« back to all changes in this revision
Viewing changes to serverguide/po/uk.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Matthew East
- Date: 2011-05-03 07:11:18 UTC
- Revision ID: mdke@ubuntu.com-20110503071118-081aatibsr9k2yqy
Add files from ubuntu-docs natty branch, trim to use only those necessary for serverguide
- files added:
- build
- build/libs
- build/libs/admon
- build/libs/callouts
- build/libs/img
- build/libs/navig
- build/serverguide
- build/serverguide/C
- build/serverguide/sample
- libs
- libs/C
- libs/admon
- libs/authors
- libs/callouts
- libs/img
- libs/navig
- scripts
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
added
removed
serverguide/po/uk.po
1
# Ukrainian translation for ubuntu-docs
2
# Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008
3
# This file is distributed under the same license as the ubuntu-docs package.
4
#
5
# Yuri Chornoivan <yurchor@gmail.com>, 2010.
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-08-14 22:34+0100\n"
11
"PO-Revision-Date: 2010-08-16 04:22+0000\n"
12
"Last-Translator: Yuri Chornoivan <yurchor@gmail.com>\n"
13
"Language-Team: Ukrainian <translation@linux.org.ua>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-09-18 10:44+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (Проект документації Ubuntu)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr "Настанова користувача Ubuntu Сервер"
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "30.09.2008"
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr "Мережне оточення Windows"
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
"Комп'ютерні мережі часто складаються із різнорідних систем. У той час, як "
48
"керування мережею, яка повністю складається з робочих станцій та серверів "
49
"Ubuntu — легка задача, деякі мережі повинні поєднувати системи на основі "
50
"Ubuntu та <trademark class=\"registered\">Microsoft</trademark><trademark "
51
"class=\"registered\">Windows</trademark>, гармонійно співіснуючі одна з "
52
"одною. Ця частина Керівництва розглядає принципи та інструменти, які "
53
"використовуються у налаштуванні вашого серверу Ubuntu для взаємодії з "
54
"Windows-комп'ютерами."
55
56
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:349(title) serverguide/C/remote-administration.xml:21(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
57
msgid "Introduction"
58
msgstr "Вступ"
59
60
#: serverguide/C/windows-networking.xml:27(para)
61
msgid ""
62
"Successfully networking your Ubuntu system with Windows clients involves "
63
"providing and integrating with services common to Windows environments. Such "
64
"services assist the sharing of data and information about the computers and "
65
"users involved in the network, and may be classified under three major "
66
"categories of functionality:"
67
msgstr ""
68
"Успішна мережна взаємодія вашої системи Ubuntu з Windows-клієнтами включає в "
69
"себе забезпечення та інтеграцію з службами, спільними для оточення Windows. "
70
"Такі служби підтримують спільне використання даних та інформації про "
71
"комп'ютери та користувачів мережі, і можуть відноситись до трьох основних "
72
"функціональних категоріїв:"
73
74
#: serverguide/C/windows-networking.xml:35(para)
75
msgid ""
76
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
77
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
78
"folders, volumes, and the sharing of printers throughout the network."
79
msgstr ""
80
"<emphasis role=\"bold\">Служби доступу до файлів і принтерів </emphasis>. "
81
"Використання протоколу блоку серверних повідомлень (SMB) для забезпечення "
82
"спільного використання файлів, папок, томів, а також загального доступу до "
83
"принтерів через мережу."
84
85
#: serverguide/C/windows-networking.xml:41(para)
86
msgid ""
87
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
88
"information about the computers and users of the network with such "
89
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
90
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
91
msgstr ""
92
"<emphasis role=\"bold\">Служби каталогу</emphasis>. Розподіл важливої "
93
"інформації про комп'ютери та користувачів мережі з використанням таких "
94
"технологій, як полегшений протокол доступу до каталогів (LDAP) і Microsoft "
95
"<trademark class=\"registered\"> Active Directory </trademark>."
96
97
#: serverguide/C/windows-networking.xml:48(para)
98
msgid ""
99
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
100
"the identity of a computer or user of the network and determining the "
101
"information the computer or user is authorized to access using such "
102
"principles and technologies as file permissions, group policies, and the "
103
"Kerberos authentication service."
104
msgstr ""
105
"<emphasis role=\"bold\">Посвідчення і доступ </emphasis>. Встановлення "
106
"автентичності комп'ютера або користувача мережі та визначення інформації, до "
107
"якої комп'ютеру або користувачу дозволяється мати доступ за допомогою прав "
108
"доступу до файлів, групових політик і служби посвідчення Kerberos."
109
110
#: serverguide/C/windows-networking.xml:56(para)
111
msgid ""
112
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
113
"clients and share network resources among them. One of the principal pieces "
114
"of software your Ubuntu system includes for Windows networking is the Samba "
115
"suite of SMB server applications and tools."
116
msgstr ""
117
"На щастя, ваша система Ubuntu може надавати всі ці блага Windows-клієнтам і "
118
"давати доступ до мережевих ресурсів. Однією з головних програм Ubuntu, "
119
"призначених для роботи по мережі з Windows, є пакет Samba, що складається з "
120
"серверних додатків та інструментів SMB."
121
122
#: serverguide/C/windows-networking.xml:62(para)
123
msgid ""
124
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
125
"of the common Samba use cases, and how to install and configure the "
126
"necessary packages. Additional detailed documentation and information on "
127
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
128
"website</ulink>."
129
msgstr ""
130
"Розділ Керівництво по серверу <phrase>Ubuntu</phrase> познайомить вас із "
131
"загальними принципами роботи з Samba, покаже, як встановити та налаштувати "
132
"необхідні пакети. Додаткова, більш докладна, інформація по Samba може бути "
133
"знайдена на <ulink url=\"http://www.samba.org\">Сайті проекту Samba </ulink>."
134
135
#: serverguide/C/windows-networking.xml:70(title)
136
msgid "Samba File Server"
137
msgstr "Файловий Сервер Samba"
138
139
#: serverguide/C/windows-networking.xml:72(para)
140
msgid ""
141
"One of the most common ways to network Ubuntu and Windows computers is to "
142
"configure Samba as a File Server. This section covers setting up a "
143
"<application>Samba</application> server to share files with Windows clients."
144
msgstr ""
145
"Один з найбільш поширених способів об'єднання в мережу комп'ютерів під "
146
"управлінням Ubuntu і Windows - настройка Samba в якості файлового сервера. "
147
"Ця секція охоплює налаштування сервера <application>Samba</application> для "
148
"надання доступу до файлів для Windows-клієнтів."
149
150
#: serverguide/C/windows-networking.xml:77(para)
151
msgid ""
152
"The server will be configured to share files with any client on the network "
153
"without prompting for a password. If your environment requires stricter "
154
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
155
msgstr ""
156
"Сервер буде налаштований для надання доступу до файлів будь-якому клієнту "
157
"мережі без запиту пароля. Якщо вам потрібна більш суворий контроль доступу, "
158
"дивіться <xref linkend=\"samba-fileprint-security\"/>"
159
160
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:288(title) serverguide/C/windows-networking.xml:1317(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:51(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1590(title) serverguide/C/network-auth.xml:2102(title) serverguide/C/network-auth.xml:2493(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
161
msgid "Installation"
162
msgstr "Встановлення"
163
164
#: serverguide/C/windows-networking.xml:85(para)
165
msgid ""
166
"The first step is to install the <application>samba</application> package. "
167
"From a terminal prompt enter:"
168
msgstr ""
169
"В першу чергу вам потрібно встановити пакунок "
170
"<application>samba</application>. Введіть в терміналі:"
171
172
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:300(command)
173
msgid "sudo apt-get install samba"
174
msgstr "sudo apt-get install samba"
175
176
#: serverguide/C/windows-networking.xml:93(para)
177
msgid ""
178
"That's all there is to it; you are now ready to configure Samba to share "
179
"files."
180
msgstr ""
181
"Це все що потрібно; наразі ви готові до налаштування Samba, щоб розшарити "
182
"файли."
183
184
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:305(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:73(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2141(title) serverguide/C/network-auth.xml:2514(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
185
msgid "Configuration"
186
msgstr "Налаштовування"
187
188
#: serverguide/C/windows-networking.xml:101(para)
189
msgid ""
190
"The main Samba configuration file is located in "
191
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
192
"a significant amount of comments in order to document various configuration "
193
"directives."
194
msgstr ""
195
"Головний файл налаштування Samba знаходиться тут: "
196
"<filename>/etc/samba/smb.conf</filename>. Настройки за замовчуванням містять "
197
"вичерпну кількість коментарів, що описують різні варіанти встановлення."
198
199
#: serverguide/C/windows-networking.xml:106(para)
200
msgid ""
201
"Not all the available options are included in the default configuration "
202
"file. See the <filename>smb.conf</filename><application>man</application> "
203
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
204
"Collection/\">Samba HOWTO Collection</ulink> for more details."
205
msgstr ""
206
"Не всі доступні параметри включені в конфігурацію по замовчуванню. Дивітся "
207
"<filename>smb.conf</filename><application>man</application> сторінку чи "
208
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
209
"HOWTO Колекція</ulink> для деталей."
210
211
#: serverguide/C/windows-networking.xml:116(para)
212
msgid ""
213
"First, edit the following key/value pairs in the "
214
"<emphasis>[global]</emphasis> section of "
215
"<filename>/etc/samba/smb.conf</filename>:"
216
msgstr ""
217
"Спочатку, відредагуйте пари ключ/значення в <emphasis>[global]</emphasis> "
218
"розділі <filename>/etc/samba/smb.conf</filename>:"
219
220
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:312(programlisting) serverguide/C/windows-networking.xml:780(programlisting) serverguide/C/windows-networking.xml:1003(programlisting)
221
#, no-wrap
222
msgid ""
223
"\n"
224
" workgroup = EXAMPLE\n"
225
" ...\n"
226
" security = user\n"
227
msgstr ""
228
"\n"
229
" workgroup = EXAMPLE\n"
230
" ...\n"
231
" security = user\n"
232
233
#: serverguide/C/windows-networking.xml:127(para)
234
msgid ""
235
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
236
"section, and is commented by default. Also, change "
237
"<emphasis>EXAMPLE</emphasis> to better match your environment."
238
msgstr ""
239
"<emphasis>Security</emphasis> параметр знаходится нижче в розділі [global], "
240
"разом з коментарями. Також, змініть <emphasis>EXAMPLE</emphasis> на те що "
241
"вам більше підходить."
242
243
#: serverguide/C/windows-networking.xml:135(para)
244
msgid ""
245
"Create a new section at the bottom of the file, or uncomment one of the "
246
"examples, for the directory to be shared:"
247
msgstr ""
248
"Створіть новий розділ внизу файла, чи розкоментуйте один з прикладів, для "
249
"розшарення папки:"
250
251
#: serverguide/C/windows-networking.xml:139(programlisting)
252
#, no-wrap
253
msgid ""
254
"\n"
255
"[share]\n"
256
" comment = Ubuntu File Server Share\n"
257
" path = /srv/samba/share\n"
258
" browsable = yes\n"
259
" guest ok = yes\n"
260
" read only = no\n"
261
" create mask = 0755\n"
262
msgstr ""
263
"\n"
264
"[share]\n"
265
" comment = Ubuntu File Server Share\n"
266
" path = /srv/samba/share\n"
267
" browsable = yes\n"
268
" guest ok = yes\n"
269
" read only = no\n"
270
" create mask = 0755\n"
271
272
#: serverguide/C/windows-networking.xml:151(para)
273
msgid ""
274
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
275
"fit your needs."
276
msgstr ""
277
"<emphasis>comment:</emphasis> короткий опис шари. Змініть на те що вам до "
278
"вподоби."
279
280
#: serverguide/C/windows-networking.xml:156(para)
281
msgid "<emphasis>path:</emphasis> the path to the directory to share."
282
msgstr ""
283
"<emphasis>path:</emphasis> шлях до папки, яка повинна бути розшарена."
284
285
#: serverguide/C/windows-networking.xml:159(para)
286
msgid ""
287
"This example uses <filename>/srv/samba/sharename</filename> because, "
288
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
289
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
290
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
291
"specific data should be served. Technically Samba shares can be placed "
292
"anywhere on the filesystem as long as the permissions are correct, but "
293
"adhering to standards is recommended."
294
msgstr ""
295
"Цей приклад використовує <filename>/srv/samba/sharename</filename>, оскільки "
296
"відповідно до <emphasis>Стандарту Ієрархії файлової системи (FHS) "
297
"</emphasis> папка <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
298
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> призначена для "
299
"зберігання даних, що відносяться до сайту. Технічно ресурси Samba можуть "
300
"розташовуватися в будь-якому місці файлової системи, якщо для них виставлені "
301
"правильні права доступу, але все-таки рекомендується дотримуватися "
302
"стандартів."
303
304
#: serverguide/C/windows-networking.xml:168(para)
305
msgid ""
306
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
307
"directory using <application>Windows Explorer</application>."
308
msgstr ""
309
"<emphasis>browsable:</emphasis> дозволяє Windows користувачам переглядати "
310
"розшарену папку використовуючи <application>Windows Explorer</application>."
311
312
#: serverguide/C/windows-networking.xml:174(para)
313
msgid ""
314
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
315
"without supplying a password."
316
msgstr ""
317
"<emphasis>guest ok:</emphasis> дозволяє клієнтам з'єднуватися із шарою без "
318
"введення паролю."
319
320
#: serverguide/C/windows-networking.xml:179(para)
321
msgid ""
322
"<emphasis>read only:</emphasis> determines if the share is read only or if "
323
"write privileges are granted. Write privileges are allowed only when the "
324
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
325
"is <emphasis>yes</emphasis>, then access to the share is read only."
326
msgstr ""
327
"<emphasis>read only:</emphasis> визначає, можна лише читати дані зі "
328
"спільного ресурсу чи можна також дані і записувати. Запис можна буде "
329
"здійснювати, лише якщо буде вказано значення <emphasis>no</emphasis>, як у "
330
"нашому прикладі. Якщо буде вказано значення <emphasis>yes</emphasis>, дані "
331
"зі спільного ресурсу можна буде лише читати."
332
333
#: serverguide/C/windows-networking.xml:184(para)
334
msgid ""
335
"<emphasis>create mask:</emphasis> determines the permissions new files will "
336
"have when created."
337
msgstr ""
338
"<emphasis>create mask:</emphasis> визначає права нових файлів які "
339
"створюються."
340
341
#: serverguide/C/windows-networking.xml:193(para)
342
msgid ""
343
"Now that <application>Samba</application> is configured, the directory needs "
344
"to be created and the permissions changed. From a terminal enter:"
345
msgstr ""
346
"Зараз <application>Samba</application> налаштована, папки потребує створення "
347
"чи зміни прав. З терміналу введіть:"
348
349
#: serverguide/C/windows-networking.xml:199(command)
350
msgid "sudo mkdir -p /srv/samba/share"
351
msgstr "sudo mkdir -p /srv/samba/share"
352
353
#: serverguide/C/windows-networking.xml:200(command)
354
msgid "sudo chown nobody.nogroup /srv/samba/share/"
355
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
356
357
#: serverguide/C/windows-networking.xml:204(para)
358
msgid ""
359
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
360
"directory tree if it doesn't exist. Change the share name to fit your "
361
"environment."
362
msgstr ""
363
"<emphasis>-p</emphasis> ключ каже програмі mkdir створити дерево папок у "
364
"разі якщо його не існує. Змініть назву шари з урахуванням вашого середовища."
365
366
#: serverguide/C/windows-networking.xml:213(para)
367
msgid ""
368
"Finally, restart the <application>samba</application> services to enable the "
369
"new configuration:"
370
msgstr ""
371
"Нарешті, перезапустіть служби <application>samba</application>, щоб нові "
372
"налаштування набули чинності:"
373
374
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:332(command) serverguide/C/windows-networking.xml:470(command) serverguide/C/windows-networking.xml:570(command) serverguide/C/windows-networking.xml:949(command) serverguide/C/windows-networking.xml:1060(command) serverguide/C/windows-networking.xml:1176(command) serverguide/C/network-auth.xml:1869(command)
375
msgid "sudo restart smbd"
376
msgstr "sudo restart smbd"
377
378
#: serverguide/C/windows-networking.xml:219(command) serverguide/C/windows-networking.xml:333(command) serverguide/C/windows-networking.xml:471(command) serverguide/C/windows-networking.xml:571(command) serverguide/C/windows-networking.xml:950(command) serverguide/C/windows-networking.xml:1061(command) serverguide/C/windows-networking.xml:1177(command) serverguide/C/network-auth.xml:1870(command)
379
msgid "sudo restart nmbd"
380
msgstr "sudo restart nmbd"
381
382
#: serverguide/C/windows-networking.xml:226(para)
383
msgid ""
384
"Once again, the above configuration gives all access to any client on the "
385
"local network. For a more secure configuration see <xref linkend=\"samba-"
386
"fileprint-security\"/>."
387
msgstr ""
388
"Повторимо ще раз, наведена вище конфігурація дає повний доступ будь-якого "
389
"клієнта в локальній мережі. Якщо вам потрібна більш захищена конфігурація, "
390
"дивіться <xref linkend=\"samba-fileprint-security\"/>."
391
392
#: serverguide/C/windows-networking.xml:232(para)
393
msgid ""
394
"From a Windows client you should now be able to browse to the Ubuntu file "
395
"server and see the shared directory. To check that everything is working try "
396
"creating a directory from Windows."
397
msgstr ""
398
"Тепер з клієнтського комп’ютера можна буде переглядати вміст файлового "
399
"сервера <phrase>Ubuntu</phrase> і бачити каталог спільного використання. Щоб "
400
"перевірити, чи все працює, спробуйте створити каталог з Windows."
401
402
#: serverguide/C/windows-networking.xml:237(para)
403
msgid ""
404
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
405
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
406
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
407
"share actually exists and the permissions are correct."
408
msgstr ""
409
"Для створення додаткових спільних ресурсів слід створити додаткові розділи "
410
"<emphasis>[dir]</emphasis> у файлі <filename>/etc/samba/smb.conf</filename> "
411
"і перезапустити <emphasis>Samba</emphasis>. Переконайтеся, що каталог, який "
412
"ви надаєте у спільне користування, справді існує і що для нього було "
413
"визначено належні права доступу."
414
415
#: serverguide/C/windows-networking.xml:244(title) serverguide/C/windows-networking.xml:343(title) serverguide/C/windows-networking.xml:700(title) serverguide/C/windows-networking.xml:1080(title) serverguide/C/windows-networking.xml:1288(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1540(title) serverguide/C/network-auth.xml:1985(title) serverguide/C/network-auth.xml:2589(title) serverguide/C/network-auth.xml:3097(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
416
msgid "Resources"
417
msgstr "Ресурси"
418
419
#: serverguide/C/windows-networking.xml:248(para) serverguide/C/windows-networking.xml:347(para) serverguide/C/windows-networking.xml:704(para) serverguide/C/windows-networking.xml:1084(para)
420
msgid ""
421
"For in depth Samba configurations see the <ulink "
422
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
423
"Collection</ulink>"
424
msgstr ""
425
"Докладніше про налаштування Samba можна дізнатися з <ulink "
426
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">збірки порад "
427
"з Samba</ulink>"
428
429
#: serverguide/C/windows-networking.xml:254(para) serverguide/C/windows-networking.xml:353(para) serverguide/C/windows-networking.xml:710(para) serverguide/C/windows-networking.xml:1090(para)
430
msgid ""
431
"The guide is also available in <ulink "
432
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
433
"format</ulink>."
434
msgstr ""
435
"Крім того, з підручником можна ознайомитися у <ulink "
436
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">паперовому "
437
"форматі</ulink>."
438
439
#: serverguide/C/windows-networking.xml:260(para) serverguide/C/windows-networking.xml:359(para)
440
msgid ""
441
"O'Reilly's <ulink "
442
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
443
"another good reference."
444
msgstr ""
445
"Ще одним чудовим підручником є <ulink "
446
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Використання "
447
"Samba</ulink> видавництва O'Reilly."
448
449
#: serverguide/C/windows-networking.xml:266(para) serverguide/C/windows-networking.xml:370(para) serverguide/C/windows-networking.xml:735(para) serverguide/C/windows-networking.xml:1114(para) serverguide/C/windows-networking.xml:1301(para)
450
msgid ""
451
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
452
"</ulink> page."
453
msgstr ""
454
455
#: serverguide/C/windows-networking.xml:275(title)
456
msgid "Samba Print Server"
457
msgstr "Сервер друку Samba"
458
459
#: serverguide/C/windows-networking.xml:277(para)
460
msgid ""
461
"Another common use of Samba is to configure it to share printers installed, "
462
"either locally or over the network, on an Ubuntu server. Similar to <xref "
463
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
464
"any client on the local network to use the installed printers without "
465
"prompting for a username and password."
466
msgstr ""
467
468
#: serverguide/C/windows-networking.xml:283(para)
469
msgid ""
470
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
471
"security\"/>."
472
msgstr ""
473
"Для більш безпечного налаштування, дивітся <xref linkend=\"samba-fileprint-"
474
"security\"/>."
475
476
#: serverguide/C/windows-networking.xml:290(para)
477
msgid ""
478
"Before installing and configuring Samba it is best to already have a working "
479
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
480
"for details."
481
msgstr ""
482
"Перед встановленням та налаштуванням Samba краще мати вже працюючий "
483
"<application>CUPS</application>. Дивітся <xref linkend=\"cups\"/> для "
484
"деталей."
485
486
#: serverguide/C/windows-networking.xml:295(para)
487
msgid ""
488
"To install the <application>samba</application> package, from a terminal "
489
"enter:"
490
msgstr ""
491
"Щоб встановити пакунок <application>samba</application>, введіть в терміналі:"
492
493
#: serverguide/C/windows-networking.xml:306(para)
494
msgid ""
495
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
496
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
497
"network, and change <emphasis>security</emphasis> to <emphasis "
498
"role=\"italic\">share</emphasis>:"
499
msgstr ""
500
"Після встановлення samba внесіть зміни до "
501
"<filename>/etc/samba/smb.conf</filename>. Змініть атрибут "
502
"<emphasis>workgroup</emphasis> на відповідний вашій мережі і змініть "
503
"значення <emphasis>security</emphasis> на <emphasis "
504
"role=\"italic\">share</emphasis>:"
505
506
#: serverguide/C/windows-networking.xml:318(para)
507
msgid ""
508
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
509
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
510
msgstr ""
511
"У розділі <emphasis>[printers]</emphasis> змініть значення <emphasis>guest "
512
"ok</emphasis> на <emphasis role=\"italic\">yes</emphasis>:"
513
514
#: serverguide/C/windows-networking.xml:322(programlisting)
515
#, no-wrap
516
msgid ""
517
"\n"
518
" browsable = yes\n"
519
" guest ok = yes\n"
520
msgstr ""
521
"\n"
522
" browsable = yes\n"
523
" guest ok = yes\n"
524
525
#: serverguide/C/windows-networking.xml:327(para)
526
msgid "After editing <filename>smb.conf</filename> restart Samba:"
527
msgstr "Після редагування <filename>smb.conf</filename> перезапустіть Samba:"
528
529
#: serverguide/C/windows-networking.xml:336(para)
530
msgid ""
531
"The default Samba configuration will automatically share any printers "
532
"installed. Simply install the printer locally on your Windows clients."
533
msgstr ""
534
"Налаштування Samba за замовчуванням автоматично розшарюють всі встановлені "
535
"принтери. Просто встановіть принтере локально на ваших Windows клієнтах."
536
537
#: serverguide/C/windows-networking.xml:365(para)
538
msgid ""
539
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
540
"more information on configuring CUPS."
541
msgstr ""
542
"Також, дивіться посилання <ulink url=\"http://www.cups.org/\">CUPS "
543
"Вебсайт</ulink> для більш детальної інформації по налаштуванню CUPS."
544
545
#: serverguide/C/windows-networking.xml:379(title)
546
msgid "Securing a Samba File and Print Server"
547
msgstr "Убезпечення сервера спільного використання файлів та принтерів Samba"
548
549
#: serverguide/C/windows-networking.xml:382(title)
550
msgid "Samba Security Modes"
551
msgstr "Режими захисту Samba"
552
553
#: serverguide/C/windows-networking.xml:384(para)
554
msgid ""
555
"There are two security levels available to the Common Internet Filesystem "
556
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
557
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
558
"allows more flexibility, providing four ways of implementing user-level "
559
"security and one way to implement share-level:"
560
msgstr ""
561
"Існує два рівні захисту мережевого протоколу Common Internet Filesystem "
562
"(CIFS): <emphasis>на рівні користувача</emphasis> і <emphasis>на рівні "
563
"ресурсу</emphasis>. Реалізація <emphasis>режиму захисту</emphasis> Samba є "
564
"більш гнучкою: передбачено чотири способи реалізації захисту на рівні "
565
"користувача і один спосіб реалізувати захист на рівні ресурсу:"
566
567
#: serverguide/C/windows-networking.xml:393(para)
568
msgid ""
569
"<emphasis>security = user:</emphasis> requires clients to supply a username "
570
"and password to connect to shares. Samba user accounts are separate from "
571
"system accounts, but the <application>libpam-smbpass</application> package "
572
"will sync system users and passwords with the Samba user database."
573
msgstr ""
574
"<emphasis>security = user:</emphasis> визначає, що клієнтським комп’ютерам "
575
"слід надати ім’я користувача і пароль для встановлення з’єднання зі "
576
"спільними ресурсами. Облікові записи користувачів Samba є окремими "
577
"обліковими записами, що не збігаються з обліковими записами користувачів "
578
"системи, але пакунок <application>libpam-smbpass</application> синхронізує "
579
"списки користувачів системи і паролі з базою даних користувачів Samba."
580
581
#: serverguide/C/windows-networking.xml:400(para)
582
msgid ""
583
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
584
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
585
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
586
"linkend=\"samba-dc\"/> for further information."
587
msgstr ""
588
"<emphasis>security = domain:</emphasis> за допомогою цього режиму можна "
589
"зробити сервер Samba для клієнтських комп’ютерів Windows основним "
590
"контролером домену (Primary Domain Controller або PDC), резервним "
591
"контролером домену (Backup Domain Controller і BDC) або сервером учасників "
592
"домену (Domain Member Server або DMS). Докладніше про це у розділі <xref "
593
"linkend=\"samba-dc\"/>."
594
595
#: serverguide/C/windows-networking.xml:407(para)
596
msgid ""
597
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
598
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
599
"integration\"/> for details."
600
msgstr ""
601
"<emphasis>security = ADS:</emphasis> дозволяє серверу Samba долучатися до "
602
"домену Active Directory як звичайному учаснику. Докладніше про це у розділі "
603
"<xref linkend=\"samba-ad-integration\"/>."
604
605
#: serverguide/C/windows-networking.xml:413(para)
606
msgid ""
607
"<emphasis>security = server:</emphasis> this mode is left over from before "
608
"Samba could become a member server, and due to some security issues should "
609
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
610
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
611
"of the Samba guide for more details."
612
msgstr ""
613
"<emphasis>security = server:</emphasis> цей режим залишився від часів, коли "
614
"Samba не могла ставати учасником сервера, через проблеми з безпекою цим "
615
"режимом не слід користуватися. Докладніше про це у розділі <ulink "
616
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType. "
617
"html#id349531\">Захист сервера</ulink> підручника з Samba."
618
619
#: serverguide/C/windows-networking.xml:421(para)
620
msgid ""
621
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
622
"without supplying a username and password."
623
msgstr ""
624
"<emphasis>security = share:</emphasis> надає змогу клієнтським комп’ютерам "
625
"встановлювати з’єднання зі спільними ресурсами без використання імені "
626
"користувача і пароля."
627
628
#: serverguide/C/windows-networking.xml:428(para)
629
msgid ""
630
"The security mode you choose will depend on your environment and what you "
631
"need the Samba server to accomplish."
632
msgstr ""
633
"Кращий режим захисту залежить від середовища та завдань, які має виконувати "
634
"сервер Samba."
635
636
#: serverguide/C/windows-networking.xml:434(title)
637
msgid "Security = User"
638
msgstr "Security = User"
639
640
#: serverguide/C/windows-networking.xml:436(para)
641
msgid ""
642
"This section will reconfigure the Samba file and print server, from <xref "
643
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
644
"require authentication."
645
msgstr ""
646
"За допомогою цього розділу можна повторно налаштувати сервер роботи з "
647
"файлами та принтерами Samba з <xref linkend=\"samba-fileserver\"/> і <xref "
648
"linkend=\"samba-printserver\"/> на використання режиму розпізнавання."
649
650
#: serverguide/C/windows-networking.xml:441(para)
651
msgid ""
652
"First, install the <application>libpam-smbpass</application> package which "
653
"will sync the system users to the Samba user database:"
654
msgstr ""
655
"Спочатку встановіть пакунок <application>libpam-smbpass</application>, який "
656
"синхронізуватиме записи користувачів системи з базою даних користувачів "
657
"Samba:"
658
659
#: serverguide/C/windows-networking.xml:447(command)
660
msgid "sudo apt-get install libpam-smbpass"
661
msgstr "sudo apt-get install libpam-smbpass"
662
663
#: serverguide/C/windows-networking.xml:451(para)
664
msgid ""
665
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
666
"<application>libpam-smbpass</application> is already installed."
667
msgstr ""
668
"Якщо під час встановлення було вибрано завдання <emphasis>Сервер "
669
"Samba</emphasis>, пакунок <application>libpam-smbpass</application> вже "
670
"встановлено."
671
672
#: serverguide/C/windows-networking.xml:457(para)
673
msgid ""
674
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
675
"<emphasis>[share]</emphasis> section change:"
676
msgstr ""
677
"Внесіть зміни до розділу <emphasis>[share]</emphasis> файла "
678
"<filename>/etc/samba/smb.conf</filename>:"
679
680
#: serverguide/C/windows-networking.xml:461(programlisting)
681
#, no-wrap
682
msgid ""
683
"\n"
684
" guest ok = no\n"
685
msgstr ""
686
"\n"
687
" guest ok = no\n"
688
689
#: serverguide/C/windows-networking.xml:465(para)
690
msgid "Finally, restart Samba for the new settings to take effect:"
691
msgstr "Нарешті, перезапустіть Samba, щоб нові параметри набули чинності:"
692
693
#: serverguide/C/windows-networking.xml:474(para)
694
msgid ""
695
"Now when connecting to the shared directories or printers you should be "
696
"prompted for a username and password."
697
msgstr ""
698
"Тепер під час встановлення з’єднання з каталогами або принтерами спільного "
699
"використання буде показано запит щодо імені користувача і пароля."
700
701
#: serverguide/C/windows-networking.xml:479(para)
702
msgid ""
703
"If you choose to map a network drive to the share you can check the "
704
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
705
"enter the username and password once, at least until the password changes."
706
msgstr ""
707
"Щоб відобразити вміст мережевого диска на спільний ресурс, слід позначити "
708
"пункт «Повторно встановлювати з’єднання при вході». У разі позначення пункту "
709
"система надсилатиме запит щодо імені користувача і пароля лише раз, "
710
"принаймні до зміни пароля."
711
712
#: serverguide/C/windows-networking.xml:487(title)
713
msgid "Share Security"
714
msgstr "Захист спільних ресурсів"
715
716
#: serverguide/C/windows-networking.xml:489(para)
717
msgid ""
718
"There are several options available to increase the security for each "
719
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
720
"this section will cover some common options."
721
msgstr ""
722
"Передбачено декілька варіантів покращення захисту окремих каталогів "
723
"спільного використання. За допомогою прикладу <emphasis>[share]</emphasis> у "
724
"цьому розділі висвітлено декілька загальних варіантів."
725
726
#: serverguide/C/windows-networking.xml:495(title)
727
msgid "Groups"
728
msgstr "Групи"
729
730
#: serverguide/C/windows-networking.xml:497(para)
731
msgid ""
732
"Groups define a collection of computers or users which have a common level "
733
"of access to particular network resources and offer a level of granularity "
734
"in controlling access to such resources. For example, if a group <emphasis "
735
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
736
"role=\"italic\">freda</emphasis>, <emphasis "
737
"role=\"italic\">danika</emphasis>, and <emphasis "
738
"role=\"italic\">rob</emphasis> and a second group <emphasis "
739
"role=\"italic\">support</emphasis> is defined and consists of users "
740
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
741
"role=\"italic\">jeremy</emphasis>, and <emphasis "
742
"role=\"italic\">vincent</emphasis> then certain network resources configured "
743
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
744
"subsequently enable access by freda, danika, and rob, but not jeremy or "
745
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
746
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
747
"role=\"italic\">support</emphasis> groups, she will be able to access "
748
"resources configured for access by both groups, whereas all other users will "
749
"have only access to resources explicitly allowing the group they are part of."
750
msgstr ""
751
"Групи визначають збірки комп’ютерів або користувачів з однаковим рівнем "
752
"доступу до певних мережевих ресурсів, а також визначають рівень деталізації "
753
"у керуванні доступу і визначає рівень деталізації у керуванні доступом до "
754
"таких ресурсів. Наприклад, якщо визначено групу <emphasis "
755
"role=\"italic\">qa</emphasis>, що містить користувачів <emphasis "
756
"role=\"italic\">freda</emphasis>, <emphasis "
757
"role=\"italic\">danika</emphasis> і <emphasis "
758
"role=\"italic\">rob</emphasis>, і іншу групу <emphasis "
759
"role=\"italic\">support</emphasis>, що містить користувачів <emphasis "
760
"role=\"italic\">danika</emphasis>, <emphasis "
761
"role=\"italic\">jeremy</emphasis> і <emphasis "
762
"role=\"italic\">vincent</emphasis>, потім налаштовано певні мережеві ресурси "
763
"на доступ для групи <emphasis role=\"italic\">qa</emphasis>, доступ буде "
764
"надано користувачам freda, danika і rob, але не користувачам jeremy і "
765
"vincent. Оскільки користувач <emphasis role=\"italic\">danika</emphasis> "
766
"належить до обох груп, <emphasis role=\"italic\">qa</emphasis> і <emphasis "
767
"role=\"italic\">support</emphasis>, він зможе отримати доступ до ресурсів, "
768
"налаштованих на доступ до обох груп, а інші користувачі матимуть доступ лише "
769
"до ресурсів, до яких явним чином надано доступ групі, учасником якої є ці "
770
"користувачі."
771
772
#: serverguide/C/windows-networking.xml:511(para)
773
msgid ""
774
"By default Samba looks for the local system groups defined in "
775
"<filename>/etc/group</filename> to determine which users belong to which "
776
"groups. For more information on adding and removing users from groups see "
777
"<xref linkend=\"adding-deleting-users\"/>."
778
msgstr ""
779
"Типово, Samba шукає локальні групи системи, визначені у "
780
"<filename>/etc/group</filename> для розподілу користувачів за групами. "
781
"Докладніші відомості щодо додавання та вилучення користувачів з груп можна "
782
"знайти у розділі <xref linkend=\"adding-deleting-users\"/>."
783
784
#: serverguide/C/windows-networking.xml:517(para)
785
msgid ""
786
"When defining groups in the Samba configuration file, "
787
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
788
"preface the group name with an \"@\" symbol. For example, if you wished to "
789
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
790
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
791
"do so by entering the group name as <emphasis "
792
"role=\"bold\">@sysadmin</emphasis>."
793
msgstr ""
794
"Під час визначення груп у файлі налаштувань Samba, "
795
"<filename>/etc/samba/smb.conf</filename>, для кращого сприйняття слід "
796
"додавати перед назвою групи символ «@». Наприклад, щоб визначити групу з "
797
"назвою <emphasis role=\"italic\">sysadmin</emphasis> у певному розділі файла "
798
"<filename>/etc/samba/smb.conf</filename>, слід додати запис <emphasis "
799
"role=\"bold\">@sysadmin</emphasis>."
800
801
#: serverguide/C/windows-networking.xml:526(title)
802
msgid "File Permissions"
803
msgstr "Права доступу до файлів"
804
805
#: serverguide/C/windows-networking.xml:528(para)
806
msgid ""
807
"File Permissions define the explicit rights a computer or user has to a "
808
"particular directory, file, or set of files. Such permissions may be defined "
809
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
810
"the explicit permissions of a defined file share."
811
msgstr ""
812
"Права доступу явно визначають права певного комп’ютера або користувача на "
813
"виконання дій з каталогом, файлом або набором файлів. Такі права доступу "
814
"можна визначити за допомогою редагування файла "
815
"<filename>/etc/samba/smb.conf</filename> з визначенням явних прав доступу до "
816
"визначеного спільного файлового ресурсу."
817
818
#: serverguide/C/windows-networking.xml:534(para)
819
msgid ""
820
"For example, if you have defined a Samba share called "
821
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
822
"only</emphasis> permissions to the group of users known as <emphasis "
823
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
824
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
825
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
826
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
827
"under the <emphasis>[share]</emphasis> entry:"
828
msgstr ""
829
830
#: serverguide/C/windows-networking.xml:543(programlisting)
831
#, no-wrap
832
msgid ""
833
"\n"
834
" read list = @qa\n"
835
" write list = @sysadmin, vincent\n"
836
msgstr ""
837
"\n"
838
" read list = @qa\n"
839
" write list = @sysadmin, vincent\n"
840
841
#: serverguide/C/windows-networking.xml:548(para)
842
msgid ""
843
"Another possible Samba permission is to declare "
844
"<emphasis>administrative</emphasis> permissions to a particular shared "
845
"resource. Users having administrative permissions may read, write, or modify "
846
"any information contained in the resource the user has been given explicit "
847
"administrative permissions to."
848
msgstr ""
849
"Ще однією можливістю задання прав доступу у Samba є визначення "
850
"<emphasis>адміністративних</emphasis> прав доступу до певного спільного "
851
"ресурсу. Користувачі з адміністративними правами доступу можуть читати, "
852
"писати та вносити зміни до будь-яких даних ресурсу, де користувачеві було "
853
"надано явні адміністративні права доступу."
854
855
#: serverguide/C/windows-networking.xml:554(para)
856
msgid ""
857
"For example, if you wanted to give the user <emphasis "
858
"role=\"italic\">melissa</emphasis> administrative permissions to the "
859
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
860
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
861
"under the <emphasis>[share]</emphasis> entry:"
862
msgstr ""
863
"Наприклад, щоб надати користувачеві <emphasis "
864
"role=\"italic\">melissa</emphasis> адміністративних прав доступу до "
865
"<emphasis role=\"italic\">спільного ресурсу</emphasis>, слід внести зміни до "
866
"файла <filename>/etc/samba/smb.conf</filename>, а саме, додати такий рядок у "
867
"розділ <emphasis>[share]</emphasis>:"
868
869
#: serverguide/C/windows-networking.xml:561(programlisting)
870
#, no-wrap
871
msgid ""
872
"\n"
873
" admin users = melissa\n"
874
msgstr ""
875
"\n"
876
" admin users = melissa\n"
877
878
#: serverguide/C/windows-networking.xml:565(para)
879
msgid ""
880
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
881
"the changes to take effect:"
882
msgstr ""
883
"Після внесення змін до <filename>/etc/samba/smb.conf</filename> "
884
"перезапустіть Samba, щоб зміни набули чинності:"
885
886
#: serverguide/C/windows-networking.xml:575(para)
887
msgid ""
888
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
889
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
890
"<emphasis role=\"italic\">security = share</emphasis>"
891
msgstr ""
892
"Щоб мати змогу працювати з <emphasis>read list</emphasis> і <emphasis>write "
893
"list</emphasis>, режим захисту Samba <emphasis>не</emphasis> слід "
894
"встановлювати у значення <emphasis role=\"italic\">security = "
895
"share</emphasis>"
896
897
#: serverguide/C/windows-networking.xml:581(para)
898
msgid ""
899
"Now that Samba has been configured to limit which groups have access to the "
900
"shared directory, the filesystem permissions need to be updated."
901
msgstr ""
902
"Тепер, коли Samba налаштовано на обмеження переліку груп користувачів, які "
903
"мають доступ до спільного каталогу, слід оновити права доступу до файлової "
904
"системи."
905
906
#: serverguide/C/windows-networking.xml:586(para)
907
msgid ""
908
"Traditional Linux file permissions do not map well to Windows NT Access "
909
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
910
"providing more fine grained control. For example, to enable ACLs on "
911
"<filename>/srv</filename> an EXT3 filesystem, edit "
912
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
913
msgstr ""
914
"Традиційні права доступу до файлів Linux не дуже то і збігаються з списками "
915
"керування доступом (ACL) Windows NT. На щастя на серверах з "
916
"<phrase>Ubuntu</phrase> можна скористатися ACL POSIX. За допомогою цих "
917
"списків керування доступом можна здійснювати дуже точне керування. Для "
918
"прикладу, щоб увімкнути ACL на <filename>/srv</filename> з файловою системою "
919
"EXT3, внесіть зміни до файла <filename>/etc/fstab</filename>, а саме, "
920
"додайте параметр <emphasis>acl</emphasis>:"
921
922
#: serverguide/C/windows-networking.xml:593(programlisting)
923
#, no-wrap
924
msgid ""
925
"\n"
926
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
927
"0 1\n"
928
msgstr ""
929
"\n"
930
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
931
"0 1\n"
932
933
#: serverguide/C/windows-networking.xml:597(para)
934
msgid "Then remount the partition:"
935
msgstr "Після цього повторно змонтуйте розділ:"
936
937
#: serverguide/C/windows-networking.xml:602(command)
938
msgid "sudo mount -v -o remount /srv"
939
msgstr "sudo mount -v -o remount /srv"
940
941
#: serverguide/C/windows-networking.xml:606(para)
942
msgid ""
943
"The above example assumes <filename>/srv</filename> on a separate partition. "
944
"If <filename>/srv</filename>, or wherever you have configured your share "
945
"path, is part of the <filename>/</filename> partition a reboot may be "
946
"required."
947
msgstr ""
948
"У наведеному вище прикладі припускалося, що каталог "
949
"<filename>/srv</filename> зберігається на окремому розділі. Якщо є "
950
"<filename>/srv</filename> або будь-який інший каталог, налаштування якого "
951
"виконується, є частиною розділу <filename>/</filename>, може знадобитися "
952
"перезавантаження системи."
953
954
#: serverguide/C/windows-networking.xml:613(para)
955
msgid ""
956
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
957
"group will be given read, write, and execute permissions to "
958
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
959
"will be given read and execute permissions, and the files will be owned by "
960
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
961
msgstr ""
962
"Відповідно до вказаних вище налаштувань Samba, групі "
963
"<emphasis>sysadmin</emphasis> буде надано права доступу на читання, запис та "
964
"виконання файлів ресурсу <filename>/srv/samba/share</filename>, групі "
965
"<emphasis>qa</emphasis> буде надано права на читання та виконання, а самі "
966
"файли належатимуть користувачеві <emphasis>melissa</emphasis>. Введіть у "
967
"вікні термінала:"
968
969
#: serverguide/C/windows-networking.xml:621(command)
970
msgid "sudo chown -R melissa /srv/samba/share/"
971
msgstr "sudo chown -R melissa /srv/samba/share/"
972
973
#: serverguide/C/windows-networking.xml:622(command)
974
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
975
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
976
977
#: serverguide/C/windows-networking.xml:623(command)
978
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
979
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
980
981
#: serverguide/C/windows-networking.xml:627(para)
982
msgid ""
983
"The <application>setfacl</application> command above gives "
984
"<emphasis>execute</emphasis> permissions to all files in the "
985
"<filename>/srv/samba/share</filename> directory, which you may or may not "
986
"want."
987
msgstr ""
988
"Наведена вище команда <application>setfacl</application> надає права на "
989
"<emphasis>виконання</emphasis> всіх файлів у каталозі "
990
"<filename>/srv/samba/share</filename>, що може бути бажаним або небажаним "
991
"результатом."
992
993
#: serverguide/C/windows-networking.xml:633(para)
994
msgid ""
995
"Now from a Windows client you should notice the new file permissions are "
996
"implemented. See the <application>acl</application> and "
997
"<application>setfacl</application> man pages for more information on POSIX "
998
"ACLs."
999
msgstr ""
1000
"За допомогою клієнтського комп’ютера Windows можна буде переконатися, що до "
1001
"файлів застосовано нові права доступу. Докладніше про ACL у POSIX можна "
1002
"дізнатися зі сторінок довідника (man) <application>acl</application> та "
1003
"<application>setfacl</application>."
1004
1005
#: serverguide/C/windows-networking.xml:641(title)
1006
msgid "Samba AppArmor Profile"
1007
msgstr "Профіль AppArmor Samba"
1008
1009
#: serverguide/C/windows-networking.xml:643(para)
1010
msgid ""
1011
"Ubuntu comes with the <application>AppArmor</application> security module, "
1012
"which provides mandatory access controls. The default AppArmor profile for "
1013
"Samba will need to be adapted to your configuration. For more details on "
1014
"using AppArmor see <xref linkend=\"apparmor\"/>."
1015
msgstr ""
1016
"Частиною <phrase>Ubuntu</phrase> є модуль безпеки "
1017
"<application>AppArmor</application>, який забезпечує роботу обов’язкового "
1018
"керування доступом. У типовий профіль AppArmor для Samba слід внести зміни, "
1019
"що відповідають іншим налаштуванням. Докладніше з AppArmor можна "
1020
"ознайомитися за допомогою відповідної <xref linkend=\"apparmor\"/>."
1021
1022
#: serverguide/C/windows-networking.xml:649(para)
1023
msgid ""
1024
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
1025
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
1026
"of the <application>apparmor-profiles</application> packages. To install the "
1027
"package, from a terminal prompt enter:"
1028
msgstr ""
1029
"У типовому комплекті AppArmor передбачено профілі для "
1030
"<filename>/usr/sbin/smbd</filename> і <filename>/usr/sbin/nmbd</filename>, "
1031
"виконуваних файлів фонових служб Samba. Ці профілі є частиною пакунка "
1032
"<application>apparmor-profiles</application>. Щоб встановити цей пакунок, "
1033
"віддайте таку команду у вікні термінала:"
1034
1035
#: serverguide/C/windows-networking.xml:656(command) serverguide/C/security.xml:920(command)
1036
msgid "sudo apt-get install apparmor-profiles"
1037
msgstr "sudo apt-get install apparmor-profiles"
1038
1039
#: serverguide/C/windows-networking.xml:660(para)
1040
msgid "This package contains profiles for several other binaries."
1041
msgstr ""
1042
"У цьому пакунку містяться профілі для декількох інших виконуваних файлів."
1043
1044
#: serverguide/C/windows-networking.xml:665(para)
1045
msgid ""
1046
"By default the profiles for <application>smbd</application> and "
1047
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
1048
"allowing Samba to work without modifying the profile, and only logging "
1049
"errors. To place the <application>smbd</application> profile into "
1050
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
1051
"profile will need to be modified to reflect any directories that are shared."
1052
msgstr ""
1053
"За типових налаштувань профілі для <application>smbd</application> і "
1054
"<application>nmbd</application> працюють у режимі "
1055
"<emphasis>complain</emphasis>. У такому режимі Samba може працювати без "
1056
"внесення змін до профілю, всі помилки лише записуватимуться до журналу. Щоб "
1057
"перевести профіль <application>smbd</application> у режим "
1058
"<emphasis>enforce</emphasis> так, щоб це не вплинуло на працездатність "
1059
"Samba, слід зазначити у профілі всіх каталоги, які надаються у спільне "
1060
"використання."
1061
1062
#: serverguide/C/windows-networking.xml:672(para)
1063
msgid ""
1064
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
1065
"for <emphasis>[share]</emphasis> from the file server example:"
1066
msgstr ""
1067
"Внесіть зміни до <filename>/etc/apparmor.d/usr.sbin.smbd</filename> "
1068
"додаванням відомостей до розділу <emphasis>[share]</emphasis> з прикладу для "
1069
"сервера спільного доступу до файлів:"
1070
1071
#: serverguide/C/windows-networking.xml:677(programlisting)
1072
#, no-wrap
1073
msgid ""
1074
"\n"
1075
" /srv/samba/share/ r,\n"
1076
" /srv/samba/share/** rwkix,\n"
1077
msgstr ""
1078
"\n"
1079
" /srv/samba/share/ r,\n"
1080
"/srv/samba/share/** rwkix,\n"
1081
1082
#: serverguide/C/windows-networking.xml:682(para)
1083
msgid ""
1084
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
1085
msgstr ""
1086
"Тепер скопіюйте профіль до <emphasis>enforce</emphasis> і перезавантажте "
1087
"його:"
1088
1089
#: serverguide/C/windows-networking.xml:687(command)
1090
msgid "sudo aa-enforce /usr/sbin/smbd"
1091
msgstr "sudo aa-enforce /usr/sbin/smbd"
1092
1093
#: serverguide/C/windows-networking.xml:688(command)
1094
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1095
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
1096
1097
#: serverguide/C/windows-networking.xml:691(para)
1098
msgid ""
1099
"You should now be able to read, write, and execute files in the shared "
1100
"directory as normal, and the <application>smbd</application> binary will "
1101
"have access to only the configured files and directories. Be sure to add "
1102
"entries for each directory you configure Samba to share. Also, any errors "
1103
"will be logged to <filename>/var/log/syslog</filename>."
1104
msgstr ""
1105
"Тепер можна читати, записувати та виконувати файли у каталозі спільного "
1106
"використання у звичайному режимі, а виконуваний файл "
1107
"<application>smbd</application> матиме доступ лише до вказаних вами файлів "
1108
"та каталогів. Не забудьте вказати всі каталоги, які має надати у спільне "
1109
"використання Samba. Всі повідомлення про помилки записуватимуться до файла "
1110
"<filename>/var/log/syslog</filename>."
1111
1112
#: serverguide/C/windows-networking.xml:716(para) serverguide/C/windows-networking.xml:1096(para)
1113
msgid ""
1114
"O'Reilly's <ulink "
1115
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
1116
"also a good reference."
1117
msgstr ""
1118
"Ще одним чудовим підручником є <ulink "
1119
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Використання "
1120
"Samba</ulink> видавництва O'Reilly."
1121
1122
#: serverguide/C/windows-networking.xml:722(para)
1123
msgid ""
1124
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1125
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
1126
"security."
1127
msgstr ""
1128
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
1129
"samba.html\">Главу 18</ulink> збірки настанов з Samba HOWTO присвячено "
1130
"питанням безпеки."
1131
1132
#: serverguide/C/windows-networking.xml:728(para)
1133
msgid ""
1134
"For more information on Samba and ACLs see the <ulink "
1135
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1136
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
1137
msgstr ""
1138
"Щоб дізнатися більше про Samba і ACL, ознайомтеся зі <ulink "
1139
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
1140
"Collection/AccessControls.html#id397568\">сторінкою ACL Samba</ulink>."
1141
1142
#: serverguide/C/windows-networking.xml:744(title)
1143
msgid "Samba as a Domain Controller"
1144
msgstr "Samba як контролер домену"
1145
1146
#: serverguide/C/windows-networking.xml:746(para)
1147
msgid ""
1148
"Although it cannot act as an Active Directory Primary Domain Controller "
1149
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
1150
"domain controller. A major advantage of this configuration is the ability to "
1151
"centralize user and machine credentials. Samba can also use multiple "
1152
"backends to store the user information."
1153
msgstr ""
1154
"Хоча Samba не може працювати у режимі основного контролера домену (Primary "
1155
"Domain Controller або PDC) Active Directory, сервер Samba можна налаштувати "
1156
"на роботу у режимі контролера домену у стилі Windows NT4. Основною перевагою "
1157
"такого налаштування є можливість централізованого керування реєстраційними "
1158
"даними користувачів і комп’ютерів. Крім того, у Samba передбачено можливість "
1159
"використання декількох серверів зберігання відомостей щодо користувачів."
1160
1161
#: serverguide/C/windows-networking.xml:753(title)
1162
msgid "Primary Domain Controller"
1163
msgstr "Основний контролер домену"
1164
1165
#: serverguide/C/windows-networking.xml:755(para)
1166
msgid ""
1167
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
1168
"using the default smbpasswd backend."
1169
msgstr ""
1170
"У цьому розділі наведено настанови з налаштування Samba на роботу у режимі "
1171
"основного контролера домену (Primary Domain Controller або PDC) з "
1172
"використанням типового сервера smbpasswd."
1173
1174
#: serverguide/C/windows-networking.xml:762(para)
1175
msgid ""
1176
"First, install Samba, and <application>libpam-smbpass</application> to sync "
1177
"the user accounts, by entering the following in a terminal prompt:"
1178
msgstr ""
1179
"Встановіть Samba і <application>libpam-smbpass</application> для "
1180
"синхронізації даних облікових записів користувачів за допомогою такої "
1181
"команди, відданої у вікні термінала:"
1182
1183
#: serverguide/C/windows-networking.xml:768(command) serverguide/C/windows-networking.xml:993(command)
1184
msgid "sudo apt-get install samba libpam-smbpass"
1185
msgstr "sudo apt-get install samba libpam-smbpass"
1186
1187
#: serverguide/C/windows-networking.xml:774(para)
1188
msgid ""
1189
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
1190
"The <emphasis>security</emphasis> mode should be set to <emphasis "
1191
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
1192
"should relate to your organization:"
1193
msgstr ""
1194
"Далі, налаштуйте Samba внесенням змін до файла "
1195
"<filename>/etc/samba/smb.conf</filename>. Режим <emphasis>захисту "
1196
"(security)</emphasis> слід встановити у значення <emphasis "
1197
"role=\"italic\">user</emphasis>, а <emphasis>workgroup</emphasis> має "
1198
"відповідати вашій установі:"
1199
1200
#: serverguide/C/windows-networking.xml:789(para)
1201
msgid ""
1202
"In the commented <quote>Domains</quote> section add or uncomment the "
1203
"following:"
1204
msgstr ""
1205
"У закоментованому розділі <quote>Domains</quote> додайте такі рядки або "
1206
"вилучіть позначки коментування з рядків:"
1207
1208
#: serverguide/C/windows-networking.xml:793(programlisting)
1209
#, no-wrap
1210
msgid ""
1211
"\n"
1212
" domain logons = yes\n"
1213
" logon path = \\\\%N\\%U\\profile\n"
1214
" logon drive = H:\n"
1215
" logon home = \\\\%N\\%U\n"
1216
" logon script = logon.cmd\n"
1217
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1218
"/var/lib/samba -s /bin/false %u\n"
1219
msgstr ""
1220
"\n"
1221
" domain logons = yes\n"
1222
" logon path = \\\\%N\\%U\\profile\n"
1223
" logon drive = H:\n"
1224
" logon home = \\\\%N\\%U\n"
1225
" logon script = logon.cmd\n"
1226
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
1227
"/var/lib/samba -s /bin/false %u\n"
1228
1229
#: serverguide/C/windows-networking.xml:804(para)
1230
msgid ""
1231
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
1232
"Samba to act as a domain controller."
1233
msgstr ""
1234
"<emphasis>domain logons:</emphasis> забезпечує роботу служби netlogon, що "
1235
"надає змогу Samba працювати у режимі контролера домену."
1236
1237
#: serverguide/C/windows-networking.xml:809(para)
1238
msgid ""
1239
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
1240
"their home directory. It is also possible to configure a "
1241
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
1242
"directory."
1243
msgstr ""
1244
"<emphasis>logon path:</emphasis> розташовує профіль користувача Windows до "
1245
"домашнього каталогу користувача. Крім того, можна налаштувати спільний "
1246
"ресурс <emphasis>[profiles]</emphasis> для зберігання всіх профілів у одному "
1247
"каталозі."
1248
1249
#: serverguide/C/windows-networking.xml:815(para)
1250
msgid ""
1251
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
1252
msgstr ""
1253
"<emphasis>logon drive:</emphasis> визначає локальний шлях до домашнього "
1254
"каталогу."
1255
1256
#: serverguide/C/windows-networking.xml:820(para)
1257
msgid ""
1258
"<emphasis>logon home:</emphasis> specifies the home directory location."
1259
msgstr ""
1260
"<emphasis>logon home:</emphasis> визначає адресу домашнього каталогу."
1261
1262
#: serverguide/C/windows-networking.xml:825(para)
1263
msgid ""
1264
"<emphasis>logon script:</emphasis> determines the script to be run locally "
1265
"once a user has logged in. The script needs to be placed in the "
1266
"<emphasis>[netlogon]</emphasis> share."
1267
msgstr ""
1268
"<emphasis>logon script:</emphasis> визначає скрипт, який буде виконано "
1269
"локально після входу користувача до системи. Скрипт має зберігатися на "
1270
"спільному ресурсі <emphasis>[netlogon]</emphasis>."
1271
1272
#: serverguide/C/windows-networking.xml:831(para)
1273
msgid ""
1274
"<emphasis>add machine script:</emphasis> a script that will automatically "
1275
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
1276
"workstation to join the domain."
1277
msgstr ""
1278
"<emphasis>add machine script:</emphasis> скрипт, який автоматично "
1279
"створюватиме <emphasis>Machine Trust Account</emphasis> (обліковий запис "
1280
"довіри до машини), потрібний для долучення робочої станції до домену."
1281
1282
#: serverguide/C/windows-networking.xml:835(para)
1283
msgid ""
1284
"In this example the <emphasis>machines</emphasis> group will need to be "
1285
"created using the <application>addgroup</application> utility see <xref "
1286
"linkend=\"adding-deleting-users\"/> for details."
1287
msgstr ""
1288
"У нашому прикладі групу <emphasis>machines</emphasis> слід буде створити за "
1289
"допомогою команди <application>addgroup</application> Докладніше про це у "
1290
"розділі <xref linkend=\"adding-deleting-users\"/>."
1291
1292
#: serverguide/C/windows-networking.xml:839(para)
1293
msgid ""
1294
"Also, rights need to be explicitly provided to the <emphasis>Domain "
1295
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
1296
"(and other admin functions) to work. This is achieved by executing:"
1297
msgstr ""
1298
1299
#: serverguide/C/windows-networking.xml:844(command)
1300
msgid ""
1301
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1302
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1303
"SeRemoteShutdownPrivilege"
1304
msgstr ""
1305
"net rpc rights grant \"EXAMPLE\\Domain Admins\" SeMachineAccountPrivilege "
1306
"SePrintOperatorPrivilege \\ SeAddUsersPrivilege SeDiskOperatorPrivilege "
1307
"SeRemoteShutdownPrivilege"
1308
1309
#: serverguide/C/windows-networking.xml:851(para)
1310
msgid ""
1311
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
1312
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
1313
"commented."
1314
msgstr ""
1315
"Якщо <emphasis>Roaming Profiles</emphasis> (профілі роумінгу) не буде "
1316
"використано, не вилучайте позначок коментування з рядків <emphasis>logon "
1317
"home</emphasis> і <emphasis>logon path</emphasis>."
1318
1319
#: serverguide/C/windows-networking.xml:860(para)
1320
msgid ""
1321
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
1322
"role=\"italic\">logon home</emphasis> to be mapped:"
1323
msgstr ""
1324
"Вилучіть позначку коментаря з пункту спільного ресурсу "
1325
"<emphasis>[homes]</emphasis>, щоб надати серверу змогу створювати каталоги "
1326
"<emphasis role=\"italic\">входу до системи</emphasis>:"
1327
1328
#: serverguide/C/windows-networking.xml:865(programlisting)
1329
#, no-wrap
1330
msgid ""
1331
"\n"
1332
"[homes]\n"
1333
" comment = Home Directories\n"
1334
" browseable = no\n"
1335
" read only = no\n"
1336
" create mask = 0700\n"
1337
" directory mask = 0700\n"
1338
" valid users = %S\n"
1339
msgstr ""
1340
"\n"
1341
"[homes]\n"
1342
" comment = Home Directories\n"
1343
" browseable = no\n"
1344
" read only = no\n"
1345
" create mask = 0700\n"
1346
" directory mask = 0700\n"
1347
" valid users = %S\n"
1348
1349
#: serverguide/C/windows-networking.xml:878(para)
1350
msgid ""
1351
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
1352
"share needs to be configured. To enable the share, uncomment:"
1353
msgstr ""
1354
"Якщо комп’ютер налаштовано на роботу у режимі контролера домену, лід "
1355
"налаштувати спільний ресурс <emphasis>[netlogon]</emphasis>. Щоб увімкнути "
1356
"цей спільний ресурс, вилучіть позначку коментування з рядків:"
1357
1358
#: serverguide/C/windows-networking.xml:883(programlisting)
1359
#, no-wrap
1360
msgid ""
1361
"\n"
1362
"[netlogon]\n"
1363
" comment = Network Logon Service\n"
1364
" path = /srv/samba/netlogon\n"
1365
" guest ok = yes\n"
1366
" read only = yes\n"
1367
" share modes = no\n"
1368
msgstr ""
1369
"\n"
1370
"[netlogon]\n"
1371
"comment = Network Logon Service\n"
1372
"path = /srv/samba/netlogon\n"
1373
"guest ok = yes\n"
1374
"read only = yes\n"
1375
"share modes = no\n"
1376
1377
#: serverguide/C/windows-networking.xml:893(para)
1378
msgid ""
1379
"The original <emphasis>netlogon</emphasis> share path is "
1380
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1381
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1382
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1383
"location for site-specific data provided by the system."
1384
msgstr ""
1385
"Початковою адресою спільного ресурсу <emphasis>netlogon</emphasis> є "
1386
"<filename>/home/samba/netlogon</filename>, але відповідно до стандарту "
1387
"ієрархії файлових систем (Filesystem Hierarchy Standard або FHS), правильним "
1388
"місцем для зберігання специфічних даних, що надаються системою, є <ulink "
1389
"url=\"http://www.pathname.com/fhs/pub/fhs-2.3. "
1390
"html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink>."
1391
1392
#: serverguide/C/windows-networking.xml:904(para)
1393
msgid ""
1394
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1395
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1396
msgstr ""
1397
"Тепер створіть каталог <filename role=\"directory\">netlogon</filename> і "
1398
"порожній (поки що) файл скрипту <filename>logon.cmd</filename>:"
1399
1400
#: serverguide/C/windows-networking.xml:910(command)
1401
msgid "sudo mkdir -p /srv/samba/netlogon"
1402
msgstr "sudo mkdir -p /srv/samba/netlogon"
1403
1404
#: serverguide/C/windows-networking.xml:911(command)
1405
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1406
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1407
1408
#: serverguide/C/windows-networking.xml:914(para)
1409
msgid ""
1410
"You can enter any normal Windows logon script commands in "
1411
"<filename>logon.cmd</filename> to customize the client's environment."
1412
msgstr ""
1413
"У файлі <filename>logon.cmd</filename> можна вказати будь-які звичайні "
1414
"команди скриптів входу Windows для налаштування клієнтського середовища."
1415
1416
#: serverguide/C/windows-networking.xml:922(para)
1417
msgid ""
1418
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1419
"workstation to the domain, a system group needs to be mapped to the Windows "
1420
"<emphasis>Domain Admins</emphasis> group. Using the "
1421
"<application>net</application> utility, from a terminal enter:"
1422
msgstr ""
1423
"За умови, що у системі типово вимкнено групу <emphasis>root</emphasis>, щоб "
1424
"долучити робочу станцію до домену, системну групу має бути відображено на "
1425
"групу Windows <emphasis>Domain Admins</emphasis>. Скористаємося програмою "
1426
"<application>net</application> у вікні термінала:"
1427
1428
#: serverguide/C/windows-networking.xml:929(command)
1429
msgid ""
1430
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1431
"type=d"
1432
msgstr ""
1433
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1434
"type=d"
1435
1436
#: serverguide/C/windows-networking.xml:933(para)
1437
msgid ""
1438
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1439
"prefer. Also, the user used to join the domain needs to be a member of the "
1440
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1441
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1442
"allows <application>sudo</application> use."
1443
msgstr ""
1444
"Змініть <emphasis role=\"italic\">sysadmin</emphasis> на потрібну вам групу "
1445
"Користувач, який долучатиметься до домену, має бути учасником групи "
1446
"<emphasis>sysadmin</emphasis>, а також учасником системної групи "
1447
"<emphasis>admin</emphasis>. Учасникам групи <emphasis>admin</emphasis> можна "
1448
"використовувати команду <application>sudo</application>."
1449
1450
#: serverguide/C/windows-networking.xml:944(para)
1451
msgid "Finally, restart Samba to enable the new domain controller:"
1452
msgstr "Нарешті, перезапустіть Samba, щоб увімкнути новий контролер домену:"
1453
1454
#: serverguide/C/windows-networking.xml:956(para)
1455
msgid ""
1456
"You should now be able to join Windows clients to the Domain in the same "
1457
"manner as joining them to an NT4 domain running on a Windows server."
1458
msgstr ""
1459
"Тепер можна долучати клієнтські комп’ютери під керуванням Windows до домену, "
1460
"подібно до того, які ці комп’ютери долучаються до домену NT4 під керуванням "
1461
"сервера Windows."
1462
1463
#: serverguide/C/windows-networking.xml:966(title)
1464
msgid "Backup Domain Controller"
1465
msgstr "Резервний контролер домену"
1466
1467
#: serverguide/C/windows-networking.xml:968(para)
1468
msgid ""
1469
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1470
"Backup Domain Controller (BDC) as well. This will allow clients to "
1471
"authenticate in case the PDC becomes unavailable."
1472
msgstr ""
1473
"Якщо у мережі є основний контролер домену (Primary Domain Controller або "
1474
"PDC), варто також створити резервний контролер домену (Backup Domain "
1475
"Controller або BDC). Створення такого контролера надасть змогу клієнтським "
1476
"комп’ютерам проходити розпізнавання, якщо PDC виявиться недоступним."
1477
1478
#: serverguide/C/windows-networking.xml:973(para)
1479
msgid ""
1480
"When configuring Samba as a BDC you need a way to sync account information "
1481
"with the PDC. There are multiple ways of accomplishing this "
1482
"<application>scp</application>, <application>rsync</application>, or by "
1483
"using <application>LDAP</application> as the <emphasis>passdb "
1484
"backend</emphasis>."
1485
msgstr ""
1486
"Для налаштування Samba на роботу у режимі резервного контролера домену слід "
1487
"забезпечити синхронізацію даних щодо облікових записів з основним "
1488
"контролером домену (PDC). Виконати це завдання можна у декілька способів, "
1489
"зокрема з використанням <application>scp</application>, "
1490
"<application>rsync</application> або використанням "
1491
"<application>LDAP</application> у режимі <emphasis>сервера passdb</emphasis>."
1492
1493
#: serverguide/C/windows-networking.xml:979(para)
1494
msgid ""
1495
"Using LDAP is the most robust way to sync account information, because both "
1496
"domain controllers can use the same information in real time. However, "
1497
"setting up a LDAP server may be overly complicated for a small number of "
1498
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1499
msgstr ""
1500
"Використання LDAP є найнадійнішим способом синхронізації даних щодо "
1501
"облікових записів, оскільки у такому режимі обидва контролери домену можуть "
1502
"одночасно користуватися даними у режимі реального часу Втім, налаштування "
1503
"сервера LDAP може виявитися занадто складним завданням, якщо вам потрібно "
1504
"обслуговувати незначну кількість облікових записів користувачів та "
1505
"комп’ютерів Докладніше про налаштування можна дізнатися зі сторінки Samba "
1506
"<xref linkend=\"samba-ldap\"/>."
1507
1508
#: serverguide/C/windows-networking.xml:988(para)
1509
msgid ""
1510
"First, install <application>samba</application> and <application>libpam-"
1511
"smbpass</application>. From a terminal enter:"
1512
msgstr ""
1513
"Спочатку встановіть пакунки <application>samba</application> і "
1514
"<application>libpam-smbpass</application>. У емуляторі термінала віддайте "
1515
"команду:"
1516
1517
#: serverguide/C/windows-networking.xml:999(para)
1518
msgid ""
1519
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1520
"following in the <emphasis>[global]</emphasis>:"
1521
msgstr ""
1522
"Відкрийте у вікні текстового редактора файл "
1523
"<filename>/etc/samba/smb.conf</filename> і вилучіть позначку коментаря з "
1524
"таких рядків у розділі <emphasis>[global]</emphasis>:"
1525
1526
#: serverguide/C/windows-networking.xml:1012(para)
1527
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1528
msgstr ""
1529
"У закоментованому розділі <emphasis>Domains</emphasis> вилучіть позначку "
1530
"коментування з рядків або додайте рядки:"
1531
1532
#: serverguide/C/windows-networking.xml:1016(programlisting)
1533
#, no-wrap
1534
msgid ""
1535
"\n"
1536
" domain logons = yes\n"
1537
" domain master = no\n"
1538
msgstr ""
1539
"\n"
1540
" domain logons = yes\n"
1541
" domain master = no\n"
1542
1543
#: serverguide/C/windows-networking.xml:1024(para)
1544
msgid ""
1545
"Make sure a user has rights to read the files in "
1546
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1547
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1548
"files, enter:"
1549
msgstr ""
1550
"Не забудьте надати користувачеві права на читання файлів у каталозі "
1551
"<filename>/var/lib/samba</filename>. Наприклад, щоб дозволити користувачам з "
1552
"групи <emphasis>admin</emphasis> виконувати команду "
1553
"<application>scp</application> над файлами, введіть таку команду:"
1554
1555
#: serverguide/C/windows-networking.xml:1030(command)
1556
msgid "sudo chgrp -R admin /var/lib/samba"
1557
msgstr "sudo chgrp -R admin /var/lib/samba"
1558
1559
#: serverguide/C/windows-networking.xml:1036(para)
1560
msgid ""
1561
"Next, sync the user accounts, using <application>scp</application> to copy "
1562
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1563
msgstr ""
1564
"Далі, синхронізуйте облікові записи користувачів за допомогою "
1565
"<application>scp</application> для копіювання каталогу "
1566
"<filename>/var/lib/samba</filename> з основного контролера домену (PDC):"
1567
1568
#: serverguide/C/windows-networking.xml:1042(command)
1569
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1570
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1571
1572
#: serverguide/C/windows-networking.xml:1046(para)
1573
msgid ""
1574
"Replace <emphasis>username</emphasis> with a valid username and "
1575
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1576
msgstr ""
1577
"Замініть <emphasis>username</emphasis> на коректне ім’я користувача, а "
1578
"<emphasis>pdc</emphasis> — на назву вузла або IP-адресу основного контролера "
1579
"домену (PDC)."
1580
1581
#: serverguide/C/windows-networking.xml:1055(para)
1582
msgid "Finally, restart <application>samba</application>:"
1583
msgstr "Нарешті, перезапустіть <application>samba</application>:"
1584
1585
#: serverguide/C/windows-networking.xml:1067(para)
1586
msgid ""
1587
"You can test that your Backup Domain controller is working by stopping the "
1588
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1589
"the domain."
1590
msgstr ""
1591
"Перевірте працездатність резервного контролера домену зупинкою фонової "
1592
"служби Samba на основному контролері домену (PDC) з наступною спробою увійти "
1593
"до клієнтського комп’ютера під керуванням Windows, долученого до домену."
1594
1595
#: serverguide/C/windows-networking.xml:1072(para)
1596
msgid ""
1597
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1598
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1599
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1600
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1601
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1602
msgstr ""
1603
"Якщо було налаштовано параметр <emphasis>logon home</emphasis> на каталог на "
1604
"основному контролері домену, а зв’язок з основним контролером домену буде "
1605
"перервано, доступ до диска користувача <emphasis>Домівка</emphasis> також "
1606
"буде закрито. З цієї причини, найкраще вказувати для <emphasis>logon "
1607
"home</emphasis> каталог на окремому файловому сервері, на якому не працює "
1608
"основний чи резервний контролер домену."
1609
1610
#: serverguide/C/windows-networking.xml:1102(para)
1611
msgid ""
1612
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1613
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1614
"up a Primary Domain Controller."
1615
msgstr ""
1616
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1617
"pdc.html\">Главу 4</ulink> збірки настанов з Samba присвячено налаштуванню "
1618
"основного контролера домену."
1619
1620
#: serverguide/C/windows-networking.xml:1108(para)
1621
msgid ""
1622
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1623
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1624
"explains setting up a Backup Domain Controller."
1625
msgstr ""
1626
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1627
"Collection/samba-bdc.html\">Главу 5</ulink> збірки настанов з Samba "
1628
"присвячено налаштуванню резервного контролера домену."
1629
1630
#: serverguide/C/windows-networking.xml:1123(title)
1631
msgid "Samba Active Directory Integration"
1632
msgstr "Інтеграція Samba зі службами Active Directory"
1633
1634
#: serverguide/C/windows-networking.xml:1126(title)
1635
msgid "Accessing a Samba Share"
1636
msgstr "Встановлення доступу до спільного ресурсу Samba"
1637
1638
#: serverguide/C/windows-networking.xml:1128(para)
1639
msgid ""
1640
"Another, use for Samba is to integrate into an existing Windows network. "
1641
"Once part of an Active Directory domain, Samba can provide file and print "
1642
"services to AD users."
1643
msgstr ""
1644
"Ще одним з використань Samba є інтеграція до вже створеної мережі Windows. "
1645
"Після долучення до домену Active Directory (AD) Samba може надавати доступ "
1646
"до файлів і принтерів користувачам AD."
1647
1648
#: serverguide/C/windows-networking.xml:1133(para)
1649
msgid ""
1650
"The simplest way to join an AD domain is to use <application>Likewise-"
1651
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1652
"open\"/>."
1653
msgstr ""
1654
"Найпростішим способом долучення до домену AD є використання "
1655
"<application>Likewise-open</application>. Докладніші настанови можна знайти "
1656
"у розділі <xref linkend=\"likewise-open\"/>."
1657
1658
#: serverguide/C/windows-networking.xml:1138(para)
1659
msgid ""
1660
"Once part of the domain, enter the following command in the terminal prompt:"
1661
msgstr ""
1662
"Після того, як комп’ютер стане частиною домену, введіть таку команду у вікні "
1663
"емулятора термінала:"
1664
1665
#: serverguide/C/windows-networking.xml:1143(command)
1666
msgid "sudo apt-get install samba smbfs smbclient"
1667
msgstr "sudo apt-get install samba smbfs smbclient"
1668
1669
#: serverguide/C/windows-networking.xml:1146(para)
1670
msgid ""
1671
"Since the <application>likewise-open</application> and "
1672
"<application>samba</application> packages use separate "
1673
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1674
"<filename role=\"directory\">/var/lib/samba</filename>:"
1675
msgstr ""
1676
"Оскільки у пакунках <application>likewise-open</application> і "
1677
"<application>samba</application> використовуються різні файли "
1678
"<filename>secrets.tdb</filename>, слід створити символічне посилання у "
1679
"каталозі <filename role=\"directory\">/var/lib/samba</filename>:"
1680
1681
#: serverguide/C/windows-networking.xml:1152(command)
1682
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1683
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1684
1685
#: serverguide/C/windows-networking.xml:1153(command)
1686
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1687
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1688
1689
#: serverguide/C/windows-networking.xml:1156(para)
1690
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1691
msgstr ""
1692
"Далі, внесіть зміни до цього фрагмента "
1693
"<filename>/etc/samba/smb.conf</filename>:"
1694
1695
#: serverguide/C/windows-networking.xml:1160(programlisting)
1696
#, no-wrap
1697
msgid ""
1698
"\n"
1699
" workgroup = EXAMPLE\n"
1700
" ...\n"
1701
" security = ads\n"
1702
" realm = EXAMPLE.COM\n"
1703
" ...\n"
1704
" idmap backend = lwopen\n"
1705
" idmap uid = 50-9999999999\n"
1706
" idmap gid = 50-9999999999\n"
1707
msgstr ""
1708
"\n"
1709
" workgroup = EXAMPLE\n"
1710
" ...\n"
1711
" security = ads\n"
1712
" realm = EXAMPLE.COM\n"
1713
" ...\n"
1714
" idmap backend = lwopen\n"
1715
" idmap uid = 50-9999999999\n"
1716
" idmap gid = 50-9999999999\n"
1717
1718
#: serverguide/C/windows-networking.xml:1171(para)
1719
msgid ""
1720
"Restart <application>samba</application> for the new settings to take effect:"
1721
msgstr ""
1722
"Перезапустіть <application>samba</application>, щоб нові параметри набули "
1723
"чинності:"
1724
1725
#: serverguide/C/windows-networking.xml:1180(para)
1726
msgid ""
1727
"You should now be able to access any <application>Samba</application> shares "
1728
"from a Windows client. However, be sure to give the appropriate AD users or "
1729
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1730
"security\"/> for more details."
1731
msgstr ""
1732
"Тепер має з’явитися можливість отримувати доступ до будь-яких спільних "
1733
"ресурсів <application>Samba</application> за допомогою клієнтського "
1734
"комп’ютера під керуванням Windows. Втім, не слід забувати, що відповідним "
1735
"користувачам або групам AD слід надати права доступу до каталогу спільного "
1736
"використання. Докладніше про це у розділі <xref linkend=\"samba-fileprint-"
1737
"security\"/>."
1738
1739
#: serverguide/C/windows-networking.xml:1188(title)
1740
msgid "Accessing a Windows Share"
1741
msgstr "Встановлення доступу до спільного ресурсу Windows"
1742
1743
#: serverguide/C/windows-networking.xml:1190(para)
1744
msgid ""
1745
"Now that the Samba server is part of the Active Directory domain you can "
1746
"access any Windows server shares:"
1747
msgstr ""
1748
"Тепер, коли сервер Samba є частиною домену Active Directory, можна отримати "
1749
"доступ до будь-якого спільного ресурсу сервера Windows:"
1750
1751
#: serverguide/C/windows-networking.xml:1197(para)
1752
msgid ""
1753
"To mount a Windows file share enter the following in a terminal prompt:"
1754
msgstr ""
1755
"Щоб змонтувати спільний файловий ресурс Windows, віддайте таку команду:"
1756
1757
#: serverguide/C/windows-networking.xml:1201(command)
1758
msgid "mount.cifs //fs01.example.com/share mount_point"
1759
msgstr "mount.cifs //fs01.example.com/share mount_point"
1760
1761
#: serverguide/C/windows-networking.xml:1204(para)
1762
msgid ""
1763
"It is also possible to access shares on computers not part of an AD domain, "
1764
"but a username and password will need to be provided."
1765
msgstr ""
1766
"Крім того, можна отримувати доступ до спільних ресурсів комп’ютерів, які не "
1767
"є частиною домену AD, але для цього доведеться вказати ім’я користувача і "
1768
"пароль."
1769
1770
#: serverguide/C/windows-networking.xml:1212(para)
1771
msgid ""
1772
"To mount the share during boot place an entry in "
1773
"<filename>/etc/fstab</filename>, for example:"
1774
msgstr ""
1775
"Щоб наказати системі монтувати спільний ресурс під час завантаження, додайте "
1776
"відповідний запис до файла <filename>/etc/fstab</filename>. Приклад:"
1777
1778
#: serverguide/C/windows-networking.xml:1216(programlisting)
1779
#, no-wrap
1780
msgid ""
1781
"\n"
1782
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1783
"0 0\n"
1784
msgstr ""
1785
"\n"
1786
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1787
"0 0\n"
1788
1789
#: serverguide/C/windows-networking.xml:1223(para)
1790
msgid ""
1791
"Another way to copy files from a Windows server is to use the "
1792
"<application>smbclient</application> utility. To list the files in a Windows "
1793
"share:"
1794
msgstr ""
1795
"Ще одним способом копіювання файлів з сервера Windows є використання "
1796
"програми <application>smbclient</application>. Щоб переглянути список файлів "
1797
"на спільному ресурсі Windows, віддайте таку команду:"
1798
1799
#: serverguide/C/windows-networking.xml:1229(command)
1800
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1801
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
1802
1803
#: serverguide/C/windows-networking.xml:1235(para)
1804
msgid "To copy a file from the share, enter:"
1805
msgstr "Щоб скопіювати файл зі спільного ресурсу, віддайте таку команду:"
1806
1807
#: serverguide/C/windows-networking.xml:1240(command)
1808
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1809
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1810
1811
#: serverguide/C/windows-networking.xml:1243(para)
1812
msgid ""
1813
"This will copy the <filename>file.txt</filename> into the current directory."
1814
msgstr ""
1815
"Файл <filename>file.txt</filename> буде скопійовано до поточного каталогу."
1816
1817
#: serverguide/C/windows-networking.xml:1250(para)
1818
msgid "And to copy a file to the share:"
1819
msgstr "Щоб скопіювати файл на спільний ресурс, скористайтеся командою:"
1820
1821
#: serverguide/C/windows-networking.xml:1255(command)
1822
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1823
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1824
1825
#: serverguide/C/windows-networking.xml:1258(para)
1826
msgid ""
1827
"This will copy the <filename>/etc/hosts</filename> to "
1828
"<filename>//fs01.example.com/share/hosts</filename>."
1829
msgstr ""
1830
"Файл <filename>/etc/hosts</filename> буде скопійовано до "
1831
"<filename>//fs01.example.com/share/hosts</filename>."
1832
1833
#: serverguide/C/windows-networking.xml:1265(para)
1834
msgid ""
1835
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1836
"<application>smbclient</application> command all at once. This is useful for "
1837
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1838
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1839
"and directory commands, simply execute:"
1840
msgstr ""
1841
"Використаний вище параметр <emphasis>-c</emphasis> надає змогу виконувати "
1842
"весь кортеж команди <application>smbclient</application>. Подібні команди "
1843
"можуть бути корисними під час створення скриптів або виконання незначних дій "
1844
"з файлами. Щоб увійти до режиму запрошення <emphasis>smb: \\></emphasis>, "
1845
"подібного до режиму FTP, ще можна віддавати звичайні команди керування "
1846
"файлами і каталогами, просто віддайте таку команду у Konsole:"
1847
1848
#: serverguide/C/windows-networking.xml:1272(command)
1849
msgid "smbclient //fs01.example.com/share -k"
1850
msgstr "smbclient //fs01.example.com/share -k"
1851
1852
#: serverguide/C/windows-networking.xml:1279(para)
1853
msgid ""
1854
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1855
"<emphasis>//192.168.0.5/share</emphasis>, "
1856
"<emphasis>username=steve,password=secret</emphasis>, and "
1857
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1858
"file name, and an actual username and password with rights to the share."
1859
msgstr ""
1860
"Замініть всі рядки <emphasis>fs01.example.com/share</emphasis>, "
1861
"<emphasis>//192.168.0.5/share</emphasis>, "
1862
"<emphasis>username=steve,password=secret</emphasis> і "
1863
"<emphasis>file.txt</emphasis> на відповідну 's IP-адресу сервера, назву "
1864
"вузла, назву спільного ресурсу, назву файла, а також ім’я і пароль "
1865
"користувача, який має доступ до спільного ресурсу."
1866
1867
#: serverguide/C/windows-networking.xml:1290(para)
1868
msgid ""
1869
"For more <application>smbclient</application> options see the man page: "
1870
"<command>man smbclient</command>, also available <ulink "
1871
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/smbclient.1.html\""
1872
">online</ulink>."
1873
msgstr ""
1874
1875
#: serverguide/C/windows-networking.xml:1295(para)
1876
msgid ""
1877
"The <application>mount.cifs</application><ulink "
1878
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/mount.cifs.8.html"
1879
"\">man page</ulink> is also useful for more detailed information."
1880
msgstr ""
1881
1882
#: serverguide/C/windows-networking.xml:1308(title)
1883
msgid "Likewise Open"
1884
msgstr "Likewise Open"
1885
1886
#: serverguide/C/windows-networking.xml:1310(para)
1887
msgid ""
1888
"<application>Likewise Open</application> simplifies the necessary "
1889
"configuration needed to authenticate a Linux machine to an Active Directory "
1890
"domain. Based on <application>winbind</application>, the "
1891
"<application>likewise-open</application> package takes the pain out of "
1892
"integrating Ubuntu authentication into an existing Windows network."
1893
msgstr ""
1894
"<application>Likewise Open</application> спрощує налаштовування комп’ютера "
1895
"під керуванням Linux на розпізнавання у домені Active Directory. Заснований "
1896
"на <application>winbind</application>, пакунок <application>likewise-"
1897
"open</application> бере на себе завдання з інтеграції системи розпізнавання "
1898
"<phrase>Ubuntu</phrase> до вже створеної мережі Windows."
1899
1900
#: serverguide/C/windows-networking.xml:1319(para)
1901
msgid ""
1902
"There are two ways to use Likewise Open, <application>likewise-"
1903
"open</application> the command line utility and <application>likewise-open-"
1904
"gui</application>. This section focuses on the command line utility."
1905
msgstr ""
1906
"Існує два способи використання Likewise Open: інструмент командного рядка "
1907
"<application>likewise-open</application> і графічна оболонка "
1908
"<application>likewise-open-gui</application>. У цьому розділі ми зосередимо "
1909
"увагу на використанні інструменту командного рядка."
1910
1911
#: serverguide/C/windows-networking.xml:1324(para)
1912
msgid ""
1913
"To install the <application>likewise-open</application> package, open a "
1914
"terminal prompt and enter:"
1915
msgstr ""
1916
"Що встановити пакунок <application>likewise-open</application>, відкрийте "
1917
"вікно емулятора термінала і введіть таку команду:"
1918
1919
#: serverguide/C/windows-networking.xml:1329(command)
1920
msgid "sudo apt-get install likewise-open"
1921
msgstr "sudo apt-get install likewise-open"
1922
1923
#: serverguide/C/windows-networking.xml:1334(title)
1924
msgid "Joining a Domain"
1925
msgstr "Долучення до домену"
1926
1927
#: serverguide/C/windows-networking.xml:1336(para)
1928
msgid ""
1929
"The main executable file of the <application>likewise-open</application> "
1930
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1931
"join your computer to the domain. Before you join a domain you will need to "
1932
"make sure you have:"
1933
msgstr ""
1934
1935
#: serverguide/C/windows-networking.xml:1344(para)
1936
msgid ""
1937
"Access to an Active Directory user with appropriate rights to join the "
1938
"domain."
1939
msgstr ""
1940
"Доступ для користувача Active Directory з відповідними правами до долучення "
1941
"до домену."
1942
1943
#: serverguide/C/windows-networking.xml:1349(para)
1944
msgid ""
1945
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1946
"you want to join. If your AD domain does not match a valid domain such as "
1947
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1948
"the form of <emphasis>domainname.local</emphasis>."
1949
msgstr ""
1950
"<emphasis>Fully Qualified Domain Name</emphasis> (FQDN) домену, до якого "
1951
"долучатиметься комп’ютер Якщо назва домену AD не є коректною назвою домену у "
1952
"форматі <emphasis role=\"italic\">example.com</emphasis>, ймовірно, що "
1953
"назвою є щось подібне до <emphasis>назва_домену.local</emphasis>."
1954
1955
#: serverguide/C/windows-networking.xml:1356(para)
1956
msgid ""
1957
"DNS for the domain setup properly. In a production AD environment this "
1958
"should be the case. Proper Microsoft DNS is needed so that client "
1959
"workstations can determine the Active Directory domain is available."
1960
msgstr ""
1961
"DNS для належного налаштування домену. Це особливо актуально у промислових "
1962
"середовищах AD. Для визначення клієнтськими робочими станціями доступності "
1963
"домену Active Directory потрібен належний сервер Microsoft DNS."
1964
1965
#: serverguide/C/windows-networking.xml:1360(para)
1966
msgid ""
1967
"If you don't have a Windows DNS server on your network, see <xref "
1968
"linkend=\"likewise-open-ms-dns\"/> for details."
1969
msgstr ""
1970
"Якщо у мережі немає сервера DNS Windows, скористайтеся настановами з розділу "
1971
"<xref linkend=\"likewise-open-ms-dns\"/>."
1972
1973
#: serverguide/C/windows-networking.xml:1367(para)
1974
msgid "To join a domain, from a terminal prompt enter:"
1975
msgstr "Щоб долучитися до домену, у командному рядку введіть таку команду:"
1976
1977
#: serverguide/C/windows-networking.xml:1372(command)
1978
msgid "sudo domainjoin-cli join example.com Administrator"
1979
msgstr "sudo domainjoin-cli join example.com Administrator"
1980
1981
#: serverguide/C/windows-networking.xml:1376(para)
1982
msgid ""
1983
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1984
"<emphasis>Administrator</emphasis> with the appropriate user name."
1985
msgstr ""
1986
"Замініть <emphasis>example.com</emphasis> на належну назву домену, а "
1987
"<emphasis>Administrator</emphasis> на ім’я відповідного користувача."
1988
1989
#: serverguide/C/windows-networking.xml:1382(para)
1990
msgid ""
1991
"You will then be prompted for the user's password. If all goes well a "
1992
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1993
msgstr ""
1994
"З’явиться запрошення на введення пароля користувача. Якщо пароль буде "
1995
"вказано правильно, у консолі з’явиться повідомлення "
1996
"<emphasis>SUCCESS</emphasis>."
1997
1998
#: serverguide/C/windows-networking.xml:1388(para)
1999
msgid ""
2000
"After joining the domain, it is necessary to reboot before attempting to "
2001
"authenticate against the domain."
2002
msgstr ""
2003
"Після долучення до домену треба перезавантажити систему, перш ніж "
2004
"повторювати спробу пройти розпізнавання доменом."
2005
2006
#: serverguide/C/windows-networking.xml:1394(para)
2007
msgid ""
2008
"After successfully joining an Ubuntu machine to an Active Directory domain "
2009
"you can authenticate using any valid AD user. To login you will need to "
2010
"enter the user name as 'domain\\username'. For example to ssh to a server "
2011
"joined to the domain enter:"
2012
msgstr ""
2013
"Після успішного долучення комп’ютера під керуванням <phrase>Ubuntu</phrase> "
2014
"до домену Active Directory для розпізнавання можна скористатися "
2015
"реєстраційними даними будь-якого чинного користувача AD Для входу до системи "
2016
"слід ввести ім’я користувача у форматі «домен\\користувач». Наприклад, для "
2017
"встановлення зв’язку ssh з сервером, долученим до домену, введіть:"
2018
2019
#: serverguide/C/windows-networking.xml:1401(command)
2020
msgid "ssh 'example\\steve'@hostname"
2021
msgstr "ssh 'example\\steve'@hostname"
2022
2023
#: serverguide/C/windows-networking.xml:1405(para)
2024
msgid ""
2025
"If configuring a Desktop the user name will need to be prefixed with "
2026
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
2027
msgstr ""
2028
"Якщо відбувається налаштування звичайного комп’ютера, у графічному вікні "
2029
"входу до імені користувача слід додати префікс <emphasis "
2030
"role=\"italic\">домен\\</emphasis>."
2031
2032
#: serverguide/C/windows-networking.xml:1411(para)
2033
msgid ""
2034
"To make likewise-open use a default domain, you can add the following "
2035
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
2036
msgstr ""
2037
"Щоб налаштувати likewise-open на використання типового домену, слід додати "
2038
"такий рядок до <filename>/etc/samba/lwiauthd.conf</filename>:"
2039
2040
#: serverguide/C/windows-networking.xml:1415(programlisting)
2041
#, no-wrap
2042
msgid ""
2043
"\n"
2044
"winbind use default domain = yes\n"
2045
msgstr ""
2046
"\n"
2047
"winbind use default domain = yes\n"
2048
2049
#: serverguide/C/windows-networking.xml:1419(para)
2050
msgid "Then restart the <application>likewise-open</application> daemons:"
2051
msgstr ""
2052
"Після цього перезапустіть фонові служби <application>likewise-"
2053
"open</application>:"
2054
2055
#: serverguide/C/windows-networking.xml:1424(command)
2056
msgid "sudo /etc/init.d/likewise-open restart"
2057
msgstr "sudo /etc/init.d/likewise-open restart"
2058
2059
#: serverguide/C/windows-networking.xml:1428(para)
2060
msgid ""
2061
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
2062
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
2063
"using only their username."
2064
msgstr ""
2065
"Після налаштування <emphasis>default domain</emphasis> запис <emphasis "
2066
"role=\"italic\">'domain\\'</emphasis> вже не потрібен. Користувачі можуть "
2067
"входити до системи за допомогою лише власного імені користувача."
2068
2069
#: serverguide/C/windows-networking.xml:1434(para)
2070
msgid ""
2071
"The <application>domainjoin-cli</application> utility can also be used to "
2072
"leave the domain. From a terminal:"
2073
msgstr ""
2074
"Крім того, для полишення домену можна скористатися програмою "
2075
"<application>domainjoin-cli</application>. Віддайте у терміналі таку команду:"
2076
2077
#: serverguide/C/windows-networking.xml:1439(command)
2078
msgid "sudo domainjoin-cli leave"
2079
msgstr "sudo domainjoin-cli leave"
2080
2081
#: serverguide/C/windows-networking.xml:1444(title) serverguide/C/security.xml:1772(title)
2082
msgid "Other Utilities"
2083
msgstr "Інші допоміжні програми"
2084
2085
#: serverguide/C/windows-networking.xml:1446(para)
2086
msgid ""
2087
"The <application>likewise-open</application> package comes with a few other "
2088
"utilities that may be useful for gathering information about the Active "
2089
"Directory environment. These utilities are used to join the machine to the "
2090
"domain, and are the same as those available in the <application>samba-"
2091
"common</application> and <application>winbind</application> packages:"
2092
msgstr ""
2093
"До складу пакунка <application>likewise-open</application> включено декілька "
2094
"інших програм, які можуть бути корисними для збирання даних щодо середовища "
2095
"Active Directory. Ці програми призначено для долучення комп’ютера до домену, "
2096
"вони подібні до програм з пакунків <application>samba-common</application> і "
2097
"<application>winbind</application>:"
2098
2099
#: serverguide/C/windows-networking.xml:1455(para)
2100
msgid ""
2101
"<application>lwinet</application>: Returns information about the network and "
2102
"the domain."
2103
msgstr ""
2104
"<application>lwinet</application>: повертає відомості щодо мережі і домену."
2105
2106
#: serverguide/C/windows-networking.xml:1460(para)
2107
msgid ""
2108
"<application>lwimsg</application>: Allows interaction with the "
2109
"<application>likewise-winbindd</application> daemon."
2110
msgstr ""
2111
"<application>lwimsg</application>: надає змогу взаємодіяти з фоновою службою "
2112
"<application>likewise-winbindd</application>."
2113
2114
#: serverguide/C/windows-networking.xml:1465(para)
2115
msgid ""
2116
"<application>lwiinfo</application>: Displays information about various parts "
2117
"of the Domain."
2118
msgstr ""
2119
"<application>lwiinfo</application>: показує відомості щодо різноманітних "
2120
"частин домену."
2121
2122
#: serverguide/C/windows-networking.xml:1471(para)
2123
msgid "Please refer to each utility's man page specific for details."
2124
msgstr ""
2125
"Щоб дізнатися більше, зверніться до сторінок довідника (man) кожної з "
2126
"програм."
2127
2128
#: serverguide/C/windows-networking.xml:1477(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1631(title) serverguide/C/dns.xml:338(title)
2129
msgid "Troubleshooting"
2130
msgstr "Вирішення проблем"
2131
2132
#: serverguide/C/windows-networking.xml:1481(para)
2133
msgid ""
2134
"If the client has trouble joining the domain, double check that the "
2135
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
2136
"example:"
2137
msgstr ""
2138
"Якщо у клієнтського комп’ютера виникають проблеми з долученням до домену, "
2139
"переконайтеся, що DNS Microsoft розташовано першим у списку "
2140
"<filename>/etc/resolv.conf</filename>. Приклад:"
2141
2142
#: serverguide/C/windows-networking.xml:1486(programlisting)
2143
#, no-wrap
2144
msgid ""
2145
"\n"
2146
"nameserver 192.168.0.1\n"
2147
msgstr ""
2148
"\n"
2149
"nameserver 192.168.0.1\n"
2150
2151
#: serverguide/C/windows-networking.xml:1491(para)
2152
msgid ""
2153
"For more information when joining a domain, use the <emphasis>--loglevel "
2154
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
2155
"<application>domainjoin-cli</application> utility:"
2156
msgstr ""
2157
"Щоб отримувати більше даних під час долучення до домену, скористайтеся "
2158
"параметром <emphasis>--loglevel verbose</emphasis> або параметром <emphasis>-"
2159
"-advanced</emphasis> командного рядка <application>domainjoin-"
2160
"cli</application>:"
2161
2162
#: serverguide/C/windows-networking.xml:1497(command)
2163
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2164
msgstr ""
2165
"sudo domainjoin-cli --loglevel verbose join example.com Administrator"
2166
2167
#: serverguide/C/windows-networking.xml:1501(para)
2168
msgid ""
2169
"If an Active Directory user has trouble logging in, check the "
2170
"<filename>/var/log/auth.log</filename> for details."
2171
msgstr ""
2172
"Якщо у користувача Active Directory виникають проблеми з входом до системи, "
2173
"повідомлення про помилки можна знайти у файлі "
2174
"<filename>/var/log/auth.log</filename>."
2175
2176
#: serverguide/C/windows-networking.xml:1506(para)
2177
msgid ""
2178
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
2179
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
2180
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
2181
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
2182
"<emphasis>hosts</emphasis> option. For example:"
2183
msgstr ""
2184
"Якщо домену долучається звичайна робоча станція під керуванням "
2185
"<phrase>Ubuntu</phrase>, можливо, доведеться внести зміни до файла "
2186
"<filename>/etc/nsswitch.conf</filename>, якщо у домені AD використано "
2187
"синтаксис <emphasis role=\"italic\">.local</emphasis>. Для долучення до "
2188
"домену слід вилучити запис <emphasis>\"mdns4\"</emphasis> з пункту "
2189
"<emphasis>hosts</emphasis>. Приклад:"
2190
2191
#: serverguide/C/windows-networking.xml:1512(programlisting)
2192
#, no-wrap
2193
msgid ""
2194
"\n"
2195
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2196
msgstr ""
2197
"\n"
2198
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
2199
2200
#: serverguide/C/windows-networking.xml:1516(para)
2201
msgid "Change the above to:"
2202
msgstr "Змініть наведений вище рядок на такий:"
2203
2204
#: serverguide/C/windows-networking.xml:1520(programlisting)
2205
#, no-wrap
2206
msgid ""
2207
"\n"
2208
"hosts: files dns [NOTFOUND=return]\n"
2209
msgstr ""
2210
"\n"
2211
"hosts: files dns [NOTFOUND=return]\n"
2212
2213
#: serverguide/C/windows-networking.xml:1524(para)
2214
msgid "Then restart networking by entering:"
2215
msgstr "Після цього перезапустіть роботу мережі такою командою:"
2216
2217
#: serverguide/C/windows-networking.xml:1529(command) serverguide/C/network-config.xml:559(command)
2218
msgid "sudo /etc/init.d/networking restart"
2219
msgstr "sudo /etc/init.d/networking restart"
2220
2221
#: serverguide/C/windows-networking.xml:1532(para)
2222
msgid "You should now be able to join the Active Directory domain."
2223
msgstr "Тепер можна долучатися до домену Active Directory."
2224
2225
#: serverguide/C/windows-networking.xml:1540(title)
2226
msgid "Microsoft DNS"
2227
msgstr "DNS Microsoft"
2228
2229
#: serverguide/C/windows-networking.xml:1542(para)
2230
msgid ""
2231
"The following are instructions for installing DNS on an Active Directory "
2232
"domain controller running Windows Server 2003, but the instructions should "
2233
"be similar for other versions:"
2234
msgstr ""
2235
"Нижче наведено настанови щодо встановлення DNS на контролері домену Active "
2236
"Directory під керуванням Windows Server 2003, але цими настановами можна "
2237
"скористатися і для інших версії:"
2238
2239
#: serverguide/C/windows-networking.xml:1551(para)
2240
msgid ""
2241
"Click "
2242
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
2243
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
2244
"This will open the <application>Server Role Mangement</application> utility."
2245
msgstr ""
2246
"Скористайтеся пунктом меню "
2247
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative "
2248
"Tools</guimenuitem><guimenuitem>Manage Your "
2249
"Server</guimenuitem></menuchoice>. У відповідь буде відкрито вікно програми "
2250
"<application>Server Role Management</application>."
2251
2252
#: serverguide/C/windows-networking.xml:1559(para)
2253
msgid "Click <guilabel>Add or remove a role</guilabel>"
2254
msgstr ""
2255
"Натисніть кнопку <guilabel>Додати або вилучити роль</guilabel> "
2256
"(<guilabel>Add or remove a role</guilabel>)"
2257
2258
#: serverguide/C/windows-networking.xml:1560(para) serverguide/C/windows-networking.xml:1562(para) serverguide/C/windows-networking.xml:1565(para)
2259
msgid "Click Next"
2260
msgstr ""
2261
"Натисніть кнопку <guibutton>Далі</guibutton> (<guibutton>Next</guibutton>)"
2262
2263
#: serverguide/C/windows-networking.xml:1561(para)
2264
msgid "Select \"DNS Server\""
2265
msgstr ""
2266
"Виберіть пункт <guilabel>Сервер DNS</guilabel> (<guilabel>DNS "
2267
"Server</guilabel>)"
2268
2269
#: serverguide/C/windows-networking.xml:1563(para)
2270
msgid "Click Next again to proceed"
2271
msgstr ""
2272
"Натисніть кнопку <guibutton>Далі</guibutton> (<guibutton>Next</guibutton>)"
2273
2274
#: serverguide/C/windows-networking.xml:1564(para)
2275
msgid "Select \"Create a forward lookup zone\" if it is not selected."
2276
msgstr ""
2277
"Позначте пункт <guilabel>Create a forward lookup zone</guilabel>, якщо його "
2278
"ще не позначено."
2279
2280
#: serverguide/C/windows-networking.xml:1566(para)
2281
msgid ""
2282
"Make sure \"This server maintains the zone\" is selected and click Next."
2283
msgstr ""
2284
"Переконайтеся, що позначено пункт <guilabel>This server maintains the "
2285
"zone</guilabel> (Цей сервер підтримує зону) і натисніть кнопку "
2286
"<guibutton>Next</guibutton> («Далі»)."
2287
2288
#: serverguide/C/windows-networking.xml:1567(para)
2289
msgid "Enter your domain name and click Next"
2290
msgstr "Введіть назву домену і натисніть кнопку «Далі»"
2291
2292
#: serverguide/C/windows-networking.xml:1568(para)
2293
msgid "Click Next to \"Allow only secure dynamic updates\""
2294
msgstr ""
2295
"Клацніть поряд з пунктом \"Allow only secure dynamic updates\" («Дозволити "
2296
"лише безпечні динамічні оновлення»)"
2297
2298
#: serverguide/C/windows-networking.xml:1570(para)
2299
msgid ""
2300
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
2301
"should not forward queries\" and click Next."
2302
msgstr ""
2303
"Введіть IP-адреси серверів DNS, на які слід спрямовувати запити, або "
2304
"позначте пункт \"No, it should not forward queries\" («Ні, не слід "
2305
"переспрямовувати запити»), а потім натисніть кнопку "
2306
"<guibutton>Next</guibutton> (<guibutton>Далі</guibutton>)."
2307
2308
#: serverguide/C/windows-networking.xml:1574(para) serverguide/C/windows-networking.xml:1575(para)
2309
msgid "Click Finish"
2310
msgstr ""
2311
"Натисніть кнопку <guibutton>Завершити</guibutton> "
2312
"(<guibutton>Finish</guibutton>)"
2313
2314
#: serverguide/C/windows-networking.xml:1577(para)
2315
msgid ""
2316
"DNS is now installed and can be further configured using the "
2317
"<application>Microsoft Management Console</application> DNS snap-in."
2318
msgstr ""
2319
"Тепер DNS встановлено. Подальше налаштування можна виконати за допомогою "
2320
"програми<application>Microsoft Management Console</application> DNS."
2321
2322
#: serverguide/C/windows-networking.xml:1585(para)
2323
msgid "Click Start"
2324
msgstr ""
2325
"Натисніть кнопку <guibutton>Пуск</guibutton> (<guibutton>Start</guibutton>)"
2326
2327
#: serverguide/C/windows-networking.xml:1586(para)
2328
msgid "Control Panel"
2329
msgstr "Панель керування"
2330
2331
#: serverguide/C/windows-networking.xml:1587(para)
2332
msgid "Network Connections"
2333
msgstr "Мережеві з'єднання"
2334
2335
#: serverguide/C/windows-networking.xml:1588(para)
2336
msgid "Right Click \"Local Area Connection\""
2337
msgstr ""
2338
"Клацніть правою кнопкою на \"Local Area Connection\" («Локальне з’єднання»)"
2339
2340
#: serverguide/C/windows-networking.xml:1589(para)
2341
msgid "Click Properties"
2342
msgstr "Натисніть кнопку <guibutton>Властивості</guibutton>"
2343
2344
#: serverguide/C/windows-networking.xml:1590(para)
2345
msgid "Double click \"Internet Protocol (TCP/IP)\""
2346
msgstr "Двічі клацніть на позначці «Інтернет-протокол (TCP/IP)»"
2347
2348
#: serverguide/C/windows-networking.xml:1591(para)
2349
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
2350
msgstr ""
2351
"Вкажіть IP-адресу сервера у полі «Основний сервер DNS» (\"Preferred DNS "
2352
"server\")"
2353
2354
#: serverguide/C/windows-networking.xml:1592(para)
2355
msgid "Click Ok"
2356
msgstr "Натисніть кнопку <guibutton>Гаразд</guibutton>."
2357
2358
#: serverguide/C/windows-networking.xml:1593(para)
2359
msgid "Click Ok again to save the settings"
2360
msgstr ""
2361
"Натисніть кнопку <guibutton>Гаразд</guibutton> ще раз, щоб зберегти внесені "
2362
"вами зміни"
2363
2364
#: serverguide/C/windows-networking.xml:1582(para)
2365
msgid ""
2366
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2367
msgstr ""
2368
"Далі, налаштуйте сервер на використання самого себе для обслуговування DNS-"
2369
"запитів: <placeholder-1/>"
2370
2371
#: serverguide/C/windows-networking.xml:1600(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:2154(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:872(title) serverguide/C/security.xml:1206(title) serverguide/C/security.xml:1621(title) serverguide/C/security.xml:1812(title) serverguide/C/remote-administration.xml:202(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1679(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
2372
msgid "References"
2373
msgstr "Посилання"
2374
2375
#: serverguide/C/windows-networking.xml:1602(para)
2376
msgid ""
2377
"Please refer to the <ulink "
2378
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2379
"further information."
2380
msgstr ""
2381
"Подальші відомості можна знайти на домашній сторінці <ulink "
2382
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink>."
2383
2384
#: serverguide/C/windows-networking.xml:1606(para)
2385
msgid ""
2386
"For more <application>domainjoin-cli</application> options see the man page: "
2387
"<command>man domainjoin-cli</command>."
2388
msgstr ""
2389
"Відомості щодо інших параметрів <application>domainjoin-cli</application> "
2390
"можна знайти на сторінці man: <command>man domainjoin-cli</command>."
2391
2392
#: serverguide/C/windows-networking.xml:1610(para)
2393
msgid ""
2394
"Also, see the <ulink "
2395
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2396
"LikewiseOpen</ulink> page."
2397
msgstr ""
2398
2399
#: serverguide/C/web-servers.xml:13(title)
2400
msgid "Web Servers"
2401
msgstr "Веб-сервери"
2402
2403
#: serverguide/C/web-servers.xml:14(para)
2404
msgid ""
2405
"A Web server is a software responsible for accepting HTTP requests from "
2406
"clients, which are known as Web browsers, and serving them HTTP responses "
2407
"along with optional data contents, which usually are Web pages such as HTML "
2408
"documents and linked objects (images, etc.)."
2409
msgstr ""
2410
2411
#: serverguide/C/web-servers.xml:19(title)
2412
msgid "HTTPD - Apache2 Web Server"
2413
msgstr ""
2414
2415
#: serverguide/C/web-servers.xml:20(para)
2416
msgid ""
2417
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
2418
"are used to serve Web Pages requested by client computers. Clients typically "
2419
"request and view Web Pages using Web Browser applications such as "
2420
"<application>Firefox</application>, <application>Opera</application>, or "
2421
"<application>Mozilla</application>."
2422
msgstr ""
2423
2424
#: serverguide/C/web-servers.xml:24(para)
2425
msgid ""
2426
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
2427
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
2428
"resource. For example, to view the home page of the <ulink "
2429
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
2430
"the FQDN. To request specific information about <ulink "
2431
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
2432
"enter the FQDN followed by a path."
2433
msgstr ""
2434
2435
#: serverguide/C/web-servers.xml:29(para)
2436
msgid ""
2437
"The most common protocol used to transfer Web pages is the Hyper Text "
2438
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
2439
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
2440
"protocol for uploading and downloading files, are also supported."
2441
msgstr ""
2442
2443
#: serverguide/C/web-servers.xml:33(para)
2444
msgid ""
2445
"Apache Web Servers are often used in combination with the "
2446
"<application>MySQL</application> database engine, the HyperText Preprocessor "
2447
"(<application>PHP</application>) scripting language, and other popular "
2448
"scripting languages such as <application>Python</application> and "
2449
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
2450
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
2451
"for the development and deployment of Web-based applications."
2452
msgstr ""
2453
2454
#: serverguide/C/web-servers.xml:42(para)
2455
msgid ""
2456
"The <application>Apache2</application> web server is available in Ubuntu "
2457
"Linux. To install Apache2:"
2458
msgstr ""
2459
2460
#: serverguide/C/web-servers.xml:48(para)
2461
msgid "At a terminal prompt enter the following command:"
2462
msgstr ""
2463
2464
#: serverguide/C/web-servers.xml:53(command)
2465
msgid "sudo apt-get install apache2"
2466
msgstr "sudo apt-get install apache2"
2467
2468
#: serverguide/C/web-servers.xml:63(para)
2469
msgid ""
2470
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
2471
"text configuration files. These <emphasis>directives</emphasis> are "
2472
"separated between the following files and directories:"
2473
msgstr ""
2474
2475
#: serverguide/C/web-servers.xml:71(para)
2476
msgid ""
2477
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
2478
"Contains settings that are <emphasis>global</emphasis> to Apache2."
2479
msgstr ""
2480
2481
#: serverguide/C/web-servers.xml:77(para)
2482
msgid ""
2483
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
2484
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
2485
"serve content may add files, or symlinks, to this directory."
2486
msgstr ""
2487
2488
#: serverguide/C/web-servers.xml:83(para)
2489
msgid ""
2490
"<emphasis>envvars:</emphasis> file where Apache2 "
2491
"<emphasis>environment</emphasis> variables are set."
2492
msgstr ""
2493
2494
#: serverguide/C/web-servers.xml:88(para)
2495
msgid ""
2496
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
2497
"file, named after the <application>httpd</application> daemon. The file can "
2498
"be used for <emphasis>user specific</emphasis> configuration options that "
2499
"globally effect Apache2."
2500
msgstr ""
2501
2502
#: serverguide/C/web-servers.xml:95(para)
2503
msgid ""
2504
"<emphasis>mods-available:</emphasis> this directory contains configuration "
2505
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
2506
"modules will have specific configuration files, however."
