1809
1801
"common</application> and <application>winbind</application> packages:"
1812
#: serverguide/C/windows-networking.xml:1438(para)
1804
#: serverguide/C/windows-networking.xml:1440(para)
1814
1806
"<application>lwinet</application>: Returns information about the network and "
1818
#: serverguide/C/windows-networking.xml:1443(para)
1810
#: serverguide/C/windows-networking.xml:1445(para)
1820
1812
"<application>lwimsg</application>: Allows interaction with the "
1821
1813
"<application>likewise-winbindd</application> daemon."
1824
#: serverguide/C/windows-networking.xml:1448(para)
1816
#: serverguide/C/windows-networking.xml:1450(para)
1826
1818
"<application>lwiinfo</application>: Displays information about various parts "
1827
1819
"of the Domain."
1830
#: serverguide/C/windows-networking.xml:1454(para)
1822
#: serverguide/C/windows-networking.xml:1456(para)
1831
1823
msgid "Please refer to each utility's man page specific for details."
1834
#: serverguide/C/windows-networking.xml:1460(title) serverguide/C/mail.xml:336(title) serverguide/C/mail.xml:1563(title) serverguide/C/dns.xml:338(title)
1826
#: serverguide/C/windows-networking.xml:1462(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1598(title) serverguide/C/dns.xml:338(title)
1835
1827
msgid "Troubleshooting"
1838
#: serverguide/C/windows-networking.xml:1464(para)
1830
#: serverguide/C/windows-networking.xml:1466(para)
1840
1832
"If the client has trouble joining the domain, double check that the "
1841
1833
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1845
#: serverguide/C/windows-networking.xml:1469(programlisting)
1837
#: serverguide/C/windows-networking.xml:1471(programlisting)
1849
1841
"nameserver 192.168.0.1\n"
1852
#: serverguide/C/windows-networking.xml:1474(para)
1844
#: serverguide/C/windows-networking.xml:1476(para)
1854
1846
"For more information when joining a domain, use the <emphasis>--loglevel "
1855
1847
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1856
1848
"<application>domainjoin-cli</application> utility:"
1859
#: serverguide/C/windows-networking.xml:1480(command)
1851
#: serverguide/C/windows-networking.xml:1482(command)
1860
1852
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1863
#: serverguide/C/windows-networking.xml:1484(para)
1855
#: serverguide/C/windows-networking.xml:1486(para)
1865
1857
"If an Active Directory user has trouble logging in, check the "
1866
1858
"<filename>/var/log/auth.log</filename> for details."
1869
#: serverguide/C/windows-networking.xml:1489(para)
1861
#: serverguide/C/windows-networking.xml:1491(para)
1871
1863
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1872
1864
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1873
1865
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1874
"<emphasis>\"mdns4\"</emphasis> entry from the <emphasis>hosts</emphasis> "
1875
"option. For example:"
1866
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1867
"<emphasis>hosts</emphasis> option. For example:"
1878
#: serverguide/C/windows-networking.xml:1495(programlisting)
1870
#: serverguide/C/windows-networking.xml:1497(programlisting)
1882
1874
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1885
#: serverguide/C/windows-networking.xml:1499(para)
1877
#: serverguide/C/windows-networking.xml:1501(para)
1886
1878
msgid "Change the above to:"
1889
#: serverguide/C/windows-networking.xml:1503(programlisting)
1881
#: serverguide/C/windows-networking.xml:1505(programlisting)
1893
1885
"hosts: files dns [NOTFOUND=return]\n"
1896
#: serverguide/C/windows-networking.xml:1507(para)
1888
#: serverguide/C/windows-networking.xml:1509(para)
1897
1889
msgid "Then restart networking by entering:"
1890
msgstr "Després reinicieu la xarxa. Per a fer-ho, introduïu:"
1900
#: serverguide/C/windows-networking.xml:1512(command) serverguide/C/network-config.xml:237(command)
1892
#: serverguide/C/windows-networking.xml:1514(command) serverguide/C/network-config.xml:559(command)
1901
1893
msgid "sudo /etc/init.d/networking restart"
1894
msgstr "sudo /etc/init.d/networking restart"
1904
#: serverguide/C/windows-networking.xml:1515(para)
1896
#: serverguide/C/windows-networking.xml:1517(para)
1905
1897
msgid "You should now be able to join the Active Directory domain."
1908
#: serverguide/C/windows-networking.xml:1523(title)
1900
#: serverguide/C/windows-networking.xml:1525(title)
1909
1901
msgid "Microsoft DNS"
1912
#: serverguide/C/windows-networking.xml:1525(para)
1904
#: serverguide/C/windows-networking.xml:1527(para)
1914
1906
"The following are instructions for installing DNS on an Active Directory "
1915
1907
"domain controller running Windows Server 2003, but the instructions should "
1916
1908
"be similar for other versions:"
1919
#: serverguide/C/windows-networking.xml:1532(para)
1911
#: serverguide/C/windows-networking.xml:1536(para)
1922
1914
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1923
"</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice>. "
1915
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1924
1916
"This will open the <application>Server Role Mangement</application> utility."
1927
#: serverguide/C/windows-networking.xml:1540(para)
1928
msgid "Click Add or remove a role"
1919
#: serverguide/C/windows-networking.xml:1544(para)
1920
msgid "Click <guilabel>Add or remove a role</guilabel>"
1931
#: serverguide/C/windows-networking.xml:1541(para) serverguide/C/windows-networking.xml:1543(para) serverguide/C/windows-networking.xml:1546(para)
1923
#: serverguide/C/windows-networking.xml:1545(para) serverguide/C/windows-networking.xml:1547(para) serverguide/C/windows-networking.xml:1550(para)
1932
1924
msgid "Click Next"
1935
#: serverguide/C/windows-networking.xml:1542(para)
1927
#: serverguide/C/windows-networking.xml:1546(para)
1936
1928
msgid "Select \"DNS Server\""
1939
#: serverguide/C/windows-networking.xml:1544(para)
1931
#: serverguide/C/windows-networking.xml:1548(para)
1932
msgid "Click Next again to proceed"
1943
#: serverguide/C/windows-networking.xml:1545(para)
1935
#: serverguide/C/windows-networking.xml:1549(para)
1944
1936
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1947
#: serverguide/C/windows-networking.xml:1547(para)
1939
#: serverguide/C/windows-networking.xml:1551(para)
1949
1941
"Make sure \"This server maintains the zone\" is selected and click Next."
1952
#: serverguide/C/windows-networking.xml:1548(para)
1944
#: serverguide/C/windows-networking.xml:1552(para)
1953
1945
msgid "Enter your domain name and click Next"
1956
#: serverguide/C/windows-networking.xml:1549(para) serverguide/C/windows-networking.xml:1550(para)
1948
#: serverguide/C/windows-networking.xml:1553(para)
1957
1949
msgid "Click Next to \"Allow only secure dynamic updates\""
1960
#: serverguide/C/windows-networking.xml:1552(para)
1952
#: serverguide/C/windows-networking.xml:1555(para)
1962
1954
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1963
1955
"should not forward queries\" and click Next."
1966
#: serverguide/C/windows-networking.xml:1556(para) serverguide/C/windows-networking.xml:1557(para)
1958
#: serverguide/C/windows-networking.xml:1559(para) serverguide/C/windows-networking.xml:1560(para)
1967
1959
msgid "Click Finish"
1970
#: serverguide/C/windows-networking.xml:1559(para)
1962
#: serverguide/C/windows-networking.xml:1562(para)
1972
1964
"DNS is now installed and can be further configured using the "
1973
1965
"<application>Microsoft Management Console</application> DNS snap-in."
1976
#: serverguide/C/windows-networking.xml:1567(para)
1968
#: serverguide/C/windows-networking.xml:1570(para)
1977
1969
msgid "Click Start"
1980
#: serverguide/C/windows-networking.xml:1568(para)
1972
#: serverguide/C/windows-networking.xml:1571(para)
1981
1973
msgid "Control Panel"
1984
#: serverguide/C/windows-networking.xml:1569(para)
1976
#: serverguide/C/windows-networking.xml:1572(para)
1985
1977
msgid "Network Connections"
1988
#: serverguide/C/windows-networking.xml:1570(para)
1980
#: serverguide/C/windows-networking.xml:1573(para)
1989
1981
msgid "Right Click \"Local Area Connection\""
1992
#: serverguide/C/windows-networking.xml:1571(para)
1984
#: serverguide/C/windows-networking.xml:1574(para)
1993
1985
msgid "Click Properties"
1996
#: serverguide/C/windows-networking.xml:1572(para)
1988
#: serverguide/C/windows-networking.xml:1575(para)
1997
1989
msgid "Double click \"Internet Protocol (TCP/IP)\""
2000
#: serverguide/C/windows-networking.xml:1573(para)
1992
#: serverguide/C/windows-networking.xml:1576(para)
2001
1993
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
2004
#: serverguide/C/windows-networking.xml:1574(para)
1996
#: serverguide/C/windows-networking.xml:1577(para)
2005
1997
msgid "Click Ok"
2008
#: serverguide/C/windows-networking.xml:1575(para)
2000
#: serverguide/C/windows-networking.xml:1578(para)
2009
2001
msgid "Click Ok again to save the settings"
2012
#: serverguide/C/windows-networking.xml:1564(para)
2004
#: serverguide/C/windows-networking.xml:1567(para)
2014
2006
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
2017
#: serverguide/C/windows-networking.xml:1582(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:766(title) serverguide/C/web-servers.xml:910(title) serverguide/C/web-servers.xml:1002(title) serverguide/C/web-servers.xml:1218(title) serverguide/C/vpn.xml:291(title) serverguide/C/virtualization.xml:1303(title) serverguide/C/virtualization.xml:1492(title) serverguide/C/vcs.xml:536(title) serverguide/C/security.xml:935(title) serverguide/C/security.xml:1264(title) serverguide/C/security.xml:1679(title) serverguide/C/security.xml:1870(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:432(title) serverguide/C/other-apps.xml:381(title) serverguide/C/network-config.xml:672(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:522(title) serverguide/C/mail.xml:444(title) serverguide/C/mail.xml:625(title) serverguide/C/mail.xml:772(title) serverguide/C/mail.xml:1189(title) serverguide/C/mail.xml:1611(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:369(title) serverguide/C/lamp-applications.xml:471(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:431(title) serverguide/C/file-server.xml:611(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
2009
#: serverguide/C/windows-networking.xml:1585(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:1840(title) serverguide/C/virtualization.xml:2165(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1626(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1646(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
2018
2010
msgid "References"
2011
msgstr "Referències"
2021
#: serverguide/C/windows-networking.xml:1584(para)
2013
#: serverguide/C/windows-networking.xml:1587(para)
2023
2015
"Please refer to the <ulink "
2024
2016
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
2025
2017
"further information."
