
#: serverguide/C/remote-administration.xml:351(command)
13268
msgid "sudo /etc/init.d/puppet start"
13269
msgstr ""
13270
13271
#: serverguide/C/remote-administration.xml:354(para)
13272
msgid ""
13273
"Back on the <application>Puppet</application> server sign the client "
13274
"certificate by entering:"
13275
msgstr ""
13276
13277
#: serverguide/C/remote-administration.xml:359(command)
13278
msgid "sudo puppetca --sign meercat02.example.com"
13279
msgstr ""
13280
13281
#: serverguide/C/remote-administration.xml:362(para)
13282
msgid ""
13283
"Check <filename>/var/log/syslog</filename> for any errors with the "
13284
"configuration. If all goes well the <application>apache2</application> "
13285
"package and it's dependencies will be installed on the "
13286
"<application>Puppet</application> client."
13287
msgstr ""
13288
13289
#: serverguide/C/remote-administration.xml:368(para)
13290
msgid ""
13291
"This example is <emphasis>very</emphasis> simple, and does not highlight "
13292
"many of <application>Puppet</application>'s features and benefits. For more "
13293
"information see <xref linkend=\"puppet-resources\"/>."
13294
msgstr ""
13295
13296
#: serverguide/C/remote-administration.xml:380(para)
13297
msgid ""
13298
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
13299
"Documentation</ulink> web site."
13300
msgstr ""
13301
13302
#: serverguide/C/remote-administration.xml:385(para)
13303
msgid ""
13304
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
13305
"Puppet</ulink>."
13306
msgstr ""
13307
13308
#: serverguide/C/remote-administration.xml:390(para)
13309
msgid ""
13310
"Another source of additional information is the <ulink "
13311
"url=\"https://help.ubuntu.com/community/Puppet\">Ubuntu Wiki Puppet "
13312
"Page</ulink>."
13313
msgstr ""
13314
13315
#: serverguide/C/remote-administration.xml:399(title)
13316
msgid "Zentyal"
13317
msgstr ""
13318
13319
#: serverguide/C/remote-administration.xml:401(para)
13320
msgid ""
13321
"<application>Zentyal</application> is a Linux small business server, that "
13322
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
13323
"Manager, Office Server, Unified Communication Server or a combination of "
13324
"them. All network services managed by Zentyal are tightly integrated, "
13325
"automating most tasks. This helps to avoid errors in the network "
13326
"configuration and administration and allows to save time. "
13327
"<application>Zentyal</application> is open source, released under the GNU "
13328
"General Public License (GPL) and runs on top of Ubuntu GNU/Linux."
13329
msgstr ""
13330
13331
#: serverguide/C/remote-administration.xml:412(para)
13332
msgid ""
13333
"<application>Zentyal</application> consists of a serie of packages (usually "
13334
"one for each module) that provide a web interface to configure the different "
13335
"servers or services. The configuration is stored on a key-value "
13336
"<application>Redis</application> database but users, groups and domains "
13337
"related configuration is on <application>OpenLDAP </application>. When you "
13338
"configure any of the available parameters through the web interface, final "
13339
"configuration files are overwritten using the configuration templates "
13340
"provided by the modules. The main advantages of using "
13341
"<application>Zentyal</application> are: unified, graphical user interface to "
13342
"configure all network services and high, out-of-the-box integration between "
13343
"them."
13344
msgstr ""
13345
13346
#: serverguide/C/remote-administration.xml:429(para)
13347
msgid ""
13348
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
13349
"available are:"
13350
msgstr ""
13351
13352
#: serverguide/C/remote-administration.xml:436(para)
13353
msgid ""
13354
"zentyal-core & zentyal-common: the core of the "
13355
"<application>Zentyal</application> interface and the common libraries of the "
13356
"framework. Also include the logs and events modules that give the "
13357
"administrator an interface to view the logs and generate events from them."
13358
msgstr ""
13359
13360
#: serverguide/C/remote-administration.xml:445(para)
13361
msgid ""
13362
"zentyal-network: manages the configuration of the network. From the "
13363
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
13364
"gateways when having more than one Internet connection, load balancing and "
13365
"advanced routing, static routes or dynamic DNS."
13366
msgstr ""
13367
13368
#: serverguide/C/remote-administration.xml:453(para)
13369
msgid ""
13370
"zentyal-objects & zentyal-services: provide an abstration level for "
13371
"network addresses (e.g. LAN instead of 192.168.1.0/24) and ports named as "
13372
"services (e.g. HTTP instead of 80/TCP)."
13373
msgstr ""
13374
13375
#: serverguide/C/remote-administration.xml:460(para)
13376
msgid ""
13377
"zentyal-firewall: configures the <application>iptables</application> rules "
13378
"to block forbiden connections, NAT and port redirections."
13379
msgstr ""
13380
13381
#: serverguide/C/remote-administration.xml:466(para)
13382
msgid ""
13383
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
13384
"network clients to synchronize their clocks against the server."
13385
msgstr ""
13386
13387
#: serverguide/C/remote-administration.xml:472(para)
13388
msgid ""
13389
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
13390
"supporting network ranges, static leases and other advanced options like "
13391
"NTP, WINS, dynamic DNS updates and network boot with PXE."
13392
msgstr ""
13393
13394
#: serverguide/C/remote-administration.xml:479(para)
13395
msgid ""
13396
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
13397
"your server for caching local queries as a forwarder or as an authoritative "
13398
"server for the configured domains. Allows to configure A, CNAME, MX, NS, TXT "
13399
"and SRV records."
13400
msgstr ""
13401
13402
#: serverguide/C/remote-administration.xml:487(para)
13403
msgid ""
13404
"zentyal-ca: integrates the management of a Certification Authority within "
13405
"Zentyal so users can use certificates to authenticate against the services, "
13406
"like with <application>OpenVPN</application>."
13407
msgstr ""
13408
13409
#: serverguide/C/remote-administration.xml:494(para)
13410
msgid ""
13411
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
13412
"<application>OpenVPN</application> with dynamic routing configuration using "
13413
"<application>Quagga</application>."
13414
msgstr ""
13415
13416
#: serverguide/C/remote-administration.xml:501(para)
13417
msgid ""
13418
"zentyal-users: provides an interface to configure and manage users and "
13419
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
13420
"authenticated against LDAP having a centralized users and groups management. "
13421
"It is also possible to synchronize users, passwords and groups from a "
13422
"<application>Microsoft Active Directory</application> domain."
13423
msgstr ""
13424
13425
#: serverguide/C/remote-administration.xml:511(para)
13426
msgid ""
13427
"zentyal-squid: configures <application>Squid</application> and "
13428
"<application>Dansguardian</application> for speeding up browsing thanks to "
13429
"the caching capabilities and content filtering."
13430
msgstr ""
13431
13432
#: serverguide/C/remote-administration.xml:518(para)
13433
msgid ""
13434
"zentyal-samba: allows <application>Samba</application> configuration and "
13435
"integration with existing LDAP. From the same interface you can define "
13436
"password policies, create shared resources and assign permissions."
13437
msgstr ""
13438
13439
#: serverguide/C/remote-administration.xml:526(para)
13440
msgid ""
13441
"zentyal-printers: integrates <application>CUPS</application> with "
13442
"<application>Samba</application> and allows not only to configure the "
13443
"printers but also give them permissions based on LDAP users and groups."
13444
msgstr ""
13445
13446
#: serverguide/C/remote-administration.xml:535(para)
13447
msgid ""
13448
"To install <application>Zentyal</application>, in a terminal on the "
13449
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
13450
"the modules from the previous list):"
13451
msgstr ""
13452
13453
#: serverguide/C/remote-administration.xml:542(command)
13454
msgid "sudo apt-get install <zentyal-module>"
13455
msgstr ""
13456
13457
#: serverguide/C/remote-administration.xml:546(para)
13458
msgid ""
13459
"<application>Zentyal</application> publishes one major stable release once a "
13460
"year (in September) based on latest Ubuntu LTS release. Stable releases "
13461
"always have even minor numbers (e.g. 2.2, 3.0) and beta releases have odd "
13462
"minor numbers (e.g. 2.1, 2.3). Ubuntu 12.04 comes with "
13463
"<application>Zentyal</application> 2.3 packages. If you want to upgrade to a "
13464
"new stable release published after the release of Ubuntu 12.04 you can use "
13465
"<ulink url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink>. "
13466
"Upgrading to newer stable releases can provide you minor bugfixes not "
13467
"backported to 2.3 in Precise and newer features."
13468
msgstr ""
13469
13470
#: serverguide/C/remote-administration.xml:560(para)
13471
msgid ""
13472
"If you need more information on how to add packages from a PPA see <ulink "
13473
"url=\"https://help.ubuntu.com/12.04/ubuntu-help/addremove-ppa.html\"> Add a "
13474
"Personal Package Archive (PPA)</ulink>."
13475
msgstr ""
13476
13477
#: serverguide/C/remote-administration.xml:568(para)
13478
msgid ""
13479
"Not present on Ubuntu Universe repositories, but on <ulink "
13480
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
13481
"find these other modules:"
13482
msgstr ""
13483
13484
#: serverguide/C/remote-administration.xml:575(para)
13485
msgid ""
13486
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
13487
"with other modules like the proxy, file sharing or mailfilter."
13488
msgstr ""
13489
13490
#: serverguide/C/remote-administration.xml:582(para)
13491
msgid ""
13492
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
13493
"a simple PBX with LDAP based authentication."
13494
msgstr ""
13495
13496
#: serverguide/C/remote-administration.xml:588(para)
13497
msgid ""
13498
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
13499
msgstr ""
13500
13501
#: serverguide/C/remote-administration.xml:594(para)
13502
msgid ""
13503
"zentyal-captiveportal: integrates a captive portal with the firewall and "
13504
"LDAP users and groups."
13505
msgstr ""
13506
13507
#: serverguide/C/remote-administration.xml:600(para)
13508
msgid ""
13509
"zentyal-ebackup: allows to make scheduled backups of your server using the "
13510
"popular <application>duplicity</application> backup tool."
13511
msgstr ""
13512
13513
#: serverguide/C/remote-administration.xml:606(para)
13514
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
13515
msgstr ""
13516
13517
#: serverguide/C/remote-administration.xml:611(para)
13518
msgid "zentyal-ids: integrates a network intrusion detection system."
13519
msgstr ""
13520
13521
#: serverguide/C/remote-administration.xml:616(para)
13522
msgid ""
13523
"zentyal-ipsec: allows to configure IPsec tunnels using "
13524
"<application>OpenSwan</application>."
13525
msgstr ""
13526
13527
#: serverguide/C/remote-administration.xml:622(para)
13528
msgid ""
13529
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
13530
"with LDAP users and groups."
13531
msgstr ""
13532
13533
#: serverguide/C/remote-administration.xml:628(para)
13534
msgid ""
13535
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
13536
"solution."
13537
msgstr ""
13538
13539
#: serverguide/C/remote-administration.xml:634(para)
13540
msgid ""
13541
"zentyal-mail: a full mail stack including <application>Postfix "
13542
"</application> and <application>Dovecot</application> with LDAP backend."
13543
msgstr ""
13544
13545
#: serverguide/C/remote-administration.xml:641(para)
13546
msgid ""
13547
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
13548
"stack to filter spam and attached virus."
13549
msgstr ""
13550
13551
#: serverguide/C/remote-administration.xml:647(para)
13552
msgid ""
13553
"zentyal-monitor: integrates <application>collectd</application> to monitor "
13554
"server performance and running services."
13555
msgstr ""
13556
13557
#: serverguide/C/remote-administration.xml:653(para)
13558
msgid ""
13559
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
13560
msgstr ""
13561
13562
#: serverguide/C/remote-administration.xml:658(para)
13563
msgid ""
13564
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
13565
"users and groups."
13566
msgstr ""
13567
13568
#: serverguide/C/remote-administration.xml:664(para)
13569
msgid ""
13570
"zentyal-software: simple interface to manage installed "
13571
"<application>Zentyal</application> modules and system updates."
13572
msgstr ""
13573
13574
#: serverguide/C/remote-administration.xml:670(para)
13575
msgid ""
13576
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
13577
"throttling and improve latency."
13578
msgstr ""
13579
13580
#: serverguide/C/remote-administration.xml:676(para)
13581
msgid ""
13582
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
13583
"web browser."
13584
msgstr ""
13585
13586
#: serverguide/C/remote-administration.xml:682(para)
13587
msgid ""
13588
"zentyal-virt: simple interface to create and manage virtual machines based "
13589
"on <application>libvirt</application>."
13590
msgstr ""
13591
13592
#: serverguide/C/remote-administration.xml:688(para)
13593
msgid ""
13594
"zentyal-webmail: allows to access your mail using the popular "
13595
"<application>Roundcube</application> webmail."
13596
msgstr ""
13597
13598
#: serverguide/C/remote-administration.xml:694(para)
13599
msgid ""
13600
"zentyal-webserver: configures <application>Apache</application> webserver to "
13601
"host different sites on your machine."
13602
msgstr ""
13603
13604
#: serverguide/C/remote-administration.xml:700(para)
13605
msgid ""
13606
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
13607
"with <application>Zentyal</application> mail stack and LDAP."
13608
msgstr ""
13609
13610
#: serverguide/C/remote-administration.xml:712(title)
13611
msgid "First steps"
13612
msgstr ""
13613
13614
#: serverguide/C/remote-administration.xml:714(para)
13615
msgid ""
13616
"Any system account belonging to the sudo group is allowed to log into "
13617
"<application>Zentyal</application> web interface. If you are using the user "
13618
"created during the installation, this should be in the sudo group by default."
13619
msgstr ""
13620
13621
#: serverguide/C/remote-administration.xml:722(para)
13622
msgid "If you need to add another user to the sudo group, just execute:"
13623
msgstr ""
13624
13625
#: serverguide/C/remote-administration.xml:727(command)
13626
msgid "sudo adduser username sudo"
13627
msgstr ""
13628
13629
#: serverguide/C/remote-administration.xml:731(para)
13630
msgid ""
13631
"To access <application>Zentyal</application> web interface, browse into "
13632
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
13633
"own self-signed SSL certificate, you will have to accept a security "
13634
"exception on your browser."
13635
msgstr ""
13636
13637
#: serverguide/C/remote-administration.xml:738(para)
13638
msgid ""
13639
"Once logged in you will see the dashboard with an overview of your server. "
13640
"To configure any of the features of your installed modules, go to the "
13641
"different sections on the left menu. When you make any changes, on the upper "
13642
"right corner appears a red <emphasis>Save changes</emphasis> button that you "
13643
"must click to save all configuration changes. To apply these configuration "
13644
"changes in your server, the module needs to be enabled first, you can do so "
13645
"from the <emphasis>Module Status </emphasis> entry on the left menu. Every "
13646
"time you enable a module, a pop-up will appear asking for a confirmation to "
13647
"perform the necessary actions and changes on your server and configuration "
13648
"files."
13649
msgstr ""
13650
13651
#: serverguide/C/remote-administration.xml:752(para)
13652
msgid ""
13653
"If you need to customize any configuration file or run certain actions "
13654
"(scripts or commands) to configure features not available on "
13655
"<application>Zentyal</application> place the custom configuration file "
13656
"templates on /etc/zentyal/stubs/<module>/ and the hooks on "
13657
"/etc/zentyal/hooks/<module>.<action>."
13658
msgstr ""
13659
13660
#: serverguide/C/remote-administration.xml:765(para)
13661
msgid ""
13662
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
13663
"</ulink> page."
13664
msgstr ""
13665
13666
#: serverguide/C/remote-administration.xml:769(para)
13667
msgid ""
13668
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
13669
"Community Documentation</ulink> page."
13670
msgstr ""
13671
13672
#: serverguide/C/remote-administration.xml:773(para)
13673
msgid ""
13674
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
13675
"</ulink> for community support, feedback, feature requests, etc."
13676
msgstr ""
13677
10428
13678
#: serverguide/C/package-management.xml:13(title)
10429
13679
msgid "Package Management"
10430
13680
msgstr ""
10431
13681
10432
13682
#: serverguide/C/package-management.xml:14(para)
10433
13683
msgid ""
10434
"Ubuntu features a comprehensive package management system for the "
10435
"installation, upgrade, configuration, and removal of software. In addition "
10436
"to providing access to an organized base of over 24,000 software packages "
10437
"for your Ubuntu computer, the package management facilities also feature "
10438
"dependency resolution capabilities and software update checking."
13684
"Ubuntu features a comprehensive package management system for installing, "
13685
"upgrading, configuring, and removing software. In addition to providing "
13686
"access to an organized base of over 35,000 software packages for your Ubuntu "
13687
"computer, the package management facilities also feature dependency "
13688
"resolution capabilities and software update checking."
10439
13689
msgstr ""
10440
13690
10441
13691
#: serverguide/C/package-management.xml:16(para)
10456
13706
10457
13707
#: serverguide/C/package-management.xml:24(para)
10458
13708
msgid ""
10459
"Debian package files typically have the extension '.deb', and typically "
10460
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10461
"collections of packages found on various media, such as CD-ROM discs, or "
10462
"online. Packages are normally of the pre-compiled binary format; thus "
10463
"installation is quick and requires no compiling of software."
13709
"Debian package files typically have the extension '.deb', and usually exist "
13710
"in <emphasis role=\"italics\">repositories</emphasis> which are collections "
13711
"of packages found on various media, such as CD-ROM discs, or online. "
13712
"Packages are normally in a pre-compiled binary format; thus installation is "
13713
"quick, and requires no compiling of software."
10464
13714
msgstr ""
10465
13715
10466
13716
#: serverguide/C/package-management.xml:27(para)
10469
13719
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10470
13720
"packages required by the principal package in order to function properly. "
10471
13721
"For example, the speech synthesis package "
10472
"<application>Festival</application> depends upon the package "
13722
"<application>festival</application> depends upon the package "
10473
13723
"<application>libasound2</application>, which is a package supplying the "
10474
13724
"<application>ALSA</application> sound library needed for audio playback. In "
10475
"order for <application>Festival</application> to function, it and all of its "
13725
"order for <application>festival</application> to function, it and all of its "
10476
13726
"dependencies must be installed. The software management tools in Ubuntu will "
10477
13727
"do this automatically."
10478
13728
msgstr ""
10484
13734
#: serverguide/C/package-management.xml:34(para)
10485
13735
msgid ""
10486
13736
"<application>dpkg</application> is a package manager for "
10487
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10488
"packages, but unlike other package management system's it can not "
10489
"automatically download and install packages and their dependencies. This "
13737
"<emphasis>Debian</emphasis>-based systems. It can install, remove, and build "
13738
"packages, but unlike other package management systems, it cannot "
13739
"automatically download and install packages or their dependencies. This "
10490
13740
"section covers using <application>dpkg</application> to manage locally "
10491
13741
"installed packages:"
10492
13742
msgstr ""
10493
13743
10494
13744
#: serverguide/C/package-management.xml:43(para)
10495
13745
msgid ""
10496
"To list all packages installed on the system, from a terminal prompt enter:"
13746
"To list all packages installed on the system, from a terminal prompt type:"
10497
13747
msgstr ""
10498
13748
10499
13749
#: serverguide/C/package-management.xml:48(command)
10551
13801
#: serverguide/C/package-management.xml:96(para)
10552
13802
msgid ""
10553
13803
"Many files are automatically generated during the package install process, "
10554
"and even though they are on the filesystem <command>dpkg -S</command> may "
13804
"and even though they are on the filesystem, <command>dpkg -S</command> may "
10555
13805
"not know which package they belong to."
10556
13806
msgstr ""
10557
13807
10560
13810
msgstr ""
10561
13811
10562
13812
#: serverguide/C/package-management.xml:110(command)
10563
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
13813
msgid "sudo dpkg -i zip_3.0-4_i386.deb"
10564
13814
msgstr ""
10565
13815
10566
13816
#: serverguide/C/package-management.xml:113(para)
10567
13817
msgid ""
10568
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10569
"the local .deb file."
13818
"Change <filename>zip_3.0-4_i386.deb</filename> to the actual file name of "
13819
"the local .deb file you wish to install."
10570
13820
msgstr ""
10571
13821
10572
13822
#: serverguide/C/package-management.xml:120(para)
10581
13831
msgid ""
10582
13832
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10583
13833
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10584
"manager that handles dependencies, to ensure that the system is in a "
10585
"consistent state. For example using <command>dpkg -r</command> you can "
13834
"manager that handles dependencies to ensure that the system is in a "
13835
"consistent state. For example using <command>dpkg -r zip</command> will "
10586
13836
"remove the <application>zip</application> package, but any packages that "
10587
13837
"depend on it will still be installed and may no longer function correctly."
10588
13838
msgstr ""
10600
13850
#: serverguide/C/package-management.xml:147(para)
10601
13851
msgid ""
10602
13852
"The <application>apt-get</application> command is a powerful command-line "
10603
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
13853
"tool, which works with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10604
13854
"(APT) performing such functions as installation of new software packages, "
10605
13855
"upgrade of existing software packages, updating of the package list index, "
10606
13856
"and even upgrading the entire Ubuntu system."
10611
13861
"Being a simple command-line tool, <application>apt-get</application> has "
10612
13862
"numerous advantages over other package management tools available in Ubuntu "
10613
13863
"for server administrators. Some of these advantages include ease of use over "
10614
"simple terminal connections (SSH) and the ability to be used in system "
13864
"simple terminal connections (SSH), and the ability to be used in system "
10615
13865
"administration scripts, which can in turn be automated by the "
10616
13866
"<application>cron</application> scheduling utility."
10617
13867
msgstr ""
10620
13870
msgid ""
10621
13871
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10622
13872
"packages using the <application>apt-get</application> tool is quite simple. "
10623
"For example, to install the network scanner <emphasis "
10624
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
13873
"For example, to install the network scanner <application>nmap</application>, "
13874
"type the following: <screen>\n"
10625
13875
"<command>sudo apt-get install nmap</command>\n"
10626
13876
"</screen>"
10627
13877
msgstr ""
10628
13878
10629
13879
#: serverguide/C/package-management.xml:165(para)
10630
13880
msgid ""
10631
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10632
"packages is also a straightforward and simple process. To remove the nmap "
10633
"package installed in the previous example, type the following: <screen>\n"
13881
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package "
13882
"(or packages) is also straightforward. To remove the package installed in "
13883
"the previous example, type the following: <screen>\n"
10634
13884
"<command>sudo apt-get remove nmap</command>\n"
10635
13885
"</screen>"
10636
13886
msgstr ""
10643
13893
10644
13894
#: serverguide/C/package-management.xml:175(para)
10645
13895
msgid ""
10646
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
13896
"Also, adding the <emphasis>--purge</emphasis> option to <command>apt-get "
10647
13897
"remove</command> will remove the package configuration files as well. This "
10648
"may or may not be the desired effect so use with caution."
13898
"may or may not be the desired effect, so use with caution."
10649
13899
msgstr ""
10650
13900
10651
13901
#: serverguide/C/package-management.xml:181(para)
10652
13902
msgid ""
10653
13903
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10654
13904
"index is essentially a database of available packages from the repositories "
10655
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10656
"the local package index with the latest changes made in repositories, type "
10657
"the following: <screen>\n"
13905
"defined in the <filename>/etc/apt/sources.list</filename> file and in the "
13906
"<filename>/etc/apt/sources.list.d</filename> directory. To update the local "
13907
"package index with the latest changes made in the repositories, type the "
13908
"following: <screen>\n"
10658
13909
"<command>sudo apt-get update</command>\n"
10659
13910
"</screen>"
10660
13911
msgstr ""
10693
13944
msgid ""
10694
13945
"For further information about the use of <application>APT</application>, "
10695
13946
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10696
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10697
"help</screen>"
13947
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>\n"
13948
"<command>apt-get help</command>\n"
13949
"</screen>"
10698
13950
msgstr ""
10699
13951
10700
#: serverguide/C/package-management.xml:208(title)
13952
#: serverguide/C/package-management.xml:212(title)
10701
13953
msgid "Aptitude"
10702
13954
msgstr ""
10703
13955
10704
#: serverguide/C/package-management.xml:209(para)
13956
#: serverguide/C/package-management.xml:213(para)
10705
13957
msgid ""
10706
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10707
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10708
"the common package management functions, such as installation, removal, and "
10709
"upgrade, are performed in <application>Aptitude</application> with single-"
10710
"key commands, which are typically lowercase letters."
13958
"Launching <application>Aptitude</application> with no command-line options, "
13959
"will give you a menu-driven, text-based front-end to the <emphasis>Advanced "
13960
"Packaging Tool</emphasis> (APT) system. Many of the common package "
13961
"management functions, such as installation, removal, and upgrade, can be "
13962
"performed in <application>Aptitude</application> with single-key commands, "
13963
"which are typically lowercase letters."
10711
13964
msgstr ""
10712
13965
10713
#: serverguide/C/package-management.xml:212(para)
13966
#: serverguide/C/package-management.xml:216(para)
10714
13967
msgid ""
10715
13968
"<application>Aptitude</application> is best suited for use in a non-"
10716
13969
"graphical terminal environment to ensure proper functioning of the command "
10717
"keys. You may start <application>Aptitude</application> as a normal user "
10718
"with the following command at a terminal prompt: <screen>\n"
13970
"keys. You may start the menu-driven interface of "
13971
"<application>Aptitude</application> as a normal user by typing the following "
13972
"command at a terminal prompt: <screen>\n"
10719
13973
"<command>sudo aptitude</command>\n"
10720
13974
"</screen>"
10721
13975
msgstr ""
10722
13976
10723
#: serverguide/C/package-management.xml:219(para)
13977
#: serverguide/C/package-management.xml:222(para)
10724
13978
msgid ""
10725
13979
"When <application>Aptitude</application> starts, you will see a menu bar at "
10726
13980
"the top of the screen and two panes below the menu bar. The top pane "
10727
"contains package categories, such as <emphasis role=\"italics\">New "
10728
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10729
"Packages</emphasis>. The bottom pane contains information related to the "
10730
"packages and package categories."
13981
"contains package categories, such as <emphasis>New Packages</emphasis> and "
13982
"<emphasis>Not Installed Packages</emphasis>. The bottom pane contains "
13983
"information related to the packages and package categories."
10731
13984
msgstr ""
10732
13985
10733
#: serverguide/C/package-management.xml:222(para)
13986
#: serverguide/C/package-management.xml:225(para)
10734
13987
msgid ""
10735
13988
"Using <application>Aptitude</application> for package management is "
10736
13989
"relatively straightforward, and the user interface makes common tasks simple "
10738
13991
"functions as performed in <application>Aptitude</application>:"
10739
13992
msgstr ""
10740
13993
10741
#: serverguide/C/package-management.xml:226(para)
13994
#: serverguide/C/package-management.xml:229(para)
10742
13995
msgid ""
10743
13996
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10744
"locate the package via the Not Installed Packages package category, for "
10745
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10746
"key, and highlight the package you wish to install. After highlighting the "
10747
"package you wish to install, press the <keycap>+</keycap> key, and the "
10748
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10749
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10750
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10751
"again, and you will be prompted to become root to complete the installation. "
10752
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10753
"your user password to become root. Finally, press <keycap>g</keycap> once "
10754
"more and you'll be prompted to download the package. Press "
10755
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10756
"prompt, and downloading and installation of the package will commence."
13997
"locate the package via the <emphasis>Not Installed Packages</emphasis> "
13998
"package category, by using the keyboard arrow keys and the "
13999
"<keycap>ENTER</keycap> key. Highlight the desired package, then press the "
14000
"<keycap>+</keycap> key. The package entry should turn "
14001
"<emphasis>green</emphasis>, indicating that it has been marked for "
14002
"installation. Now press <keycap>g</keycap> to be presented with a summary of "
14003
"package actions. Press <keycap>g</keycap> again, and you will be prompted to "
14004
"become root to complete the installation. Press <keycap>ENTER</keycap> which "
14005
"will result in a <emphasis>Password:</emphasis> prompt. Enter your user "
14006
"password to become root. Finally, press <keycap>g</keycap> once more and "
14007
"you'll be prompted to download the package. Press <keycap>ENTER</keycap> on "
14008
"the <emphasis>Continue</emphasis> prompt, and downloading and installation "
14009
"of the package will commence."
10757
14010
msgstr ""
10758
14011
10759
#: serverguide/C/package-management.xml:230(para)
14012
#: serverguide/C/package-management.xml:233(para)
10760
14013
msgid ""
10761
14014
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10762
"locate the package via the Installed Packages package category, for example, "
10763
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10764
"highlight the package you wish to remove. After highlighting the package you "
10765
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10766
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10767
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10768
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10769
"prompted to become root to complete the installation. Press "
10770
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10771
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10772
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10773
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10774
"the package will commence."
14015
"locate the package via the <emphasis role=\"italics\">Installed "
14016
"Packages</emphasis> package category, by using the keyboard arrow keys and "
14017
"the <keycap>ENTER</keycap> key. Highlight the desired package you wish to "
14018
"remove, then press the <keycap>-</keycap> key. The package entry should turn "
14019
"<emphasis role=\"italics\">pink</emphasis>, indicating it has been marked "
14020
"for removal. Now press <keycap>g</keycap> to be presented with a summary of "
14021
"package actions. Press <keycap>g</keycap> again, and you will be prompted to "
14022
"become root to complete the removal. Press <keycap>ENTER</keycap> which will "
14023
"result in a <emphasis>Password:</emphasis> prompt. Enter your user password "
14024
"to become root. Finally, press <keycap>g</keycap> once more, then press "
14025
"<keycap>ENTER</keycap> on the <emphasis>Continue</emphasis> prompt, and "
14026
"removal of the package will commence."
10775
14027
msgstr ""
10776
14028
10777
#: serverguide/C/package-management.xml:234(para)
14029
#: serverguide/C/package-management.xml:237(para)
10778
14030
msgid ""
10779
14031
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10780
14032
"package index, simply press the <keycap>u</keycap> key and you will be "
10781
14033
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10782
"which will result in a Password: prompt. Enter your user password to become "
10783
"root. Updating of the package index will commence. Press "
10784
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10785
"presented to complete the process."
14034
"which will result in a <emphasis role=\"italics\">Password:</emphasis> "
14035
"prompt. Enter your user password to become root. Updating of the package "
14036
"index will commence. Press <keycap>ENTER</keycap> on the "
14037
"<emphasis>OK</emphasis> prompt when the download dialog is presented to "
14038
"complete the process."
10786
14039
msgstr ""
10787
14040
10788
#: serverguide/C/package-management.xml:238(para)
14041
#: serverguide/C/package-management.xml:241(para)
10789
14042
msgid ""
10790
14043
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10791
14044
"perform the update of the package index as detailed above, and then press "
10793
14046
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10794
14047
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10795
14048
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10796
"result in a Password: prompt. Enter your user password to become root. "
10797
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10798
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10799
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10800
"will commence."
14049
"result in a <emphasis>Password:</emphasis> prompt. Enter your user password "
14050
"to become root. Finally, press <keycap>g</keycap> once more, and you'll be "
14051
"prompted to download the packages. Press <keycap>ENTER</keycap> on the "
14052
"<emphasis>Continue</emphasis> prompt, and upgrade of the packages will "
14053
"commence."
10801
14054
msgstr ""
10802
14055
10803
#: serverguide/C/package-management.xml:245(para)
14056
#: serverguide/C/package-management.xml:248(para)
10804
14057
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10805
14058
msgstr ""
10806
14059
10807
#: serverguide/C/package-management.xml:250(para)
14060
#: serverguide/C/package-management.xml:253(para)
10808
14061
msgid ""
10809
14062
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10810
14063
"configuration remains on system"
10811
14064
msgstr ""
10812
14065
10813
#: serverguide/C/package-management.xml:254(para)
14066
#: serverguide/C/package-management.xml:257(para)
10814
14067
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10815
14068
msgstr ""
10816
14069
10817
#: serverguide/C/package-management.xml:258(para)
14070
#: serverguide/C/package-management.xml:261(para)
10818
14071
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10819
14072
msgstr ""
10820
14073
10821
#: serverguide/C/package-management.xml:262(para)
14074
#: serverguide/C/package-management.xml:265(para)
10822
14075
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10823
14076
msgstr ""
10824
14077
10825
#: serverguide/C/package-management.xml:266(para)
14078
#: serverguide/C/package-management.xml:269(para)
10826
14079
msgid ""
10827
14080
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10828
14081
"configured"
10829
14082
msgstr ""
10830
14083
10831
#: serverguide/C/package-management.xml:270(para)
14084
#: serverguide/C/package-management.xml:273(para)
10832
14085
msgid ""
10833
14086
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10834
14087
"and requires fix"
10835
14088
msgstr ""
10836
14089
10837
#: serverguide/C/package-management.xml:274(para)
14090
#: serverguide/C/package-management.xml:277(para)
10838
14091
msgid ""
10839
14092
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10840
14093
"requires fix"
10841
14094
msgstr ""
10842
14095
10843
#: serverguide/C/package-management.xml:242(para)
14096
#: serverguide/C/package-management.xml:245(para)
10844
14097
msgid ""
10845
14098
"The first column of information displayed in the package list in the top "
10846
14099
"pane, when actually viewing packages lists the current state of the package, "
10848
14101
"<placeholder-1/>"
10849
14102
msgstr ""
10850
14103
10851
#: serverguide/C/package-management.xml:280(para)
14104
#: serverguide/C/package-management.xml:283(para)
10852
14105
msgid ""
10853
14106
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10854
14107
"wish to exit. Many other functions are available from the Aptitude menu by "
10855
14108
"pressing the <keycap>F10</keycap> key."
10856
14109
msgstr ""
10857
14110
10858
#: serverguide/C/package-management.xml:285(title)
14111
#: serverguide/C/package-management.xml:286(title)
14112
msgid "Command Line Aptitude"
14113
msgstr ""
14114
14115
#: serverguide/C/package-management.xml:287(para)
14116
msgid ""
14117
"You can also use <application>Aptitude</application> as a command-line tool, "
14118
"similar to <application>apt-get</application>. To install the "
14119
"<application>nmap</application> package with all necessary dependencies, as "
14120
"in the <application>apt-get</application> example, you would use the "
14121
"following command: <screen>\n"
14122
"<command>sudo aptitude install nmap</command>\n"
14123
"</screen> To remove the same package, you would use the command: <screen>\n"
14124
"<command>sudo aptitude remove nmap</command>\n"
14125
"</screen> Consult the <application>man</application> pages for more details "
14126
"of command line options for <application>Aptitude</application>."
14127
msgstr ""
14128
14129
#: serverguide/C/package-management.xml:300(title)
10859
14130
msgid "Automatic Updates"
10860
14131
msgstr ""
10861
14132
10862
#: serverguide/C/package-management.xml:287(para)
14133
#: serverguide/C/package-management.xml:302(para)
10863
14134
msgid ""
10864
14135
"The <application>unattended-upgrades</application> package can be used to "
10865
14136
"automatically install updated packages, and can be configured to update all "
10867
14138
"entering the following in a terminal:"
10868
14139
msgstr ""
10869
14140
10870
#: serverguide/C/package-management.xml:293(command)
14141
#: serverguide/C/package-management.xml:308(command)
10871
14142
msgid "sudo apt-get install unattended-upgrades"
10872
14143
msgstr ""
10873
14144
10874
#: serverguide/C/package-management.xml:296(para)
14145
#: serverguide/C/package-management.xml:311(para)
10875
14146
msgid ""
10876
14147
"To configure <application>unattended-upgrades</application>, edit "
10877
14148
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10878
14149
"the following to fit your needs:"
10879
14150
msgstr ""
10880
14151
10881
#: serverguide/C/package-management.xml:301(programlisting)
14152
#: serverguide/C/package-management.xml:316(programlisting)
10882
14153
#, no-wrap
10883
14154
msgid ""
10884
14155
"\n"
10885
14156
"Unattended-Upgrade::Allowed-Origins {\n"
10886
" \"Ubuntu maverick-security\";\n"
10887
"// \"Ubuntu maverick-updates\";\n"
14157
" \"Ubuntu precise-security\";\n"
14158
"// \"Ubuntu precise-updates\";\n"
10888
14159
"};\n"
10889
14160
msgstr ""
10890
14161
10891
#: serverguide/C/package-management.xml:308(para)
14162
#: serverguide/C/package-management.xml:323(para)
10892
14163
msgid ""
10893
14164
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10894
14165
"will not be automatically updated. To blacklist a package, add it to the "
10895
14166
"list:"
10896
14167
msgstr ""
10897
14168
10898
#: serverguide/C/package-management.xml:313(programlisting)
14169
#: serverguide/C/package-management.xml:328(programlisting)
10899
14170
#, no-wrap
10900
14171
msgid ""
10901
14172
"\n"
10907
14178
"};\n"
10908
14179
msgstr ""
10909
14180
10910
#: serverguide/C/package-management.xml:323(para)
14181
#: serverguide/C/package-management.xml:338(para)
10911
14182
msgid ""
10912
14183
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10913
14184
"whatever follows \"//\" will not be evaluated."
10914
14185
msgstr ""
10915
14186
10916
#: serverguide/C/package-management.xml:328(para)
14187
#: serverguide/C/package-management.xml:343(para)
10917
14188
msgid ""
10918
14189
"To enable automatic updates, edit "
10919
14190
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10920
14191
"<application>apt</application> configuration options:"
10921
14192
msgstr ""
10922
14193
10923
#: serverguide/C/package-management.xml:332(programlisting)
14194
#: serverguide/C/package-management.xml:347(programlisting)
10924
14195
#, no-wrap
10925
14196
msgid ""
10926
14197
"\n"
10930
14201
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10931
14202
msgstr ""
10932
14203
10933
#: serverguide/C/package-management.xml:339(para)
14204
#: serverguide/C/package-management.xml:354(para)
10934
14205
msgid ""
10935
14206
"The above configuration updates the package list, downloads, and installs "
10936
14207
"available upgrades every day. The local download archive is cleaned every "
10937
14208
"week."
10938
14209
msgstr ""
10939
14210
10940
#: serverguide/C/package-management.xml:345(para)
14211
#: serverguide/C/package-management.xml:360(para)
10941
14212
msgid ""
10942
14213
"You can read more about <application>apt</application> Periodic "
10943
14214
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10944
14215
"header."
10945
14216
msgstr ""
10946
14217
10947
#: serverguide/C/package-management.xml:350(para)
14218
#: serverguide/C/package-management.xml:365(para)
10948
14219
msgid ""
10949
14220
"The results of <application>unattended-upgrades</application> will be logged "
10950
14221
"to <filename>/var/log/unattended-upgrades</filename>."
10951
14222
msgstr ""
10952
14223
10953
#: serverguide/C/package-management.xml:355(title)
14224
#: serverguide/C/package-management.xml:370(title)
10954
14225
msgid "Notifications"
10955
14226
msgstr ""
10956
14227
10957
#: serverguide/C/package-management.xml:357(para)
14228
#: serverguide/C/package-management.xml:372(para)
10958
14229
msgid ""
10959
14230
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10960
14231
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10962
14233
"detailing any packages that need upgrading or have problems."
10963
14234
msgstr ""
10964
14235
10965
#: serverguide/C/package-management.xml:362(para)
14236
#: serverguide/C/package-management.xml:377(para)
10966
14237
msgid ""
10967
14238
"Another useful package is <application>apticron</application>. "
10968
14239
"<application>apticron</application> will configure a "
10971
14242
"summary of changes in each package."
10972
14243
msgstr ""
10973
14244
10974
#: serverguide/C/package-management.xml:368(para)
14245
#: serverguide/C/package-management.xml:383(para)
10975
14246
msgid ""
10976
14247
"To install the <application>apticron</application> package, in a terminal "
10977
14248
"enter:"
10978
14249
msgstr ""
10979
14250
10980
#: serverguide/C/package-management.xml:373(command)
14251
#: serverguide/C/package-management.xml:388(command)
10981
14252
msgid "sudo apt-get install apticron"
10982
14253
msgstr ""
10983
14254
10984
#: serverguide/C/package-management.xml:376(para)
14255
#: serverguide/C/package-management.xml:391(para)
10985
14256
msgid ""
10986
14257
"Once the package is installed edit "
10987
14258
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10988
14259
"and other options:"
10989
14260
msgstr ""
10990
14261
10991
#: serverguide/C/package-management.xml:380(programlisting)
14262
#: serverguide/C/package-management.xml:395(programlisting)
10992
14263
#, no-wrap
10993
14264
msgid ""
10994
14265
"\n"
10995
14266
"EMAIL=\"root@example.com\"\n"
10996
14267
msgstr ""
10997
14268
10998
#: serverguide/C/package-management.xml:389(para)
14269
#: serverguide/C/package-management.xml:404(para)
10999
14270
msgid ""
11000
14271
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11001
"system repositories is stored in the /etc/apt/sources.list configuration "
11002
"file. An example of this file is referenced here, along with information on "
11003
"adding or removing repository references from the file."
14272
"system repositories is stored in the "
14273
"<filename>/etc/apt/sources.list</filename> file and the "
14274
"<filename>/etc/apt/sources.list.d</filename> directory. An example of this "
14275
"file is referenced here, along with information on adding or removing "
14276
"repository references from the file."
11004
14277
msgstr ""
11005
14278
11006
#: serverguide/C/package-management.xml:395(para)
14279
#: serverguide/C/package-management.xml:409(para)
11007
14280
msgid ""
11008
14281
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
11009
14282
"typical <filename>/etc/apt/sources.list</filename> file."
11010
14283
msgstr ""
11011
14284
11012
#: serverguide/C/package-management.xml:399(para)
14285
#: serverguide/C/package-management.xml:413(para)
11013
14286
msgid ""
11014
14287
"You may edit the file to enable repositories or disable them. For example, "
11015
14288
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11017
14290
"which appears at the top of the file:"
11018
14291
msgstr ""
11019
14292
11020
#: serverguide/C/package-management.xml:404(screen)
14293
#: serverguide/C/package-management.xml:418(screen)
11021
14294
#, no-wrap
11022
14295
msgid ""
11023
14296
"\n"
11024
14297
"# no more prompting for CD-ROM please\n"
11025
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
11026
"main restricted\n"
14298
"# deb cdrom:[Ubuntu 12.04 _Precise Pangolin_ - Release i386 (20111013.1)]/ "
14299
"precise main restricted\n"
11027
14300
msgstr ""
11028
14301
11029
#: serverguide/C/package-management.xml:410(title)
14302
#: serverguide/C/package-management.xml:424(title)
11030
14303
msgid "Extra Repositories"
11031
14304
msgstr ""
11032
14305
11033
#: serverguide/C/package-management.xml:411(para)
14306
#: serverguide/C/package-management.xml:425(para)
11034
14307
msgid ""
11035
14308
"In addition to the officially supported package repositories available for "
11036
14309
"Ubuntu, there exist additional community-maintained repositories which add "
11037
"thousands more potential packages for installation. Two of the most popular "
14310
"thousands more packages for potential installation. Two of the most popular "
11038
14311
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
11039
14312
"repositories. These repositories are not officially supported by Ubuntu, but "
11040
14313
"because they are maintained by the community they generally provide packages "
11041
14314
"which are safe for use with your Ubuntu computer."
11042
14315
msgstr ""
11043
14316
11044
#: serverguide/C/package-management.xml:414(para)
14317
#: serverguide/C/package-management.xml:428(para)
11045
14318
msgid ""
11046
14319
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11047
14320
"licensing issues that prevent them from being distributed with a free "
11048
14321
"operating system, and they may be illegal in your locality."
11049
14322
msgstr ""
11050
14323
11051
#: serverguide/C/package-management.xml:416(para)
14324
#: serverguide/C/package-management.xml:430(para)
11052
14325
msgid ""
11053
14326
"Be advised that neither the <emphasis>Universe</emphasis> or "
11054
14327
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11056
14329
"packages."
11057
14330
msgstr ""
11058
14331
11059
#: serverguide/C/package-management.xml:420(para)
14332
#: serverguide/C/package-management.xml:434(para)
11060
14333
msgid ""
11061
14334
"Many other package sources are available, sometimes even offering only one "
11062
14335
"package, as in the case of package sources provided by the developer of a "
11067
14340
"functional in some respects."
11068
14341
msgstr ""
11069
14342
11070
#: serverguide/C/package-management.xml:423(para)
14343
#: serverguide/C/package-management.xml:437(para)
11071
14344
msgid ""
11072
14345
"By default, the <emphasis>Universe</emphasis> and "
11073
14346
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11075
14348
"comment the following lines:"
11076
14349
msgstr ""
11077
14350
11078
#: serverguide/C/package-management.xml:430(programlisting)
14351
#: serverguide/C/package-management.xml:444(programlisting)
11079
14352
#, no-wrap
11080
14353
msgid ""
11081
14354
"\n"
11082
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11083
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11084
"\n"
11085
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11086
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11087
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11088
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11089
"\n"
11090
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11091
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11092
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11093
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11094
"\n"
11095
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
11096
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
11097
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
11098
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
14355
"deb http://archive.ubuntu.com/ubuntu precise universe multiverse\n"
14356
"deb-src http://archive.ubuntu.com/ubuntu precise universe multiverse\n"
14357
"\n"
14358
"deb http://us.archive.ubuntu.com/ubuntu/ precise universe\n"
14359
"deb-src http://us.archive.ubuntu.com/ubuntu/ precise universe\n"
14360
"deb http://us.archive.ubuntu.com/ubuntu/ precise-updates universe\n"
14361
"deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates universe\n"
14362
"\n"
14363
"deb http://us.archive.ubuntu.com/ubuntu/ precise multiverse\n"
14364
"deb-src http://us.archive.ubuntu.com/ubuntu/ precise multiverse\n"
14365
"deb http://us.archive.ubuntu.com/ubuntu/ precise-updates multiverse\n"
14366
"deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates multiverse\n"
14367
"\n"
14368
"deb http://security.ubuntu.com/ubuntu precise-security universe\n"
14369
"deb-src http://security.ubuntu.com/ubuntu precise-security universe\n"
14370
"deb http://security.ubuntu.com/ubuntu precise-security multiverse\n"
14371
"deb-src http://security.ubuntu.com/ubuntu precise-security multiverse\n"
11099
14372
msgstr ""
11100
14373
11101
#: serverguide/C/package-management.xml:456(para)
14374
#: serverguide/C/package-management.xml:470(para)
11102
14375
msgid ""
11103
14376
"Most of the material covered in this chapter is available in "
11104
14377
"<application>man</application> pages, many of which are available online."
11105
14378
msgstr ""
11106
14379
11107
#: serverguide/C/package-management.xml:463(para)
14380
#: serverguide/C/package-management.xml:477(para)
11108
14381
msgid ""
11109
14382
"The <ulink "
11110
14383
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11111
14384
"re</ulink> Ubuntu wiki page has more information."
11112
14385
msgstr ""
11113
14386
11114
#: serverguide/C/package-management.xml:468(para)
14387
#: serverguide/C/package-management.xml:482(para)
11115
14388
msgid ""
11116
14389
"For more <application>dpkg</application> details see the <ulink "
11117
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
11118
" man page</ulink>."
14390
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man1/dpkg.1.html\">dpkg "
14391
"man page</ulink>."
11119
14392
msgstr ""
11120
14393
11121
#: serverguide/C/package-management.xml:474(para)
14394
#: serverguide/C/package-management.xml:488(para)
11122
14395
msgid ""
11123
14396
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
11124
14397
"HOWTO</ulink> and <ulink "
11125
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
14398
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/apt-"
11126
14399
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
11127
14400
"<application>apt-get</application> usage."
11128
14401
msgstr ""
11129
14402
11130
#: serverguide/C/package-management.xml:481(para)
14403
#: serverguide/C/package-management.xml:495(para)
11131
14404
msgid ""
11132
14405
"See the <ulink "
11133
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
11134
"itude man page</ulink> for more <application>aptitude</application> options."
14406
"url=\"http://manpages.ubuntu.com/manpages/precise/man8/aptitude.8.html\">apti"
14407
"tude man page</ulink> for more <application>aptitude</application> options."
11135
14408
msgstr ""
11136
14409
11137
#: serverguide/C/package-management.xml:487(para)
14410
#: serverguide/C/package-management.xml:501(para)
11138
14411
msgid ""
11139
14412
"The <ulink "
11140
14413
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11571
14844
#: serverguide/C/other-apps.xml:334(para)
11572
14845
msgid ""
11573
14846
"See the <ulink "
11574
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
14847
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man1/update-"
11575
14848
"motd.1.html\">update-motd man page</ulink> for more options available to "
11576
14849
"<application>update-motd</application>."
11577
14850
msgstr ""
11637
14910
"discussion of popular network protocols."
11638
14911
msgstr ""
11639
14912
11640
#: serverguide/C/network-config.xml:27(title)
11641
msgid "Network Configuration"
11642
msgstr ""
11643
11644
14913
#: serverguide/C/network-config.xml:28(para)
11645
14914
msgid ""
11646
14915
"Ubuntu ships with a number of graphical utilities to configure your network "
11737
15006
"Reboot the system to commit your changes."
11738
15007
msgstr ""
11739
15008
11740
#: serverguide/C/network-config.xml:92(programlisting)
11741
#, no-wrap
11742
msgid ""
11743
"\n"
11744
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11745
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11746
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11747
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11748
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11749
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11750
msgstr ""
11751
11752
#: serverguide/C/network-config.xml:99(title)
15009
#: serverguide/C/network-config.xml:95(title)
11753
15010
msgid "Ethernet Interface Settings"
11754
15011
msgstr ""
11755
15012
11756
#: serverguide/C/network-config.xml:100(para)
15013
#: serverguide/C/network-config.xml:96(para)
11757
15014
msgid ""
11758
15015
"<application>ethtool</application> is a program that displays and changes "
11759
15016
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11761
15018
"installation in the repositories."
11762
15019
msgstr ""
11763
15020
11764
#: serverguide/C/network-config.xml:106(userinput)
15021
#: serverguide/C/network-config.xml:102(userinput)
11765
15022
#, no-wrap
11766
15023
msgid "sudo apt-get install ethtool"
11767
15024
msgstr ""
11768
15025
11769
#: serverguide/C/network-config.xml:108(para)
15026
#: serverguide/C/network-config.xml:104(para)
11770
15027
msgid ""
11771
15028
"The following is an example of how to view supported features and configured "
11772
15029
"settings of an Ethernet interface."
11773
15030
msgstr ""
11774
15031
11775
#: serverguide/C/network-config.xml:113(userinput)
15032
#: serverguide/C/network-config.xml:109(userinput)
11776
15033
#, no-wrap
11777
15034
msgid "sudo ethtool eth0"
11778
15035
msgstr ""
11779
15036
11780
#: serverguide/C/network-config.xml:112(screen)
15037
#: serverguide/C/network-config.xml:108(screen)
11781
15038
#, no-wrap
11782
15039
msgid ""
11783
15040
"\n"
11804
15061
" Link detected: yes\n"
11805
15062
msgstr ""
11806
15063
11807
#: serverguide/C/network-config.xml:135(para)
15064
#: serverguide/C/network-config.xml:131(para)
11808
15065
msgid ""
11809
15066
"Changes made with the <application>ethtool</application> command are "
11810
15067
"temporary and will be lost after a reboot. If you would like to retain "
11813
15070
"configuration file <filename>/etc/network/interfaces</filename>."
11814
15071
msgstr ""
11815
15072
11816
#: serverguide/C/network-config.xml:141(para)
15073
#: serverguide/C/network-config.xml:137(para)
11817
15074
msgid ""
11818
15075
"The following is an example of how the interface identified as <emphasis "
11819
15076
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11820
15077
"speed of 1000Mb/s running in full duplex mode."
11821
15078
msgstr ""
11822
15079
11823
#: serverguide/C/network-config.xml:145(programlisting)
15080
#: serverguide/C/network-config.xml:141(programlisting)
11824
15081
#, no-wrap
11825
15082
msgid ""
11826
15083
"\n"
11827
15084
"auto eth0\n"
11828
15085
"iface eth0 inet static\n"
11829
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
15086
"pre-up /sbin/ethtool -s eth0 speed 1000 duplex full\n"
11830
15087
msgstr ""
11831
15088
11832
#: serverguide/C/network-config.xml:151(para)
15089
#: serverguide/C/network-config.xml:147(para)
11833
15090
msgid ""
11834
15091
"Although the example above shows the interface configured to use the "
11835
15092
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11838
15095
"statement in relation to the rest of the interface configuration."
11839
15096
msgstr ""
11840
15097
11841
#: serverguide/C/network-config.xml:163(title)
15098
#: serverguide/C/network-config.xml:159(title)
11842
15099
msgid "IP Addressing"
11843
15100
msgstr ""
11844
15101
11845
#: serverguide/C/network-config.xml:164(para)
15102
#: serverguide/C/network-config.xml:160(para)
11846
15103
msgid ""
11847
15104
"The following section describes the process of configuring your systems IP "
11848
15105
"address and default gateway needed for communicating on a local area network "
11849
15106
"and the Internet."
11850
15107
msgstr ""
11851
15108
11852
#: serverguide/C/network-config.xml:171(title)
15109
#: serverguide/C/network-config.xml:167(title)
11853
15110
msgid "Temporary IP Address Assignment"
11854
15111
msgstr ""
11855
15112
11856
#: serverguide/C/network-config.xml:172(para)
15113
#: serverguide/C/network-config.xml:168(para)
11857
15114
msgid ""
11858
15115
"For temporary network configurations, you can use standard commands such as "
11859
15116
"<application>ip</application>, <application>ifconfig</application> and "
11863
15120
"lost after a reboot."
11864
15121
msgstr ""
11865
15122
11866
#: serverguide/C/network-config.xml:180(para)
15123
#: serverguide/C/network-config.xml:176(para)
11867
15124
msgid ""
11868
15125
"To temporarily configure an IP address, you can use the "
11869
15126
"<application>ifconfig</application> command in the following manner. Just "
11870
15127
"modify the IP address and subnet mask to match your network requirements."
11871
15128
msgstr ""
11872
15129
11873
#: serverguide/C/network-config.xml:186(userinput)
15130
#: serverguide/C/network-config.xml:182(userinput)
11874
15131
#, no-wrap
11875
15132
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11876
15133
msgstr ""
11877
15134
11878
#: serverguide/C/network-config.xml:188(para)
15135
#: serverguide/C/network-config.xml:184(para)
11879
15136
msgid ""
11880
15137
"To verify the IP address configuration of <application>eth0</application>, "
11881
15138
"you can use the <application>ifconfig</application> command in the following "
11882
15139
"manner."
11883
15140
msgstr ""
11884
15141
11885
#: serverguide/C/network-config.xml:193(userinput)
15142
#: serverguide/C/network-config.xml:189(userinput)
11886
15143
#, no-wrap
11887
15144
msgid "ifconfig eth0"
11888
15145
msgstr ""
11889
15146
11890
#: serverguide/C/network-config.xml:192(screen)
15147
#: serverguide/C/network-config.xml:188(screen)
11891
15148
#, no-wrap
11892
15149
msgid ""
11893
15150
"\n"
11903
15160
" Interrupt:16 \n"
11904
15161
msgstr ""
11905
15162
11906
#: serverguide/C/network-config.xml:204(para)
15163
#: serverguide/C/network-config.xml:200(para)
11907
15164
msgid ""
11908
15165
"To configure a default gateway, you can use the "
11909
15166
"<application>route</application> command in the following manner. Modify the "
11910
15167
"default gateway address to match your network requirements."
11911
15168
msgstr ""
11912
15169
11913
#: serverguide/C/network-config.xml:210(userinput)
15170
#: serverguide/C/network-config.xml:206(userinput)
11914
15171
#, no-wrap
11915
15172
msgid "sudo route add default gw 10.0.0.1 eth0"
11916
15173
msgstr ""
11917
15174
11918
#: serverguide/C/network-config.xml:212(para)
15175
#: serverguide/C/network-config.xml:208(para)
11919
15176
msgid ""
11920
15177
"To verify your default gateway configuration, you can use the "
11921
15178
"<application>route</application> command in the following manner."
11922
15179
msgstr ""
11923
15180
11924
#: serverguide/C/network-config.xml:217(userinput)
15181
#: serverguide/C/network-config.xml:213(userinput)
11925
15182
#, no-wrap
11926
15183
msgid "route -n"
11927
15184
msgstr ""
11928
15185
11929
#: serverguide/C/network-config.xml:216(screen)
15186
#: serverguide/C/network-config.xml:212(screen)
11930
15187
#, no-wrap
11931
15188
msgid ""
11932
15189
"\n"
11940
15197
"eth0\n"
11941
15198
msgstr ""
11942
15199
11943
#: serverguide/C/network-config.xml:223(para)
15200
#: serverguide/C/network-config.xml:219(para)
11944
15201
msgid ""
11945
15202
"If you require DNS for your temporary network configuration, you can add DNS "
11946
15203
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11950
15207
"configuration is in a following section."
11951
15208
msgstr ""
11952
15209
11953
#: serverguide/C/network-config.xml:230(programlisting)
15210
#: serverguide/C/network-config.xml:226(programlisting)
11954
15211
#, no-wrap
11955
15212
msgid ""
11956
15213
"\n"
11958
15215
"nameserver 8.8.4.4\n"
11959
15216
msgstr ""
11960
15217
11961
#: serverguide/C/network-config.xml:234(para)
15218
#: serverguide/C/network-config.xml:230(para)
11962
15219
msgid ""
11963
15220
"If you no longer need this configuration and wish to purge all IP "
11964
15221
"configuration from an interface, you can use the "
11965
15222
"<application>ip</application> command with the flush option as shown below."
11966
15223
msgstr ""
11967
15224
11968
#: serverguide/C/network-config.xml:240(userinput)
15225
#: serverguide/C/network-config.xml:236(userinput)
11969
15226
#, no-wrap
11970
15227
msgid "ip addr flush eth0"
11971
15228
msgstr ""
11972
15229
11973
#: serverguide/C/network-config.xml:243(para)
15230
#: serverguide/C/network-config.xml:239(para)
11974
15231
msgid ""
11975
15232
"Flushing the IP configuration using the <application>ip</application> "
11976
15233
"command does not clear the contents of "
11978
15235
"entries manually."
11979
15236
msgstr ""
11980
15237
11981
#: serverguide/C/network-config.xml:251(title)
15238
#: serverguide/C/network-config.xml:247(title)
11982
15239
msgid "Dynamic IP Address Assignment (DHCP Client)"
11983
15240
msgstr ""
11984
15241
11985
#: serverguide/C/network-config.xml:252(para)
15242
#: serverguide/C/network-config.xml:248(para)
11986
15243
msgid ""
11987
15244
"To configure your server to use DHCP for dynamic address assignment, add the "
11988
15245
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11992
15249
"role=\"italic\">eth0</emphasis>."
11993
15250
msgstr ""
11994
15251
11995
#: serverguide/C/network-config.xml:259(programlisting)
15252
#: serverguide/C/network-config.xml:255(programlisting)
11996
15253
#, no-wrap
11997
15254
msgid ""
11998
15255
"\n"
12000
15257
"iface eth0 inet dhcp\n"
12001
15258
msgstr ""
12002
15259
12003
#: serverguide/C/network-config.xml:263(para)
15260
#: serverguide/C/network-config.xml:259(para)
12004
15261
msgid ""
12005
15262
"By adding an interface configuration as shown above, you can manually enable "
12006
15263
"the interface through the <application>ifup</application> command which "
12007
15264
"initiates the DHCP process via <application>dhclient</application>."
12008
15265
msgstr ""
12009
15266
12010
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
15267
#: serverguide/C/network-config.xml:265(userinput) serverguide/C/network-config.xml:300(userinput)
12011
15268
#, no-wrap
12012
15269
msgid "sudo ifup eth0"
12013
15270
msgstr ""
12014
15271
12015
#: serverguide/C/network-config.xml:271(para)
15272
#: serverguide/C/network-config.xml:267(para)
12016
15273
msgid ""
12017
15274
"To manually disable the interface, you can use the "
12018
15275
"<application>ifdown</application> command, which in turn will initiate the "
12019
15276
"DHCP release process and shut down the interface."
12020
15277
msgstr ""
12021
15278
12022
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
15279
#: serverguide/C/network-config.xml:273(userinput) serverguide/C/network-config.xml:307(userinput)
12023
15280
#, no-wrap
12024
15281
msgid "sudo ifdown eth0"
12025
15282
msgstr ""
12026
15283
12027
#: serverguide/C/network-config.xml:282(title)
15284
#: serverguide/C/network-config.xml:278(title)
12028
15285
msgid "Static IP Address Assignment"
12029
15286
msgstr ""
12030
15287
12031
#: serverguide/C/network-config.xml:283(para)
15288
#: serverguide/C/network-config.xml:279(para)
12032
15289
msgid ""
12033
15290
"To configure your system to use a static IP address assignment, add the "
12034
15291
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12042
15299
"network."
12043
15300
msgstr ""
12044
15301
12045
#: serverguide/C/network-config.xml:292(programlisting)
15302
#: serverguide/C/network-config.xml:288(programlisting)
12046
15303
#, no-wrap
12047
15304
msgid ""
12048
15305
"\n"
12053
15310
"gateway 10.0.0.1\n"
12054
15311
msgstr ""
12055
15312
12056
#: serverguide/C/network-config.xml:299(para)
15313
#: serverguide/C/network-config.xml:295(para)
12057
15314
msgid ""
12058
15315
"By adding an interface configuration as shown above, you can manually enable "
12059
15316
"the interface through the <application>ifup</application> command."
12060
15317
msgstr ""
12061
15318
12062
#: serverguide/C/network-config.xml:306(para)
15319
#: serverguide/C/network-config.xml:302(para)
12063
15320
msgid ""
12064
15321
"To manually disable the interface, you can use the "
12065
15322
"<application>ifdown</application> command."
12066
15323
msgstr ""
12067
15324
12068
#: serverguide/C/network-config.xml:316(title)
15325
#: serverguide/C/network-config.xml:312(title)
12069
15326
msgid "Loopback Interface"
12070
15327
msgstr ""
12071
15328
12072
#: serverguide/C/network-config.xml:317(para)
15329
#: serverguide/C/network-config.xml:313(para)
12073
15330
msgid ""
12074
15331
"The loopback interface is identified by the system as <emphasis "
12075
15332
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12076
15333
"can be viewed using the ifconfig command."
12077
15334
msgstr ""
12078
15335
12079
#: serverguide/C/network-config.xml:322(userinput)
15336
#: serverguide/C/network-config.xml:318(userinput)
12080
15337
#, no-wrap
12081
15338
msgid "ifconfig lo"
12082
15339
msgstr ""
12083
15340
12084
#: serverguide/C/network-config.xml:321(screen)
15341
#: serverguide/C/network-config.xml:317(screen)
12085
15342
#, no-wrap
12086
15343
msgid ""
12087
15344
"\n"
12096
15353
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12097
15354
msgstr ""
12098
15355
12099
#: serverguide/C/network-config.xml:332(para)
15356
#: serverguide/C/network-config.xml:328(para)
12100
15357
msgid ""
12101
15358
"By default, there should be two lines in "
12102
15359
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12105
15362
"example of the two default lines are shown below."
12106
15363
msgstr ""
12107
15364
12108
#: serverguide/C/network-config.xml:338(programlisting)
15365
#: serverguide/C/network-config.xml:334(programlisting)
12109
15366
#, no-wrap
12110
15367
msgid ""
12111
15368
"\n"
12113
15370
"iface lo inet loopback\n"
12114
15371
msgstr ""
12115
15372
12116
#: serverguide/C/network-config.xml:347(title)
15373
#: serverguide/C/network-config.xml:343(title)
12117
15374
msgid "Name Resolution"
12118
15375
msgstr ""
12119
15376
12120
#: serverguide/C/network-config.xml:348(para)
15377
#: serverguide/C/network-config.xml:344(para)
12121
15378
msgid ""
12122
15379
"Name resolution as it relates to IP networking is the process of mapping IP "
12123
15380
"addresses to hostnames, making it easier to identify resources on a network. "
12125
15382
"name resolution using DNS and static hostname records."
12126
15383
msgstr ""
12127
15384
12128
#: serverguide/C/network-config.xml:356(title)
15385
#: serverguide/C/network-config.xml:352(title)
12129
15386
msgid "DNS Client Configuration"
12130
15387
msgstr ""
12131
15388
12132
#: serverguide/C/network-config.xml:357(para)
12133
msgid ""
12134
"To configure your system to use DNS for name resolution, add the IP "
12135
"addresses of the DNS servers that are appropriate for your network in the "
12136
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12137
"suffix search-lists to match your network domain names."
12138
msgstr ""
12139
12140
#: serverguide/C/network-config.xml:362(para)
12141
msgid ""
12142
"Below is an example of a typical configuration of "
12143
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12144
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12145
msgstr ""
12146
12147
#: serverguide/C/network-config.xml:367(programlisting)
12148
#, no-wrap
12149
msgid ""
12150
"\n"
12151
"search example.com\n"
12152
"nameserver 8.8.8.8\n"
12153
"nameserver 8.8.4.4\n"
12154
msgstr ""
12155
12156
#: serverguide/C/network-config.xml:372(para)
15389
#: serverguide/C/network-config.xml:364(programlisting)
15390
#, no-wrap
15391
msgid ""
15392
"\n"
15393
"/etc/resolv.conf -> ../run/resolvconf/resolv.conf\n"
15394
msgstr ""
15395
15396
#: serverguide/C/network-config.xml:353(para)
15397
msgid ""
15398
"Traditionally, the file <filename>/etc/resolv.conf</filename> was a static "
15399
"configuration file that rarely needed to be changed or automatically changed "
15400
"via DCHP client hooks. Nowadays, a computer can switch from one network to "
15401
"another quite often and the <emphasis>resolvconf</emphasis> framework is now "
15402
"being used to track these changes and update the resolver's configuration "
15403
"automatically. It acts as an intermediary between programs that supply "
15404
"nameserver information and applications that need nameserver information. "
15405
"Resolvconf gets populated with information by a set of hook scripts related "
15406
"to network interface configuration. The most notable difference for the user "
15407
"is that any change manually done to /etc/resolv.conf will be lost as it gets "
15408
"overwritten each time something triggers resolvconf. Instead, resolvconf "
15409
"uses DHCP client hooks, and <filename>/etc/network/interfaces</filename> to "
15410
"generate a list of nameservers and domains to put in /etc/resolv.conf, which "
15411
"is now a symlink: <placeholder-1/> To configure the resolver, add the IP "
15412
"addresses of the nameservers that are appropriate for your network in the "
15413
"file <filename>/etc/network/interfaces</filename>. You can also add an "
15414
"optional DNS suffix search-lists to match your network domain names. For "
15415
"each other valid resolv.conf configuration option, you can include, in the "
15416
"stanza, one line beginning with that option name with a <emphasis "
15417
"role=\"bold\">dns-</emphasis> prefix. The resulting file might look like the "
15418
"following:"
15419
msgstr ""
15420
15421
#: serverguide/C/network-config.xml:375(programlisting)
15422
#, no-wrap
15423
msgid ""
15424
"\n"
15425
"iface eth0 inet static\n"
15426
" address 192.168.3.3\n"
15427
" netmask 255.255.255.0\n"
15428
" gateway 192.168.3.1\n"
15429
" dns-search example.com\n"
15430
" dns-nameservers 192.168.3.45 192.168.8.10\n"
15431
msgstr ""
15432
15433
#: serverguide/C/network-config.xml:384(para)
12157
15434
msgid ""
12158
15435
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12159
15436
"multiple domain names so that DNS queries will be appended in the order in "
12164
15441
"role=\"italic\">dev.example.com</emphasis>."
12165
15442
msgstr ""
12166
15443
12167
#: serverguide/C/network-config.xml:380(para)
15444
#: serverguide/C/network-config.xml:391(para)
12168
15445
msgid ""
12169
15446
"If you have multiple domains you wish to search, your configuration might "
12170
"look like the following."
15447
"look like the following:"
12171
15448
msgstr ""
12172
15449
12173
#: serverguide/C/network-config.xml:383(programlisting)
15450
#: serverguide/C/network-config.xml:395(programlisting)
12174
15451
#, no-wrap
12175
15452
msgid ""
12176
15453
"\n"
12177
"search example.com sales.example.com dev.example.com\n"
12178
"nameserver 8.8.8.8\n"
12179
"nameserver 8.8.4.4\n"
15454
"iface eth0 inet static\n"
15455
" address 192.168.3.3\n"
15456
" netmask 255.255.255.0\n"
15457
" gateway 192.168.3.1\n"
15458
" dns-search example.com sales.example.com dev.example.com\n"
15459
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12180
15460
msgstr ""
12181
15461
12182
#: serverguide/C/network-config.xml:388(para)
15462
#: serverguide/C/network-config.xml:404(para)
12183
15463
msgid ""
12184
15464
"If you try to ping a host with the name of <emphasis "
12185
15465
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12186
15466
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12187
15467
msgstr ""
12188
15468
12189
#: serverguide/C/network-config.xml:394(para)
15469
#: serverguide/C/network-config.xml:411(para)
12190
15470
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12191
15471
msgstr ""
12192
15472
12193
#: serverguide/C/network-config.xml:399(para)
15473
#: serverguide/C/network-config.xml:416(para)
12194
15474
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12195
15475
msgstr ""
12196
15476
12197
#: serverguide/C/network-config.xml:404(para)
15477
#: serverguide/C/network-config.xml:421(para)
12198
15478
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12199
15479
msgstr ""
12200
15480
12201
#: serverguide/C/network-config.xml:409(para)
15481
#: serverguide/C/network-config.xml:426(para)
12202
15482
msgid ""
12203
15483
"If no matches are found, the DNS server will provide a result of <emphasis "
12204
15484
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12205
15485
msgstr ""
12206
15486
12207
#: serverguide/C/network-config.xml:416(title)
15487
#: serverguide/C/network-config.xml:433(title)
12208
15488
msgid "Static Hostnames"
12209
15489
msgstr ""
12210
15490
12211
#: serverguide/C/network-config.xml:417(para)
15491
#: serverguide/C/network-config.xml:434(para)
12212
15492
msgid ""
12213
15493
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12214
15494
"file <filename>/etc/hosts</filename>. Entries in the "
12220
15500
"conveniently set to use static hostnames instead of DNS."
12221
15501
msgstr ""
12222
15502
12223
#: serverguide/C/network-config.xml:424(para)
15503
#: serverguide/C/network-config.xml:441(para)
12224
15504
msgid ""
12225
15505
"The following is an example of a <filename>hosts</filename> file where a "
12226
15506
"number of local servers have been identified by simple hostnames, aliases "
12227
15507
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12228
15508
msgstr ""
12229
15509
12230
#: serverguide/C/network-config.xml:428(programlisting)
15510
#: serverguide/C/network-config.xml:445(programlisting)
12231
15511
#, no-wrap
12232
15512
msgid ""
12233
15513
"\n"
12239
15519
"10.0.0.14\tserver4 file server4.example.com\n"
12240
15520
msgstr ""
12241
15521
12242
#: serverguide/C/network-config.xml:437(para)
15522
#: serverguide/C/network-config.xml:454(para)
12243
15523
msgid ""
12244
15524
"In the above example, notice that each of the servers have been given "
12245
15525
"aliases in addition to their proper names and FQDN's. <emphasis "
12252
15532
"role=\"italic\">file</emphasis>."
12253
15533
msgstr ""
12254
15534
12255
#: serverguide/C/network-config.xml:449(title)
15535
#: serverguide/C/network-config.xml:466(title)
12256
15536
msgid "Name Service Switch Configuration"
12257
15537
msgstr ""
12258
15538
12259
#: serverguide/C/network-config.xml:450(para)
15539
#: serverguide/C/network-config.xml:467(para)
12260
15540
msgid ""
12261
15541
"The order in which your system selects a method of resolving hostnames to IP "
12262
15542
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12267
15547
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12268
15548
msgstr ""
12269
15549
12270
#: serverguide/C/network-config.xml:458(programlisting)
15550
#: serverguide/C/network-config.xml:475(programlisting)
12271
15551
#, no-wrap
12272
15552
msgid ""
12273
15553
"\n"
12274
15554
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12275
15555
msgstr ""
12276
15556
12277
#: serverguide/C/network-config.xml:464(para)
15557
#: serverguide/C/network-config.xml:481(para)
12278
15558
msgid ""
12279
15559
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12280
15560
"hostnames located in <filename>/etc/hosts</filename>."
12281
15561
msgstr ""
12282
15562
12283
#: serverguide/C/network-config.xml:470(para)
15563
#: serverguide/C/network-config.xml:487(para)
12284
15564
msgid ""
12285
15565
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12286
15566
"name using Multicast DNS."
12287
15567
msgstr ""
12288
15568
12289
#: serverguide/C/network-config.xml:475(para)
15569
#: serverguide/C/network-config.xml:492(para)
12290
15570
msgid ""
12291
15571
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12292
15572
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12295
15575
"answer."
12296
15576
msgstr ""
12297
15577
12298
#: serverguide/C/network-config.xml:483(para)
15578
#: serverguide/C/network-config.xml:500(para)
12299
15579
msgid ""
12300
15580
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12301
15581
msgstr ""
12302
15582
12303
#: serverguide/C/network-config.xml:488(para)
15583
#: serverguide/C/network-config.xml:505(para)
12304
15584
msgid ""
12305
15585
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12306
15586
msgstr ""
12307
15587
12308
#: serverguide/C/network-config.xml:494(para)
15588
#: serverguide/C/network-config.xml:511(para)
12309
15589
msgid ""
12310
15590
"To modify the order of the above mentioned name resolution methods, you can "
12311
15591
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12314
15594
"<filename>/etc/nsswitch.conf</filename> as shown below."
12315
15595
msgstr ""
12316
15596
12317
#: serverguide/C/network-config.xml:501(programlisting)
15597
#: serverguide/C/network-config.xml:518(programlisting)
12318
15598
#, no-wrap
12319
15599
msgid ""
12320
15600
"\n"
12321
15601
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12322
15602
msgstr ""
12323
15603
12324
#: serverguide/C/network-config.xml:508(title)
12325
msgid "Bridging"
12326
msgstr ""
12327
12328
#: serverguide/C/network-config.xml:510(para)
15604
#: serverguide/C/network-config.xml:527(para)
12329
15605
msgid ""
12330
15606
"Bridging multiple interfaces is a more advanced configuration, but is very "
12331
15607
"useful in multiple scenarios. One scenario is setting up a bridge with "
12335
15611
"The following example covers the latter scenario."
12336
15612
msgstr ""
12337
15613
12338
#: serverguide/C/network-config.xml:517(para)
15614
#: serverguide/C/network-config.xml:534(para)
12339
15615
msgid ""
12340
15616
"Before configuring a bridge you will need to install the <application>bridge-"
12341
15617
"utils</application> package. To install the package, in a terminal enter:"
12342
15618
msgstr ""
12343
15619
12344
#: serverguide/C/network-config.xml:523(command)
12345
msgid "sudo apt-get install bridge-utils"
12346
msgstr ""
12347
12348
#: serverguide/C/network-config.xml:526(para)
15620
#: serverguide/C/network-config.xml:543(para)
12349
15621
msgid ""
12350
15622
"Next, configure the bridge by editing "
12351
15623
"<filename>/etc/network/interfaces</filename>:"
12352
15624
msgstr ""
12353
15625
12354
#: serverguide/C/network-config.xml:530(programlisting)
15626
#: serverguide/C/network-config.xml:547(programlisting)
12355
15627
#, no-wrap
12356
15628
msgid ""
12357
15629
"\n"
12372
15644
" bridge_stp off\n"
12373
15645
msgstr ""
12374
15646
12375
#: serverguide/C/network-config.xml:549(para)
15647
#: serverguide/C/network-config.xml:566(para)
12376
15648
msgid "Enter the appropriate values for your physical interface and network."
12377
15649
msgstr ""
12378
15650
12379
#: serverguide/C/network-config.xml:554(para)
15651
#: serverguide/C/network-config.xml:571(para)
12380
15652
msgid "Now restart networking to enable the bridge interface:"
12381
15653
msgstr ""
12382
15654
12383
#: serverguide/C/network-config.xml:561(para)
15655
#: serverguide/C/network-config.xml:576(command)
15656
msgid "sudo /etc/init.d/networking restart"
15657
msgstr "sudo /etc/init.d/networking restart"
15658
15659
#: serverguide/C/network-config.xml:578(para)
12384
15660
msgid ""
12385
15661
"The new bridge interface should now be up and running. The "
12386
15662
"<application>brctl</application> provides useful information about the state "
12388
15664
"<command>man brctl</command> for more information."
12389
15665
msgstr ""
12390
15666
12391
#: serverguide/C/network-config.xml:577(para)
15667
#: serverguide/C/network-config.xml:594(para)
12392
15668
msgid ""
12393
15669
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12394
15670
"Network page</ulink> has links to articles covering more advanced network "
12395
15671
"configuration."
12396
15672
msgstr ""
12397
15673
12398
#: serverguide/C/network-config.xml:583(para)
12399
msgid ""
12400
"The <ulink "
12401
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12402
"\">interfaces man page</ulink> has details on more options for "
15674
#: serverguide/C/network-config.xml:600(para)
15675
msgid ""
15676
"The <ulink "
15677
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
15678
" man page</ulink> has more information on resolvconf."
15679
msgstr ""
15680
15681
#: serverguide/C/network-config.xml:606(para)
15682
msgid ""
15683
"The <ulink "
15684
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
15685
" man page</ulink> has details on more options for "
12403
15686
"<filename>/etc/network/interfaces</filename>."
12404
15687
msgstr ""
12405
15688
12406
#: serverguide/C/network-config.xml:589(para)
15689
#: serverguide/C/network-config.xml:612(para)
12407
15690
msgid ""
12408
15691
"The <ulink "
12409
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12410
"dhclient man page</ulink> has details on more options for configuring DHCP "
12411
"client settings."
15692
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
15693
"man page</ulink> has details on more options for configuring DHCP client "
15694
"settings."
12412
15695
msgstr ""
12413
15696
12414
#: serverguide/C/network-config.xml:595(para)
15697
#: serverguide/C/network-config.xml:618(para)
12415
15698
msgid ""
12416
15699
"For more information on DNS client configuration see the <ulink "
12417
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12418
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
15700
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
15701
"man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12419
15702
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12420
15703
"Administrator's Guide</ulink> is a good source of resolver and name service "
12421
15704
"configuration information."
12422
15705
msgstr ""
12423
15706
12424
#: serverguide/C/network-config.xml:603(para)
15707
#: serverguide/C/network-config.xml:626(para)
12425
15708
msgid ""
12426
15709
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12427
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12428
"tl man page</ulink> and the Linux Foundation's <ulink "
15710
"url=\"http://manpages.ubuntu.com/manpages/man8/brctl.8.html\">brctl man "
15711
"page</ulink> and the Linux Foundation's <ulink "
12429
15712
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12430
15713
msgstr ""
12431
15714
12432
#: serverguide/C/network-config.xml:614(title)
15715
#: serverguide/C/network-config.xml:637(title)
12433
15716
msgid "TCP/IP"
12434
15717
msgstr ""
12435
15718
12436
#: serverguide/C/network-config.xml:615(para)
15719
#: serverguide/C/network-config.xml:638(para)
12437
15720
msgid ""
12438
15721
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12439
15722
"standard set of protocols developed in the late 1970s by the Defense "
12443
15726
"network protocols on Earth."
12444
15727
msgstr ""
12445
15728
12446
#: serverguide/C/network-config.xml:623(title)
15729
#: serverguide/C/network-config.xml:646(title)
12447
15730
msgid "TCP/IP Introduction"
12448
15731
msgstr ""
12449
15732
12450
#: serverguide/C/network-config.xml:624(para)
15733
#: serverguide/C/network-config.xml:647(para)
12451
15734
msgid ""
12452
15735
"The two protocol components of TCP/IP deal with different aspects of "
12453
15736
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12462
15745
"host."
12463
15746
msgstr ""
12464
15747
12465
#: serverguide/C/network-config.xml:637(title)
15748
#: serverguide/C/network-config.xml:660(title)
12466
15749
msgid "TCP/IP Configuration"
12467
15750
msgstr ""
12468
15751
12469
#: serverguide/C/network-config.xml:638(para)
15752
#: serverguide/C/network-config.xml:661(para)
12470
15753
msgid ""
12471
15754
"The TCP/IP protocol configuration consists of several elements which must be "
12472
15755
"set by editing the appropriate configuration files, or deploying solutions "
12477
15760
"system."
12478
15761
msgstr ""
12479
15762
12480
#: serverguide/C/network-config.xml:650(para)
15763
#: serverguide/C/network-config.xml:673(para)
12481
15764
msgid ""
12482
15765
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12483
15766
"identifying string expressed as four decimal numbers ranging from zero (0) "
12487
15770
"<emphasis>dotted quad notation</emphasis>."
12488
15771
msgstr ""
12489
15772
12490
#: serverguide/C/network-config.xml:660(para)
15773
#: serverguide/C/network-config.xml:683(para)
12491
15774
msgid ""
12492
15775
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12493
15776
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12498
15781
"remain available for specifying hosts on the subnetwork."
12499
15782
msgstr ""
12500
15783
12501
#: serverguide/C/network-config.xml:671(para)
15784
#: serverguide/C/network-config.xml:694(para)
12502
15785
msgid ""
12503
15786
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12504
15787
"represents the bytes comprising the network portion of an IP address. For "
12511
15794
"network and a zero (0) for all the possible hosts on the network."
12512
15795
msgstr ""
12513
15796
12514
#: serverguide/C/network-config.xml:684(para)
15797
#: serverguide/C/network-config.xml:707(para)
12515
15798
msgid ""
12516
15799
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12517
15800
"is an IP address which allows network data to be sent simultaneously to all "
12525
15808
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12526
15809
msgstr ""
12527
15810
12528
#: serverguide/C/network-config.xml:697(para)
15811
#: serverguide/C/network-config.xml:720(para)
12529
15812
msgid ""
12530
15813
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12531
15814
"IP address through which a particular network, or host on a network, may be "
12538
15821
"not be able to reach any hosts beyond those on the same network."
12539
15822
msgstr ""
12540
15823
12541
#: serverguide/C/network-config.xml:708(para)
15824
#: serverguide/C/network-config.xml:731(para)
12542
15825
msgid ""
12543
15826
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12544
15827
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12554
15837
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12555
15838
msgstr ""
12556
15839
12557
#: serverguide/C/network-config.xml:722(para)
15840
#: serverguide/C/network-config.xml:745(para)
12558
15841
msgid ""
12559
15842
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12560
15843
"Address are typically specified via the appropriate directives in the file "
12566
15849
"typed at a terminal prompt:"
12567
15850
msgstr ""
12568
15851
12569
#: serverguide/C/network-config.xml:729(para)
15852
#: serverguide/C/network-config.xml:752(para)
12570
15853
msgid ""
12571
15854
"Access the system manual page for <filename>interfaces</filename> with the "
12572
15855
"following command:"
12573
15856
msgstr ""
12574
15857
12575
#: serverguide/C/network-config.xml:734(command)
15858
#: serverguide/C/network-config.xml:757(command)
12576
15859
msgid "man interfaces"
12577
15860
msgstr ""
12578
15861
12579
#: serverguide/C/network-config.xml:737(para)
15862
#: serverguide/C/network-config.xml:760(para)
12580
15863
msgid ""
12581
15864
"Access the system manual page for <filename>resolv.conf</filename> with the "
12582
15865
"following command:"
12583
15866
msgstr ""
12584
15867
12585
#: serverguide/C/network-config.xml:741(command)
15868
#: serverguide/C/network-config.xml:765(command)
12586
15869
msgid "man resolv.conf"
12587
15870
msgstr ""
12588
15871
12589
#: serverguide/C/network-config.xml:646(para)
15872
#: serverguide/C/network-config.xml:669(para)
12590
15873
msgid ""
12591
15874
"The common configuration elements of TCP/IP and their purposes are as "
12592
15875
"follows: <placeholder-1/>"
12593
15876
msgstr ""
12594
15877
12595
#: serverguide/C/network-config.xml:748(title)
15878
#: serverguide/C/network-config.xml:773(title)
12596
15879
msgid "IP Routing"
12597
15880
msgstr ""
12598
15881
12599
#: serverguide/C/network-config.xml:749(para)
15882
#: serverguide/C/network-config.xml:774(para)
12600
15883
msgid ""
12601
15884
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12602
15885
"network along which network data may be sent. Routing uses a set of "
12607
15890
"<emphasis>Dynamic Routing.</emphasis>"
12608
15891
msgstr ""
12609
15892
12610
#: serverguide/C/network-config.xml:758(para)
15893
#: serverguide/C/network-config.xml:783(para)
12611
15894
msgid ""
12612
15895
"Static routing involves manually adding IP routes to the system's routing "
12613
15896
"table, and this is usually done by manipulating the routing table with the "
12622
15905
"and failures along the route due to the fixed nature of the route."
12623
15906
msgstr ""
12624
15907
12625
#: serverguide/C/network-config.xml:768(para)
15908
#: serverguide/C/network-config.xml:793(para)
12626
15909
msgid ""
12627
15910
"Dynamic routing depends on large networks with multiple possible IP routes "
12628
15911
"from a source to a destination and makes use of special routing protocols, "
12639
15922
"immediately benefit the end users, but still consumes network bandwidth."
12640
15923
msgstr ""
12641
15924
12642
#: serverguide/C/network-config.xml:782(title)
15925
#: serverguide/C/network-config.xml:807(title)
12643
15926
msgid "TCP and UDP"
12644
15927
msgstr ""
12645
15928
12646
#: serverguide/C/network-config.xml:783(para)
15929
#: serverguide/C/network-config.xml:808(para)
12647
15930
msgid ""
12648
15931
"TCP is a connection-based protocol, offering error correction and guaranteed "
12649
15932
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12654
15937
"important information such as database transactions."
12655
15938
msgstr ""
12656
15939
12657
#: serverguide/C/network-config.xml:791(para)
15940
#: serverguide/C/network-config.xml:816(para)
12658
15941
msgid ""
12659
15942
"The User Datagram Protocol (UDP), on the other hand, is a "
12660
15943
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12665
15948
"loss of a few packets is not generally catastrophic."
12666
15949
msgstr ""
12667
15950
12668
#: serverguide/C/network-config.xml:801(title)
15951
#: serverguide/C/network-config.xml:826(title)
12669
15952
msgid "ICMP"
12670
15953
msgstr ""
12671
15954
12672
#: serverguide/C/network-config.xml:802(para)
15955
#: serverguide/C/network-config.xml:827(para)
12673
15956
msgid ""
12674
15957
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12675
15958
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12682
15965
"<emphasis>Time Exceeded</emphasis>."
12683
15966
msgstr ""
12684
15967
12685
#: serverguide/C/network-config.xml:812(title)
15968
#: serverguide/C/network-config.xml:837(title)
12686
15969
msgid "Daemons"
12687
15970
msgstr ""
12688
15971
12689
#: serverguide/C/network-config.xml:813(para)
15972
#: serverguide/C/network-config.xml:838(para)
12690
15973
msgid ""
12691
15974
"Daemons are special system applications which typically execute continuously "
12692
15975
"in the background and await requests for the functions they provide from "
12700
15983
"Daemon</emphasis> (imapd), which provides E-Mail services."
12701
15984
msgstr ""
12702
15985
12703
#: serverguide/C/network-config.xml:828(para)
15986
#: serverguide/C/network-config.xml:853(para)
12704
15987
msgid ""
12705
15988
"There are man pages for <ulink "
12706
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
12707
"ulink> and <ulink "
12708
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
12709
"> that contain more useful information."
15989
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man7/tcp.7.html\">TCP</u"
15990
"link> and <ulink "
15991
"url=\"http://manpages.ubuntu.com/manpages/precise/man7/ip.7.html\">IP</ulink>"
15992
" that contain more useful information."
12710
15993
msgstr ""
12711
15994
12712
#: serverguide/C/network-config.xml:834(para)
15995
#: serverguide/C/network-config.xml:859(para)
12713
15996
msgid ""
12714
15997
"Also, see the <ulink "
12715
15998
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12716
15999
"and Technical Overview</ulink> IBM Redbook."
12717
16000
msgstr ""
12718
16001
12719
#: serverguide/C/network-config.xml:840(para)
16002
#: serverguide/C/network-config.xml:865(para)
12720
16003
msgid ""
12721
16004
"Another resource is O'Reilly's <ulink "
12722
16005
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12723
16006
"Administration</ulink>."
12724
16007
msgstr ""
12725
16008
12726
#: serverguide/C/network-config.xml:849(title)
16009
#: serverguide/C/network-config.xml:874(title)
12727
16010
msgid "Dynamic Host Configuration Protocol (DHCP)"
12728
16011
msgstr ""
12729
16012
12730
#: serverguide/C/network-config.xml:850(para)
16013
#: serverguide/C/network-config.xml:875(para)
12731
16014
msgid ""
12732
16015
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12733
16016
"enables host computers to be automatically assigned settings from a server "
12736
16019
"DHCP server, and the configuration is transparent to the computer's user."
12737
16020
msgstr ""
12738
16021
12739
#: serverguide/C/network-config.xml:857(para)
16022
#: serverguide/C/network-config.xml:882(para)
12740
16023
msgid ""
12741
16024
"The most common settings provided by a DHCP server to DHCP clients include:"
12742
16025
msgstr ""
12743
16026
12744
#: serverguide/C/network-config.xml:862(para)
12745
msgid "IP-Address and Netmask"
12746
msgstr ""
12747
12748
#: serverguide/C/network-config.xml:865(para)
12749
msgid "DNS"
12750
msgstr ""
12751
12752
#: serverguide/C/network-config.xml:868(para)
12753
msgid "WINS"
12754
msgstr ""
12755
12756
#: serverguide/C/network-config.xml:871(para)
16027
#: serverguide/C/network-config.xml:887(para)
16028
msgid "IP address and netmask"
16029
msgstr ""
16030
16031
#: serverguide/C/network-config.xml:890(para)
16032
msgid "IP address of the default-gateway to use"
16033
msgstr ""
16034
16035
#: serverguide/C/network-config.xml:893(para)
16036
msgid "IP adresses of the DNS servers to use"
16037
msgstr ""
16038
16039
#: serverguide/C/network-config.xml:896(para)
12757
16040
msgid ""
12758
16041
"However, a DHCP server can also supply configuration properties such as:"
12759
16042
msgstr ""
12760
16043
12761
#: serverguide/C/network-config.xml:876(para)
16044
#: serverguide/C/network-config.xml:901(para)
12762
16045
msgid "Host Name"
12763
16046
msgstr ""
12764
16047
12765
#: serverguide/C/network-config.xml:879(para)
16048
#: serverguide/C/network-config.xml:904(para)
12766
16049
msgid "Domain Name"
12767
16050
msgstr ""
12768
16051
12769
#: serverguide/C/network-config.xml:882(para)
12770
msgid "Default Gateway"
12771
msgstr ""
12772
12773
#: serverguide/C/network-config.xml:885(para)
16052
#: serverguide/C/network-config.xml:907(para)
12774
16053
msgid "Time Server"
12775
16054
msgstr ""
12776
16055
12777
#: serverguide/C/network-config.xml:888(para)
16056
#: serverguide/C/network-config.xml:910(para)
12778
16057
msgid "Print Server"
12779
16058
msgstr ""
12780
16059
12781
#: serverguide/C/network-config.xml:891(para)
16060
#: serverguide/C/network-config.xml:913(para)
12782
16061
msgid ""
12783
16062
"The advantage of using DHCP is that changes to the network, for example a "
12784
16063
"change in the address of the DNS server, need only be changed at the DHCP "
12789
16068
"also reduced."
12790
16069
msgstr ""
12791
16070
12792
#: serverguide/C/network-config.xml:899(para)
12793
msgid "A DHCP server can provide configuration settings using two methods:"
12794
msgstr ""
12795
12796
#: serverguide/C/network-config.xml:904(term)
12797
msgid "MAC Address"
12798
msgstr ""
12799
12800
#: serverguide/C/network-config.xml:906(para)
16071
#: serverguide/C/network-config.xml:921(para)
16072
msgid ""
16073
"A DHCP server can provide configuration settings using the following methods:"
16074
msgstr ""
16075
16076
#: serverguide/C/network-config.xml:926(term)
16077
msgid "Manual allocation (MAC address)"
16078
msgstr ""
16079
16080
#: serverguide/C/network-config.xml:928(para)
12801
16081
msgid ""
12802
16082
"This method entails using DHCP to identify the unique hardware address of "
12803
16083
"each network card connected to the network and then continually supplying a "
12804
16084
"constant configuration each time the DHCP client makes a request to the DHCP "
12805
"server using that network device."
12806
msgstr ""
12807
12808
#: serverguide/C/network-config.xml:915(term)
12809
msgid "Address Pool"
12810
msgstr ""
12811
12812
#: serverguide/C/network-config.xml:917(para)
12813
msgid ""
12814
"This method entails defining a pool (sometimes also called a range or scope) "
12815
"of IP addresses from which DHCP clients are supplied their configuration "
12816
"properties dynamically and on a \"first come, first served\" basis. When a "
12817
"DHCP client is no longer on the network for a specified period, the "
12818
"configuration is expired and released back to the address pool for use by "
12819
"other DHCP Clients."
12820
msgstr ""
12821
12822
#: serverguide/C/network-config.xml:928(para)
12823
msgid ""
12824
"Ubuntu is shipped with both DHCP server and client. The server is "
12825
"<application>dhcpd</application> (dynamic host configuration protocol "
12826
"daemon). The client provided with Ubuntu is "
12827
"<application>dhclient</application> and should be installed on all computers "
12828
"required to be automatically configured. Both programs are easy to install "
12829
"and configure and will be automatically started at system boot."
12830
msgstr ""
12831
12832
#: serverguide/C/network-config.xml:938(para)
16085
"server using that network device. This ensures that a particular address is "
16086
"assigned automatically to that network card, based on it's MAC address."
16087
msgstr ""
16088
16089
#: serverguide/C/network-config.xml:939(term)
16090
msgid "Dynamic allocation (address pool)"
16091
msgstr ""
16092
16093
#: serverguide/C/network-config.xml:941(para)
16094
msgid ""
16095
"In this method, the DHCP server will assign an IP address from a pool of "
16096
"addresses (sometimes also called a range or scope) for a period of time or "
16097
"lease, that is configured on the server or until the client informs the "
16098
"server that it doesn't need the address anymore. This way, the clients will "
16099
"be receiving their configuration properties dynamically and on a \"first "
16100
"come, first served\" basis. When a DHCP client is no longer on the network "
16101
"for a specified period, the configuration is expired and released back to "
16102
"the address pool for use by other DHCP Clients. This way, an address cand be "
16103
"leased or used for a period of time. After this period, the client has to "
16104
"renegociate the lease with the server to maintain use of the address."
16105
msgstr ""
16106
16107
#: serverguide/C/network-config.xml:954(term)
16108
msgid "Automatic allocation"
16109
msgstr ""
16110
16111
#: serverguide/C/network-config.xml:956(para)
16112
msgid ""
16113
"Using this method, the DHCP automatically assigns an IP address permanently "
16114
"to a device, selecting it from a pool of available addresses. Usually DHCP "
16115
"is used to assign a temporary address to a client, but a DHCP server can "
16116
"allow an infinite lease time."
16117
msgstr ""
16118
16119
#: serverguide/C/network-config.xml:963(para)
16120
msgid ""
16121
"The last two methods can be considered “automatic” because in each case the "
16122
"DHCP server assigns an address with no extra intervention needed. The only "
16123
"difference between them is in how long the IP address is leased, in other "
16124
"words whether a client's address varies over time. Ubuntu is shipped with "
16125
"both DHCP server and client. The server is <application>dhcpd</application> "
16126
"(dynamic host configuration protocol daemon). The client provided with "
16127
"Ubuntu is <application>dhclient</application> and should be installed on all "
16128
"computers required to be automatically configured. Both programs are easy to "
16129
"install and configure and will be automatically started at system boot."
16130
msgstr ""
16131
16132
#: serverguide/C/network-config.xml:978(para)
12833
16133
msgid ""
12834
16134
"At a terminal prompt, enter the following command to install "
12835
16135
"<application>dhcpd</application>:"
12836
16136
msgstr ""
12837
16137
12838
#: serverguide/C/network-config.xml:943(command)
12839
msgid "sudo apt-get install dhcp3-server"
16138
#: serverguide/C/network-config.xml:983(command)
16139
msgid "sudo apt-get install isc-dhcp-server"
12840
16140
msgstr ""
12841
16141
12842
#: serverguide/C/network-config.xml:945(para)
16142
#: serverguide/C/network-config.xml:985(para)
12843
16143
msgid ""
12844
16144
"You will probably need to change the default configuration by editing "
12845
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
16145
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
12846
16146
msgstr ""
12847
16147
12848
#: serverguide/C/network-config.xml:949(para)
16148
#: serverguide/C/network-config.xml:989(para)
12849
16149
msgid ""
12850
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12851
"dhcpd should listen to. By default it listens to eth0."
16150
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
16151
"interfaces dhcpd should listen to."
12852
16152
msgstr ""
12853
16153
12854
#: serverguide/C/network-config.xml:953(para)
16154
#: serverguide/C/network-config.xml:993(para)
12855
16155
msgid ""
12856
16156
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12857
16157
"messages."