2507
msgstr ""
2508
2509
#: serverguide/C/web-servers.xml:101(para)
2510
msgid ""
2511
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
2512
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
2513
"configuration file is symlinked it will be enabled the next time "
2514
"<application>apache2</application> is restarted."
2515
msgstr ""
2516
2517
#: serverguide/C/web-servers.xml:108(para)
2518
msgid ""
2519
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
2520
"TCP ports Apache2 is listening on."
2521
msgstr ""
2522
2523
#: serverguide/C/web-servers.xml:113(para)
2524
msgid ""
2525
"<emphasis>sites-available:</emphasis> this directory has configuration files "
2526
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
2527
"to be configured for multiple sites that have separate configurations."
2528
msgstr ""
2529
2530
#: serverguide/C/web-servers.xml:119(para)
2531
msgid ""
2532
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
2533
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
2534
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
2535
"a configuration file in sites-available is symlinked, the site configured by "
2536
"it will be active once Apache2 is restarted."
2537
msgstr ""
2538
2539
#: serverguide/C/web-servers.xml:127(para)
2540
msgid ""
2541
"In addition, other configuration files may be added using the "
2542
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
2543
"many configuration files. Any directive may be placed in any of these "
2544
"configuration files. Changes to the main configuration files are only "
2545
"recognized by Apache2 when it is started or restarted."
2546
msgstr ""
2547
2548
#: serverguide/C/web-servers.xml:136(para)
2549
msgid ""
2550
"The server also reads a file containing mime document types; the filename is "
2551
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
2552
"<filename>/etc/mime.types</filename> by default."
2553
msgstr ""
2554
2555
#: serverguide/C/web-servers.xml:141(title)
2556
msgid "Basic Settings"
2557
msgstr "Основні налаштування"
2558
2559
#: serverguide/C/web-servers.xml:142(para)
2560
msgid ""
2561
"This section explains Apache2 server essential configuration parameters. "
2562
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2563
"Documentation</ulink> for more details."
2564
msgstr ""
2565
2566
#: serverguide/C/web-servers.xml:150(para)
2567
msgid ""
2568
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
2569
"it is configured with a single default virtual host (using the "
2570
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
2571
"if you have a single site, or used as a template for additional virtual "
2572
"hosts if you have multiple sites. If left alone, the default virtual host "
2573
"will serve as your default site, or the site users will see if the URL they "
2574
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
2575
"your custom sites. To modify the default virtual host, edit the file "
2576
"<filename>/etc/apache2/sites-available/default</filename>."
2577
msgstr ""
2578
2579
#: serverguide/C/web-servers.xml:163(para)
2580
msgid ""
2581
"The directives set for a virtual host only apply to that particular virtual "
2582
"host. If a directive is set server-wide and not defined within the virtual "
2583
"host settings, the default setting is used. For example, you can define a "
2584
"Webmaster email address and not define individual email addresses for each "
2585
"virtual host."
2586
msgstr ""
2587
2588
#: serverguide/C/web-servers.xml:171(para)
2589
msgid ""
2590
"If you wish to configure a new virtual host or site, copy that file into the "
2591
"same directory with a name you choose. For example:"
2592
msgstr ""
2593
2594
#: serverguide/C/web-servers.xml:177(command)
2595
msgid ""
2596
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
2597
"available/mynewsite"
2598
msgstr ""
2599
2600
#: serverguide/C/web-servers.xml:180(para)
2601
msgid ""
2602
"Edit the new file to configure the new site using some of the directives "
2603
"described below."
2604
msgstr ""
2605
2606
#: serverguide/C/web-servers.xml:187(para)
2607
msgid ""
2608
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
2609
"to be advertised for the server's administrator. The default value is "
2610
"webmaster@localhost. This should be changed to an email address that is "
2611
"delivered to you (if you are the server's administrator). If your website "
2612
"has a problem, Apache2 will display an error message containing this email "
2613
"address to report the problem to. Find this directive in your site's "
2614
"configuration file in /etc/apache2/sites-available."
2615
msgstr ""
2616
2617
#: serverguide/C/web-servers.xml:198(para)
2618
msgid ""
2619
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
2620
"the IP address, Apache2 should listen on. If the IP address is not "
2621
"specified, Apache2 will listen on all IP addresses assigned to the machine "
2622
"it runs on. The default value for the Listen directive is 80. Change this to "
2623
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
2624
"that it will not be available to the Internet, to (for example) 81 to change "
2625
"the port that it listens on, or leave it as is for normal operation. This "
2626
"directive can be found and changed in its own file, "
2627
"<filename>/etc/apache2/ports.conf</filename>"
2628
msgstr ""
2629
2630
#: serverguide/C/web-servers.xml:211(para)
2631
msgid ""
2632
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2633
"FQDN your site should answer to. The default virtual host has no ServerName "
2634
"directive specified, so it will respond to all requests that do not match a "
2635
"ServerName directive in another virtual host. If you have just acquired the "
2636
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2637
"value of the ServerName directive in your virtual host configuration file "
2638
"should be ubunturocks.com. Add this directive to the new virtual host file "
2639
"you created earlier (<filename>/etc/apache2/sites-"
2640
"available/mynewsite</filename>)."
2641
msgstr ""
2642
2643
#: serverguide/C/web-servers.xml:223(para)
2644
msgid ""
2645
"You may also want your site to respond to www.ubunturocks.com, since many "
2646
"users will assume the www prefix is appropriate. Use the "
2647
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2648
"wildcards in the ServerAlias directive."
2649
msgstr ""
2650
2651
#: serverguide/C/web-servers.xml:230(para)
2652
msgid ""
2653
"For example, the following configuration will cause your site to respond to "
2654
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2655
msgstr ""
2656
2657
#: serverguide/C/web-servers.xml:236(programlisting)
2658
#, no-wrap
2659
msgid ""
2660
"\n"
2661
"ServerAlias *.ubunturocks.com\n"
2662
msgstr ""
2663
2664
#: serverguide/C/web-servers.xml:242(para)
2665
msgid ""
2666
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2667
"should look for the files that make up the site. The default value is "
2668
"/var/www. No site is configured there, but if you uncomment the "
2669
"<emphasis>RedirectMatch</emphasis> directive in "
2670
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2671
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2672
"this value in your site's virtual host file, and remember to create that "
2673
"directory if necessary!"
2674
msgstr ""
2675
2676
#: serverguide/C/web-servers.xml:254(para)
2677
msgid ""
2678
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2679
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2680
"enabled point to \"available\" sites."
2681
msgstr ""
2682
2683
#: serverguide/C/web-servers.xml:260(para)
2684
msgid ""
2685
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2686
"<application>a2ensite</application> utility and restart Apache2:"
2687
msgstr ""
2688
2689
#: serverguide/C/web-servers.xml:266(command)
2690
msgid "sudo a2ensite mynewsite"
2691
msgstr ""
2692
2693
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2694
msgid "sudo /etc/init.d/apache2 restart"
2695
msgstr ""
2696
2697
#: serverguide/C/web-servers.xml:271(para)
2698
msgid ""
2699
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2700
"name for the VirtualHost. One method is to name the file after the "
2701
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2702
msgstr ""
2703
2704
#: serverguide/C/web-servers.xml:278(para)
2705
msgid ""
2706
"Similarly, use the <application>a2dissite</application> utility to disable "
2707
"sites. This is can be useful when troubleshooting configuration problems "
2708
"with multiple VirtualHosts:"
2709
msgstr ""
2710
2711
#: serverguide/C/web-servers.xml:284(command)
2712
msgid "sudo a2dissite mynewsite"
2713
msgstr ""
2714
2715
#: serverguide/C/web-servers.xml:290(title)
2716
msgid "Default Settings"
2717
msgstr "Типові налаштування"
2718
2719
#: serverguide/C/web-servers.xml:292(para)
2720
msgid ""
2721
"This section explains configuration of the Apache2 server default settings. "
2722
"For example, if you add a virtual host, the settings you configure for the "
2723
"virtual host take precedence for that virtual host. For a directive not "
2724
"defined within the virtual host settings, the default value is used."
2725
msgstr ""
2726
2727
#: serverguide/C/web-servers.xml:304(para)
2728
msgid ""
2729
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2730
"server when a user requests an index of a directory by specifying a forward "
2731
"slash (/) at the end of the directory name."
2732
msgstr ""
2733
2734
#: serverguide/C/web-servers.xml:311(para)
2735
msgid ""
2736
"For example, when a user requests the page "
2737
"http://www.example.com/this_directory/, he or she will get either the "
2738
"DirectoryIndex page if it exists, a server-generated directory list if it "
2739
"does not and the Indexes option is specified, or a Permission Denied page if "
2740
"neither is true. The server will try to find one of the files listed in the "
2741
"DirectoryIndex directive and will return the first one it finds. If it does "
2742
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2743
"set for that directory, the server will generate and return a list, in HTML "
2744
"format, of the subdirectories and files in the directory. The default value, "
2745
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2746
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2747
"Apache2 finds a file in a requested directory matching any of these names, "
2748
"the first will be displayed."
2749
msgstr ""
2750
2751
#: serverguide/C/web-servers.xml:332(para)
2752
msgid ""
2753
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2754
"file for Apache2 to use for specific error events. For example, if a user "
2755
"requests a resource that does not exist, a 404 error will occur, and per "
2756
"Apache2's default configuration, the file "
2757
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2758
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2759
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2760
"redirects requests to the /error directory to "
2761
"<filename>/usr/share/apache2/error/</filename>."
2762
msgstr ""
2763
2764
#: serverguide/C/web-servers.xml:344(para)
2765
msgid ""
2766
"To see a list of the default ErrorDocument directives, use this command:"
2767
msgstr ""
2768
2769
#: serverguide/C/web-servers.xml:350(command)
2770
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2771
msgstr ""
2772
2773
#: serverguide/C/web-servers.xml:355(para)
2774
msgid ""
2775
"By default, the server writes the transfer log to the file "
2776
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2777
"per-site basis in your virtual host configuration files with the "
2778
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2779
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2780
"specify the file to which errors are logged, via the "
2781
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2782
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2783
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2784
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2785
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2786
"/etc/apache2/apache2.conf</filename> for the default value)."
2787
msgstr ""
2788
2789
#: serverguide/C/web-servers.xml:370(para)
2790
msgid ""
2791
"Some options are specified on a per-directory basis rather than per-server. "
2792
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2793
"is enclosed in XML-like tags, like so:"
2794
msgstr ""
2795
2796
#: serverguide/C/web-servers.xml:376(programlisting)
2797
#, no-wrap
2798
msgid ""
2799
"\n"
2800
"<Directory /var/www/mynewsite>\n"
2801
"...\n"
2802
"</Directory>\n"
2803
msgstr ""
2804
2805
#: serverguide/C/web-servers.xml:382(para)
2806
msgid ""
2807
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2808
"one or more of the following values (among others), separated by spaces:"
2809
msgstr ""
2810
2811
#: serverguide/C/web-servers.xml:394(para)
2812
msgid ""
2813
"Most files should not be executed as CGI scripts. This would be very "
2814
"dangerous. CGI scripts should kept in a directory separate from and outside "
2815
"your DocumentRoot, and only this directory should have the ExecCGI option "
2816
"set. This is the default, and the default location for CGI scripts is "
2817
"<filename>/usr/lib/cgi-bin</filename>."
2818
msgstr ""
2819
2820
#: serverguide/C/web-servers.xml:389(para)
2821
msgid ""
2822
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2823
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2824
msgstr ""
2825
2826
#: serverguide/C/web-servers.xml:405(para)
2827
msgid ""
2828
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2829
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2830
"other files. This is not a common option. See <ulink "
2831
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2832
"HOWTO</ulink> for more information."
2833
msgstr ""
2834
2835
#: serverguide/C/web-servers.xml:414(para)
2836
msgid ""
2837
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2838
"includes, but disable the <emphasis>#exec</emphasis> and "
2839
"<emphasis>#include</emphasis> commands in CGI scripts."
2840
msgstr ""
2841
2842
#: serverguide/C/web-servers.xml:426(para)
2843
msgid ""
2844
"For security reasons, this should usually not be set, and certainly should "
2845
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2846
"per-directory basis only if you are certain you want users to see the entire "
2847
"contents of the directory."
2848
msgstr ""
2849
2850
#: serverguide/C/web-servers.xml:421(para)
2851
msgid ""
2852
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2853
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2854
"index.html) exists in the requested directory. <placeholder-1/>"
2855
msgstr ""
2856
2857
#: serverguide/C/web-servers.xml:436(para)
2858
msgid ""
2859
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2860
"multiviews; this option is disabled by default for security reasons. See the "
2861
"<ulink "
2862
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2863
"Apache2 documentation on this option</ulink>."
2864
msgstr ""
2865
2866
#: serverguide/C/web-servers.xml:444(para)
2867
msgid ""
2868
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2869
"symbolic links if the target file or directory has the same owner as the "
2870
"link."
2871
msgstr ""
2872
2873
#: serverguide/C/web-servers.xml:456(title)
2874
msgid "httpd Settings"
2875
msgstr ""
2876
2877
#: serverguide/C/web-servers.xml:458(para)
2878
msgid ""
2879
"This section explains some basic <application>httpd</application> daemon "
2880
"configuration settings."
2881
msgstr ""
2882
2883
#: serverguide/C/web-servers.xml:462(para)
2884
msgid ""
2885
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2886
"the path to the lockfile used when the server is compiled with either "
2887
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2888
"stored on the local disk. It should be left to the default value unless the "
2889
"logs directory is located on an NFS share. If this is the case, the default "
2890
"value should be changed to a location on the local disk and to a directory "
2891
"that is readable only by root."
2892
msgstr ""
2893
2894
#: serverguide/C/web-servers.xml:471(para)
2895
msgid ""
2896
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2897
"file in which the server records its process ID (pid). This file should only "
2898
"be readable by root. In most cases, it should be left to the default value."
2899
msgstr ""
2900
2901
#: serverguide/C/web-servers.xml:477(para)
2902
msgid ""
2903
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2904
"used by the server to answer requests. This setting determines the server's "
2905
"access. Any files inaccessible to this user will also be inaccessible to "
2906
"your website's visitors. The default value for User is www-data."
2907
msgstr ""
2908
2909
#: serverguide/C/web-servers.xml:484(para)
2910
msgid ""
2911
"Unless you know exactly what you are doing, do not set the User directive to "
2912
"root. Using root as the User will create large security holes for your Web "
2913
"server."
2914
msgstr ""
2915
2916
#: serverguide/C/web-servers.xml:490(para)
2917
msgid ""
2918
"The Group directive is similar to the User directive. Group sets the group "
2919
"under which the server will answer requests. The default group is also www-"
2920
"data."
2921
msgstr ""
2922
2923
#: serverguide/C/web-servers.xml:496(title)
2924
msgid "Apache2 Modules"
2925
msgstr "Модулі Apache2"
2926
2927
#: serverguide/C/web-servers.xml:498(para)
2928
msgid ""
2929
"Apache2 is a modular server. This implies that only the most basic "
2930
"functionality is included in the core server. Extended features are "
2931
"available through modules which can be loaded into Apache2. By default, a "
2932
"base set of modules is included in the server at compile-time. If the server "
2933
"is compiled to use dynamically loaded modules, then modules can be compiled "
2934
"separately, and added at any time using the LoadModule directive. Otherwise, "
2935
"Apache2 must be recompiled to add or remove modules."
2936
msgstr ""
2937
2938
#: serverguide/C/web-servers.xml:510(para)
2939
msgid ""
2940
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2941
"Configuration directives may be conditionally included on the presence of a "
2942
"particular module by enclosing them in an "
2943
"<emphasis><IfModule></emphasis> block."
2944
msgstr ""
2945
2946
#: serverguide/C/web-servers.xml:517(para)
2947
msgid ""
2948
"You can install additional Apache2 modules and use them with your Web "
2949
"server. For example, run the following command from a terminal prompt to "
2950
"install the <emphasis>MySQL Authentication</emphasis> module:"
2951
msgstr ""
2952
2953
#: serverguide/C/web-servers.xml:524(command)
2954
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2955
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2956
2957
#: serverguide/C/web-servers.xml:527(para)
2958
msgid ""
2959
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2960
"additional modules."
2961
msgstr ""
2962
2963
#: serverguide/C/web-servers.xml:531(para)
2964
msgid ""
2965
"Use the <application>a2enmod</application> utility to enable a module:"
2966
msgstr ""
2967
2968
#: serverguide/C/web-servers.xml:537(command)
2969
msgid "sudo a2enmod auth_mysql"
2970
msgstr "sudo a2enmod auth_mysql"
2971
2972
#: serverguide/C/web-servers.xml:541(para)
2973
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2974
msgstr ""
2975
2976
#: serverguide/C/web-servers.xml:546(command)
2977
msgid "sudo a2dismod auth_mysql"
2978
msgstr "sudo a2dismod auth_mysql"
2979
2980
#: serverguide/C/web-servers.xml:553(title)
2981
msgid "HTTPS Configuration"
2982
msgstr "Налаштування HTTPS"
2983
2984
#: serverguide/C/web-servers.xml:555(para)
2985
msgid ""
2986
"The <application>mod_ssl</application> module adds an important feature to "
2987
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2988
"browser is communicating using SSL, the https:// prefix is used at the "
2989
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2990
"bar."
2991
msgstr ""
2992
2993
#: serverguide/C/web-servers.xml:564(para)
2994
msgid ""
2995
"The <application>mod_ssl</application> module is available in "
2996
"<application>apache2-common</application> package. Execute the following "
2997
"command from a terminal prompt to enable the "
2998
"<application>mod_ssl</application> module:"
2999
msgstr ""
3000
3001
#: serverguide/C/web-servers.xml:571(command)
3002
msgid "sudo a2enmod ssl"
3003
msgstr ""
3004
3005
#: serverguide/C/web-servers.xml:574(para)
3006
msgid ""
3007
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
3008
"available/default-ssl</filename>. In order for "
3009
"<application>Apache2</application> to provide HTTPS, a "
3010
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
3011
"needed. The default HTTPS configuration will use a certificate and key "
3012
"generated by the <application>ssl-cert</application> package. They are good "
3013
"for testing, but the auto-generated certificate and key should be replaced "
3014
"by a certificate specific to the site or server. For information on "
3015
"generating a key and obtaining a certificate see <xref "
3016
"linkend=\"certificates-and-security\"/>"
3017
msgstr ""
3018
3019
#: serverguide/C/web-servers.xml:584(para)
3020
msgid ""
3021
"To configure <application>Apache2</application> for HTTPS, enter the "
3022
"following:"
3023
msgstr ""
3024
3025
#: serverguide/C/web-servers.xml:589(command)
3026
msgid "sudo a2ensite default-ssl"
3027
msgstr "sudo a2ensite default-ssl"
3028
3029
#: serverguide/C/web-servers.xml:593(para)
3030
msgid ""
3031
"The directories <filename>/etc/ssl/certs</filename> and "
3032
"<filename>/etc/ssl/private</filename> are the default locations. If you "
3033
"install the certificate and key in another directory make sure to change "
3034
"<emphasis>SSLCertificateFile</emphasis> and "
3035
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
3036
msgstr ""
3037
3038
#: serverguide/C/web-servers.xml:600(para)
3039
msgid ""
3040
"With Apache2 now configured for HTTPS, restart the service to enable the new "
3041
"settings:"
3042
msgstr ""
3043
3044
#: serverguide/C/web-servers.xml:611(para)
3045
msgid ""
3046
"Depending on how you obtained your certificate you may need to enter a "
3047
"passphrase when <application>Apache2</application> starts."
3048
msgstr ""
3049
3050
#: serverguide/C/web-servers.xml:617(para)
3051
msgid ""
3052
"You can access the secure server pages by typing https://your_hostname/url/ "
3053
"in your browser address bar."
3054
msgstr ""
3055
3056
#: serverguide/C/web-servers.xml:628(para)
3057
msgid ""
3058
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
3059
"Documentation</ulink> contains in depth information on Apache2 configuration "
3060
"directives. Also, see the <application>apache2-doc</application> package for "
3061
"the official Apache2 docs."
3062
msgstr ""
3063
3064
#: serverguide/C/web-servers.xml:635(para)
3065
msgid ""
3066
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
3067
"Documentation</ulink> site for more SSL related information."
3068
msgstr ""
3069
3070
#: serverguide/C/web-servers.xml:641(para)
3071
msgid ""
3072
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
3073
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
3074
"configurations."
3075
msgstr ""
3076
3077
#: serverguide/C/web-servers.xml:647(para)
3078
msgid ""
3079
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
3080
"server</emphasis> IRC channel on <ulink "
3081
"url=\"http://freenode.net/\">freenode.net</ulink>."
3082
msgstr ""
3083
3084
#: serverguide/C/web-servers.xml:653(para)
3085
msgid ""
3086
"Usually integrated with PHP and MySQL the <ulink "
3087
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3088
"Ubuntu Wiki </ulink> page is a good resource."
3089
msgstr ""
3090
3091
#: serverguide/C/web-servers.xml:664(title)
3092
msgid "PHP5 - Scripting Language"
3093
msgstr ""
3094
3095
#: serverguide/C/web-servers.xml:665(para)
3096
msgid ""
3097
"PHP is a general-purpose scripting language suited for Web development. The "
3098
"PHP script can be embedded into HTML. This section explains how to install "
3099
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
3100
msgstr ""
3101
3102
#: serverguide/C/web-servers.xml:669(para)
3103
msgid ""
3104
"This section assumes you have installed and configured Apache2 Web Server "
3105
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
3106
"sections in this document to install and configure Apache2 and MySQL "
3107
"respectively."
3108
msgstr ""
3109
3110
#: serverguide/C/web-servers.xml:676(para)
3111
msgid "The PHP5 is available in Ubuntu Linux."
3112
msgstr ""
3113
3114
#: serverguide/C/web-servers.xml:678(para)
3115
msgid ""
3116
"To install PHP5 you can enter the following command in the terminal prompt: "
3117
"<screen>\n"
3118
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
3119
"</screen>"
3120
msgstr ""
3121
3122
#: serverguide/C/web-servers.xml:687(para)
3123
msgid ""
3124
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
3125
"line you should install <application>php5-cli</application> package. To "
3126
"install <application>php5-cli</application> you can enter the following "
3127
"command in the terminal prompt: <screen>\n"
3128
"<command>sudo apt-get install php5-cli</command>\n"
3129
"</screen>"
3130
msgstr ""
3131
3132
#: serverguide/C/web-servers.xml:696(para)
3133
msgid ""
3134
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
3135
"accomplish this, you should install <application>php5-cgi</application> "
3136
"package. You can run the following command in a terminal prompt to install "
3137
"<application>php5-cgi</application> package: <screen>\n"
3138
"<command>sudo apt-get install php5-cgi</command>\n"
3139
"</screen>"
3140
msgstr ""
3141
3142
#: serverguide/C/web-servers.xml:706(para)
3143
msgid ""
3144
"To use <application>MySQL</application> with PHP5 you should install "
3145
"<application>php5-mysql</application> package. To install <application>php5-"
3146
"mysql</application> you can enter the following command in the terminal "
3147
"prompt: <screen>\n"
3148
"<command>sudo apt-get install php5-mysql</command>\n"
3149
"</screen>"
3150
msgstr ""
3151
3152
#: serverguide/C/web-servers.xml:714(para)
3153
msgid ""
3154
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
3155
"install <application>php5-pgsql</application> package. To install "
3156
"<application>php5-pgsql</application> you can enter the following command in "
3157
"the terminal prompt: <screen>\n"
3158
"<command>sudo apt-get install php5-pgsql</command>\n"
3159
"</screen>"
3160
msgstr ""
3161
3162
#: serverguide/C/web-servers.xml:727(para)
3163
msgid ""
3164
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
3165
"you have installed <application>php5-cli</application> package, you can run "
3166
"PHP5 scripts from your command prompt."
3167
msgstr ""
3168
3169
#: serverguide/C/web-servers.xml:734(para)
3170
msgid ""
3171
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
3172
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
3173
"when you install the module. Please verify if the files "
3174
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
3175
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
3176
"not exists, you can enable the module using <command>a2enmod</command> "
3177
"command."
3178
msgstr ""
3179
3180
#: serverguide/C/web-servers.xml:745(para)
3181
msgid ""
3182
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
3183
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
3184
"following command at a terminal prompt to restart your web server: "
3185
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
3186
msgstr ""
3187
3188
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1602(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
3189
msgid "Testing"
3190
msgstr "Перевірка"
3191
3192
#: serverguide/C/web-servers.xml:754(para)
3193
msgid ""
3194
"To verify your installation, you can run following PHP5 phpinfo script:"
3195
msgstr ""
3196
3197
#: serverguide/C/web-servers.xml:757(programlisting)
3198
#, no-wrap
3199
msgid ""
3200
"\n"
3201
"<?php\n"
3202
" phpinfo();\n"
3203
"?>\n"
3204
msgstr ""
3205
"\n"
3206
"<?php\n"
3207
" phpinfo();\n"
3208
"?>\n"
3209
3210
#: serverguide/C/web-servers.xml:762(para)
3211
msgid ""
3212
"You can save the content in a file <filename>phpinfo.php</filename> and "
3213
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
3214
"server. When point your browser to "
3215
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
3216
"various PHP5 configuration parameters."
3217
msgstr ""
3218
3219
#: serverguide/C/web-servers.xml:776(para)
3220
msgid ""
3221
"For more in depth information see <ulink "
3222
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
3223
msgstr ""
3224
3225
#: serverguide/C/web-servers.xml:781(para)
3226
msgid ""
3227
"There are a plethora of books on PHP. Two good books from O'Reilly are "
3228
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
3229
"5</ulink> and the <ulink "
3230
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
3231
msgstr ""
3232
3233
#: serverguide/C/web-servers.xml:788(para)
3234
msgid ""
3235
"Also, see the <ulink "
3236
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
3237
"Ubuntu Wiki</ulink> page for more information."
3238
msgstr ""
3239
3240
#: serverguide/C/web-servers.xml:799(title)
3241
msgid "Squid - Proxy Server"
3242
msgstr "Проксі-сервер Squid"
3243
3244
#: serverguide/C/web-servers.xml:800(para)
3245
msgid ""
3246
"Squid is a full-featured web proxy cache server application which provides "
3247
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
3248
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
3249
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
3250
"caching of Domain Name Server (DNS) lookups, and perform transparent "
3251
"caching. Squid also supports a wide variety of caching protocols, such as "
3252
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
3253
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
3254
"Protocol. (WCCP)"
3255
msgstr ""
3256
3257
#: serverguide/C/web-servers.xml:808(para)
3258
msgid ""
3259
"The Squid proxy cache server is an excellent solution to a variety of proxy "
3260
"and caching server needs, and scales from the branch office to enterprise "
3261
"level networks while providing extensive, granular access control mechanisms "
3262
"and monitoring of critical parameters via the Simple Network Management "
3263
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
3264
"Squid proxy, or caching servers, ensure your system is configured with a "
3265
"large amount of physical memory, as Squid maintains an in-memory cache for "
3266
"increased performance."
3267
msgstr ""
3268
3269
#: serverguide/C/web-servers.xml:817(para)
3270
msgid ""
3271
"At a terminal prompt, enter the following command to install the Squid "
3272
"server:"
3273
msgstr ""
3274
3275
#: serverguide/C/web-servers.xml:822(command)
3276
msgid "sudo apt-get install squid"
3277
msgstr ""
3278
3279
#: serverguide/C/web-servers.xml:828(para)
3280
msgid ""
3281
"Squid is configured by editing the directives contained within the "
3282
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
3283
"examples illustrate some of the directives which may be modified to affect "
3284
"the behavior of the Squid server. For more in-depth configuration of Squid, "
3285
"see the References section."
3286
msgstr ""
3287
3288
#: serverguide/C/web-servers.xml:834(para)
3289
msgid ""
3290
"Prior to editing the configuration file, you should make a copy of the "
3291
"original file and protect it from writing so you will have the original "
3292
"settings as a reference, and to re-use as necessary."
3293
msgstr ""
3294
3295
#: serverguide/C/web-servers.xml:837(para)
3296
msgid ""
3297
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
3298
"writing with the following commands entered at a terminal prompt:"
3299
msgstr ""
3300
3301
#: serverguide/C/web-servers.xml:842(command)
3302
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
3303
msgstr ""
3304
3305
#: serverguide/C/web-servers.xml:843(command)
3306
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
3307
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
3308
3309
#: serverguide/C/web-servers.xml:849(para)
3310
msgid ""
3311
"To set your Squid server to listen on TCP port 8888 instead of the default "
3312
"TCP port 3128, change the http_port directive as such:"
3313
msgstr ""
3314
3315
#: serverguide/C/web-servers.xml:853(programlisting)
3316
#, no-wrap
3317
msgid ""
3318
"\n"
3319
"http_port 8888\n"
3320
msgstr ""
3321
"\n"
3322
"http_port 8888\n"
3323
3324
#: serverguide/C/web-servers.xml:858(para)
3325
msgid ""
3326
"Change the visible_hostname directive in order to give the Squid server a "
3327
"specific hostname. This hostname does not necessarily need to be the "
3328
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
3329
msgstr ""
3330
3331
#: serverguide/C/web-servers.xml:862(programlisting)
3332
#, no-wrap
3333
msgid ""
3334
"\n"
3335
"visible_hostname weezie\n"
3336
msgstr ""
3337
"\n"
3338
"visible_hostname weezie\n"
3339
3340
#: serverguide/C/web-servers.xml:867(para)
3341
msgid ""
3342
"Using Squid's access control, you may configure use of Internet services "
3343
"proxied by Squid to be available only users with certain Internet Protocol "
3344
"(IP) addresses. For example, we will illustrate access by users of the "
3345
"192.168.42.0/24 subnetwork only:"
3346
msgstr ""
3347
3348
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
3349
msgid ""
3350
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
3351
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
3352
msgstr ""
3353
3354
#: serverguide/C/web-servers.xml:875(programlisting)
3355
#, no-wrap
3356
msgid ""
3357
"\n"
3358
"acl fortytwo_network src 192.168.42.0/24\n"
3359
msgstr ""
3360
"\n"
3361
"acl fortytwo_network src 192.168.42.0/24\n"
3362
3363
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
3364
msgid ""
3365
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
3366
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
3367
msgstr ""
3368
3369
#: serverguide/C/web-servers.xml:882(programlisting)
3370
#, no-wrap
3371
msgid ""
3372
"\n"
3373
"http_access allow fortytwo_network\n"
3374
msgstr ""
3375
"\n"
3376
"http_access allow fortytwo_network\n"
3377
3378
#: serverguide/C/web-servers.xml:887(para)
3379
msgid ""
3380
"Using the excellent access control features of Squid, you may configure use "
3381
"of Internet services proxied by Squid to be available only during normal "
3382
"business hours. For example, we'll illustrate access by employees of a "
3383
"business which is operating between 9:00AM and 5:00PM, Monday through "
3384
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
3385
msgstr ""
3386
3387
#: serverguide/C/web-servers.xml:895(programlisting)
3388
#, no-wrap
3389
msgid ""
3390
"\n"
3391
"acl biz_network src 10.1.42.0/24\n"
3392
"acl biz_hours time M T W T F 9:00-17:00\n"
3393
msgstr ""
3394
"\n"
3395
"acl biz_network src 10.1.42.0/24\n"
3396
"acl biz_hours time M T W T F 9:00-17:00\n"
3397
3398
#: serverguide/C/web-servers.xml:903(programlisting)
3399
#, no-wrap
3400
msgid ""
3401
"\n"
3402
"http_access allow biz_network biz_hours\n"
3403
msgstr ""
3404
"\n"
3405
"http_access allow biz_network biz_hours\n"
3406
3407
#: serverguide/C/web-servers.xml:910(para)
3408
msgid ""
3409
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
3410
"save the file and restart the <application>squid</application> server "
3411
"application to effect the changes using the following command entered at a "
3412
"terminal prompt:"
3413
msgstr ""
3414
3415
#: serverguide/C/web-servers.xml:917(command)
3416
msgid "sudo /etc/init.d/squid restart"
3417
msgstr "sudo /etc/init.d/squid restart"
3418
3419
#: serverguide/C/web-servers.xml:924(ulink)
3420
msgid "Squid Website"
3421
msgstr ""
3422
3423
#: serverguide/C/web-servers.xml:926(para)
3424
msgid ""
3425
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
3426
"Squid</ulink> page."
3427
msgstr ""
3428
3429
#: serverguide/C/web-servers.xml:933(title)
3430
msgid "Ruby on Rails"
3431
msgstr "Ruby on Rails"
3432
3433
#: serverguide/C/web-servers.xml:934(para)
3434
msgid ""
3435
"Ruby on Rails is an open source web framework for developing database backed "
3436
"web applications. It is optimized for sustainable productivity of the "
3437
"programmer since it lets the programmer to write code by favouring "
3438
"convention over configuration."
3439
msgstr ""
3440
3441
#: serverguide/C/web-servers.xml:941(para)
3442
msgid ""
3443
"Before installing <application>Rails</application> you should install "
3444
"<application>Apache</application> and <application>MySQL</application>. To "
3445
"install the <application>Apache</application> package, please refer to <xref "
3446
"linkend=\"httpd\"/>. For instructions on installing "
3447
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
3448
msgstr ""
3449
3450
#: serverguide/C/web-servers.xml:949(para)
3451
msgid ""
3452
"Once you have <application>Apache</application> and "
3453
"<application>MySQL</application> packages installed, you are ready to "
3454
"install <application>Ruby on Rails</application> package."
3455
msgstr ""
3456
3457
#: serverguide/C/web-servers.xml:956(para)
3458
msgid ""
3459
"To install the <application>Ruby</application> base packages and "
3460
"<application>Ruby on Rails</application>, you can enter the following "
3461
"command in the terminal prompt:"
3462
msgstr ""
3463
3464
#: serverguide/C/web-servers.xml:962(command)
3465
msgid "sudo apt-get install rails"
3466
msgstr "sudo apt-get install rails"
3467
3468
#: serverguide/C/web-servers.xml:968(para)
3469
msgid ""
3470
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
3471
"configuration file to setup your domains."
3472
msgstr ""
3473
3474
#: serverguide/C/web-servers.xml:972(para)
3475
msgid ""
3476
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
3477
msgstr ""
3478
3479
#: serverguide/C/web-servers.xml:976(programlisting)
3480
#, no-wrap
3481
msgid ""
3482
"\n"
3483
"DocumentRoot /path/to/rails/application/public\n"
3484
msgstr ""
3485
3486
#: serverguide/C/web-servers.xml:979(para)
3487
msgid ""
3488
"Next, change the <Directory \"/path/to/rails/application/public\"> "
3489
"directive:"
3490
msgstr ""
3491
3492
#: serverguide/C/web-servers.xml:983(programlisting)
3493
#, no-wrap
3494
msgid ""
3495
"\n"
3496
"<Directory \"/path/to/rails/application/public\">\n"
3497
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3498
" AllowOverride All\n"
3499
" Order allow,deny\n"
3500
" allow from all\n"
3501
" AddHandler cgi-script .cgi\n"
3502
"</Directory>\n"
3503
msgstr ""
3504
"\n"
3505
"<Directory \"/шлях/до/програми/rails/public\">\n"
3506
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
3507
" AllowOverride All\n"
3508
" Order allow,deny\n"
3509
" allow from all\n"
3510
" AddHandler cgi-script .cgi\n"
3511
"</Directory>\n"
3512
3513
#: serverguide/C/web-servers.xml:993(para)
3514
msgid ""
3515
"You should also enable the <application>mod_rewrite</application> module for "
3516
"Apache. To enable <application>mod_rewrite</application> module, please "
3517
"enter the following command in a terminal prompt:"
3518
msgstr ""
3519
3520
#: serverguide/C/web-servers.xml:999(command)
3521
msgid "sudo a2enmod rewrite"
3522
msgstr "sudo a2enmod rewrite"
3523
3524
#: serverguide/C/web-servers.xml:1002(para)
3525
msgid ""
3526
"Finally you will need to change the ownership of the "
3527
"<filename>/path/to/rails/application/public</filename> and "
3528
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
3529
"used to run the <application>Apache</application> process:"
3530
msgstr ""
3531
3532
#: serverguide/C/web-servers.xml:1008(command)
3533
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
3534
msgstr "sudo chown -R www-data:www-data /шлях/до/програми/rails/public"
3535
3536
#: serverguide/C/web-servers.xml:1009(command)
3537
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
3538
msgstr "sudo chown -R www-data:www-data /шлях/до/програми/rails/tmp"
3539
3540
#: serverguide/C/web-servers.xml:1012(para)
3541
msgid ""
3542
"That's it! Now you have your Server ready for your <application>Ruby on "
3543
"Rails</application> applications."
3544
msgstr ""
3545
3546
#: serverguide/C/web-servers.xml:1021(para)
3547
msgid ""
3548
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
3549
"for more information."
3550
msgstr ""
3551
3552
#: serverguide/C/web-servers.xml:1026(para)
3553
msgid ""
3554
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
3555
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
3556
"resource."
3557
msgstr ""
3558
3559
#: serverguide/C/web-servers.xml:1032(para)
3560
msgid ""
3561
"Another place for more information is the <ulink "
3562
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
3563
"Wiki</ulink> page."
3564
msgstr ""
3565
3566
#: serverguide/C/web-servers.xml:1043(title)
3567
msgid "Apache Tomcat"
3568
msgstr "Apache Tomcat"
3569
3570
#: serverguide/C/web-servers.xml:1044(para)
3571
msgid ""
3572
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
3573
"JSP (Java Server Pages) web applications."
3574
msgstr ""
3575
3576
#: serverguide/C/web-servers.xml:1046(para)
3577
msgid ""
3578
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
3579
"different ways of running Tomcat. You can install them as a classic unique "
3580
"system-wide instance, that will be started at boot time and will run as the "
3581
"tomcat6 unpriviledged user. But you can also deploy private instances that "
3582
"will run with your own user rights, and that you should start and stop by "
3583
"yourself. This second way is particularly useful in a development server "
3584
"context where multiple users need to test on their own private Tomcat "
3585
"instances."
3586
msgstr ""
3587
3588
#: serverguide/C/web-servers.xml:1056(title)
3589
msgid "System-wide installation"
3590
msgstr ""
3591
3592
#: serverguide/C/web-servers.xml:1057(para)
3593
msgid ""
3594
"To install the <application>Tomcat</application> server, you can enter the "
3595
"following command in the terminal prompt:"
3596
msgstr ""
3597
3598
#: serverguide/C/web-servers.xml:1060(command)
3599
msgid "sudo apt-get install tomcat6"
3600
msgstr "sudo apt-get install tomcat6"
3601
3602
#: serverguide/C/web-servers.xml:1062(para)
3603
msgid ""
3604
"This will install a Tomcat server with just a default ROOT webapp that "
3605
"displays a minimal \"It works\" page by default."
3606
msgstr ""
3607
3608
#: serverguide/C/web-servers.xml:1068(para)
3609
msgid ""
3610
"Tomcat configuration files can be found in "
3611
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
3612
"will be described here, please see <ulink "
3613
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
3614
"documentation</ulink> for more."
3615
msgstr ""
3616
3617
#: serverguide/C/web-servers.xml:1074(title)
3618
msgid "Changing default ports"
3619
msgstr ""
3620
3621
#: serverguide/C/web-servers.xml:1075(para)
3622
msgid ""
3623
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
3624
"connector on port 8009. You might want to change those default ports to "
3625
"avoid conflict with another server on the system. This is done by changing "
3626
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
3627
msgstr ""
3628
3629
#: serverguide/C/web-servers.xml:1080(programlisting)
3630
#, no-wrap
3631
msgid ""
3632
"\n"
3633
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3634
" connectionTimeout=\"20000\" \n"
3635
" redirectPort=\"8443\" />\n"
3636
"...\n"
3637
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3638
"/>\n"
3639
msgstr ""
3640
"\n"
3641
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3642
" connectionTimeout=\"20000\" \n"
3643
" redirectPort=\"8443\" />\n"
3644
"...\n"
3645
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3646
"/>\n"
3647
3648
#: serverguide/C/web-servers.xml:1089(title)
3649
msgid "Changing JVM used"
3650
msgstr ""
3651
3652
#: serverguide/C/web-servers.xml:1090(para)
3653
msgid ""
3654
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3655
"then try some other JVMs. If you have various JVMs installed, you can set "
3656
"which should be used by setting JAVA_HOME in "
3657
"<filename>/etc/default/tomcat6</filename>:"
3658
msgstr ""
3659
3660
#: serverguide/C/web-servers.xml:1094(programlisting)
3661
#, no-wrap
3662
msgid ""
3663
"\n"
3664
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3665
msgstr ""
3666
"\n"
3667
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3668
3669
#: serverguide/C/web-servers.xml:1099(title)
3670
msgid "Declaring users and roles"
3671
msgstr ""
3672
3673
#: serverguide/C/web-servers.xml:1100(para)
3674
msgid ""
3675
"Usernames, passwords and roles (groups) can be defined centrally in a "
3676
"Servlet container. In Tomcat 6.0 this is done in the "
3677
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3678
msgstr ""
3679
3680
#: serverguide/C/web-servers.xml:1103(programlisting)
3681
#, no-wrap
3682
msgid ""
3683
"\n"
3684
"<role rolename=\"admin\"/>\n"
3685
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3686
msgstr ""
3687
3688
#: serverguide/C/web-servers.xml:1111(title)
3689
msgid "Using Tomcat standard webapps"
3690
msgstr ""
3691
3692
#: serverguide/C/web-servers.xml:1112(para)
3693
msgid ""
3694
"Tomcat is shipped with webapps that you can install for documentation, "
3695
"administration or demo purposes."
3696
msgstr ""
3697
3698
#: serverguide/C/web-servers.xml:1115(title)
3699
msgid "Tomcat documentation"
3700
msgstr ""
3701
3702
#: serverguide/C/web-servers.xml:1116(para)
3703
msgid ""
3704
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3705
"documentation, packaged as a webapp that you can access by default at "
3706
"http://yourserver:8080/docs. You can install it by entering the following "
3707
"command in the terminal prompt:"
3708
msgstr ""
3709
3710
#: serverguide/C/web-servers.xml:1121(command)
3711
msgid "sudo apt-get install tomcat6-docs"
3712
msgstr "sudo apt-get install tomcat6-docs"
3713
3714
#: serverguide/C/web-servers.xml:1125(title)
3715
msgid "Tomcat administration webapps"
3716
msgstr ""
3717
3718
#: serverguide/C/web-servers.xml:1126(para)
3719
msgid ""
3720
"The <application>tomcat6-admin</application> package contains two webapps "
3721
"that can be used to administer the Tomcat server using a web interface. You "
3722
"can install them by entering the following command in the terminal prompt:"
3723
msgstr ""
3724
3725
#: serverguide/C/web-servers.xml:1131(command)
3726
msgid "sudo apt-get install tomcat6-admin"
3727
msgstr "sudo apt-get install tomcat6-admin"
3728
3729
#: serverguide/C/web-servers.xml:1133(para)
3730
msgid ""
3731
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3732
"access by default at http://yourserver:8080/manager/html. It is primarily "
3733
"used to get server status and restart webapps."
3734
msgstr ""
3735
3736
#: serverguide/C/web-servers.xml:1136(para)
3737
msgid ""
3738
"Access to the <emphasis>manager</emphasis> application is protected by "
3739
"default: you need to define a user with the role \"manager\" in "
3740
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3741
msgstr ""
3742
3743
#: serverguide/C/web-servers.xml:1140(para)
3744
msgid ""
3745
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3746
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3747
"used to create virtual hosts dynamically."
3748
msgstr ""
3749
3750
#: serverguide/C/web-servers.xml:1144(para)
3751
msgid ""
3752
"Access to the <emphasis>host-manager</emphasis> application is also "
3753
"protected by default: you need to define a user with the role \"admin\" in "
3754
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3755
msgstr ""
3756
3757
#: serverguide/C/web-servers.xml:1149(para)
3758
msgid ""
3759
"For security reasons, the tomcat6 user cannot write to the "
3760
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3761
"these admin webapps (application deployment, virtual host creation) need "
3762
"write access to that directory. If you want to use these features execute "
3763
"the following, to give users in the tomcat6 group the necessary rights:"
3764
msgstr ""
3765
3766
#: serverguide/C/web-servers.xml:1156(command)
3767
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3768
msgstr "sudo chgrp -R tomcat6 /etc/tomcat6"
3769
3770
#: serverguide/C/web-servers.xml:1157(command)
3771
msgid "sudo chmod -R g+w /etc/tomcat6"
3772
msgstr ""
3773
3774
#: serverguide/C/web-servers.xml:1162(title)
3775
msgid "Tomcat examples webapps"
3776
msgstr ""
3777
3778
#: serverguide/C/web-servers.xml:1163(para)
3779
msgid ""
3780
"The <application>tomcat6-examples</application> package contains two webapps "
3781
"that can be used to test or demonstrate Servlets and JSP features, which you "
3782
"can access them by default at http://yourserver:8080/examples. You can "
3783
"install them by entering the following command in the terminal prompt:"
3784
msgstr ""
3785
3786
#: serverguide/C/web-servers.xml:1169(command)
3787
msgid "sudo apt-get install tomcat6-examples"
3788
msgstr "sudo apt-get install tomcat6-examples"
3789
3790
#: serverguide/C/web-servers.xml:1175(title)
3791
msgid "Using private instances"
3792
msgstr ""
3793
3794
#: serverguide/C/web-servers.xml:1176(para)
3795
msgid ""
3796
"Tomcat is heavily used in development and testing scenarios where using a "
3797
"single system-wide instance doesn't meet the requirements of multiple users "
3798
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3799
"help deploy your own user-oriented instances, allowing every user on a "
3800
"system to run (without root rights) separate private instances while still "
3801
"using the system-installed libraries."
3802
msgstr ""
3803
3804
#: serverguide/C/web-servers.xml:1183(para)
3805
msgid ""
3806
"It is possible to run the system-wide instance and the private instances in "
3807
"parallel, as long as they do not use the same TCP ports."
3808
msgstr ""
3809
3810
#: serverguide/C/web-servers.xml:1187(title)
3811
msgid "Installing private instance support"
3812
msgstr ""
3813
3814
#: serverguide/C/web-servers.xml:1188(para)
3815
msgid ""
3816
"You can install everything necessary to run private instances by entering "
3817
"the following command in the terminal prompt:"
3818
msgstr ""
3819
3820
#: serverguide/C/web-servers.xml:1191(command)
3821
msgid "sudo apt-get install tomcat6-user"
3822
msgstr "sudo apt-get install tomcat6-user"
3823
3824
#: serverguide/C/web-servers.xml:1195(title)
3825
msgid "Creating a private instance"
3826
msgstr ""
3827
3828
#: serverguide/C/web-servers.xml:1196(para)
3829
msgid ""
3830
"You can create a private instance directory by entering the following "
3831
"command in the terminal prompt:"
3832
msgstr ""
3833
3834
#: serverguide/C/web-servers.xml:1199(command)
3835
msgid "tomcat6-instance-create my-instance"
3836
msgstr "tomcat6-instance-create my-instance"
3837
3838
#: serverguide/C/web-servers.xml:1201(para)
3839
msgid ""
3840
"This will create a new <filename>my-instance</filename> directory with all "
3841
"the necessary subdirectories and scripts. You can for example install your "
3842
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3843
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3844
"are deployed by default."
3845
msgstr ""
3846
3847
#: serverguide/C/web-servers.xml:1209(title)
3848
msgid "Configuring your private instance"
3849
msgstr ""
3850
3851
#: serverguide/C/web-servers.xml:1210(para)
3852
msgid ""
3853
"You will find the classic Tomcat configuration files for your private "
3854
"instance in the <filename>conf/</filename> subdirectory. You should for "
3855
"example certainly edit the <filename>conf/server.xml</filename> file to "
3856
"change the default ports used by your private Tomcat instance to avoid "
3857
"conflict with other instances that might be running."
3858
msgstr ""
3859
3860
#: serverguide/C/web-servers.xml:1218(title)
3861
msgid "Starting/stopping your private instance"
3862
msgstr ""
3863
3864
#: serverguide/C/web-servers.xml:1219(para)
3865
msgid ""
3866
"You can start your private instance by entering the following command in the "
3867
"terminal prompt (supposing your instance is located in the <filename>my-"
3868
"instance</filename> directory):"
3869
msgstr ""
3870
3871
#: serverguide/C/web-servers.xml:1223(command)
3872
msgid "my-instance/bin/startup.sh"
3873
msgstr "my-instance/bin/startup.sh"
3874
3875
#: serverguide/C/web-servers.xml:1225(para)
3876
msgid ""
3877
"You should check the <filename>logs/</filename> subdirectory for any error. "
3878
"If you have a <emphasis>java.net.BindException: Address already in "
3879
"use<null>:8080</emphasis> error, it means that the port you're using "
3880
"is already taken and that you should change it."
3881
msgstr ""
3882
3883
#: serverguide/C/web-servers.xml:1230(para)
3884
msgid ""
3885
"You can stop your instance by entering the following command in the terminal "
3886
"prompt (supposing your instance is located in the <filename>my-"
3887
"instance</filename> directory):"
3888
msgstr ""
3889
3890
#: serverguide/C/web-servers.xml:1234(command)
3891
msgid "my-instance/bin/shutdown.sh"
3892
msgstr "my-instance/bin/shutdown.sh"
3893
3894
#: serverguide/C/web-servers.xml:1243(para)
3895
msgid ""
3896
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3897
"website for more information."
3898
msgstr ""
3899
3900
#: serverguide/C/web-servers.xml:1248(para)
3901
msgid ""
3902
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3903
"Definitive Guide</ulink> is a good resource for building web applications "
3904
"with Tomcat."
3905
msgstr ""
3906
3907
#: serverguide/C/web-servers.xml:1254(para)
3908
msgid ""
3909
"For additional books see the <ulink "
3910
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3911
"page."
3912
msgstr ""
3913
3914
#: serverguide/C/web-servers.xml:1259(para)
3915
msgid ""
3916
"Also, see the<ulink "
3917
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3918
"Tomcat</ulink> page."
3919
msgstr ""
3920
3921
#: serverguide/C/vpn.xml:13(title)
3922
msgid "VPN"
3923
msgstr "VPN"
3924
3925
#: serverguide/C/vpn.xml:15(para)
3926
msgid ""
3927
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3928
"network connection between two or more networks. There are several ways to "
3929
"create a VPN using software as well as dedicated hardware appliances. This "
3930
"chapter will cover installing and configuring "
3931
"<application>OpenVPN</application> to create a VPN between two servers."
3932
msgstr ""
3933
3934
#: serverguide/C/vpn.xml:23(title)
3935
msgid "OpenVPN"
3936
msgstr "OpenVPN"
3937
3938
#: serverguide/C/vpn.xml:25(para)
3939
msgid ""
3940
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3941
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3942
"clients through a bridge interface on the VPN server. This guide will assume "
3943
"that one VPN node, the server in this case, has a bridge interface "
3944
"configured. For more information on setting up a bridge see <xref "
3945
"linkend=\"bridging\"/>."
3946
msgstr ""
3947
3948
#: serverguide/C/vpn.xml:35(para)
3949
msgid "To install <application>openvpn</application> in a terminal enter:"
3950
msgstr ""
3951
3952
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3953
msgid "sudo apt-get install openvpn"
3954
msgstr "sudo apt-get install openvpn"
3955
3956
#: serverguide/C/vpn.xml:45(title)
3957
msgid "Server Certificates"
3958
msgstr ""
3959
3960
#: serverguide/C/vpn.xml:47(para)
3961
msgid ""
3962
"Now that the <application>openvpn</application> package is installed, the "
3963
"certificates for the VPN server need to be created."
3964
msgstr ""
3965
3966
#: serverguide/C/vpn.xml:52(para)
3967
msgid ""
3968
"First, copy the <filename>easy-rsa</filename> directory to "
3969
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3970
"scripts will not be lost when the package is updated. You will also need to "
3971
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3972
"the current user permission to create files. From a terminal enter:"
3973
msgstr ""
3974
3975
#: serverguide/C/vpn.xml:59(command)
3976
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3977
msgstr "sudo mkdir /etc/openvpn/easy-rsa/"
3978
3979
#: serverguide/C/vpn.xml:60(command)
3980
msgid ""
3981
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3982
"rsa/"
3983
msgstr ""
3984
3985
#: serverguide/C/vpn.xml:61(command)
3986
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3987
msgstr "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3988
3989
#: serverguide/C/vpn.xml:64(para)
3990
msgid ""
3991
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3992
"following to your environment:"
3993
msgstr ""
3994
3995
#: serverguide/C/vpn.xml:68(programlisting)
3996
#, no-wrap
3997
msgid ""
3998
"\n"
3999
"export KEY_COUNTRY=\"US\"\n"
4000
"export KEY_PROVINCE=\"NC\"\n"
4001
"export KEY_CITY=\"Winston-Salem\"\n"
4002
"export KEY_ORG=\"Example Company\"\n"
4003
"export KEY_EMAIL=\"steve@example.com\"\n"
4004
msgstr ""
4005
"\n"
4006
"export KEY_COUNTRY=\"US\"\n"
4007
"export KEY_PROVINCE=\"NC\"\n"
4008
"export KEY_CITY=\"Winston-Salem\"\n"
4009
"export KEY_ORG=\"Example Company\"\n"
4010
"export KEY_EMAIL=\"steve@example.com\"\n"
4011
4012
#: serverguide/C/vpn.xml:76(para)
4013
msgid "Enter the following to create the server certificates:"
4014
msgstr ""
4015
4016
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
4017
msgid "cd /etc/openvpn/easy-rsa/"
4018
msgstr "cd /etc/openvpn/easy-rsa/"
4019
4020
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
4021
msgid "source vars"
4022
msgstr "source vars"
4023
4024
#: serverguide/C/vpn.xml:83(command)
4025
msgid "./clean-all"
4026
msgstr "./clean-all"
4027
4028
#: serverguide/C/vpn.xml:84(command)
4029
msgid "./build-dh"
4030
msgstr "./build-dh"
4031
4032
#: serverguide/C/vpn.xml:85(command)
4033
msgid "./pkitool --initca"
4034
msgstr "./pkitool --initca"
4035
4036
#: serverguide/C/vpn.xml:86(command)
4037
msgid "./pkitool --server server"
4038
msgstr "./pkitool --server server"
4039
4040
#: serverguide/C/vpn.xml:87(command)
4041
msgid "cd keys"
4042
msgstr "cd keys"
4043
4044
#: serverguide/C/vpn.xml:88(command)
4045
msgid "openvpn --genkey --secret ta.key"
4046
msgstr "openvpn --genkey --secret ta.key"
4047
4048
#: serverguide/C/vpn.xml:89(command)
4049
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4050
msgstr "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
4051
4052
#: serverguide/C/vpn.xml:94(title)
4053
msgid "Client Certificates"
4054
msgstr ""
4055
4056
#: serverguide/C/vpn.xml:96(para)
4057
msgid ""
4058
"The VPN client will also need a certificate to authenticate itself to the "
4059
"server. To create the certificate, enter the following in a terminal:"
4060
msgstr ""
4061
4062
#: serverguide/C/vpn.xml:104(command)
4063
msgid "./pkitool hostname"
4064
msgstr "./pkitool hostname"
4065
4066
#: serverguide/C/vpn.xml:108(para)
4067
msgid ""
4068
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
4069
"machine connecting to the VPN."
4070
msgstr ""
4071
4072
#: serverguide/C/vpn.xml:113(para)
4073
msgid "Copy the following files to the client:"
4074
msgstr ""
4075
4076
#: serverguide/C/vpn.xml:118(para)
4077
msgid "/etc/openvpn/ca.crt"
4078
msgstr "/etc/openvpn/ca.crt"
4079
4080
#: serverguide/C/vpn.xml:119(para)
4081
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
4082
msgstr "/etc/openvpn/easy-rsa/keys/hostname.crt"
4083
4084
#: serverguide/C/vpn.xml:120(para)
4085
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
4086
msgstr "/etc/openvpn/easy-rsa/keys/hostname.key"
4087
4088
#: serverguide/C/vpn.xml:121(para)
4089
msgid "/etc/openvpn/ta.key"
4090
msgstr "/etc/openvpn/ta.key"
4091
4092
#: serverguide/C/vpn.xml:125(para)
4093
msgid ""
4094
"Remember to adjust the above file names for your client machine's "
4095
"<emphasis>hostname</emphasis>."
4096
msgstr ""
4097
4098
#: serverguide/C/vpn.xml:130(para)
4099
msgid ""
4100
"It is best to use a secure method to copy the certificate and key files. The "
4101
"<application>scp</application> utility is a good choice, but copying the "
4102
"files to removable media then to the client, also works well."
4103
msgstr ""
4104
4105
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
4106
msgid "Server Configuration"
4107
msgstr "Налаштування сервера"
4108
4109
#: serverguide/C/vpn.xml:143(para)
4110
msgid ""
4111
"Now configure the <application>openvpn</application> server by creating "
4112
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
4113
"terminal enter:"
4114
msgstr ""
4115
4116
#: serverguide/C/vpn.xml:149(command)
4117
msgid ""
4118
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4119
"/etc/openvpn/"
4120
msgstr ""
4121
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
4122
"/etc/openvpn/"
4123
4124
#: serverguide/C/vpn.xml:150(command)
4125
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
4126
msgstr "sudo gzip -d /etc/openvpn/server.conf.gz"
4127
4128
#: serverguide/C/vpn.xml:153(para)
4129
msgid ""
4130
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
4131
"options to:"
4132
msgstr ""
4133
4134
#: serverguide/C/vpn.xml:157(programlisting)
4135
#, no-wrap
4136
msgid ""
4137
"\n"
4138
"local 172.18.100.101\n"
4139
"dev tap0\n"
4140
"up \"/etc/openvpn/up.sh br0\"\n"
4141
"down \"/etc/openvpn/down.sh br0\"\n"
4142
";server 10.8.0.0 255.255.255.0\n"
4143
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
4144
"push \"route 172.18.100.1 255.255.255.0\"\n"
4145
"push \"dhcp-option DNS 172.18.100.20\"\n"
4146
"push \"dhcp-option DOMAIN example.com\"\n"
4147
"tls-auth ta.key 0 # This file is secret\n"
4148
"user nobody\n"
4149
"group nogroup\n"
4150
msgstr ""
4151
"\n"
4152
"local 172.18.100.101\n"
4153
"dev tap0\n"
4154
"up \"/etc/openvpn/up.sh br0\"\n"
4155
"down \"/etc/openvpn/down.sh br0\"\n"
4156
";server 10.8.0.0 255.255.255.0\n"
4157
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
4158
"push \"route 172.18.100.1 255.255.255.0\"\n"
4159
"push \"dhcp-option DNS 172.18.100.20\"\n"
4160
"push \"dhcp-option DOMAIN example.com\"\n"
4161
"tls-auth ta.key 0 # This file is secret\n"
4162
"user nobody\n"
4163
"group nogroup\n"
4164
4165
#: serverguide/C/vpn.xml:174(para)
4166
msgid ""
4167
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
4168
msgstr ""
4169
4170
#: serverguide/C/vpn.xml:179(para)
4171
msgid ""
4172
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
4173
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
4174
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
4175
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
4176
"to clients."
4177
msgstr ""
4178
4179
#: serverguide/C/vpn.xml:186(para)
4180
msgid ""
4181
"<emphasis>push</emphasis>: are directives to add networking options for "
4182
"clients."
4183
msgstr ""
4184
4185
#: serverguide/C/vpn.xml:191(para)
4186
msgid ""
4187
"<emphasis>user and group</emphasis>: configure which user and group the "
4188
"<application>openvpn</application> daemon executes as."
4189
msgstr ""
4190
4191
#: serverguide/C/vpn.xml:198(para)
4192
msgid ""
4193
"Replace all IP addresses and domain names above with those of your network."
4194
msgstr ""
4195
4196
#: serverguide/C/vpn.xml:203(para)
4197
msgid ""
4198
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
4199
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
4200
msgstr ""
4201
4202
#: serverguide/C/vpn.xml:207(programlisting)
4203
#, no-wrap
4204
msgid ""
4205
"\n"
4206
"#!/bin/sh\n"
4207
"\n"
4208
"BR=$1\n"
4209
"DEV=$2\n"
4210
"MTU=$3\n"
4211
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4212
"/usr/sbin/brctl addif $BR $DEV\n"
4213
msgstr ""
4214
"\n"
4215
"#!/bin/sh\n"
4216
"\n"
4217
"BR=$1\n"
4218
"DEV=$2\n"
4219
"MTU=$3\n"
4220
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
4221
"/usr/sbin/brctl addif $BR $DEV\n"
4222
4223
#: serverguide/C/vpn.xml:217(para)
4224
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
4225
msgstr ""
4226
4227
#: serverguide/C/vpn.xml:221(programlisting)
4228
#, no-wrap
4229
msgid ""
4230
"\n"
4231
"#!/bin/sh\n"
4232
"\n"
4233
"BR=$1\n"
4234
"DEV=$2\n"
4235
"\n"
4236
"/usr/sbin/brctl delif $BR $DEV\n"
4237
"/sbin/ifconfig $DEV down\n"
4238
msgstr ""
4239
"\n"
4240
"#!/bin/sh\n"
4241
"\n"
4242
"BR=$1\n"
4243
"DEV=$2\n"
4244
"\n"
4245
"/usr/sbin/brctl delif $BR $DEV\n"
4246
"/sbin/ifconfig $DEV down\n"
4247
4248
#: serverguide/C/vpn.xml:231(para)
4249
msgid "Then make them executable:"
4250
msgstr ""
4251
4252
#: serverguide/C/vpn.xml:236(command)
4253
msgid "sudo chmod 755 /etc/openvpn/down.sh"
4254
msgstr "sudo chmod 755 /etc/openvpn/down.sh"
4255
4256
#: serverguide/C/vpn.xml:237(command)
4257
msgid "sudo chmod 755 /etc/openvpn/up.sh"
4258
msgstr "sudo chmod 755 /etc/openvpn/up.sh"
4259
4260
#: serverguide/C/vpn.xml:240(para)
4261
msgid ""
4262
"After configuring the server, restart <application>openvpn</application> by "
4263
"entering:"
4264
msgstr ""
4265
4266
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
4267
msgid "sudo /etc/init.d/openvpn restart"
4268
msgstr "sudo /etc/init.d/openvpn restart"
4269
4270
#: serverguide/C/vpn.xml:250(title)
4271
msgid "Client Configuration"
4272
msgstr ""
4273
4274
#: serverguide/C/vpn.xml:252(para)
4275
msgid "First, install <application>openvpn</application> on the client:"
4276
msgstr ""
4277
4278
#: serverguide/C/vpn.xml:260(para)
4279
msgid ""
4280
"Then with the server configured and the client certificates copied to the "
4281
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
4282
"file by copying the example. In a terminal on the client machine enter:"
4283
msgstr ""
4284
4285
#: serverguide/C/vpn.xml:266(command)
4286
msgid ""
4287
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4288
"/etc/openvpn"
4289
msgstr ""
4290
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
4291
"/etc/openvpn"
4292
4293
#: serverguide/C/vpn.xml:269(para)
4294
msgid ""
4295
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
4296
"following options:"
4297
msgstr ""
4298
4299
#: serverguide/C/vpn.xml:273(programlisting)
4300
#, no-wrap
4301
msgid ""
4302
"\n"
4303
"dev tap\n"
4304
"remote vpn.example.com 1194\n"
4305
"cert hostname.crt\n"
4306
"key hostname.key\n"
4307
"tls-auth ta.key 1\n"
4308
msgstr ""
4309
"\n"
4310
"dev tap\n"
4311
"remote vpn.example.com 1194\n"
4312
"cert hostname.crt\n"
4313
"key hostname.key\n"
4314
"tls-auth ta.key 1\n"
4315
4316
#: serverguide/C/vpn.xml:282(para)
4317
msgid ""
4318
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
4319
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
4320
"key filenames."
4321
msgstr ""
4322
4323
#: serverguide/C/vpn.xml:288(para)
4324
msgid "Finally, restart <application>openvpn</application>:"
4325
msgstr ""
4326
4327
#: serverguide/C/vpn.xml:296(para)
4328
msgid "You should now be able to connect to the remote LAN through the VPN."
4329
msgstr ""
4330
4331
#: serverguide/C/vpn.xml:307(para)
4332
msgid ""
4333
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
4334
"additional information."
4335
msgstr ""
4336
4337
#: serverguide/C/vpn.xml:312(para)
4338
msgid ""
4339
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
4340
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
4341
msgstr ""
4342
4343
#: serverguide/C/vpn.xml:318(para)
4344
msgid ""
4345
"Another source of further information is the <ulink "
4346
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
4347
"OpenVPN</ulink> page."
4348
msgstr ""
4349
4350
#: serverguide/C/virtualization.xml:13(title)
4351
msgid "Virtualization"
4352
msgstr "Віртуалізація"
4353
4354
#: serverguide/C/virtualization.xml:14(para)
4355
msgid ""
4356
"Virtualization is being adopted in many different environments and "
4357
"situations. If you are a developer, virtualization can provide you with a "
4358
"contained environment where you can safely do almost any sort of development "
4359
"safe from messing up your main working environment. If you are a systems "
4360
"administrator, you can use virtualization to more easily separate your "
4361
"services and move them around based on demand."
4362
msgstr ""
4363
4364
#: serverguide/C/virtualization.xml:20(para)
4365
msgid ""
4366
"The default virtualization technology supported in Ubuntu is "
4367
"<application>KVM</application>, a technology that takes advantage of "
4368
"virtualization extensions built into Intel and AMD hardware. For hardware "
4369
"without virtualization extensions <application>Xen</application> and "
4370
"<application>Qemu</application> are popular solutions."
4371
msgstr ""
4372
4373
#: serverguide/C/virtualization.xml:27(title)
4374
msgid "libvirt"
4375
msgstr "libvirt"
4376
4377
#: serverguide/C/virtualization.xml:28(para)
4378
msgid ""
4379
"The <application>libvirt</application> library is used to interface with "
4380
"different virtualization technologies. Before getting started with "
4381
"<application>libvirt</application> it is best to make sure your hardware "
4382
"supports the necessary virtualization extensions for "
4383
"<application>KVM</application>. Enter the following from a terminal prompt:"
4384
msgstr ""
4385
4386
#: serverguide/C/virtualization.xml:35(command)
4387
msgid "kvm-ok"
4388
msgstr "kvm-ok"
4389
4390
#: serverguide/C/virtualization.xml:37(para)
4391
msgid ""
4392
"A message will be printed informing you if your CPU "
4393
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
4394
"virtualization."
4395
msgstr ""
4396
4397
#: serverguide/C/virtualization.xml:41(para)
4398
msgid ""
4399
"On most computer whose processor supports virtualization, it is necessary to "
4400
"activate an option in the BIOS to enable it."
4401
msgstr ""
4402
4403
#: serverguide/C/virtualization.xml:47(title)
4404
msgid "Virtual Networking"
4405
msgstr ""
4406
4407
#: serverguide/C/virtualization.xml:49(para)
4408
msgid ""
4409
"There are a few different ways to allow a virtual machine access to the "
4410
"external network. The default virtual network configuration is "
4411
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
4412
"traffic is NATed through the host interface to the outside network."
4413
msgstr ""
4414
4415
#: serverguide/C/virtualization.xml:54(para)
4416
msgid ""
4417
"To enable external hosts to directly access services on virtual machines a "
4418
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
4419
"interfaces to connect to the outside network through the physical interface, "
4420
"making them appear as normal hosts to the rest of the network. For "
4421
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
4422
msgstr ""
4423
4424
#: serverguide/C/virtualization.xml:63(para)
4425
msgid "To install the necessary packages, from a terminal prompt enter:"
4426
msgstr ""
4427
4428
#: serverguide/C/virtualization.xml:67(command)
4429
msgid "sudo apt-get install kvm libvirt-bin"
4430
msgstr "sudo apt-get install kvm libvirt-bin"
4431
4432
#: serverguide/C/virtualization.xml:69(para)
4433
msgid ""
4434
"After installing <application>libvirt-bin</application>, the user used to "
4435
"manage virtual machines will need to be added to the "
4436
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
4437
"the advanced networking options."
4438
msgstr ""
4439
4440
#: serverguide/C/virtualization.xml:73(para)
4441
msgid "In a terminal enter:"
4442
msgstr ""
4443
4444
#: serverguide/C/virtualization.xml:77(command)
4445
msgid "sudo adduser $USER libvirtd"
4446
msgstr "sudo adduser $USER libvirtd"
4447
4448
#: serverguide/C/virtualization.xml:80(para)
4449
msgid ""
4450
"If the user chosen is the current user, you will need to log out and back in "
4451
"for the new group membership to take effect."
4452
msgstr ""
4453
4454
#: serverguide/C/virtualization.xml:84(para)
4455
msgid ""
4456
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
4457
"Installing a virtual machine follows the same process as installing the "
4458
"operating system directly on the hardware. You either need a way to automate "
4459
"the installation, or a keyboard and monitor will need to be attached to the "
4460
"physical machine."
4461
msgstr ""
4462
4463
#: serverguide/C/virtualization.xml:89(para)
4464
msgid ""
4465
"In the case of virtual machines a Graphical User Interface (GUI) is "
4466
"analogous to using a physical keyboard and mouse. Instead of installing a "
4467
"GUI the <application>virt-viewer</application> application can be used to "
4468
"connect to a virtual machine's console using <application>VNC</application>. "
4469
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
4470
msgstr ""
4471
4472
#: serverguide/C/virtualization.xml:94(para)
4473
msgid ""
4474
"There are several ways to automate the Ubuntu installation process, for "
4475
"example using preseeds, kickstart, etc. Refer to the <ulink "
4476
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
4477
"Installation Guide</ulink> for details."
4478
msgstr ""
4479
4480
#: serverguide/C/virtualization.xml:98(para)
4481
msgid ""
4482
"Yet another way to install an Ubuntu virtual machine is to use "
4483
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
4484
"builder</application> allows you to setup advanced partitions, execute "
4485
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
4486
"vmbuilder\"/>"
4487
msgstr ""
4488
4489
#: serverguide/C/virtualization.xml:104(title)
4490
msgid "virt-install"
4491
msgstr "virt-install"
4492
4493
#: serverguide/C/virtualization.xml:105(para)
4494
msgid ""
4495
"<application>virt-install</application> is part of the <application>python-"
4496
"virtinst</application> package. To install it, from a terminal prompt enter:"
4497
msgstr ""
4498
4499
#: serverguide/C/virtualization.xml:109(command)
4500
msgid "sudo apt-get install python-virtinst"
4501
msgstr "sudo apt-get install python-virtinst"
4502
4503
#: serverguide/C/virtualization.xml:111(para)
4504
msgid ""
4505
"There are several options available when using <application>virt-"
4506
"install</application>. For example:"
4507
msgstr ""
4508
4509
#: serverguide/C/virtualization.xml:115(command)
4510
msgid ""
4511
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4512
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4513
msgstr ""
4514
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
4515
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
4516
4517
#: serverguide/C/virtualization.xml:122(para)
4518
msgid ""
4519
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
4520
"be <emphasis>web_devel</emphasis> in this example."
4521
msgstr ""
4522
4523
#: serverguide/C/virtualization.xml:127(para)
4524
msgid ""
4525
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
4526
"machine will use."
4527
msgstr ""
4528
4529
#: serverguide/C/virtualization.xml:132(para)
4530
msgid ""
4531
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
4532
"disk which can be a file, partition, or logical volume. In this example a "
4533
"file named <filename>web_devel.img</filename>."
4534
msgstr ""
4535
4536
#: serverguide/C/virtualization.xml:138(para)
4537
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
4538
msgstr ""
4539
4540
#: serverguide/C/virtualization.xml:143(para)
4541
msgid ""
4542
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
4543
"file can be either an ISO file or the path to the host's CDROM device."
4544
msgstr ""
4545
4546
#: serverguide/C/virtualization.xml:149(para)
4547
msgid ""
4548
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
4549
"technologies."
4550
msgstr ""
4551
4552
#: serverguide/C/virtualization.xml:154(para)
4553
msgid ""
4554
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
4555
msgstr ""
4556
4557
#: serverguide/C/virtualization.xml:159(para)
4558
msgid ""
4559
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
4560
"virtual machine's console."
4561
msgstr ""
4562
4563
#: serverguide/C/virtualization.xml:164(para)
4564
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
4565
msgstr ""
4566
4567
#: serverguide/C/virtualization.xml:169(para)
4568
msgid ""
4569
"After launching <application>virt-install</application> you can connect to "
4570
"the virtual machine's console either locally using a GUI or with the "
4571
"<application>virt-viewer</application> utility."
4572
msgstr ""
4573
4574
#: serverguide/C/virtualization.xml:175(title)
4575
msgid "virt-clone"
4576
msgstr "virt-clone"
4577
4578
#: serverguide/C/virtualization.xml:176(para)
4579
msgid ""
4580
"The <application>virt-clone</application> application can be used to copy "
4581
"one virtual machine to another. For example:"
4582
msgstr ""
4583
4584
#: serverguide/C/virtualization.xml:180(command)
4585
msgid ""
4586
"sudo virt-clone -o web_devel -n database_devel -f "
4587
"/path/to/database_devel.img --connect=qemu:///system"
4588
msgstr ""
4589
4590
#: serverguide/C/virtualization.xml:184(para)
4591
msgid "<emphasis>-o:</emphasis> original virtual machine."
4592
msgstr ""
4593
4594
#: serverguide/C/virtualization.xml:189(para)
4595
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
4596
msgstr ""
4597
4598
#: serverguide/C/virtualization.xml:194(para)
4599
msgid ""
4600
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
4601
"be used by the new virtual machine."
4602
msgstr ""
4603
4604
#: serverguide/C/virtualization.xml:199(para)
4605
msgid ""
4606
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
4607
msgstr ""
4608
4609
#: serverguide/C/virtualization.xml:204(para)
4610
msgid ""
4611
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
4612
"help troubleshoot problems with <application>virt-clone</application>."
4613
msgstr ""
4614
4615
#: serverguide/C/virtualization.xml:209(para)
4616
msgid ""
4617
"Replace <emphasis>web_devel</emphasis> and "
4618
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
4619
msgstr ""
4620
4621
#: serverguide/C/virtualization.xml:215(title)
4622
msgid "Virtual Machine Management"
4623
msgstr ""
4624
4625
#: serverguide/C/virtualization.xml:217(title)
4626
msgid "virsh"
4627
msgstr ""
4628
4629
#: serverguide/C/virtualization.xml:218(para)
4630
msgid ""
4631
"There are several utilities available to manage virtual machines and "
4632
"<application>libvirt</application>. The <application>virsh</application> "
4633
"utility can be used from the command line. Some examples:"
4634
msgstr ""
4635
4636
#: serverguide/C/virtualization.xml:224(para)
4637
msgid "To list running virtual machines:"
4638
msgstr ""
4639
4640
#: serverguide/C/virtualization.xml:228(command)
4641
msgid "virsh -c qemu:///system list"
4642
msgstr ""
4643
4644
#: serverguide/C/virtualization.xml:232(para)
4645
msgid "To start a virtual machine:"
4646
msgstr ""
4647
4648
#: serverguide/C/virtualization.xml:236(command)
4649
msgid "virsh -c qemu:///system start web_devel"
4650
msgstr ""
4651
4652
#: serverguide/C/virtualization.xml:240(para)
4653
msgid "Similarly, to start a virtual machine at boot:"
4654
msgstr ""
4655
4656
#: serverguide/C/virtualization.xml:244(command)
4657
msgid "virsh -c qemu:///system autostart web_devel"
4658
msgstr ""
4659
4660
#: serverguide/C/virtualization.xml:248(para)
4661
msgid "Reboot a virtual machine with:"
4662
msgstr ""
4663
4664
#: serverguide/C/virtualization.xml:252(command)
4665
msgid "virsh -c qemu:///system reboot web_devel"
4666
msgstr ""
4667
4668
#: serverguide/C/virtualization.xml:256(para)
4669
msgid ""
4670
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
4671
"order to be restored later. The following will save the virtual machine "
4672
"state into a file named according to the date:"
4673
msgstr ""
4674
4675
#: serverguide/C/virtualization.xml:261(command)
4676
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4677
msgstr ""
4678
4679
#: serverguide/C/virtualization.xml:263(para)
4680
msgid "Once saved the virtual machine will no longer be running."
4681
msgstr ""
4682
4683
#: serverguide/C/virtualization.xml:268(para)
4684
msgid "A saved virtual machine can be restored using:"
4685
msgstr ""
4686
4687
#: serverguide/C/virtualization.xml:272(command)
4688
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4689
msgstr ""
4690
4691
#: serverguide/C/virtualization.xml:276(para)
4692
msgid "To shutdown a virtual machine do:"
4693
msgstr ""
4694
4695
#: serverguide/C/virtualization.xml:280(command)
4696
msgid "virsh -c qemu:///system shutdown web_devel"
4697
msgstr ""
4698
4699
#: serverguide/C/virtualization.xml:284(para)
4700
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4701
msgstr ""
4702
4703
#: serverguide/C/virtualization.xml:288(command)
4704
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4705
msgstr ""
4706
4707
#: serverguide/C/virtualization.xml:293(para)
4708
msgid ""
4709
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4710
"appropriate virtual machine name, and <filename>web_devel-"
4711
"022708.state</filename> with a descriptive file name."
4712
msgstr ""
4713
4714
#: serverguide/C/virtualization.xml:300(title)
4715
msgid "Virtual Machine Manager"
4716
msgstr "Менеджер віртуальної машини"
4717
4718
#: serverguide/C/virtualization.xml:301(para)
4719
msgid ""
4720
"The <application>virt-manager</application> package contains a graphical "
4721
"utility to manage local and remote virtual machines. To install virt-manager "
4722
"enter:"
4723
msgstr ""
4724
4725
#: serverguide/C/virtualization.xml:306(command)
4726
msgid "sudo apt-get install virt-manager"
4727
msgstr ""
4728
4729
#: serverguide/C/virtualization.xml:308(para)
4730
msgid ""
4731
"Since <application>virt-manager</application> requires a Graphical User "
4732
"Interface (GUI) environment it is recommended to be installed on a "
4733
"workstation or test machine instead of a production server. To connect to "
4734
"the local <application>libvirt</application> service enter:"
4735
msgstr ""
4736
4737
#: serverguide/C/virtualization.xml:314(command)
4738
msgid "virt-manager -c qemu:///system"
4739
msgstr ""
4740
4741
#: serverguide/C/virtualization.xml:316(para)
4742
msgid ""
4743
"You can connect to the <application>libvirt</application> service running on "
4744
"another host by entering the following in a terminal prompt:"
4745
msgstr ""
4746
4747
#: serverguide/C/virtualization.xml:320(command)
4748
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4749
msgstr ""
4750
4751
#: serverguide/C/virtualization.xml:323(para)
4752
msgid ""
4753
"The above example assumes that <application>SSH</application> connectivity "
4754
"between the management system and virtnode1.mydomain.com has already been "
4755
"configured, and uses SSH keys for authentication. SSH "
4756
"<emphasis>keys</emphasis> are needed because "
4757
"<application>libvirt</application> sends the password prompt to another "
4758
"process. For details on configuring <application>SSH</application> see <xref "
4759
"linkend=\"openssh-server\"/>"
4760
msgstr ""
4761
4762
#: serverguide/C/virtualization.xml:333(title)
4763
msgid "Virtual Machine Viewer"
4764
msgstr ""
4765
4766
#: serverguide/C/virtualization.xml:334(para)
4767
msgid ""
4768
"The <application>virt-viewer</application> application allows you to connect "
4769
"to a virtual machine's console. <application>virt-viewer</application> does "
4770
"require a Graphical User Interface (GUI) to interface with the virtual "
4771
"machine."
4772
msgstr ""
4773
4774
#: serverguide/C/virtualization.xml:338(para)
4775
msgid ""
4776
"To install <application>virt-viewer</application> from a terminal enter:"
4777
msgstr ""
4778
4779
#: serverguide/C/virtualization.xml:342(command)
4780
msgid "sudo apt-get install virt-viewer"
4781
msgstr ""
4782
4783
#: serverguide/C/virtualization.xml:344(para)
4784
msgid ""
4785
"Once a virtual machine is installed and running you can connect to the "
4786
"virtual machine's console by using:"
4787
msgstr ""
4788
4789
#: serverguide/C/virtualization.xml:348(command)
4790
msgid "virt-viewer -c qemu:///system web_devel"
4791
msgstr ""
4792
4793
#: serverguide/C/virtualization.xml:350(para)
4794
msgid ""
4795
"Similar to <application>virt-manager</application>, <application>virt-"
4796
"viewer</application> can connect to a remote host using "
4797
"<emphasis>SSH</emphasis> with key authentication, as well:"
4798
msgstr ""
4799
4800
#: serverguide/C/virtualization.xml:355(command)
4801
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4802
msgstr ""
4803
4804
#: serverguide/C/virtualization.xml:357(para)
4805
msgid ""
4806
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4807
"appropriate virtual machine name."
4808
msgstr ""
4809
4810
#: serverguide/C/virtualization.xml:360(para)
4811
msgid ""
4812
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4813
"can also setup <application>SSH</application> access to the virtual machine. "
4814
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4815
"more details."
4816
msgstr ""
4817
4818
#: serverguide/C/virtualization.xml:369(para)
4819
msgid ""
4820
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4821
"for more details."
4822
msgstr ""
4823
4824
#: serverguide/C/virtualization.xml:374(para)
4825
msgid ""
4826
"For more information on <application>libvirt</application> see the <ulink "
4827
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4828
msgstr ""
4829
4830
#: serverguide/C/virtualization.xml:379(para)
4831
msgid ""
4832
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4833
"Manager</ulink> site has more information on <application>virt-"
4834
"manager</application> development."
4835
msgstr ""
4836
4837
#: serverguide/C/virtualization.xml:385(para)
4838
msgid ""
4839
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4840
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4841
"technology in Ubuntu."
4842
msgstr ""
4843
4844
#: serverguide/C/virtualization.xml:391(para)
4845
msgid ""
4846
"Another good resource is the <ulink "
4847
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4848
msgstr ""
4849
4850
#: serverguide/C/virtualization.xml:399(title)
4851
msgid "JeOS and vmbuilder"
4852
msgstr ""
4853
4854
#: serverguide/C/virtualization.xml:405(title)
4855
msgid "What is JeOS"
4856
msgstr ""
4857
4858
#: serverguide/C/virtualization.xml:407(para)
4859
msgid ""
4860
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4861
"variant of the Ubuntu Server operating system, configured specifically for "
4862
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4863
"only as an option either:"
4864
msgstr ""
4865
4866
#: serverguide/C/virtualization.xml:414(para)
4867
msgid ""
4868
"While installing from the Server Edition ISO (pressing "
4869
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4870
"installation\", which is the package selection equivalent to JeOS)."
4871
msgstr ""
4872
4873
#: serverguide/C/virtualization.xml:420(para)
4874
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4875
msgstr ""
4876
4877
#: serverguide/C/virtualization.xml:426(para)
4878
msgid ""
4879
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4880
"kernel that only contains the base elements needed to run within a "
4881
"virtualized environment."
4882
msgstr ""
4883
4884
#: serverguide/C/virtualization.xml:431(para)
4885
msgid ""
4886
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4887
"in the latest virtualization products from VMware. This combination of "
4888
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4889
"delivers a highly efficient use of server resources in large virtual "
4890
"deployments."
4891
msgstr ""
4892
4893
#: serverguide/C/virtualization.xml:437(para)
4894
msgid ""
4895
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4896
"can configure their supporting OS exactly as they require. They have the "
4897
"peace of mind that updates, whether for security or enhancement reasons, "
4898
"will be limited to the bare minimum of what is required in their specific "
4899
"environment. In turn, users deploying virtual appliances built on top of "
4900
"JeOS will have to go through fewer updates and therefore less maintenance "
4901
"than they would have had to with a standard full installation of a server."
4902
msgstr ""
4903
4904
#: serverguide/C/virtualization.xml:446(title)
4905
msgid "What is vmbuilder"
4906
msgstr ""
4907
4908
#: serverguide/C/virtualization.xml:448(para)
4909
msgid ""
4910
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4911
"will fetch the various package and build a virtual machine tailored for your "
4912
"needs in about a minute. vmbuilder is a script that automates the process of "
4913
"creating a ready to use Linux based VM. The currently supported hypervisors "
4914
"are KVM and Xen."
4915
msgstr ""
4916
4917
#: serverguide/C/virtualization.xml:454(para)
4918
msgid ""
4919
"You can pass command line options to add extra packages, remove packages, "
4920
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4921
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4922
"a local mirror, you can bootstrap a VM in less than a minute."
4923
msgstr ""
4924
4925
#: serverguide/C/virtualization.xml:460(para)
4926
msgid ""
4927
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4928
"vm-builder</application> started with little emphasis as a hack to help "
4929
"developers test their new code in a virtual machine without having to "
4930
"restart from scratch each time. As a few Ubuntu administrators started to "
4931
"notice this script, a few of them went on improving it and adapting it for "
4932
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4933
"virtualization specialist, not the golf player) decided to rewrite it from "
4934
"scratch for Intrepid as a python script with a few new design goals:"
4935
msgstr ""
4936
4937
#: serverguide/C/virtualization.xml:470(para)
4938
msgid "Develop it so that it can be reused by other distributions."
4939
msgstr ""
4940
4941
#: serverguide/C/virtualization.xml:475(para)
4942
msgid ""
4943
"Use a plugin mechanisms for all virtualization interactions so that others "
4944
"can easily add logic for other virtualization environments."
4945
msgstr ""
4946
4947
#: serverguide/C/virtualization.xml:480(para)
4948
msgid ""
4949
"Provide an easy to maintain web interface as an option to the command line "
4950
"interface."
4951
msgstr ""
4952
4953
#: serverguide/C/virtualization.xml:486(para)
4954
msgid "But the general principles and commands remain the same."
4955
msgstr ""
4956
4957
#: serverguide/C/virtualization.xml:493(title)
4958
msgid "Initial Setup"
4959
msgstr ""
4960
4961
#: serverguide/C/virtualization.xml:495(para)
4962
msgid ""
4963
"It is assumed that you have installed and configured "
4964
"<application>libvirt</application> and <application>KVM</application> "
4965
"locally on the machine you are using. For details on how to perform this, "
4966
"please refer to:"
4967
msgstr ""
4968
4969
#: serverguide/C/virtualization.xml:507(para)
4970
msgid ""
4971
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4972
"page."
4973
msgstr ""
4974
4975
#: serverguide/C/virtualization.xml:513(para)
4976
msgid ""
4977
"We also assume that you know how to use a text based text editor such as "
4978
"nano or vi. If you have not used any of them before, you can get an overview "
4979
"of the various text editors available by reading the <ulink "
4980
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4981
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4982
"principle should remain on other virtualization technologies."
4983
msgstr ""
4984
4985
#: serverguide/C/virtualization.xml:521(title)
4986
msgid "Install vmbuilder"
4987
msgstr ""
4988
4989
#: serverguide/C/virtualization.xml:523(para)
4990
msgid ""
4991
"The name of the package that we need to install is <application>python-vm-"
4992
"builder</application>. In a terminal prompt enter:"
4993
msgstr ""
4994
4995
#: serverguide/C/virtualization.xml:528(command)
4996
msgid "sudo apt-get install python-vm-builder"
4997
msgstr ""
4998
4999
#: serverguide/C/virtualization.xml:532(para)
5000
msgid ""
5001
"If you are running Hardy, you can still perform most of this using the older "
5002
"version of the package named <application>ubuntu-vm-builder</application>, "
5003
"there are only a few changes to the syntax of the tool."
5004
msgstr ""
5005
5006
#: serverguide/C/virtualization.xml:541(title)
5007
msgid "Defining Your Virtual Machine"
5008
msgstr ""
5009
5010
#: serverguide/C/virtualization.xml:543(para)
5011
msgid ""
5012
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
5013
"are a few thing to consider:"
5014
msgstr ""
5015
5016
#: serverguide/C/virtualization.xml:549(para)
5017
msgid ""
5018
"If you plan on shipping a virtual appliance, do not assume that the end-user "
5019
"will know how to extend disk size to fit their need, so either plan for a "
5020
"large virtual disk to allow for your appliance to grow, or explain fairly "
5021
"well in your documentation how to allocate more space. It might actually be "
5022
"a good idea to store data on some separate external storage."
5023
msgstr ""
5024
5025
#: serverguide/C/virtualization.xml:556(para)
5026
msgid ""
5027
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
5028
"whatever you think is a safe minimum for your appliance."
5029
msgstr ""
5030
5031
#: serverguide/C/virtualization.xml:562(para)
5032
msgid ""
5033
"The <application>vmbuilder</application> command has 2 main parameters: the "
5034
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
5035
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
5036
"and can be found using the following command:"
5037
msgstr ""
5038
5039
#: serverguide/C/virtualization.xml:568(command)
5040
msgid "vmbuilder --help"
5041
msgstr ""
5042
5043
#: serverguide/C/virtualization.xml:572(title)
5044
msgid "Base Parameters"
5045
msgstr ""
5046
5047
#: serverguide/C/virtualization.xml:574(para)
5048
msgid ""
5049
"As this example is based on <application>KVM</application> and Ubuntu 10.10 "
5050
"(Maverick Meerkat), and we are likely to rebuild the same virtual machine "
5051
"multiple time, we'll invoke vmbuilder with the following first parameters:"
5052
msgstr ""
5053
5054
#: serverguide/C/virtualization.xml:580(command)
5055
msgid ""
5056
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5057
"-libvirt qemu:///system"
5058
msgstr ""
5059
5060
#: serverguide/C/virtualization.xml:583(para)
5061
msgid ""
5062
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
5063
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
5064
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
5065
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
5066
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
5067
"libvirt</emphasis> tells to inform the local virtualization environment to "
5068
"add the resulting VM to the list of available machines."
5069
msgstr ""
5070
5071
#: serverguide/C/virtualization.xml:591(para)
5072
msgid "Notes:"
5073
msgstr "Примітки:"
5074
5075
#: serverguide/C/virtualization.xml:597(para)
5076
msgid ""
5077
"Because of the nature of operations performed by vmbuilder, it needs to have "
5078
"root privilege, hence the use of sudo."
5079
msgstr ""
5080
5081
#: serverguide/C/virtualization.xml:602(para)
5082
msgid ""
5083
"If your virtual machine needs to use more than 3Gb of ram, you should build "
5084
"a 64 bit machine (--arch amd64)."
5085
msgstr ""
5086
5087
#: serverguide/C/virtualization.xml:607(para)
5088
msgid ""
5089
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
5090
"architecture, so if you want to define an amd64 machine on Hardy, you should "
5091
"use <emphasis>--flavour</emphasis> server instead."
5092
msgstr ""
5093
5094
#: serverguide/C/virtualization.xml:615(title)
5095
msgid "JeOS Installation Parameters"
5096
msgstr ""
5097
5098
#: serverguide/C/virtualization.xml:618(title)
5099
msgid "JeOS Networking"
5100
msgstr ""
5101
5102
#: serverguide/C/virtualization.xml:621(title)
5103
msgid "Assigning a fixed IP address"
5104
msgstr ""
5105
5106
#: serverguide/C/virtualization.xml:623(para)
5107
msgid ""
5108
"As a virtual appliance that may be deployed on various very different "
5109
"networks, it is very difficult to know what the actual network will look "
5110
"like. In order to simplify configuration, it is a good idea to take an "
5111
"approach similar to what network hardware vendors usually do, namely "
5112
"assigning an initial fixed IP address to the appliance in a private class "
5113
"network that you will provide in your documentation. An address in the range "
5114
"192.168.0.0/255 is usually a good choice."
5115
msgstr ""
5116
5117
#: serverguide/C/virtualization.xml:630(para)
5118
msgid "To do this we'll use the following parameters:"
5119
msgstr ""
5120
5121
#: serverguide/C/virtualization.xml:636(para)
5122
msgid ""
5123
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
5124
"dhcp if not specified)"
5125
msgstr ""
5126
5127
#: serverguide/C/virtualization.xml:641(para)
5128
msgid ""
5129
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
5130
"255.255.255.0)"
5131
msgstr ""
5132
5133
#: serverguide/C/virtualization.xml:646(para)
5134
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
5135
msgstr ""
5136
5137
#: serverguide/C/virtualization.xml:651(para)
5138
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
5139
msgstr ""
5140
5141
#: serverguide/C/virtualization.xml:656(para)
5142
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
5143
msgstr ""
5144
5145
#: serverguide/C/virtualization.xml:661(para)
5146
msgid ""
5147
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
5148
msgstr ""
5149
5150
#: serverguide/C/virtualization.xml:667(para)
5151
msgid ""
5152
"We assume for now that default values are good enough, so the resulting "
5153
"invocation becomes:"
5154
msgstr ""
5155
5156
#: serverguide/C/virtualization.xml:672(command)
5157
msgid ""
5158
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o -"
5159
"-libvirt qemu:///system --ip 192.168.0.100"
5160
msgstr ""
5161
5162
#: serverguide/C/virtualization.xml:677(title)
5163
msgid "Modifying the libvirt Template to use Bridging"
5164
msgstr ""
5165
5166
#: serverguide/C/virtualization.xml:679(para)
5167
msgid ""
5168
"Because our appliance will be likely to need to be accessed by remote hosts, "
5169
"we need to configure libvirt so that the appliance uses bridge networking. "
5170
"To do this we use vmbuilder template mechanism to modify the default one."
5171
msgstr ""
5172
5173
#: serverguide/C/virtualization.xml:684(para)
5174
msgid ""
5175
"In our working directory we create the template hierarchy and copy the "
5176
"default template:"
5177
msgstr ""
5178
5179
#: serverguide/C/virtualization.xml:689(command)
5180
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
5181
msgstr ""
5182
5183
#: serverguide/C/virtualization.xml:690(command)
5184
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
5185
msgstr ""
5186
5187
#: serverguide/C/virtualization.xml:693(para)
5188
msgid ""
5189
"We can then edit "
5190
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
5191
"change:"
5192
msgstr ""
5193
5194
#: serverguide/C/virtualization.xml:697(programlisting)
5195
#, no-wrap
5196
msgid ""
5197
"\n"
5198
" <interface type='network'>\n"
5199
" <source network='default'/>\n"
5200
" </interface>\n"
5201
msgstr ""
5202
"\n"
5203
" <interface type='network'>\n"
5204
" <source network='default'/>\n"
5205
" </interface>\n"
5206
5207
#: serverguide/C/virtualization.xml:703(para)
5208
msgid "To:"
5209
msgstr "На такий варіант:"
5210
5211
#: serverguide/C/virtualization.xml:707(programlisting)
5212
#, no-wrap
5213
msgid ""
5214
"\n"
5215
" <interface type='bridge'>\n"
5216
" <source bridge='br0'/>\n"
5217
" </interface>\n"
5218
msgstr ""
5219
"\n"
5220
" <interface type='bridge'>\n"
5221
" <source bridge='br0'/>\n"
5222
" </interface>\n"
5223
5224
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
5225
msgid "Partitioning"
5226
msgstr "Розбиття на розділи"
5227
5228
#: serverguide/C/virtualization.xml:719(para)
5229
msgid ""
5230
"Partitioning of the virtual appliance will have to take into consideration "
5231
"what you are planning to do with is. Because most appliances want to have a "
5232
"separate storage for data, having a separate <filename>/var</filename> would "
5233
"make sense."
5234
msgstr ""
5235
5236
#: serverguide/C/virtualization.xml:724(para)
5237
msgid ""
5238
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
5239
msgstr ""
5240
5241
#: serverguide/C/virtualization.xml:728(programlisting)
5242
#, no-wrap
5243
msgid ""
5244
"\n"
5245
"--part PATH\n"
5246
" Allows you to specify a partition table in a partition file, located at "
5247
"PATH. Each line of the partition file should specify\n"
5248
" (root first):\n"
5249
" mountpoint size\n"
5250
" where size is in megabytes. You can have up to 4 virtual disks, a new "
5251
"disk starts on a\n"
5252
" line with ’---’. ie :\n"
5253
" root 1000\n"
5254
" /opt 1000\n"
5255
" swap 256\n"
5256
" ---\n"
5257
" /var 2000\n"
5258
" /log 1500\n"
5259
msgstr ""
5260
5261
#: serverguide/C/virtualization.xml:743(para)
5262
msgid ""
5263
"In our case we will define a text file name "
5264
"<filename>vmbuilder.partition</filename> which will contain the following:"
5265
msgstr ""
5266
5267
#: serverguide/C/virtualization.xml:747(programlisting)
5268
#, no-wrap
5269
msgid ""
5270
"\n"
5271
"root 8000\n"
5272
"swap 4000\n"
5273
"---\n"
5274
"/var 20000\n"
5275
msgstr ""
5276
5277
#: serverguide/C/virtualization.xml:755(para)
5278
msgid ""
5279
"Note that as we are using virtual disk images, the actual sizes that we put "
5280
"here are maximum sizes for these volumes."
5281
msgstr ""
5282
5283
#: serverguide/C/virtualization.xml:760(para)
5284
msgid "Our command line now looks like:"
5285
msgstr ""
5286
5287
#: serverguide/C/virtualization.xml:765(command)
5288
msgid ""
5289
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5290
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
5291
msgstr ""
5292
5293
#: serverguide/C/virtualization.xml:770(para)
5294
msgid ""
5295
"Using a \"\\\" in a command will allow long command strings to wrap to the "
5296
"next line."
5297
msgstr ""
5298
5299
#: serverguide/C/virtualization.xml:777(title)
5300
msgid "User and Password"
5301
msgstr ""
5302
5303
#: serverguide/C/virtualization.xml:779(para)
5304
msgid ""
5305
"Again setting up a virtual appliance, you will need to provide a default "
5306
"user and password that is generic so that you can include it in your "
5307
"documentation. We will see later on in this tutorial how we will provide "
5308
"some security by defining a script that will be run the first time a user "
5309
"actually logs in the appliance, that will, among other things, ask him to "
5310
"change his password. In this example I will use <emphasis>'user'</emphasis> "
5311
"as my user name, and <emphasis>'default'</emphasis> as the password."
5312
msgstr ""
5313
5314
#: serverguide/C/virtualization.xml:787(para)
5315
msgid "To do this we use the following optional parameters:"
5316
msgstr ""
5317
5318
#: serverguide/C/virtualization.xml:793(para)
5319
msgid ""
5320
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
5321
"Default: ubuntu."
5322
msgstr ""
5323
5324
#: serverguide/C/virtualization.xml:798(para)
5325
msgid ""
5326
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
5327
"added. Default: Ubuntu."
5328
msgstr ""
5329
5330
#: serverguide/C/virtualization.xml:803(para)
5331
msgid ""
5332
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
5333
"Default: ubuntu."
5334
msgstr ""
5335
5336
#: serverguide/C/virtualization.xml:809(para)
5337
msgid "Our resulting command line becomes:"
5338
msgstr ""
5339
5340
#: serverguide/C/virtualization.xml:814(command)
5341
msgid ""
5342
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 \\ -"
5343
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
5344
"-user user --name user --pass default"
5345
msgstr ""
5346
5347
#: serverguide/C/virtualization.xml:822(title)
5348
msgid "Installing Required Packages"
5349
msgstr ""
5350
5351
#: serverguide/C/virtualization.xml:824(para)
5352
msgid ""
5353
"In this example we will be installing a package "
5354
"<application>(Limesurvey)</application> that accesses a "
5355
"<application>MySQL</application> database and has a web interface. We will "
5356
"therefore require our OS to provide us with:"
5357
msgstr ""
5358
5359
#: serverguide/C/virtualization.xml:831(para)
5360
msgid "Apache"
5361
msgstr "Apache"
5362
5363
#: serverguide/C/virtualization.xml:832(para)
5364
msgid "PHP"
5365
msgstr "PHP"
5366
5367
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
5368
msgid "MySQL"
5369
msgstr "MySQL"
5370
5371
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:19(title)
5372
msgid "OpenSSH Server"
5373
msgstr "Сервер OpenSSH"
5374
5375
#: serverguide/C/virtualization.xml:835(para)
5376
msgid "Limesurvey (as an example application that we have packaged)"
5377
msgstr ""
5378
5379
#: serverguide/C/virtualization.xml:838(para)
5380
msgid ""
5381
"This is done using vmbuilder by specifying the --addpkg option multiple "
5382
"times:"
5383
msgstr ""
5384
5385
#: serverguide/C/virtualization.xml:842(programlisting)
5386
#, no-wrap
5387
msgid ""
5388
"\n"
5389
"--addpkg PKG\n"
5390
" Install PKG into the guest (can be specfied multiple times)\n"
5391
msgstr ""
5392
5393
#: serverguide/C/virtualization.xml:847(para)
5394
msgid ""
5395
"However, due to the way vmbuilder operates, packages that have to ask "
5396
"questions to the user during the post install phase are not supported and "
5397
"should instead be installed while interactivity can occur. This is the case "
5398
"of Limesurvey, which we will have to install later, once the user logs in."
5399
msgstr ""
5400
5401
#: serverguide/C/virtualization.xml:853(para)
5402
msgid ""
5403
"Other packages that ask simple debconf question, such as <application>mysql-"
5404
"server</application> asking to set a password, the package can be installed "
5405
"immediately, but we will have to reconfigure it the first time the user logs "
5406
"in."
5407
msgstr ""
5408
5409
#: serverguide/C/virtualization.xml:859(para)
5410
msgid ""
5411
"If some packages that we need to install are not in main, we need to enable "
5412
"the additional repositories using --comp and --ppa:"
5413
msgstr ""
5414
5415
#: serverguide/C/virtualization.xml:863(programlisting)
5416
#, no-wrap
5417
msgid ""
5418
"\n"
5419
"--components COMP1,COMP2,...,COMPN\n"
5420
" A comma separated list of distro components to include (e.g. "
5421
"main,universe). This defaults\n"
5422
" to \"main\"\n"
5423
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
5424
msgstr ""
5425
5426
#: serverguide/C/virtualization.xml:870(para)
5427
msgid ""
5428
"Limesurvey not being part of the archive at the moment, we'll specify it's "
5429
"PPA (personal package archive) address so that it is added to the VM "
5430
"<filename>/etc/apt/source.list</filename>, so we add the following options "
5431
"to the command line:"
5432
msgstr ""
5433
5434
#: serverguide/C/virtualization.xml:876(command)
5435
msgid ""
5436
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
5437
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
5438
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
5439
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
5440
"server --ppa nijaba"
5441
msgstr ""
5442
5443
#: serverguide/C/virtualization.xml:883(title)
5444
msgid "OpenSSH"
5445
msgstr ""
5446
5447
#: serverguide/C/virtualization.xml:885(para)
5448
msgid ""
5449
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
5450
"it will allow our admins to access the appliance remotely. However, pushing "
5451
"in the wild an appliance with a pre-installed OpenSSH server is a big "
5452
"security risk as all these server will share the same secret key, making it "
5453
"very easy for hackers to target our appliance with all the tools they need "
5454
"to crack it open in a breeze. As for the user password, we will instead rely "
5455
"on a script that will install OpenSSH the first time a user logs in so that "
5456
"the key generated will be different for each appliance. For this we'll use a "
5457
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
5458
"interaction."
5459
msgstr ""
5460
5461
#: serverguide/C/virtualization.xml:897(title)
5462
msgid "Speed Considerations"
5463
msgstr ""
5464
5465
#: serverguide/C/virtualization.xml:900(title)
5466
msgid "Package Caching"
5467
msgstr ""
5468
5469
#: serverguide/C/virtualization.xml:902(para)
5470
msgid ""
5471
"When vmbuilder creates builds your system, it has to go fetch each one of "
5472
"the packages that composes it over the network to one of the official "
5473
"repositories, which, depending on your internet connection speed and the "
5474
"load of the mirror, can have a big impact on the actual build time. In order "
5475
"to reduce this, it is recommended to either have a local repository (which "
5476
"can be created using <application>apt-mirror</application>) or using a "
5477
"caching proxy such as <application>apt-proxy</application>. The later option "
5478
"being much simpler to implement and requiring less disk space, it is the one "
5479
"we will pick in this tutorial. To install it, simply type:"
5480
msgstr ""
5481
5482
#: serverguide/C/virtualization.xml:912(command)
5483
msgid "sudo apt-get install apt-proxy"
5484
msgstr ""
5485
5486
#: serverguide/C/virtualization.xml:915(para)
5487
msgid ""
5488
"Once this is complete, your (empty) proxy is ready for use on "
5489
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
5490
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
5491
"option:"
5492
msgstr ""
5493
5494
#: serverguide/C/virtualization.xml:920(programlisting)
5495
#, no-wrap
5496
msgid ""
5497
"\n"
5498
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
5499
" is http://archive.ubuntu.com/ubuntu for official\n"
5500
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
5501
" otherwise\n"
5502
msgstr ""
5503
5504
#: serverguide/C/virtualization.xml:927(para)
5505
msgid "So we add to the command line:"
5506
msgstr ""
5507
5508
#: serverguide/C/virtualization.xml:932(command)
5509
msgid "--mirror http://mirroraddress:9999/ubuntu"
5510
msgstr ""
5511
5512
#: serverguide/C/virtualization.xml:936(para)
5513
msgid ""
5514
"The mirror address specified here will also be used in the "
5515
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
5516
"is useful to specify here an address that can be resolved by the guest or to "
5517
"plan on reseting this address later on, such as in a <emphasis>--"
5518
"firstboot</emphasis> script."
5519
msgstr ""
5520
5521
#: serverguide/C/virtualization.xml:945(title)
5522
msgid "Install a Local Mirror"
5523
msgstr ""
5524
5525
#: serverguide/C/virtualization.xml:947(para)
5526
msgid ""
5527
"If we are in a larger environment, it may make sense to setup a local mirror "
5528
"of the Ubuntu repositories. The package apt-mirror provides you with a "
5529
"script that will handle the mirroring for you. You should plan on having "
5530
"about 20 gigabyte of free space per supported release and architecture."
5531
msgstr ""
5532
5533
#: serverguide/C/virtualization.xml:953(para)
5534
msgid ""
5535
"By default, <application>apt-mirror</application> uses the configuration "
5536
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
5537
"replicate only the architecture of the local machine. If you would like to "
5538
"support other architectures on your mirror, simply duplicate the lines "
5539
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
5540
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
5541
"archives as well, you will have:"
5542
msgstr ""
5543
5544
#: serverguide/C/virtualization.xml:960(programlisting)
5545
#, no-wrap
5546
msgid ""
5547
"\n"
5548
"deb http://archive.ubuntu.com/ubuntu maverick main restricted universe "
5549
"multiverse \n"
5550
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main restricted "
5551
"universe multiverse\n"
5552
"\n"
5553
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5554
"universe multiverse \n"
5555
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-updates main restricted "
5556
"universe multiverse \n"
5557
"\n"
5558
"deb http://archive.ubuntu.com/ubuntu/ maverick-backports main restricted "
5559
"universe multiverse \n"
5560
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick-backports main "
5561
"restricted universe multiverse \n"
5562
"\n"
5563
"deb http://security.ubuntu.com/ubuntu maverick-security main restricted "
5564
"universe multiverse \n"
5565
"/deb-i386 http://security.ubuntu.com/ubuntu maverick-security main "
5566
"restricted universe multiverse \n"
5567
"\n"
5568
"deb http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5569
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5570
"installer \n"
5571
"/deb-i386 http://archive.ubuntu.com/ubuntu maverick main/debian-installer "
5572
"restricted/debian-installer universe/debian-installer multiverse/debian-"
5573
"installer \n"
5574
msgstr ""
5575
5576
#: serverguide/C/virtualization.xml:977(para)
5577
msgid ""
5578
"Notice that the source packages are not mirrored as they are seldom used "
5579
"compared to the binaries and they do take a lot more space, but they can be "
5580
"easily added to the list."
5581
msgstr ""
5582
5583
#: serverguide/C/virtualization.xml:982(para)
5584
msgid ""
5585
"Once the mirror has finished replicating (and this can be quite long), you "
5586
"need to configure Apache so that your mirror files (in "
5587
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
5588
"default), are published by your Apache server. For more information on "
5589
"Apache see <xref linkend=\"httpd\"/>."
5590
msgstr ""
5591
5592
#: serverguide/C/virtualization.xml:991(title)
5593
msgid "Installing in a RAM Disk"
5594
msgstr ""
5595
5596
#: serverguide/C/virtualization.xml:993(para)
5597
msgid ""
5598
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
5599
"faster than writing to disk. If you have some free memory, letting vmbuilder "
5600
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
5601
"-tmpfs</emphasis> will help you do just that:"
5602
msgstr ""
5603
5604
#: serverguide/C/virtualization.xml:999(programlisting)
5605
#, no-wrap
5606
msgid ""
5607
"\n"
5608
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
5609
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
5610
msgstr ""
5611
5612
#: serverguide/C/virtualization.xml:1004(para)
5613
msgid ""
5614
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
5615
"have 1G of free ram."
5616
msgstr ""
5617
5618
#: serverguide/C/virtualization.xml:1011(title)
5619
msgid "Package the Application"
5620
msgstr ""
5621
5622
#: serverguide/C/virtualization.xml:1013(para)
5623
msgid "Two option are available to us:"
5624
msgstr ""
5625
5626
#: serverguide/C/virtualization.xml:1019(para)
5627
msgid ""
5628
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
5629
"package. Since this is outside of the scope of this tutorial, we will not "
5630
"perform this here and invite the reader to read the documentation on how to "
5631
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
5632
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
5633
"repository for your package so that updates can be conveniently pulled from "
5634
"it. See the <ulink url=\"http://www.debian-"
5635
"administration.org/articles/286\">Debian Administration</ulink> article for "
5636
"a tutorial on this."
5637
msgstr ""
5638
5639
#: serverguide/C/virtualization.xml:1028(para)
5640
msgid ""
5641
"Manually install the application under <filename>/opt</filename> as "
5642
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
5643
"guidelines</ulink>."
5644
msgstr ""
5645
5646
#: serverguide/C/virtualization.xml:1035(para)
5647
msgid ""
5648
"In our case we'll use <application>Limesurvey</application> as example web "
5649
"application for which we wish to provide a virtual appliance. As noted "
5650
"before, we've made a version of the package available in a PPA (Personal "
5651
"Package Archive)."
5652
msgstr ""
5653
5654
#: serverguide/C/virtualization.xml:1042(title)
5655
msgid "Finishing Install"
5656
msgstr ""
5657
5658
#: serverguide/C/virtualization.xml:1045(title) serverguide/C/virtualization.xml:1942(title)
5659
msgid "First Boot"
5660
msgstr ""
5661
5662
#: serverguide/C/virtualization.xml:1047(para)
5663
msgid ""
5664
"As we mentioned earlier, the first time the machine boots we'll need to "
5665
"install <application>openssh-server</application> so that the key generated "
5666
"for it is unique for each machine. To do this, we'll write a script called "
5667
"<filename>boot.sh</filename> as follows:"
5668
msgstr ""
5669
5670
#: serverguide/C/virtualization.xml:1053(programlisting)
5671
#, no-wrap
5672
msgid ""
5673
"\n"
5674
"# This script will run the first time the virtual machine boots\n"
5675
"# It is ran as root.\n"
5676
"\n"
5677
"apt-get update\n"
5678
"apt-get install -qqy --force-yes openssh-server\n"
5679
msgstr ""
5680
5681
#: serverguide/C/virtualization.xml:1061(para)
5682
msgid ""
5683
"And we add the <command>--firstboot boot.sh</command> option to our command "
5684
"line."