2028
#: serverguide/C/windows-networking.xml:1588(para)
2020
#: serverguide/C/windows-networking.xml:1591(para)
2030
2022
"For more <application>domainjoin-cli</application> options see the man page: "
2031
2023
"<command>man domainjoin-cli</command>."
2026
#: serverguide/C/windows-networking.xml:1595(para)
2028
"Also, see the <ulink "
2029
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
2030
"LikewiseOpen</ulink> page."
2034
2033
#: serverguide/C/web-servers.xml:13(title)
2035
2034
msgid "Web Servers"
5292
5394
"firstlogin login.sh es"
5295
#: serverguide/C/virtualization.xml:1164(para)
5397
#: serverguide/C/virtualization.xml:1169(para)
5297
5399
"If you are interested in learning more, have questions or suggestions, "
5298
5400
"please contact the Ubuntu Server Team at:"
5301
#: serverguide/C/virtualization.xml:1169(para)
5403
#: serverguide/C/virtualization.xml:1174(para)
5302
5404
msgid "IRC: #ubuntu-server on freenode"
5305
#: serverguide/C/virtualization.xml:1174(para)
5407
#: serverguide/C/virtualization.xml:1179(para)
5307
5409
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5308
5410
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5311
#: serverguide/C/virtualization.xml:1182(title)
5315
#: serverguide/C/virtualization.xml:1185(title) serverguide/C/network-auth.xml:1683(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:879(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5413
#: serverguide/C/virtualization.xml:1184(para)
5415
"Also, see the <ulink "
5416
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5417
"Wiki</ulink> page."
5420
#: serverguide/C/virtualization.xml:1192(title)
5424
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2026(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5316
5425
msgid "Overview"
5319
#: serverguide/C/virtualization.xml:1187(para)
5321
"<emphasis>Eucalyptus</emphasis> is an open-source software infrastructure "
5322
"for implementing \"cloud computing\" on your own clusters. "
5323
"<emphasis>Eucalyptus</emphasis> allows you to create your own cloud "
5324
"computing environment in order to maximize computing resources and provide a "
5325
"cloud computing environment to your users."
5328
#: serverguide/C/virtualization.xml:1193(para)
5330
"This section will cover setting up a Cloud Computing environment using "
5331
"<application>Eucalyptus</application> with <application>KVM</application>. "
5332
"For more information on KVM see <xref linkend=\"libvirt\"/>."
5335
#: serverguide/C/virtualization.xml:1198(para)
5337
"The Cloud Computing environment will consist of three components, typically "
5338
"installed on at least two separate machines (termed the 'front-end' and "
5339
"'node(s)' for the rest of this document):"
5342
#: serverguide/C/virtualization.xml:1205(para)
5344
"<emphasis>One Front-End:</emphasis> hosts one Cloud Controller, a Java based "
5345
"Web configuration interface, and a Cluster Controller, which determines "
5346
"where virtual machines (VMs) will be housed and manages cluster level VM "
5350
#: serverguide/C/virtualization.xml:1211(para)
5352
"<emphasis>One or more Compute Nodes:</emphasis> runs the Node Controller "
5353
"component of Eucalyptus, which allows the machine to be part of the cloud as "
5428
#: serverguide/C/virtualization.xml:1197(para)
5430
"This tutorial covers <application>UEC</application> installation from the "
5431
"Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
5432
"with a single system serving as the <emphasis>\"all-in-one "
5433
"controller\"</emphasis>, and one or more nodes attached."
5436
#: serverguide/C/virtualization.xml:1202(para)
5438
"From this Tutorial you will learn how to install, configure, register and "
5439
"perform several operations on a basic <application>UEC</application> setup "
5440
"that results in a cloud with a one controller <emphasis>\"front-"
5441
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5442
"instances. You will also use examples to help get you started using your own "
5443
"private compute cloud."
5446
#: serverguide/C/virtualization.xml:1210(title)
5447
msgid "Prerequisites"
5450
#: serverguide/C/virtualization.xml:1212(para)
5452
"To deploy a minimal cloud infrastructure, you’ll need at least "
5453
"<emphasis>two</emphasis> dedicated systems:"
5357
5456
#: serverguide/C/virtualization.xml:1218(para)
5359
"The simple <emphasis>System</emphasis> networking option will be used by "
5360
"default. This network method allows virtual machine instances, to obtain IP "
5361
"addresses from the local LAN, assuming that a DHCP server is properly "
5362
"configured on the LAN to hand out IPs dynamically to VMs that request them. "
5363
"Each node will be configured for bridge networking. For more details see "
5364
"<xref linkend=\"bridging\"/>."
5367
#: serverguide/C/virtualization.xml:1228(para)
5369
"First, on the <emphasis>Front-End</emphasis> install the appropriate "
5370
"packages. In a terminal prompt on the Front-End enter:"
5373
#: serverguide/C/virtualization.xml:1233(command)
5374
msgid "sudo apt-get install eucalyptus-cloud eucalyptus-cc"
5457
msgid "A front end."
5460
#: serverguide/C/virtualization.xml:1223(para)
5461
msgid "One or more node(s)."
5464
#: serverguide/C/virtualization.xml:1229(para)
5466
"The following are recommendations, rather than fixed requirements. However, "
5467
"our experience in developing this documentation indicated the following "
5471
#: serverguide/C/virtualization.xml:1234(title)
5472
msgid "Front End Requirements"
5377
5475
#: serverguide/C/virtualization.xml:1236(para)
5379
"Next, on the each <emphasis>Compute Node</emphasis> install the node "
5380
"controller package. In a terminal prompt on each Compute Node enter:"
5383
#: serverguide/C/virtualization.xml:1241(command)
5384
msgid "sudo apt-get install eucalyptus-nc"
5476
msgid "Use the following table for a system that will run one or more of:"
5479
#: serverguide/C/virtualization.xml:1241(para)
5480
msgid "Cloud Controller (CLC)"
5483
#: serverguide/C/virtualization.xml:1242(para)
5484
msgid "Cluster Controller (CC)"
5487
#: serverguide/C/virtualization.xml:1243(para)
5488
msgid "Walrus (the S3-like storage service)"
5387
5491
#: serverguide/C/virtualization.xml:1244(para)
5389
"Once the installation is complete, and it may take a while, in a browser go "
5390
"to <emphasis>https://front-end:8443</emphasis> and login to the "
5391
"administration interface using the default username and password of "
5392
"<emphasis>admin</emphasis>. You will then be prompted to change the "
5393
"password, configure an email address for the admin user, and set the storage "
5397
#: serverguide/C/virtualization.xml:1250(para)
5399
"In the web interface's <emphasis>\"Configuration\"</emphasis> tab, add a "
5400
"cluster under the <emphasis>\"Clusters\"</emphasis> heading (in this "
5401
"configuration, the cluster controller is on the same system as the cloud "
5402
"controller, so entering 'localhost' as the cluster hostname is correct). "
5403
"Once the form is filled out click the <emphasis>\"Add Cluster\"</emphasis> "
5407
#: serverguide/C/virtualization.xml:1256(para)
5409
"Now, back on the <emphasis>Front-End</emphasis>, add the nodes to the "
5413
#: serverguide/C/virtualization.xml:1261(command)
5414
msgid "sudo euca_conf -addnode hostname_of_node"
5417
#: serverguide/C/virtualization.xml:1264(para)
5419
"You will then be prompted to log into your Node, install the "
5420
"<application>eucalyptus-nc</application> package, and add the "
5421
"<emphasis>eucalyptus</emphasis> user's ssh key to the node's "
5422
"<filename>authorized_keys</filename> file, and confirm authenticity of the "
5423
"host's OpenSSH RSA key fingerprint. Finally, the command will complete by "
5424
"synchronizing the eucalyptus component keys and node registration is "
5428
#: serverguide/C/virtualization.xml:1270(para)
5430
"On the Node, the <filename>/etc/eucalyptus/eucalyptus.conf</filename> "
5431
"configuration file will need editing to use your node's bridge interface "
5432
"(assuming here that the interface is named <emphasis>'br0'</emphasis>):"
5435
#: serverguide/C/virtualization.xml:1275(programlisting)
5439
"VNET_INTERFACE=\"br0\"\n"
5441
"VNET_BRIDGE=\"br0\"\n"
5444
#: serverguide/C/virtualization.xml:1281(para)
5445
msgid "Finally, restart <application>eucalyptus-nc</application>:"
5448
#: serverguide/C/virtualization.xml:1286(command)
5449
msgid "sudo /etc/init.d/eucalyptus-nc restart"
5452
#: serverguide/C/virtualization.xml:1291(para)
5454
"Be sure to replace <emphasis>nodecontroller</emphasis>, "
5455
"<emphasis>node01</emphasis>, and <emphasis>node02</emphasis> with actual "
5459
#: serverguide/C/virtualization.xml:1297(para)
5461
"<application>Eucalyptus</application> is now ready to host images on the "
5465
#: serverguide/C/virtualization.xml:1307(para)
5467
"See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus "
5468
"website</ulink> for more information."
5471
#: serverguide/C/virtualization.xml:1312(para)
5492
msgid "Storage Controller (SC)"
5495
#: serverguide/C/virtualization.xml:1248(title)
5496
msgid "UEC Front End Requirements"
5499
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5503
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5507
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5511
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5515
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5519
#: serverguide/C/virtualization.xml:1265(para)
5523
#: serverguide/C/virtualization.xml:1266(para)
5527
#: serverguide/C/virtualization.xml:1267(para)
5529
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5530
"a dual core processor."