12858
16158
msgstr ""
12859
16159
12860
#: serverguide/C/network-config.xml:960(para)
16160
#: serverguide/C/network-config.xml:1000(para)
12861
16161
msgid ""
12862
16162
"The error message the installation ends with might be a little confusing, "
12863
16163
"but the following steps will help you configure the service:"
12864
16164
msgstr ""
12865
16165
12866
#: serverguide/C/network-config.xml:964(para)
16166
#: serverguide/C/network-config.xml:1004(para)
12867
16167
msgid ""
12868
16168
"Most commonly, what you want to do is assign an IP address randomly. This "
12869
16169
"can be done with settings as follows:"
12870
16170
msgstr ""
12871
16171
12872
#: serverguide/C/network-config.xml:968(programlisting)
16172
#: serverguide/C/network-config.xml:1008(programlisting)
12873
16173
#, no-wrap
12874
16174
msgid ""
12875
16175
"\n"
12876
"# Sample /etc/dhcpd.conf\n"
12877
"# (add your comments here) \n"
16176
"# minimal sample /etc/dhcp/dhcpd.conf\n"
12878
16177
"default-lease-time 600;\n"
12879
16178
"max-lease-time 7200;\n"
12880
"option subnet-mask 255.255.255.0;\n"
12881
"option broadcast-address 192.168.1.255;\n"
12882
"option routers 192.168.1.254;\n"
12883
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12884
"option domain-name \"mydomain.example\";\n"
12885
16179
"\n"
12886
16180
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12887
"range 192.168.1.10 192.168.1.100;\n"
12888
"range 192.168.1.150 192.168.1.200;\n"
16181
" range 192.168.1.150 192.168.1.200;\n"
16182
" option routers 192.168.1.254;\n"
16183
" option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
16184
" option domain-name \"mydomain.example\";\n"
12889
16185
"} \n"
12890
16186
msgstr ""
12891
16187
12892
#: serverguide/C/network-config.xml:984(para)
12893
msgid ""
12894
"This will result in the DHCP server giving a client an IP address from the "
12895
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12896
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12897
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12898
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12899
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12900
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12901
msgstr ""
12902
12903
#: serverguide/C/network-config.xml:993(para)
12904
msgid ""
12905
"If you need to specify a WINS server for your Windows clients, you will need "
12906
"to include the netbios-name-servers option, e.g."
12907
msgstr ""
12908
12909
#: serverguide/C/network-config.xml:997(programlisting)
12910
#, no-wrap
12911
msgid ""
12912
"\n"
12913
"option netbios-name-servers 192.168.1.1; \n"
12914
msgstr ""
12915
12916
#: serverguide/C/network-config.xml:1000(para)
12917
msgid ""
12918
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12919
"be found <ulink "
12920
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12921
msgstr ""
12922
12923
#: serverguide/C/network-config.xml:1010(para)
16188
#: serverguide/C/network-config.xml:1020(para)
16189
msgid ""
16190
"This will result in the DHCP server giving clients an IP address from the "
16191
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
16192
"seconds if the client doesn't ask for a specific time frame. Otherwise the "
16193
"maximum (allowed) lease will be 7200 seconds. The server will also "
16194
"\"advise\" the client to use 192.168.1.254 as the default-gateway and "
16195
"192.168.1.1 and 192.168.1.2 as its DNS servers."
16196
msgstr ""
16197
16198
#: serverguide/C/network-config.xml:1028(para)
16199
msgid ""
16200
"After changing the config file you have to restart the "
16201
"<application>dhcpd</application>:"
16202
msgstr ""
16203
16204
#: serverguide/C/network-config.xml:1033(command)
16205
msgid "sudo /etc/init.d/isc-dhcp-server restart"
16206
msgstr ""
16207
16208
#: serverguide/C/network-config.xml:1041(para)
12924
16209
msgid ""
12925
16210
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12926
16211
"server Ubuntu Wiki</ulink> page has more information."
12927
16212
msgstr ""
12928
16213
12929
#: serverguide/C/network-config.xml:1015(para)
12930
msgid ""
12931
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
12932
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
12933
"\">dhcpd.conf man page</ulink>."
12934
msgstr ""
12935
12936
#: serverguide/C/network-config.xml:1021(para)
12937
msgid ""
12938
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12939
"FAQ</ulink>"
12940
msgstr ""
12941
12942
#: serverguide/C/network-config.xml:1031(title)
16214
#: serverguide/C/network-config.xml:1046(para)
16215
msgid ""
16216
"For more <filename>/etc/dhcp/dhcpd.conf</filename> options see the <ulink "
16217
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man5/dhcpd.conf.5.html\""
16218
">dhcpd.conf man page</ulink>."
16219
msgstr ""
16220
16221
#: serverguide/C/network-config.xml:1053(ulink)
16222
msgid "ISC dhcp-server"
16223
msgstr ""
16224
16225
#: serverguide/C/network-config.xml:1062(title)
12943
16226
msgid "Time Synchronisation with NTP"
12944
16227
msgstr ""
12945
16228
12946
#: serverguide/C/network-config.xml:1032(para)
12947
msgid ""
12948
"This page describes methods for keeping your computer's time accurate. This "
12949
"is useful for servers, but is not necessary (or desirable) for desktop "
12950
"machines."
12951
msgstr ""
12952
12953
#: serverguide/C/network-config.xml:1035(para)
16229
#: serverguide/C/network-config.xml:1063(para)
12954
16230
msgid ""
12955
16231
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12956
16232
"client requests the current time from a server, and uses it to set its own "
12957
16233
"clock."
12958
16234
msgstr ""
12959
16235
12960
#: serverguide/C/network-config.xml:1038(para)
16236
#: serverguide/C/network-config.xml:1066(para)
12961
16237
msgid ""
12962
16238
"Behind this simple description, there is a lot of complexity - there are "
12963
16239
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12964
"clocks (often via GPS), and tier two and three servers spreading the load of "
12965
"actually handling requests across the Internet. Also the client software is "
12966
"a lot more complex than you might think - it has to factor out communication "
16240
"clocks, and tier two and three servers spreading the load of actually "
16241
"handling requests across the Internet. Also the client software is a lot "
16242
"more complex than you might think - it has to factor out communication "
12967
16243
"delays, and adjust the time in a way that does not upset all the other "
12968
16244
"processes that run on the server. But luckily all that complexity is hidden "
12969
16245
"from you!"
12970
16246
msgstr ""
12971
16247
12972
#: serverguide/C/network-config.xml:1041(para)
12973
msgid ""
12974
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
16248
#: serverguide/C/network-config.xml:1069(para)
16249
msgid "Ubuntu uses ntpdate and ntpd."
12975
16250
msgstr ""
12976
16251
12977
#: serverguide/C/network-config.xml:1046(title)
16252
#: serverguide/C/network-config.xml:1074(title)
12978
16253
msgid "ntpdate"
12979
16254
msgstr ""
12980
16255
12981
#: serverguide/C/network-config.xml:1047(para)
16256
#: serverguide/C/network-config.xml:1075(para)
12982
16257
msgid ""
12983
16258
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12984
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12985
"is likely to drift considerably between reboots, so it makes sense to "
12986
"correct the time occasionally. The easiest way to do this is to get cron to "
12987
"run ntpdate every day. With your favorite editor, as root, create a file "
12988
"<code>/etc/cron.daily/ntpdate</code> containing:"
16259
"set up your time according to Ubuntu's NTP server."
12989
16260
msgstr ""
12990
16261
12991
#: serverguide/C/network-config.xml:1052(screen)
16262
#: serverguide/C/network-config.xml:1078(programlisting)
12992
16263
#, no-wrap
12993
msgid "ntpdate ntp.ubuntu.com\n"
12994
msgstr ""
12995
12996
#: serverguide/C/network-config.xml:1054(para)
12997
16264
msgid ""
12998
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
12999
msgstr ""
13000
13001
#: serverguide/C/network-config.xml:1057(screen)
13002
#, no-wrap
13003
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
13004
msgstr ""
13005
13006
#: serverguide/C/network-config.xml:1061(title)
16265
"\n"
16266
"ntpdate -s ntp.ubuntu.com\n"
16267
msgstr ""
16268
16269
#: serverguide/C/network-config.xml:1084(title)
13007
16270
msgid "ntpd"
13008
16271
msgstr ""
13009
16272
13010
#: serverguide/C/network-config.xml:1062(para)
13011
msgid ""
13012
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
13013
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
13014
"calculates the drift of your system clock and continuously adjusts it, so "
13015
"there are no large corrections that could lead to inconsistent logs for "
13016
"instance. The cost is a little processing power and memory, but for a modern "
13017
"server this is negligible."
13018
msgstr ""
13019
13020
#: serverguide/C/network-config.xml:1065(para)
13021
msgid "To set up ntpd:"
13022
msgstr ""
13023
13024
#: serverguide/C/network-config.xml:1066(screen)
13025
#, no-wrap
13026
msgid "sudo apt-get install ntp\n"
13027
msgstr ""
13028
13029
#: serverguide/C/network-config.xml:1071(title)
13030
msgid "Changing Time Servers"
13031
msgstr ""
13032
13033
#: serverguide/C/network-config.xml:1072(para)
13034
msgid ""
13035
"In both cases above, your system will use Ubuntu's NTP server at "
13036
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
13037
"use several servers to increase accuracy and resilience, and you may want to "
13038
"use time servers that are geographically closer to you. to do this for "
13039
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
13040
msgstr ""
13041
13042
#: serverguide/C/network-config.xml:1079(screen)
13043
#, no-wrap
13044
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
13045
msgstr ""
13046
13047
#: serverguide/C/network-config.xml:1081(para)
13048
msgid ""
13049
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
13050
"lines:"
13051
msgstr ""
13052
13053
#: serverguide/C/network-config.xml:1086(screen)
13054
#, no-wrap
13055
msgid ""
13056
"server ntp.ubuntu.com\n"
13057
"server pool.ntp.org\n"
13058
msgstr ""
13059
13060
#: serverguide/C/network-config.xml:1089(para)
13061
msgid ""
13062
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
13063
"really good idea which uses round-robin DNS to return an NTP server from a "
13064
"pool, spreading the load between several different servers. Even better, "
13065
"they have pools for different regions - for instance, if you are in New "
13066
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
13067
"<code>pool.ntp.org</code> . Look at <ulink "
13068
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
13069
"details."
13070
msgstr ""
13071
13072
#: serverguide/C/network-config.xml:1100(para)
13073
msgid ""
13074
"You can also Google for NTP servers in your region, and add these to your "
13075
"configuration. To test that a server works, just type <code>sudo ntpdate "
13076
"ntp.server.name</code> and see what happens."
13077
msgstr ""
13078
13079
#: serverguide/C/network-config.xml:1111(para)
16273
#: serverguide/C/network-config.xml:1085(para)
16274
msgid ""
16275
"The ntp daemon ntpd calculates the drift of your system clock and "
16276
"continuously adjusts it, so there are no large corrections that could lead "
16277
"to inconsistent logs for instance. The cost is a little processing power and "
16278
"memory, but for a modern server this is negligible."
16279
msgstr ""
16280
16281
#: serverguide/C/network-config.xml:1092(para)
16282
msgid "To install ntpd, from a terminal prompt enter:"
16283
msgstr ""
16284
16285
#: serverguide/C/network-config.xml:1104(para)
16286
msgid ""
16287
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
16288
"default these servers are configured:"
16289
msgstr ""
16290
16291
#: serverguide/C/network-config.xml:1109(programlisting)
16292
#, no-wrap
16293
msgid ""
16294
"\n"
16295
"# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board\n"
16296
"# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for\n"
16297
"# more information.\n"
16298
"server 0.ubuntu.pool.ntp.org\n"
16299
"server 1.ubuntu.pool.ntp.org\n"
16300
"server 2.ubuntu.pool.ntp.org\n"
16301
"server 3.ubuntu.pool.ntp.org\n"
16302
msgstr ""
16303
16304
#: serverguide/C/network-config.xml:1119(para)
16305
msgid ""
16306
"After changing the config file you have to reload the "
16307
"<application>ntpd</application>:"
16308
msgstr ""
16309
16310
#: serverguide/C/network-config.xml:1124(command)
16311
msgid "sudo /etc/init.d/ntp reload"
16312
msgstr ""
16313
16314
#: serverguide/C/network-config.xml:1128(title)
16315
msgid "View status"
16316
msgstr ""
16317
16318
#: serverguide/C/network-config.xml:1129(para)
16319
msgid "Use ntpq to see to see more info:"
16320
msgstr ""
16321
16322
#: serverguide/C/network-config.xml:1133(userinput)
16323
#, no-wrap
16324
msgid "# sudo ntpq -p"
16325
msgstr ""
16326
16327
#: serverguide/C/network-config.xml:1132(screen)
16328
#, no-wrap
16329
msgid ""
16330
"\n"
16331
"<placeholder-1/>\n"
16332
" remote refid st t when poll reach delay offset "
16333
"jitter\n"
16334
"============================================================================="
16335
"=\n"
16336
"+stratum2-2.NTP. 129.70.130.70 2 u 5 64 377 68.461 -44.274 "
16337
"110.334\n"
16338
"+ntp2.m-online.n 212.18.1.106 2 u 5 64 377 54.629 -27.318 "
16339
"78.882\n"
16340
"*145.253.66.170 .DCFa. 1 u 10 64 377 83.607 -30.159 "
16341
"68.343\n"
16342
"+stratum2-3.NTP. 129.70.130.70 2 u 5 64 357 68.795 -68.168 "
16343
"104.612\n"
16344
"+europium.canoni 193.79.237.14 2 u 63 64 337 81.534 -67.968 "
16345
"92.792\n"
16346
msgstr ""
16347
16348
#: serverguide/C/network-config.xml:1149(para)
13080
16349
msgid ""
13081
16350
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13082
16351
"Time</ulink> wiki page for more information."
13083
16352
msgstr ""
13084
16353
13085
#: serverguide/C/network-config.xml:1117(ulink)
13086
msgid "NTP Support"
13087
msgstr ""
13088
13089
#: serverguide/C/network-config.xml:1122(ulink)
13090
msgid "The NTP FAQ and HOWTO"
13091
msgstr ""
13092
13093
#: serverguide/C/network-auth.xml:13(title)
16354
#: serverguide/C/network-config.xml:1155(ulink)
16355
msgid "ntp.org, home of the Network Time Protocol project"
16356
msgstr ""
16357
16358
#: serverguide/C/network-auth.xml:14(title)
13094
16359
msgid "Network Authentication"
13095
16360
msgstr ""
13096
16361
13097
#: serverguide/C/network-auth.xml:15(para)
13098
msgid "This section explains various Network Authentication protocols."
16362
#: serverguide/C/network-auth.xml:16(para)
16363
msgid ""
16364
"This section applies LDAP to network authentication and authorization."
13099
16365
msgstr ""
13100
16366
13101
#: serverguide/C/network-auth.xml:19(title)
16367
#: serverguide/C/network-auth.xml:21(title)
13102
16368
msgid "OpenLDAP Server"
13103
16369
msgstr ""
13104
16370
13105
#: serverguide/C/network-auth.xml:20(para)
13106
msgid ""
13107
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
13108
"simplified version of the X.500 protocol. The directory setup in this "
13109
"section will be used for authentication. Nevertheless, LDAP can be used in "
13110
"numerous ways: authentication, shared directory (for mail clients), address "
13111
"book, etc."
13112
msgstr ""
13113
13114
#: serverguide/C/network-auth.xml:28(para)
13115
msgid ""
13116
"To describe LDAP quickly, all information is stored in a tree structure. "
13117
"With <application>OpenLDAP</application> you have freedom to determine the "
13118
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
13119
"We will begin with a basic tree containing two nodes below the root:"
13120
msgstr ""
13121
13122
#: serverguide/C/network-auth.xml:37(para)
13123
msgid "\"People\" node where your users will be stored"
13124
msgstr ""
13125
13126
#: serverguide/C/network-auth.xml:40(para)
13127
msgid "\"Groups\" node where your groups will be stored"
13128
msgstr ""
13129
13130
#: serverguide/C/network-auth.xml:44(para)
13131
msgid ""
13132
"Before beginning, you should determine what the root of your LDAP directory "
13133
"will be. By default, your tree will be determined by your Fully Qualified "
13134
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
13135
"example), your root node will be dc=example,dc=com."
13136
msgstr ""
13137
13138
#: serverguide/C/network-auth.xml:54(para)
13139
msgid ""
13140
"First, install the <application>OpenLDAP</application> server daemon "
13141
"<application>slapd</application> and <application>ldap-utils</application>, "
13142
"a package containing LDAP management utilities:"
13143
msgstr ""
13144
13145
#: serverguide/C/network-auth.xml:60(command)
13146
msgid "sudo apt-get install slapd ldap-utils"
13147
msgstr ""
13148
13149
#: serverguide/C/network-auth.xml:63(para)
13150
msgid ""
13151
"By default <application>slapd</application> is configured with minimal "
13152
"options needed to run the <application>slapd</application> daemon."
16371
#: serverguide/C/network-auth.xml:23(para)
16372
msgid ""
16373
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
16374
"querying and modifying a X.500-based directory service running over TCP/IP. "
16375
"The current LDAP version is LDAPv3, as defined in <ulink "
16376
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the LDAP "
16377
"implementation used in Ubuntu is OpenLDAP, currently at version 2.4.25 "
16378
"(Oneiric)."
16379
msgstr ""
16380
16381
#: serverguide/C/network-auth.xml:29(para)
16382
msgid ""
16383
"So this protocol accesses LDAP directories. Here are some key concepts and "
16384
"terms:"
16385
msgstr ""
16386
16387
#: serverguide/C/network-auth.xml:36(para)
16388
msgid ""
16389
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
16390
"hierarchical in nature and is called the Directory Information Tree (DIT)."
16391
msgstr ""
16392
16393
#: serverguide/C/network-auth.xml:43(para)
16394
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
16395
msgstr ""
16396
16397
#: serverguide/C/network-auth.xml:49(para)
16398
msgid ""
16399
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
16400
"more <emphasis>values</emphasis>."
16401
msgstr ""
16402
16403
#: serverguide/C/network-auth.xml:55(para)
16404
msgid ""
16405
"Every attribute must be defined in at least one "
16406
"<emphasis>objectClass</emphasis>."
16407
msgstr ""
16408
16409
#: serverguide/C/network-auth.xml:61(para)
16410
msgid ""
16411
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
16412
"objectclass is actually considered as a special kind of attribute)."
13153
16413
msgstr ""
13154
16414
13155
16415
#: serverguide/C/network-auth.xml:68(para)
13156
16416
msgid ""
13157
"The configuration example in the following sections will match the domain "
13158
"name of the server. For example, if the machine's Fully Qualified Domain "
13159
"Name (FQDN) is ldap.example.com, the default suffix will be "
16417
"Each entry has a unique identifier: it's <emphasis>Distinguished "
16418
"Name</emphasis> (DN or dn). This consists of it's <emphasis>Relative "
16419
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
16420
msgstr ""
16421
16422
#: serverguide/C/network-auth.xml:75(para)
16423
msgid ""
16424
"The entry's DN is not an attribute. It is not considered part of the entry "
16425
"itself."
16426
msgstr ""
16427
16428
#: serverguide/C/network-auth.xml:83(para)
16429
msgid ""
16430
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
16431
"<emphasis>node</emphasis> have certain connotations but they all essentially "
16432
"mean the same thing as <emphasis>entry</emphasis>, the technically correct "
16433
"term."
16434
msgstr ""
16435
16436
#: serverguide/C/network-auth.xml:89(para)
16437
msgid ""
16438
"For example, below we have a single entry consisting of 11 attributes. It's "
16439
"DN is \"cn=John Doe,dc=example,dc=com\"; it's RDN is \"cn=John Doe\"; and "
16440
"it's parent DN is \"dc=example,dc=com\"."
16441
msgstr ""
16442
16443
#: serverguide/C/network-auth.xml:94(programlisting)
16444
#, no-wrap
16445
msgid ""
16446
"\n"
16447
" dn: cn=John Doe,dc=example,dc=com\n"
16448
" cn: John Doe\n"
16449
" givenName: John\n"
16450
" sn: Doe\n"
16451
" telephoneNumber: +1 888 555 6789\n"
16452
" telephoneNumber: +1 888 555 1232\n"
16453
" mail: john@example.com\n"
16454
" manager: cn=Larry Smith,dc=example,dc=com\n"
16455
" objectClass: inetOrgPerson\n"
16456
" objectClass: organizationalPerson\n"
16457
" objectClass: person\n"
16458
" objectClass: top\n"
16459
msgstr ""
16460
16461
#: serverguide/C/network-auth.xml:109(para)
16462
msgid ""
16463
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
16464
"Interchange Format). Any information that you feed into your DIT must also "
16465
"be in such a format. It is defined in <ulink "
16466
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
16467
msgstr ""
16468
16469
#: serverguide/C/network-auth.xml:114(para)
16470
msgid ""
16471
"Although this guide will describe how to use it for central authentication, "
16472
"LDAP is good for anything that involves a large number of access requests to "
16473
"a mostly-read, attribute-based (name:value) backend. Examples include an "
16474
"address book, a list of email addresses, and a mail server's configuration."
16475
msgstr ""
16476
16477
#: serverguide/C/network-auth.xml:123(para)
16478
msgid ""
16479
"Install the OpenLDAP server daemon and the traditional LDAP management "
16480
"utilities. These are found in packages <application>slapd</application> and "
16481
"<application>ldap-utils</application> respectively."
16482
msgstr ""
16483
16484
#: serverguide/C/network-auth.xml:128(para)
16485
msgid ""
16486
"The installation of slapd will create a working configuration. In "
16487
"particular, it will create a database instance that you can use to store "
16488
"your data. However, the suffix (or base DN) of this instance will be "
16489
"determined from the domain name of the localhost. If you want something "
16490
"different, edit <filename>/etc/hosts</filename> and replace the domain name "
16491
"with one that will give you the suffix you desire. For instance, if you want "
16492
"a suffix of <emphasis>dc=example,dc=com</emphasis> then your file would have "
16493
"a line similar to this:"
16494
msgstr ""
16495
16496
#: serverguide/C/network-auth.xml:136(programlisting)
16497
#, no-wrap
16498
msgid ""
16499
"\n"
16500
"127.0.1.1 hostname.example.com\thostname\n"
16501
msgstr ""
16502
16503
#: serverguide/C/network-auth.xml:140(para)
16504
msgid "You can revert the change after package installation."
16505
msgstr ""
16506
16507
#: serverguide/C/network-auth.xml:145(para)
16508
msgid ""
16509
"This guide will use a database suffix of "
13160
16510
"<emphasis>dc=example,dc=com</emphasis>."
13161
16511
msgstr ""
13162
16512
13163
#: serverguide/C/network-auth.xml:76(title)
13164
msgid "Populating LDAP"
13165
msgstr ""
13166
13167
#: serverguide/C/network-auth.xml:78(para)
13168
msgid ""
13169
"<application>OpenLDAP</application> uses a separate directory which contains "
13170
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
13171
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
13172
"<application>slapd</application> daemon, allowing the modification of schema "
13173
"definitions, indexes, ACLs, etc without stopping the service."
13174
msgstr ""
13175
13176
#: serverguide/C/network-auth.xml:86(para)
13177
msgid ""
13178
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13179
"configuration and will need additional configuration options in order to "
13180
"populate the frontend directory. The frontend will be populated with a "
13181
"\"classical\" scheme that will be compatible with address book applications "
13182
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13183
"various applications, such as web applications, email Mail Transfer Agent "
13184
"(MTA) applications, etc."
13185
msgstr ""
13186
13187
#: serverguide/C/network-auth.xml:95(para)
13188
msgid ""
13189
"For external applications to authenticate using LDAP they will each need to "
13190
"be specifically configured to do so. Refer to the individual application "
13191
"documentation for details."
13192
msgstr ""
13193
13194
#: serverguide/C/network-auth.xml:103(para)
13195
msgid ""
13196
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13197
"examples to match your LDAP configuration."
13198
msgstr ""
13199
13200
#: serverguide/C/network-auth.xml:108(para)
13201
msgid ""
13202
"First, some additional schema files need to be loaded. In a terminal enter:"
13203
msgstr ""
13204
13205
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13206
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13207
msgstr ""
13208
13209
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13210
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13211
msgstr ""
13212
13213
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13214
msgid ""
13215
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13216
msgstr ""
13217
13218
#: serverguide/C/network-auth.xml:118(para)
13219
msgid ""
13220
"Next, copy the following example LDIF file, naming it "
13221
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13222
msgstr ""
13223
13224
#: serverguide/C/network-auth.xml:123(programlisting)
13225
#, no-wrap
13226
msgid ""
13227
"\n"
13228
"# Load dynamic backend modules\n"
13229
"dn: cn=module,cn=config\n"
13230
"objectClass: olcModuleList\n"
13231
"cn: module\n"
13232
"olcModulepath: /usr/lib/ldap\n"
13233
"olcModuleload: back_hdb\n"
13234
"\n"
13235
"# Database settings\n"
13236
"dn: olcDatabase=hdb,cn=config\n"
13237
"objectClass: olcDatabaseConfig\n"
13238
"objectClass: olcHdbConfig\n"
13239
"olcDatabase: {1}hdb\n"
13240
"olcSuffix: dc=example,dc=com\n"
13241
"olcDbDirectory: /var/lib/ldap\n"
13242
"olcRootDN: cn=admin,dc=example,dc=com\n"
13243
"olcRootPW: secret\n"
13244
"olcDbConfig: set_cachesize 0 2097152 0\n"
13245
"olcDbConfig: set_lk_max_objects 1500\n"
13246
"olcDbConfig: set_lk_max_locks 1500\n"
13247
"olcDbConfig: set_lk_max_lockers 1500\n"
13248
"olcDbIndex: objectClass eq\n"
13249
"olcLastMod: TRUE\n"
13250
"olcDbCheckpoint: 512 30\n"
13251
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13252
"by anonymous auth by self write by * none\n"
13253
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13254
"olcAccess: to dn.base=\"\" by * read\n"
13255
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13256
"\n"
13257
msgstr ""
13258
13259
#: serverguide/C/network-auth.xml:155(para)
13260
msgid ""
13261
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13262
msgstr ""
13263
13264
#: serverguide/C/network-auth.xml:160(para)
13265
msgid "Now add the LDIF to the directory:"
13266
msgstr ""
13267
13268
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13269
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13270
msgstr ""
13271
13272
#: serverguide/C/network-auth.xml:168(para)
13273
msgid ""
13274
"The frontend directory is now ready to be populated. Create a "
13275
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13276
msgstr ""
13277
13278
#: serverguide/C/network-auth.xml:173(programlisting)
13279
#, no-wrap
13280
msgid ""
13281
"\n"
13282
"# Create top-level object in domain\n"
16513
#: serverguide/C/network-auth.xml:150(para)
16514
msgid "Proceed with the install:"
16515
msgstr ""
16516
16517
#: serverguide/C/network-auth.xml:155(command)
16518
msgid "sudo apt-get install slapd ldap-utils"
16519
msgstr ""
16520
16521
#: serverguide/C/network-auth.xml:158(para)
16522
msgid ""
16523
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
16524
"dedicating a separate DIT for that purpose. This allows one to dynamically "
16525
"configure slapd without the need to restart the service. This configuration "
16526
"database consists of a collection of text-based LDIF files located under "
16527
"<filename>/etc/ldap/slapd.d</filename>. This way of working is known by "
16528
"several names: the slapd-config method, the RTC method (Real Time "
16529
"Configuration), or the cn=config method. You can still use the traditional "
16530
"flat-file method (slapd.conf) but it's not recommended; the functionality "
16531
"will be eventually phased out."
16532
msgstr ""
16533
16534
#: serverguide/C/network-auth.xml:167(para)
16535
msgid ""
16536
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
16537
"configuration and this guide reflects that."
16538
msgstr ""
16539
16540
#: serverguide/C/network-auth.xml:173(para)
16541
msgid ""
16542
"During the install you were prompted to define administrative credentials. "
16543
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
16544
"database instance. By default, this user's DN is "
16545
"<emphasis>cn=admin,dc=example,dc=com</emphasis>. Also by default, there is "
16546
"no administrative account created for the slapd-config database and you will "
16547
"therefore need to authenticate externally to LDAP in order to access it. We "
16548
"will see how to do this later on."
16549
msgstr ""
16550
16551
#: serverguide/C/network-auth.xml:180(para)
16552
msgid ""
16553
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
16554
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
16555
"schema to work."
16556
msgstr ""
16557
16558
#: serverguide/C/network-auth.xml:188(title)
16559
msgid "Post-install Inspection"
16560
msgstr ""
16561
16562
#: serverguide/C/network-auth.xml:190(para)
16563
msgid ""
16564
"The installation process set up 2 DITs. One for slapd-config and one for "
16565
"your own data (dc=example,dc=com). Let's take a look."
16566
msgstr ""
16567
16568
#: serverguide/C/network-auth.xml:197(para)
16569
msgid ""
16570
"This is what the slapd-config database/DIT looks like. Recall that this "
16571
"database is LDIF-based and lives under "
16572
"<filename>/etc/ldap/slapd.d</filename>:"
16573
msgstr ""
16574
16575
#: serverguide/C/network-auth.xml:203(computeroutput)
16576
#, no-wrap
16577
msgid ""
16578
"\n"
16579
" /etc/ldap/slapd.d/\n"
16580
"\n"
16581
"\t├── cn=config\n"
16582
"\t│ ├── cn=module{0}.ldif\n"
16583
"\t│ ├── cn=schema\n"
16584
"\t│ │ ├── cn={0}core.ldif\n"
16585
"\t│ │ ├── cn={1}cosine.ldif\n"
16586
"\t│ │ ├── cn={2}nis.ldif\n"
16587
"\t│ │ └── cn={3}inetorgperson.ldif\n"
16588
"\t│ ├── cn=schema.ldif\n"
16589
"\t│ ├── olcBackend={0}hdb.ldif\n"
16590
"\t│ ├── olcDatabase={0}config.ldif\n"
16591
"\t│ ├── olcDatabase={-1}frontend.ldif\n"
16592
"\t│ └── olcDatabase={1}hdb.ldif\n"
16593
"\t└── cn=config.ldif\n"
16594
msgstr ""
16595
16596
#: serverguide/C/network-auth.xml:223(para)
16597
msgid ""
16598
"Do not edit the slapd-config database directly. Make changes via the LDAP "
16599
"protocol (utilities)."
16600
msgstr ""
16601
16602
#: serverguide/C/network-auth.xml:231(para)
16603
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
16604
msgstr ""
16605
16606
#: serverguide/C/network-auth.xml:236(command)
16607
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
16608
msgstr ""
16609
16610
#: serverguide/C/network-auth.xml:237(computeroutput)
16611
#, no-wrap
16612
msgid ""
16613
"\n"
16614
"dn: cn=config\n"
16615
"\n"
16616
"dn: cn=module{0},cn=config\n"
16617
"\n"
16618
"dn: cn=schema,cn=config\n"
16619
"\n"
16620
"dn: cn={0}core,cn=schema,cn=config\n"
16621
"\n"
16622
"dn: cn={1}cosine,cn=schema,cn=config\n"
16623
"\n"
16624
"dn: cn={2}nis,cn=schema,cn=config\n"
16625
"\n"
16626
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
16627
"\n"
16628
"dn: olcBackend={0}hdb,cn=config\n"
16629
"\n"
16630
"dn: olcDatabase={-1}frontend,cn=config\n"
16631
"\n"
16632
"dn: olcDatabase={0}config,cn=config\n"
16633
"\n"
16634
"dn: olcDatabase={1}hdb,cn=config\n"
16635
msgstr ""
16636
16637
#: serverguide/C/network-auth.xml:262(para) serverguide/C/network-auth.xml:353(para)
16638
msgid "Explanation of entries:"
16639
msgstr ""
16640
16641
#: serverguide/C/network-auth.xml:269(para)
16642
msgid "<emphasis>cn=config</emphasis>: global settings"
16643
msgstr ""
16644
16645
#: serverguide/C/network-auth.xml:275(para)
16646
msgid ""
16647
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
16648
msgstr ""
16649
16650
#: serverguide/C/network-auth.xml:281(para)
16651
msgid ""
16652
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
16653
"schema"
16654
msgstr ""
16655
16656
#: serverguide/C/network-auth.xml:287(para)
16657
msgid ""
16658
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
16659
"schema"
16660
msgstr ""
16661
16662
#: serverguide/C/network-auth.xml:293(para)
16663
msgid ""
16664
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
16665
msgstr ""
16666
16667
#: serverguide/C/network-auth.xml:299(para)
16668
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
16669
msgstr ""
16670
16671
#: serverguide/C/network-auth.xml:305(para)
16672
msgid ""
16673
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
16674
"inetorgperson schema"
16675
msgstr ""
16676
16677
#: serverguide/C/network-auth.xml:311(para)
16678
msgid ""
16679
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
16680
"type"
16681
msgstr ""
16682
16683
#: serverguide/C/network-auth.xml:317(para)
16684
msgid ""
16685
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
16686
"default settings for other databases"
16687
msgstr ""
16688
16689
#: serverguide/C/network-auth.xml:323(para)
16690
msgid ""
16691
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
16692
"database (cn=config)"
16693
msgstr ""
16694
16695
#: serverguide/C/network-auth.xml:329(para)
16696
msgid ""
16697
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
16698
"(dc=examle,dc=com)"
16699
msgstr ""
16700
16701
#: serverguide/C/network-auth.xml:340(para)
16702
msgid "This is what the dc=example,dc=com DIT looks like:"
16703
msgstr ""
16704
16705
#: serverguide/C/network-auth.xml:345(command)
16706
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
16707
msgstr ""
16708
16709
#: serverguide/C/network-auth.xml:346(computeroutput)
16710
#, no-wrap
16711
msgid ""
16712
"\n"
13283
16713
"dn: dc=example,dc=com\n"
13284
"objectClass: top\n"
13285
"objectClass: dcObject\n"
13286
"objectclass: organization\n"
13287
"o: Example Organization\n"
13288
"dc: Example\n"
13289
"description: LDAP Example \n"
13290
16714
"\n"
13291
"# Admin user.\n"
13292
16715
"dn: cn=admin,dc=example,dc=com\n"
13293
"objectClass: simpleSecurityObject\n"
13294
"objectClass: organizationalRole\n"
13295
"cn: admin\n"
13296
"description: LDAP administrator\n"
13297
"userPassword: secret\n"
13298
"\n"
13299
"dn: ou=people,dc=example,dc=com\n"
13300
"objectClass: organizationalUnit\n"
13301
"ou: people\n"
13302
"\n"
13303
"dn: ou=groups,dc=example,dc=com\n"
13304
"objectClass: organizationalUnit\n"
13305
"ou: groups\n"
13306
"\n"
13307
"dn: uid=john,ou=people,dc=example,dc=com\n"
16716
msgstr ""
16717
16718
#: serverguide/C/network-auth.xml:360(para)
16719
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
16720
msgstr ""
16721
16722
#: serverguide/C/network-auth.xml:366(para)
16723
msgid ""
16724
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
16725
"this DIT (set up during package install)"
16726
msgstr ""
16727
16728
#: serverguide/C/network-auth.xml:380(title)
16729
msgid "Modifying/Populating your Database"
16730
msgstr ""
16731
16732
#: serverguide/C/network-auth.xml:382(para)
16733
msgid ""
16734
"Let's introduce some content to our database. We will add the following:"
16735
msgstr ""
16736
16737
#: serverguide/C/network-auth.xml:389(para)
16738
msgid "a node called <emphasis>People</emphasis> (to store users)"
16739
msgstr ""
16740
16741
#: serverguide/C/network-auth.xml:395(para)
16742
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
16743
msgstr ""
16744
16745
#: serverguide/C/network-auth.xml:401(para)
16746
msgid "a group called <emphasis>miners</emphasis>"
16747
msgstr ""
16748
16749
#: serverguide/C/network-auth.xml:407(para)
16750
msgid "a user called <emphasis>john</emphasis>"
16751
msgstr ""
16752
16753
#: serverguide/C/network-auth.xml:414(para)
16754
msgid ""
16755
"Create the following LDIF file and call it "
16756
"<filename>add_content.ldif</filename>:"
16757
msgstr ""
16758
16759
#: serverguide/C/network-auth.xml:418(programlisting)
16760
#, no-wrap
16761
msgid ""
16762
"\n"
16763
"dn: ou=People,dc=example,dc=com\n"
16764
"objectClass: organizationalUnit\n"
16765
"ou: People\n"
16766
"\n"
16767
"dn: ou=Groups,dc=example,dc=com\n"
16768
"objectClass: organizationalUnit\n"
16769
"ou: Groups\n"
16770
"\n"
16771
"dn: cn=miners,ou=Groups,dc=example,dc=com\n"
16772
"objectClass: posixGroup\n"
16773
"cn: miners\n"
16774
"gidNumber: 5000\n"
16775
"\n"
16776
"dn: uid=john,ou=People,dc=example,dc=com\n"
13308
16777
"objectClass: inetOrgPerson\n"
13309
16778
"objectClass: posixAccount\n"
13310
16779
"objectClass: shadowAccount\n"
13313
16782
"givenName: John\n"
13314
16783
"cn: John Doe\n"
13315
16784
"displayName: John Doe\n"
13316
"uidNumber: 1000\n"
13317
"gidNumber: 10000\n"
13318
"userPassword: password\n"
16785
"uidNumber: 10000\n"
16786
"gidNumber: 5000\n"
16787
"userPassword: johnldap\n"
13319
16788
"gecos: John Doe\n"
13320
16789
"loginShell: /bin/bash\n"
13321
16790
"homeDirectory: /home/john\n"
13322
"shadowExpire: -1\n"
13323
"shadowFlag: 0\n"
13324
"shadowWarning: 7\n"
13325
"shadowMin: 8\n"
13326
"shadowMax: 999999\n"
13327
"shadowLastChange: 10877\n"
13328
"mail: john.doe@example.com\n"
13329
"postalCode: 31000\n"
13330
"l: Toulouse\n"
13331
"o: Example\n"
13332
"mobile: +33 (0)6 xx xx xx xx\n"
13333
"homePhone: +33 (0)5 xx xx xx xx\n"
13334
"title: System Administrator\n"
13335
"postalAddress: \n"
13336
"initials: JD\n"
13337
"\n"
13338
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13339
"objectClass: posixGroup\n"
13340
"cn: example\n"
13341
"gidNumber: 10000\n"
13342
msgstr ""
13343
13344
#: serverguide/C/network-auth.xml:236(para)
13345
msgid ""
13346
"In this example the directory structure, a user, and a group have been "
13347
"setup. In other examples you might see the <emphasis>objectClass: "
13348
"top</emphasis> added in every entry, but that is the default behaviour so "
13349
"you do not have to add it explicitly."
13350
msgstr ""
13351
13352
#: serverguide/C/network-auth.xml:243(para)
13353
msgid "Add the entries to the LDAP directory:"
13354
msgstr ""
13355
13356
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13357
msgid ""
13358
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13359
msgstr ""
13360
13361
#: serverguide/C/network-auth.xml:252(para)
13362
msgid ""
13363
"We can check that the content has been correctly added with the "
13364
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13365
"directory:"
13366
msgstr ""
13367
13368
#: serverguide/C/network-auth.xml:258(command)
13369
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13370
msgstr ""
13371
13372
#: serverguide/C/network-auth.xml:259(computeroutput)
13373
#, no-wrap
13374
msgid ""
13375
"\n"
13376
"dn: uid=john,ou=people,dc=example,dc=com\n"
13377
"cn: John Doe\n"
13378
"sn: Doe\n"
13379
"givenName: John\n"
13380
msgstr ""
13381
13382
#: serverguide/C/network-auth.xml:267(para)
13383
msgid "Just a quick explanation:"
13384
msgstr ""
13385
13386
#: serverguide/C/network-auth.xml:273(para)
13387
msgid ""
13388
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13389
"the default."
13390
msgstr ""
13391
13392
#: serverguide/C/network-auth.xml:279(para)
13393
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13394
msgstr ""
13395
13396
#: serverguide/C/network-auth.xml:287(title)
13397
msgid "Further Configuration"
13398
msgstr ""
13399
13400
#: serverguide/C/network-auth.xml:290(para)
13401
msgid ""
13402
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13403
"utilities in the <application>ldap-utils</application> package. For example:"
13404
msgstr ""
13405
13406
#: serverguide/C/network-auth.xml:298(para)
13407
msgid ""
13408
"Use <application>ldapsearch</application> to view the tree, entering the "
13409
"admin password set during installation or reconfiguration:"
13410
msgstr ""
13411
13412
#: serverguide/C/network-auth.xml:304(command)
13413
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13414
msgstr ""
13415
13416
#: serverguide/C/network-auth.xml:308(computeroutput)
13417
#, no-wrap
13418
msgid ""
13419
"\n"
13420
"SASL/EXTERNAL authentication started\n"
13421
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13422
"SASL SSF: 0\n"
13423
"dn: cn=config\n"
13424
"\n"
13425
"dn: cn=module{0},cn=config\n"
13426
"\n"
13427
"dn: cn=schema,cn=config\n"
13428
"\n"
13429
"dn: cn={0}core,cn=schema,cn=config\n"
13430
"\n"
13431
"dn: cn={1}cosine,cn=schema,cn=config\n"
13432
"\n"
13433
"dn: cn={2}nis,cn=schema,cn=config\n"
13434
"\n"
13435
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13436
"\n"
13437
"dn: olcDatabase={-1}frontend,cn=config\n"
13438
"\n"
13439
"dn: olcDatabase={0}config,cn=config\n"
13440
"\n"
13441
"dn: olcDatabase={1}hdb,cn=config\n"
13442
msgstr ""
13443
13444
#: serverguide/C/network-auth.xml:334(para)
13445
msgid ""
13446
"The output above is the current configuration options for the "
13447
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13448
msgstr ""
13449
13450
#: serverguide/C/network-auth.xml:342(para)
13451
msgid ""
13452
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13453
"another attribute to the index list using "
13454
"<application>ldapmodify</application>:"
13455
msgstr ""
13456
13457
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13458
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13459
msgstr ""
13460
13461
#: serverguide/C/network-auth.xml:356(userinput)
13462
#, no-wrap
13463
msgid ""
13464
"dn: olcDatabase={1}hdb,cn=config\n"
13465
"add: olcDbIndex\n"
13466
"olcDbIndex: uidNumber eq"
13467
msgstr ""
13468
13469
#: serverguide/C/network-auth.xml:352(computeroutput)
13470
#, no-wrap
13471
msgid ""
13472
"\n"
13473
"SASL/EXTERNAL authentication started\n"
13474
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13475
"SASL SSF: 0\n"
13476
"<placeholder-1/>\n"
13477
"\n"
13478
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13479
msgstr ""
13480
13481
#: serverguide/C/network-auth.xml:364(para)
13482
msgid ""
13483
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13484
"exit the utility."
13485
msgstr ""
13486
13487
#: serverguide/C/network-auth.xml:371(para)
13488
msgid ""
13489
"<application>ldapmodify</application> can also read the changes from a file. "
13490
"Copy and paste the following into a file named "
13491
"<filename>uid_index.ldif</filename>:"
13492
msgstr ""
13493
13494
#: serverguide/C/network-auth.xml:376(programlisting)
13495
#, no-wrap
13496
msgid ""
13497
"\n"
13498
"dn: olcDatabase={1}hdb,cn=config\n"
13499
"add: olcDbIndex\n"
13500
"olcDbIndex: uid eq,pres,sub\n"
13501
msgstr ""
13502
13503
#: serverguide/C/network-auth.xml:382(para)
13504
msgid "Then execute <application>ldapmodify</application>:"
13505
msgstr ""
13506
13507
#: serverguide/C/network-auth.xml:387(command)
13508
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13509
msgstr ""
13510
13511
#: serverguide/C/network-auth.xml:391(computeroutput)
13512
#, no-wrap
13513
msgid ""
13514
"\n"
13515
"SASL/EXTERNAL authentication started\n"
13516
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13517
"SASL SSF: 0\n"
13518
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13519
msgstr ""
13520
13521
#: serverguide/C/network-auth.xml:399(para)
13522
msgid "The file method is very useful for large changes."
13523
msgstr ""
13524
13525
#: serverguide/C/network-auth.xml:406(para)
13526
msgid ""
13527
"Adding additional <emphasis>schemas</emphasis> to "
13528
"<application>slapd</application> requires the schema to be converted to LDIF "
13529
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13530
"directory contains some schema files already converted to LDIF format as "
13531
"demonstrated in the previous section. Fortunately, the "
13532
"<application>slapd</application> program can be used to automate the "
13533
"conversion. The following example will add the "
13534
"<emphasis>dyngroup.schema</emphasis>:"
13535
msgstr ""
13536
13537
#: serverguide/C/network-auth.xml:416(para)
13538
msgid ""
13539
"First, create a conversion <filename>schema_convert.conf</filename> file "
13540
"containing the following lines:"
13541
msgstr ""
13542
13543
#: serverguide/C/network-auth.xml:421(programlisting)
13544
#, no-wrap
13545
msgid ""
13546
"\n"
13547
"include /etc/ldap/schema/core.schema\n"
13548
"include /etc/ldap/schema/collective.schema\n"
13549
"include /etc/ldap/schema/corba.schema\n"
13550
"include /etc/ldap/schema/cosine.schema\n"
13551
"include /etc/ldap/schema/duaconf.schema\n"
13552
"include /etc/ldap/schema/dyngroup.schema\n"
13553
"include /etc/ldap/schema/inetorgperson.schema\n"
13554
"include /etc/ldap/schema/java.schema\n"
13555
"include /etc/ldap/schema/misc.schema\n"
13556
"include /etc/ldap/schema/nis.schema\n"
13557
"include /etc/ldap/schema/openldap.schema\n"
13558
"include /etc/ldap/schema/ppolicy.schema\n"
13559
msgstr ""
13560
13561
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
13562
msgid "Next, create a temporary directory to hold the output:"
13563
msgstr ""
13564
13565
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
13566
msgid "mkdir /tmp/ldif_output"
13567
16791
msgstr ""
13568
16792
13569
16793
#: serverguide/C/network-auth.xml:450(para)
13570
16794
msgid ""
13571
"Now using <application>slapcat</application> convert the schema files to "
13572
"LDIF:"
13573
msgstr ""
13574
13575
#: serverguide/C/network-auth.xml:455(command)
13576
msgid ""
13577
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13578
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
16795
"It's important that uid and gid values in your directory do not collide with "
16796
"local values. Use high number ranges, such as starting at 5000. By setting "
16797
"the uid and gid values in ldap high, you also allow for easier control of "
16798
"what can be done with a local user vs a ldap one. More on that later."
13579
16799
msgstr ""
13580
16800
13581
16801
#: serverguide/C/network-auth.xml:458(para)
13582
msgid ""
13583
"Adjust the configuration file name and temporary directory names if yours "
13584
"are different. Also, it may be worthwhile to keep the "
13585
"<filename>ldif_output</filename> directory around in case you want to add "
13586
"additional schemas in the future."
13587
msgstr ""
13588
13589
#: serverguide/C/network-auth.xml:467(para)
13590
msgid ""
13591
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13592
"following attributes:"
13593
msgstr ""
13594
13595
#: serverguide/C/network-auth.xml:471(programlisting)
13596
#, no-wrap
13597
msgid ""
13598
"\n"
13599
"dn: cn=dyngroup,cn=schema,cn=config\n"
16802
msgid "Add the content:"
16803
msgstr ""
16804
16805
#: serverguide/C/network-auth.xml:463(command)
16806
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
16807
msgstr ""
16808
16809
#: serverguide/C/network-auth.xml:465(application)
16810
msgid "********"
16811
msgstr ""
16812
16813
#: serverguide/C/network-auth.xml:464(computeroutput)
16814
#, no-wrap
16815
msgid ""
16816
"\n"
16817
"Enter LDAP Password: <placeholder-1/>\n"
16818
"adding new entry \"ou=People,dc=example,dc=com\"\n"
16819
"\n"
16820
"adding new entry \"ou=Groups,dc=example,dc=com\"\n"
16821
"\n"
16822
"adding new entry \"cn=miners,ou=Groups,dc=example,dc=com\"\n"
16823
"\n"
16824
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
16825
msgstr ""
16826
16827
#: serverguide/C/network-auth.xml:476(para)
16828
msgid ""
16829
"We can check that the information has been correctly added with the "
16830
"<application>ldapsearch</application> utility:"
16831
msgstr ""
16832
16833
#: serverguide/C/network-auth.xml:481(command)
16834
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
16835
msgstr ""
16836
16837
#: serverguide/C/network-auth.xml:482(computeroutput)
16838
#, no-wrap
16839
msgid ""
16840
"\n"
16841
"dn: uid=john,ou=People,dc=example,dc=com\n"
16842
"cn: John Doe\n"
16843
"gidNumber: 5000\n"
16844
msgstr ""
16845
16846
#: serverguide/C/network-auth.xml:489(para)
16847
msgid "Explanation of switches:"
16848
msgstr ""
16849
16850
#: serverguide/C/network-auth.xml:496(para)
16851
msgid ""
16852
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
16853
"method"
16854
msgstr ""
16855
16856
#: serverguide/C/network-auth.xml:502(para)
16857
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
16858
msgstr ""
16859
16860
#: serverguide/C/network-auth.xml:508(para)
16861
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
16862
msgstr ""
16863
16864
#: serverguide/C/network-auth.xml:514(para)
16865
msgid ""
16866
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
16867
"displayed (the default is to show all attributes)"
16868
msgstr ""
16869
16870
#: serverguide/C/network-auth.xml:524(title)
16871
msgid "Modifying the slapd Configuration Database"
16872
msgstr ""
16873
16874
#: serverguide/C/network-auth.xml:526(para)
16875
msgid ""
16876
"The slapd-config DIT can also be queried and modified. Here are a few "
16877
"examples."
16878
msgstr ""
16879
16880
#: serverguide/C/network-auth.xml:533(para)
16881
msgid ""
16882
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
16883
"attribute) to your <application>{1}hdb,cn=config</application> database "
16884
"(dc=example,dc=com). Create a file, call it "
16885
"<filename>uid_index.ldif</filename>, with the following contents:"
16886
msgstr ""
16887
16888
#: serverguide/C/network-auth.xml:538(programlisting)
16889
#, no-wrap
16890
msgid ""
16891
"\n"
16892
"dn: olcDatabase={1}hdb,cn=config\n"
16893
"add: olcDbIndex\n"
16894
"olcDbIndex: uid eq,pres,sub\n"
16895
msgstr ""
16896
16897
#: serverguide/C/network-auth.xml:544(para)
16898
msgid "Then issue the command:"
16899
msgstr ""
16900
16901
#: serverguide/C/network-auth.xml:549(command)
16902
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
16903
msgstr ""
16904
16905
#: serverguide/C/network-auth.xml:550(computeroutput)
16906
#, no-wrap
16907
msgid ""
16908
"\n"
16909
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
16910
msgstr ""
16911
16912
#: serverguide/C/network-auth.xml:555(para)
16913
msgid "You can confirm the change in this way:"
16914
msgstr ""
16915
16916
#: serverguide/C/network-auth.xml:560(command)
16917
msgid ""
16918
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
16919
"'(olcDatabase={1}hdb)' olcDbIndex"
16920
msgstr ""
16921
16922
#: serverguide/C/network-auth.xml:562(computeroutput)
16923
#, no-wrap
16924
msgid ""
16925
"\n"
16926
"dn: olcDatabase={1}hdb,cn=config\n"
16927
"olcDbIndex: objectClass eq\n"
16928
"olcDbIndex: uid eq,pres,sub\n"
16929
msgstr ""
16930
16931
#: serverguide/C/network-auth.xml:572(para)
16932
msgid ""
16933
"Let's add a schema. It will first need to be converted to LDIF format. You "
16934
"can find unconverted schemas in addition to converted ones in the <filename "
16935
"role=\"directory\">/etc/ldap/schema</filename> directory."
16936
msgstr ""
16937
16938
#: serverguide/C/network-auth.xml:580(para)
16939
msgid ""
16940
"It is not trivial to remove a schema from the slapd-config database. "
16941
"Practice adding schemas on a test system."
16942
msgstr ""
16943
16944
#: serverguide/C/network-auth.xml:586(para)
16945
msgid ""
16946
"Before adding any schema, you should check which schemas are already "
16947
"installed (shown is a default, out-of-the-box output):"
16948
msgstr ""
16949
16950
#: serverguide/C/network-auth.xml:592(command)
16951
msgid ""
16952
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
16953
msgstr ""
16954
16955
#: serverguide/C/network-auth.xml:594(computeroutput)
16956
#, no-wrap
16957
msgid ""
16958
"\n"
16959
"dn: cn=schema,cn=config\n"
16960
"\n"
16961
"dn: cn={0}core,cn=schema,cn=config\n"
16962
"\n"
16963
"dn: cn={1}cosine,cn=schema,cn=config\n"
16964
"\n"
16965
"dn: cn={2}nis,cn=schema,cn=config\n"
16966
"\n"
16967
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
16968
msgstr ""
16969
16970
#: serverguide/C/network-auth.xml:611(para)
16971
msgid "In the following example we'll add the CORBA schema."
16972
msgstr ""
16973
16974
#: serverguide/C/network-auth.xml:618(para)
16975
msgid ""
16976
"Create the conversion configuration file "
16977
"<filename>schema_convert.conf</filename> containing the following lines:"
16978
msgstr ""
16979
16980
#: serverguide/C/network-auth.xml:623(programlisting)
16981
#, no-wrap
16982
msgid ""
16983
"\n"
16984
"include /etc/ldap/schema/core.schema\n"
16985
"include /etc/ldap/schema/collective.schema\n"
16986
"include /etc/ldap/schema/corba.schema\n"
16987
"include /etc/ldap/schema/cosine.schema\n"
16988
"include /etc/ldap/schema/duaconf.schema\n"
16989
"include /etc/ldap/schema/dyngroup.schema\n"
16990
"include /etc/ldap/schema/inetorgperson.schema\n"
16991
"include /etc/ldap/schema/java.schema\n"
16992
"include /etc/ldap/schema/misc.schema\n"
16993
"include /etc/ldap/schema/nis.schema\n"
16994
"include /etc/ldap/schema/openldap.schema\n"
16995
"include /etc/ldap/schema/ppolicy.schema\n"
16996
"include /etc/ldap/schema/ldapns.schema\n"
16997
"include /etc/ldap/schema/pmi.schema\n"
16998
msgstr ""
16999
17000
#: serverguide/C/network-auth.xml:643(para)
17001
msgid "Create the output directory <filename>ldif_output</filename>."
17002
msgstr ""
17003
17004
#: serverguide/C/network-auth.xml:649(para) serverguide/C/network-auth.xml:2299(para)
17005
msgid "Determine the index of the schema:"
17006
msgstr ""
17007
17008
#: serverguide/C/network-auth.xml:654(command)
17009
msgid ""
17010
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
17011
msgstr ""
17012
17013
#: serverguide/C/network-auth.xml:655(computeroutput)
17014
#, no-wrap
17015
msgid ""
17016
"\n"
17017
"cn={1}corba,cn=schema,cn=config\n"
17018
msgstr ""
17019
17020
#: serverguide/C/network-auth.xml:661(para)
17021
msgid ""
17022
"When slapd injests objects with the same parent DN it will create an "
17023
"<emphasis>index</emphasis> for that object. An index is contained within "
17024
"braces: <application>{X}</application>."
17025
msgstr ""
17026
17027
#: serverguide/C/network-auth.xml:670(para)
17028
msgid "Use <application>slapcat</application> to perform the conversion:"
17029
msgstr ""
17030
17031
#: serverguide/C/network-auth.xml:675(command)
17032
msgid ""
17033
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
17034
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
17035
msgstr ""
17036
17037
#: serverguide/C/network-auth.xml:679(para)
17038
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
17039
msgstr ""
17040
17041
#: serverguide/C/network-auth.xml:685(para)
17042
msgid ""
17043
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
17044
"attributes:"
17045
msgstr ""
17046
17047
#: serverguide/C/network-auth.xml:689(programlisting)
17048
#, no-wrap
17049
msgid ""
17050
"\n"
17051
"dn: cn=corba,cn=schema,cn=config\n"
13600
17052
"...\n"
13601
"cn: dyngroup\n"
13602
msgstr ""
13603
13604
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
13605
msgid "And remove the following lines from the bottom of the file:"
13606
msgstr ""
13607
13608
#: serverguide/C/network-auth.xml:481(programlisting)
17053
"cn: corba\n"
17054
msgstr ""
17055
17056
#: serverguide/C/network-auth.xml:695(para)
17057
msgid "Also remove the following lines from the bottom:"
17058
msgstr ""
17059
17060
#: serverguide/C/network-auth.xml:699(programlisting)
13609
17061
#, no-wrap
13610
17062
msgid ""
13611
17063
"\n"
13612
17064
"structuralObjectClass: olcSchemaConfig\n"
13613
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
17065
"entryUUID: 52109a02-66ab-1030-8be2-bbf166230478\n"
13614
17066
"creatorsName: cn=config\n"
13615
"createTimestamp: 20080826021140Z\n"
13616
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
17067
"createTimestamp: 20110829165435Z\n"
17068
"entryCSN: 20110829165435.935248Z#000000#000#000000\n"
13617
17069
"modifiersName: cn=config\n"
13618
"modifyTimestamp: 20080826021140Z\n"
13619
msgstr ""
13620
13621
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
13622
msgid ""
13623
"The attribute values will vary, just be sure the attributes are removed."
13624
msgstr ""
13625
13626
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
13627
msgid ""
13628
"Finally, using the <application>ldapadd</application> utility, add the new "
13629
"schema to the directory:"
13630
msgstr ""
13631
13632
#: serverguide/C/network-auth.xml:506(command)
13633
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13634
msgstr ""
13635
13636
#: serverguide/C/network-auth.xml:512(para)
13637
msgid ""
13638
"There should now be a <emphasis>dn: "
13639
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13640
msgstr ""
13641
13642
#: serverguide/C/network-auth.xml:522(title)
13643
msgid "LDAP Replication"
13644
msgstr ""
13645
13646
#: serverguide/C/network-auth.xml:524(para)
13647
msgid ""
13648
"LDAP often quickly becomes a highly critical service to the network. "
13649
"Multiple systems will come to depend on LDAP for authentication, "
13650
"authorization, configuration, etc. It is a good idea to setup a redundant "
13651
"system through replication."
13652
msgstr ""
13653
13654
#: serverguide/C/network-auth.xml:530(para)
13655
msgid ""
13656
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13657
"Syncrepl allows the changes to be synced using a "
13658
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13659
"provider sends directory changes to consumers."
13660
msgstr ""
13661
13662
#: serverguide/C/network-auth.xml:537(title)
17070
"modifyTimestamp: 20110829165435Z\n"
17071
msgstr ""
17072
17073
#: serverguide/C/network-auth.xml:709(para) serverguide/C/network-auth.xml:2349(para)
17074
msgid "Your attribute values will vary."
17075
msgstr ""
17076
17077
#: serverguide/C/network-auth.xml:715(para)
17078
msgid ""
17079
"Finally, use <application>ldapadd</application> to add the new schema to the "
17080
"slapd-config DIT:"
17081
msgstr ""
17082
17083
#: serverguide/C/network-auth.xml:720(command)
17084
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
17085
msgstr ""
17086
17087
#: serverguide/C/network-auth.xml:721(computeroutput)
17088
#, no-wrap
17089
msgid ""
17090
"\n"
17091
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
17092
msgstr ""
17093
17094
#: serverguide/C/network-auth.xml:729(para)
17095
msgid "Confirm currently loaded schemas:"
17096
msgstr ""
17097
17098
#: serverguide/C/network-auth.xml:734(command)
17099
msgid ""
17100
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
17101
msgstr ""
17102
17103
#: serverguide/C/network-auth.xml:735(computeroutput)
17104
#, no-wrap
17105
msgid ""
17106
"\n"
17107
"dn: cn=schema,cn=config\n"
17108
"\n"
17109
"dn: cn={0}core,cn=schema,cn=config\n"
17110
"\n"
17111
"dn: cn={1}cosine,cn=schema,cn=config\n"
17112
"\n"
17113
"dn: cn={2}nis,cn=schema,cn=config\n"
17114
"\n"
17115
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
17116
"\n"
17117
"dn: cn={4}corba,cn=schema,cn=config\n"
17118
msgstr ""
17119
17120
#: serverguide/C/network-auth.xml:759(para)
17121
msgid ""
17122
"For external applications and clients to authenticate using LDAP they will "
17123
"each need to be specifically configured to do so. Refer to the appropriate "
17124
"client-side documentation for details."
17125
msgstr ""
17126
17127
#: serverguide/C/network-auth.xml:768(title) serverguide/C/dns.xml:510(title)
17128
msgid "Logging"
17129
msgstr ""
17130
17131
#: serverguide/C/network-auth.xml:770(para)
17132
msgid ""
17133
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
17134
"based solution yet it must be manually enabled after software installation. "
17135
"Otherwise, only rudimentary messages will appear in the logs. Logging, like "
17136
"any other slapd configuration, is enabled via the slapd-config database."
17137
msgstr ""
17138
17139
#: serverguide/C/network-auth.xml:776(para)
17140
msgid ""
17141
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
17142
"containing the lower one (additive). A good level to try is "
17143
"<emphasis>stats</emphasis>. The <ulink "
17144
"url=\"http://manpages.ubuntu.com/manpages/en/man5/slapd-"
17145
"config.5.html\">slapd-config</ulink> man page has more to say on the "
17146
"different subsystems."
17147
msgstr ""
17148
17149
#: serverguide/C/network-auth.xml:782(para)
17150
msgid ""
17151
"Create the file <filename>logging.ldif</filename> with the following "
17152
"contents:"
17153
msgstr ""
17154
17155
#: serverguide/C/network-auth.xml:786(programlisting)
17156
#, no-wrap
17157
msgid ""
17158
"\n"
17159
"dn: cn=config\n"
17160
"changetype: modify\n"
17161
"add: olcLogLevel\n"
17162
"olcLogLevel: stats\n"
17163
msgstr ""
17164
17165
#: serverguide/C/network-auth.xml:793(para)
17166
msgid "Implement the change:"
17167
msgstr ""
17168
17169
#: serverguide/C/network-auth.xml:798(command)
17170
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
17171
msgstr ""
17172
17173
#: serverguide/C/network-auth.xml:801(para)
17174
msgid ""
17175
"This will produce a significant amount of logging and you will want to "
17176
"throttle back to a less verbose level once your system is in production. "
17177
"While in this verbose mode your host's syslog engine (rsyslog) may have a "
17178
"hard time keeping up and may drop messages:"
17179
msgstr ""
17180
17181
#: serverguide/C/network-auth.xml:807(programlisting)
17182
#, no-wrap
17183
msgid ""
17184
"\n"
17185
"rsyslogd-2177: imuxsock lost 228 messages from pid 2547 due to rate-"
17186
"limiting\n"
17187
msgstr ""
17188
17189
#: serverguide/C/network-auth.xml:811(para)
17190
msgid ""
17191
"You may consider a change to rsyslog's configuration. In "
17192
"<filename>/etc/rsyslog.conf</filename>, put:"
17193
msgstr ""
17194
17195
#: serverguide/C/network-auth.xml:815(programlisting)
17196
#, no-wrap
17197
msgid ""
17198
"\n"
17199
"# Disable rate limiting\n"
17200
"# (default is 200 messages in 5 seconds; below we make the 5 become 0)\n"
17201
"$SystemLogRateLimitInterval 0\n"
17202
msgstr ""
17203
17204
#: serverguide/C/network-auth.xml:821(para)
17205
msgid "And then restart the rsyslog daemon:"
17206
msgstr ""
17207
17208
#: serverguide/C/network-auth.xml:826(command)
17209
msgid "sudo service rsyslog restart"
17210
msgstr ""
17211
17212
#: serverguide/C/network-auth.xml:832(title)
17213
msgid "Replication"
17214
msgstr ""
17215
17216
#: serverguide/C/network-auth.xml:834(para)
17217
msgid ""
17218
"The LDAP service becomes increasingly important as more networked systems "
17219
"begin to depend on it. In such an environment, it is standard practice to "
17220
"build redundancy (high availability) into LDAP to prevent havoc should the "
17221
"LDAP server become unresponsive. This is done through <emphasis>LDAP "
17222
"replication</emphasis>."
17223
msgstr ""
17224
17225
#: serverguide/C/network-auth.xml:840(para)
17226
msgid ""
17227
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
17228
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
17229
"<emphasis>Provider</emphasis> model. The specific kind of replication we "
17230
"will implement in this guide is a combination of the following modes: "
17231
"<emphasis>refreshAndPersist</emphasis> and <emphasis>delta-"
17232
"syncrepl</emphasis>. This has the Provider push changed entries to the "
17233
"Consumer as soon as they're made but, in addition, only actual changes will "
17234
"be sent, not entire entries."
17235
msgstr ""
17236
17237
#: serverguide/C/network-auth.xml:849(title)
13663
17238
msgid "Provider Configuration"
13664
17239
msgstr ""
13665
17240
13666
#: serverguide/C/network-auth.xml:539(para)
13667
msgid ""
13668
"The following is an example of a <emphasis>Single-Master</emphasis> "
13669
"configuration. In this configuration one OpenLDAP server is configured as a "
13670
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
17241
#: serverguide/C/network-auth.xml:851(para)
17242
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
13671
17243
msgstr ""
13672
17244
13673
#: serverguide/C/network-auth.xml:547(para)
17245
#: serverguide/C/network-auth.xml:858(para)
13674
17246
msgid ""
13675
"First, configure the provider server. Copy the following to a file named "
17247
"Create an LDIF file with the following contents and name it "
13676
17248
"<filename>provider_sync.ldif</filename>:"
13677
17249
msgstr ""
13678
17250
13679
#: serverguide/C/network-auth.xml:552(programlisting)
17251
#: serverguide/C/network-auth.xml:862(programlisting)
13680
17252
#, no-wrap
13681
17253
msgid ""
13682
17254
"\n"
13738
17310
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13739
17311
msgstr ""
13740
17312
13741
#: serverguide/C/network-auth.xml:614(para)
13742
msgid ""
13743
"The <application>AppArmor</application> profile for "
13744
"<application>slapd</application> will need to be adjusted for the accesslog "
13745
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13746
"adding:"
13747
msgstr ""
13748
13749
#: serverguide/C/network-auth.xml:619(programlisting)
17313
#: serverguide/C/network-auth.xml:921(para)
17314
msgid ""
17315
"Change the rootDN in the LDIF file to match the one you have for your "
17316
"directory."
17317
msgstr ""
17318
17319
#: serverguide/C/network-auth.xml:928(para)
17320
msgid ""
17321
"The <application>apparmor</application> profile for slapd will need to be "
17322
"adjusted for the accesslog database location. Edit "
17323
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> by adding the "
17324
"following:"
17325
msgstr ""
17326
17327
#: serverguide/C/network-auth.xml:934(programlisting)
13750
17328
#, no-wrap
13751
17329
msgid ""
13752
17330
"\n"
13753
" /var/lib/ldap/accesslog/ r,\n"
13754
" /var/lib/ldap/accesslog/** rwk,\n"
17331
"/var/lib/ldap/accesslog/ r,\n"
17332
"/var/lib/ldap/accesslog/** rwk,\n"
13755
17333
msgstr ""
13756
17334
13757
#: serverguide/C/network-auth.xml:624(para)
17335
#: serverguide/C/network-auth.xml:939(para)
13758
17336
msgid ""
13759
"Then create the directory, reload the <application>apparmor</application> "
13760
"profile, and copy the <filename>DB_CONFIG</filename> file:"
17337
"Create a directory, set up a databse config file, and reload the apparmor "
17338
"profile:"
13761
17339
msgstr ""
13762
17340
13763
#: serverguide/C/network-auth.xml:630(command)
17341
#: serverguide/C/network-auth.xml:944(command)
13764
17342
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13765
17343
msgstr ""
13766
17344
13767
#: serverguide/C/network-auth.xml:631(command)
13768
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13769
msgstr ""
13770
13771
#: serverguide/C/network-auth.xml:636(para)
13772
msgid ""
13773
"Using the <emphasis>-u openldap</emphasis> option with the "
13774
"<application>sudo</application> commands above removes the need to adjust "
13775
"permissions for the new directory later."
13776
msgstr ""
13777
13778
#: serverguide/C/network-auth.xml:645(para)
13779
msgid ""
13780
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13781
"directory:"
13782
msgstr ""
13783
13784
#: serverguide/C/network-auth.xml:649(programlisting)
13785
#, no-wrap
13786
msgid ""
13787
"\n"
13788
"olcRootDN: cn=admin,dc=example,dc=com\n"
13789
msgstr ""
13790
13791
#: serverguide/C/network-auth.xml:657(para)
13792
msgid ""
13793
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13794
msgstr ""
13795
13796
#: serverguide/C/network-auth.xml:662(command)
13797
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13798
msgstr ""
13799
13800
#: serverguide/C/network-auth.xml:669(para)
13801
msgid "Restart <application>slapd</application>:"
13802
msgstr ""
13803
13804
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
13805
msgid "sudo /etc/init.d/slapd restart"
13806
msgstr ""
13807
13808
#: serverguide/C/network-auth.xml:680(para)
13809
msgid ""
13810
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13811
"to configure a <emphasis>Consumer</emphasis> server."
13812
msgstr ""
13813
13814
#: serverguide/C/network-auth.xml:687(title)
17345
#: serverguide/C/network-auth.xml:945(command)
17346
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
17347
msgstr ""
17348
17349
#: serverguide/C/network-auth.xml:946(command)
17350
msgid "sudo service apparmor reload"
17351
msgstr ""
17352
17353
#: serverguide/C/network-auth.xml:952(para)
17354
msgid ""
17355
"Add the new content and, due to the apparmor change, restart the daemon:"
17356
msgstr ""
17357
17358
#: serverguide/C/network-auth.xml:957(command)
17359
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
17360
msgstr ""
17361
17362
#: serverguide/C/network-auth.xml:958(command) serverguide/C/network-auth.xml:1480(command) serverguide/C/network-auth.xml:1665(command) serverguide/C/network-auth.xml:3894(command)
17363
msgid "sudo service slapd restart"
17364
msgstr ""
17365
17366
#: serverguide/C/network-auth.xml:965(para)
17367
msgid "The Provider is now configured."
17368
msgstr ""
17369
17370
#: serverguide/C/network-auth.xml:972(title)
13815
17371
msgid "Consumer Configuration"
13816
17372
msgstr ""
13817
17373
13818
#: serverguide/C/network-auth.xml:692(para)
13819
msgid ""
13820
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13821
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13822
"configuration steps."
13823
msgstr ""
13824
13825
#: serverguide/C/network-auth.xml:697(para)
13826
msgid "Add the additional schema files:"
13827
msgstr ""
13828
13829
#: serverguide/C/network-auth.xml:707(para)
13830
msgid ""
13831
"Also, create, or copy from the provider server, the "
13832
"<filename>backend.example.com.ldif</filename>"
13833
msgstr ""
13834
13835
#: serverguide/C/network-auth.xml:711(programlisting)
13836
#, no-wrap
13837
msgid ""
13838
"\n"
13839
"# Load dynamic backend modules\n"
13840
"dn: cn=module,cn=config\n"
13841
"objectClass: olcModuleList\n"
13842
"cn: module\n"
13843
"olcModulepath: /usr/lib/ldap\n"
13844
"olcModuleload: back_hdb\n"
13845
"\n"
13846
"# Database settings\n"
13847
"dn: olcDatabase=hdb,cn=config\n"
13848
"objectClass: olcDatabaseConfig\n"
13849
"objectClass: olcHdbConfig\n"
13850
"olcDatabase: {1}hdb\n"
13851
"olcSuffix: dc=example,dc=com\n"
13852
"olcDbDirectory: /var/lib/ldap\n"
13853
"olcRootDN: cn=admin,dc=example,dc=com\n"
13854
"olcRootPW: secret\n"
13855
"olcDbConfig: set_cachesize 0 2097152 0\n"
13856
"olcDbConfig: set_lk_max_objects 1500\n"
13857
"olcDbConfig: set_lk_max_locks 1500\n"
13858
"olcDbConfig: set_lk_max_lockers 1500\n"
13859
"olcDbIndex: objectClass eq\n"
13860
"olcLastMod: TRUE\n"
13861
"olcDbCheckpoint: 512 30\n"
13862
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13863
"by anonymous auth by self write by * none\n"
13864
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13865
"olcAccess: to dn.base=\"\" by * read\n"
13866
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13867
msgstr ""
13868
13869
#: serverguide/C/network-auth.xml:741(para)
13870
msgid "And add the LDIF by entering:"
13871
msgstr ""
13872
13873
#: serverguide/C/network-auth.xml:752(para)
13874
msgid ""
13875
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13876
"listed above, and add it:"
13877
msgstr ""
13878
13879
#: serverguide/C/network-auth.xml:760(para)
13880
msgid ""
13881
"The two severs should now have the same configuration except for the "
13882
"<emphasis>Syncrepl</emphasis> options."
13883
msgstr ""
13884
13885
#: serverguide/C/network-auth.xml:768(para)
13886
msgid ""
13887
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13888
msgstr ""
13889
13890
#: serverguide/C/network-auth.xml:772(programlisting)
13891
#, no-wrap
13892
msgid ""
13893
"\n"
13894
"#Load the syncprov module.\n"
17374
#: serverguide/C/network-auth.xml:974(para)
17375
msgid "And now configure the <emphasis>Consumer</emphasis>."
17376
msgstr ""
17377
17378
#: serverguide/C/network-auth.xml:981(para)
17379
msgid ""
17380
"Install the software by going through <xref linkend=\"openldap-server-"
17381
"installation\"/>. Make sure the slapd-config databse is identical to the "
17382
"Provider's. In particular, make sure schemas and the databse suffix are the "
17383
"same."
17384
msgstr ""
17385
17386
#: serverguide/C/network-auth.xml:988(para)
17387
msgid ""
17388
"Create an LDIF file with the following contents and name it "
17389
"<filename>consumer_sync.ldif</filename>:"
17390
msgstr ""
17391
17392
#: serverguide/C/network-auth.xml:992(programlisting)
17393
#, no-wrap
17394
msgid ""
17395
"\n"
13895
17396
"dn: cn=module{0},cn=config\n"
13896
17397
"changetype: modify\n"
13897
17398
"add: olcModuleLoad\n"
13898
17399
"olcModuleLoad: syncprov\n"
13899
17400
"\n"
13900
"# syncrepl specific indices\n"
13901
17401
"dn: olcDatabase={1}hdb,cn=config\n"
13902
17402
"changetype: modify\n"
13903
17403
"add: olcDbIndex\n"
13916
17416
"olcUpdateRef: ldap://ldap01.example.com\n"
13917
17417
msgstr ""
13918
17418
13919
#: serverguide/C/network-auth.xml:795(para)
13920
msgid "You will probably want to change the following attributes:"
13921
msgstr ""
13922
13923
#: serverguide/C/network-auth.xml:800(para)
13924
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13925
msgstr ""
13926
13927
#: serverguide/C/network-auth.xml:801(emphasis)
13928
msgid "binddn"
13929
msgstr ""
13930
13931
#: serverguide/C/network-auth.xml:802(emphasis)
13932
msgid "credentials"
13933
msgstr ""
13934
13935
#: serverguide/C/network-auth.xml:803(emphasis)
13936
msgid "searchbase"
13937
msgstr ""
13938
13939
#: serverguide/C/network-auth.xml:804(emphasis)
13940
msgid "olcUpdateRef:"
13941
msgstr ""
13942
13943
#: serverguide/C/network-auth.xml:810(para)
13944
msgid "Add the LDIF file to the configuration tree:"
13945
msgstr ""
13946
13947
#: serverguide/C/network-auth.xml:815(command)
13948
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13949
msgstr ""
13950
13951
#: serverguide/C/network-auth.xml:821(para)
13952
msgid ""
13953
"The frontend database should now sync between servers. You can add "
13954
"additional servers using the steps above as the need arises."
13955
msgstr ""
13956
13957
#: serverguide/C/network-auth.xml:831(programlisting)
13958
#, no-wrap
13959
msgid "127.0.0.1\tldap01.example.com ldap01"
13960
msgstr ""
13961
13962
#: serverguide/C/network-auth.xml:827(para)
13963
msgid ""
13964
"The <application>slapd</application> daemon will send log information to "
13965
"<filename>/var/log/syslog</filename> by default. So if all does "
13966
"<emphasis>not</emphasis> go well check there for errors and other "
13967
"troubleshooting information. Also, be sure that each server knows it's Fully "
13968
"Qualified Domain Name (FQDN). This is configured in "
13969
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13970
msgstr ""
13971
13972
#: serverguide/C/network-auth.xml:839(title)
13973
msgid "Setting up ACL"
13974
msgstr ""
13975
13976
#: serverguide/C/network-auth.xml:841(para)
13977
msgid ""
13978
"Authentication requires access to the password field, that should be not "
13979
"accessible by default. Also, in order for users to change their own "
13980
"password, using <command>passwd</command> or other utilities, "
13981
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
13982
"authenticated."
13983
msgstr ""
13984
13985
#: serverguide/C/network-auth.xml:848(para)
13986
msgid ""
13987
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
13988
"tree, use the <application>ldapsearch</application> utility:"
13989
msgstr ""
13990
13991
#: serverguide/C/network-auth.xml:854(command)
13992
msgid ""
13993
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
13994
"olcDatabase=config olcAccess"
13995
msgstr ""
13996
13997
#: serverguide/C/network-auth.xml:858(computeroutput)
13998
#, no-wrap
13999
msgid ""
14000
"SASL/EXTERNAL authentication started\n"
14001
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14002
"SASL SSF: 0\n"
17419
#: serverguide/C/network-auth.xml:1013(para)
17420
msgid "Ensure the following attributes have the correct values:"
17421
msgstr ""
17422
17423
#: serverguide/C/network-auth.xml:1018(para)
17424
msgid ""
17425
"<emphasis>provider</emphasis> (Provider server's hostname -- "
17426
"ldap01.example.com in this example -- or IP address)"
17427
msgstr ""
17428
17429
#: serverguide/C/network-auth.xml:1019(para)
17430
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
17431
msgstr ""
17432
17433
#: serverguide/C/network-auth.xml:1020(para)
17434
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
17435
msgstr ""
17436
17437
#: serverguide/C/network-auth.xml:1021(para)
17438
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
17439
msgstr ""
17440
17441
#: serverguide/C/network-auth.xml:1022(para)
17442
msgid ""
17443
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
17444
msgstr ""
17445
17446
#: serverguide/C/network-auth.xml:1023(para)
17447
msgid ""
17448
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
17449
"replica. Each consumer should have at least one rid)"
17450
msgstr ""
17451
17452
#: serverguide/C/network-auth.xml:1032(para)
17453
msgid "Add the new content:"
17454
msgstr ""
17455
17456
#: serverguide/C/network-auth.xml:1037(command)
17457
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
17458
msgstr ""
17459
17460
#: serverguide/C/network-auth.xml:1044(para)
17461
msgid ""
17462
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
17463
"synchronizing."
17464
msgstr ""
17465
17466
#: serverguide/C/network-auth.xml:1053(para)
17467
msgid "Once replication starts, you can monitor it by running"
17468
msgstr ""
17469
17470
#: serverguide/C/network-auth.xml:1058(command)
17471
msgid "ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base contextCSN"
17472
msgstr ""
17473
17474
#: serverguide/C/network-auth.xml:1059(computeroutput)
17475
#, no-wrap
17476
msgid ""
17477
"\n"
17478
"dn: dc=example,dc=com\n"
17479
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
17480
msgstr ""
17481
17482
#: serverguide/C/network-auth.xml:1065(para)
17483
msgid ""
17484
"on both the provider and the consumer. Once the output "
17485
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
17486
"in the above example) for both machines match, you have replication. Every "
17487
"time a change is done in the provider, this value will change and so should "
17488
"the one in the consumer(s)."
17489
msgstr ""
17490
17491
#: serverguide/C/network-auth.xml:1074(para)
17492
msgid ""
17493
"If your connection is slow and/or your ldap database large, it might take a "
17494
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
17495
"provider's. But, you will know it is progressing since the consumer's "
17496
"<emphasis>contextCSN</emphasis> will be steadly increasing."
17497
msgstr ""
17498
17499
#: serverguide/C/network-auth.xml:1082(para)
17500
msgid ""
17501
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
17502
"match the provider, you should stop and figure out the issue before "
17503
"continuing. Try checking the slapd (syslog) and the auth log files in the "
17504
"provider to see if the consumer's authentication requests were successful or "
17505
"its requests to retrieve data (they look like a lot of ldapsearch "
17506
"statements) return no errors."
17507
msgstr ""
17508
17509
#: serverguide/C/network-auth.xml:1091(para)
17510
msgid ""
17511
"To test if it worked simply query, on the Consumer, the DNs in the database:"
17512
msgstr ""
17513
17514
#: serverguide/C/network-auth.xml:1096(command)
17515
msgid ""
17516
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
17517
msgstr ""
17518
17519
#: serverguide/C/network-auth.xml:1099(para)
17520
msgid ""
17521
"You should see the user 'john' and the group 'miners' as well as the nodes "
17522
"'People' and 'Groups'."
17523
msgstr ""
17524
17525
#: serverguide/C/network-auth.xml:1108(title)
17526
msgid "Access Control"
17527
msgstr ""
17528
17529
#: serverguide/C/network-auth.xml:1110(para)
17530
msgid ""
17531
"The management of what type of access (read, write, etc) users should be "
17532
"granted to resources is known as <emphasis>access control</emphasis>. The "
17533
"configuration directives involved are called <emphasis>access control "
17534
"lists</emphasis> or ACL."
17535
msgstr ""
17536
17537
#: serverguide/C/network-auth.xml:1115(para)
17538
msgid ""
17539
"When we installed the slapd package various ACL were set up automatically. "
17540
"We will look at a few important consequences of those defaults and, in so "
17541
"doing, we'll get an idea of how ACLs work and how they're configured."
17542
msgstr ""
17543
17544
#: serverguide/C/network-auth.xml:1120(para)
17545
msgid ""
17546
"To get the effective ACL for an LDAP query we need to look at the ACL "
17547
"entries of the database being queried as well as those of the special "
17548
"frontend database instance. The ACLs belonging to the latter act as defaults "
17549
"in case those of the former do not match. The frontend database is the "
17550
"second to be consulted and the ACL to be applied is the first to match "
17551
"(\"first match wins\") among these 2 ACL sources. The following commands "
17552
"will give, respectively, the ACLs of the hdb database "
17553
"(\"dc=example,dc=com\") and those of the frontend database:"
17554
msgstr ""
17555
17556
#: serverguide/C/network-auth.xml:1129(command)
17557
msgid ""
17558
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17559
"'(olcDatabase={1}hdb)' olcAccess"
17560
msgstr ""
17561
17562
#: serverguide/C/network-auth.xml:1131(computeroutput)
17563
#, no-wrap
17564
msgid ""
17565
"\n"
17566
"dn: olcDatabase={1}hdb,cn=config\n"
17567
"olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by "
17568
"anonymous\n"
17569
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
17570
"olcAccess: {1}to dn.base=\"\" by * read\n"
17571
"olcAccess: {2}to * by self write by dn=\"cn=admin,dc=example,dc=com\" write "
17572
"by *\n"
17573
" read\n"
17574
msgstr ""
17575
17576
#: serverguide/C/network-auth.xml:1142(para)
17577
msgid ""
17578
"The rootDN always has full rights to it's database. Including it in an ACL "
17579
"does provide an explicit configuration but it also causes slapd to incur a "
17580
"performance penalty."
17581
msgstr ""
17582
17583
#: serverguide/C/network-auth.xml:1149(command)
17584
msgid ""
17585
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17586
"'(olcDatabase={-1}frontend)' olcAccess"
17587
msgstr ""
17588
17589
#: serverguide/C/network-auth.xml:1151(computeroutput)
17590
#, no-wrap
17591
msgid ""
17592
"\n"
17593
"dn: olcDatabase={-1}frontend,cn=config\n"
17594
"olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,\n"
17595
" cn=external,cn=auth manage by * break\n"
17596
"olcAccess: {1}to dn.exact=\"\" by * read\n"
17597
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
17598
msgstr ""
17599
17600
#: serverguide/C/network-auth.xml:1160(para)
17601
msgid "The very first ACL is crucial:"
17602
msgstr ""
17603
17604
#: serverguide/C/network-auth.xml:1164(programlisting)
17605
#, no-wrap
17606
msgid ""
17607
"\n"
17608
"olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by "
17609
"anonymous\n"
17610
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
17611
msgstr ""
17612
17613
#: serverguide/C/network-auth.xml:1169(para)
17614
msgid "This can be represented differently for easier digestion:"
17615
msgstr ""
17616
17617
#: serverguide/C/network-auth.xml:1173(programlisting)
17618
#, no-wrap
17619
msgid ""
17620
"\n"
17621
"to attrs=userPassword\n"
17622
"\tby self write\n"
17623
"\tby anonymous auth\n"
17624
"\tby dn=\"cn=admin,dc=example,dc=com\" write\n"
17625
"\tby * none\n"
17626
"\n"
17627
"to attrs=shadowLastChange\n"
17628
"\tby self write\n"
17629
"\tby anonymous auth\n"
17630
"\tby dn=\"cn=admin,dc=example,dc=com\" write\n"
17631
"\tby * none\n"
17632
msgstr ""
17633
17634
#: serverguide/C/network-auth.xml:1187(para)
17635
msgid "This compound ACL (there are 2) enforces the following:"
17636
msgstr ""
17637
17638
#: serverguide/C/network-auth.xml:1194(para)
17639
msgid ""
17640
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
17641
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
17642
"'by anonymous auth' is needed even when anonymous access to the DIT is "
17643
"unwanted. Once the remote end is connected, howerver, authentication can "
17644
"occur (see next point)."
17645
msgstr ""
17646
17647
#: serverguide/C/network-auth.xml:1202(para)
17648
msgid ""
17649
"Authentication can happen because all users have 'read' (due to 'by self "
17650
"write') access to the <emphasis>userPassword</emphasis> attribute."
17651
msgstr ""
17652
17653
#: serverguide/C/network-auth.xml:1208(para)
17654
msgid ""
17655
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
17656
"all other users, with the exception of the rootDN, who has complete access "
17657
"to it."
17658
msgstr ""
17659
17660
#: serverguide/C/network-auth.xml:1215(para)
17661
msgid ""
17662
"In order for users to change their own password, using "
17663
"<command>passwd</command> or other utilities, the "
17664
"<emphasis>shadowLastChange</emphasis> attribute needs to be accessible once "
17665
"a user has authenticated."
17666
msgstr ""
17667
17668
#: serverguide/C/network-auth.xml:1223(para)
17669
msgid ""
17670
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
17671
msgstr ""
17672
17673
#: serverguide/C/network-auth.xml:1227(programlisting)
17674
#, no-wrap
17675
msgid ""
17676
"\n"
17677
"to *\n"
17678
"\tby self write\n"
17679
"\tby dn=\"cn=admin,dc=example,dc=com\" write\n"
17680
"\tby * read\n"
17681
msgstr ""
17682
17683
#: serverguide/C/network-auth.xml:1234(para)
17684
msgid ""
17685
"If this is unwanted then you need to change the ACLs. To force "
17686
"authentication during a bind request you can alternatively (or in "
17687
"combination with the modified ACL) use the 'olcRequire: authc' directive."
17688
msgstr ""
17689
17690
#: serverguide/C/network-auth.xml:1239(para)
17691
msgid ""
17692
"As previously mentioned, there is no administrative account created for the "
17693
"slapd-config database. There is, however, a SASL identity that is granted "
17694
"full access to it. It represents the localhost's superuser (root/sudo). Here "
17695
"it is:"
17696
msgstr ""
17697
17698
#: serverguide/C/network-auth.xml:1244(programlisting)
17699
#, no-wrap
17700
msgid ""
17701
"\n"
17702
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
17703
msgstr ""
17704
17705
#: serverguide/C/network-auth.xml:1248(para)
17706
msgid ""
17707
"The following command will display the ACLs of the slapd-config database:"
17708
msgstr ""
17709
17710
#: serverguide/C/network-auth.xml:1253(command)
17711
msgid ""
17712
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17713
"'(olcDatabase={0}config)' olcAccess"
17714
msgstr ""
17715
17716
#: serverguide/C/network-auth.xml:1255(computeroutput)
17717
#, no-wrap
17718
msgid ""
17719
"\n"
14003
17720
"dn: olcDatabase={0}config,cn=config\n"
14004
"olcAccess: {0}to * by "
14005
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
14006
" ,cn=auth manage by * break\n"
14007
msgstr ""
14008
14009
#: serverguide/C/network-auth.xml:867(para)
14010
msgid "To see the ACL for the frontend tree enter:"
14011
msgstr ""
14012
14013
#: serverguide/C/network-auth.xml:872(command)
14014
msgid ""
14015
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
14016
"olcDatabase={1}hdb olcAccess"
14017
msgstr ""
14018
14019
#: serverguide/C/network-auth.xml:878(title)
14020
msgid "TLS and SSL"
14021
msgstr ""
14022
14023
#: serverguide/C/network-auth.xml:880(para)
17721
"olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,\n"
17722
" cn=external,cn=auth manage by * break\n"
17723
msgstr ""
17724
17725
#: serverguide/C/network-auth.xml:1262(para)
17726
msgid ""
17727
"Since this is a SASL identity we need to use a SASL "
17728
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
17729
"and and we have seen it plenty of times in this guide. It is the EXTERNAL "
17730
"mechanism. See the previous command for an example. Note that:"
17731
msgstr ""
17732
17733
#: serverguide/C/network-auth.xml:1270(para)
17734
msgid ""
17735
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
17736
"for the ACL to match."
17737
msgstr ""
17738
17739
#: serverguide/C/network-auth.xml:1276(para)
17740
msgid ""
17741
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
17742
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
17743
msgstr ""
17744
17745
#: serverguide/C/network-auth.xml:1284(para)
17746
msgid "A succinct way to get all the ACLs is like this:"
17747
msgstr ""
17748
17749
#: serverguide/C/network-auth.xml:1289(command)
17750
msgid ""
17751
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
17752
"'(olcAccess=*)' olcAccess olcSuffix"
17753
msgstr ""
17754
17755
#: serverguide/C/network-auth.xml:1293(para)
17756
msgid ""
17757
"There is much to say on the topic of access control. See the man page for "
17758
"<ulink "
17759
"url=\"http://manpages.ubuntu.com/manpages/en/man5/slapd.access.5.html\">slapd"
17760
".access</ulink>."
17761
msgstr ""
17762
17763
#: serverguide/C/network-auth.xml:1301(title)
17764
msgid "TLS"
17765
msgstr ""
17766
17767
#: serverguide/C/network-auth.xml:1303(para)
14024
17768
msgid ""
14025
17769
"When authenticating to an OpenLDAP server it is best to do so using an "
14026
17770
"encrypted session. This can be accomplished using Transport Layer Security "
14027
"(TLS) and/or Secure Sockets Layer (SSL)."
14028
msgstr ""
14029
14030
#: serverguide/C/network-auth.xml:885(para)
14031
msgid ""
14032
"The first step in the process is to obtain or create a "
14033
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
14034
"is compiled using the <application>gnutls</application> library, the "
14035
"<application>certtool</application> utility will be used to create "
14036
"certificates."
14037
msgstr ""
14038
14039
#: serverguide/C/network-auth.xml:894(para)
14040
msgid ""
14041
"First, install <application>gnutls-bin</application> by entering the "
14042
"following in a terminal:"
14043
msgstr ""
14044
14045
#: serverguide/C/network-auth.xml:899(command)
14046
msgid "sudo apt-get install gnutls-bin"
14047
msgstr ""
14048
14049
#: serverguide/C/network-auth.xml:905(para)
14050
msgid ""
14051
"Next, create a private key for the <emphasis>Certificate "
14052
"Authority</emphasis> (CA):"
14053
msgstr ""
14054
14055
#: serverguide/C/network-auth.xml:910(command)
17771
"(TLS)."
17772
msgstr ""
17773
17774
#: serverguide/C/network-auth.xml:1308(para)
17775
msgid ""
17776
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
17777
"create and sign our LDAP server certificate as that CA. Since "
17778
"<application>slapd</application> is compiled using the "
17779
"<application>gnutls</application> library, we will use the "
17780
"<application>certtool</application> utility to complete these tasks."
17781
msgstr ""
17782
17783
#: serverguide/C/network-auth.xml:1317(para)
17784
msgid ""
17785
"Install the <application>gnutls-bin</application> and <application>ssl-"
17786
"cert</application> packages:"
17787
msgstr ""
17788
17789
#: serverguide/C/network-auth.xml:1322(command)
17790
msgid "sudo apt-get install gnutls-bin ssl-cert"
17791
msgstr ""
17792
17793
#: serverguide/C/network-auth.xml:1328(para)
17794
msgid "Create a private key for the Certificate Authority:"
17795
msgstr ""
17796
17797
#: serverguide/C/network-auth.xml:1333(command)
14056
17798
msgid ""
14057
17799
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14058
17800
msgstr ""
14059
17801
14060
#: serverguide/C/network-auth.xml:916(para)
17802
#: serverguide/C/network-auth.xml:1339(para)
14061
17803
msgid ""
14062
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
14063
"CA certificate containing:"
17804
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
17805
"CA:"
14064
17806
msgstr ""
14065
17807
14066
#: serverguide/C/network-auth.xml:920(programlisting)
17808
#: serverguide/C/network-auth.xml:1343(programlisting)
14067
17809
#, no-wrap
14068
17810
msgid ""
14069
17811
"\n"
14072
17814
"cert_signing_key\n"
14073
17815
msgstr ""
14074
17816
14075
#: serverguide/C/network-auth.xml:929(para)
14076
msgid "Now create the self-signed CA certificate:"
17817
#: serverguide/C/network-auth.xml:1352(para)
17818
msgid "Create the self-signed CA certificate:"
14077
17819
msgstr ""
14078
17820
14079
#: serverguide/C/network-auth.xml:934(command)
17821
#: serverguide/C/network-auth.xml:1357(command)
14080
17822
msgid ""
14081
"sudo certtool --generate-self-signed --load-privkey "
14082
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
17823
"sudo certtool --generate-self-signed \\ --load-privkey "
17824
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
14083
17825
"/etc/ssl/certs/cacert.pem"
14084
17826
msgstr ""
14085
17827
14086
#: serverguide/C/network-auth.xml:941(para)
17828
#: serverguide/C/network-auth.xml:1366(para)
14087
17829
msgid "Make a private key for the server:"
14088
17830
msgstr ""
14089
17831
14090
#: serverguide/C/network-auth.xml:946(command)
17832
#: serverguide/C/network-auth.xml:1371(command)
14091
17833
msgid ""
14092
"sudo sh -c \"certtool --generate-privkey > "
14093
"/etc/ssl/private/ldap01_slapd_key.pem\""
17834
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
17835
"/etc/ssl/private/ldap01_slapd_key.pem"
14094
17836
msgstr ""
14095
17837
14096
#: serverguide/C/network-auth.xml:950(para)
17838
#: serverguide/C/network-auth.xml:1377(para)
14097
17839
msgid ""
14098
17840
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14099
17841
"hostname. Naming the certificate and key for the host and service that will "
14100
"be using them will help keep filenames and paths straight."
17842
"be using them will help keep things clear."
14101
17843
msgstr ""
14102
17844
14103
#: serverguide/C/network-auth.xml:959(para)
17845
#: serverguide/C/network-auth.xml:1386(para)
14104
17846
msgid ""
14105
"To sign the server's certificate with the CA, create the "
14106
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
17847
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
14107
17848
msgstr ""
14108
17849
14109
#: serverguide/C/network-auth.xml:963(programlisting)
17850
#: serverguide/C/network-auth.xml:1390(programlisting)
14110
17851
#, no-wrap
14111
17852
msgid ""
14112
17853
"\n"
14115
17856
"tls_www_server\n"
14116
17857
"encryption_key\n"
14117
17858
"signing_key\n"
14118
msgstr ""
14119
14120
#: serverguide/C/network-auth.xml:974(para)
17859
"expiration_days = 3650\n"
17860
msgstr ""
17861
17862
#: serverguide/C/network-auth.xml:1399(para)
17863
msgid "The above certificate is good for 10 years. Adjust accordingly."
17864
msgstr ""
17865
17866
#: serverguide/C/network-auth.xml:1405(para)
14121
17867
msgid "Create the server's certificate:"
14122
17868
msgstr ""
14123
17869
14124
#: serverguide/C/network-auth.xml:979(command)
14125
msgid ""
14126
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
14127
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
14128
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
14129
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
14130
msgstr ""
14131
14132
#: serverguide/C/network-auth.xml:987(para)
14133
msgid ""
14134
"Once you have a certificate, key, and CA cert installed, use "
14135
"<application>ldapmodify</application> to add the new configuration options:"
14136
msgstr ""
14137
14138
#: serverguide/C/network-auth.xml:998(userinput)
17870
#: serverguide/C/network-auth.xml:1410(command)
17871
msgid ""
17872
"sudo certtool --generate-certificate \\ --load-privkey "
17873
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
17874
"/etc/ssl/certs/cacert.pem \\ --load-ca-privkey /etc/ssl/private/cakey.pem \\ "
17875
"--template /etc/ssl/ldap01.info \\ --outfile "
17876
"/etc/ssl/certs/ldap01_slapd_cert.pem"
17877
msgstr ""
17878
17879
#: serverguide/C/network-auth.xml:1422(para)
17880
msgid ""
17881
"Create the file <filename>certinfo.ldif</filename> with the following "
17882
"contents (adjust accordingly, our example assumes we created certs using "
17883
"https://www.cacert.org):"
17884
msgstr ""
17885
17886
#: serverguide/C/network-auth.xml:1426(programlisting)
14139
17887
#, no-wrap
14140
17888
msgid ""
17889
"\n"
14141
17890
"dn: cn=config\n"
14142
17891
"add: olcTLSCACertificateFile\n"
14143
17892
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14146
17895
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
14147
17896
"-\n"
14148
17897
"add: olcTLSCertificateKeyFile\n"
14149
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
14150
msgstr ""
14151
14152
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
14153
#, no-wrap
14154
msgid ""
14155
"Enter LDAP Password:\n"
14156
"<placeholder-1/>\n"
14157
"\n"
14158
"modifying entry \"cn=config\"\n"
14159
msgstr ""
14160
14161
#: serverguide/C/network-auth.xml:1013(para)
14162
msgid ""
14163
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14164
"<filename>ldap01_slapd_key.pem</filename>, and "
14165
"<filename>cacert.pem</filename> names if yours are different."