5685
msgstr ""
5686
5687
#: serverguide/C/virtualization.xml:1067(title)
5688
msgid "First Login"
5689
msgstr ""
5690
5691
#: serverguide/C/virtualization.xml:1069(para)
5692
msgid ""
5693
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5694
"set them up the first time a user logs in using a script named login.sh. "
5695
"We'll also use this script to let the user specify:"
5696
msgstr ""
5697
5698
#: serverguide/C/virtualization.xml:1075(para)
5699
msgid "His own password"
5700
msgstr ""
5701
5702
#: serverguide/C/virtualization.xml:1076(para)
5703
msgid "Define the keyboard and other locale info he wants to use"
5704
msgstr ""
5705
5706
#: serverguide/C/virtualization.xml:1079(para)
5707
msgid "So we'll define <filename>login.sh</filename> as follows:"
5708
msgstr ""
5709
5710
#: serverguide/C/virtualization.xml:1083(programlisting)
5711
#, no-wrap
5712
msgid ""
5713
"\n"
5714
"# This script is ran the first time a user logs in\n"
5715
"\n"
5716
"echo \"Your appliance is about to be finished to be set up.\"\n"
5717
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5718
"echo \"starting by changing your user password.\"\n"
5719
"\n"
5720
"passwd\n"
5721
"\n"
5722
"#give the opportunity to change the keyboard\n"
5723
"sudo dpkg-reconfigure console-setup\n"
5724
"\n"
5725
"#configure the mysql server root password\n"
5726
"sudo dpkg-reconfigure mysql-server-5.0\n"
5727
"\n"
5728
"#install limesurvey\n"
5729
"sudo apt-get install -qqy --force-yes limesurvey\n"
5730
"\n"
5731
"echo \"Your appliance is now configured. To use it point your\"\n"
5732
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5733
msgstr ""
5734
5735
#: serverguide/C/virtualization.xml:1105(para)
5736
msgid ""
5737
"And we add the <command>--firstlogin login.sh</command> option to our "
5738
"command line."
5739
msgstr ""
5740
5741
#: serverguide/C/virtualization.xml:1112(title)
5742
msgid "Useful Additions"
5743
msgstr ""
5744
5745
#: serverguide/C/virtualization.xml:1115(title)
5746
msgid "Configuring Automatic Updates"
5747
msgstr ""
5748
5749
#: serverguide/C/virtualization.xml:1117(para)
5750
msgid ""
5751
"To have your system be configured to update itself on a regular basis, we "
5752
"will just install <application>unattended-upgrades</application>, so we add "
5753
"the following option to our command line:"
5754
msgstr ""
5755
5756
#: serverguide/C/virtualization.xml:1123(command)
5757
msgid "--addpkg unattended-upgrades"
5758
msgstr ""
5759
5760
#: serverguide/C/virtualization.xml:1126(para)
5761
msgid ""
5762
"As we have put our application package in a PPA, the process will update not "
5763
"only the system, but also the application each time we update the version in "
5764
"the PPA."
5765
msgstr ""
5766
5767
#: serverguide/C/virtualization.xml:1133(title)
5768
msgid "ACPI Event Handling"
5769
msgstr ""
5770
5771
#: serverguide/C/virtualization.xml:1135(para)
5772
msgid ""
5773
"For your virtual machine to be able to handle restart and shutdown events it "
5774
"is being sent, it is a good idea to install the acpid package as well. To do "
5775
"this we just add the following option:"
5776
msgstr ""
5777
5778
#: serverguide/C/virtualization.xml:1141(command)
5779
msgid "--addpkg acpid"
5780
msgstr ""
5781
5782
#: serverguide/C/virtualization.xml:1147(title)
5783
msgid "Final Command"
5784
msgstr ""
5785
5786
#: serverguide/C/virtualization.xml:1149(para)
5787
msgid "Here is the command with all the options discussed above:"
5788
msgstr ""
5789
5790
#: serverguide/C/virtualization.xml:1154(command)
5791
msgid ""
5792
"sudo vmbuilder kvm ubuntu --suite maverick --flavour virtual --arch i386 -o "
5793
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5794
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5795
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5796
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5797
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5798
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5799
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5800
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5801
"firstlogin login.sh"
5802
msgstr ""
5803
5804
#: serverguide/C/virtualization.xml:1169(para)
5805
msgid ""
5806
"If you are interested in learning more, have questions or suggestions, "
5807
"please contact the Ubuntu Server Team at:"
5808
msgstr ""
5809
5810
#: serverguide/C/virtualization.xml:1174(para)
5811
msgid "IRC: #ubuntu-server on freenode"
5812
msgstr ""
5813
5814
#: serverguide/C/virtualization.xml:1179(para)
5815
msgid ""
5816
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5817
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5818
msgstr ""
5819
5820
#: serverguide/C/virtualization.xml:1184(para)
5821
msgid ""
5822
"Also, see the <ulink "
5823
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5824
"Wiki</ulink> page."
5825
msgstr ""
5826
5827
#: serverguide/C/virtualization.xml:1192(title)
5828
msgid "UEC"
5829
msgstr ""
5830
5831
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2036(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5832
msgid "Overview"
5833
msgstr "Огляд"
5834
5835
#: serverguide/C/virtualization.xml:1197(para)
5836
msgid ""
5837
"This tutorial covers <application>UEC</application> installation from the "
5838
"Ubuntu 10.10 Server Edition CD, and assumes a basic network topology, with a "
5839
"single system serving as the <emphasis>\"all-in-one controller\"</emphasis>, "
5840
"and one or more nodes attached."
5841
msgstr ""
5842
5843
#: serverguide/C/virtualization.xml:1202(para)
5844
msgid ""
5845
"From this Tutorial you will learn how to install, configure, register and "
5846
"perform several operations on a basic <application>UEC</application> setup "
5847
"that results in a cloud with a one controller <emphasis>\"front-"
5848
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5849
"instances. You will also use examples to help get you started using your own "
5850
"private compute cloud."
5851
msgstr ""
5852
5853
#: serverguide/C/virtualization.xml:1210(title)
5854
msgid "Prerequisites"
5855
msgstr "Передумови"
5856
5857
#: serverguide/C/virtualization.xml:1212(para)
5858
msgid ""
5859
"To deploy a minimal cloud infrastructure, you’ll need at least "
5860
"<emphasis>two</emphasis> dedicated systems:"
5861
msgstr ""
5862
5863
#: serverguide/C/virtualization.xml:1218(para)
5864
msgid "A front end."
5865
msgstr ""
5866
5867
#: serverguide/C/virtualization.xml:1223(para)
5868
msgid "One or more node(s)."
5869
msgstr ""
5870
5871
#: serverguide/C/virtualization.xml:1229(para)
5872
msgid ""
5873
"The following are recommendations, rather than fixed requirements. However, "
5874
"our experience in developing this documentation indicated the following "
5875
"suggestions."
5876
msgstr ""
5877
5878
#: serverguide/C/virtualization.xml:1234(title)
5879
msgid "Front End Requirements"
5880
msgstr ""
5881
5882
#: serverguide/C/virtualization.xml:1236(para)
5883
msgid "Use the following table for a system that will run one or more of:"
5884
msgstr ""
5885
5886
#: serverguide/C/virtualization.xml:1241(para)
5887
msgid "Cloud Controller (CLC)"
5888
msgstr ""
5889
5890
#: serverguide/C/virtualization.xml:1242(para)
5891
msgid "Cluster Controller (CC)"
5892
msgstr ""
5893
5894
#: serverguide/C/virtualization.xml:1243(para)
5895
msgid "Walrus (the S3-like storage service)"
5896
msgstr ""
5897
5898
#: serverguide/C/virtualization.xml:1244(para)
5899
msgid "Storage Controller (SC)"
5900
msgstr ""
5901
5902
#: serverguide/C/virtualization.xml:1248(title)
5903
msgid "UEC Front End Requirements"
5904
msgstr ""
5905
5906
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5907
msgid "Hardware"
5908
msgstr "Обладнання"
5909
5910
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5911
msgid "Minimum"
5912
msgstr "Мінімальне"
5913
5914
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5915
msgid "Suggested"
5916
msgstr "Рекомендоване"
5917
5918
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5919
msgid "Notes"
5920
msgstr "Нотатки"
5921
5922
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5923
msgid "CPU"
5924
msgstr "ЦП"
5925
5926
#: serverguide/C/virtualization.xml:1265(para)
5927
msgid "1 GHz"
5928
msgstr "1 ГГц"
5929
5930
#: serverguide/C/virtualization.xml:1266(para)
5931
msgid "2 x 2 GHz"
5932
msgstr "2 x 2 ГГц"
5933
5934
#: serverguide/C/virtualization.xml:1267(para)
5935
msgid ""
5936
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5937
"a dual core processor."
5938
msgstr ""
5939
5940
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5941
msgid "Memory"
5942
msgstr "Пам'ять"
5943
5944
#: serverguide/C/virtualization.xml:1271(para)
5945
msgid "2 GB"
5946
msgstr "2 ГБ"
5947
5948
#: serverguide/C/virtualization.xml:1272(para) serverguide/C/virtualization.xml:1334(para)
5949
msgid "4 GB"
5950
msgstr "4 ГБ"
5951
5952
#: serverguide/C/virtualization.xml:1273(para)
5953
msgid "The Java web front end benefits from lots of available memory."
5954
msgstr ""
5955
5956
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5957
msgid "Disk"
5958
msgstr "Диск"
5959
5960
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5961
msgid "5400 RPM IDE"
5962
msgstr ""
5963
5964
#: serverguide/C/virtualization.xml:1278(para)
5965
msgid "7200 RPM SATA"
5966
msgstr ""
5967
5968
#: serverguide/C/virtualization.xml:1279(para)
5969
msgid ""
5970
"Slower disks will work, but will yield much longer instance startup times."
5971
msgstr ""
5972
5973
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5974
msgid "Disk Space"
5975
msgstr "Простір на диску"
5976
5977
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5978
msgid "40 GB"
5979
msgstr "40 ГБ"
5980
5981
#: serverguide/C/virtualization.xml:1284(para)
5982
msgid "200 GB"
5983
msgstr "200 ГБ"
5984
5985
#: serverguide/C/virtualization.xml:1285(para)
5986
msgid ""
5987
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5988
"does not like to run out of disk space."
5989
msgstr ""
5990
5991
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5992
msgid "Networking"
5993
msgstr "Пропускна здатність мережі"
5994
5995
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5996
msgid "100 Mbps"
5997
msgstr "100 Мбіт/с"
5998
5999
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
6000
msgid "1000 Mbps"
6001
msgstr "1000 Мбіт/с"
6002
6003
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
6004
msgid ""
6005
"Machine images are hundreds of MB, and need to be copied over the network to "
6006
"nodes."
6007
msgstr ""
6008
6009
#: serverguide/C/virtualization.xml:1299(title)
6010
msgid "Node Requirements"
6011
msgstr ""
6012
6013
#: serverguide/C/virtualization.xml:1301(para)
6014
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
6015
msgstr ""
6016
6017
#: serverguide/C/virtualization.xml:1306(para)
6018
msgid "the Node Controller (NC)"
6019
msgstr ""
6020
6021
#: serverguide/C/virtualization.xml:1310(title)
6022
msgid "UEC Node Requirements"
6023
msgstr ""
6024
6025
#: serverguide/C/virtualization.xml:1327(para)
6026
msgid "VT Extensions"
6027
msgstr ""
6028
6029
#: serverguide/C/virtualization.xml:1328(para)
6030
msgid "VT, 64-bit, Multicore"
6031
msgstr ""
6032
6033
#: serverguide/C/virtualization.xml:1329(para)
6034
msgid ""
6035
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
6036
"only run 1 VM per CPU core on a Node."
6037
msgstr ""
6038
6039
#: serverguide/C/virtualization.xml:1333(para)
6040
msgid "1 GB"
6041
msgstr "1 ГБ"
6042
6043
#: serverguide/C/virtualization.xml:1335(para)
6044
msgid "Additional memory means more, and larger guests."
6045
msgstr ""
6046
6047
#: serverguide/C/virtualization.xml:1340(para)
6048
msgid "7200 RPM SATA or SCSI"
6049
msgstr ""
6050
6051
#: serverguide/C/virtualization.xml:1341(para)
6052
msgid ""
6053
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
6054
"bottleneck."
6055
msgstr ""
6056
6057
#: serverguide/C/virtualization.xml:1346(para)
6058
msgid "100 GB"
6059
msgstr "100 ГБ"
6060
6061
#: serverguide/C/virtualization.xml:1347(para)
6062
msgid ""
6063
"Images will be cached locally, Eucalyptus does not like to run out of disk "
6064
"space."
6065
msgstr ""
6066
6067
#: serverguide/C/virtualization.xml:1363(title)
6068
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
6069
msgstr ""
6070
6071
#: serverguide/C/virtualization.xml:1367(para)
6072
msgid "Download the Ubuntu 10.10 Server ISO file, and burn it to a CD."
6073
msgstr ""
6074
6075
#: serverguide/C/virtualization.xml:1372(para)
6076
msgid ""
6077
"When you boot, select <emphasis>“Install Ubuntu Enterprise "
6078
"Cloud”</emphasis>. The installer will detect if any other Eucalyptus "
6079
"components are present."
6080
msgstr ""
6081
6082
#: serverguide/C/virtualization.xml:1377(para)
6083
msgid ""
6084
"You can then choose which components to install, based on your chosen <ulink "
6085
"url=\"https://help.ubuntu.com/community/UEC/Topologies\">topology</ulink>."
6086
msgstr ""
6087
6088
#: serverguide/C/virtualization.xml:1382(para)
6089
msgid ""
6090
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
6091
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
6092
msgstr ""
6093
6094
#: serverguide/C/virtualization.xml:1388(para)
6095
msgid ""
6096
"It will ask two other cloud-specific questions during the course of the "
6097
"install:"
6098
msgstr ""
6099
6100
#: serverguide/C/virtualization.xml:1393(para)
6101
msgid "Name of your cluster."
6102
msgstr ""
6103
6104
#: serverguide/C/virtualization.xml:1396(para)
6105
msgid "e.g. <emphasis>cluster1</emphasis>."
6106
msgstr ""
6107
6108
#: serverguide/C/virtualization.xml:1399(para)
6109
msgid ""
6110
"A range of public IP addresses on the LAN that the cloud can allocate to "
6111
"instances."
6112
msgstr ""
6113
6114
#: serverguide/C/virtualization.xml:1402(para)
6115
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
6116
msgstr "наприклад, <emphasis>192.168.1.200-192.168.1.249</emphasis>."
6117
6118
#: serverguide/C/virtualization.xml:1410(title)
6119
msgid "Installing the Node Controller(s)"
6120
msgstr ""
6121
6122
#: serverguide/C/virtualization.xml:1412(para)
6123
msgid ""
6124
"The node controller install is even simpler. Just make sure that you are "
6125
"connected to the network on which the cloud/cluster controller is already "
6126
"running."
6127
msgstr ""
6128
6129
#: serverguide/C/virtualization.xml:1418(para)
6130
msgid "Boot from the same ISO on the node(s)."
6131
msgstr ""
6132
6133
#: serverguide/C/virtualization.xml:1423(para)
6134
msgid ""
6135
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6136
msgstr ""
6137
6138
#: serverguide/C/virtualization.xml:1428(para)
6139
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
6140
msgstr ""
6141
6142
#: serverguide/C/virtualization.xml:1433(para)
6143
msgid ""
6144
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
6145
"install for you."
6146
msgstr ""
6147
6148
#: serverguide/C/virtualization.xml:1438(para)
6149
msgid "Confirm the partitioning scheme."
6150
msgstr ""
6151
6152
#: serverguide/C/virtualization.xml:1443(para)
6153
msgid ""
6154
"The rest of the installation should proceed uninterrupted; complete the "
6155
"installation and reboot the node."
6156
msgstr ""
6157
6158
#: serverguide/C/virtualization.xml:1451(title)
6159
msgid "Register the Node(s)"
6160
msgstr ""
6161
6162
#: serverguide/C/virtualization.xml:1456(para)
6163
msgid ""
6164
"Nodes are the physical systems within <application>UEC</application> that "
6165
"actually run the virtual machine instances of the cloud."
6166
msgstr ""
6167
6168
#: serverguide/C/virtualization.xml:1460(para)
6169
msgid "All component registration should be automatic, assuming:"
6170
msgstr ""
6171
6172
#: serverguide/C/virtualization.xml:1466(para)
6173
msgid "Public SSH keys have been exchanged properly."
6174
msgstr ""
6175
6176
#: serverguide/C/virtualization.xml:1471(para)
6177
msgid "The services are configured properly."
6178
msgstr ""
6179
6180
#: serverguide/C/virtualization.xml:1476(para)
6181
msgid ""
6182
"The appropriate <emphasis>uec-component-listener</emphasis> is running."
6183
msgstr ""
6184
6185
#: serverguide/C/virtualization.xml:1481(para)
6186
msgid "Verify Registration."
6187
msgstr ""
6188
6189
#: serverguide/C/virtualization.xml:1487(para)
6190
msgid ""
6191
"Steps a to e should only be required if you're using the <ulink "
6192
"url=\"https://help.ubuntu.com/community/UEC/PackageInstall\">UEC/PackageInsta"
6193
"ll</ulink> method. Otherwise, if you are following this guide, these steps "
6194
"should already be completed automatically for you, and therefore you can "
6195
"skip <emphasis>\"a\"</emphasis> to <emphasis>\"e\"</emphasis>."
6196
msgstr ""
6197
6198
#: serverguide/C/virtualization.xml:1495(para)
6199
msgid "Exchange Public Keys"
6200
msgstr ""
6201
6202
#: serverguide/C/virtualization.xml:1497(para)
6203
msgid ""
6204
"The Cloud Controller's <emphasis>eucalyptus</emphasis> user needs to have "
6205
"SSH access to the Walrus Controller, Cluster Controller, and Storage "
6206
"Controller as the eucalyptus user."
6207
msgstr ""
6208
6209
#: serverguide/C/virtualization.xml:1502(para)
6210
msgid ""
6211
"Install the Cloud Controller's <emphasis>eucalyptus</emphasis> user's public "
6212
"ssh key by:"
6213
msgstr ""
6214
6215
#: serverguide/C/virtualization.xml:1508(para)
6216
msgid ""
6217
"On the target controller, temporarily set a password for the eucalyptus user:"
6218
msgstr ""
6219
6220
#: serverguide/C/virtualization.xml:1512(command)
6221
msgid "sudo passwd eucalyptus"
6222
msgstr ""
6223
6224
#: serverguide/C/virtualization.xml:1516(para)
6225
msgid "Then, on the Cloud Controller:"
6226
msgstr ""
6227
6228
#: serverguide/C/virtualization.xml:1520(command)
6229
msgid ""
6230
"sudo -u eucalyptus ssh-copy-id -i ~eucalyptus/.ssh/id_rsa.pub "
6231
"eucalyptus@<IP_OF_NODE>"
6232
msgstr ""
6233
6234
#: serverguide/C/virtualization.xml:1524(para)
6235
msgid ""
6236
"You can now remove the password of the eucalyptus account on the target "
6237
"controller, if you wish:"
6238
msgstr ""
6239
6240
#: serverguide/C/virtualization.xml:1528(command)
6241
msgid "sudo passwd -d eucalyptus"
6242
msgstr ""
6243
6244
#: serverguide/C/virtualization.xml:1535(para)
6245
msgid "Configuring the Services"
6246
msgstr ""
6247
6248
#: serverguide/C/virtualization.xml:1537(para)
6249
msgid "On the <emphasis>Cloud Controller</emphasis>:"
6250
msgstr ""
6251
6252
#: serverguide/C/virtualization.xml:1543(para)
6253
msgid "For the <emphasis>Cluster Controller</emphasis> Registration:"
6254
msgstr ""
6255
6256
#: serverguide/C/virtualization.xml:1547(para) serverguide/C/virtualization.xml:1575(para)
6257
msgid ""
6258
"Define the shell variable CC_NAME in <filename>/etc/eucalyptus/eucalyptus-"
6259
"cc.conf</filename>"
6260
msgstr ""
6261
6262
#: serverguide/C/virtualization.xml:1549(para)
6263
msgid ""
6264
"Define the shell variable CC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6265
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6266
"addresses."
6267
msgstr ""
6268
6269
#: serverguide/C/virtualization.xml:1556(para)
6270
msgid "For the <emphasis>Walrus Controller</emphasis> Registration:"
6271
msgstr ""
6272
6273
#: serverguide/C/virtualization.xml:1560(para)
6274
msgid ""
6275
"Define the shell variable WALRUS_IP_ADDR in "
6276
"<filename>/etc/eucalyptus/eucalyptus-ipaddr.conf</filename>, as a single IP "
6277
"address."
6278
msgstr ""
6279
6280
#: serverguide/C/virtualization.xml:1565(para)
6281
msgid "On the <emphasis>Cluster Controller</emphasis>:"
6282
msgstr ""
6283
6284
#: serverguide/C/virtualization.xml:1571(para)
6285
msgid "For <emphasis>Storage Controller</emphasis> Registration:"
6286
msgstr ""
6287
6288
#: serverguide/C/virtualization.xml:1577(para)
6289
msgid ""
6290
"Define the shell variable SC_IP_ADDR in <filename>/etc/eucalyptus/eucalyptus-"
6291
"ipaddr.conf</filename>, as a space separated list of one or more IP "
6292
"addresses."
6293
msgstr ""
6294
6295
#: serverguide/C/virtualization.xml:1587(para)
6296
msgid "Publish"
6297
msgstr ""
6298
6299
#: serverguide/C/virtualization.xml:1589(para)
6300
msgid "Now start the publication services."
6301
msgstr ""
6302
6303
#: serverguide/C/virtualization.xml:1595(emphasis)
6304
msgid "Walrus Controller:"
6305
msgstr ""
6306
6307
#: serverguide/C/virtualization.xml:1597(command)
6308
msgid "sudo start eucalyptus-walrus-publication"
6309
msgstr ""
6310
6311
#: serverguide/C/virtualization.xml:1601(emphasis)
6312
msgid "Cluster Controller:"
6313
msgstr ""
6314
6315
#: serverguide/C/virtualization.xml:1603(command)
6316
msgid "sudo start eucalyptus-cc-publication"
6317
msgstr ""
6318
6319
#: serverguide/C/virtualization.xml:1607(emphasis)
6320
msgid "Storage Controller:"
6321
msgstr ""
6322
6323
#: serverguide/C/virtualization.xml:1609(command)
6324
msgid "sudo start eucalyptus-sc-publication"
6325
msgstr ""
6326
6327
#: serverguide/C/virtualization.xml:1613(emphasis)
6328
msgid "Node Controller:"
6329
msgstr ""
6330
6331
#: serverguide/C/virtualization.xml:1615(command)
6332
msgid "sudo start eucalyptus-nc-publication"
6333
msgstr ""
6334
6335
#: serverguide/C/virtualization.xml:1622(para)
6336
msgid "Start the Listener"
6337
msgstr ""
6338
6339
#: serverguide/C/virtualization.xml:1624(para)
6340
msgid ""
6341
"On the <emphasis>Cloud Controller</emphasis> and the <emphasis>Cluster "
6342
"Controller(s)</emphasis>, run:"
6343
msgstr ""
6344
6345
#: serverguide/C/virtualization.xml:1629(command)
6346
msgid "sudo start uec-component-listener"
6347
msgstr ""
6348
6349
#: serverguide/C/virtualization.xml:1634(para)
6350
msgid "Verify Registration"
6351
msgstr ""
6352
6353
#: serverguide/C/virtualization.xml:1637(command)
6354
msgid "cat /var/log/eucalyptus/registration.log"
6355
msgstr ""
6356
6357
#: serverguide/C/virtualization.xml:1638(computeroutput)
6358
#, no-wrap
6359
msgid ""
6360
"2010-04-08 15:46:36-05:00 | 24243 -> Calling node cluster1 node "
6361
"10.1.1.75\n"
6362
"2010-04-08 15:46:36-05:00 | 24243 -> euca_conf --register-nodes returned "
6363
"0\n"
6364
"2010-04-08 15:48:47-05:00 | 25858 -> Calling walrus Walrus 10.1.1.71\n"
6365
"2010-04-08 15:48:51-05:00 | 25858 -> euca_conf --register-walrus returned "
6366
"0\n"
6367
"2010-04-08 15:49:04-05:00 | 26237 -> Calling cluster cluster1 10.1.1.71\n"
6368
"2010-04-08 15:49:08-05:00 | 26237 -> euca_conf --register-cluster "
6369
"returned 0\n"
6370
"2010-04-08 15:49:17-05:00 | 26644 -> Calling storage cluster1 storage "
6371
"10.1.1.71\n"
6372
"2010-04-08 15:49:18-05:00 | 26644 -> euca_conf --register-sc returned 0"
6373
msgstr ""
6374
6375
#: serverguide/C/virtualization.xml:1649(para)
6376
msgid "The output on your machine will vary from the example above."
6377
msgstr ""
6378
6379
#: serverguide/C/virtualization.xml:1659(title)
6380
msgid "Obtain Credentials"
6381
msgstr ""
6382
6383
#: serverguide/C/virtualization.xml:1661(para)
6384
msgid ""
6385
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
6386
"users of the cloud will need to retrieve their credentials. This can be done "
6387
"either through a web browser, or at the command line."
6388
msgstr ""
6389
6390
#: serverguide/C/virtualization.xml:1667(title)
6391
msgid "From a Web Browser"
6392
msgstr ""
6393
6394
#: serverguide/C/virtualization.xml:1671(para)
6395
msgid ""
6396
"From your web browser (either remotely or on your Ubuntu server) access the "
6397
"following URL:"
6398
msgstr ""
6399
6400
#: serverguide/C/virtualization.xml:1674(programlisting) serverguide/C/virtualization.xml:1804(programlisting)
6401
#, no-wrap
6402
msgid ""
6403
"\n"
6404
"https://<cloud-controller-ip-address>:8443/\n"
6405
msgstr ""
6406
6407
#: serverguide/C/virtualization.xml:1679(para)
6408
msgid ""
6409
"You must use a secure connection, so make sure you use \"https\" not "
6410
"\"http\" in your URL. You will get a security certificate warning. You will "
6411
"have to add an exception to view the page. If you do not accept it you will "
6412
"not be able to view the Eucalyptus configuration page."
6413
msgstr ""
6414
6415
#: serverguide/C/virtualization.xml:1687(para)
6416
msgid ""
6417
"Use username <emphasis>'admin'</emphasis> and password "
6418
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
6419
"to change your password)."
6420
msgstr ""
6421
6422
#: serverguide/C/virtualization.xml:1693(para)
6423
msgid ""
6424
"Then follow the on-screen instructions to update the admin password and "
6425
"email address."
6426
msgstr ""
6427
6428
#: serverguide/C/virtualization.xml:1698(para)
6429
msgid ""
6430
"Once the first time configuration process is completed, click the "
6431
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
6432
"the screen."
6433
msgstr ""
6434
6435
#: serverguide/C/virtualization.xml:1704(para)
6436
msgid ""
6437
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
6438
"certificates."
6439
msgstr ""
6440
6441
#: serverguide/C/virtualization.xml:1709(para)
6442
msgid "Save them to <filename>~/.euca</filename>."
6443
msgstr ""
6444
6445
#: serverguide/C/virtualization.xml:1714(para)
6446
msgid ""
6447
"Unzip the downloaded zip file into a safe location "
6448
"(<filename>~/.euca</filename>)."
6449
msgstr ""
6450
6451
#: serverguide/C/virtualization.xml:1718(command)
6452
msgid "unzip -d ~/.euca mycreds.zip"
6453
msgstr ""
6454
6455
#: serverguide/C/virtualization.xml:1725(title)
6456
msgid "From a Command Line"
6457
msgstr ""
6458
6459
#: serverguide/C/virtualization.xml:1729(para)
6460
msgid ""
6461
"Alternatively, if you are on the command line of the <emphasis>Cloud "
6462
"Controller</emphasis>, you can run:"
6463
msgstr ""
6464
6465
#: serverguide/C/virtualization.xml:1733(command)
6466
msgid "mkdir -p ~/.euca"
6467
msgstr ""
6468
6469
#: serverguide/C/virtualization.xml:1734(command)
6470
msgid "chmod 700 ~/.euca"
6471
msgstr ""
6472
6473
#: serverguide/C/virtualization.xml:1735(command)
6474
msgid "cd ~/.euca"
6475
msgstr ""
6476
6477
#: serverguide/C/virtualization.xml:1736(command)
6478
msgid "sudo euca_conf --get-credentials mycreds.zip"
6479
msgstr ""
6480
6481
#: serverguide/C/virtualization.xml:1737(command)
6482
msgid "unzip mycreds.zip"
6483
msgstr ""
6484
6485
#: serverguide/C/virtualization.xml:1738(command)
6486
msgid "ln -s ~/.euca/eucarc ~/.eucarc"
6487
msgstr ""
6488
6489
#: serverguide/C/virtualization.xml:1739(command)
6490
msgid "cd -"
6491
msgstr "cd -"
6492
6493
#: serverguide/C/virtualization.xml:1746(title)
6494
msgid "Extracting and Using Your Credentials"
6495
msgstr ""
6496
6497
#: serverguide/C/virtualization.xml:1748(para)
6498
msgid ""
6499
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
6500
"certificates."
6501
msgstr ""
6502
6503
#: serverguide/C/virtualization.xml:1754(para)
6504
msgid "Install the required cloud user tools:"
6505
msgstr ""
6506
6507
#: serverguide/C/virtualization.xml:1758(command)
6508
msgid "sudo apt-get install euca2ools"
6509
msgstr ""
6510
6511
#: serverguide/C/virtualization.xml:1762(para)
6512
msgid ""
6513
"To validate that everything is working correctly, get the local cluster "
6514
"availability details:"
6515
msgstr ""
6516
6517
#: serverguide/C/virtualization.xml:1766(command)
6518
msgid ". ~/.euca/eucarc"
6519
msgstr ""
6520
6521
#: serverguide/C/virtualization.xml:1767(command)
6522
msgid "euca-describe-availability-zones verbose"
6523
msgstr ""
6524
6525
#: serverguide/C/virtualization.xml:1768(computeroutput)
6526
#, no-wrap
6527
msgid ""
6528
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
6529
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
6530
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
6531
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
6532
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
6533
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
6534
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
6535
msgstr ""
6536
6537
#: serverguide/C/virtualization.xml:1778(para)
6538
msgid "Your output from the above command will vary."
6539
msgstr ""
6540
6541
#: serverguide/C/virtualization.xml:1788(title)
6542
msgid "Install an Image from the Store"
6543
msgstr ""
6544
6545
#: serverguide/C/virtualization.xml:1790(para)
6546
msgid ""
6547
"The following is by far the simplest way to install an image. However, "
6548
"advanced users may be interested in learning how to <ulink "
6549
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
6550
"own image</ulink>."
6551
msgstr ""
6552
6553
#: serverguide/C/virtualization.xml:1795(para)
6554
msgid ""
6555
"The simplest way to add an image to <application>UEC</application> is to "
6556
"install it from the Image Store on the UEC web interface."
6557
msgstr ""
6558
6559
#: serverguide/C/virtualization.xml:1801(para)
6560
msgid ""
6561
"Access the web interface at the following URL (Make sure you specify https):"
6562
msgstr ""
6563
6564
#: serverguide/C/virtualization.xml:1809(para)
6565
msgid ""
6566
"Enter your login and password (if requested, as you may still be logged in "
6567
"from earlier)."
6568
msgstr ""
6569
6570
#: serverguide/C/virtualization.xml:1814(para)
6571
msgid "Click on the <emphasis>Store</emphasis> tab."
6572
msgstr ""
6573
6574
#: serverguide/C/virtualization.xml:1819(para)
6575
msgid "Browse available images."
6576
msgstr ""
6577
6578
#: serverguide/C/virtualization.xml:1824(para)
6579
msgid "Click on <emphasis>install</emphasis> for the image you want."
6580
msgstr ""
6581
6582
#: serverguide/C/virtualization.xml:1830(para)
6583
msgid ""
6584
"Once the image has been downloaded and installed, you can click on "
6585
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
6586
"button to view the command to execute to instantiate (start) this image. The "
6587
"image will also appear on the list given on the <emphasis>Image</emphasis> "
6588
"tab."
6589
msgstr ""
6590
6591
#: serverguide/C/virtualization.xml:1838(title)
6592
msgid "Run an Image"
6593
msgstr ""
6594
6595
#: serverguide/C/virtualization.xml:1840(para)
6596
msgid "There are multiple ways to instantiate an image in UEC:"
6597
msgstr ""
6598
6599
#: serverguide/C/virtualization.xml:1845(para)
6600
msgid "Use the command line."
6601
msgstr "Скористайтеся командним рядком."
6602
6603
#: serverguide/C/virtualization.xml:1846(para)
6604
msgid ""
6605
"Use one of the UEC compatible management tools such as "
6606
"<emphasis>Landscape</emphasis>."
6607
msgstr ""
6608
6609
#: serverguide/C/virtualization.xml:1848(para)
6610
msgid ""
6611
"Use the <ulink "
6612
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
6613
"extension to Firefox."
6614
msgstr ""
6615
6616
#: serverguide/C/virtualization.xml:1854(para)
6617
msgid "Here we will describe the process from the command line:"
6618
msgstr ""
6619
6620
#: serverguide/C/virtualization.xml:1860(para)
6621
msgid ""
6622
"Before running an instance of your image, you should first create a "
6623
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
6624
"instance as root, once it boots. The key is stored, so you will only have to "
6625
"do this once."
6626
msgstr ""
6627
6628
#: serverguide/C/virtualization.xml:1864(para)
6629
msgid "Run the following command:"
6630
msgstr ""
6631
6632
#: serverguide/C/virtualization.xml:1867(programlisting)
6633
#, no-wrap
6634
msgid ""
6635
"\n"
6636
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
6637
" mkdir -p -m 700 ~/.euca\n"
6638
" touch ~/.euca/mykey.priv\n"
6639
" chmod 0600 ~/.euca/mykey.priv\n"
6640
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
6641
"fi\n"
6642
msgstr ""
6643
6644
#: serverguide/C/virtualization.xml:1876(para)
6645
msgid ""
6646
"You can call your key whatever you like (in this example, the key is called "
6647
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6648
"forget, you can always run <command>euca-describe-keypairs</command> to get "
6649
"a list of created keys stored in the system."
6650
msgstr ""
6651
6652
#: serverguide/C/virtualization.xml:1883(para)
6653
msgid "You must also allow access to port 22 in your instances:"
6654
msgstr ""
6655
6656
#: serverguide/C/virtualization.xml:1887(command)
6657
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6658
msgstr ""
6659
6660
#: serverguide/C/virtualization.xml:1891(para)
6661
msgid "Next, you can create instances of your registered image:"
6662
msgstr ""
6663
6664
#: serverguide/C/virtualization.xml:1895(command)
6665
msgid "euca-run-instances $EMI -k mykey -t m1.small"
6666
msgstr ""
6667
6668
#: serverguide/C/virtualization.xml:1898(para)
6669
msgid ""
6670
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6671
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6672
"on the <emphasis>Store</emphasis> page to see the sample command."
6673
msgstr ""
6674
6675
#: serverguide/C/virtualization.xml:1905(para)
6676
msgid ""
6677
"The first time you run an instance, the system will be setting up caches for "
6678
"the image from which it will be created. This can often take some time the "
6679
"first time an instance is run given that VM images are usually quite large."
6680
msgstr ""
6681
6682
#: serverguide/C/virtualization.xml:1909(para)
6683
msgid "To monitor the state of your instance, run:"
6684
msgstr ""
6685
6686
#: serverguide/C/virtualization.xml:1913(command)
6687
msgid "watch -n5 euca-describe-instances"
6688
msgstr ""
6689
6690
#: serverguide/C/virtualization.xml:1915(para)
6691
msgid ""
6692
"In the output, you should see information about the instance, including its "
6693
"state. While first-time caching is being performed, the instance's state "
6694
"will be <emphasis>'pending'</emphasis>."
6695
msgstr ""
6696
6697
#: serverguide/C/virtualization.xml:1921(para)
6698
msgid ""
6699
"When the instance is fully started, the above state will become "
6700
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6701
"instance in the output, then connect to it:"
6702
msgstr ""
6703
6704
#: serverguide/C/virtualization.xml:1926(command)
6705
msgid ""
6706
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6707
"'{print $4}')"
6708
msgstr ""
6709
6710
#: serverguide/C/virtualization.xml:1927(command)
6711
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6712
msgstr ""
6713
6714
#: serverguide/C/virtualization.xml:1931(para)
6715
msgid ""
6716
"And when you are done with this instance, exit your SSH connection, then "
6717
"terminate your instance:"
6718
msgstr ""
6719
6720
#: serverguide/C/virtualization.xml:1935(command)
6721
msgid ""
6722
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6723
"awk '{print $2}')"
6724
msgstr ""
6725
6726
#: serverguide/C/virtualization.xml:1936(command)
6727
msgid "euca-terminate-instances $INSTANCEID"
6728
msgstr ""
6729
6730
#: serverguide/C/virtualization.xml:1944(para)
6731
msgid ""
6732
"The <application>cloud-init</application> package provides \"first boot\" "
6733
"functionality for the Ubuntu UEC images. It is in charge of taking the "
6734
"generic filesystem image that is booting and customizing it for this "
6735
"particular instance. That includes things like:"
6736
msgstr ""
6737
6738
#: serverguide/C/virtualization.xml:1952(para)
6739
msgid "Setting the hostname."
6740
msgstr ""
6741
6742
#: serverguide/C/virtualization.xml:1957(para)
6743
msgid ""
6744
"Putting the provided ssh public keys into "
6745
"<filename>~ubuntu/.ssh/authorized_keys</filename>."
6746
msgstr ""
6747
6748
#: serverguide/C/virtualization.xml:1962(para)
6749
msgid "Running a user provided script, or otherwise modifying the image."
6750
msgstr ""
6751
6752
#: serverguide/C/virtualization.xml:1968(para)
6753
msgid ""
6754
"Setting hostname and configuring a system so the person who launched it can "
6755
"actually log into it are not terribly interesting. The interesting things "
6756
"that can be done with <application>cloud-init</application> are made "
6757
"possible by data provided at launch time called <ulink "
6758
"url=\"http://developer.amazonwebservices.com/connect/entry.jspa?externalID=10"
6759
"85\">user-data</ulink>."
6760
msgstr ""
6761
6762
#: serverguide/C/virtualization.xml:1974(para)
6763
msgid "First, install the <application>cloud-init</application> package:"
6764
msgstr ""
6765
6766
#: serverguide/C/virtualization.xml:1979(command)
6767
msgid "sudo apt-get install cloud-init"
6768
msgstr ""
6769
6770
#: serverguide/C/virtualization.xml:1982(para)
6771
msgid ""
6772
"If the user-data starts with <emphasis>'#!'</emphasis>, then it will be "
6773
"stored and executed as root late in the boot process of the instance's first "
6774
"boot (similar to a traditional 'rc.local' script). Output from the script is "
6775
"directed to the console."
6776
msgstr ""
6777
6778
#: serverguide/C/virtualization.xml:1987(para)
6779
msgid ""
6780
"For example, create a file named <filename>ud.txt</filename> containing:"
6781
msgstr ""
6782
6783
#: serverguide/C/virtualization.xml:1991(programlisting)
6784
#, no-wrap
6785
msgid ""
6786
"\n"
6787
"#!/bin/sh\n"
6788
"echo ========== Hello World: $(date) ==========\n"
6789
"echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6790
msgstr ""
6791
6792
#: serverguide/C/virtualization.xml:1997(para)
6793
msgid ""
6794
"Now start an instance with the <emphasis>--user-data-file</emphasis> option:"
6795
msgstr ""
6796
6797
#: serverguide/C/virtualization.xml:2002(command)
6798
msgid "euca-run-instances $EMI -k mykey -t m1.small --user-data-file=ud.txt"
6799
msgstr ""
6800
6801
#: serverguide/C/virtualization.xml:2005(para)
6802
msgid ""
6803
"Wait now for the system to come up and console to be available. To see the "
6804
"result of the data file commands enter:"
6805
msgstr ""
6806
6807
#: serverguide/C/virtualization.xml:2010(command)
6808
msgid "euca-get-console-output $EMI | grep --after-context=1 Hello"
6809
msgstr ""
6810
6811
#: serverguide/C/virtualization.xml:2011(computeroutput)
6812
#, no-wrap
6813
msgid ""
6814
"========== Hello World: Mon Mar 29 18:05:05 UTC 2010 ==========\n"
6815
"I have been up for 28.26 sec"
6816
msgstr ""
6817
6818
#: serverguide/C/virtualization.xml:2016(para)
6819
msgid "Your output may vary."
6820
msgstr ""
6821
6822
#: serverguide/C/virtualization.xml:2021(para)
6823
msgid ""
6824
"The simple approach shown above gives a great deal of power. The user-data "
6825
"can contain a script in any language where an interpreter already exists in "
6826
"the image (#!/bin/sh, #!/usr/bin/python, #!/usr/bin/perl, #!/usr/bin/awk ... "
6827
")."
6828
msgstr ""
6829
6830
#: serverguide/C/virtualization.xml:2026(para)
6831
msgid ""
6832
"For many cases, the user may not be interested in writing a program. For "
6833
"this case, cloud-init provides <emphasis>\"cloud-config\"</emphasis>, a "
6834
"configuration based approach towards customization. To utilize the cloud-"
6835
"config syntax, the supplied user-data must start with a <emphasis>'#cloud-"
6836
"config'</emphasis>."
6837
msgstr ""
6838
6839
#: serverguide/C/virtualization.xml:2031(para)
6840
msgid ""
6841
"For example, create a text file named <filename>clout-config.txt</filename> "
6842
"containing:"
6843
msgstr ""
6844
6845
#: serverguide/C/virtualization.xml:2035(programlisting)
6846
#, no-wrap
6847
msgid ""
6848
"\n"
6849
"#cloud-config\n"
6850
"apt_upgrade: true\n"
6851
"apt_sources:\n"
6852
"- source: \"ppa:ubuntu-server-edgers/server-edgers-apache \"\n"
6853
"\n"
6854
"packages:\n"
6855
"- build-essential\n"
6856
"- pastebinit\n"
6857
"\n"
6858
"runcmd:\n"
6859
"- echo ======= Hello World =====\n"
6860
"- echo \"I have been up for $(cut -d\\ -f 1 < /proc/uptime) sec\"\n"
6861
msgstr ""
6862
6863
#: serverguide/C/virtualization.xml:2050(para)
6864
msgid "Create a new instance:"
6865
msgstr ""
6866
6867
#: serverguide/C/virtualization.xml:2055(command)
6868
msgid ""
6869
"euca-run-instances $EMI -k mykey -t m1.small --user-data-file=cloud-"
6870
"config.txt"
6871
msgstr ""
6872
6873
#: serverguide/C/virtualization.xml:2058(para)
6874
msgid "Now, when the above system is booted, it will have:"
6875
msgstr ""
6876
6877
#: serverguide/C/virtualization.xml:2063(para)
6878
msgid "Added the Apache Edgers PPA."
6879
msgstr ""
6880
6881
#: serverguide/C/virtualization.xml:2064(para)
6882
msgid "Run an upgrade to get all updates available"
6883
msgstr ""
6884
6885
#: serverguide/C/virtualization.xml:2065(para)
6886
msgid "Installed the 'build-essential' and 'pastebinit' packages"
6887
msgstr ""
6888
6889
#: serverguide/C/virtualization.xml:2066(para)
6890
msgid "Printed a similar message to the script above"
6891
msgstr ""
6892
6893
#: serverguide/C/virtualization.xml:2070(para)
6894
msgid ""
6895
"The <emphasis>Apache Edgers PPA</emphasis>, in the above example, contains "
6896
"the latest version of Apache from upstream source repositories. Package "
6897
"versions in the PPA are unsupported, and depending on your situation, this "
6898
"may or may not be desirable. See the <ulink "
6899
"url=\"https://launchpad.net/~ubuntu-server-edgers\">Ubuntu Server "
6900
"Edgers</ulink> web page for more details."
6901
msgstr ""
6902
6903
#: serverguide/C/virtualization.xml:2077(para)
6904
msgid ""
6905
"The <emphasis>'runcmd'</emphasis> commands are run at the same point in boot "
6906
"that the <emphasis>'#!'</emphasis> script would run in the previous example. "
6907
"It is present to allow you to get the full power of a scripting language if "
6908
"you need it without abandoning <emphasis>cloud-config</emphasis>."
6909
msgstr ""
6910
6911
#: serverguide/C/virtualization.xml:2082(para)
6912
msgid ""
6913
"For more information on what kinds of things can be done with "
6914
"<application>cloud-config</application>, see <ulink "
6915
"url=\"http://bazaar.launchpad.net/~cloud-init-dev/cloud-"
6916
"init/trunk/files/head:/doc/examples/\">doc/examples</ulink> in the source."
6917
msgstr ""
6918
6919
#: serverguide/C/virtualization.xml:2091(title) serverguide/C/dns.xml:619(title)
6920
msgid "More Information"
6921
msgstr "Додаткова інформація"
6922
6923
#: serverguide/C/virtualization.xml:2093(para)
6924
msgid ""
6925
"How to use the <ulink "
6926
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6927
"Controller</ulink>"
6928
msgstr ""
6929
6930
#: serverguide/C/virtualization.xml:2097(para)
6931
msgid "Controlling eucalyptus services:"
6932
msgstr ""
6933
6934
#: serverguide/C/virtualization.xml:2102(para)
6935
msgid ""
6936
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6937
msgstr ""
6938
6939
#: serverguide/C/virtualization.xml:2103(para)
6940
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6941
msgstr ""
6942
6943
#: serverguide/C/virtualization.xml:2106(para)
6944
msgid "Locations of some important files:"
6945
msgstr ""
6946
6947
#: serverguide/C/virtualization.xml:2113(emphasis)
6948
msgid "Log files:"
6949
msgstr "Файли журналів:"
6950
6951
#: serverguide/C/virtualization.xml:2116(para)
6952
msgid "/var/log/eucalyptus"
6953
msgstr "/var/log/eucalyptus"
6954
6955
#: serverguide/C/virtualization.xml:2121(emphasis)
6956
msgid "Configuration files:"
6957
msgstr "Файли налаштування:"
6958
6959
#: serverguide/C/virtualization.xml:2124(para)
6960
msgid "/etc/eucalyptus"
6961
msgstr "/etc/eucalyptus"
6962
6963
#: serverguide/C/virtualization.xml:2129(emphasis)
6964
msgid "Database:"
6965
msgstr "База даних:"
6966
6967
#: serverguide/C/virtualization.xml:2132(para)
6968
msgid "/var/lib/eucalyptus/db"
6969
msgstr "/var/lib/eucalyptus/db"
6970
6971
#: serverguide/C/virtualization.xml:2137(emphasis)
6972
msgid "Keys:"
6973
msgstr "Ключі:"
6974
6975
#: serverguide/C/virtualization.xml:2140(para)
6976
msgid "/var/lib/eucalyptus"
6977
msgstr "/var/lib/eucalyptus"
6978
6979
#: serverguide/C/virtualization.xml:2141(para)
6980
msgid "/var/lib/eucalyptus/.ssh"
6981
msgstr "/var/lib/eucalyptus/.ssh"
6982
6983
#: serverguide/C/virtualization.xml:2147(para)
6984
msgid ""
6985
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6986
"running the client tools."
6987
msgstr ""
6988
6989
#: serverguide/C/virtualization.xml:2158(para)
6990
msgid ""
6991
"For information on loading instances see the <ulink "
6992
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
6993
"page."
6994
msgstr ""
6995
6996
#: serverguide/C/virtualization.xml:2163(para)
6997
msgid ""
6998
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6999
"documentation, downloads)</ulink>."
7000
msgstr ""
7001
7002
#: serverguide/C/virtualization.xml:2168(para)
7003
msgid ""
7004
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
7005
"(bugs, code)</ulink>."
7006
msgstr ""
7007
7008
#: serverguide/C/virtualization.xml:2173(para)
7009
msgid ""
7010
"<ulink "
7011
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
7012
"ptus Troubleshooting (1.5)</ulink>."
7013
msgstr ""
7014
7015
#: serverguide/C/virtualization.xml:2178(para)
7016
msgid ""
7017
"<ulink url=\"http://support.rightscale.com/2._References/02-"
7018
"Cloud_Infrastructures/Eucalyptus/03-"
7019
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
7020
"RightScale</ulink>."
7021
msgstr ""
7022
7023
#: serverguide/C/virtualization.xml:2184(para)
7024
msgid ""
7025
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
7026
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
7027
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
7028
msgstr ""
7029
7030
#: serverguide/C/virtualization.xml:2193(title)
7031
msgid "Glossary"
7032
msgstr "Глосарій"
7033
7034
#: serverguide/C/virtualization.xml:2195(para)
7035
msgid ""
7036
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
7037
"unfamiliar to some readers. This page is intended to provide a glossary of "
7038
"such terms and acronyms."
7039
msgstr ""
7040
7041
#: serverguide/C/virtualization.xml:2202(para)
7042
msgid ""
7043
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
7044
"computing resources through virtual machines, provisioned and recollected "
7045
"dynamically."
7046
msgstr ""
7047
7048
#: serverguide/C/virtualization.xml:2208(para)
7049
msgid ""
7050
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
7051
"provides the web UI (an https server on port 8443), and implements the "
7052
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
7053
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
7054
"cloud</application> package."
7055
msgstr ""
7056
7057
#: serverguide/C/virtualization.xml:2215(para)
7058
msgid ""
7059
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
7060
"Cluster Controller. There can be more than one Cluster in an installation of "
7061
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
7062
"floor2, floor2)."
7063
msgstr ""
7064
7065
#: serverguide/C/virtualization.xml:2221(para)
7066
msgid ""
7067
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
7068
"manages collections of node resources. This service is provided by the "
7069
"Ubuntu <application>eucalyptus-cc</application> package."
7070
msgstr ""
7071
7072
#: serverguide/C/virtualization.xml:2227(para)
7073
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
7074
msgstr ""
7075
7076
#: serverguide/C/virtualization.xml:2232(para)
7077
msgid ""
7078
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
7079
"pay-by-the-gigabyte public cloud computing offering."
7080
msgstr ""
7081
7082
#: serverguide/C/virtualization.xml:2237(para)
7083
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
7084
msgstr ""
7085
7086
#: serverguide/C/virtualization.xml:2242(para)
7087
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
7088
msgstr ""
7089
7090
#: serverguide/C/virtualization.xml:2247(para)
7091
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
7092
msgstr ""
7093
7094
#: serverguide/C/virtualization.xml:2252(para)
7095
msgid ""
7096
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
7097
"Linking Your Programs To Useful Systems. An open source project originally "
7098
"from the University of California at Santa Barbara, now supported by "
7099
"Eucalyptus Systems, a Canonical Partner."
7100
msgstr ""
7101
7102
#: serverguide/C/virtualization.xml:2259(para)
7103
msgid ""
7104
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
7105
"the high level Eucalyptus components (cloud, walrus, storage controller, "
7106
"cluster controller)."
7107
msgstr ""
7108
7109
#: serverguide/C/virtualization.xml:2265(para)
7110
msgid ""
7111
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
7112
"running virtual machines, running a node controller. Within Ubuntu, this "
7113
"generally means that the CPU has VT extensions, and can run the KVM "
7114
"hypervisor."
7115
msgstr ""
7116
7117
#: serverguide/C/virtualization.xml:2271(para)
7118
msgid ""
7119
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
7120
"on nodes which host the virtual machines that comprise the cloud. This "
7121
"service is provided by the Ubuntu package <application>eucalyptus-"
7122
"nc</application>."
7123
msgstr ""
7124
7125
#: serverguide/C/virtualization.xml:2277(para)
7126
msgid ""
7127
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
7128
"gigabyte persistent storage solution for EC2."
7129
msgstr ""
7130
7131
#: serverguide/C/virtualization.xml:2282(para)
7132
msgid ""
7133
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
7134
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
7135
"installation can have its own Storage Controller. This component is provided "
7136
"by the <application>eucalyptus-sc</application> package."
7137
msgstr ""
7138
7139
#: serverguide/C/virtualization.xml:2289(para)
7140
msgid ""
7141
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
7142
"solution, based on Eucalyptus."
7143
msgstr ""
7144
7145
#: serverguide/C/virtualization.xml:2294(para)
7146
msgid "<emphasis>VM</emphasis> - Virtual Machine."
7147
msgstr ""
7148
7149
#: serverguide/C/virtualization.xml:2299(para)
7150
msgid ""
7151
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
7152
"some modern CPUs, allowing for accelerated virtual machine hosting."
7153
msgstr ""
7154
7155
#: serverguide/C/virtualization.xml:2304(para)
7156
msgid ""
7157
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
7158
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
7159
"put/get abstractions."
7160
msgstr ""
7161
7162
#: serverguide/C/vcs.xml:13(title)
7163
msgid "Version Control System"
7164
msgstr "Система керування версіями"
7165
7166
#: serverguide/C/vcs.xml:14(para)
7167
msgid ""
7168
"Version control is the art of managing changes to information. It has long "
7169
"been a critical tool for programmers, who typically spend their time making "
7170
"small changes to software and then undoing those changes the next day. But "
7171
"the usefulness of version control software extends far beyond the bounds of "
7172
"the software development world. Anywhere you can find people using computers "
7173
"to manage information that changes often, there is room for version control."
7174
msgstr ""
7175
7176
#: serverguide/C/vcs.xml:17(title)
7177
msgid "Bazaar"
7178
msgstr "Bazaar"
7179
7180
#: serverguide/C/vcs.xml:18(para)
7181
msgid ""
7182
"Bazaar is a new version control system sponsored by Canonical, the "
7183
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
7184
"support a central repository model, Bazaar also supports "
7185
"<emphasis>distributed version control</emphasis>, giving people the ability "
7186
"to collaborate more efficiently. In particular, Bazaar is designed to "
7187
"maximize the level of community participation in open source projects."
7188
msgstr ""
7189
7190
#: serverguide/C/vcs.xml:29(para)
7191
msgid ""
7192
"At a terminal prompt, enter the following command to install "
7193
"<application>bzr</application>: <screen>\n"
7194
"<command>sudo apt-get install bzr</command>\n"
7195
"</screen>"
7196
msgstr ""
7197
7198
#: serverguide/C/vcs.xml:40(para)
7199
msgid ""
7200
"To introduce yourself to <application>bzr</application>, use the "
7201
"<emphasis>whoami</emphasis> command like this: <screen>\n"
7202
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
7203
"</screen>"
7204
msgstr ""
7205
7206
#: serverguide/C/vcs.xml:49(title)
7207
msgid "Learning Bazaar"
7208
msgstr ""
7209
7210
#: serverguide/C/vcs.xml:50(para)
7211
msgid ""
7212
"Bazaar comes with bundled documentation installed into "
7213
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
7214
"is a good place to start. The <application>bzr</application> command also "
7215
"comes with built-in help: <screen>\n"
7216
"<command>$ bzr help</command>\n"
7217
"</screen>"
7218
msgstr ""
7219
7220
#: serverguide/C/vcs.xml:60(para)
7221
msgid ""
7222
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
7223
"<command>$ bzr help foo</command>\n"
7224
"</screen>"
7225
msgstr ""
7226
7227
#: serverguide/C/vcs.xml:68(title)
7228
msgid "Launchpad Integration"
7229
msgstr ""
7230
7231
#: serverguide/C/vcs.xml:69(para)
7232
msgid ""
7233
"While highly useful as a stand-alone system, Bazaar has good, optional "
7234
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
7235
"the collaborative development system used by Canonical and the broader open "
7236
"source community to manage and extend Ubuntu itself. For information on how "
7237
"Bazaar can be used with Launchpad to collaborate on open source projects, "
7238
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
7239
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
7240
msgstr ""
7241
7242
#: serverguide/C/vcs.xml:81(title)
7243
msgid "Subversion"
7244
msgstr "Subversion"
7245
7246
#: serverguide/C/vcs.xml:82(para)
7247
msgid ""
7248
"Subversion is an open source version control system. Using Subversion, you "
7249
"can record the history of source files and documents. It manages files and "
7250
"directories over time. A tree of files is placed into a central repository. "
7251
"The repository is much like an ordinary file server, except that it "
7252
"remembers every change ever made to files and directories."
7253
msgstr ""
7254
7255
#: serverguide/C/vcs.xml:87(para)
7256
msgid ""
7257
"To access Subversion repository using the HTTP protocol, you must install "
7258
"and configure a web server. Apache2 is proven to work with Subversion. "
7259
"Please refer to the HTTP subsection in the Apache2 section to install and "
7260
"configure Apache2. To access the Subversion repository using the HTTPS "
7261
"protocol, you must install and configure a digital certificate in your "
7262
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
7263
"section to install and configure the digital certificate."
7264
msgstr ""
7265
7266
#: serverguide/C/vcs.xml:96(para)
7267
msgid ""
7268
"To install Subversion, run the following command from a terminal prompt:"
7269
msgstr ""
7270
7271
#: serverguide/C/vcs.xml:101(command)
7272
msgid "sudo apt-get install subversion libapache2-svn"
7273
msgstr ""
7274
7275
#: serverguide/C/vcs.xml:108(para)
7276
msgid ""
7277
"This step assumes you have installed above mentioned packages on your "
7278
"system. This section explains how to create a Subversion repository and "
7279
"access the project."
7280
msgstr ""
7281
7282
#: serverguide/C/vcs.xml:111(title)
7283
msgid "Create Subversion Repository"
7284
msgstr ""
7285
7286
#: serverguide/C/vcs.xml:112(para)
7287
msgid ""
7288
"The Subversion repository can be created using the following command from a "
7289
"terminal prompt:"
7290
msgstr ""
7291
7292
#: serverguide/C/vcs.xml:116(command)
7293
msgid "svnadmin create /path/to/repos/project"
7294
msgstr ""
7295
7296
#: serverguide/C/vcs.xml:121(title)
7297
msgid "Importing Files"
7298
msgstr ""
7299
7300
#: serverguide/C/vcs.xml:122(para)
7301
msgid ""
7302
"Once you create the repository you can <emphasis>import</emphasis> files "
7303
"into the repository. To import a directory, enter the following from a "
7304
"terminal prompt: <screen>\n"
7305
"<command>svn import /path/to/import/directory "
7306
"file:///path/to/repos/project</command>\n"
7307
"</screen>"
7308
msgstr ""
7309
7310
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
7311
msgid "Access Methods"
7312
msgstr ""
7313
7314
#: serverguide/C/vcs.xml:135(para)
7315
msgid ""
7316
"Subversion repositories can be accessed (checked out) through many different "
7317
"methods --on local disk, or through various network protocols. A repository "
7318
"location, however, is always a URL. The table describes how different URL "
7319
"schemes map to the available access methods."
7320
msgstr ""
7321
7322
#: serverguide/C/vcs.xml:146(para)
7323
msgid "Schema"
7324
msgstr "Схема"
7325
7326
#: serverguide/C/vcs.xml:147(para)
7327
msgid "Access Method"
7328
msgstr "Спосіб доступу"
7329
7330
#: serverguide/C/vcs.xml:152(para)
7331
msgid "file://"
7332
msgstr "file://"
7333
7334
#: serverguide/C/vcs.xml:153(para)
7335
msgid "direct repository access (on local disk)"
7336
msgstr ""
7337
7338
#: serverguide/C/vcs.xml:156(para)
7339
msgid "http://"
7340
msgstr "http://"
7341
7342
#: serverguide/C/vcs.xml:157(para)
7343
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
7344
msgstr ""
7345
7346
#: serverguide/C/vcs.xml:160(para)
7347
msgid "https://"
7348
msgstr "https://"
7349
7350
#: serverguide/C/vcs.xml:161(para)
7351
msgid "Same as http://, but with SSL encryption"
7352
msgstr ""
7353
7354
#: serverguide/C/vcs.xml:164(para)
7355
msgid "svn://"
7356
msgstr "svn://"
7357
7358
#: serverguide/C/vcs.xml:165(para)
7359
msgid "Access via custom protocol to an svnserve server"
7360
msgstr ""
7361
7362
#: serverguide/C/vcs.xml:168(para)
7363
msgid "svn+ssh://"
7364
msgstr "svn+ssh://"
7365
7366
#: serverguide/C/vcs.xml:169(para)
7367
msgid "Same as svn://, but through an SSH tunnel"
7368
msgstr ""
7369
7370
#: serverguide/C/vcs.xml:175(para)
7371
msgid ""
7372
"In this section, we will see how to configure Subversion for all these "
7373
"access methods. Here, we cover the basics. For more advanced usage details, "
7374
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
7375
msgstr ""
7376
7377
#: serverguide/C/vcs.xml:182(title)
7378
msgid "Direct repository access (file://)"
7379
msgstr ""
7380
7381
#: serverguide/C/vcs.xml:183(para)
7382
msgid ""
7383
"This is the simplest of all access methods. It does not require any "
7384
"Subversion server process to be running. This access method is used to "
7385
"access Subversion from the same machine. The syntax of the command, entered "
7386
"at a terminal prompt, is as follows:"
7387
msgstr ""
7388
7389
#: serverguide/C/vcs.xml:190(command)
7390
msgid "svn co file:///path/to/repos/project"
7391
msgstr ""
7392
7393
#: serverguide/C/vcs.xml:193(para)
7394
msgid "or"
7395
msgstr "або"
7396
7397
#: serverguide/C/vcs.xml:196(command)
7398
msgid "svn co file://localhost/path/to/repos/project"
7399
msgstr ""
7400
7401
#: serverguide/C/vcs.xml:200(para)
7402
msgid ""
7403
"If you do not specify the hostname, there are three forward slashes (///) -- "
7404
"two for the protocol (file, in this case) plus the leading slash in the "
7405
"path. If you specify the hostname, you must use two forward slashes (//)."
7406
msgstr ""
7407
7408
#: serverguide/C/vcs.xml:202(para)
7409
msgid ""
7410
"The repository permissions depend on filesystem permissions. If the user has "
7411
"read/write permission, he can checkout from and commit to the repository."
7412
msgstr ""
7413
7414
#: serverguide/C/vcs.xml:205(title)
7415
msgid "Access via WebDAV protocol (http://)"
7416
msgstr ""
7417
7418
#: serverguide/C/vcs.xml:206(para)
7419
msgid ""
7420
"To access the Subversion repository via WebDAV protocol, you must configure "
7421
"your Apache 2 web server. Add the following snippet between the "
7422
"<emphasis><VirtualHost></emphasis> and "
7423
"<emphasis></VirtualHost></emphasis> elements in "
7424
"<filename>/etc/apache2/sites-available/default</filename>, or another "
7425
"VirtualHost file:"
7426
msgstr ""
7427
7428
#: serverguide/C/vcs.xml:212(programlisting)
7429
#, no-wrap
7430
msgid ""
7431
"\n"
7432
" <Location /svn>\n"
7433
" DAV svn\n"
7434
" SVNPath /home/svn\n"
7435
" AuthType Basic\n"
7436
" AuthName \"Your repository name\"\n"
7437
" AuthUserFile /etc/subversion/passwd\n"
7438
" Require valid-user\n"
7439
" </Location> \n"
7440
msgstr ""
7441
7442
#: serverguide/C/vcs.xml:223(para)
7443
msgid ""
7444
"The above configuration snippet assumes that Subversion repositories are "
7445
"created under <filename>/home/svn/</filename> directory using "
7446
"<command>svnadmin</command> command. They can be accessible using "
7447
"<command>http://hostname/svn/repos_name</command> url."
7448
msgstr ""
7449
7450
#: serverguide/C/vcs.xml:229(para)
7451
msgid ""
7452
"To import or commit files to your Subversion repository over HTTP, the "
7453
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
7454
"HTTP user is <command>www-data</command>. To change the ownership of the "
7455
"repository files enter the following command from terminal prompt:"
7456
msgstr ""
7457
7458
#: serverguide/C/vcs.xml:238(command)
7459
msgid "sudo chown -R www-data:www-data /path/to/repos"
7460
msgstr ""
7461
7462
#: serverguide/C/vcs.xml:241(para)
7463
msgid ""
7464
"By changing the ownership of repository as <command>www-data</command> you "
7465
"will not be able to import or commit files into the repository by running "
7466
"<command>svn import file:///</command> command as any user other than "
7467
"<command>www-data</command>."
7468
msgstr ""
7469
7470
#: serverguide/C/vcs.xml:250(para)
7471
msgid ""
7472
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
7473
"that will contain user authentication details. To create a file issue the "
7474
"following command at a command prompt (which will create the file and add "
7475
"the first user):"
7476
msgstr ""
7477
7478
#: serverguide/C/vcs.xml:256(command)
7479
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
7480
msgstr ""
7481
7482
#: serverguide/C/vcs.xml:259(para)
7483
msgid ""
7484
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
7485
"option replaces the old file. Instead use this form:"
7486
msgstr ""
7487
7488
#: serverguide/C/vcs.xml:264(command)
7489
msgid "sudo htpasswd /etc/subversion/password user_name"
7490
msgstr ""
7491
7492
#: serverguide/C/vcs.xml:268(para)
7493
msgid ""
7494
"This command will prompt you to enter the password. Once you enter the "
7495
"password, the user is added. Now, to access the repository you can run the "
7496
"following command:"
7497
msgstr ""
7498
7499
#: serverguide/C/vcs.xml:269(command)
7500
msgid "svn co http://servername/svn"
7501
msgstr ""
7502
7503
#: serverguide/C/vcs.xml:271(para)
7504
msgid ""
7505
"The password is transmitted as plain text. If you are worried about password "
7506
"snooping, you are advised to use SSL encryption. For details, please refer "
7507
"next section."
7508
msgstr ""
7509
7510
#: serverguide/C/vcs.xml:277(title)
7511
msgid "Access via WebDAV protocol with SSL encryption (https://)"
7512
msgstr ""
7513
7514
#: serverguide/C/vcs.xml:278(para)
7515
msgid ""
7516
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
7517
"(https://) is similar to http:// except that you must install and configure "
7518
"the digital certificate in your Apache2 web server. To use SSL with "
7519
"Subversion add the above Apache2 configuration to "
7520
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
7521
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
7522
"configuration\"/>."
7523
msgstr ""
7524
7525
#: serverguide/C/vcs.xml:287(para)
7526
msgid ""
7527
"You can install a digital certificate issued by a signing authority. "
7528
"Alternatively, you can install your own self-signed certificate."
7529
msgstr ""
7530
7531
#: serverguide/C/vcs.xml:292(para)
7532
msgid ""
7533
"This step assumes you have installed and configured a digital certificate in "
7534
"your Apache 2 web server. Now, to access the Subversion repository, please "
7535
"refer to the above section! The access methods are exactly the same, except "
7536
"the protocol. You must use https:// to access the Subversion repository."
7537
msgstr ""
7538
7539
#: serverguide/C/vcs.xml:302(title)
7540
msgid "Access via custom protocol (svn://)"
7541
msgstr ""
7542
7543
#: serverguide/C/vcs.xml:303(para)
7544
msgid ""
7545
"Once the Subversion repository is created, you can configure the access "
7546
"control. You can edit the <filename> "
7547
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
7548
"access control. For example, to set up authentication, you can uncomment the "
7549
"following lines in the configuration file:"
7550
msgstr ""
7551
7552
#: serverguide/C/vcs.xml:310(programlisting)
7553
#, no-wrap
7554
msgid ""
7555
"# [general]\n"
7556
"# password-db = passwd"
7557
msgstr ""
7558
7559
#: serverguide/C/vcs.xml:313(para)
7560
msgid ""
7561
"After uncommenting the above lines, you can maintain the user list in the "
7562
"passwd file. So, edit the file <filename>passwd </filename> in the same "
7563
"directory and add the new user. The syntax is as follows:"
7564
msgstr ""
7565
7566
#: serverguide/C/vcs.xml:319(programlisting)
7567
#, no-wrap
7568
msgid "username = password"
7569
msgstr ""
7570
7571
#: serverguide/C/vcs.xml:320(para)
7572
msgid "For more details, please refer to the file."
7573
msgstr ""
7574
7575
#: serverguide/C/vcs.xml:324(para)
7576
msgid ""
7577
"Now, to access Subversion via the svn:// custom protocol, either from the "
7578
"same machine or a different machine, you can run svnserver using svnserve "
7579
"command. The syntax is as follows:"
7580
msgstr ""
7581
7582
#: serverguide/C/vcs.xml:329(programlisting)
7583
#, no-wrap
7584
msgid ""
7585
"$ svnserve -d --foreground -r /path/to/repos\n"
7586
"# -d -- daemon mode\n"
7587
"# --foreground -- run in foreground (useful for debugging)\n"
7588
"# -r -- root of directory to serve\n"
7589
"\n"
7590
"For more usage details, please refer to:\n"
7591
"$ svnserve --help"
7592
msgstr ""
7593
7594
#: serverguide/C/vcs.xml:337(para)
7595
msgid ""
7596
"Once you run this command, Subversion starts listening on default port "
7597
"(3690). To access the project repository, you must run the following command "
7598
"from a terminal prompt:"
7599
msgstr ""
7600
7601
#: serverguide/C/vcs.xml:340(command)
7602
msgid "svn co svn://hostname/project project --username user_name"
7603
msgstr ""
7604
7605
#: serverguide/C/vcs.xml:343(para)
7606
msgid ""
7607
"Based on server configuration, it prompts for password. Once you are "
7608
"authenticated, it checks out the code from Subversion repository. To "
7609
"synchronize the project repository with the local copy, you can run the "
7610
"<command>update</command> sub-command. The syntax of the command, entered at "
7611
"a terminal prompt, is as follows:"
7612
msgstr ""
7613
7614
#: serverguide/C/vcs.xml:351(command)
7615
msgid "cd project_dir ; svn update"
7616
msgstr ""
7617
7618
#: serverguide/C/vcs.xml:354(para)
7619
msgid ""
7620
"For more details about using each Subversion sub-command, you can refer to "
7621
"the manual. For example, to learn more about the co (checkout) command, "
7622
"please run the following command from a terminal prompt:"
7623
msgstr ""
7624
7625
#: serverguide/C/vcs.xml:358(command)
7626
msgid "svn co help"
7627
msgstr ""
7628
7629
#: serverguide/C/vcs.xml:362(title)
7630
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
7631
msgstr ""
7632
7633
#: serverguide/C/vcs.xml:363(para)
7634
msgid ""
7635
"The configuration and server process is same as in the svn:// method. For "
7636
"details, please refer to the above section. This step assumes you have "
7637
"followed the above step and started the Subversion server using "
7638
"<application>svnserve</application> command."
7639
msgstr ""
7640
7641
#: serverguide/C/vcs.xml:369(para)
7642
msgid ""
7643
"It is also assumed that the ssh server is running on that machine and that "
7644
"it is allowing incoming connections. To confirm, please try to login to that "
7645
"machine using ssh. If you can login, everything is perfect. If you cannot "
7646
"login, please address it before continuing further."
7647
msgstr ""
7648
7649
#: serverguide/C/vcs.xml:375(para)
7650
msgid ""
7651
"The svn+ssh:// protocol is used to access the Subversion repository using "
7652
"SSL encryption. The data transfer is encrypted using this method. To access "
7653
"the project repository (for example with a checkout), you must use the "
7654
"following command syntax:"
7655
msgstr ""
7656
7657
#: serverguide/C/vcs.xml:382(command)
7658
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
7659
msgstr ""
7660
7661
#: serverguide/C/vcs.xml:386(para)
7662
msgid ""
7663
"You must use the full path (/path/to/repos/project) to access the Subversion "
7664
"repository using this access method."
7665
msgstr ""
7666
7667
#: serverguide/C/vcs.xml:389(para)
7668
msgid ""
7669
"Based on server configuration, it prompts for password. You must enter the "
7670
"password you use to login via ssh. Once you are authenticated, it checks out "
7671
"the code from the Subversion repository."
7672
msgstr ""
7673
7674
#: serverguide/C/vcs.xml:399(title)
7675
msgid "CVS Server"
7676
msgstr ""
7677
7678
#: serverguide/C/vcs.xml:400(para)
7679
msgid ""
7680
"CVS is a version control system. You can use it to record the history of "
7681
"source files."
7682
msgstr ""
7683
7684
#: serverguide/C/vcs.xml:406(para)
7685
msgid ""
7686
"To install <application>CVS</application>, run the following command from a "
7687
"terminal prompt: <screen>\n"
7688
"<command>sudo apt-get install cvs</command>\n"
7689
"</screen> After you install <application>cvs</application>, you should "
7690
"install <application>xinetd</application> to start/stop the cvs server. At "
7691
"the prompt, enter the following command to install "
7692
"<application>xinetd</application>: <screen>\n"
7693
"<command>sudo apt-get install xinetd</command>\n"
7694
"</screen>"
7695
msgstr ""
7696
7697
#: serverguide/C/vcs.xml:439(programlisting)
7698
#, no-wrap
7699
msgid ""
7700
"\n"
7701
"service cvspserver\n"
7702
"{\n"
7703
" port = 2401\n"
7704
" socket_type = stream\n"
7705
" protocol = tcp\n"
7706
" user = root\n"
7707
" wait = no\n"
7708
" type = UNLISTED\n"
7709
" server = /usr/bin/cvs\n"
7710
" server_args = -f --allow-root /var/lib/cvs pserver\n"
7711
" disable = no\n"
7712
"}\n"
7713
msgstr ""
7714
7715
#: serverguide/C/vcs.xml:455(para)
7716
msgid ""
7717
"Be sure to edit the repository if you have changed the default repository "
7718
"(<application>/var/lib/cvs</application>) directory."
7719
msgstr ""
7720
7721
#: serverguide/C/vcs.xml:424(para)
7722
msgid ""
7723
"Once you install cvs, the repository will be automatically initialized. By "
7724
"default, the repository resides under the "
7725
"<application>/var/lib/cvs</application> directory. You can change this path "
7726
"by running following command: <screen>\n"
7727
"<command>cvs -d /your/new/cvs/repo init</command>\n"
7728
"</screen> Once the initial repository is set up, you can configure "
7729
"<application>xinetd</application> to start the CVS server. You can copy the "
7730
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
7731
"<placeholder-1/><placeholder-2/> Once you have configured "
7732
"<application>xinetd</application> you can start the cvs server by running "
7733
"following command: <screen>\n"
7734
"<command>sudo /etc/init.d/xinetd restart</command>\n"
7735
"</screen>"
7736
msgstr ""
7737
7738
#: serverguide/C/vcs.xml:468(para)
7739
msgid ""
7740
"You can confirm that the CVS server is running by issuing the following "
7741
"command:"
7742
msgstr ""
7743
7744
#: serverguide/C/vcs.xml:475(command)
7745
msgid "sudo netstat -tap | grep cvs"
7746
msgstr ""
7747
7748
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
7749
msgid ""
7750
"When you run this command, you should see the following line or something "
7751
"similar:"
7752
msgstr ""
7753
7754
#: serverguide/C/vcs.xml:484(programlisting)
7755
#, no-wrap
7756
msgid ""
7757
"\n"
7758
"tcp 0 0 *:cvspserver *:* LISTEN \n"
7759
msgstr ""
7760
7761
#: serverguide/C/vcs.xml:488(para)
7762
msgid ""
7763
"From here you can continue to add users, add new projects, and manage the "
7764
"CVS server."
7765
msgstr ""
7766
7767
#: serverguide/C/vcs.xml:493(para)
7768
msgid ""
7769
"CVS allows the user to add users independently of the underlying OS "
7770
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7771
"although it has potential security issues. Please refer to the CVS manual "
7772
"for details."
7773
msgstr ""
7774
7775
#: serverguide/C/vcs.xml:503(title)
7776
msgid "Add Projects"
7777
msgstr ""
7778
7779
#: serverguide/C/vcs.xml:515(para)
7780
msgid ""
7781
"You can use the CVSROOT environment variable to store the CVS root "
7782
"directory. Once you export the CVSROOT environment variable, you can avoid "
7783
"using -d option in the above cvs command."
7784
msgstr ""
7785
7786
#: serverguide/C/vcs.xml:527(para)
7787
msgid ""
7788
"When you add a new project, the CVS user you use must have write access to "
7789
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7790
"the <application>src</application> group has write access to the CVS "
7791
"repository. So, you can add the user to this group, and he can then add and "
7792
"manage projects in the CVS repository."
7793
msgstr ""
7794
7795
#: serverguide/C/vcs.xml:504(para)
7796
msgid ""
7797
"This section explains how to add new project to the CVS repository. Create "
7798
"the directory and add necessary document and source files to the directory. "
7799
"Now, run the following command to add this project to CVS repository: "
7800
"<screen>\n"
7801
"<command>cd your/project</command>\n"
7802
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7803
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7804
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7805
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7806
"purpose in this context, but since CVS requires them, they must be present. "
7807
"<placeholder-2/>"
7808
msgstr ""
7809
7810
#: serverguide/C/vcs.xml:540(ulink)
7811
msgid "Bazaar Home Page"
7812
msgstr ""
7813
7814
#: serverguide/C/vcs.xml:541(ulink)
7815
msgid "Launchpad"
7816
msgstr "Launchpad"
7817
7818
#: serverguide/C/vcs.xml:542(ulink)
7819
msgid "Subversion Home Page"
7820
msgstr ""
7821
7822
#: serverguide/C/vcs.xml:543(ulink)
7823
msgid "Subversion Book"
7824
msgstr ""
7825
7826
#: serverguide/C/vcs.xml:545(ulink)
7827
msgid "CVS Manual"
7828
msgstr "Посібник з CVS"
7829
7830
#: serverguide/C/vcs.xml:546(ulink)
7831
msgid "Easy Bazaar Ubuntu Wiki page"
7832
msgstr ""
7833
7834
#: serverguide/C/vcs.xml:547(ulink)
7835
msgid "Ubuntu Wiki Subversion page"
7836
msgstr ""
7837
7838
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7839
msgid "Credits and License"
7840
msgstr "Подяки і ліцензія"
7841
7842
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7843
msgid ""
7844
"This document is maintained by the Ubuntu documentation team "
7845
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7846
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7847
msgstr ""
7848
"Супровід цього документа здійснюється командою з документування Ubuntu "
7849
"(https://wiki.ubuntu.com/DocumentationTeam). Список авторів наведено на "
7850
"<ulink url=\"../../libs/C/contributors.xml\">сторінці учасників створення "
7851
"документації</ulink>"
7852
7853
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7854
msgid ""
7855
"This document is made available under the Creative Commons ShareAlike 2.5 "
7856
"License (CC-BY-SA)."
7857
msgstr ""
7858
"Цей документ розповсюджується за ліцензією Creative Commons ShareAlike 2.5 "
7859
"(CC-BY-SA)."
7860
7861
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7862
msgid ""
7863
"You are free to modify, extend, and improve the Ubuntu documentation source "
7864
"code under the terms of this license. All derivative works must be released "
7865
"under this license."
7866
msgstr ""
7867
"Згідно з умовами ліцензії не передбачено обмежень на зміну, розширення та "
7868
"вдосконалення коду документації Ubuntu. Будь-який похідний код має бути "
7869
"випущено за умов дотримання цієї ліцензії."
7870
7871
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7872
msgid ""
7873
"This documentation is distributed in the hope that it will be useful, but "
7874
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7875
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7876
msgstr ""
7877
"Ця документація розповсюджується з надією, що вона буде корисною, але БЕЗ "
7878
"ЖОДНИХ ГАРАНТІЙ; навіть без потенційної гарантії ПРИДАТНОСТІ ДЛЯ "
7879
"ВИКОРИСТАННЯ або ПРИДАТНОСТІ ДЛЯ СПЕЦИФІЧНИХ ЦІЛЕЙ, ЯК ЦЕ ОПИСАНО У ВІДМОВІ "
7880
"ВІД ВІДПОВІДАЛЬНОСТІ."
7881
7882
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7883
msgid ""
7884
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7885
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7886
msgstr ""
7887
"Копію ліцензійної угоди щодо документації розташовано на сторінці <ulink "
7888
"url=\"help:/kubuntu/copyright.html\">Creative Commons ShareAlike "
7889
"License</ulink>."
7890
7891
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7892
msgid "2010"
7893
msgstr ""
7894
7895
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7896
msgid "Ubuntu Documentation Project"
7897
msgstr "Проекту з документування Ubuntu"
7898
7899
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7900
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7901
msgstr "Canonical Ltd. та учасники <placeholder-1/>"
7902
7903
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7904
msgid "The Ubuntu Documentation Project"
7905
msgstr "Проект з документування Ubuntu"
7906
7907
#: serverguide/C/serverguide.xml:17(para)
7908
msgid ""
7909
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7910
"information on how to install and configure various server applications on "
7911
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7912
"guide for configuring and customizing your system."
7913
msgstr ""
7914
7915
#: serverguide/C/security.xml:13(title)
7916
msgid "Security"
7917
msgstr "Безпека"
7918
7919
#: serverguide/C/security.xml:14(para)
7920
msgid ""
7921
"Security should always be considered when installing, deploying, and using "
7922
"any type of computer system. Although a fresh installation of Ubuntu is "
7923
"relatively safe for immediate use on the Internet, it is important to have a "
7924
"balanced understanding of your systems security posture based on how it will "
7925
"be used after deployment."
7926
msgstr ""
7927
7928
#: serverguide/C/security.xml:17(para)
7929
msgid ""
7930
"This chapter provides an overview of security related topics as they pertain "
7931
"to Ubuntu 10.10 Server Edition, and outlines simple measures you may use to "
7932
"protect your server and network from any number of potential security "
7933
"threats."
7934
msgstr ""
7935
7936
#: serverguide/C/security.xml:21(title)
7937
msgid "User Management"
7938
msgstr "Керування користувачами"
7939
7940
#: serverguide/C/security.xml:22(para)
7941
msgid ""
7942
"User management is a critical part of maintaining a secure system. "
7943
"Ineffective user and privilege management often lead many systems into being "
7944
"compromised. Therefore, it is important that you understand how you can "
7945
"protect your server through simple and effective user account management "
7946
"techniques."
7947
msgstr ""
7948
7949
#: serverguide/C/security.xml:26(title)
7950
msgid "Where is root?"
7951
msgstr ""
7952
7953
#: serverguide/C/security.xml:27(para)
7954
msgid ""
7955
"Ubuntu developers made a conscientious decision to disable the "
7956
"administrative root account by default in all Ubuntu installations. This "
7957
"does not mean that the root account has been deleted or that it may not be "
7958
"accessed. It merely has been given a password which matches no possible "
7959
"encrypted value, therefore may not log in directly by itself."
7960
msgstr ""
7961
7962
#: serverguide/C/security.xml:30(para)
7963
msgid ""
7964
"Instead, users are encouraged to make use of a tool by the name of "
7965
"<application>sudo</application> to carry out system administrative duties. "
7966
"<application>Sudo</application> allows an authorized user to temporarily "
7967
"elevate their privileges using their own password instead of having to know "
7968
"the password belonging to the root account. This simple yet effective "
7969
"methodology provides accountability for all user actions, and gives the "
7970
"administrator granular control over which actions a user can perform with "
7971
"said privileges."
7972
msgstr ""
7973
7974
#: serverguide/C/security.xml:35(para)
7975
msgid ""
7976
"If for some reason you wish to enable the root account, simply give it a "
7977
"password:"
7978
msgstr ""
7979
7980
#: serverguide/C/security.xml:39(command)
7981
msgid "sudo passwd"
7982
msgstr ""
7983
7984
#: serverguide/C/security.xml:41(para)
7985
msgid ""
7986
"Sudo will prompt you for your password, and then ask you to supply a new "
7987
"password for root as shown below:"
7988
msgstr ""
7989
7990
#: serverguide/C/security.xml:44(userinput)
7991
#, no-wrap
7992
msgid "(enter your own password)"
7993
msgstr ""
7994
7995
#: serverguide/C/security.xml:45(userinput)
7996
#, no-wrap
7997
msgid "(enter a new password for root)"
7998
msgstr ""
7999
8000
#: serverguide/C/security.xml:46(userinput)
8001
#, no-wrap
8002
msgid "(repeat new password for root)"
8003
msgstr ""
8004
8005
#: serverguide/C/security.xml:44(computeroutput)
8006
#, no-wrap
8007
msgid ""
8008
"[sudo] password for username: <placeholder-1/>\n"
8009
"Enter new UNIX password: <placeholder-2/>\n"
8010
"Retype new UNIX password: <placeholder-3/>\n"
8011
"passwd: password updated successfully"
8012
msgstr ""
8013
8014
#: serverguide/C/security.xml:51(para)
8015
msgid "To disable the root account, use the following passwd syntax:"
8016
msgstr ""
8017
8018
#: serverguide/C/security.xml:55(command)
8019
msgid "sudo passwd -l root"
8020
msgstr ""
8021
8022
#: serverguide/C/security.xml:59(para)
8023
msgid ""
8024
"You should read more on <application>Sudo</application> by checking out it's "
8025
"man page:"
8026
msgstr ""
8027
8028
#: serverguide/C/security.xml:63(command)
8029
msgid "man sudo"
8030
msgstr ""
8031
8032
#: serverguide/C/security.xml:67(para)
8033
msgid ""
8034
"By default, the initial user created by the Ubuntu installer is a member of "
8035
"the group \"admin\" which is added to the file "
8036
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
8037
"give any other account full root access through "
8038
"<application>sudo</application>, simply add them to the admin group."
8039
msgstr ""
8040
8041
#: serverguide/C/security.xml:73(title)
8042
msgid "Adding and Deleting Users"
8043
msgstr ""
8044
8045
#: serverguide/C/security.xml:74(para)
8046
msgid ""
8047
"The process for managing local users and groups is straight forward and "
8048
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
8049
"other Debian based distributions, encourage the use of the \"adduser\" "
8050
"package for account management."
8051
msgstr ""
8052
8053
#: serverguide/C/security.xml:79(para)
8054
msgid ""
8055
"To add a user account, use the following syntax, and follow the prompts to "
8056
"give the account a password and identifiable characteristics such as a full "
8057
"name, phone number, etc."
8058
msgstr ""
8059
8060
#: serverguide/C/security.xml:83(command)
8061
msgid "sudo adduser username"
8062
msgstr ""
8063
8064
#: serverguide/C/security.xml:87(para)
8065
msgid ""
8066
"To delete a user account and its primary group, use the following syntax:"
8067
msgstr ""
8068
8069
#: serverguide/C/security.xml:91(command)
8070
msgid "sudo deluser username"
8071
msgstr ""
8072
8073
#: serverguide/C/security.xml:93(para)
8074
msgid ""
8075
"Deleting an account does not remove their respective home folder. It is up "
8076
"to you whether or not you wish to delete the folder manually or keep it "
8077
"according to your desired retention policies."
8078
msgstr ""
8079
8080
#: serverguide/C/security.xml:96(para)
8081
msgid ""
8082
"Remember, any user added later on with the same UID/GID as the previous "
8083
"owner will now have access to this folder if you have not taken the "
8084
"necessary precautions."
8085
msgstr ""
8086
8087
#: serverguide/C/security.xml:99(para)
8088
msgid ""
8089
"You may want to change these UID/GID values to something more appropriate, "
8090
"such as the root account, and perhaps even relocate the folder to avoid "
8091
"future conflicts:"
8092
msgstr ""
8093
8094
#: serverguide/C/security.xml:103(command)
8095
msgid "sudo chown -R root:root /home/username/"
8096
msgstr ""
8097
8098
#: serverguide/C/security.xml:104(command)
8099
msgid "sudo mkdir /home/archived_users/"
8100
msgstr ""
8101
8102
#: serverguide/C/security.xml:105(command)
8103
msgid "sudo mv /home/username /home/archived_users/"
8104
msgstr ""
8105
8106
#: serverguide/C/security.xml:109(para)
8107
msgid ""
8108
"To temporarily lock or unlock a user account, use the following syntax, "
8109
"respectively:"
8110
msgstr ""
8111
8112
#: serverguide/C/security.xml:113(command)
8113
msgid "sudo passwd -l username"
8114
msgstr ""
8115
8116
#: serverguide/C/security.xml:114(command)
8117
msgid "sudo passwd -u username"
8118
msgstr ""
8119
8120
#: serverguide/C/security.xml:118(para)
8121
msgid ""
8122
"To add or delete a personalized group, use the following syntax, "
8123
"respectively:"
8124
msgstr ""
8125
8126
#: serverguide/C/security.xml:122(command)
8127
msgid "sudo addgroup groupname"
8128
msgstr ""
8129
8130
#: serverguide/C/security.xml:123(command)
8131
msgid "sudo delgroup groupname"
8132
msgstr ""
8133
8134
#: serverguide/C/security.xml:127(para)
8135
msgid "To add a user to a group, use the following syntax:"
8136
msgstr ""
8137
8138
#: serverguide/C/security.xml:131(command)
8139
msgid "sudo adduser username groupname"
8140
msgstr ""
8141
8142
#: serverguide/C/security.xml:138(title)
8143
msgid "User Profile Security"
8144
msgstr ""
8145
8146
#: serverguide/C/security.xml:139(para)
8147
msgid ""
8148
"When a new user is created, the adduser utility creates a brand new home "
8149
"directory named <filename class=\"directory\">/home/username</filename>, "
8150
"respectively. The default profile is modeled after the contents found in the "
8151
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
8152
"includes all profile basics."
8153
msgstr ""
8154
8155
#: serverguide/C/security.xml:142(para)
8156
msgid ""
8157
"If your server will be home to multiple users, you should pay close "
8158
"attention to the user home directory permissions to ensure confidentiality. "
8159
"By default, user home directories in Ubuntu are created with world "
8160
"read/execute permissions. This means that all users can browse and access "
8161
"the contents of other users home directories. This may not be suitable for "
8162
"your environment."
8163
msgstr ""
8164
8165
#: serverguide/C/security.xml:147(para)
8166
msgid ""
8167
"To verify your current users home directory permissions, use the following "
8168
"syntax:"
8169
msgstr ""
8170
8171
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
8172
msgid "ls -ld /home/username"
8173
msgstr ""
8174
8175
#: serverguide/C/security.xml:153(para)
8176
msgid ""
8177
"The following output shows that the directory <filename "
8178
"class=\"directory\">/home/username</filename> has world readable permissions:"
8179
msgstr ""
8180
8181
#: serverguide/C/security.xml:156(computeroutput)
8182
#, no-wrap
8183
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
8184
msgstr ""
8185
8186
#: serverguide/C/security.xml:160(para)
8187
msgid ""
8188
"You can remove the world readable permissions using the following syntax:"
8189
msgstr ""
8190
8191
#: serverguide/C/security.xml:164(command)
8192
msgid "sudo chmod 0750 /home/username"
8193
msgstr ""
8194
8195
#: serverguide/C/security.xml:167(para)
8196
msgid ""
8197
"Some people tend to use the recursive option (-R) indiscriminately which "
8198
"modifies all child folders and files, but this is not necessary, and may "
8199
"yield other undesirable results. The parent directory alone is sufficient "
8200
"for preventing unauthorized access to anything below the parent."
8201
msgstr ""
8202
8203
#: serverguide/C/security.xml:171(para)
8204
msgid ""
8205
"A much more efficient approach to the matter would be to modify the "
8206
"<application>adduser</application> global default permissions when creating "
8207
"user home folders. Simply edit the file "
8208
"<filename>/etc/adduser.conf</filename> and modify the "
8209
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
8210
"new home directories will receive the correct permissions."
8211
msgstr ""
8212
8213
#: serverguide/C/security.xml:174(programlisting)
8214
#, no-wrap
8215
msgid ""
8216
"\n"
8217
"DIR_MODE=0750\n"
8218
msgstr ""
8219
8220
#: serverguide/C/security.xml:179(para)
8221
msgid ""
8222
"After correcting the directory permissions using any of the previously "
8223
"mentioned techniques, verify the results using the following syntax:"
8224
msgstr ""
8225
8226
#: serverguide/C/security.xml:185(para)
8227
msgid ""
8228
"The results below show that world readable permissions have been removed:"
8229
msgstr ""
8230
8231
#: serverguide/C/security.xml:188(computeroutput)
8232
#, no-wrap
8233
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
8234
msgstr ""
8235
8236
#: serverguide/C/security.xml:195(title)
8237
msgid "Password Policy"
8238
msgstr "Правила для паролів"
8239
8240
#: serverguide/C/security.xml:196(para)
8241
msgid ""
8242
"A strong password policy is one of the most important aspects of your "
8243
"security posture. Many successful security breaches involve simple brute "
8244
"force and dictionary attacks against weak passwords. If you intend to offer "
8245
"any form of remote access involving your local password system, make sure "
8246
"you adequately address minimum password complexity requirements, maximum "
8247
"password lifetimes, and frequent audits of your authentication systems."
8248
msgstr ""
8249
8250
#: serverguide/C/security.xml:200(title)
8251
msgid "Minimum Password Length"
8252
msgstr ""
8253
8254
#: serverguide/C/security.xml:201(para)
8255
msgid ""
8256
"By default, Ubuntu requires a minimum password length of 6 characters, as "
8257
"well as some basic entropy checks. These values are controlled in the file "
8258
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
8259
msgstr ""
8260
8261
#: serverguide/C/security.xml:204(programlisting)
8262
#, no-wrap
8263
msgid ""
8264
"\n"
8265
"password [success=2 default=ignore] pam_unix.so obscure sha512\n"
8266
msgstr ""
8267
8268
#: serverguide/C/security.xml:207(para)
8269
msgid ""
8270
"If you would like to adjust the minimum length to 8 characters, change the "
8271
"appropriate variable to min=8. The modification is outlined below."
8272
msgstr ""
8273
8274
#: serverguide/C/security.xml:210(programlisting)
8275
#, no-wrap
8276
msgid ""
8277
"\n"
8278
"password [success=2 default=ignore] pam_unix.so obscure sha512 "
8279
"min=8\n"
8280
msgstr ""
8281
8282
#: serverguide/C/security.xml:215(title)
8283
msgid "Password Expiration"
8284
msgstr ""
8285
8286
#: serverguide/C/security.xml:216(para)
8287
msgid ""
8288
"When creating user accounts, you should make it a policy to have a minimum "
8289
"and maximum password age forcing users to change their passwords when they "
8290
"expire."
8291
msgstr ""
8292
8293
#: serverguide/C/security.xml:221(para)
8294
msgid ""
8295
"To easily view the current status of a user account, use the following "
8296
"syntax:"
8297
msgstr ""
8298
8299
#: serverguide/C/security.xml:225(command) serverguide/C/security.xml:258(command)
8300
msgid "sudo chage -l username"
8301
msgstr ""
8302
8303
#: serverguide/C/security.xml:227(para)
8304
msgid ""
8305
"The output below shows interesting facts about the user account, namely that "
8306
"there are no policies applied:"
8307
msgstr ""
8308
8309
#: serverguide/C/security.xml:230(computeroutput)
8310
#, no-wrap
8311
msgid ""
8312
"Last password change : Jan 20, 2008\n"
8313
"Password expires : never\n"
8314
"Password inactive : never\n"
8315
"Account expires : never\n"
8316
"Minimum number of days between password change : 0\n"
8317
"Maximum number of days between password change : 99999\n"
8318
"Number of days of warning before password expires : 7"
8319
msgstr ""
8320
8321
#: serverguide/C/security.xml:240(para)
8322
msgid ""
8323
"To set any of these values, simply use the following syntax, and follow the "
8324
"interactive prompts:"
8325
msgstr ""
8326
8327
#: serverguide/C/security.xml:244(command)
8328
msgid "sudo chage username"
8329
msgstr ""
8330
8331
#: serverguide/C/security.xml:246(para)
8332
msgid ""
8333
"The following is also an example of how you can manually change the explicit "
8334
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
8335
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
8336
"password expiration, and a warning time period (-W) of 14 days before "
8337
"password expiration."
8338
msgstr ""
8339
8340
#: serverguide/C/security.xml:250(command)
8341
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
8342
msgstr ""
8343
8344
#: serverguide/C/security.xml:254(para)
8345
msgid "To verify changes, use the same syntax as mentioned previously:"
8346
msgstr ""
8347
8348
#: serverguide/C/security.xml:260(para)
8349
msgid ""
8350
"The output below shows the new policies that have been established for the "
8351
"account:"
8352
msgstr ""
8353
8354
#: serverguide/C/security.xml:263(computeroutput)
8355
#, no-wrap
8356
msgid ""
8357
"Last password change : Jan 20, 2008\n"
8358
"Password expires : Apr 19, 2008\n"
8359
"Password inactive : May 19, 2008\n"
8360
"Account expires : Jan 31, 2008\n"
8361
"Minimum number of days between password change : 5\n"
8362
"Maximum number of days between password change : 90\n"
8363
"Number of days of warning before password expires : 14"
8364
msgstr ""
8365
8366
#: serverguide/C/security.xml:279(title)
8367
msgid "Other Security Considerations"
8368
msgstr ""
8369
8370
#: serverguide/C/security.xml:280(para)
8371
msgid ""
8372
"Many applications use alternate authentication mechanisms that can be easily "
8373
"overlooked by even experienced system administrators. Therefore, it is "
8374
"important to understand and control how users authenticate and gain access "
8375
"to services and applications on your server."
8376
msgstr ""
8377
8378
#: serverguide/C/security.xml:285(title)
8379
msgid "SSH Access by Disabled Users"
8380
msgstr ""
8381
8382
#: serverguide/C/security.xml:286(para)
8383
msgid ""
8384
"Simply disabling/locking a user account will not prevent a user from logging "
8385
"into your server remotely if they have previously set up RSA public key "
8386
"authentication. They will still be able to gain shell access to the server, "
8387
"without the need for any password. Remember to check the users home "
8388
"directory for files that will allow for this type of authenticated SSH "
8389
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
8390
msgstr ""
8391
8392
#: serverguide/C/security.xml:289(para)
8393
msgid ""
8394
"Remove or rename the directory <filename "
8395
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
8396
"further SSH authentication capabilities."
8397
msgstr ""
8398
8399
#: serverguide/C/security.xml:292(para)
8400
msgid ""
8401
"Be sure to check for any established SSH connections by the disabled user, "
8402
"as it is possible they may have existing inbound or outbound connections. "
8403
"Kill any that are found."
8404
msgstr ""
8405
8406
#: serverguide/C/security.xml:295(para)
8407
msgid ""
8408
"Restrict SSH access to only user accounts that should have it. For example, "
8409
"you may create a group called \"sshlogin\" and add the group name as the "
8410
"value associated with the <varname>AllowGroups</varname> variable located in "
8411
"the file <filename>/etc/ssh/sshd_config</filename>."
8412
msgstr ""
8413
8414
#: serverguide/C/security.xml:298(programlisting)
8415
#, no-wrap
8416
msgid ""
8417
"\n"
8418
"AllowGroups sshlogin\n"
8419
msgstr ""
8420
8421
#: serverguide/C/security.xml:301(para)
8422
msgid ""
8423
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
8424
"SSH service."
8425
msgstr ""
8426
8427
#: serverguide/C/security.xml:305(command)
8428
msgid "sudo adduser username sshlogin"
8429
msgstr ""
8430
8431
#: serverguide/C/security.xml:306(command) serverguide/C/remote-administration.xml:149(command)
8432
msgid "sudo /etc/init.d/ssh restart"
8433
msgstr ""
8434
8435
#: serverguide/C/security.xml:310(title)
8436
msgid "External User Database Authentication"
8437
msgstr ""
8438
8439
#: serverguide/C/security.xml:311(para)
8440
msgid ""
8441
"Most enterprise networks require centralized authentication and access "
8442
"controls for all system resources. If you have configured your server to "
8443
"authenticate users against external databases, be sure to disable the user "
8444
"accounts both externally and locally, this way you ensure that local "
8445
"fallback authentication is not possible."
8446
msgstr ""
8447
8448
#: serverguide/C/security.xml:320(title)
8449
msgid "Console Security"
8450
msgstr ""
8451
8452
#: serverguide/C/security.xml:321(para)
8453
msgid ""
8454
"As with any other security barrier you put in place to protect your server, "
8455
"it is pretty tough to defend against untold damage caused by someone with "
8456
"physical access to your environment, for example, theft of hard drives, "
8457
"power or service disruption and so on. Therefore, console security should be "
8458
"addressed merely as one component of your overall physical security "
8459
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
8460
"very least slow down a determined one, so it is still advisable to perform "
8461
"basic precautions with regard to console security."
8462
msgstr ""
8463
8464
#: serverguide/C/security.xml:324(para)
8465
msgid ""
8466
"The following instructions will help defend your server against issues that "
8467
"could otherwise yield very serious consequences."
8468
msgstr ""
8469
8470
#: serverguide/C/security.xml:329(title)
8471
msgid "Disable Ctrl+Alt+Delete"
8472
msgstr ""
8473
8474
#: serverguide/C/security.xml:330(para)
8475
msgid ""
8476
"First and foremost, anyone that has physical access to the keyboard can "
8477
"simply use the "
8478
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8479
"eycombo> key combination to reboot the server without having to log on. "
8480
"Sure, someone could simply unplug the power source, but you should still "
8481
"prevent the use of this key combination on a production server. This forces "
8482
"an attacker to take more drastic measures to reboot the server, and will "
8483
"prevent accidental reboots at the same time."
8484
msgstr ""
8485
8486
#: serverguide/C/security.xml:335(para)
8487
msgid ""
8488
"To disable the reboot action taken by pressing the "
8489
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
8490
"eycombo> key combination, comment out the following line in the file "
8491
"<filename>/etc/init/control-alt-delete.conf</filename>."
8492
msgstr ""
8493
8494
#: serverguide/C/security.xml:338(programlisting)
8495
#, no-wrap
8496
msgid ""
8497
"\n"
8498
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
8499
msgstr ""
8500
8501
#: serverguide/C/security.xml:347(title)
8502
msgid "Firewall"
8503
msgstr "Захисний шлюз"
8504
8505
#: serverguide/C/security.xml:350(para)
8506
msgid ""
8507
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
8508
"which is used to manipulate or decide the fate of network traffic headed "
8509
"into or through your server. All modern Linux firewall solutions use this "
8510
"system for packet filtering."
8511
msgstr ""
8512
8513
#: serverguide/C/security.xml:355(para)
8514
msgid ""
8515
"The kernel's packet filtering system would be of little use to "
8516
"administrators without a userspace interface to manage it. This is the "
8517
"purpose of iptables. When a packet reaches your server, it will be handed "
8518
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
8519
"based on the rules supplied to it from userspace via iptables. Thus, "
8520
"iptables is all you need to manage your firewall if you're familiar with it, "
8521
"but many frontends are available to simplify the task."
8522
msgstr ""
8523
8524
#: serverguide/C/security.xml:365(title)
8525
msgid "ufw - Uncomplicated Firewall"
8526
msgstr ""
8527
8528
#: serverguide/C/security.xml:366(para)
8529
msgid ""
8530
"The default firewall configuration tool for Ubuntu is "
8531
"<application>ufw</application>. Developed to ease iptables firewall "
8532
"configuration, <application>ufw</application> provides a user friendly way "
8533
"to create an IPv4 or IPv6 host-based firewall."
8534
msgstr ""
8535
8536
#: serverguide/C/security.xml:370(para)
8537
msgid ""
8538
"<application>ufw</application> by default is initially disabled. From the "
8539
"<application>ufw</application> man page:"
8540
msgstr ""
8541
8542
#: serverguide/C/security.xml:374(quote)
8543
msgid ""
8544
"ufw is not intended to provide complete firewall functionality via its "
8545
"command interface, but instead provides an easy way to add or remove simple "
8546
"rules. It is currently mainly used for host-based firewalls."
8547
msgstr ""
8548
8549
#: serverguide/C/security.xml:378(para)
8550
msgid ""
8551
"The following are some examples of how to use <application>ufw</application>:"
8552
msgstr ""
8553
8554
#: serverguide/C/security.xml:383(para)
8555
msgid ""
8556
"First, <application>ufw</application> needs to be enabled. From a terminal "
8557
"prompt enter:"
8558
msgstr ""
8559
8560
#: serverguide/C/security.xml:387(command)
8561
msgid "sudo ufw enable"
8562
msgstr ""
8563
8564
#: serverguide/C/security.xml:391(para)
8565
msgid "To open a port (ssh in this example):"
8566
msgstr ""
8567
8568
#: serverguide/C/security.xml:395(command)
8569
msgid "sudo ufw allow 22"
8570
msgstr ""
8571
8572
#: serverguide/C/security.xml:399(para)
8573
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
8574
msgstr ""
8575
8576
#: serverguide/C/security.xml:403(command)
8577
msgid "sudo ufw insert 1 allow 80"
8578
msgstr ""
8579
8580
#: serverguide/C/security.xml:407(para)
8581
msgid "Similarly, to close an opened port:"
8582
msgstr ""
8583
8584
#: serverguide/C/security.xml:411(command)
8585
msgid "sudo ufw deny 22"
8586
msgstr ""
8587
8588
#: serverguide/C/security.xml:415(para)
8589
msgid "To remove a rule, use delete followed by the rule:"
8590
msgstr ""
8591
8592
#: serverguide/C/security.xml:419(command)
8593
msgid "sudo ufw delete deny 22"
8594
msgstr ""
8595
8596
#: serverguide/C/security.xml:423(para)
8597
msgid ""
8598
"It is also possible to allow access from specific hosts or networks to a "
8599
"port. The following example allows ssh access from host 192.168.0.2 to any "
8600
"ip address on this host:"
8601
msgstr ""
8602
8603
#: serverguide/C/security.xml:428(command)
8604
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
8605
msgstr ""
8606
8607
#: serverguide/C/security.xml:430(para)
8608
msgid ""
8609
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
8610
"subnet."
8611
msgstr ""
8612
8613
#: serverguide/C/security.xml:436(para)
8614
msgid ""
8615
"Adding the <emphasis>--dry-run</emphasis> option to a "
8616
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
8617
"apply them. For example, the following is what would be applied if opening "
8618
"the HTTP port:"
8619
msgstr ""
8620
8621
#: serverguide/C/security.xml:442(command)
8622
msgid "sudo ufw --dry-run allow http"
8623
msgstr ""
8624
8625
#: serverguide/C/security.xml:446(computeroutput)
8626
#, no-wrap
8627
msgid ""
8628
"*filter\n"
8629
":ufw-user-input - [0:0]\n"
8630
":ufw-user-output - [0:0]\n"
8631
":ufw-user-forward - [0:0]\n"
8632
":ufw-user-limit - [0:0]\n"
8633
":ufw-user-limit-accept - [0:0]\n"
8634
"### RULES ###\n"
8635
"\n"
8636
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
8637
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
8638
"\n"
8639
"### END RULES ###\n"
8640
"-A ufw-user-input -j RETURN\n"
8641
"-A ufw-user-output -j RETURN\n"
8642
"-A ufw-user-forward -j RETURN\n"
8643
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
8644
"LIMIT]: \"\n"
8645
"-A ufw-user-limit -j REJECT\n"
8646
"-A ufw-user-limit-accept -j ACCEPT\n"
8647
"COMMIT\n"
8648
"Rules updated"
8649
msgstr ""
8650
8651
#: serverguide/C/security.xml:470(para)
8652
msgid "<application>ufw</application> can be disabled by:"
8653
msgstr ""
8654
8655
#: serverguide/C/security.xml:474(command)
8656
msgid "sudo ufw disable"
8657
msgstr ""
8658
8659
#: serverguide/C/security.xml:478(para)
8660
msgid "To see the firewall status, enter:"
8661
msgstr ""
8662
8663
#: serverguide/C/security.xml:482(command)
8664
msgid "sudo ufw status"
8665
msgstr ""
8666
8667
#: serverguide/C/security.xml:486(para)
8668
msgid "And for more verbose status information use:"
8669
msgstr ""
8670
8671
#: serverguide/C/security.xml:490(command)
8672
msgid "sudo ufw status verbose"
8673
msgstr ""
8674
8675
#: serverguide/C/security.xml:494(para)
8676
msgid "To view the <emphasis>numbered</emphasis> format:"
8677
msgstr ""
8678
8679
#: serverguide/C/security.xml:498(command)
8680
msgid "sudo ufw status numbered"
8681
msgstr ""
8682
8683
#: serverguide/C/security.xml:503(para)
8684
msgid ""
8685
"If the port you want to open or close is defined in "
8686
"<filename>/etc/services</filename>, you can use the port name instead of the "
8687
"number. In the above examples, replace <emphasis>22</emphasis> with "
8688
"<emphasis>ssh</emphasis>."
8689
msgstr ""
8690
8691
#: serverguide/C/security.xml:509(para)
8692
msgid ""
8693
"This is a quick introduction to using <application>ufw</application>. Please "
8694
"refer to the <application>ufw</application> man page for more information."
8695
msgstr ""
8696
8697
#: serverguide/C/security.xml:515(title)
8698
msgid "ufw Application Integration"
8699
msgstr ""
8700
8701
#: serverguide/C/security.xml:517(para)
8702
msgid ""
8703
"Applications that open ports can include an <application>ufw</application> "
8704
"profile, which details the ports needed for the application to function "
8705
"properly. The profiles are kept in <filename "
8706
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
8707
"the default ports have been changed."
8708
msgstr ""
8709
8710
#: serverguide/C/security.xml:526(para)
8711
msgid ""
8712
"To view which applications have installed a profile, enter the following in "
8713
"a terminal:"
8714
msgstr ""
8715
8716
#: serverguide/C/security.xml:531(command)
8717
msgid "sudo ufw app list"
8718
msgstr ""
8719
8720
#: serverguide/C/security.xml:537(para)
8721
msgid ""
8722
"Similar to allowing traffic to a port, using an application profile is "
8723
"accomplished by entering:"
8724
msgstr ""
8725
8726
#: serverguide/C/security.xml:542(command)
8727
msgid "sudo ufw allow Samba"
8728
msgstr ""
8729
8730
#: serverguide/C/security.xml:548(para)
8731
msgid "An extended syntax is available as well:"
8732
msgstr ""
8733
8734
#: serverguide/C/security.xml:553(command)
8735
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
8736
msgstr ""
8737
8738
#: serverguide/C/security.xml:556(para)
8739
msgid ""
8740
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
8741
"with the application profile you are using and the IP range for your network."
8742
msgstr ""
8743
8744
#: serverguide/C/security.xml:562(para)
8745
msgid ""
8746
"There is no need to specify the <emphasis>protocol</emphasis> for the "
8747
"application, because that information is detailed in the profile. Also, note "
8748
"that the <emphasis>app</emphasis> name replaces the "
8749
"<emphasis>port</emphasis> number."