5533
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5537
#: serverguide/C/virtualization.xml:1271(para)
5541
#: serverguide/C/virtualization.xml:1272(para)
5545
#: serverguide/C/virtualization.xml:1273(para)
5546
msgid "The Java web front end benefits from lots of available memory."
5549
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5553
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5554
msgid "5400 RPM IDE"
5557
#: serverguide/C/virtualization.xml:1278(para)
5558
msgid "7200 RPM SATA"
5561
#: serverguide/C/virtualization.xml:1279(para)
5563
"Slower disks will work, but will yield much longer instance startup times."
5566
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5570
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5574
#: serverguide/C/virtualization.xml:1284(para)
5578
#: serverguide/C/virtualization.xml:1285(para)
5580
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5581
"does not like to run out of disk space."
5584
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5588
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5592
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5596
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5598
"Machine images are hundreds of MB, and need to be copied over the network to "
5602
#: serverguide/C/virtualization.xml:1299(title)
5603
msgid "Node Requirements"
5606
#: serverguide/C/virtualization.xml:1301(para)
5607
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5610
#: serverguide/C/virtualization.xml:1306(para)
5611
msgid "the Node Controller (NC)"
5614
#: serverguide/C/virtualization.xml:1310(title)
5615
msgid "UEC Node Requirements"
5618
#: serverguide/C/virtualization.xml:1327(para)
5619
msgid "VT Extensions"
5622
#: serverguide/C/virtualization.xml:1328(para)
5623
msgid "VT, 64-bit, Multicore"
5626
#: serverguide/C/virtualization.xml:1329(para)
5628
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5629
"only run 1 VM per CPU core on a Node."
5632
#: serverguide/C/virtualization.xml:1333(para)
5636
#: serverguide/C/virtualization.xml:1334(para)
5640
#: serverguide/C/virtualization.xml:1335(para)
5641
msgid "Additional memory means more, and larger guests."
5644
#: serverguide/C/virtualization.xml:1340(para)
5645
msgid "7200 RPM SATA or SCSI"
5648
#: serverguide/C/virtualization.xml:1341(para)
5650
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5654
#: serverguide/C/virtualization.xml:1346(para)
5658
#: serverguide/C/virtualization.xml:1347(para)
5660
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5664
#: serverguide/C/virtualization.xml:1363(title)
5665
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5668
#: serverguide/C/virtualization.xml:1367(para)
5669
msgid "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
5672
#: serverguide/C/virtualization.xml:1372(para) serverguide/C/virtualization.xml:1418(para)
5674
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5677
#: serverguide/C/virtualization.xml:1377(para)
5679
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5680
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5683
#: serverguide/C/virtualization.xml:1383(para)
5685
"It will ask two other cloud-specific questions during the course of the "
5689
#: serverguide/C/virtualization.xml:1388(para)
5690
msgid "Name of your cluster."
5693
#: serverguide/C/virtualization.xml:1391(para)
5694
msgid "e.g. <emphasis>cluster1</emphasis>."
5697
#: serverguide/C/virtualization.xml:1394(para)
5699
"A range of public IP addresses on the LAN that the cloud can allocate to "
5703
#: serverguide/C/virtualization.xml:1397(para)
5704
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5707
#: serverguide/C/virtualization.xml:1405(title)
5708
msgid "Installing the Node Controller(s)"
5711
#: serverguide/C/virtualization.xml:1407(para)
5713
"The node controller install is even simpler. Just make sure that you are "
5714
"connected to the network on which the cloud/cluster controller is already "
5718
#: serverguide/C/virtualization.xml:1413(para)
5719
msgid "Boot from the same ISO on the node(s)."
5722
#: serverguide/C/virtualization.xml:1423(para)
5723
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5726
#: serverguide/C/virtualization.xml:1428(para)
5728
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5732
#: serverguide/C/virtualization.xml:1433(para)
5733
msgid "Confirm the partitioning scheme."
5736
#: serverguide/C/virtualization.xml:1438(para)
5738
"The rest of the installation should proceed uninterrupted; complete the "
5739
"installation and reboot the node."
5742
#: serverguide/C/virtualization.xml:1446(title)
5743
msgid "Register the Node(s)"
5746
#: serverguide/C/virtualization.xml:1448(para)
5748
"Nodes are the physical systems within <application>UEC</application> that "
5749
"actually run the virtual machine instances of the cloud."
5752
#: serverguide/C/virtualization.xml:1452(para)
5754
"Once one or more Ubuntu Server node(s) are installed and running the "
5755
"<application>eucalyptus-nc</application> service, log onto the "
5756
"<emphasis>Cloud Controller (CLC)</emphasis> and run:"
5759
#: serverguide/C/virtualization.xml:1458(command)
5760
msgid "sudo euca_conf --no-rsync --discover-nodes"
5763
#: serverguide/C/virtualization.xml:1461(para)
5765
"This will discover the systems on the network running the "
5766
"<application>eucalyptus-nc</application> service, and the administrator can "
5767
"confirm the registration of each node by its IP address."
5770
#: serverguide/C/virtualization.xml:1467(para)
5772
"If you get prompted for passwords, or receive errors from scp, you may need "
5773
"to revisit the key synchronization instructions at <ulink "
5774
"url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
5778
#: serverguide/C/virtualization.xml:1475(title)
5779
msgid "Obtain Credentials"
5782
#: serverguide/C/virtualization.xml:1477(para)
5784
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5785
"users of the cloud will need to retrieve their credentials. This can be done "
5786
"either through a web browser, or at the command line."
5789
#: serverguide/C/virtualization.xml:1483(title)
5790
msgid "From a Web Browser"
5793
#: serverguide/C/virtualization.xml:1487(para)
5795
"From your web browser (either remotely or on your Ubuntu server) access the "
5799
#: serverguide/C/virtualization.xml:1490(programlisting) serverguide/C/virtualization.xml:1743(programlisting)
5803
"https://<cloud-controller-ip-address>:8443/\n"
5806
#: serverguide/C/virtualization.xml:1495(para)
5808
"You must use a secure connection, so make sure you use \"https\" not "
5809
"\"http\" in your URL. You will get a security certificate warning. You will "
5810
"have to add an exception to view the page. If you do not accept it you will "
5811
"not be able to view the Eucalyptus configuration page."
5814
#: serverguide/C/virtualization.xml:1503(para)
5816
"Use username <emphasis>'admin'</emphasis> and password "
5817
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5818
"to change your password)."
5821
#: serverguide/C/virtualization.xml:1509(para)
5823
"Then follow the on-screen instructions to update the admin password and "
5827
#: serverguide/C/virtualization.xml:1514(para)
5829
"Once the first time configuration process is completed, click the "
5830
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5834
#: serverguide/C/virtualization.xml:1520(para)
5836
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5840
#: serverguide/C/virtualization.xml:1525(para)
5841
msgid "Save them to <filename>~/.euca</filename>."
5844
#: serverguide/C/virtualization.xml:1530(para)
5846
"Unzip the downloaded zip file into a safe location "
5847
"(<filename>~/.euca</filename>)."
5850
#: serverguide/C/virtualization.xml:1534(command)
5851
msgid "unzip -d ~/.euca mycreds.zip"
5854
#: serverguide/C/virtualization.xml:1541(title)
5855
msgid "From a Command Line"
5858
#: serverguide/C/virtualization.xml:1545(para)
5860
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5861
"Controller</emphasis>, you can run:"
5864
#: serverguide/C/virtualization.xml:1549(command)
5865
msgid "mkdir -p ~/.euca"
5868
#: serverguide/C/virtualization.xml:1550(command)
5869
msgid "chmod 700 ~/.euca"
5872
#: serverguide/C/virtualization.xml:1551(command)
5876
#: serverguide/C/virtualization.xml:1552(command)
5877
msgid "sudo euca_conf --get-credentials mycreds.zip"
5880
#: serverguide/C/virtualization.xml:1553(command)
5881
msgid "unzip mycreds.zip"
5884
#: serverguide/C/virtualization.xml:1554(command)
5888
#: serverguide/C/virtualization.xml:1561(title)
5889
msgid "Extracting and Using Your Credentials"
5892
#: serverguide/C/virtualization.xml:1563(para)
5894
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5898
#: serverguide/C/virtualization.xml:1569(para)
5900
"Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
5901
"Eucalyptus environment:"
5904
#: serverguide/C/virtualization.xml:1573(command) serverguide/C/virtualization.xml:1600(command)
5905
msgid ". ~/.euca/eucarc"
5908
#: serverguide/C/virtualization.xml:1577(para)
5910
"You may additionally wish to add this command to your "
5911
"<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
5912
"set up automatically when you log in. Eucalyptus treats this set of "
5913
"credentials as <emphasis>'administrator'</emphasis> credentials that allow "
5914
"the holder global privileges across the cloud. As such, they should be "
5915
"protected in the same way that other elevated-priority access is protected "
5916
"(e.g. should not be made visible to the general user population)."
5919
#: serverguide/C/virtualization.xml:1584(command)
5921
"echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
5924
#: serverguide/C/virtualization.xml:1588(para)
5925
msgid "Install the required cloud user tools:"
5928
#: serverguide/C/virtualization.xml:1592(command)
5929
msgid "sudo apt-get install euca2ools"
5932
#: serverguide/C/virtualization.xml:1596(para)
5934
"To validate that everything is working correctly, get the local cluster "
5935
"availability details:"
5938
#: serverguide/C/virtualization.xml:1601(command)
5939
msgid "euca-describe-availability-zones verbose"
5942
#: serverguide/C/virtualization.xml:1602(computeroutput)
5945
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5946
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5947
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5948
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5949
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5950
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5951
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5954
#: serverguide/C/virtualization.xml:1612(para)
5955
msgid "Your output from the above command will vary."
5958
#: serverguide/C/virtualization.xml:1622(title)
5959
msgid "Running an Image"
5962
#: serverguide/C/virtualization.xml:1624(para)
5963
msgid "There are multiple ways to instantiate an image in UEC:"
5966
#: serverguide/C/virtualization.xml:1629(para)
5967
msgid "Use the command line."