14166
msgstr ""
14167
14168
#: serverguide/C/network-auth.xml:1019(para)
14169
msgid ""
14170
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
14171
"<emphasis>SLAPD_SERVICES</emphasis> option:"
14172
msgstr ""
14173
14174
#: serverguide/C/network-auth.xml:1023(programlisting)
14175
#, no-wrap
14176
msgid ""
14177
"\n"
14178
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14179
msgstr ""
14180
14181
#: serverguide/C/network-auth.xml:1027(para)
14182
msgid ""
14183
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
14184
msgstr ""
14185
14186
#: serverguide/C/network-auth.xml:1032(command)
17898
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
17899
msgstr ""
17900
17901
#: serverguide/C/network-auth.xml:1438(para)
17902
msgid ""
17903
"Use the <application>ldapmodify</application> command to tell slapd about "
17904
"our TLS work via the slapd-config database:"
17905
msgstr ""
17906
17907
#: serverguide/C/network-auth.xml:1443(command)
17908
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
17909
msgstr ""
17910
17911
#: serverguide/C/network-auth.xml:1446(para)
17912
msgid ""
17913
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
17914
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
17915
"should have just:"
17916
msgstr ""
17917
17918
#: serverguide/C/network-auth.xml:1451(programlisting)
17919
#, no-wrap
17920
msgid ""
17921
"\n"
17922
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
17923
msgstr ""
17924
17925
#: serverguide/C/network-auth.xml:1456(para)
17926
msgid ""
17927
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
17928
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
17929
"(listening on TCP port 389) becoming protected by TLS/SSL whereas LDAPS, "
17930
"like HTTPS, is a distinct encrypted-from-the-start protocol that operates "
17931
"over TCP port 636."
17932
msgstr ""
17933
17934
#: serverguide/C/network-auth.xml:1464(para)
17935
msgid "Tighten up ownership and permissions:"
17936
msgstr ""
17937
17938
#: serverguide/C/network-auth.xml:1469(command) serverguide/C/network-auth.xml:1586(command)
14187
17939
msgid "sudo adduser openldap ssl-cert"
14188
17940
msgstr ""
14189
17941
14190
#: serverguide/C/network-auth.xml:1033(command)
17942
#: serverguide/C/network-auth.xml:1470(command)
14191
17943
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14192
17944
msgstr ""
14193
17945
14194
#: serverguide/C/network-auth.xml:1034(command)
17946
#: serverguide/C/network-auth.xml:1471(command)
14195
17947
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14196
17948
msgstr ""
14197
17949
14198
#: serverguide/C/network-auth.xml:1038(para)
14199
msgid ""
14200
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
14201
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
14202
"adjust the commands appropriately."
14203
msgstr ""
14204
14205
#: serverguide/C/network-auth.xml:1044(para)
14206
msgid "Finally, restart <application>slapd</application>:"
14207
msgstr ""
14208
14209
#: serverguide/C/network-auth.xml:1052(para)
14210
msgid ""
14211
"The <application>slapd</application> daemon should now be listening for "
14212
"LDAPS connections and be able to use STARTTLS during authentication."
14213
msgstr ""
14214
14215
#: serverguide/C/network-auth.xml:1058(para)
14216
msgid ""
14217
"If you run into troubles with the server not starting, check the "
14218
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
14219
"it is likely there is a configuration problem. Check that the certificate is "
14220
"signed by the authority from in the files configured, and that the ssl-cert "
14221
"group has read permissions on the private key."
14222
msgstr ""
14223
14224
#: serverguide/C/network-auth.xml:1070(title)
14225
msgid "TLS Replication"
14226
msgstr ""
14227
14228
#: serverguide/C/network-auth.xml:1072(para)
14229
msgid ""
14230
"If you have setup <application>Syncrepl</application> between servers, it is "
14231
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
14232
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
14233
"linkend=\"openldap-server-replication\"/>."
14234
msgstr ""
14235
14236
#: serverguide/C/network-auth.xml:1078(para)
14237
msgid ""
14238
"Assuming you have followed the above instructions and created a CA "
14239
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14240
"server. Follow the following instructions to create a certificate and key "
14241
"for the <emphasis>Consumer</emphasis> server."
14242
msgstr ""
14243
14244
#: serverguide/C/network-auth.xml:1087(para)
14245
msgid "Create a new key for the Consumer server:"
14246
msgstr ""
14247
14248
#: serverguide/C/network-auth.xml:1092(command)
17950
#: serverguide/C/network-auth.xml:1472(command)
17951
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
17952
msgstr ""
17953
17954
#: serverguide/C/network-auth.xml:1475(para)
17955
msgid "Restart OpenLDAP:"
17956
msgstr ""
17957
17958
#: serverguide/C/network-auth.xml:1483(para)
17959
msgid ""
17960
"Check your host's logs (/var/log/syslog) to see if the server has started "
17961
"properly."
17962
msgstr ""
17963
17964
#: serverguide/C/network-auth.xml:1490(title)
17965
msgid "Replication and TLS"
17966
msgstr ""
17967
17968
#: serverguide/C/network-auth.xml:1492(para)
17969
msgid ""
17970
"If you have set up replication between servers, it is common practice to "
17971
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
17972
"distinct from using encryption with authentication as we did above. In this "
17973
"section we will build on that TLS-authentication work."
17974
msgstr ""
17975
17976
#: serverguide/C/network-auth.xml:1498(para)
17977
msgid ""
17978
"The assumption here is that you have set up replication between Provider and "
17979
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
17980
"have configured TLS for authentication on the Provider by following <xref "
17981
"linkend=\"openldap-tls\"/>."
17982
msgstr ""
17983
17984
#: serverguide/C/network-auth.xml:1503(para)
17985
msgid ""
17986
"As previously stated, the objective (for us) with replication is high "
17987
"availablity for the LDAP service. Since we have TLS for authentication on "
17988
"the Provider we will require the same on the Consumer. In addition to this, "
17989
"however, we want to encrypt replication traffic. What remains to be done is "
17990
"to create a key and certificate for the Consumer and then configure "
17991
"accordingly. We will generate the key/certificate on the Provider, to avoid "
17992
"having to create another CA certificate, and then transfer the necessary "
17993
"material over to the Consumer."
17994
msgstr ""
17995
17996
#: serverguide/C/network-auth.xml:1514(para) serverguide/C/network-auth.xml:1671(para)
17997
msgid "On the Provider,"
17998
msgstr ""
17999
18000
#: serverguide/C/network-auth.xml:1518(para)
18001
msgid ""
18002
"Create a holding directory (which will be used for the eventual transfer) "
18003
"and then the Consumer's private key:"
18004
msgstr ""
18005
18006
#: serverguide/C/network-auth.xml:1523(command)
14249
18007
msgid "mkdir ldap02-ssl"
14250
18008
msgstr ""
14251
18009
14252
#: serverguide/C/network-auth.xml:1093(command)
18010
#: serverguide/C/network-auth.xml:1524(command)
14253
18011
msgid "cd ldap02-ssl"
14254
18012
msgstr ""
14255
18013
14256
#: serverguide/C/network-auth.xml:1094(command)
14257
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14258
msgstr ""
14259
14260
#: serverguide/C/network-auth.xml:1098(para)
14261
msgid ""
14262
"Creating a new directory is not strictly necessary, but it will help keep "
14263
"things organized and make it easier to copy the files to the Consumer server."
14264
msgstr ""
14265
14266
#: serverguide/C/network-auth.xml:1107(para)
14267
msgid ""
14268
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14269
"server, changing the attributes to match your locality and server:"
14270
msgstr ""
14271
14272
#: serverguide/C/network-auth.xml:1112(programlisting)
18014
#: serverguide/C/network-auth.xml:1525(command)
18015
msgid ""
18016
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
18017
"ldap02_slapd_key.pem"
18018
msgstr ""
18019
18020
#: serverguide/C/network-auth.xml:1530(para)
18021
msgid ""
18022
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
18023
"server, adjusting it's values accordingly:"
18024
msgstr ""
18025
18026
#: serverguide/C/network-auth.xml:1534(programlisting)
14273
18027
#, no-wrap
14274
18028
msgid ""
14275
18029
"\n"
14276
"country = US\n"
14277
"state = North Carolina\n"
14278
"locality = Winston-Salem\n"
14279
18030
"organization = Example Company\n"
14280
"cn = ldap02.salem.edu\n"
14281
"tls_www_client\n"
18031
"cn = ldap02.example.com\n"
18032
"tls_www_server\n"
14282
18033
"encryption_key\n"
14283
18034
"signing_key\n"
14284
msgstr ""
14285
14286
#: serverguide/C/network-auth.xml:1126(para)
14287
msgid "Create the certificate:"
14288
msgstr ""
14289
14290
#: serverguide/C/network-auth.xml:1131(command)
18035
"expiration_days = 3650\n"
18036
msgstr ""
18037
18038
#: serverguide/C/network-auth.xml:1543(para)
18039
msgid "Create the Consumer's certificate:"
18040
msgstr ""
18041
18042
#: serverguide/C/network-auth.xml:1548(command)
14291
18043
msgid ""
14292
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14293
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14294
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
18044
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
18045
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
18046
"/etc/ssl/private/cakey.pem \\ --template ldap02.info \\ --outfile "
14295
18047
"ldap02_slapd_cert.pem"
14296
18048
msgstr ""
14297
18049
14298
#: serverguide/C/network-auth.xml:1139(para)
14299
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
18050
#: serverguide/C/network-auth.xml:1556(para)
18051
msgid "Get a copy of the CA certificate:"
14300
18052
msgstr ""
14301
18053
14302
#: serverguide/C/network-auth.xml:1144(command)
18054
#: serverguide/C/network-auth.xml:1561(command)
14303
18055
msgid "cp /etc/ssl/certs/cacert.pem ."
14304
18056
msgstr ""
14305
18057
14306
#: serverguide/C/network-auth.xml:1150(para)
14307
msgid ""
14308
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14309
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14310
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14311
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14312
"<filename>/etc/ssl/private</filename>."
14313
msgstr ""
14314
14315
#: serverguide/C/network-auth.xml:1159(para)
14316
msgid ""
14317
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14318
"by entering:"
14319
msgstr ""
14320
14321
#: serverguide/C/network-auth.xml:1169(userinput)
18058
#: serverguide/C/network-auth.xml:1564(para)
18059
msgid ""
18060
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
18061
"the Consumer. Here we use scp (adjust accordingly):"
18062
msgstr ""
18063
18064
#: serverguide/C/network-auth.xml:1569(command)
18065
msgid "cd .."
18066
msgstr ""
18067
18068
#: serverguide/C/network-auth.xml:1570(command)
18069
msgid "scp -r ldap02-ssl user@consumer:"
18070
msgstr ""
18071
18072
#: serverguide/C/network-auth.xml:1576(para) serverguide/C/network-auth.xml:1624(para)
18073
msgid "On the Consumer,"
18074
msgstr ""
18075
18076
#: serverguide/C/network-auth.xml:1580(para)
18077
msgid "Configure TLS authentication:"
18078
msgstr ""
18079
18080
#: serverguide/C/network-auth.xml:1585(command)
18081
msgid "sudo apt-get install ssl-cert"
18082
msgstr ""
18083
18084
#: serverguide/C/network-auth.xml:1587(command)
18085
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
18086
msgstr ""
18087
18088
#: serverguide/C/network-auth.xml:1588(command)
18089
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
18090
msgstr ""
18091
18092
#: serverguide/C/network-auth.xml:1589(command)
18093
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
18094
msgstr ""
18095
18096
#: serverguide/C/network-auth.xml:1590(command)
18097
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
18098
msgstr ""
18099
18100
#: serverguide/C/network-auth.xml:1591(command)
18101
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
18102
msgstr ""
18103
18104
#: serverguide/C/network-auth.xml:1594(para)
18105
msgid ""
18106
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
18107
"following contents (adjust accordingly):"
18108
msgstr ""
18109
18110
#: serverguide/C/network-auth.xml:1598(programlisting)
14322
18111
#, no-wrap
14323
18112
msgid ""
18113
"\n"
14324
18114
"dn: cn=config\n"
14325
18115
"add: olcTLSCACertificateFile\n"
14326
18116
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14329
18119
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14330
18120
"-\n"
14331
18121
"add: olcTLSCertificateKeyFile\n"
14332
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14333
msgstr ""
14334
14335
#: serverguide/C/network-auth.xml:1186(para)
14336
msgid ""
14337
"As with the Provider you can now edit "
14338
"<filename>/etc/default/slapd</filename> and add the "
14339
"<emphasis>ldaps:///</emphasis> parameter to the "
14340
"<emphasis>SLAPD_SERVICES</emphasis> option."
14341
msgstr ""
14342
14343
#: serverguide/C/network-auth.xml:1194(para)
14344
msgid ""
14345
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14346
"modify the <emphasis>Consumer</emphasis> server's "
14347
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14348
msgstr ""
14349
14350
#: serverguide/C/network-auth.xml:1207(userinput)
18122
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
18123
msgstr ""
18124
18125
#: serverguide/C/network-auth.xml:1610(para)
18126
msgid "Configure the slapd-config database:"
18127
msgstr ""
18128
18129
#: serverguide/C/network-auth.xml:1615(command)
18130
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
18131
msgstr ""
18132
18133
#: serverguide/C/network-auth.xml:1618(para)
18134
msgid ""
18135
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
18136
"(SLAPD_SERVICES)."
18137
msgstr ""
18138
18139
#: serverguide/C/network-auth.xml:1628(para)
18140
msgid ""
18141
"Configure TLS for Consumer-side replication. Modify the existing "
18142
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
18143
"In so doing, we will see, for the first time, how to change an attribute's "
18144
"value(s)."
18145
msgstr ""
18146
18147
#: serverguide/C/network-auth.xml:1633(para)
18148
msgid ""
18149
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
18150
"following contents:"
18151
msgstr ""
18152
18153
#: serverguide/C/network-auth.xml:1637(programlisting)
14351
18154
#, no-wrap
14352
18155
msgid ""
14353
18156
"\n"
14354
18157
"dn: olcDatabase={1}hdb,cn=config\n"
14355
"replace: olcSyncrepl\n"
14356
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14357
"binddn=\"cn=ad\n"
14358
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14359
"logbas\n"
14360
" e=\"cn=accesslog\" "
14361
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14362
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14363
"starttls=yes"
14364
msgstr ""
14365
14366
#: serverguide/C/network-auth.xml:1204(computeroutput)
14367
#, no-wrap
14368
msgid ""
14369
"SASL/EXTERNAL authentication started\n"
14370
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14371
"SASL SSF: 0\n"
14372
"<placeholder-1/>\n"
14373
"\n"
14374
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14375
msgstr ""
14376
14377
#: serverguide/C/network-auth.xml:1219(para)
14378
msgid ""
14379
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14380
"(FQDN) in the certificate, you may have to edit "
14381
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14382
msgstr ""
14383
14384
#: serverguide/C/network-auth.xml:1224(programlisting)
14385
#, no-wrap
14386
msgid ""
14387
"\n"
14388
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14389
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14390
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14391
msgstr ""
14392
14393
#: serverguide/C/network-auth.xml:1231(para)
14394
msgid ""
14395
"Finally, restart <application>slapd</application> on each of the servers:"
14396
msgstr ""
14397
14398
#: serverguide/C/network-auth.xml:1244(title)
18158
"replace: olcSyncRepl\n"
18159
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple\n"
18160
" binddn=\"cn=admin,dc=example,dc=com\" credentials=secret "
18161
"searchbase=\"dc=example,dc=com\"\n"
18162
" logbase=\"cn=accesslog\" "
18163
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\"\n"
18164
" schemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
18165
" <application>starttls=critical tls_reqcert=demand</application>\n"
18166
msgstr ""
18167
18168
#: serverguide/C/network-auth.xml:1647(para)
18169
msgid ""
18170
"The extra options specify, respectively, that the consumer must use StartTLS "
18171
"and that the CA certificate is required to verify the Provider's identity. "
18172
"Also note the LDIF syntax for changing the values of an attribute "
18173
"('replace')."
18174
msgstr ""
18175
18176
#: serverguide/C/network-auth.xml:1652(para)
18177
msgid "Implement these changes:"
18178
msgstr ""
18179
18180
#: serverguide/C/network-auth.xml:1657(command)
18181
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
18182
msgstr ""
18183
18184
#: serverguide/C/network-auth.xml:1660(para)
18185
msgid "And restart slapd:"
18186
msgstr ""
18187
18188
#: serverguide/C/network-auth.xml:1675(para)
18189
msgid ""
18190
"Check to see that a TLS session has been established. In "
18191
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
18192
"logging set up, you should see messages similar to:"
18193
msgstr ""
18194
18195
#: serverguide/C/network-auth.xml:1680(programlisting)
18196
#, no-wrap
18197
msgid ""
18198
"\n"
18199
"slapd[3620]: conn=1047 fd=20 ACCEPT from IP=10.153.107.229:57922 "
18200
"(IP=0.0.0.0:389)\n"
18201
"slapd[3620]: conn=1047 op=0 EXT oid=1.3.6.1.4.1.1466.20037\n"
18202
"slapd[3620]: conn=1047 op=0 STARTTLS\n"
18203
"slapd[3620]: conn=1047 op=0 RESULT oid= err=0 text=\n"
18204
"slapd[3620]: conn=1047 fd=20 TLS established tls_ssf=128 ssf=128\n"
18205
"slapd[3620]: conn=1047 op=1 BIND dn=\"cn=admin,dc=example,dc=com\" "
18206
"method=128\n"
18207
"slapd[3620]: conn=1047 op=1 BIND dn=\"cn=admin,dc=example,dc=com\" "
18208
"mech=SIMPLE ssf=0\n"
18209
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
18210
msgstr ""
18211
18212
#: serverguide/C/network-auth.xml:1698(title)
14399
18213
msgid "LDAP Authentication"
14400
18214
msgstr ""
14401
18215
14402
#: serverguide/C/network-auth.xml:1246(para)
18216
#: serverguide/C/network-auth.xml:1700(para)
14403
18217
msgid ""
14404
"Once you have a working LDAP server, the <application>auth-client-"
14405
"config</application> and <application>libnss-ldap</application> packages "
14406
"take the pain out of configuring an Ubuntu client to authenticate using "
14407
"LDAP. To install the packages from, a terminal prompt enter:"
18218
"Once you have a working LDAP server, you will need to install libraries on "
18219
"the client that will know how and when to contact it. On Ubuntu, this has "
18220
"been traditionally accomplishd by installing the <application>libnss-"
18221
"ldap</application> package. This package will bring in other tools that will "
18222
"assist you in the configuration step. Install this package now:"
14408
18223
msgstr ""
14409
18224
14410
#: serverguide/C/network-auth.xml:1253(command)
18225
#: serverguide/C/network-auth.xml:1707(command)
14411
18226
msgid "sudo apt-get install libnss-ldap"
14412
18227
msgstr ""
14413
18228
14414
#: serverguide/C/network-auth.xml:1256(para)
14415
msgid ""
14416
"During the install a menu dialog will ask you connection details about your "
14417
"LDAP server."
14418
msgstr ""
14419
14420
#: serverguide/C/network-auth.xml:1260(para)
14421
msgid ""
14422
"If you make a mistake when entering your information you can execute the "
14423
"dialog again using:"
14424
msgstr ""
14425
14426
#: serverguide/C/network-auth.xml:1265(command)
18229
#: serverguide/C/network-auth.xml:1710(para)
18230
msgid ""
18231
"You will be prompted for details of your LDAP server. If you make a mistake "
18232
"you can try again using:"
18233
msgstr ""
18234
18235
#: serverguide/C/network-auth.xml:1715(command)
14427
18236
msgid "sudo dpkg-reconfigure ldap-auth-config"
14428
18237
msgstr ""
14429
18238
14430
#: serverguide/C/network-auth.xml:1268(para)
18239
#: serverguide/C/network-auth.xml:1718(para)
14431
18240
msgid ""
14432
18241
"The results of the dialog can be seen in "
14433
18242
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14434
18243
"covered in the menu edit this file accordingly."
14435
18244
msgstr ""
14436
18245
14437
#: serverguide/C/network-auth.xml:1273(para)
14438
msgid ""
14439
"Now that <application>libnss-ldap</application> is configured enable the "
14440
"<application>auth-client-config</application> LDAP profile by entering:"
18246
#: serverguide/C/network-auth.xml:1723(para)
18247
msgid "Now configure the LDAP profile for NSS:"
14441
18248
msgstr ""
14442
18249
14443
#: serverguide/C/network-auth.xml:1279(command)
18250
#: serverguide/C/network-auth.xml:1728(command)
14444
18251
msgid "sudo auth-client-config -t nss -p lac_ldap"
14445
18252
msgstr ""
14446
18253
14447
#: serverguide/C/network-auth.xml:1284(para)
14448
msgid ""
14449
"<emphasis>-t:</emphasis> only modifies "
14450
"<filename>/etc/nsswitch.conf</filename>."
14451
msgstr ""
14452
14453
#: serverguide/C/network-auth.xml:1289(para)
14454
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14455
msgstr ""
14456
14457
#: serverguide/C/network-auth.xml:1294(para)
14458
msgid ""
14459
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14460
"config</application> profile that is part of the <application>ldap-auth-"
14461
"config</application> package."
14462
msgstr ""
14463
14464
#: serverguide/C/network-auth.xml:1301(para)
14465
msgid ""
14466
"Using the <application>pam-auth-update</application> utility, configure the "
14467
"system to use LDAP for authentication:"
14468
msgstr ""
14469
14470
#: serverguide/C/network-auth.xml:1306(command)
18254
#: serverguide/C/network-auth.xml:1731(para)
18255
msgid "Configure the system to use LDAP for authentication:"
18256
msgstr ""
18257
18258
#: serverguide/C/network-auth.xml:1736(command)
14471
18259
msgid "sudo pam-auth-update"
14472
18260
msgstr ""
14473
18261
14474
#: serverguide/C/network-auth.xml:1309(para)
14475
msgid ""
14476
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14477
"any other authentication mechanisms you need."
14478
msgstr ""
14479
14480
#: serverguide/C/network-auth.xml:1313(para)
14481
msgid ""
14482
"You should now be able to login using user credentials stored in the LDAP "
14483
"directory."
14484
msgstr ""
14485
14486
#: serverguide/C/network-auth.xml:1318(para)
18262
#: serverguide/C/network-auth.xml:1739(para)
18263
msgid ""
18264
"From the menu, choose LDAP and any other authentication mechanisms you need."
18265
msgstr ""
18266
18267
#: serverguide/C/network-auth.xml:1743(para)
18268
msgid "You should now be able to log in using LDAP-based credentials."
18269
msgstr ""
18270
18271
#: serverguide/C/network-auth.xml:1747(para)
18272
msgid ""
18273
"LDAP clients will need to refer to multiple servers if replication is in "
18274
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
18275
msgstr ""
18276
18277
#: serverguide/C/network-auth.xml:1752(programlisting)
18278
#, no-wrap
18279
msgid ""
18280
"\n"
18281
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
18282
msgstr ""
18283
18284
#: serverguide/C/network-auth.xml:1756(para)
18285
msgid ""
18286
"The request will time out and the Consumer (ldap02) will attempt to be "
18287
"reached if the Provider (ldap01) becomes unresponsive."
18288
msgstr ""
18289
18290
#: serverguide/C/network-auth.xml:1760(para)
14487
18291
msgid ""
14488
18292
"If you are going to use LDAP to store Samba users you will need to configure "
14489
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14490
"for details."
14491
msgstr ""
14492
14493
#: serverguide/C/network-auth.xml:1326(title)
18293
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
18294
"ldap\"/> for details."
18295
msgstr ""
18296
18297
#: serverguide/C/network-auth.xml:1766(para)
18298
msgid ""
18299
"An alternative to the <application>libnss-ldap</application> package is the "
18300
"<application>libnss-ldapd</application> package. This, however, will bring "
18301
"in the <application>nscd</application> package which is problably not "
18302
"wanted. Simply remove it afterwards."
18303
msgstr ""
18304
18305
#: serverguide/C/network-auth.xml:1776(title)
14494
18306
msgid "User and Group Management"
14495
18307
msgstr ""
14496
18308
14497
#: serverguide/C/network-auth.xml:1328(para)
18309
#: serverguide/C/network-auth.xml:1778(para)
14498
18310
msgid ""
14499
"The <application>ldap-utils</application> package comes with multiple "
14500
"utilities to manage the directory, but the long string of options needed, "
14501
"can make them a burden to use. The <application>ldapscripts</application> "
14502
"package contains configurable scripts to easily manage LDAP users and groups."
14503
msgstr ""
14504
14505
#: serverguide/C/network-auth.xml:1334(para)
14506
msgid "To install the package, from a terminal enter:"
14507
msgstr ""
14508
14509
#: serverguide/C/network-auth.xml:1339(command)
18311
"The <application>ldap-utils</application> package comes with enough "
18312
"utilities to manage the directory but the long string of options needed can "
18313
"make them a burden to use. The <application>ldapscripts</application> "
18314
"package contains wrapper scripts to these utilities that some people find "
18315
"easier to use."
18316
msgstr ""
18317
18318
#: serverguide/C/network-auth.xml:1784(para)
18319
msgid "Install the package:"
18320
msgstr ""
18321
18322
#: serverguide/C/network-auth.xml:1789(command)
14510
18323
msgid "sudo apt-get install ldapscripts"
14511
18324
msgstr ""
14512
18325
14513
#: serverguide/C/network-auth.xml:1342(para)
18326
#: serverguide/C/network-auth.xml:1792(para)
14514
18327
msgid ""
14515
"Next, edit the config file "
14516
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14517
"changing the following to match your environment:"
18328
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
18329
"arrive at something similar to the following:"
14518
18330
msgstr ""
14519
18331
14520
#: serverguide/C/network-auth.xml:1347(programlisting)
18332
#: serverguide/C/network-auth.xml:1796(programlisting)
14521
18333
#, no-wrap
14522
18334
msgid ""
14523
18335
"\n"
14533
18345
"MIDSTART=10000\n"
14534
18346
msgstr ""
14535
18347
14536
#: serverguide/C/network-auth.xml:1360(para)
18348
#: serverguide/C/network-auth.xml:1809(para)
14537
18349
msgid ""
14538
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14539
"authenticated access to the directory:"
18350
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
18351
"access to the directory:"
14540
18352
msgstr ""
14541
18353
14542
#: serverguide/C/network-auth.xml:1365(command)
18354
#: serverguide/C/network-auth.xml:1814(command)
14543
18355
msgid ""
14544
18356
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14545
18357
msgstr ""
14546
18358
14547
#: serverguide/C/network-auth.xml:1366(command)
18359
#: serverguide/C/network-auth.xml:1815(command)
14548
18360
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14549
18361
msgstr ""
14550
18362
14551
#: serverguide/C/network-auth.xml:1370(para)
14552
msgid ""
14553
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14554
"user."
14555
msgstr ""
14556
14557
#: serverguide/C/network-auth.xml:1375(para)
14558
msgid ""
14559
"The <application>ldapscripts</application> are now ready to help manage your "
14560
"directory. The following are some examples of how to use the scripts:"
14561
msgstr ""
14562
14563
#: serverguide/C/network-auth.xml:1382(para)
18363
#: serverguide/C/network-auth.xml:1819(para)
18364
msgid ""
18365
"Replace <quote>secret</quote> with the actual password for your database's "
18366
"rootDN user."
18367
msgstr ""
18368
18369
#: serverguide/C/network-auth.xml:1824(para)
18370
msgid ""
18371
"The scripts are now ready to help manage your directory. Here are some "
18372
"examples of how to use them:"
18373
msgstr ""
18374
18375
#: serverguide/C/network-auth.xml:1831(para)
14564
18376
msgid "Create a new user:"
14565
18377
msgstr ""
14566
18378
14567
#: serverguide/C/network-auth.xml:1386(command)
18379
#: serverguide/C/network-auth.xml:1836(command)
14568
18380
msgid "sudo ldapadduser george example"
14569
18381
msgstr ""
14570
18382
14571
#: serverguide/C/network-auth.xml:1388(para)
18383
#: serverguide/C/network-auth.xml:1839(para)
14572
18384
msgid ""
14573
18385
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14574
18386
"and set the user's primary group (gid) to <emphasis "
14575
18387
"role=\"italic\">example</emphasis>"
14576
18388
msgstr ""
14577
18389
14578
#: serverguide/C/network-auth.xml:1394(para)
18390
#: serverguide/C/network-auth.xml:1846(para)
14579
18391
msgid "Change a user's password:"
14580
18392
msgstr ""
14581
18393
14582
#: serverguide/C/network-auth.xml:1398(command)
18394
#: serverguide/C/network-auth.xml:1851(command)
14583
18395
msgid "sudo ldapsetpasswd george"
14584
18396
msgstr ""
14585
18397
14586
#: serverguide/C/network-auth.xml:1399(computeroutput)
18398
#: serverguide/C/network-auth.xml:1852(computeroutput)
14587
18399
#, no-wrap
14588
18400
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14589
18401
msgstr ""
14590
18402
14591
#: serverguide/C/network-auth.xml:1400(userinput)
18403
#: serverguide/C/network-auth.xml:1853(userinput)
14592
18404
#, no-wrap
14593
18405
msgid "New Password: "
14594
18406
msgstr ""
14595
18407
14596
#: serverguide/C/network-auth.xml:1401(userinput)
18408
#: serverguide/C/network-auth.xml:1854(userinput)
14597
18409
#, no-wrap
14598
18410
msgid "New Password (verify): "
14599
18411
msgstr ""
14600
18412
14601
#: serverguide/C/network-auth.xml:1405(para)
18413
#: serverguide/C/network-auth.xml:1860(para)
14602
18414
msgid "Delete a user:"
14603
18415
msgstr ""
14604
18416
14605
#: serverguide/C/network-auth.xml:1409(command)
18417
#: serverguide/C/network-auth.xml:1865(command)
14606
18418
msgid "sudo ldapdeleteuser george"
14607
18419
msgstr ""
14608
18420
14609
#: serverguide/C/network-auth.xml:1414(para)
18421
#: serverguide/C/network-auth.xml:1871(para)
14610
18422
msgid "Add a group:"
14611
18423
msgstr ""
14612
18424
14613
#: serverguide/C/network-auth.xml:1418(command)
18425
#: serverguide/C/network-auth.xml:1876(command)
14614
18426
msgid "sudo ldapaddgroup qa"
14615
18427
msgstr ""
14616
18428
14617
#: serverguide/C/network-auth.xml:1422(para)
18429
#: serverguide/C/network-auth.xml:1882(para)
14618
18430
msgid "Delete a group:"
14619
18431
msgstr ""
14620
18432
14621
#: serverguide/C/network-auth.xml:1426(command)
18433
#: serverguide/C/network-auth.xml:1887(command)
14622
18434
msgid "sudo ldapdeletegroup qa"
14623
18435
msgstr ""
14624
18436
14625
#: serverguide/C/network-auth.xml:1430(para)
18437
#: serverguide/C/network-auth.xml:1893(para)
14626
18438
msgid "Add a user to a group:"
14627
18439
msgstr ""
14628
18440
14629
#: serverguide/C/network-auth.xml:1434(command)
18441
#: serverguide/C/network-auth.xml:1898(command)
14630
18442
msgid "sudo ldapaddusertogroup george qa"
14631
18443
msgstr ""
14632
18444
14633
#: serverguide/C/network-auth.xml:1436(para)
18445
#: serverguide/C/network-auth.xml:1901(para)
14634
18446
msgid ""
14635
18447
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14636
18448
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14637
18449
"role=\"italic\">george</emphasis>."
14638
18450
msgstr ""
14639
18451
14640
#: serverguide/C/network-auth.xml:1442(para)
18452
#: serverguide/C/network-auth.xml:1908(para)
14641
18453
msgid "Remove a user from a group:"
14642
18454
msgstr ""
14643
18455
14644
#: serverguide/C/network-auth.xml:1446(command)
18456
#: serverguide/C/network-auth.xml:1913(command)
14645
18457
msgid "sudo ldapdeleteuserfromgroup george qa"
14646
18458
msgstr ""
14647
18459
14648
#: serverguide/C/network-auth.xml:1448(para)
18460
#: serverguide/C/network-auth.xml:1916(para)
14649
18461
msgid ""
14650
18462
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14651
18463
"<emphasis role=\"italic\">qa</emphasis> group."
14652
18464
msgstr ""
14653
18465
14654
#: serverguide/C/network-auth.xml:1454(para)
18466
#: serverguide/C/network-auth.xml:1923(para)
14655
18467
msgid ""
14656
18468
"The <application>ldapmodifyuser</application> script allows you to add, "
14657
18469
"remove, or replace a user's attributes. The script uses the same syntax as "
14658
18470
"the <application>ldapmodify</application> utility. For example:"
14659
18471
msgstr ""
14660
18472
14661
#: serverguide/C/network-auth.xml:1459(command)
18473
#: serverguide/C/network-auth.xml:1929(command)
14662
18474
msgid "sudo ldapmodifyuser george"
14663
18475
msgstr ""
14664
18476
14665
#: serverguide/C/network-auth.xml:1460(computeroutput)
18477
#: serverguide/C/network-auth.xml:1930(computeroutput)
14666
18478
#, no-wrap
14667
18479
msgid ""
14668
18480
"# About to modify the following entry :\n"
14683
18495
"dn: uid=george,ou=People,dc=example,dc=com"
14684
18496
msgstr ""
14685
18497
14686
#: serverguide/C/network-auth.xml:1476(userinput)
18498
#: serverguide/C/network-auth.xml:1946(userinput)
14687
18499
#, no-wrap
14688
18500
msgid ""
14689
18501
"replace: gecos\n"
14690
18502
"gecos: George Carlin"
14691
18503
msgstr ""
14692
18504
14693
#: serverguide/C/network-auth.xml:1479(para)
18505
#: serverguide/C/network-auth.xml:1950(para)
14694
18506
msgid ""
14695
18507
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14696
18508
"Carlin</quote>."
14697
18509
msgstr ""
14698
18510
14699
#: serverguide/C/network-auth.xml:1484(para)
18511
#: serverguide/C/network-auth.xml:1956(para)
14700
18512
msgid ""
14701
"Another great feature of <application>ldapscripts</application>, is the "
14702
"template system. Templates allow you to customize the attributes of user, "
14703
"group, and machine objectes. For example, to enable the "
14704
"<emphasis>user</emphasis> template edit "
14705
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
18513
"A nice feature of <application>ldapscripts</application> is the template "
18514
"system. Templates allow you to customize the attributes of user, group, and "
18515
"machine objectes. For example, to enable the <emphasis>user</emphasis> "
18516
"template edit <filename>/etc/ldapscripts/ldapscripts.conf</filename> "
18517
"changing:"
14706
18518
msgstr ""
14707
18519
14708
#: serverguide/C/network-auth.xml:1491(programlisting)
18520
#: serverguide/C/network-auth.xml:1962(programlisting)
14709
18521
#, no-wrap
14710
18522
msgid ""
14711
18523
"\n"
14712
18524
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14713
18525
msgstr ""
14714
18526
14715
#: serverguide/C/network-auth.xml:1495(para)
18527
#: serverguide/C/network-auth.xml:1966(para)
14716
18528
msgid ""
14717
18529
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14718
18530
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14720
18532
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14721
18533
msgstr ""
14722
18534
14723
#: serverguide/C/network-auth.xml:1502(command)
18535
#: serverguide/C/network-auth.xml:1973(command)
14724
18536
msgid ""
14725
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
18537
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
14726
18538
"/etc/ldapscripts/ldapadduser.template"
14727
18539
msgstr ""
14728
18540
14729
#: serverguide/C/network-auth.xml:1505(para)
18541
#: serverguide/C/network-auth.xml:1977(para)
14730
18542
msgid ""
14731
18543
"Edit the new template to add the desired attributes. The following will "
14732
"create new user's as with an <emphasis>objectClass</emphasis> of "
14733
"<emphasis>inetOrgPerson</emphasis>:"
18544
"create new users with an objectClass of inetOrgPerson:"
14734
18545
msgstr ""
14735
18546
14736
#: serverguide/C/network-auth.xml:1510(programlisting)
18547
#: serverguide/C/network-auth.xml:1982(programlisting)
14737
18548
#, no-wrap
14738
18549
msgid ""
14739
18550
"\n"
14752
18563
"title: Employee\n"
14753
18564
msgstr ""
14754
18565
14755
#: serverguide/C/network-auth.xml:1526(para)
18566
#: serverguide/C/network-auth.xml:1998(para)
14756
18567
msgid ""
14757
18568
"Notice the <emphasis><ask></emphasis> option used for the "
14758
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
14759
"<application>ldapadduser</application> to prompt you for the attribute value "
14760
"during user creation."
14761
msgstr ""
14762
14763
#: serverguide/C/network-auth.xml:1534(para)
14764
msgid ""
14765
"There are more useful scripts in the package, to see a full list enter: "
14766
"<command>dpkg -L ldapscripts | grep bin</command>"
14767
msgstr ""
14768
14769
#: serverguide/C/network-auth.xml:1543(para)
14770
msgid ""
14771
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14772
"Ubuntu Wiki</ulink> page has more details."
14773
msgstr ""
14774
14775
#: serverguide/C/network-auth.xml:1548(para)
14776
msgid ""
14777
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14778
"Home Page</ulink>"
14779
msgstr ""
14780
14781
#: serverguide/C/network-auth.xml:1553(para)
14782
msgid ""
14783
"Though starting to show it's age, a great source for in depth LDAP "
14784
"information is O'Reilly's <ulink "
14785
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14786
"Administration</ulink>"
14787
msgstr ""
14788
14789
#: serverguide/C/network-auth.xml:1559(para)
18569
"<emphasis>sn</emphasis> attribute. This will make "
18570
"<application>ldapadduser</application> prompt you for it's value."
18571
msgstr ""
18572
18573
#: serverguide/C/network-auth.xml:2006(para)
18574
msgid ""
18575
"There are utilities in the package that were not covered here. Here is a "
18576
"complete list:"
18577
msgstr ""
18578
18579
#: serverguide/C/network-auth.xml:2011(ulink)
18580
msgid "ldaprenamemachine"
18581
msgstr ""
18582
18583
#: serverguide/C/network-auth.xml:2012(ulink)
18584
msgid "ldapadduser"
18585
msgstr ""
18586
18587
#: serverguide/C/network-auth.xml:2013(ulink)
18588
msgid "ldapdeleteuserfromgroup"
18589
msgstr ""
18590
18591
#: serverguide/C/network-auth.xml:2014(ulink)
18592
msgid "ldapfinger"
18593
msgstr ""
18594
18595
#: serverguide/C/network-auth.xml:2015(ulink)
18596
msgid "ldapid"
18597
msgstr ""
18598
18599
#: serverguide/C/network-auth.xml:2016(ulink)
18600
msgid "ldapgid"
18601
msgstr ""
18602
18603
#: serverguide/C/network-auth.xml:2017(ulink)
18604
msgid "ldapmodifyuser"
18605
msgstr ""
18606
18607
#: serverguide/C/network-auth.xml:2018(ulink)
18608
msgid "ldaprenameuser"
18609
msgstr ""
18610
18611
#: serverguide/C/network-auth.xml:2019(ulink)
18612
msgid "lsldap"
18613
msgstr ""
18614
18615
#: serverguide/C/network-auth.xml:2020(ulink)
18616
msgid "ldapaddusertogroup"
18617
msgstr ""
18618
18619
#: serverguide/C/network-auth.xml:2021(ulink)
18620
msgid "ldapsetpasswd"
18621
msgstr ""
18622
18623
#: serverguide/C/network-auth.xml:2022(ulink)
18624
msgid "ldapinit"
18625
msgstr ""
18626
18627
#: serverguide/C/network-auth.xml:2023(ulink)
18628
msgid "ldapaddgroup"
18629
msgstr ""
18630
18631
#: serverguide/C/network-auth.xml:2024(ulink)
18632
msgid "ldapdeletegroup"
18633
msgstr ""
18634
18635
#: serverguide/C/network-auth.xml:2025(ulink)
18636
msgid "ldapmodifygroup"
18637
msgstr ""
18638
18639
#: serverguide/C/network-auth.xml:2026(ulink)
18640
msgid "ldapdeletemachine"
18641
msgstr ""
18642
18643
#: serverguide/C/network-auth.xml:2027(ulink)
18644
msgid "ldaprenamegroup"
18645
msgstr ""
18646
18647
#: serverguide/C/network-auth.xml:2028(ulink)
18648
msgid "ldapaddmachine"
18649
msgstr ""
18650
18651
#: serverguide/C/network-auth.xml:2029(ulink)
18652
msgid "ldapmodifymachine"
18653
msgstr ""
18654
18655
#: serverguide/C/network-auth.xml:2030(ulink)
18656
msgid "ldapsetprimarygroup"
18657
msgstr ""
18658
18659
#: serverguide/C/network-auth.xml:2031(ulink)
18660
msgid "ldapdeleteuser"
18661
msgstr ""
18662
18663
#: serverguide/C/network-auth.xml:2037(title)
18664
msgid "Backup and Restore"
18665
msgstr ""
18666
18667
#: serverguide/C/network-auth.xml:2039(para)
18668
msgid ""
18669
"Now we have ldap running just the way we want, it is time to ensure we can "
18670
"save all of our work and restore it as needed."
18671
msgstr ""
18672
18673
#: serverguide/C/network-auth.xml:2044(para)
18674
msgid ""
18675
"What we need is a way to backup the ldap database(s), specifically the "
18676
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
18677
"backup those databases into, say, <filename>/export/backup</filename>, we "
18678
"could use <application>slapcat</application> as shown in the following "
18679
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
18680
msgstr ""
18681
18682
#: serverguide/C/network-auth.xml:2054(programlisting)
18683
#, no-wrap
18684
msgid ""
18685
"\n"
18686
"#!/bin/bash\n"
18687
"\n"
18688
"BACKUP_PATH=/export/backup\n"
18689
"SLAPCAT=/usr/sbin/slapcat\n"
18690
"\n"
18691
"nice ${SLAPCAT} -n 0 > ${BACKUP_PATH}/config.ldif\n"
18692
"nice ${SLAPCAT} -n 1 > ${BACKUP_PATH}/example.com.ldif\n"
18693
"nice ${SLAPCAT} -n 2 > ${BACKUP_PATH}/access.ldif\n"
18694
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
18695
msgstr ""
18696
18697
#: serverguide/C/network-auth.xml:2067(para)
18698
msgid ""
18699
"These files are uncompressed text files containing everything in your ldap "
18700
"databases including the tree layout, usernames, and every password. So, you "
18701
"might want to consider making <filename>/export/backup</filename> an "
18702
"encrypted partition and even having the script encrypt those files as it "
18703
"creates them. Ideally you should do both, but that depends on your security "
18704
"requirements."
18705
msgstr ""
18706
18707
#: serverguide/C/network-auth.xml:2078(para)
18708
msgid ""
18709
"Then, it is just a matter of having a cron script to run this program as "
18710
"often as we feel comfortable with. For many, once a day suffices. For "
18711
"others, more often is required. Here is an example of a cron script called "
18712
"<filename>/etc/cron.d/ldapbackup</filename> that is run every night at "
18713
"22:45h:"
18714
msgstr ""
18715
18716
#: serverguide/C/network-auth.xml:2086(programlisting)
18717
#, no-wrap
18718
msgid ""
18719
"\n"
18720
"MAILTO=backup-emails@domain.com\n"
18721
"45 22 * * * root /usr/local/bin/ldapbackup\n"
18722
msgstr ""
18723
18724
#: serverguide/C/network-auth.xml:2091(para)
18725
msgid "Now the files are created, they should be copied to a backup server."
18726
msgstr ""
18727
18728
#: serverguide/C/network-auth.xml:2096(para)
18729
msgid ""
18730
"Assuming we did a fresh reinstall of ldap, the restore process could be "
18731
"something like this:"
18732
msgstr ""
18733
18734
#: serverguide/C/network-auth.xml:2102(command)
18735
msgid "sudo service slapd stop"
18736
msgstr ""
18737
18738
#: serverguide/C/network-auth.xml:2103(command)
18739
msgid "sudo mkdir /var/lib/ldap/accesslog"
18740
msgstr ""
18741
18742
#: serverguide/C/network-auth.xml:2104(command)
18743
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
18744
msgstr ""
18745
18746
#: serverguide/C/network-auth.xml:2105(command)
18747
msgid ""
18748
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
18749
msgstr ""
18750
18751
#: serverguide/C/network-auth.xml:2106(command)
18752
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
18753
msgstr ""
18754
18755
#: serverguide/C/network-auth.xml:2107(command)
18756
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
18757
msgstr ""
18758
18759
#: serverguide/C/network-auth.xml:2108(command)
18760
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
18761
msgstr ""
18762
18763
#: serverguide/C/network-auth.xml:2109(command)
18764
msgid "sudo service slapd start"
18765
msgstr ""
18766
18767
#: serverguide/C/network-auth.xml:2120(para)
18768
msgid ""
18769
"The primary resource is the upstream documentation: <ulink "
18770
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
18771
msgstr ""
18772
18773
#: serverguide/C/network-auth.xml:2126(para)
18774
msgid ""
18775
"There are many man pages that come with the slapd package. Here are some "
18776
"important ones, especially considering the material presented in this guide:"
18777
msgstr ""
18778
18779
#: serverguide/C/network-auth.xml:2132(ulink)
18780
msgid "slapd"
18781
msgstr ""
18782
18783
#: serverguide/C/network-auth.xml:2133(ulink)
18784
msgid "slapd-config"
18785
msgstr ""
18786
18787
#: serverguide/C/network-auth.xml:2134(ulink)
18788
msgid "slapd.access"
18789
msgstr ""
18790
18791
#: serverguide/C/network-auth.xml:2135(ulink)
18792
msgid "slapo-syncprov"
18793
msgstr ""
18794
18795
#: serverguide/C/network-auth.xml:2141(para)
18796
msgid "Other man pages:"
18797
msgstr ""
18798
18799
#: serverguide/C/network-auth.xml:2146(ulink)
18800
msgid "auth-client-config"
18801
msgstr ""
18802
18803
#: serverguide/C/network-auth.xml:2147(ulink)
18804
msgid "pam-auth-update"
18805
msgstr ""
18806
18807
#: serverguide/C/network-auth.xml:2153(para)
18808
msgid ""
18809
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
18810
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
18811
msgstr ""
18812
18813
#: serverguide/C/network-auth.xml:2159(para)
18814
msgid ""
18815
"A Ubuntu community <ulink "
18816
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
18817
"wiki</ulink> page has a collection of notes"
18818
msgstr ""
18819
18820
#: serverguide/C/network-auth.xml:2165(para)
18821
msgid ""
18822
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
18823
"Administration</ulink> (textbook; 2003)"
18824
msgstr ""
18825
18826
#: serverguide/C/network-auth.xml:2171(para)
14790
18827
msgid ""
14791
18828
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14792
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14793
"newer versions of OpenLDAP."
14794
msgstr ""
14795
14796
#: serverguide/C/network-auth.xml:1565(para)
14797
msgid ""
14798
"For more information on <application>auth-client-config</application> see "
14799
"the man page: <command>man auth-client-config</command>."
14800
msgstr ""
14801
14802
#: serverguide/C/network-auth.xml:1570(para)
14803
msgid ""
14804
"For more details regarding the <application>ldapscripts</application> "
14805
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14806
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14807
msgstr ""
14808
14809
#: serverguide/C/network-auth.xml:1580(title)
18829
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
18830
msgstr ""
18831
18832
#: serverguide/C/network-auth.xml:2182(title)
14810
18833
msgid "Samba and LDAP"
14811
18834
msgstr ""
14812
18835
14813
#: serverguide/C/network-auth.xml:1582(para)
14814
msgid ""
14815
"This section covers configuring Samba to use LDAP for user, group, and "
14816
"machine account information and authentication. The assumption is, you "
14817
"already have a working OpenLDAP directory installed and the server is "
14818
"configured to use it for authentication. See <xref linkend=\"openldap-"
14819
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14820
"setting up OpenLDAP. For more information on installing and configuring "
14821
"Samba see <xref linkend=\"windows-networking\"/>."
14822
msgstr ""
14823
14824
#: serverguide/C/network-auth.xml:1592(para)
14825
msgid ""
14826
"There are three packages needed when integrating Samba with LDAP. "
18836
#: serverguide/C/network-auth.xml:2184(para)
18837
msgid ""
18838
"This section covers the integration of Samba with LDAP. The Samba server's "
18839
"role will be that of a \"standalone\" server and the LDAP directory will "
18840
"provide the authentication layer in addition to containing the user, group, "
18841
"and machine account information that Samba requires in order to function (in "
18842
"any of it's 3 possible roles). The pre-requisite is an OpenLDAP server "
18843
"configured with a directory that can accept authentication requests. See "
18844
"<xref linkend=\"openldap-server\"/> for details on fulfilling this "
18845
"requirement. Once this section is completed, you will need to decide what "
18846
"specifically you want Samba to do for you and then configure it accordingly."
18847
msgstr ""
18848
18849
#: serverguide/C/network-auth.xml:2193(title)
18850
msgid "Software Installation"
18851
msgstr ""
18852
18853
#: serverguide/C/network-auth.xml:2195(para)
18854
msgid ""
18855
"There are three packages needed when integrating Samba with LDAP: "
14827
18856
"<application>samba</application>, <application>samba-doc</application>, and "
14828
"<application>smbldap-tools</application> packages . To install the packages, "
14829
"from a terminal enter:"
14830
msgstr ""
14831
14832
#: serverguide/C/network-auth.xml:1598(command)
18857
"<application>smbldap-tools</application> packages."
18858
msgstr ""
18859
18860
#: serverguide/C/network-auth.xml:2200(para)
18861
msgid ""
18862
"Strictly speaking, the <application>smbldap-tools</application> package "
18863
"isn't needed, but unless you have some other way to manage the various "
18864
"Samaba entities (users, groups, computers) in an LDAP context then you "
18865
"should install it."
18866
msgstr ""
18867
18868
#: serverguide/C/network-auth.xml:2205(para)
18869
msgid "Install these packages now:"
18870
msgstr ""
18871
18872
#: serverguide/C/network-auth.xml:2210(command)
14833
18873
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14834
18874
msgstr ""
14835
18875
14836
#: serverguide/C/network-auth.xml:1601(para)
14837
msgid ""
14838
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14839
"needed, but unless you have another package or custom scripts, a method of "
14840
"managing users, groups, and computer accounts is needed."
14841
msgstr ""
14842
14843
#: serverguide/C/network-auth.xml:1608(title)
14844
msgid "OpenLDAP Configuration"
14845
msgstr ""
14846
14847
#: serverguide/C/network-auth.xml:1610(para)
14848
msgid ""
14849
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14850
"the user objects in the directory will need additional attributes. This "
14851
"section assumes you want Samba to be configured as a Windows NT domain "
14852
"controller, and will add the necessary LDAP objects and attributes."
14853
msgstr ""
14854
14855
#: serverguide/C/network-auth.xml:1618(para)
14856
msgid ""
14857
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14858
"file which is part of the <application>samba-doc</application> package. The "
14859
"schema file needs to be unzipped and copied to "
14860
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14861
msgstr ""
14862
14863
#: serverguide/C/network-auth.xml:1625(command)
18876
#: serverguide/C/network-auth.xml:2216(title)
18877
msgid "LDAP Configuration"
18878
msgstr ""
18879
18880
#: serverguide/C/network-auth.xml:2218(para)
18881
msgid ""
18882
"We will now configure the LDAP server so that it can accomodate Samba data. "
18883
"We will perform three tasks in this section:"
18884
msgstr ""
18885
18886
#: serverguide/C/network-auth.xml:2225(para)
18887
msgid "Import a schema"
18888
msgstr ""
18889
18890
#: serverguide/C/network-auth.xml:2229(para)
18891
msgid "Index some entries"
18892
msgstr ""
18893
18894
#: serverguide/C/network-auth.xml:2233(para)
18895
msgid "Add objects"
18896
msgstr ""
18897
18898
#: serverguide/C/network-auth.xml:2239(title)
18899
msgid "Samba schema"
18900
msgstr ""
18901
18902
#: serverguide/C/network-auth.xml:2241(para)
18903
msgid ""
18904
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
18905
"will need to use attributes that can properly describe Samba data. Such "
18906
"attributes can be obtained by introducing a Samba LDAP schema. Let's do this "
18907
"now."
18908
msgstr ""
18909
18910
#: serverguide/C/network-auth.xml:2247(para)
18911
msgid ""
18912
"For more information on schemas and their installation see <xref "
18913
"linkend=\"openldap-configuration\"/>."
18914
msgstr ""
18915
18916
#: serverguide/C/network-auth.xml:2255(para)
18917
msgid ""
18918
"The schema is found in the now-installed <application>samba-"
18919
"doc</application> package. It needs to be unzipped and copied to the "
18920
"<filename>/etc/ldap/schema</filename> directory:"
18921
msgstr ""
18922
18923
#: serverguide/C/network-auth.xml:2261(command)
14864
18924
msgid ""
14865
18925
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14866
"/etc/ldap/schema/"
18926
"/etc/ldap/schema"
14867
18927
msgstr ""
14868
18928
14869
#: serverguide/C/network-auth.xml:1626(command)
18929
#: serverguide/C/network-auth.xml:2262(command)
14870
18930
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14871
18931
msgstr ""
14872
18932
14873
#: serverguide/C/network-auth.xml:1632(para)
14874
msgid ""
14875
"The <emphasis>samba</emphasis> schema needs to be added to the "
14876
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14877
"<application>slapd</application> is also detailed in <xref "
14878
"linkend=\"openldap-configuration\"/>."
14879
msgstr ""
14880
14881
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
14882
msgid ""
14883
"First, create a configuration file named "
14884
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14885
"containing the following lines:"
14886
msgstr ""
14887
14888
#: serverguide/C/network-auth.xml:1645(programlisting)
18933
#: serverguide/C/network-auth.xml:2268(para)
18934
msgid ""
18935
"Have the configuration file <filename>schema_convert.conf</filename> that "
18936
"contains the following lines:"
18937
msgstr ""
18938
18939
#: serverguide/C/network-auth.xml:2272(programlisting)
14889
18940
#, no-wrap
14890
18941
msgid ""
14891
18942
"\n"
14901
18952
"include /etc/ldap/schema/nis.schema\n"
14902
18953
"include /etc/ldap/schema/openldap.schema\n"
14903
18954
"include /etc/ldap/schema/ppolicy.schema\n"
18955
"include /etc/ldap/schema/ldapns.schema\n"
18956
"include /etc/ldap/schema/pmi.schema\n"
14904
18957
"include /etc/ldap/schema/samba.schema\n"
14905
18958
msgstr ""
14906
18959
14907
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
14908
msgid ""
14909
"Now use <application>slapcat</application> to convert the schema files:"
14910
msgstr ""
14911
14912
#: serverguide/C/network-auth.xml:1680(command)
14913
msgid ""
14914
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14915
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14916
msgstr ""
14917
14918
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
14919
msgid ""
14920
"Change the above file and path names to match your own if they are different."
14921
msgstr ""
14922
14923
#: serverguide/C/network-auth.xml:1690(para)
14924
msgid ""
14925
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14926
"the following attributes:"
14927
msgstr ""
14928
14929
#: serverguide/C/network-auth.xml:1694(programlisting)
18960
#: serverguide/C/network-auth.xml:2293(para)
18961
msgid "Have the directory <filename>ldif_output</filename> hold output."
18962
msgstr ""
18963
18964
#: serverguide/C/network-auth.xml:2304(command)
18965
msgid ""
18966
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
18967
msgstr ""
18968
18969
#: serverguide/C/network-auth.xml:2305(computeroutput)
18970
#, no-wrap
18971
msgid ""
18972
"\n"
18973
"dn: cn={14}samba,cn=schema,cn=config\n"
18974
msgstr ""
18975
18976
#: serverguide/C/network-auth.xml:2313(para)
18977
msgid "Convert the schema to LDIF format:"
18978
msgstr ""
18979
18980
#: serverguide/C/network-auth.xml:2318(command)
18981
msgid ""
18982
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
18983
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
18984
msgstr ""
18985
18986
#: serverguide/C/network-auth.xml:2325(para)
18987
msgid ""
18988
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
18989
"information to arrive at:"
18990
msgstr ""
18991
18992
#: serverguide/C/network-auth.xml:2329(programlisting)
14930
18993
#, no-wrap
14931
18994
msgid ""
14932
18995
"\n"
14935
18998
"cn: samba\n"
14936
18999
msgstr ""
14937
19000
14938
#: serverguide/C/network-auth.xml:1704(programlisting)
19001
#: serverguide/C/network-auth.xml:2335(para)
19002
msgid "Remove the bottom lines:"
19003
msgstr ""
19004
19005
#: serverguide/C/network-auth.xml:2339(programlisting)
14939
19006
#, no-wrap
14940
19007
msgid ""
14941
19008
"\n"
14948
19015
"modifyTimestamp: 20080827045234Z\n"
14949
19016
msgstr ""
14950
19017
14951
#: serverguide/C/network-auth.xml:1729(command)
14952
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
14953
msgstr ""
14954
14955
#: serverguide/C/network-auth.xml:1735(para)
14956
msgid ""
14957
"There should now be a <emphasis>dn: "
14958
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
14959
"sequential schema, entry in the cn=config tree."
14960
msgstr ""
14961
14962
#: serverguide/C/network-auth.xml:1743(para)
14963
msgid ""
14964
"Copy and paste the following into a file named "
14965
"<filename>samba_indexes.ldif</filename>:"
14966
msgstr ""
14967
14968
#: serverguide/C/network-auth.xml:1747(programlisting)
19018
#: serverguide/C/network-auth.xml:2355(para)
19019
msgid "Add the new schema:"
19020
msgstr ""
19021
19022
#: serverguide/C/network-auth.xml:2360(command)
19023
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
19024
msgstr ""
19025
19026
#: serverguide/C/network-auth.xml:2363(para)
19027
msgid "To query and view this new schema:"
19028
msgstr ""
19029
19030
#: serverguide/C/network-auth.xml:2368(command)
19031
msgid ""
19032
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
19033
"'cn=*samba*'"
19034
msgstr ""
19035
19036
#: serverguide/C/network-auth.xml:2378(title)
19037
msgid "Samba indices"
19038
msgstr ""
19039
19040
#: serverguide/C/network-auth.xml:2380(para)
19041
msgid ""
19042
"Now that slapd knows about the Samba attributes, we can set up some indices "
19043
"based on them. Indexing entries is a way to improve performance when a "
19044
"client performs a filtered search on the DIT."
19045
msgstr ""
19046
19047
#: serverguide/C/network-auth.xml:2385(para)
19048
msgid ""
19049
"Create the file <filename>samba_indices.ldif</filename> with the following "
19050
"contents:"
19051
msgstr ""
19052
19053
#: serverguide/C/network-auth.xml:2389(programlisting)
14969
19054
#, no-wrap
14970
19055
msgid ""
14971
19056
"\n"
14986
19071
"olcDbIndex: default sub\n"
14987
19072
msgstr ""
14988
19073
14989
#: serverguide/C/network-auth.xml:1765(para)
14990
msgid ""
14991
"Using the <application>ldapmodify</application> utility load the new indexes:"
14992
msgstr ""
14993
14994
#: serverguide/C/network-auth.xml:1770(command)
14995
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
14996
msgstr ""
14997
14998
#: serverguide/C/network-auth.xml:1772(para)
14999
msgid ""
15000
"If all went well you should see the new indexes using "
19074
#: serverguide/C/network-auth.xml:2407(para)
19075
msgid ""
19076
"Using the <application>ldapmodify</application> utility load the new indices:"
19077
msgstr ""
19078
19079
#: serverguide/C/network-auth.xml:2412(command)
19080
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
19081
msgstr ""
19082
19083
#: serverguide/C/network-auth.xml:2415(para)
19084
msgid ""
19085
"If all went well you should see the new indices using "
15001
19086
"<application>ldapsearch</application>:"
15002
19087
msgstr ""
15003
19088
15004
#: serverguide/C/network-auth.xml:1777(command)
19089
#: serverguide/C/network-auth.xml:2420(command)
15005
19090
msgid ""
15006
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
15007
msgstr ""
15008
15009
#: serverguide/C/network-auth.xml:1783(para)
19091
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
19092
"olcDatabase={1}hdb olcDbIndex"
19093
msgstr ""
19094
19095
#: serverguide/C/network-auth.xml:2427(title)
19096
msgid "Adding Samba LDAP objects"
19097
msgstr ""
19098
19099
#: serverguide/C/network-auth.xml:2429(para)
15010
19100
msgid ""
15011
19101
"Next, configure the <application>smbldap-tools</application> package to "
15012
19102
"match your environment. The package comes with a configuration script that "
15013
19103
"will ask questions about the needed options. To run the script enter:"
15014
19104
msgstr ""
15015
19105
15016
#: serverguide/C/network-auth.xml:1789(command)
19106
#: serverguide/C/network-auth.xml:2435(command)
15017
19107
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
15018
19108
msgstr ""
15019
19109
15020
#: serverguide/C/network-auth.xml:1790(command)
19110
#: serverguide/C/network-auth.xml:2436(command)
15021
19111
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
15022
19112
msgstr ""
15023
19113
15024
#: serverguide/C/network-auth.xml:1793(para)
15025
msgid ""
15026
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
19114
#: serverguide/C/network-auth.xml:2439(para)
19115
msgid ""
19116
"You may need to comment out the strict pragma in the "
19117
"<filename>configure.pl</filename> file."
19118
msgstr ""
19119
19120
#: serverguide/C/network-auth.xml:2443(para)
19121
msgid ""
19122
"Once you have answered the questions, the files <filename>/etc/smbldap-"
15027
19123
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
15028
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
15029
"configure script, so if you made any mistakes while executing the script it "
15030
"may be simpler to edit the file appropriately."
19124
"tools/smbldap_bind.conf</filename> should be generated. If you made any "
19125
"mistakes while executing the script you can always edit the files afterwards."
15031
19126
msgstr ""
15032
19127
15033
#: serverguide/C/network-auth.xml:1803(para)
19128
#: serverguide/C/network-auth.xml:2449(para)
15034
19129
msgid ""
15035
"The <application>smbldap-populate</application> script will add the "
15036
"necessary users, groups, and LDAP objects required for Samba. It is a good "
15037
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
15038
"<application>slapcat</application> before executing the command:"
19130
"The <application>smbldap-populate</application> script will add the LDAP "
19131
"objects required for Samba. It is a good idea to first make a backup of your "
19132
"entire directory using <application>slapcat</application>:"
15039
19133
msgstr ""
15040
19134
15041
#: serverguide/C/network-auth.xml:1810(command)
19135
#: serverguide/C/network-auth.xml:2455(command)
15042
19136
msgid "sudo slapcat -l backup.ldif"
15043
19137
msgstr ""
15044
19138
15045
#: serverguide/C/network-auth.xml:1816(para)
15046
msgid ""
15047
"Once you have a current backup execute <application>smbldap-"
15048
"populate</application> by entering:"
19139
#: serverguide/C/network-auth.xml:2458(para)
19140
msgid "Once you have a backup proceed to populate your directory:"
15049
19141
msgstr ""
15050
19142
15051
#: serverguide/C/network-auth.xml:1821(command)
19143
#: serverguide/C/network-auth.xml:2463(command)
15052
19144
msgid "sudo smbldap-populate"
15053
19145
msgstr ""
15054
19146
15055
#: serverguide/C/network-auth.xml:1825(para)
19147
#: serverguide/C/network-auth.xml:2466(para)
15056
19148
msgid ""
15057
"You can create an LDIF file containing the new Samba objects by executing "
19149
"You can create a LDIF file containing the new Samba objects by executing "
15058
19150
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
15059
"look over the changes making sure everything is correct."
19151
"look over the changes making sure everything is correct. If it is, rerun the "
19152
"script without the '-e' switch. Alternatively, you can take the LDIF file "
19153
"and import it's data per usual."
15060
19154
msgstr ""
15061
19155
15062
#: serverguide/C/network-auth.xml:1833(para)
19156
#: serverguide/C/network-auth.xml:2472(para)
15063
19157
msgid ""
15064
"Your LDAP directory now has the necessary domain information to authenticate "
15065
"Samba users."
19158
"Your LDAP directory now has the necessary information to authenticate Samba "
19159
"users."
15066
19160
msgstr ""
15067
19161
15068
#: serverguide/C/network-auth.xml:1839(title)
19162
#: serverguide/C/network-auth.xml:2481(title)
15069
19163
msgid "Samba Configuration"
15070
19164
msgstr ""
15071
19165
15072
#: serverguide/C/network-auth.xml:1841(para)
19166
#: serverguide/C/network-auth.xml:2483(para)
15073
19167
msgid ""
15074
"There a multiple ways to configure Samba for details on some common "
19168
"There are multiple ways to configure Samba. For details on some common "
15075
19169
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
15076
"Samba to use LDAP, edit the main Samba configuration file "
15077
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
15078
"backend</emphasis> option and adding the following:"
19170
"Samba to use LDAP, edit it's configuration file "
19171
"<filename>/etc/samba/smb.conf</filename> commenting out the default "
19172
"<emphasis>passdb backend</emphasis> parameter and adding some ldap-related "
19173
"ones:"
15079
19174
msgstr ""
15080
19175
15081
#: serverguide/C/network-auth.xml:1847(programlisting)
19176
#: serverguide/C/network-auth.xml:2489(programlisting)
15082
19177
#, no-wrap
15083
19178
msgid ""
15084
19179
"\n"
15098
19193
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
15099
19194
msgstr ""
15100
19195
15101
#: serverguide/C/network-auth.xml:1864(para)
19196
#: serverguide/C/network-auth.xml:2506(para)
19197
msgid "Change the values to match your environment."
19198
msgstr ""
19199
19200
#: serverguide/C/network-auth.xml:2510(para)
15102
19201
msgid "Restart <application>samba</application> to enable the new settings:"
15103
19202
msgstr ""
15104
19203
15105
#: serverguide/C/network-auth.xml:1873(para)
15106
msgid ""
15107
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
15108
"enter:"
15109
msgstr ""
15110
15111
#: serverguide/C/network-auth.xml:1878(command)
15112
msgid "sudo smbpasswd -w secret"
15113
msgstr ""
15114
15115
#: serverguide/C/network-auth.xml:1882(para)
15116
msgid ""
15117
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
15118
"password."
15119
msgstr ""
15120
15121
#: serverguide/C/network-auth.xml:1887(para)
15122
msgid ""
15123
"If you currently have users in LDAP, and you want them to authenticate using "
15124
"Samba, they will need some Samba attributes defined in the "
15125
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
15126
"users using the <application>smbpasswd</application> utility, replacing "
15127
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
15128
msgstr ""
15129
15130
#: serverguide/C/network-auth.xml:1895(command)
19204
#: serverguide/C/network-auth.xml:2519(para)
19205
msgid ""
19206
"Now inform Samba about the rootDN user's password (the one set during the "
19207
"installation of the slapd package):"
19208
msgstr ""
19209
19210
#: serverguide/C/network-auth.xml:2524(command)
19211
msgid "sudo smbpasswd -w password"
19212
msgstr ""
19213
19214
#: serverguide/C/network-auth.xml:2527(para)
19215
msgid ""
19216
"If you have existing LDAP users that you want to include in your new LDAP-"
19217
"backed Samba they will, of course, also need to be given some of the extra "
19218
"attributes. The <application>smbpasswd</application> utility can do this as "
19219
"well (your host will need to be able to see (enumerate) those users via NSS; "
19220
"install and configure either <application>libnss-ldapd</application> or "
19221
"<application>libnss-ldap</application>):"
19222
msgstr ""
19223
19224
#: serverguide/C/network-auth.xml:2535(command)
15131
19225
msgid "sudo smbpasswd -a username"
15132
19226
msgstr ""
15133
19227
15134
#: serverguide/C/network-auth.xml:1898(para)
15135
msgid "You will then be asked to enter the user's password."
15136
msgstr ""
15137
15138
#: serverguide/C/network-auth.xml:1902(para)
15139
msgid ""
15140
"To add new user, group, and machine accounts use the utilities from the "
15141
"<application>smbldap-tools</application> package. Here are some examples:"
15142
msgstr ""
15143
15144
#: serverguide/C/network-auth.xml:1909(para)
15145
msgid ""
15146
"To add a new user to LDAP with Samba attributes enter the following, "
15147
"replacing username with an actual username:"
15148
msgstr ""
15149
15150
#: serverguide/C/network-auth.xml:1913(command)
19228
#: serverguide/C/network-auth.xml:2538(para)
19229
msgid ""
19230
"You will prompted to enter a password. It will be considered as the new "
19231
"password for that user. Making it the same as before is reasonable."
19232
msgstr ""
19233
19234
#: serverguide/C/network-auth.xml:2542(para)
19235
msgid ""
19236
"To manage user, group, and machine accounts use the utilities provided by "
19237
"the <application>smbldap-tools</application> package. Here are some examples:"
19238
msgstr ""
19239
19240
#: serverguide/C/network-auth.xml:2550(para)
19241
msgid "To add a new user:"
19242
msgstr ""
19243
19244
#: serverguide/C/network-auth.xml:2555(command)
15151
19245
msgid "sudo smbldap-useradd -a -P username"
15152
19246
msgstr ""
15153
19247
15154
#: serverguide/C/network-auth.xml:1915(para)
19248
#: serverguide/C/network-auth.xml:2558(para)
15155
19249
msgid ""
15156
19250
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
15157
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
19251
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
15158
19252
"passwd</application> utility after the user is created allowing you to enter "
15159
19253
"a password for the user."
15160
19254
msgstr ""
15161
19255
15162
#: serverguide/C/network-auth.xml:1921(para)
15163
msgid "To remove a user from the directory enter:"
19256
#: serverguide/C/network-auth.xml:2565(para)
19257
msgid "To remove a user:"
15164
19258
msgstr ""
15165
19259
15166
#: serverguide/C/network-auth.xml:1925(command)
19260
#: serverguide/C/network-auth.xml:2570(command)
15167
19261
msgid "sudo smbldap-userdel username"
15168
19262
msgstr ""
15169
19263
15170
#: serverguide/C/network-auth.xml:1927(para)
15171
msgid ""
15172
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
15173
"r</emphasis> option to remove the user's home directory."
15174
msgstr ""
15175
15176
#: serverguide/C/network-auth.xml:1932(para)
15177
msgid ""
15178
"Use <application>smbldap-groupadd</application> to add a group, replacing "
15179
"groupname with an appropriate group:"
15180
msgstr ""
15181
15182
#: serverguide/C/network-auth.xml:1936(command)
19264
#: serverguide/C/network-auth.xml:2573(para)
19265
msgid ""
19266
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
19267
"user's home directory."
19268
msgstr ""
19269
19270
#: serverguide/C/network-auth.xml:2579(para)
19271
msgid "To add a group:"
19272
msgstr ""
19273
19274
#: serverguide/C/network-auth.xml:2584(command)
15183
19275
msgid "sudo smbldap-groupadd -a groupname"
15184
19276
msgstr ""
15185
19277
15186
#: serverguide/C/network-auth.xml:1938(para)
19278
#: serverguide/C/network-auth.xml:2587(para)
15187
19279
msgid ""
15188
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
19280
"As for <application>smbldap-useradd</application>, the <emphasis>-"
15189
19281
"a</emphasis> adds the Samba attributes."
15190
19282
msgstr ""
15191
19283
15192
#: serverguide/C/network-auth.xml:1943(para)
15193
msgid ""
15194
"To add a user to a group use <application>smbldap-groupmod</application>:"
19284
#: serverguide/C/network-auth.xml:2593(para)
19285
msgid "To make an existing user a member of a group:"
15195
19286
msgstr ""
15196
19287
15197
#: serverguide/C/network-auth.xml:1947(command)
19288
#: serverguide/C/network-auth.xml:2598(command)
15198
19289
msgid "sudo smbldap-groupmod -m username groupname"
15199
19290
msgstr ""
15200
19291
15201
#: serverguide/C/network-auth.xml:1949(para)
15202
msgid ""
15203
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
15204
"<emphasis>-m</emphasis> option can add more than one user at a time by "
15205
"listing them in <emphasis>comma separated</emphasis> format."
15206
msgstr ""
15207
15208
#: serverguide/C/network-auth.xml:1955(para)
15209
msgid ""
15210
"<application>smbldap-groupmod</application> can also be used to remove a "
15211
"user from a group:"
15212
msgstr ""
15213
15214
#: serverguide/C/network-auth.xml:1959(command)
19292
#: serverguide/C/network-auth.xml:2601(para)
19293
msgid ""
19294
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
19295
"listing them in comma-separated format."
19296
msgstr ""
19297
19298
#: serverguide/C/network-auth.xml:2607(para)
19299
msgid "To remove a user from a group:"
19300
msgstr ""
19301
19302
#: serverguide/C/network-auth.xml:2612(command)
15215
19303
msgid "sudo smbldap-groupmod -x username groupname"
15216
19304
msgstr ""
15217
19305
15218
#: serverguide/C/network-auth.xml:1963(para)
15219
msgid ""
15220
"Additionally, the <application>smbldap-useradd</application> utility can add "
15221
"Samba machine accounts:"
19306
#: serverguide/C/network-auth.xml:2618(para)
19307
msgid "To add a Samba machine account:"
15222
19308
msgstr ""
15223
19309
15224
#: serverguide/C/network-auth.xml:1967(command)
19310
#: serverguide/C/network-auth.xml:2623(command)
15225
19311
msgid "sudo smbldap-useradd -t 0 -w username"
15226
19312
msgstr ""
15227
19313
15228
#: serverguide/C/network-auth.xml:1969(para)
19314
#: serverguide/C/network-auth.xml:2626(para)
15229
19315
msgid ""
15230
19316
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
15231
19317
"<emphasis>-t 0</emphasis> option creates the machine account without a "
15232
19318
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
15233
19319
"machine account. Also, note the <emphasis>add machine script</emphasis> "
15234
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
19320
"parameter in <filename>/etc/samba/smb.conf</filename> was changed to use "
15235
19321
"<application>smbldap-useradd</application>."
15236
19322
msgstr ""
15237
19323
15238
#: serverguide/C/network-auth.xml:1978(para)
15239
msgid ""
15240
"There are more useful utilities and options in the <application>smbldap-"
15241
"tools</application> package. The man page for each utility provides more "
15242
"details."
15243
msgstr ""
15244
15245
#: serverguide/C/network-auth.xml:1989(para)
15246
msgid ""
15247
"There are multiple places where LDAP and Samba is documented in the <ulink "
15248
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15249
"Collection</ulink>."
15250
msgstr ""
15251
15252
#: serverguide/C/network-auth.xml:1995(para)
15253
msgid ""
15254
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15255
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15256
msgstr ""
15257
15258
#: serverguide/C/network-auth.xml:2001(para)
15259
msgid ""
15260
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
15261
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15262
msgstr ""
15263
15264
#: serverguide/C/network-auth.xml:2007(para)
15265
msgid ""
15266
"Again, for more information on <application>smbldap-tools</application> see "
15267
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15268
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15269
msgstr ""
15270
15271
#: serverguide/C/network-auth.xml:2014(para)
15272
msgid ""
15273
"Also, there is a list of <ulink "
15274
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15275
"wiki</ulink> articles with more information."
15276
msgstr ""
15277
15278
#: serverguide/C/network-auth.xml:2023(title)
19324
#: serverguide/C/network-auth.xml:2635(para)
19325
msgid ""
19326
"There are utilities in the <application>smbldap-tools</application> package "
19327
"that were not covered here. Here is a complete list:"
19328
msgstr ""
19329
19330
#: serverguide/C/network-auth.xml:2640(ulink)
19331
msgid "smbldap-groupadd"
19332
msgstr ""
19333
19334
#: serverguide/C/network-auth.xml:2641(ulink)
19335
msgid "smbldap-groupdel"
19336
msgstr ""
19337
19338
#: serverguide/C/network-auth.xml:2642(ulink)
19339
msgid "smbldap-groupmod"
19340
msgstr ""
19341
19342
#: serverguide/C/network-auth.xml:2643(ulink)
19343
msgid "smbldap-groupshow"
19344
msgstr ""
19345
19346
#: serverguide/C/network-auth.xml:2644(ulink)
19347
msgid "smbldap-passwd"
19348
msgstr ""
19349
19350
#: serverguide/C/network-auth.xml:2645(ulink)
19351
msgid "smbldap-populate"
19352
msgstr ""
19353
19354
#: serverguide/C/network-auth.xml:2646(ulink)
19355
msgid "smbldap-useradd"
19356
msgstr ""
19357
19358
#: serverguide/C/network-auth.xml:2647(ulink)
19359
msgid "smbldap-userdel"
19360
msgstr ""
19361
19362
#: serverguide/C/network-auth.xml:2648(ulink)
19363
msgid "smbldap-userinfo"
19364
msgstr ""
19365
19366
#: serverguide/C/network-auth.xml:2649(ulink)
19367
msgid "smbldap-userlist"
19368
msgstr ""
19369
19370
#: serverguide/C/network-auth.xml:2650(ulink)
19371
msgid "smbldap-usermod"
19372
msgstr ""
19373
19374
#: serverguide/C/network-auth.xml:2651(ulink)
19375
msgid "smbldap-usershow"
19376
msgstr ""
19377
19378
#: serverguide/C/network-auth.xml:2662(para)
19379
msgid ""
19380
"For more information on installing and configuring Samba see <xref "
19381
"linkend=\"windows-networking\"/> of this Ubuntu Server Guide."
19382
msgstr ""
19383
19384
#: serverguide/C/network-auth.xml:2668(para)
19385
msgid ""
19386
"There are multiple places where LDAP and Samba is documented in the upstream "
19387
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
19388
"HOWTO Collection</ulink>."
19389
msgstr ""
19390
19391
#: serverguide/C/network-auth.xml:2675(para)
19392
msgid ""
19393
"Regarding the above, see specifically the <ulink "
19394
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
19395
"Collection/passdb.html\">passdb section</ulink>."
19396
msgstr ""
19397
19398
#: serverguide/C/network-auth.xml:2681(para)
19399
msgid ""
19400
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
19401
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
19402
"valuable notes."
19403
msgstr ""
19404
19405
#: serverguide/C/network-auth.xml:2687(para)
19406
msgid ""
19407
"The main page of the <ulink "
19408
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
19409
"community documentation</ulink> has a plethora of links to articles that may "
19410
"prove useful."
19411
msgstr ""
19412
19413
#: serverguide/C/network-auth.xml:2700(title)
15279
19414
msgid "Kerberos"
15280
19415
msgstr ""
15281
19416
15282
#: serverguide/C/network-auth.xml:2025(para)
19417
#: serverguide/C/network-auth.xml:2702(para)
15283
19418
msgid ""
15284
19419
"<application>Kerberos</application> is a network authentication system based "
15285
19420
"on the principal of a trusted third party. The other two parties being the "
15288
19423
"network environment one step closer to being Single Sign On (SSO)."
15289
19424
msgstr ""
15290
19425
15291
#: serverguide/C/network-auth.xml:2031(para)
19426
#: serverguide/C/network-auth.xml:2708(para)
15292
19427
msgid ""
15293
19428
"This section covers installation and configuration of a Kerberos server, and "
15294
19429
"some example client configurations."
15295
19430
msgstr ""
15296
19431
15297
#: serverguide/C/network-auth.xml:2038(para)
19432
#: serverguide/C/network-auth.xml:2715(para)
15298
19433
msgid ""
15299
19434
"If you are new to Kerberos there are a few terms that are good to understand "
15300
19435
"before setting up a Kerberos server. Most of the terms will relate to things "
15301
19436
"you may be familiar with in other environments:"
15302
19437
msgstr ""
15303
19438
15304
#: serverguide/C/network-auth.xml:2045(para)
19439
#: serverguide/C/network-auth.xml:2722(para)
15305
19440
msgid ""
15306
19441
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15307
19442
"by servers need to be defined as Kerberos Principals."
15308
19443
msgstr ""
15309
19444
15310
#: serverguide/C/network-auth.xml:2050(para)
19445
#: serverguide/C/network-auth.xml:2727(para)
15311
19446
msgid ""
15312
19447
"<emphasis>Instances:</emphasis> are used for service principals and special "
15313
19448
"administrative principals."
15314
19449
msgstr ""
15315
19450
15316
#: serverguide/C/network-auth.xml:2055(para)
19451
#: serverguide/C/network-auth.xml:2732(para)
15317
19452
msgid ""
15318
19453
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15319
"Kerberos installation. Usually the DNS domain converted to uppercase "
15320
"(EXAMPLE.COM)."
19454
"Kerberos installation. Think of it as the domain or group your hosts and "
19455
"users belong to. Convention dictates the realm should be in uppercase. By "
19456
"default, ubuntu will use the DNS domain converted to uppercase (EXAMPLE.COM) "
19457
"as the realm."
15321
19458
msgstr ""
15322
19459
15323
#: serverguide/C/network-auth.xml:2061(para)
19460
#: serverguide/C/network-auth.xml:2741(para)
15324
19461
msgid ""
15325
19462
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15326
19463
"a database of all principals, the authentication server, and the ticket "
15327
19464
"granting server. For each realm there must be at least one KDC."
15328
19465
msgstr ""
15329
19466
15330
#: serverguide/C/network-auth.xml:2067(para)
19467
#: serverguide/C/network-auth.xml:2747(para)
15331
19468
msgid ""
15332
19469
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15333
19470
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15334
19471
"password which is known only to the user and the KDC."
15335
19472
msgstr ""
15336
19473
15337
#: serverguide/C/network-auth.xml:2073(para)
19474
#: serverguide/C/network-auth.xml:2753(para)
15338
19475
msgid ""
15339
19476
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15340
19477
"clients upon request."
15341
19478
msgstr ""
15342
19479
15343
#: serverguide/C/network-auth.xml:2078(para)
19480
#: serverguide/C/network-auth.xml:2758(para)
15344
19481
msgid ""
15345
19482
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15346
19483
"One principal being a user and the other a service requested by the user. "
15348
19485
"authenticated session."
15349
19486
msgstr ""
15350
19487
15351
#: serverguide/C/network-auth.xml:2084(para)
19488
#: serverguide/C/network-auth.xml:2764(para)
15352
19489
msgid ""
15353
19490
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15354
19491
"principal database and contain the encryption key for a service or host."
15355
19492
msgstr ""
15356
19493
15357
#: serverguide/C/network-auth.xml:2091(para)
19494
#: serverguide/C/network-auth.xml:2771(para)
15358
19495
msgid ""
15359
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15360
"redundancy, which contains a database of Principals. When a user principal "
15361
"logs into a workstation, configured for Kerberos authentication, the KDC "
15362
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15363
"match, the user is authenticated and can then request tickets for Kerberized "
15364
"services from the Ticket Granting Server (TGS). The service tickets allow "
15365
"the user to authenticate to the service without entering another username "
15366
"and password."
19496
"To put the pieces together, a Realm has at least one KDC, preferably more "
19497
"for redundancy, which contains a database of Principals. When a user "
19498
"principal logs into a workstation that is configured for Kerberos "
19499
"authentication, the KDC issues a Ticket Granting Ticket (TGT). If the user "
19500
"supplied credentials match, the user is authenticated and can then request "
19501
"tickets for Kerberized services from the Ticket Granting Server (TGS). The "
19502
"service tickets allow the user to authenticate to the service without "
19503
"entering another username and password."
15367
19504
msgstr ""
15368
19505
15369
#: serverguide/C/network-auth.xml:2100(title)
19506
#: serverguide/C/network-auth.xml:2780(title)
15370
19507
msgid "Kerberos Server"
15371
19508
msgstr ""
15372
19509
15373
#: serverguide/C/network-auth.xml:2104(para)
19510
#: serverguide/C/network-auth.xml:2784(para)
19511
msgid ""
19512
"For this discussion, we will create a MIT Kerberos domain with the following "
19513
"features (edit them to fit your needs):"
19514
msgstr ""
19515
19516
#: serverguide/C/network-auth.xml:2791(para)
19517
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
19518
msgstr ""
19519
19520
#: serverguide/C/network-auth.xml:2796(para)
19521
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
19522
msgstr ""
19523
19524
#: serverguide/C/network-auth.xml:2801(para)
19525
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
19526
msgstr ""
19527
19528
#: serverguide/C/network-auth.xml:2806(para)
19529
msgid "<emphasis>User principal:</emphasis> steve"
19530
msgstr ""
19531
19532
#: serverguide/C/network-auth.xml:2811(para)
19533
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
19534
msgstr ""
19535
19536
#: serverguide/C/network-auth.xml:2818(para)
19537
msgid ""
19538
"It is <emphasis>strongly</emphasis> recommended that your network-"
19539
"authenticated users have their uid in a different range (say, starting at "
19540
"5000) than that of your local users."
19541
msgstr ""
19542
19543
#: serverguide/C/network-auth.xml:2824(para)
15374
19544
msgid ""
15375
19545
"Before installing the Kerberos server a properly configured DNS server is "
15376
19546
"needed for your domain. Since the Kerberos Realm by convention matches the "
15377
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15378
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
19547
"domain name, this section uses the <emphasis>EXAMPLE.COM</emphasis> domain "
19548
"configured in <xref linkend=\"dns-primarymaster-configuration\"/> of the DNS "
19549
"documentation."
15379
19550
msgstr ""
15380
19551
15381
#: serverguide/C/network-auth.xml:2110(para)
19552
#: serverguide/C/network-auth.xml:2830(para)
15382
19553
msgid ""
15383
19554
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15384
19555
"between a client machine and the server differs by more than five minutes "
15385
19556
"(by default), the workstation will not be able to authenticate. To correct "
15386
"the problem all hosts should have their time synchronized using the "
15387
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15388
"NTP see <xref linkend=\"NTP\"/>."
19557
"the problem all hosts should have their time synchronized using the same "
19558
"<emphasis>Network Time Protocol (NTP)</emphasis> server. For details on "
19559
"setting up NTP see <xref linkend=\"NTP\"/>."
15389
19560
msgstr ""
15390
19561
15391
#: serverguide/C/network-auth.xml:2117(para)
19562
#: serverguide/C/network-auth.xml:2838(para)
15392
19563
msgid ""
15393
"The first step in installing a Kerberos Realm is to install the "
19564
"The first step in creating a Kerberos Realm is to install the "
15394
19565
"<application>krb5-kdc</application> and <application>krb5-admin-"
15395
19566
"server</application> packages. From a terminal enter:"
15396
19567
msgstr ""
15397
19568
15398
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
19569
#: serverguide/C/network-auth.xml:2844(command) serverguide/C/network-auth.xml:3051(command)
15399
19570
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15400
19571
msgstr ""
15401
19572
15402
#: serverguide/C/network-auth.xml:2126(para)
19573
#: serverguide/C/network-auth.xml:2847(para)
15403
19574
msgid ""
15404
"You will be asked at the end of the install to supply a name for the "
19575
"You will be asked at the end of the install to supply the hostname for the "
15405
19576
"Kerberos and Admin servers, which may or may not be the same server, for the "
15406
19577
"realm."
15407
19578
msgstr ""
15408
19579
15409
#: serverguide/C/network-auth.xml:2131(para)
19580
#: serverguide/C/network-auth.xml:2854(para)
19581
msgid "By default the realm is created from the KDC's domain name."
19582
msgstr ""
19583
19584
#: serverguide/C/network-auth.xml:2859(para)
15410
19585
msgid ""
15411
19586
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15412
19587
"utility:"
15413
19588
msgstr ""
15414
19589
15415
#: serverguide/C/network-auth.xml:2136(command)
19590
#: serverguide/C/network-auth.xml:2864(command)
15416
19591
msgid "sudo krb5_newrealm"
15417
19592
msgstr ""
15418
19593
15419
#: serverguide/C/network-auth.xml:2143(para)
19594
#: serverguide/C/network-auth.xml:2871(para)
15420
19595
msgid ""
15421
19596
"The questions asked during installation are used to configure the "
15422
19597
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15423
19598
"Distribution Center (KDC) settings simply edit the file and restart the "
15424
"<application>krb5-kdc</application> daemon."
15425
msgstr ""
15426
15427
#: serverguide/C/network-auth.xml:2151(para)
19599
"<application>krb5-kdc</application> daemon. If you need to reconfigure "
19600
"Kerberos from scratch, perhaps to change the realm name, you can do so by "
19601
"typing"
19602
msgstr ""
19603
19604
#: serverguide/C/network-auth.xml:2878(command)
19605
msgid "sudo dpkg-reconfigure krb5-kdc"
19606
msgstr ""
19607
19608
#: serverguide/C/network-auth.xml:2884(para)
15428
19609
msgid ""
15429
"Now that the KDC running an admin user is needed. It is recommended to use a "
15430
"different username from your everyday username. Using the "
19610
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
19611
"principal</emphasis> -- is needed. It is recommended to use a different "
19612
"username from your everyday username. Using the "
15431
19613
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15432
19614
msgstr ""
15433
19615
15434
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
19616
#: serverguide/C/network-auth.xml:2892(command) serverguide/C/network-auth.xml:3762(command)
15435
19617
msgid "sudo kadmin.local"
15436
19618
msgstr ""
15437
19619
15438
#: serverguide/C/network-auth.xml:2158(computeroutput)
19620
#: serverguide/C/network-auth.xml:2893(computeroutput)
15439
19621
#, no-wrap
15440
19622
msgid ""
15441
19623
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15442
19624
"kadmin.local:"
15443
19625
msgstr ""
15444
19626
15445
#: serverguide/C/network-auth.xml:2159(userinput)
19627
#: serverguide/C/network-auth.xml:2894(userinput)
15446
19628
#, no-wrap
15447
19629
msgid " addprinc steve/admin"
15448
19630
msgstr ""
15449
19631
15450
#: serverguide/C/network-auth.xml:2160(computeroutput)
19632
#: serverguide/C/network-auth.xml:2895(computeroutput)
15451
19633
#, no-wrap
15452
19634
msgid ""
15453
19635
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15458
19640
"kadmin.local:"
15459
19641
msgstr ""
15460
19642
15461
#: serverguide/C/network-auth.xml:2164(userinput)
19643
#: serverguide/C/network-auth.xml:2899(userinput)
15462
19644
#, no-wrap
15463
19645
msgid " quit"
15464
19646
msgstr ""
15465
19647
15466
#: serverguide/C/network-auth.xml:2167(para)
19648
#: serverguide/C/network-auth.xml:2902(para)
15467
19649
msgid ""
15468
19650
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15469
19651
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15470
19652
"is an <emphasis>Instance</emphasis>, and <emphasis "
15471
19653
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15472
"role=\"italic\">\"every day\"</emphasis> Principal would be "
19654
"role=\"italic\">\"every day\"</emphasis> Principal, a.k.a. the <emphasis "
19655
"role=\"italic\">user principal</emphasis>, would be "
15473
19656
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15474
19657
"rights."
15475
19658
msgstr ""
15476
19659
15477
#: serverguide/C/network-auth.xml:2175(para)
19660
#: serverguide/C/network-auth.xml:2912(para)
15478
19661
msgid ""
15479
19662
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15480
19663
"your Realm and admin username."
15481
19664
msgstr ""
15482
19665
15483
#: serverguide/C/network-auth.xml:2183(para)
19666
#: serverguide/C/network-auth.xml:2920(para)
15484
19667
msgid ""
15485
19668
"Next, the new admin user needs to have the appropriate Access Control List "
15486
19669
"(ACL) permissions. The permissions are configured in the "
15487
19670
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15488
19671
msgstr ""
15489
19672
15490
#: serverguide/C/network-auth.xml:2188(programlisting)
19673
#: serverguide/C/network-auth.xml:2925(programlisting)
15491
19674
#, no-wrap
15492
19675
msgid ""
15493
19676
"\n"
15494
19677
"steve/admin@EXAMPLE.COM *\n"
15495
19678
msgstr ""
15496
19679
15497
#: serverguide/C/network-auth.xml:2192(para)
19680
#: serverguide/C/network-auth.xml:2929(para)
15498
19681
msgid ""
15499
19682
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15500
"any operation on all principals in the realm."
19683
"any operation on all principals in the realm. You can configure principals "
19684
"with more restrictive privileges, which is convenient if you need an admin "
19685
"principal that junior staff can use in Kerberos clients. Please see the "
19686
"<emphasis>kadm5.acl</emphasis> man page for details."
15501
19687
msgstr ""
15502
19688
15503
#: serverguide/C/network-auth.xml:2199(para)
19689
#: serverguide/C/network-auth.xml:2941(para)
15504
19690
msgid ""
15505
19691
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15506
19692
"to take affect:"
15507
19693
msgstr ""
15508
19694
15509
#: serverguide/C/network-auth.xml:2204(command)
19695
#: serverguide/C/network-auth.xml:2946(command)
15510
19696
msgid "sudo /etc/init.d/krb5-admin-server restart"
15511
19697
msgstr ""
15512
19698
15513
#: serverguide/C/network-auth.xml:2210(para)
19699
#: serverguide/C/network-auth.xml:2952(para)
15514
19700
msgid ""
15515
19701
"The new user principal can be tested using the <application>kinit "
15516
19702
"utility</application>:"
15517
19703
msgstr ""
15518
19704
15519
#: serverguide/C/network-auth.xml:2215(command)
19705
#: serverguide/C/network-auth.xml:2957(command)
15520
19706
msgid "kinit steve/admin"
15521
19707
msgstr ""
15522
19708
15523
#: serverguide/C/network-auth.xml:2216(computeroutput)
19709
#: serverguide/C/network-auth.xml:2958(computeroutput)
15524
19710
#, no-wrap
15525
19711
msgid "steve/admin@EXAMPLE.COM's Password:"
15526
19712
msgstr ""
15527
19713
15528
#: serverguide/C/network-auth.xml:2219(para)
19714
#: serverguide/C/network-auth.xml:2961(para)
15529
19715
msgid ""
15530
19716
"After entering the password, use the <application>klist</application> "
15531
19717
"utility to view information about the Ticket Granting Ticket (TGT):"
15532
19718
msgstr ""
15533
19719
15534
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
19720
#: serverguide/C/network-auth.xml:2967(command) serverguide/C/network-auth.xml:3344(command)
15535
19721
msgid "klist"
15536
19722
msgstr ""
15537
19723
15538
#: serverguide/C/network-auth.xml:2226(computeroutput)
19724
#: serverguide/C/network-auth.xml:2968(computeroutput)
15539
19725
#, no-wrap
15540
19726
msgid ""
15541
19727
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15545
19731
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15546
19732
msgstr ""
15547
19733
15548
#: serverguide/C/network-auth.xml:2233(para)
19734
#: serverguide/C/network-auth.xml:2975(para)
15549
19735
msgid ""
15550
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15551
"the KDC. For example:"
19736
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
19737
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
19738
"case is <filename>1000</filename>. You may need to add an entry into the "
19739
"<filename>/etc/hosts</filename> for the KDC so the client can find the KDC. "
19740
"For example:"
15552
19741
msgstr ""
15553
19742
15554
#: serverguide/C/network-auth.xml:2237(programlisting)
19743
#: serverguide/C/network-auth.xml:2984(programlisting)
15555
19744
#, no-wrap
15556
19745
msgid ""
15557
19746
"\n"
15558
19747
"192.168.0.1 kdc01.example.com kdc01\n"
15559
19748
msgstr ""
15560
19749
15561
#: serverguide/C/network-auth.xml:2241(para)
19750
#: serverguide/C/network-auth.xml:2988(para)
15562
19751
msgid ""
15563
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
19752
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
19753
"This usually happens when you have a Kerberos realm encompassing different "
19754
"networks separated by routers."
15564
19755
msgstr ""
15565
19756
15566
#: serverguide/C/network-auth.xml:2248(para)
19757
#: serverguide/C/network-auth.xml:2997(para)
15567
19758
msgid ""
15568
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15569
"are needed. Add the following to "
19759
"The best way to allow clients to automatically determine the KDC for the "
19760
"Realm is using DNS SRV records. Add the following to "
15570
19761
"<filename>/etc/named/db.example.com</filename>:"
15571
19762
msgstr ""
15572
19763
15573
#: serverguide/C/network-auth.xml:2253(programlisting)
19764
#: serverguide/C/network-auth.xml:3003(programlisting)
15574
19765
#, no-wrap
15575
19766
msgid ""
15576
19767
"\n"
15582
19773
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15583
19774
msgstr ""
15584
19775
15585
#: serverguide/C/network-auth.xml:2263(para)
19776
#: serverguide/C/network-auth.xml:3013(para)
15586
19777
msgid ""
15587
19778
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15588
19779
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15589
19780
"KDC."
15590
19781
msgstr ""
15591
19782
15592
#: serverguide/C/network-auth.xml:2269(para)
19783
#: serverguide/C/network-auth.xml:3019(para)
15593
19784
msgid ""
15594
19785
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15595
19786
msgstr ""
15596
19787
15597
#: serverguide/C/network-auth.xml:2276(para)
19788
#: serverguide/C/network-auth.xml:3026(para)
15598
19789
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15599
19790
msgstr ""
15600
19791
15601
#: serverguide/C/network-auth.xml:2283(title)
19792
#: serverguide/C/network-auth.xml:3033(title)
15602
19793
msgid "Secondary KDC"
15603
19794
msgstr ""
15604
19795
15605
#: serverguide/C/network-auth.xml:2285(para)
19796
#: serverguide/C/network-auth.xml:3035(para)
15606
19797
msgid ""
15607
19798
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15608
"practice to have a Secondary KDC in case the primary becomes unavailable."
19799
"practice to have a Secondary KDC in case the primary becomes unavailable. "
19800
"Also, if you have Kerberos clients that are in different networks (possibly "
19801
"separated by routers using NAT), it is wise to place a secondary KDC in each "
19802
"of those networks."
15609
19803
msgstr ""
15610
19804
15611
#: serverguide/C/network-auth.xml:2293(para)
19805
#: serverguide/C/network-auth.xml:3046(para)
15612
19806
msgid ""
15613
19807
"First, install the packages, and when asked for the Kerberos and Admin "
15614
19808
"server names enter the name of the Primary KDC:"
15615
19809
msgstr ""
15616
19810
15617
#: serverguide/C/network-auth.xml:2304(para)
19811
#: serverguide/C/network-auth.xml:3057(para)
15618
19812
msgid ""
15619
19813
"Once you have the packages installed, create the Secondary KDC's host "
15620
19814
"principal. From a terminal prompt, enter:"
15621
19815
msgstr ""
15622
19816
15623
#: serverguide/C/network-auth.xml:2309(command)
19817
#: serverguide/C/network-auth.xml:3062(command)
15624
19818
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15625
19819
msgstr ""
15626
19820
15627
#: serverguide/C/network-auth.xml:2313(para)
19821
#: serverguide/C/network-auth.xml:3066(para)
15628
19822
msgid ""
15629
19823
"After, issuing any <application>kadmin</application> commands you will be "
15630
19824
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15631
19825
"password."