8750
msgstr ""
8751
8752
#: serverguide/C/security.xml:571(para)
8753
msgid ""
8754
"To view details about which ports, protocols, etc are defined for an "
8755
"application, enter:"
8756
msgstr ""
8757
8758
#: serverguide/C/security.xml:576(command)
8759
msgid "sudo ufw app info Samba"
8760
msgstr ""
8761
8762
#: serverguide/C/security.xml:582(para)
8763
msgid ""
8764
"Not all applications that require opening a network port come with "
8765
"<application>ufw</application> profiles, but if you have profiled an "
8766
"application and want the file to be included with the package, please file a "
8767
"bug against the package in <ulink "
8768
"url=\"https://launchpad.net/\">Launchpad</ulink>."
8769
msgstr ""
8770
8771
#: serverguide/C/security.xml:591(title)
8772
msgid "IP Masquerading"
8773
msgstr ""
8774
8775
#: serverguide/C/security.xml:592(para)
8776
msgid ""
8777
"The purpose of IP Masquerading is to allow machines with private, non-"
8778
"routable IP addresses on your network to access the Internet through the "
8779
"machine doing the masquerading. Traffic from your private network destined "
8780
"for the Internet must be manipulated for replies to be routable back to the "
8781
"machine that made the request. To do this, the kernel must modify the "
8782
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8783
"be routed back to it, rather than to the private IP address that made the "
8784
"request, which is impossible over the Internet. Linux uses "
8785
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8786
"connections belong to which machines and reroute each return packet "
8787
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8788
"having originated from your Ubuntu gateway machine. This process is referred "
8789
"to in Microsoft documentation as Internet Connection Sharing."
8790
msgstr ""
8791
8792
#: serverguide/C/security.xml:608(title)
8793
msgid "ufw Masquerading"
8794
msgstr ""
8795
8796
#: serverguide/C/security.xml:609(para)
8797
msgid ""
8798
"IP Masquerading can be achieved using custom <application>ufw</application> "
8799
"rules. This is possible because the current back-end for "
8800
"<application>ufw</application> is <application>iptables-"
8801
"restore</application> with the rules files located in "
8802
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8803
"legacy iptables rules used without <application>ufw</application>, and rules "
8804
"that are more network gateway or bridge related."
8805
msgstr ""
8806
8807
#: serverguide/C/security.xml:615(para)
8808
msgid ""
8809
"The rules are split into two different files, rules that should be executed "
8810
"before <application>ufw</application> command line rules, and rules that are "
8811
"executed after <application>ufw</application> command line rules."
8812
msgstr ""
8813
8814
#: serverguide/C/security.xml:621(para)
8815
msgid ""
8816
"First, packet forwarding needs to be enabled in "
8817
"<application>ufw</application>. Two configuration files will need to be "
8818
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8819
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8820
msgstr ""
8821
8822
#: serverguide/C/security.xml:625(programlisting)
8823
#, no-wrap
8824
msgid ""
8825
"\n"
8826
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8827
msgstr ""
8828
8829
#: serverguide/C/security.xml:628(para)
8830
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8831
msgstr ""
8832
8833
#: serverguide/C/security.xml:631(programlisting)
8834
#, no-wrap
8835
msgid ""
8836
"\n"
8837
"net/ipv4/ip_forward=1\n"
8838
msgstr ""
8839
8840
#: serverguide/C/security.xml:634(para)
8841
msgid "Similarly, for IPv6 forwarding uncomment:"
8842
msgstr ""
8843
8844
#: serverguide/C/security.xml:637(programlisting)
8845
#, no-wrap
8846
msgid ""
8847
"\n"
8848
"net/ipv6/conf/default/forwarding=1\n"
8849
msgstr ""
8850
8851
#: serverguide/C/security.xml:642(para)
8852
msgid ""
8853
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8854
"file. The default rules only configure the <emphasis>filter</emphasis> "
8855
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8856
"need to be configured. Add the following to the top of the file just after "
8857
"the header comments:"
8858
msgstr ""
8859
8860
#: serverguide/C/security.xml:647(programlisting)
8861
#, no-wrap
8862
msgid ""
8863
"\n"
8864
"# nat Table rules\n"
8865
"*nat\n"
8866
":POSTROUTING ACCEPT [0:0]\n"
8867
"\n"
8868
"# Forward traffic from eth1 through eth0.\n"
8869
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8870
"\n"
8871
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8872
"processed\n"
8873
"COMMIT\n"
8874
msgstr ""
8875
8876
#: serverguide/C/security.xml:658(para)
8877
msgid ""
8878
"The comments are not strictly necessary, but it is considered good practice "
8879
"to document your configuration. Also, when modifying any of the "
8880
"<emphasis>rules</emphasis> files in <filename "
8881
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8882
"line for each table modified:"
8883
msgstr ""
8884
8885
#: serverguide/C/security.xml:664(programlisting)
8886
#, no-wrap
8887
msgid ""
8888
"\n"
8889
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8890
"COMMIT\n"
8891
msgstr ""
8892
8893
#: serverguide/C/security.xml:669(para)
8894
msgid ""
8895
"For each <emphasis>Table</emphasis> a corresponding "
8896
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8897
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8898
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8899
"<emphasis>mangle</emphasis> tables."
8900
msgstr ""
8901
8902
#: serverguide/C/security.xml:676(para)
8903
msgid ""
8904
"In the above example replace <emphasis>eth0</emphasis>, "
8905
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8906
"appropriate interfaces and IP range for your network."
8907
msgstr ""
8908
8909
#: serverguide/C/security.xml:684(para)
8910
msgid ""
8911
"Finally, disable and re-enable <application>ufw</application> to apply the "
8912
"changes:"
8913
msgstr ""
8914
8915
#: serverguide/C/security.xml:688(command)
8916
msgid "sudo ufw disable && sudo ufw enable"
8917
msgstr ""
8918
8919
#: serverguide/C/security.xml:692(para)
8920
msgid ""
8921
"IP Masquerading should now be enabled. You can also add any additional "
8922
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8923
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8924
"forward</emphasis> chain."
8925
msgstr ""
8926
8927
#: serverguide/C/security.xml:699(title)
8928
msgid "iptables Masquerading"
8929
msgstr ""
8930
8931
#: serverguide/C/security.xml:700(para)
8932
msgid ""
8933
"<application>iptables</application> can also be used to enable masquerading."
8934
msgstr ""
8935
8936
#: serverguide/C/security.xml:705(para)
8937
msgid ""
8938
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8939
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8940
"uncomment the following line"
8941
msgstr ""
8942
8943
#: serverguide/C/security.xml:709(programlisting)
8944
#, no-wrap
8945
msgid ""
8946
"\n"
8947
"net.ipv4.ip_forward=1\n"
8948
msgstr ""
8949
8950
#: serverguide/C/security.xml:712(para)
8951
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8952
msgstr ""
8953
8954
#: serverguide/C/security.xml:715(programlisting)
8955
#, no-wrap
8956
msgid ""
8957
"\n"
8958
"net.ipv6.conf.default.forwarding=1\n"
8959
msgstr ""
8960
8961
#: serverguide/C/security.xml:720(para)
8962
msgid ""
8963
"Next, execute the <application>sysctl</application> command to enable the "
8964
"new settings in the configuration file:"
8965
msgstr ""
8966
8967
#: serverguide/C/security.xml:724(command)
8968
msgid "sudo sysctl -p"
8969
msgstr ""
8970
8971
#: serverguide/C/security.xml:728(para)
8972
msgid ""
8973
"IP Masquerading can now be accomplished with a single iptables rule, which "
8974
"may differ slightly based on your network configuration:"
8975
msgstr ""
8976
8977
#: serverguide/C/security.xml:731(screen)
8978
#, no-wrap
8979
msgid ""
8980
"\n"
8981
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8982
msgstr ""
8983
8984
#: serverguide/C/security.xml:734(para)
8985
msgid ""
8986
"The above command assumes that your private address space is 192.168.0.0/16 "
8987
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8988
"follows:"
8989
msgstr ""
8990
8991
#: serverguide/C/security.xml:739(para)
8992
msgid "-t nat -- the rule is to go into the nat table"
8993
msgstr ""
8994
8995
#: serverguide/C/security.xml:740(para)
8996
msgid ""
8997
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8998
msgstr ""
8999
9000
#: serverguide/C/security.xml:741(para)
9001
msgid ""
9002
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
9003
"specified address space"
9004
msgstr ""
9005
9006
#: serverguide/C/security.xml:742(para)
9007
msgid ""
9008
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
9009
"specified network device"
9010
msgstr ""
9011
9012
#: serverguide/C/security.xml:744(para)
9013
msgid ""
9014
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
9015
"MASQUERADE target to be manipulated as described above"
9016
msgstr ""
9017
9018
#: serverguide/C/security.xml:752(para)
9019
msgid ""
9020
"Also, each chain in the filter table (the default table, and where most or "
9021
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
9022
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
9023
"you may have set the policies to DROP or REJECT, in which case your "
9024
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
9025
"above rule to work:"
9026
msgstr ""
9027
9028
#: serverguide/C/security.xml:759(screen)
9029
#, no-wrap
9030
msgid ""
9031
"\n"
9032
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
9033
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
9034
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
9035
msgstr ""
9036
9037
#: serverguide/C/security.xml:763(para)
9038
msgid ""
9039
"The above commands will allow all connections from your local network to the "
9040
"Internet and all traffic related to those connections to return to the "
9041
"machine that initiated them."
9042
msgstr ""
9043
9044
#: serverguide/C/security.xml:770(para)
9045
msgid ""
9046
"If you want masquerading to be enabled on reboot, which you probably do, "
9047
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
9048
"example add the first command with no filtering:"
9049
msgstr ""
9050
9051
#: serverguide/C/security.xml:774(screen)
9052
#, no-wrap
9053
msgid ""
9054
"\n"
9055
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
9056
msgstr ""
9057
9058
#: serverguide/C/security.xml:782(title)
9059
msgid "Logs"
9060
msgstr "Журнали"
9061
9062
#: serverguide/C/security.xml:783(para)
9063
msgid ""
9064
"Firewall logs are essential for recognizing attacks, troubleshooting your "
9065
"firewall rules, and noticing unusual activity on your network. You must "
9066
"include logging rules in your firewall for them to be generated, though, and "
9067
"logging rules must come before any applicable terminating rule (a rule with "
9068
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
9069
"REJECT)."
9070
msgstr ""
9071
9072
#: serverguide/C/security.xml:790(para)
9073
msgid ""
9074
"If you are using <application>ufw</application>, you can turn on logging by "
9075
"entering the following in a terminal:"
9076
msgstr ""
9077
9078
#: serverguide/C/security.xml:794(command)
9079
msgid "sudo ufw logging on"
9080
msgstr ""
9081
9082
#: serverguide/C/security.xml:796(para)
9083
msgid ""
9084
"To turn logging off in <application>ufw</application>, simply replace "
9085
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
9086
"role=\"italic\">off</emphasis> in the above command."
9087
msgstr ""
9088
9089
#: serverguide/C/security.xml:799(para)
9090
msgid ""
9091
"If using <application>iptables</application> instead of "
9092
"<application>ufw</application>, enter:"
9093
msgstr ""
9094
9095
#: serverguide/C/security.xml:802(screen)
9096
#, no-wrap
9097
msgid ""
9098
"\n"
9099
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
9100
"prefix \"NEW_HTTP_CONN: \"\n"
9101
msgstr ""
9102
9103
#: serverguide/C/security.xml:805(para)
9104
msgid ""
9105
"A request on port 80 from the local machine, then, would generate a log in "
9106
"dmesg that looks like this:"
9107
msgstr ""
9108
9109
#: serverguide/C/security.xml:810(programlisting)
9110
#, no-wrap
9111
msgid ""
9112
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
9113
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
9114
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
9115
"WINDOW=32767 RES=0x00 SYN URGP=0"
9116
msgstr ""
9117
9118
#: serverguide/C/security.xml:812(para)
9119
msgid ""
9120
"The above log will also appear in <filename>/var/log/messages</filename>, "
9121
"<filename>/var/log/syslog</filename>, and "
9122
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
9123
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
9124
"and configuring <application>ulogd</application> and using the ULOG target "
9125
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
9126
"server that listens for logging instructions from the kernel specifically "
9127
"for firewalls, and can log to any file you like, or even to a "
9128
"<application>PostgreSQL</application> or <application>MySQL</application> "
9129
"database. Making sense of your firewall logs can be simplified by using a "
9130
"log analyzing tool such as <application>fwanalog</application>, "
9131
"<application> fwlogwatch</application>, or <application>lire</application>."
9132
msgstr ""
9133
9134
#: serverguide/C/security.xml:827(title)
9135
msgid "Other Tools"
9136
msgstr "Інші інструменти"
9137
9138
#: serverguide/C/security.xml:828(para)
9139
msgid ""
9140
"There are many tools available to help you construct a complete firewall "
9141
"without intimate knowledge of iptables. For the GUI-inclined:"
9142
msgstr ""
9143
9144
#: serverguide/C/security.xml:834(para)
9145
msgid ""
9146
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
9147
"popular and easy to use."
9148
msgstr ""
9149
9150
#: serverguide/C/security.xml:839(para)
9151
msgid ""
9152
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
9153
"and will look familiar to an administrator who has used a commercial "
9154
"firewall utility such as <application>Checkpoint FireWall-1</application>."
9155
msgstr ""
9156
9157
#: serverguide/C/security.xml:845(para)
9158
msgid ""
9159
"If you prefer a command-line tool with plain-text configuration files:"
9160
msgstr ""
9161
9162
#: serverguide/C/security.xml:850(para)
9163
msgid ""
9164
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
9165
"powerful solution to help you configure an advanced firewall for any network."
9166
msgstr ""
9167
9168
#: serverguide/C/security.xml:856(para)
9169
msgid ""
9170
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
9171
"a working firewall \"out of the box\" with zero configuration, and will "
9172
"allow you to easily set up a more advanced firewall by editing simple, well-"
9173
"documented configuration files."
9174
msgstr ""
9175
9176
#: serverguide/C/security.xml:863(para)
9177
msgid ""
9178
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
9179
"designed to be a desktop firewall application. It is made up of a server "
9180
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
9181
"like many popular interactive firewall applications for Windows."
9182
msgstr ""
9183
9184
#: serverguide/C/security.xml:875(para)
9185
msgid ""
9186
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
9187
"Firewall</ulink> wiki page contains information on the development of "
9188
"<application>ufw</application>."
9189
msgstr ""
9190
9191
#: serverguide/C/security.xml:881(para)
9192
msgid ""
9193
"Also, the <application>ufw</application> manual page contains some very "
9194
"useful information: <command>man ufw</command>."
9195
msgstr ""
9196
9197
#: serverguide/C/security.xml:886(para)
9198
msgid ""
9199
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
9200
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
9201
"on using <application>iptables</application>."
9202
msgstr ""
9203
9204
#: serverguide/C/security.xml:892(para)
9205
msgid ""
9206
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
9207
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
9208
msgstr ""
9209
9210
#: serverguide/C/security.xml:898(para)
9211
msgid ""
9212
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
9213
"HowTo</ulink> in the Ubuntu wiki is a great resource."
9214
msgstr ""
9215
9216
#: serverguide/C/security.xml:906(title)
9217
msgid "AppArmor"
9218
msgstr ""
9219
9220
#: serverguide/C/security.xml:907(para)
9221
msgid ""
9222
"<application>AppArmor</application> is a Linux Security Module "
9223
"implementation of name-based mandatory access controls. AppArmor confines "
9224
"individual programs to a set of listed files and posix 1003.1e draft "
9225
"capabilities."
9226
msgstr ""
9227
9228
#: serverguide/C/security.xml:911(para)
9229
msgid ""
9230
"<application>AppArmor</application> is installed and loaded by default. It "
9231
"uses <emphasis>profiles</emphasis> of an application to determine what files "
9232
"and permissions the application requires. Some packages will install their "
9233
"own profiles, and additional profiles can be found in the "
9234
"<application>apparmor-profiles</application> package."
9235
msgstr ""
9236
9237
#: serverguide/C/security.xml:916(para)
9238
msgid ""
9239
"To install the <application>apparmor-profiles</application> package from a "
9240
"terminal prompt:"
9241
msgstr ""
9242
9243
#: serverguide/C/security.xml:922(para)
9244
msgid "AppArmor profiles have two modes of execution:"
9245
msgstr ""
9246
9247
#: serverguide/C/security.xml:927(para)
9248
msgid ""
9249
"Complaining/Learning: profile violations are permitted and logged. Useful "
9250
"for testing and developing new profiles."
9251
msgstr ""
9252
9253
#: serverguide/C/security.xml:932(para)
9254
msgid ""
9255
"Enforced/Confined: enforces profile policy as well as logging the violation."
9256
msgstr ""
9257
9258
#: serverguide/C/security.xml:938(title)
9259
msgid "Using AppArmor"
9260
msgstr ""
9261
9262
#: serverguide/C/security.xml:939(para)
9263
msgid ""
9264
"The <application>apparmor-utils</application> package contains command line "
9265
"utilities that you can use to change the <application>AppArmor</application> "
9266
"execution mode, find the status of a profile, create new profiles, etc."
9267
msgstr ""
9268
9269
#: serverguide/C/security.xml:945(para)
9270
msgid ""
9271
"<application>apparmor_status</application> is used to view the current "
9272
"status of AppArmor profiles."
9273
msgstr ""
9274
9275
#: serverguide/C/security.xml:949(command)
9276
msgid "sudo apparmor_status"
9277
msgstr ""
9278
9279
#: serverguide/C/security.xml:953(para)
9280
msgid ""
9281
"<application>aa-complain</application> places a profile into "
9282
"<emphasis>complain</emphasis> mode."
9283
msgstr ""
9284
9285
#: serverguide/C/security.xml:957(command)
9286
msgid "sudo aa-complain /path/to/bin"
9287
msgstr ""
9288
9289
#: serverguide/C/security.xml:961(para)
9290
msgid ""
9291
"<application>aa-enforce</application> places a profile into "
9292
"<emphasis>enforce</emphasis> mode."
9293
msgstr ""
9294
9295
#: serverguide/C/security.xml:965(command)
9296
msgid "sudo aa-enforce /path/to/bin"
9297
msgstr ""
9298
9299
#: serverguide/C/security.xml:969(para)
9300
msgid ""
9301
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
9302
"profiles are located. It can be used to manipulate the "
9303
"<emphasis>mode</emphasis> of all profiles."
9304
msgstr ""
9305
9306
#: serverguide/C/security.xml:973(para)
9307
msgid "Enter the following to place all profiles into complain mode:"
9308
msgstr ""
9309
9310
#: serverguide/C/security.xml:977(command)
9311
msgid "sudo aa-complain /etc/apparmor.d/*"
9312
msgstr ""
9313
9314
#: serverguide/C/security.xml:979(para)
9315
msgid "To place all profiles in enforce mode:"
9316
msgstr ""
9317
9318
#: serverguide/C/security.xml:983(command)
9319
msgid "sudo aa-enforce /etc/apparmor.d/*"
9320
msgstr ""
9321
9322
#: serverguide/C/security.xml:987(para)
9323
msgid ""
9324
"<application>apparmor_parser</application> is used to load a profile into "
9325
"the kernel. It can also be used to reload a currently loaded profile using "
9326
"the <emphasis>-r</emphasis> option. To load a profile:"
9327
msgstr ""
9328
9329
#: serverguide/C/security.xml:992(command) serverguide/C/security.xml:1024(command)
9330
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
9331
msgstr ""
9332
9333
#: serverguide/C/security.xml:994(para)
9334
msgid "To reload a profile:"
9335
msgstr ""
9336
9337
#: serverguide/C/security.xml:998(command)
9338
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
9339
msgstr ""
9340
9341
#: serverguide/C/security.xml:1002(para)
9342
msgid ""
9343
"<filename>/etc/init.d/apparmor</filename> can be used to "
9344
"<emphasis>reload</emphasis> all profiles:"
9345
msgstr ""
9346
9347
#: serverguide/C/security.xml:1006(command) serverguide/C/network-auth.xml:632(command)
9348
msgid "sudo /etc/init.d/apparmor reload"
9349
msgstr ""
9350
9351
#: serverguide/C/security.xml:1010(para)
9352
msgid ""
9353
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
9354
"with the <application>apparmor_parser -R</application> option to "
9355
"<emphasis>disable</emphasis> a profile."
9356
msgstr ""
9357
9358
#: serverguide/C/security.xml:1015(command)
9359
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
9360
msgstr ""
9361
9362
#: serverguide/C/security.xml:1016(command)
9363
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
9364
msgstr ""
9365
9366
#: serverguide/C/security.xml:1018(para)
9367
msgid ""
9368
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
9369
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
9370
"load the profile using the <emphasis>-a</emphasis> option."
9371
msgstr ""
9372
9373
#: serverguide/C/security.xml:1023(command)
9374
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
9375
msgstr ""
9376
9377
#: serverguide/C/security.xml:1028(para)
9378
msgid ""
9379
"<application>AppArmor</application> can be disabled, and the kernel module "
9380
"unloaded by entering the following:"
9381
msgstr ""
9382
9383
#: serverguide/C/security.xml:1032(command)
9384
msgid "sudo /etc/init.d/apparmor stop"
9385
msgstr ""
9386
9387
#: serverguide/C/security.xml:1033(command)
9388
msgid "sudo update-rc.d -f apparmor remove"
9389
msgstr ""
9390
9391
#: serverguide/C/security.xml:1037(para)
9392
msgid "To re-enable <application>AppArmor</application> enter:"
9393
msgstr ""
9394
9395
#: serverguide/C/security.xml:1041(command)
9396
msgid "sudo /etc/init.d/apparmor start"
9397
msgstr ""
9398
9399
#: serverguide/C/security.xml:1042(command)
9400
msgid "sudo update-rc.d apparmor defaults"
9401
msgstr ""
9402
9403
#: serverguide/C/security.xml:1047(para)
9404
msgid ""
9405
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
9406
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
9407
"the actual executable file path. For example for the "
9408
"<application>ping</application> command use <filename>/bin/ping</filename>"
9409
msgstr ""
9410
9411
#: serverguide/C/security.xml:1055(title)
9412
msgid "Profiles"
9413
msgstr "Профілі"
9414
9415
#: serverguide/C/security.xml:1056(para)
9416
msgid ""
9417
"<application>AppArmor</application> profiles are simple text files located "
9418
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
9419
"path to the executable they profile replacing the \"/\" with \".\". For "
9420
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
9421
"profile for the <filename>/bin/ping</filename> command."
9422
msgstr ""
9423
9424
#: serverguide/C/security.xml:1062(para)
9425
msgid "There are two main type of rules used in profiles:"
9426
msgstr ""
9427
9428
#: serverguide/C/security.xml:1067(para)
9429
msgid ""
9430
"<emphasis>Path entries:</emphasis> which detail which files an application "
9431
"can access in the file system."
9432
msgstr ""
9433
9434
#: serverguide/C/security.xml:1072(para)
9435
msgid ""
9436
"<emphasis>Capability entries:</emphasis> determine what privileges a "
9437
"confined process is allowed to use."
9438
msgstr ""
9439
9440
#: serverguide/C/security.xml:1077(para)
9441
msgid ""
9442
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
9443
msgstr ""
9444
9445
#: serverguide/C/security.xml:1080(programlisting)
9446
#, no-wrap
9447
msgid ""
9448
"\n"
9449
"#include <tunables/global>\n"
9450
"/bin/ping flags=(complain) {\n"
9451
" #include <abstractions/base>\n"
9452
" #include <abstractions/consoles>\n"
9453
" #include <abstractions/nameservice>\n"
9454
"\n"
9455
" capability net_raw,\n"
9456
" capability setuid,\n"
9457
" network inet raw,\n"
9458
" \n"
9459
" /bin/ping mixr,\n"
9460
" /etc/modules.conf r,\n"
9461
"}\n"
9462
msgstr ""
9463
9464
#: serverguide/C/security.xml:1097(para)
9465
msgid ""
9466
"<emphasis>#include <tunables/global>:</emphasis> include statements "
9467
"from other files. This allows statements pertaining to multiple applications "
9468
"to be placed in a common file."
9469
msgstr ""
9470
9471
#: serverguide/C/security.xml:1103(para)
9472
msgid ""
9473
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
9474
"program, also setting the mode to <emphasis>complain</emphasis>."
9475
msgstr ""
9476
9477
#: serverguide/C/security.xml:1109(para)
9478
msgid ""
9479
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
9480
"the CAP_NET_RAW Posix.1e capability."
9481
msgstr ""
9482
9483
#: serverguide/C/security.xml:1114(para)
9484
msgid ""
9485
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
9486
"execute access to the file."
9487
msgstr ""
9488
9489
#: serverguide/C/security.xml:1120(para)
9490
msgid ""
9491
"After editing a profile file the profile must be reloaded. See <xref "
9492
"linkend=\"apparmor-usage\"/> for details."
9493
msgstr ""
9494
9495
#: serverguide/C/security.xml:1125(title)
9496
msgid "Creating a Profile"
9497
msgstr "Створення профілю"
9498
9499
#: serverguide/C/security.xml:1128(para)
9500
msgid ""
9501
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
9502
"application should be exercised. The test plan should be divided into small "
9503
"test cases. Each test case should have a small description and list the "
9504
"steps to follow."
9505
msgstr ""
9506
9507
#: serverguide/C/security.xml:1132(para)
9508
msgid "Some standard test cases are:"
9509
msgstr ""
9510
9511
#: serverguide/C/security.xml:1137(para)
9512
msgid "Starting the program."
9513
msgstr ""
9514
9515
#: serverguide/C/security.xml:1142(para)
9516
msgid "Stopping the program."
9517
msgstr ""
9518
9519
#: serverguide/C/security.xml:1147(para)
9520
msgid "Reloading the program."
9521
msgstr ""
9522
9523
#: serverguide/C/security.xml:1152(para)
9524
msgid "Testing all the commands supported by the init script."
9525
msgstr ""
9526
9527
#: serverguide/C/security.xml:1159(para)
9528
msgid ""
9529
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
9530
"genprof</application> to generate a new profile. From a terminal:"
9531
msgstr ""
9532
9533
#: serverguide/C/security.xml:1164(command)
9534
msgid "sudo aa-genprof executable"
9535
msgstr ""
9536
9537
#: serverguide/C/security.xml:1166(para)
9538
msgid "For example:"
9539
msgstr "Приклад:"
9540
9541
#: serverguide/C/security.xml:1170(command)
9542
msgid "sudo aa-genprof slapd"
9543
msgstr ""
9544
9545
#: serverguide/C/security.xml:1174(para)
9546
msgid ""
9547
"To get your new profile included in the <application>apparmor-"
9548
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
9549
"against the <ulink "
9550
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
9551
"/ulink> package:"
9552
msgstr ""
9553
9554
#: serverguide/C/security.xml:1181(para)
9555
msgid "Include your test plan and test cases."
9556
msgstr ""
9557
9558
#: serverguide/C/security.xml:1186(para)
9559
msgid "Attach your new profile to the bug."
9560
msgstr ""
9561
9562
#: serverguide/C/security.xml:1195(title)
9563
msgid "Updating Profiles"
9564
msgstr ""
9565
9566
#: serverguide/C/security.xml:1196(para)
9567
msgid ""
9568
"When the program is misbehaving, audit messages are sent to the log files. "
9569
"The program <application>aa-logprof</application> can be used to scan log "
9570
"files for <application>AppArmor</application> audit messages, review them "
9571
"and update the profiles. From a terminal:"
9572
msgstr ""
9573
9574
#: serverguide/C/security.xml:1201(command)
9575
msgid "sudo aa-logprof"
9576
msgstr ""
9577
9578
#: serverguide/C/security.xml:1209(para)
9579
msgid ""
9580
"See the <ulink "
9581
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
9582
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
9583
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
9584
"configuration options."
9585
msgstr ""
9586
9587
#: serverguide/C/security.xml:1216(para)
9588
msgid ""
9589
"For details using AppArmor with other Ubuntu releases see the <ulink "
9590
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
9591
"Wiki</ulink> page."
9592
msgstr ""
9593
9594
#: serverguide/C/security.xml:1224(para)
9595
msgid ""
9596
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
9597
"page is another introduction to AppArmor."
9598
msgstr ""
9599
9600
#: serverguide/C/security.xml:1231(para)
9601
msgid ""
9602
"A great place to ask for <application>AppArmor</application> assistance, and "
9603
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
9604
"server</emphasis> IRC channel on <ulink "
9605
"url=\"http://freenode.net\">freenode</ulink>."
9606
msgstr ""
9607
9608
#: serverguide/C/security.xml:1241(title)
9609
msgid "Certificates"
9610
msgstr "Сертифікати"
9611
9612
#: serverguide/C/security.xml:1242(para)
9613
msgid ""
9614
"One of the most common forms of cryptography today is <emphasis>public-"
9615
"key</emphasis> cryptography. Public-key cryptography utilizes a "
9616
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
9617
"system works by <emphasis>encrypting</emphasis> information using the public "
9618
"key. The information can then only be <emphasis>decrypted</emphasis> using "
9619
"the private key."
9620
msgstr ""
9621
9622
#: serverguide/C/security.xml:1248(para)
9623
msgid ""
9624
"A common use for public-key cryptography is encrypting application traffic "
9625
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
9626
"connection. For example, configuring Apache to provide "
9627
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
9628
"encrypt traffic using a protocol that does not itself provide encryption."
9629
msgstr ""
9630
9631
#: serverguide/C/security.xml:1253(para)
9632
msgid ""
9633
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
9634
"<emphasis>public key</emphasis> and other information about a server and the "
9635
"organization who is responsible for it. Certificates can be digitally signed "
9636
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
9637
"third party that has confirmed that the information contained in the "
9638
"certificate is accurate."
9639
msgstr ""
9640
9641
#: serverguide/C/security.xml:1260(title)
9642
msgid "Types of Certificates"
9643
msgstr ""
9644
9645
#: serverguide/C/security.xml:1261(para)
9646
msgid ""
9647
"To set up a secure server using public-key cryptography, in most cases, you "
9648
"send your certificate request (including your public key), proof of your "
9649
"company's identity, and payment to a CA. The CA verifies the certificate "
9650
"request and your identity, and then sends back a certificate for your secure "
9651
"server. Alternatively, you can create your own <emphasis>self-"
9652
"signed</emphasis> certificate."
9653
msgstr ""
9654
9655
#: serverguide/C/security.xml:1271(para)
9656
msgid ""
9657
"Note, that self-signed certificates should not be used in most production "
9658
"environments."
9659
msgstr ""
9660
9661
#: serverguide/C/security.xml:1275(para)
9662
msgid ""
9663
"Continuing the HTTPS example, a CA-signed certificate provides two important "
9664
"capabilities that a self-signed certificate does not:"
9665
msgstr ""
9666
9667
#: serverguide/C/security.xml:1282(para)
9668
msgid ""
9669
"Browsers (usually) automatically recognize the certificate and allow a "
9670
"secure connection to be made without prompting the user."
9671
msgstr ""
9672
9673
#: serverguide/C/security.xml:1289(para)
9674
msgid ""
9675
"When a CA issues a signed certificate, it is guaranteeing the identity of "
9676
"the organization that is providing the web pages to the browser."
9677
msgstr ""
9678
9679
#: serverguide/C/security.xml:1297(para)
9680
msgid ""
9681
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
9682
"certificates they automatically accept. If a browser encounters a "
9683
"certificate whose authorizing CA is not in the list, the browser asks the "
9684
"user to either accept or decline the connection. Also, other applications "
9685
"may generate an error message when using a self-singed certificate."
9686
msgstr ""
9687
9688
#: serverguide/C/security.xml:1305(para)
9689
msgid ""
9690
"The process of getting a certificate from a CA is fairly easy. A quick "
9691
"overview is as follows:"
9692
msgstr ""
9693
9694
#: serverguide/C/security.xml:1312(para)
9695
msgid "Create a private and public encryption key pair."
9696
msgstr ""
9697
9698
#: serverguide/C/security.xml:1315(para)
9699
msgid ""
9700
"Create a certificate request based on the public key. The certificate "
9701
"request contains information about your server and the company hosting it."
9702
msgstr ""
9703
9704
#: serverguide/C/security.xml:1320(para)
9705
msgid ""
9706
"Send the certificate request, along with documents proving your identity, to "
9707
"a CA. We cannot tell you which certificate authority to choose. Your "
9708
"decision may be based on your past experiences, or on the experiences of "
9709
"your friends or colleagues, or purely on monetary factors."
9710
msgstr ""
9711
9712
#: serverguide/C/security.xml:1326(para)
9713
msgid ""
9714
"Once you have decided upon a CA, you need to follow the instructions they "
9715
"provide on how to obtain a certificate from them."
9716
msgstr ""
9717
9718
#: serverguide/C/security.xml:1331(para)
9719
msgid ""
9720
"When the CA is satisfied that you are indeed who you claim to be, they send "
9721
"you a digital certificate."
9722
msgstr ""
9723
9724
#: serverguide/C/security.xml:1335(para)
9725
msgid ""
9726
"Install this certificate on your secure server, and configure the "
9727
"appropriate applications to use the certificate."
9728
msgstr ""
9729
9730
#: serverguide/C/security.xml:1344(title)
9731
msgid "Generating a Certificate Signing Request (CSR)"
9732
msgstr ""
9733
9734
#: serverguide/C/security.xml:1346(para)
9735
msgid ""
9736
"Whether you are getting a certificate from a CA or generating your own self-"
9737
"signed certificate, the first step is to generate a key."
9738
msgstr ""
9739
9740
#: serverguide/C/security.xml:1351(para)
9741
msgid ""
9742
"If the certificate will be used by service daemons, such as Apache, Postfix, "
9743
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
9744
"passphrase allows the services to start without manual intervention, usually "
9745
"the preferred way to start a daemon."
9746
msgstr ""
9747
9748
#: serverguide/C/security.xml:1357(para)
9749
msgid ""
9750
"This section will cover generating a key with a passphrase, and one without. "
9751
"The non-passphrase key will then be used to generate a certificate that can "
9752
"be used with various service daemons."
9753
msgstr ""
9754
9755
#: serverguide/C/security.xml:1363(para)
9756
msgid ""
9757
"Running your secure service without a passphrase is convenient because you "
9758
"will not need to enter the passphrase every time you start your secure "
9759
"service. But it is insecure and a compromise of the key means a compromise "
9760
"of the server as well."
9761
msgstr ""
9762
9763
#: serverguide/C/security.xml:1370(para)
9764
msgid ""
9765
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9766
"Request (CSR) run the following command from a terminal prompt:"
9767
msgstr ""
9768
9769
#: serverguide/C/security.xml:1376(command)
9770
msgid "openssl genrsa -des3 -out server.key 1024"
9771
msgstr ""
9772
9773
#: serverguide/C/security.xml:1379(programlisting)
9774
#, no-wrap
9775
msgid ""
9776
"\n"
9777
"Generating RSA private key, 1024 bit long modulus\n"
9778
".....................++++++\n"
9779
".................++++++\n"
9780
"unable to write 'random state'\n"
9781
"e is 65537 (0x10001)\n"
9782
"Enter pass phrase for server.key:\n"
9783
msgstr ""
9784
9785
#: serverguide/C/security.xml:1388(para)
9786
msgid ""
9787
"You can now enter your passphrase. For best security, it should at least "
9788
"contain eight characters. The minimum length when specifying -des3 is four "
9789
"characters. It should include numbers and/or punctuation and not be a word "
9790
"in a dictionary. Also remember that your passphrase is case-sensitive."
9791
msgstr ""
9792
9793
#: serverguide/C/security.xml:1396(para)
9794
msgid ""
9795
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9796
"server key is generated and stored in the <filename>server.key</filename> "
9797
"file."
9798
msgstr ""
9799
9800
#: serverguide/C/security.xml:1402(para)
9801
msgid ""
9802
"Now create the insecure key, the one without a passphrase, and shuffle the "
9803
"key names:"
9804
msgstr ""
9805
9806
#: serverguide/C/security.xml:1408(command)
9807
msgid "openssl rsa -in server.key -out server.key.insecure"
9808
msgstr ""
9809
9810
#: serverguide/C/security.xml:1409(command)
9811
msgid "mv server.key server.key.secure"
9812
msgstr ""
9813
9814
#: serverguide/C/security.xml:1410(command)
9815
msgid "mv server.key.insecure server.key"
9816
msgstr ""
9817
9818
#: serverguide/C/security.xml:1413(para)
9819
msgid ""
9820
"The insecure key is now named <filename>server.key</filename>, and you can "
9821
"use this file to generate the CSR without passphrase."
9822
msgstr ""
9823
9824
#: serverguide/C/security.xml:1418(para)
9825
msgid "To create the CSR, run the following command at a terminal prompt:"
9826
msgstr ""
9827
9828
#: serverguide/C/security.xml:1423(command)
9829
msgid "openssl req -new -key server.key -out server.csr"
9830
msgstr ""
9831
9832
#: serverguide/C/security.xml:1426(para)
9833
msgid ""
9834
"It will prompt you enter the passphrase. If you enter the correct "
9835
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9836
"etc. Once you enter all these details, your CSR will be created and it will "
9837
"be stored in the <filename>server.csr</filename> file."
9838
msgstr ""
9839
9840
#: serverguide/C/security.xml:1434(para)
9841
msgid ""
9842
"You can now submit this CSR file to a CA for processing. The CA will use "
9843
"this CSR file and issue the certificate. On the other hand, you can create "
9844
"self-signed certificate using this CSR."
9845
msgstr ""
9846
9847
#: serverguide/C/security.xml:1442(title)
9848
msgid "Creating a Self-Signed Certificate"
9849
msgstr ""
9850
9851
#: serverguide/C/security.xml:1443(para)
9852
msgid ""
9853
"To create the self-signed certificate, run the following command at a "
9854
"terminal prompt:"
9855
msgstr ""
9856
9857
#: serverguide/C/security.xml:1448(command)
9858
msgid ""
9859
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9860
"server.crt"
9861
msgstr ""
9862
9863
#: serverguide/C/security.xml:1451(para)
9864
msgid ""
9865
"The above command will prompt you to enter the passphrase. Once you enter "
9866
"the correct passphrase, your certificate will be created and it will be "
9867
"stored in the <filename>server.crt</filename> file."
9868
msgstr ""
9869
9870
#: serverguide/C/security.xml:1456(para)
9871
msgid ""
9872
"If your secure server is to be used in a production environment, you "
9873
"probably need a CA-signed certificate. It is not recommended to use self-"
9874
"signed certificate."
9875
msgstr ""
9876
9877
#: serverguide/C/security.xml:1464(title)
9878
msgid "Installing the Certificate"
9879
msgstr ""
9880
9881
#: serverguide/C/security.xml:1466(para)
9882
msgid ""
9883
"You can install the key file <filename>server.key</filename> and certificate "
9884
"file <filename>server.crt</filename>, or the certificate file issued by your "
9885
"CA, by running following commands at a terminal prompt:"
9886
msgstr ""
9887
9888
#: serverguide/C/security.xml:1472(command)
9889
msgid "sudo cp server.crt /etc/ssl/certs"
9890
msgstr ""
9891
9892
#: serverguide/C/security.xml:1473(command)
9893
msgid "sudo cp server.key /etc/ssl/private"
9894
msgstr ""
9895
9896
#: serverguide/C/security.xml:1475(para)
9897
msgid ""
9898
"Now simply configure any applications, with the ability to use public-key "
9899
"cryptography, to use the <emphasis>certificate</emphasis> and "
9900
"<emphasis>key</emphasis> files. For example, "
9901
"<application>Apache</application> can provide HTTPS, "
9902
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9903
msgstr ""
9904
9905
#: serverguide/C/security.xml:1482(title)
9906
msgid "Certification Authority"
9907
msgstr ""
9908
9909
#: serverguide/C/security.xml:1484(para)
9910
msgid ""
9911
"If the services on your network require more than a few self-signed "
9912
"certificates it may be worth the additional effort to setup your own "
9913
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9914
"certificates signed by your own CA, allows the various services using the "
9915
"certificates to easily trust other services using certificates issued from "
9916
"the same CA."
9917
msgstr ""
9918
9919
#: serverguide/C/security.xml:1494(para)
9920
msgid ""
9921
"First, create the directories to hold the CA certificate and related files:"
9922
msgstr ""
9923
9924
#: serverguide/C/security.xml:1499(command)
9925
msgid "sudo mkdir /etc/ssl/CA"
9926
msgstr ""
9927
9928
#: serverguide/C/security.xml:1500(command)
9929
msgid "sudo mkdir /etc/ssl/newcerts"
9930
msgstr ""
9931
9932
#: serverguide/C/security.xml:1506(para)
9933
msgid ""
9934
"The CA needs a few additional files to operate, one to keep track of the "
9935
"last serial number used by the CA, each certificate must have a unique "
9936
"serial number, and another file to record which certificates have been "
9937
"issued:"
9938
msgstr ""
9939
9940
#: serverguide/C/security.xml:1513(command)
9941
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9942
msgstr ""
9943
9944
#: serverguide/C/security.xml:1514(command)
9945
msgid "sudo touch /etc/ssl/CA/index.txt"
9946
msgstr ""
9947
9948
#: serverguide/C/security.xml:1520(para)
9949
msgid ""
9950
"The third file is a CA configuration file. Though not strictly necessary, it "
9951
"is very convenient when issuing multiple certificates. Edit "
9952
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9953
"]</emphasis> change:"
9954
msgstr ""
9955
9956
#: serverguide/C/security.xml:1526(programlisting)
9957
#, no-wrap
9958
msgid ""
9959
"\n"
9960
"dir = /etc/ssl/ # Where everything is kept\n"
9961
"database = $dir/CA/index.txt # database index file.\n"
9962
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9963
"serial = $dir/CA/serial # The current serial number\n"
9964
"private_key = $dir/private/cakey.pem# The private key\n"
9965
msgstr ""
9966
9967
#: serverguide/C/security.xml:1537(para)
9968
msgid "Next, create the self-singed root certificate:"
9969
msgstr ""
9970
9971
#: serverguide/C/security.xml:1542(command)
9972
msgid ""
9973
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9974
"days 3650"
9975
msgstr ""
9976
9977
#: serverguide/C/security.xml:1545(para)
9978
msgid "You will then be asked to enter the details about the certificate."
9979
msgstr ""
9980
9981
#: serverguide/C/security.xml:1552(para)
9982
msgid "Now install the root certificate and key:"
9983
msgstr ""
9984
9985
#: serverguide/C/security.xml:1557(command)
9986
msgid "sudo mv cakey.pem /etc/ssl/private/"
9987
msgstr ""
9988
9989
#: serverguide/C/security.xml:1558(command)
9990
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9991
msgstr ""
9992
9993
#: serverguide/C/security.xml:1564(para)
9994
msgid ""
9995
"You are now ready to start signing certificates. The first item needed is a "
9996
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9997
"for details. Once you have a CSR, enter the following to generate a "
9998
"certificate signed by the CA:"
9999
msgstr ""
10000
10001
#: serverguide/C/security.xml:1571(command)
10002
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
10003
msgstr ""
10004
10005
#: serverguide/C/security.xml:1574(para)
10006
msgid ""
10007
"After entering the password for the CA key, you will be prompted to sign the "
10008
"certificate, and again to commit the new certificate. You should then see a "
10009
"somewhat large amount of output related to the certificate creation."
10010
msgstr ""
10011
10012
#: serverguide/C/security.xml:1583(para)
10013
msgid ""
10014
"There should now be a new file, "
10015
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
10016
"Copy and paste everything beginning with the line: <emphasis>-----BEGIN "
10017
"CERTIFICATE-----</emphasis> and continuing through the line: <emphasis>----"
10018
"END CERTIFICATE-----</emphasis> lines to a file named after the hostname of "
10019
"the server where the certificate will be installed. For example "
10020
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
10021
msgstr ""
10022
10023
#: serverguide/C/security.xml:1591(para)
10024
msgid ""
10025
"Subsequent certificates will be named <filename>02.pem</filename>, "
10026
"<filename>03.pem</filename>, etc."
10027
msgstr ""
10028
10029
#: serverguide/C/security.xml:1596(para)
10030
msgid ""
10031
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
10032
"name."
10033
msgstr ""
10034
10035
#: serverguide/C/security.xml:1604(para)
10036
msgid ""
10037
"Finally, copy the new certificate to the host that needs it, and configure "
10038
"the appropriate applications to use it. The default location to install "
10039
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
10040
"enables multiple services to use the same certificate without overly "
10041
"complicated file permissions."
10042
msgstr ""
10043
10044
#: serverguide/C/security.xml:1610(para)
10045
msgid ""
10046
"For applications that can be configured to use a CA certificate, you should "
10047
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
10048
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
10049
"server."
10050
msgstr ""
10051
10052
#: serverguide/C/security.xml:1624(para)
10053
msgid ""
10054
"For more detailed instructions on using cryptography see the <ulink "
10055
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
10056
"Certificates HOWTO</ulink> by tlpd.org"
10057
msgstr ""
10058
10059
#: serverguide/C/security.xml:1630(para)
10060
msgid ""
10061
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
10062
"of Certificate Authorities."
10063
msgstr ""
10064
10065
#: serverguide/C/security.xml:1635(para)
10066
msgid ""
10067
"The Wikipedia <ulink "
10068
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
10069
"information regarding HTTPS."
10070
msgstr ""
10071
10072
#: serverguide/C/security.xml:1640(para)
10073
msgid ""
10074
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
10075
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
10076
msgstr ""
10077
10078
#: serverguide/C/security.xml:1645(para)
10079
msgid ""
10080
"Also, O'Reilly's <ulink "
10081
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
10082
"OpenSSL</ulink> is a good in depth reference."
10083
msgstr ""
10084
10085
#: serverguide/C/security.xml:1654(title)
10086
msgid "eCryptfs"
10087
msgstr ""
10088
10089
#: serverguide/C/security.xml:1656(para)
10090
msgid ""
10091
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
10092
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
10093
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
10094
"filesystem, partition type, etc."
10095
msgstr ""
10096
10097
#: serverguide/C/security.xml:1662(para)
10098
msgid ""
10099
"During installation there is an option to encrypt the <filename "
10100
"role=\"directory\">/home</filename> partition. This will automatically "
10101
"configure everything needed to encrypt and mount the partition."
10102
msgstr ""
10103
10104
#: serverguide/C/security.xml:1667(para)
10105
msgid ""
10106
"As an example, this section will cover configuring <filename "
10107
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
10108
msgstr ""
10109
10110
#: serverguide/C/security.xml:1672(title)
10111
msgid "Using eCryptfs"
10112
msgstr ""
10113
10114
#: serverguide/C/security.xml:1674(para)
10115
msgid "First, install the necessary packages. From a terminal prompt enter:"
10116
msgstr ""
10117
10118
#: serverguide/C/security.xml:1679(command)
10119
msgid "sudo apt-get install ecryptfs-utils"
10120
msgstr ""
10121
10122
#: serverguide/C/security.xml:1682(para)
10123
msgid "Now mount the partition to be encrypted:"
10124
msgstr ""
10125
10126
#: serverguide/C/security.xml:1687(command)
10127
msgid "sudo mount -t ecryptfs /srv /srv"
10128
msgstr ""
10129
10130
#: serverguide/C/security.xml:1690(para)
10131
msgid ""
10132
"You will then be prompted for some details on how "
10133
"<application>ecryptfs</application> should encrypt the data."
10134
msgstr ""
10135
10136
#: serverguide/C/security.xml:1694(para)
10137
msgid ""
10138
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
10139
"copy the <filename>/etc/default</filename> folder to "
10140
"<filename>/srv</filename>:"
10141
msgstr ""
10142
10143
#: serverguide/C/security.xml:1700(command) serverguide/C/clustering.xml:192(command)
10144
msgid "sudo cp -r /etc/default /srv"
10145
msgstr ""
10146
10147
#: serverguide/C/security.xml:1703(para)
10148
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
10149
msgstr ""
10150
10151
#: serverguide/C/security.xml:1708(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
10152
msgid "sudo umount /srv"
10153
msgstr ""
10154
10155
#: serverguide/C/security.xml:1709(command)
10156
msgid "cat /srv/default/cron"
10157
msgstr ""
10158
10159
#: serverguide/C/security.xml:1712(para)
10160
msgid ""
10161
"Remounting <filename>/srv</filename> using "
10162
"<application>ecryptfs</application> will make the data viewable once again."
10163
msgstr ""
10164
10165
#: serverguide/C/security.xml:1718(title)
10166
msgid "Automatically Mounting Encrypted Partitions"
10167
msgstr ""
10168
10169
#: serverguide/C/security.xml:1720(para)
10170
msgid ""
10171
"There are a couple of ways to automatically mount an "
10172
"<application>ecryptfs</application> encrypted filesystem at boot. This "
10173
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
10174
"mount options, along with a passphrase file residing on a USB key."
10175
msgstr ""
10176
10177
#: serverguide/C/security.xml:1726(para)
10178
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
10179
msgstr ""
10180
10181
#: serverguide/C/security.xml:1730(programlisting)
10182
#, no-wrap
10183
msgid ""
10184
"\n"
10185
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
10186
"ecryptfs_sig=5826dd62cf81c615\n"
10187
"ecryptfs_cipher=aes\n"
10188
"ecryptfs_key_bytes=16\n"
10189
"ecryptfs_passthrough=n\n"
10190
"ecryptfs_enable_filename_crypto=n\n"
10191
msgstr ""
10192
10193
#: serverguide/C/security.xml:1740(para)
10194
msgid ""
10195
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
10196
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
10197
msgstr ""
10198
10199
#: serverguide/C/security.xml:1745(para)
10200
msgid ""
10201
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
10202
"file:"
10203
msgstr ""
10204
10205
#: serverguide/C/security.xml:1749(programlisting)
10206
#, no-wrap
10207
msgid ""
10208
"\n"
10209
"passphrase_passwd=[secrets]\n"
10210
msgstr ""
10211
10212
#: serverguide/C/security.xml:1753(para)
10213
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
10214
msgstr ""
10215
10216
#: serverguide/C/security.xml:1757(programlisting)
10217
#, no-wrap
10218
msgid ""
10219
"\n"
10220
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
10221
"/srv /srv ecryptfs defaults 0 0\n"
10222
msgstr ""
10223
10224
#: serverguide/C/security.xml:1762(para)
10225
msgid "Make sure the USB drive is mounted before the encrypted partition."
10226
msgstr ""
10227
10228
#: serverguide/C/security.xml:1766(para)
10229
msgid ""
10230
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
10231
"ecryptfs."
10232
msgstr ""
10233
10234
#: serverguide/C/security.xml:1774(para)
10235
msgid ""
10236
"The <application>ecryptfs-utils</application> package includes several other "
10237
"useful utilities:"
10238
msgstr ""
10239
10240
#: serverguide/C/security.xml:1780(para)
10241
msgid ""
10242
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
10243
"<filename>~/Private</filename> directory to contain encrypted information. "
10244
"This utility can be run by unprivileged users to keep data private from "
10245
"other users on the system."
10246
msgstr ""
10247
10248
#: serverguide/C/security.xml:1787(para)
10249
msgid ""
10250
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
10251
"will mount and unmount respectively, a users <filename>~/Private</filename> "
10252
"directory."
10253
msgstr ""
10254
10255
#: serverguide/C/security.xml:1793(para)
10256
msgid ""
10257
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
10258
"kernel keyring."
10259
msgstr ""
10260
10261
#: serverguide/C/security.xml:1798(para)
10262
msgid ""
10263
"<emphasis>ecryptfs-manager:</emphasis> manages "
10264
"<application>eCryptfs</application> objects such as keys."
10265
msgstr ""
10266
10267
#: serverguide/C/security.xml:1803(para)
10268
msgid ""
10269
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
10270
"<application>ecryptfs</application> meta information for a file."
10271
msgstr ""
10272
10273
#: serverguide/C/security.xml:1816(para)
10274
msgid ""
10275
"For more information on eCryptfs see the <ulink "
10276
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
10277
msgstr ""
10278
10279
#: serverguide/C/security.xml:1821(para)
10280
msgid ""
10281
"There is also a <ulink "
10282
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
10283
"article covering eCryptfs."
10284
msgstr ""
10285
10286
#: serverguide/C/security.xml:1826(para)
10287
msgid ""
10288
"Also, for more <application>ecryptfs</application> options see the <ulink "
10289
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/ecryptfs.7.html\">"
10290
"ecryptfs man page</ulink>."
10291
msgstr ""
10292
10293
#: serverguide/C/security.xml:1832(para)
10294
msgid ""
10295
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
10296
"Ubuntu Wiki</ulink> page also has more details."
10297
msgstr ""
10298
10299
#: serverguide/C/reporting-bugs.xml:13(title)
10300
msgid "Appendix"
10301
msgstr "Додаток"
10302
10303
#: serverguide/C/reporting-bugs.xml:16(title)
10304
msgid "Reporting Bugs in Ubuntu Server Edition"
10305
msgstr ""
10306
10307
#: serverguide/C/reporting-bugs.xml:18(para)
10308
msgid ""
10309
"While the Ubuntu Project attempts to release software with as few bugs as "
10310
"possible, they do occur. You can help fix these bugs by reporting ones that "
10311
"you find to the project. The Ubuntu Project uses <ulink "
10312
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
10313
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
10314
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
10315
"account</ulink>."
10316
msgstr ""
10317
10318
#: serverguide/C/reporting-bugs.xml:30(title)
10319
msgid "Reporting Bugs With ubuntu-bug"
10320
msgstr ""
10321
10322
#: serverguide/C/reporting-bugs.xml:32(para)
10323
msgid ""
10324
"The preferred way to report a bug is with the <application>ubuntu-"
10325
"bug</application> command. The ubuntu-bug tool gathers information about the "
10326
"system useful to developers in diagnosing the reported problem that will "
10327
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
10328
"need to be filed against a specific software package, thus the name of the "
10329
"package that the bug occurs in needs to be given to ubuntu-bug:"
10330
msgstr ""
10331
10332
#: serverguide/C/reporting-bugs.xml:43(command)
10333
msgid "ubuntu-bug PACKAGENAME"
10334
msgstr ""
10335
10336
#: serverguide/C/reporting-bugs.xml:46(para)
10337
msgid ""
10338
"For example, to file a bug against the openssh-server package, you would do:"
10339
msgstr ""
10340
10341
#: serverguide/C/reporting-bugs.xml:51(command)
10342
msgid "ubuntu-bug openssh-server"
10343
msgstr ""
10344
10345
#: serverguide/C/reporting-bugs.xml:54(para)
10346
msgid ""
10347
"You can specify either a binary package or the source package for ubuntu-"
10348
"bug. Again using openssh-server as an example, you could also generate the "
10349
"report against the source package for openssh-server, openssh:"
10350
msgstr ""
10351
10352
#: serverguide/C/reporting-bugs.xml:62(command)
10353
msgid "ubuntu-bug openssh"
10354
msgstr ""
10355
10356
#: serverguide/C/reporting-bugs.xml:66(para)
10357
msgid ""
10358
"See <xref linkend=\"package-management\"/> for more information about "
10359
"packages in Ubuntu."
10360
msgstr ""
10361
10362
#: serverguide/C/reporting-bugs.xml:72(para)
10363
msgid ""
10364
"The ubuntu-bug command will gather information about the system in question, "
10365
"possibly including information specific to the specified package, and then "
10366
"ask you what you would like to do with collected information:"
10367
msgstr ""
10368
10369
#: serverguide/C/reporting-bugs.xml:80(command)
10370
msgid "ubuntu-bug postgresql"
10371
msgstr ""
10372
10373
#: serverguide/C/reporting-bugs.xml:79(screen)
10374
#, no-wrap
10375
msgid ""
10376
"\n"
10377
"<placeholder-1/>\n"
10378
"\n"
10379
"*** Collecting problem information\n"
10380
"\n"
10381
"The collected information can be sent to the developers to improve the\n"
10382
"application. This might take a few minutes.\n"
10383
"..........\n"
10384
"\n"
10385
"*** Send problem report to the developers?\n"
10386
"\n"
10387
"After the problem report has been sent, please fill out the form in the\n"
10388
"automatically opened web browser.\n"
10389
"\n"
10390
"What would you like to do? Your options are:\n"
10391
" S: Send report (1.7 KiB)\n"
10392
" V: View report\n"
10393
" K: Keep report file for sending later or copying to somewhere else\n"
10394
" C: Cancel\n"
10395
"Please choose (S/V/K/C):\n"
10396
msgstr ""
10397
10398
#: serverguide/C/reporting-bugs.xml:101(para)
10399
msgid "The options available are:"
10400
msgstr "Серед можливих варіантів:"
10401
10402
#: serverguide/C/reporting-bugs.xml:108(para)
10403
msgid ""
10404
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
10405
"the collected information to Launchpad as part of the the process of filing "
10406
"a bug report. You will be given the opportunity to describe the situation "
10407
"that led up to the occurrence of the bug."
10408
msgstr ""
10409
10410
#: serverguide/C/reporting-bugs.xml:115(screen)
10411
#, no-wrap
10412
msgid ""
10413
"\n"
10414
"*** Uploading problem information\n"
10415
"\n"
10416
"The collected information is being sent to the bug tracking system.\n"
10417
"This might take a few minutes.\n"
10418
"91%\n"
10419
"\n"
10420
"*** To continue, you must visit the following URL:\n"
10421
"\n"
10422
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
10423
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
10424
"\n"
10425
"You can launch a browser now, or copy this URL into a browser on another\n"
10426
"computer.\n"
10427
"\n"
10428
"Choices:\n"
10429
" 1: Launch a browser now\n"
10430
" C: Cancel\n"
10431
"Please choose (1/C):\n"
10432
msgstr ""
10433
10434
#: serverguide/C/reporting-bugs.xml:135(para)
10435
msgid ""
10436
"If you choose to start a browser, by default the text based web browser "
10437
"<application>w3m</application> will be used to finish filing the bug report. "
10438
"Alternately, you can copy the given URL to a currently running web browser."
10439
msgstr ""
10440
10441
#: serverguide/C/reporting-bugs.xml:144(para)
10442
msgid ""
10443
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
10444
"the collected information to be displayed to the terminal for review."
10445
msgstr ""
10446
10447
#: serverguide/C/reporting-bugs.xml:150(screen)
10448
#, no-wrap
10449
msgid ""
10450
"\n"
10451
"Package: postgresql 8.4.2-2\n"
10452
"PackageArchitecture: all\n"
10453
"Tags: lucid\n"
10454
"ProblemType: Bug\n"
10455
"ProcEnviron:\n"
10456
" LANG=en_US.UTF-8\n"
10457
" SHELL=/bin/bash\n"
10458
"Uname: Linux 2.6.32-16-server x86_64\n"
10459
"Dependencies:\n"
10460
" adduser 3.112ubuntu1\n"
10461
" base-files 5.0.0ubuntu10\n"
10462
" base-passwd 3.5.22\n"
10463
" coreutils 7.4-2ubuntu2\n"
10464
"...\n"
10465
msgstr ""
10466
10467
#: serverguide/C/reporting-bugs.xml:167(para)
10468
msgid ""
10469
"After viewing the report, you will be brought back to the same menu asking "
10470
"what you would like to do with the report."
10471
msgstr ""
10472
10473
#: serverguide/C/reporting-bugs.xml:174(para)
10474
msgid ""
10475
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
10476
"File causes the gathered information to be written to a file. This file can "
10477
"then be used to later file a bug report or transferred to a different Ubuntu "
10478
"system for reporting. To submit the report file, simply give it as an "
10479
"argument to the ubuntu-bug command:"
10480
msgstr ""
10481
10482
#: serverguide/C/reporting-bugs.xml:189(userinput)
10483
#, no-wrap
10484
msgid "k"
10485
msgstr "k"
10486
10487
#: serverguide/C/reporting-bugs.xml:192(command)
10488
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
10489
msgstr "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
10490
10491
#: serverguide/C/reporting-bugs.xml:183(screen)
10492
#, no-wrap
10493
msgid ""
10494
"\n"
10495
"What would you like to do? Your options are:\n"
10496
" S: Send report (1.7 KiB)\n"
10497
" V: View report\n"
10498
" K: Keep report file for sending later or copying to somewhere else\n"
10499
" C: Cancel\n"
10500
"Please choose (S/V/K/C): <placeholder-1/>\n"
10501
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
10502
"\n"
10503
"<placeholder-2/>\n"
10504
"\n"
10505
"*** Send problem report to the developers?\n"
10506
"...\n"
10507
msgstr ""
10508
10509
#: serverguide/C/reporting-bugs.xml:200(para)
10510
msgid ""
10511
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
10512
"collected information to be discarded."
10513
msgstr ""
10514
10515
#: serverguide/C/reporting-bugs.xml:210(title)
10516
msgid "Reporting Application Crashes"
10517
msgstr "Сповіщення про аварійні завершення роботи програм"
10518
10519
#: serverguide/C/reporting-bugs.xml:212(para)
10520
msgid ""
10521
"The software package that provides the ubuntu-bug utility, "
10522
"<application>apport</application>, can be configured to trigger when "
10523
"applications crash. This is disabled by default, as capturing a crash can be "
10524
"resource intensive depending on how much memory the application that crashed "
10525
"was using as apport captures and processes the core dump."
10526
msgstr ""
10527
10528
#: serverguide/C/reporting-bugs.xml:221(para)
10529
msgid ""
10530
"Configuring apport to capture information about crashing applications "
10531
"requires a couple of steps. First, <application>gdb</application> needs to "
10532
"be installed; it is not installed by default in Ubuntu Server Edition."
10533
msgstr ""
10534
10535
#: serverguide/C/reporting-bugs.xml:229(command)
10536
msgid "sudo apt-get install gdb"
10537
msgstr ""
10538
10539
#: serverguide/C/reporting-bugs.xml:232(para)
10540
msgid ""
10541
"See <xref linkend=\"package-management\"/> for more information about "
10542
"managing packages in Ubuntu."
10543
msgstr ""
10544
10545
#: serverguide/C/reporting-bugs.xml:237(para)
10546
msgid ""
10547
"Once you have ensured that gdb is installed, open the file "
10548
"<filename>/etc/default/apport</filename> in your text editor, and change the "
10549
"<emphasis>enabled</emphasis> setting to be <emphasis "
10550
"role=\"bold\">1</emphasis> like so:"
10551
msgstr ""
10552
10553
#: serverguide/C/reporting-bugs.xml:244(programlisting)
10554
#, no-wrap
10555
msgid ""
10556
"\n"
10557
"# set this to 0 to disable apport, or to 1 to enable it\n"
10558
"# you can temporarily override this with\n"
10559
"# sudo service apport start force_start=1\n"
10560
"enabled=<userinput>1</userinput>\n"
10561
"\n"
10562
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
10563
"maxsize=209715200\n"
10564
msgstr ""
10565
10566
#: serverguide/C/reporting-bugs.xml:254(para)
10567
msgid ""
10568
"Once you have completed editing <filename>/etc/default/apport</filename>, "
10569
"start the apport service:"
10570
msgstr ""
10571
10572
#: serverguide/C/reporting-bugs.xml:261(command)
10573
msgid "sudo start apport"
10574
msgstr ""
10575
10576
#: serverguide/C/reporting-bugs.xml:264(para)
10577
msgid ""
10578
"After an application crashes, use the <application>apport-cli</application> "
10579
"command to search for the existing saved crash report information:"
10580
msgstr ""
10581
10582
#: serverguide/C/reporting-bugs.xml:271(command)
10583
msgid "apport-cli"
10584
msgstr ""
10585
10586
#: serverguide/C/reporting-bugs.xml:270(screen)
10587
#, no-wrap
10588
msgid ""
10589
"\n"
10590
"<placeholder-1/>\n"
10591
"\n"
10592
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
10593
"\n"
10594
"If you were not doing anything confidential (entering passwords or other\n"
10595
"private information), you can help to improve the application by\n"
10596
"reporting\n"
10597
"the problem.\n"
10598
"\n"
10599
"What would you like to do? Your options are:\n"
10600
" R: Report Problem...\n"
10601
" I: Cancel and ignore future crashes of this program version\n"
10602
" C: Cancel\n"
10603
"Please choose (R/I/C):\n"
10604
msgstr ""
10605
10606
#: serverguide/C/reporting-bugs.xml:287(para)
10607
msgid ""
10608
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
10609
"steps as when using ubuntu-bug. One important difference is that a crash "
10610
"report will be marked as private when filed on Launchpad, meaning that it "
10611
"will be visible to only a limited set of bug triagers. These triagers will "
10612
"review the gathered data for private information before making the bug "
10613
"report publicly visible."
10614
msgstr ""
10615
10616
#: serverguide/C/reporting-bugs.xml:307(para)
10617
msgid ""
10618
"See the <ulink "
10619
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
10620
"Bugs</ulink> Ubuntu wiki page."
10621
msgstr ""
10622
10623
#: serverguide/C/reporting-bugs.xml:313(para)
10624
msgid ""
10625
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
10626
"has some useful information. Though some of it pertains to using a GUI."
10627
msgstr ""
10628
10629
#: serverguide/C/remote-administration.xml:13(title)
10630
msgid "Remote Administration"
10631
msgstr "Віддалене адміністрування"
10632
10633
#: serverguide/C/remote-administration.xml:14(para)
10634
msgid ""
10635
"There are many ways to remotely administer a Linux server. This chapter will "
10636
"cover one of the most popular <application>OpenSSH</application>."
10637
msgstr ""
10638
10639
#: serverguide/C/remote-administration.xml:22(para)
10640
msgid ""
10641
"This section of the Ubuntu Server Guide introduces a powerful collection of "
10642
"tools for the remote control of networked computers and transfer of data "
10643
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
10644
"also learn about some of the configuration settings possible with the "
10645
"OpenSSH server application and how to change them on your Ubuntu system."
10646
msgstr ""
10647
10648
#: serverguide/C/remote-administration.xml:29(para)
10649
msgid ""
10650
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
10651
"family of tools for remotely controlling a computer or transferring files "
10652
"between computers. Traditional tools used to accomplish these functions, "
10653
"such as <application>telnet</application> or <application>rcp</application>, "
10654
"are insecure and transmit the user's password in cleartext when used. "
10655
"OpenSSH provides a server daemon and client tools to facilitate secure, "
10656
"encrypted remote control and file transfer operations, effectively replacing "
10657
"the legacy tools."
10658
msgstr ""
10659
10660
#: serverguide/C/remote-administration.xml:38(para)
10661
msgid ""
10662
"The OpenSSH server component, <application>sshd</application>, listens "
10663
"continuously for client connections from any of the client tools. When a "
10664
"connection request occurs, <application>sshd</application> sets up the "
10665
"correct connection depending on the type of client tool connecting. For "
10666
"example, if the remote computer is connecting with the "
10667
"<application>ssh</application> client application, the OpenSSH server sets "
10668
"up a remote control session after authentication. If a remote user connects "
10669
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
10670
"daemon initiates a secure copy of files between the server and client after "
10671
"authentication. OpenSSH can use many authentication methods, including plain "
10672
"password, public key, and <application>Kerberos</application> tickets."
10673
msgstr ""
10674
10675
#: serverguide/C/remote-administration.xml:52(para)
10676
msgid ""
10677
"Installation of the OpenSSH client and server applications is simple. To "
10678
"install the OpenSSH client applications on your Ubuntu system, use this "
10679
"command at a terminal prompt:"
10680
msgstr ""
10681
10682
#: serverguide/C/remote-administration.xml:58(command)
10683
msgid "sudo apt-get install openssh-client"
10684
msgstr ""
10685
10686
#: serverguide/C/remote-administration.xml:60(para)
10687
msgid ""
10688
"To install the OpenSSH server application, and related support files, use "
10689
"this command at a terminal prompt:"
10690
msgstr ""
10691
10692
#: serverguide/C/remote-administration.xml:65(command)
10693
msgid "sudo apt-get install openssh-server"
10694
msgstr ""
10695
10696
#: serverguide/C/remote-administration.xml:67(para)
10697
msgid ""
10698
"The <application>openssh-server</application> package can also be selected "
10699
"to install during the Server Edition installation process."
10700
msgstr ""
10701
10702
#: serverguide/C/remote-administration.xml:74(para)
10703
msgid ""
10704
"You may configure the default behavior of the OpenSSH server application, "
10705
"<application>sshd</application>, by editing the file "
10706
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
10707
"configuration directives used in this file, you may view the appropriate "
10708
"manual page with the following command, issued at a terminal prompt:"
10709
msgstr ""
10710
10711
#: serverguide/C/remote-administration.xml:82(command)
10712
msgid "man sshd_config"
10713
msgstr ""
10714
10715
#: serverguide/C/remote-administration.xml:84(para)
10716
msgid ""
10717
"There are many directives in the <application>sshd</application> "
10718
"configuration file controlling such things as communication settings and "
10719
"authentication modes. The following are examples of configuration directives "
10720
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
10721
"file."
10722
msgstr ""
10723
10724
#: serverguide/C/remote-administration.xml:91(para)
10725
msgid ""
10726
"Prior to editing the configuration file, you should make a copy of the "
10727
"original file and protect it from writing so you will have the original "
10728
"settings as a reference and to reuse as necessary."
10729
msgstr ""
10730
10731
#: serverguide/C/remote-administration.xml:95(para)
10732
msgid ""
10733
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
10734
"writing with the following commands, issued at a terminal prompt:"
10735
msgstr ""
10736
10737
#: serverguide/C/remote-administration.xml:100(command)
10738
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10739
msgstr ""
10740
10741
#: serverguide/C/remote-administration.xml:101(command)
10742
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10743
msgstr ""
10744
10745
#: serverguide/C/remote-administration.xml:103(para)
10746
msgid ""
10747
"The following are examples of configuration directives you may change:"
10748
msgstr ""
10749
10750
#: serverguide/C/remote-administration.xml:108(para)
10751
msgid ""
10752
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10753
"port 22, change the Port directive as such:"
10754
msgstr ""
10755
10756
#: serverguide/C/remote-administration.xml:112(para)
10757
msgid "Port 2222"
10758
msgstr "Port 2222"
10759
10760
#: serverguide/C/remote-administration.xml:117(para)
10761
msgid ""
10762
"To have <application>sshd</application> allow public key-based login "
10763
"credentials, simply add or modify the line:"
10764
msgstr ""
10765
10766
#: serverguide/C/remote-administration.xml:121(para)
10767
msgid "PubkeyAuthentication yes"
10768
msgstr "PubkeyAuthentication yes"
10769
10770
#: serverguide/C/remote-administration.xml:124(para)
10771
msgid ""
10772
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10773
"present, ensure the line is not commented out."
10774
msgstr ""
10775
10776
#: serverguide/C/remote-administration.xml:130(para)
10777
msgid ""
10778
"To make your OpenSSH server display the contents of the "
10779
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10780
"or modify the line:"
10781
msgstr ""
10782
10783
#: serverguide/C/remote-administration.xml:135(para)
10784
msgid "Banner /etc/issue.net"
10785
msgstr "Banner /etc/issue.net"
10786
10787
#: serverguide/C/remote-administration.xml:138(para)
10788
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10789
msgstr ""
10790
10791
#: serverguide/C/remote-administration.xml:143(para)
10792
msgid ""
10793
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10794
"save the file, and restart the <application>sshd</application> server "
10795
"application to effect the changes using the following command at a terminal "
10796
"prompt:"
10797
msgstr ""
10798
10799
#: serverguide/C/remote-administration.xml:152(para)
10800
msgid ""
10801
"Many other configuration directives for <application>sshd</application> are "
10802
"available for changing the server application's behavior to fit your needs. "
10803
"Be advised, however, if your only method of access to a server is "
10804
"<application>ssh</application>, and you make a mistake in configuring "
10805
"<application>sshd</application> via the "
10806
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10807
"out of the server upon restarting it, or that the "
10808
"<application>sshd</application> server refuses to start due to an incorrect "
10809
"configuration directive, so be extra careful when editing this file on a "
10810
"remote server."
10811
msgstr ""
10812
10813
#: serverguide/C/remote-administration.xml:167(title)
10814
msgid "SSH Keys"
10815
msgstr "Ключі SSH"
10816
10817
#: serverguide/C/remote-administration.xml:168(para)
10818
msgid ""
10819
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10820
"the need of a password. SSH key authentication uses two keys a "
10821
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10822
msgstr ""
10823
10824
#: serverguide/C/remote-administration.xml:172(para)
10825
msgid "To generate the keys, from a terminal prompt enter:"
10826
msgstr ""
10827
10828
#: serverguide/C/remote-administration.xml:176(command)
10829
msgid "ssh-keygen -t dsa"
10830
msgstr ""
10831
10832
#: serverguide/C/remote-administration.xml:178(para)
10833
msgid ""
10834
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10835
"identity of the user. During the process you will be prompted for a "
10836
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10837
"key."
10838
msgstr ""
10839
10840
#: serverguide/C/remote-administration.xml:182(para)
10841
msgid ""
10842
"By default the <emphasis>public</emphasis> key is saved in the file "
10843
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10844
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10845
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10846
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10847
msgstr ""
10848
10849
#: serverguide/C/remote-administration.xml:188(command)
10850
msgid "ssh-copy-id username@remotehost"
10851
msgstr ""
10852
10853
#: serverguide/C/remote-administration.xml:190(para)
10854
msgid ""
10855
"Finally, double check the permissions on the "
10856
"<filename>authorized_keys</filename> file, only the authenticated user "
10857
"should have read and write permissions. If the permissions are not correct "
10858
"change them by:"
10859
msgstr ""
10860
10861
#: serverguide/C/remote-administration.xml:195(command)
10862
msgid "chmod 600 .ssh/authorized_keys"
10863
msgstr ""
10864
10865
#: serverguide/C/remote-administration.xml:197(para)
10866
msgid ""
10867
"You should now be able to SSH to the host without being prompted for a "
10868
"password."
10869
msgstr ""
10870
10871
#: serverguide/C/remote-administration.xml:206(para)
10872
msgid ""
10873
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10874
"page."
10875
msgstr ""
10876
10877
#: serverguide/C/remote-administration.xml:212(ulink)
10878
msgid "OpenSSH Website"
10879
msgstr ""
10880
10881
#: serverguide/C/remote-administration.xml:217(ulink)
10882
msgid "Advanced OpenSSH Wiki Page"
10883
msgstr ""
10884
10885
#: serverguide/C/package-management.xml:13(title)
10886
msgid "Package Management"
10887
msgstr ""
10888
10889
#: serverguide/C/package-management.xml:14(para)
10890
msgid ""
10891
"Ubuntu features a comprehensive package management system for the "
10892
"installation, upgrade, configuration, and removal of software. In addition "
10893
"to providing access to an organized base of over 24,000 software packages "
10894
"for your Ubuntu computer, the package management facilities also feature "
10895
"dependency resolution capabilities and software update checking."
10896
msgstr ""
10897
10898
#: serverguide/C/package-management.xml:16(para)
10899
msgid ""
10900
"Several tools are available for interacting with Ubuntu's package management "
10901
"system, from simple command-line utilities which may be easily automated by "
10902
"system administrators, to a simple graphical interface which is easy to use "
10903
"by those new to Ubuntu."
10904
msgstr ""
10905
10906
#: serverguide/C/package-management.xml:21(para)
10907
msgid ""
10908
"Ubuntu's package management system is derived from the same system used by "
10909
"the Debian GNU/Linux distribution. The package files contain all of the "
10910
"necessary files, meta-data, and instructions to implement a particular "
10911
"functionality or software application on your Ubuntu computer."
10912
msgstr ""
10913
10914
#: serverguide/C/package-management.xml:24(para)
10915
msgid ""
10916
"Debian package files typically have the extension '.deb', and typically "
10917
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10918
"collections of packages found on various media, such as CD-ROM discs, or "
10919
"online. Packages are normally of the pre-compiled binary format; thus "
10920
"installation is quick and requires no compiling of software."
10921
msgstr ""
10922
10923
#: serverguide/C/package-management.xml:27(para)
10924
msgid ""
10925
"Many complex packages use the concept of <emphasis "
10926
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10927
"packages required by the principal package in order to function properly. "
10928
"For example, the speech synthesis package "
10929
"<application>Festival</application> depends upon the package "
10930
"<application>libasound2</application>, which is a package supplying the "
10931
"<application>ALSA</application> sound library needed for audio playback. In "
10932
"order for <application>Festival</application> to function, it and all of its "
10933
"dependencies must be installed. The software management tools in Ubuntu will "
10934
"do this automatically."
10935
msgstr ""
10936
10937
#: serverguide/C/package-management.xml:32(title)
10938
msgid "dpkg"
10939
msgstr "dpkg"
10940
10941
#: serverguide/C/package-management.xml:34(para)
10942
msgid ""
10943
"<application>dpkg</application> is a package manager for "
10944
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10945
"packages, but unlike other package management system's it can not "
10946
"automatically download and install packages and their dependencies. This "
10947
"section covers using <application>dpkg</application> to manage locally "
10948
"installed packages:"
10949
msgstr ""
10950
10951
#: serverguide/C/package-management.xml:43(para)
10952
msgid ""
10953
"To list all packages installed on the system, from a terminal prompt enter:"
10954
msgstr ""
10955
10956
#: serverguide/C/package-management.xml:48(command)
10957
msgid "dpkg -l"
10958
msgstr ""
10959
10960
#: serverguide/C/package-management.xml:54(para)
10961
msgid ""
10962
"Depending on the amount of packages on your system, this can generate a "
10963
"large amount of output. Pipe the output through "
10964
"<application>grep</application> to see if a specific package is installed:"
10965
msgstr ""
10966
10967
#: serverguide/C/package-management.xml:60(command)
10968
msgid "dpkg -l | grep apache2"
10969
msgstr ""
10970
10971
#: serverguide/C/package-management.xml:63(para)
10972
msgid ""
10973
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10974
"package name, or other regular expression."
10975
msgstr ""
10976
10977
#: serverguide/C/package-management.xml:70(para)
10978
msgid ""
10979
"To list the files installed by a package, in this case the "
10980
"<application>ufw</application> package, enter:"
10981
msgstr ""
10982
10983
#: serverguide/C/package-management.xml:75(command)
10984
msgid "dpkg -L ufw"
10985
msgstr ""
10986
10987
#: serverguide/C/package-management.xml:81(para)
10988
msgid ""
10989
"If you are not sure which package installed a file, <application>dpkg -"
10990
"S</application> may be able to tell you. For example:"
10991
msgstr ""
10992
10993
#: serverguide/C/package-management.xml:87(command)
10994
msgid "dpkg -S /etc/host.conf"
10995
msgstr ""
10996
10997
#: serverguide/C/package-management.xml:88(computeroutput)
10998
#, no-wrap
10999
msgid "base-files: /etc/host.conf"
11000
msgstr ""
11001
11002
#: serverguide/C/package-management.xml:91(para)
11003
msgid ""
11004
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
11005
"<application>base-files</application> package."
11006
msgstr ""
11007
11008
#: serverguide/C/package-management.xml:96(para)
11009
msgid ""
11010
"Many files are automatically generated during the package install process, "
11011
"and even though they are on the filesystem <command>dpkg -S</command> may "
11012
"not know which package they belong to."
11013
msgstr ""
11014
11015
#: serverguide/C/package-management.xml:105(para)
11016
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
11017
msgstr ""
11018
11019
#: serverguide/C/package-management.xml:110(command)
11020
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
11021
msgstr ""
11022
11023
#: serverguide/C/package-management.xml:113(para)
11024
msgid ""
11025
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
11026
"the local .deb file."
11027
msgstr ""
11028
11029
#: serverguide/C/package-management.xml:120(para)
11030
msgid "Uninstalling a package can be accomplished by:"
11031
msgstr ""
11032
11033
#: serverguide/C/package-management.xml:125(command)
11034
msgid "sudo dpkg -r zip"
11035
msgstr ""
11036
11037
#: serverguide/C/package-management.xml:129(para)
11038
msgid ""
11039
"Uninstalling packages using <application>dpkg</application>, in most cases, "
11040
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
11041
"manager that handles dependencies, to ensure that the system is in a "
11042
"consistent state. For example using <command>dpkg -r</command> you can "
11043
"remove the <application>zip</application> package, but any packages that "
11044
"depend on it will still be installed and may no longer function correctly."
11045
msgstr ""
11046
11047
#: serverguide/C/package-management.xml:140(para)
11048
msgid ""
11049
"For more <application>dpkg</application> options see the man page: "
11050
"<command>man dpkg</command>."
11051
msgstr ""
11052
11053
#: serverguide/C/package-management.xml:146(title)
11054
msgid "Apt-Get"
11055
msgstr ""
11056
11057
#: serverguide/C/package-management.xml:147(para)
11058
msgid ""
11059
"The <application>apt-get</application> command is a powerful command-line "
11060
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
11061
"(APT) performing such functions as installation of new software packages, "
11062
"upgrade of existing software packages, updating of the package list index, "
11063
"and even upgrading the entire Ubuntu system."
11064
msgstr ""
11065
11066
#: serverguide/C/package-management.xml:150(para)
11067
msgid ""
11068
"Being a simple command-line tool, <application>apt-get</application> has "
11069
"numerous advantages over other package management tools available in Ubuntu "
11070
"for server administrators. Some of these advantages include ease of use over "
11071
"simple terminal connections (SSH) and the ability to be used in system "
11072
"administration scripts, which can in turn be automated by the "
11073
"<application>cron</application> scheduling utility."
11074
msgstr ""
11075
11076
#: serverguide/C/package-management.xml:157(para)
11077
msgid ""
11078
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
11079
"packages using the <application>apt-get</application> tool is quite simple. "
11080
"For example, to install the network scanner <emphasis "
11081
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
11082
"<command>sudo apt-get install nmap</command>\n"
11083
"</screen>"
11084
msgstr ""
11085
11086
#: serverguide/C/package-management.xml:165(para)
11087
msgid ""
11088
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
11089
"packages is also a straightforward and simple process. To remove the nmap "
11090
"package installed in the previous example, type the following: <screen>\n"
11091
"<command>sudo apt-get remove nmap</command>\n"
11092
"</screen>"
11093
msgstr ""
11094
11095
#: serverguide/C/package-management.xml:172(para)
11096
msgid ""
11097
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
11098
"multiple packages to be installed or removed, separated by spaces."
11099
msgstr ""
11100
11101
#: serverguide/C/package-management.xml:175(para)
11102
msgid ""
11103
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
11104
"remove</command> will remove the package configuration files as well. This "
11105
"may or may not be the desired effect so use with caution."
11106
msgstr ""
11107
11108
#: serverguide/C/package-management.xml:181(para)
11109
msgid ""
11110
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
11111
"index is essentially a database of available packages from the repositories "
11112
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
11113
"the local package index with the latest changes made in repositories, type "
11114
"the following: <screen>\n"
11115
"<command>sudo apt-get update</command>\n"
11116
"</screen>"
11117
msgstr ""
11118
11119
#: serverguide/C/package-management.xml:189(para)
11120
msgid ""
11121
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
11122
"versions of packages currently installed on your computer may become "
11123
"available from the package repositories (for example security updates). To "
11124
"upgrade your system, first update your package index as outlined above, and "
11125
"then type: <screen>\n"
11126
"<command>sudo apt-get upgrade</command>\n"
11127
"</screen>"
11128
msgstr ""
11129
11130
#: serverguide/C/package-management.xml:195(para)
11131
msgid ""
11132
"For information on upgrading to a new Ubuntu release see <xref "
11133
"linkend=\"installing-upgrading\"/>."
11134
msgstr ""
11135
11136
#: serverguide/C/package-management.xml:153(para)
11137
msgid ""
11138
"Some examples of popular uses for the <application>apt-get</application> "
11139
"utility: <placeholder-1/>"
11140
msgstr ""
11141
11142
#: serverguide/C/package-management.xml:201(para)
11143
msgid ""
11144
"Actions of the <application>apt-get</application> command, such as "
11145
"installation and removal of packages, are logged in the /var/log/dpkg.log "
11146
"log file."
11147
msgstr ""
11148
11149
#: serverguide/C/package-management.xml:204(para)
11150
msgid ""
11151
"For further information about the use of <application>APT</application>, "
11152
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
11153
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
11154
"help</screen>"
11155
msgstr ""
11156
11157
#: serverguide/C/package-management.xml:208(title)
11158
msgid "Aptitude"
11159
msgstr "Aptitude"
11160
11161
#: serverguide/C/package-management.xml:209(para)
11162
msgid ""
11163
"<application>Aptitude</application> is a menu-driven, text-based front-end "
11164
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
11165
"the common package management functions, such as installation, removal, and "
11166
"upgrade, are performed in <application>Aptitude</application> with single-"
11167
"key commands, which are typically lowercase letters."
11168
msgstr ""
11169
11170
#: serverguide/C/package-management.xml:212(para)
11171
msgid ""
11172
"<application>Aptitude</application> is best suited for use in a non-"
11173
"graphical terminal environment to ensure proper functioning of the command "
11174
"keys. You may start <application>Aptitude</application> as a normal user "
11175
"with the following command at a terminal prompt: <screen>\n"
11176
"<command>sudo aptitude</command>\n"
11177
"</screen>"
11178
msgstr ""
11179
11180
#: serverguide/C/package-management.xml:219(para)
11181
msgid ""
11182
"When <application>Aptitude</application> starts, you will see a menu bar at "
11183
"the top of the screen and two panes below the menu bar. The top pane "
11184
"contains package categories, such as <emphasis role=\"italics\">New "
11185
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
11186
"Packages</emphasis>. The bottom pane contains information related to the "
11187
"packages and package categories."
11188
msgstr ""
11189
11190
#: serverguide/C/package-management.xml:222(para)
11191
msgid ""
11192
"Using <application>Aptitude</application> for package management is "
11193
"relatively straightforward, and the user interface makes common tasks simple "
11194
"to perform. The following are examples of common package management "
11195
"functions as performed in <application>Aptitude</application>:"
11196
msgstr ""
11197
11198
#: serverguide/C/package-management.xml:226(para)
11199
msgid ""
11200
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
11201
"locate the package via the Not Installed Packages package category, for "
11202
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
11203
"key, and highlight the package you wish to install. After highlighting the "
11204
"package you wish to install, press the <keycap>+</keycap> key, and the "
11205
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
11206
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
11207
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
11208
"again, and you will be prompted to become root to complete the installation. "
11209
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
11210
"your user password to become root. Finally, press <keycap>g</keycap> once "
11211
"more and you'll be prompted to download the package. Press "
11212
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
11213
"prompt, and downloading and installation of the package will commence."
11214
msgstr ""
11215
11216
#: serverguide/C/package-management.xml:230(para)
11217
msgid ""
11218
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
11219
"locate the package via the Installed Packages package category, for example, "
11220
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
11221
"highlight the package you wish to remove. After highlighting the package you "
11222
"wish to install, press the <keycap>-</keycap> key, and the package entry "
11223
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
11224
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
11225
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
11226
"prompted to become root to complete the installation. Press "
11227
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
11228
"user password to become root. Finally, press <keycap>g</keycap> once more, "
11229
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
11230
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
11231
"the package will commence."
11232
msgstr ""
11233
11234
#: serverguide/C/package-management.xml:234(para)
11235
msgid ""
11236
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
11237
"package index, simply press the <keycap>u</keycap> key and you will be "
11238
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
11239
"which will result in a Password: prompt. Enter your user password to become "
11240
"root. Updating of the package index will commence. Press "
11241
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
11242
"presented to complete the process."
11243
msgstr ""
11244
11245
#: serverguide/C/package-management.xml:238(para)
11246
msgid ""
11247
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
11248
"perform the update of the package index as detailed above, and then press "
11249
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
11250
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
11251
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
11252
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
11253
"result in a Password: prompt. Enter your user password to become root. "
11254
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
11255
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
11256
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
11257
"will commence."
11258
msgstr ""
11259
11260
#: serverguide/C/package-management.xml:245(para)
11261
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11262
msgstr ""
11263
11264
#: serverguide/C/package-management.xml:250(para)
11265
msgid ""
11266
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11267
"configuration remains on system"
11268
msgstr ""
11269
11270
#: serverguide/C/package-management.xml:254(para)
11271
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11272
msgstr ""
11273
11274
#: serverguide/C/package-management.xml:258(para)
11275
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11276
msgstr ""
11277
11278
#: serverguide/C/package-management.xml:262(para)
11279
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11280
msgstr ""
11281
11282
#: serverguide/C/package-management.xml:266(para)
11283
msgid ""
11284
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11285
"configured"
11286
msgstr ""
11287
11288
#: serverguide/C/package-management.xml:270(para)
11289
msgid ""
11290
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11291
"and requires fix"
11292
msgstr ""
11293
11294
#: serverguide/C/package-management.xml:274(para)
11295
msgid ""
11296
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11297
"requires fix"
11298
msgstr ""
11299
11300
#: serverguide/C/package-management.xml:242(para)
11301
msgid ""
11302
"The first column of information displayed in the package list in the top "
11303
"pane, when actually viewing packages lists the current state of the package, "
11304
"and uses the following key to describe the state of the package: "
11305
"<placeholder-1/>"
11306
msgstr ""
11307
11308
#: serverguide/C/package-management.xml:280(para)
11309
msgid ""
11310
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11311
"wish to exit. Many other functions are available from the Aptitude menu by "
11312
"pressing the <keycap>F10</keycap> key."
11313
msgstr ""
11314
11315
#: serverguide/C/package-management.xml:285(title)
11316
msgid "Automatic Updates"
11317
msgstr ""
11318
11319
#: serverguide/C/package-management.xml:287(para)
11320
msgid ""
11321
"The <application>unattended-upgrades</application> package can be used to "
11322
"automatically install updated packages, and can be configured to update all "
11323
"packages or just install security updates. First, install the package by "
11324
"entering the following in a terminal:"
11325
msgstr ""
11326
11327
#: serverguide/C/package-management.xml:293(command)
11328
msgid "sudo apt-get install unattended-upgrades"
11329
msgstr ""
11330
11331
#: serverguide/C/package-management.xml:296(para)
11332
msgid ""
11333
"To configure <application>unattended-upgrades</application>, edit "
11334
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11335
"the following to fit your needs:"
11336
msgstr ""
11337
11338
#: serverguide/C/package-management.xml:301(programlisting)
11339
#, no-wrap
11340
msgid ""
11341
"\n"
11342
"Unattended-Upgrade::Allowed-Origins {\n"
11343
" \"Ubuntu maverick-security\";\n"
11344
"// \"Ubuntu maverick-updates\";\n"
11345
"};\n"
11346
msgstr ""
11347
11348
#: serverguide/C/package-management.xml:308(para)
11349
msgid ""
11350
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11351
"will not be automatically updated. To blacklist a package, add it to the "
11352
"list:"
11353
msgstr ""
11354
11355
#: serverguide/C/package-management.xml:313(programlisting)
11356
#, no-wrap
11357
msgid ""
11358
"\n"
11359
"Unattended-Upgrade::Package-Blacklist {\n"
11360
"// \"vim\";\n"
11361
"// \"libc6\";\n"
11362
"// \"libc6-dev\";\n"
11363
"// \"libc6-i686\";\n"
11364
"};\n"
11365
msgstr ""
11366
11367
#: serverguide/C/package-management.xml:323(para)
11368
msgid ""
11369
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11370
"whatever follows \"//\" will not be evaluated."
11371
msgstr ""
11372
11373
#: serverguide/C/package-management.xml:328(para)
11374
msgid ""
11375
"To enable automatic updates, edit "
11376
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11377
"<application>apt</application> configuration options:"
11378
msgstr ""
11379
11380
#: serverguide/C/package-management.xml:332(programlisting)
11381
#, no-wrap
11382
msgid ""
11383
"\n"
11384
"APT::Periodic::Update-Package-Lists \"1\";\n"
11385
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
11386
"APT::Periodic::AutocleanInterval \"7\";\n"
11387
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11388
msgstr ""
11389
11390
#: serverguide/C/package-management.xml:339(para)
11391
msgid ""
11392
"The above configuration updates the package list, downloads, and installs "
11393
"available upgrades every day. The local download archive is cleaned every "
11394
"week."
11395
msgstr ""
11396
11397
#: serverguide/C/package-management.xml:345(para)
11398
msgid ""
11399
"You can read more about <application>apt</application> Periodic "
11400
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11401
"header."
11402
msgstr ""
11403
11404
#: serverguide/C/package-management.xml:350(para)
11405
msgid ""
11406
"The results of <application>unattended-upgrades</application> will be logged "
11407
"to <filename>/var/log/unattended-upgrades</filename>."
11408
msgstr ""
11409
11410
#: serverguide/C/package-management.xml:355(title)
11411
msgid "Notifications"
11412
msgstr "Сповіщення"
11413
11414
#: serverguide/C/package-management.xml:357(para)
11415
msgid ""
11416
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11417
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11418
"<application>unattended-upgrades</application> to email an administrator "
11419
"detailing any packages that need upgrading or have problems."
11420
msgstr ""
11421
11422
#: serverguide/C/package-management.xml:362(para)
11423
msgid ""
11424
"Another useful package is <application>apticron</application>. "
11425
"<application>apticron</application> will configure a "
11426
"<application>cron</application> job to email an administrator information "
11427
"about any packages on the system that have updates available, as well as a "
11428
"summary of changes in each package."
11429
msgstr ""
11430
11431
#: serverguide/C/package-management.xml:368(para)
11432
msgid ""
11433
"To install the <application>apticron</application> package, in a terminal "
11434
"enter:"
11435
msgstr ""
11436
11437
#: serverguide/C/package-management.xml:373(command)
11438
msgid "sudo apt-get install apticron"
11439
msgstr ""
11440
11441
#: serverguide/C/package-management.xml:376(para)
11442
msgid ""
11443
"Once the package is installed edit "
11444
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11445
"and other options:"
11446
msgstr ""
11447
11448
#: serverguide/C/package-management.xml:380(programlisting)
11449
#, no-wrap
11450
msgid ""
11451
"\n"
11452
"EMAIL=\"root@example.com\"\n"
11453
msgstr ""
11454
11455
#: serverguide/C/package-management.xml:389(para)
11456
msgid ""
11457
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11458
"system repositories is stored in the /etc/apt/sources.list configuration "
11459
"file. An example of this file is referenced here, along with information on "
11460
"adding or removing repository references from the file."
11461
msgstr ""
11462
11463
#: serverguide/C/package-management.xml:395(para)
11464
msgid ""
11465
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
11466
"typical <filename>/etc/apt/sources.list</filename> file."
11467
msgstr ""
11468
11469
#: serverguide/C/package-management.xml:399(para)
11470
msgid ""
11471
"You may edit the file to enable repositories or disable them. For example, "
11472
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11473
"operations occur, simply comment out the appropriate line for the CD-ROM, "
11474
"which appears at the top of the file:"
11475
msgstr ""
11476
11477
#: serverguide/C/package-management.xml:404(screen)
11478
#, no-wrap
11479
msgid ""
11480
"\n"
11481
"# no more prompting for CD-ROM please\n"
11482
"# deb cdrom:[&distro-apt-cd-name; - Release i386 (20070419.1)]/ maverick "
11483
"main restricted\n"
11484
msgstr ""
11485
11486
#: serverguide/C/package-management.xml:410(title)
11487
msgid "Extra Repositories"
11488
msgstr ""
11489
11490
#: serverguide/C/package-management.xml:411(para)
11491
msgid ""
11492
"In addition to the officially supported package repositories available for "
11493
"Ubuntu, there exist additional community-maintained repositories which add "
11494
"thousands more potential packages for installation. Two of the most popular "
11495
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
11496
"repositories. These repositories are not officially supported by Ubuntu, but "
11497
"because they are maintained by the community they generally provide packages "
11498
"which are safe for use with your Ubuntu computer."
11499
msgstr ""
11500
11501
#: serverguide/C/package-management.xml:414(para)
11502
msgid ""
11503
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11504
"licensing issues that prevent them from being distributed with a free "
11505
"operating system, and they may be illegal in your locality."
11506
msgstr ""
11507
11508
#: serverguide/C/package-management.xml:416(para)
11509
msgid ""
11510
"Be advised that neither the <emphasis>Universe</emphasis> or "
11511
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11512
"packages. In particular, there may not be security updates for these "
11513
"packages."
11514
msgstr ""
11515
11516
#: serverguide/C/package-management.xml:420(para)
11517
msgid ""
11518
"Many other package sources are available, sometimes even offering only one "
11519
"package, as in the case of package sources provided by the developer of a "
11520
"single application. You should always be very careful and cautious when "
11521
"using non-standard package sources, however. Research the source and "
11522
"packages carefully before performing any installation, as some package "
11523
"sources and their packages could render your system unstable or non-"
11524
"functional in some respects."
11525
msgstr ""
11526
11527
#: serverguide/C/package-management.xml:423(para)
11528
msgid ""
11529
"By default, the <emphasis>Universe</emphasis> and "
11530
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11531
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
11532
"comment the following lines:"
11533
msgstr ""
11534
11535
#: serverguide/C/package-management.xml:430(programlisting)
11536
#, no-wrap
11537
msgid ""
11538
"\n"
11539
"deb http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11540
"deb-src http://archive.ubuntu.com/ubuntu maverick universe multiverse\n"
11541
"\n"
11542
"deb http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11543
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick universe\n"
11544
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11545
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates universe\n"
11546
"\n"
11547
"deb http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11548
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick multiverse\n"
11549
"deb http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11550
"deb-src http://us.archive.ubuntu.com/ubuntu/ maverick-updates multiverse\n"
11551
"\n"
11552
"deb http://security.ubuntu.com/ubuntu maverick-security universe\n"
11553
"deb-src http://security.ubuntu.com/ubuntu maverick-security universe\n"
11554
"deb http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
11555
"deb-src http://security.ubuntu.com/ubuntu maverick-security multiverse\n"
11556
msgstr ""
11557
11558
#: serverguide/C/package-management.xml:456(para)
11559
msgid ""
11560
"Most of the material covered in this chapter is available in "
11561
"<application>man</application> pages, many of which are available online."
11562
msgstr ""
11563
11564
#: serverguide/C/package-management.xml:463(para)
11565
msgid ""
11566
"The <ulink "
11567
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11568
"re</ulink> Ubuntu wiki page has more information."
11569
msgstr ""
11570
11571
#: serverguide/C/package-management.xml:468(para)
11572
msgid ""
11573
"For more <application>dpkg</application> details see the <ulink "
11574
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/dpkg.1.html\">dpkg"
11575
" man page</ulink>."
11576
msgstr ""
11577
11578
#: serverguide/C/package-management.xml:474(para)
11579
msgid ""
11580
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
11581
"HOWTO</ulink> and <ulink "
11582
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/apt-"
11583
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
11584
"<application>apt-get</application> usage."
11585
msgstr ""
11586
11587
#: serverguide/C/package-management.xml:481(para)
11588
msgid ""
11589
"See the <ulink "
11590
"url=\"http://manpages.ubuntu.com/manpages/maverick/man8/aptitude.8.html\">apt"
11591
"itude man page</ulink> for more <application>aptitude</application> options."
11592
msgstr ""
11593
11594
#: serverguide/C/package-management.xml:487(para)
11595
msgid ""
11596
"The <ulink "
11597
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11598
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
11599
"adding repositories."
11600
msgstr ""
11601
11602
#: serverguide/C/other-apps.xml:13(title)
11603
msgid "Other Useful Applications"
11604
msgstr ""
11605
11606
#: serverguide/C/other-apps.xml:15(para)
11607
msgid ""
11608
"There are many very useful applications developed by the Ubuntu Server Team, "
11609
"and others that are well integrated with Ubuntu Server Edition, that might "
11610
"not be well known. This chapter will showcase some useful applications that "
11611
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
11612
"easier."
11613
msgstr ""
11614
11615
#: serverguide/C/other-apps.xml:23(title)
11616
msgid "pam_motd"
11617
msgstr ""
11618
11619
#: serverguide/C/other-apps.xml:25(para)
11620
msgid ""
11621
"When logging into an Ubuntu server you may have noticed the informative "
11622
"Message Of The Day (MOTD). This information is obtained and displayed using "
11623
"a couple of packages:"
11624
msgstr ""
11625
11626
#: serverguide/C/other-apps.xml:32(para)
11627
msgid ""
11628
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
11629
"<application>landscape-client</application>, which can be used to manage "
11630
"systems using the web based <emphasis>Landscape</emphasis> application. The "
11631
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
11632
"utility which is used to gather the information displayed in the MOTD."
11633
msgstr ""
11634
11635
#: serverguide/C/other-apps.xml:40(para)
11636
msgid ""
11637
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
11638
"the MOTD via <application>pam_motd</application> module."
11639
msgstr ""
11640
11641
#: serverguide/C/other-apps.xml:46(para)
11642
msgid ""
11643
"<application>pam_motd</application> executes the scripts in "
11644
"<filename>/etc/update-motd.d</filename> in order based on the number "
11645
"prepended to the script. The output of the scripts is written to "
11646
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
11647
"concatenated with <filename>/etc/motd.tail</filename>."
11648
msgstr ""
11649
11650
#: serverguide/C/other-apps.xml:52(para)
11651
msgid ""
11652
"You can add your own dynamic information to the MOTD. For example, to add "
11653
"local weather information:"
11654
msgstr ""
11655
11656
#: serverguide/C/other-apps.xml:58(para)
11657
msgid "First, install the <application>weather-util</application> package:"
11658
msgstr ""
11659
11660
#: serverguide/C/other-apps.xml:63(command)
11661
msgid "sudo apt-get install weather-util"
11662
msgstr ""
11663
11664
#: serverguide/C/other-apps.xml:68(para)
11665
msgid ""
11666
"The <application>weather</application> utility uses METAR data from the "
11667
"National Oceanic and Atmospheric Administration and forecasts from the "
11668
"National Weather Service. In order to find local information you will need "
11669
"the 4-character ICAO location indicator. This can be determined by browsing "
11670
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
11671
"Weather Service</ulink> site."
11672
msgstr ""
11673
11674
#: serverguide/C/other-apps.xml:75(para)
11675
msgid ""
11676
"Although the National Weather Service is a United States government agency "
11677
"there are weather stations available world wide. However, local weather "
11678
"information for all locations outside the U.S. may not be available."
11679
msgstr ""
11680
11681
#: serverguide/C/other-apps.xml:81(para)
11682
msgid ""
11683
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11684
"script to use <application>weather</application> with your local ICAO "
11685
"indicator:"
11686
msgstr ""
11687
11688
#: serverguide/C/other-apps.xml:86(programlisting)
11689
#, no-wrap
11690
msgid ""
11691
"\n"
11692
"#!/bin/sh\n"
11693
"#\n"
11694
"#\n"
11695
"# Prints the local weather information for the MOTD.\n"
11696
"#\n"
11697
"#\n"
11698
"\n"
11699
"# Replace KINT with your local weather station.\n"
11700
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
11701
"\n"
11702
"echo\n"
11703
"weather -i KINT\n"
11704
"echo\n"
11705
"\n"
11706
msgstr ""
11707
11708
#: serverguide/C/other-apps.xml:104(para)
11709
msgid "Make the script executable:"
11710
msgstr ""
11711
11712
#: serverguide/C/other-apps.xml:109(command)
11713
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11714
msgstr ""
11715
11716
#: serverguide/C/other-apps.xml:113(para)
11717
msgid ""
11718
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11719
"weather</filename>:"
11720
msgstr ""
11721
11722
#: serverguide/C/other-apps.xml:118(command)
11723
msgid ""
11724
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11725
msgstr ""
11726
11727
#: serverguide/C/other-apps.xml:122(para)
11728
msgid "Finally, exit the server and re-login to view the new MOTD."
11729
msgstr ""
11730
11731
#: serverguide/C/other-apps.xml:128(para)
11732
msgid ""
11733
"You should now be greeted with some useful information, and some information "
11734
"about the local weather that may not be quite so useful. Hopefully the "
11735
"<application>local-weather</application> example demonstrates the "
11736
"flexibility of <application>pam_motd</application>."
11737
msgstr ""
11738
11739
#: serverguide/C/other-apps.xml:136(title)
11740
msgid "etckeeper"
11741
msgstr ""
11742
11743
#: serverguide/C/other-apps.xml:138(para)
11744
msgid ""
11745
"<application>etckeeper</application> allows the contents of <filename "
11746
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11747
"System (VCS) repository. It hooks into <application>apt</application> to "
11748
"automatically commit changes to <filename>/etc</filename> when packages are "
11749
"installed or upgraded. Placing <filename>/etc</filename> under version "
11750
"control is considered an industry best practice, and the goal of "
11751
"<application>etckeeper</application> is to make this process as painless as "
11752
"possible."
11753
msgstr ""
11754
11755
#: serverguide/C/other-apps.xml:146(para)
11756
msgid ""
11757
"Install <application>etckeeper</application> by entering the following in a "
11758
"terminal:"
11759
msgstr ""
11760
11761
#: serverguide/C/other-apps.xml:151(command)
11762
msgid "sudo apt-get install etckeeper"
11763
msgstr ""
11764
11765
#: serverguide/C/other-apps.xml:154(para)
11766
msgid ""
11767
"The main configuration file, "
11768
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11769
"main option is which VCS to use. By default "
11770
"<application>etckeeper</application> is configured to use "
11771
"<application>bzr</application> for version control. The repository is "
11772
"automatically initialized (and committed for the first time) during package "
11773
"installation. It is possible to undo this by entering the following command:"
11774
msgstr ""
11775
11776
#: serverguide/C/other-apps.xml:164(command)
11777
msgid "sudo etckeeper uninit"
11778
msgstr ""
11779
11780
#: serverguide/C/other-apps.xml:167(para)
11781
msgid ""
11782
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11783
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11784
"It will also automatically commit changes before and after package "
11785
"installation. For a more precise tracking of changes, it is recommended to "
11786
"commit your changes manually, together with a commit message, using:"
11787
msgstr ""
11788
11789
#: serverguide/C/other-apps.xml:176(command)
11790
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11791
msgstr ""
11792
11793
#: serverguide/C/other-apps.xml:179(para)
11794
msgid ""
11795
"Using the VCS commands you can view log information about files in "
11796
"<filename>/etc</filename>:"
11797
msgstr ""
11798
11799
#: serverguide/C/other-apps.xml:184(command)
11800
msgid "sudo bzr log /etc/passwd"
11801
msgstr ""
11802
11803
#: serverguide/C/other-apps.xml:187(para)
11804
msgid ""
11805
"To demonstrate the integration with the package management system, install "
11806
"<application>postfix</application>:"
11807
msgstr ""
11808
11809
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11810
msgid "sudo apt-get install postfix"
11811
msgstr ""
11812
11813
#: serverguide/C/other-apps.xml:195(para)
11814
msgid ""
11815
"When the installation is finished, all the "
11816
"<application>postfix</application> configuration files should be committed "
11817
"to the repository:"
11818
msgstr ""
11819
11820
#: serverguide/C/other-apps.xml:201(computeroutput)
11821
#, no-wrap
11822
msgid ""
11823
"Committing to: /etc/\n"
11824
"added aliases.db\n"
11825
"modified group\n"
11826
"modified group-\n"
11827
"modified gshadow\n"
11828
"modified gshadow-\n"
11829
"modified passwd\n"
11830
"modified passwd-\n"
11831
"added postfix\n"
11832
"added resolvconf\n"
11833
"added rsyslog.d\n"
11834
"modified shadow\n"
11835
"modified shadow-\n"
11836
"added init.d/postfix\n"
11837
"added network/if-down.d/postfix\n"
11838
"added network/if-up.d/postfix\n"
11839
"added postfix/dynamicmaps.cf\n"
11840
"added postfix/main.cf\n"
11841
"added postfix/master.cf\n"
11842
"added postfix/post-install\n"
11843
"added postfix/postfix-files\n"
11844
"added postfix/postfix-script\n"
11845
"added postfix/sasl\n"
11846
"added ppp/ip-down.d\n"
11847
"added ppp/ip-down.d/postfix\n"
11848
"added ppp/ip-up.d/postfix\n"
11849
"added rc0.d/K20postfix\n"
11850
"added rc1.d/K20postfix\n"
11851
"added rc2.d/S20postfix\n"
11852
"added rc3.d/S20postfix\n"
11853
"added rc4.d/S20postfix\n"
11854
"added rc5.d/S20postfix\n"
11855
"added rc6.d/K20postfix\n"
11856
"added resolvconf/update-libc.d\n"
11857
"added resolvconf/update-libc.d/postfix\n"
11858
"added rsyslog.d/postfix.conf\n"
11859
"added ufw/applications.d/postfix\n"
11860
"Committed revision 2."
11861
msgstr ""
11862
11863
#: serverguide/C/other-apps.xml:241(para)
11864
msgid ""
11865
"For an example of how <application>etckeeper</application> tracks manual "
11866
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11867
"<application>bzr</application> you can see which files have been modified:"
11868
msgstr ""
11869
11870
#: serverguide/C/other-apps.xml:247(command)
11871
msgid "sudo bzr status /etc/"
11872
msgstr ""
11873
11874
#: serverguide/C/other-apps.xml:248(computeroutput)
11875
#, no-wrap
11876
msgid ""
11877
"modified:\n"
11878
" hosts"
11879
msgstr ""
11880
11881
#: serverguide/C/other-apps.xml:252(para)
11882
msgid "Now commit the changes:"
11883
msgstr ""
11884
11885
#: serverguide/C/other-apps.xml:257(command)
11886
msgid "sudo etckeeper commit \"new host\""
11887
msgstr ""
11888
11889
#: serverguide/C/other-apps.xml:260(para)
11890
msgid ""
11891
"For more information on <application>bzr</application> see <xref "
11892
"linkend=\"bazaar\"/>."
11893
msgstr ""
11894
11895
#: serverguide/C/other-apps.xml:266(title)
11896
msgid "Byobu"
11897
msgstr ""
11898
11899
#: serverguide/C/other-apps.xml:268(para)
11900
msgid ""
11901
"One of the most useful applications for any system administrator is "
11902
"<application>screen</application>. It allows the execution of multiple "
11903
"shells in one terminal. To make some of the advanced "
11904
"<application>screen</application> features more user friendly, and provide "
11905
"some useful information about the system, the "
11906
"<application>byobu</application> package was created."