5970
#: serverguide/C/virtualization.xml:1630(para)
5972
"Use one of the UEC compatible management tools such as "
5973
"<emphasis>Landscape</emphasis>."
5976
#: serverguide/C/virtualization.xml:1632(para)
5979
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5980
"extension to Firefox."
5983
#: serverguide/C/virtualization.xml:1638(para)
5984
msgid "Here we will describe the process from the command line:"
5987
#: serverguide/C/virtualization.xml:1644(para)
5989
"Before running an instance of your image, you should first create a "
5990
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5991
"instance as root, once it boots. The key is stored, so you will only have to "
5995
#: serverguide/C/virtualization.xml:1648(para)
5996
msgid "Run the following command:"
5999
#: serverguide/C/virtualization.xml:1651(programlisting)
6003
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
6004
" touch ~/.euca/mykey.priv\n"
6005
" chmod 0600 ~/.euca/mykey.priv\n"
6006
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
6010
#: serverguide/C/virtualization.xml:1659(para)
6012
"You can call your key whatever you like (in this example, the key is called "
6013
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
6014
"forget, you can always run <command>euca-describe-keypairs</command> to get "
6015
"a list of created keys stored in the system."
6018
#: serverguide/C/virtualization.xml:1666(para)
6019
msgid "You must also allow access to port 22 in your instances:"
6022
#: serverguide/C/virtualization.xml:1670(command)
6023
msgid "euca-describe-groups"
6026
#: serverguide/C/virtualization.xml:1671(command)
6027
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
6030
#: serverguide/C/virtualization.xml:1675(para)
6031
msgid "Next, you can create instances of your registered image:"
6034
#: serverguide/C/virtualization.xml:1679(command)
6035
msgid "euca-run-instances $EMI -k mykey -t c1.medium"
6038
#: serverguide/C/virtualization.xml:1682(para)
6040
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
6041
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
6042
"on the <emphasis>Store</emphasis> page to see the sample command."
6045
#: serverguide/C/virtualization.xml:1689(para)
6047
"The first time you run an instance, the system will be setting up caches for "
6048
"the image from which it will be created. This can often take some time the "
6049
"first time an instance is run given that VM images are usually quite large."
6052
#: serverguide/C/virtualization.xml:1693(para)
6053
msgid "To monitor the state of your instance, run:"
6056
#: serverguide/C/virtualization.xml:1697(command)
6057
msgid "watch -n5 euca-describe-instances"
6060
#: serverguide/C/virtualization.xml:1699(para)
6062
"In the output, you should see information about the instance, including its "
6063
"state. While first-time caching is being performed, the instance's state "
6064
"will be <emphasis>'pending'</emphasis>."
6067
#: serverguide/C/virtualization.xml:1705(para)
6069
"When the instance is fully started, the above state will become "
6070
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
6071
"instance in the output, then connect to it:"
6074
#: serverguide/C/virtualization.xml:1710(command)
6076
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
6080
#: serverguide/C/virtualization.xml:1711(command)
6081
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
6084
#: serverguide/C/virtualization.xml:1715(para)
6086
"And when you are done with this instance, exit your SSH connection, then "
6087
"terminate your instance:"
6090
#: serverguide/C/virtualization.xml:1719(command)
6092
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
6096
#: serverguide/C/virtualization.xml:1720(command)
6097
msgid "euca-terminate-instances $INSTANCEID"
6100
#: serverguide/C/virtualization.xml:1727(title)
6101
msgid "Install an Image from the Store"
6104
#: serverguide/C/virtualization.xml:1729(para)
6106
"The following is by far the simplest way to install an image. However, "
6107
"advanced users may be interested in learning how to <ulink "
6108
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
6109
"own image</ulink>."
6112
#: serverguide/C/virtualization.xml:1734(para)
6114
"The simplest way to add an image to <application>UEC</application> is to "
6115
"install it from the Image Store on the UEC web interface."
6118
#: serverguide/C/virtualization.xml:1740(para)
6120
"Access the web interface at the following URL (Make sure you specify https):"
6123
#: serverguide/C/virtualization.xml:1748(para)
6125
"Enter your login and password (if requested, as you may still be logged in "
6129
#: serverguide/C/virtualization.xml:1753(para)
6130
msgid "Click on the <emphasis>Store</emphasis> tab."
6133
#: serverguide/C/virtualization.xml:1758(para)
6134
msgid "Browse available images."
6137
#: serverguide/C/virtualization.xml:1763(para)
6138
msgid "Click on <emphasis>install</emphasis> for the image you want."
6141
#: serverguide/C/virtualization.xml:1769(para)
6143
"Once the image has been downloaded and installed, you can click on "
6144
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
6145
"button to view the command to execute to instantiate (start) this image. The "
6146
"image will also appear on the list given on the <emphasis>Image</emphasis> "
6150
#: serverguide/C/virtualization.xml:1777(title) serverguide/C/dns.xml:619(title)
6151
msgid "More Information"
6154
#: serverguide/C/virtualization.xml:1779(para)
6156
"How to use the <ulink "
6157
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
6158
"Controller</ulink>"
6161
#: serverguide/C/virtualization.xml:1783(para)
6162
msgid "Controlling eucalyptus services:"
6165
#: serverguide/C/virtualization.xml:1788(para)
6167
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
6170
#: serverguide/C/virtualization.xml:1789(para)
6171
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
6174
#: serverguide/C/virtualization.xml:1792(para)
6175
msgid "Locations of some important files:"
6178
#: serverguide/C/virtualization.xml:1799(emphasis)
6182
#: serverguide/C/virtualization.xml:1802(para)
6183
msgid "/var/log/eucalyptus"
6186
#: serverguide/C/virtualization.xml:1807(emphasis)
6187
msgid "Configuration files:"
6190
#: serverguide/C/virtualization.xml:1810(para)
6191
msgid "/etc/eucalyptus"
6194
#: serverguide/C/virtualization.xml:1815(emphasis)
6198
#: serverguide/C/virtualization.xml:1818(para)
6199
msgid "/var/lib/eucalyptus/db"
6202
#: serverguide/C/virtualization.xml:1823(emphasis)
6206
#: serverguide/C/virtualization.xml:1826(para)
6207
msgid "/var/lib/eucalyptus"
6210
#: serverguide/C/virtualization.xml:1827(para)
6211
msgid "/var/lib/eucalyptus/.ssh"
6214
#: serverguide/C/virtualization.xml:1833(para)
6216
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
6217
"running the client tools."
6220
#: serverguide/C/virtualization.xml:1844(para)
5473
6222
"For information on loading instances see the <ulink "
5474
6223
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
5478
#: serverguide/C/virtualization.xml:1317(para)
6227
#: serverguide/C/virtualization.xml:1849(para)
6229
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
6230
"documentation, downloads)</ulink>."
6233
#: serverguide/C/virtualization.xml:1854(para)
6235
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
6236
"(bugs, code)</ulink>."
6239
#: serverguide/C/virtualization.xml:1859(para)
6242
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
6243
"ptus Troubleshooting (1.5)</ulink>."
6246
#: serverguide/C/virtualization.xml:1864(para)
6248
"<ulink url=\"http://support.rightscale.com/2._References/02-"
6249
"Cloud_Infrastructures/Eucalyptus/03-"
6250
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
6251
"RightScale</ulink>."
6254
#: serverguide/C/virtualization.xml:1870(para)
5480
6256
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
5481
6257
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
5482
6258
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
5485
#: serverguide/C/virtualization.xml:1327(title)
6261
#: serverguide/C/virtualization.xml:1879(title)
6265
#: serverguide/C/virtualization.xml:1881(para)
6267
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6268
"unfamiliar to some readers. This page is intended to provide a glossary of "
6269
"such terms and acronyms."
6272
#: serverguide/C/virtualization.xml:1888(para)
6274
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6275
"computing resources through virtual machines, provisioned and recollected "
6279
#: serverguide/C/virtualization.xml:1894(para)
6281
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6282
"provides the web UI (an https server on port 8443), and implements the "
6283
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6284
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6285
"cloud</application> package."
6288
#: serverguide/C/virtualization.xml:1901(para)
6290
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6291
"Cluster Controller. There can be more than one Cluster in an installation of "
6292
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6296
#: serverguide/C/virtualization.xml:1907(para)
6298
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6299
"manages collections of node resources. This service is provided by the "
6300
"Ubuntu <application>eucalyptus-cc</application> package."
6303
#: serverguide/C/virtualization.xml:1913(para)
6304
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6307
#: serverguide/C/virtualization.xml:1918(para)
6309
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6310
"pay-by-the-gigabyte public cloud computing offering."
6313
#: serverguide/C/virtualization.xml:1923(para)
6314
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6317
#: serverguide/C/virtualization.xml:1928(para)
6318
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6321
#: serverguide/C/virtualization.xml:1933(para)
6322
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6325
#: serverguide/C/virtualization.xml:1938(para)
6327
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6328
"Linking Your Programs To Useful Systems. An open source project originally "
6329
"from the University of California at Santa Barbara, now supported by "
6330
"Eucalyptus Systems, a Canonical Partner."
6333
#: serverguide/C/virtualization.xml:1945(para)
6335
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6336
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6337
"cluster controller)."
6340
#: serverguide/C/virtualization.xml:1951(para)
6342
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6343
"running virtual machines, running a node controller. Within Ubuntu, this "
6344
"generally means that the CPU has VT extensions, and can run the KVM "
6348
#: serverguide/C/virtualization.xml:1957(para)
6350
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6351
"on nodes which host the virtual machines that comprise the cloud. This "
6352
"service is provided by the Ubuntu package <application>eucalyptus-"
6356
#: serverguide/C/virtualization.xml:1963(para)
6358
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6359
"gigabyte persistent storage solution for EC2."
6362
#: serverguide/C/virtualization.xml:1968(para)
6364
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6365
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6366
"installation can have its own Storage Controller. This component is provided "
6367
"by the <application>eucalyptus-sc</application> package."
6370
#: serverguide/C/virtualization.xml:1975(para)
6372
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6373
"solution, based on Eucalyptus."