15632
19826
msgstr ""
15633
19827
15634
#: serverguide/C/network-auth.xml:2322(para)
19828
#: serverguide/C/network-auth.xml:3075(para)
15635
19829
msgid "Extract the <emphasis>keytab</emphasis> file:"
15636
19830
msgstr ""
15637
19831
15638
#: serverguide/C/network-auth.xml:2327(command)
15639
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
19832
#: serverguide/C/network-auth.xml:3080(command)
19833
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
15640
19834
msgstr ""
15641
19835
15642
#: serverguide/C/network-auth.xml:2333(para)
19836
#: serverguide/C/network-auth.xml:3086(para)
15643
19837
msgid ""
15644
19838
"There should now be a <filename>keytab.kdc02</filename> in the current "
15645
19839
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15646
19840
msgstr ""
15647
19841
15648
#: serverguide/C/network-auth.xml:2339(command)
19842
#: serverguide/C/network-auth.xml:3092(command)
15649
19843
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15650
19844
msgstr ""
15651
19845
15652
#: serverguide/C/network-auth.xml:2343(para)
19846
#: serverguide/C/network-auth.xml:3096(para)
15653
19847
msgid ""
15654
19848
"If the path to the <filename>keytab.kdc02</filename> file is different "
15655
19849
"adjust accordingly."
15656
19850
msgstr ""
15657
19851
15658
#: serverguide/C/network-auth.xml:2348(para)
19852
#: serverguide/C/network-auth.xml:3101(para)
15659
19853
msgid ""
15660
19854
"Also, you can list the principals in a Keytab file, which can be useful when "
15661
19855
"troubleshooting, using the <application>klist</application> utility:"
15662
19856
msgstr ""
15663
19857
15664
#: serverguide/C/network-auth.xml:2354(command)
19858
#: serverguide/C/network-auth.xml:3107(command)
15665
19859
msgid "sudo klist -k /etc/krb5.keytab"
15666
19860
msgstr ""
15667
19861
15668
#: serverguide/C/network-auth.xml:2360(para)
19862
#: serverguide/C/network-auth.xml:3110(para)
19863
msgid ""
19864
"The <application>-k</application> option indicates the file is a keytab file."
19865
msgstr ""
19866
19867
#: serverguide/C/network-auth.xml:3117(para)
15669
19868
msgid ""
15670
19869
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15671
19870
"that lists all KDCs for the Realm. For example, on both primary and "
15672
19871
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15673
19872
msgstr ""
15674
19873
15675
#: serverguide/C/network-auth.xml:2365(programlisting)
19874
#: serverguide/C/network-auth.xml:3122(programlisting)
15676
19875
#, no-wrap
15677
19876
msgid ""
15678
19877
"\n"
15680
19879
"host/kdc02.example.com@EXAMPLE.COM\n"
15681
19880
msgstr ""
15682
19881
15683
#: serverguide/C/network-auth.xml:2373(para)
19882
#: serverguide/C/network-auth.xml:3130(para)
15684
19883
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15685
19884
msgstr ""
15686
19885
15687
#: serverguide/C/network-auth.xml:2378(command)
19886
#: serverguide/C/network-auth.xml:3135(command)
15688
19887
msgid "sudo kdb5_util -s create"
15689
19888
msgstr ""
15690
19889
15691
#: serverguide/C/network-auth.xml:2384(para)
19890
#: serverguide/C/network-auth.xml:3141(para)
15692
19891
msgid ""
15693
19892
"Now start the <application>kpropd</application> daemon, which listens for "
15694
19893
"connections from the <application>kprop</application> utility. "
15695
19894
"<application>kprop</application> is used to transfer dump files:"
15696
19895
msgstr ""
15697
19896
15698
#: serverguide/C/network-auth.xml:2391(command)
19897
#: serverguide/C/network-auth.xml:3148(command)
15699
19898
msgid "sudo kpropd -S"
15700
19899
msgstr ""
15701
19900
15702
#: serverguide/C/network-auth.xml:2397(para)
19901
#: serverguide/C/network-auth.xml:3154(para)
15703
19902
msgid ""
15704
19903
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15705
19904
"of the principal database:"
15706
19905
msgstr ""
15707
19906
15708
#: serverguide/C/network-auth.xml:2402(command)
19907
#: serverguide/C/network-auth.xml:3159(command)
15709
19908
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15710
19909
msgstr ""
15711
19910
15712
#: serverguide/C/network-auth.xml:2408(para)
19911
#: serverguide/C/network-auth.xml:3165(para)
15713
19912
msgid ""
15714
19913
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15715
19914
"<filename>/etc/krb5.keytab</filename>:"
15716
19915
msgstr ""
15717
19916
15718
#: serverguide/C/network-auth.xml:2413(command)
19917
#: serverguide/C/network-auth.xml:3170(command)
15719
19918
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15720
19919
msgstr ""
15721
19920
15722
#: serverguide/C/network-auth.xml:2414(command)
19921
#: serverguide/C/network-auth.xml:3171(command)
15723
19922
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
15724
19923
msgstr ""
15725
19924
15726
#: serverguide/C/network-auth.xml:2418(para)
19925
#: serverguide/C/network-auth.xml:3175(para)
15727
19926
msgid ""
15728
19927
"Make sure there is a <emphasis>host</emphasis> for "
15729
19928
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15730
19929
msgstr ""
15731
19930
15732
#: serverguide/C/network-auth.xml:2426(para)
19931
#: serverguide/C/network-auth.xml:3183(para)
15733
19932
msgid ""
15734
19933
"Using the <application>kprop</application> utility push the database to the "
15735
19934
"Secondary KDC:"
15736
19935
msgstr ""
15737
19936
15738
#: serverguide/C/network-auth.xml:2431(command)
19937
#: serverguide/C/network-auth.xml:3188(command)
15739
19938
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15740
19939
msgstr ""
15741
19940
15742
#: serverguide/C/network-auth.xml:2435(para)
19941
#: serverguide/C/network-auth.xml:3192(para)
15743
19942
msgid ""
15744
19943
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15745
19944
"worked. If there is an error message check "
15747
19946
"information."
15748
19947
msgstr ""
15749
19948
15750
#: serverguide/C/network-auth.xml:2441(para)
19949
#: serverguide/C/network-auth.xml:3198(para)
15751
19950
msgid ""
15752
19951
"You may also want to create a <application>cron</application> job to "
15753
19952
"periodically update the database on the Secondary KDC. For example, the "
15754
"following will push the database every hour:"
19953
"following will push the database every hour (note the long line has been "
19954
"split to fit the format of this document):"
15755
19955
msgstr ""
15756
19956
15757
#: serverguide/C/network-auth.xml:2446(programlisting)
19957
#: serverguide/C/network-auth.xml:3203(programlisting)
15758
19958
#, no-wrap
15759
19959
msgid ""
15760
19960
"\n"
15761
19961
"# m h dom mon dow command\n"
15762
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
19962
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && \n"
15763
19963
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15764
19964
msgstr ""
15765
19965
15766
#: serverguide/C/network-auth.xml:2454(para)
19966
#: serverguide/C/network-auth.xml:3212(para)
15767
19967
msgid ""
15768
19968
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15769
19969
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15770
19970
msgstr ""
15771
19971
15772
#: serverguide/C/network-auth.xml:2460(command)
19972
#: serverguide/C/network-auth.xml:3218(command)
15773
19973
msgid "sudo kdb5_util stash"
15774
19974
msgstr ""
15775
19975
15776
#: serverguide/C/network-auth.xml:2466(para)
19976
#: serverguide/C/network-auth.xml:3224(para)
15777
19977
msgid ""
15778
19978
"Finally, start the <application>krb5-kdc</application> daemon on the "
15779
19979
"Secondary KDC:"
15780
19980
msgstr ""
15781
19981
15782
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
19982
#: serverguide/C/network-auth.xml:3229(command) serverguide/C/network-auth.xml:3905(command)
15783
19983
msgid "sudo /etc/init.d/krb5-kdc start"
15784
19984
msgstr ""
15785
19985
15786
#: serverguide/C/network-auth.xml:2477(para)
19986
#: serverguide/C/network-auth.xml:3235(para)
15787
19987
msgid ""
15788
19988
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15789
19989
"for the Realm. You can test this by stopping the <application>krb5-"
15790
"kdc</application> daemon on the Primary KDC, then use "
19990
"kdc</application> daemon on the Primary KDC, then by using "
15791
19991
"<application>kinit</application> to request a ticket. If all goes well you "
15792
"should receive a ticket from the Secondary KDC."
19992
"should receive a ticket from the Secondary KDC. Otherwise, check "
19993
"<filename>/var/log/syslog</filename> and "
19994
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
15793
19995
msgstr ""
15794
19996
15795
#: serverguide/C/network-auth.xml:2485(title)
19997
#: serverguide/C/network-auth.xml:3246(title)
15796
19998
msgid "Kerberos Linux Client"
15797
19999
msgstr ""
15798
20000
15799
#: serverguide/C/network-auth.xml:2487(para)
20001
#: serverguide/C/network-auth.xml:3248(para)
15800
20002
msgid ""
15801
20003
"This section covers configuring a Linux system as a "
15802
20004
"<application>Kerberos</application> client. This will allow access to any "
15803
20005
"kerberized services once a user has successfully logged into the system."
15804
20006
msgstr ""
15805
20007
15806
#: serverguide/C/network-auth.xml:2495(para)
20008
#: serverguide/C/network-auth.xml:3256(para)
15807
20009
msgid ""
15808
20010
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15809
20011
"user</application> and <application>libpam-krb5</application> packages are "
15812
20014
"prompt:"
15813
20015
msgstr ""
15814
20016
15815
#: serverguide/C/network-auth.xml:2502(command)
20017
#: serverguide/C/network-auth.xml:3263(command)
15816
20018
msgid ""
15817
20019
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15818
20020
msgstr ""
15819
20021
15820
#: serverguide/C/network-auth.xml:2505(para)
20022
#: serverguide/C/network-auth.xml:3266(para)
15821
20023
msgid ""
15822
20024
"The <application>auth-client-config</application> package allows simple "
15823
20025
"configuration of PAM for authentication from multiple sources, and the "
15828
20030
"be accessed off the network as well."
15829
20031
msgstr ""
15830
20032
15831
#: serverguide/C/network-auth.xml:2516(para)
20033
#: serverguide/C/network-auth.xml:3277(para)
15832
20034
msgid "To configure the client in a terminal enter:"
15833
20035
msgstr ""
15834
20036
15835
#: serverguide/C/network-auth.xml:2521(command)
20037
#: serverguide/C/network-auth.xml:3282(command)
15836
20038
msgid "sudo dpkg-reconfigure krb5-config"
15837
20039
msgstr ""
15838
20040
15839
#: serverguide/C/network-auth.xml:2524(para)
20041
#: serverguide/C/network-auth.xml:3285(para)
15840
20042
msgid ""
15841
20043
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15842
20044
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15844
20046
"Center (KDC) and Realm Administration server."
15845
20047
msgstr ""
15846
20048
15847
#: serverguide/C/network-auth.xml:2530(para)
20049
#: serverguide/C/network-auth.xml:3291(para)
15848
20050
msgid ""
15849
20051
"The <application>dpkg-reconfigure</application> adds entries to the "
15850
20052
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15851
20053
"entries similar to the following:"
15852
20054
msgstr ""
15853
20055
15854
#: serverguide/C/network-auth.xml:2535(programlisting)
20056
#: serverguide/C/network-auth.xml:3296(programlisting)
15855
20057
#, no-wrap
15856
20058
msgid ""
15857
20059
"\n"
15865
20067
" }\n"
15866
20068
msgstr ""
15867
20069
15868
#: serverguide/C/network-auth.xml:2546(para)
20070
#: serverguide/C/network-auth.xml:3308(para)
20071
msgid ""
20072
"If you set the uid of each of your network-authenticated users to start at "
20073
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
20074
"can then tell pam to only try to authenticate using Kerberos users with uid "
20075
"> 5000:"
20076
msgstr ""
20077
20078
#: serverguide/C/network-auth.xml:3316(command)
20079
msgid ""
20080
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
20081
"for i in common-auth common-session common-account common-password; do sudo "
20082
"sed -i -r \\ -e 's/pam_krb5.so minimum_uid=1000/pam_krb5.so "
20083
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
20084
msgstr ""
20085
20086
#: serverguide/C/network-auth.xml:3323(para)
20087
msgid ""
20088
"This will avoid being asked for the (non-existent) Kerberos password of a "
20089
"locally authenticated user when changing its password using "
20090
"<command>passwd</command>."
20091
msgstr ""
20092
20093
#: serverguide/C/network-auth.xml:3330(para)
15869
20094
msgid ""
15870
20095
"You can test the configuration by requesting a ticket using the "
15871
20096
"<application>kinit</application> utility. For example:"
15872
20097
msgstr ""
15873
20098
15874
#: serverguide/C/network-auth.xml:2551(command)
20099
#: serverguide/C/network-auth.xml:3335(command)
15875
20100
msgid "kinit steve@EXAMPLE.COM"
15876
20101
msgstr ""
15877
20102
15878
#: serverguide/C/network-auth.xml:2552(computeroutput)
20103
#: serverguide/C/network-auth.xml:3336(computeroutput)
15879
20104
#, no-wrap
15880
20105
msgid "Password for steve@EXAMPLE.COM:"
15881
20106
msgstr ""
15882
20107
15883
#: serverguide/C/network-auth.xml:2555(para)
20108
#: serverguide/C/network-auth.xml:3339(para)
15884
20109
msgid ""
15885
20110
"When a ticket has been granted, the details can be viewed using "
15886
20111
"<application>klist</application>:"
15887
20112
msgstr ""
15888
20113
15889
#: serverguide/C/network-auth.xml:2561(computeroutput)
20114
#: serverguide/C/network-auth.xml:3345(computeroutput)
15890
20115
#, no-wrap
15891
20116
msgid ""
15892
20117
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15901
20126
"klist: You have no tickets cached"
15902
20127
msgstr ""
15903
20128
15904
#: serverguide/C/network-auth.xml:2573(para)
20129
#: serverguide/C/network-auth.xml:3357(para)
15905
20130
msgid ""
15906
20131
"Next, use the <application>auth-client-config</application> to configure the "
15907
20132
"<application>libpam-krb5</application> module to request a ticket during "
15908
20133
"login:"
15909
20134
msgstr ""
15910
20135
15911
#: serverguide/C/network-auth.xml:2579(command)
20136
#: serverguide/C/network-auth.xml:3363(command)
15912
20137
msgid "sudo auth-client-config -a -p kerberos_example"
15913
20138
msgstr ""
15914
20139
15915
#: serverguide/C/network-auth.xml:2582(para)
20140
#: serverguide/C/network-auth.xml:3366(para)
15916
20141
msgid ""
15917
20142
"You will should now receive a ticket upon successful login authentication."
15918
20143
msgstr ""
15919
20144
15920
#: serverguide/C/network-auth.xml:2593(para)
20145
#: serverguide/C/network-auth.xml:3377(para)
15921
20146
msgid ""
15922
"For more information on Kerberos see the <ulink "
20147
"For more information on MIT's version of Kerberos, see the <ulink "
15923
20148
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15924
20149
msgstr ""
15925
20150
15926
#: serverguide/C/network-auth.xml:2598(para)
20151
#: serverguide/C/network-auth.xml:3382(para)
15927
20152
msgid ""
15928
20153
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15929
20154
"Kerberos</ulink> page has more details."
15930
20155
msgstr ""
15931
20156
15932
#: serverguide/C/network-auth.xml:2603(para)
20157
#: serverguide/C/network-auth.xml:3387(para)
15933
20158
msgid ""
15934
20159
"O'Reilly's <ulink "
15935
20160
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
15936
20161
"Guide</ulink> is a great reference when setting up Kerberos."
15937
20162
msgstr ""
15938
20163
15939
#: serverguide/C/network-auth.xml:2609(para)
20164
#: serverguide/C/network-auth.xml:3393(para)
15940
20165
msgid ""
15941
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
15942
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
15943
"Kerberos questions."
20166
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
20167
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
20168
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
15944
20169
msgstr ""
15945
20170
15946
#: serverguide/C/network-auth.xml:2619(title)
20171
#: serverguide/C/network-auth.xml:3405(title)
15947
20172
msgid "Kerberos and LDAP"
15948
20173
msgstr ""
15949
20174
15950
#: serverguide/C/network-auth.xml:2621(para)
20175
#: serverguide/C/network-auth.xml:3407(para)
20176
msgid ""
20177
"Most people will not use Kerberos by itself; once an user is authenticated "
20178
"(Kerberos), we need to figure out what this user can do (authorization). And "
20179
"that would be the job of programs such as <application>LDAP</application>."
20180
msgstr ""
20181
20182
#: serverguide/C/network-auth.xml:3414(para)
15951
20183
msgid ""
15952
20184
"Replicating a Kerberos principal database between two servers can be "
15953
20185
"complicated, and adds an additional user database to your network. "
15957
20189
"<application>OpenLDAP</application> for the principal database."
15958
20190
msgstr ""
15959
20191
15960
#: serverguide/C/network-auth.xml:2629(title)
20192
#: serverguide/C/network-auth.xml:3422(para)
20193
msgid ""
20194
"The examples presented here assume <application>MIT Kerberos</application> "
20195
"and <application>OpenLDAP</application>."
20196
msgstr ""
20197
20198
#: serverguide/C/network-auth.xml:3430(title)
15961
20199
msgid "Configuring OpenLDAP"
15962
20200
msgstr ""
15963
20201
15964
#: serverguide/C/network-auth.xml:2631(para)
20202
#: serverguide/C/network-auth.xml:3432(para)
15965
20203
msgid ""
15966
20204
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
15967
20205
"<application>OpenLDAP</application> server that has network connectivity to "
15970
20208
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
15971
20209
msgstr ""
15972
20210
15973
#: serverguide/C/network-auth.xml:2638(para)
20211
#: serverguide/C/network-auth.xml:3438(para)
15974
20212
msgid ""
15975
20213
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
15976
20214
"that traffic between the KDC and LDAP server is encrypted. See <xref "
15977
20215
"linkend=\"openldap-tls\"/> for details."
15978
20216
msgstr ""
15979
20217
15980
#: serverguide/C/network-auth.xml:2645(para)
20218
#: serverguide/C/network-auth.xml:3444(para)
20219
msgid ""
20220
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
20221
"edit the ldap database. Many times it is the RootDN. Change its value to "
20222
"reflect your setup."
20223
msgstr ""
20224
20225
#: serverguide/C/network-auth.xml:3453(para)
15981
20226
msgid ""
15982
20227
"To load the schema into LDAP, on the LDAP server install the "
15983
20228
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
15984
20229
msgstr ""
15985
20230
15986
#: serverguide/C/network-auth.xml:2651(command)
20231
#: serverguide/C/network-auth.xml:3459(command)
15987
20232
msgid "sudo apt-get install krb5-kdc-ldap"
15988
20233
msgstr ""
15989
20234
15990
#: serverguide/C/network-auth.xml:2656(para)
20235
#: serverguide/C/network-auth.xml:3464(para)
15991
20236
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
15992
20237
msgstr ""
15993
20238
15994
#: serverguide/C/network-auth.xml:2661(command)
20239
#: serverguide/C/network-auth.xml:3469(command)
15995
20240
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15996
20241
msgstr ""
15997
20242
15998
#: serverguide/C/network-auth.xml:2662(command)
20243
#: serverguide/C/network-auth.xml:3470(command)
15999
20244
msgid ""
16000
20245
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
16001
20246
msgstr ""
16002
20247
16003
#: serverguide/C/network-auth.xml:2668(para)
20248
#: serverguide/C/network-auth.xml:3476(para)
16004
20249
msgid ""
16005
20250
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
16006
20251
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
16008
20253
"linkend=\"openldap-configuration\"/>."
16009
20254
msgstr ""
16010
20255
16011
#: serverguide/C/network-auth.xml:2681(programlisting)
20256
#: serverguide/C/network-auth.xml:3484(para)
20257
msgid ""
20258
"First, create a configuration file named "
20259
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
20260
"containing the following lines:"
20261
msgstr ""
20262
20263
#: serverguide/C/network-auth.xml:3489(programlisting)
16012
20264
#, no-wrap
16013
20265
msgid ""
16014
20266
"\n"
16027
20279
"include /etc/ldap/schema/kerberos.schema\n"
16028
20280
msgstr ""
16029
20281
16030
#: serverguide/C/network-auth.xml:2701(para)
20282
#: serverguide/C/network-auth.xml:3509(para)
16031
20283
msgid "Create a temporary directory to hold the LDIF files:"
16032
20284
msgstr ""
16033
20285
16034
#: serverguide/C/network-auth.xml:2716(command)
16035
msgid ""
16036
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
20286
#: serverguide/C/network-auth.xml:3513(command)
20287
msgid "mkdir /tmp/ldif_output"
20288
msgstr ""
20289
20290
#: serverguide/C/network-auth.xml:3519(para)
20291
msgid ""
20292
"Now use <application>slapcat</application> to convert the schema files:"
20293
msgstr ""
20294
20295
#: serverguide/C/network-auth.xml:3524(command)
20296
msgid ""
20297
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
16037
20298
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
16038
20299
msgstr ""
16039
20300
16040
#: serverguide/C/network-auth.xml:2726(para)
20301
#: serverguide/C/network-auth.xml:3528(para)
20302
msgid ""
20303
"Change the above file and path names to match your own if they are different."
20304
msgstr ""
20305
20306
#: serverguide/C/network-auth.xml:3535(para)
16041
20307
msgid ""
16042
20308
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
16043
20309
"changing the following attributes:"
16044
20310
msgstr ""
16045
20311
16046
#: serverguide/C/network-auth.xml:2730(programlisting)
20312
#: serverguide/C/network-auth.xml:3539(programlisting)
16047
20313
#, no-wrap
16048
20314
msgid ""
16049
20315
"\n"
16052
20318
"cn: kerberos\n"
16053
20319
msgstr ""
16054
20320
16055
#: serverguide/C/network-auth.xml:2736(para)
20321
#: serverguide/C/network-auth.xml:3545(para)
16056
20322
msgid "And remove the following lines from the end of the file:"
16057
20323
msgstr ""
16058
20324
16059
#: serverguide/C/network-auth.xml:2740(programlisting)
20325
#: serverguide/C/network-auth.xml:3549(programlisting)
16060
20326
#, no-wrap
16061
20327
msgid ""
16062
20328
"\n"
16069
20335
"modifyTimestamp: 20090111203515Z\n"
16070
20336
msgstr ""
16071
20337
16072
#: serverguide/C/network-auth.xml:2759(para)
20338
#: serverguide/C/network-auth.xml:3559(para)
20339
msgid ""
20340
"The attribute values will vary, just be sure the attributes are removed."
20341
msgstr ""
20342
20343
#: serverguide/C/network-auth.xml:3566(para)
16073
20344
msgid "Load the new schema with <application>ldapadd</application>:"
16074
20345
msgstr ""
16075
20346
16076
#: serverguide/C/network-auth.xml:2764(command)
20347
#: serverguide/C/network-auth.xml:3571(command)
16077
20348
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
16078
20349
msgstr ""
16079
20350
16080
#: serverguide/C/network-auth.xml:2770(para)
20351
#: serverguide/C/network-auth.xml:3577(para)
16081
20352
msgid ""
16082
20353
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
16083
20354
msgstr ""
16084
20355
16085
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
20356
#: serverguide/C/network-auth.xml:3582(command) serverguide/C/network-auth.xml:3599(command)
16086
20357
msgid "ldapmodify -x -D cn=admin,cn=config -W"
16087
20358
msgstr ""
16088
20359
16089
#: serverguide/C/network-auth.xml:2777(userinput)
20360
#: serverguide/C/network-auth.xml:3584(userinput)
16090
20361
#, no-wrap
16091
20362
msgid ""
16092
20363
"dn: olcDatabase={1}hdb,cn=config\n"
16094
20365
"olcDbIndex: krbPrincipalName eq,pres,sub"
16095
20366
msgstr ""
16096
20367
16097
#: serverguide/C/network-auth.xml:2776(computeroutput)
20368
#: serverguide/C/network-auth.xml:3583(computeroutput)
16098
20369
#, no-wrap
16099
20370
msgid ""
16100
20371
"Enter LDAP Password:\n"
16103
20374
"modifying entry \"olcDatabase={1}hdb,cn=config\""
16104
20375
msgstr ""
16105
20376
16106
#: serverguide/C/network-auth.xml:2787(para)
20377
#: serverguide/C/network-auth.xml:3594(para)
16107
20378
msgid "Finally, update the Access Control Lists (ACL):"
16108
20379
msgstr ""
16109
20380
16110
#: serverguide/C/network-auth.xml:2794(userinput)
20381
#: serverguide/C/network-auth.xml:3601(userinput)
16111
20382
#, no-wrap
16112
20383
msgid ""
16113
20384
"dn: olcDatabase={1}hdb,cn=config\n"
16114
20385
"replace: olcAccess\n"
16115
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
16116
"dn=\"cn=admin,dc=exampl\n"
16117
" e,dc=com\" write by anonymous auth by self write by * none\n"
20386
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by\n"
20387
" dn=\"cn=admin,dc=example,dc=com\" write by anonymous auth by self write by "
20388
"* none\n"
16118
20389
"-\n"
16119
20390
"add: olcAccess\n"
16120
20391
"olcAccess: to dn.base=\"\" by * read\n"
16123
20394
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
16124
20395
msgstr ""
16125
20396
16126
#: serverguide/C/network-auth.xml:2793(computeroutput)
20397
#: serverguide/C/network-auth.xml:3600(computeroutput)
16127
20398
#, no-wrap
16128
20399
msgid ""
16129
20400
"Enter LDAP Password: \n"
16132
20403
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
16133
20404
msgstr ""
16134
20405
16135
#: serverguide/C/network-auth.xml:2814(para)
20406
#: serverguide/C/network-auth.xml:3621(para)
16136
20407
msgid ""
16137
20408
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
16138
20409
"database."
16139
20410
msgstr ""
16140
20411
16141
#: serverguide/C/network-auth.xml:2820(title)
20412
#: serverguide/C/network-auth.xml:3627(title)
16142
20413
msgid "Primary KDC Configuration"
16143
20414
msgstr ""
16144
20415
16145
#: serverguide/C/network-auth.xml:2822(para)
20416
#: serverguide/C/network-auth.xml:3629(para)
16146
20417
msgid ""
16147
20418
"With <application>OpenLDAP</application> configured it is time to configure "
16148
20419
"the KDC."
16149
20420
msgstr ""
16150
20421
16151
#: serverguide/C/network-auth.xml:2828(para)
20422
#: serverguide/C/network-auth.xml:3635(para)
16152
20423
msgid "First, install the necessary packages, from a terminal enter:"
16153
20424
msgstr ""
16154
20425
16155
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
20426
#: serverguide/C/network-auth.xml:3640(command) serverguide/C/network-auth.xml:3799(command)
16156
20427
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16157
20428
msgstr ""
16158
20429
16159
#: serverguide/C/network-auth.xml:2839(para)
20430
#: serverguide/C/network-auth.xml:3646(para)
16160
20431
msgid ""
16161
20432
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
16162
20433
"under the appropriate sections:"
16163
20434
msgstr ""
16164
20435
16165
#: serverguide/C/network-auth.xml:2843(programlisting)
20436
#: serverguide/C/network-auth.xml:3650(programlisting)
16166
20437
#, no-wrap
16167
20438
msgid ""
16168
20439
"\n"
16212
20483
" }\n"
16213
20484
msgstr ""
16214
20485
16215
#: serverguide/C/network-auth.xml:2888(para)
20486
#: serverguide/C/network-auth.xml:3695(para)
16216
20487
msgid ""
16217
20488
"Change <emphasis>example.com</emphasis>, "
16218
20489
"<emphasis>dc=example,dc=com</emphasis>, "
16221
20492
"object, and LDAP server for your network."
16222
20493
msgstr ""
16223
20494
16224
#: serverguide/C/network-auth.xml:2897(para)
20495
#: serverguide/C/network-auth.xml:3704(para)
16225
20496
msgid ""
16226
20497
"Next, use the <application>kdb5_ldap_util</application> utility to create "
16227
20498
"the realm:"
16228
20499
msgstr ""
16229
20500
16230
#: serverguide/C/network-auth.xml:2902(command)
20501
#: serverguide/C/network-auth.xml:3709(command)
16231
20502
msgid ""
16232
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
20503
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
16233
20504
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16234
20505
msgstr ""
16235
20506
16236
#: serverguide/C/network-auth.xml:2908(para)
20507
#: serverguide/C/network-auth.xml:3716(para)
16237
20508
msgid ""
16238
20509
"Create a stash of the password used to bind to the LDAP server. This "
16239
20510
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16241
20512
"<filename>/etc/krb5.conf</filename>:"
16242
20513
msgstr ""
16243
20514
16244
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
20515
#: serverguide/C/network-auth.xml:3722(command) serverguide/C/network-auth.xml:3861(command)
16245
20516
msgid ""
16246
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
20517
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
16247
20518
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16248
20519
msgstr ""
16249
20520
16250
#: serverguide/C/network-auth.xml:2920(para)
20521
#: serverguide/C/network-auth.xml:3729(para)
16251
20522
msgid "Copy the CA certificate from the LDAP server:"
16252
20523
msgstr ""
16253
20524
16254
#: serverguide/C/network-auth.xml:2925(command)
20525
#: serverguide/C/network-auth.xml:3734(command)
16255
20526
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16256
20527
msgstr ""
16257
20528
16258
#: serverguide/C/network-auth.xml:2926(command)
20529
#: serverguide/C/network-auth.xml:3735(command)
16259
20530
msgid "sudo cp cacert.pem /etc/ssl/certs"
16260
20531
msgstr ""
16261
20532
16262
#: serverguide/C/network-auth.xml:2929(para)
20533
#: serverguide/C/network-auth.xml:3738(para)
16263
20534
msgid ""
16264
20535
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16265
20536
msgstr ""
16266
20537
16267
#: serverguide/C/network-auth.xml:2933(programlisting)
20538
#: serverguide/C/network-auth.xml:3742(programlisting)
16268
20539
#, no-wrap
16269
20540
msgid ""
16270
20541
"\n"
16271
20542
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16272
20543
msgstr ""
16273
20544
16274
#: serverguide/C/network-auth.xml:2938(para)
20545
#: serverguide/C/network-auth.xml:3747(para)
16275
20546
msgid ""
16276
20547
"The certificate will also need to be copied to the Secondary KDC, to allow "
16277
20548
"the connection to the LDAP servers using LDAPS."
16278
20549
msgstr ""
16279
20550
16280
#: serverguide/C/network-auth.xml:2947(para)
20551
#: serverguide/C/network-auth.xml:3756(para)
16281
20552
msgid ""
16282
20553
"You can now add Kerberos principals to the LDAP database, and they will be "
16283
20554
"copied to any other LDAP servers configured for replication. To add a "
16284
20555
"principal using the <application>kadmin.local</application> utility enter:"
16285
20556
msgstr ""
16286
20557
16287
#: serverguide/C/network-auth.xml:2955(userinput)
20558
#: serverguide/C/network-auth.xml:3764(userinput)
16288
20559
#, no-wrap
16289
20560
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16290
20561
msgstr ""
16291
20562
16292
#: serverguide/C/network-auth.xml:2954(computeroutput)
20563
#: serverguide/C/network-auth.xml:3763(computeroutput)
16293
20564
#, no-wrap
16294
20565
msgid ""
16295
20566
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16300
20571
"Principal \"steve@EXAMPLE.COM\" created."
16301
20572
msgstr ""
16302
20573
16303
#: serverguide/C/network-auth.xml:2962(para)
20574
#: serverguide/C/network-auth.xml:3771(para)
16304
20575
msgid ""
16305
20576
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16306
20577
"krbExtraData attributes added to the "
16309
20580
"utilities to test that the user is indeed issued a ticket."
16310
20581
msgstr ""
16311
20582
16312
#: serverguide/C/network-auth.xml:2969(para)
20583
#: serverguide/C/network-auth.xml:3778(para)
16313
20584
msgid ""
16314
20585
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16315
20586
"option is needed to add the Kerberos attributes. Otherwise a new "
16316
20587
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16317
20588
msgstr ""
16318
20589
16319
#: serverguide/C/network-auth.xml:2977(title)
20590
#: serverguide/C/network-auth.xml:3786(title)
16320
20591
msgid "Secondary KDC Configuration"
16321
20592
msgstr ""
16322
20593
16323
#: serverguide/C/network-auth.xml:2979(para)
20594
#: serverguide/C/network-auth.xml:3788(para)
16324
20595
msgid ""
16325
20596
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16326
20597
"one using the normal Kerberos database."
16327
20598
msgstr ""
16328
20599
16329
#: serverguide/C/network-auth.xml:2985(para)
20600
#: serverguide/C/network-auth.xml:3794(para)
16330
20601
msgid "First, install the necessary packages. In a terminal enter:"
16331
20602
msgstr ""
16332
20603
16333
#: serverguide/C/network-auth.xml:2996(para)
20604
#: serverguide/C/network-auth.xml:3805(para)
16334
20605
msgid ""
16335
20606
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16336
20607
msgstr ""
16337
20608
16338
#: serverguide/C/network-auth.xml:3000(programlisting)
20609
#: serverguide/C/network-auth.xml:3809(programlisting)
16339
20610
#, no-wrap
16340
20611
msgid ""
16341
20612
"\n"
16384
20655
" }\n"
16385
20656
msgstr ""
16386
20657
16387
#: serverguide/C/network-auth.xml:3047(para)
20658
#: serverguide/C/network-auth.xml:3856(para)
16388
20659
msgid "Create the stash for the LDAP bind password:"
16389
20660
msgstr ""
16390
20661
16391
#: serverguide/C/network-auth.xml:3058(para)
20662
#: serverguide/C/network-auth.xml:3868(para)
16392
20663
msgid ""
16393
20664
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16394
20665
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16397
20668
"media."
16398
20669
msgstr ""
16399
20670
16400
#: serverguide/C/network-auth.xml:3065(command)
20671
#: serverguide/C/network-auth.xml:3875(command)
16401
20672
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16402
20673
msgstr ""
16403
20674
16404
#: serverguide/C/network-auth.xml:3066(command)
20675
#: serverguide/C/network-auth.xml:3876(command)
16405
20676
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16406
20677
msgstr ""
16407
20678
16408
#: serverguide/C/network-auth.xml:3070(para)
20679
#: serverguide/C/network-auth.xml:3880(para)
16409
20680
msgid ""
16410
20681
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16411
20682
msgstr ""
16412
20683
16413
#: serverguide/C/network-auth.xml:3078(para)
20684
#: serverguide/C/network-auth.xml:3888(para)
20685
msgid ""
20686
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
20687
"only,"
20688
msgstr ""
20689
20690
#: serverguide/C/network-auth.xml:3900(para)
16414
20691
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16415
20692
msgstr ""
16416
20693
16417
#: serverguide/C/network-auth.xml:3089(para)
20694
#: serverguide/C/network-auth.xml:3911(para)
20695
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
20696
msgstr ""
20697
20698
#: serverguide/C/network-auth.xml:3918(para)
16418
20699
msgid ""
16419
20700
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16420
20701
"you should be able to continue to authenticate users if one LDAP server, one "
16421
20702
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16422
20703
msgstr ""
16423
20704
16424
#: serverguide/C/network-auth.xml:3101(para)
20705
#: serverguide/C/network-auth.xml:3930(para)
16425
20706
msgid ""
16426
20707
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16427
20708
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16428
20709
"Guide</ulink> has some additional details."
16429
20710
msgstr ""
16430
20711
16431
#: serverguide/C/network-auth.xml:3107(para)
20712
#: serverguide/C/network-auth.xml:3936(para)
16432
20713
msgid ""
16433
20714
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16434
20715
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16435
20716
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16436
20717
"5.6</ulink> and the <ulink "
16437
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16438
"tml\">kdb5_ldap_util man page</ulink>."
20718
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/kdb5_ldap_util.8.ht"
20719
"ml\">kdb5_ldap_util man page</ulink>."
16439
20720
msgstr ""
16440
20721
16441
#: serverguide/C/network-auth.xml:3115(para)
20722
#: serverguide/C/network-auth.xml:3944(para)
16442
20723
msgid ""
16443
20724
"Another useful link is the <ulink "
16444
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16445
">krb5.conf man page</ulink>."
20725
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man5/krb5.conf.5.html\">"
20726
"krb5.conf man page</ulink>."
16446
20727
msgstr ""
16447
20728
16448
#: serverguide/C/network-auth.xml:3120(para)
20729
#: serverguide/C/network-auth.xml:3949(para)
16449
20730
msgid ""
16450
20731
"Also, see the <ulink "
16451
20732
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16452
20733
"and LDAP</ulink> Ubuntu wiki page."
16453
20734
msgstr ""
16454
20735
20736
#: serverguide/C/multipath-device-attributes-table.xml:2(title)
20737
msgid "Device Attributes"
20738
msgstr ""
20739
20740
#: serverguide/C/multipath-device-attributes-table.xml:8(entry) serverguide/C/multipath-config-defaults-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:8(entry)
20741
msgid "Attribute"
20742
msgstr ""
20743
20744
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
20745
msgid "Description"
20746
msgstr ""
20747
20748
#: serverguide/C/multipath-device-attributes-table.xml:15(emphasis)
20749
msgid "vendor"
20750
msgstr ""
20751
20752
#: serverguide/C/multipath-device-attributes-table.xml:17(emphasis)
20753
msgid "COMPAQ"
20754
msgstr ""
20755
20756
#: serverguide/C/multipath-device-attributes-table.xml:17(entry)
20757
msgid ""
20758
"Specifies the vendor name of the storage device to which the device "
20759
"attributes apply, for example <placeholder-1/>."
20760
msgstr ""
20761
20762
#: serverguide/C/multipath-device-attributes-table.xml:21(emphasis)
20763
msgid "product"
20764
msgstr ""
20765
20766
#: serverguide/C/multipath-device-attributes-table.xml:23(emphasis)
20767
msgid "HSV110 (C)COMPAQ"
20768
msgstr ""
20769
20770
#: serverguide/C/multipath-device-attributes-table.xml:23(entry)
20771
msgid ""
20772
"Specifies the product name of the storage device to which the device "
20773
"attributes apply, for example <placeholder-1/>."
20774
msgstr ""
20775
20776
#: serverguide/C/multipath-device-attributes-table.xml:27(emphasis)
20777
msgid "revision"
20778
msgstr ""
20779
20780
#: serverguide/C/multipath-device-attributes-table.xml:29(entry)
20781
msgid "Specifies the product revision identifier of the storage device."
20782
msgstr ""
20783
20784
#: serverguide/C/multipath-device-attributes-table.xml:33(emphasis)
20785
msgid "product_blacklist"
20786
msgstr ""
20787
20788
#: serverguide/C/multipath-device-attributes-table.xml:35(entry)
20789
msgid "Specifies a regular expression used to blacklist devices by product."
20790
msgstr ""
20791
20792
#: serverguide/C/multipath-device-attributes-table.xml:39(emphasis)
20793
msgid "hardware_handler"
20794
msgstr ""
20795
20796
#: serverguide/C/multipath-device-attributes-table.xml:41(para)
20797
msgid ""
20798
"Specifies a module that will be used to perform hardware specific actions "
20799
"when switching path groups or handling I/O errors. Possible values include:"
20800
msgstr ""
20801
20802
#: serverguide/C/multipath-device-attributes-table.xml:44(para)
20803
msgid ""
20804
"<emphasis role=\"bold\">1 emc</emphasis>: hardware handler for EMC storage "
20805
"arrays"
20806
msgstr ""
20807
20808
#: serverguide/C/multipath-device-attributes-table.xml:47(para)
20809
msgid ""
20810
"<emphasis role=\"bold\">1 alua</emphasis>: hardware handler for SCSI-3 ALUA "
20811
"arrays."
20812
msgstr ""
20813
20814
#: serverguide/C/multipath-device-attributes-table.xml:49(para)
20815
msgid ""
20816
"<emphasis role=\"bold\">1 hp_sw</emphasis>: hardware handler for Compaq/HP "
20817
"controllers."
20818
msgstr ""
20819
20820
#: serverguide/C/multipath-device-attributes-table.xml:53(para)
20821
msgid ""
20822
"<emphasis role=\"bold\">1 rdac</emphasis>: hardware handler for the "
20823
"LSI/Engenio RDAC controllers."
20824
msgstr ""
20825
20826
#: serverguide/C/multipath-config-defaults-table.xml:3(title)
20827
msgid "Multipath Configuration Defaults"
20828
msgstr ""
20829
20830
#: serverguide/C/multipath-config-defaults-table.xml:21(emphasis) serverguide/C/multipath-config-defaults-table.xml:26(emphasis)
20831
msgid "polling_interval"
20832
msgstr ""
20833
20834
#: serverguide/C/multipath-config-defaults-table.xml:27(emphasis)
20835
msgid "5"
20836
msgstr ""
20837
20838
#: serverguide/C/multipath-config-defaults-table.xml:24(entry)
20839
msgid ""
20840
"Specifies the interval between two path checks in seconds. For properly "
20841
"functioning paths, the interval between checks will gradually increase to (4 "
20842
"* <placeholder-1/>). The default value is <placeholder-2/>."
20843
msgstr ""
20844
20845
#: serverguide/C/multipath-config-defaults-table.xml:32(emphasis)
20846
msgid "udev_dir"
20847
msgstr ""
20848
20849
#: serverguide/C/multipath-config-defaults-table.xml:35(entry)
20850
msgid ""
20851
"The directory where udev device nodes are created. The default value is /dev."
20852
msgstr ""
20853
20854
#: serverguide/C/multipath-config-defaults-table.xml:41(emphasis)
20855
msgid "multipath_dir"
20856
msgstr ""
20857
20858
#: serverguide/C/multipath-config-defaults-table.xml:46(filename)
20859
msgid "/lib/multipath"
20860
msgstr ""
20861
20862
#: serverguide/C/multipath-config-defaults-table.xml:44(entry)
20863
msgid ""
20864
"The directory where the dynamic shared objects are stored. The default value "
20865
"is system dependent, commonly <placeholder-1/>."
20866
msgstr ""
20867
20868
#: serverguide/C/multipath-config-defaults-table.xml:51(emphasis)
20869
msgid "verbosity"
20870
msgstr ""
20871
20872
#: serverguide/C/multipath-config-defaults-table.xml:54(entry)
20873
msgid ""
20874
"The default verbosity. Higher values increase the verbosity level. Valid "
20875
"levels are between 0 and 6. The default value is 2."
20876
msgstr ""
20877
20878
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
20879
msgid "path_selector"
20880
msgstr ""
20881
20882
#: serverguide/C/multipath-config-defaults-table.xml:65(para)
20883
msgid ""
20884
"Specifies the default algorithm to use in determining what path to use for "
20885
"the next I/O operation. Possible values include:"
20886
msgstr ""
20887
20888
#: serverguide/C/multipath-config-defaults-table.xml:71(para)
20889
msgid ""
20890
"<emphasis role=\"bold\">round-robin 0</emphasis>: Loop through every path in "
20891
"the path group, sending the same amount of I/O to each."
20892
msgstr ""
20893
20894
#: serverguide/C/multipath-config-defaults-table.xml:77(para)
20895
msgid ""
20896
"<emphasis role=\"bold\">queue-length 0</emphasis>: Send the next bunch of "
20897
"I/O down the path with the least number of outstanding I/O requests."
20898
msgstr ""
20899
20900
#: serverguide/C/multipath-config-defaults-table.xml:83(para)
20901
msgid ""
20902
"<emphasis role=\"bold\">service-time 0</emphasis>: Send the next bunch of "
20903
"I/O down the path with the shortest estimated service time, which is "
20904
"determined by dividing the total size of the outstanding I/O to each path by "
20905
"its relative throughput."
20906
msgstr ""
20907
20908
#: serverguide/C/multipath-config-defaults-table.xml:91(para)
20909
msgid ""
20910
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
20911
msgstr ""
20912
20913
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
20914
msgid "path_grouping_policy"
20915
msgstr ""
20916
20917
#: serverguide/C/multipath-config-defaults-table.xml:102(para)
20918
msgid ""
20919
"Specifies the default path grouping policy to apply to unspecified "
20920
"multipaths. Possible values include:"
20921
msgstr ""
20922
20923
#: serverguide/C/multipath-config-defaults-table.xml:107(para)
20924
msgid ""
20925
"<emphasis role=\"bold\">failover</emphasis> = 1 path per priority group"
20926
msgstr ""
20927
20928
#: serverguide/C/multipath-config-defaults-table.xml:112(para)
20929
msgid ""
20930
"<emphasis role=\"bold\">multibus</emphasis> = all valid paths in 1 priority "
20931
"group"
20932
msgstr ""
20933
20934
#: serverguide/C/multipath-config-defaults-table.xml:117(para)
20935
msgid ""
20936
"<emphasis role=\"bold\">group_by_serial</emphasis> = 1 priority group per "
20937
"detected serial number"
20938
msgstr ""
20939
20940
#: serverguide/C/multipath-config-defaults-table.xml:122(para)
20941
msgid ""
20942
"<emphasis role=\"bold\">group_by_prio</emphasis> = 1 priority group per path "
20943
"priority value"
20944
msgstr ""
20945
20946
#: serverguide/C/multipath-config-defaults-table.xml:127(para)
20947
msgid ""
20948
"<emphasis role=\"bold\">group_by_node_name</emphasis> = 1 priority group per "
20949
"target node name."
20950
msgstr ""
20951
20952
#: serverguide/C/multipath-config-defaults-table.xml:132(para)
20953
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
20954
msgstr ""
20955
20956
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
20957
msgid "getuid_callout"
20958
msgstr ""
20959
20960
#: serverguide/C/multipath-config-defaults-table.xml:144(para)
20961
msgid ""
20962
"The default value is <emphasis role=\"bold\">/lib/udev/scsi_id --whitelisted "
20963
"--device=/dev/%n.</emphasis>"
20964
msgstr ""
20965
20966
#: serverguide/C/multipath-config-defaults-table.xml:142(entry)
20967
msgid ""
20968
"Specifies the default program and arguments to call out to obtain a unique "
20969
"path identifier. An absolute path is required. <placeholder-1/>"
20970
msgstr ""
20971
20972
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
20973
msgid "prio"
20974
msgstr ""
20975
20976
#: serverguide/C/multipath-config-defaults-table.xml:154(para)
20977
msgid ""
20978
"Specifies the default function to call to obtain a path priority value. For "
20979
"example, the ALUA bits in SPC-3 provide an exploitable prio value. Possible "
20980
"values include:"
20981
msgstr ""
20982
20983
#: serverguide/C/multipath-config-defaults-table.xml:160(para)
20984
msgid ""
20985
"<emphasis role=\"bold\">const</emphasis>: Set a priority of 1 to all paths."
20986
msgstr ""
20987
20988
#: serverguide/C/multipath-config-defaults-table.xml:165(para)
20989
msgid ""
20990
"<emphasis role=\"bold\">emc</emphasis>: Generate the path priority for EMC "
20991
"arrays."
20992
msgstr ""
20993
20994
#: serverguide/C/multipath-config-defaults-table.xml:170(para)
20995
msgid ""
20996
"<emphasis role=\"bold\">alua</emphasis>: Generate the path priority based on "
20997
"the SCSI-3 ALUA settings."
20998
msgstr ""
20999
21000
#: serverguide/C/multipath-config-defaults-table.xml:175(para)
21001
msgid ""
21002
"<emphasis role=\"bold\">netapp</emphasis>: Generate the path priority for "
21003
"NetApp arrays."
21004
msgstr ""
21005
21006
#: serverguide/C/multipath-config-defaults-table.xml:180(para)
21007
msgid ""
21008
"<emphasis role=\"bold\">rdac</emphasis>: Generate the path priority for "
21009
"LSI/Engenio RDAC controller."
21010
msgstr ""
21011
21012
#: serverguide/C/multipath-config-defaults-table.xml:185(para)
21013
msgid ""
21014
"<emphasis role=\"bold\">hp_sw</emphasis>: Generate the path priority for "
21015
"Compaq/HP controller in active/standby mode."
21016
msgstr ""
21017
21018
#: serverguide/C/multipath-config-defaults-table.xml:190(para)
21019
msgid ""
21020
"<emphasis role=\"bold\">hds</emphasis>: Generate the path priority for "
21021
"Hitachi HDS Modular storage arrays."
21022
msgstr ""
21023
21024
#: serverguide/C/multipath-config-defaults-table.xml:195(para)
21025
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
21026
msgstr ""
21027
21028
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
21029
msgid "prio_args"
21030
msgstr ""
21031
21032
#: serverguide/C/multipath-config-defaults-table.xml:206(para)
21033
msgid ""
21034
"The arguments string passed to the prio function Most prio functions do not "
21035
"need arguments. The datacore prioritizer need one. Example, <emphasis "
21036
"role=\"bold\">\"timeout=1000 preferredsds=foo\"</emphasis>. The default "
21037
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
21038
msgstr ""
21039
21040
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
21041
msgid "features"
21042
msgstr ""
21043
21044
#: serverguide/C/multipath-config-defaults-table.xml:220(emphasis)
21045
msgid "queue_if_no_path"
21046
msgstr ""
21047
21048
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
21049
msgid "no_path_retry"
21050
msgstr ""
21051
21052
#: serverguide/C/multipath-config-defaults-table.xml:222(emphasis) serverguide/C/multipath-config-defaults-table.xml:341(emphasis)
21053
msgid "queue"
21054
msgstr ""
21055
21056
#: serverguide/C/multipath-config-defaults-table.xml:223(link)
21057
msgid "\"Issues with queue_if_no_path feature\""
21058
msgstr ""
21059
21060
#: serverguide/C/multipath-config-defaults-table.xml:219(entry)
21061
msgid ""
21062
"The extra features of multipath devices. The only existing feature is "
21063
"<placeholder-1/>, which is the same as setting <placeholder-2/> to "
21064
"<placeholder-3/>. For information on issues that may arise when using this "
21065
"feature, see Section, <placeholder-4/>."
21066
msgstr ""
21067
21068
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
21069
msgid "path_checker"
21070
msgstr ""
21071
21072
#: serverguide/C/multipath-config-defaults-table.xml:232(para)
21073
msgid ""
21074
"Specifies the default method used to determine the state of the paths. "
21075
"Possible values include:"
21076
msgstr ""
21077
21078
#: serverguide/C/multipath-config-defaults-table.xml:237(para)
21079
msgid ""
21080
"<emphasis role=\"bold\">readsector0</emphasis>: Read the first sector of the "
21081
"device."
21082
msgstr ""
21083
21084
#: serverguide/C/multipath-config-defaults-table.xml:242(para)
21085
msgid ""
21086
"<emphasis role=\"bold\">tur</emphasis>: Issue a TEST UNIT READY to the "
21087
"device."
21088
msgstr ""
21089
21090
#: serverguide/C/multipath-config-defaults-table.xml:247(para)
21091
msgid ""
21092
"<emphasis role=\"bold\">emc_clariion</emphasis>: Query the EMC Clariion "
21093
"specific EVPD page 0xC0 to determine the path."
21094
msgstr ""
21095
21096
#: serverguide/C/multipath-config-defaults-table.xml:253(para)
21097
msgid ""
21098
"<emphasis role=\"bold\">hp_sw</emphasis>: Check the path state for HP "
21099
"storage arrays with Active/Standby firmware."
21100
msgstr ""
21101
21102
#: serverguide/C/multipath-config-defaults-table.xml:258(para)
21103
msgid ""
21104
"<emphasis role=\"bold\">rdac</emphasis>: Check the path stat for LSI/Engenio "
21105
"RDAC storage controller."
21106
msgstr ""
21107
21108
#: serverguide/C/multipath-config-defaults-table.xml:263(para)
21109
msgid ""
21110
"<emphasis role=\"bold\">directio</emphasis>: Read the first sector with "
21111
"direct I/O."
21112
msgstr ""
21113
21114
#: serverguide/C/multipath-config-defaults-table.xml:268(para)
21115
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
21116
msgstr ""
21117
21118
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
21119
msgid "failback"
21120
msgstr ""
21121
21122
#: serverguide/C/multipath-config-defaults-table.xml:279(para)
21123
msgid "Manages path group failback."
21124
msgstr ""
21125
21126
#: serverguide/C/multipath-config-defaults-table.xml:283(para)
21127
msgid ""
21128
"A value of <emphasis role=\"bold\">immediate</emphasis> specifies immediate "
21129
"failback to the highest priority path group that contains active paths."
21130
msgstr ""
21131
21132
#: serverguide/C/multipath-config-defaults-table.xml:289(para)
21133
msgid ""
21134
"A value of <emphasis role=\"bold\">manual</emphasis> specifies that there "
21135
"should not be immediate failback but that failback can happen only with "
21136
"operator intervention."
21137
msgstr ""
21138
21139
#: serverguide/C/multipath-config-defaults-table.xml:295(para)
21140
msgid ""
21141
"A numeric value greater than zero specifies deferred failback, expressed in "
21142
"seconds."
21143
msgstr ""
21144
21145
#: serverguide/C/multipath-config-defaults-table.xml:300(para)
21146
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
21147
msgstr ""
21148
21149
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
21150
msgid "rr_min_io"
21151
msgstr ""
21152
21153
#: serverguide/C/multipath-config-defaults-table.xml:311(para)
21154
msgid "The default value is <literal>1000</literal>."
21155
msgstr ""
21156
21157
#: serverguide/C/multipath-config-defaults-table.xml:310(entry)
21158
msgid ""
21159
"Specifies the number of I/O requests to route to a path before switching to "
21160
"the next path in the current path group.<placeholder-1/>"
21161
msgstr ""
21162
21163
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
21164
msgid "rr_weight"
21165
msgstr ""
21166
21167
#: serverguide/C/multipath-config-defaults-table.xml:320(emphasis)
21168
msgid "priorities"
21169
msgstr ""
21170
21171
#: serverguide/C/multipath-config-defaults-table.xml:327(emphasis)
21172
msgid "uniform"
21173
msgstr ""
21174
21175
#: serverguide/C/multipath-config-defaults-table.xml:327(para)
21176
msgid "The default value is <emphasis role=\"bold\">uniform</emphasis>."
21177
msgstr ""
21178
21179
#: serverguide/C/multipath-config-defaults-table.xml:320(entry)
21180
msgid ""
21181
"If set to <placeholder-1/>, then instead of sending <placeholder-2/> "
21182
"requests to a path before calling <placeholder-3/> to choose the next path, "
21183
"the number of requests to send is determined by <placeholder-4/> times the "
21184
"path's priority, as determined by the prio function. If set to <placeholder-"
21185
"5/>, all path weights are equal. <placeholder-6/>"
21186
msgstr ""
21187
21188
#: serverguide/C/multipath-config-defaults-table.xml:340(emphasis)
21189
msgid "immediate"
21190
msgstr ""
21191
21192
#: serverguide/C/multipath-config-defaults-table.xml:342(para)
21193
msgid "The default value is <literal>0</literal>."
21194
msgstr ""
21195
21196
#: serverguide/C/multipath-config-defaults-table.xml:337(entry)
21197
msgid ""
21198
"A numeric value for this attribute specifies the number of times the system "
21199
"should attempt to use a failed path before disabling queueing. A value of "
21200
"fail indicates <placeholder-1/> failure, without queueing. A value of "
21201
"<placeholder-2/> indicates that queueing should not stop until the path is "
21202
"fixed. <placeholder-3/>"
21203
msgstr ""
21204
21205
#: serverguide/C/multipath-config-defaults-table.xml:348(emphasis) serverguide/C/multipath-attributes-table.xml:30(emphasis)
21206
msgid "user_friendly_names"
21207
msgstr ""
21208
21209
#: serverguide/C/multipath-config-defaults-table.xml:352(filename)
21210
msgid "/etc/multipath/bindings"
21211
msgstr ""
21212
21213
#: serverguide/C/multipath-config-defaults-table.xml:353(emphasis) serverguide/C/multipath-config-defaults-table.xml:356(emphasis) serverguide/C/multipath-attributes-table.xml:25(emphasis)
21214
msgid "alias"
21215
msgstr ""
21216
21217
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
21218
msgid "multipath"
21219
msgstr ""
21220
21221
#: serverguide/C/multipath-config-defaults-table.xml:359(para) serverguide/C/multipath-config-defaults-table.xml:381(para)
21222
msgid "The default value is <emphasis role=\"bold\">no</emphasis>."
21223
msgstr ""
21224
21225
#: serverguide/C/multipath-config-defaults-table.xml:351(entry)
21226
msgid ""
21227
"If set to yes, specifies that the system should use the <placeholder-1/> "
21228
"file to assign a persistent and unique <placeholder-2/> to the <placeholder-"
21229
"3/>, in the form of mpathn. If set to no, specifies that the system should "
21230
"use the WWID as the <placeholder-4/> for the <placeholder-5/>. In either "
21231
"case, what is specified here will be overridden by any device-specific "
21232
"aliases you specify in the multipaths section of the configuration file. "
21233
"<placeholder-6/>"
21234
msgstr ""
21235
21236
#: serverguide/C/multipath-config-defaults-table.xml:365(emphasis)
21237
msgid "queue_without_daemon"
21238
msgstr ""
21239
21240
#: serverguide/C/multipath-config-defaults-table.xml:368(emphasis) serverguide/C/multipath-config-defaults-table.xml:392(emphasis)
21241
msgid "multipathd"
21242
msgstr ""
21243
21244
#: serverguide/C/multipath-config-defaults-table.xml:370(para)
21245
msgid "The default value is <emphasis role=\"bold\">yes</emphasis>."
21246
msgstr ""
21247
21248
#: serverguide/C/multipath-config-defaults-table.xml:368(entry)
21249
msgid ""
21250
"If set to no, the <placeholder-1/> daemon will disable queueing for all "
21251
"devices when it is shut down. <placeholder-2/>"
21252
msgstr ""
21253
21254
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
21255
msgid "flush_on_last_del"
21256
msgstr ""
21257
21258
#: serverguide/C/multipath-config-defaults-table.xml:379(entry)
21259
msgid ""
21260
"If set to yes, then <placeholder-1/> will disable queueing when the last "
21261
"path to a device has been deleted. <placeholder-2/>"
21262
msgstr ""
21263
21264
#: serverguide/C/multipath-config-defaults-table.xml:387(emphasis)
21265
msgid "max_fds"
21266
msgstr ""
21267
21268
#: serverguide/C/multipath-config-defaults-table.xml:394(filename)
21269
msgid "/proc/sys/fs/nr_open"
21270
msgstr ""
21271
21272
#: serverguide/C/multipath-config-defaults-table.xml:390(entry)
21273
msgid ""
21274
"Sets the maximum number of open file descriptors that can be opened by "
21275
"<placeholder-1/> and the <placeholder-2/> daemon. This is equivalent to the "
21276
"ulimit -n command. A value of max will set this to the system limit from "
21277
"<placeholder-3/>. If this is not set, the maximum number of open file "
21278
"descriptors is taken from the calling process; it is usually 1024. To be "
21279
"safe, this should be set to the maximum number of paths plus 32, if that "
21280
"number is greater than 1024."
21281
msgstr ""
21282
21283
#: serverguide/C/multipath-config-defaults-table.xml:402(emphasis)
21284
msgid "checker_timer"
21285
msgstr ""
21286
21287
#: serverguide/C/multipath-config-defaults-table.xml:406(para)
21288
msgid ""
21289
"The default value is taken from "
21290
"<filename>/sys/block/sdx/device/timeout</filename>, which is "
21291
"<literal>30</literal> seconds as of 12.04 LTS"
21292
msgstr ""
21293
21294
#: serverguide/C/multipath-config-defaults-table.xml:405(entry)
21295
msgid ""
21296
"The timeout to use for path checkers that issue SCSI commands with an "
21297
"explicit timeout, in seconds. <placeholder-1/>"
21298
msgstr ""
21299
21300
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
21301
msgid "fast_io_fail_tmo"
21302
msgstr ""
21303
21304
#: serverguide/C/multipath-config-defaults-table.xml:419(para)
21305
msgid "The default value is determined by the OS."
21306
msgstr ""
21307
21308
#: serverguide/C/multipath-config-defaults-table.xml:416(entry)
21309
msgid ""
21310
"The number of seconds the SCSI layer will wait after a problem has been "
21311
"detected on an FC remote port before failing I/O to devices on that remote "
21312
"port. This value should be smaller than the value of dev_loss_tmo. Setting "
21313
"this to off will disable the timeout. <placeholder-1/>"
21314
msgstr ""
21315
21316
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
21317
msgid "dev_loss_tmo"
21318
msgstr ""
21319
21320
#: serverguide/C/multipath-config-defaults-table.xml:428(entry)
21321
msgid ""
21322
"The number of seconds the SCSI layer will wait after a problem has been "
21323
"detected on an FC remote port before removing it from the system. Setting "
21324
"this to infinity will set this to 2147483647 seconds, or 68 years. The "
21325
"default value is determined by the OS."
21326
msgstr ""
21327
21328
#: serverguide/C/multipath-components-table.xml:3(title)
21329
msgid "DM-Multipath Components"
21330
msgstr ""
21331
21332
#: serverguide/C/multipath-components-table.xml:11(entry)
21333
msgid "Component"
21334
msgstr ""
21335
21336
#: serverguide/C/multipath-components-table.xml:19(emphasis)
21337
msgid "dm_multipath kernel module"
21338
msgstr ""
21339
21340
#: serverguide/C/multipath-components-table.xml:23(emphasis)
21341
msgid "failover"
21342
msgstr ""
21343
21344
#: serverguide/C/multipath-components-table.xml:22(entry)
21345
msgid "Reroutes I/O and supports <placeholder-1/> for paths and path groups."
21346
msgstr ""
21347
21348
#: serverguide/C/multipath-components-table.xml:28(emphasis)
21349
msgid "multipath command"
21350
msgstr ""
21351
21352
#: serverguide/C/multipath-components-table.xml:32(filename)
21353
msgid "/etc/rc.sysinit"
21354
msgstr ""
21355
21356
#: serverguide/C/multipath-components-table.xml:31(entry)
21357
msgid ""
21358
"Lists and configures <placeholder-1/> devices. Normally started up with "
21359
"<placeholder-2/>, it can also be started up by a udev program whenever a "
21360
"block device is added or it can be run by the initramfs file system."
21361
msgstr ""
21362
21363
#: serverguide/C/multipath-components-table.xml:39(emphasis)
21364
msgid "multipathd daemon"
21365
msgstr ""
21366
21367
#: serverguide/C/multipath-components-table.xml:45(filename)
21368
msgid "/etc/multipath.conf"
21369
msgstr ""
21370
21371
#: serverguide/C/multipath-components-table.xml:42(entry)
21372
msgid ""
21373
"Monitors paths; as paths fail and come back, it may initiate path group "
21374
"switches. Provides for interactive changes to <placeholder-1/> devices. This "
21375
"daemon must be restarted for any changes to the <placeholder-2/> file to "
21376
"take effect."
21377
msgstr ""
21378
21379
#: serverguide/C/multipath-components-table.xml:50(emphasis)
21380
msgid "kpartx command"
21381
msgstr ""
21382
21383
#: serverguide/C/multipath-components-table.xml:56(emphasis)
21384
msgid "multipath-tools"
21385
msgstr ""
21386
21387
#: serverguide/C/multipath-components-table.xml:53(entry)
21388
msgid ""
21389
"Creates device mapper devices for the partitions on a device It is necessary "
21390
"to use this command for DOS-based partitions with DM-Multipath. The kpartx "
21391
"is provided in its own package, but the <placeholder-1/> package depends on "
21392
"it."
21393
msgstr ""
21394
21395
#: serverguide/C/multipath-attributes-table.xml:2(title)
21396
msgid "Multipath Attributes"
21397
msgstr ""
21398
21399
#: serverguide/C/multipath-attributes-table.xml:15(emphasis)
21400
msgid "wwid"
21401
msgstr ""
21402
21403
#: serverguide/C/multipath-attributes-table.xml:21(filename)
21404
msgid "multipath.conf"
21405
msgstr ""
21406
21407
#: serverguide/C/multipath-attributes-table.xml:17(entry)
21408
msgid ""
21409
"Specifies the WWID of the <placeholder-1/> device to which the <placeholder-"
21410
"2/> attributes apply. This parameter is mandatory for this section of the "
21411
"<placeholder-3/> file."
21412
msgstr ""
21413
21414
#: serverguide/C/multipath-attributes-table.xml:27(entry)
21415
msgid ""
21416
"Specifies the symbolic name for the <placeholder-1/> device to which the "
21417
"<placeholder-2/> attributes apply. If you are using <placeholder-3/>, do not "
21418
"set this value to mpathn; this may conflict with an automatically assigned "
21419
"user friendly name and give you incorrect device node names."
21420
msgstr ""
21421
16455
21422
#: serverguide/C/monitoring.xml:13(title)
16456
21423
msgid "Monitoring"
16457
21424
msgstr ""
16651
21618
#: serverguide/C/monitoring.xml:194(para)
16652
21619
msgid ""
16653
21620
"First, create a <emphasis>host</emphasis> configuration file for "
16654
"<emphasis>server02</emphasis>. In a terminal enter:"
21621
"<emphasis>server02</emphasis>. Unless otherwise specified, run all these "
21622
"commands on <emphasis>server01</emphasis>. In a terminal enter:"
16655
21623
msgstr ""
16656
21624
16657
#: serverguide/C/monitoring.xml:199(command)
21625
#: serverguide/C/monitoring.xml:201(command)
16658
21626
msgid ""
16659
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
21627
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg \\ "
16660
21628
"/etc/nagios3/conf.d/server02.cfg"
16661
21629
msgstr ""
16662
21630
16663
#: serverguide/C/monitoring.xml:203(para)
21631
#: serverguide/C/monitoring.xml:206(para)
16664
21632
msgid ""
16665
21633
"In the above and following command examples, replace "
16666
21634
"<emphasis>\"server01\"</emphasis>, "
16669
21637
"your servers."
16670
21638
msgstr ""
16671
21639
16672
#: serverguide/C/monitoring.xml:212(para)
21640
#: serverguide/C/monitoring.xml:215(para)
16673
21641
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16674
21642
msgstr ""
16675
21643
16676
#: serverguide/C/monitoring.xml:216(programlisting)
21644
#: serverguide/C/monitoring.xml:219(programlisting)
16677
21645
#, no-wrap
16678
21646
msgid ""
16679
21647
"\n"
16680
21648
"define host{\n"
16681
" use generic-host ; Name of host "
16682
"template to use\n"
21649
" use generic-host ; Name of host template to "
21650
"use\n"
16683
21651
" host_name server02\n"
16684
21652
" alias Server 02\n"
16685
21653
" address 172.18.100.101\n"
16694
21662
"}\n"
16695
21663
msgstr ""
16696
21664
16697
#: serverguide/C/monitoring.xml:236(para)
21665
#: serverguide/C/monitoring.xml:239(para)
16698
21666
msgid ""
16699
21667
"Restart the <application>nagios</application> daemon to enable the new "
16700
21668
"configuration:"
16701
21669
msgstr ""
16702
21670
16703
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
21671
#: serverguide/C/monitoring.xml:244(command) serverguide/C/monitoring.xml:311(command) serverguide/C/monitoring.xml:378(command)
16704
21672
msgid "sudo /etc/init.d/nagios3 restart"
16705
21673
msgstr ""
16706
21674
16707
#: serverguide/C/monitoring.xml:251(para)
21675
#: serverguide/C/monitoring.xml:254(para)
16708
21676
msgid ""
16709
21677
"Now add a service definition for the MySQL check by adding the following to "
16710
21678
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16711
21679
msgstr ""
16712
21680
16713
#: serverguide/C/monitoring.xml:255(programlisting)
21681
#: serverguide/C/monitoring.xml:258(programlisting)
16714
21682
#, no-wrap
16715
21683
msgid ""
16716
21684
"\n"
16717
21685
"# check MySQL servers.\n"
16718
21686
"define service {\n"
16719
" hostgroup_name mysql-servers\n"
16720
" service_description MySQL\n"
16721
" check_command "
21687
" hostgroup_name mysql-servers\n"
21688
" service_description MySQL\n"
21689
" check_command "
16722
21690
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16723
" use generic-service\n"
16724
" notification_interval 0 ; set > 0 if you want to be "
16725
"renotified\n"
21691
" use generic-service\n"
21692
" notification_interval 0 ; set > 0 if you want to be renotified\n"
16726
21693
"}\n"
16727
21694
msgstr ""
16728
21695
16729
#: serverguide/C/monitoring.xml:269(para)
21696
#: serverguide/C/monitoring.xml:272(para)
16730
21697
msgid ""
16731
21698
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
16732
21699
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16733
21700
msgstr ""
16734
21701
16735
#: serverguide/C/monitoring.xml:274(programlisting)
21702
#: serverguide/C/monitoring.xml:277(programlisting)
16736
21703
#, no-wrap
16737
21704
msgid ""
16738
21705
"\n"
16744
21711
" }\n"
16745
21712
msgstr ""
16746
21713
16747
#: serverguide/C/monitoring.xml:286(para)
21714
#: serverguide/C/monitoring.xml:289(para)
16748
21715
msgid ""
16749
21716
"The Nagios check needs to authenticate to MySQL. To add a "
16750
21717
"<emphasis>nagios</emphasis> user to MySQL enter:"
16751
21718
msgstr ""
16752
21719
16753
#: serverguide/C/monitoring.xml:291(command)
21720
#: serverguide/C/monitoring.xml:294(command)
16754
21721
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16755
21722
msgstr ""
16756
21723
16757
#: serverguide/C/monitoring.xml:295(para)
21724
#: serverguide/C/monitoring.xml:298(para)
16758
21725
msgid ""
16759
21726
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16760
21727
"<emphasis>mysql-servers</emphasis> hostgroup."
16761
21728
msgstr ""
16762
21729
16763
#: serverguide/C/monitoring.xml:303(para)
21730
#: serverguide/C/monitoring.xml:306(para)
16764
21731
msgid ""
16765
21732
"Restart <application>nagios</application> to start checking the MySQL "
16766
21733
"servers."
16767
21734
msgstr ""
16768
21735
16769
#: serverguide/C/monitoring.xml:318(para)
21736
#: serverguide/C/monitoring.xml:321(para)
16770
21737
msgid ""
16771
21738
"Lastly configure NRPE to check the disk space on "
16772
21739
"<emphasis>server02</emphasis>."
16773
21740
msgstr ""
16774
21741
16775
#: serverguide/C/monitoring.xml:322(para)
21742
#: serverguide/C/monitoring.xml:325(para)
16776
21743
msgid ""
16777
21744
"On <emphasis>server01</emphasis> add the service check to "
16778
21745
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16779
21746
msgstr ""
16780
21747
16781
#: serverguide/C/monitoring.xml:327(programlisting)
21748
#: serverguide/C/monitoring.xml:330(programlisting)
16782
21749
#, no-wrap
16783
21750
msgid ""
16784
21751
"\n"
16785
21752
"# NRPE disk check.\n"
16786
21753
"define service {\n"
16787
" use generic-service\n"
16788
" host_name server02\n"
16789
" service_description nrpe-disk\n"
16790
" check_command "
21754
" use generic-service\n"
21755
" host_name server02\n"
21756
" service_description nrpe-disk\n"
21757
" check_command "
16791
21758
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16792
21759
"}\n"
16793
21760
msgstr ""
16794
"\n"
16795
"# NRPE disk check.\n"
16796
"define service {\n"
16797
" use generic-service\n"
16798
" host_name server02\n"
16799
" service_description nrpe-disk\n"
16800
" check_command "
16801
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16802
"}\n"
16803
21761
16804
#: serverguide/C/monitoring.xml:340(para)
21762
#: serverguide/C/monitoring.xml:343(para)
16805
21763
msgid ""
16806
21764
"Now on <emphasis>server02</emphasis> edit "
16807
21765
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16809
21767
"Agora en <emphasis>server02</emphasis> edita "
16810
21768
"<filename>/etc/nagios/nrpe.cfg</filename> camudando:"
16811
21769
16812
#: serverguide/C/monitoring.xml:344(programlisting)
21770
#: serverguide/C/monitoring.xml:347(programlisting)
16813
21771
#, no-wrap
16814
21772
msgid ""
16815
21773
"\n"
16818
21776
"\n"
16819
21777
"allowed_hosts=172.18.100.100\n"
16820
21778
16821
#: serverguide/C/monitoring.xml:348(para)
21779
#: serverguide/C/monitoring.xml:351(para)
16822
21780
msgid "And below in the command definition area add:"
16823
21781
msgstr ""
16824
21782
16825
#: serverguide/C/monitoring.xml:352(programlisting)
21783
#: serverguide/C/monitoring.xml:355(programlisting)
16826
21784
#, no-wrap
16827
21785
msgid ""
16828
21786
"\n"
16833
21791
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16834
21792
"e\n"
16835
21793
16836
#: serverguide/C/monitoring.xml:359(para)
21794
#: serverguide/C/monitoring.xml:362(para)
16837
21795
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16838
21796
msgstr ""
16839
21797
"P'acabar, vuelvi arrancar <application>nagios-nrpe-server</application>:"
16840
21798
16841
#: serverguide/C/monitoring.xml:364(command)
21799
#: serverguide/C/monitoring.xml:367(command)
16842
21800
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16843
21801
msgstr "sudo /etc/init.d/nagios-nrpe-server restart"
16844
21802
16845
#: serverguide/C/monitoring.xml:370(para)
21803
#: serverguide/C/monitoring.xml:373(para)
16846
21804
msgid ""
16847
21805
"Also, on <emphasis>server01</emphasis> restart "
16848
21806
"<application>nagios</application>:"
16850
21808
"Tamién, en <emphasis>server01</emphasis> rearranca "
16851
21809
"<application>nagios</application>:"
16852
21810
16853
#: serverguide/C/monitoring.xml:383(para)
21811
#: serverguide/C/monitoring.xml:386(para)
16854
21812
msgid ""
16855
21813
"You should now be able to see the host and service checks in the Nagios CGI "
16856
21814
"files. To access them point a browser to http://server01/nagios3. You will "
16858
21816
"password."
16859
21817
msgstr ""
16860
21818
16861
#: serverguide/C/monitoring.xml:393(para)
21819
#: serverguide/C/monitoring.xml:396(para)
16862
21820
msgid ""
16863
21821
"This section has just scratched the surface of Nagios' features. The "
16864
21822
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16865
21823
"plugins</application> contain many more service checks."
16866
21824
msgstr ""
16867
21825
16868
#: serverguide/C/monitoring.xml:400(para)
21826
#: serverguide/C/monitoring.xml:403(para)
16869
21827
msgid ""
16870
21828
"For more information see <ulink "
16871
21829
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16872
21830
msgstr ""
16873
21831
16874
#: serverguide/C/monitoring.xml:405(para)
21832
#: serverguide/C/monitoring.xml:408(para)
16875
21833
msgid ""
16876
21834
"Specifically the <ulink "
16877
21835
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16878
21836
"site."
16879
21837
msgstr ""
16880
21838
16881
#: serverguide/C/monitoring.xml:410(para)
21839
#: serverguide/C/monitoring.xml:413(para)
16882
21840
msgid ""
16883
21841
"There is also a list of <ulink "
16884
21842
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16885
21843
"Nagios and network monitoring:"
16886
21844
msgstr ""
16887
21845
16888
#: serverguide/C/monitoring.xml:416(para)
21846
#: serverguide/C/monitoring.xml:419(para)
16889
21847
msgid ""
16890
21848
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16891
21849
"Wiki</ulink> page also has more details."
16892
21850
msgstr ""
16893
21851
16894
#: serverguide/C/monitoring.xml:425(title)
21852
#: serverguide/C/monitoring.xml:428(title)
16895
21853
msgid "Munin"
16896
21854
msgstr ""
16897
21855
16898
#: serverguide/C/monitoring.xml:430(para)
21856
#: serverguide/C/monitoring.xml:433(para)
16899
21857
msgid ""
16900
21858
"Before installing <application>Munin</application> on "
16901
21859
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16904
21862
"linkend=\"httpd\"/>."
16905
21863
msgstr ""
16906
21864
16907
#: serverguide/C/monitoring.xml:436(para)
21865
#: serverguide/C/monitoring.xml:439(para)
16908
21866
msgid ""
16909
21867
"First, on <emphasis>server01</emphasis> install "
16910
21868
"<application>munin</application>. In a terminal enter:"
16911
21869
msgstr ""
16912
21870
16913
#: serverguide/C/monitoring.xml:441(command)
21871
#: serverguide/C/monitoring.xml:444(command)
16914
21872
msgid "sudo apt-get install munin"
16915
21873
msgstr ""
16916
21874
16917
#: serverguide/C/monitoring.xml:444(para)
21875
#: serverguide/C/monitoring.xml:447(para)
16918
21876
msgid ""
16919
21877
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16920
21878
"node</application> package:"
16921
21879
msgstr ""
16922
21880
16923
#: serverguide/C/monitoring.xml:449(command)
21881
#: serverguide/C/monitoring.xml:452(command)
16924
21882
msgid "sudo apt-get install munin-node"
16925
21883
msgstr "sudo apt-get install munin-node"
16926
21884
16927
#: serverguide/C/monitoring.xml:456(para)
21885
#: serverguide/C/monitoring.xml:459(para)
16928
21886
msgid ""
16929
21887
"On <emphasis>server01</emphasis> edit the "
16930
21888
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16934
21892
"<filename>/etc/munin/munin.conf</filename> amestando la direición IP de "
16935
21893
"<emphasis>server02</emphasis>:"
16936
21894
16937
#: serverguide/C/monitoring.xml:461(programlisting)
21895
#: serverguide/C/monitoring.xml:464(programlisting)
16938
21896
#, no-wrap
16939
21897
msgid ""
16940
21898
"\n"
16947
21905
"[server02]\n"
16948
21906
" address 172.18.100.101\n"
16949
21907
16950
#: serverguide/C/monitoring.xml:468(para)
21908
#: serverguide/C/monitoring.xml:471(para)
16951
21909
msgid ""
16952
21910
"Replace <emphasis>server02</emphasis> and "
16953
21911
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
16954
21912
"for your server."
16955
21913
msgstr ""
16956
21914
16957
#: serverguide/C/monitoring.xml:474(para)
21915
#: serverguide/C/monitoring.xml:477(para)
16958
21916
msgid ""
16959
21917
"Next, configure <application>munin-node</application> on "
16960
21918
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
16961
21919
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
16962
21920
msgstr ""
16963
21921
16964
#: serverguide/C/monitoring.xml:479(programlisting)
21922
#: serverguide/C/monitoring.xml:482(programlisting)
16965
21923
#, no-wrap
16966
21924
msgid ""
16967
21925
"\n"
16970
21928
"\n"
16971
21929
"allow ^172\\.18\\.100\\.100$\n"
16972
21930
16973
#: serverguide/C/monitoring.xml:484(para)
21931
#: serverguide/C/monitoring.xml:487(para)
16974
21932
msgid ""
16975
21933
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
16976
21934
"<application>munin</application> server."
16977
21935
msgstr ""
16978
21936
16979
#: serverguide/C/monitoring.xml:489(para)
21937
#: serverguide/C/monitoring.xml:492(para)
16980
21938
msgid ""
16981
21939
"Now restart <application>munin-node</application> on "
16982
21940
"<emphasis>server02</emphasis> for the changes to take effect:"
16983
21941
msgstr ""
16984
21942
16985
#: serverguide/C/monitoring.xml:494(command)
21943
#: serverguide/C/monitoring.xml:497(command)
16986
21944
msgid "sudo /etc/init.d/munin-node restart"
16987
21945
msgstr "sudo /etc/init.d/munin-node restart"
16988
21946
16989
#: serverguide/C/monitoring.xml:497(para)
21947
#: serverguide/C/monitoring.xml:500(para)
16990
21948
msgid ""
16991
21949
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
16992
21950
"you should see links to nice graphs displaying information from the standard "
16993
21951
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
16994
21952
msgstr ""
16995
21953
16996
#: serverguide/C/monitoring.xml:503(para)
21954
#: serverguide/C/monitoring.xml:506(para)
16997
21955
msgid ""
16998
21956
"Since this is a new install it may take some time for the graphs to display "
16999
21957
"anything useful."
17000
21958
msgstr ""
17001
21959
17002
#: serverguide/C/monitoring.xml:510(title)
21960
#: serverguide/C/monitoring.xml:513(title)
17003
21961
msgid "Additional Plugins"
17004
21962
msgstr ""
17005
21963
17006
#: serverguide/C/monitoring.xml:512(para)
21964
#: serverguide/C/monitoring.xml:515(para)
17007
21965
msgid ""
17008
21966
"The <application>munin-plugins-extra</application> package contains "
17009
21967
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
17010
21968
"install the package, from a terminal enter:"
17011
21969
msgstr ""
17012
21970
17013
#: serverguide/C/monitoring.xml:518(command)
21971
#: serverguide/C/monitoring.xml:521(command)
17014
21972
msgid "sudo apt-get install munin-plugins-extra"
17015
21973
msgstr ""
17016
21974
17017
#: serverguide/C/monitoring.xml:521(para)
21975
#: serverguide/C/monitoring.xml:524(para)
17018
21976
msgid "Be sure to install the package on both the server and node machines."
17019
21977
msgstr ""
17020
21978
17021
#: serverguide/C/monitoring.xml:531(para)
21979
#: serverguide/C/monitoring.xml:534(para)
17022
21980
msgid ""
17023
21981
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
17024
21982
"website for more details."
17025
21983
msgstr ""
17026
21984
17027
#: serverguide/C/monitoring.xml:536(para)
21985
#: serverguide/C/monitoring.xml:539(para)
17028
21986
msgid ""
17029
21987
"Specifically the <ulink "
17030
21988
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
17032
21990
"writing plugins, etc."
17033
21991
msgstr ""
17034
21992
17035
#: serverguide/C/monitoring.xml:542(para)
21993
#: serverguide/C/monitoring.xml:545(para)
17036
21994
msgid ""
17037
21995
"Also, there is a book in German by Open Source Press: <ulink "
17038
21996
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
17039
21997
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
17040
21998
msgstr ""
17041
21999
17042
#: serverguide/C/monitoring.xml:548(para)
22000
#: serverguide/C/monitoring.xml:551(para)
17043
22001
msgid ""
17044
22002
"Another resource is the <ulink "
17045
22003
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
17063
22021
"IMAP server."
17064
22022
msgstr ""
17065
22023
17066
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
22024
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:839(application) serverguide/C/mail.xml:871(title) serverguide/C/mail.xml:949(title) serverguide/C/mail.xml:1524(title)
17067
22025
msgid "Postfix"
17068
22026
msgstr ""
17069
22027
17186
22144
"your Mail Delivery Agent (MDA) to use the same path."
17187
22145
msgstr ""
17188
22146
17189
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
22147
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:552(title)
17190
22148
msgid "SMTP Authentication"
17191
22149
msgstr "Autentificación SMTP"
17192
22150
17212
22170
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17213
22171
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17214
22172
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17215
"sudo postconf -e 'smtpd_recipient_restrictions = "
22173
"sudo postconf -e 'smtpd_recipient_restrictions = \\\n"
17216
22174
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17217
"sudo postconf -e 'inet_interfaces = all'\n"
17218
22175
msgstr ""
17219
"\n"
17220
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
17221
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
17222
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
17223
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17224
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17225
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17226
"sudo postconf -e 'smtpd_recipient_restrictions = "
17227
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17228
"sudo postconf -e 'inet_interfaces = all'\n"
17229
22176
17230
22177
#: serverguide/C/mail.xml:131(para)
17231
22178
msgid ""
17237
22184
17238
22185
#: serverguide/C/mail.xml:137(para)
17239
22186
msgid ""
17240
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
17241
"and-security\"/> for details. This example also uses a Certificate Authority "
17242
"(CA). For information on generating a CA certificate see <xref "
17243
"linkend=\"certificate-authority\"/>."
22187
"Next, generate or obtain a digital certificate for TLS. See <xref "
22188
"linkend=\"certificates-and-security\"/> for details. This example also uses "
22189
"a Certificate Authority (CA). For information on generating a CA certificate "
22190
"see <xref linkend=\"certificate-authority\"/>."
17244
22191
msgstr ""
17245
22192
17246
22193
#: serverguide/C/mail.xml:143(para)
17247
22194
msgid ""
17248
"You can get the digital certificate from a certificate authority. But unlike "
17249
"web clients, SMTP clients rarely complain about \"self-signed "
17250
"certificates\", so alternatively, you can create the certificate yourself. "
17251
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
17252
"details."
22195
"MUAs connecting to your mail server via TLS will need to recognize the "
22196
"certificate used for TLS. This can either be done using a certificate from a "
22197
"commercial CA or with a self-signed certificate that users manually "
22198
"install/accept. For MTA to MTA TLS certficates are never validated without "
22199
"advance agreement from the affected organizations. For MTA to MTA TLS, "
22200
"unless local policy requires it, there is no reason not to use a self-signed "
22201
"certificate. Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> "
22202
"for more details."
17253
22203
msgstr ""
17254
22204
17255
#: serverguide/C/mail.xml:155(para)
22205
#: serverguide/C/mail.xml:153(para)
17256
22206
msgid ""
17257
22207
"Once you have a certificate, configure Postfix to provide TLS encryption for "
17258
22208
"both incoming and outgoing mail:"
17259
22209
msgstr ""
17260
22210
17261
#: serverguide/C/mail.xml:158(screen)
22211
#: serverguide/C/mail.xml:156(screen)
17262
22212
#, no-wrap
17263
22213
msgid ""
17264
22214
"\n"
17265
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
17266
"sudo postconf -e 'smtp_use_tls = yes'\n"
17267
"sudo postconf -e 'smtpd_use_tls = yes'\n"
22215
"sudo postconf -e 'smtp_tls_security_level = may'\n"
22216
"sudo postconf -e 'smtpd_tls_security_level = may'\n"
17268
22217
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
17269
22218
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
17270
22219
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
17271
22220
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
17272
22221
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
17273
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
17274
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
17275
22222
"sudo postconf -e 'myhostname = mail.example.com'\n"
17276
22223
msgstr ""
17277
22224
17278
#: serverguide/C/mail.xml:173(para)
22225
#: serverguide/C/mail.xml:168(para)
17279
22226
msgid ""
17280
22227
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17281
22228
"the certificate enter:"
17282
22229
msgstr ""
17283
22230
17284
#: serverguide/C/mail.xml:177(command)
22231
#: serverguide/C/mail.xml:172(command)
17285
22232
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17286
22233
msgstr ""
17287
22234
17288
#: serverguide/C/mail.xml:180(para)
22235
#: serverguide/C/mail.xml:175(para)
17289
22236
msgid ""
17290
22237
"Again, for more details about certificates see <xref linkend=\"certificates-"
17291
22238
"and-security\"/>."
17292
22239
msgstr ""
17293
22240
17294
#: serverguide/C/mail.xml:186(para)
22241
#: serverguide/C/mail.xml:181(para)
17295
22242
msgid ""
17296
22243
"After running all the commands, <application>Postfix</application> is "
17297
22244
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17298
22245
"TLS encryption."
17299
22246
msgstr ""
17300
22247
17301
#: serverguide/C/mail.xml:191(para)
22248
#: serverguide/C/mail.xml:186(para)
17302
22249
msgid ""
17303
22250
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17304
22251
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17305
22252
msgstr ""
17306
22253
17307
#: serverguide/C/mail.xml:195(para)
22254
#: serverguide/C/mail.xml:190(para)
17308
22255
msgid ""
17309
22256
"The postfix initial configuration is complete. Run the following command to "
17310
22257
"restart the postfix daemon:"
17311
22258
msgstr ""
17312
22259
17313
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
22260
#: serverguide/C/mail.xml:196(command) serverguide/C/mail.xml:311(command) serverguide/C/mail.xml:374(command) serverguide/C/mail.xml:989(command) serverguide/C/mail.xml:1575(command)
17314
22261
msgid "sudo /etc/init.d/postfix restart"
17315
22262
msgstr ""
17316
22263
17317
#: serverguide/C/mail.xml:204(para)
22264
#: serverguide/C/mail.xml:199(para)
17318
22265
msgid ""
17319
22266
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17320
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17321
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17322
"However it is still necessary to set up SASL authentication before you can "
17323
"use SMTP-AUTH."
22267
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
22268
"<ulink url=\"http://www.ietf.org/rfc/rfc2222.txt\">SASL</ulink>. However it "
22269
"is still necessary to set up SASL authentication before you can use SMTP-"
22270
"AUTH."
17324
22271
msgstr ""
17325
22272
17326
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
22273
#: serverguide/C/mail.xml:209(title) serverguide/C/mail.xml:616(title)
17327
22274
msgid "Configuring SASL"
17328
22275
msgstr "Configuración de SASL"
17329
22276
17330
#: serverguide/C/mail.xml:215(para)
22277
#: serverguide/C/mail.xml:210(para)
17331
22278
msgid ""
17332
22279
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17333
22280
"enable Dovecot SASL the <application>dovecot-common</application> package "
17334
22281
"will need to be installed. From a terminal prompt enter the following:"
17335
22282
msgstr ""
17336
22283
17337
#: serverguide/C/mail.xml:221(command)
22284
#: serverguide/C/mail.xml:216(command)
17338
22285
msgid "sudo apt-get install dovecot-common"
17339
22286
msgstr "sudo apt-get install dovecot-common"
17340
22287
17341
#: serverguide/C/mail.xml:223(para)
22288
#: serverguide/C/mail.xml:218(para)
17342
22289
msgid ""
17343
22290
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17344
22291
"In the <emphasis>auth default</emphasis> section uncomment the "
17345
22292
"<emphasis>socket listen</emphasis> option and change the following:"
17346
22293
msgstr ""
17347
22294
17348
#: serverguide/C/mail.xml:227(programlisting)
22295
#: serverguide/C/mail.xml:222(programlisting)
17349
22296
#, no-wrap
17350
22297
msgid ""
17351
22298
"\n"
17396
22343
" }\n"
17397
22344
" }\n"
17398
22345
17399
#: serverguide/C/mail.xml:251(para)
22346
#: serverguide/C/mail.xml:246(para)
17400
22347
msgid ""
17401
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
22348
"In order to let <application>Outlook</application> clients use SMTP-AUTH, in "
17402
22349
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17403
22350
"add <emphasis>\"login\"</emphasis>:"
17404
22351
msgstr ""
17405
22352
17406
#: serverguide/C/mail.xml:256(programlisting)
22353
#: serverguide/C/mail.xml:251(programlisting)
17407
22354
#, no-wrap
17408
22355
msgid ""
17409
22356
"\n"
17412
22359
"\n"
17413
22360
" mechanisms = plain login\n"
17414
22361
17415
#: serverguide/C/mail.xml:260(para)
22362
#: serverguide/C/mail.xml:255(para)
17416
22363
msgid ""
17417
22364
"Once you have <application>Dovecot</application> configured restart it with:"
17418
22365
msgstr ""
17419
22366
"En teniendo <application>Dovecot</application> configuráu rearráncalu con:"
17420
22367
17421
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
22368
#: serverguide/C/mail.xml:259(command) serverguide/C/mail.xml:742(command)
17422
22369
msgid "sudo /etc/init.d/dovecot restart"
17423
22370
msgstr "sudo /etc/init.d/dovecot restart"
17424
22371
17425
#: serverguide/C/mail.xml:269(title)
17426
msgid "Postfix-Dovecot"
17427
msgstr "Postfix-Dovecot"
22372
#: serverguide/C/mail.xml:264(title)
22373
msgid "Mail-Stack Delivery"
22374
msgstr ""
17428
22375
17429
#: serverguide/C/mail.xml:271(para)
22376
#: serverguide/C/mail.xml:266(para)
17430
22377
msgid ""
17431
22378
"Another option for configuring <application>Postfix</application> for SMTP-"
17432
"AUTH is using the <application>dovecot-postfix</application> package. This "
17433
"package will install <application>Dovecot</application> and configure "
22379
"AUTH is using the <application>mail-stack-delivery</application> package "
22380
"(previously packaged as dovecot-postfix). This package will install "
22381
"<application>Dovecot</application> and configure "
17434
22382
"<application>Postfix</application> to use it for both SASL authentication "
17435
22383
"and as a Mail Delivery Agent (MDA). The package also configures "
17436
22384
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17437
22385
msgstr ""
17438
22386
17439
#: serverguide/C/mail.xml:280(para)
22387
#: serverguide/C/mail.xml:276(para)
17440
22388
msgid ""
17441
22389
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17442
22390
"server. For example, if you are configuring your server to be a mail "
17443
22391
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17444
"the above commands to configure Postfix for SMTPAUTH."
22392
"the above commands to configure Postfix for SMTP-AUTH."
17445
22393
msgstr ""
17446
22394
17447
#: serverguide/C/mail.xml:287(para)
22395
#: serverguide/C/mail.xml:283(para)
17448
22396
msgid "To install the package, from a terminal prompt enter:"
17449
22397
msgstr ""
17450
22398
17451
#: serverguide/C/mail.xml:292(command)
17452
msgid "sudo apt-get install dovecot-postfix"
22399
#: serverguide/C/mail.xml:288(command)
22400
msgid "sudo apt-get install mail-stack-delivery"
17453
22401
msgstr ""
17454
22402
17455
#: serverguide/C/mail.xml:295(para)
22403
#: serverguide/C/mail.xml:291(para)
17456
22404
msgid ""
17457
22405
"You should now have a working mail server, but there are a few options that "
17458
22406
"you may wish to further customize. For example, the package uses the "
17462
22410
"for more details."
17463
22411
msgstr ""
17464
22412
17465
#: serverguide/C/mail.xml:301(para)
22413
#: serverguide/C/mail.xml:297(para)
17466
22414
msgid ""
17467
22415
"Once you have a customized certificate and key for the host, change the "
17468
22416
"following options in <filename>/etc/postfix/main.cf</filename>:"
17469
22417
msgstr ""
17470
22418
17471
#: serverguide/C/mail.xml:305(programlisting)
22419
#: serverguide/C/mail.xml:301(programlisting)
17472
22420
#, no-wrap
17473
22421
msgid ""
17474
22422
"\n"
17476
22424
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17477
22425
msgstr ""
17478
22426
17479
#: serverguide/C/mail.xml:310(para)
22427
#: serverguide/C/mail.xml:306(para)
17480
22428
msgid "Then restart Postfix:"
17481
22429
msgstr ""
17482
22430
17483
#: serverguide/C/mail.xml:321(para)
22431
#: serverguide/C/mail.xml:317(para)
17484
22432
msgid ""
17485
22433
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17486
22434
msgstr ""
17487
22435
17488
#: serverguide/C/mail.xml:324(para)
22436
#: serverguide/C/mail.xml:320(para)
17489
22437
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17490
22438
msgstr ""
17491
22439
17492
#: serverguide/C/mail.xml:329(command)
22440
#: serverguide/C/mail.xml:325(command)
17493
22441
msgid "telnet mail.example.com 25"
17494
22442
msgstr ""
17495
22443
17496
#: serverguide/C/mail.xml:331(para)
22444
#: serverguide/C/mail.xml:327(para)
17497
22445
msgid ""
17498
22446
"After you have established the connection to the postfix mail server, type:"
17499
22447
msgstr ""
17500
22448
17501
#: serverguide/C/mail.xml:335(screen)
22449
#: serverguide/C/mail.xml:331(screen)
17502
22450
#, no-wrap
17503
22451
msgid ""
17504
22452
"\n"
17507
22455
"\n"
17508
22456
"ehlo mail.example.com\n"
17509
22457
17510
#: serverguide/C/mail.xml:338(para)
22458
#: serverguide/C/mail.xml:334(para)
17511
22459
msgid ""
17512
22460
"If you see the following lines among others, then everything is working "
17513
22461
"perfectly. Type <command>quit</command> to exit."
17514
22462
msgstr ""
17515
22463
17516
#: serverguide/C/mail.xml:342(programlisting)
22464
#: serverguide/C/mail.xml:338(programlisting)
17517
22465
#, no-wrap
17518
22466
msgid ""
17519
22467
"\n"
17528
22476
"250-AUTH=LOGIN PLAIN\n"
17529
22477
"250 8BITMIME\n"
17530
22478
17531
#: serverguide/C/mail.xml:352(para)
22479
#: serverguide/C/mail.xml:347(title) serverguide/C/mail.xml:1645(title) serverguide/C/dns.xml:373(title)
22480
msgid "Troubleshooting"
22481
msgstr "Igua de problemes"
22482
22483
#: serverguide/C/mail.xml:348(para)
17532
22484
msgid ""
17533
22485
"This section introduces some common ways to determine the cause if problems "
17534
22486
"arise."
17535
22487
msgstr ""
17536
22488
17537
#: serverguide/C/mail.xml:356(title)
22489
#: serverguide/C/mail.xml:352(title)
17538
22490
msgid "Escaping chroot"
17539
22491
msgstr "Colando de chroot"
17540
22492
17541
#: serverguide/C/mail.xml:357(para)
22493
#: serverguide/C/mail.xml:353(para)
17542
22494
msgid ""
17543
22495
"The Ubuntu <application>postfix</application> package will by default "
17544
22496
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17545
22497
"This can add greater complexity when troubleshooting problems."