11907
msgstr ""
11908
11909
#: serverguide/C/other-apps.xml:275(para)
11910
msgid ""
11911
"When executing <application>byobu</application> pressing the "
11912
"<emphasis>F9</emphasis> key will bring up the "
11913
"<application>Configuration</application> menu. This menu will allow you to:"
11914
msgstr ""
11915
11916
#: serverguide/C/other-apps.xml:281(para)
11917
msgid "View the Help menu"
11918
msgstr ""
11919
11920
#: serverguide/C/other-apps.xml:282(para)
11921
msgid "Change Byobu's background color"
11922
msgstr ""
11923
11924
#: serverguide/C/other-apps.xml:283(para)
11925
msgid "Change Byobu's foreground color"
11926
msgstr ""
11927
11928
#: serverguide/C/other-apps.xml:284(para)
11929
msgid "Toggle status notifications"
11930
msgstr "Увімкнути або вимкнути сповіщення"
11931
11932
#: serverguide/C/other-apps.xml:285(para)
11933
msgid "Change the key binding set"
11934
msgstr ""
11935
11936
#: serverguide/C/other-apps.xml:286(para)
11937
msgid "Change the escape sequence"
11938
msgstr ""
11939
11940
#: serverguide/C/other-apps.xml:287(para)
11941
msgid "Create new windows"
11942
msgstr "Створити вікна"
11943
11944
#: serverguide/C/other-apps.xml:288(para)
11945
msgid "Manage the default windows"
11946
msgstr ""
11947
11948
#: serverguide/C/other-apps.xml:289(para)
11949
msgid "Byobu currently does not launch at login (toggle on)"
11950
msgstr "Зараз byobu не запускається при вході (увімкнути)"
11951
11952
#: serverguide/C/other-apps.xml:292(para)
11953
msgid ""
11954
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11955
"sequence, new window, change window, etc. There are two key binding sets to "
11956
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11957
"keys</emphasis>. If you wish to use the original key bindings choose the "
11958
"<emphasis>none</emphasis> set."
11959
msgstr ""
11960
11961
#: serverguide/C/other-apps.xml:298(para)
11962
msgid ""
11963
"<application>byobu</application> provides a menu which displays the Ubuntu "
11964
"release, processor information, memory information, and the time and date. "
11965
"The effect is similar to a desktop menu."
11966
msgstr ""
11967
11968
#: serverguide/C/other-apps.xml:303(para)
11969
msgid ""
11970
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11971
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11972
"executed any time a terminal is opened. Changes made to "
11973
"<application>byobu</application> are on a per user basis, and will not "
11974
"affect other users on the system."
11975
msgstr ""
11976
11977
#: serverguide/C/other-apps.xml:309(para)
11978
msgid ""
11979
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11980
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11981
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11982
"commands. Here is a quick list of movement commands:"
11983
msgstr ""
11984
11985
#: serverguide/C/other-apps.xml:316(para)
11986
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11987
msgstr ""
11988
11989
#: serverguide/C/other-apps.xml:317(para)
11990
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11991
msgstr ""
11992
11993
#: serverguide/C/other-apps.xml:318(para)
11994
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11995
msgstr ""
11996
11997
#: serverguide/C/other-apps.xml:319(para)
11998
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11999
msgstr ""
12000
12001
#: serverguide/C/other-apps.xml:320(para)
12002
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12003
msgstr ""
12004
12005
#: serverguide/C/other-apps.xml:321(para)
12006
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12007
msgstr ""
12008
12009
#: serverguide/C/other-apps.xml:322(para)
12010
msgid ""
12011
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12012
"the buffer)"
12013
msgstr ""
12014
12015
#: serverguide/C/other-apps.xml:323(para)
12016
msgid "<emphasis>/</emphasis> - Search forward"
12017
msgstr ""
12018
12019
#: serverguide/C/other-apps.xml:324(para)
12020
msgid "<emphasis>?</emphasis> - Search backward"
12021
msgstr ""
12022
12023
#: serverguide/C/other-apps.xml:325(para)
12024
msgid ""
12025
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
12026
msgstr ""
12027
12028
#: serverguide/C/other-apps.xml:334(para)
12029
msgid ""
12030
"See the <ulink "
12031
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man1/update-"
12032
"motd.1.html\">update-motd man page</ulink> for more options available to "
12033
"<application>update-motd</application>."
12034
msgstr ""
12035
12036
#: serverguide/C/other-apps.xml:340(para)
12037
msgid ""
12038
"The Debian Package of the Day <ulink "
12039
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
12040
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
12041
"details about using the <application>weather</application>utility."
12042
msgstr ""
12043
12044
#: serverguide/C/other-apps.xml:347(para)
12045
msgid ""
12046
"See the <ulink "
12047
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
12048
"more details on using <application>etckeeper</application>."
12049
msgstr ""
12050
12051
#: serverguide/C/other-apps.xml:353(para)
12052
msgid ""
12053
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
12054
"Ubuntu Wiki</ulink> page."
12055
msgstr ""
12056
12057
#: serverguide/C/other-apps.xml:358(para)
12058
msgid ""
12059
"For the latest news and information about <application>bzr</application> see "
12060
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
12061
msgstr ""
12062
12063
#: serverguide/C/other-apps.xml:363(para)
12064
msgid ""
12065
"For more information on <application>screen</application> see the <ulink "
12066
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12067
msgstr ""
12068
12069
#: serverguide/C/other-apps.xml:368(para)
12070
msgid ""
12071
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12072
"screen</ulink> page."
12073
msgstr ""
12074
12075
#: serverguide/C/other-apps.xml:373(para)
12076
msgid ""
12077
"Also, see the <application>byobu</application><ulink "
12078
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12079
"information."
12080
msgstr ""
12081
12082
#: serverguide/C/network-config.xml:14(para)
12083
msgid ""
12084
"Networks consist of two or more devices, such as computer systems, printers, "
12085
"and related equipment which are connected by either physical cabling or "
12086
"wireless links for the purpose of sharing and distributing information among "
12087
"the connected devices."
12088
msgstr ""
12089
12090
#: serverguide/C/network-config.xml:20(para)
12091
msgid ""
12092
"This section provides general and specific information pertaining to "
12093
"networking, including an overview of network concepts and detailed "
12094
"discussion of popular network protocols."
12095
msgstr ""
12096
12097
#: serverguide/C/network-config.xml:27(title)
12098
msgid "Network Configuration"
12099
msgstr "Налаштування мережі"
12100
12101
#: serverguide/C/network-config.xml:28(para)
12102
msgid ""
12103
"Ubuntu ships with a number of graphical utilities to configure your network "
12104
"devices. This document is geared toward server administrators and will focus "
12105
"on managing your network on the command line."
12106
msgstr ""
12107
12108
#: serverguide/C/network-config.xml:35(title)
12109
msgid "Ethernet Interfaces"
12110
msgstr ""
12111
12112
#: serverguide/C/network-config.xml:36(para)
12113
msgid ""
12114
"Ethernet interfaces are identified by the system using the naming convention "
12115
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
12116
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
12117
"interface is typically identified as <emphasis "
12118
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
12119
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
12120
"order."
12121
msgstr ""
12122
12123
#: serverguide/C/network-config.xml:46(title)
12124
msgid "Identify Ethernet Interfaces"
12125
msgstr ""
12126
12127
#: serverguide/C/network-config.xml:47(para)
12128
msgid ""
12129
"To quickly identify all available Ethernet interfaces, you can use the "
12130
"<application>ifconfig</application> command as shown below."
12131
msgstr ""
12132
12133
#: serverguide/C/network-config.xml:52(userinput)
12134
#, no-wrap
12135
msgid "ifconfig -a | grep eth"
12136
msgstr ""
12137
12138
#: serverguide/C/network-config.xml:51(screen)
12139
#, no-wrap
12140
msgid ""
12141
"\n"
12142
"<placeholder-1/>\n"
12143
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
12144
msgstr ""
12145
12146
#: serverguide/C/network-config.xml:55(para)
12147
msgid ""
12148
"Another application that can help identify all network interfaces available "
12149
"to your system is the <application>lshw</application> command. In the "
12150
"example below, <application>lshw</application> shows a single Ethernet "
12151
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
12152
"along with bus information, driver details and all supported capabilities."
12153
msgstr ""
12154
12155
#: serverguide/C/network-config.xml:62(userinput)
12156
#, no-wrap
12157
msgid "sudo lshw -class network"
12158
msgstr ""
12159
12160
#: serverguide/C/network-config.xml:61(screen)
12161
#, no-wrap
12162
msgid ""
12163
"\n"
12164
"<placeholder-1/>\n"
12165
" *-network\n"
12166
" description: Ethernet interface\n"
12167
" product: BCM4401-B0 100Base-TX\n"
12168
" vendor: Broadcom Corporation\n"
12169
" physical id: 0\n"
12170
" bus info: pci@0000:03:00.0\n"
12171
" logical name: eth0\n"
12172
" version: 02\n"
12173
" serial: 00:15:c5:4a:16:5a\n"
12174
" size: 10MB/s\n"
12175
" capacity: 100MB/s\n"
12176
" width: 32 bits\n"
12177
" clock: 33MHz\n"
12178
" capabilities: (snipped for brevity)\n"
12179
" configuration: (snipped for brevity)\n"
12180
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
12181
msgstr ""
12182
12183
#: serverguide/C/network-config.xml:83(title)
12184
msgid "Ethernet Interface Logical Names"
12185
msgstr ""
12186
12187
#: serverguide/C/network-config.xml:84(para)
12188
msgid ""
12189
"Interface logical names are configured in the file "
12190
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
12191
"like control which interface receives a particular logical name, find the "
12192
"line matching the interfaces physical MAC address and modify the value of "
12193
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
12194
"Reboot the system to commit your changes."
12195
msgstr ""
12196
12197
#: serverguide/C/network-config.xml:92(programlisting)
12198
#, no-wrap
12199
msgid ""
12200
"\n"
12201
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12202
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
12203
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
12204
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
12205
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
12206
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
12207
msgstr ""
12208
12209
#: serverguide/C/network-config.xml:99(title)
12210
msgid "Ethernet Interface Settings"
12211
msgstr ""
12212
12213
#: serverguide/C/network-config.xml:100(para)
12214
msgid ""
12215
"<application>ethtool</application> is a program that displays and changes "
12216
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
12217
"and Wake-on-LAN. It is not installed by default, but is available for "
12218
"installation in the repositories."
12219
msgstr ""
12220
12221
#: serverguide/C/network-config.xml:106(userinput)
12222
#, no-wrap
12223
msgid "sudo apt-get install ethtool"
12224
msgstr ""
12225
12226
#: serverguide/C/network-config.xml:108(para)
12227
msgid ""
12228
"The following is an example of how to view supported features and configured "
12229
"settings of an Ethernet interface."
12230
msgstr ""
12231
12232
#: serverguide/C/network-config.xml:113(userinput)
12233
#, no-wrap
12234
msgid "sudo ethtool eth0"
12235
msgstr ""
12236
12237
#: serverguide/C/network-config.xml:112(screen)
12238
#, no-wrap
12239
msgid ""
12240
"\n"
12241
"<placeholder-1/>\n"
12242
"Settings for eth0:\n"
12243
" Supported ports: [ TP ]\n"
12244
" Supported link modes: 10baseT/Half 10baseT/Full \n"
12245
" 100baseT/Half 100baseT/Full \n"
12246
" 1000baseT/Half 1000baseT/Full \n"
12247
" Supports auto-negotiation: Yes\n"
12248
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
12249
" 100baseT/Half 100baseT/Full \n"
12250
" 1000baseT/Half 1000baseT/Full \n"
12251
" Advertised auto-negotiation: Yes\n"
12252
" Speed: 1000Mb/s\n"
12253
" Duplex: Full\n"
12254
" Port: Twisted Pair\n"
12255
" PHYAD: 1\n"
12256
" Transceiver: internal\n"
12257
" Auto-negotiation: on\n"
12258
" Supports Wake-on: g\n"
12259
" Wake-on: d\n"
12260
" Current message level: 0x000000ff (255)\n"
12261
" Link detected: yes\n"
12262
msgstr ""
12263
12264
#: serverguide/C/network-config.xml:135(para)
12265
msgid ""
12266
"Changes made with the <application>ethtool</application> command are "
12267
"temporary and will be lost after a reboot. If you would like to retain "
12268
"settings, simply add the desired <application>ethtool</application> command "
12269
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
12270
"configuration file <filename>/etc/network/interfaces</filename>."
12271
msgstr ""
12272
12273
#: serverguide/C/network-config.xml:141(para)
12274
msgid ""
12275
"The following is an example of how the interface identified as <emphasis "
12276
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
12277
"speed of 1000Mb/s running in full duplex mode."
12278
msgstr ""
12279
12280
#: serverguide/C/network-config.xml:145(programlisting)
12281
#, no-wrap
12282
msgid ""
12283
"\n"
12284
"auto eth0\n"
12285
"iface eth0 inet static\n"
12286
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
12287
msgstr ""
12288
12289
#: serverguide/C/network-config.xml:151(para)
12290
msgid ""
12291
"Although the example above shows the interface configured to use the "
12292
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
12293
"other methods as well, such as DHCP. The example is meant to demonstrate "
12294
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
12295
"statement in relation to the rest of the interface configuration."
12296
msgstr ""
12297
12298
#: serverguide/C/network-config.xml:163(title)
12299
msgid "IP Addressing"
12300
msgstr ""
12301
12302
#: serverguide/C/network-config.xml:164(para)
12303
msgid ""
12304
"The following section describes the process of configuring your systems IP "
12305
"address and default gateway needed for communicating on a local area network "
12306
"and the Internet."
12307
msgstr ""
12308
12309
#: serverguide/C/network-config.xml:171(title)
12310
msgid "Temporary IP Address Assignment"
12311
msgstr ""
12312
12313
#: serverguide/C/network-config.xml:172(para)
12314
msgid ""
12315
"For temporary network configurations, you can use standard commands such as "
12316
"<application>ip</application>, <application>ifconfig</application> and "
12317
"<application>route</application>, which are also found on most other "
12318
"GNU/Linux operating systems. These commands allow you to configure settings "
12319
"which take effect immediately, however they are not persistent and will be "
12320
"lost after a reboot."
12321
msgstr ""
12322
12323
#: serverguide/C/network-config.xml:180(para)
12324
msgid ""
12325
"To temporarily configure an IP address, you can use the "
12326
"<application>ifconfig</application> command in the following manner. Just "
12327
"modify the IP address and subnet mask to match your network requirements."
12328
msgstr ""
12329
12330
#: serverguide/C/network-config.xml:186(userinput)
12331
#, no-wrap
12332
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
12333
msgstr ""
12334
12335
#: serverguide/C/network-config.xml:188(para)
12336
msgid ""
12337
"To verify the IP address configuration of <application>eth0</application>, "
12338
"you can use the <application>ifconfig</application> command in the following "
12339
"manner."
12340
msgstr ""
12341
12342
#: serverguide/C/network-config.xml:193(userinput)
12343
#, no-wrap
12344
msgid "ifconfig eth0"
12345
msgstr ""
12346
12347
#: serverguide/C/network-config.xml:192(screen)
12348
#, no-wrap
12349
msgid ""
12350
"\n"
12351
"<placeholder-1/>\n"
12352
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
12353
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
12354
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
12355
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
12356
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
12357
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
12358
" collisions:0 txqueuelen:1000 \n"
12359
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
12360
" Interrupt:16 \n"
12361
msgstr ""
12362
12363
#: serverguide/C/network-config.xml:204(para)
12364
msgid ""
12365
"To configure a default gateway, you can use the "
12366
"<application>route</application> command in the following manner. Modify the "
12367
"default gateway address to match your network requirements."
12368
msgstr ""
12369
12370
#: serverguide/C/network-config.xml:210(userinput)
12371
#, no-wrap
12372
msgid "sudo route add default gw 10.0.0.1 eth0"
12373
msgstr ""
12374
12375
#: serverguide/C/network-config.xml:212(para)
12376
msgid ""
12377
"To verify your default gateway configuration, you can use the "
12378
"<application>route</application> command in the following manner."
12379
msgstr ""
12380
12381
#: serverguide/C/network-config.xml:217(userinput)
12382
#, no-wrap
12383
msgid "route -n"
12384
msgstr ""
12385
12386
#: serverguide/C/network-config.xml:216(screen)
12387
#, no-wrap
12388
msgid ""
12389
"\n"
12390
"<placeholder-1/>\n"
12391
"Kernel IP routing table\n"
12392
"Destination Gateway Genmask Flags Metric Ref Use "
12393
"Iface\n"
12394
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
12395
"eth0\n"
12396
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
12397
"eth0\n"
12398
msgstr ""
12399
12400
#: serverguide/C/network-config.xml:223(para)
12401
msgid ""
12402
"If you require DNS for your temporary network configuration, you can add DNS "
12403
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
12404
"example below shows how to enter two DNS servers to "
12405
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
12406
"appropriate for your network. A more lengthy description of DNS client "
12407
"configuration is in a following section."
12408
msgstr ""
12409
12410
#: serverguide/C/network-config.xml:230(programlisting)
12411
#, no-wrap
12412
msgid ""
12413
"\n"
12414
"nameserver 8.8.8.8\n"
12415
"nameserver 8.8.4.4\n"
12416
msgstr ""
12417
12418
#: serverguide/C/network-config.xml:234(para)
12419
msgid ""
12420
"If you no longer need this configuration and wish to purge all IP "
12421
"configuration from an interface, you can use the "
12422
"<application>ip</application> command with the flush option as shown below."
12423
msgstr ""
12424
12425
#: serverguide/C/network-config.xml:240(userinput)
12426
#, no-wrap
12427
msgid "ip addr flush eth0"
12428
msgstr ""
12429
12430
#: serverguide/C/network-config.xml:243(para)
12431
msgid ""
12432
"Flushing the IP configuration using the <application>ip</application> "
12433
"command does not clear the contents of "
12434
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
12435
"entries manually."
12436
msgstr ""
12437
12438
#: serverguide/C/network-config.xml:251(title)
12439
msgid "Dynamic IP Address Assignment (DHCP Client)"
12440
msgstr ""
12441
12442
#: serverguide/C/network-config.xml:252(para)
12443
msgid ""
12444
"To configure your server to use DHCP for dynamic address assignment, add the "
12445
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12446
"statement for the appropriate interface in the file "
12447
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12448
"are configuring your first Ethernet interface identified as <emphasis "
12449
"role=\"italic\">eth0</emphasis>."
12450
msgstr ""
12451
12452
#: serverguide/C/network-config.xml:259(programlisting)
12453
#, no-wrap
12454
msgid ""
12455
"\n"
12456
"auto eth0\n"
12457
"iface eth0 inet dhcp\n"
12458
msgstr ""
12459
12460
#: serverguide/C/network-config.xml:263(para)
12461
msgid ""
12462
"By adding an interface configuration as shown above, you can manually enable "
12463
"the interface through the <application>ifup</application> command which "
12464
"initiates the DHCP process via <application>dhclient</application>."
12465
msgstr ""
12466
12467
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
12468
#, no-wrap
12469
msgid "sudo ifup eth0"
12470
msgstr ""
12471
12472
#: serverguide/C/network-config.xml:271(para)
12473
msgid ""
12474
"To manually disable the interface, you can use the "
12475
"<application>ifdown</application> command, which in turn will initiate the "
12476
"DHCP release process and shut down the interface."
12477
msgstr ""
12478
12479
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
12480
#, no-wrap
12481
msgid "sudo ifdown eth0"
12482
msgstr ""
12483
12484
#: serverguide/C/network-config.xml:282(title)
12485
msgid "Static IP Address Assignment"
12486
msgstr ""
12487
12488
#: serverguide/C/network-config.xml:283(para)
12489
msgid ""
12490
"To configure your system to use a static IP address assignment, add the "
12491
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12492
"family statement for the appropriate interface in the file "
12493
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12494
"are configuring your first Ethernet interface identified as <emphasis "
12495
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
12496
"role=\"italic\">address</emphasis>, <emphasis "
12497
"role=\"italic\">netmask</emphasis>, and <emphasis "
12498
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
12499
"network."
12500
msgstr ""
12501
12502
#: serverguide/C/network-config.xml:292(programlisting)
12503
#, no-wrap
12504
msgid ""
12505
"\n"
12506
"auto eth0\n"
12507
"iface eth0 inet static\n"
12508
"address 10.0.0.100\n"
12509
"netmask 255.255.255.0\n"
12510
"gateway 10.0.0.1\n"
12511
msgstr ""
12512
12513
#: serverguide/C/network-config.xml:299(para)
12514
msgid ""
12515
"By adding an interface configuration as shown above, you can manually enable "
12516
"the interface through the <application>ifup</application> command."
12517
msgstr ""
12518
12519
#: serverguide/C/network-config.xml:306(para)
12520
msgid ""
12521
"To manually disable the interface, you can use the "
12522
"<application>ifdown</application> command."
12523
msgstr ""
12524
12525
#: serverguide/C/network-config.xml:316(title)
12526
msgid "Loopback Interface"
12527
msgstr ""
12528
12529
#: serverguide/C/network-config.xml:317(para)
12530
msgid ""
12531
"The loopback interface is identified by the system as <emphasis "
12532
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12533
"can be viewed using the ifconfig command."
12534
msgstr ""
12535
12536
#: serverguide/C/network-config.xml:322(userinput)
12537
#, no-wrap
12538
msgid "ifconfig lo"
12539
msgstr ""
12540
12541
#: serverguide/C/network-config.xml:321(screen)
12542
#, no-wrap
12543
msgid ""
12544
"\n"
12545
"<placeholder-1/>\n"
12546
"lo Link encap:Local Loopback \n"
12547
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
12548
" inet6 addr: ::1/128 Scope:Host\n"
12549
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
12550
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
12551
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
12552
" collisions:0 txqueuelen:0 \n"
12553
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12554
msgstr ""
12555
12556
#: serverguide/C/network-config.xml:332(para)
12557
msgid ""
12558
"By default, there should be two lines in "
12559
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12560
"configuring your loopback interface. It is recommended that you keep the "
12561
"default settings unless you have a specific purpose for changing them. An "
12562
"example of the two default lines are shown below."
12563
msgstr ""
12564
12565
#: serverguide/C/network-config.xml:338(programlisting)
12566
#, no-wrap
12567
msgid ""
12568
"\n"
12569
"auto lo\n"
12570
"iface lo inet loopback\n"
12571
msgstr ""
12572
12573
#: serverguide/C/network-config.xml:347(title)
12574
msgid "Name Resolution"
12575
msgstr ""
12576
12577
#: serverguide/C/network-config.xml:348(para)
12578
msgid ""
12579
"Name resolution as it relates to IP networking is the process of mapping IP "
12580
"addresses to hostnames, making it easier to identify resources on a network. "
12581
"The following section will explain how to properly configure your system for "
12582
"name resolution using DNS and static hostname records."
12583
msgstr ""
12584
12585
#: serverguide/C/network-config.xml:356(title)
12586
msgid "DNS Client Configuration"
12587
msgstr ""
12588
12589
#: serverguide/C/network-config.xml:357(para)
12590
msgid ""
12591
"To configure your system to use DNS for name resolution, add the IP "
12592
"addresses of the DNS servers that are appropriate for your network in the "
12593
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12594
"suffix search-lists to match your network domain names."
12595
msgstr ""
12596
12597
#: serverguide/C/network-config.xml:362(para)
12598
msgid ""
12599
"Below is an example of a typical configuration of "
12600
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12601
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12602
msgstr ""
12603
12604
#: serverguide/C/network-config.xml:367(programlisting)
12605
#, no-wrap
12606
msgid ""
12607
"\n"
12608
"search example.com\n"
12609
"nameserver 8.8.8.8\n"
12610
"nameserver 8.8.4.4\n"
12611
msgstr ""
12612
12613
#: serverguide/C/network-config.xml:372(para)
12614
msgid ""
12615
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12616
"multiple domain names so that DNS queries will be appended in the order in "
12617
"which they are entered. For example, your network may have multiple sub-"
12618
"domains to search; a parent domain of <emphasis "
12619
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12620
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12621
"role=\"italic\">dev.example.com</emphasis>."
12622
msgstr ""
12623
12624
#: serverguide/C/network-config.xml:380(para)
12625
msgid ""
12626
"If you have multiple domains you wish to search, your configuration might "
12627
"look like the following."
12628
msgstr ""
12629
12630
#: serverguide/C/network-config.xml:383(programlisting)
12631
#, no-wrap
12632
msgid ""
12633
"\n"
12634
"search example.com sales.example.com dev.example.com\n"
12635
"nameserver 8.8.8.8\n"
12636
"nameserver 8.8.4.4\n"
12637
msgstr ""
12638
12639
#: serverguide/C/network-config.xml:388(para)
12640
msgid ""
12641
"If you try to ping a host with the name of <emphasis "
12642
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12643
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12644
msgstr ""
12645
12646
#: serverguide/C/network-config.xml:394(para)
12647
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12648
msgstr ""
12649
12650
#: serverguide/C/network-config.xml:399(para)
12651
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12652
msgstr ""
12653
12654
#: serverguide/C/network-config.xml:404(para)
12655
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12656
msgstr ""
12657
12658
#: serverguide/C/network-config.xml:409(para)
12659
msgid ""
12660
"If no matches are found, the DNS server will provide a result of <emphasis "
12661
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12662
msgstr ""
12663
12664
#: serverguide/C/network-config.xml:416(title)
12665
msgid "Static Hostnames"
12666
msgstr ""
12667
12668
#: serverguide/C/network-config.xml:417(para)
12669
msgid ""
12670
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12671
"file <filename>/etc/hosts</filename>. Entries in the "
12672
"<filename>hosts</filename> file will have precedence over DNS by default. "
12673
"This means that if your system tries to resolve a hostname and it matches an "
12674
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12675
"some configurations, especially when Internet access is not required, "
12676
"servers that communicate with a limited number of resources can be "
12677
"conveniently set to use static hostnames instead of DNS."
12678
msgstr ""
12679
12680
#: serverguide/C/network-config.xml:424(para)
12681
msgid ""
12682
"The following is an example of a <filename>hosts</filename> file where a "
12683
"number of local servers have been identified by simple hostnames, aliases "
12684
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12685
msgstr ""
12686
12687
#: serverguide/C/network-config.xml:428(programlisting)
12688
#, no-wrap
12689
msgid ""
12690
"\n"
12691
"127.0.0.1\tlocalhost\n"
12692
"127.0.1.1\tubuntu-server\n"
12693
"10.0.0.11\tserver1 vpn server1.example.com\n"
12694
"10.0.0.12\tserver2 mail server2.example.com\n"
12695
"10.0.0.13\tserver3 www server3.example.com\n"
12696
"10.0.0.14\tserver4 file server4.example.com\n"
12697
msgstr ""
12698
12699
#: serverguide/C/network-config.xml:437(para)
12700
msgid ""
12701
"In the above example, notice that each of the servers have been given "
12702
"aliases in addition to their proper names and FQDN's. <emphasis "
12703
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12704
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12705
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12706
"role=\"italic\">server3</emphasis> as <emphasis "
12707
"role=\"italic\">www</emphasis>, and <emphasis "
12708
"role=\"italic\">server4</emphasis> as <emphasis "
12709
"role=\"italic\">file</emphasis>."
12710
msgstr ""
12711
12712
#: serverguide/C/network-config.xml:449(title)
12713
msgid "Name Service Switch Configuration"
12714
msgstr ""
12715
12716
#: serverguide/C/network-config.xml:450(para)
12717
msgid ""
12718
"The order in which your system selects a method of resolving hostnames to IP "
12719
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12720
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12721
"section, typically static hostnames defined in the systems "
12722
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12723
"from DNS. The following is an example of the line responsible for this order "
12724
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12725
msgstr ""
12726
12727
#: serverguide/C/network-config.xml:458(programlisting)
12728
#, no-wrap
12729
msgid ""
12730
"\n"
12731
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12732
msgstr ""
12733
"\n"
12734
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12735
12736
#: serverguide/C/network-config.xml:464(para)
12737
msgid ""
12738
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12739
"hostnames located in <filename>/etc/hosts</filename>."
12740
msgstr ""
12741
12742
#: serverguide/C/network-config.xml:470(para)
12743
msgid ""
12744
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12745
"name using Multicast DNS."
12746
msgstr ""
12747
12748
#: serverguide/C/network-config.xml:475(para)
12749
msgid ""
12750
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12751
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12752
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12753
"authoritative and that the system should not try to continue hunting for an "
12754
"answer."
12755
msgstr ""
12756
12757
#: serverguide/C/network-config.xml:483(para)
12758
msgid ""
12759
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12760
msgstr ""
12761
12762
#: serverguide/C/network-config.xml:488(para)
12763
msgid ""
12764
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12765
msgstr ""
12766
12767
#: serverguide/C/network-config.xml:494(para)
12768
msgid ""
12769
"To modify the order of the above mentioned name resolution methods, you can "
12770
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12771
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12772
"versus Multicast DNS, you can change the string in "
12773
"<filename>/etc/nsswitch.conf</filename> as shown below."
12774
msgstr ""
12775
12776
#: serverguide/C/network-config.xml:501(programlisting)
12777
#, no-wrap
12778
msgid ""
12779
"\n"
12780
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12781
msgstr ""
12782
12783
#: serverguide/C/network-config.xml:508(title)
12784
msgid "Bridging"
12785
msgstr ""
12786
12787
#: serverguide/C/network-config.xml:510(para)
12788
msgid ""
12789
"Bridging multiple interfaces is a more advanced configuration, but is very "
12790
"useful in multiple scenarios. One scenario is setting up a bridge with "
12791
"multiple network interfaces, then using a firewall to filter traffic between "
12792
"two network segments. Another scenario is using bridge on a system with one "
12793
"interface to allow virtual machines direct access to the outside network. "
12794
"The following example covers the latter scenario."
12795
msgstr ""
12796
12797
#: serverguide/C/network-config.xml:517(para)
12798
msgid ""
12799
"Before configuring a bridge you will need to install the <application>bridge-"
12800
"utils</application> package. To install the package, in a terminal enter:"
12801
msgstr ""
12802
12803
#: serverguide/C/network-config.xml:523(command)
12804
msgid "sudo apt-get install bridge-utils"
12805
msgstr ""
12806
12807
#: serverguide/C/network-config.xml:526(para)
12808
msgid ""
12809
"Next, configure the bridge by editing "
12810
"<filename>/etc/network/interfaces</filename>:"
12811
msgstr ""
12812
12813
#: serverguide/C/network-config.xml:530(programlisting)
12814
#, no-wrap
12815
msgid ""
12816
"\n"
12817
"auto lo\n"
12818
"iface lo inet loopback\n"
12819
"\n"
12820
"auto br0\n"
12821
"iface br0 inet static\n"
12822
" address 192.168.0.10\n"
12823
" network 192.168.0.0\n"
12824
" netmask 255.255.255.0\n"
12825
" broadcast 192.168.0.255\n"
12826
" gateway 192.168.0.1\n"
12827
" bridge_ports eth0\n"
12828
" bridge_fd 9\n"
12829
" bridge_hello 2\n"
12830
" bridge_maxage 12\n"
12831
" bridge_stp off\n"
12832
msgstr ""
12833
12834
#: serverguide/C/network-config.xml:549(para)
12835
msgid "Enter the appropriate values for your physical interface and network."
12836
msgstr ""
12837
12838
#: serverguide/C/network-config.xml:554(para)
12839
msgid "Now restart networking to enable the bridge interface:"
12840
msgstr ""
12841
12842
#: serverguide/C/network-config.xml:561(para)
12843
msgid ""
12844
"The new bridge interface should now be up and running. The "
12845
"<application>brctl</application> provides useful information about the state "
12846
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12847
"<command>man brctl</command> for more information."
12848
msgstr ""
12849
12850
#: serverguide/C/network-config.xml:577(para)
12851
msgid ""
12852
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12853
"Network page</ulink> has links to articles covering more advanced network "
12854
"configuration."
12855
msgstr ""
12856
12857
#: serverguide/C/network-config.xml:583(para)
12858
msgid ""
12859
"The <ulink "
12860
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/interfaces.5.html"
12861
"\">interfaces man page</ulink> has details on more options for "
12862
"<filename>/etc/network/interfaces</filename>."
12863
msgstr ""
12864
12865
#: serverguide/C/network-config.xml:589(para)
12866
msgid ""
12867
"The <ulink "
12868
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/dhclient.8.html\">"
12869
"dhclient man page</ulink> has details on more options for configuring DHCP "
12870
"client settings."
12871
msgstr ""
12872
12873
#: serverguide/C/network-config.xml:595(para)
12874
msgid ""
12875
"For more information on DNS client configuration see the <ulink "
12876
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/resolver.5.html\">"
12877
"resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12878
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12879
"Administrator's Guide</ulink> is a good source of resolver and name service "
12880
"configuration information."
12881
msgstr ""
12882
12883
#: serverguide/C/network-config.xml:603(para)
12884
msgid ""
12885
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12886
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/brctl.8.html\">brc"
12887
"tl man page</ulink> and the Linux Foundation's <ulink "
12888
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12889
msgstr ""
12890
12891
#: serverguide/C/network-config.xml:614(title)
12892
msgid "TCP/IP"
12893
msgstr ""
12894
12895
#: serverguide/C/network-config.xml:615(para)
12896
msgid ""
12897
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12898
"standard set of protocols developed in the late 1970s by the Defense "
12899
"Advanced Research Projects Agency (DARPA) as a means of communication "
12900
"between different types of computers and computer networks. TCP/IP is the "
12901
"driving force of the Internet, and thus it is the most popular set of "
12902
"network protocols on Earth."
12903
msgstr ""
12904
12905
#: serverguide/C/network-config.xml:623(title)
12906
msgid "TCP/IP Introduction"
12907
msgstr ""
12908
12909
#: serverguide/C/network-config.xml:624(para)
12910
msgid ""
12911
"The two protocol components of TCP/IP deal with different aspects of "
12912
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12913
"TCP/IP is a connectionless protocol which deals only with network packet "
12914
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12915
"basic unit of networking information. The IP Datagram consists of a header "
12916
"followed by a message. The <emphasis> Transmission Control "
12917
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12918
"establish connections which may be used to exchange data streams. TCP also "
12919
"guarantees that the data between connections is delivered and that it "
12920
"arrives at one network host in the same order as sent from another network "
12921
"host."
12922
msgstr ""
12923
12924
#: serverguide/C/network-config.xml:637(title)
12925
msgid "TCP/IP Configuration"
12926
msgstr ""
12927
12928
#: serverguide/C/network-config.xml:638(para)
12929
msgid ""
12930
"The TCP/IP protocol configuration consists of several elements which must be "
12931
"set by editing the appropriate configuration files, or deploying solutions "
12932
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12933
"can be configured to provide the proper TCP/IP configuration settings to "
12934
"network clients automatically. These configuration values must be set "
12935
"correctly in order to facilitate the proper network operation of your Ubuntu "
12936
"system."
12937
msgstr ""
12938
12939
#: serverguide/C/network-config.xml:650(para)
12940
msgid ""
12941
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12942
"identifying string expressed as four decimal numbers ranging from zero (0) "
12943
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12944
"four numbers representing eight (8) bits of the address for a total length "
12945
"of thirty-two (32) bits for the whole address. This format is called "
12946
"<emphasis>dotted quad notation</emphasis>."
12947
msgstr ""
12948
12949
#: serverguide/C/network-config.xml:660(para)
12950
msgid ""
12951
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12952
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12953
"separate the portions of an IP address significant to the network from the "
12954
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12955
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12956
"three bytes of the IP address and allows the last byte of the IP address to "
12957
"remain available for specifying hosts on the subnetwork."
12958
msgstr ""
12959
12960
#: serverguide/C/network-config.xml:671(para)
12961
msgid ""
12962
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12963
"represents the bytes comprising the network portion of an IP address. For "
12964
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12965
"network address, where twelve (12) represents the first byte of the IP "
12966
"address, (the network part) and zeroes (0) in all of the remaining three "
12967
"bytes to represent the potential host values. A network host using the "
12968
"private IP address 192.168.1.100 would in turn use a Network Address of "
12969
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12970
"network and a zero (0) for all the possible hosts on the network."
12971
msgstr ""
12972
12973
#: serverguide/C/network-config.xml:684(para)
12974
msgid ""
12975
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12976
"is an IP address which allows network data to be sent simultaneously to all "
12977
"hosts on a given subnetwork rather than specifying a particular host. The "
12978
"standard general broadcast address for IP networks is 255.255.255.255, but "
12979
"this broadcast address cannot be used to send a broadcast message to every "
12980
"host on the Internet because routers block it. A more appropriate broadcast "
12981
"address is set to match a specific subnetwork. For example, on the private "
12982
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12983
"Broadcast messages are typically produced by network protocols such as the "
12984
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12985
msgstr ""
12986
12987
#: serverguide/C/network-config.xml:697(para)
12988
msgid ""
12989
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12990
"IP address through which a particular network, or host on a network, may be "
12991
"reached. If one network host wishes to communicate with another network "
12992
"host, and that host is not located on the same network, then a "
12993
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12994
"Address will be that of a router on the same network, which will in turn "
12995
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12996
"value of the Gateway Address setting must be correct, or your system will "
12997
"not be able to reach any hosts beyond those on the same network."
12998
msgstr ""
12999
13000
#: serverguide/C/network-config.xml:708(para)
13001
msgid ""
13002
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
13003
"represent the IP addresses of Domain Name Service (DNS) systems, which "
13004
"resolve network hostnames into IP addresses. There are three levels of "
13005
"Nameserver Addresses, which may be specified in order of precedence: The "
13006
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
13007
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
13008
"your system to be able to resolve network hostnames into their corresponding "
13009
"IP addresses, you must specify valid Nameserver Addresses which you are "
13010
"authorized to use in your system's TCP/IP configuration. In many cases these "
13011
"addresses can and will be provided by your network service provider, but "
13012
"many free and publicly accessible nameservers are available for use, such as "
13013
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
13014
msgstr ""
13015
13016
#: serverguide/C/network-config.xml:722(para)
13017
msgid ""
13018
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
13019
"Address are typically specified via the appropriate directives in the file "
13020
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
13021
"typically specified via <emphasis>nameserver</emphasis> directives in the "
13022
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
13023
"system manual page for <filename>interfaces</filename> or "
13024
"<filename>resolv.conf</filename> respectively, with the following commands "
13025
"typed at a terminal prompt:"
13026
msgstr ""
13027
13028
#: serverguide/C/network-config.xml:729(para)
13029
msgid ""
13030
"Access the system manual page for <filename>interfaces</filename> with the "
13031
"following command:"
13032
msgstr ""
13033
13034
#: serverguide/C/network-config.xml:734(command)
13035
msgid "man interfaces"
13036
msgstr ""
13037
13038
#: serverguide/C/network-config.xml:737(para)
13039
msgid ""
13040
"Access the system manual page for <filename>resolv.conf</filename> with the "
13041
"following command:"
13042
msgstr ""
13043
13044
#: serverguide/C/network-config.xml:741(command)
13045
msgid "man resolv.conf"
13046
msgstr ""
13047
13048
#: serverguide/C/network-config.xml:646(para)
13049
msgid ""
13050
"The common configuration elements of TCP/IP and their purposes are as "
13051
"follows: <placeholder-1/>"
13052
msgstr ""
13053
13054
#: serverguide/C/network-config.xml:748(title)
13055
msgid "IP Routing"
13056
msgstr ""
13057
13058
#: serverguide/C/network-config.xml:749(para)
13059
msgid ""
13060
"IP routing is a means of specifying and discovering paths in a TCP/IP "
13061
"network along which network data may be sent. Routing uses a set of "
13062
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
13063
"packets from their source to the destination, often via many intermediary "
13064
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
13065
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
13066
"<emphasis>Dynamic Routing.</emphasis>"
13067
msgstr ""
13068
13069
#: serverguide/C/network-config.xml:758(para)
13070
msgid ""
13071
"Static routing involves manually adding IP routes to the system's routing "
13072
"table, and this is usually done by manipulating the routing table with the "
13073
"<application>route</application> command. Static routing enjoys many "
13074
"advantages over dynamic routing, such as simplicity of implementation on "
13075
"smaller networks, predictability (the routing table is always computed in "
13076
"advance, and thus the route is precisely the same each time it is used), and "
13077
"low overhead on other routers and network links due to the lack of a dynamic "
13078
"routing protocol. However, static routing does present some disadvantages as "
13079
"well. For example, static routing is limited to small networks and does not "
13080
"scale well. Static routing also fails completely to adapt to network outages "
13081
"and failures along the route due to the fixed nature of the route."
13082
msgstr ""
13083
13084
#: serverguide/C/network-config.xml:768(para)
13085
msgid ""
13086
"Dynamic routing depends on large networks with multiple possible IP routes "
13087
"from a source to a destination and makes use of special routing protocols, "
13088
"such as the Router Information Protocol (RIP), which handle the automatic "
13089
"adjustments in routing tables that make dynamic routing possible. Dynamic "
13090
"routing has several advantages over static routing, such as superior "
13091
"scalability and the ability to adapt to failures and outages along network "
13092
"routes. Additionally, there is less manual configuration of the routing "
13093
"tables, since routers learn from one another about their existence and "
13094
"available routes. This trait also eliminates the possibility of introducing "
13095
"mistakes in the routing tables via human error. Dynamic routing is not "
13096
"perfect, however, and presents disadvantages such as heightened complexity "
13097
"and additional network overhead from router communications, which does not "
13098
"immediately benefit the end users, but still consumes network bandwidth."
13099
msgstr ""
13100
13101
#: serverguide/C/network-config.xml:782(title)
13102
msgid "TCP and UDP"
13103
msgstr ""
13104
13105
#: serverguide/C/network-config.xml:783(para)
13106
msgid ""
13107
"TCP is a connection-based protocol, offering error correction and guaranteed "
13108
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
13109
"Flow control determines when the flow of a data stream needs to be stopped, "
13110
"and previously sent data packets should to be re-sent due to problems such "
13111
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
13112
"accurate delivery of the data. TCP is typically used in the exchange of "
13113
"important information such as database transactions."
13114
msgstr ""
13115
13116
#: serverguide/C/network-config.xml:791(para)
13117
msgid ""
13118
"The User Datagram Protocol (UDP), on the other hand, is a "
13119
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
13120
"transmission of important data because it lacks flow control or any other "
13121
"method to ensure reliable delivery of the data. UDP is commonly used in such "
13122
"applications as audio and video streaming, where it is considerably faster "
13123
"than TCP due to the lack of error correction and flow control, and where the "
13124
"loss of a few packets is not generally catastrophic."
13125
msgstr ""
13126
13127
#: serverguide/C/network-config.xml:801(title)
13128
msgid "ICMP"
13129
msgstr ""
13130
13131
#: serverguide/C/network-config.xml:802(para)
13132
msgid ""
13133
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
13134
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
13135
"supports network packets containing control, error, and informational "
13136
"messages. ICMP is used by such network applications as the "
13137
"<application>ping</application> utility, which can determine the "
13138
"availability of a network host or device. Examples of some error messages "
13139
"returned by ICMP which are useful to both network hosts and devices such as "
13140
"routers, include <emphasis>Destination Unreachable</emphasis> and "
13141
"<emphasis>Time Exceeded</emphasis>."
13142
msgstr ""
13143
13144
#: serverguide/C/network-config.xml:812(title)
13145
msgid "Daemons"
13146
msgstr "Фонові служби"
13147
13148
#: serverguide/C/network-config.xml:813(para)
13149
msgid ""
13150
"Daemons are special system applications which typically execute continuously "
13151
"in the background and await requests for the functions they provide from "
13152
"other applications. Many daemons are network-centric; that is, a large "
13153
"number of daemons executing in the background on an Ubuntu system may "
13154
"provide network-related functionality. Some examples of such network daemons "
13155
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
13156
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
13157
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
13158
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
13159
"Daemon</emphasis> (imapd), which provides E-Mail services."
13160
msgstr ""
13161
13162
#: serverguide/C/network-config.xml:828(para)
13163
msgid ""
13164
"There are man pages for <ulink "
13165
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man7/tcp.7.html\">TCP</"
13166
"ulink> and <ulink "
13167
"url=\"http://manpages.ubuntu.com/manpages/maverick/man7/ip.7.html\">IP</ulink"
13168
"> that contain more useful information."
13169
msgstr ""
13170
13171
#: serverguide/C/network-config.xml:834(para)
13172
msgid ""
13173
"Also, see the <ulink "
13174
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
13175
"and Technical Overview</ulink> IBM Redbook."
13176
msgstr ""
13177
13178
#: serverguide/C/network-config.xml:840(para)
13179
msgid ""
13180
"Another resource is O'Reilly's <ulink "
13181
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
13182
"Administration</ulink>."
13183
msgstr ""
13184
13185
#: serverguide/C/network-config.xml:849(title)
13186
msgid "Dynamic Host Configuration Protocol (DHCP)"
13187
msgstr ""
13188
13189
#: serverguide/C/network-config.xml:850(para)
13190
msgid ""
13191
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
13192
"enables host computers to be automatically assigned settings from a server "
13193
"as opposed to manually configuring each network host. Computers configured "
13194
"to be DHCP clients have no control over the settings they receive from the "
13195
"DHCP server, and the configuration is transparent to the computer's user."
13196
msgstr ""
13197
13198
#: serverguide/C/network-config.xml:857(para)
13199
msgid ""
13200
"The most common settings provided by a DHCP server to DHCP clients include:"
13201
msgstr ""
13202
13203
#: serverguide/C/network-config.xml:862(para)
13204
msgid "IP-Address and Netmask"
13205
msgstr ""
13206
13207
#: serverguide/C/network-config.xml:865(para)
13208
msgid "DNS"
13209
msgstr "DNS"
13210
13211
#: serverguide/C/network-config.xml:868(para)
13212
msgid "WINS"
13213
msgstr "WINS"
13214
13215
#: serverguide/C/network-config.xml:871(para)
13216
msgid ""
13217
"However, a DHCP server can also supply configuration properties such as:"
13218
msgstr ""
13219
13220
#: serverguide/C/network-config.xml:876(para)
13221
msgid "Host Name"
13222
msgstr "Назва вузла"
13223
13224
#: serverguide/C/network-config.xml:879(para)
13225
msgid "Domain Name"
13226
msgstr "Доменна назва"
13227
13228
#: serverguide/C/network-config.xml:882(para)
13229
msgid "Default Gateway"
13230
msgstr "Типовий шлюз"
13231
13232
#: serverguide/C/network-config.xml:885(para)
13233
msgid "Time Server"
13234
msgstr "Сервер служби часу"
13235
13236
#: serverguide/C/network-config.xml:888(para)
13237
msgid "Print Server"
13238
msgstr "Сервер друку"
13239
13240
#: serverguide/C/network-config.xml:891(para)
13241
msgid ""
13242
"The advantage of using DHCP is that changes to the network, for example a "
13243
"change in the address of the DNS server, need only be changed at the DHCP "
13244
"server, and all network hosts will be reconfigured the next time their DHCP "
13245
"clients poll the DHCP server. As an added advantage, it is also easier to "
13246
"integrate new computers into the network, as there is no need to check for "
13247
"the availability of an IP address. Conflicts in IP address allocation are "
13248
"also reduced."
13249
msgstr ""
13250
13251
#: serverguide/C/network-config.xml:899(para)
13252
msgid "A DHCP server can provide configuration settings using two methods:"
13253
msgstr ""
13254
13255
#: serverguide/C/network-config.xml:904(term)
13256
msgid "MAC Address"
13257
msgstr "MAC-адреса"
13258
13259
#: serverguide/C/network-config.xml:906(para)
13260
msgid ""
13261
"This method entails using DHCP to identify the unique hardware address of "
13262
"each network card connected to the network and then continually supplying a "
13263
"constant configuration each time the DHCP client makes a request to the DHCP "
13264
"server using that network device."
13265
msgstr ""
13266
13267
#: serverguide/C/network-config.xml:915(term)
13268
msgid "Address Pool"
13269
msgstr ""
13270
13271
#: serverguide/C/network-config.xml:917(para)
13272
msgid ""
13273
"This method entails defining a pool (sometimes also called a range or scope) "
13274
"of IP addresses from which DHCP clients are supplied their configuration "
13275
"properties dynamically and on a \"first come, first served\" basis. When a "
13276
"DHCP client is no longer on the network for a specified period, the "
13277
"configuration is expired and released back to the address pool for use by "
13278
"other DHCP Clients."
13279
msgstr ""
13280
13281
#: serverguide/C/network-config.xml:928(para)
13282
msgid ""
13283
"Ubuntu is shipped with both DHCP server and client. The server is "
13284
"<application>dhcpd</application> (dynamic host configuration protocol "
13285
"daemon). The client provided with Ubuntu is "
13286
"<application>dhclient</application> and should be installed on all computers "
13287
"required to be automatically configured. Both programs are easy to install "
13288
"and configure and will be automatically started at system boot."
13289
msgstr ""
13290
13291
#: serverguide/C/network-config.xml:938(para)
13292
msgid ""
13293
"At a terminal prompt, enter the following command to install "
13294
"<application>dhcpd</application>:"
13295
msgstr ""
13296
13297
#: serverguide/C/network-config.xml:943(command)
13298
msgid "sudo apt-get install dhcp3-server"
13299
msgstr ""
13300
13301
#: serverguide/C/network-config.xml:945(para)
13302
msgid ""
13303
"You will probably need to change the default configuration by editing "
13304
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
13305
msgstr ""
13306
13307
#: serverguide/C/network-config.xml:949(para)
13308
msgid ""
13309
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
13310
"dhcpd should listen to. By default it listens to eth0."
13311
msgstr ""
13312
13313
#: serverguide/C/network-config.xml:953(para)
13314
msgid ""
13315
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13316
"messages."
13317
msgstr ""
13318
13319
#: serverguide/C/network-config.xml:960(para)
13320
msgid ""
13321
"The error message the installation ends with might be a little confusing, "
13322
"but the following steps will help you configure the service:"
13323
msgstr ""
13324
13325
#: serverguide/C/network-config.xml:964(para)
13326
msgid ""
13327
"Most commonly, what you want to do is assign an IP address randomly. This "
13328
"can be done with settings as follows:"
13329
msgstr ""
13330
13331
#: serverguide/C/network-config.xml:968(programlisting)
13332
#, no-wrap
13333
msgid ""
13334
"\n"
13335
"# Sample /etc/dhcpd.conf\n"
13336
"# (add your comments here) \n"
13337
"default-lease-time 600;\n"
13338
"max-lease-time 7200;\n"
13339
"option subnet-mask 255.255.255.0;\n"
13340
"option broadcast-address 192.168.1.255;\n"
13341
"option routers 192.168.1.254;\n"
13342
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
13343
"option domain-name \"mydomain.example\";\n"
13344
"\n"
13345
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
13346
"range 192.168.1.10 192.168.1.100;\n"
13347
"range 192.168.1.150 192.168.1.200;\n"
13348
"} \n"
13349
msgstr ""
13350
13351
#: serverguide/C/network-config.xml:984(para)
13352
msgid ""
13353
"This will result in the DHCP server giving a client an IP address from the "
13354
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
13355
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
13356
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
13357
"server will also \"advise\" the client that it should use 255.255.255.0 as "
13358
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
13359
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
13360
msgstr ""
13361
13362
#: serverguide/C/network-config.xml:993(para)
13363
msgid ""
13364
"If you need to specify a WINS server for your Windows clients, you will need "
13365
"to include the netbios-name-servers option, e.g."
13366
msgstr ""
13367
13368
#: serverguide/C/network-config.xml:997(programlisting)
13369
#, no-wrap
13370
msgid ""
13371
"\n"
13372
"option netbios-name-servers 192.168.1.1; \n"
13373
msgstr ""
13374
13375
#: serverguide/C/network-config.xml:1000(para)
13376
msgid ""
13377
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
13378
"be found <ulink "
13379
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
13380
msgstr ""
13381
13382
#: serverguide/C/network-config.xml:1010(para)
13383
msgid ""
13384
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13385
"server Ubuntu Wiki</ulink> page has more information."
13386
msgstr ""
13387
13388
#: serverguide/C/network-config.xml:1015(para)
13389
msgid ""
13390
"For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the <ulink "
13391
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/dhcpd.conf.5.html"
13392
"\">dhcpd.conf man page</ulink>."
13393
msgstr ""
13394
13395
#: serverguide/C/network-config.xml:1021(para)
13396
msgid ""
13397
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
13398
"FAQ</ulink>"
13399
msgstr ""
13400
13401
#: serverguide/C/network-config.xml:1031(title)
13402
msgid "Time Synchronisation with NTP"
13403
msgstr ""
13404
13405
#: serverguide/C/network-config.xml:1032(para)
13406
msgid ""
13407
"This page describes methods for keeping your computer's time accurate. This "
13408
"is useful for servers, but is not necessary (or desirable) for desktop "
13409
"machines."
13410
msgstr ""
13411
13412
#: serverguide/C/network-config.xml:1035(para)
13413
msgid ""
13414
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13415
"client requests the current time from a server, and uses it to set its own "
13416
"clock."
13417
msgstr ""
13418
13419
#: serverguide/C/network-config.xml:1038(para)
13420
msgid ""
13421
"Behind this simple description, there is a lot of complexity - there are "
13422
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13423
"clocks (often via GPS), and tier two and three servers spreading the load of "
13424
"actually handling requests across the Internet. Also the client software is "
13425
"a lot more complex than you might think - it has to factor out communication "
13426
"delays, and adjust the time in a way that does not upset all the other "
13427
"processes that run on the server. But luckily all that complexity is hidden "
13428
"from you!"
13429
msgstr ""
13430
13431
#: serverguide/C/network-config.xml:1041(para)
13432
msgid ""
13433
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
13434
msgstr ""
13435
13436
#: serverguide/C/network-config.xml:1046(title)
13437
msgid "ntpdate"
13438
msgstr ""
13439
13440
#: serverguide/C/network-config.xml:1047(para)
13441
msgid ""
13442
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13443
"set up your time according to Ubuntu's NTP server. However, a server's clock "
13444
"is likely to drift considerably between reboots, so it makes sense to "
13445
"correct the time occasionally. The easiest way to do this is to get cron to "
13446
"run ntpdate every day. With your favorite editor, as root, create a file "
13447
"<code>/etc/cron.daily/ntpdate</code> containing:"
13448
msgstr ""
13449
13450
#: serverguide/C/network-config.xml:1052(screen)
13451
#, no-wrap
13452
msgid "ntpdate ntp.ubuntu.com\n"
13453
msgstr ""
13454
13455
#: serverguide/C/network-config.xml:1054(para)
13456
msgid ""
13457
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
13458
msgstr ""
13459
13460
#: serverguide/C/network-config.xml:1057(screen)
13461
#, no-wrap
13462
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
13463
msgstr ""
13464
13465
#: serverguide/C/network-config.xml:1061(title)
13466
msgid "ntpd"
13467
msgstr "ntpd"
13468
13469
#: serverguide/C/network-config.xml:1062(para)
13470
msgid ""
13471
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
13472
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
13473
"calculates the drift of your system clock and continuously adjusts it, so "
13474
"there are no large corrections that could lead to inconsistent logs for "
13475
"instance. The cost is a little processing power and memory, but for a modern "
13476
"server this is negligible."
13477
msgstr ""
13478
13479
#: serverguide/C/network-config.xml:1065(para)
13480
msgid "To set up ntpd:"
13481
msgstr ""
13482
13483
#: serverguide/C/network-config.xml:1066(screen)
13484
#, no-wrap
13485
msgid "sudo apt-get install ntp\n"
13486
msgstr ""
13487
13488
#: serverguide/C/network-config.xml:1071(title)
13489
msgid "Changing Time Servers"
13490
msgstr ""
13491
13492
#: serverguide/C/network-config.xml:1072(para)
13493
msgid ""
13494
"In both cases above, your system will use Ubuntu's NTP server at "
13495
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
13496
"use several servers to increase accuracy and resilience, and you may want to "
13497
"use time servers that are geographically closer to you. to do this for "
13498
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
13499
msgstr ""
13500
13501
#: serverguide/C/network-config.xml:1079(screen)
13502
#, no-wrap
13503
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
13504
msgstr ""
13505
13506
#: serverguide/C/network-config.xml:1081(para)
13507
msgid ""
13508
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
13509
"lines:"
13510
msgstr ""
13511
13512
#: serverguide/C/network-config.xml:1086(screen)
13513
#, no-wrap
13514
msgid ""
13515
"server ntp.ubuntu.com\n"
13516
"server pool.ntp.org\n"
13517
msgstr ""
13518
13519
#: serverguide/C/network-config.xml:1089(para)
13520
msgid ""
13521
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
13522
"really good idea which uses round-robin DNS to return an NTP server from a "
13523
"pool, spreading the load between several different servers. Even better, "
13524
"they have pools for different regions - for instance, if you are in New "
13525
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
13526
"<code>pool.ntp.org</code> . Look at <ulink "
13527
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
13528
"details."
13529
msgstr ""
13530
13531
#: serverguide/C/network-config.xml:1100(para)
13532
msgid ""
13533
"You can also Google for NTP servers in your region, and add these to your "
13534
"configuration. To test that a server works, just type <code>sudo ntpdate "
13535
"ntp.server.name</code> and see what happens."
13536
msgstr ""
13537
13538
#: serverguide/C/network-config.xml:1111(para)
13539
msgid ""
13540
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13541
"Time</ulink> wiki page for more information."
13542
msgstr ""
13543
13544
#: serverguide/C/network-config.xml:1117(ulink)
13545
msgid "NTP Support"
13546
msgstr ""
13547
13548
#: serverguide/C/network-config.xml:1122(ulink)
13549
msgid "The NTP FAQ and HOWTO"
13550
msgstr ""
13551
13552
#: serverguide/C/network-auth.xml:13(title)
13553
msgid "Network Authentication"
13554
msgstr "Розпізнавання у мережі"
13555
13556
#: serverguide/C/network-auth.xml:15(para)
13557
msgid "This section explains various Network Authentication protocols."
13558
msgstr ""
13559
13560
#: serverguide/C/network-auth.xml:19(title)
13561
msgid "OpenLDAP Server"
13562
msgstr ""
13563
13564
#: serverguide/C/network-auth.xml:20(para)
13565
msgid ""
13566
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
13567
"simplified version of the X.500 protocol. The directory setup in this "
13568
"section will be used for authentication. Nevertheless, LDAP can be used in "
13569
"numerous ways: authentication, shared directory (for mail clients), address "
13570
"book, etc."
13571
msgstr ""
13572
13573
#: serverguide/C/network-auth.xml:28(para)
13574
msgid ""
13575
"To describe LDAP quickly, all information is stored in a tree structure. "
13576
"With <application>OpenLDAP</application> you have freedom to determine the "
13577
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
13578
"We will begin with a basic tree containing two nodes below the root:"
13579
msgstr ""
13580
13581
#: serverguide/C/network-auth.xml:37(para)
13582
msgid "\"People\" node where your users will be stored"
13583
msgstr ""
13584
13585
#: serverguide/C/network-auth.xml:40(para)
13586
msgid "\"Groups\" node where your groups will be stored"
13587
msgstr ""
13588
13589
#: serverguide/C/network-auth.xml:44(para)
13590
msgid ""
13591
"Before beginning, you should determine what the root of your LDAP directory "
13592
"will be. By default, your tree will be determined by your Fully Qualified "
13593
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
13594
"example), your root node will be dc=example,dc=com."
13595
msgstr ""
13596
13597
#: serverguide/C/network-auth.xml:54(para)
13598
msgid ""
13599
"First, install the <application>OpenLDAP</application> server daemon "
13600
"<application>slapd</application> and <application>ldap-utils</application>, "
13601
"a package containing LDAP management utilities:"
13602
msgstr ""
13603
13604
#: serverguide/C/network-auth.xml:60(command)
13605
msgid "sudo apt-get install slapd ldap-utils"
13606
msgstr ""
13607
13608
#: serverguide/C/network-auth.xml:63(para)
13609
msgid ""
13610
"By default <application>slapd</application> is configured with minimal "
13611
"options needed to run the <application>slapd</application> daemon."
13612
msgstr ""
13613
13614
#: serverguide/C/network-auth.xml:68(para)
13615
msgid ""
13616
"The configuration example in the following sections will match the domain "
13617
"name of the server. For example, if the machine's Fully Qualified Domain "
13618
"Name (FQDN) is ldap.example.com, the default suffix will be "
13619
"<emphasis>dc=example,dc=com</emphasis>."
13620
msgstr ""
13621
13622
#: serverguide/C/network-auth.xml:76(title)
13623
msgid "Populating LDAP"
13624
msgstr ""
13625
13626
#: serverguide/C/network-auth.xml:78(para)
13627
msgid ""
13628
"<application>OpenLDAP</application> uses a separate directory which contains "
13629
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
13630
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
13631
"<application>slapd</application> daemon, allowing the modification of schema "
13632
"definitions, indexes, ACLs, etc without stopping the service."
13633
msgstr ""
13634
13635
#: serverguide/C/network-auth.xml:86(para)
13636
msgid ""
13637
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13638
"configuration and will need additional configuration options in order to "
13639
"populate the frontend directory. The frontend will be populated with a "
13640
"\"classical\" scheme that will be compatible with address book applications "
13641
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13642
"various applications, such as web applications, email Mail Transfer Agent "
13643
"(MTA) applications, etc."
13644
msgstr ""
13645
13646
#: serverguide/C/network-auth.xml:95(para)
13647
msgid ""
13648
"For external applications to authenticate using LDAP they will each need to "
13649
"be specifically configured to do so. Refer to the individual application "
13650
"documentation for details."
13651
msgstr ""
13652
13653
#: serverguide/C/network-auth.xml:103(para)
13654
msgid ""
13655
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13656
"examples to match your LDAP configuration."
13657
msgstr ""
13658
13659
#: serverguide/C/network-auth.xml:108(para)
13660
msgid ""
13661
"First, some additional schema files need to be loaded. In a terminal enter:"
13662
msgstr ""
13663
13664
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13665
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13666
msgstr ""
13667
13668
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13669
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13670
msgstr ""
13671
13672
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13673
msgid ""
13674
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13675
msgstr ""
13676
13677
#: serverguide/C/network-auth.xml:118(para)
13678
msgid ""
13679
"Next, copy the following example LDIF file, naming it "
13680
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13681
msgstr ""
13682
13683
#: serverguide/C/network-auth.xml:123(programlisting)
13684
#, no-wrap
13685
msgid ""
13686
"\n"
13687
"# Load dynamic backend modules\n"
13688
"dn: cn=module,cn=config\n"
13689
"objectClass: olcModuleList\n"
13690
"cn: module\n"
13691
"olcModulepath: /usr/lib/ldap\n"
13692
"olcModuleload: back_hdb\n"
13693
"\n"
13694
"# Database settings\n"
13695
"dn: olcDatabase=hdb,cn=config\n"
13696
"objectClass: olcDatabaseConfig\n"
13697
"objectClass: olcHdbConfig\n"
13698
"olcDatabase: {1}hdb\n"
13699
"olcSuffix: dc=example,dc=com\n"
13700
"olcDbDirectory: /var/lib/ldap\n"
13701
"olcRootDN: cn=admin,dc=example,dc=com\n"
13702
"olcRootPW: secret\n"
13703
"olcDbConfig: set_cachesize 0 2097152 0\n"
13704
"olcDbConfig: set_lk_max_objects 1500\n"
13705
"olcDbConfig: set_lk_max_locks 1500\n"
13706
"olcDbConfig: set_lk_max_lockers 1500\n"
13707
"olcDbIndex: objectClass eq\n"
13708
"olcLastMod: TRUE\n"
13709
"olcDbCheckpoint: 512 30\n"
13710
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13711
"by anonymous auth by self write by * none\n"
13712
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13713
"olcAccess: to dn.base=\"\" by * read\n"
13714
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13715
"\n"
13716
msgstr ""
13717
13718
#: serverguide/C/network-auth.xml:155(para)
13719
msgid ""
13720
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13721
msgstr ""
13722
13723
#: serverguide/C/network-auth.xml:160(para)
13724
msgid "Now add the LDIF to the directory:"
13725
msgstr ""
13726
13727
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13728
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13729
msgstr ""
13730
13731
#: serverguide/C/network-auth.xml:168(para)
13732
msgid ""
13733
"The frontend directory is now ready to be populated. Create a "
13734
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13735
msgstr ""
13736
13737
#: serverguide/C/network-auth.xml:173(programlisting)
13738
#, no-wrap
13739
msgid ""
13740
"\n"
13741
"# Create top-level object in domain\n"
13742
"dn: dc=example,dc=com\n"
13743
"objectClass: top\n"
13744
"objectClass: dcObject\n"
13745
"objectclass: organization\n"
13746
"o: Example Organization\n"
13747
"dc: Example\n"
13748
"description: LDAP Example \n"
13749
"\n"
13750
"# Admin user.\n"
13751
"dn: cn=admin,dc=example,dc=com\n"
13752
"objectClass: simpleSecurityObject\n"
13753
"objectClass: organizationalRole\n"
13754
"cn: admin\n"
13755
"description: LDAP administrator\n"
13756
"userPassword: secret\n"
13757
"\n"
13758
"dn: ou=people,dc=example,dc=com\n"
13759
"objectClass: organizationalUnit\n"
13760
"ou: people\n"
13761
"\n"
13762
"dn: ou=groups,dc=example,dc=com\n"
13763
"objectClass: organizationalUnit\n"
13764
"ou: groups\n"
13765
"\n"
13766
"dn: uid=john,ou=people,dc=example,dc=com\n"
13767
"objectClass: inetOrgPerson\n"
13768
"objectClass: posixAccount\n"
13769
"objectClass: shadowAccount\n"
13770
"uid: john\n"
13771
"sn: Doe\n"
13772
"givenName: John\n"
13773
"cn: John Doe\n"
13774
"displayName: John Doe\n"
13775
"uidNumber: 1000\n"
13776
"gidNumber: 10000\n"
13777
"userPassword: password\n"
13778
"gecos: John Doe\n"
13779
"loginShell: /bin/bash\n"
13780
"homeDirectory: /home/john\n"
13781
"shadowExpire: -1\n"
13782
"shadowFlag: 0\n"
13783
"shadowWarning: 7\n"
13784
"shadowMin: 8\n"
13785
"shadowMax: 999999\n"
13786
"shadowLastChange: 10877\n"
13787
"mail: john.doe@example.com\n"
13788
"postalCode: 31000\n"
13789
"l: Toulouse\n"
13790
"o: Example\n"
13791
"mobile: +33 (0)6 xx xx xx xx\n"
13792
"homePhone: +33 (0)5 xx xx xx xx\n"
13793
"title: System Administrator\n"
13794
"postalAddress: \n"
13795
"initials: JD\n"
13796
"\n"
13797
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13798
"objectClass: posixGroup\n"
13799
"cn: example\n"
13800
"gidNumber: 10000\n"
13801
msgstr ""
13802
13803
#: serverguide/C/network-auth.xml:236(para)
13804
msgid ""
13805
"In this example the directory structure, a user, and a group have been "
13806
"setup. In other examples you might see the <emphasis>objectClass: "
13807
"top</emphasis> added in every entry, but that is the default behaviour so "
13808
"you do not have to add it explicitly."
13809
msgstr ""
13810
13811
#: serverguide/C/network-auth.xml:243(para)
13812
msgid "Add the entries to the LDAP directory:"
13813
msgstr ""
13814
13815
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13816
msgid ""
13817
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13818
msgstr ""
13819
13820
#: serverguide/C/network-auth.xml:252(para)
13821
msgid ""
13822
"We can check that the content has been correctly added with the "
13823
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13824
"directory:"
13825
msgstr ""
13826
13827
#: serverguide/C/network-auth.xml:258(command)
13828
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13829
msgstr ""
13830
13831
#: serverguide/C/network-auth.xml:259(computeroutput)
13832
#, no-wrap
13833
msgid ""
13834
"\n"
13835
"dn: uid=john,ou=people,dc=example,dc=com\n"
13836
"cn: John Doe\n"
13837
"sn: Doe\n"
13838
"givenName: John\n"
13839
msgstr ""
13840
13841
#: serverguide/C/network-auth.xml:267(para)
13842
msgid "Just a quick explanation:"
13843
msgstr ""
13844
13845
#: serverguide/C/network-auth.xml:273(para)
13846
msgid ""
13847
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13848
"the default."
13849
msgstr ""
13850
13851
#: serverguide/C/network-auth.xml:279(para)
13852
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13853
msgstr ""
13854
13855
#: serverguide/C/network-auth.xml:287(title)
13856
msgid "Further Configuration"
13857
msgstr ""
13858
13859
#: serverguide/C/network-auth.xml:290(para)
13860
msgid ""
13861
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13862
"utilities in the <application>ldap-utils</application> package. For example:"
13863
msgstr ""
13864
13865
#: serverguide/C/network-auth.xml:298(para)
13866
msgid ""
13867
"Use <application>ldapsearch</application> to view the tree, entering the "
13868
"admin password set during installation or reconfiguration:"
13869
msgstr ""
13870
13871
#: serverguide/C/network-auth.xml:304(command)
13872
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13873
msgstr ""
13874
13875
#: serverguide/C/network-auth.xml:308(computeroutput)
13876
#, no-wrap
13877
msgid ""
13878
"\n"
13879
"SASL/EXTERNAL authentication started\n"
13880
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13881
"SASL SSF: 0\n"
13882
"dn: cn=config\n"
13883
"\n"
13884
"dn: cn=module{0},cn=config\n"
13885
"\n"
13886
"dn: cn=schema,cn=config\n"
13887
"\n"
13888
"dn: cn={0}core,cn=schema,cn=config\n"
13889
"\n"
13890
"dn: cn={1}cosine,cn=schema,cn=config\n"
13891
"\n"
13892
"dn: cn={2}nis,cn=schema,cn=config\n"
13893
"\n"
13894
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13895
"\n"
13896
"dn: olcDatabase={-1}frontend,cn=config\n"
13897
"\n"
13898
"dn: olcDatabase={0}config,cn=config\n"
13899
"\n"
13900
"dn: olcDatabase={1}hdb,cn=config\n"
13901
msgstr ""
13902
13903
#: serverguide/C/network-auth.xml:334(para)
13904
msgid ""
13905
"The output above is the current configuration options for the "
13906
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13907
msgstr ""
13908
13909
#: serverguide/C/network-auth.xml:342(para)
13910
msgid ""
13911
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13912
"another attribute to the index list using "
13913
"<application>ldapmodify</application>:"
13914
msgstr ""
13915
13916
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:993(command) serverguide/C/network-auth.xml:1164(command) serverguide/C/network-auth.xml:1200(command)
13917
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13918
msgstr ""
13919
13920
#: serverguide/C/network-auth.xml:356(userinput)
13921
#, no-wrap
13922
msgid ""
13923
"dn: olcDatabase={1}hdb,cn=config\n"
13924
"add: olcDbIndex\n"
13925
"olcDbIndex: uidNumber eq"
13926
msgstr ""
13927
13928
#: serverguide/C/network-auth.xml:352(computeroutput)
13929
#, no-wrap
13930
msgid ""
13931
"\n"
13932
"SASL/EXTERNAL authentication started\n"
13933
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13934
"SASL SSF: 0\n"
13935
"<placeholder-1/>\n"
13936
"\n"
13937
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13938
msgstr ""
13939
13940
#: serverguide/C/network-auth.xml:364(para)
13941
msgid ""
13942
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13943
"exit the utility."
13944
msgstr ""
13945
13946
#: serverguide/C/network-auth.xml:371(para)
13947
msgid ""
13948
"<application>ldapmodify</application> can also read the changes from a file. "
13949
"Copy and paste the following into a file named "
13950
"<filename>uid_index.ldif</filename>:"
13951
msgstr ""
13952
13953
#: serverguide/C/network-auth.xml:376(programlisting)
13954
#, no-wrap
13955
msgid ""
13956
"\n"
13957
"dn: olcDatabase={1}hdb,cn=config\n"
13958
"add: olcDbIndex\n"
13959
"olcDbIndex: uid eq,pres,sub\n"
13960
msgstr ""
13961
13962
#: serverguide/C/network-auth.xml:382(para)
13963
msgid "Then execute <application>ldapmodify</application>:"
13964
msgstr ""
13965
13966
#: serverguide/C/network-auth.xml:387(command)
13967
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13968
msgstr ""
13969
13970
#: serverguide/C/network-auth.xml:391(computeroutput)
13971
#, no-wrap
13972
msgid ""
13973
"\n"
13974
"SASL/EXTERNAL authentication started\n"
13975
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13976
"SASL SSF: 0\n"
13977
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13978
msgstr ""
13979
13980
#: serverguide/C/network-auth.xml:399(para)
13981
msgid "The file method is very useful for large changes."
13982
msgstr ""
13983
13984
#: serverguide/C/network-auth.xml:406(para)
13985
msgid ""
13986
"Adding additional <emphasis>schemas</emphasis> to "
13987
"<application>slapd</application> requires the schema to be converted to LDIF "
13988
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13989
"directory contains some schema files already converted to LDIF format as "
13990
"demonstrated in the previous section. Fortunately, the "
13991
"<application>slapd</application> program can be used to automate the "
13992
"conversion. The following example will add the "
13993
"<emphasis>dyngroup.schema</emphasis>:"
13994
msgstr ""
13995
13996
#: serverguide/C/network-auth.xml:416(para)
13997
msgid ""
13998
"First, create a conversion <filename>schema_convert.conf</filename> file "
13999
"containing the following lines:"
14000
msgstr ""
14001
14002
#: serverguide/C/network-auth.xml:421(programlisting)
14003
#, no-wrap
14004
msgid ""
14005
"\n"
14006
"include /etc/ldap/schema/core.schema\n"
14007
"include /etc/ldap/schema/collective.schema\n"
14008
"include /etc/ldap/schema/corba.schema\n"
14009
"include /etc/ldap/schema/cosine.schema\n"
14010
"include /etc/ldap/schema/duaconf.schema\n"
14011
"include /etc/ldap/schema/dyngroup.schema\n"
14012
"include /etc/ldap/schema/inetorgperson.schema\n"
14013
"include /etc/ldap/schema/java.schema\n"
14014
"include /etc/ldap/schema/misc.schema\n"
14015
"include /etc/ldap/schema/nis.schema\n"
14016
"include /etc/ldap/schema/openldap.schema\n"
14017
"include /etc/ldap/schema/ppolicy.schema\n"
14018
msgstr ""
14019
14020
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1664(para)
14021
msgid "Next, create a temporary directory to hold the output:"
14022
msgstr ""
14023
14024
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1669(command) serverguide/C/network-auth.xml:2705(command)
14025
msgid "mkdir /tmp/ldif_output"
14026
msgstr ""
14027
14028
#: serverguide/C/network-auth.xml:450(para)
14029
msgid ""
14030
"Now using <application>slapcat</application> convert the schema files to "
14031
"LDIF:"
14032
msgstr ""
14033
14034
#: serverguide/C/network-auth.xml:455(command)
14035
msgid ""
14036
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14037
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
14038
msgstr ""
14039
14040
#: serverguide/C/network-auth.xml:458(para)
14041
msgid ""
14042
"Adjust the configuration file name and temporary directory names if yours "
14043
"are different. Also, it may be worthwhile to keep the "
14044
"<filename>ldif_output</filename> directory around in case you want to add "
14045
"additional schemas in the future."
14046
msgstr ""
14047
14048
#: serverguide/C/network-auth.xml:467(para)
14049
msgid ""
14050
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
14051
"following attributes:"
14052
msgstr ""
14053
14054
#: serverguide/C/network-auth.xml:471(programlisting)
14055
#, no-wrap
14056
msgid ""
14057
"\n"
14058
"dn: cn=dyngroup,cn=schema,cn=config\n"
14059
"...\n"
14060
"cn: dyngroup\n"
14061
msgstr ""
14062
14063
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1700(para)
14064
msgid "And remove the following lines from the bottom of the file:"
14065
msgstr ""
14066
14067
#: serverguide/C/network-auth.xml:481(programlisting)
14068
#, no-wrap
14069
msgid ""
14070
"\n"
14071
"structuralObjectClass: olcSchemaConfig\n"
14072
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
14073
"creatorsName: cn=config\n"
14074
"createTimestamp: 20080826021140Z\n"
14075
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
14076
"modifiersName: cn=config\n"
14077
"modifyTimestamp: 20080826021140Z\n"
14078
msgstr ""
14079
14080
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1715(para) serverguide/C/network-auth.xml:2751(para)
14081
msgid ""
14082
"The attribute values will vary, just be sure the attributes are removed."
14083
msgstr ""
14084
14085
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1723(para)
14086
msgid ""
14087
"Finally, using the <application>ldapadd</application> utility, add the new "
14088
"schema to the directory:"
14089
msgstr ""
14090
14091
#: serverguide/C/network-auth.xml:506(command)
14092
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
14093
msgstr ""
14094
14095
#: serverguide/C/network-auth.xml:512(para)
14096
msgid ""
14097
"There should now be a <emphasis>dn: "
14098
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
14099
msgstr ""
14100
14101
#: serverguide/C/network-auth.xml:522(title)
14102
msgid "LDAP Replication"
14103
msgstr ""
14104
14105
#: serverguide/C/network-auth.xml:524(para)
14106
msgid ""
14107
"LDAP often quickly becomes a highly critical service to the network. "
14108
"Multiple systems will come to depend on LDAP for authentication, "
14109
"authorization, configuration, etc. It is a good idea to setup a redundant "
14110
"system through replication."
14111
msgstr ""
14112
14113
#: serverguide/C/network-auth.xml:530(para)
14114
msgid ""
14115
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
14116
"Syncrepl allows the changes to be synced using a "
14117
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
14118
"provider sends directory changes to consumers."
14119
msgstr ""
14120
14121
#: serverguide/C/network-auth.xml:537(title)
14122
msgid "Provider Configuration"
14123
msgstr ""
14124
14125
#: serverguide/C/network-auth.xml:539(para)
14126
msgid ""
14127
"The following is an example of a <emphasis>Single-Master</emphasis> "
14128
"configuration. In this configuration one OpenLDAP server is configured as a "
14129
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
14130
msgstr ""
14131
14132
#: serverguide/C/network-auth.xml:547(para)
14133
msgid ""
14134
"First, configure the provider server. Copy the following to a file named "
14135
"<filename>provider_sync.ldif</filename>:"
14136
msgstr ""
14137
14138
#: serverguide/C/network-auth.xml:552(programlisting)
14139
#, no-wrap
14140
msgid ""
14141
"\n"
14142
"# Add indexes to the frontend db.\n"
14143
"dn: olcDatabase={1}hdb,cn=config\n"
14144
"changetype: modify\n"
14145
"add: olcDbIndex\n"
14146
"olcDbIndex: entryCSN eq\n"
14147
"-\n"
14148
"add: olcDbIndex\n"
14149
"olcDbIndex: entryUUID eq\n"
14150
"\n"
14151
"#Load the syncprov and accesslog modules.\n"
14152
"dn: cn=module{0},cn=config\n"
14153
"changetype: modify\n"
14154
"add: olcModuleLoad\n"
14155
"olcModuleLoad: syncprov\n"
14156
"-\n"
14157
"add: olcModuleLoad\n"
14158
"olcModuleLoad: accesslog\n"
14159
"\n"
14160
"# Accesslog database definitions\n"
14161
"dn: olcDatabase={2}hdb,cn=config\n"
14162
"objectClass: olcDatabaseConfig\n"
14163
"objectClass: olcHdbConfig\n"
14164
"olcDatabase: {2}hdb\n"
14165
"olcDbDirectory: /var/lib/ldap/accesslog\n"
14166
"olcSuffix: cn=accesslog\n"
14167
"olcRootDN: cn=admin,dc=example,dc=com\n"
14168
"olcDbIndex: default eq\n"
14169
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
14170
"\n"
14171
"# Accesslog db syncprov.\n"
14172
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
14173
"changetype: add\n"
14174
"objectClass: olcOverlayConfig\n"
14175
"objectClass: olcSyncProvConfig\n"
14176
"olcOverlay: syncprov\n"
14177
"olcSpNoPresent: TRUE\n"
14178
"olcSpReloadHint: TRUE\n"
14179
"\n"
14180
"# syncrepl Provider for primary db\n"
14181
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
14182
"changetype: add\n"
14183
"objectClass: olcOverlayConfig\n"
14184
"objectClass: olcSyncProvConfig\n"
14185
"olcOverlay: syncprov\n"
14186
"olcSpNoPresent: TRUE\n"
14187
"\n"
14188
"# accesslog overlay definitions for primary db\n"
14189
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
14190
"objectClass: olcOverlayConfig\n"
14191
"objectClass: olcAccessLogConfig\n"
14192
"olcOverlay: accesslog\n"
14193
"olcAccessLogDB: cn=accesslog\n"
14194
"olcAccessLogOps: writes\n"
14195
"olcAccessLogSuccess: TRUE\n"
14196
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
14197
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14198
msgstr ""
14199
14200
#: serverguide/C/network-auth.xml:614(para)
14201
msgid ""
14202
"The <application>AppArmor</application> profile for "
14203
"<application>slapd</application> will need to be adjusted for the accesslog "
14204
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
14205
"adding:"
14206
msgstr ""
14207
14208
#: serverguide/C/network-auth.xml:619(programlisting)
14209
#, no-wrap
14210
msgid ""
14211
"\n"
14212
" /var/lib/ldap/accesslog/ r,\n"
14213
" /var/lib/ldap/accesslog/** rwk,\n"
14214
msgstr ""
14215
14216
#: serverguide/C/network-auth.xml:624(para)
14217
msgid ""
14218
"Then create the directory, reload the <application>apparmor</application> "
14219
"profile, and copy the <filename>DB_CONFIG</filename> file:"
14220
msgstr ""
14221
14222
#: serverguide/C/network-auth.xml:630(command)
14223
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14224
msgstr ""
14225
14226
#: serverguide/C/network-auth.xml:631(command)
14227
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
14228
msgstr ""
14229
14230
#: serverguide/C/network-auth.xml:636(para)
14231
msgid ""
14232
"Using the <emphasis>-u openldap</emphasis> option with the "
14233
"<application>sudo</application> commands above removes the need to adjust "
14234
"permissions for the new directory later."
14235
msgstr ""
14236
14237
#: serverguide/C/network-auth.xml:645(para)
14238
msgid ""
14239
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
14240
"directory:"
14241
msgstr ""
14242
14243
#: serverguide/C/network-auth.xml:649(programlisting)
14244
#, no-wrap
14245
msgid ""
14246
"\n"
14247
"olcRootDN: cn=admin,dc=example,dc=com\n"
14248
msgstr ""
14249
14250
#: serverguide/C/network-auth.xml:657(para)
14251
msgid ""
14252
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
14253
msgstr ""
14254
14255
#: serverguide/C/network-auth.xml:662(command)
14256
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14257
msgstr ""
14258
14259
#: serverguide/C/network-auth.xml:669(para)
14260
msgid "Restart <application>slapd</application>:"
14261
msgstr ""
14262
14263
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1049(command) serverguide/C/network-auth.xml:1236(command)
14264
msgid "sudo /etc/init.d/slapd restart"
14265
msgstr ""
14266
14267
#: serverguide/C/network-auth.xml:680(para)
14268
msgid ""
14269
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
14270
"to configure a <emphasis>Consumer</emphasis> server."
14271
msgstr ""
14272
14273
#: serverguide/C/network-auth.xml:687(title)
14274
msgid "Consumer Configuration"
14275
msgstr ""
14276
14277
#: serverguide/C/network-auth.xml:692(para)
14278
msgid ""
14279
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
14280
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
14281
"configuration steps."
14282
msgstr ""
14283
14284
#: serverguide/C/network-auth.xml:697(para)
14285
msgid "Add the additional schema files:"
14286
msgstr ""
14287
14288
#: serverguide/C/network-auth.xml:707(para)
14289
msgid ""
14290
"Also, create, or copy from the provider server, the "
14291
"<filename>backend.example.com.ldif</filename>"
14292
msgstr ""
14293
14294
#: serverguide/C/network-auth.xml:711(programlisting)
14295
#, no-wrap
14296
msgid ""
14297
"\n"
14298
"# Load dynamic backend modules\n"
14299
"dn: cn=module,cn=config\n"
14300
"objectClass: olcModuleList\n"
14301
"cn: module\n"
14302
"olcModulepath: /usr/lib/ldap\n"
14303
"olcModuleload: back_hdb\n"
14304
"\n"
14305
"# Database settings\n"
14306
"dn: olcDatabase=hdb,cn=config\n"
14307
"objectClass: olcDatabaseConfig\n"
14308
"objectClass: olcHdbConfig\n"
14309
"olcDatabase: {1}hdb\n"
14310
"olcSuffix: dc=example,dc=com\n"
14311
"olcDbDirectory: /var/lib/ldap\n"
14312
"olcRootDN: cn=admin,dc=example,dc=com\n"
14313
"olcRootPW: secret\n"
14314
"olcDbConfig: set_cachesize 0 2097152 0\n"
14315
"olcDbConfig: set_lk_max_objects 1500\n"
14316
"olcDbConfig: set_lk_max_locks 1500\n"
14317
"olcDbConfig: set_lk_max_lockers 1500\n"
14318
"olcDbIndex: objectClass eq\n"
14319
"olcLastMod: TRUE\n"
14320
"olcDbCheckpoint: 512 30\n"
14321
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
14322
"by anonymous auth by self write by * none\n"
14323
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
14324
"olcAccess: to dn.base=\"\" by * read\n"
14325
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14326
msgstr ""
14327
14328
#: serverguide/C/network-auth.xml:741(para)
14329
msgid "And add the LDIF by entering:"
14330
msgstr ""
14331
14332
#: serverguide/C/network-auth.xml:752(para)
14333
msgid ""
14334
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
14335
"listed above, and add it:"
14336
msgstr ""
14337
14338
#: serverguide/C/network-auth.xml:760(para)
14339
msgid ""
14340
"The two severs should now have the same configuration except for the "
14341
"<emphasis>Syncrepl</emphasis> options."
14342
msgstr ""
14343
14344
#: serverguide/C/network-auth.xml:768(para)
14345
msgid ""
14346
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
14347
msgstr ""
14348
14349
#: serverguide/C/network-auth.xml:772(programlisting)
14350
#, no-wrap
14351
msgid ""
14352
"\n"
14353
"#Load the syncprov module.\n"
14354
"dn: cn=module{0},cn=config\n"
14355
"changetype: modify\n"
14356
"add: olcModuleLoad\n"
14357
"olcModuleLoad: syncprov\n"
14358
"\n"
14359
"# syncrepl specific indices\n"
14360
"dn: olcDatabase={1}hdb,cn=config\n"
14361
"changetype: modify\n"
14362
"add: olcDbIndex\n"
14363
"olcDbIndex: entryUUID eq\n"
14364
"-\n"
14365
"add: olcSyncRepl\n"
14366
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14367
"binddn=\"cn=admin,dc=example,dc=com\" \n"
14368
" credentials=secret searchbase=\"dc=example,dc=com\" "
14369
"logbase=\"cn=accesslog\" \n"
14370
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
14371
"schemachecking=on \n"
14372
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
14373
"-\n"
14374
"add: olcUpdateRef\n"
14375
"olcUpdateRef: ldap://ldap01.example.com\n"
14376
msgstr ""
14377
14378
#: serverguide/C/network-auth.xml:795(para)
14379
msgid "You will probably want to change the following attributes:"
14380
msgstr ""
14381
14382
#: serverguide/C/network-auth.xml:800(para)
14383
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
14384
msgstr ""
14385
14386
#: serverguide/C/network-auth.xml:801(emphasis)
14387
msgid "binddn"
14388
msgstr "binddn"
14389
14390
#: serverguide/C/network-auth.xml:802(emphasis)
14391
msgid "credentials"
14392
msgstr "credentials"
14393
14394
#: serverguide/C/network-auth.xml:803(emphasis)
14395
msgid "searchbase"
14396
msgstr "searchbase"
14397
14398
#: serverguide/C/network-auth.xml:804(emphasis)
14399
msgid "olcUpdateRef:"
14400
msgstr "olcUpdateRef:"
14401
14402
#: serverguide/C/network-auth.xml:810(para)
14403
msgid "Add the LDIF file to the configuration tree:"
14404
msgstr ""
14405
14406
#: serverguide/C/network-auth.xml:815(command)
14407
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14408
msgstr ""
14409
14410
#: serverguide/C/network-auth.xml:821(para)
14411
msgid ""
14412
"The frontend database should now sync between servers. You can add "
14413
"additional servers using the steps above as the need arises."
14414
msgstr ""
14415
14416
#: serverguide/C/network-auth.xml:831(programlisting)
14417
#, no-wrap
14418
msgid "127.0.0.1\tldap01.example.com ldap01"
14419
msgstr ""
14420
14421
#: serverguide/C/network-auth.xml:827(para)
14422
msgid ""
14423
"The <application>slapd</application> daemon will send log information to "
14424
"<filename>/var/log/syslog</filename> by default. So if all does "
14425
"<emphasis>not</emphasis> go well check there for errors and other "
14426
"troubleshooting information. Also, be sure that each server knows it's Fully "
14427
"Qualified Domain Name (FQDN). This is configured in "
14428
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
14429
msgstr ""
14430
14431
#: serverguide/C/network-auth.xml:839(title)
14432
msgid "Setting up ACL"
14433
msgstr ""
14434
14435
#: serverguide/C/network-auth.xml:841(para)
14436
msgid ""
14437
"Authentication requires access to the password field, that should be not "
14438
"accessible by default. Also, in order for users to change their own "
14439
"password, using <command>passwd</command> or other utilities, "
14440
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
14441
"authenticated."
14442
msgstr ""
14443
14444
#: serverguide/C/network-auth.xml:848(para)
14445
msgid ""
14446
"To view the Access Control List (ACL) for the <emphasis>cn=config</emphasis> "
14447
"tree, use the <application>ldapsearch</application> utility:"
14448
msgstr ""
14449
14450
#: serverguide/C/network-auth.xml:854(command)
14451
msgid ""
14452
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
14453
"olcDatabase=config olcAccess"
14454
msgstr ""
14455
14456
#: serverguide/C/network-auth.xml:858(computeroutput)
14457
#, no-wrap
14458
msgid ""
14459
"SASL/EXTERNAL authentication started\n"
14460
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14461
"SASL SSF: 0\n"
14462
"dn: olcDatabase={0}config,cn=config\n"
14463
"olcAccess: {0}to * by "
14464
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external\n"
14465
" ,cn=auth manage by * break\n"
14466
msgstr ""
14467
14468
#: serverguide/C/network-auth.xml:867(para)
14469
msgid "To see the ACL for the frontend tree enter:"
14470
msgstr ""
14471
14472
#: serverguide/C/network-auth.xml:872(command)
14473
msgid ""
14474
"sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "
14475
"olcDatabase={1}hdb olcAccess"
14476
msgstr ""
14477
14478
#: serverguide/C/network-auth.xml:878(title)
14479
msgid "TLS and SSL"
14480
msgstr ""
14481
14482
#: serverguide/C/network-auth.xml:880(para)
14483
msgid ""
14484
"When authenticating to an OpenLDAP server it is best to do so using an "
14485
"encrypted session. This can be accomplished using Transport Layer Security "
14486
"(TLS) and/or Secure Sockets Layer (SSL)."
14487
msgstr ""
14488
14489
#: serverguide/C/network-auth.xml:885(para)
14490
msgid ""
14491
"The first step in the process is to obtain or create a "
14492
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
14493
"is compiled using the <application>gnutls</application> library, the "
14494
"<application>certtool</application> utility will be used to create "
14495
"certificates."
14496
msgstr ""
14497
14498
#: serverguide/C/network-auth.xml:894(para)
14499
msgid ""
14500
"First, install <application>gnutls-bin</application> by entering the "
14501
"following in a terminal:"
14502
msgstr ""
14503
14504
#: serverguide/C/network-auth.xml:899(command)
14505
msgid "sudo apt-get install gnutls-bin"
14506
msgstr ""
14507
14508
#: serverguide/C/network-auth.xml:905(para)
14509
msgid ""
14510
"Next, create a private key for the <emphasis>Certificate "
14511
"Authority</emphasis> (CA):"
14512
msgstr ""
14513
14514
#: serverguide/C/network-auth.xml:910(command)
14515
msgid ""
14516
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14517
msgstr ""
14518
14519
#: serverguide/C/network-auth.xml:916(para)
14520
msgid ""
14521
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
14522
"CA certificate containing:"
14523
msgstr ""
14524
14525
#: serverguide/C/network-auth.xml:920(programlisting)
14526
#, no-wrap
14527
msgid ""
14528
"\n"
14529
"cn = Example Company\n"
14530
"ca\n"
14531
"cert_signing_key\n"
14532
msgstr ""
14533
14534
#: serverguide/C/network-auth.xml:929(para)
14535
msgid "Now create the self-signed CA certificate:"
14536
msgstr ""
14537
14538
#: serverguide/C/network-auth.xml:934(command)
14539
msgid ""
14540
"sudo certtool --generate-self-signed --load-privkey "
14541
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
14542
"/etc/ssl/certs/cacert.pem"
14543
msgstr ""
14544
14545
#: serverguide/C/network-auth.xml:941(para)
14546
msgid "Make a private key for the server:"
14547
msgstr ""
14548
14549
#: serverguide/C/network-auth.xml:946(command)
14550
msgid ""
14551
"sudo sh -c \"certtool --generate-privkey > "
14552
"/etc/ssl/private/ldap01_slapd_key.pem\""
14553
msgstr ""
14554
14555
#: serverguide/C/network-auth.xml:950(para)
14556
msgid ""
14557
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14558
"hostname. Naming the certificate and key for the host and service that will "
14559
"be using them will help keep filenames and paths straight."
14560
msgstr ""
14561
14562
#: serverguide/C/network-auth.xml:959(para)
14563
msgid ""
14564
"To sign the server's certificate with the CA, create the "
14565
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
14566
msgstr ""
14567
14568
#: serverguide/C/network-auth.xml:963(programlisting)
14569
#, no-wrap
14570
msgid ""
14571
"\n"
14572
"organization = Example Company\n"
14573
"cn = ldap01.example.com\n"
14574
"tls_www_server\n"
14575
"encryption_key\n"
14576
"signing_key\n"
14577
msgstr ""
14578
14579
#: serverguide/C/network-auth.xml:974(para)
14580
msgid "Create the server's certificate:"
14581
msgstr ""
14582
14583
#: serverguide/C/network-auth.xml:979(command)
14584
msgid ""
14585
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
14586
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
14587
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
14588
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
14589
msgstr ""
14590
14591
#: serverguide/C/network-auth.xml:987(para)
14592
msgid ""
14593
"Once you have a certificate, key, and CA cert installed, use "
14594
"<application>ldapmodify</application> to add the new configuration options:"
14595
msgstr ""
14596
14597
#: serverguide/C/network-auth.xml:998(userinput)
14598
#, no-wrap
14599
msgid ""
14600
"dn: cn=config\n"
14601
"add: olcTLSCACertificateFile\n"
14602
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14603
"-\n"
14604
"add: olcTLSCertificateFile\n"
14605
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
14606
"-\n"
14607
"add: olcTLSCertificateKeyFile\n"
14608
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
14609
msgstr ""
14610
14611
#: serverguide/C/network-auth.xml:997(computeroutput) serverguide/C/network-auth.xml:1168(computeroutput)
14612
#, no-wrap
14613
msgid ""
14614
"Enter LDAP Password:\n"
14615
"<placeholder-1/>\n"
14616
"\n"
14617
"modifying entry \"cn=config\"\n"
14618
msgstr ""
14619
14620
#: serverguide/C/network-auth.xml:1013(para)
14621
msgid ""
14622
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14623
"<filename>ldap01_slapd_key.pem</filename>, and "
14624
"<filename>cacert.pem</filename> names if yours are different."
14625
msgstr ""
14626
14627
#: serverguide/C/network-auth.xml:1019(para)
14628
msgid ""
14629
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
14630
"<emphasis>SLAPD_SERVICES</emphasis> option:"
14631
msgstr ""
14632
14633
#: serverguide/C/network-auth.xml:1023(programlisting)
14634
#, no-wrap
14635
msgid ""
14636
"\n"
14637
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14638
msgstr ""
14639
14640
#: serverguide/C/network-auth.xml:1027(para)
14641
msgid ""
14642
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
14643
msgstr ""
14644
14645
#: serverguide/C/network-auth.xml:1032(command)
14646
msgid "sudo adduser openldap ssl-cert"
14647
msgstr ""
14648
14649
#: serverguide/C/network-auth.xml:1033(command)
14650
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14651
msgstr ""
14652
14653
#: serverguide/C/network-auth.xml:1034(command)
14654
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14655
msgstr ""
14656
14657
#: serverguide/C/network-auth.xml:1038(para)
14658
msgid ""
14659
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
14660
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
14661
"adjust the commands appropriately."
14662
msgstr ""
14663
14664
#: serverguide/C/network-auth.xml:1044(para)
14665
msgid "Finally, restart <application>slapd</application>:"
14666
msgstr ""
14667
14668
#: serverguide/C/network-auth.xml:1052(para)
14669
msgid ""
14670
"The <application>slapd</application> daemon should now be listening for "
14671
"LDAPS connections and be able to use STARTTLS during authentication."
14672
msgstr ""
14673
14674
#: serverguide/C/network-auth.xml:1058(para)
14675
msgid ""
14676
"If you run into troubles with the server not starting, check the "
14677
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
14678
"it is likely there is a configuration problem. Check that the certificate is "
14679
"signed by the authority from in the files configured, and that the ssl-cert "
14680
"group has read permissions on the private key."
14681
msgstr ""
14682
14683
#: serverguide/C/network-auth.xml:1070(title)
14684
msgid "TLS Replication"
14685
msgstr ""
14686
14687
#: serverguide/C/network-auth.xml:1072(para)
14688
msgid ""
14689
"If you have setup <application>Syncrepl</application> between servers, it is "
14690
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
14691
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
14692
"linkend=\"openldap-server-replication\"/>."
14693
msgstr ""
14694
14695
#: serverguide/C/network-auth.xml:1078(para)
14696
msgid ""
14697
"Assuming you have followed the above instructions and created a CA "
14698
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14699
"server. Follow the following instructions to create a certificate and key "
14700
"for the <emphasis>Consumer</emphasis> server."
14701
msgstr ""
14702
14703
#: serverguide/C/network-auth.xml:1087(para)
14704
msgid "Create a new key for the Consumer server:"
14705
msgstr ""
14706
14707
#: serverguide/C/network-auth.xml:1092(command)
14708
msgid "mkdir ldap02-ssl"
14709
msgstr ""
14710
14711
#: serverguide/C/network-auth.xml:1093(command)
14712
msgid "cd ldap02-ssl"
14713
msgstr ""
14714
14715
#: serverguide/C/network-auth.xml:1094(command)
14716
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14717
msgstr ""
14718
14719
#: serverguide/C/network-auth.xml:1098(para)
14720
msgid ""
14721
"Creating a new directory is not strictly necessary, but it will help keep "
14722
"things organized and make it easier to copy the files to the Consumer server."
14723
msgstr ""
14724
14725
#: serverguide/C/network-auth.xml:1107(para)
14726
msgid ""
14727
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14728
"server, changing the attributes to match your locality and server:"
14729
msgstr ""
14730
14731
#: serverguide/C/network-auth.xml:1112(programlisting)
14732
#, no-wrap
14733
msgid ""
14734
"\n"
14735
"country = US\n"
14736
"state = North Carolina\n"
14737
"locality = Winston-Salem\n"
14738
"organization = Example Company\n"
14739
"cn = ldap02.salem.edu\n"
14740
"tls_www_client\n"
14741
"encryption_key\n"
14742
"signing_key\n"
14743
msgstr ""
14744
14745
#: serverguide/C/network-auth.xml:1126(para)
14746
msgid "Create the certificate:"
14747
msgstr ""
14748
14749
#: serverguide/C/network-auth.xml:1131(command)
14750
msgid ""
14751
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14752
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14753
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14754
"ldap02_slapd_cert.pem"
14755
msgstr ""
14756
14757
#: serverguide/C/network-auth.xml:1139(para)
14758
msgid "Copy the <filename>cacert.pem</filename> to the directory:"
14759
msgstr ""
14760
14761
#: serverguide/C/network-auth.xml:1144(command)
14762
msgid "cp /etc/ssl/certs/cacert.pem ."
14763
msgstr ""
14764
14765
#: serverguide/C/network-auth.xml:1150(para)
14766
msgid ""
14767
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14768
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14769
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14770
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14771
"<filename>/etc/ssl/private</filename>."
14772
msgstr ""
14773
14774
#: serverguide/C/network-auth.xml:1159(para)
14775
msgid ""
14776
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14777
"by entering:"
14778
msgstr ""
14779
14780
#: serverguide/C/network-auth.xml:1169(userinput)
14781
#, no-wrap
14782
msgid ""
14783
"dn: cn=config\n"
14784
"add: olcTLSCACertificateFile\n"
14785
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14786
"-\n"
14787
"add: olcTLSCertificateFile\n"
14788
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14789
"-\n"
14790
"add: olcTLSCertificateKeyFile\n"
14791
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14792
msgstr ""
14793
14794
#: serverguide/C/network-auth.xml:1186(para)
14795
msgid ""
14796
"As with the Provider you can now edit "
14797
"<filename>/etc/default/slapd</filename> and add the "
14798
"<emphasis>ldaps:///</emphasis> parameter to the "
14799
"<emphasis>SLAPD_SERVICES</emphasis> option."
14800
msgstr ""
14801
14802
#: serverguide/C/network-auth.xml:1194(para)
14803
msgid ""
14804
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14805
"modify the <emphasis>Consumer</emphasis> server's "
14806
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14807
msgstr ""
14808
14809
#: serverguide/C/network-auth.xml:1207(userinput)
14810
#, no-wrap
14811
msgid ""
14812
"\n"
14813
"dn: olcDatabase={1}hdb,cn=config\n"
14814
"replace: olcSyncrepl\n"
14815
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14816
"binddn=\"cn=ad\n"
14817
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14818
"logbas\n"
14819
" e=\"cn=accesslog\" "
14820
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14821
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14822
"starttls=yes"
14823
msgstr ""
14824
14825
#: serverguide/C/network-auth.xml:1204(computeroutput)
14826
#, no-wrap
14827
msgid ""
14828
"SASL/EXTERNAL authentication started\n"
14829
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14830
"SASL SSF: 0\n"
14831
"<placeholder-1/>\n"
14832
"\n"
14833
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14834
msgstr ""
14835
14836
#: serverguide/C/network-auth.xml:1219(para)
14837
msgid ""
14838
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14839
"(FQDN) in the certificate, you may have to edit "
14840
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14841
msgstr ""
14842
14843
#: serverguide/C/network-auth.xml:1224(programlisting)
14844
#, no-wrap
14845
msgid ""
14846
"\n"
14847
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14848
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14849
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14850
msgstr ""
14851
14852
#: serverguide/C/network-auth.xml:1231(para)
14853
msgid ""
14854
"Finally, restart <application>slapd</application> on each of the servers:"
14855
msgstr ""
14856
14857
#: serverguide/C/network-auth.xml:1244(title)
14858
msgid "LDAP Authentication"
14859
msgstr "Розпізнавання LDAP"
14860
14861
#: serverguide/C/network-auth.xml:1246(para)
14862
msgid ""
14863
"Once you have a working LDAP server, the <application>auth-client-"
14864
"config</application> and <application>libnss-ldap</application> packages "
14865
"take the pain out of configuring an Ubuntu client to authenticate using "
14866
"LDAP. To install the packages from, a terminal prompt enter:"
14867
msgstr ""
14868
14869
#: serverguide/C/network-auth.xml:1253(command)
14870
msgid "sudo apt-get install libnss-ldap"
14871
msgstr ""
14872
14873
#: serverguide/C/network-auth.xml:1256(para)
14874
msgid ""
14875
"During the install a menu dialog will ask you connection details about your "
14876
"LDAP server."
14877
msgstr ""
14878
14879
#: serverguide/C/network-auth.xml:1260(para)
14880
msgid ""
14881
"If you make a mistake when entering your information you can execute the "
14882
"dialog again using:"
14883
msgstr ""
14884
14885
#: serverguide/C/network-auth.xml:1265(command)
14886
msgid "sudo dpkg-reconfigure ldap-auth-config"
14887
msgstr ""
14888
14889
#: serverguide/C/network-auth.xml:1268(para)
14890
msgid ""
14891
"The results of the dialog can be seen in "
14892
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14893
"covered in the menu edit this file accordingly."
14894
msgstr ""
14895
14896
#: serverguide/C/network-auth.xml:1273(para)
14897
msgid ""
14898
"Now that <application>libnss-ldap</application> is configured enable the "
14899
"<application>auth-client-config</application> LDAP profile by entering:"
14900
msgstr ""
14901
14902
#: serverguide/C/network-auth.xml:1279(command)
14903
msgid "sudo auth-client-config -t nss -p lac_ldap"
14904
msgstr ""
14905
14906
#: serverguide/C/network-auth.xml:1284(para)
14907
msgid ""
14908
"<emphasis>-t:</emphasis> only modifies "
14909
"<filename>/etc/nsswitch.conf</filename>."
14910
msgstr ""
14911
14912
#: serverguide/C/network-auth.xml:1289(para)
14913
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14914
msgstr ""
14915
14916
#: serverguide/C/network-auth.xml:1294(para)
14917
msgid ""
14918
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14919
"config</application> profile that is part of the <application>ldap-auth-"
14920
"config</application> package."
14921
msgstr ""
14922
14923
#: serverguide/C/network-auth.xml:1301(para)
14924
msgid ""
14925
"Using the <application>pam-auth-update</application> utility, configure the "
14926
"system to use LDAP for authentication:"
14927
msgstr ""
14928
14929
#: serverguide/C/network-auth.xml:1306(command)
14930
msgid "sudo pam-auth-update"
14931
msgstr ""
14932
14933
#: serverguide/C/network-auth.xml:1309(para)
14934
msgid ""
14935
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14936
"any other authentication mechanisms you need."
14937
msgstr ""
14938
14939
#: serverguide/C/network-auth.xml:1313(para)
14940
msgid ""
14941
"You should now be able to login using user credentials stored in the LDAP "
14942
"directory."
14943
msgstr ""
14944
14945
#: serverguide/C/network-auth.xml:1318(para)
14946
msgid ""
14947
"If you are going to use LDAP to store Samba users you will need to configure "
14948
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14949
"for details."
14950
msgstr ""
14951
14952
#: serverguide/C/network-auth.xml:1326(title)
14953
msgid "User and Group Management"
14954
msgstr ""
14955
14956
#: serverguide/C/network-auth.xml:1328(para)
14957
msgid ""
14958
"The <application>ldap-utils</application> package comes with multiple "
14959
"utilities to manage the directory, but the long string of options needed, "
14960
"can make them a burden to use. The <application>ldapscripts</application> "
14961
"package contains configurable scripts to easily manage LDAP users and groups."
14962
msgstr ""
14963
14964
#: serverguide/C/network-auth.xml:1334(para)
14965
msgid "To install the package, from a terminal enter:"
14966
msgstr ""
14967
14968
#: serverguide/C/network-auth.xml:1339(command)
14969
msgid "sudo apt-get install ldapscripts"
14970
msgstr ""
14971
14972
#: serverguide/C/network-auth.xml:1342(para)
14973
msgid ""
14974
"Next, edit the config file "
14975
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14976
"changing the following to match your environment:"
14977
msgstr ""
14978
14979
#: serverguide/C/network-auth.xml:1347(programlisting)
14980
#, no-wrap
14981
msgid ""
14982
"\n"
14983
"SERVER=localhost\n"
14984
"BINDDN='cn=admin,dc=example,dc=com'\n"
14985
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14986
"SUFFIX='dc=example,dc=com'\n"
14987
"GSUFFIX='ou=Groups'\n"
14988
"USUFFIX='ou=People'\n"
14989
"MSUFFIX='ou=Computers'\n"
14990
"GIDSTART=10000\n"
14991
"UIDSTART=10000\n"
14992
"MIDSTART=10000\n"
14993
msgstr ""
14994
14995
#: serverguide/C/network-auth.xml:1360(para)
14996
msgid ""
14997
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14998
"authenticated access to the directory:"
14999
msgstr ""
15000
15001
#: serverguide/C/network-auth.xml:1365(command)
15002
msgid ""
15003
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15004
msgstr ""
15005
15006
#: serverguide/C/network-auth.xml:1366(command)
15007
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15008
msgstr ""
15009
15010
#: serverguide/C/network-auth.xml:1370(para)
15011
msgid ""
15012
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
15013
"user."
15014
msgstr ""
15015
15016
#: serverguide/C/network-auth.xml:1375(para)
15017
msgid ""
15018
"The <application>ldapscripts</application> are now ready to help manage your "
15019
"directory. The following are some examples of how to use the scripts:"
15020
msgstr ""
15021
15022
#: serverguide/C/network-auth.xml:1382(para)
15023
msgid "Create a new user:"
15024
msgstr ""
15025
15026
#: serverguide/C/network-auth.xml:1386(command)
15027
msgid "sudo ldapadduser george example"
15028
msgstr ""
15029
15030
#: serverguide/C/network-auth.xml:1388(para)
15031
msgid ""
15032
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15033
"and set the user's primary group (gid) to <emphasis "
15034
"role=\"italic\">example</emphasis>"
15035
msgstr ""
15036
15037
#: serverguide/C/network-auth.xml:1394(para)
15038
msgid "Change a user's password:"
15039
msgstr ""
15040
15041
#: serverguide/C/network-auth.xml:1398(command)
15042
msgid "sudo ldapsetpasswd george"
15043
msgstr ""
15044
15045
#: serverguide/C/network-auth.xml:1399(computeroutput)
15046
#, no-wrap
15047
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15048
msgstr ""
15049
15050
#: serverguide/C/network-auth.xml:1400(userinput)
15051
#, no-wrap
15052
msgid "New Password: "
15053
msgstr "Новий пароль: "
15054
15055
#: serverguide/C/network-auth.xml:1401(userinput)
15056
#, no-wrap
15057
msgid "New Password (verify): "
15058
msgstr ""
15059
15060
#: serverguide/C/network-auth.xml:1405(para)
15061
msgid "Delete a user:"
15062
msgstr ""
15063
15064
#: serverguide/C/network-auth.xml:1409(command)
15065
msgid "sudo ldapdeleteuser george"
15066
msgstr ""
15067
15068
#: serverguide/C/network-auth.xml:1414(para)
15069
msgid "Add a group:"
15070
msgstr ""
15071
15072
#: serverguide/C/network-auth.xml:1418(command)
15073
msgid "sudo ldapaddgroup qa"
15074
msgstr ""
15075
15076
#: serverguide/C/network-auth.xml:1422(para)
15077
msgid "Delete a group:"
15078
msgstr ""
15079
15080
#: serverguide/C/network-auth.xml:1426(command)
15081
msgid "sudo ldapdeletegroup qa"
15082
msgstr ""
15083
15084
#: serverguide/C/network-auth.xml:1430(para)
15085
msgid "Add a user to a group:"
15086
msgstr ""
15087
15088
#: serverguide/C/network-auth.xml:1434(command)
15089
msgid "sudo ldapaddusertogroup george qa"
15090
msgstr ""
15091
15092
#: serverguide/C/network-auth.xml:1436(para)
15093
msgid ""
15094
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15095
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15096
"role=\"italic\">george</emphasis>."
15097
msgstr ""
15098
15099
#: serverguide/C/network-auth.xml:1442(para)
15100
msgid "Remove a user from a group:"
15101
msgstr ""
15102
15103
#: serverguide/C/network-auth.xml:1446(command)
15104
msgid "sudo ldapdeleteuserfromgroup george qa"
15105
msgstr ""
15106
15107
#: serverguide/C/network-auth.xml:1448(para)
15108
msgid ""
15109
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15110
"<emphasis role=\"italic\">qa</emphasis> group."