6376
#: serverguide/C/virtualization.xml:1980(para)
6377
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6380
#: serverguide/C/virtualization.xml:1985(para)
6382
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6383
"some modern CPUs, allowing for accelerated virtual machine hosting."
6386
#: serverguide/C/virtualization.xml:1990(para)
6388
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6389
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6390
"put/get abstractions."
6393
#: serverguide/C/virtualization.xml:2000(title)
5486
6394
msgid "OpenNebula"
5489
#: serverguide/C/virtualization.xml:1329(para)
6397
#: serverguide/C/virtualization.xml:2002(para)
5491
6399
"<application>OpenNebula</application> allows virtual machines to be placed "
5492
6400
"and re-placed dynamically on a pool of physical resources. This allows a "
5493
6401
"virtual machine to be hosted from any location available."
5496
#: serverguide/C/virtualization.xml:1334(para)
6404
#: serverguide/C/virtualization.xml:2007(para)
5498
6406
"This section will detail configuring an OpenNebula cluster using three "
5499
6407
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
7871
8708
"<application>apparmor-profiles</application> package."
7874
#: serverguide/C/security.xml:974(para)
8711
#: serverguide/C/security.xml:921(para)
7876
8713
"To install the <application>apparmor-profiles</application> package from a "
7877
8714
"terminal prompt:"
7880
#: serverguide/C/security.xml:980(para)
8717
#: serverguide/C/security.xml:927(para)
7881
8718
msgid "AppArmor profiles have two modes of execution:"
7884
#: serverguide/C/security.xml:985(para)
8721
#: serverguide/C/security.xml:932(para)
7886
8723
"Complaining/Learning: profile violations are permitted and logged. Useful "
7887
8724
"for testing and developing new profiles."
7890
#: serverguide/C/security.xml:990(para)
8727
#: serverguide/C/security.xml:937(para)
7892
8729
"Enforced/Confined: enforces profile policy as well as logging the violation."
7895
#: serverguide/C/security.xml:996(title)
8732
#: serverguide/C/security.xml:943(title)
7896
8733
msgid "Using AppArmor"
7899
#: serverguide/C/security.xml:997(para)
8736
#: serverguide/C/security.xml:944(para)
7901
8738
"The <application>apparmor-utils</application> package contains command line "
7902
8739
"utilities that you can use to change the <application>AppArmor</application> "
7903
8740
"execution mode, find the status of a profile, create new profiles, etc."
7906
#: serverguide/C/security.xml:1003(para)
8743
#: serverguide/C/security.xml:950(para)
7908
8745
"<application>apparmor_status</application> is used to view the current "
7909
8746
"status of AppArmor profiles."
7912
#: serverguide/C/security.xml:1007(command)
8749
#: serverguide/C/security.xml:954(command)
7913
8750
msgid "sudo apparmor_status"
8751
msgstr "sudo apparmor_status"
7916
#: serverguide/C/security.xml:1011(para)
8753
#: serverguide/C/security.xml:958(para)
7918
8755
"<application>aa-complain</application> places a profile into "
7919
8756
"<emphasis>complain</emphasis> mode."
7922
#: serverguide/C/security.xml:1015(command)
8759
#: serverguide/C/security.xml:962(command)
7923
8760
msgid "sudo aa-complain /path/to/bin"
8761
msgstr "sudo aa-complain /camí/al/binary"
7926
#: serverguide/C/security.xml:1019(para)
8763
#: serverguide/C/security.xml:966(para)
7928
8765
"<application>aa-enforce</application> places a profile into "
7929
8766
"<emphasis>enforce</emphasis> mode."
7932
#: serverguide/C/security.xml:1023(command)
8769
#: serverguide/C/security.xml:970(command)
7933
8770
msgid "sudo aa-enforce /path/to/bin"
8771
msgstr "sudo aa-enforce /camí/al/binary"
7936
#: serverguide/C/security.xml:1027(para)
8773
#: serverguide/C/security.xml:974(para)
7938
8775
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7939
8776
"profiles are located. It can be used to manipulate the "
7940
8777
"<emphasis>mode</emphasis> of all profiles."
7943
#: serverguide/C/security.xml:1031(para)
8780
#: serverguide/C/security.xml:978(para)
7944
8781
msgid "Enter the following to place all profiles into complain mode:"
7947
#: serverguide/C/security.xml:1035(command)
8784
#: serverguide/C/security.xml:982(command)
7948
8785
msgid "sudo aa-complain /etc/apparmor.d/*"
8786
msgstr "sudo aa-complain /etc/apparmor.d/*"
7951
#: serverguide/C/security.xml:1037(para)
8788
#: serverguide/C/security.xml:984(para)
7952
8789
msgid "To place all profiles in enforce mode:"
7955
#: serverguide/C/security.xml:1041(command)
8792
#: serverguide/C/security.xml:988(command)
7956
8793
msgid "sudo aa-enforce /etc/apparmor.d/*"
8794
msgstr "sudo aa-enforce /etc/apparmor.d/*"
7959
#: serverguide/C/security.xml:1045(para)
8796
#: serverguide/C/security.xml:992(para)
7961
8798
"<application>apparmor_parser</application> is used to load a profile into "
7962
8799
"the kernel. It can also be used to reload a currently loaded profile using "
7963
8800
"the <emphasis>-r</emphasis> option. To load a profile:"
7966
#: serverguide/C/security.xml:1050(command) serverguide/C/security.xml:1082(command)
8803
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7967
8804
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7970
#: serverguide/C/security.xml:1052(para)
8807
#: serverguide/C/security.xml:999(para)
7971
8808
msgid "To reload a profile:"
7974
#: serverguide/C/security.xml:1056(command)
8811
#: serverguide/C/security.xml:1003(command)
7975
8812
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7978
#: serverguide/C/security.xml:1060(para)
8815
#: serverguide/C/security.xml:1007(para)
7980
8817
"<filename>/etc/init.d/apparmor</filename> can be used to "
7981
8818
"<emphasis>reload</emphasis> all profiles:"
7984
#: serverguide/C/security.xml:1064(command)
8821
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:632(command)
7985
8822
msgid "sudo /etc/init.d/apparmor reload"
8823
msgstr "sudo /etc/init.d/apparmor reload"
7988
#: serverguide/C/security.xml:1068(para)
8825
#: serverguide/C/security.xml:1015(para)
7990
8827
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7991
8828
"with the <application>apparmor_parser -R</application> option to "
7992
8829
"<emphasis>disable</emphasis> a profile."
7995
#: serverguide/C/security.xml:1073(command)
8832
#: serverguide/C/security.xml:1020(command)
7996
8833
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7999
#: serverguide/C/security.xml:1074(command)
8836
#: serverguide/C/security.xml:1021(command)
8000
8837
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8003
#: serverguide/C/security.xml:1076(para)
8840
#: serverguide/C/security.xml:1023(para)
8005
8842
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8006
8843
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8007
8844
"load the profile using the <emphasis>-a</emphasis> option."
8010
#: serverguide/C/security.xml:1081(command)
8847
#: serverguide/C/security.xml:1028(command)
8011
8848
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8014
#: serverguide/C/security.xml:1086(para)
8851
#: serverguide/C/security.xml:1033(para)
8016
8853
"<application>AppArmor</application> can be disabled, and the kernel module "
8017
8854
"unloaded by entering the following:"
8020
#: serverguide/C/security.xml:1090(command)
8857
#: serverguide/C/security.xml:1037(command)
8021
8858
msgid "sudo /etc/init.d/apparmor stop"
8859
msgstr "sudo /etc/init.d/apparmor stop"
8024
#: serverguide/C/security.xml:1091(command)
8861
#: serverguide/C/security.xml:1038(command)
8025
8862
msgid "sudo update-rc.d -f apparmor remove"
8863
msgstr "sudo update-rc.d -f apparmor remove"
8028
#: serverguide/C/security.xml:1095(para)
8865
#: serverguide/C/security.xml:1042(para)
8029
8866
msgid "To re-enable <application>AppArmor</application> enter:"
8032
#: serverguide/C/security.xml:1099(command)
8869
#: serverguide/C/security.xml:1046(command)
8033
8870
msgid "sudo /etc/init.d/apparmor start"
8871
msgstr "sudo /etc/init.d/apparmor start"
8036
#: serverguide/C/security.xml:1100(command)
8873
#: serverguide/C/security.xml:1047(command)
8037
8874
msgid "sudo update-rc.d apparmor defaults"
8875
msgstr "sudo update-rc.d apparmor defaults"
8040
#: serverguide/C/security.xml:1105(para)
8877
#: serverguide/C/security.xml:1052(para)
8042
8879
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8043
8880
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8882
9719
"other users on the system."
8885
#: serverguide/C/security.xml:1845(para)
9722
#: serverguide/C/security.xml:1792(para)
8887
9724
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8888
9725
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8892
#: serverguide/C/security.xml:1851(para)
9729
#: serverguide/C/security.xml:1798(para)
8894
9731
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8895
9732
"kernel keyring."
8898
#: serverguide/C/security.xml:1856(para)
9735
#: serverguide/C/security.xml:1803(para)
8900
9737
"<emphasis>ecryptfs-manager:</emphasis> manages "
8901
9738
"<application>eCryptfs</application> objects such as keys."
8904
#: serverguide/C/security.xml:1861(para)
9741
#: serverguide/C/security.xml:1808(para)
8906
9743
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8907
9744
"<application>ecryptfs</application> meta information for a file."
8910
#: serverguide/C/security.xml:1874(para)
9747
#: serverguide/C/security.xml:1821(para)
8912
9749
"For more information on eCryptfs see the <ulink "
8913
"url=\"https://launchpad.net/ecryptfs\">Launch Pad project page</ulink>"
9750
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8916
#: serverguide/C/security.xml:1879(para)
9753
#: serverguide/C/security.xml:1826(para)
8918
9755
"There is also a <ulink "
8919
9756
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8920
9757
"article covering eCryptfs."
8923
#: serverguide/C/security.xml:1884(para)
9760
#: serverguide/C/security.xml:1831(para)
8925
9762
"Also, for more <application>ecryptfs</application> options see the <ulink "
8926
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/ecryptfs.7.html\">ec"
8927
"ryptfs man page</ulink>."