17546
22498
msgstr ""
17547
22499
17548
#: serverguide/C/mail.xml:361(para)
22500
#: serverguide/C/mail.xml:357(para)
17549
22501
msgid ""
17550
22502
"To turn off the chroot operation locate for the following line in the "
17551
22503
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17552
22504
msgstr ""
17553
22505
17554
#: serverguide/C/mail.xml:365(screen)
22506
#: serverguide/C/mail.xml:361(screen)
17555
22507
#, no-wrap
17556
22508
msgid ""
17557
22509
"\n"
17560
22512
"\n"
17561
22513
"smtp inet n - - - - smtpd\n"
17562
22514
17563
#: serverguide/C/mail.xml:368(para)
22515
#: serverguide/C/mail.xml:364(para)
17564
22516
msgid "and modify it as follows:"
17565
22517
msgstr ""
17566
22518
17567
#: serverguide/C/mail.xml:371(screen)
22519
#: serverguide/C/mail.xml:367(screen)
17568
22520
#, no-wrap
17569
22521
msgid ""
17570
22522
"\n"
17573
22525
"\n"
17574
22526
"smtp inet n - n - - smtpd\n"
17575
22527
17576
#: serverguide/C/mail.xml:374(para)
22528
#: serverguide/C/mail.xml:370(para)
17577
22529
msgid ""
17578
22530
"You will then need to restart Postfix to use the new configuration. From a "
17579
22531
"terminal prompt enter:"
17580
22532
msgstr ""
17581
22533
17582
#: serverguide/C/mail.xml:382(title)
22534
#: serverguide/C/mail.xml:378(title)
17583
22535
msgid "Log Files"
17584
22536
msgstr ""
17585
22537
17586
#: serverguide/C/mail.xml:383(para)
22538
#: serverguide/C/mail.xml:379(para)
17587
22539
msgid ""
17588
22540
"<application>Postfix</application> sends all log messages to "
17589
22541
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17592
22544
"<filename>/var/log/mail.warn</filename> respectively."
17593
22545
msgstr ""
17594
22546
17595
#: serverguide/C/mail.xml:388(para)
22547
#: serverguide/C/mail.xml:384(para)
17596
22548
msgid ""
17597
22549
"To see messages entered into the logs in real time you can use the "
17598
22550
"<application>tail -f</application> command:"
17599
22551
msgstr ""
17600
22552
17601
#: serverguide/C/mail.xml:393(command)
22553
#: serverguide/C/mail.xml:389(command)
17602
22554
msgid "tail -f /var/log/mail.err"
17603
22555
msgstr ""
17604
22556
17605
#: serverguide/C/mail.xml:395(para)
22557
#: serverguide/C/mail.xml:391(para)
17606
22558
msgid ""
17607
22559
"The amount of detail that is recorded in the logs can be increased. Below "
17608
22560
"are some configuration options for increasing the log level for some of the "
17609
22561
"areas covered above."
17610
22562
msgstr ""
17611
22563
17612
#: serverguide/C/mail.xml:401(para)
22564
#: serverguide/C/mail.xml:397(para)
17613
22565
msgid ""
17614
22566
"To increase <emphasis>TLS</emphasis> activity logging set the "
17615
22567
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17616
22568
msgstr ""
17617
22569
17618
#: serverguide/C/mail.xml:405(command)
22570
#: serverguide/C/mail.xml:401(command)
17619
22571
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17620
22572
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17621
22573
17622
#: serverguide/C/mail.xml:409(para)
22574
#: serverguide/C/mail.xml:405(para)
17623
22575
msgid ""
17624
22576
"If you are having trouble sending or receiving mail from a specific domain "
17625
22577
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17626
22578
msgstr ""
17627
22579
17628
#: serverguide/C/mail.xml:414(command)
22580
#: serverguide/C/mail.xml:410(command)
17629
22581
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17630
22582
msgstr "sudo postconf -e 'debug_peer_list = problem.domain'"
17631
22583
17632
#: serverguide/C/mail.xml:418(para)
22584
#: serverguide/C/mail.xml:414(para)
17633
22585
msgid ""
17634
22586
"You can increase the verbosity of any <application>Postfix</application> "
17635
22587
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17637
22589
"<emphasis>smtp</emphasis> entry:"
17638
22590
msgstr ""
17639
22591
17640
#: serverguide/C/mail.xml:422(programlisting)
22592
#: serverguide/C/mail.xml:418(programlisting)
17641
22593
#, no-wrap
17642
22594
msgid ""
17643
22595
"\n"
17646
22598
"\n"
17647
22599
"smtp unix - - - - - smtp -v\n"
17648
22600
17649
#: serverguide/C/mail.xml:428(para)
22601
#: serverguide/C/mail.xml:424(para)
17650
22602
msgid ""
17651
22603
"It is important to note that after making one of the logging changes above "
17652
22604
"the <application>Postfix</application> process will need to be reloaded in "
17654
22606
"reload</command>"
17655
22607
msgstr ""
17656
22608
17657
#: serverguide/C/mail.xml:435(para)
22609
#: serverguide/C/mail.xml:431(para)
17658
22610
msgid ""
17659
22611
"To increase the amount of information logged when troubleshooting "
17660
22612
"<emphasis>SASL</emphasis> issues you can set the following options in "
17661
22613
"<filename>/etc/dovecot/dovecot.conf</filename>"
17662
22614
msgstr ""
17663
22615
17664
#: serverguide/C/mail.xml:439(programlisting)
22616
#: serverguide/C/mail.xml:435(programlisting)
17665
22617
#, no-wrap
17666
22618
msgid ""
17667
22619
"\n"
17672
22624
"auth_debug=yes\n"
17673
22625
"auth_debug_passwords=yes\n"
17674
22626
17675
#: serverguide/C/mail.xml:446(para)
22627
#: serverguide/C/mail.xml:442(para)
17676
22628
msgid ""
17677
22629
"Just like <application>Postfix</application> if you change a "
17678
22630
"<application>Dovecot</application> configuration the process will need to be "
17679
22631
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17680
22632
msgstr ""
17681
22633
17682
#: serverguide/C/mail.xml:452(para)
22634
#: serverguide/C/mail.xml:448(para)
17683
22635
msgid ""
17684
22636
"Some of the options above can drastically increase the amount of information "
17685
22637
"sent to the log files. Remember to return the log level back to normal after "
17687
22639
"new configuration to take affect."
17688
22640
msgstr ""
17689
22641
17690
#: serverguide/C/mail.xml:460(para)
22642
#: serverguide/C/mail.xml:456(para)
17691
22643
msgid ""
17692
22644
"Administering a <application>Postfix</application> server can be a very "
17693
22645
"complicated task. At some point you may need to turn to the Ubuntu community "
17694
22646
"for more experienced help."
17695
22647
msgstr ""
17696
22648
17697
#: serverguide/C/mail.xml:464(para)
22649
#: serverguide/C/mail.xml:460(para)
17698
22650
msgid ""
17699
22651
"A great place to ask for <application>Postfix</application> assistance, and "
17700
22652
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17704
22656
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17705
22657
msgstr ""
17706
22658
17707
#: serverguide/C/mail.xml:469(para)
22659
#: serverguide/C/mail.xml:465(para)
17708
22660
msgid ""
17709
22661
"For in depth <application>Postfix</application> information Ubuntu "
17710
22662
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17711
22663
"Book of Postfix</ulink>."
17712
22664
msgstr ""
17713
22665
17714
#: serverguide/C/mail.xml:473(para)
22666
#: serverguide/C/mail.xml:469(para)
17715
22667
msgid ""
17716
22668
"Finally, the <ulink "
17717
22669
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17719
22671
"available."
17720
22672
msgstr ""
17721
22673
17722
#: serverguide/C/mail.xml:477(para)
22674
#: serverguide/C/mail.xml:473(para)
17723
22675
msgid ""
17724
22676
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17725
22677
"Wiki Postifx</ulink> page has more information."
17726
22678
msgstr ""
17727
22679
17728
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
22680
#: serverguide/C/mail.xml:481(title) serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:993(title)
17729
22681
msgid "Exim4"
17730
22682
msgstr "Exim4"
17731
22683
17732
#: serverguide/C/mail.xml:486(para)
22684
#: serverguide/C/mail.xml:482(para)
17733
22685
msgid ""
17734
22686
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17735
22687
"developed at the University of Cambridge for use on Unix systems connected "
17739
22691
"<application>sendmail</application>."
17740
22692
msgstr ""
17741
22693
17742
#: serverguide/C/mail.xml:497(para)
22694
#: serverguide/C/mail.xml:493(para)
17743
22695
msgid ""
17744
22696
"To install <application>exim4</application>, run the following command: "
17745
22697
"<screen>\n"
17747
22699
"</screen>"
17748
22700
msgstr ""
17749
22701
17750
#: serverguide/C/mail.xml:506(para)
22702
#: serverguide/C/mail.xml:502(para)
17751
22703
msgid ""
17752
22704
"To configure <application>Exim4</application>, run the following command:"
17753
22705
msgstr ""
17754
22706
17755
#: serverguide/C/mail.xml:510(command)
22707
#: serverguide/C/mail.xml:506(command)
17756
22708
msgid "sudo dpkg-reconfigure exim4-config"
17757
22709
msgstr "sudo dpkg-reconfigure exim4-config"
17758
22710
17759
#: serverguide/C/mail.xml:512(para)
22711
#: serverguide/C/mail.xml:508(para)
17760
22712
msgid ""
17761
22713
"The user interface will be displayed. The user interface lets you configure "
17762
22714
"many parameters. For example, In <application>Exim4</application> the "
17764
22716
"in one file you can configure accordingly in this user interface."
17765
22717
msgstr ""
17766
22718
17767
#: serverguide/C/mail.xml:520(para)
22719
#: serverguide/C/mail.xml:516(para)
17768
22720
msgid ""
17769
22721
"All the parameters you configure in the user interface are stored in "
17770
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17771
"re-configure, either you re-run the configuration wizard or manually edit "
17772
"this file using your favorite editor. Once you configure, you can run the "
22722
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
22723
"configure, either you re-run the configuration wizard or manually edit this "
22724
"file using your favorite editor. Once you configure, you can run the "
17773
22725
"following command to generate the master configuration file:"
17774
22726
msgstr ""
17775
22727
17776
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
22728
#: serverguide/C/mail.xml:527(command) serverguide/C/mail.xml:611(command)
17777
22729
msgid "sudo update-exim4.conf"
17778
22730
msgstr "sudo update-exim4.conf"
17779
22731
17780
#: serverguide/C/mail.xml:533(para)
22732
#: serverguide/C/mail.xml:529(para)
17781
22733
msgid ""
17782
22734
"The master configuration file, is generated and it is stored in "
17783
22735
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17784
22736
msgstr ""
17785
22737
17786
#: serverguide/C/mail.xml:539(para)
22738
#: serverguide/C/mail.xml:535(para)
17787
22739
msgid ""
17788
22740
"At any time, you should not edit the master configuration file, "
17789
22741
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17790
22742
"updated automatically every time you run <command>update-exim4.conf</command>"
17791
22743
msgstr ""
17792
22744
17793
#: serverguide/C/mail.xml:547(para)
22745
#: serverguide/C/mail.xml:543(para)
17794
22746
msgid ""
17795
22747
"You can run the following command to start <application>Exim4</application> "
17796
22748
"daemon."
17797
22749
msgstr ""
17798
22750
17799
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
22751
#: serverguide/C/mail.xml:548(command) serverguide/C/mail.xml:999(command)
17800
22752
msgid "sudo /etc/init.d/exim4 start"
17801
22753
msgstr ""
17802
22754
17803
#: serverguide/C/mail.xml:557(para)
22755
#: serverguide/C/mail.xml:553(para)
17804
22756
msgid ""
17805
22757
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17806
22758
msgstr ""
17807
22759
17808
#: serverguide/C/mail.xml:560(para)
22760
#: serverguide/C/mail.xml:556(para)
17809
22761
msgid ""
17810
22762
"The first step is to create a certificate for use with TLS. Enter the "
17811
22763
"following into a terminal prompt:"
17812
22764
msgstr ""
17813
22765
17814
#: serverguide/C/mail.xml:564(command)
22766
#: serverguide/C/mail.xml:560(command)
17815
22767
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17816
22768
msgstr ""
17817
22769
17818
#: serverguide/C/mail.xml:566(para)
22770
#: serverguide/C/mail.xml:562(para)
17819
22771
msgid ""
17820
22772
"Now Exim4 needs to be configured for TLS by editing "
17821
22773
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17822
22774
"the following:"
17823
22775
msgstr ""
17824
22776
17825
#: serverguide/C/mail.xml:570(programlisting)
22777
#: serverguide/C/mail.xml:566(programlisting)
17826
22778
#, no-wrap
17827
22779
msgid ""
17828
22780
"\n"
17829
22781
"MAIN_TLS_ENABLE = yes\n"
17830
22782
msgstr ""
17831
22783
17832
#: serverguide/C/mail.xml:573(para)
22784
#: serverguide/C/mail.xml:569(para)
17833
22785
msgid ""
17834
22786
"Next you need to configure <application>Exim4</application> to use the "
17835
22787
"<application>saslauthd</application> for authentication. Edit "
17838
22790
"<emphasis>login_saslauthd_server</emphasis> sections:"
17839
22791
msgstr ""
17840
22792
17841
#: serverguide/C/mail.xml:578(programlisting)
22793
#: serverguide/C/mail.xml:574(programlisting)
17842
22794
#, no-wrap
17843
22795
msgid ""
17844
22796
"\n"
17864
22816
" .endif\n"
17865
22817
msgstr ""
17866
22818
17867
#: serverguide/C/mail.xml:600(para)
22819
#: serverguide/C/mail.xml:596(para)
22820
msgid ""
22821
"Additionally, in order for outside mail client to be able to connect to new "
22822
"exim server, new user needs to be added into exim by using the following "
22823
"commands."
22824
msgstr ""
22825
22826
#: serverguide/C/mail.xml:600(command)
22827
msgid "sudo /usr/share/doc/exim4/examples/exim-adduser"
22828
msgstr ""
22829
22830
#: serverguide/C/mail.xml:602(para)
22831
msgid ""
22832
"Users should protect the new exim password files with the following commands."
22833
msgstr ""
22834
22835
#: serverguide/C/mail.xml:604(command)
22836
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
22837
msgstr ""
22838
22839
#: serverguide/C/mail.xml:605(command)
22840
msgid "sudo chmod 640 /etc/exim4/passwd"
22841
msgstr ""
22842
22843
#: serverguide/C/mail.xml:607(para)
17868
22844
msgid "Finally, update the Exim4 configuration and restart the service:"
17869
22845
msgstr ""
17870
22846
17871
#: serverguide/C/mail.xml:605(command)
22847
#: serverguide/C/mail.xml:612(command)
17872
22848
msgid "sudo /etc/init.d/exim4 restart"
17873
22849
msgstr "sudo /etc/init.d/exim4 restart"
17874
22850
17875
#: serverguide/C/mail.xml:610(para)
22851
#: serverguide/C/mail.xml:617(para)
17876
22852
msgid ""
17877
22853
"This section provides details on configuring the saslauthd to provide "
17878
22854
"authentication for <application>Exim4</application>."
17879
22855
msgstr ""
17880
22856
17881
#: serverguide/C/mail.xml:613(para)
22857
#: serverguide/C/mail.xml:620(para)
17882
22858
msgid ""
17883
22859
"The first step is to install the sasl2-bin package. From a terminal prompt "
17884
22860
"enter the following:"
17885
22861
msgstr ""
17886
22862
17887
#: serverguide/C/mail.xml:617(command)
22863
#: serverguide/C/mail.xml:624(command)
17888
22864
msgid "sudo apt-get install sasl2-bin"
17889
22865
msgstr "sudo apt-get install sasl2-bin"
17890
22866
17891
#: serverguide/C/mail.xml:619(para)
22867
#: serverguide/C/mail.xml:626(para)
17892
22868
msgid ""
17893
22869
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17894
22870
"and set START=no to:"
17895
22871
msgstr ""
17896
22872
17897
#: serverguide/C/mail.xml:622(programlisting)
17898
#, no-wrap
17899
msgid ""
17900
"\n"
17901
"START=yes\n"
17902
msgstr ""
17903
"\n"
17904
"START=yes\n"
17905
17906
#: serverguide/C/mail.xml:625(para)
22873
#: serverguide/C/mail.xml:632(para)
17907
22874
msgid ""
17908
22875
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17909
22876
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17910
22877
"service:"
17911
22878
msgstr ""
17912
22879
17913
#: serverguide/C/mail.xml:630(command)
22880
#: serverguide/C/mail.xml:637(command)
17914
22881
msgid "sudo adduser Debian-exim sasl"
17915
22882
msgstr "sudo adduser Debian-exim sasl"
17916
22883
17917
#: serverguide/C/mail.xml:632(para)
22884
#: serverguide/C/mail.xml:639(para)
17918
22885
msgid "Now start the <application>saslauthd</application> service:"
17919
22886
msgstr ""
17920
22887
17921
#: serverguide/C/mail.xml:636(command)
22888
#: serverguide/C/mail.xml:643(command)
17922
22889
msgid "sudo /etc/init.d/saslauthd start"
17923
22890
msgstr ""
17924
22891
17925
#: serverguide/C/mail.xml:638(para)
22892
#: serverguide/C/mail.xml:645(para)
17926
22893
msgid ""
17927
22894
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17928
22895
"and SASL authentication."
17929
22896
msgstr ""
17930
22897
17931
#: serverguide/C/mail.xml:647(para)
22898
#: serverguide/C/mail.xml:654(para)
17932
22899
msgid ""
17933
22900
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17934
22901
"information."
17935
22902
msgstr ""
17936
22903
17937
#: serverguide/C/mail.xml:652(para)
22904
#: serverguide/C/mail.xml:659(para)
17938
22905
msgid ""
17939
22906
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17940
22907
"server\">Exim4 Book</ulink> available."
17941
22908
msgstr ""
17942
22909
17943
#: serverguide/C/mail.xml:657(para)
22910
#: serverguide/C/mail.xml:664(para)
17944
22911
msgid ""
17945
22912
"Another resource is the <ulink "
17946
22913
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17947
22914
"page."
17948
22915
msgstr ""
17949
22916
17950
#: serverguide/C/mail.xml:666(title)
22917
#: serverguide/C/mail.xml:673(title)
17951
22918
msgid "Dovecot Server"
17952
22919
msgstr ""
17953
22920
17954
#: serverguide/C/mail.xml:667(para)
22921
#: serverguide/C/mail.xml:674(para)
17955
22922
msgid ""
17956
22923
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17957
22924
"security primarily in mind. It supports the major mailbox formats: mbox or "
17958
22925
"Maildir. This section explain how to set it up as an imap or pop3 server."
17959
22926
msgstr ""
17960
22927
17961
#: serverguide/C/mail.xml:675(para)
22928
#: serverguide/C/mail.xml:682(para)
17962
22929
msgid ""
17963
22930
"To install <application>dovecot</application>, run the following command in "
17964
22931
"the command prompt:"
17965
22932
msgstr ""
17966
22933
17967
#: serverguide/C/mail.xml:680(command)
22934
#: serverguide/C/mail.xml:687(command)
17968
22935
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17969
22936
msgstr "sudo apt-get install dovecot-imapd dovecot-pop3d"
17970
22937
17971
#: serverguide/C/mail.xml:685(para)
22938
#: serverguide/C/mail.xml:692(para)
17972
22939
msgid ""
17973
22940
"To configure <application>dovecot</application>, you can edit the file "
17974
22941
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17980
22947
"link>."
17981
22948
msgstr ""
17982
22949
17983
#: serverguide/C/mail.xml:695(para)
22950
#: serverguide/C/mail.xml:702(para)
17984
22951
msgid ""
17985
22952
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17986
22953
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17987
22954
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17988
22955
msgstr ""
17989
22956
17990
#: serverguide/C/mail.xml:701(programlisting)
22957
#: serverguide/C/mail.xml:708(programlisting)
17991
22958
#, no-wrap
17992
22959
msgid ""
17993
22960
"\n"
17996
22963
"\n"
17997
22964
"protocols = pop3 pop3s imap imaps\n"
17998
22965
17999
#: serverguide/C/mail.xml:704(para)
22966
#: serverguide/C/mail.xml:711(para)
18000
22967
msgid ""
18001
22968
"Next, choose the mailbox you would like to use. "
18002
22969
"<application>Dovecot</application> supports <emphasis "
18007
22974
"site</ulink>."
18008
22975
msgstr ""
18009
22976
18010
#: serverguide/C/mail.xml:712(para)
22977
#: serverguide/C/mail.xml:719(para)
18011
22978
msgid ""
18012
22979
"Once you have chosen your mailbox type, edit the file "
18013
22980
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
18014
22981
msgstr ""
18015
22982
18016
#: serverguide/C/mail.xml:717(programlisting)
22983
#: serverguide/C/mail.xml:724(programlisting)
18017
22984
#, no-wrap
18018
22985
msgid ""
18019
22986
"\n"
18026
22993
"or\n"
18027
22994
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (para mbox)\n"
18028
22995
18029
#: serverguide/C/mail.xml:723(para)
22996
#: serverguide/C/mail.xml:730(para)
18030
22997
msgid ""
18031
22998
"You should configure your Mail Transport Agent (MTA) to transfer the "
18032
22999
"incoming mail to this type of mailbox if it is different from the one you "
18033
23000
"have configured."
18034
23001
msgstr ""
18035
23002
18036
#: serverguide/C/mail.xml:729(para)
23003
#: serverguide/C/mail.xml:736(para)
18037
23004
msgid ""
18038
23005
"Once you have configured dovecot, restart the "
18039
23006
"<application>dovecot</application> daemon in order to test your setup:"
18040
23007
msgstr ""
18041
23008
18042
#: serverguide/C/mail.xml:738(para)
23009
#: serverguide/C/mail.xml:745(para)
18043
23010
msgid ""
18044
23011
"If you have enabled imap, or pop3, you can also try to log in with the "
18045
23012
"commands <command>telnet localhost pop3</command> or <command>telnet "
18047
23014
"installation has been successful:"
18048
23015
msgstr ""
18049
23016
18050
#: serverguide/C/mail.xml:745(programlisting)
23017
#: serverguide/C/mail.xml:752(programlisting)
18051
23018
#, no-wrap
18052
23019
msgid ""
18053
23020
"\n"
18058
23025
"+OK Dovecot ready.\n"
18059
23026
msgstr ""
18060
23027
18061
#: serverguide/C/mail.xml:754(title)
23028
#: serverguide/C/mail.xml:761(title)
18062
23029
msgid "Dovecot SSL Configuration"
18063
23030
msgstr ""
18064
23031
18065
#: serverguide/C/mail.xml:755(para)
23032
#: serverguide/C/mail.xml:762(para)
18066
23033
msgid ""
18067
23034
"To configure <application>dovecot</application> to use SSL, you can edit the "
18068
23035
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
18069
23036
"lines:"
18070
23037
msgstr ""
18071
23038
18072
#: serverguide/C/mail.xml:760(programlisting)
23039
#: serverguide/C/mail.xml:767(programlisting)
18073
23040
#, no-wrap
18074
23041
msgid ""
18075
23042
"\n"
18079
23046
"disable_plaintext_auth = no\n"
18080
23047
msgstr ""
18081
23048
18082
#: serverguide/C/mail.xml:766(para)
23049
#: serverguide/C/mail.xml:773(para)
18083
23050
msgid ""
18084
23051
"You can get the SSL certificate from a Certificate Issuing Authority or you "
18085
23052
"can create self signed SSL certificate. The latter is a good option for "
18091
23058
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
18092
23059
msgstr ""
18093
23060
18094
#: serverguide/C/mail.xml:781(title)
23061
#: serverguide/C/mail.xml:788(title)
18095
23062
msgid "Firewall Configuration for an Email Server"
18096
23063
msgstr "Configuración del torgafueos pa un sirvidor de corréu"
18097
23064
18098
#: serverguide/C/mail.xml:787(para)
23065
#: serverguide/C/mail.xml:794(para)
18099
23066
msgid "IMAP - 143"
18100
23067
msgstr "IMAP - 143"
18101
23068
18102
#: serverguide/C/mail.xml:788(para)
23069
#: serverguide/C/mail.xml:795(para)
18103
23070
msgid "IMAPS - 993"
18104
23071
msgstr "IMAPS - 993"
18105
23072
18106
#: serverguide/C/mail.xml:789(para)
23073
#: serverguide/C/mail.xml:796(para)
18107
23074
msgid "POP3 - 110"
18108
23075
msgstr "POP3 - 110"
18109
23076
18110
#: serverguide/C/mail.xml:790(para)
23077
#: serverguide/C/mail.xml:797(para)
18111
23078
msgid "POP3S - 995"
18112
23079
msgstr "POP3S - 995"
18113
23080
18114
#: serverguide/C/mail.xml:782(para)
23081
#: serverguide/C/mail.xml:789(para)
18115
23082
msgid ""
18116
23083
"To access your mail server from another computer, you must configure your "
18117
23084
"firewall to allow connections to the server on the necessary ports. "
18118
23085
"<placeholder-1/>"
18119
23086
msgstr ""
18120
23087
18121
#: serverguide/C/mail.xml:799(para)
23088
#: serverguide/C/mail.xml:806(para)
18122
23089
msgid ""
18123
23090
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
18124
23091
"more information."
18125
23092
msgstr ""
18126
23093
18127
#: serverguide/C/mail.xml:804(para)
23094
#: serverguide/C/mail.xml:811(para)
18128
23095
msgid ""
18129
23096
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
18130
23097
"Ubuntu Wiki</ulink> page has more details."
18131
23098
msgstr ""
18132
23099
18133
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
23100
#: serverguide/C/mail.xml:820(title) serverguide/C/mail.xml:895(title) serverguide/C/mail.xml:1118(title)
18134
23101
msgid "Mailman"
18135
23102
msgstr "Mailman"
18136
23103
18137
#: serverguide/C/mail.xml:814(para)
23104
#: serverguide/C/mail.xml:821(para)
18138
23105
msgid ""
18139
23106
"Mailman is an open source program for managing electronic mail discussions "
18140
23107
"and e-newsletter lists. Many open source mailing lists (including all the "
18143
23110
"and maintain."
18144
23111
msgstr ""
18145
23112
18146
#: serverguide/C/mail.xml:824(para)
23113
#: serverguide/C/mail.xml:831(para)
18147
23114
msgid ""
18148
23115
"Mailman provides a web interface for the administrators and users, using an "
18149
23116
"external mail server to send and receive emails. It works perfectly with the "
18150
23117
"following mail servers:"
18151
23118
msgstr ""
18152
23119
18153
#: serverguide/C/mail.xml:835(application)
23120
#: serverguide/C/mail.xml:842(application)
18154
23121
msgid "Exim"
18155
23122
msgstr ""
18156
23123
18157
#: serverguide/C/mail.xml:838(application)
23124
#: serverguide/C/mail.xml:845(application)
18158
23125
msgid "Sendmail"
18159
23126
msgstr ""
18160
23127
18161
#: serverguide/C/mail.xml:841(application)
23128
#: serverguide/C/mail.xml:848(application)
18162
23129
msgid "Qmail"
18163
23130
msgstr ""
18164
23131
18165
#: serverguide/C/mail.xml:846(para)
23132
#: serverguide/C/mail.xml:853(para)
18166
23133
msgid ""
18167
23134
"We will see how to install and configure Mailman with, the Apache web "
18168
23135
"server, and either the Postfix or Exim mail server. If you wish to install "
18169
23136
"Mailman with a different mail server, please refer to the references section."
18170
23137
msgstr ""
18171
23138
18172
#: serverguide/C/mail.xml:853(para)
23139
#: serverguide/C/mail.xml:860(para)
18173
23140
msgid ""
18174
23141
"You only need to install one mail server and "
18175
23142
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
18176
23143
msgstr ""
18177
23144
18178
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
23145
#: serverguide/C/mail.xml:865(title) serverguide/C/mail.xml:922(title)
18179
23146
msgid "Apache2"
18180
23147
msgstr "Apache2"
18181
23148
18182
#: serverguide/C/mail.xml:859(para)
23149
#: serverguide/C/mail.xml:866(para)
18183
23150
msgid ""
18184
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
18185
"installation\">HTTPD Installation</ulink> section for details."
23151
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
23152
"details."
18186
23153
msgstr ""
18187
23154
18188
#: serverguide/C/mail.xml:867(para)
23155
#: serverguide/C/mail.xml:872(para)
18189
23156
msgid ""
18190
23157
"For instructions on installing and configuring Postfix refer to <xref "
18191
23158
"linkend=\"postfix\"/>"
18192
23159
msgstr ""
18193
23160
18194
#: serverguide/C/mail.xml:873(para)
23161
#: serverguide/C/mail.xml:878(para)
18195
23162
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
18196
23163
msgstr ""
18197
23164
18198
#: serverguide/C/mail.xml:884(application)
18199
msgid "dc_use_split_config='true'"
18200
msgstr "dc_use_split_config='true'"
18201
18202
#: serverguide/C/mail.xml:876(para)
23165
#: serverguide/C/mail.xml:881(para)
18203
23166
msgid ""
18204
23167
"Once exim4 is installed, the configuration files are stored in the "
18205
23168
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
18206
23169
"configuration files are split across different files. You can change this "
18207
23170
"behavior by changing the following variable in the "
18208
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
18209
msgstr ""
18210
18211
#: serverguide/C/mail.xml:891(para)
23171
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
23172
msgstr ""
23173
23174
#: serverguide/C/mail.xml:888(programlisting)
23175
#, no-wrap
23176
msgid ""
23177
"\n"
23178
"dc_use_split_config='true'\n"
23179
msgstr ""
23180
23181
#: serverguide/C/mail.xml:896(para)
18212
23182
msgid ""
18213
23183
"To install <application>Mailman</application>, run following command at a "
18214
23184
"terminal prompt:"
18215
23185
msgstr ""
18216
23186
18217
#: serverguide/C/mail.xml:895(command)
23187
#: serverguide/C/mail.xml:900(command)
18218
23188
msgid "sudo apt-get install mailman"
18219
23189
msgstr "sudo apt-get install mailman"
18220
23190
18221
#: serverguide/C/mail.xml:897(para)
23191
#: serverguide/C/mail.xml:902(para)
18222
23192
msgid ""
18223
23193
"It copies the installation files in "
18224
23194
"<application>/var/lib/mailman</application> directory. It installs the CGI "
18228
23198
"this user."
18229
23199
msgstr ""
18230
23200
18231
#: serverguide/C/mail.xml:909(para)
23201
#: serverguide/C/mail.xml:914(para)
18232
23202
msgid ""
18233
23203
"This section assumes you have successfully installed "
18234
23204
"<application>mailman</application>, <application>apache2</application>, and "
18236
23206
"you just need to configure them."
18237
23207
msgstr ""
18238
23208
18239
#: serverguide/C/mail.xml:918(para)
23209
#: serverguide/C/mail.xml:923(para)
18240
23210
msgid ""
18241
23211
"An example Apache configuration file comes with "
18242
23212
"<application>Mailman</application> and is placed in "
18245
23215
"available</filename>:"
18246
23216
msgstr ""
18247
23217
18248
#: serverguide/C/mail.xml:924(command)
23218
#: serverguide/C/mail.xml:929(command)
18249
23219
msgid ""
18250
23220
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18251
23221
msgstr ""
18252
23222
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18253
23223
18254
#: serverguide/C/mail.xml:926(para)
23224
#: serverguide/C/mail.xml:931(para)
18255
23225
msgid ""
18256
23226
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
18257
23227
"Mailman administration site. Now enable the new configuration and restart "
18258
23228
"Apache:"
18259
23229
msgstr ""
18260
23230
18261
#: serverguide/C/mail.xml:931(command)
23231
#: serverguide/C/mail.xml:936(command)
18262
23232
msgid "sudo a2ensite mailman.conf"
18263
23233
msgstr "sudo a2ensite mailman.conf"
18264
23234
18265
#: serverguide/C/mail.xml:934(para)
23235
#: serverguide/C/mail.xml:939(para)
18266
23236
msgid ""
18267
23237
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
18268
23238
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
18271
23241
"available/mailman.conf</filename> file if you wish to change this behavior."
18272
23242
msgstr ""
18273
23243
18274
#: serverguide/C/mail.xml:945(para)
23244
#: serverguide/C/mail.xml:950(para)
18275
23245
msgid ""
18276
23246
"For <application>Postfix</application> integration, we will associate the "
18277
23247
"domain lists.example.com with the mailing lists. Please replace "
18278
23248
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
18279
23249
msgstr ""
18280
23250
18281
#: serverguide/C/mail.xml:949(para)
23251
#: serverguide/C/mail.xml:954(para)
18282
23252
msgid ""
18283
23253
"You can use the postconf command to add the necessary configuration to "
18284
23254
"<filename>/etc/postfix/main.cf</filename>:"
18285
23255
msgstr ""
18286
23256
18287
#: serverguide/C/mail.xml:953(command)
23257
#: serverguide/C/mail.xml:958(command)
18288
23258
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
18289
23259
msgstr "sudo postconf -e 'relay_domains = lists.example.com'"
18290
23260
18291
#: serverguide/C/mail.xml:954(command)
23261
#: serverguide/C/mail.xml:959(command)
18292
23262
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18293
23263
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18294
23264
18295
#: serverguide/C/mail.xml:955(command)
23265
#: serverguide/C/mail.xml:960(command)
18296
23266
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18297
23267
msgstr "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18298
23268
18299
#: serverguide/C/mail.xml:957(para)
23269
#: serverguide/C/mail.xml:962(para)
18300
23270
msgid ""
18301
23271
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
18302
23272
"the following transport:"
18303
23273
msgstr ""
18304
23274
18305
#: serverguide/C/mail.xml:960(programlisting)
23275
#: serverguide/C/mail.xml:965(programlisting)
18306
23276
#, no-wrap
18307
23277
msgid ""
18308
23278
"\n"
18311
23281
" ${nexthop} ${user}\n"
18312
23282
msgstr ""
18313
23283
18314
#: serverguide/C/mail.xml:965(para)
23284
#: serverguide/C/mail.xml:970(para)
18315
23285
msgid ""
18316
23286
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
18317
23287
"is delivered to a list."
18318
23288
msgstr ""
18319
23289
18320
#: serverguide/C/mail.xml:968(para)
23290
#: serverguide/C/mail.xml:973(para)
18321
23291
msgid ""
18322
23292
"Associate the domain lists.example.com to the Mailman transport with the "
18323
23293
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
18324
23294
msgstr ""
18325
23295
18326
#: serverguide/C/mail.xml:971(programlisting)
23296
#: serverguide/C/mail.xml:976(programlisting)
18327
23297
#, no-wrap
18328
23298
msgid ""
18329
23299
"\n"
18330
23300
"lists.example.com mailman:\n"
18331
23301
msgstr ""
18332
23302
18333
#: serverguide/C/mail.xml:974(para)
23303
#: serverguide/C/mail.xml:979(para)
18334
23304
msgid ""
18335
23305
"Now have <application>Postfix</application> build the transport map by "
18336
23306
"entering the following from a terminal prompt:"
18337
23307
msgstr ""
18338
23308
18339
#: serverguide/C/mail.xml:978(command)
23309
#: serverguide/C/mail.xml:983(command)
18340
23310
msgid "sudo postmap -v /etc/postfix/transport"
18341
23311
msgstr ""
18342
23312
18343
#: serverguide/C/mail.xml:980(para)
23313
#: serverguide/C/mail.xml:985(para)
18344
23314
msgid "Then restart Postfix to enable the new configurations:"
18345
23315
msgstr ""
18346
23316
18347
#: serverguide/C/mail.xml:989(para)
23317
#: serverguide/C/mail.xml:994(para)
18348
23318
msgid ""
18349
23319
"Once Exim4 is installed, you can start the Exim server using the following "
18350
23320
"command from a terminal prompt:"
18351
23321
msgstr ""
18352
23322
18353
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
23323
#: serverguide/C/mail.xml:1010(para) serverguide/C/mail.xml:1025(title)
18354
23324
msgid "Main"
18355
23325
msgstr ""
18356
23326
18357
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
23327
#: serverguide/C/mail.xml:1013(para) serverguide/C/mail.xml:1065(title)
18358
23328
msgid "Transport"
18359
23329
msgstr ""
18360
23330
18361
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
23331
#: serverguide/C/mail.xml:1016(para) serverguide/C/mail.xml:1088(title)
18362
23332
msgid "Router"
18363
23333
msgstr ""
18364
23334
18365
#: serverguide/C/mail.xml:996(para)
23335
#: serverguide/C/mail.xml:1001(para)
18366
23336
msgid ""
18367
23337
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18368
23338
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18374
23344
"is very important."
18375
23345
msgstr ""
18376
23346
18377
#: serverguide/C/mail.xml:1027(programlisting)
23347
#: serverguide/C/mail.xml:1032(programlisting)
18378
23348
#, no-wrap
18379
23349
msgid ""
18380
23350
"\n"
18408
23378
"# end\n"
18409
23379
msgstr ""
18410
23380
18411
#: serverguide/C/mail.xml:1021(para)
23381
#: serverguide/C/mail.xml:1026(para)
18412
23382
msgid ""
18413
23383
"All the configuration files belonging to the main type are stored in the "
18414
23384
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18416
23386
"config_mailman</filename>: <placeholder-1/>"
18417
23387
msgstr ""
18418
23388
18419
#: serverguide/C/mail.xml:1067(programlisting)
23389
#: serverguide/C/mail.xml:1072(programlisting)
18420
23390
#, no-wrap
18421
23391
msgid ""
18422
23392
"\n"
18447
23417
" user = MM_UID\n"
18448
23418
" group = MM_GID\n"
18449
23419
18450
#: serverguide/C/mail.xml:1061(para)
23420
#: serverguide/C/mail.xml:1066(para)
18451
23421
msgid ""
18452
23422
"All the configuration files belonging to transport type are stored in the "
18453
23423
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18455
23425
"config_mailman</filename>: <placeholder-1/>"
18456
23426
msgstr ""
18457
23427
18458
#: serverguide/C/mail.xml:1088(programlisting)
23428
#: serverguide/C/mail.xml:1093(programlisting)
18459
23429
#, no-wrap
18460
23430
msgid ""
18461
23431
"\n"
18478
23448
" -owner : -request : -admin\n"
18479
23449
" transport = mailman_transport\n"
18480
23450
18481
#: serverguide/C/mail.xml:1084(para)
23451
#: serverguide/C/mail.xml:1089(para)
18482
23452
msgid ""
18483
23453
"All the configuration files belonging to router type are stored in the "
18484
23454
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18486
23456
"config_mailman</filename>: <placeholder-1/>"
18487
23457
msgstr ""
18488
23458
18489
#: serverguide/C/mail.xml:1101(para)
23459
#: serverguide/C/mail.xml:1106(para)
18490
23460
msgid ""
18491
23461
"The order of main and transport configuration files can be in any order. "
18492
23462
"But, the order of router configuration files must be the same. This "
18496
23466
"details, please refer to the references section."
18497
23467
msgstr ""
18498
23468
18499
#: serverguide/C/mail.xml:1114(para)
23469
#: serverguide/C/mail.xml:1119(para)
18500
23470
msgid ""
18501
23471
"Once mailman is installed, you can run it using the following command:"
18502
23472
msgstr ""
18503
23473
18504
#: serverguide/C/mail.xml:1118(command)
23474
#: serverguide/C/mail.xml:1123(command)
18505
23475
msgid "sudo /etc/init.d/mailman start"
18506
23476
msgstr "sudo /etc/init.d/mailman start"
18507
23477
18508
#: serverguide/C/mail.xml:1120(para)
23478
#: serverguide/C/mail.xml:1125(para)
18509
23479
msgid ""
18510
23480
"Once mailman is installed, you should create the default mailing list. Run "
18511
23481
"the following command to create the mailing list:"
18512
23482
msgstr ""
18513
23483
18514
#: serverguide/C/mail.xml:1126(command)
23484
#: serverguide/C/mail.xml:1131(command)
18515
23485
msgid "sudo /usr/sbin/newlist mailman"
18516
23486
msgstr ""
18517
23487
18518
#: serverguide/C/mail.xml:1129(programlisting)
23488
#: serverguide/C/mail.xml:1134(programlisting)
18519
23489
#, no-wrap
18520
23490
msgid ""
18521
23491
"\n"
18546
23516
" # \n"
18547
23517
msgstr ""
18548
23518
18549
#: serverguide/C/mail.xml:1152(para)
23519
#: serverguide/C/mail.xml:1157(para)
18550
23520
msgid ""
18551
23521
"We have configured either Postfix or Exim4 to recognize all emails from "
18552
23522
"mailman. So, it is not mandatory to make any new entries in "
18555
23525
"continuing to next section."
18556
23526
msgstr ""
18557
23527
18558
#: serverguide/C/mail.xml:1160(para)
23528
#: serverguide/C/mail.xml:1165(para)
18559
23529
msgid ""
18560
23530
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18561
23531
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18563
23533
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18564
23534
msgstr ""
18565
23535
18566
#: serverguide/C/mail.xml:1171(title)
23536
#: serverguide/C/mail.xml:1176(title)
18567
23537
msgid "Administration"
18568
23538
msgstr "Alministración"
18569
23539
18570
#: serverguide/C/mail.xml:1172(para)
23540
#: serverguide/C/mail.xml:1177(para)
18571
23541
msgid ""
18572
23542
"We assume you have a default installation. The mailman cgi scripts are still "
18573
23543
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18575
23545
"point your browser to the following url:"
18576
23546
msgstr ""
18577
23547
18578
#: serverguide/C/mail.xml:1180(para)
23548
#: serverguide/C/mail.xml:1185(para)
18579
23549
msgid "http://hostname/cgi-bin/mailman/admin"
18580
23550
msgstr "http://nomehost/cgi-bin/mailman/admin"
18581
23551
18582
#: serverguide/C/mail.xml:1184(para)
23552
#: serverguide/C/mail.xml:1189(para)
18583
23553
msgid ""
18584
23554
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18585
23555
"screen. If you click the mailing list name, it will ask for your "
18590
23560
"mailing list using the web interface."
18591
23561
msgstr ""
18592
23562
18593
#: serverguide/C/mail.xml:1197(title)
23563
#: serverguide/C/mail.xml:1202(title)
18594
23564
msgid "Users"
18595
23565
msgstr "Usuarios"
18596
23566
18597
#: serverguide/C/mail.xml:1198(para)
23567
#: serverguide/C/mail.xml:1203(para)
18598
23568
msgid ""
18599
23569
"Mailman provides a web based interface for users. To access this page, point "
18600
23570
"your browser to the following url:"
18601
23571
msgstr ""
18602
23572
18603
#: serverguide/C/mail.xml:1203(para)
23573
#: serverguide/C/mail.xml:1208(para)
18604
23574
msgid "http://hostname/cgi-bin/mailman/listinfo"
18605
23575
msgstr "http://nomehost/cgi-bin/mailman/listinfo"
18606
23576
18607
#: serverguide/C/mail.xml:1207(para)
23577
#: serverguide/C/mail.xml:1212(para)
18608
23578
msgid ""
18609
23579
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18610
23580
"screen. If you click the mailing list name, it will display the subscription "
18613
23583
"instructions in the email to subscribe."
18614
23584
msgstr ""
18615
23585
18616
#: serverguide/C/mail.xml:1219(ulink)
23586
#: serverguide/C/mail.xml:1224(ulink)
18617
23587
msgid "GNU Mailman - Installation Manual"
18618
23588
msgstr ""
18619
23589
18620
#: serverguide/C/mail.xml:1223(ulink)
23590
#: serverguide/C/mail.xml:1228(ulink)
18621
23591
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18622
23592
msgstr ""
18623
23593
18624
#: serverguide/C/mail.xml:1226(para)
23594
#: serverguide/C/mail.xml:1231(para)
18625
23595
msgid ""
18626
23596
"Also, see the <ulink "
18627
23597
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18628
23598
"Wiki</ulink> page."
18629
23599
msgstr ""
18630
23600
18631
#: serverguide/C/mail.xml:1232(title)
23601
#: serverguide/C/mail.xml:1237(title)
18632
23602
msgid "Mail Filtering"
18633
23603
msgstr ""
18634
23604
18635
#: serverguide/C/mail.xml:1233(para)
23605
#: serverguide/C/mail.xml:1238(para)
18636
23606
msgid ""
18637
23607
"One of the largest issues with email today is the problem of Unsolicited "
18638
23608
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18640
23610
"the bulk of all email traffic on the Internet."
18641
23611
msgstr ""
18642
23612
18643
#: serverguide/C/mail.xml:1238(para)
23613
#: serverguide/C/mail.xml:1243(para)
18644
23614
msgid ""
18645
23615
"This section will cover integrating <application>Amavisd-new</application>, "
18646
23616
"<application>Spamassassin</application>, and "
18654
23624
"spf</application>."
18655
23625
msgstr ""
18656
23626
18657
#: serverguide/C/mail.xml:1248(para)
23627
#: serverguide/C/mail.xml:1253(para)
18658
23628
msgid ""
18659
23629
"<application>Amavisd-new</application> is a wrapper program that can call "
18660
23630
"any number of content filtering programs for spam detection, antivirus, etc."
18661
23631
msgstr ""
18662
23632
18663
#: serverguide/C/mail.xml:1254(para)
23633
#: serverguide/C/mail.xml:1259(para)
18664
23634
msgid ""
18665
23635
"<application>Spamassassin</application> uses a variety of mechanisms to "
18666
23636
"filter email based on the message content."
18667
23637
msgstr ""
18668
23638
18669
#: serverguide/C/mail.xml:1259(para)
23639
#: serverguide/C/mail.xml:1264(para)
18670
23640
msgid ""
18671
23641
"<application>ClamAV</application> is an open source antivirus application."
18672
23642
msgstr ""
18673
23643
18674
#: serverguide/C/mail.xml:1264(para)
23644
#: serverguide/C/mail.xml:1269(para)
18675
23645
msgid ""
18676
23646
"<application>opendkim</application> implements a Sendmail Mail Filter "
18677
23647
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18678
23648
msgstr ""
18679
23649
18680
#: serverguide/C/mail.xml:1270(para)
23650
#: serverguide/C/mail.xml:1275(para)
18681
23651
msgid ""
18682
23652
"<application>python-policyd-spf</application> enables Sender Policy "
18683
23653
"Framework (SPF) checking with <application>Postfix</application>."
18684
23654
msgstr ""
18685
23655
18686
#: serverguide/C/mail.xml:1275(para)
23656
#: serverguide/C/mail.xml:1280(para)
18687
23657
msgid "This is how the pieces fit together:"
18688
23658
msgstr ""
18689
23659
18690
#: serverguide/C/mail.xml:1280(para)
23660
#: serverguide/C/mail.xml:1285(para)
18691
23661
msgid "An email message is accepted by <application>Postfix</application>."
18692
23662
msgstr ""
18693
23663
18694
#: serverguide/C/mail.xml:1285(para)
23664
#: serverguide/C/mail.xml:1290(para)
18695
23665
msgid ""
18696
23666
"The message is passed through any external filters "
18697
23667
"<application>opendkim</application> and <application>python-policyd-"
18698
23668
"spf</application> in this case."
18699
23669
msgstr ""
18700
23670
18701
#: serverguide/C/mail.xml:1291(para)
23671
#: serverguide/C/mail.xml:1296(para)
18702
23672
msgid "<application>Amavisd-new</application> then processes the message."
18703
23673
msgstr ""
18704
23674
18705
#: serverguide/C/mail.xml:1296(para)
23675
#: serverguide/C/mail.xml:1301(para)
18706
23676
msgid ""
18707
23677
"<application>ClamAV</application> is used to scan the message. If the "
18708
23678
"message contains a virus <application>Postfix</application> will reject the "
18709
23679
"message."
18710
23680
msgstr ""
18711
23681
18712
#: serverguide/C/mail.xml:1302(para)
23682
#: serverguide/C/mail.xml:1307(para)
18713
23683
msgid ""
18714
23684
"Clean messages will then be analyzed by "
18715
23685
"<application>Spamassassin</application> to find out if the message is spam. "
18718
23688
"message."
18719
23689
msgstr ""
18720
23690
18721
#: serverguide/C/mail.xml:1309(para)
23691
#: serverguide/C/mail.xml:1314(para)
18722
23692
msgid ""
18723
23693
"For example, if a message has a Spam score of over fifty the message could "
18724
23694
"be automatically dropped from the queue without the recipient ever having to "
18727
23697
"see fit."
18728
23698
msgstr ""
18729
23699
18730
#: serverguide/C/mail.xml:1316(para)
23700
#: serverguide/C/mail.xml:1321(para)
18731
23701
msgid ""
18732
23702
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18733
23703
"configuring Postfix."
18734
23704
msgstr ""
18735
23705
18736
#: serverguide/C/mail.xml:1319(para)
23706
#: serverguide/C/mail.xml:1324(para)
18737
23707
msgid ""
18738
23708
"To install the rest of the applications enter the following from a terminal "
18739
23709
"prompt:"
18740
23710
msgstr ""
18741
23711
18742
#: serverguide/C/mail.xml:1323(command)
23712
#: serverguide/C/mail.xml:1328(command)
18743
23713
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18744
23714
msgstr ""
18745
23715
18746
#: serverguide/C/mail.xml:1324(command)
18747
msgid "sudo apt-get install opendkim python-policyd-spf"
23716
#: serverguide/C/mail.xml:1329(command)
23717
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
18748
23718
msgstr ""
18749
23719
18750
#: serverguide/C/mail.xml:1326(para)
23720
#: serverguide/C/mail.xml:1331(para)
18751
23721
msgid ""
18752
23722
"There are some optional packages that integrate with "
18753
23723
"<application>Spamassassin</application> for better spam detection:"
18754
23724
msgstr ""
18755
23725
18756
#: serverguide/C/mail.xml:1330(command)
23726
#: serverguide/C/mail.xml:1335(command)
18757
23727
msgid "sudo apt-get install pyzor razor"
18758
23728
msgstr ""
18759
23729
18760
#: serverguide/C/mail.xml:1332(para)
23730
#: serverguide/C/mail.xml:1337(para)
18761
23731
msgid ""
18762
23732
"Along with the main filtering applications compression utilities are needed "
18763
23733
"to process some email attachments:"
18764
23734
msgstr ""
18765
23735
18766
#: serverguide/C/mail.xml:1336(command)
23736
#: serverguide/C/mail.xml:1341(command)
18767
23737
msgid ""
18768
23738
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18769
23739
msgstr ""
18770
23740
18771
#: serverguide/C/mail.xml:1339(para)
23741
#: serverguide/C/mail.xml:1344(para)
18772
23742
msgid ""
18773
23743
"If some packages are not found, check that the "
18774
23744
"<emphasis>multiverse</emphasis> repository is enabled in "
18775
23745
"<filename>/etc/apt/sources.list</filename>"
18776
23746
msgstr ""
18777
23747
18778
#: serverguide/C/mail.xml:1340(para)
23748
#: serverguide/C/mail.xml:1345(para)
18779
23749
msgid ""
18780
23750
"If you make changes to the file, be sure to run <command>sudo apt-get "
18781
23751
"update</command> before trying to install again."
18782
23752
msgstr ""
18783
23753
18784
#: serverguide/C/mail.xml:1345(para)
23754
#: serverguide/C/mail.xml:1350(para)
18785
23755
msgid "Now configure everything to work together and filter email."
18786
23756
msgstr ""
18787
23757
18788
#: serverguide/C/mail.xml:1349(title)
23758
#: serverguide/C/mail.xml:1354(title)
18789
23759
msgid "ClamAV"
18790
23760
msgstr ""
18791
23761
18792
#: serverguide/C/mail.xml:1350(para)
23762
#: serverguide/C/mail.xml:1355(para)
18793
23763
msgid ""
18794
23764
"The default behaviour of <application>ClamAV</application> will fit our "
18795
23765
"needs. For more ClamAV configuration options, check the configuration files "
18796
23766
"in <filename>/etc/clamav</filename>."
18797
23767
msgstr ""
18798
23768
18799
#: serverguide/C/mail.xml:1355(para)
23769
#: serverguide/C/mail.xml:1360(para)
18800
23770
msgid ""
18801
23771
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18802
23772
"group in order for <application>Amavisd-new</application> to have the "
18803
23773
"appropriate access to scan files:"
18804
23774
msgstr ""
18805
23775
18806
#: serverguide/C/mail.xml:1360(command)
23776
#: serverguide/C/mail.xml:1365(command)
18807
23777
msgid "sudo adduser clamav amavis"
18808
23778
msgstr ""
18809
23779
18810
#: serverguide/C/mail.xml:1364(title)
23780
#: serverguide/C/mail.xml:1366(command)
23781
msgid "sudo adduser amavis clamav"
23782
msgstr ""
23783
23784
#: serverguide/C/mail.xml:1370(title)
18811
23785
msgid "Spamassassin"
18812
23786
msgstr ""
18813
23787
18814
#: serverguide/C/mail.xml:1365(para)
23788
#: serverguide/C/mail.xml:1371(para)
18815
23789
msgid ""
18816
23790
"Spamassassin automatically detects optional components and will use them if "
18817
23791
"they are present. This means that there is no need to configure "
18818
23792
"<application>pyzor</application> and <application>razor</application>."
18819
23793
msgstr ""
18820
23794
18821
#: serverguide/C/mail.xml:1369(para)
23795
#: serverguide/C/mail.xml:1375(para)
18822
23796
msgid ""
18823
23797
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18824
23798
"<application>Spamassassin</application> daemon. Change "
18825
23799
"<emphasis>ENABLED=0</emphasis> to:"
18826
23800
msgstr ""
18827
23801
18828
#: serverguide/C/mail.xml:1373(programlisting)
23802
#: serverguide/C/mail.xml:1379(programlisting)
18829
23803
#, no-wrap
18830
23804
msgid ""
18831
23805
"\n"
18832
23806
"ENABLED=1\n"
18833
23807
msgstr ""
18834
23808
18835
#: serverguide/C/mail.xml:1376(para)
23809
#: serverguide/C/mail.xml:1382(para)
18836
23810
msgid "Now start the daemon:"
18837
23811
msgstr ""
18838
23812
18839
#: serverguide/C/mail.xml:1380(command)
23813
#: serverguide/C/mail.xml:1386(command)
18840
23814
msgid "sudo /etc/init.d/spamassassin start"
18841
23815
msgstr ""
18842
23816
18843
#: serverguide/C/mail.xml:1384(title)
23817
#: serverguide/C/mail.xml:1390(title)
18844
23818
msgid "Amavisd-new"
18845
23819
msgstr ""
18846
23820
18847
#: serverguide/C/mail.xml:1385(para)
23821
#: serverguide/C/mail.xml:1391(para)
18848
23822
msgid ""
18849
23823
"First activate spam and antivirus detection in <application>Amavisd-"
18850
23824
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18851
23825
"content_filter_mode</filename>:"
18852
23826
msgstr ""
18853
23827
18854
#: serverguide/C/mail.xml:1389(programlisting)
23828
#: serverguide/C/mail.xml:1395(programlisting)
18855
23829
#, no-wrap
18856
23830
msgid ""
18857
23831
"\n"
18882
23856
"1; # insure a defined return\n"
18883
23857
msgstr ""
18884
23858
18885
#: serverguide/C/mail.xml:1414(para)
23859
#: serverguide/C/mail.xml:1420(para)
18886
23860
msgid ""
18887
23861
"Bouncing spam can be a bad idea as the return address is often faked. "
18888
23862
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18890
23864
"D_BOUNCE, as follows:"
18891
23865
msgstr ""
18892
23866
18893
#: serverguide/C/mail.xml:1420(programlisting)
23867
#: serverguide/C/mail.xml:1426(programlisting)
18894
23868
#, no-wrap
18895
23869
msgid ""
18896
23870
"\n"
18897
23871
"$final_spam_destiny = D_DISCARD;\n"
18898
23872
msgstr ""
18899
23873
18900
#: serverguide/C/mail.xml:1424(para)
23874
#: serverguide/C/mail.xml:1430(para)
18901
23875
msgid ""
18902
23876
"Additionally, you may want to adjust the following options to flag more "
18903
23877
"messages as spam:"
18904
23878
msgstr ""
18905
23879
18906
#: serverguide/C/mail.xml:1428(programlisting)
23880
#: serverguide/C/mail.xml:1434(programlisting)
18907
23881
#, no-wrap
18908
23882
msgid ""
18909
23883
"\n"
18914
23888
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18915
23889
msgstr ""
18916
23890
18917
#: serverguide/C/mail.xml:1435(para)
23891
#: serverguide/C/mail.xml:1441(para)
18918
23892
msgid ""
18919
23893
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18920
23894
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18923
23897
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18924
23898
msgstr ""
18925
23899
18926
#: serverguide/C/mail.xml:1442(programlisting)
23900
#: serverguide/C/mail.xml:1448(programlisting)
18927
23901
#, no-wrap
18928
23902
msgid ""
18929
23903
"\n"
18931
23905
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18932
23906
msgstr ""
18933
23907
18934
#: serverguide/C/mail.xml:1447(para)
23908
#: serverguide/C/mail.xml:1453(para)
23909
msgid ""
23910
"If you want to cover multiple domains you can use the following in "
23911
"the<filename>/etc/amavis/conf.d/50-user</filename>"
23912
msgstr ""
23913
23914
#: serverguide/C/mail.xml:1456(programlisting)
23915
#, no-wrap
23916
msgid ""
23917
"\n"
23918
"@local_domains_acl = qw(.);\n"
23919
msgstr ""
23920
23921
#: serverguide/C/mail.xml:1460(para)
18935
23922
msgid ""
18936
23923
"After configuration <application>Amavisd-new</application> needs to be "
18937
23924
"restarted:"
18938
23925
msgstr ""
18939
23926
18940
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
23927
#: serverguide/C/mail.xml:1464(command) serverguide/C/mail.xml:1511(command)
18941
23928
msgid "sudo /etc/init.d/amavis restart"
18942
23929
msgstr ""
18943
23930
18944
#: serverguide/C/mail.xml:1454(title)
23931
#: serverguide/C/mail.xml:1467(title)
18945
23932
msgid "DKIM Whitelist"
18946
23933
msgstr ""
18947
23934
18948
#: serverguide/C/mail.xml:1456(para)
23935
#: serverguide/C/mail.xml:1469(para)
18949
23936
msgid ""
18950
23937
"<application>Amavisd-new</application> can be configured to automatically "
18951
23938
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18953
23940
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18954
23941
msgstr ""
18955
23942
18956
#: serverguide/C/mail.xml:1462(para)
23943
#: serverguide/C/mail.xml:1475(para)
18957
23944
msgid "There are multiple ways to configure the Whitelist for a domain:"
18958
23945
msgstr ""
18959
23946
18960
#: serverguide/C/mail.xml:1468(para)
23947
#: serverguide/C/mail.xml:1481(para)
18961
23948
msgid ""
18962
23949
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18963
23950
"address from the \"example.com\" domain."
18964
23951
msgstr ""
18965
23952
18966
#: serverguide/C/mail.xml:1473(para)
23953
#: serverguide/C/mail.xml:1486(para)
18967
23954
msgid ""
18968
23955
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18969
23956
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18970
23957
"have a valid signature."
18971
23958
msgstr ""
18972
23959
18973
#: serverguide/C/mail.xml:1479(para)
23960
#: serverguide/C/mail.xml:1492(para)
18974
23961
msgid ""
18975
23962
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18976
23963
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18977
23964
"role=\"italic\">example.com</emphasis> the parent domain."
18978
23965
msgstr ""
18979
23966
18980
#: serverguide/C/mail.xml:1485(para)
23967
#: serverguide/C/mail.xml:1498(para)
18981
23968
msgid ""
18982
23969
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18983
23970
"that have a valid signature from \"example.com\". This is usually used for "
18984
23971
"discussion groups that sign their messages."
18985
23972
msgstr ""
18986
23973
18987
#: serverguide/C/mail.xml:1492(para)
23974
#: serverguide/C/mail.xml:1505(para)
18988
23975
msgid ""
18989
"A domain can also have multiple Whitelist configurations. After, editing the "
18990
"file restart <application>amaisd-new</application>:"
23976
"A domain can also have multiple Whitelist configurations. After editing the "
23977
"file, restart <application>amavisd-new</application>:"
18991
23978
msgstr ""
18992
23979
18993
#: serverguide/C/mail.xml:1501(para)
23980
#: serverguide/C/mail.xml:1515(para)
18994
23981
msgid ""
18995
23982
"In this context, once a domain has been added to the Whitelist the message "
18996
23983
"will not receive any anti-virus or spam filtering. This may or may not be "
18997
23984
"the intended behavior you wish for a domain."
18998
23985
msgstr ""
18999
23986
19000
#: serverguide/C/mail.xml:1511(para)
23987
#: serverguide/C/mail.xml:1525(para)
19001
23988
msgid ""
19002
23989
"For <application>Postfix</application> integration, enter the following from "
19003
23990
"a terminal prompt:"
19004
23991
msgstr ""
19005
23992
19006
#: serverguide/C/mail.xml:1515(command)
23993
#: serverguide/C/mail.xml:1529(command)
19007
23994
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
19008
23995
msgstr ""
19009
23996
19010
#: serverguide/C/mail.xml:1517(para)
23997
#: serverguide/C/mail.xml:1531(para)
19011
23998
msgid ""
19012
23999
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
19013
24000
"to the end of the file:"
19014
24001
msgstr ""
19015
24002
19016
#: serverguide/C/mail.xml:1520(programlisting)
24003
#: serverguide/C/mail.xml:1534(programlisting)
19017
24004
#, no-wrap
19018
24005
msgid ""
19019
24006
"\n"
19045
24032
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
19046
24033
msgstr ""
19047
24034
19048
#: serverguide/C/mail.xml:1547(para)
24035
#: serverguide/C/mail.xml:1561(para)
19049
24036
msgid ""
19050
24037
"Also add the following two lines immediately below the "
19051
24038
"<emphasis>\"pickup\"</emphasis> transport service:"
19052
24039
msgstr ""
19053
24040
19054
#: serverguide/C/mail.xml:1550(programlisting)
24041
#: serverguide/C/mail.xml:1564(programlisting)
19055
24042
#, no-wrap
19056
24043
msgid ""
19057
24044
"\n"
19059
24046
" -o receive_override_options=no_header_body_checks\n"
19060
24047
msgstr ""
19061
24048
19062
#: serverguide/C/mail.xml:1554(para)
24049
#: serverguide/C/mail.xml:1568(para)
19063
24050
msgid ""
19064
24051
"This will prevent messages that are generated to report on spam from being "
19065
24052
"classified as spam."
19066
24053
msgstr ""
19067
24054
19068
#: serverguide/C/mail.xml:1557(para)
24055
#: serverguide/C/mail.xml:1571(para)
19069
24056
msgid "Now restart <application>Postfix</application>:"
19070
24057
msgstr ""
19071
24058
19072
#: serverguide/C/mail.xml:1563(para)
24059
#: serverguide/C/mail.xml:1577(para)
19073
24060
msgid "Content filtering with spam and virus detection is now enabled."
19074
24061
msgstr ""
19075
24062
19076
#: serverguide/C/mail.xml:1569(title)
24063
#: serverguide/C/mail.xml:1583(title)
19077
24064
msgid "Amavisd-new and Spamassassin"
19078
24065
msgstr ""
19079
24066
19080
#: serverguide/C/mail.xml:1571(para)
24067
#: serverguide/C/mail.xml:1585(para)
19081
24068
msgid ""
19082
24069
"When integrating <application>Amavisd-new</application> with "
19083
24070
"<application>Spamassassin</application>, if you choose to disable the bayes "
19088
24075
"<application>cron</application> job."
19089
24076
msgstr ""
19090
24077
19091
#: serverguide/C/mail.xml:1578(para)
24078
#: serverguide/C/mail.xml:1592(para)
19092
24079
msgid "There are several ways to handle this situation:"
19093
24080
msgstr ""
19094
24081
19095
#: serverguide/C/mail.xml:1584(para)
24082
#: serverguide/C/mail.xml:1598(para)
19096
24083
msgid "Configure your MDA to filter messages you do not wish to see."
19097
24084
msgstr ""
19098
24085
19099
#: serverguide/C/mail.xml:1589(para)
24086
#: serverguide/C/mail.xml:1603(para)
19100
24087
msgid ""
19101
24088
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
19102
24089
"<emphasis>use_bayes 0</emphasis>. For example, edit "
19104
24091
"the top before the <emphasis>test</emphasis> statements:"
19105
24092
msgstr ""
19106
24093
19107
#: serverguide/C/mail.xml:1593(programlisting)
24094
#: serverguide/C/mail.xml:1607(programlisting)
19108
24095
#, no-wrap
19109
24096
msgid ""
19110
24097
"\n"
19112
24099
"exit 0\n"
19113
24100
msgstr ""
19114
24101
19115
#: serverguide/C/mail.xml:1603(para)
24102
#: serverguide/C/mail.xml:1617(para)
19116
24103
msgid ""
19117
24104
"First, test that the <application>Amavisd-new</application> SMTP is "
19118
24105
"listening:"
19119
24106
msgstr ""
19120
24107
19121
#: serverguide/C/mail.xml:1606(programlisting)
24108
#: serverguide/C/mail.xml:1620(programlisting)
19122
24109
#, no-wrap
19123
24110
msgid ""
19124
24111
"\n"
19130
24117
"^]\n"
19131
24118
msgstr ""
19132
24119
19133
#: serverguide/C/mail.xml:1614(para)
24120
#: serverguide/C/mail.xml:1628(para)
19134
24121
msgid ""
19135
24122
"In the Header of messages that go through the content filter you should see:"
19136
24123
msgstr ""
19137
24124
19138
#: serverguide/C/mail.xml:1617(programlisting)
24125
#: serverguide/C/mail.xml:1631(programlisting)
19139
24126
#, no-wrap
19140
24127
msgid ""
19141
24128
"\n"
19146
24133
"X-Spam-Level: \n"
19147
24134
msgstr ""
19148
24135
19149
#: serverguide/C/mail.xml:1624(para)
24136
#: serverguide/C/mail.xml:1638(para)
19150
24137
msgid ""
19151
24138
"Your output will vary, but the important thing is that there are <emphasis>X-"
19152
24139
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
19153
24140
msgstr ""
19154
24141
19155
#: serverguide/C/mail.xml:1632(para)
24142
#: serverguide/C/mail.xml:1646(para)
19156
24143
msgid ""
19157
24144
"The best way to figure out why something is going wrong is to check the log "
19158
24145
"files."
19159
24146
msgstr ""
19160
24147
19161
#: serverguide/C/mail.xml:1637(para)
24148
#: serverguide/C/mail.xml:1651(para)
19162
24149
msgid ""
19163
24150
"For instructions on <application>Postfix</application> logging see the <xref "
19164
24151
"linkend=\"postfix-troubleshooting\"/> section."
19165
24152
msgstr ""
19166
24153
19167
#: serverguide/C/mail.xml:1643(para)
24154
#: serverguide/C/mail.xml:1657(para)
19168
24155
msgid ""
19169
24156
"<application>Amavisd-new</application> uses "
19170
24157
"<application>Syslog</application> to send messages to "
19174
24161
"1 to 5."
19175
24162
msgstr ""
19176
24163
19177
#: serverguide/C/mail.xml:1648(programlisting)
24164
#: serverguide/C/mail.xml:1662(programlisting)
19178
24165
#, no-wrap
19179
24166
msgid ""
19180
24167
"\n"
19181
24168
"$log_level = 2;\n"
19182
24169
msgstr ""
19183
24170
19184
#: serverguide/C/mail.xml:1652(para)
24171
#: serverguide/C/mail.xml:1666(para)
19185
24172
msgid ""
19186
24173
"When the <application>Amavisd-new</application> log output is increased "
19187
24174
"<application>Spamassassin</application> log output is also increased."
19188
24175
msgstr ""
19189
24176
19190
#: serverguide/C/mail.xml:1659(para)
24177
#: serverguide/C/mail.xml:1673(para)
19191
24178
msgid ""
19192
24179
"The <application>ClamAV</application> log level can be increased by editing "
19193
24180
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
19194
24181
msgstr ""
19195
24182
19196
#: serverguide/C/mail.xml:1663(programlisting)
24183
#: serverguide/C/mail.xml:1677(programlisting)
19197
24184
#, no-wrap
19198
24185
msgid ""
19199
24186
"\n"
19200
24187
"LogVerbose true\n"
19201
24188
msgstr ""
19202
24189
19203
#: serverguide/C/mail.xml:1666(para)
24190
#: serverguide/C/mail.xml:1680(para)
19204
24191
msgid ""
19205
24192
"By default <application>ClamAV</application> will send log messages to "
19206
24193
"<filename>/var/log/clamav/clamav.log</filename>."
19207
24194
msgstr ""
19208
24195
19209
#: serverguide/C/mail.xml:1672(para)
24196
#: serverguide/C/mail.xml:1686(para)
19210
24197
msgid ""
19211
24198
"After changing an applications log settings remember to restart the service "
19212
24199
"for the new settings to take affect. Also, once the issue you are "
19214
24201
"back to normal."
19215
24202
msgstr ""
19216
24203
19217
#: serverguide/C/mail.xml:1680(para)
24204
#: serverguide/C/mail.xml:1694(para)
19218
24205
msgid "For more information on filtering mail see the following links:"
19219
24206
msgstr ""
19220
24207
19221
#: serverguide/C/mail.xml:1686(ulink)
24208
#: serverguide/C/mail.xml:1700(ulink)
19222
24209
msgid "Amavisd-new Documentation"
19223
24210
msgstr ""
19224
24211
19225
#: serverguide/C/mail.xml:1690(para)
24212
#: serverguide/C/mail.xml:1704(para)
19226
24213
msgid ""
19227
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
24214
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
19228
24215
"Documentation</ulink> and <ulink "
19229
24216
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
19230
24217
msgstr ""
19231
24218
19232
#: serverguide/C/mail.xml:1697(ulink)
24219
#: serverguide/C/mail.xml:1711(ulink)
19233
24220
msgid "Spamassassin Wiki"
19234
24221
msgstr ""
19235
24222
19236
#: serverguide/C/mail.xml:1702(ulink)
24223
#: serverguide/C/mail.xml:1716(ulink)
19237
24224
msgid "Pyzor Homepage"
19238
24225
msgstr ""
19239
24226
19240
#: serverguide/C/mail.xml:1707(ulink)
24227
#: serverguide/C/mail.xml:1721(ulink)
19241
24228
msgid "Razor Homepage"
19242
24229
msgstr ""
19243
24230
19244
#: serverguide/C/mail.xml:1712(ulink)
24231
#: serverguide/C/mail.xml:1726(ulink)
19245
24232
msgid "DKIM.org"
19246
24233
msgstr ""
19247
24234
19248
#: serverguide/C/mail.xml:1717(ulink)
24235
#: serverguide/C/mail.xml:1731(ulink)
19249
24236
msgid "Postfix Amavis New"
19250
24237
msgstr ""
19251
24238
19252
#: serverguide/C/mail.xml:1721(para)
24239
#: serverguide/C/mail.xml:1735(para)
19253
24240
msgid ""
19254
24241
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
19255
24242
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
19261
24248
19262
24249
#: serverguide/C/lamp-applications.xml:19(para)
19263
24250
msgid ""
19264
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
19265
"Ubuntu servers. There is a plethora of Open Source applications written "
19266
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
19267
"Content Management Systems, and Management Software such as phpMyAdmin."
24251
"LAMP installations (Linux + Apache + MySQL + PHP/Perl/Python) are a popular "
24252
"setup for Ubuntu servers. There is a plethora of Open Source applications "
24253
"written using the LAMP application stack. Some popular LAMP applications are "
24254
"Wiki's, Content Management Systems, and Management Software such as "
24255
"phpMyAdmin."
19268
24256
msgstr ""
19269
24257
19270
24258
#: serverguide/C/lamp-applications.xml:26(para)
19271
24259
msgid ""
19272
24260
"One advantage of LAMP is the substantial flexibility for different database, "
19273
24261
"web server, and scripting languages. Popular substitutes for MySQL include "
19274
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
19275
"instead of PHP."
24262
"PostgreSQL and SQLite. Python, Perl, and Ruby are also frequently used "
24263
"instead of PHP. While Nginx, Cherokee and Lighttpd can replace Apache."
19276
24264
msgstr ""
19277
24265
19278
24266
#: serverguide/C/lamp-applications.xml:32(para)
19279
24267
msgid ""
19280
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
19281
"is:"
19282
msgstr ""
19283
19284
#: serverguide/C/lamp-applications.xml:38(para)
24268
"The fastest way to get started is to install LAMP using "
24269
"<application>tasksel</application>. Tasksel is a Debian/Ubuntu tool that "
24270
"installs multiple related packages as a co-ordinated \"task\" onto your "
24271
"system. To install a LAMP server:"
24272
msgstr ""
24273
24274
#: serverguide/C/lamp-applications.xml:43(command)
24275
msgid "sudo tasksel install lamp-server"
24276
msgstr ""
24277
24278
#: serverguide/C/lamp-applications.xml:48(para)
24279
msgid ""
24280
"After installing it you'll be able to install most <emphasis>LAMP</emphasis> "
24281
"applications in this way:"
24282
msgstr ""
24283
24284
#: serverguide/C/lamp-applications.xml:54(para)
19285
24285
msgid "Download an archive containing the application source files."
19286
24286
msgstr ""
19287
24287
19288
#: serverguide/C/lamp-applications.xml:43(para)
24288
#: serverguide/C/lamp-applications.xml:59(para)
19289
24289
msgid ""
19290
24290
"Unpack the archive, usually in a directory accessible to a web server."
19291
24291
msgstr ""
19292
24292
19293
#: serverguide/C/lamp-applications.xml:48(para)
24293
#: serverguide/C/lamp-applications.xml:64(para)
19294
24294
msgid ""
19295
24295
"Depending on where the source was extracted, configure a web server to serve "
19296
24296
"the files."
19297
24297
msgstr ""
19298
24298
19299
#: serverguide/C/lamp-applications.xml:53(para)
24299
#: serverguide/C/lamp-applications.xml:69(para)
19300
24300
msgid "Configure the application to connect to the database."
19301
24301
msgstr ""
19302
24302
19303
#: serverguide/C/lamp-applications.xml:58(para)
24303
#: serverguide/C/lamp-applications.xml:74(para)
19304
24304
msgid ""
19305
24305
"Run a script, or browse to a page of the application, to install the "
19306
24306
"database needed by the application."
19307
24307
msgstr ""
19308
24308
19309
#: serverguide/C/lamp-applications.xml:63(para)
24309
#: serverguide/C/lamp-applications.xml:79(para)
19310
24310
msgid ""
19311
24311
"Once the steps above, or similar steps, are completed you are ready to begin "
19312
24312
"using the application."
19313
24313
msgstr ""
19314
24314
19315
#: serverguide/C/lamp-applications.xml:69(para)
24315
#: serverguide/C/lamp-applications.xml:85(para)
19316
24316
msgid ""
19317
24317
"A disadvantage of using this approach is that the application files are not "
19318
24318
"placed in the file system in a standard way, which can cause confusion as to "
19321
24321
"install the application is needed to apply updates."
19322
24322
msgstr ""
19323
24323
19324
#: serverguide/C/lamp-applications.xml:76(para)
24324
#: serverguide/C/lamp-applications.xml:92(para)
19325
24325
msgid ""
19326
24326
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19327
24327
"packaged for Ubuntu, and are available for installation in the same way as "
19329
24329
"and setup steps may be needed, however."
19330
24330
msgstr ""
19331
24331
19332
#: serverguide/C/lamp-applications.xml:82(para)
19333
msgid ""
19334
"This section covers howto install and configure the Wiki applications "
19335
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19336
"and the MySQL management application <application>phpMyAdmin</application>."
19337
msgstr ""
19338
19339
#: serverguide/C/lamp-applications.xml:88(para)
19340
msgid ""
19341
"A Wiki is a website that allows the visitors to easily add, remove and "
19342
"modify available content easily. The ease of interaction and operation makes "
19343
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
19344
"also referred to the collaborative software."
19345
msgstr ""
19346
19347
#: serverguide/C/lamp-applications.xml:100(title)
24332
#: serverguide/C/lamp-applications.xml:98(para)
24333
msgid ""
24334
"This section covers how to install some <emphasis>LAMP</emphasis> "
24335
"applications."
24336
msgstr ""
24337
24338
#: serverguide/C/lamp-applications.xml:104(title)
19348
24339
msgid "Moin Moin"
19349
24340
msgstr ""
19350
24341
19351
#: serverguide/C/lamp-applications.xml:102(para)
24342
#: serverguide/C/lamp-applications.xml:106(para)
19352
24343
msgid ""
19353
24344
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19354
24345
"engine, and licensed under the GNU GPL."
19355
24346
msgstr ""
19356
24347
19357
#: serverguide/C/lamp-applications.xml:110(para)
24348
#: serverguide/C/lamp-applications.xml:114(para)
19358
24349
msgid ""
19359
24350
"To install <application>MoinMoin</application>, run the following command in "
19360
24351
"the command prompt:"
19361
24352
msgstr ""
19362
24353
19363
#: serverguide/C/lamp-applications.xml:116(command)
24354
#: serverguide/C/lamp-applications.xml:120(command)
19364
24355
msgid "sudo apt-get install python-moinmoin"
19365
24356
msgstr ""
19366
24357
19367
#: serverguide/C/lamp-applications.xml:119(para)
24358
#: serverguide/C/lamp-applications.xml:123(para)
19368
24359
msgid ""
19369
24360
"You should also install <application>apache2</application> web server. For "
19370
24361
"installing <application>apache2</application> web server, please refer to "
19372
24363
"linkend=\"httpd\"/> section."
19373
24364
msgstr ""
19374
24365
19375
#: serverguide/C/lamp-applications.xml:130(para)
24366
#: serverguide/C/lamp-applications.xml:134(para)
19376
24367
msgid ""
19377
24368
"For configuring your first Wiki application, please run the following set of "
19378
24369
"commands. Let us assume that you are creating a Wiki named "
19379
24370
"<emphasis>mywiki</emphasis>:"
19380
24371
msgstr ""
19381
24372
19382
#: serverguide/C/lamp-applications.xml:137(command)
24373
#: serverguide/C/lamp-applications.xml:141(command)
19383
24374
msgid "cd /usr/share/moin"
19384
24375
msgstr ""
19385
24376
19386
#: serverguide/C/lamp-applications.xml:138(command)
24377
#: serverguide/C/lamp-applications.xml:142(command)
19387
24378
msgid "sudo mkdir mywiki"
19388
24379
msgstr ""
19389
24380
19390
#: serverguide/C/lamp-applications.xml:139(command)
24381
#: serverguide/C/lamp-applications.xml:143(command)
19391
24382
msgid "sudo cp -R data mywiki"
19392
24383
msgstr ""
19393
24384
19394
#: serverguide/C/lamp-applications.xml:140(command)
24385
#: serverguide/C/lamp-applications.xml:144(command)
19395
24386
msgid "sudo cp -R underlay mywiki"
19396
24387
msgstr ""
19397
24388
19398
#: serverguide/C/lamp-applications.xml:141(command)
24389
#: serverguide/C/lamp-applications.xml:145(command)
19399
24390
msgid "sudo cp server/moin.cgi mywiki"
19400
24391
msgstr ""
19401
24392
19402
#: serverguide/C/lamp-applications.xml:142(command)
24393
#: serverguide/C/lamp-applications.xml:146(command)
19403
24394
msgid "sudo chown -R www-data.www-data mywiki"
19404
24395
msgstr ""
19405
24396
19406
#: serverguide/C/lamp-applications.xml:143(command)
24397
#: serverguide/C/lamp-applications.xml:147(command)
19407
24398
msgid "sudo chmod -R ug+rwX mywiki"
19408
24399
msgstr ""
19409
24400
19410
#: serverguide/C/lamp-applications.xml:144(command)
24401
#: serverguide/C/lamp-applications.xml:148(command)
19411
24402
msgid "sudo chmod -R o-rwx mywiki"
19412
24403
msgstr ""
19413
24404
19414
#: serverguide/C/lamp-applications.xml:147(para)
24405
#: serverguide/C/lamp-applications.xml:151(para)
19415
24406
msgid ""
19416
24407
"Now you should configure <application>MoinMoin</application> to find your "
19417
24408
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19419
24410
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19420
24411
msgstr ""
19421
24412
19422
#: serverguide/C/lamp-applications.xml:155(programlisting)
24413
#: serverguide/C/lamp-applications.xml:159(programlisting)
19423
24414
#, no-wrap
19424
24415
msgid "data_dir = '/org/mywiki/data'"
19425
24416
msgstr ""
19426
24417
19427
#: serverguide/C/lamp-applications.xml:157(para)
24418
#: serverguide/C/lamp-applications.xml:161(para)
19428
24419
msgid "to"
19429
24420
msgstr ""
19430
24421
19431
#: serverguide/C/lamp-applications.xml:161(programlisting)
24422
#: serverguide/C/lamp-applications.xml:165(programlisting)
19432
24423
#, no-wrap
19433
24424
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19434
24425
msgstr ""
19435
24426
19436
#: serverguide/C/lamp-applications.xml:163(para)
24427
#: serverguide/C/lamp-applications.xml:167(para)
19437
24428
msgid ""
19438
24429
"Also, below the <emphasis>data_dir</emphasis> option add the "
19439
24430
"<emphasis>data_underlay_dir</emphasis>:"
19440
24431
msgstr ""
19441
24432
19442
#: serverguide/C/lamp-applications.xml:167(programlisting)
24433
#: serverguide/C/lamp-applications.xml:171(programlisting)
19443
24434
#, no-wrap
19444
24435
msgid ""
19445
24436
"\n"
19446
24437
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19447
24438
msgstr ""
19448
24439
19449
#: serverguide/C/lamp-applications.xml:172(para)
24440
#: serverguide/C/lamp-applications.xml:176(para)
19450
24441
msgid ""
19451
24442
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19452
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19453
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19454
"change."
24443
"should copy <filename>/usr/share/moin/config/wikifarm/mywiki.py</filename> "
24444
"file to <filename>/etc/moin/mywiki.py</filename> file and do the above "
24445
"mentioned change."
19455
24446
msgstr ""
19456
24447
19457
#: serverguide/C/lamp-applications.xml:181(para)
24448
#: serverguide/C/lamp-applications.xml:184(para)
19458
24449
msgid ""
19459
24450
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19460
24451
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19462
24453
"<quote>(\"mywiki\", r\".*\")</quote>."
19463
24454
msgstr ""
19464
24455
19465
#: serverguide/C/lamp-applications.xml:189(para)
24456
#: serverguide/C/lamp-applications.xml:192(para)
19466
24457
msgid ""
19467
24458
"Once you have configured <application>MoinMoin</application> to find your "
19468
24459
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19470
24461
"application."
19471
24462
msgstr ""
19472
24463
19473
#: serverguide/C/lamp-applications.xml:196(para)
24464
#: serverguide/C/lamp-applications.xml:199(para)
19474
24465
msgid ""
19475
24466
"You should add the following lines in <filename>/etc/apache2/sites-"
19476
24467
"available/default</filename> file inside the <quote><VirtualHost "
19477
24468
"*></quote> tag:"
19478
24469
msgstr ""
19479
24470
19480
#: serverguide/C/lamp-applications.xml:202(programlisting)
24471
#: serverguide/C/lamp-applications.xml:205(programlisting)
19481
24472
#, no-wrap
19482
24473
msgid ""
19483
24474
"\n"
19484
24475
"### moin\n"
19485
24476
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19486
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
24477
" alias /moin_static193 \"/usr/share/moin/htdocs\"\n"
19487
24478
" <Directory /usr/share/moin/htdocs>\n"
19488
24479
" Order allow,deny\n"
19489
24480
" allow from all\n"
19491
24482
"### end moin\n"
19492
24483
msgstr ""
19493
24484
19494
#: serverguide/C/lamp-applications.xml:214(para)
19495
msgid ""
19496
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19497
"<emphasis>alias</emphasis> line above, to the "
19498
"<application>moinmoin</application> version installed."
19499
msgstr ""
19500
19501
#: serverguide/C/lamp-applications.xml:220(para)
24485
#: serverguide/C/lamp-applications.xml:216(para)
19502
24486
msgid ""
19503
24487
"Once you configure the <application>apache2</application> web server and "
19504
24488
"make it ready for your Wiki application, you should restart it. You can run "
19506
24490
"server:"
19507
24491
msgstr ""
19508
24492
19509
#: serverguide/C/lamp-applications.xml:233(title)
24493
#: serverguide/C/lamp-applications.xml:229(title) serverguide/C/installation.xml:1255(title)
19510
24494
msgid "Verification"
19511
24495
msgstr ""
19512
24496
19513
#: serverguide/C/lamp-applications.xml:235(para)
24497
#: serverguide/C/lamp-applications.xml:231(para)
19514
24498
msgid ""
19515
24499
"You can verify the Wiki application and see if it works by pointing your web "
19516
24500
"browser to the following URL:"
19517
24501
msgstr ""
19518
24502
19519
#: serverguide/C/lamp-applications.xml:239(programlisting)
24503
#: serverguide/C/lamp-applications.xml:235(programlisting)
19520
24504
#, no-wrap
19521
24505
msgid ""
19522
24506
"\n"
19523
24507
"http://localhost/mywiki\n"
19524
24508
msgstr ""
19525
24509
19526
#: serverguide/C/lamp-applications.xml:243(para)
19527
msgid ""
19528
"You can also run the test command by pointing your web browser to the "
19529
"following URL:"
19530
msgstr ""
19531
19532
#: serverguide/C/lamp-applications.xml:248(programlisting)
19533
#, no-wrap
19534
msgid ""
19535
"\n"
19536
"http://localhost/mywiki?action=test\n"
19537
msgstr ""
19538
19539
#: serverguide/C/lamp-applications.xml:252(para)
24510
#: serverguide/C/lamp-applications.xml:239(para)
19540
24511
msgid ""
19541
24512
"For more details, please refer to the <ulink "
19542
24513
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19543
24514
msgstr ""
19544
24515
19545
#: serverguide/C/lamp-applications.xml:263(para)
24516
#: serverguide/C/lamp-applications.xml:250(para)
19546
24517
msgid ""
19547
24518
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19548
24519
"Wiki</ulink>."
19549
24520
msgstr ""
19550
24521
19551
#: serverguide/C/lamp-applications.xml:268(para)
24522
#: serverguide/C/lamp-applications.xml:255(para)
19552
24523
msgid ""
19553
24524
"Also, see the <ulink "
19554
24525
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19555
24526
"MoinMoin</ulink> page."
19556
24527
msgstr ""
19557
24528
19558
#: serverguide/C/lamp-applications.xml:277(title)
24529
#: serverguide/C/lamp-applications.xml:264(title)
19559
24530
msgid "MediaWiki"
19560
24531
msgstr ""
19561
24532
19562
#: serverguide/C/lamp-applications.xml:279(para)
24533
#: serverguide/C/lamp-applications.xml:266(para)
19563
24534
msgid ""
19564
24535
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19565
24536
"either use <application>MySQL</application> or "
19566
24537
"<application>PostgreSQL</application> Database Management System."
19567
24538
msgstr ""
19568
24539
19569
#: serverguide/C/lamp-applications.xml:289(para)
24540
#: serverguide/C/lamp-applications.xml:276(para)
19570
24541
msgid ""
19571
24542
"Before installing <application>MediaWiki</application> you should also "
19572
24543
"install <application>Apache2</application>, the "
19577
24548
"installation instructions."
19578
24549
msgstr ""
19579
24550
19580
#: serverguide/C/lamp-applications.xml:297(para)
24551
#: serverguide/C/lamp-applications.xml:284(para)
19581
24552
msgid ""
19582
24553
"To install <application>MediaWiki</application>, run the following command "
19583
24554
"in the command prompt:"
19584
24555
msgstr ""
19585
24556
19586
#: serverguide/C/lamp-applications.xml:303(command)
24557
#: serverguide/C/lamp-applications.xml:290(command)
19587
24558
msgid "sudo apt-get install mediawiki php5-gd"
19588
24559
msgstr ""
19589
24560
19590
#: serverguide/C/lamp-applications.xml:306(para)
24561
#: serverguide/C/lamp-applications.xml:293(para)
19591
24562
msgid ""
19592
24563
"For additional <application>MediaWiki</application> functionality see the "
19593
24564
"<application>mediawiki-extensions</application> package."
19594
24565
msgstr ""
19595
24566
19596
#: serverguide/C/lamp-applications.xml:316(para)
24567
#: serverguide/C/lamp-applications.xml:303(para)
19597
24568
msgid ""
19598
24569
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19599
24570
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19601
24572
"MediaWiki application."
19602
24573
msgstr ""
19603
24574
19604
#: serverguide/C/lamp-applications.xml:324(screen)
24575
#: serverguide/C/lamp-applications.xml:311(screen)
19605
24576
#, no-wrap
19606
24577
msgid ""
19607
24578
"\n"
19608
24579
"# Alias /mediawiki /var/lib/mediawiki\n"
19609
24580
msgstr ""
19610
24581
19611
#: serverguide/C/lamp-applications.xml:328(para)
24582
#: serverguide/C/lamp-applications.xml:315(para)
19612
24583
msgid ""
19613
24584
"After you uncomment the above line, restart Apache server and access "
19614
24585
"MediaWiki using the following url:"
19615
24586
msgstr ""
19616
24587
19617
#: serverguide/C/lamp-applications.xml:333(programlisting)
24588
#: serverguide/C/lamp-applications.xml:320(programlisting)
19618
24589
#, no-wrap
19619
24590
msgid ""
19620
24591
"\n"
19621
24592
"http://localhost/mediawiki/config/index.php\n"
19622
24593
msgstr ""
19623
24594
19624
#: serverguide/C/lamp-applications.xml:338(para)
24595
#: serverguide/C/lamp-applications.xml:325(para)
19625
24596
msgid ""
19626
24597
"Please read the <quote>Checking environment...</quote> section in this page. "
19627
24598
"You should be able to fix many issues by carefully reading this section."
19628
24599
msgstr ""
19629
24600
19630
#: serverguide/C/lamp-applications.xml:345(para)
24601
#: serverguide/C/lamp-applications.xml:332(para)
19631
24602
msgid ""
19632
24603
"Once the configuration is complete, you should copy the "
19633
24604
"<filename>LocalSettings.php</filename> file to "
19634
24605
"<filename>/etc/mediawiki</filename> directory:"
19635
24606
msgstr ""
19636
24607
19637
#: serverguide/C/lamp-applications.xml:352(command)
24608
#: serverguide/C/lamp-applications.xml:339(command)
19638
24609
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19639
24610
msgstr ""
19640
24611
19641
#: serverguide/C/lamp-applications.xml:355(para)
24612
#: serverguide/C/lamp-applications.xml:342(para)
19642
24613
msgid ""
19643
24614
"You may also want to edit "
19644
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
24615
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
24616
"memory limit (disabled by default):"
19645
24617
msgstr ""
19646
24618
19647
#: serverguide/C/lamp-applications.xml:360(programlisting)
24619
#: serverguide/C/lamp-applications.xml:347(programlisting)
19648
24620
#, no-wrap
19649
24621
msgid ""
19650
24622
"\n"
19651
24623
"ini_set( 'memory_limit', '64M' );\n"
19652
24624
msgstr ""
19653
24625
19654
#: serverguide/C/lamp-applications.xml:367(title)
24626
#: serverguide/C/lamp-applications.xml:354(title)
19655
24627
msgid "Extensions"
19656
24628
msgstr ""
19657
24629
19658
#: serverguide/C/lamp-applications.xml:368(para)
24630
#: serverguide/C/lamp-applications.xml:355(para)
19659
24631
msgid ""
19660
24632
"The extensions add new features and enhancements for the MediaWiki "
19661
24633
"application. The extensions give wiki administrators and end users the "
19662
24634
"ability to customize MediaWiki to their requirements."
19663
24635
msgstr ""
19664
24636
19665
#: serverguide/C/lamp-applications.xml:374(para)
24637
#: serverguide/C/lamp-applications.xml:361(para)
19666
24638
msgid ""
19667
24639
"You can download MediaWiki extensions as an archive file or checkout from "
19668
24640
"the Subversion repository. You should copy it to "
19671
24643
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19672
24644
msgstr ""
19673
24645
19674
#: serverguide/C/lamp-applications.xml:382(programlisting)
24646
#: serverguide/C/lamp-applications.xml:369(programlisting)
19675
24647
#, no-wrap
19676
24648
msgid ""
19677
24649
"\n"
19678
24650
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19679
24651
msgstr ""
19680
24652
19681
#: serverguide/C/lamp-applications.xml:392(para)
24653
#: serverguide/C/lamp-applications.xml:379(para)
19682
24654
msgid ""
19683
24655
"For more details, please refer to the <ulink "
19684
24656
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19685
24657
msgstr ""
19686
24658
19687
#: serverguide/C/lamp-applications.xml:398(para)
24659
#: serverguide/C/lamp-applications.xml:385(para)
19688
24660
msgid ""
19689
24661
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19690
24662
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19691
24663
"new MediaWiki administrators."
19692
24664
msgstr ""
19693
24665
19694
#: serverguide/C/lamp-applications.xml:404(para)
24666
#: serverguide/C/lamp-applications.xml:391(para)
19695
24667
msgid ""
19696
24668
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19697
24669
"Wiki MediaWiki</ulink> page is a good resource."
19698
24670
msgstr ""
19699
24671
19700
#: serverguide/C/lamp-applications.xml:414(title)
24672
#: serverguide/C/lamp-applications.xml:401(title)
19701
24673
msgid "phpMyAdmin"
19702
24674
msgstr ""
19703
24675
19704
#: serverguide/C/lamp-applications.xml:416(para)
24676
#: serverguide/C/lamp-applications.xml:403(para)
19705
24677
msgid ""
19706
24678
"<application>phpMyAdmin</application> is a LAMP application specifically "
19707
24679
"written for administering <application>MySQL</application> servers. Written "
19709
24681
"phpMyAdmin provides a graphical interface for database administration tasks."
19710
24682
msgstr ""
19711
24683
19712
#: serverguide/C/lamp-applications.xml:425(para)
24684
#: serverguide/C/lamp-applications.xml:412(para)
19713
24685
msgid ""
19714
24686
"Before installing <application>phpMyAdmin</application> you will need access "
19715
24687
"to a <application>MySQL</application> database either on the same host as "
19718
24690
"enter:"
19719
24691
msgstr ""
19720
24692
19721
#: serverguide/C/lamp-applications.xml:432(command)
24693
#: serverguide/C/lamp-applications.xml:419(command)
19722
24694
msgid "sudo apt-get install phpmyadmin"
19723
24695
msgstr ""
19724
24696
19725
#: serverguide/C/lamp-applications.xml:435(para)
24697
#: serverguide/C/lamp-applications.xml:422(para)
19726
24698
msgid ""
19727
24699
"At the prompt choose which web server to be configured for "
19728
24700
"<application>phpMyAdmin</application>. The rest of this section will use "
19729
24701
"<application>Apache2</application> for the web server."
19730
24702
msgstr ""
19731
24703
19732
#: serverguide/C/lamp-applications.xml:440(para)
24704
#: serverguide/C/lamp-applications.xml:427(para)
19733
24705
msgid ""
19734
24706
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19735
24707
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19739
24711
"password."
19740
24712
msgstr ""
19741
24713
19742
#: serverguide/C/lamp-applications.xml:447(para)
24714
#: serverguide/C/lamp-applications.xml:434(para)
19743
24715
msgid ""
19744
24716
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19745
24717
"needed, create users, create/destroy databases and tables, etc."
19746
24718
msgstr ""
19747
24719
19748
#: serverguide/C/lamp-applications.xml:455(para)
24720
#: serverguide/C/lamp-applications.xml:442(para)
19749
24721
msgid ""
19750
24722
"The configuration files for <application>phpMyAdmin</application> are "
19751
24723
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19754
24726
"<application>phpMyAdmin</application>."
19755
24727
msgstr ""
19756
24728
19757
#: serverguide/C/lamp-applications.xml:461(para)
24729
#: serverguide/C/lamp-applications.xml:448(para)
19758
24730
msgid ""
19759
24731
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19760
24732
"hosted on another server, adjust the following in "
19761
24733
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19762
24734
msgstr ""
19763
24735
19764
#: serverguide/C/lamp-applications.xml:466(programlisting)
24736
#: serverguide/C/lamp-applications.xml:453(programlisting)
19765
24737
#, no-wrap
19766
24738
msgid ""
19767
24739
"\n"
19768
24740
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19769
24741
msgstr ""
19770
24742
19771
#: serverguide/C/lamp-applications.xml:471(para)
24743
#: serverguide/C/lamp-applications.xml:458(para)
19772
24744
msgid ""
19773
24745
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19774
24746
"remote database server name or IP address. Also, be sure that the "
19776
24748
"remote database."
19777
24749
msgstr ""
19778
24750
19779
#: serverguide/C/lamp-applications.xml:477(para)
24751
#: serverguide/C/lamp-applications.xml:464(para)
19780
24752
msgid ""
19781
24753
"Once configured, log out of <application>phpMyAdmin</application> and back "
19782
24754
"in, and you should be accessing the new server."
19783
24755
msgstr ""
19784
24756
19785
#: serverguide/C/lamp-applications.xml:481(para)
24757
#: serverguide/C/lamp-applications.xml:468(para)
19786
24758
msgid ""
19787
24759
"The <filename>config.header.inc.php</filename> and "
19788
24760
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19789
24761
"header and footer to <application>phpMyAdmin</application>."
19790
24762
msgstr ""
19791
24763
19792
#: serverguide/C/lamp-applications.xml:486(para)
24764
#: serverguide/C/lamp-applications.xml:473(para)
19793
24765
msgid ""
19794
24766
"Another important configuration file is "
19795
24767
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19801
24773
"linkend=\"httpd\"/>."