15111
msgstr ""
15112
15113
#: serverguide/C/network-auth.xml:1454(para)
15114
msgid ""
15115
"The <application>ldapmodifyuser</application> script allows you to add, "
15116
"remove, or replace a user's attributes. The script uses the same syntax as "
15117
"the <application>ldapmodify</application> utility. For example:"
15118
msgstr ""
15119
15120
#: serverguide/C/network-auth.xml:1459(command)
15121
msgid "sudo ldapmodifyuser george"
15122
msgstr ""
15123
15124
#: serverguide/C/network-auth.xml:1460(computeroutput)
15125
#, no-wrap
15126
msgid ""
15127
"# About to modify the following entry :\n"
15128
"dn: uid=george,ou=People,dc=example,dc=com\n"
15129
"objectClass: account\n"
15130
"objectClass: posixAccount\n"
15131
"cn: george\n"
15132
"uid: george\n"
15133
"uidNumber: 1001\n"
15134
"gidNumber: 1001\n"
15135
"homeDirectory: /home/george\n"
15136
"loginShell: /bin/bash\n"
15137
"gecos: george\n"
15138
"description: User account\n"
15139
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
15140
"\n"
15141
"# Enter your modifications here, end with CTRL-D.\n"
15142
"dn: uid=george,ou=People,dc=example,dc=com"
15143
msgstr ""
15144
15145
#: serverguide/C/network-auth.xml:1476(userinput)
15146
#, no-wrap
15147
msgid ""
15148
"replace: gecos\n"
15149
"gecos: George Carlin"
15150
msgstr ""
15151
15152
#: serverguide/C/network-auth.xml:1479(para)
15153
msgid ""
15154
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15155
"Carlin</quote>."
15156
msgstr ""
15157
15158
#: serverguide/C/network-auth.xml:1484(para)
15159
msgid ""
15160
"Another great feature of <application>ldapscripts</application>, is the "
15161
"template system. Templates allow you to customize the attributes of user, "
15162
"group, and machine objectes. For example, to enable the "
15163
"<emphasis>user</emphasis> template edit "
15164
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
15165
msgstr ""
15166
15167
#: serverguide/C/network-auth.xml:1491(programlisting)
15168
#, no-wrap
15169
msgid ""
15170
"\n"
15171
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15172
msgstr ""
15173
15174
#: serverguide/C/network-auth.xml:1495(para)
15175
msgid ""
15176
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15177
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
15178
"<filename>ldapadduser.template.sample</filename> file to "
15179
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15180
msgstr ""
15181
15182
#: serverguide/C/network-auth.xml:1502(command)
15183
msgid ""
15184
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample "
15185
"/etc/ldapscripts/ldapadduser.template"
15186
msgstr ""
15187
15188
#: serverguide/C/network-auth.xml:1505(para)
15189
msgid ""
15190
"Edit the new template to add the desired attributes. The following will "
15191
"create new user's as with an <emphasis>objectClass</emphasis> of "
15192
"<emphasis>inetOrgPerson</emphasis>:"
15193
msgstr ""
15194
15195
#: serverguide/C/network-auth.xml:1510(programlisting)
15196
#, no-wrap
15197
msgid ""
15198
"\n"
15199
"dn: uid=<user>,<usuffix>,<suffix>\n"
15200
"objectClass: inetOrgPerson\n"
15201
"objectClass: posixAccount\n"
15202
"cn: <user>\n"
15203
"sn: <ask>\n"
15204
"uid: <user>\n"
15205
"uidNumber: <uid>\n"
15206
"gidNumber: <gid>\n"
15207
"homeDirectory: <home>\n"
15208
"loginShell: <shell>\n"
15209
"gecos: <user>\n"
15210
"description: User account\n"
15211
"title: Employee\n"
15212
msgstr ""
15213
15214
#: serverguide/C/network-auth.xml:1526(para)
15215
msgid ""
15216
"Notice the <emphasis><ask></emphasis> option used for the "
15217
"<emphasis>ssn</emphasis> value. Using <ask> will configure "
15218
"<application>ldapadduser</application> to prompt you for the attribute value "
15219
"during user creation."
15220
msgstr ""
15221
15222
#: serverguide/C/network-auth.xml:1534(para)
15223
msgid ""
15224
"There are more useful scripts in the package, to see a full list enter: "
15225
"<command>dpkg -L ldapscripts | grep bin</command>"
15226
msgstr ""
15227
15228
#: serverguide/C/network-auth.xml:1543(para)
15229
msgid ""
15230
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
15231
"Ubuntu Wiki</ulink> page has more details."
15232
msgstr ""
15233
15234
#: serverguide/C/network-auth.xml:1548(para)
15235
msgid ""
15236
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
15237
"Home Page</ulink>"
15238
msgstr ""
15239
15240
#: serverguide/C/network-auth.xml:1553(para)
15241
msgid ""
15242
"Though starting to show it's age, a great source for in depth LDAP "
15243
"information is O'Reilly's <ulink "
15244
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
15245
"Administration</ulink>"
15246
msgstr ""
15247
15248
#: serverguide/C/network-auth.xml:1559(para)
15249
msgid ""
15250
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
15251
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
15252
"newer versions of OpenLDAP."
15253
msgstr ""
15254
15255
#: serverguide/C/network-auth.xml:1565(para)
15256
msgid ""
15257
"For more information on <application>auth-client-config</application> see "
15258
"the man page: <command>man auth-client-config</command>."
15259
msgstr ""
15260
15261
#: serverguide/C/network-auth.xml:1570(para)
15262
msgid ""
15263
"For more details regarding the <application>ldapscripts</application> "
15264
"package see the man pages: <command>man ldapscripts</command>, <command>man "
15265
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
15266
msgstr ""
15267
15268
#: serverguide/C/network-auth.xml:1580(title)
15269
msgid "Samba and LDAP"
15270
msgstr ""
15271
15272
#: serverguide/C/network-auth.xml:1582(para)
15273
msgid ""
15274
"This section covers configuring Samba to use LDAP for user, group, and "
15275
"machine account information and authentication. The assumption is, you "
15276
"already have a working OpenLDAP directory installed and the server is "
15277
"configured to use it for authentication. See <xref linkend=\"openldap-"
15278
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
15279
"setting up OpenLDAP. For more information on installing and configuring "
15280
"Samba see <xref linkend=\"windows-networking\"/>."
15281
msgstr ""
15282
15283
#: serverguide/C/network-auth.xml:1592(para)
15284
msgid ""
15285
"There are three packages needed when integrating Samba with LDAP. "
15286
"<application>samba</application>, <application>samba-doc</application>, and "
15287
"<application>smbldap-tools</application> packages . To install the packages, "
15288
"from a terminal enter:"
15289
msgstr ""
15290
15291
#: serverguide/C/network-auth.xml:1598(command)
15292
msgid "sudo apt-get install samba samba-doc smbldap-tools"
15293
msgstr ""
15294
15295
#: serverguide/C/network-auth.xml:1601(para)
15296
msgid ""
15297
"Strictly speaking the <application>smbldap-tools</application> package isn't "
15298
"needed, but unless you have another package or custom scripts, a method of "
15299
"managing users, groups, and computer accounts is needed."
15300
msgstr ""
15301
15302
#: serverguide/C/network-auth.xml:1608(title)
15303
msgid "OpenLDAP Configuration"
15304
msgstr ""
15305
15306
#: serverguide/C/network-auth.xml:1610(para)
15307
msgid ""
15308
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
15309
"the user objects in the directory will need additional attributes. This "
15310
"section assumes you want Samba to be configured as a Windows NT domain "
15311
"controller, and will add the necessary LDAP objects and attributes."
15312
msgstr ""
15313
15314
#: serverguide/C/network-auth.xml:1618(para)
15315
msgid ""
15316
"The Samba attributes are defined in the <filename>samba.schema</filename> "
15317
"file which is part of the <application>samba-doc</application> package. The "
15318
"schema file needs to be unzipped and copied to "
15319
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
15320
msgstr ""
15321
15322
#: serverguide/C/network-auth.xml:1625(command)
15323
msgid ""
15324
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
15325
"/etc/ldap/schema/"
15326
msgstr ""
15327
15328
#: serverguide/C/network-auth.xml:1626(command)
15329
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
15330
msgstr ""
15331
15332
#: serverguide/C/network-auth.xml:1632(para)
15333
msgid ""
15334
"The <emphasis>samba</emphasis> schema needs to be added to the "
15335
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15336
"<application>slapd</application> is also detailed in <xref "
15337
"linkend=\"openldap-configuration\"/>."
15338
msgstr ""
15339
15340
#: serverguide/C/network-auth.xml:1640(para) serverguide/C/network-auth.xml:2676(para)
15341
msgid ""
15342
"First, create a configuration file named "
15343
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
15344
"containing the following lines:"
15345
msgstr ""
15346
15347
#: serverguide/C/network-auth.xml:1645(programlisting)
15348
#, no-wrap
15349
msgid ""
15350
"\n"
15351
"include /etc/ldap/schema/core.schema\n"
15352
"include /etc/ldap/schema/collective.schema\n"
15353
"include /etc/ldap/schema/corba.schema\n"
15354
"include /etc/ldap/schema/cosine.schema\n"
15355
"include /etc/ldap/schema/duaconf.schema\n"
15356
"include /etc/ldap/schema/dyngroup.schema\n"
15357
"include /etc/ldap/schema/inetorgperson.schema\n"
15358
"include /etc/ldap/schema/java.schema\n"
15359
"include /etc/ldap/schema/misc.schema\n"
15360
"include /etc/ldap/schema/nis.schema\n"
15361
"include /etc/ldap/schema/openldap.schema\n"
15362
"include /etc/ldap/schema/ppolicy.schema\n"
15363
"include /etc/ldap/schema/samba.schema\n"
15364
msgstr ""
15365
15366
#: serverguide/C/network-auth.xml:1675(para) serverguide/C/network-auth.xml:2711(para)
15367
msgid ""
15368
"Now use <application>slapcat</application> to convert the schema files:"
15369
msgstr ""
15370
15371
#: serverguide/C/network-auth.xml:1680(command)
15372
msgid ""
15373
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15374
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
15375
msgstr ""
15376
15377
#: serverguide/C/network-auth.xml:1683(para) serverguide/C/network-auth.xml:2719(para)
15378
msgid ""
15379
"Change the above file and path names to match your own if they are different."
15380
msgstr ""
15381
15382
#: serverguide/C/network-auth.xml:1690(para)
15383
msgid ""
15384
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
15385
"the following attributes:"
15386
msgstr ""
15387
15388
#: serverguide/C/network-auth.xml:1694(programlisting)
15389
#, no-wrap
15390
msgid ""
15391
"\n"
15392
"dn: cn=samba,cn=schema,cn=config\n"
15393
"...\n"
15394
"cn: samba\n"
15395
msgstr ""
15396
15397
#: serverguide/C/network-auth.xml:1704(programlisting)
15398
#, no-wrap
15399
msgid ""
15400
"\n"
15401
"structuralObjectClass: olcSchemaConfig\n"
15402
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
15403
"creatorsName: cn=config\n"
15404
"createTimestamp: 20080827045234Z\n"
15405
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
15406
"modifiersName: cn=config\n"
15407
"modifyTimestamp: 20080827045234Z\n"
15408
msgstr ""
15409
15410
#: serverguide/C/network-auth.xml:1729(command)
15411
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
15412
msgstr ""
15413
15414
#: serverguide/C/network-auth.xml:1735(para)
15415
msgid ""
15416
"There should now be a <emphasis>dn: "
15417
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
15418
"sequential schema, entry in the cn=config tree."
15419
msgstr ""
15420
15421
#: serverguide/C/network-auth.xml:1743(para)
15422
msgid ""
15423
"Copy and paste the following into a file named "
15424
"<filename>samba_indexes.ldif</filename>:"
15425
msgstr ""
15426
15427
#: serverguide/C/network-auth.xml:1747(programlisting)
15428
#, no-wrap
15429
msgid ""
15430
"\n"
15431
"dn: olcDatabase={1}hdb,cn=config\n"
15432
"changetype: modify\n"
15433
"add: olcDbIndex\n"
15434
"olcDbIndex: uidNumber eq\n"
15435
"olcDbIndex: gidNumber eq\n"
15436
"olcDbIndex: loginShell eq\n"
15437
"olcDbIndex: uid eq,pres,sub\n"
15438
"olcDbIndex: memberUid eq,pres,sub\n"
15439
"olcDbIndex: uniqueMember eq,pres\n"
15440
"olcDbIndex: sambaSID eq\n"
15441
"olcDbIndex: sambaPrimaryGroupSID eq\n"
15442
"olcDbIndex: sambaGroupType eq\n"
15443
"olcDbIndex: sambaSIDList eq\n"
15444
"olcDbIndex: sambaDomainName eq\n"
15445
"olcDbIndex: default sub\n"
15446
msgstr ""
15447
15448
#: serverguide/C/network-auth.xml:1765(para)
15449
msgid ""
15450
"Using the <application>ldapmodify</application> utility load the new indexes:"
15451
msgstr ""
15452
15453
#: serverguide/C/network-auth.xml:1770(command)
15454
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
15455
msgstr ""
15456
15457
#: serverguide/C/network-auth.xml:1772(para)
15458
msgid ""
15459
"If all went well you should see the new indexes using "
15460
"<application>ldapsearch</application>:"
15461
msgstr ""
15462
15463
#: serverguide/C/network-auth.xml:1777(command)
15464
msgid ""
15465
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
15466
msgstr ""
15467
15468
#: serverguide/C/network-auth.xml:1783(para)
15469
msgid ""
15470
"Next, configure the <application>smbldap-tools</application> package to "
15471
"match your environment. The package comes with a configuration script that "
15472
"will ask questions about the needed options. To run the script enter:"
15473
msgstr ""
15474
15475
#: serverguide/C/network-auth.xml:1789(command)
15476
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
15477
msgstr ""
15478
15479
#: serverguide/C/network-auth.xml:1790(command)
15480
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
15481
msgstr ""
15482
15483
#: serverguide/C/network-auth.xml:1793(para)
15484
msgid ""
15485
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
15486
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
15487
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
15488
"configure script, so if you made any mistakes while executing the script it "
15489
"may be simpler to edit the file appropriately."
15490
msgstr ""
15491
15492
#: serverguide/C/network-auth.xml:1803(para)
15493
msgid ""
15494
"The <application>smbldap-populate</application> script will add the "
15495
"necessary users, groups, and LDAP objects required for Samba. It is a good "
15496
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
15497
"<application>slapcat</application> before executing the command:"
15498
msgstr ""
15499
15500
#: serverguide/C/network-auth.xml:1810(command)
15501
msgid "sudo slapcat -l backup.ldif"
15502
msgstr ""
15503
15504
#: serverguide/C/network-auth.xml:1816(para)
15505
msgid ""
15506
"Once you have a current backup execute <application>smbldap-"
15507
"populate</application> by entering:"
15508
msgstr ""
15509
15510
#: serverguide/C/network-auth.xml:1821(command)
15511
msgid "sudo smbldap-populate"
15512
msgstr ""
15513
15514
#: serverguide/C/network-auth.xml:1825(para)
15515
msgid ""
15516
"You can create an LDIF file containing the new Samba objects by executing "
15517
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
15518
"look over the changes making sure everything is correct."
15519
msgstr ""
15520
15521
#: serverguide/C/network-auth.xml:1833(para)
15522
msgid ""
15523
"Your LDAP directory now has the necessary domain information to authenticate "
15524
"Samba users."
15525
msgstr ""
15526
15527
#: serverguide/C/network-auth.xml:1839(title)
15528
msgid "Samba Configuration"
15529
msgstr ""
15530
15531
#: serverguide/C/network-auth.xml:1841(para)
15532
msgid ""
15533
"There a multiple ways to configure Samba for details on some common "
15534
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
15535
"Samba to use LDAP, edit the main Samba configuration file "
15536
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
15537
"backend</emphasis> option and adding the following:"
15538
msgstr ""
15539
15540
#: serverguide/C/network-auth.xml:1847(programlisting)
15541
#, no-wrap
15542
msgid ""
15543
"\n"
15544
"# passdb backend = tdbsam\n"
15545
"\n"
15546
"# LDAP Settings\n"
15547
" passdb backend = ldapsam:ldap://hostname\n"
15548
" ldap suffix = dc=example,dc=com\n"
15549
" ldap user suffix = ou=People\n"
15550
" ldap group suffix = ou=Groups\n"
15551
" ldap machine suffix = ou=Computers\n"
15552
" ldap idmap suffix = ou=Idmap\n"
15553
" ldap admin dn = cn=admin,dc=example,dc=com\n"
15554
" ldap ssl = start tls\n"
15555
" ldap passwd sync = yes\n"
15556
"...\n"
15557
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
15558
msgstr ""
15559
15560
#: serverguide/C/network-auth.xml:1864(para)
15561
msgid "Restart <application>samba</application> to enable the new settings:"
15562
msgstr ""
15563
15564
#: serverguide/C/network-auth.xml:1873(para)
15565
msgid ""
15566
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
15567
"enter:"
15568
msgstr ""
15569
15570
#: serverguide/C/network-auth.xml:1878(command)
15571
msgid "sudo smbpasswd -w secret"
15572
msgstr ""
15573
15574
#: serverguide/C/network-auth.xml:1882(para)
15575
msgid ""
15576
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
15577
"password."
15578
msgstr ""
15579
15580
#: serverguide/C/network-auth.xml:1887(para)
15581
msgid ""
15582
"If you currently have users in LDAP, and you want them to authenticate using "
15583
"Samba, they will need some Samba attributes defined in the "
15584
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
15585
"users using the <application>smbpasswd</application> utility, replacing "
15586
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
15587
msgstr ""
15588
15589
#: serverguide/C/network-auth.xml:1895(command)
15590
msgid "sudo smbpasswd -a username"
15591
msgstr ""
15592
15593
#: serverguide/C/network-auth.xml:1898(para)
15594
msgid "You will then be asked to enter the user's password."
15595
msgstr ""
15596
15597
#: serverguide/C/network-auth.xml:1902(para)
15598
msgid ""
15599
"To add new user, group, and machine accounts use the utilities from the "
15600
"<application>smbldap-tools</application> package. Here are some examples:"
15601
msgstr ""
15602
15603
#: serverguide/C/network-auth.xml:1909(para)
15604
msgid ""
15605
"To add a new user to LDAP with Samba attributes enter the following, "
15606
"replacing username with an actual username:"
15607
msgstr ""
15608
15609
#: serverguide/C/network-auth.xml:1913(command)
15610
msgid "sudo smbldap-useradd -a -P username"
15611
msgstr ""
15612
15613
#: serverguide/C/network-auth.xml:1915(para)
15614
msgid ""
15615
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
15616
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
15617
"passwd</application> utility after the user is created allowing you to enter "
15618
"a password for the user."
15619
msgstr ""
15620
15621
#: serverguide/C/network-auth.xml:1921(para)
15622
msgid "To remove a user from the directory enter:"
15623
msgstr ""
15624
15625
#: serverguide/C/network-auth.xml:1925(command)
15626
msgid "sudo smbldap-userdel username"
15627
msgstr ""
15628
15629
#: serverguide/C/network-auth.xml:1927(para)
15630
msgid ""
15631
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
15632
"r</emphasis> option to remove the user's home directory."
15633
msgstr ""
15634
15635
#: serverguide/C/network-auth.xml:1932(para)
15636
msgid ""
15637
"Use <application>smbldap-groupadd</application> to add a group, replacing "
15638
"groupname with an appropriate group:"
15639
msgstr ""
15640
15641
#: serverguide/C/network-auth.xml:1936(command)
15642
msgid "sudo smbldap-groupadd -a groupname"
15643
msgstr ""
15644
15645
#: serverguide/C/network-auth.xml:1938(para)
15646
msgid ""
15647
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
15648
"a</emphasis> adds the Samba attributes."
15649
msgstr ""
15650
15651
#: serverguide/C/network-auth.xml:1943(para)
15652
msgid ""
15653
"To add a user to a group use <application>smbldap-groupmod</application>:"
15654
msgstr ""
15655
15656
#: serverguide/C/network-auth.xml:1947(command)
15657
msgid "sudo smbldap-groupmod -m username groupname"
15658
msgstr ""
15659
15660
#: serverguide/C/network-auth.xml:1949(para)
15661
msgid ""
15662
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
15663
"<emphasis>-m</emphasis> option can add more than one user at a time by "
15664
"listing them in <emphasis>comma separated</emphasis> format."
15665
msgstr ""
15666
15667
#: serverguide/C/network-auth.xml:1955(para)
15668
msgid ""
15669
"<application>smbldap-groupmod</application> can also be used to remove a "
15670
"user from a group:"
15671
msgstr ""
15672
15673
#: serverguide/C/network-auth.xml:1959(command)
15674
msgid "sudo smbldap-groupmod -x username groupname"
15675
msgstr ""
15676
15677
#: serverguide/C/network-auth.xml:1963(para)
15678
msgid ""
15679
"Additionally, the <application>smbldap-useradd</application> utility can add "
15680
"Samba machine accounts:"
15681
msgstr ""
15682
15683
#: serverguide/C/network-auth.xml:1967(command)
15684
msgid "sudo smbldap-useradd -t 0 -w username"
15685
msgstr ""
15686
15687
#: serverguide/C/network-auth.xml:1969(para)
15688
msgid ""
15689
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
15690
"<emphasis>-t 0</emphasis> option creates the machine account without a "
15691
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
15692
"machine account. Also, note the <emphasis>add machine script</emphasis> "
15693
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
15694
"<application>smbldap-useradd</application>."
15695
msgstr ""
15696
15697
#: serverguide/C/network-auth.xml:1978(para)
15698
msgid ""
15699
"There are more useful utilities and options in the <application>smbldap-"
15700
"tools</application> package. The man page for each utility provides more "
15701
"details."
15702
msgstr ""
15703
15704
#: serverguide/C/network-auth.xml:1989(para)
15705
msgid ""
15706
"There are multiple places where LDAP and Samba is documented in the <ulink "
15707
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15708
"Collection</ulink>."
15709
msgstr ""
15710
15711
#: serverguide/C/network-auth.xml:1995(para)
15712
msgid ""
15713
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15714
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15715
msgstr ""
15716
15717
#: serverguide/C/network-auth.xml:2001(para)
15718
msgid ""
15719
"Another good site is <ulink url=\"http://download.gna.org/smbldap-"
15720
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15721
msgstr ""
15722
15723
#: serverguide/C/network-auth.xml:2007(para)
15724
msgid ""
15725
"Again, for more information on <application>smbldap-tools</application> see "
15726
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15727
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15728
msgstr ""
15729
15730
#: serverguide/C/network-auth.xml:2014(para)
15731
msgid ""
15732
"Also, there is a list of <ulink "
15733
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15734
"wiki</ulink> articles with more information."
15735
msgstr ""
15736
15737
#: serverguide/C/network-auth.xml:2023(title)
15738
msgid "Kerberos"
15739
msgstr "Kerberos"
15740
15741
#: serverguide/C/network-auth.xml:2025(para)
15742
msgid ""
15743
"<application>Kerberos</application> is a network authentication system based "
15744
"on the principal of a trusted third party. The other two parties being the "
15745
"user and the service the user wishes to authenticate to. Not all services "
15746
"and applications can use Kerberos, but for those that can, it brings the "
15747
"network environment one step closer to being Single Sign On (SSO)."
15748
msgstr ""
15749
15750
#: serverguide/C/network-auth.xml:2031(para)
15751
msgid ""
15752
"This section covers installation and configuration of a Kerberos server, and "
15753
"some example client configurations."
15754
msgstr ""
15755
15756
#: serverguide/C/network-auth.xml:2038(para)
15757
msgid ""
15758
"If you are new to Kerberos there are a few terms that are good to understand "
15759
"before setting up a Kerberos server. Most of the terms will relate to things "
15760
"you may be familiar with in other environments:"
15761
msgstr ""
15762
15763
#: serverguide/C/network-auth.xml:2045(para)
15764
msgid ""
15765
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15766
"by servers need to be defined as Kerberos Principals."
15767
msgstr ""
15768
15769
#: serverguide/C/network-auth.xml:2050(para)
15770
msgid ""
15771
"<emphasis>Instances:</emphasis> are used for service principals and special "
15772
"administrative principals."
15773
msgstr ""
15774
15775
#: serverguide/C/network-auth.xml:2055(para)
15776
msgid ""
15777
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15778
"Kerberos installation. Usually the DNS domain converted to uppercase "
15779
"(EXAMPLE.COM)."
15780
msgstr ""
15781
15782
#: serverguide/C/network-auth.xml:2061(para)
15783
msgid ""
15784
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15785
"a database of all principals, the authentication server, and the ticket "
15786
"granting server. For each realm there must be at least one KDC."
15787
msgstr ""
15788
15789
#: serverguide/C/network-auth.xml:2067(para)
15790
msgid ""
15791
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15792
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15793
"password which is known only to the user and the KDC."
15794
msgstr ""
15795
15796
#: serverguide/C/network-auth.xml:2073(para)
15797
msgid ""
15798
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15799
"clients upon request."
15800
msgstr ""
15801
15802
#: serverguide/C/network-auth.xml:2078(para)
15803
msgid ""
15804
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15805
"One principal being a user and the other a service requested by the user. "
15806
"Tickets establish an encryption key used for secure communication during the "
15807
"authenticated session."
15808
msgstr ""
15809
15810
#: serverguide/C/network-auth.xml:2084(para)
15811
msgid ""
15812
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15813
"principal database and contain the encryption key for a service or host."
15814
msgstr ""
15815
15816
#: serverguide/C/network-auth.xml:2091(para)
15817
msgid ""
15818
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15819
"redundancy, which contains a database of Principals. When a user principal "
15820
"logs into a workstation, configured for Kerberos authentication, the KDC "
15821
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15822
"match, the user is authenticated and can then request tickets for Kerberized "
15823
"services from the Ticket Granting Server (TGS). The service tickets allow "
15824
"the user to authenticate to the service without entering another username "
15825
"and password."
15826
msgstr ""
15827
15828
#: serverguide/C/network-auth.xml:2100(title)
15829
msgid "Kerberos Server"
15830
msgstr ""
15831
15832
#: serverguide/C/network-auth.xml:2104(para)
15833
msgid ""
15834
"Before installing the Kerberos server a properly configured DNS server is "
15835
"needed for your domain. Since the Kerberos Realm by convention matches the "
15836
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15837
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15838
msgstr ""
15839
15840
#: serverguide/C/network-auth.xml:2110(para)
15841
msgid ""
15842
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15843
"between a client machine and the server differs by more than five minutes "
15844
"(by default), the workstation will not be able to authenticate. To correct "
15845
"the problem all hosts should have their time synchronized using the "
15846
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15847
"NTP see <xref linkend=\"NTP\"/>."
15848
msgstr ""
15849
15850
#: serverguide/C/network-auth.xml:2117(para)
15851
msgid ""
15852
"The first step in installing a Kerberos Realm is to install the "
15853
"<application>krb5-kdc</application> and <application>krb5-admin-"
15854
"server</application> packages. From a terminal enter:"
15855
msgstr ""
15856
15857
#: serverguide/C/network-auth.xml:2123(command) serverguide/C/network-auth.xml:2298(command)
15858
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15859
msgstr ""
15860
15861
#: serverguide/C/network-auth.xml:2126(para)
15862
msgid ""
15863
"You will be asked at the end of the install to supply a name for the "
15864
"Kerberos and Admin servers, which may or may not be the same server, for the "
15865
"realm."
15866
msgstr ""
15867
15868
#: serverguide/C/network-auth.xml:2131(para)
15869
msgid ""
15870
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15871
"utility:"
15872
msgstr ""
15873
15874
#: serverguide/C/network-auth.xml:2136(command)
15875
msgid "sudo krb5_newrealm"
15876
msgstr ""
15877
15878
#: serverguide/C/network-auth.xml:2143(para)
15879
msgid ""
15880
"The questions asked during installation are used to configure the "
15881
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15882
"Distribution Center (KDC) settings simply edit the file and restart the "
15883
"<application>krb5-kdc</application> daemon."
15884
msgstr ""
15885
15886
#: serverguide/C/network-auth.xml:2151(para)
15887
msgid ""
15888
"Now that the KDC running an admin user is needed. It is recommended to use a "
15889
"different username from your everyday username. Using the "
15890
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15891
msgstr ""
15892
15893
#: serverguide/C/network-auth.xml:2157(command) serverguide/C/network-auth.xml:2953(command)
15894
msgid "sudo kadmin.local"
15895
msgstr ""
15896
15897
#: serverguide/C/network-auth.xml:2158(computeroutput)
15898
#, no-wrap
15899
msgid ""
15900
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15901
"kadmin.local:"
15902
msgstr ""
15903
15904
#: serverguide/C/network-auth.xml:2159(userinput)
15905
#, no-wrap
15906
msgid " addprinc steve/admin"
15907
msgstr ""
15908
15909
#: serverguide/C/network-auth.xml:2160(computeroutput)
15910
#, no-wrap
15911
msgid ""
15912
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15913
"policy\n"
15914
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15915
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15916
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15917
"kadmin.local:"
15918
msgstr ""
15919
15920
#: serverguide/C/network-auth.xml:2164(userinput)
15921
#, no-wrap
15922
msgid " quit"
15923
msgstr " quit"
15924
15925
#: serverguide/C/network-auth.xml:2167(para)
15926
msgid ""
15927
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15928
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15929
"is an <emphasis>Instance</emphasis>, and <emphasis "
15930
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15931
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15932
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15933
"rights."
15934
msgstr ""
15935
15936
#: serverguide/C/network-auth.xml:2175(para)
15937
msgid ""
15938
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15939
"your Realm and admin username."
15940
msgstr ""
15941
15942
#: serverguide/C/network-auth.xml:2183(para)
15943
msgid ""
15944
"Next, the new admin user needs to have the appropriate Access Control List "
15945
"(ACL) permissions. The permissions are configured in the "
15946
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15947
msgstr ""
15948
15949
#: serverguide/C/network-auth.xml:2188(programlisting)
15950
#, no-wrap
15951
msgid ""
15952
"\n"
15953
"steve/admin@EXAMPLE.COM *\n"
15954
msgstr ""
15955
15956
#: serverguide/C/network-auth.xml:2192(para)
15957
msgid ""
15958
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15959
"any operation on all principals in the realm."
15960
msgstr ""
15961
15962
#: serverguide/C/network-auth.xml:2199(para)
15963
msgid ""
15964
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15965
"to take affect:"
15966
msgstr ""
15967
15968
#: serverguide/C/network-auth.xml:2204(command)
15969
msgid "sudo /etc/init.d/krb5-admin-server restart"
15970
msgstr ""
15971
15972
#: serverguide/C/network-auth.xml:2210(para)
15973
msgid ""
15974
"The new user principal can be tested using the <application>kinit "
15975
"utility</application>:"
15976
msgstr ""
15977
15978
#: serverguide/C/network-auth.xml:2215(command)
15979
msgid "kinit steve/admin"
15980
msgstr ""
15981
15982
#: serverguide/C/network-auth.xml:2216(computeroutput)
15983
#, no-wrap
15984
msgid "steve/admin@EXAMPLE.COM's Password:"
15985
msgstr ""
15986
15987
#: serverguide/C/network-auth.xml:2219(para)
15988
msgid ""
15989
"After entering the password, use the <application>klist</application> "
15990
"utility to view information about the Ticket Granting Ticket (TGT):"
15991
msgstr ""
15992
15993
#: serverguide/C/network-auth.xml:2225(command) serverguide/C/network-auth.xml:2560(command)
15994
msgid "klist"
15995
msgstr ""
15996
15997
#: serverguide/C/network-auth.xml:2226(computeroutput)
15998
#, no-wrap
15999
msgid ""
16000
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16001
" Principal: steve/admin@EXAMPLE.COM\n"
16002
"\n"
16003
" Issued Expires Principal\n"
16004
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16005
msgstr ""
16006
16007
#: serverguide/C/network-auth.xml:2233(para)
16008
msgid ""
16009
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
16010
"the KDC. For example:"
16011
msgstr ""
16012
16013
#: serverguide/C/network-auth.xml:2237(programlisting)
16014
#, no-wrap
16015
msgid ""
16016
"\n"
16017
"192.168.0.1 kdc01.example.com kdc01\n"
16018
msgstr ""
16019
16020
#: serverguide/C/network-auth.xml:2241(para)
16021
msgid ""
16022
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
16023
msgstr ""
16024
16025
#: serverguide/C/network-auth.xml:2248(para)
16026
msgid ""
16027
"In order for clients to determine the KDC for the Realm some DNS SRV records "
16028
"are needed. Add the following to "
16029
"<filename>/etc/named/db.example.com</filename>:"
16030
msgstr ""
16031
16032
#: serverguide/C/network-auth.xml:2253(programlisting)
16033
#, no-wrap
16034
msgid ""
16035
"\n"
16036
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16037
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
16038
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16039
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
16040
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
16041
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16042
msgstr ""
16043
16044
#: serverguide/C/network-auth.xml:2263(para)
16045
msgid ""
16046
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
16047
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
16048
"KDC."
16049
msgstr ""
16050
16051
#: serverguide/C/network-auth.xml:2269(para)
16052
msgid ""
16053
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
16054
msgstr ""
16055
16056
#: serverguide/C/network-auth.xml:2276(para)
16057
msgid "Your new Kerberos Realm is now ready to authenticate clients."
16058
msgstr ""
16059
16060
#: serverguide/C/network-auth.xml:2283(title)
16061
msgid "Secondary KDC"
16062
msgstr ""
16063
16064
#: serverguide/C/network-auth.xml:2285(para)
16065
msgid ""
16066
"Once you have one Key Distribution Center (KDC) on your network, it is good "
16067
"practice to have a Secondary KDC in case the primary becomes unavailable."
16068
msgstr ""
16069
16070
#: serverguide/C/network-auth.xml:2293(para)
16071
msgid ""
16072
"First, install the packages, and when asked for the Kerberos and Admin "
16073
"server names enter the name of the Primary KDC:"
16074
msgstr ""
16075
16076
#: serverguide/C/network-auth.xml:2304(para)
16077
msgid ""
16078
"Once you have the packages installed, create the Secondary KDC's host "
16079
"principal. From a terminal prompt, enter:"
16080
msgstr ""
16081
16082
#: serverguide/C/network-auth.xml:2309(command)
16083
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
16084
msgstr ""
16085
16086
#: serverguide/C/network-auth.xml:2313(para)
16087
msgid ""
16088
"After, issuing any <application>kadmin</application> commands you will be "
16089
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
16090
"password."
16091
msgstr ""
16092
16093
#: serverguide/C/network-auth.xml:2322(para)
16094
msgid "Extract the <emphasis>keytab</emphasis> file:"
16095
msgstr ""
16096
16097
#: serverguide/C/network-auth.xml:2327(command)
16098
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
16099
msgstr ""
16100
16101
#: serverguide/C/network-auth.xml:2333(para)
16102
msgid ""
16103
"There should now be a <filename>keytab.kdc02</filename> in the current "
16104
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
16105
msgstr ""
16106
16107
#: serverguide/C/network-auth.xml:2339(command)
16108
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
16109
msgstr ""
16110
16111
#: serverguide/C/network-auth.xml:2343(para)
16112
msgid ""
16113
"If the path to the <filename>keytab.kdc02</filename> file is different "
16114
"adjust accordingly."
16115
msgstr ""
16116
16117
#: serverguide/C/network-auth.xml:2348(para)
16118
msgid ""
16119
"Also, you can list the principals in a Keytab file, which can be useful when "
16120
"troubleshooting, using the <application>klist</application> utility:"
16121
msgstr ""
16122
16123
#: serverguide/C/network-auth.xml:2354(command)
16124
msgid "sudo klist -k /etc/krb5.keytab"
16125
msgstr ""
16126
16127
#: serverguide/C/network-auth.xml:2360(para)
16128
msgid ""
16129
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
16130
"that lists all KDCs for the Realm. For example, on both primary and "
16131
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
16132
msgstr ""
16133
16134
#: serverguide/C/network-auth.xml:2365(programlisting)
16135
#, no-wrap
16136
msgid ""
16137
"\n"
16138
"host/kdc01.example.com@EXAMPLE.COM\n"
16139
"host/kdc02.example.com@EXAMPLE.COM\n"
16140
msgstr ""
16141
16142
#: serverguide/C/network-auth.xml:2373(para)
16143
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
16144
msgstr ""
16145
16146
#: serverguide/C/network-auth.xml:2378(command)
16147
msgid "sudo kdb5_util -s create"
16148
msgstr ""
16149
16150
#: serverguide/C/network-auth.xml:2384(para)
16151
msgid ""
16152
"Now start the <application>kpropd</application> daemon, which listens for "
16153
"connections from the <application>kprop</application> utility. "
16154
"<application>kprop</application> is used to transfer dump files:"
16155
msgstr ""
16156
16157
#: serverguide/C/network-auth.xml:2391(command)
16158
msgid "sudo kpropd -S"
16159
msgstr ""
16160
16161
#: serverguide/C/network-auth.xml:2397(para)
16162
msgid ""
16163
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
16164
"of the principal database:"
16165
msgstr ""
16166
16167
#: serverguide/C/network-auth.xml:2402(command)
16168
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
16169
msgstr ""
16170
16171
#: serverguide/C/network-auth.xml:2408(para)
16172
msgid ""
16173
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
16174
"<filename>/etc/krb5.keytab</filename>:"
16175
msgstr ""
16176
16177
#: serverguide/C/network-auth.xml:2413(command)
16178
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
16179
msgstr ""
16180
16181
#: serverguide/C/network-auth.xml:2414(command)
16182
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
16183
msgstr ""
16184
16185
#: serverguide/C/network-auth.xml:2418(para)
16186
msgid ""
16187
"Make sure there is a <emphasis>host</emphasis> for "
16188
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
16189
msgstr ""
16190
16191
#: serverguide/C/network-auth.xml:2426(para)
16192
msgid ""
16193
"Using the <application>kprop</application> utility push the database to the "
16194
"Secondary KDC:"
16195
msgstr ""
16196
16197
#: serverguide/C/network-auth.xml:2431(command)
16198
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
16199
msgstr ""
16200
16201
#: serverguide/C/network-auth.xml:2435(para)
16202
msgid ""
16203
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
16204
"worked. If there is an error message check "
16205
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
16206
"information."
16207
msgstr ""
16208
16209
#: serverguide/C/network-auth.xml:2441(para)
16210
msgid ""
16211
"You may also want to create a <application>cron</application> job to "
16212
"periodically update the database on the Secondary KDC. For example, the "
16213
"following will push the database every hour:"
16214
msgstr ""
16215
16216
#: serverguide/C/network-auth.xml:2446(programlisting)
16217
#, no-wrap
16218
msgid ""
16219
"\n"
16220
"# m h dom mon dow command\n"
16221
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
16222
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
16223
msgstr ""
16224
16225
#: serverguide/C/network-auth.xml:2454(para)
16226
msgid ""
16227
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
16228
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
16229
msgstr ""
16230
16231
#: serverguide/C/network-auth.xml:2460(command)
16232
msgid "sudo kdb5_util stash"
16233
msgstr ""
16234
16235
#: serverguide/C/network-auth.xml:2466(para)
16236
msgid ""
16237
"Finally, start the <application>krb5-kdc</application> daemon on the "
16238
"Secondary KDC:"
16239
msgstr ""
16240
16241
#: serverguide/C/network-auth.xml:2471(command) serverguide/C/network-auth.xml:3083(command)
16242
msgid "sudo /etc/init.d/krb5-kdc start"
16243
msgstr ""
16244
16245
#: serverguide/C/network-auth.xml:2477(para)
16246
msgid ""
16247
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
16248
"for the Realm. You can test this by stopping the <application>krb5-"
16249
"kdc</application> daemon on the Primary KDC, then use "
16250
"<application>kinit</application> to request a ticket. If all goes well you "
16251
"should receive a ticket from the Secondary KDC."
16252
msgstr ""
16253
16254
#: serverguide/C/network-auth.xml:2485(title)
16255
msgid "Kerberos Linux Client"
16256
msgstr ""
16257
16258
#: serverguide/C/network-auth.xml:2487(para)
16259
msgid ""
16260
"This section covers configuring a Linux system as a "
16261
"<application>Kerberos</application> client. This will allow access to any "
16262
"kerberized services once a user has successfully logged into the system."
16263
msgstr ""
16264
16265
#: serverguide/C/network-auth.xml:2495(para)
16266
msgid ""
16267
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
16268
"user</application> and <application>libpam-krb5</application> packages are "
16269
"needed, along with a few others that are not strictly necessary but make "
16270
"life easier. To install the packages enter the following in a terminal "
16271
"prompt:"
16272
msgstr ""
16273
16274
#: serverguide/C/network-auth.xml:2502(command)
16275
msgid ""
16276
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
16277
msgstr ""
16278
16279
#: serverguide/C/network-auth.xml:2505(para)
16280
msgid ""
16281
"The <application>auth-client-config</application> package allows simple "
16282
"configuration of PAM for authentication from multiple sources, and the "
16283
"<application>libpam-ccreds</application> will cache authentication "
16284
"credentials allowing you to login in case the Key Distribution Center (KDC) "
16285
"is unavailable. This package is also useful for laptops that may "
16286
"authenticate using Kerberos while on the corporate network, but will need to "
16287
"be accessed off the network as well."
16288
msgstr ""
16289
16290
#: serverguide/C/network-auth.xml:2516(para)
16291
msgid "To configure the client in a terminal enter:"
16292
msgstr ""
16293
16294
#: serverguide/C/network-auth.xml:2521(command)
16295
msgid "sudo dpkg-reconfigure krb5-config"
16296
msgstr ""
16297
16298
#: serverguide/C/network-auth.xml:2524(para)
16299
msgid ""
16300
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
16301
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
16302
"records, the menu will prompt you for the hostname of the Key Distribution "
16303
"Center (KDC) and Realm Administration server."
16304
msgstr ""
16305
16306
#: serverguide/C/network-auth.xml:2530(para)
16307
msgid ""
16308
"The <application>dpkg-reconfigure</application> adds entries to the "
16309
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
16310
"entries similar to the following:"
16311
msgstr ""
16312
16313
#: serverguide/C/network-auth.xml:2535(programlisting)
16314
#, no-wrap
16315
msgid ""
16316
"\n"
16317
"[libdefaults]\n"
16318
" default_realm = EXAMPLE.COM\n"
16319
"...\n"
16320
"[realms]\n"
16321
" EXAMPLE.COM = } \n"
16322
" kdc = 192.168.0.1 \n"
16323
" admin_server = 192.168.0.1\n"
16324
" }\n"
16325
msgstr ""
16326
16327
#: serverguide/C/network-auth.xml:2546(para)
16328
msgid ""
16329
"You can test the configuration by requesting a ticket using the "
16330
"<application>kinit</application> utility. For example:"
16331
msgstr ""
16332
16333
#: serverguide/C/network-auth.xml:2551(command)
16334
msgid "kinit steve@EXAMPLE.COM"
16335
msgstr ""
16336
16337
#: serverguide/C/network-auth.xml:2552(computeroutput)
16338
#, no-wrap
16339
msgid "Password for steve@EXAMPLE.COM:"
16340
msgstr ""
16341
16342
#: serverguide/C/network-auth.xml:2555(para)
16343
msgid ""
16344
"When a ticket has been granted, the details can be viewed using "
16345
"<application>klist</application>:"
16346
msgstr ""
16347
16348
#: serverguide/C/network-auth.xml:2561(computeroutput)
16349
#, no-wrap
16350
msgid ""
16351
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
16352
"Default principal: steve@EXAMPLE.COM\n"
16353
"\n"
16354
"Valid starting Expires Service principal\n"
16355
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
16356
" renew until 07/25/08 05:18:57\n"
16357
"\n"
16358
"\n"
16359
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
16360
"klist: You have no tickets cached"
16361
msgstr ""
16362
16363
#: serverguide/C/network-auth.xml:2573(para)
16364
msgid ""
16365
"Next, use the <application>auth-client-config</application> to configure the "
16366
"<application>libpam-krb5</application> module to request a ticket during "
16367
"login:"
16368
msgstr ""
16369
16370
#: serverguide/C/network-auth.xml:2579(command)
16371
msgid "sudo auth-client-config -a -p kerberos_example"
16372
msgstr ""
16373
16374
#: serverguide/C/network-auth.xml:2582(para)
16375
msgid ""
16376
"You will should now receive a ticket upon successful login authentication."
16377
msgstr ""
16378
16379
#: serverguide/C/network-auth.xml:2593(para)
16380
msgid ""
16381
"For more information on Kerberos see the <ulink "
16382
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
16383
msgstr ""
16384
16385
#: serverguide/C/network-auth.xml:2598(para)
16386
msgid ""
16387
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
16388
"Kerberos</ulink> page has more details."
16389
msgstr ""
16390
16391
#: serverguide/C/network-auth.xml:2603(para)
16392
msgid ""
16393
"O'Reilly's <ulink "
16394
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
16395
"Guide</ulink> is a great reference when setting up Kerberos."
16396
msgstr ""
16397
16398
#: serverguide/C/network-auth.xml:2609(para)
16399
msgid ""
16400
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
16401
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
16402
"Kerberos questions."
16403
msgstr ""
16404
16405
#: serverguide/C/network-auth.xml:2619(title)
16406
msgid "Kerberos and LDAP"
16407
msgstr ""
16408
16409
#: serverguide/C/network-auth.xml:2621(para)
16410
msgid ""
16411
"Replicating a Kerberos principal database between two servers can be "
16412
"complicated, and adds an additional user database to your network. "
16413
"Fortunately, MIT Kerberos can be configured to use an "
16414
"<application>LDAP</application> directory as a principal database. This "
16415
"section covers configuring a primary and secondary kerberos server to use "
16416
"<application>OpenLDAP</application> for the principal database."
16417
msgstr ""
16418
16419
#: serverguide/C/network-auth.xml:2629(title)
16420
msgid "Configuring OpenLDAP"
16421
msgstr ""
16422
16423
#: serverguide/C/network-auth.xml:2631(para)
16424
msgid ""
16425
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
16426
"<application>OpenLDAP</application> server that has network connectivity to "
16427
"the Primary and Secondary KDCs. The rest of this section assumes that you "
16428
"also have LDAP replication configured between at least two servers. For "
16429
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
16430
msgstr ""
16431
16432
#: serverguide/C/network-auth.xml:2638(para)
16433
msgid ""
16434
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
16435
"that traffic between the KDC and LDAP server is encrypted. See <xref "
16436
"linkend=\"openldap-tls\"/> for details."
16437
msgstr ""
16438
16439
#: serverguide/C/network-auth.xml:2645(para)
16440
msgid ""
16441
"To load the schema into LDAP, on the LDAP server install the "
16442
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
16443
msgstr ""
16444
16445
#: serverguide/C/network-auth.xml:2651(command)
16446
msgid "sudo apt-get install krb5-kdc-ldap"
16447
msgstr ""
16448
16449
#: serverguide/C/network-auth.xml:2656(para)
16450
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
16451
msgstr ""
16452
16453
#: serverguide/C/network-auth.xml:2661(command)
16454
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
16455
msgstr ""
16456
16457
#: serverguide/C/network-auth.xml:2662(command)
16458
msgid ""
16459
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
16460
msgstr ""
16461
16462
#: serverguide/C/network-auth.xml:2668(para)
16463
msgid ""
16464
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
16465
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
16466
"<application>slapd</application> is also detailed in <xref "
16467
"linkend=\"openldap-configuration\"/>."
16468
msgstr ""
16469
16470
#: serverguide/C/network-auth.xml:2681(programlisting)
16471
#, no-wrap
16472
msgid ""
16473
"\n"
16474
"include /etc/ldap/schema/core.schema\n"
16475
"include /etc/ldap/schema/collective.schema\n"
16476
"include /etc/ldap/schema/corba.schema\n"
16477
"include /etc/ldap/schema/cosine.schema\n"
16478
"include /etc/ldap/schema/duaconf.schema\n"
16479
"include /etc/ldap/schema/dyngroup.schema\n"
16480
"include /etc/ldap/schema/inetorgperson.schema\n"
16481
"include /etc/ldap/schema/java.schema\n"
16482
"include /etc/ldap/schema/misc.schema\n"
16483
"include /etc/ldap/schema/nis.schema\n"
16484
"include /etc/ldap/schema/openldap.schema\n"
16485
"include /etc/ldap/schema/ppolicy.schema\n"
16486
"include /etc/ldap/schema/kerberos.schema\n"
16487
msgstr ""
16488
16489
#: serverguide/C/network-auth.xml:2701(para)
16490
msgid "Create a temporary directory to hold the LDIF files:"
16491
msgstr ""
16492
16493
#: serverguide/C/network-auth.xml:2716(command)
16494
msgid ""
16495
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
16496
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
16497
msgstr ""
16498
16499
#: serverguide/C/network-auth.xml:2726(para)
16500
msgid ""
16501
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
16502
"changing the following attributes:"
16503
msgstr ""
16504
16505
#: serverguide/C/network-auth.xml:2730(programlisting)
16506
#, no-wrap
16507
msgid ""
16508
"\n"
16509
"dn: cn=kerberos,cn=schema,cn=config\n"
16510
"...\n"
16511
"cn: kerberos\n"
16512
msgstr ""
16513
16514
#: serverguide/C/network-auth.xml:2736(para)
16515
msgid "And remove the following lines from the end of the file:"
16516
msgstr ""
16517
16518
#: serverguide/C/network-auth.xml:2740(programlisting)
16519
#, no-wrap
16520
msgid ""
16521
"\n"
16522
"structuralObjectClass: olcSchemaConfig\n"
16523
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
16524
"creatorsName: cn=config\n"
16525
"createTimestamp: 20090111203515Z\n"
16526
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
16527
"modifiersName: cn=config\n"
16528
"modifyTimestamp: 20090111203515Z\n"
16529
msgstr ""
16530
16531
#: serverguide/C/network-auth.xml:2759(para)
16532
msgid "Load the new schema with <application>ldapadd</application>:"
16533
msgstr ""
16534
16535
#: serverguide/C/network-auth.xml:2764(command)
16536
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
16537
msgstr ""
16538
16539
#: serverguide/C/network-auth.xml:2770(para)
16540
msgid ""
16541
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
16542
msgstr ""
16543
16544
#: serverguide/C/network-auth.xml:2775(command) serverguide/C/network-auth.xml:2792(command)
16545
msgid "ldapmodify -x -D cn=admin,cn=config -W"
16546
msgstr ""
16547
16548
#: serverguide/C/network-auth.xml:2777(userinput)
16549
#, no-wrap
16550
msgid ""
16551
"dn: olcDatabase={1}hdb,cn=config\n"
16552
"add: olcDbIndex\n"
16553
"olcDbIndex: krbPrincipalName eq,pres,sub"
16554
msgstr ""
16555
16556
#: serverguide/C/network-auth.xml:2776(computeroutput)
16557
#, no-wrap
16558
msgid ""
16559
"Enter LDAP Password:\n"
16560
"<placeholder-1/>\n"
16561
"\n"
16562
"modifying entry \"olcDatabase={1}hdb,cn=config\""
16563
msgstr ""
16564
16565
#: serverguide/C/network-auth.xml:2787(para)
16566
msgid "Finally, update the Access Control Lists (ACL):"
16567
msgstr ""
16568
16569
#: serverguide/C/network-auth.xml:2794(userinput)
16570
#, no-wrap
16571
msgid ""
16572
"dn: olcDatabase={1}hdb,cn=config\n"
16573
"replace: olcAccess\n"
16574
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
16575
"dn=\"cn=admin,dc=exampl\n"
16576
" e,dc=com\" write by anonymous auth by self write by * none\n"
16577
"-\n"
16578
"add: olcAccess\n"
16579
"olcAccess: to dn.base=\"\" by * read\n"
16580
"-\n"
16581
"add: olcAccess\n"
16582
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
16583
msgstr ""
16584
16585
#: serverguide/C/network-auth.xml:2793(computeroutput)
16586
#, no-wrap
16587
msgid ""
16588
"Enter LDAP Password: \n"
16589
"<placeholder-1/>\n"
16590
"\n"
16591
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
16592
msgstr ""
16593
16594
#: serverguide/C/network-auth.xml:2814(para)
16595
msgid ""
16596
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
16597
"database."
16598
msgstr ""
16599
16600
#: serverguide/C/network-auth.xml:2820(title)
16601
msgid "Primary KDC Configuration"
16602
msgstr ""
16603
16604
#: serverguide/C/network-auth.xml:2822(para)
16605
msgid ""
16606
"With <application>OpenLDAP</application> configured it is time to configure "
16607
"the KDC."
16608
msgstr ""
16609
16610
#: serverguide/C/network-auth.xml:2828(para)
16611
msgid "First, install the necessary packages, from a terminal enter:"
16612
msgstr ""
16613
16614
#: serverguide/C/network-auth.xml:2833(command) serverguide/C/network-auth.xml:2990(command)
16615
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16616
msgstr ""
16617
16618
#: serverguide/C/network-auth.xml:2839(para)
16619
msgid ""
16620
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
16621
"under the appropriate sections:"
16622
msgstr ""
16623
16624
#: serverguide/C/network-auth.xml:2843(programlisting)
16625
#, no-wrap
16626
msgid ""
16627
"\n"
16628
"[libdefaults]\n"
16629
" default_realm = EXAMPLE.COM\n"
16630
"\n"
16631
"...\n"
16632
"\n"
16633
"[realms]\n"
16634
" EXAMPLE.COM = {\n"
16635
" kdc = kdc01.example.com\n"
16636
" kdc = kdc02.example.com\n"
16637
" admin_server = kdc01.example.com\n"
16638
" admin_server = kdc02.example.com\n"
16639
" default_domain = example.com\n"
16640
" database_module = openldap_ldapconf\n"
16641
" }\n"
16642
"\n"
16643
"...\n"
16644
"\n"
16645
"[domain_realm]\n"
16646
" .example.com = EXAMPLE.COM\n"
16647
"\n"
16648
"\n"
16649
"...\n"
16650
"\n"
16651
"[dbdefaults]\n"
16652
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16653
"\n"
16654
"[dbmodules]\n"
16655
" openldap_ldapconf = {\n"
16656
" db_library = kldap\n"
16657
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16658
"\n"
16659
" # this object needs to have read rights on\n"
16660
" # the realm container, principal container and realm sub-"
16661
"trees\n"
16662
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16663
"\n"
16664
" # this object needs to have read and write rights on\n"
16665
" # the realm container, principal container and realm sub-"
16666
"trees\n"
16667
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16668
" ldap_servers = ldaps://ldap01.example.com "
16669
"ldaps://ldap02.example.com\n"
16670
" ldap_conns_per_server = 5\n"
16671
" }\n"
16672
msgstr ""
16673
16674
#: serverguide/C/network-auth.xml:2888(para)
16675
msgid ""
16676
"Change <emphasis>example.com</emphasis>, "
16677
"<emphasis>dc=example,dc=com</emphasis>, "
16678
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
16679
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
16680
"object, and LDAP server for your network."
16681
msgstr ""
16682
16683
#: serverguide/C/network-auth.xml:2897(para)
16684
msgid ""
16685
"Next, use the <application>kdb5_ldap_util</application> utility to create "
16686
"the realm:"
16687
msgstr ""
16688
16689
#: serverguide/C/network-auth.xml:2902(command)
16690
msgid ""
16691
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
16692
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16693
msgstr ""
16694
16695
#: serverguide/C/network-auth.xml:2908(para)
16696
msgid ""
16697
"Create a stash of the password used to bind to the LDAP server. This "
16698
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16699
"<emphasis>ldap_kadmin_dn</emphasis> options in "
16700
"<filename>/etc/krb5.conf</filename>:"
16701
msgstr ""
16702
16703
#: serverguide/C/network-auth.xml:2914(command) serverguide/C/network-auth.xml:3052(command)
16704
msgid ""
16705
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
16706
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16707
msgstr ""
16708
16709
#: serverguide/C/network-auth.xml:2920(para)
16710
msgid "Copy the CA certificate from the LDAP server:"
16711
msgstr ""
16712
16713
#: serverguide/C/network-auth.xml:2925(command)
16714
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16715
msgstr ""
16716
16717
#: serverguide/C/network-auth.xml:2926(command)
16718
msgid "sudo cp cacert.pem /etc/ssl/certs"
16719
msgstr ""
16720
16721
#: serverguide/C/network-auth.xml:2929(para)
16722
msgid ""
16723
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16724
msgstr ""
16725
16726
#: serverguide/C/network-auth.xml:2933(programlisting)
16727
#, no-wrap
16728
msgid ""
16729
"\n"
16730
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16731
msgstr ""
16732
16733
#: serverguide/C/network-auth.xml:2938(para)
16734
msgid ""
16735
"The certificate will also need to be copied to the Secondary KDC, to allow "
16736
"the connection to the LDAP servers using LDAPS."
16737
msgstr ""
16738
16739
#: serverguide/C/network-auth.xml:2947(para)
16740
msgid ""
16741
"You can now add Kerberos principals to the LDAP database, and they will be "
16742
"copied to any other LDAP servers configured for replication. To add a "
16743
"principal using the <application>kadmin.local</application> utility enter:"
16744
msgstr ""
16745
16746
#: serverguide/C/network-auth.xml:2955(userinput)
16747
#, no-wrap
16748
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16749
msgstr ""
16750
16751
#: serverguide/C/network-auth.xml:2954(computeroutput)
16752
#, no-wrap
16753
msgid ""
16754
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16755
"kadmin.local: <placeholder-1/>\n"
16756
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16757
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16758
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16759
"Principal \"steve@EXAMPLE.COM\" created."
16760
msgstr ""
16761
16762
#: serverguide/C/network-auth.xml:2962(para)
16763
msgid ""
16764
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16765
"krbExtraData attributes added to the "
16766
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16767
"the <application>kinit</application> and <application>klist</application> "
16768
"utilities to test that the user is indeed issued a ticket."
16769
msgstr ""
16770
16771
#: serverguide/C/network-auth.xml:2969(para)
16772
msgid ""
16773
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16774
"option is needed to add the Kerberos attributes. Otherwise a new "
16775
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16776
msgstr ""
16777
16778
#: serverguide/C/network-auth.xml:2977(title)
16779
msgid "Secondary KDC Configuration"
16780
msgstr ""
16781
16782
#: serverguide/C/network-auth.xml:2979(para)
16783
msgid ""
16784
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16785
"one using the normal Kerberos database."
16786
msgstr ""
16787
16788
#: serverguide/C/network-auth.xml:2985(para)
16789
msgid "First, install the necessary packages. In a terminal enter:"
16790
msgstr ""
16791
16792
#: serverguide/C/network-auth.xml:2996(para)
16793
msgid ""
16794
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16795
msgstr ""
16796
16797
#: serverguide/C/network-auth.xml:3000(programlisting)
16798
#, no-wrap
16799
msgid ""
16800
"\n"
16801
"[libdefaults]\n"
16802
" default_realm = EXAMPLE.COM\n"
16803
"\n"
16804
"...\n"
16805
"\n"
16806
"[realms]\n"
16807
" EXAMPLE.COM = {\n"
16808
" kdc = kdc01.example.com\n"
16809
" kdc = kdc02.example.com\n"
16810
" admin_server = kdc01.example.com\n"
16811
" admin_server = kdc02.example.com\n"
16812
" default_domain = example.com\n"
16813
" database_module = openldap_ldapconf\n"
16814
" }\n"
16815
"\n"
16816
"...\n"
16817
"\n"
16818
"[domain_realm]\n"
16819
" .example.com = EXAMPLE.COM\n"
16820
"\n"
16821
"...\n"
16822
"\n"
16823
"[dbdefaults]\n"
16824
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16825
"\n"
16826
"[dbmodules]\n"
16827
" openldap_ldapconf = {\n"
16828
" db_library = kldap\n"
16829
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16830
"\n"
16831
" # this object needs to have read rights on\n"
16832
" # the realm container, principal container and realm sub-"
16833
"trees\n"
16834
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16835
"\n"
16836
" # this object needs to have read and write rights on\n"
16837
" # the realm container, principal container and realm sub-"
16838
"trees\n"
16839
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16840
" ldap_servers = ldaps://ldap01.example.com "
16841
"ldaps://ldap02.example.com\n"
16842
" ldap_conns_per_server = 5\n"
16843
" }\n"
16844
msgstr ""
16845
16846
#: serverguide/C/network-auth.xml:3047(para)
16847
msgid "Create the stash for the LDAP bind password:"
16848
msgstr ""
16849
16850
#: serverguide/C/network-auth.xml:3058(para)
16851
msgid ""
16852
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16853
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16854
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16855
"encrypted connection such as <application>scp</application>, or on physical "
16856
"media."
16857
msgstr ""
16858
16859
#: serverguide/C/network-auth.xml:3065(command)
16860
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16861
msgstr ""
16862
16863
#: serverguide/C/network-auth.xml:3066(command)
16864
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16865
msgstr ""
16866
16867
#: serverguide/C/network-auth.xml:3070(para)
16868
msgid ""
16869
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16870
msgstr ""
16871
16872
#: serverguide/C/network-auth.xml:3078(para)
16873
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16874
msgstr ""
16875
16876
#: serverguide/C/network-auth.xml:3089(para)
16877
msgid ""
16878
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16879
"you should be able to continue to authenticate users if one LDAP server, one "
16880
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16881
msgstr ""
16882
16883
#: serverguide/C/network-auth.xml:3101(para)
16884
msgid ""
16885
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16886
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16887
"Guide</ulink> has some additional details."
16888
msgstr ""
16889
16890
#: serverguide/C/network-auth.xml:3107(para)
16891
msgid ""
16892
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16893
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16894
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16895
"5.6</ulink> and the <ulink "
16896
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/kdb5_ldap_util.8.h"
16897
"tml\">kdb5_ldap_util man page</ulink>."
16898
msgstr ""
16899
16900
#: serverguide/C/network-auth.xml:3115(para)
16901
msgid ""
16902
"Another useful link is the <ulink "
16903
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/krb5.conf.5.html\""
16904
">krb5.conf man page</ulink>."
16905
msgstr ""
16906
16907
#: serverguide/C/network-auth.xml:3120(para)
16908
msgid ""
16909
"Also, see the <ulink "
16910
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16911
"and LDAP</ulink> Ubuntu wiki page."
16912
msgstr ""
16913
16914
#: serverguide/C/monitoring.xml:13(title)
16915
msgid "Monitoring"
16916
msgstr "Спостереження"
16917
16918
#: serverguide/C/monitoring.xml:17(para)
16919
msgid ""
16920
"The monitoring of essential servers and services is an important part of "
16921
"system administration. Most network services are monitored for performance, "
16922
"availability, or both. This section will cover installation and "
16923
"configuration of <application>Nagios</application> for availability "
16924
"monitoring, and <application>Munin</application> for performance monitoring."
16925
msgstr ""
16926
16927
#: serverguide/C/monitoring.xml:24(para)
16928
msgid ""
16929
"The examples in this section will use two servers with hostnames "
16930
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16931
"<emphasis>Server01</emphasis> will be configured with "
16932
"<application>Nagios</application> to monitor services on itself and "
16933
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16934
"<application>munin</application> package to gather information from the "
16935
"network. Using the <application>munin-node</application> package, "
16936
"<emphasis>server02</emphasis> will be configured to send information to "
16937
"<emphasis>server01</emphasis>."
16938
msgstr ""
16939
16940
#: serverguide/C/monitoring.xml:33(para)
16941
msgid ""
16942
"Hopefully these simple examples will allow you to monitor additional servers "
16943
"and services on your network."
16944
msgstr ""
16945
16946
#: serverguide/C/monitoring.xml:39(title)
16947
msgid "Nagios"
16948
msgstr "Nagios"
16949
16950
#: serverguide/C/monitoring.xml:44(para)
16951
msgid ""
16952
"First, on <emphasis>server01</emphasis> install the "
16953
"<application>nagios</application> package. In a terminal enter:"
16954
msgstr ""
16955
16956
#: serverguide/C/monitoring.xml:50(command)
16957
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16958
msgstr ""
16959
16960
#: serverguide/C/monitoring.xml:53(para)
16961
msgid ""
16962
"You will be asked to enter a password for the "
16963
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16964
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16965
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16966
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16967
"of the <application>apache2-utils</application> package."
16968
msgstr ""
16969
16970
#: serverguide/C/monitoring.xml:60(para)
16971
msgid ""
16972
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16973
"user enter:"
16974
msgstr ""
16975
16976
#: serverguide/C/monitoring.xml:65(command)
16977
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16978
msgstr ""
16979
16980
#: serverguide/C/monitoring.xml:68(para)
16981
msgid "To add a user:"
16982
msgstr ""
16983
16984
#: serverguide/C/monitoring.xml:73(command)
16985
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16986
msgstr ""
16987
16988
#: serverguide/C/monitoring.xml:76(para)
16989
msgid ""
16990
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16991
"server</application> package. From a terminal on server02 enter:"
16992
msgstr ""
16993
16994
#: serverguide/C/monitoring.xml:82(command)
16995
msgid "sudo apt-get install nagios-nrpe-server"
16996
msgstr ""
16997
16998
#: serverguide/C/monitoring.xml:86(para)
16999
msgid ""
17000
"<application>NRPE</application> allows you to execute local checks on remote "
17001
"hosts. There are other ways of accomplishing this through other Nagios "
17002
"plugins as well as other checks."
17003
msgstr ""
17004
17005
#: serverguide/C/monitoring.xml:94(title)
17006
msgid "Configuration Overview"
17007
msgstr ""
17008
17009
#: serverguide/C/monitoring.xml:96(para)
17010
msgid ""
17011
"There are a couple of directories containing "
17012
"<application>Nagios</application> configuration and check files."
17013
msgstr ""
17014
17015
#: serverguide/C/monitoring.xml:102(para)
17016
msgid ""
17017
"<filename>/etc/nagios3</filename>: contains configuration files for the "
17018
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
17019
"etc."
17020
msgstr ""
17021
17022
#: serverguide/C/monitoring.xml:108(para)
17023
msgid ""
17024
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
17025
"service checks."
17026
msgstr ""
17027
17028
#: serverguide/C/monitoring.xml:113(para)
17029
msgid ""
17030
"<filename>/etc/nagios</filename>: on the remote host contains the "
17031
"<application>nagios-nrpe-server</application> configuration files."
17032
msgstr ""
17033
17034
#: serverguide/C/monitoring.xml:118(para)
17035
msgid ""
17036
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
17037
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
17038
msgstr ""
17039
17040
#: serverguide/C/monitoring.xml:123(para)
17041
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
17042
msgstr ""
17043
17044
#: serverguide/C/monitoring.xml:129(para)
17045
msgid ""
17046
"There are a plethora of checks <application>Nagios</application> can be "
17047
"configured to execute for any given host. For this example Nagios will be "
17048
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
17049
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
17050
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
17051
msgstr ""
17052
17053
#: serverguide/C/monitoring.xml:136(para)
17054
msgid ""
17055
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
17056
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
17057
msgstr ""
17058
17059
#: serverguide/C/monitoring.xml:141(para)
17060
msgid ""
17061
"Additionally, there are some terms that once explained will hopefully make "
17062
"understanding Nagios configuration easier:"
17063
msgstr ""
17064
17065
#: serverguide/C/monitoring.xml:147(para)
17066
msgid ""
17067
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
17068
"is being monitored."
17069
msgstr ""
17070
17071
#: serverguide/C/monitoring.xml:152(para)
17072
msgid ""
17073
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
17074
"could group all web servers, file server, etc."
17075
msgstr ""
17076
17077
#: serverguide/C/monitoring.xml:157(para)
17078
msgid ""
17079
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
17080
"as HTTP, DNS, NFS, etc."
17081
msgstr ""
17082
17083
#: serverguide/C/monitoring.xml:162(para)
17084
msgid ""
17085
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
17086
"together. This is useful for grouping multiple HTTP for example."
17087
msgstr ""
17088
17089
#: serverguide/C/monitoring.xml:168(para)
17090
msgid ""
17091
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
17092
"place. Nagios can be configured to send emails, SMS messages, etc."
17093
msgstr ""
17094
17095
#: serverguide/C/monitoring.xml:174(para)
17096
msgid ""
17097
"By default Nagios is configured to check HTTP, disk space, SSH, current "
17098
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
17099
"will also <application>ping</application> check the "
17100
"<emphasis>gateway</emphasis>."
17101
msgstr ""
17102
17103
#: serverguide/C/monitoring.xml:179(para)
17104
msgid ""
17105
"Large Nagios installations can be quite complex to configure. It is usually "
17106
"best to start small, one or two hosts, get things configured the way you "
17107
"like then expand."
17108
msgstr ""
17109
17110
#: serverguide/C/monitoring.xml:194(para)
17111
msgid ""
17112
"First, create a <emphasis>host</emphasis> configuration file for "
17113
"<emphasis>server02</emphasis>. In a terminal enter:"
17114
msgstr ""
17115
17116
#: serverguide/C/monitoring.xml:199(command)
17117
msgid ""
17118
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
17119
"/etc/nagios3/conf.d/server02.cfg"
17120
msgstr ""
17121
17122
#: serverguide/C/monitoring.xml:203(para)
17123
msgid ""
17124
"In the above and following command examples, replace "
17125
"<emphasis>\"server01\"</emphasis>, "
17126
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
17127
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
17128
"your servers."
17129
msgstr ""
17130
17131
#: serverguide/C/monitoring.xml:212(para)
17132
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
17133
msgstr ""
17134
17135
#: serverguide/C/monitoring.xml:216(programlisting)
17136
#, no-wrap
17137
msgid ""
17138
"\n"
17139
"define host{\n"
17140
" use generic-host ; Name of host "
17141
"template to use\n"
17142
" host_name server02\n"
17143
" alias Server 02\n"
17144
" address 172.18.100.101\n"
17145
"}\n"
17146
"\n"
17147
"# check DNS service.\n"
17148
"define service {\n"
17149
" use generic-service\n"
17150
" host_name server02\n"
17151
" service_description DNS\n"
17152
" check_command check_dns!172.18.100.101\n"
17153
"}\n"
17154
msgstr ""
17155
17156
#: serverguide/C/monitoring.xml:236(para)
17157
msgid ""
17158
"Restart the <application>nagios</application> daemon to enable the new "
17159
"configuration:"
17160
msgstr ""
17161
17162
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
17163
msgid "sudo /etc/init.d/nagios3 restart"
17164
msgstr ""
17165
17166
#: serverguide/C/monitoring.xml:251(para)
17167
msgid ""
17168
"Now add a service definition for the MySQL check by adding the following to "
17169
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
17170
msgstr ""
17171
17172
#: serverguide/C/monitoring.xml:255(programlisting)
17173
#, no-wrap
17174
msgid ""
17175
"\n"
17176
"# check MySQL servers.\n"
17177
"define service {\n"
17178
" hostgroup_name mysql-servers\n"
17179
" service_description MySQL\n"
17180
" check_command "
17181
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
17182
" use generic-service\n"
17183
" notification_interval 0 ; set > 0 if you want to be "
17184
"renotified\n"
17185
"}\n"
17186
msgstr ""
17187
17188
#: serverguide/C/monitoring.xml:269(para)
17189
msgid ""
17190
"A <emphasis>mysql-servers</emphasis> hostgroup now needs to be defined. Edit "
17191
"<filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
17192
msgstr ""
17193
17194
#: serverguide/C/monitoring.xml:274(programlisting)
17195
#, no-wrap
17196
msgid ""
17197
"\n"
17198
"# MySQL hostgroup.\n"
17199
"define hostgroup {\n"
17200
" hostgroup_name mysql-servers\n"
17201
" alias MySQL servers\n"
17202
" members localhost, server02\n"
17203
" }\n"
17204
msgstr ""
17205
17206
#: serverguide/C/monitoring.xml:286(para)
17207
msgid ""
17208
"The Nagios check needs to authenticate to MySQL. To add a "
17209
"<emphasis>nagios</emphasis> user to MySQL enter:"
17210
msgstr ""
17211
17212
#: serverguide/C/monitoring.xml:291(command)
17213
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
17214
msgstr ""
17215
17216
#: serverguide/C/monitoring.xml:295(para)
17217
msgid ""
17218
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
17219
"<emphasis>mysql-servers</emphasis> hostgroup."
17220
msgstr ""
17221
17222
#: serverguide/C/monitoring.xml:303(para)
17223
msgid ""
17224
"Restart <application>nagios</application> to start checking the MySQL "
17225
"servers."
17226
msgstr ""
17227
17228
#: serverguide/C/monitoring.xml:318(para)
17229
msgid ""
17230
"Lastly configure NRPE to check the disk space on "
17231
"<emphasis>server02</emphasis>."
17232
msgstr ""
17233
17234
#: serverguide/C/monitoring.xml:322(para)
17235
msgid ""
17236
"On <emphasis>server01</emphasis> add the service check to "
17237
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
17238
msgstr ""
17239
17240
#: serverguide/C/monitoring.xml:327(programlisting)
17241
#, no-wrap
17242
msgid ""
17243
"\n"
17244
"# NRPE disk check.\n"
17245
"define service {\n"
17246
" use generic-service\n"
17247
" host_name server02\n"
17248
" service_description nrpe-disk\n"
17249
" check_command "
17250
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
17251
"}\n"
17252
msgstr ""
17253
17254
#: serverguide/C/monitoring.xml:340(para)
17255
msgid ""
17256
"Now on <emphasis>server02</emphasis> edit "
17257
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
17258
msgstr ""
17259
17260
#: serverguide/C/monitoring.xml:344(programlisting)
17261
#, no-wrap
17262
msgid ""
17263
"\n"
17264
"allowed_hosts=172.18.100.100\n"
17265
msgstr ""
17266
17267
#: serverguide/C/monitoring.xml:348(para)
17268
msgid "And below in the command definition area add:"
17269
msgstr ""
17270
17271
#: serverguide/C/monitoring.xml:352(programlisting)
17272
#, no-wrap
17273
msgid ""
17274
"\n"
17275
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
17276
"e\n"
17277
msgstr ""
17278
17279
#: serverguide/C/monitoring.xml:359(para)
17280
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
17281
msgstr ""
17282
17283
#: serverguide/C/monitoring.xml:364(command)
17284
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
17285
msgstr ""
17286
17287
#: serverguide/C/monitoring.xml:370(para)
17288
msgid ""
17289
"Also, on <emphasis>server01</emphasis> restart "
17290
"<application>nagios</application>:"
17291
msgstr ""
17292
17293
#: serverguide/C/monitoring.xml:383(para)
17294
msgid ""
17295
"You should now be able to see the host and service checks in the Nagios CGI "
17296
"files. To access them point a browser to http://server01/nagios3. You will "
17297
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
17298
"password."
17299
msgstr ""
17300
17301
#: serverguide/C/monitoring.xml:393(para)
17302
msgid ""
17303
"This section has just scratched the surface of Nagios' features. The "
17304
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
17305
"plugins</application> contain many more service checks."
17306
msgstr ""
17307
17308
#: serverguide/C/monitoring.xml:400(para)
17309
msgid ""
17310
"For more information see <ulink "
17311
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
17312
msgstr ""
17313
17314
#: serverguide/C/monitoring.xml:405(para)
17315
msgid ""
17316
"Specifically the <ulink "
17317
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
17318
"site."
17319
msgstr ""
17320
17321
#: serverguide/C/monitoring.xml:410(para)
17322
msgid ""
17323
"There is also a list of <ulink "
17324
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
17325
"Nagios and network monitoring:"
17326
msgstr ""
17327
17328
#: serverguide/C/monitoring.xml:416(para)
17329
msgid ""
17330
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
17331
"Wiki</ulink> page also has more details."
17332
msgstr ""
17333
17334
#: serverguide/C/monitoring.xml:425(title)
17335
msgid "Munin"
17336
msgstr ""
17337
17338
#: serverguide/C/monitoring.xml:430(para)
17339
msgid ""
17340
"Before installing <application>Munin</application> on "
17341
"<emphasis>server01</emphasis><application>apache2</application> will need to "
17342
"be installed. The default configuration is fine for running a "
17343
"<application>munin</application> server. For more information see <xref "
17344
"linkend=\"httpd\"/>."
17345
msgstr ""
17346
17347
#: serverguide/C/monitoring.xml:436(para)
17348
msgid ""
17349
"First, on <emphasis>server01</emphasis> install "
17350
"<application>munin</application>. In a terminal enter:"
17351
msgstr ""
17352
17353
#: serverguide/C/monitoring.xml:441(command)
17354
msgid "sudo apt-get install munin"
17355
msgstr ""
17356
17357
#: serverguide/C/monitoring.xml:444(para)
17358
msgid ""
17359
"Now on <emphasis>server02</emphasis> install the <application>munin-"
17360
"node</application> package:"
17361
msgstr ""
17362
17363
#: serverguide/C/monitoring.xml:449(command)
17364
msgid "sudo apt-get install munin-node"
17365
msgstr ""
17366
17367
#: serverguide/C/monitoring.xml:456(para)
17368
msgid ""
17369
"On <emphasis>server01</emphasis> edit the "
17370
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
17371
"<emphasis>server02</emphasis>:"
17372
msgstr ""
17373
17374
#: serverguide/C/monitoring.xml:461(programlisting)
17375
#, no-wrap
17376
msgid ""
17377
"\n"
17378
"## First our \"normal\" host.\n"
17379
"[server02]\n"
17380
" address 172.18.100.101\n"
17381
msgstr ""
17382
17383
#: serverguide/C/monitoring.xml:468(para)
17384
msgid ""
17385
"Replace <emphasis>server02</emphasis> and "
17386
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
17387
"for your server."
17388
msgstr ""
17389
17390
#: serverguide/C/monitoring.xml:474(para)
17391
msgid ""
17392
"Next, configure <application>munin-node</application> on "
17393
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
17394
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
17395
msgstr ""
17396
17397
#: serverguide/C/monitoring.xml:479(programlisting)
17398
#, no-wrap
17399
msgid ""
17400
"\n"
17401
"allow ^172\\.18\\.100\\.100$\n"
17402
msgstr ""
17403
17404
#: serverguide/C/monitoring.xml:484(para)
17405
msgid ""
17406
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
17407
"<application>munin</application> server."
17408
msgstr ""
17409
17410
#: serverguide/C/monitoring.xml:489(para)
17411
msgid ""
17412
"Now restart <application>munin-node</application> on "
17413
"<emphasis>server02</emphasis> for the changes to take effect:"
17414
msgstr ""
17415
17416
#: serverguide/C/monitoring.xml:494(command)
17417
msgid "sudo /etc/init.d/munin-node restart"
17418
msgstr ""
17419
17420
#: serverguide/C/monitoring.xml:497(para)
17421
msgid ""
17422
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
17423
"you should see links to nice graphs displaying information from the standard "
17424
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
17425
msgstr ""
17426
17427
#: serverguide/C/monitoring.xml:503(para)
17428
msgid ""
17429
"Since this is a new install it may take some time for the graphs to display "
17430
"anything useful."
17431
msgstr ""
17432
17433
#: serverguide/C/monitoring.xml:510(title)
17434
msgid "Additional Plugins"
17435
msgstr ""
17436
17437
#: serverguide/C/monitoring.xml:512(para)
17438
msgid ""
17439
"The <application>munin-plugins-extra</application> package contains "
17440
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
17441
"install the package, from a terminal enter:"
17442
msgstr ""
17443
17444
#: serverguide/C/monitoring.xml:518(command)
17445
msgid "sudo apt-get install munin-plugins-extra"
17446
msgstr ""
17447
17448
#: serverguide/C/monitoring.xml:521(para)
17449
msgid "Be sure to install the package on both the server and node machines."
17450
msgstr ""
17451
17452
#: serverguide/C/monitoring.xml:531(para)
17453
msgid ""
17454
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
17455
"website for more details."
17456
msgstr ""
17457
17458
#: serverguide/C/monitoring.xml:536(para)
17459
msgid ""
17460
"Specifically the <ulink "
17461
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
17462
"Documentation</ulink> page includes information on additional plugins, "
17463
"writing plugins, etc."
17464
msgstr ""
17465
17466
#: serverguide/C/monitoring.xml:542(para)
17467
msgid ""
17468
"Also, there is a book in German by Open Source Press: <ulink "
17469
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
17470
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
17471
msgstr ""
17472
17473
#: serverguide/C/monitoring.xml:548(para)
17474
msgid ""
17475
"Another resource is the <ulink "
17476
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
17477
"page."
17478
msgstr ""
17479
17480
#: serverguide/C/mail.xml:13(title)
17481
msgid "Email Services"
17482
msgstr ""
17483
17484
#: serverguide/C/mail.xml:14(para)
17485
msgid ""
17486
"The process of getting an email from one person to another over a network or "
17487
"the Internet involves many systems working together. Each of these systems "
17488
"must be correctly configured for the process to work. The sender uses a "
17489
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
17490
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
17491
"the last of which will hand it off to a <emphasis>Mail Delivery "
17492
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
17493
"it will be retrieved by the recipient's email client, usually via a POP3 or "
17494
"IMAP server."
17495
msgstr ""
17496
17497
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
17498
msgid "Postfix"
17499
msgstr "Postfix"
17500
17501
#: serverguide/C/mail.xml:25(para)
17502
msgid ""
17503
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
17504
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
17505
"compatible with the MTA <application>sendmail</application>. This section "
17506
"explains how to install and configure <application>postfix</application>. It "
17507
"also explains how to set it up as an SMTP server using a secure connection "
17508
"(for sending emails securely)."
17509
msgstr ""
17510
17511
#: serverguide/C/mail.xml:34(para)
17512
msgid ""
17513
"This guide does not cover setting up Postfix <emphasis>Virtual "
17514
"Domains</emphasis>, for information on Virtual Domains and other advanced "
17515
"configurations see <xref linkend=\"postfix-references\"/>."
17516
msgstr ""
17517
17518
#: serverguide/C/mail.xml:41(para)
17519
msgid ""
17520
"To install <application>postfix</application> run the following command:"
17521
msgstr ""
17522
17523
#: serverguide/C/mail.xml:47(para)
17524
msgid ""
17525
"Simply press return when the installation process asks questions, the "
17526
"configuration will be done in greater detail in the next stage."
17527
msgstr ""
17528
17529
#: serverguide/C/mail.xml:52(title)
17530
msgid "Basic Configuration"
17531
msgstr "Базове налаштування"
17532
17533
#: serverguide/C/mail.xml:53(para)
17534
msgid ""
17535
"To configure <application>postfix</application>, run the following command:"
17536
msgstr ""
17537
17538
#: serverguide/C/mail.xml:57(command)
17539
msgid "sudo dpkg-reconfigure postfix"
17540
msgstr "sudo dpkg-reconfigure postfix"
17541
17542
#: serverguide/C/mail.xml:63(para)
17543
msgid "Internet Site"
17544
msgstr ""
17545
17546
#: serverguide/C/mail.xml:64(para)
17547
msgid "mail.example.com"
17548
msgstr "mail.example.com"
17549
17550
#: serverguide/C/mail.xml:65(para)
17551
msgid "steve"
17552
msgstr "steve"
17553
17554
#: serverguide/C/mail.xml:66(para)
17555
msgid "mail.example.com, localhost.localdomain, localhost"
17556
msgstr "mail.example.com, localhost.localdomain, localhost"
17557
17558
#: serverguide/C/mail.xml:67(para)
17559
msgid "No"
17560
msgstr "No"
17561
17562
#: serverguide/C/mail.xml:68(para)
17563
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
17564
msgstr "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
17565
17566
#: serverguide/C/mail.xml:69(para)
17567
msgid "0"
17568
msgstr "0"
17569
17570
#: serverguide/C/mail.xml:70(para)
17571
msgid "+"
17572
msgstr "+"
17573
17574
#: serverguide/C/mail.xml:71(para)
17575
msgid "all"
17576
msgstr "all"
17577
17578
#: serverguide/C/mail.xml:59(para)
17579
msgid ""
17580
"The user interface will be displayed. On each screen, select the following "
17581
"values: <placeholder-1/>"
17582
msgstr ""
17583
17584
#: serverguide/C/mail.xml:75(para)
17585
msgid ""
17586
"Replace mail.example.com with the domain for which you'll accept email, "
17587
"192.168.0.0/24 with the actual network and class range of your mail server, "
17588
"and steve with the appropriate username."
17589
msgstr ""
17590
17591
#: serverguide/C/mail.xml:81(para)
17592
msgid ""
17593
"Now is a good time to decide which mailbox format you want to use. By "
17594
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
17595
"mailbox format. Rather than editing the configuration file directly, you can "
17596
"use the <command>postconf</command> command to configure all "
17597
"<application>postfix</application> parameters. The configuration parameters "
17598
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
17599
"you wish to re-configure a particular parameter, you can either run the "
17600
"command or change it manually in the file."
17601
msgstr ""
17602
17603
#: serverguide/C/mail.xml:92(para)
17604
msgid ""
17605
"To configure the mailbox format for <emphasis "
17606
"role=\"strong\">Maildir:</emphasis>"
17607
msgstr ""
17608
17609
#: serverguide/C/mail.xml:97(command)
17610
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
17611
msgstr ""
17612
17613
#: serverguide/C/mail.xml:100(para)
17614
msgid ""
17615
"This will place new mail in /home/<emphasis "
17616
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
17617
"your Mail Delivery Agent (MDA) to use the same path."
17618
msgstr ""
17619
17620
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
17621
msgid "SMTP Authentication"
17622
msgstr ""
17623
17624
#: serverguide/C/mail.xml:110(para)
17625
msgid ""
17626
"SMTP-AUTH allows a client to identify itself through an authentication "
17627
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
17628
"the authentication process. Once authenticated the SMTP server will allow "
17629
"the client to relay mail."
17630
msgstr ""
17631
17632
#: serverguide/C/mail.xml:117(para)
17633
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
17634
msgstr ""
17635
17636
#: serverguide/C/mail.xml:120(screen)
17637
#, no-wrap
17638
msgid ""
17639
"\n"
17640
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
17641
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
17642
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
17643
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17644
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17645
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17646
"sudo postconf -e 'smtpd_recipient_restrictions = "
17647
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17648
"sudo postconf -e 'inet_interfaces = all'\n"
17649
msgstr ""
17650
17651
#: serverguide/C/mail.xml:131(para)
17652
msgid ""
17653
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
17654
"the Postfix queue directory."
17655
msgstr ""
17656
17657
#: serverguide/C/mail.xml:137(para)
17658
msgid ""
17659
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
17660
"and-security\"/> for details. This example also uses a Certificate Authority "
17661
"(CA). For information on generating a CA certificate see <xref "
17662
"linkend=\"certificate-authority\"/>."
17663
msgstr ""
17664
17665
#: serverguide/C/mail.xml:143(para)
17666
msgid ""
17667
"You can get the digital certificate from a certificate authority. But unlike "
17668
"web clients, SMTP clients rarely complain about \"self-signed "
17669
"certificates\", so alternatively, you can create the certificate yourself. "
17670
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
17671
"details."
17672
msgstr ""
17673
17674
#: serverguide/C/mail.xml:155(para)
17675
msgid ""
17676
"Once you have a certificate, configure Postfix to provide TLS encryption for "
17677
"both incoming and outgoing mail:"
17678
msgstr ""
17679
17680
#: serverguide/C/mail.xml:158(screen)
17681
#, no-wrap
17682
msgid ""
17683
"\n"
17684
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
17685
"sudo postconf -e 'smtp_use_tls = yes'\n"
17686
"sudo postconf -e 'smtpd_use_tls = yes'\n"
17687
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
17688
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
17689
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
17690
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
17691
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
17692
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
17693
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
17694
"sudo postconf -e 'myhostname = mail.example.com'\n"
17695
msgstr ""
17696
17697
#: serverguide/C/mail.xml:173(para)
17698
msgid ""
17699
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17700
"the certificate enter:"
17701
msgstr ""
17702
17703
#: serverguide/C/mail.xml:177(command)
17704
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17705
msgstr ""
17706
17707
#: serverguide/C/mail.xml:180(para)
17708
msgid ""
17709
"Again, for more details about certificates see <xref linkend=\"certificates-"
17710
"and-security\"/>."
17711
msgstr ""
17712
17713
#: serverguide/C/mail.xml:186(para)
17714
msgid ""
17715
"After running all the commands, <application>Postfix</application> is "
17716
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17717
"TLS encryption."
17718
msgstr ""
17719
17720
#: serverguide/C/mail.xml:191(para)
17721
msgid ""
17722
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17723
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17724
msgstr ""
17725
17726
#: serverguide/C/mail.xml:195(para)
17727
msgid ""
17728
"The postfix initial configuration is complete. Run the following command to "
17729
"restart the postfix daemon:"
17730
msgstr ""
17731
17732
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17733
msgid "sudo /etc/init.d/postfix restart"
17734
msgstr ""
17735
17736
#: serverguide/C/mail.xml:204(para)
17737
msgid ""
17738
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17739
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17740
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17741
"However it is still necessary to set up SASL authentication before you can "
17742
"use SMTP-AUTH."
17743
msgstr ""
17744
17745
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
17746
msgid "Configuring SASL"
17747
msgstr ""
17748
17749
#: serverguide/C/mail.xml:215(para)
17750
msgid ""
17751
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17752
"enable Dovecot SASL the <application>dovecot-common</application> package "
17753
"will need to be installed. From a terminal prompt enter the following:"
17754
msgstr ""
17755
17756
#: serverguide/C/mail.xml:221(command)
17757
msgid "sudo apt-get install dovecot-common"
17758
msgstr ""
17759
17760
#: serverguide/C/mail.xml:223(para)
17761
msgid ""
17762
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17763
"In the <emphasis>auth default</emphasis> section uncomment the "
17764
"<emphasis>socket listen</emphasis> option and change the following:"
17765
msgstr ""
17766
17767
#: serverguide/C/mail.xml:227(programlisting)
17768
#, no-wrap
17769
msgid ""
17770
"\n"
17771
" socket listen {\n"
17772
" #master {\n"
17773
" # Master socket provides access to userdb information. It's typically\n"
17774
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17775
" # can find mailbox locations.\n"
17776
" #path = /var/run/dovecot/auth-master\n"
17777
" #mode = 0600\n"
17778
" # Default user/group is the one who started dovecot-auth (root)\n"
17779
" #user = \n"
17780
" #group = \n"
17781
" #}\n"
17782
" client {\n"
17783
" # The client socket is generally safe to export to everyone. Typical "
17784
"use\n"
17785
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17786
" # using it.\n"
17787
" path = /var/spool/postfix/private/auth-client\n"
17788
" mode = 0660\n"
17789
" user = postfix\n"
17790
" group = postfix\n"
17791
" }\n"
17792
" }\n"
17793
msgstr ""
17794
17795
#: serverguide/C/mail.xml:251(para)
17796
msgid ""
17797
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17798
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17799
"add <emphasis>\"login\"</emphasis>:"
17800
msgstr ""
17801
17802
#: serverguide/C/mail.xml:256(programlisting)
17803
#, no-wrap
17804
msgid ""
17805
"\n"
17806
" mechanisms = plain login\n"
17807
msgstr ""
17808
17809
#: serverguide/C/mail.xml:260(para)
17810
msgid ""
17811
"Once you have <application>Dovecot</application> configured restart it with:"
17812
msgstr ""
17813
17814
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17815
msgid "sudo /etc/init.d/dovecot restart"
17816
msgstr ""
17817
17818
#: serverguide/C/mail.xml:269(title)
17819
msgid "Postfix-Dovecot"
17820
msgstr ""
17821
17822
#: serverguide/C/mail.xml:271(para)
17823
msgid ""
17824
"Another option for configuring <application>Postfix</application> for SMTP-"
17825
"AUTH is using the <application>dovecot-postfix</application> package. This "
17826
"package will install <application>Dovecot</application> and configure "
17827
"<application>Postfix</application> to use it for both SASL authentication "
17828
"and as a Mail Delivery Agent (MDA). The package also configures "
17829
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17830
msgstr ""
17831
17832
#: serverguide/C/mail.xml:280(para)
17833
msgid ""
17834
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17835
"server. For example, if you are configuring your server to be a mail "
17836
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17837
"the above commands to configure Postfix for SMTPAUTH."
17838
msgstr ""
17839
17840
#: serverguide/C/mail.xml:287(para)
17841
msgid "To install the package, from a terminal prompt enter:"
17842
msgstr ""
17843
17844
#: serverguide/C/mail.xml:292(command)
17845
msgid "sudo apt-get install dovecot-postfix"
17846
msgstr ""
17847
17848
#: serverguide/C/mail.xml:295(para)
17849
msgid ""
17850
"You should now have a working mail server, but there are a few options that "
17851
"you may wish to further customize. For example, the package uses the "
17852
"certificate and key from the <application>ssl-cert</application> package, "
17853
"and in a production environment you should use a certificate and key "
17854
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17855
"for more details."
17856
msgstr ""
17857
17858
#: serverguide/C/mail.xml:301(para)
17859
msgid ""
17860
"Once you have a customized certificate and key for the host, change the "
17861
"following options in <filename>/etc/postfix/main.cf</filename>:"
17862
msgstr ""
17863
17864
#: serverguide/C/mail.xml:305(programlisting)
17865
#, no-wrap
17866
msgid ""
17867
"\n"
17868
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17869
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17870
msgstr ""
17871
17872
#: serverguide/C/mail.xml:310(para)
17873
msgid "Then restart Postfix:"
17874
msgstr ""
17875
17876
#: serverguide/C/mail.xml:321(para)
17877
msgid ""
17878
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17879
msgstr ""
17880
17881
#: serverguide/C/mail.xml:324(para)
17882
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17883
msgstr ""
17884
17885
#: serverguide/C/mail.xml:329(command)
17886
msgid "telnet mail.example.com 25"
17887
msgstr ""
17888
17889
#: serverguide/C/mail.xml:331(para)
17890
msgid ""
17891
"After you have established the connection to the postfix mail server, type:"
17892
msgstr ""
17893
17894
#: serverguide/C/mail.xml:335(screen)
17895
#, no-wrap
17896
msgid ""
17897
"\n"
17898
"ehlo mail.example.com\n"
17899
msgstr ""
17900
17901
#: serverguide/C/mail.xml:338(para)
17902
msgid ""
17903
"If you see the following lines among others, then everything is working "
17904
"perfectly. Type <command>quit</command> to exit."
17905
msgstr ""
17906
17907
#: serverguide/C/mail.xml:342(programlisting)
17908
#, no-wrap
17909
msgid ""
17910
"\n"
17911
"250-STARTTLS\n"
17912
"250-AUTH LOGIN PLAIN\n"
17913
"250-AUTH=LOGIN PLAIN\n"
17914
"250 8BITMIME\n"
17915
msgstr ""
17916
17917
#: serverguide/C/mail.xml:352(para)
17918
msgid ""
17919
"This section introduces some common ways to determine the cause if problems "
17920
"arise."
17921
msgstr ""
17922
17923
#: serverguide/C/mail.xml:356(title)
17924
msgid "Escaping chroot"
17925
msgstr ""
17926
17927
#: serverguide/C/mail.xml:357(para)
17928
msgid ""
17929
"The Ubuntu <application>postfix</application> package will by default "
17930
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17931
"This can add greater complexity when troubleshooting problems."
17932
msgstr ""
17933
17934
#: serverguide/C/mail.xml:361(para)
17935
msgid ""
17936
"To turn off the chroot operation locate for the following line in the "
17937
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17938
msgstr ""
17939
17940
#: serverguide/C/mail.xml:365(screen)
17941
#, no-wrap
17942
msgid ""
17943
"\n"
17944
"smtp inet n - - - - smtpd\n"
17945
msgstr ""
17946
17947
#: serverguide/C/mail.xml:368(para)
17948
msgid "and modify it as follows:"
17949
msgstr ""
17950
17951
#: serverguide/C/mail.xml:371(screen)
17952
#, no-wrap
17953
msgid ""
17954
"\n"
17955
"smtp inet n - n - - smtpd\n"
17956
msgstr ""
17957
17958
#: serverguide/C/mail.xml:374(para)
17959
msgid ""
17960
"You will then need to restart Postfix to use the new configuration. From a "
17961
"terminal prompt enter:"
17962
msgstr ""
17963
17964
#: serverguide/C/mail.xml:382(title)
17965
msgid "Log Files"
17966
msgstr "Файли журналів"
17967
17968
#: serverguide/C/mail.xml:383(para)
17969
msgid ""
17970
"<application>Postfix</application> sends all log messages to "
17971
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17972
"can sometimes get lost in the normal log output so they are also logged to "
17973
"<filename>/var/log/mail.err</filename> and "
17974
"<filename>/var/log/mail.warn</filename> respectively."
17975
msgstr ""
17976
17977
#: serverguide/C/mail.xml:388(para)
17978
msgid ""
17979
"To see messages entered into the logs in real time you can use the "
17980
"<application>tail -f</application> command:"
17981
msgstr ""
17982
17983
#: serverguide/C/mail.xml:393(command)
17984
msgid "tail -f /var/log/mail.err"
17985
msgstr ""
17986
17987
#: serverguide/C/mail.xml:395(para)
17988
msgid ""
17989
"The amount of detail that is recorded in the logs can be increased. Below "
17990
"are some configuration options for increasing the log level for some of the "
17991
"areas covered above."
17992
msgstr ""
17993
17994
#: serverguide/C/mail.xml:401(para)
17995
msgid ""
17996
"To increase <emphasis>TLS</emphasis> activity logging set the "
17997
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17998
msgstr ""
17999
18000
#: serverguide/C/mail.xml:405(command)
18001
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
18002
msgstr ""
18003
18004
#: serverguide/C/mail.xml:409(para)
18005
msgid ""
18006
"If you are having trouble sending or receiving mail from a specific domain "
18007
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
18008
msgstr ""
18009
18010
#: serverguide/C/mail.xml:414(command)
18011
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
18012
msgstr ""
18013
18014
#: serverguide/C/mail.xml:418(para)
18015
msgid ""
18016
"You can increase the verbosity of any <application>Postfix</application> "
18017
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
18018
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
18019
"<emphasis>smtp</emphasis> entry:"
18020
msgstr ""
18021
18022
#: serverguide/C/mail.xml:422(programlisting)
18023
#, no-wrap
18024
msgid ""
18025
"\n"
18026
"smtp unix - - - - - smtp -v\n"
18027
msgstr ""
18028
18029
#: serverguide/C/mail.xml:428(para)
18030
msgid ""
18031
"It is important to note that after making one of the logging changes above "
18032
"the <application>Postfix</application> process will need to be reloaded in "
18033
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
18034
"reload</command>"
18035
msgstr ""
18036
18037
#: serverguide/C/mail.xml:435(para)
18038
msgid ""
18039
"To increase the amount of information logged when troubleshooting "
18040
"<emphasis>SASL</emphasis> issues you can set the following options in "
18041
"<filename>/etc/dovecot/dovecot.conf</filename>"
18042
msgstr ""
18043
18044
#: serverguide/C/mail.xml:439(programlisting)
18045
#, no-wrap
18046
msgid ""
18047
"\n"
18048
"auth_debug=yes\n"
18049
"auth_debug_passwords=yes\n"
18050
msgstr ""
18051
18052
#: serverguide/C/mail.xml:446(para)
18053
msgid ""
18054
"Just like <application>Postfix</application> if you change a "
18055
"<application>Dovecot</application> configuration the process will need to be "
18056
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
18057
msgstr ""
18058
18059
#: serverguide/C/mail.xml:452(para)
18060
msgid ""
18061
"Some of the options above can drastically increase the amount of information "
18062
"sent to the log files. Remember to return the log level back to normal after "
18063
"you have corrected the problem. Then reload the appropriate daemon for the "
18064
"new configuration to take affect."
18065
msgstr ""
18066
18067
#: serverguide/C/mail.xml:460(para)
18068
msgid ""
18069
"Administering a <application>Postfix</application> server can be a very "
18070
"complicated task. At some point you may need to turn to the Ubuntu community "
18071
"for more experienced help."
18072
msgstr ""
18073
18074
#: serverguide/C/mail.xml:464(para)
18075
msgid ""
18076
"A great place to ask for <application>Postfix</application> assistance, and "
18077
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
18078
"server</emphasis> IRC channel on <ulink "
18079
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
18080
"one of the <ulink "
18081
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
18082
msgstr ""
18083
18084
#: serverguide/C/mail.xml:469(para)
18085
msgid ""
18086
"For in depth <application>Postfix</application> information Ubuntu "
18087
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
18088
"Book of Postfix</ulink>."
18089
msgstr ""
18090
18091
#: serverguide/C/mail.xml:473(para)
18092
msgid ""
18093
"Finally, the <ulink "
18094
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
18095
"also has great documentation on all the different configuration options "
18096
"available."
18097
msgstr ""
18098
18099
#: serverguide/C/mail.xml:477(para)
18100
msgid ""
18101
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
18102
"Wiki Postifx</ulink> page has more information."
18103
msgstr ""
18104
18105
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
18106
msgid "Exim4"
18107
msgstr ""
18108
18109
#: serverguide/C/mail.xml:486(para)
18110
msgid ""
18111
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
18112
"developed at the University of Cambridge for use on Unix systems connected "
18113
"to the Internet. Exim can be installed in place of "
18114
"<application>sendmail</application>, although the configuration of "
18115
"<application>exim</application> is quite different to that of "
18116
"<application>sendmail</application>."
18117
msgstr ""
18118
18119
#: serverguide/C/mail.xml:497(para)
18120
msgid ""
18121
"To install <application>exim4</application>, run the following command: "
18122
"<screen>\n"
18123
"<command>sudo apt-get install exim4</command>\n"
18124
"</screen>"
18125
msgstr ""
18126
18127
#: serverguide/C/mail.xml:506(para)
18128
msgid ""
18129
"To configure <application>Exim4</application>, run the following command:"
18130
msgstr ""
18131
18132
#: serverguide/C/mail.xml:510(command)
18133
msgid "sudo dpkg-reconfigure exim4-config"
18134
msgstr ""
18135
18136
#: serverguide/C/mail.xml:512(para)
18137
msgid ""
18138
"The user interface will be displayed. The user interface lets you configure "
18139
"many parameters. For example, In <application>Exim4</application> the "
18140
"configuration files are split among multiple files. If you wish to have them "
18141
"in one file you can configure accordingly in this user interface."
18142
msgstr ""
18143
18144
#: serverguide/C/mail.xml:520(para)
18145
msgid ""
18146
"All the parameters you configure in the user interface are stored in "
18147
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
18148
"re-configure, either you re-run the configuration wizard or manually edit "
18149
"this file using your favorite editor. Once you configure, you can run the "
18150
"following command to generate the master configuration file:"
18151
msgstr ""
18152
18153
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
18154
msgid "sudo update-exim4.conf"
18155
msgstr ""
18156
18157
#: serverguide/C/mail.xml:533(para)
18158
msgid ""
18159
"The master configuration file, is generated and it is stored in "
18160
"<filename>/var/lib/exim4/config.autogenerated</filename>."
18161
msgstr ""
18162
18163
#: serverguide/C/mail.xml:539(para)
18164
msgid ""
18165
"At any time, you should not edit the master configuration file, "
18166
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
18167
"updated automatically every time you run <command>update-exim4.conf</command>"
18168
msgstr ""
18169
18170
#: serverguide/C/mail.xml:547(para)
18171
msgid ""
18172
"You can run the following command to start <application>Exim4</application> "
18173
"daemon."
18174
msgstr ""
18175
18176
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
18177
msgid "sudo /etc/init.d/exim4 start"
18178
msgstr ""
18179
18180
#: serverguide/C/mail.xml:557(para)
18181
msgid ""
18182
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
18183
msgstr ""
18184
18185
#: serverguide/C/mail.xml:560(para)
18186
msgid ""
18187
"The first step is to create a certificate for use with TLS. Enter the "
18188
"following into a terminal prompt:"
18189
msgstr ""
18190
18191
#: serverguide/C/mail.xml:564(command)
18192
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
18193
msgstr ""
18194
18195
#: serverguide/C/mail.xml:566(para)
18196
msgid ""
18197
"Now Exim4 needs to be configured for TLS by editing "
18198
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
18199
"the following:"
18200
msgstr ""
18201
18202
#: serverguide/C/mail.xml:570(programlisting)
18203
#, no-wrap
18204
msgid ""
18205
"\n"
18206
"MAIN_TLS_ENABLE = yes\n"
18207
msgstr ""
18208
18209
#: serverguide/C/mail.xml:573(para)
18210
msgid ""
18211
"Next you need to configure <application>Exim4</application> to use the "
18212
"<application>saslauthd</application> for authentication. Edit "
18213
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
18214
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
18215
"<emphasis>login_saslauthd_server</emphasis> sections:"
18216
msgstr ""
18217
18218
#: serverguide/C/mail.xml:578(programlisting)
18219
#, no-wrap
18220
msgid ""
18221
"\n"
18222
" plain_saslauthd_server:\n"
18223
" driver = plaintext\n"
18224
" public_name = PLAIN\n"
18225
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
18226
" server_set_id = $auth2\n"
18227
" server_prompts = :\n"
18228
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
18229
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
18230
" .endif\n"
18231
"#\n"
18232
" login_saslauthd_server:\n"
18233
" driver = plaintext\n"
18234
" public_name = LOGIN\n"
18235
" server_prompts = \"Username:: : Password::\"\n"
18236
" # don't send system passwords over unencrypted connections\n"
18237
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
18238
" server_set_id = $auth1\n"
18239
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
18240
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
18241
" .endif\n"
18242
msgstr ""
18243
18244
#: serverguide/C/mail.xml:600(para)
18245
msgid "Finally, update the Exim4 configuration and restart the service:"
18246
msgstr ""
18247
18248
#: serverguide/C/mail.xml:605(command)
18249
msgid "sudo /etc/init.d/exim4 restart"
18250
msgstr ""
18251
18252
#: serverguide/C/mail.xml:610(para)
18253
msgid ""
18254
"This section provides details on configuring the saslauthd to provide "
18255
"authentication for <application>Exim4</application>."
18256
msgstr ""
18257
18258
#: serverguide/C/mail.xml:613(para)
18259
msgid ""
18260
"The first step is to install the sasl2-bin package. From a terminal prompt "
18261
"enter the following:"
18262
msgstr ""
18263
18264
#: serverguide/C/mail.xml:617(command)
18265
msgid "sudo apt-get install sasl2-bin"
18266
msgstr ""
18267
18268
#: serverguide/C/mail.xml:619(para)
18269
msgid ""
18270
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
18271
"and set START=no to:"
18272
msgstr ""
18273
18274
#: serverguide/C/mail.xml:622(programlisting)
18275
#, no-wrap
18276
msgid ""
18277
"\n"
18278
"START=yes\n"
18279
msgstr ""
18280
18281
#: serverguide/C/mail.xml:625(para)
18282
msgid ""
18283
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
18284
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
18285
"service:"
18286
msgstr ""
18287
18288
#: serverguide/C/mail.xml:630(command)
18289
msgid "sudo adduser Debian-exim sasl"
18290
msgstr ""
18291
18292
#: serverguide/C/mail.xml:632(para)
18293
msgid "Now start the <application>saslauthd</application> service:"
18294
msgstr ""
18295
18296
#: serverguide/C/mail.xml:636(command)
18297
msgid "sudo /etc/init.d/saslauthd start"
18298
msgstr ""
18299
18300
#: serverguide/C/mail.xml:638(para)
18301
msgid ""
18302
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
18303
"and SASL authentication."
18304
msgstr ""
18305
18306
#: serverguide/C/mail.xml:647(para)
18307
msgid ""
18308
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
18309
"information."
18310
msgstr ""
18311
18312
#: serverguide/C/mail.xml:652(para)
18313
msgid ""
18314
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
18315
"server\">Exim4 Book</ulink> available."
18316
msgstr ""
18317
18318
#: serverguide/C/mail.xml:657(para)
18319
msgid ""
18320
"Another resource is the <ulink "
18321
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
18322
"page."
18323
msgstr ""
18324
18325
#: serverguide/C/mail.xml:666(title)
18326
msgid "Dovecot Server"
18327
msgstr ""
18328
18329
#: serverguide/C/mail.xml:667(para)
18330
msgid ""
18331
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
18332
"security primarily in mind. It supports the major mailbox formats: mbox or "
18333
"Maildir. This section explain how to set it up as an imap or pop3 server."
18334
msgstr ""
18335
18336
#: serverguide/C/mail.xml:675(para)
18337
msgid ""
18338
"To install <application>dovecot</application>, run the following command in "
18339
"the command prompt:"
18340
msgstr ""
18341
18342
#: serverguide/C/mail.xml:680(command)
18343
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
18344
msgstr ""
18345
18346
#: serverguide/C/mail.xml:685(para)
18347
msgid ""
18348
"To configure <application>dovecot</application>, you can edit the file "
18349
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
18350
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
18351
"secure). A description of these protocols is beyond the scope of this guide. "
18352
"For further information, refer to the Wikipedia articles on <ulink "
18353
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
18354
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
18355
"link>."
18356
msgstr ""
18357
18358
#: serverguide/C/mail.xml:695(para)
18359
msgid ""
18360
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
18361
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
18362
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
18363
msgstr ""
18364
18365
#: serverguide/C/mail.xml:701(programlisting)
18366
#, no-wrap
18367
msgid ""
18368
"\n"
18369
"protocols = pop3 pop3s imap imaps\n"
18370
msgstr ""
18371
18372
#: serverguide/C/mail.xml:704(para)
18373
msgid ""
18374
"Next, choose the mailbox you would like to use. "
18375
"<application>Dovecot</application> supports <emphasis "
18376
"role=\"strong\">maildir</emphasis> and <emphasis "
18377
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
18378
"mailbox formats. They both have their own benefits and are discussed on "
18379
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
18380
"site</ulink>."
18381
msgstr ""
18382
18383
#: serverguide/C/mail.xml:712(para)
18384
msgid ""
18385
"Once you have chosen your mailbox type, edit the file "
18386
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
18387
msgstr ""
18388
18389
#: serverguide/C/mail.xml:717(programlisting)
18390
#, no-wrap
18391
msgid ""
18392
"\n"
18393
"mail_location = maildir:~/Maildir # (for maildir)\n"
18394
"or\n"
18395
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
18396
msgstr ""
18397
18398
#: serverguide/C/mail.xml:723(para)
18399
msgid ""
18400
"You should configure your Mail Transport Agent (MTA) to transfer the "
18401
"incoming mail to this type of mailbox if it is different from the one you "
18402
"have configured."