9763
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
9764
"yptfs man page</ulink>."
9767
#: serverguide/C/security.xml:1837(para)
9769
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9770
"Ubuntu Wiki</ulink> page also has more details."
9773
#: serverguide/C/reporting-bugs.xml:13(title)
9777
#: serverguide/C/reporting-bugs.xml:16(title)
9778
msgid "Reporting Bugs in Ubuntu Server Edition"
9781
#: serverguide/C/reporting-bugs.xml:18(para)
9783
"While the Ubuntu Project attempts to release software with as few bugs as "
9784
"possible, they do occur. You can help fix these bugs by reporting ones that "
9785
"you find to the project. The Ubuntu Project uses <ulink "
9786
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9787
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9788
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9792
#: serverguide/C/reporting-bugs.xml:30(title)
9793
msgid "Reporting Bugs With ubuntu-bug"
9796
#: serverguide/C/reporting-bugs.xml:32(para)
9798
"The preferred way to report a bug is with the <application>ubuntu-"
9799
"bug</application> command. The ubuntu-bug tool gathers information about the "
9800
"system useful to developers in diagnosing the reported problem that will "
9801
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9802
"need to be filed against a specific software package, thus the name of the "
9803
"package that the bug occurs in needs to be given to ubuntu-bug:"
9806
#: serverguide/C/reporting-bugs.xml:43(command)
9807
msgid "ubuntu-bug PACKAGENAME"
9810
#: serverguide/C/reporting-bugs.xml:46(para)
9812
"For example, to file a bug against the openssh-server package, you would do:"
9815
#: serverguide/C/reporting-bugs.xml:51(command)
9816
msgid "ubuntu-bug openssh-server"
9819
#: serverguide/C/reporting-bugs.xml:54(para)
9821
"You can specify either a binary package or the source package for ubuntu-"
9822
"bug. Again using openssh-server as an example, you could also generate the "
9823
"report against the source package for openssh-server, openssh:"
9826
#: serverguide/C/reporting-bugs.xml:62(command)
9827
msgid "ubuntu-bug openssh"
9830
#: serverguide/C/reporting-bugs.xml:66(para)
9832
"See <xref linkend=\"package-management\"/> for more information about "
9833
"packages in Ubuntu."
9836
#: serverguide/C/reporting-bugs.xml:72(para)
9838
"The ubuntu-bug command will gather information about the system in question, "
9839
"possibly including information specific to the specified package, and then "
9840
"ask you what you would like to do with collected information:"
9843
#: serverguide/C/reporting-bugs.xml:80(command)
9844
msgid "ubuntu-bug postgresql"
9847
#: serverguide/C/reporting-bugs.xml:79(screen)
9851
"<placeholder-1/>\n"
9853
"*** Collecting problem information\n"
9855
"The collected information can be sent to the developers to improve the\n"
9856
"application. This might take a few minutes.\n"
9859
"*** Send problem report to the developers?\n"
9861
"After the problem report has been sent, please fill out the form in the\n"
9862
"automatically opened web browser.\n"
9864
"What would you like to do? Your options are:\n"
9865
" S: Send report (1.7 KiB)\n"
9867
" K: Keep report file for sending later or copying to somewhere else\n"
9869
"Please choose (S/V/K/C):\n"
9872
#: serverguide/C/reporting-bugs.xml:101(para)
9873
msgid "The options available are:"
9876
#: serverguide/C/reporting-bugs.xml:108(para)
9878
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9879
"the collected information to Launchpad as part of the the process of filing "
9880
"a bug report. You will be given the opportunity to describe the situation "
9881
"that led up to the occurrance of the bug."
9884
#: serverguide/C/reporting-bugs.xml:115(screen)
9888
"*** Uploading problem information\n"
9890
"The collected information is being sent to the bug tracking system.\n"
9891
"This might take a few minutes.\n"
9894
"*** To continue, you must visit the following URL:\n"
9896
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9897
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9899
"You can launch a browser now, or copy this URL into a browser on another\n"
9903
" 1: Launch a browser now\n"
9905
"Please choose (1/C):\n"
9908
#: serverguide/C/reporting-bugs.xml:135(para)
9910
"If you choose to start a browser, by default the text based web browser "
9911
"<application>w3m</application> will be used to finish filing the bug report. "
9912
"Alternately, you can copy the given URL to a currently running web browser."
9915
#: serverguide/C/reporting-bugs.xml:144(para)
9917
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9918
"the collected information to be displayed to the terminal for review."
9921
#: serverguide/C/reporting-bugs.xml:150(screen)
9925
"Package: postgresql 8.4.2-2\n"
9926
"PackageArchitecture: all\n"
9928
"ProblemType: Bug\n"
9930
" LANG=en_US.UTF-8\n"
9931
" SHELL=/bin/bash\n"
9932
"Uname: Linux 2.6.32-16-server x86_64\n"
9934
" adduser 3.112ubuntu1\n"
9935
" base-files 5.0.0ubuntu10\n"
9936
" base-passwd 3.5.22\n"
9937
" coreutils 7.4-2ubuntu2\n"
9941
#: serverguide/C/reporting-bugs.xml:167(para)
9943
"After viewing the report, you will be brought back to the same menu asking "
9944
"what you would like to do with the report."
9947
#: serverguide/C/reporting-bugs.xml:174(para)
9949
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9950
"File causes the gathered information to be written to a file. This file can "
9951
"then be used to later file a bug report or transferred to a different Ubuntu "
9952
"system for reporting. To submit the report file, simply give it as an "
9953
"argument to the ubuntu-bug command:"
9956
#: serverguide/C/reporting-bugs.xml:189(userinput)
9961
#: serverguide/C/reporting-bugs.xml:192(command)
9962
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9965
#: serverguide/C/reporting-bugs.xml:183(screen)
9969
"What would you like to do? Your options are:\n"
9970
" S: Send report (1.7 KiB)\n"
9972
" K: Keep report file for sending later or copying to somewhere else\n"
9974
"Please choose (S/V/K/C): <placeholder-1/>\n"
9975
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9977
"<placeholder-2/>\n"
9979
"*** Send problem report to the developers?\n"
9983
#: serverguide/C/reporting-bugs.xml:200(para)
9985
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9986
"collected information to be discarded."
9989
#: serverguide/C/reporting-bugs.xml:210(title)
9990
msgid "Reporting Application Crashes"
9993
#: serverguide/C/reporting-bugs.xml:212(para)
9995
"The software package that provides the ubuntu-bug utility, "
9996
"<application>apport</application>, can be configured to trigger when "
9997
"applications crash. This is disabled by default, as capturing a crash can be "
9998
"resource intensive depending on how much memory the application that crashed "
9999
"was using as apport captures and processes the core dump."
10002
#: serverguide/C/reporting-bugs.xml:221(para)
10004
"Configuring apport to capture information about crashing applications "
10005
"requires a couple of steps. First, <application>gdb</application> needs to "
10006
"be installed; it is not installed by default in Ubuntu Server Edition."
10009
#: serverguide/C/reporting-bugs.xml:229(command)
10010
msgid "sudo apt-get install gdb"
10013
#: serverguide/C/reporting-bugs.xml:232(para)
10015
"See <xref linkend=\"package-management\"/> for more information about "
10016
"managing packages in Ubuntu."
10019
#: serverguide/C/reporting-bugs.xml:237(para)
10021
"Once you have ensured that gdb is installed, open the file "
10022
"<filename>/etc/default/apport</filename> in your text editor, and change the "
10023
"<emphasis>enabled</emphasis> setting to be <emphasis "
10024
"role=\"bold\">1</emphasis> like so:"
10027
#: serverguide/C/reporting-bugs.xml:244(programlisting)
10031
"# set this to 0 to disable apport, or to 1 to enable it\n"
10032
"# you can temporarily override this with\n"
10033
"# sudo service apport start force_start=1\n"
10034
"enabled=<userinput>1</userinput>\n"
10036
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
10037
"maxsize=209715200\n"
10040
#: serverguide/C/reporting-bugs.xml:254(para)
10042
"Once you have completed editing <filename>/etc/default/apport</filename>, "
10043
"start the apport service:"
10046
#: serverguide/C/reporting-bugs.xml:261(command)
10047
msgid "sudo start apport"
10050
#: serverguide/C/reporting-bugs.xml:264(para)
10052
"After an application crashes, use the <application>apport-cli</application> "
10053
"command to search for the existing saved crash report information:"
10056
#: serverguide/C/reporting-bugs.xml:271(command)
10060
#: serverguide/C/reporting-bugs.xml:270(screen)
10064
"<placeholder-1/>\n"
10066
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
10068
"If you were not doing anything confidential (entering passwords or other\n"
10069
"private information), you can help to improve the application by\n"
10073
"What would you like to do? Your options are:\n"
10074
" R: Report Problem...\n"
10075
" I: Cancel and ignore future crashes of this program version\n"
10077
"Please choose (R/I/C):\n"
10080
#: serverguide/C/reporting-bugs.xml:287(para)
10082
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
10083
"steps as when using ubuntu-bug. One important difference is that a crash "
10084
"report will be marked as private when filed on Launchpad, meaning that it "
10085
"will be visible to only a limited set of bug triagers. These triagers will "
10086
"review the gathered data for private information before making the bug "
10087
"report publicly visible."
10090
#: serverguide/C/reporting-bugs.xml:307(para)
10093
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
10094
"Bugs</ulink> Ubuntu wiki page."
10097
#: serverguide/C/reporting-bugs.xml:313(para)
10099
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
10100
"has some useful information. Though some of it pertains to using a GUI."
8930
10103
#: serverguide/C/remote-administration.xml:13(title)
8931
10104
msgid "Remote Administration"
10105
msgstr "Administració remota"
8934
10107
#: serverguide/C/remote-administration.xml:14(para)
9288
10467
"such as log files."
9291
#: serverguide/C/remote-administration.xml:304(para)
10470
#: serverguide/C/remote-administration.xml:317(para)
9293
10472
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
9296
#: serverguide/C/remote-administration.xml:309(para)
10475
#: serverguide/C/remote-administration.xml:322(para)
9298
10477
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
9299
10478
"when reporting bugs to the eBox developers."