19802
24774
msgstr ""
19803
24775
19804
#: serverguide/C/lamp-applications.xml:500(para)
24776
#: serverguide/C/lamp-applications.xml:487(para)
19805
24777
msgid ""
19806
24778
"The <application>phpMyAdmin</application> documentation comes installed with "
19807
24779
"the package and can be accessed from the <emphasis>phpMyAdmin "
19810
24782
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19811
24783
msgstr ""
19812
24784
19813
#: serverguide/C/lamp-applications.xml:507(para)
24785
#: serverguide/C/lamp-applications.xml:494(para)
19814
24786
msgid ""
19815
24787
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19816
24788
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19817
24789
msgstr ""
19818
24790
19819
#: serverguide/C/lamp-applications.xml:512(para)
24791
#: serverguide/C/lamp-applications.xml:499(para)
19820
24792
msgid ""
19821
24793
"A third resource is the <ulink "
19822
24794
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19839
24811
"This guide assumes you have a basic understanding of your Ubuntu system. "
19840
24812
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19841
24813
"but if you need detailed instructions installing Ubuntu please refer to the "
19842
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
24814
"<ulink url=\"https://help.ubuntu.com/12.04/installation-guide/\">Ubuntu "
19843
24815
"Installation Guide</ulink>."
19844
24816
msgstr ""
19845
24817
19846
24818
#: serverguide/C/introduction.xml:25(para)
19847
24819
msgid ""
19848
24820
"A HTML version of the manual is available online at <ulink "
19849
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19850
"HTML files are also available in the <application>ubuntu-"
19851
"serverguide</application> package. See <xref linkend=\"package-"
19852
"management\"/> for details on installing packages."
19853
msgstr ""
19854
19855
#: serverguide/C/introduction.xml:32(para)
19856
msgid ""
19857
"If you choose to install the <application>ubuntu-serverguide</application> "
19858
"you can view this document from a console by:"
19859
msgstr ""
19860
19861
#: serverguide/C/introduction.xml:36(command)
19862
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19863
msgstr ""
19864
19865
#: serverguide/C/introduction.xml:39(para)
19866
msgid ""
19867
"If you are using a localized version of Ubuntu, replace "
19868
"<emphasis>C</emphasis> with your language localization (e.g. "
19869
"<emphasis>en_GB</emphasis>)."
19870
msgstr ""
19871
19872
#: serverguide/C/introduction.xml:53(title)
24821
"url=\"https://help.ubuntu.com\">the Ubuntu Documentation website</ulink>."
24822
msgstr ""
24823
24824
#: serverguide/C/introduction.xml:31(title)
19873
24825
msgid "Support"
19874
24826
msgstr ""
19875
24827
19876
#: serverguide/C/introduction.xml:55(para)
24828
#: serverguide/C/introduction.xml:33(para)
19877
24829
msgid ""
19878
24830
"There are a couple of different ways that Ubuntu Server Edition is "
19879
24831
"supported, commercial support and community support. The main commercial "
19884
24836
"page."
19885
24837
msgstr ""
19886
24838
19887
#: serverguide/C/introduction.xml:62(para)
24839
#: serverguide/C/introduction.xml:40(para)
19888
24840
msgid ""
19889
24841
"Community support is also provided by dedicated individuals, and companies, "
19890
24842
"that wish to make Ubuntu the best distribution possible. Support is provided "
19897
24849
19898
24850
#: serverguide/C/installation.xml:14(para)
19899
24851
msgid ""
19900
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
24852
"This chapter provides a quick overview of installing Ubuntu 12.04 LTS Server "
19901
24853
"Edition. For more detailed instructions, please refer to the <ulink "
19902
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
24854
"url=\"https://help.ubuntu.com/12.04/installation-guide/\">Ubuntu "
19903
24855
"Installation Guide</ulink>."
19904
24856
msgstr ""
19905
24857
19919
24871
19920
24872
#: serverguide/C/installation.xml:25(para)
19921
24873
msgid ""
19922
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
19923
"and AMD64. The table below lists recommended hardware specifications. "
19924
"Depending on your needs, you might manage with less than this. However, most "
19925
"users risk being frustrated if they ignore these suggestions."
24874
"Ubuntu 12.04 LTS Server Edition supports three (3) major architectures: "
24875
"Intel x86, AMD64 and ARM. The table below lists recommended hardware "
24876
"specifications. Depending on your needs, you might manage with less than "
24877
"this. However, most users risk being frustrated if they ignore these "
24878
"suggestions."
19926
24879
msgstr ""
19927
24880
19928
#: serverguide/C/installation.xml:27(title)
24881
#: serverguide/C/installation.xml:28(title)
19929
24882
msgid "Recommended Minimum Requirements"
19930
24883
msgstr ""
19931
24884
19932
#: serverguide/C/installation.xml:35(para)
24885
#: serverguide/C/installation.xml:37(para)
19933
24886
msgid "Install Type"
19934
24887
msgstr ""
19935
24888
19936
#: serverguide/C/installation.xml:36(para)
24889
#: serverguide/C/installation.xml:39(para)
19937
24890
msgid "RAM"
19938
24891
msgstr ""
19939
24892
19940
#: serverguide/C/installation.xml:37(para)
24893
#: serverguide/C/installation.xml:40(para)
19941
24894
msgid "Hard Drive Space"
19942
24895
msgstr ""
19943
24896
19944
#: serverguide/C/installation.xml:40(para)
24897
#: serverguide/C/installation.xml:43(para)
19945
24898
msgid "Base System"
19946
24899
msgstr ""
19947
24900
19948
#: serverguide/C/installation.xml:41(para)
24901
#: serverguide/C/installation.xml:44(para)
19949
24902
msgid "All Tasks Installed"
19950
24903
msgstr ""
19951
24904
19952
#: serverguide/C/installation.xml:46(para)
24905
#: serverguide/C/installation.xml:49(para)
19953
24906
msgid "Server"
19954
24907
msgstr ""
19955
24908
19956
#: serverguide/C/installation.xml:47(para)
24909
#: serverguide/C/installation.xml:50(para)
24910
msgid "300 megahertz"
24911
msgstr ""
24912
24913
#: serverguide/C/installation.xml:51(para)
19957
24914
msgid "128 megabytes"
19958
24915
msgstr ""
19959
24916
19960
#: serverguide/C/installation.xml:48(para)
24917
#: serverguide/C/installation.xml:52(para)
19961
24918
msgid "500 megabytes"
19962
24919
msgstr ""
19963
24920
19964
#: serverguide/C/installation.xml:49(para)
24921
#: serverguide/C/installation.xml:53(para)
19965
24922
msgid "1 gigabyte"
19966
24923
msgstr ""
19967
24924
19968
#: serverguide/C/installation.xml:54(para)
24925
#: serverguide/C/installation.xml:58(para)
19969
24926
msgid ""
19970
24927
"The Server Edition provides a common base for all sorts of server "
19971
24928
"applications. It is a minimalist design providing a platform for the desired "
19972
24929
"services, such as file/print services, web hosting, email hosting, etc."
19973
24930
msgstr ""
19974
24931
19975
#: serverguide/C/installation.xml:60(para)
24932
#: serverguide/C/installation.xml:64(para)
19976
24933
msgid ""
19977
"The requirements for UEC are slightly different for Front End requirements "
19978
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
24934
"The requirements for UEC are slightly different; for Front End requirements "
24935
"see <xref linkend=\"uec-frontend-requirements\"/>, and for UEC Node "
19979
24936
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19980
24937
msgstr ""
19981
24938
19982
#: serverguide/C/installation.xml:68(title)
24939
#: serverguide/C/installation.xml:72(title)
19983
24940
msgid "Server and Desktop Differences"
19984
24941
msgstr ""
19985
24942
19986
#: serverguide/C/installation.xml:69(para)
24943
#: serverguide/C/installation.xml:73(para)
19987
24944
msgid ""
19988
24945
"There are a few differences between the <emphasis>Ubuntu Server "
19989
24946
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19990
24947
"should be noted that both editions use the same "
19991
"<application>apt</application> repositories. Making it just as easy to "
24948
"<application>apt</application> repositories, making it just as easy to "
19992
24949
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19993
24950
"Desktop Edition as it is on the Server Edition."
19994
24951
msgstr ""
19995
24952
19996
#: serverguide/C/installation.xml:75(para)
24953
#: serverguide/C/installation.xml:79(para)
19997
24954
msgid ""
19998
24955
"The differences between the two editions are the lack of an X window "
19999
24956
"environment in the Server Edition, the installation process, and different "
20000
24957
"Kernel options."
20001
24958
msgstr ""
20002
24959
20003
#: serverguide/C/installation.xml:82(title)
24960
#: serverguide/C/installation.xml:86(title)
20004
24961
msgid "Kernel Differences:"
20005
24962
msgstr ""
20006
24963
20007
#: serverguide/C/installation.xml:85(para)
24964
#: serverguide/C/installation.xml:89(para)
20008
24965
msgid ""
20009
24966
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
20010
24967
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
20011
24968
"Edition."
20012
24969
msgstr ""
20013
24970
20014
#: serverguide/C/installation.xml:91(para)
24971
#: serverguide/C/installation.xml:95(para)
20015
24972
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
20016
24973
msgstr ""
20017
24974
20018
#: serverguide/C/installation.xml:96(para)
24975
#: serverguide/C/installation.xml:100(para)
20019
24976
msgid ""
20020
24977
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
20021
24978
"Desktop Edition."
20022
24979
msgstr ""
20023
24980
20024
#: serverguide/C/installation.xml:102(para)
24981
#: serverguide/C/installation.xml:106(para)
20025
24982
msgid ""
20026
24983
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
20027
24984
"limited by memory addressing space."
20028
24985
msgstr ""
20029
24986
20030
#: serverguide/C/installation.xml:107(para)
24987
#: serverguide/C/installation.xml:111(para)
20031
24988
msgid ""
20032
24989
"To see all kernel configuration options you can look through "
20033
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
20034
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
20035
"is a great resource on the options available."
24990
"<filename>/boot/config-3.2.0-server</filename>. Also, <ulink "
24991
"url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
24992
"great resource on the options available."
20036
24993
msgstr ""
20037
24994
20038
#: serverguide/C/installation.xml:116(title)
24995
#: serverguide/C/installation.xml:120(title)
20039
24996
msgid "Backing Up"
20040
24997
msgstr ""
20041
24998
20042
#: serverguide/C/installation.xml:119(para)
24999
#: serverguide/C/installation.xml:123(para)
20043
25000
msgid ""
20044
25001
"Before installing <application>Ubuntu Server Edition</application> you "
20045
25002
"should make sure all data on the system is backed up. See <xref "
20046
25003
"linkend=\"backups\"/> for backup options."
20047
25004
msgstr ""
20048
25005
20049
#: serverguide/C/installation.xml:123(para)
25006
#: serverguide/C/installation.xml:127(para)
20050
25007
msgid ""
20051
25008
"If this is not the first time an operating system has been installed on your "
20052
25009
"computer, it is likely you will need to re-partition your disk to make room "
20053
25010
"for Ubuntu."
20054
25011
msgstr ""
20055
25012
20056
#: serverguide/C/installation.xml:127(para)
25013
#: serverguide/C/installation.xml:131(para)
20057
25014
msgid ""
20058
25015
"Any time you partition your disk, you should be prepared to lose everything "
20059
25016
"on the disk should you make a mistake or something goes wrong during "
20061
25018
"have seen years of use, but they also perform destructive actions."
20062
25019
msgstr ""
20063
25020
20064
#: serverguide/C/installation.xml:139(title)
25021
#: serverguide/C/installation.xml:143(title)
20065
25022
msgid "Installing from CD"
20066
25023
msgstr ""
20067
25024
20068
#: serverguide/C/installation.xml:140(para)
25025
#: serverguide/C/installation.xml:144(para)
20069
25026
msgid ""
20070
"The basic steps to install Ubuntu Server Edition from CD are the same for "
20071
"installing any operating system from CD. Unlike the <emphasis>Desktop "
20072
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
20073
"a graphical installation program. Instead the Server Edition uses a console "
20074
"menu based process."
25027
"The basic steps to install Ubuntu Server Edition from CD are the same as "
25028
"those for installing any operating system from CD. Unlike the "
25029
"<emphasis>Desktop Edition</emphasis>, the <emphasis>Server "
25030
"Edition</emphasis> does not include a graphical installation program. The "
25031
"Server Edition uses a console menu based process instead."
20075
25032
msgstr ""
20076
25033
20077
#: serverguide/C/installation.xml:147(para)
25034
#: serverguide/C/installation.xml:151(para)
20078
25035
msgid ""
20079
25036
"First, download and burn the appropriate ISO file from the <ulink "
20080
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
25037
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
25038
"site</ulink>."
20081
25039
msgstr ""
20082
25040
20083
#: serverguide/C/installation.xml:153(para)
25041
#: serverguide/C/installation.xml:157(para)
20084
25042
msgid "Boot the system from the CD-ROM drive."
20085
25043
msgstr ""
20086
25044
20087
#: serverguide/C/installation.xml:158(para)
20088
msgid ""
20089
"At the boot prompt you will be asked to select the language. Afterwards the "
20090
"installation process begins by asking for your keyboard layout."
25045
#: serverguide/C/installation.xml:162(para)
25046
msgid "At the boot prompt you will be asked to select a language."
20091
25047
msgstr ""
20092
25048
20093
#: serverguide/C/installation.xml:164(para)
25049
#: serverguide/C/installation.xml:167(para)
20094
25050
msgid ""
20095
25051
"From the main boot menu there are some additional options to install Ubuntu "
20096
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
20097
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
20098
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
20099
"will cover the basic Ubuntu Server install."
20100
msgstr ""
20101
20102
#: serverguide/C/installation.xml:172(para)
25052
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
25053
"defects, check the system's RAM, boot from first hard disk, or rescue a "
25054
"broken system. The rest of this section will cover the basic Ubuntu Server "
25055
"install."
25056
msgstr ""
25057
25058
#: serverguide/C/installation.xml:174(para)
25059
msgid ""
25060
"The installer asks for which language it should use. Afterwards, you are "
25061
"asked to select your location."
25062
msgstr ""
25063
25064
#: serverguide/C/installation.xml:180(para)
25065
msgid ""
25066
"Next, the installation process begins by asking for your keyboard layout. "
25067
"You can ask the installer to attempt auto-detecting it, or you can select it "
25068
"manually from a list."
25069
msgstr ""
25070
25071
#: serverguide/C/installation.xml:186(para)
20103
25072
msgid ""
20104
25073
"The installer then discovers your hardware configuration, and configures the "
20105
25074
"network settings using DHCP. If you do not wish to use DHCP at the next "
20107
25076
"network manually\"."
20108
25077
msgstr ""
20109
25078
20110
#: serverguide/C/installation.xml:179(para)
25079
#: serverguide/C/installation.xml:193(para)
20111
25080
msgid "Next, the installer asks for the system's hostname and Time Zone."
20112
25081
msgstr ""
20113
25082
20114
#: serverguide/C/installation.xml:184(para)
25083
#: serverguide/C/installation.xml:198(para)
20115
25084
msgid ""
20116
25085
"You can then choose from several options to configure the hard drive layout. "
20117
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
25086
"Afterwards you are asked for which disk to install to. You may get "
25087
"confirmation prompts before rewriting the partition table or setting up LVM "
25088
"depending on disk layout. If you choose LVM, you will be asked for the size "
25089
"of the root logical volume. For advanced disk options see <xref "
25090
"linkend=\"advanced-installation\"/>."
20118
25091
msgstr ""
20119
25092
20120
#: serverguide/C/installation.xml:190(para)
25093
#: serverguide/C/installation.xml:206(para)
20121
25094
msgid "The Ubuntu base system is then installed."
20122
25095
msgstr ""
20123
25096
20124
#: serverguide/C/installation.xml:195(para)
25097
#: serverguide/C/installation.xml:211(para)
20125
25098
msgid ""
20126
"A new user is setup, this user will have <emphasis>root</emphasis> access "
25099
"A new user is set up; this user will have <emphasis>root</emphasis> access "
20127
25100
"through the <application>sudo</application> utility."
20128
25101
msgstr ""
20129
25102
20130
#: serverguide/C/installation.xml:201(para)
25103
#: serverguide/C/installation.xml:217(para)
20131
25104
msgid ""
20132
"After the user is setup, you will be asked to encrypt your <filename "
20133
"role=\"directory\">home</filename> directory."
25105
"After the user settings have been completed, you will be asked to encrypt "
25106
"your <filename role=\"directory\">home</filename> directory."
20134
25107
msgstr ""
20135
25108
20136
#: serverguide/C/installation.xml:207(para)
25109
#: serverguide/C/installation.xml:223(para)
20137
25110
msgid ""
20138
25111
"The next step in the installation process is to decide how you want to "
20139
25112
"update the system. There are three options:"
20140
25113
msgstr ""
20141
25114
20142
#: serverguide/C/installation.xml:213(para)
25115
#: serverguide/C/installation.xml:229(para)
20143
25116
msgid ""
20144
25117
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
20145
25118
"log into the machine and manually install updates."
20146
25119
msgstr ""
20147
25120
20148
#: serverguide/C/installation.xml:219(para)
25121
#: serverguide/C/installation.xml:235(para)
20149
25122
msgid ""
20150
"<emphasis>Install security updates Automatically</emphasis>: will install "
20151
"the <application>unattended-upgrades</application> package, which will "
20152
"install security updates without the intervention of an administrator. For "
20153
"more details see <xref linkend=\"automatic-updates\"/>."
25123
"<emphasis>Install security updates automatically</emphasis>: this will "
25124
"install the <application>unattended-upgrades</application> package, which "
25125
"will install security updates without the intervention of an administrator. "
25126
"For more details see <xref linkend=\"automatic-updates\"/>."
20154
25127
msgstr ""
20155
25128
20156
#: serverguide/C/installation.xml:226(para)
25129
#: serverguide/C/installation.xml:242(para)
20157
25130
msgid ""
20158
25131
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
20159
25132
"service provided by Canonical to help manage your Ubuntu machines. See the "
20161
25134
"site for details."
20162
25135
msgstr ""
20163
25136
20164
#: serverguide/C/installation.xml:235(para)
25137
#: serverguide/C/installation.xml:251(para)
20165
25138
msgid ""
20166
25139
"You now have the option to install, or not install, several package tasks. "
20167
25140
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
20169
25142
"install. For more information see <xref linkend=\"aptitude\"/>."
20170
25143
msgstr ""
20171
25144
20172
#: serverguide/C/installation.xml:243(para)
25145
#: serverguide/C/installation.xml:259(para)
20173
25146
msgid "Finally, the last step before rebooting is to set the clock to UTC."
20174
25147
msgstr ""
20175
25148
20176
#: serverguide/C/installation.xml:249(para)
25149
#: serverguide/C/installation.xml:265(para)
20177
25150
msgid ""
20178
25151
"If at any point during installation you are not satisfied by the default "
20179
25152
"setting, use the \"Go Back\" function at any prompt to be brought to a "
20181
25154
"settings."
20182
25155
msgstr ""
20183
25156
20184
#: serverguide/C/installation.xml:254(para)
25157
#: serverguide/C/installation.xml:270(para)
20185
25158
msgid ""
20186
25159
"At some point during the installation process you may want to read the help "
20187
25160
"screen provided by the installation system. To do this, press F1."
20188
25161
msgstr ""
20189
25162
20190
#: serverguide/C/installation.xml:259(para)
25163
#: serverguide/C/installation.xml:275(para)
20191
25164
msgid ""
20192
25165
"Once again, for detailed instructions see the <ulink "
20193
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
25166
"url=\"https://help.ubuntu.com/12.04/installation-guide/\"> Ubuntu "
20194
25167
"Installation Guide</ulink>."
20195
25168
msgstr ""
20196
25169
20197
#: serverguide/C/installation.xml:265(title)
25170
#: serverguide/C/installation.xml:281(title)
20198
25171
msgid "Package Tasks"
20199
25172
msgstr ""
20200
25173
20201
#: serverguide/C/installation.xml:266(para)
25174
#: serverguide/C/installation.xml:282(para)
20202
25175
msgid ""
20203
25176
"During the Server Edition installation you have the option of installing "
20204
25177
"additional packages from the CD. The packages are grouped by the type of "
20205
25178
"service they provide."
20206
25179
msgstr ""
20207
25180
20208
#: serverguide/C/installation.xml:272(para)
20209
msgid "Cloud computing: Walrus storage service"
20210
msgstr ""
20211
20212
#: serverguide/C/installation.xml:277(para)
20213
msgid "Cloud computing: all-in-one cluster"
20214
msgstr ""
20215
20216
#: serverguide/C/installation.xml:282(para)
20217
msgid "Cloud computing: Cluster controller"
20218
msgstr ""
20219
20220
#: serverguide/C/installation.xml:287(para)
20221
msgid "Cloud computing: Node controller"
20222
msgstr ""
20223
20224
#: serverguide/C/installation.xml:292(para)
20225
msgid "Cloud computing: Storage controller"
20226
msgstr ""
20227
20228
#: serverguide/C/installation.xml:297(para)
20229
msgid "Cloud computing: top-level cloud controller"
20230
msgstr ""
20231
20232
#: serverguide/C/installation.xml:302(para)
25181
#: serverguide/C/installation.xml:288(para)
20233
25182
msgid "DNS server: Selects the BIND DNS server and its documentation."
20234
25183
msgstr ""
20235
25184
20236
#: serverguide/C/installation.xml:307(para)
25185
#: serverguide/C/installation.xml:293(para)
20237
25186
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
20238
25187
msgstr ""
20239
25188
20240
#: serverguide/C/installation.xml:312(para)
25189
#: serverguide/C/installation.xml:298(para)
20241
25190
msgid ""
20242
"Mail server: This task selects a variety of package useful for a general "
25191
"Mail server: This task selects a variety of packages useful for a general "
20243
25192
"purpose mail server system."
20244
25193
msgstr ""
20245
25194
20246
#: serverguide/C/installation.xml:317(para)
25195
#: serverguide/C/installation.xml:303(para)
20247
25196
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
20248
25197
msgstr ""
20249
25198
20250
#: serverguide/C/installation.xml:322(para)
25199
#: serverguide/C/installation.xml:308(para)
20251
25200
msgid ""
20252
25201
"PostgreSQL database: This task selects client and server packages for the "
20253
25202
"PostgreSQL database."
20254
25203
msgstr ""
20255
25204
20256
#: serverguide/C/installation.xml:327(para)
25205
#: serverguide/C/installation.xml:313(para)
20257
25206
msgid "Print server: This task sets up your system to be a print server."
20258
25207
msgstr ""
20259
25208
20260
#: serverguide/C/installation.xml:332(para)
25209
#: serverguide/C/installation.xml:318(para)
20261
25210
msgid ""
20262
25211
"Samba File server: This task sets up your system to be a Samba file server, "
20263
25212
"which is especially suitable in networks with both Windows and Linux systems."
20264
25213
msgstr ""
20265
25214
20266
#: serverguide/C/installation.xml:338(para)
20267
msgid ""
20268
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
20269
"etc."
20270
msgstr ""
20271
20272
#: serverguide/C/installation.xml:343(para)
20273
msgid ""
20274
"Virtual machine host: Includes packages needed to run KVM virtual machines."
20275
msgstr ""
20276
20277
#: serverguide/C/installation.xml:348(para)
20278
msgid ""
20279
"Manually select packages: Executes <application>apptitude</application> "
25215
#: serverguide/C/installation.xml:324(para)
25216
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
25217
msgstr ""
25218
25219
#: serverguide/C/installation.xml:329(para)
25220
msgid ""
25221
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
25222
msgstr ""
25223
25224
#: serverguide/C/installation.xml:334(para)
25225
msgid ""
25226
"Manually select packages: Executes <application>aptitude</application> "
20280
25227
"allowing you to individually select packages."
20281
25228
msgstr ""
20282
25229
20283
#: serverguide/C/installation.xml:353(para)
25230
#: serverguide/C/installation.xml:339(para)
20284
25231
msgid ""
20285
25232
"Installing the package groups is accomplished using the "
20286
"<application>tasksel</application> utility. One of the important difference "
25233
"<application>tasksel</application> utility. One of the important differences "
20287
25234
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
20288
25235
"installed, a package is also configured to reasonable defaults, eventually "
20289
25236
"prompting you for additional required information. Likewise, when installing "
20291
25238
"a fully integrated service."
20292
25239
msgstr ""
20293
25240
20294
#: serverguide/C/installation.xml:360(para)
20295
msgid ""
20296
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
20297
"<xref linkend=\"uec\"/>."
20298
msgstr ""
20299
20300
#: serverguide/C/installation.xml:363(para)
25241
#: serverguide/C/installation.xml:346(para)
20301
25242
msgid ""
20302
25243
"Once the installation process has finished you can view a list of available "
20303
25244
"tasks by entering the following from a terminal prompt:"
20304
25245
msgstr ""
20305
25246
20306
#: serverguide/C/installation.xml:368(command)
25247
#: serverguide/C/installation.xml:351(command)
20307
25248
msgid "tasksel --list-tasks"
20308
25249
msgstr ""
20309
25250
20310
#: serverguide/C/installation.xml:371(para)
25251
#: serverguide/C/installation.xml:354(para)
20311
25252
msgid ""
20312
25253
"The output will list tasks from other Ubuntu based distributions such as "
20313
25254
"Kubuntu and Edubuntu. Note that you can also invoke the "
20315
25256
"the different tasks available."
20316
25257
msgstr ""
20317
25258
20318
#: serverguide/C/installation.xml:377(para)
25259
#: serverguide/C/installation.xml:360(para)
20319
25260
msgid ""
20320
25261
"You can view a list of which packages are installed with each task using the "
20321
25262
"<emphasis>--task-packages</emphasis> option. For example, to list the "
20323
25264
"following:"
20324
25265
msgstr ""
20325
25266
20326
#: serverguide/C/installation.xml:382(command)
25267
#: serverguide/C/installation.xml:365(command)
20327
25268
msgid "tasksel --task-packages dns-server"
20328
25269
msgstr ""
20329
25270
20330
#: serverguide/C/installation.xml:384(para)
25271
#: serverguide/C/installation.xml:367(para)
20331
25272
msgid "The output of the command should list:"
20332
25273
msgstr ""
20333
25274
20334
#: serverguide/C/installation.xml:387(programlisting)
25275
#: serverguide/C/installation.xml:370(programlisting)
20335
25276
#, no-wrap
20336
25277
msgid ""
20337
25278
"\n"
20340
25281
"bind9\n"
20341
25282
msgstr ""
20342
25283
20343
#: serverguide/C/installation.xml:392(para)
25284
#: serverguide/C/installation.xml:375(para)
20344
25285
msgid ""
20345
"Also, if you did not install one of the tasks during the installation "
20346
"process, but for example you decide to make your new LAMP server a DNS "
20347
"server as well. Simply insert the installation CD and from a terminal:"
25286
"If you did not install one of the tasks during the installation process, but "
25287
"for example you decide to make your new LAMP server a DNS server as well, "
25288
"simply insert the installation CD and from a terminal:"
20348
25289
msgstr ""
20349
25290
20350
#: serverguide/C/installation.xml:397(command)
25291
#: serverguide/C/installation.xml:380(command)
20351
25292
msgid "sudo tasksel install dns-server"
20352
25293
msgstr ""
20353
25294
20354
#: serverguide/C/installation.xml:402(title)
25295
#: serverguide/C/installation.xml:385(title)
20355
25296
msgid "Upgrading"
20356
25297
msgstr ""
20357
25298
20358
#: serverguide/C/installation.xml:403(para)
25299
#: serverguide/C/installation.xml:386(para)
20359
25300
msgid ""
20360
25301
"There are several ways to upgrade from one Ubuntu release to another. This "
20361
25302
"section gives an overview of the recommended upgrade method."
20362
25303
msgstr ""
20363
25304
20364
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
25305
#: serverguide/C/installation.xml:390(title) serverguide/C/installation.xml:405(command)
20365
25306
msgid "do-release-upgrade"
20366
25307
msgstr ""
20367
25308
20368
#: serverguide/C/installation.xml:408(para)
25309
#: serverguide/C/installation.xml:391(para)
20369
25310
msgid ""
20370
25311
"The recommended way to upgrade a Server Edition installation is to use the "
20371
25312
"<application>do-release-upgrade</application> utility. Part of the "
20373
25314
"graphical dependencies and is installed by default."
20374
25315
msgstr ""
20375
25316
20376
#: serverguide/C/installation.xml:413(para)
25317
#: serverguide/C/installation.xml:396(para)
20377
25318
msgid ""
20378
25319
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20379
25320
"upgrade</command>. However, using <application>do-release-"
20381
25322
"system configuration changes sometimes needed between releases."
20382
25323
msgstr ""
20383
25324
20384
#: serverguide/C/installation.xml:418(para)
25325
#: serverguide/C/installation.xml:401(para)
20385
25326
msgid "To upgrade to a newer release, from a terminal prompt enter:"
20386
25327
msgstr ""
20387
25328
20388
#: serverguide/C/installation.xml:424(para)
25329
#: serverguide/C/installation.xml:407(para)
20389
25330
msgid ""
20390
25331
"It is also possible to use <application>do-release-upgrade</application> to "
20391
25332
"upgrade to a development version of Ubuntu. To accomplish this use the "
20392
25333
"<emphasis>-d</emphasis> switch:"
20393
25334
msgstr ""
20394
25335
20395
#: serverguide/C/installation.xml:429(command)
25336
#: serverguide/C/installation.xml:412(command)
20396
25337
msgid "do-release-upgrade -d"
20397
25338
msgstr ""
20398
25339
20399
#: serverguide/C/installation.xml:432(para)
25340
#: serverguide/C/installation.xml:415(para)
20400
25341
msgid ""
20401
25342
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20402
25343
"for production environments."
20403
25344
msgstr ""
20404
25345
20405
#: serverguide/C/installation.xml:439(title)
25346
#: serverguide/C/installation.xml:422(title)
20406
25347
msgid "Advanced Installation"
20407
25348
msgstr ""
20408
25349
20409
#: serverguide/C/installation.xml:442(title)
25350
#: serverguide/C/installation.xml:425(title)
20410
25351
msgid "Software RAID"
20411
25352
msgstr ""
20412
25353
20413
#: serverguide/C/installation.xml:444(para)
25354
#: serverguide/C/installation.xml:427(para)
20414
25355
msgid ""
20415
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20416
"the probability of catastrophic data loss in case of drive failure. RAID is "
20417
"implemented in either software (where the operating system knows about both "
20418
"drives and actively maintains both of them) or hardware (where a special "
20419
"controller makes the OS think there's only one drive and maintains the "
20420
"drives 'invisibly')."
25356
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
25357
"disks to provide different balances of increasing data reliability and/or "
25358
"increasing input/output performance, depending on the RAID level being used. "
25359
"RAID is implemented in either software (where the operating system knows "
25360
"about both drives and actively maintains both of them) or hardware (where a "
25361
"special controller makes the OS think there's only one drive and maintains "
25362
"the drives 'invisibly')."
20421
25363
msgstr ""
20422
25364
20423
#: serverguide/C/installation.xml:451(para)
25365
#: serverguide/C/installation.xml:435(para)
20424
25366
msgid ""
20425
25367
"The RAID software included with current versions of Linux (and Ubuntu) is "
20426
25368
"based on the <application>'mdadm'</application> driver and works very well, "
20430
25372
"another for <emphasis>swap</emphasis>."
20431
25373
msgstr ""
20432
25374
20433
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
25375
#: serverguide/C/installation.xml:445(para) serverguide/C/installation.xml:967(para)
20434
25376
msgid ""
20435
25377
"Follow the installation steps until you get to the <emphasis>Partition "
20436
25378
"disks</emphasis> step, then:"
20437
25379
msgstr ""
20438
25380
20439
#: serverguide/C/installation.xml:468(para)
25381
#: serverguide/C/installation.xml:452(para)
20440
25382
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20441
25383
msgstr ""
20442
25384
20443
#: serverguide/C/installation.xml:475(para)
25385
#: serverguide/C/installation.xml:459(para)
20444
25386
msgid ""
20445
25387
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20446
25388
"partition table on this device?\"</emphasis>."
20447
25389
msgstr ""
20448
25390
20449
#: serverguide/C/installation.xml:479(para)
25391
#: serverguide/C/installation.xml:463(para)
20450
25392
msgid ""
20451
25393
"Repeat this step for each drive you wish to be part of the RAID array."
20452
25394
msgstr ""
20453
25395
20454
#: serverguide/C/installation.xml:486(para)
25396
#: serverguide/C/installation.xml:470(para)
20455
25397
msgid ""
20456
25398
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20457
25399
"select <emphasis>\"Create a new partition\"</emphasis>."
20458
25400
msgstr ""
20459
25401
20460
#: serverguide/C/installation.xml:493(para)
25402
#: serverguide/C/installation.xml:477(para)
20461
25403
msgid ""
20462
25404
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20463
25405
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20465
25407
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20466
25408
msgstr ""
20467
25409
20468
#: serverguide/C/installation.xml:502(para)
25410
#: serverguide/C/installation.xml:484(para)
25411
msgid ""
25412
"A swap partition size of twice the available RAM capacity may not always be "
25413
"desirable, especially on systems with large amounts of RAM. Calculating the "
25414
"swap partition size for servers is highly dependent on how the system is "
25415
"going to be used."
25416
msgstr ""
25417
25418
#: serverguide/C/installation.xml:493(para)
20469
25419
msgid ""
20470
25420
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20471
25421
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20473
25423
"<emphasis>\"Done setting up partition\"</emphasis>."
20474
25424
msgstr ""
20475
25425
20476
#: serverguide/C/installation.xml:511(para)
25426
#: serverguide/C/installation.xml:502(para)
20477
25427
msgid ""
20478
25428
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20479
25429
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20480
25430
"partition\"</emphasis>."
20481
25431
msgstr ""
20482
25432
20483
#: serverguide/C/installation.xml:519(para)
25433
#: serverguide/C/installation.xml:510(para)
20484
25434
msgid ""
20485
25435
"Use the rest of the free space on the drive and choose "
20486
25436
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20487
25437
msgstr ""
20488
25438
20489
#: serverguide/C/installation.xml:526(para)
25439
#: serverguide/C/installation.xml:517(para)
20490
25440
msgid ""
20491
25441
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20492
25442
"at the top, changing it to <emphasis>\"physical volume for "
20495
25445
"<emphasis>\"Done setting up partition\"</emphasis>."
20496
25446
msgstr ""
20497
25447
20498
#: serverguide/C/installation.xml:536(para)
25448
#: serverguide/C/installation.xml:527(para)
20499
25449
msgid "Repeat steps three through eight for the other disk and partitions."
20500
25450
msgstr ""
20501
25451
20502
#: serverguide/C/installation.xml:545(title)
25452
#: serverguide/C/installation.xml:536(title)
20503
25453
msgid "RAID Configuration"
20504
25454
msgstr ""
20505
25455
20506
#: serverguide/C/installation.xml:547(para)
25456
#: serverguide/C/installation.xml:538(para)
20507
25457
msgid "With the partitions setup the arrays are ready to be configured:"
20508
25458
msgstr ""
20509
25459
20510
#: serverguide/C/installation.xml:554(para)
25460
#: serverguide/C/installation.xml:545(para)
20511
25461
msgid ""
20512
25462
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20513
25463
"Software RAID\"</emphasis> at the top."
20514
25464
msgstr ""
20515
25465
20516
#: serverguide/C/installation.xml:561(para)
25466
#: serverguide/C/installation.xml:552(para)
20517
25467
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20518
25468
msgstr ""
20519
25469
20520
#: serverguide/C/installation.xml:568(para)
25470
#: serverguide/C/installation.xml:559(para)
20521
25471
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20522
25472
msgstr ""
20523
25473
20524
#: serverguide/C/installation.xml:575(para)
25474
#: serverguide/C/installation.xml:566(para)
20525
25475
msgid ""
20526
25476
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20527
25477
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20528
25478
msgstr ""
20529
25479
20530
#: serverguide/C/installation.xml:581(para)
25480
#: serverguide/C/installation.xml:572(para)
20531
25481
msgid ""
20532
25482
"In order to use <emphasis>RAID5</emphasis> you need at least "
20533
25483
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20534
25484
"<emphasis>two</emphasis> drives are required."
20535
25485
msgstr ""
20536
25486
20537
#: serverguide/C/installation.xml:590(para)
25487
#: serverguide/C/installation.xml:581(para)
20538
25488
msgid ""
20539
25489
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20540
25490
"of hard drives you have, for the array. Then select "
20541
25491
"<emphasis>\"Continue\"</emphasis>."
20542
25492
msgstr ""
20543
25493
20544
#: serverguide/C/installation.xml:598(para)
25494
#: serverguide/C/installation.xml:589(para)
20545
25495
msgid ""
20546
25496
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20547
25497
"default, then choose <emphasis>\"Continue\"</emphasis>."
20548
25498
msgstr ""
20549
25499
20550
#: serverguide/C/installation.xml:605(para)
25500
#: serverguide/C/installation.xml:596(para)
20551
25501
msgid ""
20552
25502
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20553
25503
"etc. The numbers will usually match and the different letters correspond to "
20554
25504
"different hard drives."
20555
25505
msgstr ""
20556
25506
20557
#: serverguide/C/installation.xml:610(para)
25507
#: serverguide/C/installation.xml:601(para)
20558
25508
msgid ""
20559
25509
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20560
25510
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20561
25511
"go to the next step."
20562
25512
msgstr ""
20563
25513
20564
#: serverguide/C/installation.xml:618(para)
25514
#: serverguide/C/installation.xml:609(para)
20565
25515
msgid ""
20566
25516
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20567
25517
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20568
25518
"and <emphasis>sdb2</emphasis>."
20569
25519
msgstr ""
20570
25520
20571
#: serverguide/C/installation.xml:626(para)
25521
#: serverguide/C/installation.xml:617(para)
20572
25522
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20573
25523
msgstr ""
20574
25524
20575
#: serverguide/C/installation.xml:636(title)
25525
#: serverguide/C/installation.xml:627(title)
20576
25526
msgid "Formatting"
20577
25527
msgstr ""
20578
25528
20579
#: serverguide/C/installation.xml:638(para)
25529
#: serverguide/C/installation.xml:629(para)
20580
25530
msgid ""
20581
25531
"There should now be a list of hard drives and RAID devices. The next step is "
20582
25532
"to format and set the mount point for the RAID devices. Treat the RAID "
20583
25533
"device as a local hard drive, format and mount accordingly."
20584
25534
msgstr ""
20585
25535
20586
#: serverguide/C/installation.xml:646(para)
25536
#: serverguide/C/installation.xml:637(para)
20587
25537
msgid ""
20588
25538
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20589
25539
"#0\"</emphasis> partition."
20590
25540
msgstr ""
20591
25541
20592
#: serverguide/C/installation.xml:653(para)
25542
#: serverguide/C/installation.xml:644(para)
20593
25543
msgid ""
20594
25544
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20595
25545
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20596
25546
msgstr ""
20597
25547
20598
#: serverguide/C/installation.xml:661(para)
25548
#: serverguide/C/installation.xml:652(para)
20599
25549
msgid ""
20600
25550
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20601
25551
"#1\"</emphasis> partition."
20602
25552
msgstr ""
20603
25553
20604
#: serverguide/C/installation.xml:668(para)
25554
#: serverguide/C/installation.xml:659(para)
20605
25555
msgid ""
20606
25556
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20607
25557
"journaling file system\"</emphasis>."
20608
25558
msgstr ""
20609
25559
20610
#: serverguide/C/installation.xml:675(para)
25560
#: serverguide/C/installation.xml:666(para)
20611
25561
msgid ""
20612
25562
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20613
25563
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20615
25565
"partition\"</emphasis>."
20616
25566
msgstr ""
20617
25567
20618
#: serverguide/C/installation.xml:683(para)
25568
#: serverguide/C/installation.xml:674(para)
20619
25569
msgid ""
20620
25570
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20621
25571
"disk\"</emphasis>."
20622
25572
msgstr ""
20623
25573
20624
#: serverguide/C/installation.xml:690(para)
25574
#: serverguide/C/installation.xml:681(para)
20625
25575
msgid ""
20626
25576
"If you choose to place the root partition on a RAID array, the installer "
20627
25577
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20628
25578
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20629
25579
msgstr ""
20630
25580
20631
#: serverguide/C/installation.xml:695(para)
25581
#: serverguide/C/installation.xml:686(para)
20632
25582
msgid "The installation process will then continue normally."
20633
25583
msgstr ""
20634
25584
20635
#: serverguide/C/installation.xml:701(title)
25585
#: serverguide/C/installation.xml:692(title)
20636
25586
msgid "Degraded RAID"
20637
25587
msgstr ""
20638
25588
20639
#: serverguide/C/installation.xml:703(para)
25589
#: serverguide/C/installation.xml:694(para)
20640
25590
msgid ""
20641
25591
"At some point in the life of the computer a disk failure event may occur. "
20642
25592
"When this happens, using Software RAID, the operating system will place the "
20643
25593
"array into what is known as a <emphasis>degraded</emphasis> state."
20644
25594
msgstr ""
20645
25595
20646
#: serverguide/C/installation.xml:708(para)
25596
#: serverguide/C/installation.xml:699(para)
20647
25597
msgid ""
20648
25598
"If the array has become degraded, due to the chance of data corruption, by "
20649
25599
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20654
25604
"Booting to a degraded array can be configured several ways:"
20655
25605
msgstr ""
20656
25606
20657
#: serverguide/C/installation.xml:719(para)
25607
#: serverguide/C/installation.xml:710(para)
20658
25608
msgid ""
20659
25609
"The <application>dpkg-reconfigure</application> utility can be used to "
20660
25610
"configure the default behavior, and during the process you will be queried "
20663
25613
"following:"
20664
25614
msgstr ""
20665
25615
20666
#: serverguide/C/installation.xml:726(command)
25616
#: serverguide/C/installation.xml:717(command)
20667
25617
msgid "sudo dpkg-reconfigure mdadm"
20668
25618
msgstr ""
20669
25619
20670
#: serverguide/C/installation.xml:732(para)
25620
#: serverguide/C/installation.xml:723(para)
20671
25621
msgid ""
20672
25622
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20673
25623
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20675
25625
"behavior, and can also be manually edited:"
20676
25626
msgstr ""
20677
25627
20678
#: serverguide/C/installation.xml:738(programlisting)
25628
#: serverguide/C/installation.xml:729(programlisting)
20679
25629
#, no-wrap
20680
25630
msgid ""
20681
25631
"\n"
20682
25632
"BOOT_DEGRADED=true\n"
20683
25633
msgstr ""
20684
25634
20685
#: serverguide/C/installation.xml:743(para)
25635
#: serverguide/C/installation.xml:734(para)
20686
25636
msgid "The configuration file can be overridden by using a Kernel argument."
20687
25637
msgstr ""
20688
25638
20689
#: serverguide/C/installation.xml:751(para)
25639
#: serverguide/C/installation.xml:742(para)
20690
25640
msgid ""
20691
25641
"Using a Kernel argument will allow the system to boot to a degraded array as "
20692
25642
"well:"
20693
25643
msgstr ""
20694
25644
20695
#: serverguide/C/installation.xml:757(para)
25645
#: serverguide/C/installation.xml:748(para)
20696
25646
msgid ""
20697
25647
"When the server is booting press <keycap>Shift</keycap> to open the "
20698
25648
"<application>Grub</application> menu."
20699
25649
msgstr ""
20700
25650
20701
#: serverguide/C/installation.xml:762(para)
25651
#: serverguide/C/installation.xml:753(para)
20702
25652
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20703
25653
msgstr ""
20704
25654
20705
#: serverguide/C/installation.xml:767(para)
25655
#: serverguide/C/installation.xml:758(para)
20706
25656
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20707
25657
msgstr ""
20708
25658
20709
#: serverguide/C/installation.xml:772(para)
25659
#: serverguide/C/installation.xml:763(para)
20710
25660
msgid ""
20711
25661
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20712
25662
"end of the line."
20713
25663
msgstr ""
20714
25664
20715
#: serverguide/C/installation.xml:777(para)
25665
#: serverguide/C/installation.xml:768(para)
20716
25666
msgid ""
20717
25667
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20718
25668
"the system."
20719
25669
msgstr ""
20720
25670
20721
#: serverguide/C/installation.xml:786(para)
25671
#: serverguide/C/installation.xml:777(para)
20722
25672
msgid ""
20723
25673
"Once the system has booted you can either repair the array see <xref "
20724
25674
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20725
25675
"another machine due to major hardware failure."
20726
25676
msgstr ""
20727
25677
20728
#: serverguide/C/installation.xml:793(title)
25678
#: serverguide/C/installation.xml:784(title)
20729
25679
msgid "RAID Maintenance"
20730
25680
msgstr ""
20731
25681
20732
#: serverguide/C/installation.xml:795(para)
25682
#: serverguide/C/installation.xml:786(para)
20733
25683
msgid ""
20734
25684
"The <application>mdadm</application> utility can be used to view the status "
20735
25685
"of an array, add disks to an array, remove disks, etc:"
20736
25686
msgstr ""
20737
25687
20738
#: serverguide/C/installation.xml:802(para)
25688
#: serverguide/C/installation.xml:793(para)
20739
25689
msgid "To view the status of an array, from a terminal prompt enter:"
20740
25690
msgstr ""
20741
25691
20742
#: serverguide/C/installation.xml:806(command)
25692
#: serverguide/C/installation.xml:797(command)
20743
25693
msgid "sudo mdadm -D /dev/md0"
20744
25694
msgstr ""
20745
25695
20746
#: serverguide/C/installation.xml:809(para)
25696
#: serverguide/C/installation.xml:800(para)
20747
25697
msgid ""
20748
25698
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20749
25699
"display <emphasis>detailed</emphasis> information about the "
20751
25701
"with the appropriate RAID device."
20752
25702
msgstr ""
20753
25703
20754
#: serverguide/C/installation.xml:815(para)
25704
#: serverguide/C/installation.xml:806(para)
20755
25705
msgid "To view the status of a disk in an array:"
20756
25706
msgstr ""
20757
25707
20758
#: serverguide/C/installation.xml:819(command)
25708
#: serverguide/C/installation.xml:810(command)
20759
25709
msgid "sudo mdadm -E /dev/sda1"
20760
25710
msgstr ""
20761
25711
20762
#: serverguide/C/installation.xml:821(para)
25712
#: serverguide/C/installation.xml:812(para)
20763
25713
msgid ""
20764
25714
"The output if very similar to the <command>mdadm -D</command> command, "
20765
25715
"adjust <filename>/dev/sda1</filename> for each disk."
20766
25716
msgstr ""
20767
25717
20768
#: serverguide/C/installation.xml:826(para)
25718
#: serverguide/C/installation.xml:817(para)
20769
25719
msgid "If a disk fails and needs to be removed from an array enter:"
20770
25720
msgstr ""
20771
25721
20772
#: serverguide/C/installation.xml:830(command)
25722
#: serverguide/C/installation.xml:821(command)
20773
25723
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20774
25724
msgstr ""
20775
25725
20776
#: serverguide/C/installation.xml:832(para)
25726
#: serverguide/C/installation.xml:823(para)
20777
25727
msgid ""
20778
25728
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20779
25729
"the appropriate RAID device and disk."
20780
25730
msgstr ""
20781
25731
20782
#: serverguide/C/installation.xml:837(para)
25732
#: serverguide/C/installation.xml:828(para)
20783
25733
msgid "Similarly, to add a new disk:"
20784
25734
msgstr ""
20785
25735
20786
#: serverguide/C/installation.xml:841(command)
25736
#: serverguide/C/installation.xml:832(command)
20787
25737
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20788
25738
msgstr ""
20789
25739
20790
#: serverguide/C/installation.xml:846(para)
25740
#: serverguide/C/installation.xml:837(para)
20791
25741
msgid ""
20792
25742
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20793
25743
"though there is nothing physically wrong with the drive. It is usually "
20796
25746
"the array, it is a good indication of hardware failure."
20797
25747
msgstr ""
20798
25748
20799
#: serverguide/C/installation.xml:852(para)
25749
#: serverguide/C/installation.xml:843(para)
20800
25750
msgid ""
20801
25751
"The <filename>/proc/mdstat</filename> file also contains useful information "
20802
25752
"about the system's RAID devices:"
20803
25753
msgstr ""
20804
25754
20805
#: serverguide/C/installation.xml:857(command)
25755
#: serverguide/C/installation.xml:848(command)
20806
25756
msgid "cat /proc/mdstat"
20807
25757
msgstr ""
20808
25758
20809
#: serverguide/C/installation.xml:858(computeroutput)
25759
#: serverguide/C/installation.xml:849(computeroutput)
20810
25760
#, no-wrap
20811
25761
msgid ""
20812
25762
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20817
25767
"unused devices: <none>"
20818
25768
msgstr ""
20819
25769
20820
#: serverguide/C/installation.xml:865(para)
25770
#: serverguide/C/installation.xml:856(para)
20821
25771
msgid ""
20822
25772
"The following command is great for watching the status of a syncing drive:"
20823
25773
msgstr ""
20824
25774
20825
#: serverguide/C/installation.xml:870(command)
25775
#: serverguide/C/installation.xml:861(command)
20826
25776
msgid "watch -n1 cat /proc/mdstat"
20827
25777
msgstr ""
20828
25778
20829
#: serverguide/C/installation.xml:873(para)
25779
#: serverguide/C/installation.xml:864(para)
20830
25780
msgid ""
20831
25781
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20832
25782
"<application>watch</application> command."
20833
25783
msgstr ""
20834
25784
20835
#: serverguide/C/installation.xml:877(para)
25785
#: serverguide/C/installation.xml:868(para)
20836
25786
msgid ""
20837
25787
"If you do need to replace a faulty drive, after the drive has been replaced "
20838
25788
"and synced, <application>grub</application> will need to be installed. To "
20840
25790
"following:"
20841
25791
msgstr ""
20842
25792
20843
#: serverguide/C/installation.xml:883(command)
25793
#: serverguide/C/installation.xml:874(command)
20844
25794
msgid "sudo grub-install /dev/md0"
20845
25795
msgstr ""
20846
25796
20847
#: serverguide/C/installation.xml:886(para)
25797
#: serverguide/C/installation.xml:877(para)
20848
25798
msgid ""
20849
25799
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20850
25800
msgstr ""
20851
25801
20852
#: serverguide/C/installation.xml:894(para)
25802
#: serverguide/C/installation.xml:885(para)
20853
25803
msgid ""
20854
25804
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20855
25805
"can be configured. Please see the following links for more information:"
20856
25806
msgstr ""
20857
25807
20858
#: serverguide/C/installation.xml:901(para)
25808
#: serverguide/C/installation.xml:892(para)
20859
25809
msgid ""
20860
25810
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20861
25811
"Wiki Articles on RAID</ulink>."
20862
25812
msgstr ""
20863
25813
20864
#: serverguide/C/installation.xml:907(ulink)
25814
#: serverguide/C/installation.xml:898(ulink)
20865
25815
msgid "Software RAID HOWTO"
20866
25816
msgstr ""
20867
25817
20868
#: serverguide/C/installation.xml:912(ulink)
25818
#: serverguide/C/installation.xml:903(ulink)
20869
25819
msgid "Managing RAID on Linux"
20870
25820
msgstr ""
20871
25821
20872
#: serverguide/C/installation.xml:919(title)
25822
#: serverguide/C/installation.xml:910(title)
20873
25823
msgid "Logical Volume Manager (LVM)"
20874
25824
msgstr ""
20875
25825
20876
#: serverguide/C/installation.xml:921(para)
25826
#: serverguide/C/installation.xml:912(para)
20877
25827
msgid ""
20878
25828
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20879
25829
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20882
25832
"giving greater flexibility to systems as requirements change."
20883
25833
msgstr ""
20884
25834
20885
#: serverguide/C/installation.xml:930(para)
25835
#: serverguide/C/installation.xml:921(para)
20886
25836
msgid ""
20887
25837
"A side effect of LVM's power and flexibility is a greater degree of "
20888
25838
"complication. Before diving into the LVM installation process, it is best to "
20889
25839
"get familiar with some terms."
20890
25840
msgstr ""
20891
25841
20892
#: serverguide/C/installation.xml:937(para)
20893
msgid ""
20894
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20895
"Volumes (LV)."
20896
msgstr ""
20897
20898
#: serverguide/C/installation.xml:942(para)
25842
#: serverguide/C/installation.xml:928(para)
25843
msgid ""
25844
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
25845
"partition or software RAID partition formatted as LVM PV."
25846
msgstr ""
25847
25848
#: serverguide/C/installation.xml:934(para)
25849
msgid ""
25850
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
25851
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
25852
"disk drive, from which one or more logical volumes are carved."
25853
msgstr ""
25854
25855
#: serverguide/C/installation.xml:940(para)
20899
25856
msgid ""
20900
25857
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20901
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20902
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20903
msgstr ""
20904
20905
#: serverguide/C/installation.xml:948(para)
20906
msgid ""
20907
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20908
"RAID partition. The Volume Group can be extended by adding more PVs."
20909
msgstr ""
20910
20911
#: serverguide/C/installation.xml:959(para)
25858
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
25859
"etc), it is then available for mounting and data storage."
25860
msgstr ""
25861
25862
#: serverguide/C/installation.xml:951(para)
20912
25863
msgid ""
20913
25864
"As an example this section covers installing Ubuntu Server Edition with "
20914
25865
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20917
25868
"can be extended."
20918
25869
msgstr ""
20919
25870
20920
#: serverguide/C/installation.xml:965(para)
25871
#: serverguide/C/installation.xml:957(para)
20921
25872
msgid ""
20922
25873
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20923
25874
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20928
25879
"the Manual approach."
20929
25880
msgstr ""
20930
25881
20931
#: serverguide/C/installation.xml:982(para)
25882
#: serverguide/C/installation.xml:974(para)
20932
25883
msgid ""
20933
25884
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20934
25885
"<emphasis>\"Manual\"</emphasis>."
20935
25886
msgstr ""
20936
25887
20937
#: serverguide/C/installation.xml:989(para)
25888
#: serverguide/C/installation.xml:981(para)
20938
25889
msgid ""
20939
25890
"Select the hard disk and on the next screen choose \"yes\" to "
20940
25891
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20941
25892
msgstr ""
20942
25893
20943
#: serverguide/C/installation.xml:996(para)
25894
#: serverguide/C/installation.xml:988(para)
20944
25895
msgid ""
20945
25896
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20946
25897
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20947
25898
msgstr ""
20948
25899
20949
#: serverguide/C/installation.xml:1004(para)
25900
#: serverguide/C/installation.xml:996(para)
20950
25901
msgid ""
20951
25902
"For the LVM <emphasis>/srv</emphasis>, create a new "
20952
25903
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20954
25905
"<emphasis>\"Done setting up the partition\"</emphasis>."
20955
25906
msgstr ""
20956
25907
20957
#: serverguide/C/installation.xml:1012(para)
25908
#: serverguide/C/installation.xml:1004(para)
20958
25909
msgid ""
20959
25910
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20960
25911
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20961
25912
"disk."
20962
25913
msgstr ""
20963
25914
20964
#: serverguide/C/installation.xml:1020(para)
25915
#: serverguide/C/installation.xml:1012(para)
20965
25916
msgid ""
20966
25917
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20967
25918
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20970
25921
"<emphasis>\"Continue\"</emphasis>."
20971
25922
msgstr ""
20972
25923
20973
#: serverguide/C/installation.xml:1029(para)
25924
#: serverguide/C/installation.xml:1021(para)
20974
25925
msgid ""
20975
25926
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20976
25927
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20981
25932
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20982
25933
msgstr ""
20983
25934
20984
#: serverguide/C/installation.xml:1039(para)
25935
#: serverguide/C/installation.xml:1031(para)
20985
25936
msgid ""
20986
25937
"Now add a filesystem to the new LVM. Select the partition under "
20987
25938
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20990
25941
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20991
25942
msgstr ""
20992
25943
20993
#: serverguide/C/installation.xml:1048(para)
25944
#: serverguide/C/installation.xml:1040(para)
20994
25945
msgid ""
20995
25946
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20996
25947
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20997
25948
"the installation."
20998
25949
msgstr ""
20999
25950
21000
#: serverguide/C/installation.xml:1056(para)
25951
#: serverguide/C/installation.xml:1048(para)
21001
25952
msgid "There are some useful utilities to view information about LVM:"
21002
25953
msgstr ""
21003
25954
21004
#: serverguide/C/installation.xml:1061(para)
25955
#: serverguide/C/installation.xml:1053(para)
25956
msgid ""
25957
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
25958
msgstr ""
25959
25960
#: serverguide/C/installation.xml:1054(para)
21005
25961
msgid ""
21006
25962
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
21007
25963
msgstr ""
21008
25964
25965
#: serverguide/C/installation.xml:1055(para)
25966
msgid ""
25967
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
25968
msgstr ""
25969
25970
#: serverguide/C/installation.xml:1060(title)
25971
msgid "Extending Volume Groups"
25972
msgstr ""
25973
21009
25974
#: serverguide/C/installation.xml:1062(para)
21010
25975
msgid ""
21011
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
21012
msgstr ""
21013
21014
#: serverguide/C/installation.xml:1063(para)
21015
msgid ""
21016
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
21017
"Physical Volumes."
21018
msgstr ""
21019
21020
#: serverguide/C/installation.xml:1068(title)
21021
msgid "Extending Volume Groups"
21022
msgstr ""
21023
21024
#: serverguide/C/installation.xml:1070(para)
21025
msgid ""
21026
25976
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
21027
25977
"section covers adding a second hard disk, creating a Physical Volume (PV), "
21028
25978
"adding it to the volume group (VG), extending the logical volume <filename "
21029
25979
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
21030
"example assumes a second hard disk has been added to the system. This hard "
21031
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
21032
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
25980
"example assumes a second hard disk has been added to the system. In this "
25981
"example, this hard disk will be named <filename>/dev/sdb</filename> and we "
25982
"will use the entire disk as a physical volume (you could choose to create "
25983
"partitions and use them as different physical volumes)"
25984
msgstr ""
25985
25986
#: serverguide/C/installation.xml:1070(para)
25987
msgid ""
25988
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
21033
25989
"before issuing the commands below. You could lose some data if you issue "
21034
"those commands on a non-empty disk. In our example we will use the entire "
21035
"disk as a physical volume (you could choose to create partitions and use "
21036
"them as different physical volumes)"
25990
"those commands on a non-empty disk."
21037
25991
msgstr ""
21038
25992
21039
#: serverguide/C/installation.xml:1082(para)
25993
#: serverguide/C/installation.xml:1078(para)
21040
25994
msgid "First, create the physical volume, in a terminal execute:"
21041
25995
msgstr ""
21042
25996
21043
#: serverguide/C/installation.xml:1087(command)
25997
#: serverguide/C/installation.xml:1083(command)
21044
25998
msgid "sudo pvcreate /dev/sdb"
21045
25999
msgstr ""
21046
26000
21047
#: serverguide/C/installation.xml:1093(para)
26001
#: serverguide/C/installation.xml:1089(para)
21048
26002
msgid "Now extend the Volume Group (VG):"
21049
26003
msgstr ""
21050
26004
21051
#: serverguide/C/installation.xml:1098(command)
26005
#: serverguide/C/installation.xml:1094(command)
21052
26006
msgid "sudo vgextend vg01 /dev/sdb"
21053
26007
msgstr ""
21054
26008
21055
#: serverguide/C/installation.xml:1104(para)
26009
#: serverguide/C/installation.xml:1100(para)
21056
26010
msgid ""
21057
26011
"Use <application>vgdisplay</application> to find out the free physical "
21058
26012
"extents - Free PE / size (the size you can allocate). We will assume a free "
21060
26014
"whole free space available. Use your own PE and/or free space."
21061
26015
msgstr ""
21062
26016
21063
#: serverguide/C/installation.xml:1110(para)
26017
#: serverguide/C/installation.xml:1106(para)
21064
26018
msgid ""
21065
26019
"The Logical Volume (LV) can now be extended by different methods, we will "
21066
26020
"only see how to use the PE to extend the LV:"
21067
26021
msgstr ""
21068
26022
21069
#: serverguide/C/installation.xml:1115(command)
26023
#: serverguide/C/installation.xml:1111(command)
21070
26024
msgid "sudo lvextend /dev/vg01/srv -l +511"
21071
26025
msgstr ""
21072
26026
21073
#: serverguide/C/installation.xml:1118(para)
26027
#: serverguide/C/installation.xml:1114(para)
21074
26028
msgid ""
21075
26029
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
21076
26030
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
21077
26031
"Gig, Tera, etc bytes."
21078
26032
msgstr ""
21079
26033
21080
#: serverguide/C/installation.xml:1126(para)
26034
#: serverguide/C/installation.xml:1122(para)
21081
26035
msgid ""
21082
26036
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
21083
26037
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
21086
26040
"first is compulsory)."
21087
26041
msgstr ""
21088
26042
21089
#: serverguide/C/installation.xml:1132(para)
26043
#: serverguide/C/installation.xml:1128(para)
21090
26044
msgid ""
21091
26045
"The following commands are for an <emphasis>EXT3</emphasis> or "
21092
26046
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
21093
26047
"there may be other utilities available."
21094
26048
msgstr ""
21095
26049
21096
#: serverguide/C/installation.xml:1139(command)
26050
#: serverguide/C/installation.xml:1135(command)
21097
26051
msgid "sudo e2fsck -f /dev/vg01/srv"
21098
26052
msgstr ""
21099
26053
21100
#: serverguide/C/installation.xml:1142(para)
26054
#: serverguide/C/installation.xml:1138(para)
21101
26055
msgid ""
21102
26056
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
21103
26057
"forces checking even if the system seems clean."
21104
26058
msgstr ""
21105
26059
21106
#: serverguide/C/installation.xml:1149(para)
26060
#: serverguide/C/installation.xml:1145(para)
21107
26061
msgid "Finally, resize the filesystem:"
21108
26062
msgstr ""
21109
26063
21110
#: serverguide/C/installation.xml:1154(command)
26064
#: serverguide/C/installation.xml:1150(command)
21111
26065
msgid "sudo resize2fs /dev/vg01/srv"
21112
26066
msgstr ""
21113
26067
21114
#: serverguide/C/installation.xml:1160(para)
26068
#: serverguide/C/installation.xml:1156(para)
21115
26069
msgid "Now mount the partition and check its size."
21116
26070
msgstr ""
21117
26071
21118
#: serverguide/C/installation.xml:1165(command)
26072
#: serverguide/C/installation.xml:1161(command)
21119
26073
msgid "mount /dev/vg01/srv /srv && df -h /srv"
21120
26074
msgstr ""
21121
26075
21122
#: serverguide/C/installation.xml:1177(para)
26076
#: serverguide/C/installation.xml:1173(para)
21123
26077
msgid ""
21124
26078
"See the <ulink "
21125
26079
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
21126
26080
"Articles</ulink>."
21127
26081
msgstr ""
21128
26082
21129
#: serverguide/C/installation.xml:1182(para)
26083
#: serverguide/C/installation.xml:1178(para)
21130
26084
msgid ""
21131
26085
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
21132
26086
"HOWTO</ulink> for more information."
21133
26087
msgstr ""
21134
26088
21135
#: serverguide/C/installation.xml:1187(para)
26089
#: serverguide/C/installation.xml:1183(para)
21136
26090
msgid ""
21137
26091
"Another good article is <ulink "
21138
26092
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
21140
26094
"linuxdevcenter.com site."
21141
26095
msgstr ""
21142
26096
21143
#: serverguide/C/installation.xml:1194(para)
26097
#: serverguide/C/installation.xml:1190(para)
21144
26098
msgid ""
21145
26099
"For more information on <application>fdisk</application> see the <ulink "
21146
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
21147
"sk man page</ulink>."
26100
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/fdisk.8.html\">fdis"
26101
"k man page</ulink>."
26102
msgstr ""
26103
26104
#: serverguide/C/installation.xml:1201(title)
26105
msgid "Kernel Crash Dump"
26106
msgstr ""
26107
26108
#: serverguide/C/installation.xml:1208(para)
26109
msgid "Kernel Panic"
26110
msgstr ""
26111
26112
#: serverguide/C/installation.xml:1209(para)
26113
msgid "Non Maskable Interrupts (NMI)"
26114
msgstr ""
26115
26116
#: serverguide/C/installation.xml:1210(para)
26117
msgid "Machine Check Exceptions (MCE)"
26118
msgstr ""
26119
26120
#: serverguide/C/installation.xml:1211(para)
26121
msgid "Hardware failure"
26122
msgstr ""
26123
26124
#: serverguide/C/installation.xml:1212(para)
26125
msgid "Manual intervention"
26126
msgstr ""
26127
26128
#: serverguide/C/installation.xml:1204(para)
26129
msgid ""
26130
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
26131
"(RAM) that is copied to disk whenever the execution of the kernel is "
26132
"disrupted. The following events can cause a kernel disruption : <placeholder-"
26133
"1/> For some of those events (panic, NMI) the kernel will react "
26134
"automatically and trigger the crash dump mechanism through "
26135
"<emphasis>kexec</emphasis>. In other situations a manual intervention is "
26136
"required in order to capture the memory. Whenever one of the above events "
26137
"occurs, it is important to find out the root cause in order to prevent it "
26138
"from happening again. The cause can be determined by inspecting the copied "
26139
"memory contents."
26140
msgstr ""
26141
26142
#: serverguide/C/installation.xml:1221(title)
26143
msgid "Kernel Crash Dump Mechanism"
26144
msgstr ""
26145
26146
#: serverguide/C/installation.xml:1223(para)
26147
msgid ""
26148
"When a kernel panic occurs, the kernel relies on the "
26149
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
26150
"kernel in a pre-reserved section of memory that had been allocated when the "
26151
"system booted (see below). This permits the existing memory area to remain "
26152
"untouched in order to safely copy its contents to storage."
26153
msgstr ""
26154
26155
#: serverguide/C/installation.xml:1232(para)
26156
msgid ""
26157
"The kernel crash dump utility is installed with the following command:"
26158
msgstr ""
26159
26160
#: serverguide/C/installation.xml:1237(command)
26161
msgid "sudo apt-get install linux-crashdump"
26162
msgstr ""
26163
26164
#: serverguide/C/installation.xml:1240(para)
26165
msgid "A reboot is then needed."
26166
msgstr ""
26167
26168
#: serverguide/C/installation.xml:1248(para)
26169
msgid ""
26170
"No further configuration is required in order to have the kernel dump "
26171
"mechanism enabled."
26172
msgstr ""
26173
26174
#: serverguide/C/installation.xml:1257(para)
26175
msgid ""
26176
"To confirm that the kernel dump mechanism is enabled, there are a few things "
26177
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
26178
"parameter is present (note: The following line has been split into two to "
26179
"fit the format of this document:"
26180
msgstr ""
26181
26182
#: serverguide/C/installation.xml:1264(command)
26183
msgid "cat /proc/cmdline"
26184
msgstr ""
26185
26186
#: serverguide/C/installation.xml:1265(computeroutput)
26187
#, no-wrap
26188
msgid ""
26189
"\n"
26190
"BOOT_IMAGE=/vmlinuz-3.2.0-17-server root=/dev/mapper/PreciseS-root ro\n"
26191
" crashkernel=384M-2G:64M,2G-:128M\n"
26192
msgstr ""
26193
26194
#: serverguide/C/installation.xml:1273(programlisting)
26195
#, no-wrap
26196
msgid ""
26197
"\n"
26198
"crashkernel=<range1>:<size1>[,<range2>:<size2>,...][@"
26199
"offset]\n"
26200
" range=start-[end] 'start' is inclusive and 'end' is exclusive.\n"
26201
" "
26202
msgstr ""
26203
26204
#: serverguide/C/installation.xml:1271(para)
26205
msgid ""
26206
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
26207
"<placeholder-1/>"
26208
msgstr ""
26209
26210
#: serverguide/C/installation.xml:1281(programlisting)
26211
#, no-wrap
26212
msgid ""
26213
"\n"
26214
"crashkernel=384M-2G:64M,2G-:128M\n"
26215
msgstr ""
26216
26217
#: serverguide/C/installation.xml:1279(para)
26218
msgid ""
26219
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
26220
"we would have : <placeholder-1/>"
26221
msgstr ""
26222
26223
#: serverguide/C/installation.xml:1286(para)
26224
msgid "The above value means:"
26225
msgstr ""
26226
26227
#: serverguide/C/installation.xml:1288(para)
26228
msgid ""
26229
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
26230
"\"rescue\" case)"
26231
msgstr ""
26232
26233
#: serverguide/C/installation.xml:1290(para)
26234
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
26235
msgstr ""
26236
26237
#: serverguide/C/installation.xml:1291(para)
26238
msgid "if the RAM size is larger than 2G, then reserve 128M"
26239
msgstr ""
26240
26241
#: serverguide/C/installation.xml:1294(para)
26242
msgid ""
26243
"Second, verify that the kernel has reserved the requested memory area for "
26244
"the kdump kernel by doing:"
26245
msgstr ""
26246
26247
#: serverguide/C/installation.xml:1299(command)
26248
msgid "dmesg | grep -i crash"
26249
msgstr ""
26250
26251
#: serverguide/C/installation.xml:1300(computeroutput)
26252
#, no-wrap
26253
msgid ""
26254
"\n"
26255
"...\n"
26256
"[ 0.000000] Reserving 64MB of memory at 800MB for crashkernel (System "
26257
"RAM: 1023MB)\n"
26258
msgstr ""
26259
26260
#: serverguide/C/installation.xml:1309(title)
26261
msgid "Testing the Crash Dump Mechanism"
26262
msgstr ""
26263
26264
#: serverguide/C/installation.xml:1312(para)
26265
msgid ""
26266
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
26267
"reboot.</emphasis> In certain situations, this can cause data loss if the "
26268
"system is under heavy load. If you want to test the mechanism, make sure "
26269
"that the system is idle or under very light load."
26270
msgstr ""
26271
26272
#: serverguide/C/installation.xml:1319(para)
26273
msgid ""
26274
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
26275
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
26276
"parameter :"
26277
msgstr ""
26278
26279
#: serverguide/C/installation.xml:1325(command)
26280
msgid "cat /proc/sys/kernel/sysrq"
26281
msgstr ""
26282
26283
#: serverguide/C/installation.xml:1328(para)
26284
msgid ""
26285
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
26286
"Enable it with the following command :"
26287
msgstr ""
26288
26289
#: serverguide/C/installation.xml:1333(command)
26290
msgid "sudo sysctl -w kernel.sysrq=1"
26291
msgstr ""
26292
26293
#: serverguide/C/installation.xml:1336(para)
26294
msgid ""
26295
"Once this is done, you must become root, as just using "
26296
"<command>sudo</command> will not be sufficient. As the "
26297
"<emphasis>root</emphasis> user, you will have to issue the command "
26298
"<command>echo c > /proc/sysrq-trigger</command>. If you are using a "
26299
"network connection, you will lose contact with the system. This is why it is "
26300
"better to do the test while being connected to the system console. This has "
26301
"the advantage of making the kernel dump process visible."
26302
msgstr ""
26303
26304
#: serverguide/C/installation.xml:1343(para)
26305
msgid "A typical test output should look like the following :"
26306
msgstr ""
26307
26308
#: serverguide/C/installation.xml:1348(command)
26309
msgid "sudo -s"
26310
msgstr ""
26311
26312
#: serverguide/C/installation.xml:1350(command)
26313
msgid "echo c > /proc/sysrq-trigger"
26314
msgstr ""
26315
26316
#: serverguide/C/installation.xml:1347(screen)
26317
#, no-wrap
26318
msgid ""
26319
"\n"
26320
"<placeholder-1/>\n"
26321
"[sudo] password for ubuntu: \n"
26322
"# <placeholder-2/>\n"
26323
"[ 31.659002] SysRq : Trigger a crash\n"
26324
"[ 31.659749] BUG: unable to handle kernel NULL pointer dereference at "
26325
" (null)\n"
26326
"[ 31.662668] IP: [<ffffffff8139f166>] sysrq_handle_crash+0x16/0x20\n"
26327
"[ 31.662668] PGD 3bfb9067 PUD 368a7067 PMD 0 \n"
26328
"[ 31.662668] Oops: 0002 [#1] SMP \n"
26329
"[ 31.662668] CPU 1 \n"
26330
"....\n"
26331
msgstr ""
26332
26333
#: serverguide/C/installation.xml:1360(para)
26334
msgid ""
26335
"The rest of the output is truncated, but you should see the system rebooting "
26336
"and somewhere in the log, you will see the following line : <screen>Begin: "
26337
"Saving vmcore from kernel crash ...</screen> Once completed, the system will "
26338
"reboot to its normal operational mode. You will then find Kernel Crash Dump "
26339
"file in the <filename>/var/crash</filename> directory :"
26340
msgstr ""
26341
26342
#: serverguide/C/installation.xml:1367(command)
26343
msgid "ls /var/crash"
26344
msgstr ""
26345
26346
#: serverguide/C/installation.xml:1366(screen)
26347
#, no-wrap
26348
msgid ""
26349
"\n"
26350
"<placeholder-1/>\n"
26351
"linux-image-3.0.0-12-server.0.crash\n"
26352
msgstr ""
26353
26354
#: serverguide/C/installation.xml:1376(para)
26355
msgid ""
26356
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
26357
"kernel. You can find more information on the topic here :"
26358
msgstr ""
26359
26360
#: serverguide/C/installation.xml:1382(para)
26361
msgid ""
26362
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
26363
"kernel documentation</ulink>."
26364
msgstr ""
26365
26366
#: serverguide/C/installation.xml:1388(ulink)
26367
msgid "The crash tool"
26368
msgstr ""
26369
26370
#: serverguide/C/installation.xml:1392(para)
26371
msgid ""
26372
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
26373
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
26374
"still gives a good walkthrough of kernel dump analysis)"
21148
26375
msgstr ""
21149
26376
21150
26377
#: serverguide/C/file-server.xml:13(title)
21164
26391
21165
26392
#: serverguide/C/file-server.xml:24(para)
21166
26393
msgid ""
21167
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
21168
"files between computers. FTP works on a client/server model. The server "
21169
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
21170
"listens for FTP requests from remote clients. When a request is received, it "
21171
"manages the login and sets up the connection. For the duration of the "
21172
"session it executes any of commands sent by the FTP client."
26394
"File Transfer Protocol (FTP) is a TCP protocol for downloading files between "
26395
"computers. In the past, it has also been used for uploading but, as that "
26396
"method does not use encryption, user credentials as well as data transferred "
26397
"in the clear and are easily intercepted. So if you are here looking for a "
26398
"way to upload and download files securely, see the section on "
26399
"<application>OpenSSH</application> in <xref linkend=\"remote-"
26400
"administration\"/> instead."
21173
26401
msgstr ""
21174
26402
21175
26403
#: serverguide/C/file-server.xml:33(para)
26404
msgid ""
26405
"FTP works on a client/server model. The server component is called an "
26406
"<emphasis>FTP daemon</emphasis>. It continuously listens for FTP requests "
26407
"from remote clients. When a request is received, it manages the login and "
26408
"sets up the connection. For the duration of the session it executes any of "
26409
"commands sent by the FTP client."
26410
msgstr ""
26411
26412
#: serverguide/C/file-server.xml:42(para)
21176
26413
msgid "Access to an FTP server can be managed in two ways:"
21177
26414
msgstr ""
21178
26415
21179
#: serverguide/C/file-server.xml:37(para)
26416
#: serverguide/C/file-server.xml:46(para)
21180
26417
msgid "Anonymous"
21181
26418
msgstr ""
21182
26419
21183
#: serverguide/C/file-server.xml:40(para)
26420
#: serverguide/C/file-server.xml:49(para)
21184
26421
msgid "Authenticated"
21185
26422
msgstr ""
21186
26423
21187
#: serverguide/C/file-server.xml:43(para)
26424
#: serverguide/C/file-server.xml:52(para)
21188
26425
msgid ""
21189
26426
"In the Anonymous mode, remote clients can access the FTP server by using the "
21190
26427
"default user account called \"anonymous\" or \"ftp\" and sending an email "
21191
26428
"address as the password. In the Authenticated mode a user must have an "
21192
"account and a password. User access to the FTP server directories and files "
21193
"is dependent on the permissions defined for the account used at login. As a "
21194
"general rule, the FTP daemon will hide the root directory of the FTP server "
21195
"and change it to the FTP Home directory. This hides the rest of the file "
21196
"system from remote sessions."
26429
"account and a password. This latter choice is very insecure and should not "
26430
"be used except in special circumstances. If you are looking to transfer "
26431
"files securely see SFTP in the section on OpenSSH-Server. User access to the "
26432
"FTP server directories and files is dependent on the permissions defined for "
26433
"the account used at login. As a general rule, the FTP daemon will hide the "
26434
"root directory of the FTP server and change it to the FTP Home directory. "
26435
"This hides the rest of the file system from remote sessions."
21197
26436
msgstr ""
21198
26437
21199
#: serverguide/C/file-server.xml:55(title)
26438
#: serverguide/C/file-server.xml:70(title)
21200
26439
msgid "vsftpd - FTP Server Installation"
21201
26440
msgstr ""
21202
26441
21203
#: serverguide/C/file-server.xml:57(para)
26442
#: serverguide/C/file-server.xml:72(para)
21204
26443
msgid ""
21205
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
21206
"and maintain. To install <application>vsftpd</application> you can run the "
21207
"following command:"
26444
"<application>vsftpd</application> is an FTP daemon available in Ubuntu. It "
26445
"is easy to install, set up, and maintain. To install "
26446
"<application>vsftpd</application> you can run the following command:"
21208
26447
msgstr ""
21209
26448
21210
#: serverguide/C/file-server.xml:65(command)
26449
#: serverguide/C/file-server.xml:80(command)
21211
26450
msgid "sudo apt-get install vsftpd"
21212
26451
msgstr ""
21213
26452
21214
#: serverguide/C/file-server.xml:71(title)
26453
#: serverguide/C/file-server.xml:86(title)
21215
26454
msgid "Anonymous FTP Configuration"
21216
26455
msgstr ""
21217
26456
21218
#: serverguide/C/file-server.xml:73(para)
21219
msgid ""
21220
"By default <application>vsftpd</application> is configured to only allow "
21221
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
21222
"created with a home directory of <filename>/home/ftp</filename>. This is the "
21223
"default FTP directory."
21224
msgstr ""
21225
21226
#: serverguide/C/file-server.xml:80(para)
21227
msgid ""
21228
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
21229
"example, simply create a directory in another location and change the "
26457
#: serverguide/C/file-server.xml:88(para)
26458
msgid ""
26459
"By default <application>vsftpd</application> is <emphasis>not</emphasis> "
26460
"configured to allow anonymous download. If you wish to enable anonymous "
26461
"download edit <filename>/etc/vsftpd.conf</filename> by changing:"
26462
msgstr ""
26463
26464
#: serverguide/C/file-server.xml:93(programlisting)
26465
#, no-wrap
26466
msgid ""
26467
"\n"
26468
"anonymous_enable=Yes\n"
26469
msgstr ""
26470
26471
#: serverguide/C/file-server.xml:97(para)
26472
msgid ""
26473
"During installation a <emphasis>ftp</emphasis> user is created with a home "
26474
"directory of <filename>/srv/ftp</filename>. This is the default FTP "
26475
"directory."
26476
msgstr ""
26477
26478
#: serverguide/C/file-server.xml:102(para)
26479
msgid ""
26480
"If you wish to change this location, to <filename>/srv/files/ftp</filename> "
26481
"for example, simply create a directory in another location and change the "
21230
26482
"<emphasis>ftp</emphasis> user's home directory:"
21231
26483
msgstr ""
21232
26484
21233
#: serverguide/C/file-server.xml:87(command)
21234
msgid "sudo mkdir /srv/ftp"
21235
msgstr ""
21236
21237
#: serverguide/C/file-server.xml:88(command)
21238
msgid "sudo usermod -d /srv/ftp ftp"
21239
msgstr ""
21240
21241
#: serverguide/C/file-server.xml:91(para)
26485
#: serverguide/C/file-server.xml:109(command)
26486
msgid "sudo mkdir /srv/files/ftp"
26487
msgstr ""
26488
26489
#: serverguide/C/file-server.xml:110(command)
26490
msgid "sudo usermod -d /srv/files/ftp ftp"
26491
msgstr ""
26492
26493
#: serverguide/C/file-server.xml:113(para)
21242
26494
msgid "After making the change restart <application>vsftpd</application>:"
21243
26495
msgstr ""
21244
26496
21245
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
21246
msgid "sudo /etc/init.d/vsftpd restart"
26497
#: serverguide/C/file-server.xml:118(command) serverguide/C/file-server.xml:146(command) serverguide/C/file-server.xml:211(command) serverguide/C/file-server.xml:260(command)
26498
msgid "sudo restart vsftpd"
21247
26499
msgstr ""
21248
26500
21249
#: serverguide/C/file-server.xml:99(para)
26501
#: serverguide/C/file-server.xml:121(para)
21250
26502
msgid ""
21251
26503
"Finally, copy any files and directories you would like to make available "
21252
"through anonymous FTP to <filename>/srv/ftp</filename>."
26504
"through anonymous FTP to <filename>/srv/files/ftp</filename>, or "
26505
"<filename>/srv/ftp</filename> if you wish to use the default."
21253
26506
msgstr ""
21254
26507
21255
#: serverguide/C/file-server.xml:106(title)
26508
#: serverguide/C/file-server.xml:129(title)
21256
26509
msgid "User Authenticated FTP Configuration"
21257
26510
msgstr ""
21258
26511
21259
#: serverguide/C/file-server.xml:108(para)
26512
#: serverguide/C/file-server.xml:131(para)
21260
26513
msgid ""
21261
"To configure <application>vsftpd</application> to authenticate system users "
21262
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
26514
"By default <application>vsftpd</application> is configured to authenticate "
26515
"system users and allow them to download files. If you want users to be able "
26516
"to upload files, edit <filename>/etc/vsftpd.conf</filename>:"
21263
26517
msgstr ""
21264
26518
21265
#: serverguide/C/file-server.xml:114(programlisting)
26519
#: serverguide/C/file-server.xml:137(programlisting)
21266
26520
#, no-wrap
21267
26521
msgid ""
21268
26522
"\n"
21269
"local_enable=YES\n"
21270
26523
"write_enable=YES\n"
21271
26524
msgstr ""
21272
26525
21273
#: serverguide/C/file-server.xml:119(para)
26526
#: serverguide/C/file-server.xml:141(para)
21274
26527
msgid "Now restart <application>vsftpd</application>:"
21275
26528
msgstr ""
21276
26529
21277
#: serverguide/C/file-server.xml:127(para)
26530
#: serverguide/C/file-server.xml:149(para)
21278
26531
msgid ""
21279
26532
"Now when system users login to FTP they will start in their "
21280
26533
"<emphasis>home</emphasis> directories where they can download, upload, "
21281
26534
"create directories, etc."
21282
26535
msgstr ""
21283
26536
21284
#: serverguide/C/file-server.xml:133(para)
26537
#: serverguide/C/file-server.xml:155(para)
21285
26538
msgid ""
21286
"Similarly, by default, the anonymous users are not allowed to upload files "
21287
"to FTP server. To change this setting, you should uncomment the following "
21288
"line, and restart <application>vsftpd</application>:"
26539
"Similarly, by default, anonymous users are not allowed to upload files to "
26540
"FTP server. To change this setting, you should uncomment the following line, "
26541
"and restart <application>vsftpd</application>:"
21289
26542
msgstr ""
21290
26543
21291
#: serverguide/C/file-server.xml:140(programlisting)
26544
#: serverguide/C/file-server.xml:162(programlisting)
21292
26545
#, no-wrap
21293
26546
msgid ""
21294
26547
"\n"
21295
26548
"anon_upload_enable=YES\n"
21296
26549
msgstr ""
21297
26550
21298
#: serverguide/C/file-server.xml:145(para)
26551
#: serverguide/C/file-server.xml:167(para)
21299
26552
msgid ""
21300
26553
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
21301
26554
"not enable anonymous upload on servers accessed directly from the Internet."
21302
26555
msgstr ""
21303
26556
21304
#: serverguide/C/file-server.xml:151(para)
26557
#: serverguide/C/file-server.xml:173(para)
21305
26558
msgid ""
21306
26559
"The configuration file consists of many configuration parameters. The "
21307
26560
"information about each parameter is available in the configuration file. "
21309
26562
"vsftpd.conf</command> for details of each parameter."
21310
26563
msgstr ""
21311
26564
21312
#: serverguide/C/file-server.xml:162(title)
26565
#: serverguide/C/file-server.xml:184(title)
21313
26566
msgid "Securing FTP"
21314
26567
msgstr ""
21315
26568
21316
#: serverguide/C/file-server.xml:164(para)
26569
#: serverguide/C/file-server.xml:186(para)
21317
26570
msgid ""
21318
26571
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
21319
26572
"<application>vsftpd</application> more secure. For example users can be "
21320
26573
"limited to their home directories by uncommenting:"
21321
26574
msgstr ""
21322
26575
21323
#: serverguide/C/file-server.xml:170(programlisting)
26576
#: serverguide/C/file-server.xml:192(programlisting)
21324
26577
#, no-wrap
21325
26578
msgid ""
21326
26579
"\n"
21327
26580
"chroot_local_user=YES\n"
21328
26581
msgstr ""
21329
26582
21330
#: serverguide/C/file-server.xml:174(para)
26583
#: serverguide/C/file-server.xml:196(para)
21331
26584
msgid ""
21332
26585
"You can also limit a specific list of users to just their home directories:"
21333
26586
msgstr ""
21334
26587
21335
#: serverguide/C/file-server.xml:178(programlisting)
26588
#: serverguide/C/file-server.xml:200(programlisting)
21336
26589
#, no-wrap
21337
26590
msgid ""
21338
26591
"\n"
21340
26593
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21341
26594
msgstr ""
21342
26595
21343
#: serverguide/C/file-server.xml:183(para)
26596
#: serverguide/C/file-server.xml:205(para)
21344
26597
msgid ""
21345
26598
"After uncommenting the above options, create a "
21346
26599
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
21347
26600
"per line. Then restart <application>vsftpd</application>:"
21348
26601
msgstr ""
21349
26602
21350
#: serverguide/C/file-server.xml:192(para)
26603
#: serverguide/C/file-server.xml:214(para)
21351
26604
msgid ""
21352
26605
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21353
26606
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21355
26608
"add them to the list."
21356
26609
msgstr ""
21357
26610
21358
#: serverguide/C/file-server.xml:199(para)
26611
#: serverguide/C/file-server.xml:221(para)
21359
26612
msgid ""
21360
26613
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21361
26614
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21364
26617
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21365
26618
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21366
26619
"with a shell may not be ideal for some environments, such as a shared web "
21367
"host."
26620
"host. However, it is possible to restrict such accounts to only SFTP and "
26621
"disable shell interaction. See the section on OpenSSH-Server for more."
21368
26622
msgstr ""
21369
26623
21370
#: serverguide/C/file-server.xml:208(para)
26624
#: serverguide/C/file-server.xml:231(para)
21371
26625
msgid ""
21372
26626
"To configure <emphasis>FTPS</emphasis>, edit "
21373
26627
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21374
26628
msgstr ""
21375
26629
21376
#: serverguide/C/file-server.xml:212(programlisting)
26630
#: serverguide/C/file-server.xml:235(programlisting)
21377
26631
#, no-wrap
21378
26632
msgid ""
21379
26633
"\n"
21380
26634
"ssl_enable=Yes\n"
21381
26635
msgstr ""
21382
26636
21383
#: serverguide/C/file-server.xml:216(para)
26637
#: serverguide/C/file-server.xml:239(para)
21384
26638
msgid "Also, notice the certificate and key related options:"
21385
26639
msgstr ""
21386
26640
21387
#: serverguide/C/file-server.xml:220(programlisting)
26641
#: serverguide/C/file-server.xml:243(programlisting)
21388
26642
#, no-wrap
21389
26643
msgid ""
21390
26644
"\n"
21392
26646
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21393
26647
msgstr ""
21394
26648
21395
#: serverguide/C/file-server.xml:225(para)
26649
#: serverguide/C/file-server.xml:248(para)
21396
26650
msgid ""
21397
"By default these options are set the certificate and key provided by the "
26651
"By default these options are set to the certificate and key provided by the "
21398
26652
"<application>ssl-cert</application> package. In a production environment "
21399
26653
"these should be replaced with a certificate and key generated for the "
21400
26654
"specific host. For more information on certificates see <xref "
21401
26655
"linkend=\"certificates-and-security\"/>."
21402
26656
msgstr ""
21403
26657
21404
#: serverguide/C/file-server.xml:231(para)
26658
#: serverguide/C/file-server.xml:254(para)
21405
26659
msgid ""
21406
26660
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21407
26661
"be forced to use <emphasis>FTPS</emphasis>:"
21408
26662
msgstr ""
21409
26663
21410
#: serverguide/C/file-server.xml:240(para)
26664
#: serverguide/C/file-server.xml:263(para)
21411
26665
msgid ""
21412
26666
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21413
26667
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21414
26668
"adding the <emphasis>nologin</emphasis> shell:"
21415
26669
msgstr ""
21416
26670
21417
#: serverguide/C/file-server.xml:245(programlisting)
26671
#: serverguide/C/file-server.xml:268(programlisting)
21418
26672
#, no-wrap
21419
26673
msgid ""
21420
26674
"\n"
21435
26689
"/usr/sbin/nologin\n"
21436
26690
msgstr ""
21437
26691
21438
#: serverguide/C/file-server.xml:263(para)
26692
#: serverguide/C/file-server.xml:286(para)
21439
26693
msgid ""
21440
26694
"This is necessary because, by default <application>vsftpd</application> uses "
21441
26695
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21442
26696
"configuration file contains:"
21443
26697
msgstr ""
21444
26698
21445
#: serverguide/C/file-server.xml:268(programlisting)
26699
#: serverguide/C/file-server.xml:291(programlisting)
21446
26700
#, no-wrap
21447
26701
msgid ""
21448
26702
"\n"
21449
26703
"auth required pam_shells.so\n"
21450
26704
msgstr ""
21451
26705
21452
#: serverguide/C/file-server.xml:272(para)
26706
#: serverguide/C/file-server.xml:295(para)
21453
26707
msgid ""
21454
26708
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21455
26709
"in the <filename>/etc/shells</filename> file."
21456
26710
msgstr ""
21457
26711
21458
#: serverguide/C/file-server.xml:277(para)
26712
#: serverguide/C/file-server.xml:300(para)
21459
26713
msgid ""
21460
"Most popular FTP clients can be configured connect using FTPS. The "
26714
"Most popular FTP clients can be configured to connect using FTPS. The "
21461
26715
"<application>lftp</application> command line FTP client has the ability to "
21462
26716
"use FTPS as well."
21463
26717
msgstr ""
21464
26718
21465
#: serverguide/C/file-server.xml:288(para)
26719
#: serverguide/C/file-server.xml:311(para)
21466
26720
msgid ""
21467
26721
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21468
26722
"website</ulink> for more information."
21469
26723
msgstr ""
21470
26724
21471
#: serverguide/C/file-server.xml:293(para)
26725
#: serverguide/C/file-server.xml:316(para)
21472
26726
msgid ""
21473
26727
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21474
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
26728
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man5/vsftpd.conf.5.html"
21475
26729
"\">vsftpd.conf man page</ulink>."
21476
26730
msgstr ""
21477
26731
21478
#: serverguide/C/file-server.xml:299(para)
21479
msgid ""
21480
"The CodeGurus article <ulink "
21481
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21482
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21483
"contrasting FTPS and SFTP."
21484
msgstr ""
21485
21486
#: serverguide/C/file-server.xml:305(para)
21487
msgid ""
21488
"Also, for more information see the <ulink "
21489
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21490
"page."
21491
msgstr ""
21492
21493
#: serverguide/C/file-server.xml:315(title)
26732
#: serverguide/C/file-server.xml:327(title)
21494
26733
msgid "Network File System (NFS)"
21495
26734
msgstr ""
21496
26735
21497
#: serverguide/C/file-server.xml:316(para)
26736
#: serverguide/C/file-server.xml:328(para)
21498
26737
msgid ""
21499
26738
"NFS allows a system to share directories and files with others over a "
21500
26739
"network. By using NFS, users and programs can access files on remote systems "
21501
26740
"almost as if they were local files."
21502
26741
msgstr ""
21503
26742
21504
#: serverguide/C/file-server.xml:322(para)
26743
#: serverguide/C/file-server.xml:334(para)
21505
26744
msgid "Some of the most notable benefits that NFS can provide are:"
21506
26745
msgstr ""
21507
26746
21508
#: serverguide/C/file-server.xml:328(para)
26747
#: serverguide/C/file-server.xml:340(para)
21509
26748
msgid ""
21510
26749
"Local workstations use less disk space because commonly used data can be "
21511
26750
"stored on a single machine and still remain accessible to others over the "
21512
26751
"network."
21513
26752
msgstr ""
21514
26753
21515
#: serverguide/C/file-server.xml:333(para)
26754
#: serverguide/C/file-server.xml:345(para)
21516
26755
msgid ""
21517
26756
"There is no need for users to have separate home directories on every "
21518
26757
"network machine. Home directories could be set up on the NFS server and made "
21519
26758
"available throughout the network."
21520
26759
msgstr ""
21521
26760
21522
#: serverguide/C/file-server.xml:339(para)
26761
#: serverguide/C/file-server.xml:351(para)
21523
26762
msgid ""
21524
26763
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21525
26764
"be used by other machines on the network. This may reduce the number of "
21526
26765
"removable media drives throughout the network."
21527
26766
msgstr ""
21528
26767
21529
#: serverguide/C/file-server.xml:349(para)
26768
#: serverguide/C/file-server.xml:361(para)
21530
26769
msgid ""
21531
26770
"At a terminal prompt enter the following command to install the NFS Server:"
21532
26771
msgstr ""
21533
26772
21534
#: serverguide/C/file-server.xml:355(command)
26773
#: serverguide/C/file-server.xml:367(command)
21535
26774
msgid "sudo apt-get install nfs-kernel-server"
21536
26775
msgstr ""
21537
26776
21538
#: serverguide/C/file-server.xml:361(para)
26777
#: serverguide/C/file-server.xml:373(para)
21539
26778
msgid ""
21540
26779
"You can configure the directories to be exported by adding them to the "
21541
26780
"<filename>/etc/exports</filename> file. For example:"
21542
26781
msgstr ""
21543
26782
21544
#: serverguide/C/file-server.xml:366(screen)
26783
#: serverguide/C/file-server.xml:378(screen)
21545
26784
#, no-wrap
21546
26785
msgid ""
21547
26786
"\n"
21549
26788
"/home *(rw,sync,no_root_squash)\n"
21550
26789
msgstr ""
21551
26790
21552
#: serverguide/C/file-server.xml:372(para)
26791
#: serverguide/C/file-server.xml:384(para)
21553
26792
msgid ""
21554
26793
"You can replace * with one of the hostname formats. Make the hostname "
21555
26794
"declaration as specific as possible so unwanted systems cannot access the "
21556
26795
"NFS mount."
21557
26796
msgstr ""
21558
26797
21559
#: serverguide/C/file-server.xml:378(para)
26798
#: serverguide/C/file-server.xml:390(para)
21560
26799
msgid ""
21561
26800
"To start the NFS server, you can run the following command at a terminal "
21562
26801
"prompt:"
21563
26802
msgstr ""
21564
26803
21565
#: serverguide/C/file-server.xml:383(command)
26804
#: serverguide/C/file-server.xml:395(command)
21566
26805
msgid "sudo /etc/init.d/nfs-kernel-server start"
21567
26806
msgstr ""
21568
26807
21569
#: serverguide/C/file-server.xml:388(title)
26808
#: serverguide/C/file-server.xml:400(title)
21570
26809
msgid "NFS Client Configuration"
21571
26810
msgstr ""
21572
26811
21573
#: serverguide/C/file-server.xml:389(para)
26812
#: serverguide/C/file-server.xml:401(para)
21574
26813
msgid ""
21575
26814
"Use the <application>mount</application> command to mount a shared NFS "
21576
26815
"directory from another machine, by typing a command line similar to the "
21577
26816
"following at a terminal prompt:"
21578
26817
msgstr ""
21579
26818
21580
#: serverguide/C/file-server.xml:395(command)
26819
#: serverguide/C/file-server.xml:407(command)
21581
26820
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21582
26821
msgstr ""
21583
26822
21584
#: serverguide/C/file-server.xml:399(para)
26823
#: serverguide/C/file-server.xml:411(para)
21585
26824
msgid ""
21586
26825
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21587
26826
"There should be no files or subdirectories in the "
21588
26827
"<filename>/local/ubuntu</filename> directory."
21589
26828
msgstr ""
21590
26829
21591
#: serverguide/C/file-server.xml:406(para)
26830
#: serverguide/C/file-server.xml:418(para)
21592
26831
msgid ""
21593
26832
"An alternate way to mount an NFS share from another machine is to add a line "
21594
26833
"to the <filename>/etc/fstab</filename> file. The line must state the "
21596
26835
"the directory on the local machine where the NFS share is to be mounted."
21597
26836
msgstr ""
21598
26837
21599
#: serverguide/C/file-server.xml:414(para)
26838
#: serverguide/C/file-server.xml:426(para)
21600
26839
msgid ""
21601
26840
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21602
26841
"as follows:"
21603
26842
msgstr ""
21604
26843
21605
#: serverguide/C/file-server.xml:420(programlisting)
26844
#: serverguide/C/file-server.xml:432(programlisting)
21606
26845
#, no-wrap
21607
26846
msgid ""
21608
26847
"\n"
21610
26849
"rsize=8192,wsize=8192,timeo=14,intr\n"
21611
26850
msgstr ""
21612
26851
21613
#: serverguide/C/file-server.xml:424(para)
26852
#: serverguide/C/file-server.xml:436(para)
21614
26853
msgid ""
21615
26854
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21616
26855
"common</application> package is installed on your client. To install "
21620
26859
"</screen>"
21621
26860
msgstr ""
21622
26861
21623
#: serverguide/C/file-server.xml:437(ulink)
26862
#: serverguide/C/file-server.xml:449(ulink)
21624
26863
msgid "Linux NFS faq"
21625
26864
msgstr ""
21626
26865
21627
#: serverguide/C/file-server.xml:439(ulink)
26866
#: serverguide/C/file-server.xml:451(ulink)
21628
26867
msgid "Ubuntu Wiki NFS Howto"
21629
26868
msgstr ""
21630
26869
21631
#: serverguide/C/file-server.xml:445(title)
26870
#: serverguide/C/file-server.xml:457(title)
26871
msgid "iSCSI Initiator"
26872
msgstr ""
26873
26874
#: serverguide/C/file-server.xml:459(para)
26875
msgid ""
26876
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
26877
"protocol that allows SCSI commands to be transmitted over a network. "
26878
"Typically iSCSI is implemented in a SAN (Storage Area Network) to allow "
26879
"servers to access a large store of hard drive space. The iSCSI protocol "
26880
"refers to clients as <emphasis>initiators</emphasis> and iSCSI servers as "
26881
"<emphasis>targets</emphasis>."