18403
msgstr ""
18404
18405
#: serverguide/C/mail.xml:729(para)
18406
msgid ""
18407
"Once you have configured dovecot, restart the "
18408
"<application>dovecot</application> daemon in order to test your setup:"
18409
msgstr ""
18410
18411
#: serverguide/C/mail.xml:738(para)
18412
msgid ""
18413
"If you have enabled imap, or pop3, you can also try to log in with the "
18414
"commands <command>telnet localhost pop3</command> or <command>telnet "
18415
"localhost imap2</command>. If you see something like the following, the "
18416
"installation has been successful:"
18417
msgstr ""
18418
18419
#: serverguide/C/mail.xml:745(programlisting)
18420
#, no-wrap
18421
msgid ""
18422
"\n"
18423
"bhuvan@rainbow:~$ telnet localhost pop3\n"
18424
"Trying 127.0.0.1...\n"
18425
"Connected to localhost.localdomain.\n"
18426
"Escape character is '^]'.\n"
18427
"+OK Dovecot ready.\n"
18428
msgstr ""
18429
18430
#: serverguide/C/mail.xml:754(title)
18431
msgid "Dovecot SSL Configuration"
18432
msgstr ""
18433
18434
#: serverguide/C/mail.xml:755(para)
18435
msgid ""
18436
"To configure <application>dovecot</application> to use SSL, you can edit the "
18437
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
18438
"lines:"
18439
msgstr ""
18440
18441
#: serverguide/C/mail.xml:760(programlisting)
18442
#, no-wrap
18443
msgid ""
18444
"\n"
18445
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
18446
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
18447
"ssl_disable = no\n"
18448
"disable_plaintext_auth = no\n"
18449
msgstr ""
18450
18451
#: serverguide/C/mail.xml:766(para)
18452
msgid ""
18453
"You can get the SSL certificate from a Certificate Issuing Authority or you "
18454
"can create self signed SSL certificate. The latter is a good option for "
18455
"email, because SMTP clients rarely complain about \"self-signed "
18456
"certificates\". Please refer to <xref linkend=\"certificates-and-"
18457
"security\"/> for details about how to create self signed SSL certificate. "
18458
"Once you create the certificate, you will have a key file and a certificate "
18459
"file. Please copy them to the location pointed in the "
18460
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
18461
msgstr ""
18462
18463
#: serverguide/C/mail.xml:781(title)
18464
msgid "Firewall Configuration for an Email Server"
18465
msgstr ""
18466
18467
#: serverguide/C/mail.xml:787(para)
18468
msgid "IMAP - 143"
18469
msgstr "IMAP - 143"
18470
18471
#: serverguide/C/mail.xml:788(para)
18472
msgid "IMAPS - 993"
18473
msgstr ""
18474
18475
#: serverguide/C/mail.xml:789(para)
18476
msgid "POP3 - 110"
18477
msgstr "POP3 - 110"
18478
18479
#: serverguide/C/mail.xml:790(para)
18480
msgid "POP3S - 995"
18481
msgstr "POP3S - 995"
18482
18483
#: serverguide/C/mail.xml:782(para)
18484
msgid ""
18485
"To access your mail server from another computer, you must configure your "
18486
"firewall to allow connections to the server on the necessary ports. "
18487
"<placeholder-1/>"
18488
msgstr ""
18489
18490
#: serverguide/C/mail.xml:799(para)
18491
msgid ""
18492
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
18493
"more information."
18494
msgstr ""
18495
18496
#: serverguide/C/mail.xml:804(para)
18497
msgid ""
18498
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
18499
"Ubuntu Wiki</ulink> page has more details."
18500
msgstr ""
18501
18502
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
18503
msgid "Mailman"
18504
msgstr ""
18505
18506
#: serverguide/C/mail.xml:814(para)
18507
msgid ""
18508
"Mailman is an open source program for managing electronic mail discussions "
18509
"and e-newsletter lists. Many open source mailing lists (including all the "
18510
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
18511
"Mailman as their mailing list software. It is powerful and easy to install "
18512
"and maintain."
18513
msgstr ""
18514
18515
#: serverguide/C/mail.xml:824(para)
18516
msgid ""
18517
"Mailman provides a web interface for the administrators and users, using an "
18518
"external mail server to send and receive emails. It works perfectly with the "
18519
"following mail servers:"
18520
msgstr ""
18521
18522
#: serverguide/C/mail.xml:835(application)
18523
msgid "Exim"
18524
msgstr ""
18525
18526
#: serverguide/C/mail.xml:838(application)
18527
msgid "Sendmail"
18528
msgstr "Sendmail"
18529
18530
#: serverguide/C/mail.xml:841(application)
18531
msgid "Qmail"
18532
msgstr ""
18533
18534
#: serverguide/C/mail.xml:846(para)
18535
msgid ""
18536
"We will see how to install and configure Mailman with, the Apache web "
18537
"server, and either the Postfix or Exim mail server. If you wish to install "
18538
"Mailman with a different mail server, please refer to the references section."
18539
msgstr ""
18540
18541
#: serverguide/C/mail.xml:853(para)
18542
msgid ""
18543
"You only need to install one mail server and "
18544
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
18545
msgstr ""
18546
18547
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
18548
msgid "Apache2"
18549
msgstr "Apache2"
18550
18551
#: serverguide/C/mail.xml:859(para)
18552
msgid ""
18553
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
18554
"installation\">HTTPD Installation</ulink> section for details."
18555
msgstr ""
18556
18557
#: serverguide/C/mail.xml:867(para)
18558
msgid ""
18559
"For instructions on installing and configuring Postfix refer to <xref "
18560
"linkend=\"postfix\"/>"
18561
msgstr ""
18562
18563
#: serverguide/C/mail.xml:873(para)
18564
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
18565
msgstr ""
18566
18567
#: serverguide/C/mail.xml:884(application)
18568
msgid "dc_use_split_config='true'"
18569
msgstr ""
18570
18571
#: serverguide/C/mail.xml:876(para)
18572
msgid ""
18573
"Once exim4 is installed, the configuration files are stored in the "
18574
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
18575
"configuration files are split across different files. You can change this "
18576
"behavior by changing the following variable in the "
18577
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
18578
msgstr ""
18579
18580
#: serverguide/C/mail.xml:891(para)
18581
msgid ""
18582
"To install <application>Mailman</application>, run following command at a "
18583
"terminal prompt:"
18584
msgstr ""
18585
18586
#: serverguide/C/mail.xml:895(command)
18587
msgid "sudo apt-get install mailman"
18588
msgstr ""
18589
18590
#: serverguide/C/mail.xml:897(para)
18591
msgid ""
18592
"It copies the installation files in "
18593
"<application>/var/lib/mailman</application> directory. It installs the CGI "
18594
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
18595
"creates <emphasis>list</emphasis> linux user. It creates the "
18596
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
18597
"this user."
18598
msgstr ""
18599
18600
#: serverguide/C/mail.xml:909(para)
18601
msgid ""
18602
"This section assumes you have successfully installed "
18603
"<application>mailman</application>, <application>apache2</application>, and "
18604
"<application>postfix</application> or <application>exim4</application>. Now "
18605
"you just need to configure them."
18606
msgstr ""
18607
18608
#: serverguide/C/mail.xml:918(para)
18609
msgid ""
18610
"An example Apache configuration file comes with "
18611
"<application>Mailman</application> and is placed in "
18612
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
18613
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
18614
"available</filename>:"
18615
msgstr ""
18616
18617
#: serverguide/C/mail.xml:924(command)
18618
msgid ""
18619
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18620
msgstr ""
18621
18622
#: serverguide/C/mail.xml:926(para)
18623
msgid ""
18624
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
18625
"Mailman administration site. Now enable the new configuration and restart "
18626
"Apache:"
18627
msgstr ""
18628
18629
#: serverguide/C/mail.xml:931(command)
18630
msgid "sudo a2ensite mailman.conf"
18631
msgstr ""
18632
18633
#: serverguide/C/mail.xml:934(para)
18634
msgid ""
18635
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
18636
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
18637
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
18638
"can make changes to the <filename>/etc/apache2/sites-"
18639
"available/mailman.conf</filename> file if you wish to change this behavior."
18640
msgstr ""
18641
18642
#: serverguide/C/mail.xml:945(para)
18643
msgid ""
18644
"For <application>Postfix</application> integration, we will associate the "
18645
"domain lists.example.com with the mailing lists. Please replace "
18646
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
18647
msgstr ""
18648
18649
#: serverguide/C/mail.xml:949(para)
18650
msgid ""
18651
"You can use the postconf command to add the necessary configuration to "
18652
"<filename>/etc/postfix/main.cf</filename>:"
18653
msgstr ""
18654
18655
#: serverguide/C/mail.xml:953(command)
18656
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
18657
msgstr ""
18658
18659
#: serverguide/C/mail.xml:954(command)
18660
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18661
msgstr ""
18662
18663
#: serverguide/C/mail.xml:955(command)
18664
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18665
msgstr ""
18666
18667
#: serverguide/C/mail.xml:957(para)
18668
msgid ""
18669
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
18670
"the following transport:"
18671
msgstr ""
18672
18673
#: serverguide/C/mail.xml:960(programlisting)
18674
#, no-wrap
18675
msgid ""
18676
"\n"
18677
"mailman unix - n n - - pipe\n"
18678
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
18679
" ${nexthop} ${user}\n"
18680
msgstr ""
18681
18682
#: serverguide/C/mail.xml:965(para)
18683
msgid ""
18684
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
18685
"is delivered to a list."
18686
msgstr ""
18687
18688
#: serverguide/C/mail.xml:968(para)
18689
msgid ""
18690
"Associate the domain lists.example.com to the Mailman transport with the "
18691
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
18692
msgstr ""
18693
18694
#: serverguide/C/mail.xml:971(programlisting)
18695
#, no-wrap
18696
msgid ""
18697
"\n"
18698
"lists.example.com mailman:\n"
18699
msgstr ""
18700
18701
#: serverguide/C/mail.xml:974(para)
18702
msgid ""
18703
"Now have <application>Postfix</application> build the transport map by "
18704
"entering the following from a terminal prompt:"
18705
msgstr ""
18706
18707
#: serverguide/C/mail.xml:978(command)
18708
msgid "sudo postmap -v /etc/postfix/transport"
18709
msgstr ""
18710
18711
#: serverguide/C/mail.xml:980(para)
18712
msgid "Then restart Postfix to enable the new configurations:"
18713
msgstr ""
18714
18715
#: serverguide/C/mail.xml:989(para)
18716
msgid ""
18717
"Once Exim4 is installed, you can start the Exim server using the following "
18718
"command from a terminal prompt:"
18719
msgstr ""
18720
18721
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
18722
msgid "Main"
18723
msgstr ""
18724
18725
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
18726
msgid "Transport"
18727
msgstr ""
18728
18729
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
18730
msgid "Router"
18731
msgstr ""
18732
18733
#: serverguide/C/mail.xml:996(para)
18734
msgid ""
18735
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18736
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18737
"different types. For details, please refer to the <ulink "
18738
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
18739
"add new a configuration file to the following configuration types: "
18740
"<placeholder-1/> Exim creates a master configuration file by sorting all "
18741
"these mini configuration files. So, the order of these configuration files "
18742
"is very important."
18743
msgstr ""
18744
18745
#: serverguide/C/mail.xml:1027(programlisting)
18746
#, no-wrap
18747
msgid ""
18748
"\n"
18749
"# start\n"
18750
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18751
"# directory.\n"
18752
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18753
"# This is normally the same as ~mailman\n"
18754
"MM_HOME=/var/lib/mailman\n"
18755
"#\n"
18756
"# User and group for Mailman, should match your --with-mail-gid\n"
18757
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18758
"MM_UID=list\n"
18759
"MM_GID=list\n"
18760
"#\n"
18761
"# Domains that your lists are in - colon separated list\n"
18762
"# you may wish to add these into local_domains as well\n"
18763
"domainlist mm_domains=hostname.com\n"
18764
"#\n"
18765
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18766
"#\n"
18767
"# These values are derived from the ones above and should not need\n"
18768
"# editing unless you have munged your mailman installation\n"
18769
"#\n"
18770
"# The path of the Mailman mail wrapper script\n"
18771
"MM_WRAP=MM_HOME/mail/mailman\n"
18772
"#\n"
18773
"# The path of the list config file (used as a required file when\n"
18774
"# verifying list addresses)\n"
18775
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18776
"# end\n"
18777
msgstr ""
18778
18779
#: serverguide/C/mail.xml:1021(para)
18780
msgid ""
18781
"All the configuration files belonging to the main type are stored in the "
18782
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18783
"following content to a new file, named <filename>04_exim4-"
18784
"config_mailman</filename>: <placeholder-1/>"
18785
msgstr ""
18786
18787
#: serverguide/C/mail.xml:1067(programlisting)
18788
#, no-wrap
18789
msgid ""
18790
"\n"
18791
" mailman_transport:\n"
18792
" driver = pipe\n"
18793
" command = MM_WRAP \\\n"
18794
" '${if def:local_part_suffix \\\n"
18795
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18796
"\\\n"
18797
" {post}}' \\\n"
18798
" $local_part\n"
18799
" current_directory = MM_HOME\n"
18800
" home_directory = MM_HOME\n"
18801
" user = MM_UID\n"
18802
" group = MM_GID\n"
18803
msgstr ""
18804
18805
#: serverguide/C/mail.xml:1061(para)
18806
msgid ""
18807
"All the configuration files belonging to transport type are stored in the "
18808
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18809
"following content to a new file named <filename> 40_exim4-"
18810
"config_mailman</filename>: <placeholder-1/>"
18811
msgstr ""
18812
18813
#: serverguide/C/mail.xml:1088(programlisting)
18814
#, no-wrap
18815
msgid ""
18816
"\n"
18817
" mailman_router:\n"
18818
" driver = accept\n"
18819
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18820
" local_part_suffix_optional\n"
18821
" local_part_suffix = -bounces : -bounces+* : \\\n"
18822
" -confirm+* : -join : -leave : \\\n"
18823
" -owner : -request : -admin\n"
18824
" transport = mailman_transport\n"
18825
msgstr ""
18826
18827
#: serverguide/C/mail.xml:1084(para)
18828
msgid ""
18829
"All the configuration files belonging to router type are stored in the "
18830
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18831
"following content in to a new file named <filename>101_exim4-"
18832
"config_mailman</filename>: <placeholder-1/>"
18833
msgstr ""
18834
18835
#: serverguide/C/mail.xml:1101(para)
18836
msgid ""
18837
"The order of main and transport configuration files can be in any order. "
18838
"But, the order of router configuration files must be the same. This "
18839
"particular file must appear before the <application>200_exim4-"
18840
"config_primary</application> file. These two configuration files contain "
18841
"same type of information. The first file takes the precedence. For more "
18842
"details, please refer to the references section."
18843
msgstr ""
18844
18845
#: serverguide/C/mail.xml:1114(para)
18846
msgid ""
18847
"Once mailman is installed, you can run it using the following command:"
18848
msgstr ""
18849
18850
#: serverguide/C/mail.xml:1118(command)
18851
msgid "sudo /etc/init.d/mailman start"
18852
msgstr ""
18853
18854
#: serverguide/C/mail.xml:1120(para)
18855
msgid ""
18856
"Once mailman is installed, you should create the default mailing list. Run "
18857
"the following command to create the mailing list:"
18858
msgstr ""
18859
18860
#: serverguide/C/mail.xml:1126(command)
18861
msgid "sudo /usr/sbin/newlist mailman"
18862
msgstr ""
18863
18864
#: serverguide/C/mail.xml:1129(programlisting)
18865
#, no-wrap
18866
msgid ""
18867
"\n"
18868
" Enter the email address of the person running the list: bhuvan at "
18869
"ubuntu.com\n"
18870
" Initial mailman password:\n"
18871
" To finish creating your mailing list, you must edit your "
18872
"<filename>/etc/aliases</filename> (or\n"
18873
" equivalent) file by adding the following lines, and possibly running the\n"
18874
" `newaliases' program:\n"
18875
"\n"
18876
" ## mailman mailing list\n"
18877
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18878
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18879
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18880
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18881
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18882
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18883
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18884
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18885
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18886
"mailman\"\n"
18887
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18888
"mailman\"\n"
18889
"\n"
18890
" Hit enter to notify mailman owner...\n"
18891
"\n"
18892
" # \n"
18893
msgstr ""
18894
18895
#: serverguide/C/mail.xml:1152(para)
18896
msgid ""
18897
"We have configured either Postfix or Exim4 to recognize all emails from "
18898
"mailman. So, it is not mandatory to make any new entries in "
18899
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18900
"configuration files, please ensure that you restart those services before "
18901
"continuing to next section."
18902
msgstr ""
18903
18904
#: serverguide/C/mail.xml:1160(para)
18905
msgid ""
18906
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18907
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18908
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18909
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18910
msgstr ""
18911
18912
#: serverguide/C/mail.xml:1171(title)
18913
msgid "Administration"
18914
msgstr "Адміністрування"
18915
18916
#: serverguide/C/mail.xml:1172(para)
18917
msgid ""
18918
"We assume you have a default installation. The mailman cgi scripts are still "
18919
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18920
"Mailman provides a web based administration facility. To access this page, "
18921
"point your browser to the following url:"
18922
msgstr ""
18923
18924
#: serverguide/C/mail.xml:1180(para)
18925
msgid "http://hostname/cgi-bin/mailman/admin"
18926
msgstr ""
18927
18928
#: serverguide/C/mail.xml:1184(para)
18929
msgid ""
18930
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18931
"screen. If you click the mailing list name, it will ask for your "
18932
"authentication password. If you enter the correct password, you will be able "
18933
"to change administrative settings of this mailing list. You can create a new "
18934
"mailing list using the command line utility "
18935
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18936
"mailing list using the web interface."
18937
msgstr ""
18938
18939
#: serverguide/C/mail.xml:1197(title)
18940
msgid "Users"
18941
msgstr "Користувачі"
18942
18943
#: serverguide/C/mail.xml:1198(para)
18944
msgid ""
18945
"Mailman provides a web based interface for users. To access this page, point "
18946
"your browser to the following url:"
18947
msgstr ""
18948
18949
#: serverguide/C/mail.xml:1203(para)
18950
msgid "http://hostname/cgi-bin/mailman/listinfo"
18951
msgstr ""
18952
18953
#: serverguide/C/mail.xml:1207(para)
18954
msgid ""
18955
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18956
"screen. If you click the mailing list name, it will display the subscription "
18957
"form. You can enter your email address, name (optional), and password to "
18958
"subscribe. An email invitation will be sent to you. You can follow the "
18959
"instructions in the email to subscribe."
18960
msgstr ""
18961
18962
#: serverguide/C/mail.xml:1219(ulink)
18963
msgid "GNU Mailman - Installation Manual"
18964
msgstr ""
18965
18966
#: serverguide/C/mail.xml:1223(ulink)
18967
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18968
msgstr ""
18969
18970
#: serverguide/C/mail.xml:1226(para)
18971
msgid ""
18972
"Also, see the <ulink "
18973
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18974
"Wiki</ulink> page."
18975
msgstr ""
18976
18977
#: serverguide/C/mail.xml:1232(title)
18978
msgid "Mail Filtering"
18979
msgstr ""
18980
18981
#: serverguide/C/mail.xml:1233(para)
18982
msgid ""
18983
"One of the largest issues with email today is the problem of Unsolicited "
18984
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18985
"and other forms of malware. According to some reports these messages make up "
18986
"the bulk of all email traffic on the Internet."
18987
msgstr ""
18988
18989
#: serverguide/C/mail.xml:1238(para)
18990
msgid ""
18991
"This section will cover integrating <application>Amavisd-new</application>, "
18992
"<application>Spamassassin</application>, and "
18993
"<application>ClamAV</application> with the "
18994
"<application>Postfix</application> Mail Transport Agent (MTA). "
18995
"<application>Postfix</application> can also check email validity by passing "
18996
"it through external content filters. These filters can sometimes determine "
18997
"if a message is spam without needing to process it with more resource "
18998
"intensive applications. Two common filters are "
18999
"<application>opendkim</application> and <application>python-policyd-"
19000
"spf</application>."
19001
msgstr ""
19002
19003
#: serverguide/C/mail.xml:1248(para)
19004
msgid ""
19005
"<application>Amavisd-new</application> is a wrapper program that can call "
19006
"any number of content filtering programs for spam detection, antivirus, etc."
19007
msgstr ""
19008
19009
#: serverguide/C/mail.xml:1254(para)
19010
msgid ""
19011
"<application>Spamassassin</application> uses a variety of mechanisms to "
19012
"filter email based on the message content."
19013
msgstr ""
19014
19015
#: serverguide/C/mail.xml:1259(para)
19016
msgid ""
19017
"<application>ClamAV</application> is an open source antivirus application."
19018
msgstr ""
19019
19020
#: serverguide/C/mail.xml:1264(para)
19021
msgid ""
19022
"<application>opendkim</application> implements a Sendmail Mail Filter "
19023
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
19024
msgstr ""
19025
19026
#: serverguide/C/mail.xml:1270(para)
19027
msgid ""
19028
"<application>python-policyd-spf</application> enables Sender Policy "
19029
"Framework (SPF) checking with <application>Postfix</application>."
19030
msgstr ""
19031
19032
#: serverguide/C/mail.xml:1275(para)
19033
msgid "This is how the pieces fit together:"
19034
msgstr ""
19035
19036
#: serverguide/C/mail.xml:1280(para)
19037
msgid "An email message is accepted by <application>Postfix</application>."
19038
msgstr ""
19039
19040
#: serverguide/C/mail.xml:1285(para)
19041
msgid ""
19042
"The message is passed through any external filters "
19043
"<application>opendkim</application> and <application>python-policyd-"
19044
"spf</application> in this case."
19045
msgstr ""
19046
19047
#: serverguide/C/mail.xml:1291(para)
19048
msgid "<application>Amavisd-new</application> then processes the message."
19049
msgstr ""
19050
19051
#: serverguide/C/mail.xml:1296(para)
19052
msgid ""
19053
"<application>ClamAV</application> is used to scan the message. If the "
19054
"message contains a virus <application>Postfix</application> will reject the "
19055
"message."
19056
msgstr ""
19057
19058
#: serverguide/C/mail.xml:1302(para)
19059
msgid ""
19060
"Clean messages will then be analyzed by "
19061
"<application>Spamassassin</application> to find out if the message is spam. "
19062
"<application>Spamassassin</application> will then add X-Header lines "
19063
"allowing <application>Amavisd-new</application> to further manipulate the "
19064
"message."
19065
msgstr ""
19066
19067
#: serverguide/C/mail.xml:1309(para)
19068
msgid ""
19069
"For example, if a message has a Spam score of over fifty the message could "
19070
"be automatically dropped from the queue without the recipient ever having to "
19071
"be bothered. Another, way to handle flagged messages is to deliver them to "
19072
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
19073
"see fit."
19074
msgstr ""
19075
19076
#: serverguide/C/mail.xml:1316(para)
19077
msgid ""
19078
"See <xref linkend=\"postfix\"/> for instructions on installing and "
19079
"configuring Postfix."
19080
msgstr ""
19081
19082
#: serverguide/C/mail.xml:1319(para)
19083
msgid ""
19084
"To install the rest of the applications enter the following from a terminal "
19085
"prompt:"
19086
msgstr ""
19087
19088
#: serverguide/C/mail.xml:1323(command)
19089
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
19090
msgstr ""
19091
19092
#: serverguide/C/mail.xml:1324(command)
19093
msgid "sudo apt-get install opendkim python-policyd-spf"
19094
msgstr ""
19095
19096
#: serverguide/C/mail.xml:1326(para)
19097
msgid ""
19098
"There are some optional packages that integrate with "
19099
"<application>Spamassassin</application> for better spam detection:"
19100
msgstr ""
19101
19102
#: serverguide/C/mail.xml:1330(command)
19103
msgid "sudo apt-get install pyzor razor"
19104
msgstr ""
19105
19106
#: serverguide/C/mail.xml:1332(para)
19107
msgid ""
19108
"Along with the main filtering applications compression utilities are needed "
19109
"to process some email attachments:"
19110
msgstr ""
19111
19112
#: serverguide/C/mail.xml:1336(command)
19113
msgid ""
19114
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
19115
msgstr ""
19116
19117
#: serverguide/C/mail.xml:1339(para)
19118
msgid ""
19119
"If some packages are not found, check that the "
19120
"<emphasis>multiverse</emphasis> repository is enabled in "
19121
"<filename>/etc/apt/sources.list</filename>"
19122
msgstr ""
19123
19124
#: serverguide/C/mail.xml:1340(para)
19125
msgid ""
19126
"If you make changes to the file, be sure to run <command>sudo apt-get "
19127
"update</command> before trying to install again."
19128
msgstr ""
19129
19130
#: serverguide/C/mail.xml:1345(para)
19131
msgid "Now configure everything to work together and filter email."
19132
msgstr ""
19133
19134
#: serverguide/C/mail.xml:1349(title)
19135
msgid "ClamAV"
19136
msgstr ""
19137
19138
#: serverguide/C/mail.xml:1350(para)
19139
msgid ""
19140
"The default behaviour of <application>ClamAV</application> will fit our "
19141
"needs. For more ClamAV configuration options, check the configuration files "
19142
"in <filename>/etc/clamav</filename>."
19143
msgstr ""
19144
19145
#: serverguide/C/mail.xml:1355(para)
19146
msgid ""
19147
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
19148
"group in order for <application>Amavisd-new</application> to have the "
19149
"appropriate access to scan files:"
19150
msgstr ""
19151
19152
#: serverguide/C/mail.xml:1360(command)
19153
msgid "sudo adduser clamav amavis"
19154
msgstr ""
19155
19156
#: serverguide/C/mail.xml:1364(title)
19157
msgid "Spamassassin"
19158
msgstr "Spamassassin"
19159
19160
#: serverguide/C/mail.xml:1365(para)
19161
msgid ""
19162
"Spamassassin automatically detects optional components and will use them if "
19163
"they are present. This means that there is no need to configure "
19164
"<application>pyzor</application> and <application>razor</application>."
19165
msgstr ""
19166
19167
#: serverguide/C/mail.xml:1369(para)
19168
msgid ""
19169
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
19170
"<application>Spamassassin</application> daemon. Change "
19171
"<emphasis>ENABLED=0</emphasis> to:"
19172
msgstr ""
19173
19174
#: serverguide/C/mail.xml:1373(programlisting)
19175
#, no-wrap
19176
msgid ""
19177
"\n"
19178
"ENABLED=1\n"
19179
msgstr ""
19180
19181
#: serverguide/C/mail.xml:1376(para)
19182
msgid "Now start the daemon:"
19183
msgstr ""
19184
19185
#: serverguide/C/mail.xml:1380(command)
19186
msgid "sudo /etc/init.d/spamassassin start"
19187
msgstr ""
19188
19189
#: serverguide/C/mail.xml:1384(title)
19190
msgid "Amavisd-new"
19191
msgstr ""
19192
19193
#: serverguide/C/mail.xml:1385(para)
19194
msgid ""
19195
"First activate spam and antivirus detection in <application>Amavisd-"
19196
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
19197
"content_filter_mode</filename>:"
19198
msgstr ""
19199
19200
#: serverguide/C/mail.xml:1389(programlisting)
19201
#, no-wrap
19202
msgid ""
19203
"\n"
19204
"use strict;\n"
19205
"\n"
19206
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
19207
"# and to re-enable antivirus checking.\n"
19208
"\n"
19209
"#\n"
19210
"# Default antivirus checking mode\n"
19211
"# Uncomment the two lines below to enable it\n"
19212
"#\n"
19213
"\n"
19214
"@bypass_virus_checks_maps = (\n"
19215
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
19216
"$bypass_virus_checks_re);\n"
19217
"\n"
19218
"\n"
19219
"#\n"
19220
"# Default SPAM checking mode\n"
19221
"# Uncomment the two lines below to enable it\n"
19222
"#\n"
19223
"\n"
19224
"@bypass_spam_checks_maps = (\n"
19225
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
19226
"$bypass_spam_checks_re);\n"
19227
"\n"
19228
"1; # insure a defined return\n"
19229
msgstr ""
19230
19231
#: serverguide/C/mail.xml:1414(para)
19232
msgid ""
19233
"Bouncing spam can be a bad idea as the return address is often faked. "
19234
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
19235
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
19236
"D_BOUNCE, as follows:"
19237
msgstr ""
19238
19239
#: serverguide/C/mail.xml:1420(programlisting)
19240
#, no-wrap
19241
msgid ""
19242
"\n"
19243
"$final_spam_destiny = D_DISCARD;\n"
19244
msgstr ""
19245
19246
#: serverguide/C/mail.xml:1424(para)
19247
msgid ""
19248
"Additionally, you may want to adjust the following options to flag more "
19249
"messages as spam:"
19250
msgstr ""
19251
19252
#: serverguide/C/mail.xml:1428(programlisting)
19253
#, no-wrap
19254
msgid ""
19255
"\n"
19256
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
19257
"level\n"
19258
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
19259
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
19260
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
19261
msgstr ""
19262
19263
#: serverguide/C/mail.xml:1435(para)
19264
msgid ""
19265
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
19266
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
19267
"option. Also, if the server receives mail for multiple domains the "
19268
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
19269
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
19270
msgstr ""
19271
19272
#: serverguide/C/mail.xml:1442(programlisting)
19273
#, no-wrap
19274
msgid ""
19275
"\n"
19276
"$myhostname = 'mail.example.com';\n"
19277
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
19278
msgstr ""
19279
19280
#: serverguide/C/mail.xml:1447(para)
19281
msgid ""
19282
"After configuration <application>Amavisd-new</application> needs to be "
19283
"restarted:"
19284
msgstr ""
19285
19286
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
19287
msgid "sudo /etc/init.d/amavis restart"
19288
msgstr ""
19289
19290
#: serverguide/C/mail.xml:1454(title)
19291
msgid "DKIM Whitelist"
19292
msgstr ""
19293
19294
#: serverguide/C/mail.xml:1456(para)
19295
msgid ""
19296
"<application>Amavisd-new</application> can be configured to automatically "
19297
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
19298
"Keys. There are some pre-configured domains in the "
19299
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
19300
msgstr ""
19301
19302
#: serverguide/C/mail.xml:1462(para)
19303
msgid "There are multiple ways to configure the Whitelist for a domain:"
19304
msgstr ""
19305
19306
#: serverguide/C/mail.xml:1468(para)
19307
msgid ""
19308
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19309
"address from the \"example.com\" domain."
19310
msgstr ""
19311
19312
#: serverguide/C/mail.xml:1473(para)
19313
msgid ""
19314
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19315
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
19316
"have a valid signature."
19317
msgstr ""
19318
19319
#: serverguide/C/mail.xml:1479(para)
19320
msgid ""
19321
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
19322
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
19323
"role=\"italic\">example.com</emphasis> the parent domain."
19324
msgstr ""
19325
19326
#: serverguide/C/mail.xml:1485(para)
19327
msgid ""
19328
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
19329
"that have a valid signature from \"example.com\". This is usually used for "
19330
"discussion groups that sign their messages."
19331
msgstr ""
19332
19333
#: serverguide/C/mail.xml:1492(para)
19334
msgid ""
19335
"A domain can also have multiple Whitelist configurations. After, editing the "
19336
"file restart <application>amaisd-new</application>:"
19337
msgstr ""
19338
19339
#: serverguide/C/mail.xml:1501(para)
19340
msgid ""
19341
"In this context, once a domain has been added to the Whitelist the message "
19342
"will not receive any anti-virus or spam filtering. This may or may not be "
19343
"the intended behavior you wish for a domain."
19344
msgstr ""
19345
19346
#: serverguide/C/mail.xml:1511(para)
19347
msgid ""
19348
"For <application>Postfix</application> integration, enter the following from "
19349
"a terminal prompt:"
19350
msgstr ""
19351
19352
#: serverguide/C/mail.xml:1515(command)
19353
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
19354
msgstr ""
19355
19356
#: serverguide/C/mail.xml:1517(para)
19357
msgid ""
19358
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
19359
"to the end of the file:"
19360
msgstr ""
19361
19362
#: serverguide/C/mail.xml:1520(programlisting)
19363
#, no-wrap
19364
msgid ""
19365
"\n"
19366
"smtp-amavis unix - - - - 2 smtp\n"
19367
" -o smtp_data_done_timeout=1200\n"
19368
" -o smtp_send_xforward_command=yes\n"
19369
" -o disable_dns_lookups=yes\n"
19370
" -o max_use=20\n"
19371
"\n"
19372
"127.0.0.1:10025 inet n - - - - smtpd\n"
19373
" -o content_filter=\n"
19374
" -o local_recipient_maps=\n"
19375
" -o relay_recipient_maps=\n"
19376
" -o smtpd_restriction_classes=\n"
19377
" -o smtpd_delay_reject=no\n"
19378
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
19379
" -o smtpd_helo_restrictions=\n"
19380
" -o smtpd_sender_restrictions=\n"
19381
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
19382
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
19383
" -o smtpd_end_of_data_restrictions=\n"
19384
" -o mynetworks=127.0.0.0/8\n"
19385
" -o smtpd_error_sleep_time=0\n"
19386
" -o smtpd_soft_error_limit=1001\n"
19387
" -o smtpd_hard_error_limit=1000\n"
19388
" -o smtpd_client_connection_count_limit=0\n"
19389
" -o smtpd_client_connection_rate_limit=0\n"
19390
" -o "
19391
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
19392
msgstr ""
19393
19394
#: serverguide/C/mail.xml:1547(para)
19395
msgid ""
19396
"Also add the following two lines immediately below the "
19397
"<emphasis>\"pickup\"</emphasis> transport service:"
19398
msgstr ""
19399
19400
#: serverguide/C/mail.xml:1550(programlisting)
19401
#, no-wrap
19402
msgid ""
19403
"\n"
19404
" -o content_filter=\n"
19405
" -o receive_override_options=no_header_body_checks\n"
19406
msgstr ""
19407
19408
#: serverguide/C/mail.xml:1554(para)
19409
msgid ""
19410
"This will prevent messages that are generated to report on spam from being "
19411
"classified as spam."
19412
msgstr ""
19413
19414
#: serverguide/C/mail.xml:1557(para)
19415
msgid "Now restart <application>Postfix</application>:"
19416
msgstr ""
19417
19418
#: serverguide/C/mail.xml:1563(para)
19419
msgid "Content filtering with spam and virus detection is now enabled."
19420
msgstr ""
19421
19422
#: serverguide/C/mail.xml:1569(title)
19423
msgid "Amavisd-new and Spamassassin"
19424
msgstr ""
19425
19426
#: serverguide/C/mail.xml:1571(para)
19427
msgid ""
19428
"When integrating <application>Amavisd-new</application> with "
19429
"<application>Spamassassin</application>, if you choose to disable the bayes "
19430
"filtering by editing <filename>/etc/spamassassin/local.cf</filename> and use "
19431
"<application>cron</application> to update the nightly rules, the result can "
19432
"cause a situation where a large amount of error messages are sent to the "
19433
"<emphasis>amavis</emphasis> user via the amavisd-new "
19434
"<application>cron</application> job."
19435
msgstr ""
19436
19437
#: serverguide/C/mail.xml:1578(para)
19438
msgid "There are several ways to handle this situation:"
19439
msgstr ""
19440
19441
#: serverguide/C/mail.xml:1584(para)
19442
msgid "Configure your MDA to filter messages you do not wish to see."
19443
msgstr ""
19444
19445
#: serverguide/C/mail.xml:1589(para)
19446
msgid ""
19447
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
19448
"<emphasis>use_bayes 0</emphasis>. For example, edit "
19449
"<filename>/usr/sbin/amavisd-new-cronjob</filename> and add the following to "
19450
"the top before the <emphasis>test</emphasis> statements:"
19451
msgstr ""
19452
19453
#: serverguide/C/mail.xml:1593(programlisting)
19454
#, no-wrap
19455
msgid ""
19456
"\n"
19457
"egrep -q \"^[ \\t]*use_bayes[ \\t]*0\" /etc/spamassassin/local.cf && "
19458
"exit 0\n"
19459
msgstr ""
19460
19461
#: serverguide/C/mail.xml:1603(para)
19462
msgid ""
19463
"First, test that the <application>Amavisd-new</application> SMTP is "
19464
"listening:"
19465
msgstr ""
19466
19467
#: serverguide/C/mail.xml:1606(programlisting)
19468
#, no-wrap
19469
msgid ""
19470
"\n"
19471
"telnet localhost 10024\n"
19472
"Trying 127.0.0.1...\n"
19473
"Connected to localhost.\n"
19474
"Escape character is '^]'.\n"
19475
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
19476
"^]\n"
19477
msgstr ""
19478
19479
#: serverguide/C/mail.xml:1614(para)
19480
msgid ""
19481
"In the Header of messages that go through the content filter you should see:"
19482
msgstr ""
19483
19484
#: serverguide/C/mail.xml:1617(programlisting)
19485
#, no-wrap
19486
msgid ""
19487
"\n"
19488
"X-Spam-Level: \n"
19489
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
19490
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
19491
"BAYES_00\n"
19492
"X-Spam-Level: \n"
19493
msgstr ""
19494
19495
#: serverguide/C/mail.xml:1624(para)
19496
msgid ""
19497
"Your output will vary, but the important thing is that there are <emphasis>X-"
19498
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
19499
msgstr ""
19500
19501
#: serverguide/C/mail.xml:1632(para)
19502
msgid ""
19503
"The best way to figure out why something is going wrong is to check the log "
19504
"files."
19505
msgstr ""
19506
19507
#: serverguide/C/mail.xml:1637(para)
19508
msgid ""
19509
"For instructions on <application>Postfix</application> logging see the <xref "
19510
"linkend=\"postfix-troubleshooting\"/> section."
19511
msgstr ""
19512
19513
#: serverguide/C/mail.xml:1643(para)
19514
msgid ""
19515
"<application>Amavisd-new</application> uses "
19516
"<application>Syslog</application> to send messages to "
19517
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
19518
"increased by adding the <emphasis>$log_level</emphasis> option to "
19519
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
19520
"1 to 5."
19521
msgstr ""
19522
19523
#: serverguide/C/mail.xml:1648(programlisting)
19524
#, no-wrap
19525
msgid ""
19526
"\n"
19527
"$log_level = 2;\n"
19528
msgstr ""
19529
19530
#: serverguide/C/mail.xml:1652(para)
19531
msgid ""
19532
"When the <application>Amavisd-new</application> log output is increased "
19533
"<application>Spamassassin</application> log output is also increased."
19534
msgstr ""
19535
19536
#: serverguide/C/mail.xml:1659(para)
19537
msgid ""
19538
"The <application>ClamAV</application> log level can be increased by editing "
19539
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
19540
msgstr ""
19541
19542
#: serverguide/C/mail.xml:1663(programlisting)
19543
#, no-wrap
19544
msgid ""
19545
"\n"
19546
"LogVerbose true\n"
19547
msgstr ""
19548
19549
#: serverguide/C/mail.xml:1666(para)
19550
msgid ""
19551
"By default <application>ClamAV</application> will send log messages to "
19552
"<filename>/var/log/clamav/clamav.log</filename>."
19553
msgstr ""
19554
19555
#: serverguide/C/mail.xml:1672(para)
19556
msgid ""
19557
"After changing an applications log settings remember to restart the service "
19558
"for the new settings to take affect. Also, once the issue you are "
19559
"troubleshooting is resolved it is a good idea to change the log settings "
19560
"back to normal."
19561
msgstr ""
19562
19563
#: serverguide/C/mail.xml:1680(para)
19564
msgid "For more information on filtering mail see the following links:"
19565
msgstr ""
19566
19567
#: serverguide/C/mail.xml:1686(ulink)
19568
msgid "Amavisd-new Documentation"
19569
msgstr ""
19570
19571
#: serverguide/C/mail.xml:1690(para)
19572
msgid ""
19573
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
19574
"Documentation</ulink> and <ulink "
19575
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
19576
msgstr ""
19577
19578
#: serverguide/C/mail.xml:1697(ulink)
19579
msgid "Spamassassin Wiki"
19580
msgstr ""
19581
19582
#: serverguide/C/mail.xml:1702(ulink)
19583
msgid "Pyzor Homepage"
19584
msgstr ""
19585
19586
#: serverguide/C/mail.xml:1707(ulink)
19587
msgid "Razor Homepage"
19588
msgstr ""
19589
19590
#: serverguide/C/mail.xml:1712(ulink)
19591
msgid "DKIM.org"
19592
msgstr ""
19593
19594
#: serverguide/C/mail.xml:1717(ulink)
19595
msgid "Postfix Amavis New"
19596
msgstr ""
19597
19598
#: serverguide/C/mail.xml:1721(para)
19599
msgid ""
19600
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
19601
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
19602
msgstr ""
19603
19604
#: serverguide/C/lamp-applications.xml:13(title)
19605
msgid "LAMP Applications"
19606
msgstr ""
19607
19608
#: serverguide/C/lamp-applications.xml:19(para)
19609
msgid ""
19610
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
19611
"Ubuntu servers. There is a plethora of Open Source applications written "
19612
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
19613
"Content Management Systems, and Management Software such as phpMyAdmin."
19614
msgstr ""
19615
19616
#: serverguide/C/lamp-applications.xml:26(para)
19617
msgid ""
19618
"One advantage of LAMP is the substantial flexibility for different database, "
19619
"web server, and scripting languages. Popular substitutes for MySQL include "
19620
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
19621
"instead of PHP."
19622
msgstr ""
19623
19624
#: serverguide/C/lamp-applications.xml:32(para)
19625
msgid ""
19626
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
19627
"is:"
19628
msgstr ""
19629
19630
#: serverguide/C/lamp-applications.xml:38(para)
19631
msgid "Download an archive containing the application source files."
19632
msgstr ""
19633
19634
#: serverguide/C/lamp-applications.xml:43(para)
19635
msgid ""
19636
"Unpack the archive, usually in a directory accessible to a web server."
19637
msgstr ""
19638
19639
#: serverguide/C/lamp-applications.xml:48(para)
19640
msgid ""
19641
"Depending on where the source was extracted, configure a web server to serve "
19642
"the files."
19643
msgstr ""
19644
19645
#: serverguide/C/lamp-applications.xml:53(para)
19646
msgid "Configure the application to connect to the database."
19647
msgstr ""
19648
19649
#: serverguide/C/lamp-applications.xml:58(para)
19650
msgid ""
19651
"Run a script, or browse to a page of the application, to install the "
19652
"database needed by the application."
19653
msgstr ""
19654
19655
#: serverguide/C/lamp-applications.xml:63(para)
19656
msgid ""
19657
"Once the steps above, or similar steps, are completed you are ready to begin "
19658
"using the application."
19659
msgstr ""
19660
19661
#: serverguide/C/lamp-applications.xml:69(para)
19662
msgid ""
19663
"A disadvantage of using this approach is that the application files are not "
19664
"placed in the file system in a standard way, which can cause confusion as to "
19665
"where the application is installed. Another larger disadvantage is updating "
19666
"the application. When a new version is released, the same process used to "
19667
"install the application is needed to apply updates."
19668
msgstr ""
19669
19670
#: serverguide/C/lamp-applications.xml:76(para)
19671
msgid ""
19672
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19673
"packaged for Ubuntu, and are available for installation in the same way as "
19674
"non-LAMP applications. Depending on the application some extra configuration "
19675
"and setup steps may be needed, however."
19676
msgstr ""
19677
19678
#: serverguide/C/lamp-applications.xml:82(para)
19679
msgid ""
19680
"This section covers howto install and configure the Wiki applications "
19681
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19682
"and the MySQL management application <application>phpMyAdmin</application>."
19683
msgstr ""
19684
19685
#: serverguide/C/lamp-applications.xml:88(para)
19686
msgid ""
19687
"A Wiki is a website that allows the visitors to easily add, remove and "
19688
"modify available content easily. The ease of interaction and operation makes "
19689
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
19690
"also referred to the collaborative software."
19691
msgstr ""
19692
19693
#: serverguide/C/lamp-applications.xml:100(title)
19694
msgid "Moin Moin"
19695
msgstr ""
19696
19697
#: serverguide/C/lamp-applications.xml:102(para)
19698
msgid ""
19699
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19700
"engine, and licensed under the GNU GPL."
19701
msgstr ""
19702
19703
#: serverguide/C/lamp-applications.xml:110(para)
19704
msgid ""
19705
"To install <application>MoinMoin</application>, run the following command in "
19706
"the command prompt:"
19707
msgstr ""
19708
19709
#: serverguide/C/lamp-applications.xml:116(command)
19710
msgid "sudo apt-get install python-moinmoin"
19711
msgstr ""
19712
19713
#: serverguide/C/lamp-applications.xml:119(para)
19714
msgid ""
19715
"You should also install <application>apache2</application> web server. For "
19716
"installing <application>apache2</application> web server, please refer to "
19717
"<xref linkend=\"http-installation\"/> sub-section in <xref "
19718
"linkend=\"httpd\"/> section."
19719
msgstr ""
19720
19721
#: serverguide/C/lamp-applications.xml:130(para)
19722
msgid ""
19723
"For configuring your first Wiki application, please run the following set of "
19724
"commands. Let us assume that you are creating a Wiki named "
19725
"<emphasis>mywiki</emphasis>:"
19726
msgstr ""
19727
19728
#: serverguide/C/lamp-applications.xml:137(command)
19729
msgid "cd /usr/share/moin"
19730
msgstr ""
19731
19732
#: serverguide/C/lamp-applications.xml:138(command)
19733
msgid "sudo mkdir mywiki"
19734
msgstr ""
19735
19736
#: serverguide/C/lamp-applications.xml:139(command)
19737
msgid "sudo cp -R data mywiki"
19738
msgstr ""
19739
19740
#: serverguide/C/lamp-applications.xml:140(command)
19741
msgid "sudo cp -R underlay mywiki"
19742
msgstr ""
19743
19744
#: serverguide/C/lamp-applications.xml:141(command)
19745
msgid "sudo cp server/moin.cgi mywiki"
19746
msgstr ""
19747
19748
#: serverguide/C/lamp-applications.xml:142(command)
19749
msgid "sudo chown -R www-data.www-data mywiki"
19750
msgstr ""
19751
19752
#: serverguide/C/lamp-applications.xml:143(command)
19753
msgid "sudo chmod -R ug+rwX mywiki"
19754
msgstr ""
19755
19756
#: serverguide/C/lamp-applications.xml:144(command)
19757
msgid "sudo chmod -R o-rwx mywiki"
19758
msgstr ""
19759
19760
#: serverguide/C/lamp-applications.xml:147(para)
19761
msgid ""
19762
"Now you should configure <application>MoinMoin</application> to find your "
19763
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19764
"<application>MoinMoin</application>, open "
19765
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19766
msgstr ""
19767
19768
#: serverguide/C/lamp-applications.xml:155(programlisting)
19769
#, no-wrap
19770
msgid "data_dir = '/org/mywiki/data'"
19771
msgstr "data_dir = '/org/mywiki/data'"
19772
19773
#: serverguide/C/lamp-applications.xml:157(para)
19774
msgid "to"
19775
msgstr "на"
19776
19777
#: serverguide/C/lamp-applications.xml:161(programlisting)
19778
#, no-wrap
19779
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19780
msgstr "data_dir = '/usr/share/moin/mywiki/data'"
19781
19782
#: serverguide/C/lamp-applications.xml:163(para)
19783
msgid ""
19784
"Also, below the <emphasis>data_dir</emphasis> option add the "
19785
"<emphasis>data_underlay_dir</emphasis>:"
19786
msgstr ""
19787
19788
#: serverguide/C/lamp-applications.xml:167(programlisting)
19789
#, no-wrap
19790
msgid ""
19791
"\n"
19792
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19793
msgstr ""
19794
19795
#: serverguide/C/lamp-applications.xml:172(para)
19796
msgid ""
19797
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19798
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19799
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19800
"change."
19801
msgstr ""
19802
19803
#: serverguide/C/lamp-applications.xml:181(para)
19804
msgid ""
19805
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19806
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19807
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19808
"<quote>(\"mywiki\", r\".*\")</quote>."
19809
msgstr ""
19810
19811
#: serverguide/C/lamp-applications.xml:189(para)
19812
msgid ""
19813
"Once you have configured <application>MoinMoin</application> to find your "
19814
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19815
"<application>apache2</application> and make it ready for your Wiki "
19816
"application."
19817
msgstr ""
19818
19819
#: serverguide/C/lamp-applications.xml:196(para)
19820
msgid ""
19821
"You should add the following lines in <filename>/etc/apache2/sites-"
19822
"available/default</filename> file inside the <quote><VirtualHost "
19823
"*></quote> tag:"
19824
msgstr ""
19825
19826
#: serverguide/C/lamp-applications.xml:202(programlisting)
19827
#, no-wrap
19828
msgid ""
19829
"\n"
19830
"### moin\n"
19831
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19832
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19833
" <Directory /usr/share/moin/htdocs>\n"
19834
" Order allow,deny\n"
19835
" allow from all\n"
19836
" </Directory>\n"
19837
"### end moin\n"
19838
msgstr ""
19839
19840
#: serverguide/C/lamp-applications.xml:214(para)
19841
msgid ""
19842
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19843
"<emphasis>alias</emphasis> line above, to the "
19844
"<application>moinmoin</application> version installed."
19845
msgstr ""
19846
19847
#: serverguide/C/lamp-applications.xml:220(para)
19848
msgid ""
19849
"Once you configure the <application>apache2</application> web server and "
19850
"make it ready for your Wiki application, you should restart it. You can run "
19851
"the following command to restart the <application>apache2</application> web "
19852
"server:"
19853
msgstr ""
19854
19855
#: serverguide/C/lamp-applications.xml:233(title)
19856
msgid "Verification"
19857
msgstr "Перевірка"
19858
19859
#: serverguide/C/lamp-applications.xml:235(para)
19860
msgid ""
19861
"You can verify the Wiki application and see if it works by pointing your web "
19862
"browser to the following URL:"
19863
msgstr ""
19864
19865
#: serverguide/C/lamp-applications.xml:239(programlisting)
19866
#, no-wrap
19867
msgid ""
19868
"\n"
19869
"http://localhost/mywiki\n"
19870
msgstr ""
19871
19872
#: serverguide/C/lamp-applications.xml:243(para)
19873
msgid ""
19874
"You can also run the test command by pointing your web browser to the "
19875
"following URL:"
19876
msgstr ""
19877
19878
#: serverguide/C/lamp-applications.xml:248(programlisting)
19879
#, no-wrap
19880
msgid ""
19881
"\n"
19882
"http://localhost/mywiki?action=test\n"
19883
msgstr ""
19884
19885
#: serverguide/C/lamp-applications.xml:252(para)
19886
msgid ""
19887
"For more details, please refer to the <ulink "
19888
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19889
msgstr ""
19890
19891
#: serverguide/C/lamp-applications.xml:263(para)
19892
msgid ""
19893
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19894
"Wiki</ulink>."
19895
msgstr ""
19896
19897
#: serverguide/C/lamp-applications.xml:268(para)
19898
msgid ""
19899
"Also, see the <ulink "
19900
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19901
"MoinMoin</ulink> page."
19902
msgstr ""
19903
19904
#: serverguide/C/lamp-applications.xml:277(title)
19905
msgid "MediaWiki"
19906
msgstr "MediaWiki"
19907
19908
#: serverguide/C/lamp-applications.xml:279(para)
19909
msgid ""
19910
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19911
"either use <application>MySQL</application> or "
19912
"<application>PostgreSQL</application> Database Management System."
19913
msgstr ""
19914
19915
#: serverguide/C/lamp-applications.xml:289(para)
19916
msgid ""
19917
"Before installing <application>MediaWiki</application> you should also "
19918
"install <application>Apache2</application>, the "
19919
"<application>PHP5</application> scripting language and Database a Management "
19920
"System. <application>MySQL</application> or "
19921
"<application>PostgreSQL</application> are the most common, choose one "
19922
"depending on your need. Please refer to those sections in this manual for "
19923
"installation instructions."
19924
msgstr ""
19925
19926
#: serverguide/C/lamp-applications.xml:297(para)
19927
msgid ""
19928
"To install <application>MediaWiki</application>, run the following command "
19929
"in the command prompt:"
19930
msgstr ""
19931
19932
#: serverguide/C/lamp-applications.xml:303(command)
19933
msgid "sudo apt-get install mediawiki php5-gd"
19934
msgstr ""
19935
19936
#: serverguide/C/lamp-applications.xml:306(para)
19937
msgid ""
19938
"For additional <application>MediaWiki</application> functionality see the "
19939
"<application>mediawiki-extensions</application> package."
19940
msgstr ""
19941
19942
#: serverguide/C/lamp-applications.xml:316(para)
19943
msgid ""
19944
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19945
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19946
"directory. You should uncomment the following line in this file to access "
19947
"MediaWiki application."
19948
msgstr ""
19949
19950
#: serverguide/C/lamp-applications.xml:324(screen)
19951
#, no-wrap
19952
msgid ""
19953
"\n"
19954
"# Alias /mediawiki /var/lib/mediawiki\n"
19955
msgstr ""
19956
19957
#: serverguide/C/lamp-applications.xml:328(para)
19958
msgid ""
19959
"After you uncomment the above line, restart Apache server and access "
19960
"MediaWiki using the following url:"
19961
msgstr ""
19962
19963
#: serverguide/C/lamp-applications.xml:333(programlisting)
19964
#, no-wrap
19965
msgid ""
19966
"\n"
19967
"http://localhost/mediawiki/config/index.php\n"
19968
msgstr ""
19969
19970
#: serverguide/C/lamp-applications.xml:338(para)
19971
msgid ""
19972
"Please read the <quote>Checking environment...</quote> section in this page. "
19973
"You should be able to fix many issues by carefully reading this section."
19974
msgstr ""
19975
19976
#: serverguide/C/lamp-applications.xml:345(para)
19977
msgid ""
19978
"Once the configuration is complete, you should copy the "
19979
"<filename>LocalSettings.php</filename> file to "
19980
"<filename>/etc/mediawiki</filename> directory:"
19981
msgstr ""
19982
19983
#: serverguide/C/lamp-applications.xml:352(command)
19984
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19985
msgstr ""
19986
19987
#: serverguide/C/lamp-applications.xml:355(para)
19988
msgid ""
19989
"You may also want to edit "
19990
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19991
msgstr ""
19992
19993
#: serverguide/C/lamp-applications.xml:360(programlisting)
19994
#, no-wrap
19995
msgid ""
19996
"\n"
19997
"ini_set( 'memory_limit', '64M' );\n"
19998
msgstr ""
19999
20000
#: serverguide/C/lamp-applications.xml:367(title)
20001
msgid "Extensions"
20002
msgstr "Розширення"
20003
20004
#: serverguide/C/lamp-applications.xml:368(para)
20005
msgid ""
20006
"The extensions add new features and enhancements for the MediaWiki "
20007
"application. The extensions give wiki administrators and end users the "
20008
"ability to customize MediaWiki to their requirements."
20009
msgstr ""
20010
20011
#: serverguide/C/lamp-applications.xml:374(para)
20012
msgid ""
20013
"You can download MediaWiki extensions as an archive file or checkout from "
20014
"the Subversion repository. You should copy it to "
20015
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
20016
"also add the following line at the end of file: "
20017
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
20018
msgstr ""
20019
20020
#: serverguide/C/lamp-applications.xml:382(programlisting)
20021
#, no-wrap
20022
msgid ""
20023
"\n"
20024
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
20025
msgstr ""
20026
20027
#: serverguide/C/lamp-applications.xml:392(para)
20028
msgid ""
20029
"For more details, please refer to the <ulink "
20030
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
20031
msgstr ""
20032
20033
#: serverguide/C/lamp-applications.xml:398(para)
20034
msgid ""
20035
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
20036
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
20037
"new MediaWiki administrators."
20038
msgstr ""
20039
20040
#: serverguide/C/lamp-applications.xml:404(para)
20041
msgid ""
20042
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
20043
"Wiki MediaWiki</ulink> page is a good resource."
20044
msgstr ""
20045
20046
#: serverguide/C/lamp-applications.xml:414(title)
20047
msgid "phpMyAdmin"
20048
msgstr "phpMyAdmin"
20049
20050
#: serverguide/C/lamp-applications.xml:416(para)
20051
msgid ""
20052
"<application>phpMyAdmin</application> is a LAMP application specifically "
20053
"written for administering <application>MySQL</application> servers. Written "
20054
"in <application>PHP</application>, and accessed through a web browser, "
20055
"phpMyAdmin provides a graphical interface for database administration tasks."
20056
msgstr ""
20057
20058
#: serverguide/C/lamp-applications.xml:425(para)
20059
msgid ""
20060
"Before installing <application>phpMyAdmin</application> you will need access "
20061
"to a <application>MySQL</application> database either on the same host as "
20062
"that phpMyAdmin is installed on, or on a host accessible over the network. "
20063
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
20064
"enter:"
20065
msgstr ""
20066
20067
#: serverguide/C/lamp-applications.xml:432(command)
20068
msgid "sudo apt-get install phpmyadmin"
20069
msgstr ""
20070
20071
#: serverguide/C/lamp-applications.xml:435(para)
20072
msgid ""
20073
"At the prompt choose which web server to be configured for "
20074
"<application>phpMyAdmin</application>. The rest of this section will use "
20075
"<application>Apache2</application> for the web server."
20076
msgstr ""
20077
20078
#: serverguide/C/lamp-applications.xml:440(para)
20079
msgid ""
20080
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
20081
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
20082
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
20083
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
20084
"user if you any setup, and enter the <application>MySQL</application> user's "
20085
"password."
20086
msgstr ""
20087
20088
#: serverguide/C/lamp-applications.xml:447(para)
20089
msgid ""
20090
"Once logged in you can reset the <emphasis>root</emphasis> password if "
20091
"needed, create users, create/destroy databases and tables, etc."
20092
msgstr ""
20093
20094
#: serverguide/C/lamp-applications.xml:455(para)
20095
msgid ""
20096
"The configuration files for <application>phpMyAdmin</application> are "
20097
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
20098
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
20099
"configuration options that apply globally to "
20100
"<application>phpMyAdmin</application>."
20101
msgstr ""
20102
20103
#: serverguide/C/lamp-applications.xml:461(para)
20104
msgid ""
20105
"To use <application>phpMyAdmin</application> to administer a MySQL database "
20106
"hosted on another server, adjust the following in "
20107
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
20108
msgstr ""
20109
20110
#: serverguide/C/lamp-applications.xml:466(programlisting)
20111
#, no-wrap
20112
msgid ""
20113
"\n"
20114
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
20115
msgstr ""
20116
20117
#: serverguide/C/lamp-applications.xml:471(para)
20118
msgid ""
20119
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
20120
"remote database server name or IP address. Also, be sure that the "
20121
"<application>phpMyAdmin</application> host has permissions to access the "
20122
"remote database."
20123
msgstr ""
20124
20125
#: serverguide/C/lamp-applications.xml:477(para)
20126
msgid ""
20127
"Once configured, log out of <application>phpMyAdmin</application> and back "
20128
"in, and you should be accessing the new server."
20129
msgstr ""
20130
20131
#: serverguide/C/lamp-applications.xml:481(para)
20132
msgid ""
20133
"The <filename>config.header.inc.php</filename> and "
20134
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
20135
"header and footer to <application>phpMyAdmin</application>."
20136
msgstr ""
20137
20138
#: serverguide/C/lamp-applications.xml:486(para)
20139
msgid ""
20140
"Another important configuration file is "
20141
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
20142
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
20143
"configure <application>Apache2</application> to serve the "
20144
"<application>phpMyAdmin</application> site. The file contains directives for "
20145
"loading <application>PHP</application>, directory permissions, etc. For more "
20146
"information on configuring <application>Apache2</application> see <xref "
20147
"linkend=\"httpd\"/>."
20148
msgstr ""
20149
20150
#: serverguide/C/lamp-applications.xml:500(para)
20151
msgid ""
20152
"The <application>phpMyAdmin</application> documentation comes installed with "
20153
"the package and can be accessed from the <emphasis>phpMyAdmin "
20154
"Documentation</emphasis> link (a question mark with a box around it) under "
20155
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
20156
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
20157
msgstr ""
20158
20159
#: serverguide/C/lamp-applications.xml:507(para)
20160
msgid ""
20161
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
20162
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
20163
msgstr ""
20164
20165
#: serverguide/C/lamp-applications.xml:512(para)
20166
msgid ""
20167
"A third resource is the <ulink "
20168
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
20169
"Wiki</ulink> page."
20170
msgstr ""
20171
20172
#: serverguide/C/introduction.xml:14(para)
20173
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
20174
msgstr ""
20175
20176
#: serverguide/C/introduction.xml:15(para)
20177
msgid ""
20178
"Here you can find information on how to install and configure various server "
20179
"applications. It is a step-by-step, task-oriented guide for configuring and "
20180
"customizing your system."
20181
msgstr ""
20182
20183
#: serverguide/C/introduction.xml:19(para)
20184
msgid ""
20185
"This guide assumes you have a basic understanding of your Ubuntu system. "
20186
"Some installation details are covered in <xref linkend=\"installation\"/>, "
20187
"but if you need detailed instructions installing Ubuntu please refer to the "
20188
"<ulink url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
20189
"Installation Guide</ulink>."
20190
msgstr ""
20191
20192
#: serverguide/C/introduction.xml:25(para)
20193
msgid ""
20194
"A HTML version of the manual is available online at <ulink "
20195
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
20196
"HTML files are also available in the <application>ubuntu-"
20197
"serverguide</application> package. See <xref linkend=\"package-"
20198
"management\"/> for details on installing packages."
20199
msgstr ""
20200
20201
#: serverguide/C/introduction.xml:32(para)
20202
msgid ""
20203
"If you choose to install the <application>ubuntu-serverguide</application> "
20204
"you can view this document from a console by:"
20205
msgstr ""
20206
20207
#: serverguide/C/introduction.xml:36(command)
20208
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
20209
msgstr ""
20210
20211
#: serverguide/C/introduction.xml:39(para)
20212
msgid ""
20213
"If you are using a localized version of Ubuntu, replace "
20214
"<emphasis>C</emphasis> with your language localization (e.g. "
20215
"<emphasis>en_GB</emphasis>)."
20216
msgstr ""
20217
20218
#: serverguide/C/introduction.xml:53(title)
20219
msgid "Support"
20220
msgstr "Підтримка"
20221
20222
#: serverguide/C/introduction.xml:55(para)
20223
msgid ""
20224
"There are a couple of different ways that Ubuntu Server Edition is "
20225
"supported, commercial support and community support. The main commercial "
20226
"support (and development funding) is available from Canonical Ltd. They "
20227
"supply reasonably priced support contracts on a per desktop or per server "
20228
"basis. For more information see the <ulink "
20229
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
20230
"page."
20231
msgstr ""
20232
20233
#: serverguide/C/introduction.xml:62(para)
20234
msgid ""
20235
"Community support is also provided by dedicated individuals, and companies, "
20236
"that wish to make Ubuntu the best distribution possible. Support is provided "
20237
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
20238
"large amount of information available can be overwhelming, but a good search "
20239
"engine query can usually provide an answer to your questions. See the <ulink "
20240
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
20241
"information."
20242
msgstr ""
20243
20244
#: serverguide/C/installation.xml:14(para)
20245
msgid ""
20246
"This chapter provides a quick overview of installing Ubuntu 10.10 Server "
20247
"Edition. For more detailed instructions, please refer to the <ulink "
20248
"url=\"https://help.ubuntu.com/10.04/installation-guide/\">Ubuntu "
20249
"Installation Guide</ulink>."
20250
msgstr ""
20251
20252
#: serverguide/C/installation.xml:19(title)
20253
msgid "Preparing to Install"
20254
msgstr "Приготування до встановлення"
20255
20256
#: serverguide/C/installation.xml:20(para)
20257
msgid ""
20258
"This section explains various aspects to consider before starting the "
20259
"installation."
20260
msgstr ""
20261
20262
#: serverguide/C/installation.xml:24(title)
20263
msgid "System Requirements"
20264
msgstr "Вимоги до системи"
20265
20266
#: serverguide/C/installation.xml:25(para)
20267
msgid ""
20268
"Ubuntu 10.10 Server Edition supports two (2) major architectures: Intel x86 "
20269
"and AMD64. The table below lists recommended hardware specifications. "
20270
"Depending on your needs, you might manage with less than this. However, most "
20271
"users risk being frustrated if they ignore these suggestions."
20272
msgstr ""
20273
20274
#: serverguide/C/installation.xml:27(title)
20275
msgid "Recommended Minimum Requirements"
20276
msgstr ""
20277
20278
#: serverguide/C/installation.xml:35(para)
20279
msgid "Install Type"
20280
msgstr "Тип встановлення"
20281
20282
#: serverguide/C/installation.xml:36(para)
20283
msgid "RAM"
20284
msgstr "Пам’ять"
20285
20286
#: serverguide/C/installation.xml:37(para)
20287
msgid "Hard Drive Space"
20288
msgstr "Простір на диску"
20289
20290
#: serverguide/C/installation.xml:40(para)
20291
msgid "Base System"
20292
msgstr "Базова система"
20293
20294
#: serverguide/C/installation.xml:41(para)
20295
msgid "All Tasks Installed"
20296
msgstr ""
20297
20298
#: serverguide/C/installation.xml:46(para)
20299
msgid "Server"
20300
msgstr "Сервер"
20301
20302
#: serverguide/C/installation.xml:47(para)
20303
msgid "128 megabytes"
20304
msgstr "128 МБ"
20305
20306
#: serverguide/C/installation.xml:48(para)
20307
msgid "500 megabytes"
20308
msgstr "500 МБ"
20309
20310
#: serverguide/C/installation.xml:49(para)
20311
msgid "1 gigabyte"
20312
msgstr "1 ГБ"
20313
20314
#: serverguide/C/installation.xml:54(para)
20315
msgid ""
20316
"The Server Edition provides a common base for all sorts of server "
20317
"applications. It is a minimalist design providing a platform for the desired "
20318
"services, such as file/print services, web hosting, email hosting, etc."
20319
msgstr ""
20320
20321
#: serverguide/C/installation.xml:60(para)
20322
msgid ""
20323
"The requirements for UEC are slightly different for Front End requirements "
20324
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
20325
"requirements see <xref linkend=\"uec-node-requirements\"/>."
20326
msgstr ""
20327
20328
#: serverguide/C/installation.xml:68(title)
20329
msgid "Server and Desktop Differences"
20330
msgstr ""
20331
20332
#: serverguide/C/installation.xml:69(para)
20333
msgid ""
20334
"There are a few differences between the <emphasis>Ubuntu Server "
20335
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
20336
"should be noted that both editions use the same "
20337
"<application>apt</application> repositories. Making it just as easy to "
20338
"install a <emphasis role=\"italic\">server</emphasis> application on the "
20339
"Desktop Edition as it is on the Server Edition."
20340
msgstr ""
20341
20342
#: serverguide/C/installation.xml:75(para)
20343
msgid ""
20344
"The differences between the two editions are the lack of an X window "
20345
"environment in the Server Edition, the installation process, and different "
20346
"Kernel options."
20347
msgstr ""
20348
20349
#: serverguide/C/installation.xml:82(title)
20350
msgid "Kernel Differences:"
20351
msgstr ""
20352
20353
#: serverguide/C/installation.xml:85(para)
20354
msgid ""
20355
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
20356
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
20357
"Edition."
20358
msgstr ""
20359
20360
#: serverguide/C/installation.xml:91(para)
20361
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
20362
msgstr ""
20363
20364
#: serverguide/C/installation.xml:96(para)
20365
msgid ""
20366
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
20367
"Desktop Edition."
20368
msgstr ""
20369
20370
#: serverguide/C/installation.xml:102(para)
20371
msgid ""
20372
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
20373
"limited by memory addressing space."
20374
msgstr ""
20375
20376
#: serverguide/C/installation.xml:107(para)
20377
msgid ""
20378
"To see all kernel configuration options you can look through "
20379
"<filename>/boot/config-&linux-kernel-version;-server</filename>. Also, "
20380
"<ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> "
20381
"is a great resource on the options available."
20382
msgstr ""
20383
20384
#: serverguide/C/installation.xml:116(title)
20385
msgid "Backing Up"
20386
msgstr "Створення резервних копій"
20387
20388
#: serverguide/C/installation.xml:119(para)
20389
msgid ""
20390
"Before installing <application>Ubuntu Server Edition</application> you "
20391
"should make sure all data on the system is backed up. See <xref "
20392
"linkend=\"backups\"/> for backup options."
20393
msgstr ""
20394
20395
#: serverguide/C/installation.xml:123(para)
20396
msgid ""
20397
"If this is not the first time an operating system has been installed on your "
20398
"computer, it is likely you will need to re-partition your disk to make room "
20399
"for Ubuntu."
20400
msgstr ""
20401
20402
#: serverguide/C/installation.xml:127(para)
20403
msgid ""
20404
"Any time you partition your disk, you should be prepared to lose everything "
20405
"on the disk should you make a mistake or something goes wrong during "
20406
"partitioning. The programs used in installation are quite reliable, most "
20407
"have seen years of use, but they also perform destructive actions."
20408
msgstr ""
20409
20410
#: serverguide/C/installation.xml:139(title)
20411
msgid "Installing from CD"
20412
msgstr ""
20413
20414
#: serverguide/C/installation.xml:140(para)
20415
msgid ""
20416
"The basic steps to install Ubuntu Server Edition from CD are the same for "
20417
"installing any operating system from CD. Unlike the <emphasis>Desktop "
20418
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
20419
"a graphical installation program. Instead the Server Edition uses a console "
20420
"menu based process."
20421
msgstr ""
20422
20423
#: serverguide/C/installation.xml:147(para)
20424
msgid ""
20425
"First, download and burn the appropriate ISO file from the <ulink "
20426
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
20427
msgstr ""
20428
20429
#: serverguide/C/installation.xml:153(para)
20430
msgid "Boot the system from the CD-ROM drive."
20431
msgstr ""
20432
20433
#: serverguide/C/installation.xml:158(para)
20434
msgid ""
20435
"At the boot prompt you will be asked to select the language. Afterwards the "
20436
"installation process begins by asking for your keyboard layout."
20437
msgstr ""
20438
20439
#: serverguide/C/installation.xml:164(para)
20440
msgid ""
20441
"From the main boot menu there are some additional options to install Ubuntu "
20442
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
20443
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
20444
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
20445
"will cover the basic Ubuntu Server install."
20446
msgstr ""
20447
20448
#: serverguide/C/installation.xml:172(para)
20449
msgid ""
20450
"The installer then discovers your hardware configuration, and configures the "
20451
"network settings using DHCP. If you do not wish to use DHCP at the next "
20452
"screen choose \"Go Back\", and you have the option to \"Configure the "
20453
"network manually\"."
20454
msgstr ""
20455
20456
#: serverguide/C/installation.xml:179(para)
20457
msgid "Next, the installer asks for the system's hostname and Time Zone."
20458
msgstr ""
20459
20460
#: serverguide/C/installation.xml:184(para)
20461
msgid ""
20462
"You can then choose from several options to configure the hard drive layout. "
20463
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
20464
msgstr ""
20465
20466
#: serverguide/C/installation.xml:190(para)
20467
msgid "The Ubuntu base system is then installed."
20468
msgstr ""
20469
20470
#: serverguide/C/installation.xml:195(para)
20471
msgid ""
20472
"A new user is setup, this user will have <emphasis>root</emphasis> access "
20473
"through the <application>sudo</application> utility."
20474
msgstr ""
20475
20476
#: serverguide/C/installation.xml:201(para)
20477
msgid ""
20478
"After the user is setup, you will be asked to encrypt your <filename "
20479
"role=\"directory\">home</filename> directory."
20480
msgstr ""
20481
20482
#: serverguide/C/installation.xml:207(para)
20483
msgid ""
20484
"The next step in the installation process is to decide how you want to "
20485
"update the system. There are three options:"
20486
msgstr ""
20487
20488
#: serverguide/C/installation.xml:213(para)
20489
msgid ""
20490
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
20491
"log into the machine and manually install updates."
20492
msgstr ""
20493
20494
#: serverguide/C/installation.xml:219(para)
20495
msgid ""
20496
"<emphasis>Install security updates Automatically</emphasis>: will install "
20497
"the <application>unattended-upgrades</application> package, which will "
20498
"install security updates without the intervention of an administrator. For "
20499
"more details see <xref linkend=\"automatic-updates\"/>."
20500
msgstr ""
20501
20502
#: serverguide/C/installation.xml:226(para)
20503
msgid ""
20504
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
20505
"service provided by Canonical to help manage your Ubuntu machines. See the "
20506
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
20507
"site for details."
20508
msgstr ""
20509
20510
#: serverguide/C/installation.xml:235(para)
20511
msgid ""
20512
"You now have the option to install, or not install, several package tasks. "
20513
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
20514
"to launch <application>aptitude</application> to choose specific packages to "
20515
"install. For more information see <xref linkend=\"aptitude\"/>."
20516
msgstr ""
20517
20518
#: serverguide/C/installation.xml:243(para)
20519
msgid "Finally, the last step before rebooting is to set the clock to UTC."
20520
msgstr ""
20521
20522
#: serverguide/C/installation.xml:249(para)
20523
msgid ""
20524
"If at any point during installation you are not satisfied by the default "
20525
"setting, use the \"Go Back\" function at any prompt to be brought to a "
20526
"detailed installation menu that will allow you to modify the default "
20527
"settings."
20528
msgstr ""
20529
20530
#: serverguide/C/installation.xml:254(para)
20531
msgid ""
20532
"At some point during the installation process you may want to read the help "
20533
"screen provided by the installation system. To do this, press F1."
20534
msgstr ""
20535
20536
#: serverguide/C/installation.xml:259(para)
20537
msgid ""
20538
"Once again, for detailed instructions see the <ulink "
20539
"url=\"https://help.ubuntu.com/10.04/installation-guide/\"> Ubuntu "
20540
"Installation Guide</ulink>."
20541
msgstr ""
20542
20543
#: serverguide/C/installation.xml:265(title)
20544
msgid "Package Tasks"
20545
msgstr ""
20546
20547
#: serverguide/C/installation.xml:266(para)
20548
msgid ""
20549
"During the Server Edition installation you have the option of installing "
20550
"additional packages from the CD. The packages are grouped by the type of "
20551
"service they provide."
20552
msgstr ""
20553
20554
#: serverguide/C/installation.xml:272(para)
20555
msgid "Cloud computing: Walrus storage service"
20556
msgstr ""
20557
20558
#: serverguide/C/installation.xml:277(para)
20559
msgid "Cloud computing: all-in-one cluster"
20560
msgstr ""
20561
20562
#: serverguide/C/installation.xml:282(para)
20563
msgid "Cloud computing: Cluster controller"
20564
msgstr ""
20565
20566
#: serverguide/C/installation.xml:287(para)
20567
msgid "Cloud computing: Node controller"
20568
msgstr ""
20569
20570
#: serverguide/C/installation.xml:292(para)
20571
msgid "Cloud computing: Storage controller"
20572
msgstr ""
20573
20574
#: serverguide/C/installation.xml:297(para)
20575
msgid "Cloud computing: top-level cloud controller"
20576
msgstr ""
20577
20578
#: serverguide/C/installation.xml:302(para)
20579
msgid "DNS server: Selects the BIND DNS server and its documentation."
20580
msgstr ""
20581
20582
#: serverguide/C/installation.xml:307(para)
20583
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
20584
msgstr ""
20585
20586
#: serverguide/C/installation.xml:312(para)
20587
msgid ""
20588
"Mail server: This task selects a variety of package useful for a general "
20589
"purpose mail server system."
20590
msgstr ""
20591
20592
#: serverguide/C/installation.xml:317(para)
20593
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
20594
msgstr ""
20595
20596
#: serverguide/C/installation.xml:322(para)
20597
msgid ""
20598
"PostgreSQL database: This task selects client and server packages for the "
20599
"PostgreSQL database."
20600
msgstr ""
20601
20602
#: serverguide/C/installation.xml:327(para)
20603
msgid "Print server: This task sets up your system to be a print server."
20604
msgstr ""
20605
20606
#: serverguide/C/installation.xml:332(para)
20607
msgid ""
20608
"Samba File server: This task sets up your system to be a Samba file server, "
20609
"which is especially suitable in networks with both Windows and Linux systems."
20610
msgstr ""
20611
20612
#: serverguide/C/installation.xml:338(para)
20613
msgid ""
20614
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
20615
"etc."
20616
msgstr ""
20617
20618
#: serverguide/C/installation.xml:343(para)
20619
msgid ""
20620
"Virtual machine host: Includes packages needed to run KVM virtual machines."
20621
msgstr ""
20622
20623
#: serverguide/C/installation.xml:348(para)
20624
msgid ""
20625
"Manually select packages: Executes <application>apptitude</application> "
20626
"allowing you to individually select packages."
20627
msgstr ""
20628
20629
#: serverguide/C/installation.xml:353(para)
20630
msgid ""
20631
"Installing the package groups is accomplished using the "
20632
"<application>tasksel</application> utility. One of the important difference "
20633
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
20634
"installed, a package is also configured to reasonable defaults, eventually "
20635
"prompting you for additional required information. Likewise, when installing "
20636
"a task, the packages are not only installed, but also configured to provided "
20637
"a fully integrated service."
20638
msgstr ""
20639
20640
#: serverguide/C/installation.xml:360(para)
20641
msgid ""
20642
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
20643
"<xref linkend=\"uec\"/>."
20644
msgstr ""
20645
20646
#: serverguide/C/installation.xml:363(para)
20647
msgid ""
20648
"Once the installation process has finished you can view a list of available "
20649
"tasks by entering the following from a terminal prompt:"
20650
msgstr ""
20651
20652
#: serverguide/C/installation.xml:368(command)
20653
msgid "tasksel --list-tasks"
20654
msgstr ""
20655
20656
#: serverguide/C/installation.xml:371(para)
20657
msgid ""
20658
"The output will list tasks from other Ubuntu based distributions such as "
20659
"Kubuntu and Edubuntu. Note that you can also invoke the "
20660
"<command>tasksel</command> command by itself, which will bring up a menu of "
20661
"the different tasks available."
20662
msgstr ""
20663
20664
#: serverguide/C/installation.xml:377(para)
20665
msgid ""
20666
"You can view a list of which packages are installed with each task using the "
20667
"<emphasis>--task-packages</emphasis> option. For example, to list the "
20668
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
20669
"following:"
20670
msgstr ""
20671
20672
#: serverguide/C/installation.xml:382(command)
20673
msgid "tasksel --task-packages dns-server"
20674
msgstr ""
20675
20676
#: serverguide/C/installation.xml:384(para)
20677
msgid "The output of the command should list:"
20678
msgstr ""
20679
20680
#: serverguide/C/installation.xml:387(programlisting)
20681
#, no-wrap
20682
msgid ""
20683
"\n"
20684
"bind9-doc \n"
20685
"bind9utils \n"
20686
"bind9\n"
20687
msgstr ""
20688
20689
#: serverguide/C/installation.xml:392(para)
20690
msgid ""
20691
"Also, if you did not install one of the tasks during the installation "
20692
"process, but for example you decide to make your new LAMP server a DNS "
20693
"server as well. Simply insert the installation CD and from a terminal:"
20694
msgstr ""
20695
20696
#: serverguide/C/installation.xml:397(command)
20697
msgid "sudo tasksel install dns-server"
20698
msgstr ""
20699
20700
#: serverguide/C/installation.xml:402(title)
20701
msgid "Upgrading"
20702
msgstr "Оновлення"
20703
20704
#: serverguide/C/installation.xml:403(para)
20705
msgid ""
20706
"There are several ways to upgrade from one Ubuntu release to another. This "
20707
"section gives an overview of the recommended upgrade method."
20708
msgstr ""
20709
20710
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
20711
msgid "do-release-upgrade"
20712
msgstr ""
20713
20714
#: serverguide/C/installation.xml:408(para)
20715
msgid ""
20716
"The recommended way to upgrade a Server Edition installation is to use the "
20717
"<application>do-release-upgrade</application> utility. Part of the "
20718
"<emphasis>update-manager-core</emphasis> package, it does not have any "
20719
"graphical dependencies and is installed by default."
20720
msgstr ""
20721
20722
#: serverguide/C/installation.xml:413(para)
20723
msgid ""
20724
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20725
"upgrade</command>. However, using <application>do-release-"
20726
"upgrade</application> is recommended because it has the ability to handle "
20727
"system configuration changes sometimes needed between releases."
20728
msgstr ""
20729
20730
#: serverguide/C/installation.xml:418(para)
20731
msgid "To upgrade to a newer release, from a terminal prompt enter:"
20732
msgstr ""
20733
20734
#: serverguide/C/installation.xml:424(para)
20735
msgid ""
20736
"It is also possible to use <application>do-release-upgrade</application> to "
20737
"upgrade to a development version of Ubuntu. To accomplish this use the "
20738
"<emphasis>-d</emphasis> switch:"
20739
msgstr ""
20740
20741
#: serverguide/C/installation.xml:429(command)
20742
msgid "do-release-upgrade -d"
20743
msgstr ""
20744
20745
#: serverguide/C/installation.xml:432(para)
20746
msgid ""
20747
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20748
"for production environments."
20749
msgstr ""
20750
20751
#: serverguide/C/installation.xml:439(title)
20752
msgid "Advanced Installation"
20753
msgstr ""
20754
20755
#: serverguide/C/installation.xml:442(title)
20756
msgid "Software RAID"
20757
msgstr ""
20758
20759
#: serverguide/C/installation.xml:444(para)
20760
msgid ""
20761
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20762
"the probability of catastrophic data loss in case of drive failure. RAID is "
20763
"implemented in either software (where the operating system knows about both "
20764
"drives and actively maintains both of them) or hardware (where a special "
20765
"controller makes the OS think there's only one drive and maintains the "
20766
"drives 'invisibly')."
20767
msgstr ""
20768
20769
#: serverguide/C/installation.xml:451(para)
20770
msgid ""
20771
"The RAID software included with current versions of Linux (and Ubuntu) is "
20772
"based on the <application>'mdadm'</application> driver and works very well, "
20773
"better even than many so-called 'hardware' RAID controllers. This section "
20774
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20775
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20776
"another for <emphasis>swap</emphasis>."
20777
msgstr ""
20778
20779
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20780
msgid ""
20781
"Follow the installation steps until you get to the <emphasis>Partition "
20782
"disks</emphasis> step, then:"
20783
msgstr ""
20784
20785
#: serverguide/C/installation.xml:468(para)
20786
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20787
msgstr ""
20788
20789
#: serverguide/C/installation.xml:475(para)
20790
msgid ""
20791
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20792
"partition table on this device?\"</emphasis>."
20793
msgstr ""
20794
20795
#: serverguide/C/installation.xml:479(para)
20796
msgid ""
20797
"Repeat this step for each drive you wish to be part of the RAID array."
20798
msgstr ""
20799
20800
#: serverguide/C/installation.xml:486(para)
20801
msgid ""
20802
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20803
"select <emphasis>\"Create a new partition\"</emphasis>."
20804
msgstr ""
20805
20806
#: serverguide/C/installation.xml:493(para)
20807
msgid ""
20808
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20809
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20810
"size is twice that of RAM. Enter the partition size, then choose "
20811
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20812
msgstr ""
20813
20814
#: serverguide/C/installation.xml:502(para)
20815
msgid ""
20816
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20817
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20818
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20819
"<emphasis>\"Done setting up partition\"</emphasis>."
20820
msgstr ""
20821
20822
#: serverguide/C/installation.xml:511(para)
20823
msgid ""
20824
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20825
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20826
"partition\"</emphasis>."
20827
msgstr ""
20828
20829
#: serverguide/C/installation.xml:519(para)
20830
msgid ""
20831
"Use the rest of the free space on the drive and choose "
20832
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20833
msgstr ""
20834
20835
#: serverguide/C/installation.xml:526(para)
20836
msgid ""
20837
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20838
"at the top, changing it to <emphasis>\"physical volume for "
20839
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20840
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20841
"<emphasis>\"Done setting up partition\"</emphasis>."
20842
msgstr ""
20843
20844
#: serverguide/C/installation.xml:536(para)
20845
msgid "Repeat steps three through eight for the other disk and partitions."
20846
msgstr ""
20847
20848
#: serverguide/C/installation.xml:545(title)
20849
msgid "RAID Configuration"
20850
msgstr ""
20851
20852
#: serverguide/C/installation.xml:547(para)
20853
msgid "With the partitions setup the arrays are ready to be configured:"
20854
msgstr ""
20855
20856
#: serverguide/C/installation.xml:554(para)
20857
msgid ""
20858
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20859
"Software RAID\"</emphasis> at the top."
20860
msgstr ""
20861
20862
#: serverguide/C/installation.xml:561(para)
20863
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20864
msgstr ""
20865
20866
#: serverguide/C/installation.xml:568(para)
20867
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20868
msgstr ""
20869
20870
#: serverguide/C/installation.xml:575(para)
20871
msgid ""
20872
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20873
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20874
msgstr ""
20875
20876
#: serverguide/C/installation.xml:581(para)
20877
msgid ""
20878
"In order to use <emphasis>RAID5</emphasis> you need at least "
20879
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20880
"<emphasis>two</emphasis> drives are required."
20881
msgstr ""
20882
20883
#: serverguide/C/installation.xml:590(para)
20884
msgid ""
20885
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20886
"of hard drives you have, for the array. Then select "
20887
"<emphasis>\"Continue\"</emphasis>."
20888
msgstr ""
20889
20890
#: serverguide/C/installation.xml:598(para)
20891
msgid ""
20892
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20893
"default, then choose <emphasis>\"Continue\"</emphasis>."
20894
msgstr ""
20895
20896
#: serverguide/C/installation.xml:605(para)
20897
msgid ""
20898
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20899
"etc. The numbers will usually match and the different letters correspond to "
20900
"different hard drives."
20901
msgstr ""
20902
20903
#: serverguide/C/installation.xml:610(para)
20904
msgid ""
20905
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20906
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20907
"go to the next step."
20908
msgstr ""
20909
20910
#: serverguide/C/installation.xml:618(para)
20911
msgid ""
20912
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20913
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20914
"and <emphasis>sdb2</emphasis>."
20915
msgstr ""
20916
20917
#: serverguide/C/installation.xml:626(para)
20918
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20919
msgstr ""
20920
20921
#: serverguide/C/installation.xml:636(title)
20922
msgid "Formatting"
20923
msgstr "Форматування"
20924
20925
#: serverguide/C/installation.xml:638(para)
20926
msgid ""
20927
"There should now be a list of hard drives and RAID devices. The next step is "
20928
"to format and set the mount point for the RAID devices. Treat the RAID "
20929
"device as a local hard drive, format and mount accordingly."
20930
msgstr ""
20931
20932
#: serverguide/C/installation.xml:646(para)
20933
msgid ""
20934
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20935
"#0\"</emphasis> partition."
20936
msgstr ""
20937
20938
#: serverguide/C/installation.xml:653(para)
20939
msgid ""
20940
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20941
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20942
msgstr ""
20943
20944
#: serverguide/C/installation.xml:661(para)
20945
msgid ""
20946
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20947
"#1\"</emphasis> partition."
20948
msgstr ""
20949
20950
#: serverguide/C/installation.xml:668(para)
20951
msgid ""
20952
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20953
"journaling file system\"</emphasis>."
20954
msgstr ""
20955
20956
#: serverguide/C/installation.xml:675(para)
20957
msgid ""
20958
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20959
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20960
"options as appropriate, then select <emphasis>\"Done setting up "
20961
"partition\"</emphasis>."
20962
msgstr ""
20963
20964
#: serverguide/C/installation.xml:683(para)
20965
msgid ""
20966
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20967
"disk\"</emphasis>."
20968
msgstr ""
20969
20970
#: serverguide/C/installation.xml:690(para)
20971
msgid ""
20972
"If you choose to place the root partition on a RAID array, the installer "
20973
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20974
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20975
msgstr ""
20976
20977
#: serverguide/C/installation.xml:695(para)
20978
msgid "The installation process will then continue normally."
20979
msgstr ""
20980
20981
#: serverguide/C/installation.xml:701(title)
20982
msgid "Degraded RAID"
20983
msgstr ""
20984
20985
#: serverguide/C/installation.xml:703(para)
20986
msgid ""
20987
"At some point in the life of the computer a disk failure event may occur. "
20988
"When this happens, using Software RAID, the operating system will place the "
20989
"array into what is known as a <emphasis>degraded</emphasis> state."
20990
msgstr ""
20991
20992
#: serverguide/C/installation.xml:708(para)
20993
msgid ""
20994
"If the array has become degraded, due to the chance of data corruption, by "
20995
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20996
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20997
"second prompt giving you the option to go ahead and boot the system, or "
20998
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20999
"the desired behavior, especially if the machine is in a remote location. "
21000
"Booting to a degraded array can be configured several ways:"
21001
msgstr ""
21002
21003
#: serverguide/C/installation.xml:719(para)
21004
msgid ""
21005
"The <application>dpkg-reconfigure</application> utility can be used to "
21006
"configure the default behavior, and during the process you will be queried "
21007
"about additional settings related to the array. Such as monitoring, email "
21008
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
21009
"following:"
21010
msgstr ""
21011
21012
#: serverguide/C/installation.xml:726(command)
21013
msgid "sudo dpkg-reconfigure mdadm"
21014
msgstr ""
21015
21016
#: serverguide/C/installation.xml:732(para)
21017
msgid ""
21018
"The <command>dpkg-reconfigure mdadm</command> process will change the "
21019
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
21020
"The file has the advantage of being able to pre-configure the system's "
21021
"behavior, and can also be manually edited:"
21022
msgstr ""
21023
21024
#: serverguide/C/installation.xml:738(programlisting)
21025
#, no-wrap
21026
msgid ""
21027
"\n"
21028
"BOOT_DEGRADED=true\n"
21029
msgstr ""
21030
21031
#: serverguide/C/installation.xml:743(para)
21032
msgid "The configuration file can be overridden by using a Kernel argument."
21033
msgstr ""
21034
21035
#: serverguide/C/installation.xml:751(para)
21036
msgid ""
21037
"Using a Kernel argument will allow the system to boot to a degraded array as "
21038
"well:"
21039
msgstr ""
21040
21041
#: serverguide/C/installation.xml:757(para)
21042
msgid ""
21043
"When the server is booting press <keycap>Shift</keycap> to open the "
21044
"<application>Grub</application> menu."
21045
msgstr ""
21046
21047
#: serverguide/C/installation.xml:762(para)
21048
msgid "Press <keycap>e</keycap> to edit your kernel command options."
21049
msgstr ""
21050
21051
#: serverguide/C/installation.xml:767(para)
21052
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
21053
msgstr ""
21054
21055
#: serverguide/C/installation.xml:772(para)
21056
msgid ""
21057
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
21058
"end of the line."
21059
msgstr ""
21060
21061
#: serverguide/C/installation.xml:777(para)
21062
msgid ""
21063
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
21064
"the system."
21065
msgstr ""
21066
21067
#: serverguide/C/installation.xml:786(para)
21068
msgid ""
21069
"Once the system has booted you can either repair the array see <xref "
21070
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
21071
"another machine due to major hardware failure."
21072
msgstr ""
21073
21074
#: serverguide/C/installation.xml:793(title)
21075
msgid "RAID Maintenance"
21076
msgstr ""
21077
21078
#: serverguide/C/installation.xml:795(para)
21079
msgid ""
21080
"The <application>mdadm</application> utility can be used to view the status "
21081
"of an array, add disks to an array, remove disks, etc:"
21082
msgstr ""
21083
21084
#: serverguide/C/installation.xml:802(para)
21085
msgid "To view the status of an array, from a terminal prompt enter:"
21086
msgstr ""
21087
21088
#: serverguide/C/installation.xml:806(command)
21089
msgid "sudo mdadm -D /dev/md0"
21090
msgstr ""
21091
21092
#: serverguide/C/installation.xml:809(para)
21093
msgid ""
21094
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
21095
"display <emphasis>detailed</emphasis> information about the "
21096
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
21097
"with the appropriate RAID device."
21098
msgstr ""
21099
21100
#: serverguide/C/installation.xml:815(para)
21101
msgid "To view the status of a disk in an array:"
21102
msgstr ""
21103
21104
#: serverguide/C/installation.xml:819(command)
21105
msgid "sudo mdadm -E /dev/sda1"
21106
msgstr ""
21107
21108
#: serverguide/C/installation.xml:821(para)
21109
msgid ""
21110
"The output if very similar to the <command>mdadm -D</command> command, "
21111
"adjust <filename>/dev/sda1</filename> for each disk."
21112
msgstr ""
21113
21114
#: serverguide/C/installation.xml:826(para)
21115
msgid "If a disk fails and needs to be removed from an array enter:"
21116
msgstr ""
21117
21118
#: serverguide/C/installation.xml:830(command)
21119
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
21120
msgstr ""
21121
21122
#: serverguide/C/installation.xml:832(para)
21123
msgid ""
21124
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
21125
"the appropriate RAID device and disk."
21126
msgstr ""
21127
21128
#: serverguide/C/installation.xml:837(para)
21129
msgid "Similarly, to add a new disk:"
21130
msgstr ""
21131
21132
#: serverguide/C/installation.xml:841(command)
21133
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
21134
msgstr ""
21135
21136
#: serverguide/C/installation.xml:846(para)
21137
msgid ""
21138
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
21139
"though there is nothing physically wrong with the drive. It is usually "
21140
"worthwhile to remove the drive from the array then re-add it. This will "
21141
"cause the drive to re-sync with the array. If the drive will not sync with "
21142
"the array, it is a good indication of hardware failure."
21143
msgstr ""
21144
21145
#: serverguide/C/installation.xml:852(para)
21146
msgid ""
21147
"The <filename>/proc/mdstat</filename> file also contains useful information "
21148
"about the system's RAID devices:"
21149
msgstr ""
21150
21151
#: serverguide/C/installation.xml:857(command)
21152
msgid "cat /proc/mdstat"
21153
msgstr ""
21154
21155
#: serverguide/C/installation.xml:858(computeroutput)
21156
#, no-wrap
21157
msgid ""
21158
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
21159
"[raid10] \n"
21160
"md0 : active raid1 sda1[0] sdb1[1]\n"
21161
" 10016384 blocks [2/2] [UU]\n"
21162
" \n"
21163
"unused devices: <none>"
21164
msgstr ""
21165
21166
#: serverguide/C/installation.xml:865(para)
21167
msgid ""
21168
"The following command is great for watching the status of a syncing drive:"
21169
msgstr ""
21170
21171
#: serverguide/C/installation.xml:870(command)
21172
msgid "watch -n1 cat /proc/mdstat"
21173
msgstr ""
21174
21175
#: serverguide/C/installation.xml:873(para)
21176
msgid ""
21177
"Press <emphasis>Ctrl+c</emphasis> to stop the "
21178
"<application>watch</application> command."
21179
msgstr ""
21180
21181
#: serverguide/C/installation.xml:877(para)
21182
msgid ""
21183
"If you do need to replace a faulty drive, after the drive has been replaced "
21184
"and synced, <application>grub</application> will need to be installed. To "
21185
"install <application>grub</application> on the new drive, enter the "
21186
"following:"
21187
msgstr ""
21188
21189
#: serverguide/C/installation.xml:883(command)
21190
msgid "sudo grub-install /dev/md0"
21191
msgstr ""
21192
21193
#: serverguide/C/installation.xml:886(para)
21194
msgid ""
21195
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
21196
msgstr ""
21197
21198
#: serverguide/C/installation.xml:894(para)
21199
msgid ""
21200
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
21201
"can be configured. Please see the following links for more information:"
21202
msgstr ""
21203
21204
#: serverguide/C/installation.xml:901(para)
21205
msgid ""
21206
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
21207
"Wiki Articles on RAID</ulink>."
21208
msgstr ""
21209
21210
#: serverguide/C/installation.xml:907(ulink)
21211
msgid "Software RAID HOWTO"
21212
msgstr ""
21213
21214
#: serverguide/C/installation.xml:912(ulink)
21215
msgid "Managing RAID on Linux"
21216
msgstr ""
21217
21218
#: serverguide/C/installation.xml:919(title)
21219
msgid "Logical Volume Manager (LVM)"
21220
msgstr ""
21221
21222
#: serverguide/C/installation.xml:921(para)
21223
msgid ""
21224
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
21225
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
21226
"hard disks. LVM volumes can be created on both software RAID partitions and "
21227
"standard partitions residing on a single disk. Volumes can also be extended, "
21228
"giving greater flexibility to systems as requirements change."
21229
msgstr ""
21230
21231
#: serverguide/C/installation.xml:930(para)
21232
msgid ""
21233
"A side effect of LVM's power and flexibility is a greater degree of "
21234
"complication. Before diving into the LVM installation process, it is best to "
21235
"get familiar with some terms."
21236
msgstr ""
21237
21238
#: serverguide/C/installation.xml:937(para)
21239
msgid ""
21240
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
21241
"Volumes (LV)."
21242
msgstr ""
21243
21244
#: serverguide/C/installation.xml:942(para)
21245
msgid ""
21246
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
21247
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
21248
"which resides the actual EXT3, XFS, JFS, etc filesystem."
21249
msgstr ""
21250
21251
#: serverguide/C/installation.xml:948(para)
21252
msgid ""
21253
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
21254
"RAID partition. The Volume Group can be extended by adding more PVs."
21255
msgstr ""
21256
21257
#: serverguide/C/installation.xml:959(para)
21258
msgid ""
21259
"As an example this section covers installing Ubuntu Server Edition with "
21260
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
21261
"the initial install only one Physical Volume (PV) will be part of the Volume "
21262
"Group (VG). Another PV will be added after install to demonstrate how a VG "
21263
"can be extended."
21264
msgstr ""
21265
21266
#: serverguide/C/installation.xml:965(para)
21267
msgid ""
21268
"There are several installation options for LVM, <emphasis>\"Guided - use the "
21269
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
21270
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
21271
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
21272
"partitions and configure LVM. At this time the only way to configure a "
21273
"system with both LVM and standard partitions, during installation, is to use "
21274
"the Manual approach."
21275
msgstr ""
21276
21277
#: serverguide/C/installation.xml:982(para)
21278
msgid ""
21279
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
21280
"<emphasis>\"Manual\"</emphasis>."
21281
msgstr ""
21282
21283
#: serverguide/C/installation.xml:989(para)
21284
msgid ""
21285
"Select the hard disk and on the next screen choose \"yes\" to "
21286
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
21287
msgstr ""
21288
21289
#: serverguide/C/installation.xml:996(para)
21290
msgid ""
21291
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
21292
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
21293
msgstr ""
21294
21295
#: serverguide/C/installation.xml:1004(para)
21296
msgid ""
21297
"For the LVM <emphasis>/srv</emphasis>, create a new "
21298
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
21299
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
21300
"<emphasis>\"Done setting up the partition\"</emphasis>."
21301
msgstr ""
21302
21303
#: serverguide/C/installation.xml:1012(para)
21304
msgid ""
21305
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
21306
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
21307
"disk."
21308
msgstr ""
21309
21310
#: serverguide/C/installation.xml:1020(para)
21311
msgid ""
21312
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
21313
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
21314
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
21315
"After entering a name, select the partition configured for LVM, and choose "
21316
"<emphasis>\"Continue\"</emphasis>."
21317
msgstr ""
21318
21319
#: serverguide/C/installation.xml:1029(para)
21320
msgid ""
21321
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
21322
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
21323
"volume group, and enter a name for the new LV, for example "
21324
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
21325
"a size, which may be the full partition because it can always be extended "
21326
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
21327
"main <emphasis>\"Partition Disks\"</emphasis> screen."
21328
msgstr ""
21329
21330
#: serverguide/C/installation.xml:1039(para)
21331
msgid ""
21332
"Now add a filesystem to the new LVM. Select the partition under "
21333
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
21334
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
21335
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
21336
"select <emphasis>\"Done setting up the partition\"</emphasis>."
21337
msgstr ""
21338
21339
#: serverguide/C/installation.xml:1048(para)
21340
msgid ""
21341
"Finally, select <emphasis>\"Finish partitioning and write changes to "
21342
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
21343
"the installation."
21344
msgstr ""
21345
21346
#: serverguide/C/installation.xml:1056(para)
21347
msgid "There are some useful utilities to view information about LVM:"
21348
msgstr ""
21349
21350
#: serverguide/C/installation.xml:1061(para)
21351
msgid ""
21352
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
21353
msgstr ""
21354
21355
#: serverguide/C/installation.xml:1062(para)
21356
msgid ""
21357
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
21358
msgstr ""
21359
21360
#: serverguide/C/installation.xml:1063(para)
21361
msgid ""
21362
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
21363
"Physical Volumes."
21364
msgstr ""
21365
21366
#: serverguide/C/installation.xml:1068(title)
21367
msgid "Extending Volume Groups"
21368
msgstr ""
21369
21370
#: serverguide/C/installation.xml:1070(para)
21371
msgid ""
21372
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
21373
"section covers adding a second hard disk, creating a Physical Volume (PV), "
21374
"adding it to the volume group (VG), extending the logical volume <filename "
21375
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
21376
"example assumes a second hard disk has been added to the system. This hard "
21377
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
21378
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
21379
"before issuing the commands below. You could lose some data if you issue "
21380
"those commands on a non-empty disk. In our example we will use the entire "
21381
"disk as a physical volume (you could choose to create partitions and use "
21382
"them as different physical volumes)"
21383
msgstr ""
21384
21385
#: serverguide/C/installation.xml:1082(para)
21386
msgid "First, create the physical volume, in a terminal execute:"
21387
msgstr ""
21388
21389
#: serverguide/C/installation.xml:1087(command)
21390
msgid "sudo pvcreate /dev/sdb"
21391
msgstr ""
21392
21393
#: serverguide/C/installation.xml:1093(para)
21394
msgid "Now extend the Volume Group (VG):"
21395
msgstr ""
21396
21397
#: serverguide/C/installation.xml:1098(command)
21398
msgid "sudo vgextend vg01 /dev/sdb"
21399
msgstr ""
21400
21401
#: serverguide/C/installation.xml:1104(para)
21402
msgid ""
21403
"Use <application>vgdisplay</application> to find out the free physical "
21404
"extents - Free PE / size (the size you can allocate). We will assume a free "
21405
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
21406
"whole free space available. Use your own PE and/or free space."
21407
msgstr ""
21408
21409
#: serverguide/C/installation.xml:1110(para)
21410
msgid ""
21411
"The Logical Volume (LV) can now be extended by different methods, we will "
21412
"only see how to use the PE to extend the LV:"
21413
msgstr ""
21414
21415
#: serverguide/C/installation.xml:1115(command)
21416
msgid "sudo lvextend /dev/vg01/srv -l +511"
21417
msgstr ""
21418
21419
#: serverguide/C/installation.xml:1118(para)
21420
msgid ""
21421
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
21422
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
21423
"Gig, Tera, etc bytes."
21424
msgstr ""
21425
21426
#: serverguide/C/installation.xml:1126(para)
21427
msgid ""
21428
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
21429
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
21430
"practice to unmount it anyway and check the filesystem, so that you don't "
21431
"mess up the day you want to reduce a logical volume (in that case unmounting "
21432
"first is compulsory)."
21433
msgstr ""
21434
21435
#: serverguide/C/installation.xml:1132(para)
21436
msgid ""
21437
"The following commands are for an <emphasis>EXT3</emphasis> or "
21438
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
21439
"there may be other utilities available."
21440
msgstr ""
21441
21442
#: serverguide/C/installation.xml:1139(command)
21443
msgid "sudo e2fsck -f /dev/vg01/srv"
21444
msgstr ""
21445
21446
#: serverguide/C/installation.xml:1142(para)
21447
msgid ""
21448
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
21449
"forces checking even if the system seems clean."
21450
msgstr ""
21451
21452
#: serverguide/C/installation.xml:1149(para)
21453
msgid "Finally, resize the filesystem:"
21454
msgstr ""
21455
21456
#: serverguide/C/installation.xml:1154(command)
21457
msgid "sudo resize2fs /dev/vg01/srv"
21458
msgstr ""
21459
21460
#: serverguide/C/installation.xml:1160(para)
21461
msgid "Now mount the partition and check its size."
21462
msgstr ""
21463
21464
#: serverguide/C/installation.xml:1165(command)
21465
msgid "mount /dev/vg01/srv /srv && df -h /srv"
21466
msgstr ""
21467
21468
#: serverguide/C/installation.xml:1177(para)
21469
msgid ""
21470
"See the <ulink "
21471
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
21472
"Articles</ulink>."
21473
msgstr ""
21474
21475
#: serverguide/C/installation.xml:1182(para)
21476
msgid ""
21477
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
21478
"HOWTO</ulink> for more information."
21479
msgstr ""
21480
21481
#: serverguide/C/installation.xml:1187(para)
21482
msgid ""
21483
"Another good article is <ulink "
21484
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
21485
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
21486
"linuxdevcenter.com site."
21487
msgstr ""
21488
21489
#: serverguide/C/installation.xml:1194(para)
21490
msgid ""
21491
"For more information on <application>fdisk</application> see the <ulink "
21492
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/fdisk.8.html\">fdi"
21493
"sk man page</ulink>."
21494
msgstr ""
21495
21496
#: serverguide/C/file-server.xml:13(title)
21497
msgid "File Servers"
21498
msgstr "Файлові сервери"
21499
21500
#: serverguide/C/file-server.xml:15(para)
21501
msgid ""
21502
"If you have more than one computer on a single network. At some point you "
21503
"will probably need to share files between them. In this section we cover "
21504
"installing and configuring FTP, NFS, and CUPS."
21505
msgstr ""
21506
21507
#: serverguide/C/file-server.xml:22(title)
21508
msgid "FTP Server"
21509
msgstr "Сервер FTP"
21510
21511
#: serverguide/C/file-server.xml:24(para)
21512
msgid ""
21513
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
21514
"files between computers. FTP works on a client/server model. The server "
21515
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
21516
"listens for FTP requests from remote clients. When a request is received, it "
21517
"manages the login and sets up the connection. For the duration of the "
21518
"session it executes any of commands sent by the FTP client."
21519
msgstr ""
21520
21521
#: serverguide/C/file-server.xml:33(para)
21522
msgid "Access to an FTP server can be managed in two ways:"
21523
msgstr ""
21524
21525
#: serverguide/C/file-server.xml:37(para)
21526
msgid "Anonymous"
21527
msgstr "Анонімний"
21528
21529
#: serverguide/C/file-server.xml:40(para)
21530
msgid "Authenticated"
21531
msgstr "З розпізнаванням"
21532
21533
#: serverguide/C/file-server.xml:43(para)
21534
msgid ""
21535
"In the Anonymous mode, remote clients can access the FTP server by using the "
21536
"default user account called \"anonymous\" or \"ftp\" and sending an email "
21537
"address as the password. In the Authenticated mode a user must have an "
21538
"account and a password. User access to the FTP server directories and files "
21539
"is dependent on the permissions defined for the account used at login. As a "
21540
"general rule, the FTP daemon will hide the root directory of the FTP server "
21541
"and change it to the FTP Home directory. This hides the rest of the file "
21542
"system from remote sessions."
21543
msgstr ""
21544
21545
#: serverguide/C/file-server.xml:55(title)
21546
msgid "vsftpd - FTP Server Installation"
21547
msgstr ""
21548
21549
#: serverguide/C/file-server.xml:57(para)
21550
msgid ""
21551
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
21552
"and maintain. To install <application>vsftpd</application> you can run the "
21553
"following command:"
21554
msgstr ""
21555
21556
#: serverguide/C/file-server.xml:65(command)
21557
msgid "sudo apt-get install vsftpd"
21558
msgstr ""
21559
21560
#: serverguide/C/file-server.xml:71(title)
21561
msgid "Anonymous FTP Configuration"
21562
msgstr ""
21563
21564
#: serverguide/C/file-server.xml:73(para)
21565
msgid ""
21566
"By default <application>vsftpd</application> is configured to only allow "
21567
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
21568
"created with a home directory of <filename>/home/ftp</filename>. This is the "
21569
"default FTP directory."
21570
msgstr ""
21571
21572
#: serverguide/C/file-server.xml:80(para)
21573
msgid ""
21574
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
21575
"example, simply create a directory in another location and change the "
21576
"<emphasis>ftp</emphasis> user's home directory:"
21577
msgstr ""
21578
21579
#: serverguide/C/file-server.xml:87(command)
21580
msgid "sudo mkdir /srv/ftp"
21581
msgstr ""
21582
21583
#: serverguide/C/file-server.xml:88(command)
21584
msgid "sudo usermod -d /srv/ftp ftp"
21585
msgstr ""
21586
21587
#: serverguide/C/file-server.xml:91(para)
21588
msgid "After making the change restart <application>vsftpd</application>:"
21589
msgstr ""
21590
21591
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
21592
msgid "sudo /etc/init.d/vsftpd restart"
21593
msgstr ""
21594
21595
#: serverguide/C/file-server.xml:99(para)
21596
msgid ""
21597
"Finally, copy any files and directories you would like to make available "
21598
"through anonymous FTP to <filename>/srv/ftp</filename>."
21599
msgstr ""
21600
21601
#: serverguide/C/file-server.xml:106(title)
21602
msgid "User Authenticated FTP Configuration"
21603
msgstr ""
21604
21605
#: serverguide/C/file-server.xml:108(para)
21606
msgid ""
21607
"To configure <application>vsftpd</application> to authenticate system users "
21608
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
21609
msgstr ""
21610
21611
#: serverguide/C/file-server.xml:114(programlisting)
21612
#, no-wrap
21613
msgid ""
21614
"\n"
21615
"local_enable=YES\n"
21616
"write_enable=YES\n"
21617
msgstr ""
21618
21619
#: serverguide/C/file-server.xml:119(para)
21620
msgid "Now restart <application>vsftpd</application>:"
21621
msgstr ""
21622
21623
#: serverguide/C/file-server.xml:127(para)
21624
msgid ""
21625
"Now when system users login to FTP they will start in their "
21626
"<emphasis>home</emphasis> directories where they can download, upload, "
21627
"create directories, etc."
21628
msgstr ""
21629
21630
#: serverguide/C/file-server.xml:133(para)
21631
msgid ""
21632
"Similarly, by default, the anonymous users are not allowed to upload files "
21633
"to FTP server. To change this setting, you should uncomment the following "
21634
"line, and restart <application>vsftpd</application>:"
21635
msgstr ""
21636
21637
#: serverguide/C/file-server.xml:140(programlisting)
21638
#, no-wrap
21639
msgid ""
21640
"\n"
21641
"anon_upload_enable=YES\n"
21642
msgstr ""
21643
21644
#: serverguide/C/file-server.xml:145(para)
21645
msgid ""
21646
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
21647
"not enable anonymous upload on servers accessed directly from the Internet."
21648
msgstr ""
21649
21650
#: serverguide/C/file-server.xml:151(para)
21651
msgid ""
21652
"The configuration file consists of many configuration parameters. The "
21653
"information about each parameter is available in the configuration file. "
21654
"Alternatively, you can refer to the man page, <command>man 5 "
21655
"vsftpd.conf</command> for details of each parameter."