9302
#: serverguide/C/remote-administration.xml:317(para)
10481
#: serverguide/C/remote-administration.xml:330(para)
9304
10483
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
9305
10484
"queried depending on the purge time configured."
9308
#: serverguide/C/remote-administration.xml:323(para)
10487
#: serverguide/C/remote-administration.xml:336(para)
9310
10489
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
9311
10490
"through rss, jabber, and log file."
9314
#: serverguide/C/remote-administration.xml:330(emphasis)
10493
#: serverguide/C/remote-administration.xml:343(emphasis)
9315
10494
msgid "Available Events:"
9318
#: serverguide/C/remote-administration.xml:334(para)
10497
#: serverguide/C/remote-administration.xml:347(para)
9320
10499
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
9321
10500
"drops below a configured percentage, 10% by default."
9324
#: serverguide/C/remote-administration.xml:340(para)
10503
#: serverguide/C/remote-administration.xml:353(para)
9326
"<emphasis>Log Observer:</emphasis> unfortunately this event does not work "
9327
"with the <application>eBox</application> version shipped with Ubuntu 7.10."
10505
"<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
10506
"has logged something."
9330
#: serverguide/C/remote-administration.xml:346(para)
10509
#: serverguide/C/remote-administration.xml:359(para)
9332
10511
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
9333
10512
"any issues arise."
9336
#: serverguide/C/remote-administration.xml:352(para)
10515
#: serverguide/C/remote-administration.xml:365(para)
9338
10517
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
9339
10518
"times in a short time period."
9342
#: serverguide/C/remote-administration.xml:358(para)
10521
#: serverguide/C/remote-administration.xml:371(para)
9344
10523
"<emphasis>State:</emphasis> alerts on the state of "
9345
10524
"<application>eBox</application>, either up or down."
9348
#: serverguide/C/remote-administration.xml:367(emphasis)
10527
#: serverguide/C/remote-administration.xml:380(emphasis)
9349
10528
msgid "Dispatchers:"
9352
#: serverguide/C/remote-administration.xml:371(para)
10531
#: serverguide/C/remote-administration.xml:384(para)
9354
10533
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
9355
10534
"<application>eBox</application> log file "
9356
10535
"<filename>/var/log/ebox/ebox.log</filename>."
9359
#: serverguide/C/remote-administration.xml:378(para)
10538
#: serverguide/C/remote-administration.xml:391(para)
9361
10540
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
9362
10541
"configure it by clicking on the <quote>Configure</quote> icon."
9365
#: serverguide/C/remote-administration.xml:384(para)
10544
#: serverguide/C/remote-administration.xml:397(para)
9367
10546
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
9368
10547
"subscribe to the link in order to view event alerts."
9371
#: serverguide/C/remote-administration.xml:397(title)
10550
#: serverguide/C/remote-administration.xml:410(title)
9372
10551
msgid "Additional Modules"
9375
#: serverguide/C/remote-administration.xml:398(para)
10554
#: serverguide/C/remote-administration.xml:411(para)
9377
10556
"Here is a quick description of other available "
9378
10557
"<application>eBox</application> modules:"
9381
#: serverguide/C/remote-administration.xml:403(para)
10560
#: serverguide/C/remote-administration.xml:416(para)
9383
10562
"<emphasis>Network:</emphasis> allows configuration of the server's network "
9384
10563
"options through eBox."
9387
#: serverguide/C/remote-administration.xml:409(para)
10566
#: serverguide/C/remote-administration.xml:422(para)
9389
10568
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
9392
#: serverguide/C/remote-administration.xml:414(para)
10571
#: serverguide/C/remote-administration.xml:427(para)
9394
10573
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
9395
10574
"groups contained in an <application>OpenLDAP</application> LDAP directory."
9398
#: serverguide/C/remote-administration.xml:420(para)
10577
#: serverguide/C/remote-administration.xml:433(para)
9400
10579
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
9404
#: serverguide/C/remote-administration.xml:425(para)
10583
#: serverguide/C/remote-administration.xml:438(para)
9406
10585
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
9407
10586
"server configuration options."
9410
#: serverguide/C/remote-administration.xml:431(para)
10589
#: serverguide/C/remote-administration.xml:444(para)
9412
10591
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
9413
10592
"Objects</emphasis>, which allow you to assign a name to an IP address or "
9414
10593
"group of IPs."
9417
#: serverguide/C/remote-administration.xml:438(para)
10596
#: serverguide/C/remote-administration.xml:451(para)
9419
10598
"<emphasis>Services:</emphasis> displays configuration information for "
9420
10599
"services that are available to the network."
9423
#: serverguide/C/remote-administration.xml:444(para)
10602
#: serverguide/C/remote-administration.xml:457(para)
9425
10604
"<emphasis>Squid:</emphasis> configuration options for the "
9426
10605
"<application>Squid</application> proxy server."
9429
#: serverguide/C/remote-administration.xml:450(para)
10608
#: serverguide/C/remote-administration.xml:463(para)
9431
10610
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
9434
#: serverguide/C/remote-administration.xml:455(para)
10613
#: serverguide/C/remote-administration.xml:468(para)
9435
10614
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
9438
#: serverguide/C/remote-administration.xml:460(para)
10617
#: serverguide/C/remote-administration.xml:473(para)
9439
10618
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
9442
#: serverguide/C/remote-administration.xml:465(para)
10621
#: serverguide/C/remote-administration.xml:478(para)
9443
10622
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
9446
#: serverguide/C/remote-administration.xml:470(para)
10625
#: serverguide/C/remote-administration.xml:483(para)
9448
10627
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
9449
10628
"Network application."
9452
#: serverguide/C/remote-administration.xml:481(para)
9454
"For more information see the <ulink url=\"http://ebox-platform.com/\">eBox "
9455
"Home Page</ulink>."
10631
#: serverguide/C/remote-administration.xml:494(para)
10633
"The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
10634
"Wiki</ulink> page has more details."
10637
#: serverguide/C/remote-administration.xml:499(para)
10639
"For more information also see the <ulink url=\"http://ebox-"
10640
"platform.com/\">eBox Home Page</ulink>."
9458
10643
#: serverguide/C/package-management.xml:13(title)
9459
10644
msgid "Package Management"
10645
msgstr "Gestió de paquets"
9462
10647
#: serverguide/C/package-management.xml:14(para)
10438
11624
"Committed revision 2."
10441
#: serverguide/C/other-apps.xml:280(para)
11627
#: serverguide/C/other-apps.xml:241(para)
10443
11629
"For an example of how <application>etckeeper</application> tracks manual "
10444
11630
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
10445
11631
"<application>bzr</application> you can see which files have been modified:"
10448
#: serverguide/C/other-apps.xml:286(command)
11634
#: serverguide/C/other-apps.xml:247(command)
10449
11635
msgid "sudo bzr status /etc/"
11636
msgstr "sudo bzr status /etc/"
10452
#: serverguide/C/other-apps.xml:287(computeroutput)
11638
#: serverguide/C/other-apps.xml:248(computeroutput)
10455
11641
"modified:\n"
10459
#: serverguide/C/other-apps.xml:291(para)
11645
#: serverguide/C/other-apps.xml:252(para)
10460
11646
msgid "Now commit the changes:"
10463
#: serverguide/C/other-apps.xml:296(command)
11649
#: serverguide/C/other-apps.xml:257(command)
10464
11650
msgid "sudo etckeeper commit \"new host\""
10467
#: serverguide/C/other-apps.xml:299(para)
11653
#: serverguide/C/other-apps.xml:260(para)
10469
11655
"For more information on <application>bzr</application> see <xref "
10470
11656
"linkend=\"bazaar\"/>."
10473
#: serverguide/C/other-apps.xml:305(title)
10474
msgid "Screen Profiles"
11659
#: serverguide/C/other-apps.xml:266(title)
10477
#: serverguide/C/other-apps.xml:307(para)
11663
#: serverguide/C/other-apps.xml:268(para)
10479
11665
"One of the most useful applications for any system administrator is "
10480
11666
"<application>screen</application>. It allows the execution of multiple "
10481
11667
"shells in one terminal. To make some of the advanced "
10482
11668
"<application>screen</application> features more user friendly, and provide "
10483
"some useful information about the system, the <application>screen-"
10484
"profiles</application> package was created."
11669
"some useful information about the system, the "
11670
"<application>byobu</application> package was created."
10487
#: serverguide/C/other-apps.xml:314(para)
11673
#: serverguide/C/other-apps.xml:275(para)
10489
"When executing <application>screen</application> for the first time you will "
10490
"be presented with the <application>screen-profiles-helper</application> "
10491
"menu. This menu will allow you to:"
11675
"When executing <application>byobu</application> pressing the "
11676
"<emphasis>F9</emphasis> key will bring up the "
11677
"<application>Configuration</application> menu. This menu will allow you to:"
10494
#: serverguide/C/other-apps.xml:320(para)
11680
#: serverguide/C/other-apps.xml:281(para)
10495
11681
msgid "View the Help menu"
10498
#: serverguide/C/other-apps.xml:321(para)
11684
#: serverguide/C/other-apps.xml:282(para)
11685
msgid "Change Byobu's background color"
11688
#: serverguide/C/other-apps.xml:283(para)
11689
msgid "Change Byobu's foreground color"
11692
#: serverguide/C/other-apps.xml:284(para)
11693
msgid "Toggle status notifications"
11696
#: serverguide/C/other-apps.xml:285(para)
10499
11697
msgid "Change the key binding set"
10502
#: serverguide/C/other-apps.xml:322(para)
10503
msgid "Change screen profiles"
10506
#: serverguide/C/other-apps.xml:323(para)
11700
#: serverguide/C/other-apps.xml:286(para)
10507
11701
msgid "Change the escape sequence"
10510
#: serverguide/C/other-apps.xml:324(para)
10511
msgid "Create new screen windows"
11704
#: serverguide/C/other-apps.xml:287(para)
11705
msgid "Create new windows"
10514
#: serverguide/C/other-apps.xml:325(para)
11708
#: serverguide/C/other-apps.xml:288(para)
10515
11709
msgid "Manage the default windows"
10518
#: serverguide/C/other-apps.xml:326(para)
10519
msgid "Install screen by default at login"
11712
#: serverguide/C/other-apps.xml:289(para)
11713
msgid "Byobu currently does not launch at login (toggle on)"
10522
#: serverguide/C/other-apps.xml:329(para)
11716
#: serverguide/C/other-apps.xml:292(para)
10524
11718
"The <emphasis>key bindings</emphasis> determine such things as the escape "
10525
11719
"sequence, new window, change window, etc. There are two key binding sets to "
10526
"choose from <emphasis>common</emphasis> and <emphasis>none</emphasis>. If "
10527
"you wish to use the original key bindings choose the "
11720
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11721
"keys</emphasis>. If you wish to use the original key bindings choose the "
10528
11722
"<emphasis>none</emphasis> set."