26882
msgstr ""
26883
26884
#: serverguide/C/file-server.xml:465(para)
26885
msgid ""
26886
"Ubuntu Server can be configured as both an iSCSI iniator and a target. This "
26887
"guide provides commands and configuration options to setup an iSCSI "
26888
"initiator. It is assumed that you already have an iSCSI target on your local "
26889
"network and have the appropriate rights to connect to it. The instructions "
26890
"for setting up a target vary greatly between hardware providers, so consult "
26891
"your vendor documentation to configure your specific iSCSI target."
26892
msgstr ""
26893
26894
#: serverguide/C/file-server.xml:473(title)
26895
msgid "iSCSI Initiator Install"
26896
msgstr ""
26897
26898
#: serverguide/C/file-server.xml:475(para)
26899
msgid ""
26900
"To configure Ubuntu Server as an iSCSI initiator install the "
26901
"<application>open-iscsi</application> package. In a terminal enter:"
26902
msgstr ""
26903
26904
#: serverguide/C/file-server.xml:480(command)
26905
msgid "sudo apt-get install open-iscsi"
26906
msgstr ""
26907
26908
#: serverguide/C/file-server.xml:485(title)
26909
msgid "iSCSI Initiator Configuration"
26910
msgstr ""
26911
26912
#: serverguide/C/file-server.xml:487(para)
26913
msgid ""
26914
"Once the <application>open-iscsi</application> package is installed, edit "
26915
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
26916
msgstr ""
26917
26918
#: serverguide/C/file-server.xml:491(programlisting)
26919
#, no-wrap
26920
msgid ""
26921
"\n"
26922
"node.startup = automatic\n"
26923
msgstr ""
26924
26925
#: serverguide/C/file-server.xml:495(para)
26926
msgid ""
26927
"You can check which targets are available by using the "
26928
"<application>iscsiadm</application> utility. Enter the following in a "
26929
"terminal:"
26930
msgstr ""
26931
26932
#: serverguide/C/file-server.xml:500(command)
26933
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
26934
msgstr ""
26935
26936
#: serverguide/C/file-server.xml:504(para)
26937
msgid ""
26938
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
26939
msgstr ""
26940
26941
#: serverguide/C/file-server.xml:505(para)
26942
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
26943
msgstr ""
26944
26945
#: serverguide/C/file-server.xml:506(para)
26946
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
26947
msgstr ""
26948
26949
#: serverguide/C/file-server.xml:510(para)
26950
msgid ""
26951
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
26952
"your network."
26953
msgstr ""
26954
26955
#: serverguide/C/file-server.xml:515(para)
26956
msgid ""
26957
"If the target is available you should see output similar to the following:"
26958
msgstr ""
26959
26960
#: serverguide/C/file-server.xml:520(computeroutput)
26961
#, no-wrap
26962
msgid ""
26963
"\n"
26964
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
26965
msgstr ""
26966
26967
#: serverguide/C/file-server.xml:526(para)
26968
msgid ""
26969
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
26970
"on your hardware."
26971
msgstr ""
26972
26973
#: serverguide/C/file-server.xml:531(para)
26974
msgid ""
26975
"You should now be able to connect to the iSCSI target, and depending on your "
26976
"target setup you may have to enter user credentials. Login to the iSCSI node:"
26977
msgstr ""
26978
26979
#: serverguide/C/file-server.xml:537(command)
26980
msgid "sudo iscsiadm -m node --login"
26981
msgstr ""
26982
26983
#: serverguide/C/file-server.xml:540(para)
26984
msgid ""
26985
"Check to make sure that the new disk has been detected using "
26986
"<application>dmesg</application>:"
26987
msgstr ""
26988
26989
#: serverguide/C/file-server.xml:545(command)
26990
msgid "dmesg | grep sd"
26991
msgstr ""
26992
26993
#: serverguide/C/file-server.xml:546(computeroutput)
26994
#, no-wrap
26995
msgid ""
26996
"\n"
26997
"[ 4.322384] sd 2:0:0:0: Attached scsi generic sg1 type 0\n"
26998
"[ 4.322797] sd 2:0:0:0: [sda] 41943040 512-byte logical blocks: (21.4 "
26999
"GB/20.0 GiB)\n"
27000
"[ 4.322843] sd 2:0:0:0: [sda] Write Protect is off\n"
27001
"[ 4.322846] sd 2:0:0:0: [sda] Mode Sense: 03 00 00 00\n"
27002
"[ 4.322896] sd 2:0:0:0: [sda] Cache data unavailable\n"
27003
"[ 4.322899] sd 2:0:0:0: [sda] Assuming drive cache: write through\n"
27004
"[ 4.323230] sd 2:0:0:0: [sda] Cache data unavailable\n"
27005
"[ 4.323233] sd 2:0:0:0: [sda] Assuming drive cache: write through\n"
27006
"[ 4.325312] sda: sda1 sda2 < sda5 >\n"
27007
"[ 4.325729] sd 2:0:0:0: [sda] Cache data unavailable\n"
27008
"[ 4.325732] sd 2:0:0:0: [sda] Assuming drive cache: write through\n"
27009
"[ 4.325735] sd 2:0:0:0: [sda] Attached SCSI disk\n"
27010
"[ 2486.941805] sd 4:0:0:3: Attached scsi generic sg3 type 0\n"
27011
"[ 2486.952093] sd 4:0:0:3: [sdb] 1126400000 512-byte logical blocks: (576 "
27012
"GB/537 GiB)\n"
27013
"[ 2486.954195] sd 4:0:0:3: [sdb] Write Protect is off\n"
27014
"[ 2486.954200] sd 4:0:0:3: [sdb] Mode Sense: 8f 00 00 08\n"
27015
"[ 2486.954692] sd 4:0:0:3: [sdb] Write cache: disabled, read cache: enabled, "
27016
"doesn't\n"
27017
" support DPO or FUA\n"
27018
"[ 2486.960577] sdb: sdb1\n"
27019
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
27020
msgstr ""
27021
27022
#: serverguide/C/file-server.xml:570(para)
27023
msgid ""
27024
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
27025
"this is just an example; the output you see on your screen will vary."
27026
msgstr ""
27027
27028
#: serverguide/C/file-server.xml:575(para)
27029
msgid ""
27030
"Next, create a partition, format the file system, and mount the new iSCSI "
27031
"disk. In a terminal enter:"
27032
msgstr ""
27033
27034
#: serverguide/C/file-server.xml:580(command)
27035
msgid "sudo fdisk /dev/sdb"
27036
msgstr ""
27037
27038
#: serverguide/C/file-server.xml:581(command)
27039
msgid "n"
27040
msgstr ""
27041
27042
#: serverguide/C/file-server.xml:582(command)
27043
msgid "p"
27044
msgstr ""
27045
27046
#: serverguide/C/file-server.xml:583(command)
27047
msgid "enter"
27048
msgstr ""
27049
27050
#: serverguide/C/file-server.xml:584(command)
27051
msgid "w"
27052
msgstr ""
27053
27054
#: serverguide/C/file-server.xml:588(para)
27055
msgid ""
27056
"The above commands are from inside the <application>fdisk</application> "
27057
"utility; see <command>man fdisk</command> for more detailed instructions. "
27058
"Also, the <application>cfdisk</application> utility is sometimes more user "
27059
"friendly."
27060
msgstr ""
27061
27062
#: serverguide/C/file-server.xml:594(para)
27063
msgid ""
27064
"Now format the file system and mount it to <filename>/srv</filename> as an "
27065
"example:"
27066
msgstr ""
27067
27068
#: serverguide/C/file-server.xml:599(command)
27069
msgid "sudo mkfs.ext4 /dev/sdb1"
27070
msgstr ""
27071
27072
#: serverguide/C/file-server.xml:600(command)
27073
msgid "sudo mount /dev/sdb1 /srv"
27074
msgstr ""
27075
27076
#: serverguide/C/file-server.xml:604(para)
27077
msgid ""
27078
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
27079
"drive during boot:"
27080
msgstr ""
27081
27082
#: serverguide/C/file-server.xml:608(programlisting)
27083
#, no-wrap
27084
msgid ""
27085
"\n"
27086
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
27087
msgstr ""
27088
27089
#: serverguide/C/file-server.xml:612(para)
27090
msgid ""
27091
"It is a good idea to make sure everything is working as expected by "
27092
"rebooting the server."
27093
msgstr ""
27094
27095
#: serverguide/C/file-server.xml:621(ulink)
27096
msgid "Open-iSCSI Website"
27097
msgstr ""
27098
27099
#: serverguide/C/file-server.xml:624(ulink) serverguide/C/file-server.xml:810(ulink)
27100
msgid "Debian Open-iSCSI page"
27101
msgstr ""
27102
27103
#: serverguide/C/file-server.xml:631(title)
21632
27104
msgid "CUPS - Print Server"
21633
27105
msgstr ""
21634
27106
21635
#: serverguide/C/file-server.xml:446(para)
27107
#: serverguide/C/file-server.xml:632(para)
21636
27108
msgid ""
21637
27109
"The primary mechanism for Ubuntu printing and print services is the "
21638
27110
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21640
27112
"become the new standard for printing in most Linux distributions."
21641
27113
msgstr ""
21642
27114
21643
#: serverguide/C/file-server.xml:453(para)
27115
#: serverguide/C/file-server.xml:639(para)
21644
27116
msgid ""
21645
27117
"CUPS manages print jobs and queues and provides network printing using the "
21646
27118
"standard Internet Printing Protocol (IPP), while offering support for a very "
21650
27122
"administration tool."
21651
27123
msgstr ""
21652
27124
21653
#: serverguide/C/file-server.xml:463(para)
27125
#: serverguide/C/file-server.xml:649(para)
21654
27126
msgid ""
21655
27127
"To install CUPS on your Ubuntu computer, simply use "
21656
27128
"<application>sudo</application> with the <application>apt-get</application> "
21660
27132
"CUPS:"
21661
27133
msgstr ""
21662
27134
21663
#: serverguide/C/file-server.xml:468(command)
27135
#: serverguide/C/file-server.xml:654(command)
21664
27136
msgid "sudo apt-get install cups"
21665
27137
msgstr ""
21666
27138
21667
#: serverguide/C/file-server.xml:471(para)
27139
#: serverguide/C/file-server.xml:657(para)
21668
27140
msgid ""
21669
27141
"Upon authenticating with your user password, the packages should be "
21670
27142
"downloaded and installed without error. Upon the conclusion of installation, "
21671
27143
"the CUPS server will be started automatically."
21672
27144
msgstr ""
21673
27145
21674
#: serverguide/C/file-server.xml:476(para)
27146
#: serverguide/C/file-server.xml:662(para)
21675
27147
msgid ""
21676
27148
"For troubleshooting purposes, you can access CUPS server errors via the "
21677
27149
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21684
27156
"from becoming overly large."
21685
27157
msgstr ""
21686
27158
21687
#: serverguide/C/file-server.xml:489(para)
27159
#: serverguide/C/file-server.xml:675(para)
21688
27160
msgid ""
21689
27161
"The Common UNIX Printing System server's behavior is configured through the "
21690
27162
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21695
27167
"initially will be presented here."
21696
27168
msgstr ""
21697
27169
21698
#: serverguide/C/file-server.xml:499(para)
27170
#: serverguide/C/file-server.xml:685(para)
21699
27171
msgid ""
21700
27172
"Prior to editing the configuration file, you should make a copy of the "
21701
27173
"original file and protect it from writing, so you will have the original "
21702
27174
"settings as a reference, and to reuse as necessary."
21703
27175
msgstr ""
21704
27176
21705
#: serverguide/C/file-server.xml:503(para)
27177
#: serverguide/C/file-server.xml:689(para)
21706
27178
msgid ""
21707
27179
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21708
27180
"writing with the following commands, issued at a terminal prompt:"
21709
27181
msgstr ""
21710
27182
21711
#: serverguide/C/file-server.xml:509(command)
27183
#: serverguide/C/file-server.xml:695(command)
21712
27184
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21713
27185
msgstr ""
21714
27186
21715
#: serverguide/C/file-server.xml:510(command)
27187
#: serverguide/C/file-server.xml:696(command)
21716
27188
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21717
27189
msgstr ""
21718
27190
21719
#: serverguide/C/file-server.xml:515(para)
27191
#: serverguide/C/file-server.xml:701(para)
21720
27192
msgid ""
21721
27193
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21722
27194
"address of the designated administrator of the CUPS server, simply edit the "
21728
27200
"as such:"
21729
27201
msgstr ""
21730
27202
21731
#: serverguide/C/file-server.xml:526(screen)
27203
#: serverguide/C/file-server.xml:712(screen)
21732
27204
#, no-wrap
21733
27205
msgid ""
21734
27206
"\n"
21735
27207
"ServerAdmin bjoy@somebigco.com\n"
21736
27208
msgstr ""
21737
27209
21738
#: serverguide/C/file-server.xml:532(para)
27210
#: serverguide/C/file-server.xml:718(para)
21739
27211
msgid ""
21740
27212
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21741
27213
"server installation listens only on the loopback interface at IP address "
21750
27222
"such:"
21751
27223
msgstr ""
21752
27224
21753
#: serverguide/C/file-server.xml:546(screen)
27225
#: serverguide/C/file-server.xml:732(screen)
21754
27226
#, no-wrap
21755
27227
msgid ""
21756
27228
"\n"
21760
27232
"(IPP)\n"
21761
27233
msgstr ""
21762
27234
21763
#: serverguide/C/file-server.xml:552(para)
27235
#: serverguide/C/file-server.xml:738(para)
21764
27236
msgid ""
21765
27237
"In the example above, you may comment out or remove the reference to the "
21766
27238
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21771
27243
"<emphasis>socrates</emphasis> as such:"
21772
27244
msgstr ""
21773
27245
21774
#: serverguide/C/file-server.xml:562(screen)
27246
#: serverguide/C/file-server.xml:748(screen)
21775
27247
#, no-wrap
21776
27248
msgid ""
21777
27249
"\n"
21778
27250
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21779
27251
msgstr ""
21780
27252
21781
#: serverguide/C/file-server.xml:566(para)
27253
#: serverguide/C/file-server.xml:752(para)
21782
27254
msgid ""
21783
27255
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21784
27256
"instead, as in:"
21785
27257
msgstr ""
21786
27258
21787
#: serverguide/C/file-server.xml:568(screen)
27259
#: serverguide/C/file-server.xml:754(screen)
21788
27260
#, no-wrap
21789
27261
msgid ""
21790
27262
"\n"
21791
27263
"Port 631 # Listen on port 631 on all interfaces\n"
21792
27264
msgstr ""
21793
27265
21794
#: serverguide/C/file-server.xml:575(para)
27266
#: serverguide/C/file-server.xml:761(para)
21795
27267
msgid ""
21796
27268
"For more examples of configuration directives in the CUPS server "
21797
27269
"configuration file, view the associated system manual page by entering the "
21798
27270
"following command at a terminal prompt:"
21799
27271
msgstr ""
21800
27272
21801
#: serverguide/C/file-server.xml:582(command)
27273
#: serverguide/C/file-server.xml:768(command)
21802
27274
msgid "man cupsd.conf"
21803
27275
msgstr ""
21804
27276
21805
#: serverguide/C/file-server.xml:586(para)
27277
#: serverguide/C/file-server.xml:772(para)
21806
27278
msgid ""
21807
27279
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21808
27280
"configuration file, you'll need to restart the CUPS server by typing the "
21809
27281
"following command at a terminal prompt:"
21810
27282
msgstr ""
21811
27283
21812
#: serverguide/C/file-server.xml:592(command)
27284
#: serverguide/C/file-server.xml:778(command)
21813
27285
msgid "sudo /etc/init.d/cups restart"
21814
27286
msgstr ""
21815
27287
21816
#: serverguide/C/file-server.xml:598(title)
27288
#: serverguide/C/file-server.xml:784(title)
21817
27289
msgid "Web Interface"
21818
27290
msgstr ""
21819
27291
21820
#: serverguide/C/file-server.xml:600(para)
27292
#: serverguide/C/file-server.xml:786(para)
21821
27293
msgid ""
21822
27294
"CUPS can be configured and monitored using a web interface, which by default "
21823
27295
"is available at <ulink "
21825
27297
"web interface can be used to perform all printer management tasks."
21826
27298
msgstr ""
21827
27299
21828
#: serverguide/C/file-server.xml:604(para)
27300
#: serverguide/C/file-server.xml:790(para)
21829
27301
msgid ""
21830
27302
"In order to perform administrative tasks via the web interface, you must "
21831
27303
"either have the root account enabled on your server, or authenticate as a "
21833
27305
"reasons, CUPS won't authenticate a user that doesn't have a password."
21834
27306
msgstr ""
21835
27307
21836
#: serverguide/C/file-server.xml:607(para)
27308
#: serverguide/C/file-server.xml:793(para)
21837
27309
msgid ""
21838
27310
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21839
27311
"at the terminal prompt: <screen>\n"
21841
27313
"</screen>"
21842
27314
msgstr ""
21843
27315
21844
#: serverguide/C/file-server.xml:613(para)
27316
#: serverguide/C/file-server.xml:799(para)
21845
27317
msgid ""
21846
27318
"Further documentation is available in the <emphasis "
21847
27319
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21848
27320
msgstr ""
21849
27321
21850
#: serverguide/C/file-server.xml:621(ulink)
27322
#: serverguide/C/file-server.xml:807(ulink)
21851
27323
msgid "CUPS Website"
21852
27324
msgstr ""
21853
27325
21854
#: serverguide/C/file-server.xml:624(ulink)
21855
msgid "Ubuntu Wiki CUPS page"
21856
msgstr ""
21857
21858
27326
#: serverguide/C/dns.xml:13(title)
21859
27327
msgid "Domain Name Service (DNS)"
21860
27328
msgstr ""
21882
27350
#: serverguide/C/dns.xml:30(para)
21883
27351
msgid ""
21884
27352
"A very useful package for testing and troubleshooting DNS issues is the "
21885
"dnsutils package. To install <application>dnsutils</application> enter the "
21886
"following:"
27353
"dnsutils package. Very often these tools will be installed already, but to "
27354
"check and/or install <application>dnsutils</application> enter the following:"
21887
27355
msgstr ""
21888
27356
21889
27357
#: serverguide/C/dns.xml:35(command)
21982
27450
"prompt:"
21983
27451
msgstr ""
21984
27452
21985
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21986
msgid "sudo /etc/init.d/bind9 restart"
27453
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:197(command) serverguide/C/dns.xml:255(command) serverguide/C/dns.xml:291(command) serverguide/C/dns.xml:319(command) serverguide/C/dns.xml:596(command)
27454
msgid "sudo service bind9 restart"
21987
27455
msgstr ""
21988
27456
21989
27457
#: serverguide/C/dns.xml:120(para)
22041
27509
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
22042
27510
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
22043
27511
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
22044
"leaving the \".\" at the end."
27512
"leaving the \".\" at the end. Change the comment to indicate the domain that "
27513
"this file is for."
22045
27514
msgstr ""
22046
27515
22047
#: serverguide/C/dns.xml:155(para)
27516
#: serverguide/C/dns.xml:156(para)
22048
27517
msgid ""
22049
"Also, create an <emphasis>A record</emphasis> for <emphasis "
22050
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
27518
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
27519
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
27520
"record</emphasis> for <emphasis role=\"italic\">ns.example.com</emphasis>, "
27521
"the name server in this example:"
22051
27522
msgstr ""
22052
27523
22053
#: serverguide/C/dns.xml:159(programlisting)
27524
#: serverguide/C/dns.xml:161(programlisting)
22054
27525
#, no-wrap
22055
27526
msgid ""
22056
27527
"\n"
22057
27528
";\n"
22058
"; BIND data file for local loopback interface\n"
27529
"; BIND data file for example.com\n"
22059
27530
";\n"
22060
27531
"$TTL 604800\n"
22061
"@ IN SOA ns.example.com. root.example.com. (\n"
27532
"@ IN SOA example.com. root.example.com. (\n"
22062
27533
" 2 ; Serial\n"
22063
27534
" 604800 ; Refresh\n"
22064
27535
" 86400 ; Retry\n"
22065
27536
" 2419200 ; Expire\n"
22066
27537
" 604800 ) ; Negative Cache TTL\n"
27538
" IN A 192.168.1.10\n"
22067
27539
";\n"
22068
27540
"@ IN NS ns.example.com.\n"
22069
"@ IN A 127.0.0.1\n"
27541
"@ IN A 192.168.1.10\n"
22070
27542
"@ IN AAAA ::1\n"
22071
27543
"ns IN A 192.168.1.10\n"
22072
27544
msgstr ""
22073
27545
22074
#: serverguide/C/dns.xml:176(para)
27546
#: serverguide/C/dns.xml:179(para)
22075
27547
msgid ""
22076
27548
"You must increment the <emphasis>Serial Number</emphasis> every time you "
22077
27549
"make changes to the zone file. If you make multiple changes before "
22078
27550
"restarting BIND9, simply increment the Serial once."
22079
27551
msgstr ""
22080
27552
22081
#: serverguide/C/dns.xml:180(para)
27553
#: serverguide/C/dns.xml:183(para)
22082
27554
msgid ""
22083
27555
"Now, you can add DNS records to the bottom of the zone file. See <xref "
22084
27556
"linkend=\"dns-record-types\"/> for details."
22085
27557
msgstr ""
22086
27558
22087
#: serverguide/C/dns.xml:184(para)
27559
#: serverguide/C/dns.xml:187(para)
22088
27560
msgid ""
22089
27561
"Many admins like to use the last date edited as the serial of a zone, such "
22090
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
27562
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
22091
27563
"<emphasis>ss</emphasis> is the Serial Number)"
22092
27564
msgstr ""
22093
27565
22094
#: serverguide/C/dns.xml:189(para)
27566
#: serverguide/C/dns.xml:192(para)
22095
27567
msgid ""
22096
"Once you have made a change to the zone file "
22097
"<application>BIND9</application> will need to be restarted for the changes "
22098
"to take effect:"
27568
"Once you have made changes to the zone file <application>BIND9</application> "
27569
"needs to be restarted for the changes to take effect:"
22099
27570
msgstr ""
22100
27571
22101
#: serverguide/C/dns.xml:198(title)
27572
#: serverguide/C/dns.xml:201(title)
22102
27573
msgid "Reverse Zone File"
22103
27574
msgstr ""
22104
27575
22105
#: serverguide/C/dns.xml:199(para)
27576
#: serverguide/C/dns.xml:202(para)
22106
27577
msgid ""
22107
27578
"Now that the zone is setup and resolving names to IP Adresses a "
22108
27579
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
22109
27580
"DNS to resolve an address to a name."
22110
27581
msgstr ""
22111
27582
22112
#: serverguide/C/dns.xml:203(para)
27583
#: serverguide/C/dns.xml:206(para)
22113
27584
msgid "Edit /etc/bind/named.conf.local and add the following:"
22114
27585
msgstr ""
22115
27586
22116
#: serverguide/C/dns.xml:206(programlisting)
27587
#: serverguide/C/dns.xml:209(programlisting)
22117
27588
#, no-wrap
22118
27589
msgid ""
22119
27590
"\n"
22120
27591
"zone \"1.168.192.in-addr.arpa\" {\n"
22121
27592
" type master;\n"
22122
" notify no;\n"
22123
27593
" file \"/etc/bind/db.192\";\n"
22124
27594
"};\n"
22125
27595
msgstr ""
22126
27596
22127
#: serverguide/C/dns.xml:214(para)
27597
#: serverguide/C/dns.xml:216(para)
22128
27598
msgid ""
22129
27599
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
22130
27600
"whatever network you are using. Also, name the zone file "
22132
27602
"first octet of your network."
22133
27603
msgstr ""
22134
27604
22135
#: serverguide/C/dns.xml:219(para)
27605
#: serverguide/C/dns.xml:221(para)
22136
27606
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
22137
27607
msgstr ""
22138
27608
22139
#: serverguide/C/dns.xml:223(command)
27609
#: serverguide/C/dns.xml:225(command)
22140
27610
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
22141
27611
msgstr ""
22142
27612
22143
#: serverguide/C/dns.xml:225(para)
27613
#: serverguide/C/dns.xml:227(para)
22144
27614
msgid ""
22145
27615
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
22146
27616
"same options as <filename>/etc/bind/db.example.com</filename>:"
22147
27617
msgstr ""
22148
27618
22149
#: serverguide/C/dns.xml:229(programlisting)
27619
#: serverguide/C/dns.xml:231(programlisting)
22150
27620
#, no-wrap
22151
27621
msgid ""
22152
27622
"\n"
22153
27623
";\n"
22154
"; BIND reverse data file for local loopback interface\n"
27624
"; BIND reverse data file for local 192.168.1.XXX net\n"
22155
27625
";\n"
22156
27626
"$TTL 604800\n"
22157
27627
"@ IN SOA ns.example.com. root.example.com. (\n"
22165
27635
"10 IN PTR ns.example.com.\n"
22166
27636
msgstr ""
22167
27637
22168
#: serverguide/C/dns.xml:244(para)
27638
#: serverguide/C/dns.xml:246(para)
22169
27639
msgid ""
22170
27640
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
22171
27641
"incremented on each change as well. For each <emphasis>A record</emphasis> "
22172
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
22173
"create a <emphasis>PTR record</emphasis> in "
27642
"you configure in <filename>/etc/bind/db.example.com</filename>, that is for "
27643
"a different address, you need to create a <emphasis>PTR record</emphasis> in "
22174
27644
"<filename>/etc/bind/db.192</filename>."
22175
27645
msgstr ""
22176
27646
22177
#: serverguide/C/dns.xml:249(para)
27647
#: serverguide/C/dns.xml:251(para)
22178
27648
msgid ""
22179
27649
"After creating the reverse zone file restart "
22180
27650
"<application>BIND9</application>:"
22181
27651
msgstr ""
22182
27652
22183
#: serverguide/C/dns.xml:258(title)
27653
#: serverguide/C/dns.xml:260(title)
22184
27654
msgid "Secondary Master"
22185
27655
msgstr ""
22186
27656
22187
#: serverguide/C/dns.xml:259(para)
27657
#: serverguide/C/dns.xml:261(para)
22188
27658
msgid ""
22189
27659
"Once a <emphasis>Primary Master</emphasis> has been configured a "
22190
27660
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
22191
27661
"availability of the domain should the Primary become unavailable."
22192
27662
msgstr ""
22193
27663
22194
#: serverguide/C/dns.xml:263(para)
27664
#: serverguide/C/dns.xml:265(para)
22195
27665
msgid ""
22196
27666
"First, on the Primary Master server, the zone transfer needs to be allowed. "
22197
27667
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
22199
27669
"<filename>/etc/bind/named.conf.local</filename>:"
22200
27670
msgstr ""
22201
27671
22202
#: serverguide/C/dns.xml:267(programlisting)
27672
#: serverguide/C/dns.xml:269(programlisting)
22203
27673
#, no-wrap
22204
27674
msgid ""
22205
27675
"\n"
22211
27681
"\n"
22212
27682
"zone \"1.168.192.in-addr.arpa\" {\n"
22213
27683
" type master;\n"
22214
" notify no;\n"
22215
27684
" file \"/etc/bind/db.192\";\n"
22216
27685
"\tallow-transfer { 192.168.1.11; };\n"
22217
27686
"};\n"
22218
27687
msgstr ""
22219
27688
22220
#: serverguide/C/dns.xml:282(para)
27689
#: serverguide/C/dns.xml:283(para)
22221
27690
msgid ""
22222
27691
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
22223
27692
"Secondary nameserver."
22224
27693
msgstr ""
22225
27694
22226
#: serverguide/C/dns.xml:286(para)
27695
#: serverguide/C/dns.xml:287(para)
27696
msgid "Restart <application>BIND9</application> on the Primary Master:"
27697
msgstr ""
27698
27699
#: serverguide/C/dns.xml:293(para)
22227
27700
msgid ""
22228
27701
"Next, on the Secondary Master, install the <application>bind9</application> "
22229
27702
"package the same way as on the Primary. Then edit the "
22231
27704
"declarations for the Forward and Reverse zones:"
22232
27705
msgstr ""
22233
27706
22234
#: serverguide/C/dns.xml:290(programlisting)
27707
#: serverguide/C/dns.xml:297(programlisting)
22235
27708
#, no-wrap
22236
27709
msgid ""
22237
27710
"\n"
22238
27711
"zone \"example.com\" {\n"
22239
27712
"\ttype slave;\n"
22240
" file \"/var/cache/bind/db.example.com\";\n"
27713
" file \"db.example.com\";\n"
22241
27714
" masters { 192.168.1.10; };\n"
22242
27715
"}; \n"
22243
27716
" \n"
22244
27717
"zone \"1.168.192.in-addr.arpa\" {\n"
22245
27718
"\ttype slave;\n"
22246
" file \"/var/cache/bind/db.192\";\n"
27719
" file \"db.192\";\n"
22247
27720
" masters { 192.168.1.10; };\n"
22248
27721
"};\n"
22249
27722
msgstr ""
22250
27723
22251
#: serverguide/C/dns.xml:304(para)
27724
#: serverguide/C/dns.xml:311(para)
22252
27725
msgid ""
22253
27726
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
22254
27727
"Primary nameserver."
22255
27728
msgstr ""
22256
27729
22257
#: serverguide/C/dns.xml:308(para)
27730
#: serverguide/C/dns.xml:315(para)
22258
27731
msgid "Restart <application>BIND9</application> on the Secondary Master:"
22259
27732
msgstr ""
22260
27733
22261
#: serverguide/C/dns.xml:314(para)
27734
#: serverguide/C/dns.xml:321(para)
22262
27735
msgid ""
22263
"In <filename>/var/log/syslog</filename> you should see something similar to:"
27736
"In <filename>/var/log/syslog</filename> you should see something similar to "
27737
"(some lines have been split to fit the format of this document):"
22264
27738
msgstr ""
22265
27739
22266
#: serverguide/C/dns.xml:317(programlisting)
27740
#: serverguide/C/dns.xml:324(programlisting)
22267
27741
#, no-wrap
22268
27742
msgid ""
22269
27743
"\n"
22270
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
22271
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
27744
"client 192.168.1.10#39448: received notify for zone '1.168.192.in-"
27745
"addr.arpa'\n"
27746
"zone 1.168.192.in-addr.arpa/IN: Transfer started.\n"
27747
"transfer of '100.18.172.in-addr.arpa/IN' from 192.168.1.10#53:\n"
27748
" connected using 192.168.1.11#37531\n"
27749
"zone 1.168.192.in-addr.arpa/IN: transferred serial 5\n"
27750
"transfer of '100.18.172.in-addr.arpa/IN' from 192.168.1.10#53:\n"
27751
" Transfer completed: 1 messages, \n"
27752
"6 records, 212 bytes, 0.002 secs (106000 bytes/sec)\n"
27753
"zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 5)\n"
27754
"\n"
27755
"client 192.168.1.10#20329: received notify for zone 'example.com'\n"
27756
"zone example.com/IN: Transfer started.\n"
27757
"transfer of 'example.com/IN' from 192.168.1.10#53: connected using "
27758
"192.168.1.11#38577\n"
27759
"zone example.com/IN: transferred serial 5\n"
27760
"transfer of 'example.com/IN' from 192.168.1.10#53: Transfer completed: 1 "
27761
"messages, \n"
27762
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
22272
27763
msgstr ""
22273
27764
22274
#: serverguide/C/dns.xml:322(para)
27765
#: serverguide/C/dns.xml:343(para)
22275
27766
msgid ""
22276
27767
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
22277
"on the Primary is larger than the one on the Secondary."
22278
msgstr ""
22279
22280
#: serverguide/C/dns.xml:328(para)
27768
"on the Primary is larger than the one on the Secondary. If you want to have "
27769
"your Primary Master DNS notifying Secondary DNS Servers of zone changes, you "
27770
"can add <emphasis>also-notify { ipaddress; };</emphasis> in to "
27771
"<filename>/etc/bind/named.conf.local</filename> as shown in the example "
27772
"below:"
27773
msgstr ""
27774
27775
#: serverguide/C/dns.xml:347(programlisting)
27776
#, no-wrap
27777
msgid ""
27778
"\n"
27779
"zone \"example.com\" {\n"
27780
"\ttype master;\n"
27781
"\tfile \"/etc/bind/db.example.com\";\n"
27782
"\tallow-transfer { 192.168.1.11; };\n"
27783
"\talso-notify { 192.168.1.11; }; \n"
27784
"\t};\n"
27785
"\n"
27786
"zone \"1.168.192.in-addr.arpa\" {\n"
27787
"\ttype master;\n"
27788
"\tfile \"/etc/bind/db.192\";\n"
27789
"\tallow-transfer { 192.168.1.11; };\n"
27790
"\talso-notify { 192.168.1.11; }; \n"
27791
"\t};\n"
27792
"\t"
27793
msgstr ""
27794
27795
#: serverguide/C/dns.xml:363(para)
22281
27796
msgid ""
22282
27797
"The default directory for non-authoritative zone files is "
22283
27798
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
22286
27801
"on AppArmor see <xref linkend=\"apparmor\"/>."
22287
27802
msgstr ""
22288
27803
22289
#: serverguide/C/dns.xml:339(para)
27804
#: serverguide/C/dns.xml:374(para)
22290
27805
msgid ""
22291
27806
"This section covers ways to help determine the cause when problems happen "
22292
27807
"with DNS and <application>BIND9</application>."
22293
27808
msgstr ""
22294
27809
22295
#: serverguide/C/dns.xml:345(title)
27810
#: serverguide/C/dns.xml:380(title)
22296
27811
msgid "resolv.conf"
22297
27812
msgstr ""
22298
27813
22299
#: serverguide/C/dns.xml:346(para)
27814
#: serverguide/C/dns.xml:381(para)
22300
27815
msgid ""
22301
27816
"The first step in testing <application>BIND9</application> is to add the "
22302
27817
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
22304
27819
"<filename>/etc/resolv.conf</filename> and add the following:"
22305
27820
msgstr ""
22306
27821
22307
#: serverguide/C/dns.xml:351(programlisting)
27822
#: serverguide/C/dns.xml:386(programlisting)
22308
27823
#, no-wrap
22309
27824
msgid ""
22310
27825
"\n"
22312
27827
"nameserver\t192.168.1.11\n"
22313
27828
msgstr ""
22314
27829
22315
#: serverguide/C/dns.xml:356(para)
27830
#: serverguide/C/dns.xml:391(para)
22316
27831
msgid ""
22317
27832
"You should also add the IP Address of the Secondary nameserver in case the "
22318
27833
"Primary becomes unavailable."
22319
27834
msgstr ""
22320
27835
22321
#: serverguide/C/dns.xml:362(title)
27836
#: serverguide/C/dns.xml:397(title)
22322
27837
msgid "dig"
22323
27838
msgstr ""
22324
27839
22325
#: serverguide/C/dns.xml:363(para)
27840
#: serverguide/C/dns.xml:398(para)
22326
27841
msgid ""
22327
27842
"If you installed the <application>dnsutils</application> package you can "
22328
27843
"test your setup using the DNS lookup utility <application>dig</application>:"
22329
27844
msgstr ""
22330
27845
22331
#: serverguide/C/dns.xml:369(para)
27846
#: serverguide/C/dns.xml:404(para)
22332
27847
msgid ""
22333
27848
"After installing <application>BIND9</application> use "
22334
27849
"<application>dig</application> against the loopback interface to make sure "
22335
27850
"it is listening on port 53. From a terminal prompt:"
22336
27851
msgstr ""
22337
27852
22338
#: serverguide/C/dns.xml:374(command)
27853
#: serverguide/C/dns.xml:409(command)
22339
27854
msgid "dig -x 127.0.0.1"
22340
27855
msgstr ""
22341
27856
22342
#: serverguide/C/dns.xml:376(para)
27857
#: serverguide/C/dns.xml:411(para)
22343
27858
msgid "You should see lines similar to the following in the command output:"
22344
27859
msgstr ""
22345
27860
22346
#: serverguide/C/dns.xml:379(programlisting)
27861
#: serverguide/C/dns.xml:414(programlisting)
22347
27862
#, no-wrap
22348
27863
msgid ""
22349
27864
"\n"
22351
27866
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22352
27867
msgstr ""
22353
27868
22354
#: serverguide/C/dns.xml:385(para)
27869
#: serverguide/C/dns.xml:420(para)
22355
27870
msgid ""
22356
27871
"If you have configured <application>BIND9</application> as a "
22357
27872
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22358
27873
"the query time:"
22359
27874
msgstr ""
22360
27875
22361
#: serverguide/C/dns.xml:390(command)
27876
#: serverguide/C/dns.xml:425(command)
22362
27877
msgid "dig ubuntu.com"
22363
27878
msgstr ""
22364
27879
22365
#: serverguide/C/dns.xml:392(para)
27880
#: serverguide/C/dns.xml:427(para)
22366
27881
msgid "Note the query time toward the end of the command output:"
22367
27882
msgstr ""
22368
27883
22369
#: serverguide/C/dns.xml:395(programlisting)
27884
#: serverguide/C/dns.xml:430(programlisting)
22370
27885
#, no-wrap
22371
27886
msgid ""
22372
27887
"\n"
22373
27888
";; Query time: 49 msec\n"
22374
27889
msgstr ""
22375
27890
22376
#: serverguide/C/dns.xml:398(para)
27891
#: serverguide/C/dns.xml:433(para)
22377
27892
msgid "After a second dig there should be improvement:"
22378
27893
msgstr ""
22379
27894
22380
#: serverguide/C/dns.xml:401(programlisting)
27895
#: serverguide/C/dns.xml:436(programlisting)
22381
27896
#, no-wrap
22382
27897
msgid ""
22383
27898
"\n"
22384
27899
";; Query time: 1 msec\n"
22385
27900
msgstr ""
22386
27901
22387
#: serverguide/C/dns.xml:408(title)
27902
#: serverguide/C/dns.xml:443(title)
22388
27903
msgid "ping"
22389
27904
msgstr ""
22390
27905
22391
#: serverguide/C/dns.xml:410(para)
27906
#: serverguide/C/dns.xml:445(para)
22392
27907
msgid ""
22393
27908
"Now to demonstrate how applications make use of DNS to resolve a host name "
22394
27909
"use the <application>ping</application> utility to send an ICMP echo "
22395
27910
"request. From a terminal prompt enter:"
22396
27911
msgstr ""
22397
27912
22398
#: serverguide/C/dns.xml:416(command)
27913
#: serverguide/C/dns.xml:451(command)
22399
27914
msgid "ping example.com"
22400
27915
msgstr ""
22401
27916
22402
#: serverguide/C/dns.xml:418(para)
27917
#: serverguide/C/dns.xml:453(para)
22403
27918
msgid ""
22404
27919
"This tests if the nameserver can resolve the name "
22405
27920
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22406
27921
"should resemble:"
22407
27922
msgstr ""
22408
27923
22409
#: serverguide/C/dns.xml:422(programlisting)
27924
#: serverguide/C/dns.xml:457(programlisting)
22410
27925
#, no-wrap
22411
27926
msgid ""
22412
27927
"\n"
22415
27930
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22416
27931
msgstr ""
22417
27932
22418
#: serverguide/C/dns.xml:429(title)
27933
#: serverguide/C/dns.xml:464(title)
22419
27934
msgid "named-checkzone"
22420
27935
msgstr ""
22421
27936
22422
#: serverguide/C/dns.xml:430(para)
27937
#: serverguide/C/dns.xml:465(para)
22423
27938
msgid ""
22424
27939
"A great way to test your zone files is by using the <application>named-"
22425
27940
"checkzone</application> utility installed with the "
22428
27943
"<application>BIND9</application> and making the changes live."
22429
27944
msgstr ""
22430
27945
22431
#: serverguide/C/dns.xml:437(para)
27946
#: serverguide/C/dns.xml:472(para)
22432
27947
msgid ""
22433
27948
"To test our example Forward zone file enter the following from a command "
22434
27949
"prompt:"
22435
27950
msgstr ""
22436
27951
22437
#: serverguide/C/dns.xml:441(command)
27952
#: serverguide/C/dns.xml:476(command)
22438
27953
msgid "named-checkzone example.com /etc/bind/db.example.com"
22439
27954
msgstr ""
22440
27955
22441
#: serverguide/C/dns.xml:443(para)
27956
#: serverguide/C/dns.xml:478(para)
22442
27957
msgid ""
22443
27958
"If everything is configured correctly you should see output similar to:"
22444
27959
msgstr ""
22445
27960
22446
#: serverguide/C/dns.xml:446(programlisting)
27961
#: serverguide/C/dns.xml:481(programlisting)
22447
27962
#, no-wrap
22448
27963
msgid ""
22449
27964
"\n"
22451
27966
"OK\n"
22452
27967
msgstr ""
22453
27968
22454
#: serverguide/C/dns.xml:452(para)
27969
#: serverguide/C/dns.xml:487(para)
22455
27970
msgid "Similarly, to test the Reverse zone file enter the following:"
22456
27971
msgstr ""
22457
27972
22458
#: serverguide/C/dns.xml:456(command)
22459
msgid "named-checkzone example.com /etc/bind/db.192"
27973
#: serverguide/C/dns.xml:491(command)
27974
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
22460
27975
msgstr ""
22461
27976
22462
#: serverguide/C/dns.xml:458(para)
27977
#: serverguide/C/dns.xml:493(para)
22463
27978
msgid "The output should be similar to:"
22464
27979
msgstr ""
22465
27980
22466
#: serverguide/C/dns.xml:461(programlisting)
27981
#: serverguide/C/dns.xml:496(programlisting)
22467
27982
#, no-wrap
22468
27983
msgid ""
22469
27984
"\n"
22470
"zone example.com/IN: loaded serial 3\n"
27985
"zone 1.168.192.in-addr.arpa/IN: loaded serial 3\n"
22471
27986
"OK\n"
22472
27987
msgstr ""
22473
27988
22474
#: serverguide/C/dns.xml:468(para)
27989
#: serverguide/C/dns.xml:503(para)
22475
27990
msgid ""
22476
27991
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22477
27992
"different."
22478
27993
msgstr ""
22479
27994
22480
#: serverguide/C/dns.xml:475(title)
22481
msgid "Logging"
22482
msgstr ""
22483
22484
#: serverguide/C/dns.xml:476(para)
27995
#: serverguide/C/dns.xml:511(para)
22485
27996
msgid ""
22486
27997
"<application>BIND9</application> has a wide variety of logging configuration "
22487
27998
"options available. There are two main options. The "
22489
28000
"<emphasis>category</emphasis> option determines what information to log."
22490
28001
msgstr ""
22491
28002
22492
#: serverguide/C/dns.xml:480(para)
28003
#: serverguide/C/dns.xml:515(para)
22493
28004
msgid "If no logging option is configured the default option is:"
22494
28005
msgstr ""
22495
28006
22496
#: serverguide/C/dns.xml:483(programlisting)
28007
#: serverguide/C/dns.xml:518(programlisting)
22497
28008
#, no-wrap
22498
28009
msgid ""
22499
28010
"\n"
22503
28014
"};\n"
22504
28015
msgstr ""
22505
28016
22506
#: serverguide/C/dns.xml:489(para)
28017
#: serverguide/C/dns.xml:524(para)
22507
28018
msgid ""
22508
28019
"This section covers configuring <application>BIND9</application> to send "
22509
28020
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22510
28021
"file."
22511
28022
msgstr ""
22512
28023
22513
#: serverguide/C/dns.xml:494(para)
28024
#: serverguide/C/dns.xml:529(para)
22514
28025
msgid ""
22515
28026
"First, we need to configure a channel to specify which file to send the "
22516
28027
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22517
28028
"the following:"
22518
28029
msgstr ""
22519
28030
22520
#: serverguide/C/dns.xml:498(programlisting)
28031
#: serverguide/C/dns.xml:533(programlisting)
22521
28032
#, no-wrap
22522
28033
msgid ""
22523
28034
"\n"
22529
28040
"};\n"
22530
28041
msgstr ""
22531
28042
22532
#: serverguide/C/dns.xml:508(para)
28043
#: serverguide/C/dns.xml:543(para)
22533
28044
msgid "Next, configure a category to send all DNS queries to the query file:"
22534
28045
msgstr ""
22535
28046
22536
#: serverguide/C/dns.xml:511(programlisting)
28047
#: serverguide/C/dns.xml:546(programlisting)
22537
28048
#, no-wrap
22538
28049
msgid ""
22539
28050
"\n"
22546
28057
"};\n"
22547
28058
msgstr ""
22548
28059
22549
#: serverguide/C/dns.xml:523(para)
28060
#: serverguide/C/dns.xml:558(para)
22550
28061
msgid ""
22551
28062
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22552
28063
"level isn't specified level 1 is the default."
22553
28064
msgstr ""
22554
28065
22555
#: serverguide/C/dns.xml:529(para)
28066
#: serverguide/C/dns.xml:564(para)
22556
28067
msgid ""
22557
28068
"Since the <emphasis>named daemon</emphasis> runs as the "
22558
28069
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22559
28070
"file must be created and the ownership changed:"
22560
28071
msgstr ""
22561
28072
22562
#: serverguide/C/dns.xml:534(command)
28073
#: serverguide/C/dns.xml:569(command)
22563
28074
msgid "sudo touch /var/log/query.log"
22564
28075
msgstr ""
22565
28076
22566
#: serverguide/C/dns.xml:535(command)
28077
#: serverguide/C/dns.xml:570(command)
22567
28078
msgid "sudo chown bind /var/log/query.log"
22568
28079
msgstr ""
22569
28080
22570
#: serverguide/C/dns.xml:539(para)
28081
#: serverguide/C/dns.xml:574(para)
22571
28082
msgid ""
22572
28083
"Before <application>named</application> daemon can write to the new log file "
22573
28084
"the <application>AppArmor</application> profile must be updated. First, edit "
22574
28085
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22575
28086
msgstr ""
22576
28087
22577
#: serverguide/C/dns.xml:543(programlisting)
28088
#: serverguide/C/dns.xml:578(programlisting)
22578
28089
#, no-wrap
22579
28090
msgid ""
22580
28091
"\n"
22581
28092
"/var/log/query.log w,\n"
22582
28093
msgstr ""
22583
28094
22584
#: serverguide/C/dns.xml:546(para)
28095
#: serverguide/C/dns.xml:581(para)
22585
28096
msgid "Next, reload the profile:"
22586
28097
msgstr ""
22587
28098
22588
#: serverguide/C/dns.xml:550(command)
28099
#: serverguide/C/dns.xml:585(command)
22589
28100
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22590
28101
msgstr ""
22591
28102
22592
#: serverguide/C/dns.xml:552(para)
28103
#: serverguide/C/dns.xml:587(para)
22593
28104
msgid ""
22594
28105
"For more information on <application>AppArmor</application> see <xref "
22595
28106
"linkend=\"apparmor\"/>"
22596
28107
msgstr ""
22597
28108
22598
#: serverguide/C/dns.xml:557(para)
28109
#: serverguide/C/dns.xml:592(para)
22599
28110
msgid ""
22600
28111
"Now restart <application>BIND9</application> for the changes to take effect:"
22601
28112
msgstr ""
22602
28113
22603
#: serverguide/C/dns.xml:565(para)
28114
#: serverguide/C/dns.xml:600(para)
22604
28115
msgid ""
22605
28116
"You should see the file <filename>/var/log/query.log</filename> fill with "
22606
28117
"query information. This is a simple example of the "
22608
28119
"options see <xref linkend=\"dns-more-info\"/>."
22609
28120
msgstr ""
22610
28121
22611
#: serverguide/C/dns.xml:574(title)
28122
#: serverguide/C/dns.xml:609(title)
22612
28123
msgid "Common Record Types"
22613
28124
msgstr ""
22614
28125
22615
#: serverguide/C/dns.xml:575(para)
28126
#: serverguide/C/dns.xml:610(para)
22616
28127
msgid "This section covers some of the most common DNS record types."
22617
28128
msgstr ""
22618
28129
22619
#: serverguide/C/dns.xml:580(para)
28130
#: serverguide/C/dns.xml:615(para)
22620
28131
msgid ""
22621
28132
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22622
28133
msgstr ""
22623
28134
22624
#: serverguide/C/dns.xml:583(programlisting)
28135
#: serverguide/C/dns.xml:618(programlisting)
22625
28136
#, no-wrap
22626
28137
msgid ""
22627
28138
"\n"
22628
28139
"www IN A 192.168.1.12\n"
22629
28140
msgstr ""
22630
28141
22631
#: serverguide/C/dns.xml:588(para)
28142
#: serverguide/C/dns.xml:623(para)
22632
28143
msgid ""
22633
28144
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22634
28145
"record. You cannot create a CNAME record pointing to another CNAME record."
22635
28146
msgstr ""
22636
28147
22637
#: serverguide/C/dns.xml:591(programlisting)
28148
#: serverguide/C/dns.xml:626(programlisting)
22638
28149
#, no-wrap
22639
28150
msgid ""
22640
28151
"\n"
22641
28152
"web IN CNAME www\n"
22642
28153
msgstr ""
22643
28154
22644
#: serverguide/C/dns.xml:596(para)
28155
#: serverguide/C/dns.xml:631(para)
22645
28156
msgid ""
22646
28157
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22647
28158
"to. Must point to an A record, not a CNAME."
22648
28159
msgstr ""
22649
28160
22650
#: serverguide/C/dns.xml:599(programlisting)
28161
#: serverguide/C/dns.xml:634(programlisting)
22651
28162
#, no-wrap
22652
28163
msgid ""
22653
28164
"\n"
22655
28166
"mail IN A 192.168.1.13\n"
22656
28167
msgstr ""
22657
28168
22658
#: serverguide/C/dns.xml:605(para)
28169
#: serverguide/C/dns.xml:640(para)
22659
28170
msgid ""
22660
28171
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22661
28172
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22662
28173
"Secondary servers are defined."
22663
28174
msgstr ""
22664
28175
22665
#: serverguide/C/dns.xml:609(programlisting)
28176
#: serverguide/C/dns.xml:644(programlisting)
22666
28177
#, no-wrap
22667
28178
msgid ""
22668
28179
"\n"
22669
28180
" IN NS ns.example.com.\n"
22670
"\tIN NS ns2.example.com.\n"
28181
" IN NS ns2.example.com.\n"
22671
28182
"ns IN A 192.168.1.10\n"
22672
"ns2\tIN A\t 192.168.1.11\n"
28183
"ns2 IN A 192.168.1.11\n"
22673
28184
msgstr ""
22674
28185
22675
#: serverguide/C/dns.xml:622(para)
28186
#: serverguide/C/dns.xml:657(para)
22676
28187
msgid ""
22677
28188
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22678
28189
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22679
28190
msgstr ""
22680
28191
22681
#: serverguide/C/dns.xml:627(para)
28192
#: serverguide/C/dns.xml:662(para)
22682
28193
msgid ""
22683
28194
"For in depth coverage of <emphasis>DNS</emphasis> and "
22684
28195
"<application>BIND9</application> see <ulink "
22685
28196
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22686
28197
msgstr ""
22687
28198
22688
#: serverguide/C/dns.xml:632(para)
28199
#: serverguide/C/dns.xml:667(para)
22689
28200
msgid ""
22690
28201
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22691
28202
"BIND</ulink> is a popular book now in it's fifth edition."
22692
28203
msgstr ""
22693
28204
22694
#: serverguide/C/dns.xml:637(para)
28205
#: serverguide/C/dns.xml:672(para)
22695
28206
msgid ""
22696
28207
"A great place to ask for <application>BIND9</application> assistance, and "
22697
28208
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22699
28210
"url=\"http://freenode.net\">freenode</ulink>."
22700
28211
msgstr ""
22701
28212
22702
#: serverguide/C/dns.xml:643(para)
28213
#: serverguide/C/dns.xml:678(para)
22703
28214
msgid ""
22704
28215
"Also, see the <ulink "
22705
28216
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22706
28217
"HOWTO</ulink> in the Ubuntu Wiki."
22707
28218
msgstr ""
22708
28219
28220
#: serverguide/C/dm-multipath.xml:24(title)
28221
msgid "DM-Multipath"
28222
msgstr ""
28223
28224
#: serverguide/C/dm-multipath.xml:27(title)
28225
msgid "Device Mapper Multipathing"
28226
msgstr ""
28227
28228
#: serverguide/C/dm-multipath.xml:29(para)
28229
msgid ""
28230
"Device mapper multipathing (DM-Multipath) allows you to configure multiple "
28231
"I/O paths between server nodes and storage arrays into a single device. "
28232
"These I/O paths are physical SAN connections that can include separate "
28233
"cables, switches, and controllers. Multipathing aggregates the I/O paths, "
28234
"creating a new device that consists of the aggregated paths. This chapter "
28235
"provides a summary of the features of DM-Multipath that are new for the "
28236
"initial release of Ubuntu Server 12.04. Following that, this chapter "
28237
"provides a high-level overview of DM Multipath and its components, as well "
28238
"as an overview of DM-Multipath setup."
28239
msgstr ""
28240
28241
#: serverguide/C/dm-multipath.xml:40(title)
28242
msgid "New and Changed Features for Ubuntu Server 12.04"
28243
msgstr ""
28244
28245
#: serverguide/C/dm-multipath.xml:42(para)
28246
msgid "Migrated from multipath-0.4.8 to multipath-0.4.9"
28247
msgstr ""
28248
28249
#: serverguide/C/dm-multipath.xml:45(title)
28250
msgid "Migration from 0.4.8"
28251
msgstr ""
28252
28253
#: serverguide/C/dm-multipath.xml:47(para)
28254
msgid ""
28255
"The priority checkers are no longer run as standalone binaries, but as "
28256
"shared libraries. The key value name for this feature has also slightly "
28257
"changed. Copy the attribute named <emphasis "
28258
"role=\"bold\">prio_callout</emphasis> to <emphasis "
28259
"role=\"bold\">prio</emphasis>, also modify the argument the name of the "
28260
"priority checker, a system path is no longer necessary. Example "
28261
"conversion:<screen>device {\n"
28262
" vendor \"NEC\"\n"
28263
" product \"DISK ARRAY\"\n"
28264
" prio_callout mpath_prio_alua /dev/%n\n"
28265
" prio alua\n"
28266
"}</screen>"
28267
msgstr ""
28268
28269
#: serverguide/C/dm-multipath.xml:60(para)
28270
msgid ""
28271
"See Table <link linkend=\"priority-checker-conversion-table\">\"Priority "
28272
"Checker Conversion\"</link> for a complete listing"
28273
msgstr ""
28274
28275
#: serverguide/C/dm-multipath.xml:65(title)
28276
msgid "Priority Checker Conversion"
28277
msgstr ""
28278
28279
#: serverguide/C/dm-multipath.xml:71(entry)
28280
msgid "v0.4.8"
28281
msgstr ""
28282
28283
#: serverguide/C/dm-multipath.xml:73(entry)
28284
msgid "v0.4.9"
28285
msgstr ""
28286
28287
#: serverguide/C/dm-multipath.xml:79(emphasis)
28288
msgid "prio_callout mpath_prio_emc /dev/%n"
28289
msgstr ""
28290
28291
#: serverguide/C/dm-multipath.xml:82(emphasis)
28292
msgid "prio emc"
28293
msgstr ""
28294
28295
#: serverguide/C/dm-multipath.xml:86(emphasis)
28296
msgid "prio_callout mpath_prio_alua /dev/%n"
28297
msgstr ""
28298
28299
#: serverguide/C/dm-multipath.xml:89(emphasis)
28300
msgid "prio alua"
28301
msgstr ""
28302
28303
#: serverguide/C/dm-multipath.xml:93(emphasis)
28304
msgid "prio_callout mpath_prio_netapp /dev/%n"
28305
msgstr ""
28306
28307
#: serverguide/C/dm-multipath.xml:96(emphasis)
28308
msgid "prio netapp"
28309
msgstr ""
28310
28311
#: serverguide/C/dm-multipath.xml:100(emphasis)
28312
msgid "prio_callout mpath_prio_rdac /dev/%n"
28313
msgstr ""
28314
28315
#: serverguide/C/dm-multipath.xml:103(emphasis)
28316
msgid "prio rdac"
28317
msgstr ""
28318
28319
#: serverguide/C/dm-multipath.xml:107(emphasis)
28320
msgid "prio_callout mpath_prio_hp_sw /dev/%n"
28321
msgstr ""
28322
28323
#: serverguide/C/dm-multipath.xml:110(emphasis)
28324
msgid "prio hp_sw"
28325
msgstr ""
28326
28327
#: serverguide/C/dm-multipath.xml:114(emphasis)
28328
msgid "prio_callout mpath_prio_hds_modular %b"
28329
msgstr ""
28330
28331
#: serverguide/C/dm-multipath.xml:117(emphasis)
28332
msgid "prio hds"
28333
msgstr ""
28334
28335
#: serverguide/C/dm-multipath.xml:123(para)
28336
msgid ""
28337
"Since the multipath config file parser essentially parses all key/value "
28338
"pairs it finds and then makes use of them, it is safe for both <emphasis "
28339
"role=\"bold\">prio_callout</emphasis> and <emphasis "
28340
"role=\"bold\">prio</emphasis> to coexist and is recommended that the "
28341
"<emphasis role=\"bold\">prio</emphasis> attribute be inserted before "
28342
"beginning migration. After which you can safely delete the legacy <emphasis "
28343
"role=\"bold\">prio_calliout</emphasis> attribute without interrupting "
28344
"service."
28345
msgstr ""
28346
28347
#: serverguide/C/dm-multipath.xml:137(para)
28348
msgid "DM-Multipath can be used to provide:"
28349
msgstr ""
28350
28351
#: serverguide/C/dm-multipath.xml:141(para)
28352
msgid ""
28353
"<emphasis> Redundancy </emphasis> DM-Multipath can provide failover in an "
28354
"active/passive configuration. In an active/passive configuration, only half "
28355
"the paths are used at any time for I/O. If any element of an I/O path (the "
28356
"cable, switch, or controller) fails, DM-Multipath switches to an alternate "
28357
"path."
28358
msgstr ""
28359
28360
#: serverguide/C/dm-multipath.xml:149(para)
28361
msgid ""
28362
"<emphasis> Improved Performance </emphasis> Performance DM-Multipath can be "
28363
"configured in active/active mode, where I/O is spread over the paths in a "
28364
"round-robin fashion. In some configurations, DM-Multipath can detect loading "
28365
"on the I/O paths and dynamically re-balance the load."
28366
msgstr ""
28367
28368
#: serverguide/C/dm-multipath.xml:159(title)
28369
msgid "Storage Array Overview"
28370
msgstr ""
28371
28372
#: serverguide/C/dm-multipath.xml:161(para)
28373
msgid ""
28374
"By default, DM-Multipath includes support for the most common storage arrays "
28375
"that support DM-Multipath. The supported devices can be found in the "
28376
"multipath.conf.defaults file. If your storage array supports DM-Multipath "
28377
"and is not configured by default in this file, you may need to add them to "
28378
"the DM-Multipath configuration file, multipath.conf. For information on the "
28379
"DM-Multipath configuration file, see Section, <link linkend=\"multipath-dm-"
28380
"multipath-config-file\">The DM-Multipath Configuration File</link>. Some "
28381
"storage arrays require special handling of I/O errors and path switching. "
28382
"These require separate hardware handler kernel modules."
28383
msgstr ""
28384
28385
#: serverguide/C/dm-multipath.xml:174(title)
28386
msgid "DM-Multipath components"
28387
msgstr ""
28388
28389
#: serverguide/C/dm-multipath.xml:176(para)
28390
msgid ""
28391
"Table “<link linkend=\"multipath-components-table\">DM-Multipath "
28392
"Components”</link> describes the components of the DM-Multipath package. "
28393
"<include href=\"multipath-components-table.xml\"/>"
28394
msgstr ""
28395
28396
#: serverguide/C/dm-multipath.xml:183(title)
28397
msgid "DM-Multipath Setup Overview"
28398
msgstr ""
28399
28400
#: serverguide/C/dm-multipath.xml:190(para)
28401
msgid ""
28402
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
28403
"role=\"bold\">multipath-tools-boot</emphasis> packages"
28404
msgstr ""
28405
28406
#: serverguide/C/dm-multipath.xml:196(para)
28407
msgid ""
28408
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
28409
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
28410
msgstr ""
28411
28412
#: serverguide/C/dm-multipath.xml:202(para)
28413
msgid ""
28414
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
28415
"configuration file to modify default values and save the updated file."
28416
msgstr ""
28417
28418
#: serverguide/C/dm-multipath.xml:208(para)
28419
msgid "Start the multipath daemon"
28420
msgstr ""
28421
28422
#: serverguide/C/dm-multipath.xml:212(para)
28423
msgid "Update initial ramdisk"
28424
msgstr ""
28425
28426
#: serverguide/C/dm-multipath.xml:185(para)
28427
msgid ""
28428
"DM-Multipath includes compiled-in default settings that are suitable for "
28429
"common multipath configurations. Setting up DM-multipath is often a simple "
28430
"procedure. The basic procedure for configuring your system with DM-Multipath "
28431
"is as follows: <placeholder-1/> For detailed setup instructions for "
28432
"multipath configuration see Section, <link linkend=\"multipath-setup-"
28433
"overview\">Setting Up DM-Multipath</link>."
28434
msgstr ""
28435
28436
#: serverguide/C/dm-multipath.xml:222(title)
28437
msgid "Multipath Devices"
28438
msgstr ""
28439
28440
#: serverguide/C/dm-multipath.xml:224(para)
28441
msgid ""
28442
"Without DM-Multipath, each path from a server node to a storage controller "
28443
"is treated by the system as a separate device, even when the I/O path "
28444
"connects the same server node to the same storage controller. DM-Multipath "
28445
"provides a way of organizing the I/O paths logically, by creating a single "
28446
"multipath device on top of the underlying devices."
28447
msgstr ""
28448
28449
#: serverguide/C/dm-multipath.xml:232(title)
28450
msgid "Multipath Device Identifiers"
28451
msgstr ""
28452
28453
#: serverguide/C/dm-multipath.xml:260(para)
28454
msgid ""
28455
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
28456
"early in the boot process. Use these devices to access the multipathed "
28457
"devices, for example when creating logical volumes."
28458
msgstr ""
28459
28460
#: serverguide/C/dm-multipath.xml:267(para)
28461
msgid ""
28462
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
28463
"internal use only and should never be used."
28464
msgstr ""
28465
28466
#: serverguide/C/dm-multipath.xml:234(para)
28467
msgid ""
28468
"Each multipath device has a World Wide Identifier (WWID), which is "
28469
"guaranteed to be globally unique and unchanging. By default, the name of a "
28470
"multipath device is set to its WWID. Alternately, you can set the <emphasis "
28471
"role=\"bold\"><link linkend=\"attribute-"
28472
"user_friendly_names\">user_friendly_names</link></emphasis>option in the "
28473
"multipath configuration file, which causes DM-Multipath to use a node-unique "
28474
"alias of the form <emphasis role=\"bold\">mpathn</emphasis> as the name. For "
28475
"example, a node with two HBAs attached to a storage controller with two "
28476
"ports via a single unzoned FC switch sees four devices: <emphasis "
28477
"role=\"bold\">/dev/sda</emphasis>, <emphasis "
28478
"role=\"bold\">/dev/sdb</emphasis>, <emphasis "
28479
"role=\"bold\">/dev/sdc</emphasis>, and <emphasis "
28480
"role=\"bold\">/dev/sdd</emphasis>. DM-Multipath creates a single device with "
28481
"a unique WWID that reroutes I/O to those four underlying devices according "
28482
"to the multipath configuration. When the <emphasis role=\"bold\"><link "
28483
"linkend=\"attribute-"
28484
"user_friendly_names\">user_friendly_names</link></emphasis> configuration "
28485
"option is set to <emphasis role=\"bold\">yes</emphasis>, the name of the "
28486
"multipath device is set to <emphasis role=\"bold\">mpathn</emphasis>. When "
28487
"new devices are brought under the control of DM-Multipath, the new devices "
28488
"may be seen in two different places under the <emphasis "
28489
"role=\"bold\">/dev</emphasis> directory: <emphasis "
28490
"role=\"bold\">/dev/mapper/mpathn</emphasis> and <emphasis "
28491
"role=\"bold\">/dev/dm-n</emphasis>. <placeholder-1/>For information on the "
28492
"multipath configuration defaults, including the <emphasis "
28493
"role=\"bold\"><link linkend=\"attribute-"
28494
"user_friendly_names\">user_friendly_names</link></emphasis> configuration "
28495
"option, see Section , <link linkend=\"multipath-config-"
28496
"defaults\">“Configuration File Defaults”</link>. You can also set the name "
28497
"of a multipath device to a name of your choosing by using the <emphasis "
28498
"role=\"bold\"><link linkend=\"attribute-alias\">alias</link></emphasis> "
28499
"option in the <emphasis role=\"bold\">multipaths</emphasis> section of the "
28500
"multipath configuration file. For information on the <emphasis "
28501
"role=\"bold\">multipaths</emphasis> section of the multipath configuration "
28502
"file, see Section, <link linkend=\"multipath-config-multipath\">“Multipaths "
28503
"Device Configuration Attributes”</link>."
28504
msgstr ""
28505
28506
#: serverguide/C/dm-multipath.xml:288(title)
28507
msgid "Consistent Multipath Device Names in a Cluster"
28508
msgstr ""
28509
28510
#: serverguide/C/dm-multipath.xml:290(para)
28511
msgid ""
28512
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
28513
"configuration option is set to yes, the name of the multipath device is "
28514
"unique to a node, but it is not guaranteed to be the same on all nodes using "
28515
"the multipath device. Similarly, if you set the <emphasis "
28516
"role=\"bold\">alias</emphasis> option for a device in the <emphasis "
28517
"role=\"bold\">multipaths</emphasis> section of the "
28518
"<filename>multipath.conf</filename> configuration file, the name is not "
28519
"automatically consistent across all nodes in the cluster. This should not "
28520
"cause any difficulties if you use LVM to create logical devices from the "
28521
"multipath device, but if you require that your multipath device names be "
28522
"consistent in every node it is recommended that you leave the <emphasis "
28523
"role=\"bold\">user_friendly_names</emphasis> option set to <emphasis "
28524
"role=\"bold\">no</emphasis> and that you not configure aliases for the "
28525
"devices. By default, if you do not set <emphasis "
28526
"role=\"bold\">user_friendly_names</emphasis> to yes or configure an alias "
28527
"for a device, a device name will be the WWID for the device, which is always "
28528
"the same. If you want the system-defined user-friendly names to be "
28529
"consistent across all nodes in the cluster, however, you can follow this "
28530
"procedure:"
28531
msgstr ""
28532
28533
#: serverguide/C/dm-multipath.xml:312(para)
28534
msgid "Set up all of the multipath devices on one machine."
28535
msgstr ""
28536
28537
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
28538
msgid ""
28539
"Disable all of your multipath devices on your other machines by running the "
28540
"following commands:"
28541
msgstr ""
28542
28543
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
28544
#, no-wrap
28545
msgid ""
28546
"# service multipath-tools stop\n"
28547
"# multipath -F\n"
28548
msgstr ""
28549
28550
#: serverguide/C/dm-multipath.xml:325(para)
28551
msgid ""
28552
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
28553
"machine to all the other machines in the cluster."
28554
msgstr ""
28555
28556
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
28557
msgid ""
28558
"Re-enable the multipathd daemon on all the other machines in the cluster by "
28559
"running the following command:"
28560
msgstr ""
28561
28562
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
28563
#, no-wrap
28564
msgid "# service multipath-tools start"
28565
msgstr ""
28566
28567
#: serverguide/C/dm-multipath.xml:338(para)
28568
msgid "If you add a new device, you will need to repeat this process."
28569
msgstr ""
28570
28571
#: serverguide/C/dm-multipath.xml:341(para)
28572
msgid ""
28573
"Similarly, if you configure an alias for a device that you would like to be "
28574
"consistent across the nodes in the cluster, you should ensure that the "
28575
"<filename>/etc/multipath.conf</filename> file is the same for each node in "
28576
"the cluster by following the same procedure:"
28577
msgstr ""
28578
28579
#: serverguide/C/dm-multipath.xml:348(para)
28580
msgid ""
28581
"Configure the aliases for the multipath devices in the in the "
28582
"<filename>multipath.conf</filename> file on one machine."
28583
msgstr ""
28584
28585
#: serverguide/C/dm-multipath.xml:362(para)
28586
msgid ""
28587
"Copy the <filename>multipath.conf</filename> file from the first machine to "
28588
"all the other machines in the cluster."
28589
msgstr ""
28590
28591
#: serverguide/C/dm-multipath.xml:374(para)
28592
msgid "When you add a new device you will need to repeat this process."
28593
msgstr ""
28594
28595
#: serverguide/C/dm-multipath.xml:379(title)
28596
msgid "Multipath Device attributes"
28597
msgstr ""
28598
28599
#: serverguide/C/dm-multipath.xml:381(para)
28600
msgid ""
28601
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
28602
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
28603
"numerous attributes. You can modify these attributes for a specific "
28604
"multipath device by creating an entry for that device in the <emphasis "
28605
"role=\"bold\">multipaths</emphasis> section of the <emphasis "
28606
"role=\"bold\">multipath</emphasis> configuration file. For information on "
28607
"the <emphasis role=\"bold\">multipaths</emphasis> section of the multipath "
28608
"configuration file, see Section, \"<link endterm=\"config-multipath-title\" "
28609
"linkend=\"multipath-config-multipath\"/>\"."
28610
msgstr ""
28611
28612
#: serverguide/C/dm-multipath.xml:394(title)
28613
msgid "Multipath Devices in Logical Volumes"
28614
msgstr ""
28615
28616
#: serverguide/C/dm-multipath.xml:396(para)
28617
msgid ""
28618
"After creating multipath devices, you can use the multipath device names "
28619
"just as you would use a physical device name when creating an LVM physical "
28620
"volume. For example, if /dev/mapper/mpatha is the name of a multipath "
28621
"device, the following command will mark /dev/mapper/mpatha as a physical "
28622
"volume. <screen># pvcreate /dev/mapper/mpatha</screen> You can use the "
28623
"resulting LVM physical device when you create an LVM volume group just as "
28624
"you would use any other LVM physical device."
28625
msgstr ""
28626
28627
#: serverguide/C/dm-multipath.xml:405(para)
28628
msgid ""
28629
"If you attempt to create an LVM physical volume on a whole device on which "
28630
"you have configured partitions, the pvcreate command will fail."
28631
msgstr ""
28632
28633
#: serverguide/C/dm-multipath.xml:425(para)
28634
msgid ""
28635
"Every time either <filename>/etc/lvm.conf</filename> or "
28636
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
28637
"rebuilt to reflect these changes. This is imperative when blacklists and "
28638
"filters are necessary to maintain a stable storage configuration."
28639
msgstr ""
28640
28641
#: serverguide/C/dm-multipath.xml:410(para)
28642
msgid ""
28643
"When you create an LVM logical volume that uses active/passive multipath "
28644
"arrays as the underlying physical devices, you should include filters in the "
28645
"<emphasis role=\"bold\">lvm.conf</emphasis> to exclude the disks that "
28646
"underlie the multipath devices. This is because if the array automatically "
28647
"changes the active path to the passive path when it receives I/O, multipath "
28648
"will failover and failback whenever LVM scans the passive path if these "
28649
"devices are not filtered. For active/passive arrays that require a command "
28650
"to make the passive path active, LVM prints a warning message when this "
28651
"occurs. To filter all SCSI devices in the LVM configuration file (lvm.conf), "
28652
"include the following filter in the devices section of the file. "
28653
"<screen>filter = [ \"r/block/\", \"r/disk/\", \"r/sd.*/\", \"a/.*/\" "
28654
"]</screen>After updating <filename>/etc/lvm.conf</filename>, it's necessary "
28655
"to update the <emphasis role=\"bold\">initrd</emphasis> so that this file "
28656
"will be copied there, where the filter matters the most, during boot. "
28657
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
28658
msgstr ""
28659
28660
#: serverguide/C/dm-multipath.xml:435(title)
28661
msgid "Setting up DM-Multipath Overview"
28662
msgstr ""
28663
28664
#: serverguide/C/dm-multipath.xml:437(para)
28665
msgid ""
28666
"This section provides step-by-step example procedures for configuring DM-"
28667
"Multipath. It includes the following procedures:"
28668
msgstr ""
28669
28670
#: serverguide/C/dm-multipath.xml:442(para)
28671
msgid "Basic DM-Multipath setup"
28672
msgstr ""
28673
28674
#: serverguide/C/dm-multipath.xml:446(para)
28675
msgid "Ignoring local disks"
28676
msgstr ""
28677
28678
#: serverguide/C/dm-multipath.xml:450(para)
28679
msgid "Adding more devices to the configuration file"
28680
msgstr ""
28681
28682
#: serverguide/C/dm-multipath.xml:455(title)
28683
msgid "Setting Up DM-Multipath"
28684
msgstr ""
28685
28686
#: serverguide/C/dm-multipath.xml:457(para)
28687
msgid ""
28688
"Before setting up DM-Multipath on your system, ensure that your system has "
28689
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
28690
"tools</application></emphasis> package. If boot from SAN is desired, then "
28691
"the <emphasis role=\"bold\"><application>multipath-tools-"
28692
"boot</application></emphasis> package is also required."
28693
msgstr ""
28694
28695
#: serverguide/C/dm-multipath.xml:475(para)
28696
msgid ""
28697
"To work around a quirk in multipathd, when an "
28698
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
28699
"will return nothing, as it is the result of a <emphasis>merge</emphasis> "
28700
"between the <filename>/etc/multipath.conf</filename> and the database in "
28701
"memory. To remedy this, either define an empty "
28702
"<filename>/etc/multipath.conf</filename>, by using <emphasis "
28703
"role=\"bold\">touch</emphasis>, or create one that redefines a default value "
28704
"like:<screen>defaults {\n"
28705
" user_friendly_names no\n"
28706
"}\n"
28707
"</screen>and restart multipathd:<screen># service multipath-tools "
28708
"restart</screen>Now the \"show config\" command will return the live "
28709
"database."
28710
msgstr ""
28711
28712
#: serverguide/C/dm-multipath.xml:464(para)
28713
msgid ""
28714
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
28715
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
28716
"an accompanying <filename>/etc/multipath.conf</filename>, it draws from it's "
28717
"internal database to find a suitable configuration, it also draws from it's "
28718
"internal blacklist. If after running <emphasis role=\"bold\">multipath -"
28719
"ll</emphasis> without a config file, no multipaths are discovered. One must "
28720
"proceed to increase the verbosity to discover why a multipath was not "
28721
"created. Consider referencing the SAN vendor's documentation, the multipath "
28722
"example config files found in <filename>/usr/share/doc/multipath-"
28723
"tools/examples</filename>, and the live multipathd database:<screen "
28724
"id=\"multipath-skel-config\"># echo 'show config' | multipathd -k > "
28725
"multipath.conf-live</screen><placeholder-1/>"
28726
msgstr ""
28727
28728
#: serverguide/C/dm-multipath.xml:492(title)
28729
msgid "Installing with Multipath Support"
28730
msgstr ""
28731
28732
#: serverguide/C/dm-multipath.xml:494(para)
28733
msgid ""
28734
"To enable <ulink "
28735
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
28736
"support during installation</ulink> use<screen>install disk-"
28737
"detect/multipath/enable=true</screen>at the installer prompt. If multipath "
28738
"devices are found these will show up as <emphasis "
28739
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
28740
msgstr ""
28741
28742
#: serverguide/C/dm-multipath.xml:503(title)
28743
msgid "Ignoring Local Disks When Generating Multipath Devices"
28744
msgstr ""
28745
28746
#: serverguide/C/dm-multipath.xml:505(para)
28747
msgid ""
28748
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
28749
"is not recommended for these devices. The following procedure shows how to "
28750
"modify the multipath configuration file to ignore the local disks when "
28751
"configuring multipath."
28752
msgstr ""
28753
28754
#: serverguide/C/dm-multipath.xml:512(para)
28755
msgid ""
28756
"Determine which disks are the internal disks and mark them as the ones to "
28757
"blacklist. In this example, <emphasis "
28758
"role=\"bold\"><filename>/dev/sda</filename></emphasis> is the internal disk. "
28759
"Note that as originally configured in the default multipath configuration "
28760
"file, executing the <emphasis role=\"bold\">multipath -v2</emphasis> shows "
28761
"the local disk, <emphasis role=\"bold\">/dev/sda</emphasis>, in the "
28762
"multipath map. For further information on the <emphasis "
28763
"role=\"bold\">multipath</emphasis> command output, see Section <link "
28764
"linkend=\"multipath-command-output\">“Multipath Command Output”</link>."
28765
msgstr ""
28766
28767
#: serverguide/C/dm-multipath.xml:524(screen)
28768
#, no-wrap
28769
msgid ""
28770
"\n"
28771
"# multipath -v2\n"
28772
"create: SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1 undef WINSYS,SF2372\n"
28773
"size=33 GB features=\"0\" hwhandler=\"0\" wp=undef\n"
28774
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28775
" |- 0:0:0:0 sda 8:0 [--------- \n"
28776
"\n"
28777
"device-mapper ioctl cmd 9 failed: Invalid argument\n"
28778
"device-mapper ioctl cmd 14 failed: No such device or address\n"
28779
"create: 3600a0b80001327d80000006d43621677 undef WINSYS,SF2372\n"
28780
"size=12G features='0' hwhandler='0' wp=undef\n"
28781
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28782
" |- 2:0:0:0 sdb 8:16 undef ready running\n"
28783
" `- 3:0:0:0 sdf 8:80 undef ready running\n"
28784
"\n"
28785
"create: 3600a0b80001327510000009a436215ec undef WINSYS,SF2372\n"
28786
"size=12G features='0' hwhandler='0' wp=undef\n"
28787
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28788
" |- 2:0:0:1 sdc 8:32 undef ready running\n"
28789
" `- 3:0:0:1 sdg 8:96 undef ready running\n"
28790
"\n"
28791
"create: 3600a0b80001327d800000070436216b3 undef WINSYS,SF2372\n"
28792
"size=12G features='0' hwhandler='0' wp=undef\n"
28793
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28794
" |- 2:0:0:2 sdd 8:48 undef ready running\n"
28795
" `- 3:0:0:2 sdg 8:112 undef ready running\n"
28796
"\n"
28797
"create: 3600a0b80001327510000009b4362163e undef WINSYS,SF2372\n"
28798
"size=12G features='0' hwhandler='0' wp=undef\n"
28799
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28800
" |- 2:0:0:3 sdd 8:64 undef ready running\n"
28801
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
28802
msgstr ""
28803
28804
#: serverguide/C/dm-multipath.xml:560(para)
28805
msgid ""
28806
"In order to prevent the device mapper from mapping <emphasis "
28807
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
28808
"section of the <filename>/etc/multipath.conf</filename> file to include this "
28809
"device. Although you could blacklist the <emphasis "
28810
"role=\"bold\">sda</emphasis> device using a <emphasis "
28811
"role=\"bold\">devnode</emphasis> type, that would not be safe procedure "
28812
"since <emphasis role=\"bold\">/dev/sda</emphasis> is not guaranteed to be "
28813
"the same on reboot. To blacklist individual devices, you can blacklist using "
28814
"the WWID of that device. Note that in the output to the <emphasis "
28815
"role=\"bold\">multipath -v2</emphasis> command, the WWID of the "
28816
"<filename>/dev/sda</filename> device is SIBM-"
28817
"ESXSST336732LC____F3ET0EP0Q000072428BX1. To blacklist this device, include "
28818
"the following in the <filename>/etc/multipath.conf</filename> file."
28819
msgstr ""
28820
28821
#: serverguide/C/dm-multipath.xml:575(screen)
28822
#, no-wrap
28823
msgid ""
28824
"\n"
28825
"blacklist {\n"
28826
" wwid SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1\n"
28827
"}\n"
28828
msgstr ""
28829
28830
#: serverguide/C/dm-multipath.xml:583(para)
28831
msgid ""
28832
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
28833
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
28834
"daemon to reload the file. The following command reloads the updated "
28835
"<filename>/etc/multipath.conf</filename> file."
28836
msgstr ""
28837
28838
#: serverguide/C/dm-multipath.xml:588(screen)
28839
#, no-wrap
28840
msgid "# service multipath-tools reload"
28841
msgstr ""
28842
28843
#: serverguide/C/dm-multipath.xml:592(para)
28844
msgid "Run the following command to remove the multipath device:"
28845
msgstr ""
28846
28847
#: serverguide/C/dm-multipath.xml:595(screen)
28848
#, no-wrap
28849
msgid ""
28850
"\n"
28851
"# multipath -f SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1\n"
28852
msgstr ""
28853
28854
#: serverguide/C/dm-multipath.xml:601(para)
28855
msgid ""
28856
"To check whether the device removal worked, you can run the "
28857
"<command>multipath -ll</command> command to display the current multipath "
28858
"configuration. For information on the <command>multipath -ll</command> "
28859
"command, see Section <link linkend=\"multipath-queries-and-"
28860
"commands\">“Multipath Queries with multipath Command”</link>. To check that "
28861
"the blacklisted device was not added back, you can run the multipath "
28862
"command, as in the following example. The multipath command defaults to a "
28863
"verbosity level of <emphasis role=\"bold\">v2</emphasis> if you do not "
28864
"specify a <emphasis role=\"bold\">-v</emphasis> option."
28865
msgstr ""
28866
28867
#: serverguide/C/dm-multipath.xml:612(screen)
28868
#, no-wrap
28869
msgid ""
28870
"\n"
28871
"# multipath\n"
28872
"\n"
28873
"create: 3600a0b80001327d80000006d43621677 undef WINSYS,SF2372\n"
28874
"size=12G features='0' hwhandler='0' wp=undef\n"
28875
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28876
" |- 2:0:0:0 sdb 8:16 undef ready running\n"
28877
" `- 3:0:0:0 sdf 8:80 undef ready running\n"
28878
"\n"
28879
"create: 3600a0b80001327510000009a436215ec undef WINSYS,SF2372\n"
28880
"size=12G features='0' hwhandler='0' wp=undef\n"
28881
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28882
" |- 2:0:0:1 sdc 8:32 undef ready running\n"
28883
" `- 3:0:0:1 sdg 8:96 undef ready running\n"
28884
"\n"
28885
"create: 3600a0b80001327d800000070436216b3 undef WINSYS,SF2372\n"
28886
"size=12G features='0' hwhandler='0' wp=undef\n"
28887
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28888
" |- 2:0:0:2 sdd 8:48 undef ready running\n"
28889
" `- 3:0:0:2 sdg 8:112 undef ready running\n"
28890
"\n"
28891
"create: 3600a0b80001327510000009b4362163e undef WINSYS,SF2372\n"
28892
"size=12G features='0' hwhandler='0' wp=undef\n"
28893
"`-+- policy='round-robin 0' prio=1 status=undef\n"
28894
" |- 2:0:0:3 sdd 8:64 undef ready running\n"
28895
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
28896
msgstr ""
28897
28898
#: serverguide/C/dm-multipath.xml:644(title)
28899
msgid "Configuring Storage Devices"
28900
msgstr ""
28901
28902
#: serverguide/C/dm-multipath.xml:646(para)
28903
msgid ""
28904
"By default, DM-Multipath includes support for the most common storage arrays "
28905
"that support DM-Multipath. The default configuration values, including "
28906
"supported devices, can be found in the "
28907
"<filename>multipath.conf.defaults</filename> file."
28908
msgstr ""
28909
28910
#: serverguide/C/dm-multipath.xml:651(para)
28911
msgid ""
28912
"If you need to add a storage device that is not supported by default as a "
28913
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
28914
"file and insert the appropriate device information."
28915
msgstr ""
28916
28917
#: serverguide/C/dm-multipath.xml:655(para)
28918
msgid ""
28919
"For example, to add information about the HP Open-V series the entry looks "
28920
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
28921
msgstr ""
28922
28923
#: serverguide/C/dm-multipath.xml:659(screen)
28924
#, no-wrap
28925
msgid ""
28926
"devices {\n"
28927
" device {\n"
28928
" vendor \"HP\"\n"
28929
" product \"OPEN-V.\"\n"
28930
" getuid_callout \"/lib/udev/scsi_id --whitelisted --"
28931
"device=/dev/%n\"\n"
28932
" }\n"
28933
"}\n"
28934
msgstr ""
28935
28936
#: serverguide/C/dm-multipath.xml:668(para)
28937
msgid ""
28938
"For more information on the devices section of the configuration file, see "
28939
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
28940
"device\"/>."
28941
msgstr ""
28942
28943
#: serverguide/C/dm-multipath.xml:675(title)
28944
msgid "The DM-Multipath Configuration File"
28945
msgstr ""
28946
28947
#: serverguide/C/dm-multipath.xml:677(para)
28948
msgid ""
28949
"By default, DM-Multipath provides configuration values for the most common "
28950
"uses of multipathing. In addition, DM-Multipath includes support for the "
28951
"most common storage arrays that support DM-Multipath. The default "
28952
"configuration values and the supported devices can be found in the "
28953
"<filename>multipath.conf.defaults</filename> file."
28954
msgstr ""
28955
28956
#: serverguide/C/dm-multipath.xml:683(para)
28957
msgid ""
28958
"You can override the default configuration values for DM-Multipath by "
28959
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
28960
"necessary, you can also add a storage array that is not supported by default "
28961
"to the configuration file. This chapter provides information on parsing and "
28962
"modifying the <filename>multipath.conf</filename> file. It contains sections "
28963
"on the following topics: <placeholder-1/>"
28964
msgstr ""
28965
28966
#: serverguide/C/dm-multipath.xml:715(para)
28967
msgid ""
28968
"In the multipath configuration file, you need to specify only the sections "
28969
"that you need for your configuration, or that you wish to change from the "
28970
"default values specified in the <filename>multipath.conf.defaults</filename> "
28971
"file. If there are sections of the file that are not relevant to your "
28972
"environment or for which you do not need to override the default values, you "
28973
"can leave them commented out, as they are in the initial file."
28974
msgstr ""
28975
28976
#: serverguide/C/dm-multipath.xml:723(para)
28977
msgid "The configuration file allows regular expression description syntax."
28978
msgstr ""
28979
28980
#: serverguide/C/dm-multipath.xml:726(para)
28981
msgid ""
28982
"An annotated version of the configuration file can be found in "
28983
"<filename><filename>/usr/share/doc/multipath-"
28984
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
28985
msgstr ""
28986
28987
#: serverguide/C/dm-multipath.xml:730(title)
28988
msgid "Configuration File Overview"
28989
msgstr ""
28990
28991
#: serverguide/C/dm-multipath.xml:732(para)
28992
msgid ""
28993
"The multipath configuration file is divided into the following sections:"
28994
msgstr ""
28995
28996
#: serverguide/C/dm-multipath.xml:737(emphasis)
28997
msgid "blacklist"
28998
msgstr ""
28999
29000
#: serverguide/C/dm-multipath.xml:740(para)
29001
msgid ""
29002
"Listing of specific devices that will not be considered for multipath."
29003
msgstr ""
29004
29005
#: serverguide/C/dm-multipath.xml:746(emphasis)
29006
msgid "blacklist_exceptions"
29007
msgstr ""
29008
29009
#: serverguide/C/dm-multipath.xml:749(para)
29010
msgid ""
29011
"Listing of multipath candidates that would otherwise be blacklisted "
29012
"according to the parameters of the blacklist section."
29013
msgstr ""
29014
29015
#: serverguide/C/dm-multipath.xml:756(emphasis)
29016
msgid "defaults"
29017
msgstr ""
29018
29019
#: serverguide/C/dm-multipath.xml:759(para)
29020
msgid "General default settings for DM-Multipath."
29021
msgstr ""
29022
29023
#: serverguide/C/dm-multipath.xml:767(para)
29024
msgid ""
29025
"Settings for the characteristics of individual multipath devices. These "
29026
"values overwrite what is specified in the <emphasis "
29027
"role=\"bold\">defaults</emphasis> and <emphasis "
29028
"role=\"bold\">devices</emphasis> sections of the configuration file."
29029
msgstr ""
29030
29031
#: serverguide/C/dm-multipath.xml:776(emphasis)
29032
msgid "devices"
29033
msgstr ""
29034
29035
#: serverguide/C/dm-multipath.xml:779(para)
29036
msgid ""
29037
"Settings for the individual storage controllers. These values overwrite what "
29038
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
29039
"the configuration file. If you are using a storage array that is not "
29040
"supported by default, you may need to create a devices subsection for your "
29041
"array."
29042
msgstr ""
29043
29044
#: serverguide/C/dm-multipath.xml:788(para)
29045
msgid ""
29046
"When the system determines the attributes of a multipath device, first it "
29047
"checks the multipath settings, then the per devices settings, then the "
29048
"multipath system defaults."
29049
msgstr ""
29050
29051
#: serverguide/C/dm-multipath.xml:794(title)
29052
msgid "Configuration File Blacklist"
29053
msgstr ""
29054
29055
#: serverguide/C/dm-multipath.xml:796(para)
29056
msgid ""
29057
"The blacklist section of the multipath configuration file specifies the "
29058
"devices that will not be used when the system configures multipath devices. "
29059
"Devices that are blacklisted will not be grouped into a multipath device."
29060
msgstr ""
29061
29062
#: serverguide/C/dm-multipath.xml:803(para)
29063
msgid ""
29064
"If you do need to blacklist devices, you can do so according to the "
29065
"following criteria:"
29066
msgstr ""
29067
29068
#: serverguide/C/dm-multipath.xml:808(para)
29069
msgid ""
29070
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
29071
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
29072
msgstr ""
29073
29074
#: serverguide/C/dm-multipath.xml:814(para)
29075
msgid ""
29076
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
29077
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
29078
msgstr ""
29079
29080
#: serverguide/C/dm-multipath.xml:820(para)
29081
msgid ""
29082
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
29083
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
29084
msgstr ""
29085
29086
#: serverguide/C/dm-multipath.xml:826(para)
29087
msgid ""
29088
"By default, a variety of device types are blacklisted, even after you "
29089
"comment out the initial blacklist section of the configuration file. For "
29090
"information, see <xref endterm=\"config-blacklist-by-device-name-title\" "
29091
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
29092
msgstr ""
29093
29094
#: serverguide/C/dm-multipath.xml:835(title)
29095
msgid "Blacklisting By WWID"
29096
msgstr ""
29097
29098
#: serverguide/C/dm-multipath.xml:838(para)
29099
msgid ""
29100
"You can specify individual devices to blacklist by their World-Wide "
29101
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
29102
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
29103
"file."
29104
msgstr ""
29105
29106
#: serverguide/C/dm-multipath.xml:843(para)
29107
msgid ""
29108
"The following example shows the lines in the configuration file that would "
29109
"blacklist a device with a WWID of 26353900f02796769."
29110
msgstr ""
29111
29112
#: serverguide/C/dm-multipath.xml:846(screen)
29113
#, no-wrap
29114
msgid ""
29115
"\n"
29116
"blacklist {\n"
29117
" wwid 26353900f02796769\n"
29118
"}\n"
29119
msgstr ""
29120
29121
#: serverguide/C/dm-multipath.xml:854(title)
29122
msgid "Blacklisting By Device Name"
29123
msgstr ""
29124
29125
#: serverguide/C/dm-multipath.xml:857(para)
29126
msgid ""
29127
"You can blacklist device types by device name so that they will not be "
29128
"grouped into a multipath device by specifying a <emphasis "
29129
"role=\"bold\">devnode</emphasis> entry in the <emphasis "
29130
"role=\"bold\">blacklist</emphasis> section of the configuration file."
29131
msgstr ""
29132
29133
#: serverguide/C/dm-multipath.xml:863(para)
29134
msgid ""
29135
"The following example shows the lines in the configuration file that would "
29136
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
29137
"blacklist {\n"
29138
" devnode \"^sd[a-z]\"\n"
29139
"}</screen>"
29140
msgstr ""
29141
29142
#: serverguide/C/dm-multipath.xml:870(para)
29143
msgid ""
29144
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
29145
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
29146
"file to specify individual devices to blacklist rather than all devices of a "
29147
"specific type. This is not recommended, however, since unless it is "
29148
"statically mapped by udev rules, there is no guarantee that a specific "
29149
"device will have the same name on reboot. For example, a device name could "
29150
"change from <filename>/dev/sda</filename> to <filename>/dev/sdb</filename> "
29151
"on reboot."
29152
msgstr ""
29153
29154
#: serverguide/C/dm-multipath.xml:880(para)
29155
msgid ""
29156
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
29157
"are compiled in the default blacklist; the devices that these entries "
29158
"blacklist do not generally support DM-Multipath. To enable multipathing on "
29159
"any of these devices, you would need to specify them in the <emphasis "
29160
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
29161
"file, as described in <xref endterm=\"config-blacklist-exceptions-title\" "
29162
"linkend=\"multipath-config-blacklist-exceptions\"/><screen>\n"
29163
"blacklist {\n"
29164
" devnode \"^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*\"\n"
29165
" devnode \"^hd[a-z]\"\n"
29166
"}\n"
29167
"</screen>"
29168
msgstr ""
29169
29170
#: serverguide/C/dm-multipath.xml:897(title)
29171
msgid "Blacklisting By Device Type"
29172
msgstr ""
29173
29174
#: serverguide/C/dm-multipath.xml:900(para)
29175
msgid ""
29176
"You can specify specific device types in the <emphasis "
29177
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
29178
"device section. The following example blacklists all IBM DS4200 and HP "
29179
"devices. <screen>\n"
29180
"blacklist {\n"
29181
" device {\n"
29182
" vendor \"IBM\"\n"
29183
" product \"3S42\" #DS4200 Product 10\n"
29184
" }\n"
29185
" device {\n"
29186
" vendor \"HP\"\n"
29187
" product \"*\"\n"
29188
" }\n"
29189
"}\n"
29190
"</screen>"
29191
msgstr ""
29192
29193
#: serverguide/C/dm-multipath.xml:918(title)
29194
msgid "Blacklist Exceptions"
29195
msgstr ""
29196
29197
#: serverguide/C/dm-multipath.xml:921(para)
29198
msgid ""
29199
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
29200
"section of the configuration file to enable multipathing on devices that "
29201
"have been blacklisted by default."
29202
msgstr ""
29203
29204
#: serverguide/C/dm-multipath.xml:926(para)
29205
msgid ""
29206
"For example, if you have a large number of devices and want to multipath "
29207
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
29208
"instead of individually blacklisting each of the devices except the one you "
29209
"want, you could instead blacklist all of them, and then allow only the one "
29210
"you want by adding the following lines to the "
29211
"<filename>/etc/multipath.conf</filename> file. <screen>\n"
29212
"blacklist {\n"
29213
" wwid \"*\"\n"
29214
"}\n"
29215
"\n"
29216
"blacklist_exceptions {\n"
29217
" wwid \"3600d0230000000000e13955cc3757803\"\n"
29218
"}\n"
29219
"</screen>"
29220
msgstr ""
29221
29222
#: serverguide/C/dm-multipath.xml:941(para)
29223
msgid ""
29224
"When specifying devices in the <emphasis "
29225
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
29226
"file, you must specify the exceptions in the same way they were specified in "
29227
"the <emphasis role=\"bold\">blacklist</emphasis>. For example, a WWID "
29228
"exception will not apply to devices specified by a <emphasis "
29229
"role=\"bold\">devnode</emphasis> blacklist entry, even if the blacklisted "
29230
"device is associated with that WWID. Similarly, devnode exceptions apply "
29231
"only to devnode entries, and device exceptions apply only to device entries."
29232
msgstr ""
29233
29234
#: serverguide/C/dm-multipath.xml:954(title)
29235
msgid "Configuration File Defaults"
29236
msgstr ""
29237
29238
#: serverguide/C/dm-multipath.xml:956(para)
29239
msgid ""
29240
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
29241
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
29242
"role=\"bold\">user_friendly_names</emphasis> parameter to <emphasis "
29243
"role=\"bold\">yes</emphasis>, as follows."
29244
msgstr ""
29245
29246
#: serverguide/C/dm-multipath.xml:961(screen)
29247
#, no-wrap
29248
msgid ""
29249
"\n"
29250
"defaults {\n"
29251
" user_friendly_names yes\n"
29252
"}\n"
29253
msgstr ""
29254
29255
#: serverguide/C/dm-multipath.xml:967(para)
29256
msgid ""
29257
"This overwrites the default value of the <emphasis "
29258
"role=\"bold\">user_friendly_names</emphasis> parameter."
29259
msgstr ""
29260
29261
#: serverguide/C/dm-multipath.xml:970(para)
29262
msgid ""
29263
"The configuration file includes a template of configuration defaults. This "
29264
"section is commented out, as follows."
29265
msgstr ""
29266
29267
#: serverguide/C/dm-multipath.xml:973(screen)
29268
#, no-wrap
29269
msgid ""
29270
"\n"
29271
"#defaults {\n"
29272
"# udev_dir /dev\n"
29273
"# polling_interval 5\n"
29274
"# selector \"round-robin 0\"\n"
29275
"# path_grouping_policy failover\n"
29276
"# getuid_callout \"/lib/dev/scsi_id --whitelisted --"
29277
"device=/dev/%n\"\n"
29278
"#\tprio\t\t\tconst\n"
29279
"#\tpath_checker\t\tdirectio\n"
29280
"#\trr_min_io\t\t1000\n"
29281
"#\trr_weight\t\tuniform\n"
29282
"#\tfailback\t\tmanual\n"
29283
"#\tno_path_retry\t\tfail\n"
29284
"#\tuser_friendly_names\tno\n"
29285
"#}\n"
29286
msgstr ""
29287
29288
#: serverguide/C/dm-multipath.xml:990(para)
29289
msgid ""
29290
"To overwrite the default value for any of the configuration parameters, you "
29291
"can copy the relevant line from this template into the <emphasis "
29292
"role=\"bold\">defaults</emphasis> section and uncomment it. For example, to "
29293
"overwrite the <emphasis role=\"bold\">path_grouping_policy</emphasis> "
29294
"parameter so that it is <emphasis role=\"bold\">multibus</emphasis> rather "
29295
"than the default value of <emphasis role=\"bold\">failover</emphasis>, copy "
29296
"the appropriate line from the template to the initial <emphasis "
29297
"role=\"bold\">defaults</emphasis> section of the configuration file, and "
29298
"uncomment it, as follows."