21656
msgstr ""
21657
21658
#: serverguide/C/file-server.xml:162(title)
21659
msgid "Securing FTP"
21660
msgstr ""
21661
21662
#: serverguide/C/file-server.xml:164(para)
21663
msgid ""
21664
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
21665
"<application>vsftpd</application> more secure. For example users can be "
21666
"limited to their home directories by uncommenting:"
21667
msgstr ""
21668
21669
#: serverguide/C/file-server.xml:170(programlisting)
21670
#, no-wrap
21671
msgid ""
21672
"\n"
21673
"chroot_local_user=YES\n"
21674
msgstr ""
21675
21676
#: serverguide/C/file-server.xml:174(para)
21677
msgid ""
21678
"You can also limit a specific list of users to just their home directories:"
21679
msgstr ""
21680
21681
#: serverguide/C/file-server.xml:178(programlisting)
21682
#, no-wrap
21683
msgid ""
21684
"\n"
21685
"chroot_list_enable=YES\n"
21686
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21687
msgstr ""
21688
21689
#: serverguide/C/file-server.xml:183(para)
21690
msgid ""
21691
"After uncommenting the above options, create a "
21692
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
21693
"per line. Then restart <application>vsftpd</application>:"
21694
msgstr ""
21695
21696
#: serverguide/C/file-server.xml:192(para)
21697
msgid ""
21698
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21699
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21700
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
21701
"add them to the list."
21702
msgstr ""
21703
21704
#: serverguide/C/file-server.xml:199(para)
21705
msgid ""
21706
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21707
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21708
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
21709
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
21710
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21711
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21712
"with a shell may not be ideal for some environments, such as a shared web "
21713
"host."
21714
msgstr ""
21715
21716
#: serverguide/C/file-server.xml:208(para)
21717
msgid ""
21718
"To configure <emphasis>FTPS</emphasis>, edit "
21719
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21720
msgstr ""
21721
21722
#: serverguide/C/file-server.xml:212(programlisting)
21723
#, no-wrap
21724
msgid ""
21725
"\n"
21726
"ssl_enable=Yes\n"
21727
msgstr ""
21728
21729
#: serverguide/C/file-server.xml:216(para)
21730
msgid "Also, notice the certificate and key related options:"
21731
msgstr ""
21732
21733
#: serverguide/C/file-server.xml:220(programlisting)
21734
#, no-wrap
21735
msgid ""
21736
"\n"
21737
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
21738
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21739
msgstr ""
21740
21741
#: serverguide/C/file-server.xml:225(para)
21742
msgid ""
21743
"By default these options are set the certificate and key provided by the "
21744
"<application>ssl-cert</application> package. In a production environment "
21745
"these should be replaced with a certificate and key generated for the "
21746
"specific host. For more information on certificates see <xref "
21747
"linkend=\"certificates-and-security\"/>."
21748
msgstr ""
21749
21750
#: serverguide/C/file-server.xml:231(para)
21751
msgid ""
21752
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21753
"be forced to use <emphasis>FTPS</emphasis>:"
21754
msgstr ""
21755
21756
#: serverguide/C/file-server.xml:240(para)
21757
msgid ""
21758
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21759
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21760
"adding the <emphasis>nologin</emphasis> shell:"
21761
msgstr ""
21762
21763
#: serverguide/C/file-server.xml:245(programlisting)
21764
#, no-wrap
21765
msgid ""
21766
"\n"
21767
"# /etc/shells: valid login shells\n"
21768
"/bin/csh\n"
21769
"/bin/sh\n"
21770
"/usr/bin/es\n"
21771
"/usr/bin/ksh\n"
21772
"/bin/ksh\n"
21773
"/usr/bin/rc\n"
21774
"/usr/bin/tcsh\n"
21775
"/bin/tcsh\n"
21776
"/usr/bin/esh\n"
21777
"/bin/dash\n"
21778
"/bin/bash\n"
21779
"/bin/rbash\n"
21780
"/usr/bin/screen\n"
21781
"/usr/sbin/nologin\n"
21782
msgstr ""
21783
21784
#: serverguide/C/file-server.xml:263(para)
21785
msgid ""
21786
"This is necessary because, by default <application>vsftpd</application> uses "
21787
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21788
"configuration file contains:"
21789
msgstr ""
21790
21791
#: serverguide/C/file-server.xml:268(programlisting)
21792
#, no-wrap
21793
msgid ""
21794
"\n"
21795
"auth required pam_shells.so\n"
21796
msgstr ""
21797
21798
#: serverguide/C/file-server.xml:272(para)
21799
msgid ""
21800
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21801
"in the <filename>/etc/shells</filename> file."
21802
msgstr ""
21803
21804
#: serverguide/C/file-server.xml:277(para)
21805
msgid ""
21806
"Most popular FTP clients can be configured connect using FTPS. The "
21807
"<application>lftp</application> command line FTP client has the ability to "
21808
"use FTPS as well."
21809
msgstr ""
21810
21811
#: serverguide/C/file-server.xml:288(para)
21812
msgid ""
21813
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21814
"website</ulink> for more information."
21815
msgstr ""
21816
21817
#: serverguide/C/file-server.xml:293(para)
21818
msgid ""
21819
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21820
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/vsftpd.conf.5.html"
21821
"\">vsftpd.conf man page</ulink>."
21822
msgstr ""
21823
21824
#: serverguide/C/file-server.xml:299(para)
21825
msgid ""
21826
"The CodeGurus article <ulink "
21827
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21828
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21829
"contrasting FTPS and SFTP."
21830
msgstr ""
21831
21832
#: serverguide/C/file-server.xml:305(para)
21833
msgid ""
21834
"Also, for more information see the <ulink "
21835
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21836
"page."
21837
msgstr ""
21838
21839
#: serverguide/C/file-server.xml:315(title)
21840
msgid "Network File System (NFS)"
21841
msgstr ""
21842
21843
#: serverguide/C/file-server.xml:316(para)
21844
msgid ""
21845
"NFS allows a system to share directories and files with others over a "
21846
"network. By using NFS, users and programs can access files on remote systems "
21847
"almost as if they were local files."
21848
msgstr ""
21849
21850
#: serverguide/C/file-server.xml:322(para)
21851
msgid "Some of the most notable benefits that NFS can provide are:"
21852
msgstr ""
21853
21854
#: serverguide/C/file-server.xml:328(para)
21855
msgid ""
21856
"Local workstations use less disk space because commonly used data can be "
21857
"stored on a single machine and still remain accessible to others over the "
21858
"network."
21859
msgstr ""
21860
21861
#: serverguide/C/file-server.xml:333(para)
21862
msgid ""
21863
"There is no need for users to have separate home directories on every "
21864
"network machine. Home directories could be set up on the NFS server and made "
21865
"available throughout the network."
21866
msgstr ""
21867
21868
#: serverguide/C/file-server.xml:339(para)
21869
msgid ""
21870
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21871
"be used by other machines on the network. This may reduce the number of "
21872
"removable media drives throughout the network."
21873
msgstr ""
21874
21875
#: serverguide/C/file-server.xml:349(para)
21876
msgid ""
21877
"At a terminal prompt enter the following command to install the NFS Server:"
21878
msgstr ""
21879
21880
#: serverguide/C/file-server.xml:355(command)
21881
msgid "sudo apt-get install nfs-kernel-server"
21882
msgstr ""
21883
21884
#: serverguide/C/file-server.xml:361(para)
21885
msgid ""
21886
"You can configure the directories to be exported by adding them to the "
21887
"<filename>/etc/exports</filename> file. For example:"
21888
msgstr ""
21889
21890
#: serverguide/C/file-server.xml:366(screen)
21891
#, no-wrap
21892
msgid ""
21893
"\n"
21894
"/ubuntu *(ro,sync,no_root_squash)\n"
21895
"/home *(rw,sync,no_root_squash)\n"
21896
msgstr ""
21897
21898
#: serverguide/C/file-server.xml:372(para)
21899
msgid ""
21900
"You can replace * with one of the hostname formats. Make the hostname "
21901
"declaration as specific as possible so unwanted systems cannot access the "
21902
"NFS mount."
21903
msgstr ""
21904
21905
#: serverguide/C/file-server.xml:378(para)
21906
msgid ""
21907
"To start the NFS server, you can run the following command at a terminal "
21908
"prompt:"
21909
msgstr ""
21910
21911
#: serverguide/C/file-server.xml:383(command)
21912
msgid "sudo /etc/init.d/nfs-kernel-server start"
21913
msgstr ""
21914
21915
#: serverguide/C/file-server.xml:388(title)
21916
msgid "NFS Client Configuration"
21917
msgstr ""
21918
21919
#: serverguide/C/file-server.xml:389(para)
21920
msgid ""
21921
"Use the <application>mount</application> command to mount a shared NFS "
21922
"directory from another machine, by typing a command line similar to the "
21923
"following at a terminal prompt:"
21924
msgstr ""
21925
21926
#: serverguide/C/file-server.xml:395(command)
21927
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21928
msgstr ""
21929
21930
#: serverguide/C/file-server.xml:399(para)
21931
msgid ""
21932
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21933
"There should be no files or subdirectories in the "
21934
"<filename>/local/ubuntu</filename> directory."
21935
msgstr ""
21936
21937
#: serverguide/C/file-server.xml:406(para)
21938
msgid ""
21939
"An alternate way to mount an NFS share from another machine is to add a line "
21940
"to the <filename>/etc/fstab</filename> file. The line must state the "
21941
"hostname of the NFS server, the directory on the server being exported, and "
21942
"the directory on the local machine where the NFS share is to be mounted."
21943
msgstr ""
21944
21945
#: serverguide/C/file-server.xml:414(para)
21946
msgid ""
21947
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21948
"as follows:"
21949
msgstr ""
21950
21951
#: serverguide/C/file-server.xml:420(programlisting)
21952
#, no-wrap
21953
msgid ""
21954
"\n"
21955
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21956
"rsize=8192,wsize=8192,timeo=14,intr\n"
21957
msgstr ""
21958
21959
#: serverguide/C/file-server.xml:424(para)
21960
msgid ""
21961
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21962
"common</application> package is installed on your client. To install "
21963
"<application>nfs-common</application> enter the following command at the "
21964
"terminal prompt: <screen>\n"
21965
"<command>sudo apt-get install nfs-common</command>\n"
21966
"</screen>"
21967
msgstr ""
21968
21969
#: serverguide/C/file-server.xml:437(ulink)
21970
msgid "Linux NFS faq"
21971
msgstr ""
21972
21973
#: serverguide/C/file-server.xml:439(ulink)
21974
msgid "Ubuntu Wiki NFS Howto"
21975
msgstr ""
21976
21977
#: serverguide/C/file-server.xml:445(title)
21978
msgid "CUPS - Print Server"
21979
msgstr ""
21980
21981
#: serverguide/C/file-server.xml:446(para)
21982
msgid ""
21983
"The primary mechanism for Ubuntu printing and print services is the "
21984
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21985
"printing system is a freely available, portable printing layer which has "
21986
"become the new standard for printing in most Linux distributions."
21987
msgstr ""
21988
21989
#: serverguide/C/file-server.xml:453(para)
21990
msgid ""
21991
"CUPS manages print jobs and queues and provides network printing using the "
21992
"standard Internet Printing Protocol (IPP), while offering support for a very "
21993
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21994
"also supports PostScript Printer Description (PPD) and auto-detection of "
21995
"network printers, and features a simple web-based configuration and "
21996
"administration tool."
21997
msgstr ""
21998
21999
#: serverguide/C/file-server.xml:463(para)
22000
msgid ""
22001
"To install CUPS on your Ubuntu computer, simply use "
22002
"<application>sudo</application> with the <application>apt-get</application> "
22003
"command and give the packages to install as the first parameter. A complete "
22004
"CUPS install has many package dependencies, but they may all be specified on "
22005
"the same command line. Enter the following at a terminal prompt to install "
22006
"CUPS:"
22007
msgstr ""
22008
22009
#: serverguide/C/file-server.xml:468(command)
22010
msgid "sudo apt-get install cups"
22011
msgstr ""
22012
22013
#: serverguide/C/file-server.xml:471(para)
22014
msgid ""
22015
"Upon authenticating with your user password, the packages should be "
22016
"downloaded and installed without error. Upon the conclusion of installation, "
22017
"the CUPS server will be started automatically."
22018
msgstr ""
22019
22020
#: serverguide/C/file-server.xml:476(para)
22021
msgid ""
22022
"For troubleshooting purposes, you can access CUPS server errors via the "
22023
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
22024
"error log does not show enough information to troubleshoot any problems you "
22025
"encounter, the verbosity of the CUPS log can be increased by changing the "
22026
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
22027
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
22028
"everything, from the default of \"info\". If you make this change, remember "
22029
"to change it back once you've solved your problem, to prevent the log file "
22030
"from becoming overly large."
22031
msgstr ""
22032
22033
#: serverguide/C/file-server.xml:489(para)
22034
msgid ""
22035
"The Common UNIX Printing System server's behavior is configured through the "
22036
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
22037
"The CUPS configuration file follows the same syntax as the primary "
22038
"configuration file for the Apache HTTP server, so users familiar with "
22039
"editing Apache's configuration file should feel at ease when editing the "
22040
"CUPS configuration file. Some examples of settings you may wish to change "
22041
"initially will be presented here."
22042
msgstr ""
22043
22044
#: serverguide/C/file-server.xml:499(para)
22045
msgid ""
22046
"Prior to editing the configuration file, you should make a copy of the "
22047
"original file and protect it from writing, so you will have the original "
22048
"settings as a reference, and to reuse as necessary."
22049
msgstr ""
22050
22051
#: serverguide/C/file-server.xml:503(para)
22052
msgid ""
22053
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
22054
"writing with the following commands, issued at a terminal prompt:"
22055
msgstr ""
22056
22057
#: serverguide/C/file-server.xml:509(command)
22058
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
22059
msgstr ""
22060
22061
#: serverguide/C/file-server.xml:510(command)
22062
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
22063
msgstr ""
22064
22065
#: serverguide/C/file-server.xml:515(para)
22066
msgid ""
22067
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
22068
"address of the designated administrator of the CUPS server, simply edit the "
22069
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
22070
"preferred text editor, and add or modify the <emphasis "
22071
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
22072
"you are the Administrator for the CUPS server, and your e-mail address is "
22073
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
22074
"as such:"
22075
msgstr ""
22076
22077
#: serverguide/C/file-server.xml:526(screen)
22078
#, no-wrap
22079
msgid ""
22080
"\n"
22081
"ServerAdmin bjoy@somebigco.com\n"
22082
msgstr ""
22083
22084
#: serverguide/C/file-server.xml:532(para)
22085
msgid ""
22086
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
22087
"server installation listens only on the loopback interface at IP address "
22088
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
22089
"listen on an actual network adapter's IP address, you must specify either a "
22090
"hostname, the IP address, or optionally, an IP address/port pairing via the "
22091
"addition of a Listen directive. For example, if your CUPS server resides on "
22092
"a local network at the IP address <emphasis "
22093
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
22094
"accessible to the other systems on this subnetwork, you would edit the "
22095
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
22096
"such:"
22097
msgstr ""
22098
22099
#: serverguide/C/file-server.xml:546(screen)
22100
#, no-wrap
22101
msgid ""
22102
"\n"
22103
"Listen 127.0.0.1:631 # existing loopback Listen\n"
22104
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
22105
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
22106
"(IPP)\n"
22107
msgstr ""
22108
22109
#: serverguide/C/file-server.xml:552(para)
22110
msgid ""
22111
"In the example above, you may comment out or remove the reference to the "
22112
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
22113
"</application> to listen on that interface, but would rather have it only "
22114
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
22115
"listening for all network interfaces for which a certain hostname is bound, "
22116
"including the Loopback, you could create a Listen entry for the hostname "
22117
"<emphasis>socrates</emphasis> as such:"
22118
msgstr ""
22119
22120
#: serverguide/C/file-server.xml:562(screen)
22121
#, no-wrap
22122
msgid ""
22123
"\n"
22124
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
22125
msgstr ""
22126
22127
#: serverguide/C/file-server.xml:566(para)
22128
msgid ""
22129
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
22130
"instead, as in:"
22131
msgstr ""
22132
22133
#: serverguide/C/file-server.xml:568(screen)
22134
#, no-wrap
22135
msgid ""
22136
"\n"
22137
"Port 631 # Listen on port 631 on all interfaces\n"
22138
msgstr ""
22139
22140
#: serverguide/C/file-server.xml:575(para)
22141
msgid ""
22142
"For more examples of configuration directives in the CUPS server "
22143
"configuration file, view the associated system manual page by entering the "
22144
"following command at a terminal prompt:"
22145
msgstr ""
22146
22147
#: serverguide/C/file-server.xml:582(command)
22148
msgid "man cupsd.conf"
22149
msgstr ""
22150
22151
#: serverguide/C/file-server.xml:586(para)
22152
msgid ""
22153
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
22154
"configuration file, you'll need to restart the CUPS server by typing the "
22155
"following command at a terminal prompt:"
22156
msgstr ""
22157
22158
#: serverguide/C/file-server.xml:592(command)
22159
msgid "sudo /etc/init.d/cups restart"
22160
msgstr ""
22161
22162
#: serverguide/C/file-server.xml:598(title)
22163
msgid "Web Interface"
22164
msgstr "Веб-інтерфейс"
22165
22166
#: serverguide/C/file-server.xml:600(para)
22167
msgid ""
22168
"CUPS can be configured and monitored using a web interface, which by default "
22169
"is available at <ulink "
22170
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
22171
"web interface can be used to perform all printer management tasks."
22172
msgstr ""
22173
22174
#: serverguide/C/file-server.xml:604(para)
22175
msgid ""
22176
"In order to perform administrative tasks via the web interface, you must "
22177
"either have the root account enabled on your server, or authenticate as a "
22178
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
22179
"reasons, CUPS won't authenticate a user that doesn't have a password."
22180
msgstr ""
22181
22182
#: serverguide/C/file-server.xml:607(para)
22183
msgid ""
22184
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
22185
"at the terminal prompt: <screen>\n"
22186
"<command>sudo usermod -aG lpadmin username</command>\n"
22187
"</screen>"
22188
msgstr ""
22189
22190
#: serverguide/C/file-server.xml:613(para)
22191
msgid ""
22192
"Further documentation is available in the <emphasis "
22193
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
22194
msgstr ""
22195
22196
#: serverguide/C/file-server.xml:621(ulink)
22197
msgid "CUPS Website"
22198
msgstr ""
22199
22200
#: serverguide/C/file-server.xml:624(ulink)
22201
msgid "Ubuntu Wiki CUPS page"
22202
msgstr ""
22203
22204
#: serverguide/C/dns.xml:13(title)
22205
msgid "Domain Name Service (DNS)"
22206
msgstr ""
22207
22208
#: serverguide/C/dns.xml:14(para)
22209
msgid ""
22210
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
22211
"fully qualified domain names (FQDN) to one another. In this way, DNS "
22212
"alleviates the need to remember IP addresses. Computers that run DNS are "
22213
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
22214
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
22215
"common program used for maintaining a name server on Linux."
22216
msgstr ""
22217
22218
#: serverguide/C/dns.xml:24(para)
22219
msgid ""
22220
"At a terminal prompt, enter the following command to install "
22221
"<application>dns</application>:"
22222
msgstr ""
22223
22224
#: serverguide/C/dns.xml:28(command)
22225
msgid "sudo apt-get install bind9"
22226
msgstr ""
22227
22228
#: serverguide/C/dns.xml:30(para)
22229
msgid ""
22230
"A very useful package for testing and troubleshooting DNS issues is the "
22231
"dnsutils package. To install <application>dnsutils</application> enter the "
22232
"following:"
22233
msgstr ""
22234
22235
#: serverguide/C/dns.xml:35(command)
22236
msgid "sudo apt-get install dnsutils"
22237
msgstr ""
22238
22239
#: serverguide/C/dns.xml:40(para)
22240
msgid ""
22241
"There are many ways to configure <application>BIND9</application>. Some of "
22242
"the most common configurations are a caching nameserver, primary master, and "
22243
"as a secondary master."
22244
msgstr ""
22245
22246
#: serverguide/C/dns.xml:46(para)
22247
msgid ""
22248
"When configured as a caching nameserver BIND9 will find the answer to name "
22249
"queries and remember the answer when the domain is queried again."
22250
msgstr ""
22251
22252
#: serverguide/C/dns.xml:52(para)
22253
msgid ""
22254
"As a primary master server BIND9 reads the data for a zone from a file on "
22255
"it's host and is authoritative for that zone."
22256
msgstr ""
22257
22258
#: serverguide/C/dns.xml:57(para)
22259
msgid ""
22260
"In a secondary master configuration BIND9 gets the zone data from another "
22261
"nameserver authoritative for the zone."
22262
msgstr ""
22263
22264
#: serverguide/C/dns.xml:65(para)
22265
msgid ""
22266
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
22267
"directory. The primary configuration file is "
22268
"<filename>/etc/bind/named.conf</filename>."
22269
msgstr ""
22270
22271
#: serverguide/C/dns.xml:72(para)
22272
msgid ""
22273
"The <emphasis>include</emphasis> line specifies the filename which contains "
22274
"the DNS options. The <emphasis>directory</emphasis> line in the "
22275
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
22276
"look for files. All files BIND uses will be relative to this directory."
22277
msgstr ""
22278
22279
#: serverguide/C/dns.xml:80(para)
22280
msgid ""
22281
"The file named <filename>/etc/bind/db.root</filename> describes the root "
22282
"nameservers in the world. The servers change over time, so the "
22283
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
22284
"This is usually done as updates to the <application>bind9</application> "
22285
"package. The <emphasis>zone</emphasis> section defines a master server, and "
22286
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
22287
msgstr ""
22288
22289
#: serverguide/C/dns.xml:90(para)
22290
msgid ""
22291
"It is possible to configure the same server to be a caching name server, "
22292
"primary master, and secondary master. A server can be the Start of Authority "
22293
"(SOA) for one zone, while providing secondary service for another zone. All "
22294
"the while providing caching services for hosts on the local LAN."
22295
msgstr ""
22296
22297
#: serverguide/C/dns.xml:98(title)
22298
msgid "Caching Nameserver"
22299
msgstr ""
22300
22301
#: serverguide/C/dns.xml:99(para)
22302
msgid ""
22303
"The default configuration is setup to act as a caching server. All that is "
22304
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
22305
"uncomment and edit the following in "
22306
"<filename>/etc/bind/named.conf.options</filename>:"
22307
msgstr ""
22308
22309
#: serverguide/C/dns.xml:103(programlisting)
22310
#, no-wrap
22311
msgid ""
22312
"\n"
22313
"forwarders {\n"
22314
" 1.2.3.4;\n"
22315
" 5.6.7.8;\n"
22316
" };\n"
22317
msgstr ""
22318
22319
#: serverguide/C/dns.xml:110(para)
22320
msgid ""
22321
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
22322
"the IP Adresses of actual nameservers."
22323
msgstr ""
22324
22325
#: serverguide/C/dns.xml:114(para)
22326
msgid ""
22327
"Now restart the DNS server, to enable the new configuration. From a terminal "
22328
"prompt:"
22329
msgstr ""
22330
22331
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
22332
msgid "sudo /etc/init.d/bind9 restart"
22333
msgstr ""
22334
22335
#: serverguide/C/dns.xml:120(para)
22336
msgid ""
22337
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
22338
"DNS server."
22339
msgstr ""
22340
22341
#: serverguide/C/dns.xml:125(title)
22342
msgid "Primary Master"
22343
msgstr ""
22344
22345
#: serverguide/C/dns.xml:126(para)
22346
msgid ""
22347
"In this section <application>BIND9</application> will be configured as the "
22348
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
22349
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
22350
"(Fully Qualified Domain Name)."
22351
msgstr ""
22352
22353
#: serverguide/C/dns.xml:132(title)
22354
msgid "Forward Zone File"
22355
msgstr ""
22356
22357
#: serverguide/C/dns.xml:133(para)
22358
msgid ""
22359
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
22360
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
22361
msgstr ""
22362
22363
#: serverguide/C/dns.xml:137(programlisting)
22364
#, no-wrap
22365
msgid ""
22366
"\n"
22367
"zone \"example.com\" {\n"
22368
"\ttype master;\n"
22369
" file \"/etc/bind/db.example.com\";\n"
22370
"};\n"
22371
msgstr ""
22372
22373
#: serverguide/C/dns.xml:143(para)
22374
msgid ""
22375
"Now use an existing zone file as a template to create the "
22376
"<filename>/etc/bind/db.example.com</filename> file:"
22377
msgstr ""
22378
22379
#: serverguide/C/dns.xml:147(command)
22380
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
22381
msgstr ""
22382
22383
#: serverguide/C/dns.xml:149(para)
22384
msgid ""
22385
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
22386
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
22387
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
22388
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
22389
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
22390
"leaving the \".\" at the end."
22391
msgstr ""
22392
22393
#: serverguide/C/dns.xml:155(para)
22394
msgid ""
22395
"Also, create an <emphasis>A record</emphasis> for <emphasis "
22396
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
22397
msgstr ""
22398
22399
#: serverguide/C/dns.xml:159(programlisting)
22400
#, no-wrap
22401
msgid ""
22402
"\n"
22403
";\n"
22404
"; BIND data file for local loopback interface\n"
22405
";\n"
22406
"$TTL 604800\n"
22407
"@ IN SOA ns.example.com. root.example.com. (\n"
22408
" 2 ; Serial\n"
22409
" 604800 ; Refresh\n"
22410
" 86400 ; Retry\n"
22411
" 2419200 ; Expire\n"
22412
" 604800 ) ; Negative Cache TTL\n"
22413
";\n"
22414
"@ IN NS ns.example.com.\n"
22415
"@ IN A 127.0.0.1\n"
22416
"@ IN AAAA ::1\n"
22417
"ns IN A 192.168.1.10\n"
22418
msgstr ""
22419
22420
#: serverguide/C/dns.xml:176(para)
22421
msgid ""
22422
"You must increment the <emphasis>Serial Number</emphasis> every time you "
22423
"make changes to the zone file. If you make multiple changes before "
22424
"restarting BIND9, simply increment the Serial once."
22425
msgstr ""
22426
22427
#: serverguide/C/dns.xml:180(para)
22428
msgid ""
22429
"Now, you can add DNS records to the bottom of the zone file. See <xref "
22430
"linkend=\"dns-record-types\"/> for details."
22431
msgstr ""
22432
22433
#: serverguide/C/dns.xml:184(para)
22434
msgid ""
22435
"Many admins like to use the last date edited as the serial of a zone, such "
22436
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
22437
"<emphasis>ss</emphasis> is the Serial Number)"
22438
msgstr ""
22439
22440
#: serverguide/C/dns.xml:189(para)
22441
msgid ""
22442
"Once you have made a change to the zone file "
22443
"<application>BIND9</application> will need to be restarted for the changes "
22444
"to take effect:"
22445
msgstr ""
22446
22447
#: serverguide/C/dns.xml:198(title)
22448
msgid "Reverse Zone File"
22449
msgstr ""
22450
22451
#: serverguide/C/dns.xml:199(para)
22452
msgid ""
22453
"Now that the zone is setup and resolving names to IP Adresses a "
22454
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
22455
"DNS to resolve an address to a name."
22456
msgstr ""
22457
22458
#: serverguide/C/dns.xml:203(para)
22459
msgid "Edit /etc/bind/named.conf.local and add the following:"
22460
msgstr ""
22461
22462
#: serverguide/C/dns.xml:206(programlisting)
22463
#, no-wrap
22464
msgid ""
22465
"\n"
22466
"zone \"1.168.192.in-addr.arpa\" {\n"
22467
" type master;\n"
22468
" notify no;\n"
22469
" file \"/etc/bind/db.192\";\n"
22470
"};\n"
22471
msgstr ""
22472
22473
#: serverguide/C/dns.xml:214(para)
22474
msgid ""
22475
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
22476
"whatever network you are using. Also, name the zone file "
22477
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
22478
"first octet of your network."
22479
msgstr ""
22480
22481
#: serverguide/C/dns.xml:219(para)
22482
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
22483
msgstr ""
22484
22485
#: serverguide/C/dns.xml:223(command)
22486
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
22487
msgstr ""
22488
22489
#: serverguide/C/dns.xml:225(para)
22490
msgid ""
22491
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
22492
"same options as <filename>/etc/bind/db.example.com</filename>:"
22493
msgstr ""
22494
22495
#: serverguide/C/dns.xml:229(programlisting)
22496
#, no-wrap
22497
msgid ""
22498
"\n"
22499
";\n"
22500
"; BIND reverse data file for local loopback interface\n"
22501
";\n"
22502
"$TTL 604800\n"
22503
"@ IN SOA ns.example.com. root.example.com. (\n"
22504
" 2 ; Serial\n"
22505
" 604800 ; Refresh\n"
22506
" 86400 ; Retry\n"
22507
" 2419200 ; Expire\n"
22508
" 604800 ) ; Negative Cache TTL\n"
22509
";\n"
22510
"@ IN NS ns.\n"
22511
"10 IN PTR ns.example.com.\n"
22512
msgstr ""
22513
22514
#: serverguide/C/dns.xml:244(para)
22515
msgid ""
22516
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
22517
"incremented on each change as well. For each <emphasis>A record</emphasis> "
22518
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
22519
"create a <emphasis>PTR record</emphasis> in "
22520
"<filename>/etc/bind/db.192</filename>."
22521
msgstr ""
22522
22523
#: serverguide/C/dns.xml:249(para)
22524
msgid ""
22525
"After creating the reverse zone file restart "
22526
"<application>BIND9</application>:"
22527
msgstr ""
22528
22529
#: serverguide/C/dns.xml:258(title)
22530
msgid "Secondary Master"
22531
msgstr ""
22532
22533
#: serverguide/C/dns.xml:259(para)
22534
msgid ""
22535
"Once a <emphasis>Primary Master</emphasis> has been configured a "
22536
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
22537
"availability of the domain should the Primary become unavailable."
22538
msgstr ""
22539
22540
#: serverguide/C/dns.xml:263(para)
22541
msgid ""
22542
"First, on the Primary Master server, the zone transfer needs to be allowed. "
22543
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
22544
"and Reverse zone definitions in "
22545
"<filename>/etc/bind/named.conf.local</filename>:"
22546
msgstr ""
22547
22548
#: serverguide/C/dns.xml:267(programlisting)
22549
#, no-wrap
22550
msgid ""
22551
"\n"
22552
"zone \"example.com\" {\n"
22553
" type master;\n"
22554
"\tfile \"/etc/bind/db.example.com\";\n"
22555
" allow-transfer { 192.168.1.11; };\n"
22556
"};\n"
22557
"\n"
22558
"zone \"1.168.192.in-addr.arpa\" {\n"
22559
" type master;\n"
22560
" notify no;\n"
22561
" file \"/etc/bind/db.192\";\n"
22562
"\tallow-transfer { 192.168.1.11; };\n"
22563
"};\n"
22564
msgstr ""
22565
22566
#: serverguide/C/dns.xml:282(para)
22567
msgid ""
22568
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
22569
"Secondary nameserver."
22570
msgstr ""
22571
22572
#: serverguide/C/dns.xml:286(para)
22573
msgid ""
22574
"Next, on the Secondary Master, install the <application>bind9</application> "
22575
"package the same way as on the Primary. Then edit the "
22576
"<filename>/etc/bind/named.conf.local</filename> and add the following "
22577
"declarations for the Forward and Reverse zones:"
22578
msgstr ""
22579
22580
#: serverguide/C/dns.xml:290(programlisting)
22581
#, no-wrap
22582
msgid ""
22583
"\n"
22584
"zone \"example.com\" {\n"
22585
"\ttype slave;\n"
22586
" file \"/var/cache/bind/db.example.com\";\n"
22587
" masters { 192.168.1.10; };\n"
22588
"}; \n"
22589
" \n"
22590
"zone \"1.168.192.in-addr.arpa\" {\n"
22591
"\ttype slave;\n"
22592
" file \"/var/cache/bind/db.192\";\n"
22593
" masters { 192.168.1.10; };\n"
22594
"};\n"
22595
msgstr ""
22596
22597
#: serverguide/C/dns.xml:304(para)
22598
msgid ""
22599
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
22600
"Primary nameserver."
22601
msgstr ""
22602
22603
#: serverguide/C/dns.xml:308(para)
22604
msgid "Restart <application>BIND9</application> on the Secondary Master:"
22605
msgstr ""
22606
22607
#: serverguide/C/dns.xml:314(para)
22608
msgid ""
22609
"In <filename>/var/log/syslog</filename> you should see something similar to:"
22610
msgstr ""
22611
22612
#: serverguide/C/dns.xml:317(programlisting)
22613
#, no-wrap
22614
msgid ""
22615
"\n"
22616
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
22617
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
22618
msgstr ""
22619
22620
#: serverguide/C/dns.xml:322(para)
22621
msgid ""
22622
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
22623
"on the Primary is larger than the one on the Secondary."
22624
msgstr ""
22625
22626
#: serverguide/C/dns.xml:328(para)
22627
msgid ""
22628
"The default directory for non-authoritative zone files is "
22629
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
22630
"<application>AppArmor</application> to allow the "
22631
"<application>named</application> daemon to write to it. For more information "
22632
"on AppArmor see <xref linkend=\"apparmor\"/>."
22633
msgstr ""
22634
22635
#: serverguide/C/dns.xml:339(para)
22636
msgid ""
22637
"This section covers ways to help determine the cause when problems happen "
22638
"with DNS and <application>BIND9</application>."
22639
msgstr ""
22640
22641
#: serverguide/C/dns.xml:345(title)
22642
msgid "resolv.conf"
22643
msgstr "resolv.conf"
22644
22645
#: serverguide/C/dns.xml:346(para)
22646
msgid ""
22647
"The first step in testing <application>BIND9</application> is to add the "
22648
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
22649
"be configured as well as another host to double check things. Simply edit "
22650
"<filename>/etc/resolv.conf</filename> and add the following:"
22651
msgstr ""
22652
22653
#: serverguide/C/dns.xml:351(programlisting)
22654
#, no-wrap
22655
msgid ""
22656
"\n"
22657
"nameserver\t192.168.1.10\n"
22658
"nameserver\t192.168.1.11\n"
22659
msgstr ""
22660
22661
#: serverguide/C/dns.xml:356(para)
22662
msgid ""
22663
"You should also add the IP Address of the Secondary nameserver in case the "
22664
"Primary becomes unavailable."
22665
msgstr ""
22666
22667
#: serverguide/C/dns.xml:362(title)
22668
msgid "dig"
22669
msgstr ""
22670
22671
#: serverguide/C/dns.xml:363(para)
22672
msgid ""
22673
"If you installed the <application>dnsutils</application> package you can "
22674
"test your setup using the DNS lookup utility <application>dig</application>:"
22675
msgstr ""
22676
22677
#: serverguide/C/dns.xml:369(para)
22678
msgid ""
22679
"After installing <application>BIND9</application> use "
22680
"<application>dig</application> against the loopback interface to make sure "
22681
"it is listening on port 53. From a terminal prompt:"
22682
msgstr ""
22683
22684
#: serverguide/C/dns.xml:374(command)
22685
msgid "dig -x 127.0.0.1"
22686
msgstr ""
22687
22688
#: serverguide/C/dns.xml:376(para)
22689
msgid "You should see lines similar to the following in the command output:"
22690
msgstr ""
22691
22692
#: serverguide/C/dns.xml:379(programlisting)
22693
#, no-wrap
22694
msgid ""
22695
"\n"
22696
";; Query time: 1 msec\n"
22697
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22698
msgstr ""
22699
22700
#: serverguide/C/dns.xml:385(para)
22701
msgid ""
22702
"If you have configured <application>BIND9</application> as a "
22703
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22704
"the query time:"
22705
msgstr ""
22706
22707
#: serverguide/C/dns.xml:390(command)
22708
msgid "dig ubuntu.com"
22709
msgstr ""
22710
22711
#: serverguide/C/dns.xml:392(para)
22712
msgid "Note the query time toward the end of the command output:"
22713
msgstr ""
22714
22715
#: serverguide/C/dns.xml:395(programlisting)
22716
#, no-wrap
22717
msgid ""
22718
"\n"
22719
";; Query time: 49 msec\n"
22720
msgstr ""
22721
22722
#: serverguide/C/dns.xml:398(para)
22723
msgid "After a second dig there should be improvement:"
22724
msgstr ""
22725
22726
#: serverguide/C/dns.xml:401(programlisting)
22727
#, no-wrap
22728
msgid ""
22729
"\n"
22730
";; Query time: 1 msec\n"
22731
msgstr ""
22732
22733
#: serverguide/C/dns.xml:408(title)
22734
msgid "ping"
22735
msgstr "ping"
22736
22737
#: serverguide/C/dns.xml:410(para)
22738
msgid ""
22739
"Now to demonstrate how applications make use of DNS to resolve a host name "
22740
"use the <application>ping</application> utility to send an ICMP echo "
22741
"request. From a terminal prompt enter:"
22742
msgstr ""
22743
22744
#: serverguide/C/dns.xml:416(command)
22745
msgid "ping example.com"
22746
msgstr ""
22747
22748
#: serverguide/C/dns.xml:418(para)
22749
msgid ""
22750
"This tests if the nameserver can resolve the name "
22751
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22752
"should resemble:"
22753
msgstr ""
22754
22755
#: serverguide/C/dns.xml:422(programlisting)
22756
#, no-wrap
22757
msgid ""
22758
"\n"
22759
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22760
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22761
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22762
msgstr ""
22763
22764
#: serverguide/C/dns.xml:429(title)
22765
msgid "named-checkzone"
22766
msgstr ""
22767
22768
#: serverguide/C/dns.xml:430(para)
22769
msgid ""
22770
"A great way to test your zone files is by using the <application>named-"
22771
"checkzone</application> utility installed with the "
22772
"<application>bind9</application> package. This utility allows you to make "
22773
"sure the configuration is correct before restarting "
22774
"<application>BIND9</application> and making the changes live."
22775
msgstr ""
22776
22777
#: serverguide/C/dns.xml:437(para)
22778
msgid ""
22779
"To test our example Forward zone file enter the following from a command "
22780
"prompt:"
22781
msgstr ""
22782
22783
#: serverguide/C/dns.xml:441(command)
22784
msgid "named-checkzone example.com /etc/bind/db.example.com"
22785
msgstr ""
22786
22787
#: serverguide/C/dns.xml:443(para)
22788
msgid ""
22789
"If everything is configured correctly you should see output similar to:"
22790
msgstr ""
22791
22792
#: serverguide/C/dns.xml:446(programlisting)
22793
#, no-wrap
22794
msgid ""
22795
"\n"
22796
"zone example.com/IN: loaded serial 6\n"
22797
"OK\n"
22798
msgstr ""
22799
22800
#: serverguide/C/dns.xml:452(para)
22801
msgid "Similarly, to test the Reverse zone file enter the following:"
22802
msgstr ""
22803
22804
#: serverguide/C/dns.xml:456(command)
22805
msgid "named-checkzone example.com /etc/bind/db.192"
22806
msgstr ""
22807
22808
#: serverguide/C/dns.xml:458(para)
22809
msgid "The output should be similar to:"
22810
msgstr ""
22811
22812
#: serverguide/C/dns.xml:461(programlisting)
22813
#, no-wrap
22814
msgid ""
22815
"\n"
22816
"zone example.com/IN: loaded serial 3\n"
22817
"OK\n"
22818
msgstr ""
22819
22820
#: serverguide/C/dns.xml:468(para)
22821
msgid ""
22822
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22823
"different."
22824
msgstr ""
22825
22826
#: serverguide/C/dns.xml:475(title)
22827
msgid "Logging"
22828
msgstr "Журналювання"
22829
22830
#: serverguide/C/dns.xml:476(para)
22831
msgid ""
22832
"<application>BIND9</application> has a wide variety of logging configuration "
22833
"options available. There are two main options. The "
22834
"<emphasis>channel</emphasis> option configures where logs go, and the "
22835
"<emphasis>category</emphasis> option determines what information to log."
22836
msgstr ""
22837
22838
#: serverguide/C/dns.xml:480(para)
22839
msgid "If no logging option is configured the default option is:"
22840
msgstr ""
22841
22842
#: serverguide/C/dns.xml:483(programlisting)
22843
#, no-wrap
22844
msgid ""
22845
"\n"
22846
"logging {\n"
22847
" category default { default_syslog; default_debug; };\n"
22848
" category unmatched { null; };\n"
22849
"};\n"
22850
msgstr ""
22851
22852
#: serverguide/C/dns.xml:489(para)
22853
msgid ""
22854
"This section covers configuring <application>BIND9</application> to send "
22855
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22856
"file."
22857
msgstr ""
22858
22859
#: serverguide/C/dns.xml:494(para)
22860
msgid ""
22861
"First, we need to configure a channel to specify which file to send the "
22862
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22863
"the following:"
22864
msgstr ""
22865
22866
#: serverguide/C/dns.xml:498(programlisting)
22867
#, no-wrap
22868
msgid ""
22869
"\n"
22870
"logging {\n"
22871
" channel query.log { \n"
22872
" file \"/var/log/query.log\";\n"
22873
" severity debug 3; \n"
22874
" }; \n"
22875
"};\n"
22876
msgstr ""
22877
22878
#: serverguide/C/dns.xml:508(para)
22879
msgid "Next, configure a category to send all DNS queries to the query file:"
22880
msgstr ""
22881
22882
#: serverguide/C/dns.xml:511(programlisting)
22883
#, no-wrap
22884
msgid ""
22885
"\n"
22886
"logging {\n"
22887
" channel query.log { \n"
22888
" file \"/var/log/query.log\"; \n"
22889
" severity debug 3; \n"
22890
" }; \n"
22891
" <emphasis>category queries { query.log; };</emphasis> \n"
22892
"};\n"
22893
msgstr ""
22894
22895
#: serverguide/C/dns.xml:523(para)
22896
msgid ""
22897
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22898
"level isn't specified level 1 is the default."
22899
msgstr ""
22900
22901
#: serverguide/C/dns.xml:529(para)
22902
msgid ""
22903
"Since the <emphasis>named daemon</emphasis> runs as the "
22904
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22905
"file must be created and the ownership changed:"
22906
msgstr ""
22907
22908
#: serverguide/C/dns.xml:534(command)
22909
msgid "sudo touch /var/log/query.log"
22910
msgstr ""
22911
22912
#: serverguide/C/dns.xml:535(command)
22913
msgid "sudo chown bind /var/log/query.log"
22914
msgstr ""
22915
22916
#: serverguide/C/dns.xml:539(para)
22917
msgid ""
22918
"Before <application>named</application> daemon can write to the new log file "
22919
"the <application>AppArmor</application> profile must be updated. First, edit "
22920
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22921
msgstr ""
22922
22923
#: serverguide/C/dns.xml:543(programlisting)
22924
#, no-wrap
22925
msgid ""
22926
"\n"
22927
"/var/log/query.log w,\n"
22928
msgstr ""
22929
22930
#: serverguide/C/dns.xml:546(para)
22931
msgid "Next, reload the profile:"
22932
msgstr ""
22933
22934
#: serverguide/C/dns.xml:550(command)
22935
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22936
msgstr ""
22937
22938
#: serverguide/C/dns.xml:552(para)
22939
msgid ""
22940
"For more information on <application>AppArmor</application> see <xref "
22941
"linkend=\"apparmor\"/>"
22942
msgstr ""
22943
22944
#: serverguide/C/dns.xml:557(para)
22945
msgid ""
22946
"Now restart <application>BIND9</application> for the changes to take effect:"
22947
msgstr ""
22948
22949
#: serverguide/C/dns.xml:565(para)
22950
msgid ""
22951
"You should see the file <filename>/var/log/query.log</filename> fill with "
22952
"query information. This is a simple example of the "
22953
"<application>BIND9</application> logging options. For coverage of advanced "
22954
"options see <xref linkend=\"dns-more-info\"/>."
22955
msgstr ""
22956
22957
#: serverguide/C/dns.xml:574(title)
22958
msgid "Common Record Types"
22959
msgstr ""
22960
22961
#: serverguide/C/dns.xml:575(para)
22962
msgid "This section covers some of the most common DNS record types."
22963
msgstr ""
22964
22965
#: serverguide/C/dns.xml:580(para)
22966
msgid ""
22967
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22968
msgstr ""
22969
22970
#: serverguide/C/dns.xml:583(programlisting)
22971
#, no-wrap
22972
msgid ""
22973
"\n"
22974
"www IN A 192.168.1.12\n"
22975
msgstr ""
22976
22977
#: serverguide/C/dns.xml:588(para)
22978
msgid ""
22979
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22980
"record. You cannot create a CNAME record pointing to another CNAME record."
22981
msgstr ""
22982
22983
#: serverguide/C/dns.xml:591(programlisting)
22984
#, no-wrap
22985
msgid ""
22986
"\n"
22987
"web IN CNAME www\n"
22988
msgstr ""
22989
22990
#: serverguide/C/dns.xml:596(para)
22991
msgid ""
22992
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22993
"to. Must point to an A record, not a CNAME."
22994
msgstr ""
22995
22996
#: serverguide/C/dns.xml:599(programlisting)
22997
#, no-wrap
22998
msgid ""
22999
"\n"
23000
" IN MX 1 mail.example.com.\n"
23001
"mail IN A 192.168.1.13\n"
23002
msgstr ""
23003
23004
#: serverguide/C/dns.xml:605(para)
23005
msgid ""
23006
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
23007
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
23008
"Secondary servers are defined."
23009
msgstr ""
23010
23011
#: serverguide/C/dns.xml:609(programlisting)
23012
#, no-wrap
23013
msgid ""
23014
"\n"
23015
" IN NS ns.example.com.\n"
23016
"\tIN NS ns2.example.com.\n"
23017
"ns IN A 192.168.1.10\n"
23018
"ns2\tIN A\t 192.168.1.11\n"
23019
msgstr ""
23020
23021
#: serverguide/C/dns.xml:622(para)
23022
msgid ""
23023
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
23024
"HOWTO</ulink> explains more advanced options for configuring BIND9."
23025
msgstr ""
23026
23027
#: serverguide/C/dns.xml:627(para)
23028
msgid ""
23029
"For in depth coverage of <emphasis>DNS</emphasis> and "
23030
"<application>BIND9</application> see <ulink "
23031
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
23032
msgstr ""
23033
23034
#: serverguide/C/dns.xml:632(para)
23035
msgid ""
23036
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
23037
"BIND</ulink> is a popular book now in it's fifth edition."
23038
msgstr ""
23039
23040
#: serverguide/C/dns.xml:637(para)
23041
msgid ""
23042
"A great place to ask for <application>BIND9</application> assistance, and "
23043
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
23044
"server</emphasis> IRC channel on <ulink "
23045
"url=\"http://freenode.net\">freenode</ulink>."
23046
msgstr ""
23047
23048
#: serverguide/C/dns.xml:643(para)
23049
msgid ""
23050
"Also, see the <ulink "
23051
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
23052
"HOWTO</ulink> in the Ubuntu Wiki."
23053
msgstr ""
23054
23055
#: serverguide/C/databases.xml:13(title)
23056
msgid "Databases"
23057
msgstr "Бази даних"
23058
23059
#: serverguide/C/databases.xml:14(para)
23060
msgid "Ubuntu provides two popular database servers. They are:"
23061
msgstr ""
23062
23063
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
23064
msgid "PostgreSQL"
23065
msgstr "PostgreSQL"
23066
23067
#: serverguide/C/databases.xml:25(para)
23068
msgid ""
23069
"They are available in the main repository. This section explains how to "
23070
"install and configure these database servers."
23071
msgstr ""
23072
23073
#: serverguide/C/databases.xml:32(para)
23074
msgid ""
23075
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
23076
"It is intended for mission-critical, heavy-load production systems as well "
23077
"as for embedding into mass-deployed software."
23078
msgstr ""
23079
23080
#: serverguide/C/databases.xml:41(para)
23081
msgid "To install MySQL, run the following command from a terminal prompt:"
23082
msgstr ""
23083
23084
#: serverguide/C/databases.xml:46(command)
23085
msgid "sudo apt-get install mysql-server"
23086
msgstr ""
23087
23088
#: serverguide/C/databases.xml:48(para)
23089
msgid ""
23090
"During the installation process you will be prompted to enter a password for "
23091
"the <application>MySQL</application> root user."
23092
msgstr ""
23093
23094
#: serverguide/C/databases.xml:53(para)
23095
msgid ""
23096
"Once the installation is complete, the MySQL server should be started "
23097
"automatically. You can run the following command from a terminal prompt to "
23098
"check whether the MySQL server is running:"
23099
msgstr ""
23100
23101
#: serverguide/C/databases.xml:61(command)
23102
msgid "sudo netstat -tap | grep mysql"
23103
msgstr ""
23104
23105
#: serverguide/C/databases.xml:70(programlisting)
23106
#, no-wrap
23107
msgid ""
23108
"\n"
23109
"tcp 0 0 localhost:mysql *:* LISTEN "
23110
" 2556/mysqld\n"
23111
msgstr ""
23112
23113
#: serverguide/C/databases.xml:74(para)
23114
msgid ""
23115
"If the server is not running correctly, you can type the following command "
23116
"to start it:"
23117
msgstr ""
23118
23119
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
23120
msgid "sudo /etc/init.d/mysql restart"
23121
msgstr ""
23122
23123
#: serverguide/C/databases.xml:85(para)
23124
msgid ""
23125
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
23126
"the basic settings -- log file, port number, etc. For example, to configure "
23127
"<application>MySQL</application> to listen for connections from network "
23128
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
23129
"server's IP address:"
23130
msgstr ""
23131
23132
#: serverguide/C/databases.xml:91(programlisting)
23133
#, no-wrap
23134
msgid ""
23135
"\n"
23136
"bind-address = 192.168.0.5\n"
23137
msgstr ""
23138
23139
#: serverguide/C/databases.xml:95(para)
23140
msgid "Replace 192.168.0.5 with the appropriate address."
23141
msgstr ""
23142
23143
#: serverguide/C/databases.xml:99(para)
23144
msgid ""
23145
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
23146
"<application>mysql</application> daemon will need to be restarted:"
23147
msgstr ""
23148
23149
#: serverguide/C/databases.xml:107(para)
23150
msgid ""
23151
"If you would like to change the "
23152
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
23153
"terminal enter:"
23154
msgstr ""
23155
23156
#: serverguide/C/databases.xml:113(command)
23157
msgid "sudo dpkg-reconfigure mysql-server-5.1"
23158
msgstr ""
23159
23160
#: serverguide/C/databases.xml:116(para)
23161
msgid ""
23162
"The <application>mysql</application> daemon will be stopped, and you will be "
23163
"prompted to enter a new password."
23164
msgstr ""
23165
23166
#: serverguide/C/databases.xml:125(para)
23167
msgid ""
23168
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
23169
"more information."
23170
msgstr ""
23171
23172
#: serverguide/C/databases.xml:130(para)
23173
msgid ""
23174
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
23175
"<application>mysql-doc-5.0</application> package. To install the package "
23176
"enter the following in a terminal:"
23177
msgstr ""
23178
23179
#: serverguide/C/databases.xml:135(command)
23180
msgid "sudo apt-get install mysql-doc-5.0"
23181
msgstr ""
23182
23183
#: serverguide/C/databases.xml:137(para)
23184
msgid ""
23185
"The documentation is in HTML format, to view them enter "
23186
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
23187
"chapter/index.html</command> in your browser's address bar."
23188
msgstr ""
23189
23190
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
23191
msgid ""
23192
"For general SQL information see <ulink "
23193
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
23194
"Special Edition</ulink> by Rafe Colburn."
23195
msgstr ""
23196
23197
#: serverguide/C/databases.xml:149(para)
23198
msgid ""
23199
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
23200
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
23201
msgstr ""
23202
23203
#: serverguide/C/databases.xml:158(para)
23204
msgid ""
23205
"PostgreSQL is an object-relational database system that has the features of "
23206
"traditional commercial database systems with enhancements to be found in "
23207
"next-generation DBMS systems."
23208
msgstr ""
23209
23210
#: serverguide/C/databases.xml:165(para)
23211
msgid ""
23212
"To install PostgreSQL, run the following command in the command prompt:"
23213
msgstr ""
23214
23215
#: serverguide/C/databases.xml:172(command)
23216
msgid "sudo apt-get install postgresql"
23217
msgstr ""
23218
23219
#: serverguide/C/databases.xml:176(para)
23220
msgid ""
23221
"Once the installation is complete, you should configure the PostgreSQL "
23222
"server based on your needs, although the default configuration is viable."
23223
msgstr ""
23224
23225
#: serverguide/C/databases.xml:184(para)
23226
msgid ""
23227
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
23228
"client authentication methods. By default, IDENT authentication method is "
23229
"used for <application>postgres</application> and local users. Please refer "
23230
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
23231
"PostgreSQL Administrator's Guide</ulink>."
23232
msgstr ""
23233
23234
#: serverguide/C/databases.xml:191(para)
23235
msgid ""
23236
"The following discussion assumes that you wish to enable TCP/IP connections "
23237
"and use the MD5 method for client authentication. PostgreSQL configuration "
23238
"files are stored in the "
23239
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
23240
"example, if you install PostgreSQL 8.4, the configuration files are stored "
23241
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
23242
msgstr ""
23243
23244
#: serverguide/C/databases.xml:201(para)
23245
msgid ""
23246
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
23247
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
23248
msgstr ""
23249
23250
#: serverguide/C/databases.xml:208(para)
23251
msgid ""
23252
"To enable TCP/IP connections, edit the file "
23253
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
23254
msgstr ""
23255
23256
#: serverguide/C/databases.xml:210(para)
23257
msgid ""
23258
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
23259
"change it to:"
23260
msgstr ""
23261
23262
#: serverguide/C/databases.xml:213(programlisting)
23263
#, no-wrap
23264
msgid ""
23265
"\n"
23266
"listen_addresses = 'localhost'\n"
23267
msgstr ""
23268
23269
#: serverguide/C/databases.xml:217(para)
23270
msgid ""
23271
"To allow other computers to connect to your "
23272
"<application>PostgreSQL</application> server replace 'localhost' with the "
23273
"<emphasis>IP Address</emphasis> of your server."
23274
msgstr ""
23275
23276
#: serverguide/C/databases.xml:222(para)
23277
msgid ""
23278
"You may also edit all other parameters, if you know what you are doing! For "
23279
"details, refer to the configuration file or to the PostgreSQL documentation."
23280
msgstr ""
23281
23282
#: serverguide/C/databases.xml:227(para)
23283
msgid ""
23284
"Now that we can connect to our <application>PostgreSQL</application> server, "
23285
"the next step is to set a password for the <emphasis>postgres</emphasis> "
23286
"user. Run the following command at a terminal prompt to connect to the "
23287
"default PostgreSQL template database:"
23288
msgstr ""
23289
23290
#: serverguide/C/databases.xml:234(command)
23291
msgid "sudo -u postgres psql template1"
23292
msgstr ""
23293
23294
#: serverguide/C/databases.xml:236(para)
23295
msgid ""
23296
"The above command connects to PostgreSQL database "
23297
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
23298
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
23299
"run the following SQL command at the <application>psql</application> prompt "
23300
"to configure the password for the user <emphasis "
23301
"role=\"italics\">postgres</emphasis>."
23302
msgstr ""
23303
23304
#: serverguide/C/databases.xml:244(command)
23305
msgid "ALTER USER postgres with encrypted password 'your_password';"
23306
msgstr ""
23307
23308
#: serverguide/C/databases.xml:246(para)
23309
msgid ""
23310
"After configuring the password, edit the file "
23311
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
23312
"<emphasis>MD5</emphasis> authentication with the "
23313
"<emphasis>postgres</emphasis> user:"
23314
msgstr ""
23315
23316
#: serverguide/C/databases.xml:252(programlisting)
23317
#, no-wrap
23318
msgid ""
23319
"\n"
23320
"local all postgres md5\n"
23321
msgstr ""
23322
23323
#: serverguide/C/databases.xml:256(para)
23324
msgid ""
23325
"Finally, you should restart the <application>PostgreSQL</application> "
23326
"service to initialize the new configuration. From a terminal prompt enter "
23327
"the following to restart <application>PostgreSQL</application>:"
23328
msgstr ""
23329
23330
#: serverguide/C/databases.xml:262(command)
23331
msgid "sudo /etc/init.d/postgresql-8.4 restart"
23332
msgstr ""
23333
23334
#: serverguide/C/databases.xml:265(para)
23335
msgid ""
23336
"The above configuration is not complete by any means. Please refer <ulink "
23337
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
23338
"Administrator's Guide</ulink> to configure more parameters."
23339
msgstr ""
23340
23341
#: serverguide/C/databases.xml:276(para)
23342
msgid ""
23343
"As mentioned above the <ulink "
23344
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
23345
"Guide</ulink> is an excellent resource. The guide is also available in the "
23346
"<application>postgresql-doc-8.4</application> package. Execute the following "
23347
"in a terminal to install the package:"
23348
msgstr ""
23349
23350
#: serverguide/C/databases.xml:282(command)
23351
msgid "sudo apt-get install postgresql-doc-8.4"
23352
msgstr ""
23353
23354
#: serverguide/C/databases.xml:284(para)
23355
msgid ""
23356
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
23357
"8.4/html/index.html</command> into the address bar of your browser."
23358
msgstr ""
23359
23360
#: serverguide/C/databases.xml:296(para)
23361
msgid ""
23362
"Also, see the <ulink "
23363
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
23364
"Wiki</ulink> page for more information."
23365
msgstr ""
23366
23367
#: serverguide/C/clustering.xml:13(title)
23368
msgid "Clustering"
23369
msgstr ""
23370
23371
#: serverguide/C/clustering.xml:16(title)
23372
msgid "DRBD"
23373
msgstr ""
23374
23375
#: serverguide/C/clustering.xml:18(para)
23376
msgid ""
23377
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
23378
"multiple hosts. The replication is transparent to other applications on the "
23379
"host systems. Any block device hard disks, partitions, RAID devices, logical "
23380
"volumes, etc can be mirrored."
23381
msgstr ""
23382
23383
#: serverguide/C/clustering.xml:24(para)
23384
msgid ""
23385
"To get started using <application>drbd</application>, first install the "
23386
"necessary packages. From a terminal enter:"
23387
msgstr ""
23388
23389
#: serverguide/C/clustering.xml:29(command)
23390
msgid "sudo apt-get install drbd8-utils"
23391
msgstr ""
23392
23393
#: serverguide/C/clustering.xml:33(para)
23394
msgid ""
23395
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
23396
"virtual machine you will need to manually compile the "
23397
"<application>drbd</application> module. It may be easier to install the "
23398
"<application>linux-server</application> package inside the virtual machine."
23399
msgstr ""
23400
23401
#: serverguide/C/clustering.xml:40(para)
23402
msgid ""
23403
"This section covers setting up a <application>drbd</application> to "
23404
"replicate a separate <filename>/srv</filename> partition, with an "
23405
"<application>ext3</application> filesystem between two hosts. The partition "
23406
"size is not particularly relevant, but both partitions need to be the same "
23407
"size."
23408
msgstr ""
23409
23410
#: serverguide/C/clustering.xml:49(para)
23411
msgid ""
23412
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
23413
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
23414
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
23415
"See <xref linkend=\"dns\"/> for details."
23416
msgstr ""
23417
23418
#: serverguide/C/clustering.xml:57(para)
23419
msgid ""
23420
"To configure <application>drbd</application>, on the first host edit "
23421
"<filename>/etc/drbd.conf</filename>:"
23422
msgstr ""
23423
23424
#: serverguide/C/clustering.xml:61(programlisting)
23425
#, no-wrap
23426
msgid ""
23427
"\n"
23428
"global { usage-count no; }\n"
23429
"common { syncer { rate 100M; } }\n"
23430
"resource r0 {\n"
23431
" protocol C;\n"
23432
" startup {\n"
23433
" wfc-timeout 15;\n"
23434
" degr-wfc-timeout 60;\n"
23435
" }\n"
23436
" net {\n"
23437
" cram-hmac-alg sha1;\n"
23438
" shared-secret \"secret\";\n"
23439
" }\n"
23440
" on drbd01 {\n"
23441
" device /dev/drbd0;\n"
23442
" disk /dev/sdb1;\n"
23443
" address 192.168.0.1:7788;\n"
23444
" meta-disk internal;\n"
23445
" }\n"
23446
" on drbd02 {\n"
23447
" device /dev/drbd0;\n"
23448
" disk /dev/sdb1;\n"
23449
" address 192.168.0.2:7788;\n"
23450
" meta-disk internal;\n"
23451
" }\n"
23452
"} \n"
23453
msgstr ""
23454
23455
#: serverguide/C/clustering.xml:90(para)
23456
msgid ""
23457
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
23458
"this example their default values are fine."
23459
msgstr ""
23460
23461
#: serverguide/C/clustering.xml:98(para)
23462
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
23463
msgstr ""
23464
23465
#: serverguide/C/clustering.xml:103(command)
23466
msgid "scp /etc/drbd.conf drbd02:~"
23467
msgstr ""
23468
23469
#: serverguide/C/clustering.xml:109(para)
23470
msgid ""
23471
"And, on <emphasis>drbd02</emphasis> move the file to "
23472
"<filename>/etc</filename>:"
23473
msgstr ""
23474
23475
#: serverguide/C/clustering.xml:114(command)
23476
msgid "sudo mv drbd.conf /etc/"
23477
msgstr ""
23478
23479
#: serverguide/C/clustering.xml:120(para)
23480
msgid ""
23481
"Next, on both hosts, start the <application>drbd</application> daemon:"
23482
msgstr ""
23483
23484
#: serverguide/C/clustering.xml:125(command)
23485
msgid "sudo /etc/init.d/drbd start"
23486
msgstr ""
23487
23488
#: serverguide/C/clustering.xml:131(para)
23489
msgid ""
23490
"Now using the <application>drbdadm</application> utility initialize the meta "
23491
"data storage. On each server execute:"
23492
msgstr ""
23493
23494
#: serverguide/C/clustering.xml:137(command)
23495
msgid "sudo drbdadm create-md r0"
23496
msgstr ""
23497
23498
#: serverguide/C/clustering.xml:143(para)
23499
msgid ""
23500
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
23501
"primary, enter the following:"
23502
msgstr ""
23503
23504
#: serverguide/C/clustering.xml:148(command)
23505
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
23506
msgstr ""
23507
23508
#: serverguide/C/clustering.xml:154(para)
23509
msgid ""
23510
"After executing the above command, the data will start syncing with the "
23511
"secondary host. To watch the progress, on <emphasis>drbd02</emphasis> enter "
23512
"the following:"
23513
msgstr ""
23514
23515
#: serverguide/C/clustering.xml:160(command)
23516
msgid "watch -n1 cat /proc/drbd"
23517
msgstr ""
23518
23519
#: serverguide/C/clustering.xml:163(para)
23520
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
23521
msgstr ""
23522
23523
#: serverguide/C/clustering.xml:170(para)
23524
msgid ""
23525
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
23526
msgstr ""
23527
23528
#: serverguide/C/clustering.xml:175(command)
23529
msgid "sudo mkfs.ext3 /dev/drbd0"
23530
msgstr ""
23531
23532
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
23533
msgid "sudo mount /dev/drbd0 /srv"
23534
msgstr ""
23535
23536
#: serverguide/C/clustering.xml:186(para)
23537
msgid ""
23538
"To test that the data is actually syncing between the hosts copy some files "
23539
"on the <emphasis>drbd01</emphasis>, the primary, to "
23540
"<filename>/srv</filename>:"
23541
msgstr ""
23542
23543
#: serverguide/C/clustering.xml:195(para)
23544
msgid "Next, unmount <filename>/srv</filename>:"
23545
msgstr ""
23546
23547
#: serverguide/C/clustering.xml:203(para)
23548
msgid ""
23549
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
23550
"<emphasis>secondary</emphasis> role:"
23551
msgstr ""
23552
23553
#: serverguide/C/clustering.xml:208(command)
23554
msgid "sudo drbdadm secondary r0"
23555
msgstr ""
23556
23557
#: serverguide/C/clustering.xml:211(para)
23558
msgid ""
23559
"Now on the <emphasis>secondary</emphasis> server "
23560
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
23561
msgstr ""
23562
23563
#: serverguide/C/clustering.xml:216(command)
23564
msgid "sudo drbdadm primary r0"
23565
msgstr ""
23566
23567
#: serverguide/C/clustering.xml:219(para)
23568
msgid "Lastly, mount the partition:"
23569
msgstr ""
23570
23571
#: serverguide/C/clustering.xml:227(para)
23572
msgid ""
23573
"Using <emphasis>ls</emphasis> you should see "
23574
"<filename>/srv/default</filename> copied from the former "
23575
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
23576
msgstr ""
23577
23578
#: serverguide/C/clustering.xml:238(para)
23579
msgid ""
23580
"For more information on <application>DRBD</application> see the <ulink "
23581
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
23582
msgstr ""
23583
23584
#: serverguide/C/clustering.xml:243(para)
23585
msgid ""
23586
"The <ulink "
23587
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man5/drbd.conf.5.html\""
23588
">drbd.conf man page</ulink> contains details on the options not covered in "
23589
"this guide."
23590
msgstr ""
23591
23592
#: serverguide/C/clustering.xml:249(para)
23593
msgid ""
23594
"Also, see the <ulink "
23595
"url=\"http://manpages.ubuntu.com/manpages/maverick/en/man8/drbdadm.8.html\">d"
23596
"rbdadm man page</ulink>."
23597
msgstr ""
23598
23599
#: serverguide/C/clustering.xml:254(para)
23600
msgid ""
23601
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
23602
"Wiki</ulink> page also has more information."
23603
msgstr ""
23604
23605
#: serverguide/C/chat.xml:13(title)
23606
msgid "Chat Applications"
23607
msgstr ""
23608
23609
#: serverguide/C/chat.xml:19(para)
23610
msgid ""
23611
"In this section, we will discuss how to install and configure a IRC server, "
23612
"<application>ircd-irc2</application>. We will also discuss how to install "
23613
"and configure Jabber, an instance messaging server."
23614
msgstr ""
23615
23616
#: serverguide/C/chat.xml:28(title)
23617
msgid "IRC Server"
23618
msgstr ""
23619
23620
#: serverguide/C/chat.xml:30(para)
23621
msgid ""
23622
"The Ubuntu repository has many Internet Relay Chat servers. This section "
23623
"explains how to install and configure the original IRC server "
23624
"<application>ircd-irc2</application>."
23625
msgstr ""
23626
23627
#: serverguide/C/chat.xml:39(para)
23628
msgid ""
23629
"To install <application>ircd-irc2</application>, run the following command "
23630
"in the command prompt:"
23631
msgstr ""
23632
23633
#: serverguide/C/chat.xml:45(command)
23634
msgid "sudo apt-get install ircd-irc2"
23635
msgstr ""
23636
23637
#: serverguide/C/chat.xml:48(para)
23638
msgid ""
23639
"The configuration files are stored in <filename>/etc/ircd</filename> "
23640
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
23641
"irc2</filename> directory."
23642
msgstr ""
23643
23644
#: serverguide/C/chat.xml:59(para)
23645
msgid ""
23646
"The IRC settings can be done in the configuration file "
23647
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
23648
"this file by editing the following line:"
23649
msgstr ""
23650
23651
#: serverguide/C/chat.xml:64(programlisting)
23652
#, no-wrap
23653
msgid ""
23654
"\n"
23655
"M:irc.localhost::Debian ircd default configuration::000A\n"
23656
msgstr ""
23657
23658
#: serverguide/C/chat.xml:68(para)
23659
msgid ""
23660
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
23661
"you set irc.livecipher.com as IRC host name, please make sure "
23662
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
23663
"name should not be same as the host name."
23664
msgstr ""
23665
23666
#: serverguide/C/chat.xml:75(para)
23667
msgid ""
23668
"The IRC admin details can be configured by editing the following line:"
23669
msgstr ""
23670
23671
#: serverguide/C/chat.xml:80(programlisting)
23672
#, no-wrap
23673
msgid ""
23674
"\n"
23675
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
23676
"Server::IRCnet:\n"
23677
msgstr ""
23678
23679
#: serverguide/C/chat.xml:84(para)
23680
msgid ""
23681
"You should add specific lines to configure the list of IRC ports to listen "
23682
"on, to configure Operator credentials, to configure client authentication, "
23683
"etc. For details, please refer to the example configuration file "
23684
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
23685
msgstr ""
23686
23687
#: serverguide/C/chat.xml:92(para)
23688
msgid ""
23689
"The IRC banner to be displayed in the IRC client, when the user connects to "
23690
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
23691
msgstr ""
23692
23693
#: serverguide/C/chat.xml:97(para)
23694
msgid ""
23695
"After making necessary changes to the configuration file, you can restart "
23696
"the IRC server using following command:"
23697
msgstr ""
23698
23699
#: serverguide/C/chat.xml:101(programlisting)
23700
#, no-wrap
23701
msgid ""
23702
"\n"
23703
"sudo /etc/init.d/ircd-irc2 restart\n"
23704
msgstr ""
23705
23706
#: serverguide/C/chat.xml:109(para)
23707
msgid ""
23708
"You may also be interested to take a look at other IRC servers available in "
23709
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
23710
"<application>ircd-hybrid</application>."
23711
msgstr ""
23712
23713
#: serverguide/C/chat.xml:117(para)
23714
msgid ""
23715
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
23716
"FAQ</ulink> for more details about the IRC Server."
23717
msgstr ""
23718
23719
#: serverguide/C/chat.xml:124(para)
23720
msgid ""
23721
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23722
"IRCD</ulink> page has more information."
23723
msgstr ""
23724
23725
#: serverguide/C/chat.xml:132(title)
23726
msgid "Jabber Instant Messaging Server"
23727
msgstr ""
23728
23729
#: serverguide/C/chat.xml:134(para)
23730
msgid ""
23731
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
23732
"XMPP, an open standard for instant messaging, and used by many popular "
23733
"applications. This section covers setting up a <emphasis>Jabberd "
23734
"2</emphasis> server on a local LAN. This configuration can also be adapted "
23735
"to providing messaging services to users over the Internet."
23736
msgstr ""
23737
23738
#: serverguide/C/chat.xml:143(para)
23739
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23740
msgstr ""
23741
23742
#: serverguide/C/chat.xml:148(command)
23743
msgid "sudo apt-get install jabberd2"
23744
msgstr ""
23745
23746
#: serverguide/C/chat.xml:155(para)
23747
msgid ""
23748
"A couple of XML configuration files will be used to configure "
23749
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23750
"authentication. This is a very simple form of authentication. However, "
23751
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23752
"Postgresql, etc for for user authentication."
23753
msgstr ""
23754
23755
#: serverguide/C/chat.xml:162(para)
23756
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23757
msgstr ""
23758
23759
#: serverguide/C/chat.xml:166(programlisting)
23760
#, no-wrap
23761
msgid ""
23762
"\n"
23763
" <id>jabber.example.com</id>\n"
23764
msgstr ""
23765
23766
#: serverguide/C/chat.xml:171(para)
23767
msgid ""
23768
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23769
"id, of your server."
23770
msgstr ""
23771
23772
#: serverguide/C/chat.xml:176(para)
23773
msgid "Now in the <storage> section change the <driver> to:"
23774
msgstr ""
23775
23776
#: serverguide/C/chat.xml:180(programlisting)
23777
#, no-wrap
23778
msgid ""
23779
"\n"
23780
" <driver>db</driver>\n"
23781
msgstr ""
23782
23783
#: serverguide/C/chat.xml:184(para)
23784
msgid ""
23785
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23786
"<emphasis><local></emphasis> section change:"
23787
msgstr ""
23788
23789
#: serverguide/C/chat.xml:188(programlisting)
23790
#, no-wrap
23791
msgid ""
23792
"\n"
23793
" <id>jabber.example.com</id>\n"
23794
msgstr ""
23795
23796
#: serverguide/C/chat.xml:192(para)
23797
msgid ""
23798
"And in the <authreg> section adjust the <module> section to:"
23799
msgstr ""
23800
23801
#: serverguide/C/chat.xml:196(programlisting)
23802
#, no-wrap
23803
msgid ""
23804
"\n"
23805
" <module>db</module>\n"
23806
msgstr ""
23807
23808
#: serverguide/C/chat.xml:200(para)
23809
msgid ""
23810
"Finally, restart <application>jabberd2</application> to enable the new "
23811
"settings:"
23812
msgstr ""
23813
23814
#: serverguide/C/chat.xml:205(command)
23815
msgid "sudo /etc/init.d/jabberd2 restart"
23816
msgstr ""
23817
23818
#: serverguide/C/chat.xml:208(para)
23819
msgid ""
23820
"You should now be able to connect to the server using a Jabber client like "
23821
"<application>Pidgin</application> for example."
23822
msgstr ""
23823
23824
#: serverguide/C/chat.xml:213(para)
23825
msgid ""
23826
"The advantage of using Berkeley DB for user data is that after being "
23827
"configured no additional maintenance is required. If you need more control "
23828
"over user accounts and credentials another authentication method is "
23829
"recommended."
23830
msgstr ""
23831
23832
#: serverguide/C/chat.xml:225(para)
23833
msgid ""
23834
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23835
"Site</ulink> contains more details on configuring "
23836
"<application>Jabberd2</application>."
23837
msgstr ""
23838
23839
#: serverguide/C/chat.xml:231(para)
23840
msgid ""
23841
"For more authentication options see the <ulink "
23842
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23843
"Guide</ulink>."
23844
msgstr ""
23845
23846
#: serverguide/C/chat.xml:236(para)
23847
msgid ""
23848
"Also, the <ulink "
23849
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23850
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23851
msgstr ""
23852
23853
#: serverguide/C/backups.xml:13(title)
23854
msgid "Backups"
23855
msgstr "Резервні копії"
23856
23857
#: serverguide/C/backups.xml:14(para)
23858
msgid ""
23859
"There are many ways to backup an Ubuntu installation. The most important "
23860
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23861
"consisting of what to backup, where to back it up to, and how to restore it."
23862
msgstr ""
23863
23864
#: serverguide/C/backups.xml:18(para)
23865
msgid ""
23866
"The following sections discuss various ways of accomplishing these tasks."
23867
msgstr ""
23868
23869
#: serverguide/C/backups.xml:22(title)
23870
msgid "Shell Scripts"
23871
msgstr ""
23872
23873
#: serverguide/C/backups.xml:23(para)
23874
msgid ""
23875
"One of the simplest ways to backup a system is using a <emphasis>shell "
23876
"script</emphasis>. For example, a script can be used to configure which "
23877
"directories to backup, and use those directories as arguments to the "
23878
"<application>tar</application> utility creating an archive file. The archive "
23879
"file can then be moved or copied to another location. The archive can also "
23880
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23881
msgstr ""
23882
23883
#: serverguide/C/backups.xml:29(para)
23884
msgid ""
23885
"The <application>tar</application> utility creates one archive file out of "
23886
"many files or directories. <application>tar</application> can also filter "
23887
"the files through compression utilities reducing the size of the archive "
23888
"file."
23889
msgstr ""
23890
23891
#: serverguide/C/backups.xml:35(title)
23892
msgid "Simple Shell Script"
23893
msgstr ""
23894
23895
#: serverguide/C/backups.xml:36(para)
23896
msgid ""
23897
"The following shell script uses <application>tar</application> to create an "
23898
"archive file on a remotely mounted NFS file system. The archive filename is "
23899
"determined using additional command line utilities."
23900
msgstr ""
23901
23902
#: serverguide/C/backups.xml:40(programlisting)
23903
#, no-wrap
23904
msgid ""
23905
"\n"
23906
"#!/bin/sh\n"
23907
"####################################\n"
23908
"#\n"
23909
"# Backup to NFS mount script.\n"
23910
"#\n"
23911
"####################################\n"
23912
"\n"
23913
"# What to backup. \n"
23914
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23915
"\n"
23916
"# Where to backup to.\n"
23917
"dest=\"/mnt/backup\"\n"
23918
"\n"
23919
"# Create archive filename.\n"
23920
"day=$(date +%A)\n"
23921
"hostname=$(hostname -s)\n"
23922
"archive_file=\"$hostname-$day.tgz\"\n"
23923
"\n"
23924
"# Print start status message.\n"
23925
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23926
"date\n"
23927
"echo\n"
23928
"\n"
23929
"# Backup the files using tar.\n"
23930
"tar czf $dest/$archive_file $backup_files\n"
23931
"\n"
23932
"# Print end status message.\n"
23933
"echo\n"
23934
"echo \"Backup finished\"\n"
23935
"date\n"
23936
"\n"
23937
"# Long listing of files in $dest to check file sizes.\n"
23938
"ls -lh $dest\n"
23939
msgstr ""
23940
23941
#: serverguide/C/backups.xml:77(para)
23942
msgid ""
23943
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23944
"would like to backup. The list should be customized to fit your needs."
23945
msgstr ""
23946
23947
#: serverguide/C/backups.xml:83(para)
23948
msgid ""
23949
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23950
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23951
"day of the week, giving a backup history of seven days. There are other ways "
23952
"to accomplish this including other ways using the "
23953
"<application>date</application> utility."
23954
msgstr ""
23955
23956
#: serverguide/C/backups.xml:90(para)
23957
msgid ""
23958
"<emphasis>$hostname:</emphasis> variable containing the "
23959
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23960
"archive filename gives you the option of placing daily archive files from "
23961
"multiple systems in the same directory."
23962
msgstr ""
23963
23964
#: serverguide/C/backups.xml:97(para)
23965
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23966
msgstr ""
23967
23968
#: serverguide/C/backups.xml:102(para)
23969
msgid ""
23970
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23971
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23972
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23973
"details using <emphasis>NFS</emphasis>."
23974
msgstr ""
23975
23976
#: serverguide/C/backups.xml:109(para)
23977
msgid ""
23978
"<emphasis>status messages:</emphasis> optional messages printed to the "
23979
"console using the <application>echo</application> utility."
23980
msgstr ""
23981
23982
#: serverguide/C/backups.xml:115(para)
23983
msgid ""
23984
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23985
"<application>tar</application> command used to create the archive file."
23986
msgstr ""
23987
23988
#: serverguide/C/backups.xml:121(para)
23989
msgid "<emphasis>c:</emphasis> creates an archive."
23990
msgstr ""
23991
23992
#: serverguide/C/backups.xml:126(para)
23993
msgid ""
23994
"<emphasis>z:</emphasis> filter the archive through the "
23995
"<application>gzip</application> utility compressing the archive."
23996
msgstr ""
23997
23998
#: serverguide/C/backups.xml:131(para)
23999
msgid ""
24000
"<emphasis>f:</emphasis> use archive file. Otherwise the "
24001
"<application>tar</application> output will be sent to STDOUT."
24002
msgstr ""
24003
24004
#: serverguide/C/backups.xml:138(para)
24005
msgid ""
24006
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
24007
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
24008
"of the destination directory. This is useful for a quick file size check of "
24009
"the archive file. This check should not replace testing the archive file."
24010
msgstr ""
24011
24012
#: serverguide/C/backups.xml:145(para)
24013
msgid ""
24014
"This is a simple example of a backup shell script. There are large amount of "
24015
"options that can be included in a backup script. See <xref linkend=\"backup-"
24016
"shellscript-references\"/> for links to resources providing more in depth "
24017
"shell scripting information."
24018
msgstr ""
24019
24020
#: serverguide/C/backups.xml:152(title)
24021
msgid "Executing the Script"
24022
msgstr ""
24023
24024
#: serverguide/C/backups.xml:154(title)
24025
msgid "Executing from a Terminal"
24026
msgstr ""
24027
24028
#: serverguide/C/backups.xml:155(para)
24029
msgid ""
24030
"The simplest way of executing the above backup script is to copy and paste "
24031
"the contents into a file. <filename>backup.sh</filename> for example. Then "
24032
"from a terminal prompt:"
24033
msgstr ""
24034
24035
#: serverguide/C/backups.xml:160(command)
24036
msgid "sudo bash backup.sh"
24037
msgstr ""
24038
24039
#: serverguide/C/backups.xml:162(para)
24040
msgid ""
24041
"This is a great way to test the script to make sure everything works as "
24042
"expected."
24043
msgstr ""
24044
24045
#: serverguide/C/backups.xml:167(title)
24046
msgid "Executing with cron"
24047
msgstr ""
24048
24049
#: serverguide/C/backups.xml:168(para)
24050
msgid ""
24051
"The <application>cron</application> utility can be used to automate the "
24052
"script execution. The <application>cron</application> daemon allows the "
24053
"execution of scripts, or commands, at a specified time and date."
24054
msgstr ""
24055
24056
#: serverguide/C/backups.xml:172(para)
24057
msgid ""
24058
"<application>cron</application> is configured through entries in a "
24059
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
24060
"separated into fields:"
24061
msgstr ""
24062
24063
#: serverguide/C/backups.xml:176(programlisting)
24064
#, no-wrap
24065
msgid ""
24066
"\n"
24067
"# m h dom mon dow command\n"
24068
msgstr ""
24069
24070
#: serverguide/C/backups.xml:181(para)
24071
msgid ""
24072
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
24073
msgstr ""
24074
24075
#: serverguide/C/backups.xml:186(para)
24076
msgid ""
24077
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
24078
msgstr ""
24079
24080
#: serverguide/C/backups.xml:191(para)
24081
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
24082
msgstr ""
24083
24084
#: serverguide/C/backups.xml:196(para)
24085
msgid ""
24086
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
24087
msgstr ""
24088
24089
#: serverguide/C/backups.xml:201(para)
24090
msgid ""
24091
"<emphasis>dow:</emphasis> the day of the week the command executes on "
24092
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
24093
"valid."
24094
msgstr ""
24095
24096
#: serverguide/C/backups.xml:206(para)
24097
msgid "<emphasis>command:</emphasis> the command to execute."
24098
msgstr ""
24099
24100
#: serverguide/C/backups.xml:211(para)
24101
msgid ""
24102
"To add or change entries in a <filename>crontab</filename> file the "
24103
"<application>crontab -e</application> command should be used. Also, the "
24104
"contents of a <filename>crontab</filename> file can be viewed using the "
24105
"<application>crontab -l</application> command."
24106
msgstr ""
24107
24108
#: serverguide/C/backups.xml:215(para)
24109
msgid ""
24110
"To execute the <application>backup.sh</application> script listed above "
24111
"using <application>cron</application>. Enter the following from a terminal "
24112
"prompt:"
24113
msgstr ""
24114
24115
#: serverguide/C/backups.xml:220(command)
24116
msgid "sudo crontab -e"
24117
msgstr ""
24118
24119
#: serverguide/C/backups.xml:223(para)
24120
msgid ""
24121
"Using <application>sudo</application> with the <application>crontab -"
24122
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
24123
"This is necessary if you are backing up directories only the root user has "
24124
"access to."
24125
msgstr ""
24126
24127
#: serverguide/C/backups.xml:228(para)
24128
msgid "Add the following entry to the <filename>crontab</filename> file:"
24129
msgstr ""
24130
24131
#: serverguide/C/backups.xml:231(programlisting)
24132
#, no-wrap
24133
msgid ""
24134
"\n"
24135
"# m h dom mon dow command\n"
24136
"0 0 * * * bash /usr/local/bin/backup.sh\n"
24137
msgstr ""
24138
24139
#: serverguide/C/backups.xml:235(para)
24140
msgid ""
24141
"The <application>backup.sh</application> script will now be executed every "
24142
"day at 12:00 am."
24143
msgstr ""
24144
24145
#: serverguide/C/backups.xml:239(para)
24146
msgid ""
24147
"The <application>backup.sh</application> script will need to be copied to "
24148
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
24149
"to execute properly. The script can reside anywhere on the file system "
24150
"simply change the script path appropriately."
24151
msgstr ""
24152
24153
#: serverguide/C/backups.xml:244(para)
24154
msgid ""
24155
"For more in depth <application>crontab</application> options see <xref "
24156
"linkend=\"backup-shellscript-references\"/>."
24157
msgstr ""
24158
24159
#: serverguide/C/backups.xml:250(title)
24160
msgid "Restoring from the Archive"
24161
msgstr ""
24162
24163
#: serverguide/C/backups.xml:251(para)
24164
msgid ""
24165
"Once an archive has been created it is important to test the archive. The "
24166
"archive can be tested by listing the files it contains, but the best test is "
24167
"to <emphasis>restore</emphasis> a file from the archive."
24168
msgstr ""
24169
24170
#: serverguide/C/backups.xml:257(para)
24171
msgid "To see a listing of the archive contents. From a terminal prompt:"
24172
msgstr ""
24173
24174
#: serverguide/C/backups.xml:261(command)
24175
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
24176
msgstr ""
24177
24178
#: serverguide/C/backups.xml:265(para)
24179
msgid "To restore a file from the archive to a different directory enter:"
24180
msgstr ""
24181
24182
#: serverguide/C/backups.xml:269(command)
24183
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
24184
msgstr ""
24185
24186
#: serverguide/C/backups.xml:271(para)
24187
msgid ""
24188
"The <emphasis>-C</emphasis> option to <application>tar</application> "
24189
"redirects the extracted files to the specified directory. The above example "
24190
"will extract the <filename>/etc/hosts</filename> file to "
24191
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
24192
"recreates the directory structure that it contains."
24193
msgstr ""
24194
24195
#: serverguide/C/backups.xml:276(para)
24196
msgid ""
24197
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
24198
"the file to restore."
24199
msgstr ""
24200
24201
#: serverguide/C/backups.xml:281(para)
24202
msgid "To restore all files in the archive enter the following:"
24203
msgstr ""
24204
24205
#: serverguide/C/backups.xml:285(command)
24206
msgid "cd /"
24207
msgstr "cd /"
24208
24209
#: serverguide/C/backups.xml:286(command)
24210
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
24211
msgstr ""
24212
24213
#: serverguide/C/backups.xml:291(para)
24214
msgid "This will overwrite the files currently on the file system."
24215
msgstr ""
24216
24217
#: serverguide/C/backups.xml:300(para)
24218
msgid ""
24219
"For more information on shell scripting see the <ulink "
24220
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
24221
msgstr ""
24222
24223
#: serverguide/C/backups.xml:305(para)
24224
msgid ""
24225
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
24226
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
24227
"great resource for shell scripting."
24228
msgstr ""
24229
24230
#: serverguide/C/backups.xml:311(para)
24231
msgid ""
24232
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
24233
"Wiki Page</ulink> contains details on advanced "
24234
"<application>cron</application> options."
24235
msgstr ""
24236
24237
#: serverguide/C/backups.xml:318(para)
24238
msgid ""
24239
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
24240
"tar Manual</ulink> for more <application>tar</application> options."
24241
msgstr ""
24242
24243
#: serverguide/C/backups.xml:324(para)
24244
msgid ""
24245
"The Wikipedia <ulink "
24246
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
24247
"Scheme</ulink> article contains information on other backup rotation schemes."
24248
msgstr ""
24249
24250
#: serverguide/C/backups.xml:330(para)
24251
msgid ""
24252
"The shell script uses <application>tar</application> to create the archive, "
24253
"but there many other command line utilities that can be used. For example:"
24254
msgstr ""
24255
24256
#: serverguide/C/backups.xml:336(para)
24257
msgid ""
24258
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
24259
"files to and from archives."
24260
msgstr ""
24261
24262
#: serverguide/C/backups.xml:341(para)
24263
msgid ""
24264
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
24265
"the <application>coreutils</application> package. A low level utility that "
24266
"can copy data from one format to another"
24267
msgstr ""
24268
24269
#: serverguide/C/backups.xml:347(para)
24270
msgid ""
24271
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
24272
"snap shot utility used to create copies of an entire file system."
24273
msgstr ""
24274
24275
#: serverguide/C/backups.xml:358(title)
24276
msgid "Archive Rotation"
24277
msgstr ""
24278
24279
#: serverguide/C/backups.xml:359(para)
24280
msgid ""
24281
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
24282
"allows for seven different archives. For a server whose data doesn't change "
24283
"often this may be enough. If the server has a large amount of data a more "
24284
"robust rotation scheme should be used."
24285
msgstr ""
24286
24287
#: serverguide/C/backups.xml:365(title)
24288
msgid "Rotating NFS Archives"
24289
msgstr ""
24290
24291
#: serverguide/C/backups.xml:366(para)
24292
msgid ""
24293
"In this section the shell script will be slightly modified to implement a "
24294
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
24295
msgstr ""
24296
24297
#: serverguide/C/backups.xml:372(para)
24298
msgid ""
24299
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
24300
"Friday."
24301
msgstr ""
24302
24303
#: serverguide/C/backups.xml:377(para)
24304
msgid ""
24305
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
24306
"weekly backups a month."
24307
msgstr ""
24308
24309
#: serverguide/C/backups.xml:382(para)
24310
msgid ""
24311
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
24312
"rotating two monthly backups based on if the month is odd or even."
24313
msgstr ""
24314
24315
#: serverguide/C/backups.xml:388(para)
24316
msgid "Here is the new script:"
24317
msgstr ""
24318
24319
#: serverguide/C/backups.xml:391(programlisting)
24320
#, no-wrap
24321
msgid ""
24322
"\n"
24323
"#!/bin/bash\n"
24324
"####################################\n"
24325
"#\n"
24326
"# Backup to NFS mount script with\n"
24327
"# grandfather-father-son rotation.\n"
24328
"#\n"
24329
"####################################\n"
24330
"\n"
24331
"# What to backup. \n"
24332
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24333
"\n"
24334
"# Where to backup to.\n"
24335
"dest=\"/mnt/backup\"\n"
24336
"\n"
24337
"# Setup variables for the archive filename.\n"
24338
"day=$(date +%A)\n"
24339
"hostname=$(hostname -s)\n"
24340
"\n"
24341
"# Find which week of the month 1-4 it is.\n"
24342
"day_num=$(date +%d)\n"
24343
"if (( $day_num <= 7 )); then\n"
24344
" week_file=\"$hostname-week1.tgz\"\n"
24345
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
24346
" week_file=\"$hostname-week2.tgz\"\n"
24347
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
24348
" week_file=\"$hostname-week3.tgz\"\n"
24349
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
24350
" week_file=\"$hostname-week4.tgz\"\n"
24351
"fi\n"
24352
"\n"
24353
"# Find if the Month is odd or even.\n"
24354
"month_num=$(date +%m)\n"
24355
"month=$(expr $month_num % 2)\n"
24356
"if [ $month -eq 0 ]; then\n"
24357
" month_file=\"$hostname-month2.tgz\"\n"
24358
"else\n"
24359
" month_file=\"$hostname-month1.tgz\"\n"
24360
"fi\n"
24361
"\n"
24362
"# Create archive filename.\n"
24363
"if [ $day_num == 1 ]; then\n"
24364
"\tarchive_file=$month_file\n"
24365
"elif [ $day != \"Saturday\" ]; then\n"
24366
" archive_file=\"$hostname-$day.tgz\"\n"
24367
"else \n"
24368
"\tarchive_file=$week_file\n"
24369
"fi\n"
24370
"\n"
24371
"# Print start status message.\n"
24372
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
24373
"date\n"
24374
"echo\n"
24375
"\n"
24376
"# Backup the files using tar.\n"
24377
"tar czf $dest/$archive_file $backup_files\n"
24378
"\n"
24379
"# Print end status message.\n"
24380
"echo\n"
24381
"echo \"Backup finished\"\n"
24382
"date\n"
24383
"\n"
24384
"# Long listing of files in $dest to check file sizes.\n"
24385
"ls -lh $dest/\n"
24386
msgstr ""
24387
24388
#: serverguide/C/backups.xml:456(para)
24389
msgid ""
24390
"The script can be executed using the same methods as in <xref "
24391
"linkend=\"backup-executing-shellscript\"/>."
24392
msgstr ""
24393
24394
#: serverguide/C/backups.xml:459(para)
24395
msgid ""
24396
"It is good practice to take backup media off site in case of a disaster. In "
24397
"the shell script example the backup media is another server providing an NFS "
24398
"share. In all likelihood taking the NFS server to another location would not "
24399
"be practical. Depending upon connection speeds it may be an option to copy "
24400
"the archive file over a WAN link to a server in another location."
24401
msgstr ""
24402
24403
#: serverguide/C/backups.xml:465(para)
24404
msgid ""
24405
"Another option is to copy the archive file to an external hard drive which "
24406
"can then be taken off site. Since the price of external hard drives continue "
24407
"to decrease it may be cost-effective to use two drives for each archive "
24408
"level. This would allow you to have one external drive attached to the "
24409
"backup server and one in another location."
24410
msgstr ""
24411
24412
#: serverguide/C/backups.xml:472(title)
24413
msgid "Tape Drives"
24414
msgstr ""
24415
24416
#: serverguide/C/backups.xml:473(para)
24417
msgid ""
24418
"A tape drive attached to the server can be used instead of a NFS share. "
24419
"Using a tape drive simplifies archive rotation, and taking the media off "
24420
"site as well."
24421
msgstr ""
24422
24423
#: serverguide/C/backups.xml:477(para)
24424
msgid ""
24425
"When using a tape drive the filename portions of the script aren't needed "
24426
"because the date is sent directly to the tape device. Some commands to "
24427
"manipulate the tape are needed. This is accomplished using "
24428
"<application>mt</application>, a magnetic tape control utility part of the "
24429
"<application>cpio</application> package."
24430
msgstr ""
24431
24432
#: serverguide/C/backups.xml:482(para)
24433
msgid "Here is the shell script modified to use a tape drive:"
24434
msgstr ""
24435
24436
#: serverguide/C/backups.xml:485(programlisting)
24437
#, no-wrap
24438
msgid ""
24439
"\n"
24440
"#!/bin/bash\n"
24441
"####################################\n"
24442
"#\n"
24443
"# Backup to tape drive script.\n"
24444
"#\n"
24445
"####################################\n"
24446
"\n"
24447
"# What to backup. \n"
24448
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24449
"\n"
24450
"# Where to backup to.\n"
24451
"dest=\"/dev/st0\"\n"
24452
"\n"
24453
"# Print start status message.\n"
24454
"echo \"Backing up $backup_files to $dest\"\n"
24455
"date\n"
24456
"echo\n"
24457
"\n"
24458
"# Make sure the tape is rewound.\n"
24459
"mt -f $dest rewind\n"
24460
"\n"
24461
"# Backup the files using tar.\n"
24462
"tar czf $dest $backup_files\n"
24463
"\n"
24464
"# Rewind and eject the tape.\n"
24465
"mt -f $dest rewoffl\n"
24466
"\n"
24467
"# Print end status message.\n"
24468
"echo\n"
24469
"echo \"Backup finished\"\n"
24470
"date\n"
24471
msgstr ""
24472
24473
#: serverguide/C/backups.xml:519(para)
24474
msgid ""
24475
"The default device name for a SCSI tape drive is "
24476
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
24477
"system."
24478
msgstr ""
24479
24480
#: serverguide/C/backups.xml:524(para)
24481
msgid ""
24482
"Restoring from a tape drive is basically the same as restoring from a file. "
24483
"Simply rewind the tape and use the device path instead of a file path. For "
24484
"example to restore the <filename>/etc/hosts</filename> file to "
24485
"<filename>/tmp/etc/hosts</filename>:"
24486
msgstr ""
24487
24488
#: serverguide/C/backups.xml:529(command)
24489
msgid "mt -f /dev/st0 rewind"
24490
msgstr ""
24491
24492
#: serverguide/C/backups.xml:530(command)
24493
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
24494
msgstr ""
24495
24496
#: serverguide/C/backups.xml:535(title)
24497
msgid "Bacula"
24498
msgstr ""
24499
24500
#: serverguide/C/backups.xml:536(para)
24501
msgid ""
24502
"<application>Bacula</application> is a backup program enabling you to "
24503
"backup, restore, and verify data across your network. There are Bacula "
24504
"clients for Linux, Windows, and Mac OS X. Making it a cross platform network "
24505
"wide solution."
24506
msgstr ""
24507
24508
#: serverguide/C/backups.xml:542(para)
24509
msgid ""
24510
"<application>Bacula</application> is made up of several components and "
24511
"services used to manage which files to backup and where to back them up to:"
24512
msgstr ""
24513
24514
#: serverguide/C/backups.xml:548(para)
24515
msgid ""
24516
"<application>Bacula Director:</application> a service that controls all "
24517
"backup, restore, verify, and archive operations."
24518
msgstr ""
24519
24520
#: serverguide/C/backups.xml:553(para)
24521
msgid ""
24522
"<application>Bacula Console:</application> an application allowing "
24523
"communication with the Director. There are three versions of the Console:"
24524
msgstr ""
24525
24526
#: serverguide/C/backups.xml:558(para)
24527
msgid "Text based command line version."
24528
msgstr ""
24529
24530
#: serverguide/C/backups.xml:559(para)
24531
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
24532
msgstr ""
24533
24534
#: serverguide/C/backups.xml:560(para)
24535
msgid "wxWidgets GUI interface."
24536
msgstr ""
24537
24538
#: serverguide/C/backups.xml:564(para)
24539
msgid ""
24540
"<application>Bacula File:</application> also known as the "
24541
"<application>Bacula Client</application> program. This application is "
24542
"installed on machines to be backed up, and is responsible for the data "
24543
"requested by the Director."
24544
msgstr ""
24545
24546
#: serverguide/C/backups.xml:570(para)
24547
msgid ""
24548
"<application>Bacula Storage:</application> the programs that perform the "
24549
"storage and recovery of data to the physical media."
24550
msgstr ""
24551
24552
#: serverguide/C/backups.xml:575(para)
24553
msgid ""
24554
"<application>Bacula Catalog:</application> is responsible for maintaining "
24555
"the file indexes and volume databases for all files backed up, enabling "
24556
"quick location and restoration of archived files. The Catalog supports three "
24557
"different databases MySQL, PostgreSQL, and SQLite."
24558
msgstr ""
24559
24560
#: serverguide/C/backups.xml:581(para)
24561
msgid ""
24562
"<application>Bacula Monitor:</application> allows the monitoring of the "
24563
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
24564
"available as a GTK+ GUI application."
24565
msgstr ""
24566
24567
#: serverguide/C/backups.xml:587(para)
24568
msgid ""
24569
"These services and applications can be run on multiple servers and clients, "
24570
"or they can be installed on one machine if backing up a single disk or "
24571
"volume."
24572
msgstr ""
24573
24574
#: serverguide/C/backups.xml:594(para)
24575
msgid ""
24576
"There are multiple packages containing the different "
24577
"<application>Bacula</application> components. To install Bacula, from a "
24578
"terminal prompt enter:"
24579
msgstr ""
24580
24581
#: serverguide/C/backups.xml:599(command)
24582
msgid "sudo apt-get install bacula"
24583
msgstr ""
24584
24585
#: serverguide/C/backups.xml:601(para)
24586
msgid ""
24587
"By default installing the <application>bacula</application> package will use "
24588
"a <application>MySQL</application> database for the Catalog. If you want to "
24589
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
24590
"director-sqlite3</application> or <application>bacula-director-"
24591
"pgsql</application> respectively."
24592
msgstr ""
24593
24594
#: serverguide/C/backups.xml:607(para)
24595
msgid ""
24596
"During the install process you will be asked to supply credentials for the "
24597
"database <emphasis>administrator</emphasis> and the "
24598
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
24599
"database administrator will need to have the appropriate rights to create a "
24600
"database, see <xref linkend=\"mysql\"/> for more information."
24601
msgstr ""
24602
24603
#: serverguide/C/backups.xml:617(para)
24604
msgid ""
24605
"<application>Bacula</application> configuration files are formatted based on "
24606
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
24607
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
24608
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
24609
"directory."
24610
msgstr ""
24611
24612
#: serverguide/C/backups.xml:622(para)
24613
msgid ""
24614
"The various <application>Bacula</application> components must authorize "
24615
"themselves to each other. This is accomplished using the "
24616
"<emphasis>password</emphasis> directive. For example, the "
24617
"<emphasis>Storage</emphasis> resource password in the "
24618
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
24619
"<emphasis>Director</emphasis> resource password in "
24620
"<filename>/etc/bacula/bacula-sd.conf</filename>."
24621
msgstr ""
24622
24623
#: serverguide/C/backups.xml:628(para)
24624
msgid ""
24625
"By default the backup job named <emphasis>Client1</emphasis> is configured "
24626
"to archive the <application>Bacula</application> Catalog. If you plan on "
24627
"using the server to backup more than one client you should change the name "
24628
"of this job to something more descriptive. To change the name edit "
24629
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
24630
msgstr ""
24631
24632
#: serverguide/C/backups.xml:633(programlisting)
24633
#, no-wrap
24634
msgid ""
24635
"\n"
24636
"#\n"
24637
"# Define the main nightly save backup job\n"
24638
"# By default, this job will back up to disk in \n"
24639
"Job {\n"
24640
" Name = \"BackupServer\"\n"
24641
" JobDefs = \"DefaultJob\"\n"
24642
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
24643
"}\n"
24644
msgstr ""
24645
24646
#: serverguide/C/backups.xml:644(para)
24647
msgid ""
24648
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
24649
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
24650
"your appropriate hostname, or other descriptive name."
24651
msgstr ""
24652
24653
#: serverguide/C/backups.xml:649(para)
24654
msgid ""
24655
"The <emphasis>Console</emphasis> can be used to query the "
24656
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
24657
"<emphasis>non-root</emphasis> user, the user needs to be in the "
24658
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
24659
"the following from a terminal:"
24660
msgstr ""
24661
24662
#: serverguide/C/backups.xml:655(command)
24663
msgid "sudo adduser $username bacula"
24664
msgstr ""
24665
24666
#: serverguide/C/backups.xml:658(para)
24667
msgid ""
24668
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
24669
"you are adding the current user to the group you should log out and back in "
24670
"for the new permissions to take effect."
24671
msgstr ""
24672
24673
#: serverguide/C/backups.xml:665(title)
24674
msgid "Localhost Backup"
24675
msgstr ""
24676
24677
#: serverguide/C/backups.xml:666(para)
24678
msgid ""
24679
"This section describes how to backup specified directories on a single host "
24680
"to a local tape drive."
24681
msgstr ""
24682
24683
#: serverguide/C/backups.xml:671(para)
24684
msgid ""
24685
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
24686
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
24687
msgstr ""
24688
24689
#: serverguide/C/backups.xml:674(programlisting)
24690
#, no-wrap
24691
msgid ""
24692
"\n"
24693
"Device {\n"
24694
" Name = \"Tape Drive\"\n"
24695
" Device Type = tape\n"
24696
" Media Type = DDS-4\n"
24697
" Archive Device = /dev/st0\n"
24698
" Hardware end of medium = No;\n"
24699
" AutomaticMount = yes; # when device opened, read it\n"
24700
" AlwaysOpen = Yes;\n"
24701
" RemovableMedia = yes;\n"
24702
" RandomAccess = no;\n"
24703
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
24704
"}\n"
24705
msgstr ""
24706
24707
#: serverguide/C/backups.xml:688(para)
24708
msgid ""
24709
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24710
"Type and Archive Device to match your hardware."
24711
msgstr ""
24712
24713
#: serverguide/C/backups.xml:691(para)
24714
msgid "You could also uncomment one of the other examples in the file."
24715
msgstr ""
24716
24717
#: serverguide/C/backups.xml:696(para)
24718
msgid ""
24719
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24720
"<application>Storage</application> daemon will need to be restarted:"
24721
msgstr ""
24722
24723
#: serverguide/C/backups.xml:701(command)
24724
msgid "sudo /etc/init.d/bacula-sd restart"
24725
msgstr ""
24726
24727
#: serverguide/C/backups.xml:705(para)
24728
msgid ""
24729
"Now add a <emphasis>Storage</emphasis> resource in "
24730
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24731
msgstr ""
24732
24733
#: serverguide/C/backups.xml:708(programlisting)
24734
#, no-wrap
24735
msgid ""
24736
"\n"
24737
"# Definition of \"Tape Drive\" storage device\n"
24738
"Storage {\n"
24739
" Name = TapeDrive\n"
24740
" # Do not use \"localhost\" here \n"
24741
" Address = backupserver # N.B. Use a fully qualified name "
24742
"here\n"
24743
" SDPort = 9103\n"
24744
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
24745
" Device = \"Tape Drive\"\n"
24746
" Media Type = tape\n"
24747
"}\n"
24748
msgstr ""
24749
24750
#: serverguide/C/backups.xml:720(para)
24751
msgid ""
24752
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24753
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24754
"to the actual host name."
24755
msgstr ""
24756
24757
#: serverguide/C/backups.xml:724(para)
24758
msgid ""
24759
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24760
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24761
msgstr ""
24762
24763
#: serverguide/C/backups.xml:730(para)
24764
msgid ""
24765
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24766
"directories to backup, by adding:"
24767
msgstr ""
24768
24769
#: serverguide/C/backups.xml:733(programlisting)
24770
#, no-wrap
24771
msgid ""
24772
"\n"
24773
"# LocalhostBacup FileSet.\n"
24774
"FileSet {\n"
24775
" Name = \"LocalhostFiles\"\n"
24776
" Include {\n"
24777
" Options {\n"
24778
" signature = MD5\n"
24779
" compression=GZIP\n"
24780
" }\n"
24781
" File = /etc\n"
24782
" File = /home\n"
24783
" }\n"
24784
"}\n"
24785
msgstr ""
24786
24787
#: serverguide/C/backups.xml:747(para)
24788
msgid ""
24789
"This <emphasis>FileSet</emphasis> will backup the <filename "
24790
"role=\"directory\">/etc</filename> and <filename "
24791
"role=\"directory\">/home</filename> directories. The "
24792
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24793
"create a MD5 signature for each file backed up, and to compress the files "
24794
"using GZIP."
24795
msgstr ""
24796
24797
#: serverguide/C/backups.xml:754(para)
24798
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24799
msgstr ""
24800
24801
#: serverguide/C/backups.xml:757(programlisting)
24802
#, no-wrap
24803
msgid ""
24804
"\n"
24805
"# LocalhostBackup Schedule -- Daily.\n"
24806
"Schedule {\n"
24807
" Name = \"LocalhostDaily\"\n"
24808
" Run = Full daily at 00:01\n"
24809
"}\n"
24810
msgstr ""
24811
24812
#: serverguide/C/backups.xml:764(para)
24813
msgid ""
24814
"The job will run every day at 00:01 or 12:01 am. There are many other "
24815
"scheduling options available."
24816
msgstr ""
24817
24818
#: serverguide/C/backups.xml:769(para)
24819
msgid "Finally create the <emphasis>Job</emphasis>:"
24820
msgstr ""
24821
24822
#: serverguide/C/backups.xml:772(programlisting)
24823
#, no-wrap
24824
msgid ""
24825
"\n"
24826
"# Localhost backup.\n"
24827
"Job {\n"
24828
" Name = \"LocalhostBackup\"\n"
24829
" JobDefs = \"DefaultJob\"\n"
24830
" Enabled = yes\n"
24831
" Level = Full\n"
24832
" FileSet = \"LocalhostFiles\"\n"
24833
" Schedule = \"LocalhostDaily\"\n"
24834
" Storage = TapeDrive\n"
24835
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24836
"} \n"
24837
msgstr ""
24838
24839
#: serverguide/C/backups.xml:785(para)
24840
msgid ""
24841
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24842
"drive."
24843
msgstr ""
24844
24845
#: serverguide/C/backups.xml:790(para)
24846
msgid ""
24847
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24848
"current tape does not have a label <application>Bacula</application> will "
24849
"send an email letting you know. To label a tape using the "
24850
"<application>Console</application> enter the following from a terminal:"
24851
msgstr ""
24852
24853
#: serverguide/C/backups.xml:796(command)
24854
msgid "bconsole"
24855
msgstr ""
24856
24857
#: serverguide/C/backups.xml:800(para)
24858
msgid "At the Bacula Console prompt enter:"
24859
msgstr ""
24860
24861
#: serverguide/C/backups.xml:804(command)
24862
msgid "label"
24863
msgstr "label"
24864
24865
#: serverguide/C/backups.xml:808(para)
24866
msgid ""
24867
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24868
msgstr ""
24869
24870
#: serverguide/C/backups.xml:818(userinput)
24871
#, no-wrap
24872
msgid "2"
24873
msgstr "2"
24874
24875
#: serverguide/C/backups.xml:812(computeroutput)
24876
#, no-wrap
24877
msgid ""
24878
"\n"
24879
"Automatically selected Catalog: MyCatalog\n"
24880
"Using Catalog \"MyCatalog\"\n"
24881
"The defined Storage resources are:\n"
24882
" 1: File\n"
24883
" 2: TapeDrive\n"
24884
"Select Storage resource (1-2):<placeholder-1/>\n"
24885
msgstr ""
24886
24887
#: serverguide/C/backups.xml:823(para)
24888
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24889
msgstr ""
24890
24891
#: serverguide/C/backups.xml:828(userinput)
24892
#, no-wrap
24893
msgid "Sunday"
24894
msgstr "Sunday"
24895
24896
#: serverguide/C/backups.xml:827(computeroutput)
24897
#, no-wrap
24898
msgid ""
24899
"\n"
24900
"Enter new Volume name: <placeholder-1/>\n"
24901
"Defined Pools:\n"
24902
" 1: Default\n"
24903
" 2: Scratch"
24904
msgstr ""
24905
24906
#: serverguide/C/backups.xml:833(para)
24907
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24908
msgstr ""
24909
24910
#: serverguide/C/backups.xml:838(para)
24911
msgid "Now, select the <emphasis>Pool</emphasis>:"
24912
msgstr ""
24913
24914
#: serverguide/C/backups.xml:843(userinput)
24915
#, no-wrap
24916
msgid "1"
24917
msgstr "1"
24918
24919
#: serverguide/C/backups.xml:842(computeroutput)
24920
#, no-wrap
24921
msgid ""
24922
"\n"
24923
"Select the Pool (1-2): <placeholder-1/>\n"
24924
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24925
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24926
msgstr ""
24927
24928
#: serverguide/C/backups.xml:850(para)
24929
msgid ""
24930
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24931
"backup the localhost to an attached tape drive."
24932
msgstr ""
24933
24934
#: serverguide/C/backups.xml:858(para)
24935
msgid ""
24936
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24937
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24938
"Manual</ulink>"
24939
msgstr ""
24940
24941
#: serverguide/C/backups.xml:864(para)
24942
msgid ""
24943
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24944
"the latest Bacula news and developments."
24945
msgstr ""
24946
24947
#: serverguide/C/backups.xml:869(para)
24948
msgid ""
24949
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24950
"Ubuntu Wiki</ulink> page."
24951
msgstr ""
24952
24953
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24954
#: serverguide/C/backups.xml:0(None)
24955
msgid "translator-credits"
24956
msgstr ""
24957
"Launchpad Contributions:\n"
24958
" Arthur Kulik https://launchpad.net/~arthur-kulik\n"
24959
" Yuri Chornoivan https://launchpad.net/~yurchor-gmail\n"
24960
" oleg voitsikhovskyi https://launchpad.net/~uaolegua"
24961
24962
#~ msgid "sudo /etc/init.d/samba restart"
24963
#~ msgstr "sudo /etc/init.d/samba restart"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1