29299
msgstr ""
29300
29301
#: serverguide/C/dm-multipath.xml:1001(screen)
29302
#, no-wrap
29303
msgid ""
29304
"\n"
29305
"defaults {\n"
29306
" user_friendly_names yes\n"
29307
" path_grouping_policy multibus\n"
29308
"}\n"
29309
msgstr ""
29310
29311
#: serverguide/C/dm-multipath.xml:1008(para)
29312
msgid ""
29313
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
29314
"config-defaults-table\"/> describes the attributes that are set in the "
29315
"<emphasis role=\"bold\">defaults</emphasis> section of the "
29316
"<filename>multipath.conf</filename> configuration file. These values are "
29317
"used by DM-Multipath unless they are overwritten by the attributes specified "
29318
"in the <emphasis role=\"bold\">devices</emphasis> and <emphasis "
29319
"role=\"bold\">multipaths</emphasis> sections of the "
29320
"<filename>multipath.conf</filename> file."
29321
msgstr ""
29322
29323
#: serverguide/C/dm-multipath.xml:1022(title)
29324
msgid "Configuration File Multipath Attributes"
29325
msgstr ""
29326
29327
#: serverguide/C/dm-multipath.xml:1025(para)
29328
msgid ""
29329
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
29330
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
29331
"role=\"bold\">multipaths</emphasis> section of the "
29332
"<filename>multipath.conf</filename> configuration file for each specific "
29333
"multipath device. These attributes apply only to the one specified "
29334
"multipath. These defaults are used by DM-Multipath and override attributes "
29335
"set in the <emphasis role=\"bold\">defaults</emphasis> and <emphasis "
29336
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
29337
msgstr ""
29338
29339
#: serverguide/C/dm-multipath.xml:1038(para)
29340
msgid ""
29341
"In addition, the following parameters may be overridden in this <emphasis "
29342
"role=\"bold\">multipath</emphasis> section"
29343
msgstr ""
29344
29345
#: serverguide/C/dm-multipath.xml:1087(para)
29346
msgid ""
29347
"The following example shows multipath attributes specified in the "
29348
"configuration file for two specific multipath devices. The first device has "
29349
"a WWID of 3600508b4000156d70001200000b0000 and a symbolic name of yellow."
29350
msgstr ""
29351
29352
#: serverguide/C/dm-multipath.xml:1092(para)
29353
msgid ""
29354
"The second multipath device in the example has a WWID of "
29355
"1DEC_____321816758474 and a symbolic name of red. In this example, the <link "
29356
"linkend=\"attribute-rr_weight\" role=\"bold\">rr_weight</link> attributes is "
29357
"set to priorities."
29358
msgstr ""
29359
29360
#: serverguide/C/dm-multipath.xml:1097(screen)
29361
#, no-wrap
29362
msgid ""
29363
"\n"
29364
"multipaths {\n"
29365
" multipath {\n"
29366
" wwid 3600508b4000156d70001200000b0000\n"
29367
" alias yellow\n"
29368
" path_grouping_policy multibus\n"
29369
" path_selector \"round-robin 0\"\n"
29370
" failback manual\n"
29371
" rr_weight priorities\n"
29372
" no_path_retry 5\n"
29373
" }\n"
29374
" multipath {\n"
29375
" wwid 1DEC_____321816758474\n"
29376
" alias red\n"
29377
" rr_weight priorities\n"
29378
" }\n"
29379
"}\n"
29380
msgstr ""
29381
29382
#: serverguide/C/dm-multipath.xml:1118(title)
29383
msgid "Configuration File Devices"
29384
msgstr ""
29385
29386
#: serverguide/C/dm-multipath.xml:1120(para)
29387
msgid ""
29388
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
29389
"device-attributes-table\"/> shows the attributes that you can set for each "
29390
"individual storage device in the devices section of the multipath.conf "
29391
"configuration file. These attributes are used by DM-Multipath unless they "
29392
"are overwritten by the attributes specified in the <emphasis "
29393
"role=\"bold\">multipaths</emphasis> section of the "
29394
"<filename>multipath.conf</filename> file for paths that contain the device. "
29395
"These attributes override the attributes set in the <emphasis "
29396
"role=\"bold\">defaults</emphasis> section of the "
29397
"<filename>multipath.conf</filename> file."
29398
msgstr ""
29399
29400
#: serverguide/C/dm-multipath.xml:1131(para)
29401
msgid ""
29402
"Many devices that support multipathing are included by default in a "
29403
"multipath configuration. The values for the devices that are supported by "
29404
"default are listed in the <filename>multipath.conf.defaults</filename> file. "
29405
"You probably will not need to modify the values for these devices, but if "
29406
"you do you can overwrite the default values by including an entry in the "
29407
"configuration file for the device that overwrites those values. You can copy "
29408
"the device configuration defaults from the "
29409
"<filename>multipath.conf.annotated.gz</filename> or if you wish to have a "
29410
"brief config file, <filename>multipath.conf.synthetic</filename> file for "
29411
"the device and override the values that you want to change."
29412
msgstr ""
29413
29414
#: serverguide/C/dm-multipath.xml:1143(para)
29415
msgid ""
29416
"To add a device to this section of the configuration file that is not "
29417
"configured automatically by default, you must set the <emphasis "
29418
"role=\"bold\">vendor</emphasis> and <emphasis "
29419
"role=\"bold\">product</emphasis> parameters. You can find these values by "
29420
"looking at <emphasis "
29421
"role=\"bold\">/sys/block/device_name/device/vendor</emphasis> and <emphasis "
29422
"role=\"bold\">/sys/block/device_name/device/model</emphasis> where "
29423
"device_name is the device to be multipathed, as in the following example:"
29424
msgstr ""
29425
29426
#: serverguide/C/dm-multipath.xml:1153(screen)
29427
#, no-wrap
29428
msgid ""
29429
"\n"
29430
"# cat /sys/block/sda/device/vendor\n"
29431
"WINSYS \n"
29432
"# cat /sys/block/sda/device/model\n"
29433
"SF2372\n"
29434
msgstr ""
29435
29436
#: serverguide/C/dm-multipath.xml:1160(para)
29437
msgid ""
29438
"The additional parameters to specify depend on your specific device. If the "
29439
"device is active/active, you will usually not need to set additional "
29440
"parameters. You may want to set <link linkend=\"attribute-"
29441
"path_grouping_policy\">path_grouping_policy</link> to <emphasis "
29442
"role=\"bold\">multibus</emphasis>. Other parameters you may need to set are "
29443
"<link linkend=\"attribute-no_path_retry\">no_path_retry</link> and <link "
29444
"linkend=\"attribute-rr_min_io\">rr_min_io</link>, as described in Table "
29445
"<xref endterm=\"attributes-table-title\" linkend=\"multipath-attributes-"
29446
"table\"/>."
29447
msgstr ""
29448
29449
#: serverguide/C/dm-multipath.xml:1170(para)
29450
msgid ""
29451
"If the device is active/passive, but it automatically switches paths with "
29452
"I/O to the passive path, you need to change the checker function to one that "
29453
"does not send I/O to the path to test if it is working (otherwise, your "
29454
"device will keep failing over). This almost always means that you set the "
29455
"<link linkend=\"attribute-path_checker\">path_checker</link> to <emphasis "
29456
"role=\"bold\">tur</emphasis>; this works for all SCSI devices that support "
29457
"the Test Unit Ready command, which most do."
29458
msgstr ""
29459
29460
#: serverguide/C/dm-multipath.xml:1179(para)
29461
msgid ""
29462
"If the device needs a special command to switch paths, then configuring this "
29463
"device for multipath requires a hardware handler kernel module. The current "
29464
"available hardware handler is emc. If this is not sufficient for your "
29465
"device, you may not be able to configure the device for multipath."
29466
msgstr ""
29467
29468
#: serverguide/C/dm-multipath.xml:1188(para)
29469
msgid ""
29470
"In addition, the following parameters may be overridden in this <emphasis "
29471
"role=\"bold\">device</emphasis> section"
29472
msgstr ""
29473
29474
#: serverguide/C/dm-multipath.xml:1263(para)
29475
msgid ""
29476
"Whenever a hardware_handler is specified, it is your responsibility to "
29477
"ensure that the appropriate kernel module is loaded to support the specified "
29478
"interface. These modules can be found in <emphasis "
29479
"role=\"bold\"><filename>/lib/modules/`uname -"
29480
"r`/kernel/drivers/scsi/device_handler/ </filename></emphasis>. The requisite "
29481
"module should be integrated into the initrd to ensure the necessary "
29482
"discovery and failover-failback capacity is available during boot time. "
29483
"Example,<screen># cat scsi_dh_alua >> /etc/initramfs-tools/modules ## "
29484
"append module to file\n"
29485
"# update-initramfs -u -k all</screen>"
29486
msgstr ""
29487
29488
#: serverguide/C/dm-multipath.xml:1274(para)
29489
msgid ""
29490
"The following example shows a device entry in the multipath configuration "
29491
"file."
29492
msgstr ""
29493
29494
#: serverguide/C/dm-multipath.xml:1277(screen)
29495
#, no-wrap
29496
msgid ""
29497
"\n"
29498
"\n"
29499
"#devices {\n"
29500
"#\tdevice {\n"
29501
"#\t\tvendor\t\t\t\"COMPAQ \"\n"
29502
"#\t\tproduct\t\t\t\"MSA1000 \"\n"
29503
"#\t\tpath_grouping_policy\tmultibus\n"
29504
"#\t\tpath_checker\t\ttur\n"
29505
"#\t\trr_weight\t\tpriorities\n"
29506
"#\t}\n"
29507
"#}\n"
29508
msgstr ""
29509
29510
#: serverguide/C/dm-multipath.xml:1290(para)
29511
msgid ""
29512
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
29513
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
29514
"role=\"bold\">revision</emphasis> fields are significant as multipath is "
29515
"performing a direct match against these attributes, whose format is defined "
29516
"by the SCSI specification, specifically the <ulink "
29517
"url=\"http://en.wikipedia.org/wiki/SCSI_Inquiry_Command\">Standard "
29518
"INQUIRY</ulink> command. When quotes are used, the vendor, product, and "
29519
"revision fields will be interpreted strictly according to the spec. Regular "
29520
"expressions may be integrated into the quoted strings. Should a field be "
29521
"defined without the requisite spacing, multipath will copy the string into "
29522
"the properly sized buffer and pad with the appropriate number of spaces. The "
29523
"specification expects the entire field to be populated by printable "
29524
"characters or spaces, as seen in the example above"
29525
msgstr ""
29526
29527
#: serverguide/C/dm-multipath.xml:1307(para)
29528
msgid "vendor: 8 characters"
29529
msgstr ""
29530
29531
#: serverguide/C/dm-multipath.xml:1311(para)
29532
msgid "product: 16 characters"
29533
msgstr ""
29534
29535
#: serverguide/C/dm-multipath.xml:1315(para)
29536
msgid "revision: 4 characters"
29537
msgstr ""
29538
29539
#: serverguide/C/dm-multipath.xml:1319(para)
29540
msgid ""
29541
"To create a more robust configuration file, regular expressions can also be "
29542
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
29543
"Examples of functional regular expressions can be found by examining the "
29544
"live multipath database and <filename>multipath.conf </filename>example "
29545
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
29546
msgstr ""
29547
29548
#: serverguide/C/dm-multipath.xml:1326(screen)
29549
#, no-wrap
29550
msgid "# echo 'show config' | multipathd -k"
29551
msgstr ""
29552
29553
#: serverguide/C/dm-multipath.xml:1331(title)
29554
msgid "DM-Multipath Administration and Troubleshooting"
29555
msgstr ""
29556
29557
#: serverguide/C/dm-multipath.xml:1334(title)
29558
msgid "Resizing an Online Multipath Device"
29559
msgstr ""
29560
29561
#: serverguide/C/dm-multipath.xml:1336(para)
29562
msgid ""
29563
"If you need to resize an online multipath device, use the following procedure"
29564
msgstr ""
29565
29566
#: serverguide/C/dm-multipath.xml:1341(para)
29567
msgid "Resize your physical device. This is storage platform specific."
29568
msgstr ""
29569
29570
#: serverguide/C/dm-multipath.xml:1346(para)
29571
msgid "Use the following command to find the paths to the LUN:"
29572
msgstr ""
29573
29574
#: serverguide/C/dm-multipath.xml:1348(screen)
29575
#, no-wrap
29576
msgid "# multipath -l"
29577
msgstr ""
29578
29579
#: serverguide/C/dm-multipath.xml:1352(para)
29580
msgid ""
29581
"Resize your paths. For SCSI devices, writing 1 to the "
29582
"<filename>rescan</filename> file for the device causes the SCSI driver to "
29583
"rescan, as in the following command:"
29584
msgstr ""
29585
29586
#: serverguide/C/dm-multipath.xml:1356(screen)
29587
#, no-wrap
29588
msgid "# echo 1 > /sys/block/device_name/device/rescan"
29589
msgstr ""
29590
29591
#: serverguide/C/dm-multipath.xml:1360(para)
29592
msgid ""
29593
"Resize your multipath device by running the multipathd resize command:"
29594
msgstr ""
29595
29596
#: serverguide/C/dm-multipath.xml:1363(screen)
29597
#, no-wrap
29598
msgid "# multipathd -k 'resize map mpatha'"
29599
msgstr ""
29600
29601
#: serverguide/C/dm-multipath.xml:1367(para)
29602
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
29603
msgstr ""
29604
29605
#: serverguide/C/dm-multipath.xml:1370(screen)
29606
#, no-wrap
29607
msgid "# resize2fs /dev/mapper/mpatha"
29608
msgstr ""
29609
29610
#: serverguide/C/dm-multipath.xml:1376(title)
29611
msgid ""
29612
"Moving root File Systems from a Single Path Device to a Multipath Device"
29613
msgstr ""
29614
29615
#: serverguide/C/dm-multipath.xml:1379(para)
29616
msgid ""
29617
"This is dramatically simplified by the use of UUIDs to identify devices as "
29618
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
29619
"boot</emphasis> and reboot. This will rebuild the initial ramdisk and afford "
29620
"multipath the opportunity to build it's paths before the root file system is "
29621
"mounted by UUID."
29622
msgstr ""
29623
29624
#: serverguide/C/dm-multipath.xml:1386(para)
29625
msgid ""
29626
"Whenever <filename>multipath.conf</filename> is updated, so should the "
29627
"initrd by executing <command>update-initramfs -u -k all</command>. The "
29628
"reason being is <filename>multipath.conf</filename> is copied to the ramdisk "
29629
"and is integral to determining the available devices for grouping via it's "
29630
"blacklist and device sections."
29631
msgstr ""
29632
29633
#: serverguide/C/dm-multipath.xml:1395(title)
29634
msgid ""
29635
"Moving swap File Systems from a Single Path Device to a Multipath Device"
29636
msgstr ""
29637
29638
#: serverguide/C/dm-multipath.xml:1398(para)
29639
msgid ""
29640
"The procedure is exactly the same as illustrated in the previous section "
29641
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
29642
"device\">Moving root File Systems from a Single Path to a Multipath "
29643
"Device</link>."
29644
msgstr ""
29645
29646
#: serverguide/C/dm-multipath.xml:1406(title)
29647
msgid "The Multipath Daemon"
29648
msgstr ""
29649
29650
#: serverguide/C/dm-multipath.xml:1408(para)
29651
msgid ""
29652
"If you find you have trouble implementing a multipath configuration, you "
29653
"should ensure the multipath daemon is running as described in <link "
29654
"linkend=\"multipath-setting-up-dm-multipath\">\"Setting up DM-"
29655
"Multipath\"</link>. The <command>multipathd</command> daemon must be running "
29656
"in order to use multipathd devices. Also see section <link "
29657
"linkend=\"multipath-interacting-with-multipathd\">Troubleshooting with the "
29658
"multipathd interactive console</link> concerning interacting with "
29659
"<command>multipathd</command> as a debugging aid."
29660
msgstr ""
29661
29662
#: serverguide/C/dm-multipath.xml:1448(title)
29663
msgid "Issues with queue_if_no_path"
29664
msgstr ""
29665
29666
#: serverguide/C/dm-multipath.xml:1450(para)
29667
msgid ""
29668
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
29669
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
29670
"process that uses I/O will hang until one or more paths are restored. To "
29671
"avoid this, set the <emphasis role=\"bold\"><link linkend=\"attribute-"
29672
"no_path_retry\">no_path_retry</link> N</emphasis> parameter in the "
29673
"<filename>/etc/multipath.conf</filename>."
29674
msgstr ""
29675
29676
#: serverguide/C/dm-multipath.xml:1457(para)
29677
msgid ""
29678
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
29679
"remove the <emphasis role=\"bold\">features \"1 "
29680
"queue_if_no_path\"</emphasis> option from the "
29681
"<filename>/etc/multipath.conf</filename> file as well. If, however, you are "
29682
"using a multipathed device for which the <option>features \"1 "
29683
"queue_if_no_path\"</option> option is set as a compiled in default, as it is "
29684
"for many SAN devices, you must add <option>features \"0\"</option> to "
29685
"override this default. You can do this by copying the existing <emphasis "
29686
"role=\"bold\">devices</emphasis> section, and just that section (not the "
29687
"entire file), from <filename>/usr/share/doc/multipath-"
29688
"tools/examples/multipath.conf.annotated.gz</filename> into "
29689
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
29690
msgstr ""
29691
29692
#: serverguide/C/dm-multipath.xml:1471(para)
29693
msgid ""
29694
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
29695
"option and you experience the issue noted here, use the "
29696
"<command>dmsetup</command> command to edit the policy at runtime for a "
29697
"particular LUN (that is, for which all the paths are unavailable). For "
29698
"example, if you want to change the policy on the multipath device "
29699
"<filename>mpathc</filename> from <option>\"queue_if_no_path\"</option> to "
29700
"<option> \"fail_if_no_path\"</option>, execute the following command."
29701
msgstr ""
29702
29703
#: serverguide/C/dm-multipath.xml:1480(screen)
29704
#, no-wrap
29705
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
29706
msgstr ""
29707
29708
#: serverguide/C/dm-multipath.xml:1483(para)
29709
msgid ""
29710
"You must specify the <filename>mpathN</filename> alias rather than the path"
29711
msgstr ""
29712
29713
#: serverguide/C/dm-multipath.xml:1489(title)
29714
msgid "Multipath Command Output"
29715
msgstr ""
29716
29717
#: serverguide/C/dm-multipath.xml:1491(para)
29718
msgid ""
29719
"When you create, modify, or list a multipath device, you get a printout of "
29720
"the current device setup. The format is as follows. For each multipath "
29721
"device:"
29722
msgstr ""
29723
29724
#: serverguide/C/dm-multipath.xml:1495(screen)
29725
#, no-wrap
29726
msgid ""
29727
" action_if_any: alias (wwid_if_different_from_alias) "
29728
"dm_device_name_if_known vendor,product\n"
29729
" size=size features='features' hwhandler='hardware_handler' "
29730
"wp=write_permission_if_known"
29731
msgstr ""
29732
29733
#: serverguide/C/dm-multipath.xml:1498(para)
29734
msgid "For each path group:"
29735
msgstr ""
29736
29737
#: serverguide/C/dm-multipath.xml:1500(screen)
29738
#, no-wrap
29739
msgid ""
29740
" -+- policy='scheduling_policy' prio=prio_if_known\n"
29741
" status=path_group_status_if_known"
29742
msgstr ""
29743
29744
#: serverguide/C/dm-multipath.xml:1503(para)
29745
msgid "For each path:"
29746
msgstr ""
29747
29748
#: serverguide/C/dm-multipath.xml:1505(screen)
29749
#, no-wrap
29750
msgid ""
29751
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
29752
"path_status\n"
29753
" online_status"
29754
msgstr ""
29755
29756
#: serverguide/C/dm-multipath.xml:1508(para)
29757
msgid ""
29758
"For example, the output of a multipath command might appear as follows:"
29759
msgstr ""
29760
29761
#: serverguide/C/dm-multipath.xml:1511(screen)
29762
#, no-wrap
29763
msgid ""
29764
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
29765
" size=269G features='0' hwhandler='0' wp=rw\n"
29766
" |-+- policy='round-robin 0' prio=1 status=active\n"
29767
" | `- 6:0:0:0 sdb 8:16 active ready running\n"
29768
" `-+- policy='round-robin 0' prio=1 status=enabled\n"
29769
" `- 7:0:0:0 sdf 8:80 active ready running"
29770
msgstr ""
29771
29772
#: serverguide/C/dm-multipath.xml:1518(para)
29773
msgid ""
29774
"If the path is up and ready for I/O, the status of the path is <emphasis "
29775
"role=\"bold\">ready</emphasis> or <emphasis "
29776
"role=\"emphasis\">ghost</emphasis>. If the path is down, the status is "
29777
"<emphasis role=\"bold\">faulty</emphasis> or <emphasis "
29778
"role=\"bold\">shaky</emphasis>. The path status is updated periodically by "
29779
"the <command>multipathd</command> daemon based on the polling interval "
29780
"defined in the <filename>/etc/multipath.conf</filename> file."
29781
msgstr ""
29782
29783
#: serverguide/C/dm-multipath.xml:1526(para)
29784
msgid ""
29785
"The dm status is similar to the path status, but from the kernel's point of "
29786
"view. The dm status has two states: <emphasis "
29787
"role=\"bold\">failed</emphasis>, which is analogous to <emphasis "
29788
"role=\"bold\">faulty</emphasis>, and <emphasis "
29789
"role=\"bold\">active</emphasis> which covers all other path states. "
29790
"Occasionally, the path state and the dm state of a device will temporarily "
29791
"not agree."
29792
msgstr ""
29793
29794
#: serverguide/C/dm-multipath.xml:1534(para)
29795
msgid ""
29796
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
29797
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
29798
"role=\"bold\">offline</emphasis>. A status of <emphasis "
29799
"role=\"emphasis\">offline</emphasis> means that the SCSI device has been "
29800
"disabled."
29801
msgstr ""
29802
29803
#: serverguide/C/dm-multipath.xml:1542(para)
29804
msgid ""
29805
"When a multipath device is being created or modified , the path group "
29806
"status, the dm device name, the write permissions, and the dm status are not "
29807
"known. Also, the features are not always correct"
29808
msgstr ""
29809
29810
#: serverguide/C/dm-multipath.xml:1549(title)
29811
msgid "Multipath Queries with multipath Command"
29812
msgstr ""
29813
29814
#: serverguide/C/dm-multipath.xml:1551(para)
29815
msgid ""
29816
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
29817
"role=\"bold\">-ll</emphasis> options of the <emphasis "
29818
"role=\"bold\">multipath</emphasis> command to display the current multipath "
29819
"configuration. The <emphasis role=\"bold\">-l</emphasis> option displays "
29820
"multipath topology gathered from information in sysfs and the device mapper. "
29821
"The <emphasis role=\"bold\">-ll</emphasis> option displays the information "
29822
"the <emphasis role=\"bold\">-l</emphasis> displays in addition to all other "
29823
"available components of the system."
29824
msgstr ""
29825
29826
#: serverguide/C/dm-multipath.xml:1560(para)
29827
msgid ""
29828
"When displaying the multipath configuration, there are three verbosity "
29829
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
29830
"of the multipath command. Specifying <emphasis role=\"bold\">-v0</emphasis> "
29831
"yields no output. Specifying<emphasis role=\"bold\"> -v1</emphasis> outputs "
29832
"the created or updated multipath names only, which you can then feed to "
29833
"other tools such as kpartx. Specifying <emphasis role=\"bold\">-"
29834
"v2</emphasis> prints all detected paths, multipaths, and device maps."
29835
msgstr ""
29836
29837
#: serverguide/C/dm-multipath.xml:1570(para)
29838
msgid ""
29839
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
29840
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
29841
"defining the <link linkend=\"attribute-verbosity\">verbosity "
29842
"attribute</link> in the <emphasis role=\"bold\">defaults</emphasis> section "
29843
"of <filename>multipath.conf</filename>."
29844
msgstr ""
29845
29846
#: serverguide/C/dm-multipath.xml:1577(para)
29847
msgid ""
29848
"The following example shows the output of a <emphasis "
29849
"role=\"bold\">multipath -l</emphasis> command."
29850
msgstr ""
29851
29852
#: serverguide/C/dm-multipath.xml:1580(screen)
29853
#, no-wrap
29854
msgid ""
29855
"# multipath -l\n"
29856
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
29857
" size=269G features='0' hwhandler='0' wp=rw\n"
29858
" |-+- policy='round-robin 0' prio=1 status=active\n"
29859
" | `- 6:0:0:0 sdb 8:16 active ready running\n"
29860
" `-+- policy='round-robin 0' prio=1 status=enabled\n"
29861
" `- 7:0:0:0 sdf 8:80 active ready running"
29862
msgstr ""
29863
29864
#: serverguide/C/dm-multipath.xml:1588(para)
29865
msgid ""
29866
"The following example shows the output of a <emphasis "
29867
"role=\"bold\">multipath -ll</emphasis> command."
29868
msgstr ""
29869
29870
#: serverguide/C/dm-multipath.xml:1591(screen)
29871
#, no-wrap
29872
msgid ""
29873
"# multipath -ll\n"
29874
" 3600d0230000000000e13955cc3757801 dm-10 WINSYS,SF2372\n"
29875
" size=269G features='0' hwhandler='0' wp=rw\n"
29876
" |-+- policy='round-robin 0' prio=1 status=enabled\n"
29877
" | `- 19:0:0:1 sdc 8:32 active ready running\n"
29878
" `-+- policy='round-robin 0' prio=1 status=enabled\n"
29879
" `- 18:0:0:1 sdh 8:112 active ready running\n"
29880
" 3600d0230000000000e13955cc3757803 dm-2 WINSYS,SF2372\n"
29881
" size=125G features='0' hwhandler='0' wp=rw\n"
29882
" `-+- policy='round-robin 0' prio=1 status=active\n"
29883
" |- 19:0:0:3 sde 8:64 active ready running\n"
29884
" `- 18:0:0:3 sdj 8:144 active ready running"
29885
msgstr ""
29886
29887
#: serverguide/C/dm-multipath.xml:1606(title)
29888
msgid "Multipath Command Options"
29889
msgstr ""
29890
29891
#: serverguide/C/dm-multipath.xml:1608(para)
29892
msgid ""
29893
"Table <link linkend=\"useful-multipath-command-options\">\"Useful multipath "
29894
"Command Options\"</link> describes some options of the <emphasis "
29895
"role=\"bold\">multipath</emphasis> command that you find useful"
29896
msgstr ""
29897
29898
#: serverguide/C/dm-multipath.xml:1614(title)
29899
msgid "Useful multipath Command Options"
29900
msgstr ""
29901
29902
#: serverguide/C/dm-multipath.xml:1623(entry)
29903
msgid "Option"
29904
msgstr ""
29905
29906
#: serverguide/C/dm-multipath.xml:1630(emphasis)
29907
msgid "-l"
29908
msgstr ""
29909
29910
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
29911
msgid "sysfs"
29912
msgstr ""
29913
29914
#: serverguide/C/dm-multipath.xml:1631(entry)
29915
msgid ""
29916
"Display the current multipath configuration gathered from <placeholder-1/> "
29917
"and the device mapper."
29918
msgstr ""
29919
29920
#: serverguide/C/dm-multipath.xml:1637(emphasis)
29921
msgid "-ll"
29922
msgstr ""
29923
29924
#: serverguide/C/dm-multipath.xml:1638(entry)
29925
msgid ""
29926
"Display the current multipath configuration gathered from <placeholder-1/>, "
29927
"the device mapper, and all other available components on the system."
29928
msgstr ""
29929
29930
#: serverguide/C/dm-multipath.xml:1644(emphasis)
29931
msgid "-f device"
29932
msgstr ""
29933
29934
#: serverguide/C/dm-multipath.xml:1645(entry)
29935
msgid "Remove the named multipath device."
29936
msgstr ""
29937
29938
#: serverguide/C/dm-multipath.xml:1649(emphasis)
29939
msgid "-F"
29940
msgstr ""
29941
29942
#: serverguide/C/dm-multipath.xml:1650(entry)
29943
msgid "Remove all unused multipath devices."
29944
msgstr ""
29945
29946
#: serverguide/C/dm-multipath.xml:1658(title)
29947
msgid "Determining Device Mapper Entries with dmsetup Command"
29948
msgstr ""
29949
29950
#: serverguide/C/dm-multipath.xml:1660(para)
29951
msgid ""
29952
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
29953
"out which device mapper entries match the <emphasis "
29954
"role=\"bold\">multipathed</emphasis> devices."
29955
msgstr ""
29956
29957
#: serverguide/C/dm-multipath.xml:1664(para)
29958
msgid ""
29959
"The following command displays all the device mapper devices and their major "
29960
"and minor numbers. The minor numbers determine the name of the dm device. "
29961
"For example, a minor number of <emphasis role=\"bold\">3</emphasis> "
29962
"corresponds to the multipathed device <emphasis "
29963
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
29964
msgstr ""
29965
29966
#: serverguide/C/dm-multipath.xml:1670(screen)
29967
#, no-wrap
29968
msgid ""
29969
"\n"
29970
"# dmsetup ls\n"
29971
"mpathd (253, 4)\n"
29972
"mpathep1 (253, 12)\n"
29973
"mpathfp1 (253, 11)\n"
29974
"mpathb (253, 3)\n"
29975
"mpathgp1 (253, 14)\n"
29976
"mpathhp1 (253, 13)\n"
29977
"mpatha (253, 2)\n"
29978
"mpathh (253, 9)\n"
29979
"mpathg (253, 8)\n"
29980
"VolGroup00-LogVol01 (253, 1)\n"
29981
"mpathf (253, 7)\n"
29982
"VolGroup00-LogVol00 (253, 0)\n"
29983
"mpathe (253, 6)\n"
29984
"mpathbp1 (253, 10)\n"
29985
"mpathd (253, 5)\n"
29986
" "
29987
msgstr ""
29988
29989
#: serverguide/C/dm-multipath.xml:1691(title)
29990
msgid "Troubleshooting with the multipathd interactive console"
29991
msgstr ""
29992
29993
#: serverguide/C/dm-multipath.xml:1693(para)
29994
msgid ""
29995
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
29996
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
29997
"daemon. Entering this command brings up an interactive multipath console. "
29998
"After entering this command, you can enter help to get a list of available "
29999
"commands, you can enter a interactive command, or you can enter <emphasis "
30000
"role=\"bold\">CTRL-D</emphasis> to quit."
30001
msgstr ""
30002
30003
#: serverguide/C/dm-multipath.xml:1700(para)
30004
msgid ""
30005
"The multipathd interactive console can be used to troubleshoot problems you "
30006
"may be having with your system. For example, the following command sequence "
30007
"displays the multipath configuration, including the defaults, before exiting "
30008
"the console. See the IBM article <ulink url=\"http://www-"
30009
"01.ibm.com/support/docview.wss?uid=isg3T1011985\">\"Tricks with "
30010
"Multipathd\"</ulink> for more examples."
30011
msgstr ""
30012
30013
#: serverguide/C/dm-multipath.xml:1707(screen)
30014
#, no-wrap
30015
msgid ""
30016
"# multipathd -k\n"
30017
" > > show config\n"
30018
" > > CTRL-D"
30019
msgstr ""
30020
30021
#: serverguide/C/dm-multipath.xml:1711(para)
30022
msgid ""
30023
"The following command sequence ensures that multipath has picked up any "
30024
"changes to the multipath.conf,"
30025
msgstr ""
30026
30027
#: serverguide/C/dm-multipath.xml:1714(screen)
30028
#, no-wrap
30029
msgid ""
30030
"\n"
30031
"# multipathd -k\n"
30032
"> > reconfigure\n"
30033
"> > CTRL-D\n"
30034
msgstr ""
30035
30036
#: serverguide/C/dm-multipath.xml:1720(para)
30037
msgid ""
30038
"Use the following command sequence to ensure that the path checker is "
30039
"working properly."
30040
msgstr ""
30041
30042
#: serverguide/C/dm-multipath.xml:1723(screen)
30043
#, no-wrap
30044
msgid ""
30045
"\n"
30046
"# multipathd -k\n"
30047
"> > show paths\n"
30048
"> > CTRL-D\n"
30049
msgstr ""
30050
30051
#: serverguide/C/dm-multipath.xml:1729(para)
30052
msgid ""
30053
"Commands can also be streamed into multipathd using stdin like so:<screen># "
30054
"echo 'show config' | multipathd -k</screen>"
30055
msgstr ""
30056
22709
30057
#: serverguide/C/databases.xml:13(title)
22710
30058
msgid "Databases"
22711
30059
msgstr ""
22714
30062
msgid "Ubuntu provides two popular database servers. They are:"
22715
30063
msgstr ""
22716
30064
22717
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
30065
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:302(title)
22718
30066
msgid "PostgreSQL"
22719
30067
msgstr ""
22720
30068
22726
30074
22727
30075
#: serverguide/C/databases.xml:32(para)
22728
30076
msgid ""
22729
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22730
"It is intended for mission-critical, heavy-load production systems as well "
22731
"as for embedding into mass-deployed software."
30077
"<application>MySQL</application> is a fast, multi-threaded, multi-user, and "
30078
"robust SQL database server. It is intended for mission-critical, heavy-load "
30079
"production systems as well as for embedding into mass-deployed software."
22732
30080
msgstr ""
22733
30081
22734
#: serverguide/C/databases.xml:41(para)
30082
#: serverguide/C/databases.xml:40(para)
22735
30083
msgid "To install MySQL, run the following command from a terminal prompt:"
22736
30084
msgstr ""
22737
30085
22738
#: serverguide/C/databases.xml:46(command)
22739
msgid "sudo apt-get install mysql-server"
30086
#: serverguide/C/databases.xml:47(para)
30087
msgid ""
30088
"As of Ubuntu 12.04, MySQL 5.5 is installed by default. Whilst this is 100% "
30089
"compatible with MySQL 5.1 should you need to install 5.1 (for example to be "
30090
"a slave to other MySQL 5.1 servers) you can install the mysql-server-5.1 "
30091
"package instead."
22740
30092
msgstr ""
22741
30093
22742
#: serverguide/C/databases.xml:48(para)
30094
#: serverguide/C/databases.xml:53(para)
22743
30095
msgid ""
22744
30096
"During the installation process you will be prompted to enter a password for "
22745
"the <application>MySQL</application> root user."
30097
"the MySQL root user."
22746
30098
msgstr ""
22747
30099
22748
#: serverguide/C/databases.xml:53(para)
30100
#: serverguide/C/databases.xml:57(para)
22749
30101
msgid ""
22750
30102
"Once the installation is complete, the MySQL server should be started "
22751
30103
"automatically. You can run the following command from a terminal prompt to "
22752
30104
"check whether the MySQL server is running:"
22753
30105
msgstr ""
22754
30106
22755
#: serverguide/C/databases.xml:61(command)
30107
#: serverguide/C/databases.xml:64(command)
22756
30108
msgid "sudo netstat -tap | grep mysql"
22757
30109
msgstr ""
22758
30110
22759
#: serverguide/C/databases.xml:70(programlisting)
30111
#: serverguide/C/databases.xml:71(programlisting)
22760
30112
#, no-wrap
22761
30113
msgid ""
22762
30114
"\n"
22763
"tcp 0 0 localhost:mysql *:* LISTEN "
22764
" 2556/mysqld\n"
30115
"tcp 0 0 localhost:mysql *:* LISTEN "
30116
"2556/mysqld\n"
22765
30117
msgstr ""
22766
30118
22767
30119
#: serverguide/C/databases.xml:74(para)
22770
30122
"to start it:"
22771
30123
msgstr ""
22772
30124
22773
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22774
msgid "sudo /etc/init.d/mysql restart"
30125
#: serverguide/C/databases.xml:78(command) serverguide/C/databases.xml:102(command)
30126
msgid "sudo service mysql restart"
22775
30127
msgstr ""
22776
30128
22777
#: serverguide/C/databases.xml:85(para)
30129
#: serverguide/C/databases.xml:83(para)
22778
30130
msgid ""
22779
30131
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22780
30132
"the basic settings -- log file, port number, etc. For example, to configure "
22781
"<application>MySQL</application> to listen for connections from network "
22782
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22783
"server's IP address:"
30133
"MySQL to listen for connections from network hosts, change the "
30134
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
22784
30135
msgstr ""
22785
30136
22786
#: serverguide/C/databases.xml:91(programlisting)
30137
#: serverguide/C/databases.xml:89(programlisting)
22787
30138
#, no-wrap
22788
30139
msgid ""
22789
30140
"\n"
22790
30141
"bind-address = 192.168.0.5\n"
22791
30142
msgstr ""
22792
30143
22793
#: serverguide/C/databases.xml:95(para)
30144
#: serverguide/C/databases.xml:93(para)
22794
30145
msgid "Replace 192.168.0.5 with the appropriate address."
22795
30146
msgstr ""
22796
30147
22797
#: serverguide/C/databases.xml:99(para)
22798
msgid ""
22799
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22800
"<application>mysql</application> daemon will need to be restarted:"
22801
msgstr ""
22802
22803
#: serverguide/C/databases.xml:107(para)
22804
msgid ""
22805
"If you would like to change the "
22806
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22807
"terminal enter:"
22808
msgstr ""
22809
22810
#: serverguide/C/databases.xml:113(command)
22811
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22812
msgstr ""
22813
22814
#: serverguide/C/databases.xml:116(para)
22815
msgid ""
22816
"The <application>mysql</application> daemon will be stopped, and you will be "
22817
"prompted to enter a new password."
22818
msgstr ""
22819
22820
#: serverguide/C/databases.xml:125(para)
30148
#: serverguide/C/databases.xml:97(para)
30149
msgid ""
30150
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
30151
"daemon will need to be restarted:"
30152
msgstr ""
30153
30154
#: serverguide/C/databases.xml:104(para)
30155
msgid ""
30156
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
30157
"a terminal enter:"
30158
msgstr ""
30159
30160
#: serverguide/C/databases.xml:109(command)
30161
msgid "sudo dpkg-reconfigure mysql-server-5.5"
30162
msgstr ""
30163
30164
#: serverguide/C/databases.xml:111(para)
30165
msgid ""
30166
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
30167
"password."
30168
msgstr ""
30169
30170
#: serverguide/C/databases.xml:116(title)
30171
msgid "Database Engines"
30172
msgstr ""
30173
30174
#: serverguide/C/databases.xml:117(para)
30175
msgid ""
30176
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
30177
"perfectly functional and performs well there are things you may wish to "
30178
"consider before you proceed."
30179
msgstr ""
30180
30181
#: serverguide/C/databases.xml:121(para)
30182
msgid ""
30183
"MySQL is designed to allow data to be stored in different ways. These "
30184
"methods are referred to as either database or storage engines. There are two "
30185
"main engines that you'll be interested in: InnoDB and MyISAM. Storage "
30186
"engines are transparent to the end user. MySQL will handle things "
30187
"differently under the surface, but regardless of which storage engine is in "
30188
"use, you will interact with the database in the same way."
30189
msgstr ""
30190
30191
#: serverguide/C/databases.xml:128(para)
30192
msgid "Each engine has its own advantages and disadvantages."
30193
msgstr ""
30194
30195
#: serverguide/C/databases.xml:131(para)
30196
msgid ""
30197
"While it is possible, and may be advantageous to mix and match database "
30198
"engines on a table level, doing so reduces the effectiveness of the "
30199
"performance tuning you can do as you'll be splitting the resources between "
30200
"two engines instead of dedicating them to one."
30201
msgstr ""
30202
30203
#: serverguide/C/databases.xml:138(para)
30204
msgid ""
30205
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
30206
"circumstances and favours a read only workload. Some web applications have "
30207
"been tuned around MyISAM (though that's not to imply that they will slow "
30208
"under InnoDB). MyISAM also supports the FULLTEXT data type, which allows "
30209
"very fast searches of large quantities of text data. However MyISAM is only "
30210
"capable of locking an entire table for writing. This means only one process "
30211
"can update a table at a time. As any application that uses the table scales "
30212
"this may prove to be a hindrance. It also lacks journaling, which makes it "
30213
"harder for data to be recovered after a crash. The following link provides "
30214
"some points for consideration about using <ulink "
30215
"url=\"http://www.mysqlperformanceblog.com/2006/06/17/using-myisam-in-"
30216
"production/\">MyISAM on a production database</ulink>."
30217
msgstr ""
30218
30219
#: serverguide/C/databases.xml:152(para)
30220
msgid ""
30221
"InnoDB is a more modern database engine, designed to be <ulink "
30222
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
30223
"guarantees database transactions are processed reliably. Write locking can "
30224
"occur on a row level basis within a table. That means multiple updates can "
30225
"occur on a single table simultaneously. Data caching is also handled in "
30226
"memory within the database engine, allowing caching on a more efficient row "
30227
"level basis rather than file block. To meet ACID compliance all transactions "
30228
"are journaled independently of the main tables. This allows for much more "
30229
"reliable data recovery as data consistency can be checked."
30230
msgstr ""
30231
30232
#: serverguide/C/databases.xml:165(para)
30233
msgid ""
30234
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
30235
"MyISAM unless you have specific need for features unique to the engine."
30236
msgstr ""
30237
30238
#: serverguide/C/databases.xml:170(title)
30239
msgid "Advanced configuration"
30240
msgstr ""
30241
30242
#: serverguide/C/databases.xml:172(title)
30243
msgid "Creating a tuned my.cnf file"
30244
msgstr ""
30245
30246
#: serverguide/C/databases.xml:173(para)
30247
msgid ""
30248
"There are a number of parameters that can be adjusted within MySQL's "
30249
"configuration file that will allow you to improve the performance of the "
30250
"server over time. For initial set-up you may find <ulink "
30251
"url=\"http://tools.percona.com/members/wizard\">Percona's my.cnf generating "
30252
"tool</ulink> useful. This tool will help generate a my.cnf file that will be "
30253
"much more optimised for your specific server capabilities and your "
30254
"requirements."
30255
msgstr ""
30256
30257
#: serverguide/C/databases.xml:178(para)
30258
msgid ""
30259
"<emphasis>Do not</emphasis> replace your existing my.cnf file with Percona's "
30260
"one if you have already loaded data into the database. Some of the changes "
30261
"that will be in the file will be incompatible as they alter how data is "
30262
"stored on the hard disk and you'll be unable to start MySQL. If you do wish "
30263
"to use it and you have existing data, you will need to carry out a mysqldump "
30264
"and reload: <screen>\n"
30265
"mysqldump --all-databases --all-routines -u root -p > ~/fulldump.sql\n"
30266
"</screen> This will then prompt you for the root password before creating a "
30267
"copy of the data. It is advisable to make sure there are no other users or "
30268
"processes using the database whilst this takes place. Depending on how much "
30269
"data you've got in your database, this may take a while. You won't see "
30270
"anything on the screen during this process."
30271
msgstr ""
30272
30273
#: serverguide/C/databases.xml:189(para)
30274
msgid ""
30275
"Once the dump has been completed, shut down MySQL: <screen>\n"
30276
"<command>sudo service mysql stop</command>\n"
30277
"</screen> Now backup the original my.cnf file and replace with the new one: "
30278
"<screen>\n"
30279
"<command>sudo cp /etc/my.cnf /etc/my.cnf.backup</command>\n"
30280
"<command>sudo cp /path/to/new/my.cnf /etc/my.cnf</command>\n"
30281
"</screen> Then delete and re-initialise the database space and make sure "
30282
"ownership is correct before restarting MySQL: <screen>\n"
30283
"<command>sudo rm -rf /var/lib/mysql/*</command>\n"
30284
"<command>sudo mysql_install_db</command>\n"
30285
"<command>sudo chown -R mysql: /var/lib/mysql</command>\n"
30286
"<command>sudo service start mysql</command>\n"
30287
"</screen> Finally all that's left is to re-import your data. To give us an "
30288
"idea of how far the import process has got you may find the 'Pipe Viewer' "
30289
"utility, pv, useful. The following shows how to install and use pv for this "
30290
"case, but if you'd rather not use it just replace pv with cat in the "
30291
"following command. Ignore any ETA times produced by pv, they're based on the "
30292
"average time taken to handle each row of the file, but the speed of "
30293
"inserting can vary wildly from row to row with mysqldumps: <screen>\n"
30294
"<command>sudo apt-get install pv</command>\n"
30295
"<command>pv ~/fulldump.sql | mysql</command>\n"
30296
"</screen> Once that is complete all is good to go!"
30297
msgstr ""
30298
30299
#: serverguide/C/databases.xml:215(para)
30300
msgid ""
30301
"This is not necessary for all my.cnf changes. Most of the variables you may "
30302
"wish to change to improve performance are adjustable even whilst the server "
30303
"is running. As with anything, make sure to have a good backup copy of config "
30304
"files and data before making changes."
30305
msgstr ""
30306
30307
#: serverguide/C/databases.xml:224(title)
30308
msgid "MySQL Tuner"
30309
msgstr ""
30310
30311
#: serverguide/C/databases.xml:225(para)
30312
msgid ""
30313
"<application>MySQL Tuner</application> is a useful tool that will connect to "
30314
"a running MySQL instance and offer suggestions for how it can be best "
30315
"configured for your workload. The longer the server has been running for, "
30316
"the better the advice mysqltuner can provide. In a production environment, "
30317
"consider waiting for at least 24 hours before running the tool. You can get "
30318
"install mysqltuner from the Ubuntu repositories: <screen>\n"
30319
"<command>sudo apt-get install mysqltuner</command>\n"
30320
"</screen> Then once its been installed, run it: <screen>\n"
30321
"<command>mysqltuner</command>\n"
30322
"</screen> and wait for its final report. The top section provides general "
30323
"information about the database server, and the bottom section provides "
30324
"tuning suggestions to alter in your my.cnf. Most of these can be altered "
30325
"live on the server without restarting, look through the official MySQL "
30326
"documentation (link in Resources section) for the relevant variables to "
30327
"change in production. The following is part of an example report from a "
30328
"production database which shows there may be some benefit from increasing "
30329
"the amount of query cache: <screen>\n"
30330
"-------- Recommendations ----------------------------------------------------"
30331
"-\n"
30332
"General recommendations:\n"
30333
" Run OPTIMIZE TABLE to defragment tables for better performance\n"
30334
" Increase table_cache gradually to avoid file descriptor limits\n"
30335
"Variables to adjust:\n"
30336
" key_buffer_size (> 1.4G)\n"
30337
" query_cache_size (> 32M)\n"
30338
" table_cache (> 64)\n"
30339
" innodb_buffer_pool_size (>= 22G)\n"
30340
"</screen>"
30341
msgstr ""
30342
30343
#: serverguide/C/databases.xml:259(para)
30344
msgid ""
30345
"One final comment on tuning databases: Whilst we can broadly say that "
30346
"certain settings are the best, performance can vary from application to "
30347
"application. For example, what works best for Wordpress might not be the "
30348
"best for Drupal, Joomla or proprietary applications. Performance is "
30349
"dependent on the types of queries, use of indexes, how efficient the "
30350
"database design is and so on. You may find it useful to spend some time "
30351
"searching for database tuning tips based on what applications you're using "
30352
"it for. Once you get past a certain point any adjustments you make will only "
30353
"result in minor improvements, and you'll be better off either improving the "
30354
"application, or looking at scaling up your database environment through "
30355
"either using more powerful hardware or by adding slave servers."
30356
msgstr ""
30357
30358
#: serverguide/C/databases.xml:276(para)
22821
30359
msgid ""
22822
30360
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22823
30361
"more information."
22824
30362
msgstr ""
22825
30363
22826
#: serverguide/C/databases.xml:130(para)
22827
msgid ""
22828
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22829
"<application>mysql-doc-5.0</application> package. To install the package "
22830
"enter the following in a terminal:"
22831
msgstr ""
22832
22833
#: serverguide/C/databases.xml:135(command)
22834
msgid "sudo apt-get install mysql-doc-5.0"
22835
msgstr ""
22836
22837
#: serverguide/C/databases.xml:137(para)
22838
msgid ""
22839
"The documentation is in HTML format, to view them enter "
22840
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22841
"chapter/index.html</command> in your browser's address bar."
22842
msgstr ""
22843
22844
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
30364
#: serverguide/C/databases.xml:281(para)
30365
msgid ""
30366
"Full documentation is available in both online and offline formats from the "
30367
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
30368
msgstr ""
30369
30370
#: serverguide/C/databases.xml:287(para)
22845
30371
msgid ""
22846
30372
"For general SQL information see <ulink "
22847
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22848
"Special Edition</ulink> by Rafe Colburn."
30373
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
30374
"SQL Special Edition</ulink> by Rafe Colburn."
22849
30375
msgstr ""
22850
30376
22851
#: serverguide/C/databases.xml:149(para)
30377
#: serverguide/C/databases.xml:293(para)
22852
30378
msgid ""
22853
30379
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22854
30380
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22855
30381
msgstr ""
22856
30382
22857
#: serverguide/C/databases.xml:158(para)
30383
#: serverguide/C/databases.xml:303(para)
22858
30384
msgid ""
22859
30385
"PostgreSQL is an object-relational database system that has the features of "
22860
30386
"traditional commercial database systems with enhancements to be found in "
22861
30387
"next-generation DBMS systems."
22862
30388
msgstr ""
22863
30389
22864
#: serverguide/C/databases.xml:165(para)
30390
#: serverguide/C/databases.xml:310(para)
22865
30391
msgid ""
22866
30392
"To install PostgreSQL, run the following command in the command prompt:"
22867
30393
msgstr ""
22868
30394
22869
#: serverguide/C/databases.xml:172(command)
30395
#: serverguide/C/databases.xml:316(command)
22870
30396
msgid "sudo apt-get install postgresql"
22871
30397
msgstr ""
22872
30398
22873
#: serverguide/C/databases.xml:176(para)
30399
#: serverguide/C/databases.xml:319(para)
22874
30400
msgid ""
22875
30401
"Once the installation is complete, you should configure the PostgreSQL "
22876
30402
"server based on your needs, although the default configuration is viable."
22877
30403
msgstr ""
22878
30404
22879
#: serverguide/C/databases.xml:184(para)
30405
#: serverguide/C/databases.xml:326(para)
22880
30406
msgid ""
22881
30407
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22882
"client authentication methods. By default, IDENT authentication method is "
22883
"used for <application>postgres</application> and local users. Please refer "
22884
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22885
"PostgreSQL Administrator's Guide</ulink>."
30408
"client authentication methods. IDENT authentication method is used for "
30409
"<application>postgres</application> and local users, unless otherwise "
30410
"configured. Please refer <ulink "
30411
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
30412
"Administrator's Guide if you would like to configure alternatives like "
30413
"Kerberos</ulink>."
22886
30414
msgstr ""
22887
30415
22888
#: serverguide/C/databases.xml:191(para)
30416
#: serverguide/C/databases.xml:332(para)
22889
30417
msgid ""
22890
30418
"The following discussion assumes that you wish to enable TCP/IP connections "
22891
30419
"and use the MD5 method for client authentication. PostgreSQL configuration "
22895
30423
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22896
30424
msgstr ""
22897
30425
22898
#: serverguide/C/databases.xml:201(para)
30426
#: serverguide/C/databases.xml:341(para)
22899
30427
msgid ""
22900
30428
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22901
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
30429
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file. There are "
30430
"detailed comments in the file to guide you."
22902
30431
msgstr ""
22903
30432
22904
#: serverguide/C/databases.xml:208(para)
30433
#: serverguide/C/databases.xml:347(para)
22905
30434
msgid ""
22906
30435
"To enable TCP/IP connections, edit the file "
22907
30436
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22908
30437
msgstr ""
22909
30438
22910
#: serverguide/C/databases.xml:210(para)
30439
#: serverguide/C/databases.xml:348(para)
22911
30440
msgid ""
22912
30441
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22913
30442
"change it to:"
22914
30443
msgstr ""
22915
30444
22916
#: serverguide/C/databases.xml:213(programlisting)
30445
#: serverguide/C/databases.xml:351(programlisting)
22917
30446
#, no-wrap
22918
30447
msgid ""
22919
30448
"\n"
22920
30449
"listen_addresses = 'localhost'\n"
22921
30450
msgstr ""
22922
30451
22923
#: serverguide/C/databases.xml:217(para)
30452
#: serverguide/C/databases.xml:355(para)
22924
30453
msgid ""
22925
30454
"To allow other computers to connect to your "
22926
30455
"<application>PostgreSQL</application> server replace 'localhost' with the "
22927
"<emphasis>IP Address</emphasis> of your server."
30456
"<emphasis>IP Address</emphasis> of your server, or alternatively to "
30457
"'0.0.0.0' to bind to all interfaces."
22928
30458
msgstr ""
22929
30459
22930
#: serverguide/C/databases.xml:222(para)
30460
#: serverguide/C/databases.xml:360(para)
22931
30461
msgid ""
22932
30462
"You may also edit all other parameters, if you know what you are doing! For "
22933
30463
"details, refer to the configuration file or to the PostgreSQL documentation."
22934
30464
msgstr ""
22935
30465
22936
#: serverguide/C/databases.xml:227(para)
30466
#: serverguide/C/databases.xml:365(para)
22937
30467
msgid ""
22938
30468
"Now that we can connect to our <application>PostgreSQL</application> server, "
22939
30469
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22941
30471
"default PostgreSQL template database:"
22942
30472
msgstr ""
22943
30473
22944
#: serverguide/C/databases.xml:234(command)
30474
#: serverguide/C/databases.xml:372(command)
22945
30475
msgid "sudo -u postgres psql template1"
22946
30476
msgstr ""
22947
30477
22948
#: serverguide/C/databases.xml:236(para)
30478
#: serverguide/C/databases.xml:374(para)
22949
30479
msgid ""
22950
30480
"The above command connects to PostgreSQL database "
22951
30481
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22955
30485
"role=\"italics\">postgres</emphasis>."
22956
30486
msgstr ""
22957
30487
22958
#: serverguide/C/databases.xml:244(command)
30488
#: serverguide/C/databases.xml:382(command)
22959
30489
msgid "ALTER USER postgres with encrypted password 'your_password';"
22960
30490
msgstr ""
22961
30491
22962
#: serverguide/C/databases.xml:246(para)
30492
#: serverguide/C/databases.xml:384(para)
22963
30493
msgid ""
22964
30494
"After configuring the password, edit the file "
22965
30495
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22967
30497
"<emphasis>postgres</emphasis> user:"
22968
30498
msgstr ""
22969
30499
22970
#: serverguide/C/databases.xml:252(programlisting)
30500
#: serverguide/C/databases.xml:390(programlisting)
22971
30501
#, no-wrap
22972
30502
msgid ""
22973
30503
"\n"
22974
30504
"local all postgres md5\n"
22975
30505
msgstr ""
22976
30506
22977
#: serverguide/C/databases.xml:256(para)
30507
#: serverguide/C/databases.xml:394(para)
22978
30508
msgid ""
22979
30509
"Finally, you should restart the <application>PostgreSQL</application> "
22980
30510
"service to initialize the new configuration. From a terminal prompt enter "
22981
30511
"the following to restart <application>PostgreSQL</application>:"
22982
30512
msgstr ""
22983
30513
22984
#: serverguide/C/databases.xml:262(command)
30514
#: serverguide/C/databases.xml:400(command)
22985
30515
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22986
30516
msgstr ""
22987
30517
22988
#: serverguide/C/databases.xml:265(para)
30518
#: serverguide/C/databases.xml:403(para)
22989
30519
msgid ""
22990
30520
"The above configuration is not complete by any means. Please refer <ulink "
22991
30521
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22992
30522
"Administrator's Guide</ulink> to configure more parameters."
22993
30523
msgstr ""
22994
30524
22995
#: serverguide/C/databases.xml:276(para)
30525
#: serverguide/C/databases.xml:414(para)
22996
30526
msgid ""
22997
30527
"As mentioned above the <ulink "
22998
30528
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
23001
30531
"in a terminal to install the package:"
23002
30532
msgstr ""
23003
30533
23004
#: serverguide/C/databases.xml:282(command)
30534
#: serverguide/C/databases.xml:420(command)
23005
30535
msgid "sudo apt-get install postgresql-doc-8.4"
23006
30536
msgstr ""
23007
30537
23008
#: serverguide/C/databases.xml:284(para)
30538
#: serverguide/C/databases.xml:422(para)
23009
30539
msgid ""
23010
30540
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
23011
30541
"8.4/html/index.html</command> into the address bar of your browser."
23012
30542
msgstr ""
23013
30543
23014
#: serverguide/C/databases.xml:296(para)
30544
#: serverguide/C/databases.xml:428(para)
30545
msgid ""
30546
"For general SQL information see <ulink "
30547
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
30548
"Special Edition</ulink> by Rafe Colburn."
30549
msgstr ""
30550
30551
#: serverguide/C/databases.xml:434(para)
23015
30552
msgid ""
23016
30553
"Also, see the <ulink "
23017
30554
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
23132
30669
23133
30670
#: serverguide/C/clustering.xml:120(para)
23134
30671
msgid ""
23135
"Next, on both hosts, start the <application>drbd</application> daemon:"
23136
msgstr ""
23137
23138
#: serverguide/C/clustering.xml:125(command)
23139
msgid "sudo /etc/init.d/drbd start"
23140
msgstr ""
23141
23142
#: serverguide/C/clustering.xml:131(para)
23143
msgid ""
23144
30672
"Now using the <application>drbdadm</application> utility initialize the meta "
23145
30673
"data storage. On each server execute:"
23146
30674
msgstr ""
23147
30675
30676
#: serverguide/C/clustering.xml:126(command)
30677
msgid "sudo drbdadm create-md r0"
30678
msgstr ""
30679
30680
#: serverguide/C/clustering.xml:132(para)
30681
msgid ""
30682
"Next, on both hosts, start the <application>drbd</application> daemon:"
30683
msgstr ""
30684
23148
30685
#: serverguide/C/clustering.xml:137(command)
23149
msgid "sudo drbdadm create-md r0"
30686
msgid "sudo /etc/init.d/drbd start"
23150
30687
msgstr ""
23151
30688
23152
30689
#: serverguide/C/clustering.xml:143(para)
23238
30775
#: serverguide/C/clustering.xml:243(para)
23239
30776
msgid ""
23240
30777
"The <ulink "
23241
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
23242
">drbd.conf man page</ulink> contains details on the options not covered in "
30778
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man5/drbd.conf.5.html\">"
30779
"drbd.conf man page</ulink> contains details on the options not covered in "
23243
30780
"this guide."
23244
30781
msgstr ""
23245
30782
23246
30783
#: serverguide/C/clustering.xml:249(para)
23247
30784
msgid ""
23248
30785
"Also, see the <ulink "
23249
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
23250
"rbdadm man page</ulink>."
30786
"url=\"http://manpages.ubuntu.com/manpages/precise/en/man8/drbdadm.8.html\">dr"
30787
"bdadm man page</ulink>."
23251
30788
msgstr ""
23252
30789
23253
30790
#: serverguide/C/clustering.xml:254(para)
23370
30907
"FAQ</ulink> for more details about the IRC Server."
23371
30908
msgstr ""
23372
30909
23373
#: serverguide/C/chat.xml:124(para)
23374
msgid ""
23375
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23376
"IRCD</ulink> page has more information."
23377
msgstr ""
23378
23379
#: serverguide/C/chat.xml:132(title)
30910
#: serverguide/C/chat.xml:127(title)
23380
30911
msgid "Jabber Instant Messaging Server"
23381
30912
msgstr ""
23382
30913
23383
#: serverguide/C/chat.xml:134(para)
30914
#: serverguide/C/chat.xml:129(para)
23384
30915
msgid ""
23385
30916
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
23386
30917
"XMPP, an open standard for instant messaging, and used by many popular "
23389
30920
"to providing messaging services to users over the Internet."
23390
30921
msgstr ""
23391
30922
23392
#: serverguide/C/chat.xml:143(para)
30923
#: serverguide/C/chat.xml:138(para)
23393
30924
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23394
30925
msgstr ""
23395
30926
23396
#: serverguide/C/chat.xml:148(command)
30927
#: serverguide/C/chat.xml:143(command)
23397
30928
msgid "sudo apt-get install jabberd2"
23398
30929
msgstr ""
23399
30930
23400
#: serverguide/C/chat.xml:155(para)
30931
#: serverguide/C/chat.xml:150(para)
23401
30932
msgid ""
23402
30933
"A couple of XML configuration files will be used to configure "
23403
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23404
"authentication. This is a very simple form of authentication. However, "
30934
"<application>jabberd2</application> for <emphasis>Berkeley DB</emphasis> "
30935
"user authentication. This is a very simple form of authentication. However, "
23405
30936
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23406
"Postgresql, etc for for user authentication."
30937
"PostgreSQL, etc for for user authentication."
23407
30938
msgstr ""
23408
30939
23409
#: serverguide/C/chat.xml:162(para)
30940
#: serverguide/C/chat.xml:157(para)
23410
30941
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23411
30942
msgstr ""
23412
30943
23413
#: serverguide/C/chat.xml:166(programlisting)
30944
#: serverguide/C/chat.xml:161(programlisting)
23414
30945
#, no-wrap
23415
30946
msgid ""
23416
30947
"\n"
23417
30948
" <id>jabber.example.com</id>\n"
23418
30949
msgstr ""
23419
30950
23420
#: serverguide/C/chat.xml:171(para)
30951
#: serverguide/C/chat.xml:166(para)
23421
30952
msgid ""
23422
30953
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23423
30954
"id, of your server."
23424
30955
msgstr ""
23425
30956
23426
#: serverguide/C/chat.xml:176(para)
30957
#: serverguide/C/chat.xml:171(para)
23427
30958
msgid "Now in the <storage> section change the <driver> to:"
23428
30959
msgstr ""
23429
30960
23430
#: serverguide/C/chat.xml:180(programlisting)
30961
#: serverguide/C/chat.xml:175(programlisting)
23431
30962
#, no-wrap
23432
30963
msgid ""
23433
30964
"\n"
23434
30965
" <driver>db</driver>\n"
23435
30966
msgstr ""
23436
30967
23437
#: serverguide/C/chat.xml:184(para)
30968
#: serverguide/C/chat.xml:179(para)
23438
30969
msgid ""
23439
30970
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23440
30971
"<emphasis><local></emphasis> section change:"
23441
30972
msgstr ""
23442
30973
23443
#: serverguide/C/chat.xml:188(programlisting)
30974
#: serverguide/C/chat.xml:183(programlisting)
23444
30975
#, no-wrap
23445
30976
msgid ""
23446
30977
"\n"
23447
30978
" <id>jabber.example.com</id>\n"
23448
30979
msgstr ""
23449
30980
23450
#: serverguide/C/chat.xml:192(para)
30981
#: serverguide/C/chat.xml:187(para)
23451
30982
msgid ""
23452
30983
"And in the <authreg> section adjust the <module> section to:"
23453
30984
msgstr ""
23454
30985
23455
#: serverguide/C/chat.xml:196(programlisting)
30986
#: serverguide/C/chat.xml:191(programlisting)
23456
30987
#, no-wrap
23457
30988
msgid ""
23458
30989
"\n"
23459
30990
" <module>db</module>\n"
23460
30991
msgstr ""
23461
30992
23462
#: serverguide/C/chat.xml:200(para)
30993
#: serverguide/C/chat.xml:195(para)
23463
30994
msgid ""
23464
30995
"Finally, restart <application>jabberd2</application> to enable the new "
23465
30996
"settings:"
23466
30997
msgstr ""
23467
30998
23468
#: serverguide/C/chat.xml:205(command)
30999
#: serverguide/C/chat.xml:200(command)
23469
31000
msgid "sudo /etc/init.d/jabberd2 restart"
23470
31001
msgstr ""
23471
31002
23472
#: serverguide/C/chat.xml:208(para)
31003
#: serverguide/C/chat.xml:203(para)
23473
31004
msgid ""
23474
31005
"You should now be able to connect to the server using a Jabber client like "
23475
31006
"<application>Pidgin</application> for example."
23476
31007
msgstr ""
23477
31008
23478
#: serverguide/C/chat.xml:213(para)
31009
#: serverguide/C/chat.xml:208(para)
23479
31010
msgid ""
23480
31011
"The advantage of using Berkeley DB for user data is that after being "
23481
31012
"configured no additional maintenance is required. If you need more control "
23483
31014
"recommended."
23484
31015
msgstr ""
23485
31016
23486
#: serverguide/C/chat.xml:225(para)
31017
#: serverguide/C/chat.xml:220(para)
23487
31018
msgid ""
23488
31019
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23489
31020
"Site</ulink> contains more details on configuring "
23490
31021
"<application>Jabberd2</application>."
23491
31022
msgstr ""
23492
31023
31024
#: serverguide/C/chat.xml:226(para)
31025
msgid ""
31026
"For more authentication options see the <ulink "
31027
"url=\"http://www.jabberdoc.org/\">Jabberd2 Install Guide</ulink>."
31028
msgstr ""
31029
23493
31030
#: serverguide/C/chat.xml:231(para)
23494
31031
msgid ""
23495
"For more authentication options see the <ulink "
23496
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23497
"Guide</ulink>."
23498
msgstr ""
23499
23500
#: serverguide/C/chat.xml:236(para)
23501
msgid ""
23502
31032
"Also, the <ulink "
23503
31033
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23504
31034
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23528
31058
msgid ""
23529
31059
"One of the simplest ways to backup a system is using a <emphasis>shell "
23530
31060
"script</emphasis>. For example, a script can be used to configure which "
23531
"directories to backup, and use those directories as arguments to the "
23532
"<application>tar</application> utility creating an archive file. The archive "
23533
"file can then be moved or copied to another location. The archive can also "
23534
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
31061
"directories to backup, and pass those directories as arguments to the "
31062
"<application>tar</application> utility, which creates an archive file. The "
31063
"archive file can then be moved or copied to another location. The archive "
31064
"can also be created on a remote file system such as an "
31065
"<emphasis>NFS</emphasis> mount."
23535
31066
msgstr ""
23536
31067
23537
31068
#: serverguide/C/backups.xml:29(para)
23538
31069
msgid ""
23539
31070
"The <application>tar</application> utility creates one archive file out of "
23540
31071
"many files or directories. <application>tar</application> can also filter "
23541
"the files through compression utilities reducing the size of the archive "
23542
"file."
31072
"the files through compression utilities, thus reducing the size of the "
31073
"archive file."
23543
31074
msgstr ""
23544
31075
23545
31076
#: serverguide/C/backups.xml:35(title)
23603
31134
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23604
31135
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23605
31136
"day of the week, giving a backup history of seven days. There are other ways "
23606
"to accomplish this including other ways using the "
23607
"<application>date</application> utility."
31137
"to accomplish this including using the <application>date</application> "
31138
"utility."
23608
31139
msgstr ""
23609
31140
23610
31141
#: serverguide/C/backups.xml:90(para)
23624
31155
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23625
31156
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23626
31157
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23627
"details using <emphasis>NFS</emphasis>."
31158
"details of using <emphasis>NFS</emphasis>."
23628
31159
msgstr ""
23629
31160
23630
31161
#: serverguide/C/backups.xml:109(para)
23651
31182
23652
31183
#: serverguide/C/backups.xml:131(para)
23653
31184
msgid ""
23654
"<emphasis>f:</emphasis> use archive file. Otherwise the "
31185
"<emphasis>f:</emphasis> output to an archive file. Otherwise the "
23655
31186
"<application>tar</application> output will be sent to STDOUT."
23656
31187
msgstr ""
23657
31188
23665
31196
23666
31197
#: serverguide/C/backups.xml:145(para)
23667
31198
msgid ""
23668
"This is a simple example of a backup shell script. There are large amount of "
23669
"options that can be included in a backup script. See <xref linkend=\"backup-"
23670
"shellscript-references\"/> for links to resources providing more in depth "
31199
"This is a simple example of a backup shell script; however there are many "
31200
"options that can be included in such a script. See <xref linkend=\"backup-"
31201
"shellscript-references\"/> for links to resources providing more in-depth "
23671
31202
"shell scripting information."
23672
31203
msgstr ""
23673
31204
23723
31254
23724
31255
#: serverguide/C/backups.xml:181(para)
23725
31256
msgid ""
23726
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
31257
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
23727
31258
msgstr ""
23728
31259
23729
31260
#: serverguide/C/backups.xml:186(para)
23730
31261
msgid ""
23731
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
31262
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
23732
31263
msgstr ""
23733
31264
23734
31265
#: serverguide/C/backups.xml:191(para)
23737
31268
23738
31269
#: serverguide/C/backups.xml:196(para)
23739
31270
msgid ""
23740
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
31271
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
31272
"12."
23741
31273
msgstr ""
23742
31274
23743
31275
#: serverguide/C/backups.xml:201(para)
23744
31276
msgid ""
23745
"<emphasis>dow:</emphasis> the day of the week the command executes on "
31277
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
23746
31278
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23747
31279
"valid."
23748
31280
msgstr ""
23800
31332
msgid ""
23801
31333
"The <application>backup.sh</application> script will need to be copied to "
23802
31334
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23803
"to execute properly. The script can reside anywhere on the file system "
31335
"to execute properly. The script can reside anywhere on the file system, "
23804
31336
"simply change the script path appropriately."
23805
31337
msgstr ""
23806
31338
23807
31339
#: serverguide/C/backups.xml:244(para)
23808
31340
msgid ""
23809
"For more in depth <application>crontab</application> options see <xref "
31341
"For more in-depth <application>crontab</application> options see <xref "
23810
31342
"linkend=\"backup-shellscript-references\"/>."
23811
31343
msgstr ""
23812
31344
23822
31354
msgstr ""
23823
31355
23824
31356
#: serverguide/C/backups.xml:257(para)
23825
msgid "To see a listing of the archive contents. From a terminal prompt:"
31357
msgid ""
31358
"To see a listing of the archive contents. From a terminal prompt type:"
23826
31359
msgstr ""
23827
31360
23828
31361
#: serverguide/C/backups.xml:261(command)
23917
31450
msgid ""
23918
31451
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23919
31452
"the <application>coreutils</application> package. A low level utility that "
23920
"can copy data from one format to another"
31453
"can copy data from one format to another."
23921
31454
msgstr ""
23922
31455
23923
31456
#: serverguide/C/backups.xml:347(para)
23924
31457
msgid ""
23925
31458
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23926
"snap shot utility used to create copies of an entire file system."
23927
msgstr ""
23928
23929
#: serverguide/C/backups.xml:358(title)
31459
"snapshot utility used to create copies of an entire file system."
31460
msgstr ""
31461
31462
#: serverguide/C/backups.xml:353(para)
31463
msgid ""
31464
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
31465
"flexible utility used to create incremental copies of files."
31466
msgstr ""
31467
31468
#: serverguide/C/backups.xml:364(title)
23930
31469
msgid "Archive Rotation"
23931
31470
msgstr ""
23932
31471
23933
#: serverguide/C/backups.xml:359(para)
31472
#: serverguide/C/backups.xml:365(para)
23934
31473
msgid ""
23935
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23936
"allows for seven different archives. For a server whose data doesn't change "
23937
"often this may be enough. If the server has a large amount of data a more "
23938
"robust rotation scheme should be used."
31474
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
31475
"seven different archives. For a server whose data doesn't change often, this "
31476
"may be enough. If the server has a large amount of data, a more complex "
31477
"rotation scheme should be used."
23939
31478
msgstr ""
23940
31479
23941
#: serverguide/C/backups.xml:365(title)
31480
#: serverguide/C/backups.xml:371(title)
23942
31481
msgid "Rotating NFS Archives"
23943
31482
msgstr ""
23944
31483
23945
#: serverguide/C/backups.xml:366(para)
31484
#: serverguide/C/backups.xml:372(para)
23946
31485
msgid ""
23947
"In this section the shell script will be slightly modified to implement a "
31486
"In this section, the shell script will be slightly modified to implement a "
23948
31487
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23949
31488
msgstr ""
23950
31489
23951
#: serverguide/C/backups.xml:372(para)
31490
#: serverguide/C/backups.xml:378(para)
23952
31491
msgid ""
23953
31492
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23954
31493
"Friday."
23955
31494
msgstr ""
23956
31495
23957
#: serverguide/C/backups.xml:377(para)
31496
#: serverguide/C/backups.xml:383(para)
23958
31497
msgid ""
23959
31498
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23960
31499
"weekly backups a month."
23961
31500
msgstr ""
23962
31501
23963
#: serverguide/C/backups.xml:382(para)
31502
#: serverguide/C/backups.xml:388(para)
23964
31503
msgid ""
23965
31504
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23966
31505
"rotating two monthly backups based on if the month is odd or even."
23967
31506
msgstr ""
23968
31507
23969
#: serverguide/C/backups.xml:388(para)
31508
#: serverguide/C/backups.xml:394(para)
23970
31509
msgid "Here is the new script:"
23971
31510
msgstr ""
23972
31511
23973
#: serverguide/C/backups.xml:391(programlisting)
31512
#: serverguide/C/backups.xml:397(programlisting)
23974
31513
#, no-wrap
23975
31514
msgid ""
23976
31515
"\n"
24039
31578
"ls -lh $dest/\n"
24040
31579
msgstr ""
24041
31580
24042
#: serverguide/C/backups.xml:456(para)
31581
#: serverguide/C/backups.xml:462(para)
24043
31582
msgid ""
24044
31583
"The script can be executed using the same methods as in <xref "
24045
31584
"linkend=\"backup-executing-shellscript\"/>."
24046
31585
msgstr ""
24047
31586
24048
#: serverguide/C/backups.xml:459(para)
31587
#: serverguide/C/backups.xml:465(para)
24049
31588
msgid ""
24050
"It is good practice to take backup media off site in case of a disaster. In "
31589
"It is good practice to take backup media off-site in case of a disaster. In "
24051
31590
"the shell script example the backup media is another server providing an NFS "
24052
31591
"share. In all likelihood taking the NFS server to another location would not "
24053
31592
"be practical. Depending upon connection speeds it may be an option to copy "
24054
31593
"the archive file over a WAN link to a server in another location."
24055
31594
msgstr ""
24056
31595
24057
#: serverguide/C/backups.xml:465(para)
31596
#: serverguide/C/backups.xml:471(para)
24058
31597
msgid ""
24059
31598
"Another option is to copy the archive file to an external hard drive which "
24060
"can then be taken off site. Since the price of external hard drives continue "
24061
"to decrease it may be cost-effective to use two drives for each archive "
31599
"can then be taken off-site. Since the price of external hard drives continue "
31600
"to decrease, it may be cost-effective to use two drives for each archive "
24062
31601
"level. This would allow you to have one external drive attached to the "
24063
31602
"backup server and one in another location."
24064
31603
msgstr ""
24065
31604
24066
#: serverguide/C/backups.xml:472(title)
31605
#: serverguide/C/backups.xml:478(title)
24067
31606
msgid "Tape Drives"
24068
31607
msgstr ""
24069
31608
24070
#: serverguide/C/backups.xml:473(para)
31609
#: serverguide/C/backups.xml:479(para)
24071
31610
msgid ""
24072
"A tape drive attached to the server can be used instead of a NFS share. "
24073
"Using a tape drive simplifies archive rotation, and taking the media off "
24074
"site as well."
31611
"A tape drive attached to the server can be used instead of an NFS share. "
31612
"Using a tape drive simplifies archive rotation, and makes taking the media "
31613
"off-site easier as well."
24075
31614
msgstr ""
24076
31615
24077
#: serverguide/C/backups.xml:477(para)
31616
#: serverguide/C/backups.xml:483(para)
24078
31617
msgid ""
24079
"When using a tape drive the filename portions of the script aren't needed "
24080
"because the date is sent directly to the tape device. Some commands to "
31618
"When using a tape drive, the filename portions of the script aren't needed "
31619
"because the data is sent directly to the tape device. Some commands to "
24081
31620
"manipulate the tape are needed. This is accomplished using "
24082
31621
"<application>mt</application>, a magnetic tape control utility part of the "
24083
31622
"<application>cpio</application> package."
24084
31623
msgstr ""
24085
31624
24086
#: serverguide/C/backups.xml:482(para)
31625
#: serverguide/C/backups.xml:488(para)
24087
31626
msgid "Here is the shell script modified to use a tape drive:"
24088
31627
msgstr ""
24089
31628
24090
#: serverguide/C/backups.xml:485(programlisting)
31629
#: serverguide/C/backups.xml:491(programlisting)
24091
31630
#, no-wrap
24092
31631
msgid ""
24093
31632
"\n"
24156
31695
"echo \"Backup finished\"\n"
24157
31696
"date\n"
24158
31697
24159
#: serverguide/C/backups.xml:519(para)
31698
#: serverguide/C/backups.xml:525(para)
24160
31699
msgid ""
24161
31700
"The default device name for a SCSI tape drive is "
24162
31701
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
24163
31702
"system."
24164
31703
msgstr ""
24165
31704
24166
#: serverguide/C/backups.xml:524(para)
31705
#: serverguide/C/backups.xml:530(para)
24167
31706
msgid ""
24168
31707
"Restoring from a tape drive is basically the same as restoring from a file. "
24169
31708
"Simply rewind the tape and use the device path instead of a file path. For "
24171
31710
"<filename>/tmp/etc/hosts</filename>:"
24172
31711
msgstr ""
24173
31712
24174
#: serverguide/C/backups.xml:529(command)
31713
#: serverguide/C/backups.xml:535(command)
24175
31714
msgid "mt -f /dev/st0 rewind"
24176
31715
msgstr "mt -f /dev/st0 rewind"
24177
31716
24178
#: serverguide/C/backups.xml:530(command)
31717
#: serverguide/C/backups.xml:536(command)
24179
31718
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
24180
31719
msgstr "tar -xzf /dev/st0 -C /tmp/etc/hosts"
24181
31720
24182
#: serverguide/C/backups.xml:535(title)
31721
#: serverguide/C/backups.xml:541(title)
24183
31722
msgid "Bacula"
24184
31723
msgstr "Bacula"
24185
31724
24186
#: serverguide/C/backups.xml:536(para)
31725
#: serverguide/C/backups.xml:542(para)
24187
31726
msgid ""
24188
31727
"<application>Bacula</application> is a backup program enabling you to "
24189
31728
"backup, restore, and verify data across your network. There are Bacula "
24190
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
24191
"wide solution."
31729
"clients for Linux, Windows, and Mac OS X - making it a cross-platform "
31730
"network wide solution."
24192
31731
msgstr ""
24193
31732
24194
#: serverguide/C/backups.xml:542(para)
31733
#: serverguide/C/backups.xml:548(para)
24195
31734
msgid ""
24196
31735
"<application>Bacula</application> is made up of several components and "
24197
"services used to manage which files to backup and where to back them up to:"
31736
"services used to manage which files to backup and backup locations:"
24198
31737
msgstr ""
24199
31738
24200
#: serverguide/C/backups.xml:548(para)
31739
#: serverguide/C/backups.xml:553(para)
24201
31740
msgid ""
24202
31741
"<application>Bacula Director:</application> a service that controls all "
24203
31742
"backup, restore, verify, and archive operations."
24204
31743
msgstr ""
24205
31744
24206
#: serverguide/C/backups.xml:553(para)
31745
#: serverguide/C/backups.xml:558(para)
24207
31746
msgid ""
24208
31747
"<application>Bacula Console:</application> an application allowing "
24209
31748
"communication with the Director. There are three versions of the Console:"
24210
31749
msgstr ""
24211
31750
24212
#: serverguide/C/backups.xml:558(para)
31751
#: serverguide/C/backups.xml:563(para)
24213
31752
msgid "Text based command line version."
24214
31753
msgstr ""
24215
31754
24216
#: serverguide/C/backups.xml:559(para)
31755
#: serverguide/C/backups.xml:564(para)
24217
31756
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
24218
31757
msgstr ""
24219
31758
24220
#: serverguide/C/backups.xml:560(para)
31759
#: serverguide/C/backups.xml:565(para)
24221
31760
msgid "wxWidgets GUI interface."
24222
31761
msgstr ""
24223
31762
24224
#: serverguide/C/backups.xml:564(para)
31763
#: serverguide/C/backups.xml:569(para)
24225
31764
msgid ""
24226
31765
"<application>Bacula File:</application> also known as the "
24227
31766
"<application>Bacula Client</application> program. This application is "
24229
31768
"requested by the Director."
24230
31769
msgstr ""
24231
31770
24232
#: serverguide/C/backups.xml:570(para)
31771
#: serverguide/C/backups.xml:575(para)
24233
31772
msgid ""
24234
31773
"<application>Bacula Storage:</application> the programs that perform the "
24235
31774
"storage and recovery of data to the physical media."
24236
31775
msgstr ""
24237
31776
24238
#: serverguide/C/backups.xml:575(para)
31777
#: serverguide/C/backups.xml:580(para)
24239
31778
msgid ""
24240
31779
"<application>Bacula Catalog:</application> is responsible for maintaining "
24241
31780
"the file indexes and volume databases for all files backed up, enabling "
24243
31782
"different databases MySQL, PostgreSQL, and SQLite."
24244
31783
msgstr ""
24245
31784
24246
#: serverguide/C/backups.xml:581(para)
31785
#: serverguide/C/backups.xml:586(para)
24247
31786
msgid ""
24248
31787
"<application>Bacula Monitor:</application> allows the monitoring of the "
24249
31788
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
24250
31789
"available as a GTK+ GUI application."
24251
31790
msgstr ""
24252
31791
24253
#: serverguide/C/backups.xml:587(para)
31792
#: serverguide/C/backups.xml:592(para)
24254
31793
msgid ""
24255
31794
"These services and applications can be run on multiple servers and clients, "
24256
31795
"or they can be installed on one machine if backing up a single disk or "
24257
31796
"volume."
24258
31797
msgstr ""
24259
31798
24260
#: serverguide/C/backups.xml:594(para)
31799
#: serverguide/C/backups.xml:600(para)
31800
msgid ""
31801
"If using MySQL or PostgreSQL as your database, you should already have the "
31802
"services available. <application>Bacula</application> will not install them "
31803
"for you."
31804
msgstr ""
31805
31806
#: serverguide/C/backups.xml:605(para)
24261
31807
msgid ""
24262
31808
"There are multiple packages containing the different "
24263
31809
"<application>Bacula</application> components. To install Bacula, from a "
24264
31810
"terminal prompt enter:"
24265
31811
msgstr ""
24266
31812
24267
#: serverguide/C/backups.xml:599(command)
31813
#: serverguide/C/backups.xml:610(command)
24268
31814
msgid "sudo apt-get install bacula"
24269
31815
msgstr ""
24270
31816
24271
#: serverguide/C/backups.xml:601(para)
31817
#: serverguide/C/backups.xml:612(para)
24272
31818
msgid ""
24273
31819
"By default installing the <application>bacula</application> package will use "
24274
31820
"a <application>MySQL</application> database for the Catalog. If you want to "
24277
31823
"pgsql</application> respectively."
24278
31824
msgstr ""
24279
31825
24280
#: serverguide/C/backups.xml:607(para)
31826
#: serverguide/C/backups.xml:618(para)
24281
31827
msgid ""
24282
31828
"During the install process you will be asked to supply credentials for the "
24283
31829
"database <emphasis>administrator</emphasis> and the "
24286
31832
"database, see <xref linkend=\"mysql\"/> for more information."
24287
31833
msgstr ""
24288
31834
24289
#: serverguide/C/backups.xml:617(para)
31835
#: serverguide/C/backups.xml:628(para)
24290
31836
msgid ""
24291
31837
"<application>Bacula</application> configuration files are formatted based on "
24292
31838
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
24295
31841
"directory."
24296
31842
msgstr ""
24297
31843
24298
#: serverguide/C/backups.xml:622(para)
31844
#: serverguide/C/backups.xml:633(para)
24299
31845
msgid ""
24300
31846
"The various <application>Bacula</application> components must authorize "
24301
31847
"themselves to each other. This is accomplished using the "
24306
31852
"<filename>/etc/bacula/bacula-sd.conf</filename>."
24307
31853
msgstr ""
24308
31854
24309
#: serverguide/C/backups.xml:628(para)
31855
#: serverguide/C/backups.xml:639(para)
24310
31856
msgid ""
24311
31857
"By default the backup job named <emphasis>Client1</emphasis> is configured "
24312
31858
"to archive the <application>Bacula</application> Catalog. If you plan on "
24315
31861
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
24316
31862
msgstr ""
24317
31863
24318
#: serverguide/C/backups.xml:633(programlisting)
31864
#: serverguide/C/backups.xml:644(programlisting)
24319
31865
#, no-wrap
24320
31866
msgid ""
24321
31867
"\n"
24338
31884
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
24339
31885
"}\n"
24340
31886
24341
#: serverguide/C/backups.xml:644(para)
31887
#: serverguide/C/backups.xml:655(para)
24342
31888
msgid ""
24343
31889
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
24344
31890
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
24345
31891
"your appropriate hostname, or other descriptive name."
24346
31892
msgstr ""
24347
31893
24348
#: serverguide/C/backups.xml:649(para)
31894
#: serverguide/C/backups.xml:660(para)
24349
31895
msgid ""
24350
31896
"The <emphasis>Console</emphasis> can be used to query the "
24351
31897
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
24354
31900
"the following from a terminal:"
24355
31901
msgstr ""
24356
31902
24357
#: serverguide/C/backups.xml:655(command)
31903
#: serverguide/C/backups.xml:666(command)
24358
31904
msgid "sudo adduser $username bacula"
24359
31905
msgstr "sudo adduser $username bacula"
24360
31906
24361
#: serverguide/C/backups.xml:658(para)
31907
#: serverguide/C/backups.xml:669(para)
24362
31908
msgid ""
24363
31909
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
24364
31910
"you are adding the current user to the group you should log out and back in "
24365
31911
"for the new permissions to take effect."
24366
31912
msgstr ""
24367
31913
24368
#: serverguide/C/backups.xml:665(title)
31914
#: serverguide/C/backups.xml:676(title)
24369
31915
msgid "Localhost Backup"
24370
31916
msgstr "Copia de seguridá de Localhost"
24371
31917
24372
#: serverguide/C/backups.xml:666(para)
31918
#: serverguide/C/backups.xml:677(para)
24373
31919
msgid ""
24374
31920
"This section describes how to backup specified directories on a single host "
24375
31921
"to a local tape drive."
24376
31922
msgstr ""
24377
31923
24378
#: serverguide/C/backups.xml:671(para)
31924
#: serverguide/C/backups.xml:682(para)
24379
31925
msgid ""
24380
31926
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
24381
31927
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
24382
31928
msgstr ""
24383
31929
24384
#: serverguide/C/backups.xml:674(programlisting)
31930
#: serverguide/C/backups.xml:685(programlisting)
24385
31931
#, no-wrap
24386
31932
msgid ""
24387
31933
"\n"
24399
31945
"}\n"
24400
31946
msgstr ""
24401
31947
24402
#: serverguide/C/backups.xml:688(para)
31948
#: serverguide/C/backups.xml:699(para)
24403
31949
msgid ""
24404
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24405
"Type and Archive Device to match your hardware."
31950
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the "
31951
"<quote>Media Type</quote> and <quote>Archive Device</quote> to match your "
31952
"hardware."
24406
31953
msgstr ""
24407
31954
24408
#: serverguide/C/backups.xml:691(para)
31955
#: serverguide/C/backups.xml:702(para)
24409
31956
msgid "You could also uncomment one of the other examples in the file."
24410
31957
msgstr ""
24411
31958
24412
#: serverguide/C/backups.xml:696(para)
31959
#: serverguide/C/backups.xml:707(para)
24413
31960
msgid ""
24414
31961
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24415
31962
"<application>Storage</application> daemon will need to be restarted:"
24416
31963
msgstr ""
24417
31964
24418
#: serverguide/C/backups.xml:701(command)
31965
#: serverguide/C/backups.xml:712(command)
24419
31966
msgid "sudo /etc/init.d/bacula-sd restart"
24420
31967
msgstr ""
24421
31968
24422
#: serverguide/C/backups.xml:705(para)
31969
#: serverguide/C/backups.xml:716(para)
24423
31970
msgid ""
24424
31971
"Now add a <emphasis>Storage</emphasis> resource in "
24425
31972
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24426
31973
msgstr ""
24427
31974
24428
#: serverguide/C/backups.xml:708(programlisting)
31975
#: serverguide/C/backups.xml:719(programlisting)
24429
31976
#, no-wrap
24430
31977
msgid ""
24431
31978
"\n"
24436
31983
" Address = backupserver # N.B. Use a fully qualified name "
24437
31984
"here\n"
24438
31985
" SDPort = 9103\n"
24439
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
31986
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyjc\"\n"
24440
31987
" Device = \"Tape Drive\"\n"
24441
31988
" Media Type = tape\n"
24442
31989
"}\n"
24443
31990
msgstr ""
24444
31991
24445
#: serverguide/C/backups.xml:720(para)
31992
#: serverguide/C/backups.xml:731(para)
24446
31993
msgid ""
24447
31994
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24448
31995
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24449
31996
"to the actual host name."
24450
31997
msgstr ""
24451
31998
24452
#: serverguide/C/backups.xml:724(para)
31999
#: serverguide/C/backups.xml:735(para)
24453
32000
msgid ""
24454
32001
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24455
32002
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24456
32003
msgstr ""
24457
32004
24458
#: serverguide/C/backups.xml:730(para)
32005
#: serverguide/C/backups.xml:741(para)
24459
32006
msgid ""
24460
32007
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24461
32008
"directories to backup, by adding:"
24462
32009
msgstr ""
24463
32010
24464
#: serverguide/C/backups.xml:733(programlisting)
32011
#: serverguide/C/backups.xml:744(programlisting)
24465
32012
#, no-wrap
24466
32013
msgid ""
24467
32014
"\n"
24479
32026
"}\n"
24480
32027
msgstr ""
24481
32028
24482
#: serverguide/C/backups.xml:747(para)
32029
#: serverguide/C/backups.xml:758(para)
24483
32030
msgid ""
24484
32031
"This <emphasis>FileSet</emphasis> will backup the <filename "
24485
32032
"role=\"directory\">/etc</filename> and <filename "
24486
32033
"role=\"directory\">/home</filename> directories. The "
24487
32034
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24488
"create a MD5 signature for each file backed up, and to compress the files "
32035
"create an MD5 signature for each file backed up, and to compress the files "
24489
32036
"using GZIP."
24490
32037
msgstr ""
24491
32038
24492
#: serverguide/C/backups.xml:754(para)
32039
#: serverguide/C/backups.xml:765(para)
24493
32040
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24494
32041
msgstr ""
24495
32042
24496
#: serverguide/C/backups.xml:757(programlisting)
32043
#: serverguide/C/backups.xml:768(programlisting)
24497
32044
#, no-wrap
24498
32045
msgid ""
24499
32046
"\n"
24510
32057
" Run = Full daily at 00:01\n"
24511
32058
"}\n"
24512
32059
24513
#: serverguide/C/backups.xml:764(para)
32060
#: serverguide/C/backups.xml:775(para)
24514
32061
msgid ""
24515
32062
"The job will run every day at 00:01 or 12:01 am. There are many other "
24516
32063
"scheduling options available."
24517
32064
msgstr ""
24518
32065
24519
#: serverguide/C/backups.xml:769(para)
32066
#: serverguide/C/backups.xml:780(para)
24520
32067
msgid "Finally create the <emphasis>Job</emphasis>:"
24521
32068
msgstr ""
24522
32069
24523
#: serverguide/C/backups.xml:772(programlisting)
32070
#: serverguide/C/backups.xml:783(programlisting)
24524
32071
#, no-wrap
24525
32072
msgid ""
24526
32073
"\n"
24549
32096
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24550
32097
"} \n"
24551
32098
24552
#: serverguide/C/backups.xml:785(para)
32099
#: serverguide/C/backups.xml:796(para)
24553
32100
msgid ""
24554
32101
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24555
32102
"drive."
24556
32103
msgstr ""
24557
32104
24558
#: serverguide/C/backups.xml:790(para)
32105
#: serverguide/C/backups.xml:801(para)
24559
32106
msgid ""
24560
32107
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24561
32108
"current tape does not have a label <application>Bacula</application> will "
24563
32110
"<application>Console</application> enter the following from a terminal:"
24564
32111
msgstr ""
24565
32112
24566
#: serverguide/C/backups.xml:796(command)
32113
#: serverguide/C/backups.xml:807(command)
24567
32114
msgid "bconsole"
24568
32115
msgstr "bconsole"
24569
32116
24570
#: serverguide/C/backups.xml:800(para)
32117
#: serverguide/C/backups.xml:811(para)
24571
32118
msgid "At the Bacula Console prompt enter:"
24572
32119
msgstr "Na consola de Bascual escribi:"
24573
32120
24574
#: serverguide/C/backups.xml:804(command)
32121
#: serverguide/C/backups.xml:815(command)
24575
32122
msgid "label"
24576
32123
msgstr "etiqueta"
24577
32124
24578
#: serverguide/C/backups.xml:808(para)
32125
#: serverguide/C/backups.xml:819(para)
24579
32126
msgid ""
24580
32127
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24581
32128
msgstr ""
24582
32129
24583
#: serverguide/C/backups.xml:818(userinput)
32130
#: serverguide/C/backups.xml:829(userinput)
24584
32131
#, no-wrap
24585
32132
msgid "2"
24586
32133
msgstr ""
24587
32134
24588
#: serverguide/C/backups.xml:812(computeroutput)
32135
#: serverguide/C/backups.xml:823(computeroutput)
24589
32136
#, no-wrap
24590
32137
msgid ""
24591
32138
"\n"
24597
32144
"Select Storage resource (1-2):<placeholder-1/>\n"
24598
32145
msgstr ""
24599
32146
24600
#: serverguide/C/backups.xml:823(para)
32147
#: serverguide/C/backups.xml:834(para)
24601
32148
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24602
32149
msgstr ""
24603
32150
24604
#: serverguide/C/backups.xml:828(userinput)
32151
#: serverguide/C/backups.xml:839(userinput)
24605
32152
#, no-wrap
24606
32153
msgid "Sunday"
24607
32154
msgstr ""
24608
32155
24609
#: serverguide/C/backups.xml:827(computeroutput)
32156
#: serverguide/C/backups.xml:838(computeroutput)
24610
32157
#, no-wrap
24611
32158
msgid ""
24612
32159
"\n"
24616
32163
" 2: Scratch"
24617
32164
msgstr ""
24618
32165
24619
#: serverguide/C/backups.xml:833(para)
32166
#: serverguide/C/backups.xml:844(para)
24620
32167
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24621
32168
msgstr ""
24622
32169
24623
#: serverguide/C/backups.xml:838(para)
32170
#: serverguide/C/backups.xml:849(para)
24624
32171
msgid "Now, select the <emphasis>Pool</emphasis>:"
24625
32172
msgstr ""
24626
32173
24627
#: serverguide/C/backups.xml:843(userinput)
32174
#: serverguide/C/backups.xml:854(userinput)
24628
32175
#, no-wrap
24629
32176
msgid "1"
24630
32177
msgstr ""
24631
32178
24632
#: serverguide/C/backups.xml:842(computeroutput)
32179
#: serverguide/C/backups.xml:853(computeroutput)
24633
32180
#, no-wrap
24634
32181
msgid ""
24635
32182
"\n"
24638
32185
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24639
32186
msgstr ""
24640
32187
24641
#: serverguide/C/backups.xml:850(para)
32188
#: serverguide/C/backups.xml:861(para)
24642
32189
msgid ""
24643
32190
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24644
32191
"backup the localhost to an attached tape drive."
24645
32192
msgstr ""
24646
32193
24647
#: serverguide/C/backups.xml:858(para)
32194
#: serverguide/C/backups.xml:869(para)
24648
32195
msgid ""
24649
32196
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24650
32197
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24651
32198
"Manual</ulink>"
24652
32199
msgstr ""
24653
32200
24654
#: serverguide/C/backups.xml:864(para)
32201
#: serverguide/C/backups.xml:875(para)
24655
32202
msgid ""
24656
32203
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24657
32204
"the latest Bacula news and developments."
24658
32205
msgstr ""
24659
32206
24660
#: serverguide/C/backups.xml:869(para)
32207
#: serverguide/C/backups.xml:880(para)
24661
32208
msgid ""
24662
32209
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24663
32210
"Ubuntu Wiki</ulink> page."
24668
32215
msgid "translator-credits"
24669
32216
msgstr ""
24670
32217
"Launchpad Contributions:\n"
24671
" Xandru Martino https://launchpad.net/~xandru-martino"
24672
24673
#~ msgid "sudo /etc/init.d/samba restart"
24674
#~ msgstr "sudo /etc/init.d/samba restart"
24675
24676
#~ msgid "eBox"
24677
#~ msgstr "eBox"
24678
24679
#~ msgid "apt-cache rdepends ebox | uniq"
24680
#~ msgstr "apt-cache rdepends ebox | uniq"
24681
24682
#~ msgid "Default Modules"
24683
#~ msgstr "Módulos por defeutu"
24684
24685
#~ msgid "eBox Modules"
24686
#~ msgstr "Módulos d'eBox"
24687
24688
#~ msgid "Available Events:"
24689
#~ msgstr "Eventos Disponibles:"
24690
24691
#~ msgid "Dispatchers:"
24692
#~ msgstr "Despachadores:"
24693
24694
#~ msgid "Additional Modules"
24695
#~ msgstr "Módulos Adicionales"
32218
" Matthew East https://launchpad.net/~mdke"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1