10531
#: serverguide/C/other-apps.xml:335(para)
10533
"The Ubuntu <application>screen-profiles</application> provide a menu which "
10534
"displays the Ubuntu release, processor information, memory information, and "
10535
"the time and date. The effect is similar to a desktop menu. When a profile "
10536
"is selected it will be symlinked to <filename>~/.screenrc</filename>. The "
10537
"<application>select-screen-profile</application> utility can also be used to "
10538
"change profiles, in a terminal enter:"
10541
#: serverguide/C/other-apps.xml:343(command)
10542
msgid "select-screen-profile -s ubuntu-light"
10545
#: serverguide/C/other-apps.xml:346(para)
10547
"The <emphasis>plain</emphasis> profile will change "
10548
"<application>screen</application> back to the defaults, which does not "
10549
"include the information menu at the bottom."
10552
#: serverguide/C/other-apps.xml:351(para)
10554
"Using the <emphasis>\"Install screen by default at login\"</emphasis> option "
10555
"will cause screen to be executed any time a terminal is opened. Changes made "
10556
"to <application>screen</application> are on a per user basis, and will not "
11725
#: serverguide/C/other-apps.xml:298(para)
11727
"<application>byobu</application> provides a menu which displays the Ubuntu "
11728
"release, processor information, memory information, and the time and date. "
11729
"The effect is similar to a desktop menu."
11732
#: serverguide/C/other-apps.xml:303(para)
11734
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11735
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11736
"executed any time a terminal is opened. Changes made to "
11737
"<application>byobu</application> are on a per user basis, and will not "
10557
11738
"affect other users on the system."
10560
#: serverguide/C/other-apps.xml:356(para)
11741
#: serverguide/C/other-apps.xml:309(para)
10562
"One difference when using screen is the <emphasis>scrollback</emphasis> "
10563
"mode. If you are using one of the Ubuntu profiles press the "
10564
"<emphasis>F7</emphasis>, or <emphasis>Ctrl+a+[</emphasis> if not, to enter "
10565
"scrollback mode. Scrollback mode allows you to navigate past output using "
10566
"<emphasis>vi</emphasis> like commands. Here is a quick list of movement "
11743
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11744
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11745
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11746
"commands. Here is a quick list of movement commands:"
10570
#: serverguide/C/other-apps.xml:363(para)
11749
#: serverguide/C/other-apps.xml:316(para)
10571
11750
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
10574
#: serverguide/C/other-apps.xml:364(para)
11753
#: serverguide/C/other-apps.xml:317(para)
10575
11754
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
10578
#: serverguide/C/other-apps.xml:365(para)
11757
#: serverguide/C/other-apps.xml:318(para)
10579
11758
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
10582
#: serverguide/C/other-apps.xml:366(para)
11761
#: serverguide/C/other-apps.xml:319(para)
10583
11762
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
10586
#: serverguide/C/other-apps.xml:367(para)
11765
#: serverguide/C/other-apps.xml:320(para)
10587
11766
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
10590
#: serverguide/C/other-apps.xml:368(para)
11769
#: serverguide/C/other-apps.xml:321(para)
10591
11770
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
10594
#: serverguide/C/other-apps.xml:369(para)
11773
#: serverguide/C/other-apps.xml:322(para)
10596
11775
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
10597
11776
"the buffer)"
10600
#: serverguide/C/other-apps.xml:370(para)
10601
msgid "<emphasis>C-u</emphasis> - Scrolls a half page up"
10604
#: serverguide/C/other-apps.xml:371(para)
10605
msgid "<emphasis>C-b</emphasis> - Scrolls a full page up"
10608
#: serverguide/C/other-apps.xml:372(para)
10609
msgid "<emphasis>C-d</emphasis> - Scrolls a half page down"
10612
#: serverguide/C/other-apps.xml:373(para)
10613
msgid "<emphasis>C-f</emphasis> - Scrolls the full page down"
10616
#: serverguide/C/other-apps.xml:374(para)
11779
#: serverguide/C/other-apps.xml:323(para)
10617
11780
msgid "<emphasis>/</emphasis> - Search forward"
10620
#: serverguide/C/other-apps.xml:375(para)
11783
#: serverguide/C/other-apps.xml:324(para)
10621
11784
msgid "<emphasis>?</emphasis> - Search backward"
10624
#: serverguide/C/other-apps.xml:376(para)
11787
#: serverguide/C/other-apps.xml:325(para)
10626
11789
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
10629
#: serverguide/C/other-apps.xml:385(para)
11792
#: serverguide/C/other-apps.xml:334(para)
10631
11794
"See the <ulink "
10632
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/update-"
10633
"motd.1.html\">update-motd man page</ulink> for more options available to "
11795
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
11796
"update-motd man page</ulink> for more options available to "
10634
11797
"<application>update-motd</application>."
10637
#: serverguide/C/other-apps.xml:391(para)
11800
#: serverguide/C/other-apps.xml:340(para)
10639
11802
"The Debian Package of the Day <ulink "
10640
11803
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
10686
11857
"networking, including an overview of network concepts and detailed "
10687
11858
"discussion of popular network protocols."
11860
"Aquesta secció proporciona informació general i específica referent a les "
11861
"xarxes. Inclou un resum dels conceptes relacionats amb les xarxes i una "
11862
"descripció detallada dels protocols de xarxa més populars."
10690
#: serverguide/C/network-config.xml:26(title)
11864
#: serverguide/C/network-config.xml:27(title)
10691
11865
msgid "Network Configuration"
11866
msgstr "Configuració de la xarxa"
10694
#: serverguide/C/network-config.xml:27(para)
11868
#: serverguide/C/network-config.xml:28(para)
10696
11870
"Ubuntu ships with a number of graphical utilities to configure your network "
10697
11871
"devices. This document is geared toward server administrators and will focus "
10698
11872
"on managing your network on the command line."
10701
#: serverguide/C/network-config.xml:33(title)
10705
#: serverguide/C/network-config.xml:34(para)
10707
"Most Ethernet configuration is centralized in a single file, "
10708
"<filename>/etc/network/interfaces</filename>. If you have no Ethernet "
10709
"devices, only the loopback interface will appear in this file, and it will "
10710
"look something like this:"
10713
#: serverguide/C/network-config.xml:40(programlisting)
10717
"# This file describes the network interfaces available on your system\n"
10718
"# and how to activate them. For more information, see interfaces(5).\n"
10720
"# The loopback network interface\n"
10722
"iface lo inet loopback\n"
10723
"address 127.0.0.1\n"
10724
"netmask 255.0.0.0\n"
10727
#: serverguide/C/network-config.xml:50(para)
10729
"If you have only one Ethernet device, eth0, and it gets its configuration "
10730
"from a DHCP server, and it should come up automatically at boot, only two "
10731
"additional lines are required:"
10734
#: serverguide/C/network-config.xml:55(programlisting)
11875
#: serverguide/C/network-config.xml:35(title)
11876
msgid "Ethernet Interfaces"
11879
#: serverguide/C/network-config.xml:36(para)
11881
"Ethernet interfaces are identified by the system using the naming convention "
11882
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11883
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11884
"interface is typically identified as <emphasis "
11885
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11886
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11890
#: serverguide/C/network-config.xml:46(title)
11891
msgid "Identify Ethernet Interfaces"
11894
#: serverguide/C/network-config.xml:47(para)
11896
"To quickly identify all available Ethernet interfaces, you can use the "
11897
"<application>ifconfig</application> command as shown below."
11900
#: serverguide/C/network-config.xml:52(userinput)
11902
msgid "ifconfig -a | grep eth"
11905
#: serverguide/C/network-config.xml:51(screen)
11909
"<placeholder-1/>\n"
11910
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11913
#: serverguide/C/network-config.xml:55(para)
11915
"Another application that can help identify all network interfaces available "
11916
"to your system is the <application>lshw</application> command. In the "
11917
"example below, <application>lshw</application> shows a single Ethernet "
11918
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11919
"along with bus information, driver details and all supported capabilities."
11922
#: serverguide/C/network-config.xml:62(userinput)
11924
msgid "sudo lshw -class network"
11927
#: serverguide/C/network-config.xml:61(screen)
11931
"<placeholder-1/>\n"
11933
" description: Ethernet interface\n"
11934
" product: BCM4401-B0 100Base-TX\n"
11935
" vendor: Broadcom Corporation\n"
11936
" physical id: 0\n"
11937
" bus info: pci@0000:03:00.0\n"
11938
" logical name: eth0\n"
11940
" serial: 00:15:c5:4a:16:5a\n"
11942
" capacity: 100MB/s\n"
11943
" width: 32 bits\n"
11945
" capabilities: (snipped for brevity)\n"
11946
" configuration: (snipped for brevity)\n"
11947
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11950
#: serverguide/C/network-config.xml:83(title)
11951
msgid "Ethernet Interface Logical Names"
11954
#: serverguide/C/network-config.xml:84(para)
11956
"Interface logical names are configured in the file "
11957
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11958
"like control which interface receives a particular logical name, find the "
11959
"line matching the interfaces physical MAC address and modify the value of "
11960
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11961
"Reboot the system to commit your changes."
11964
#: serverguide/C/network-config.xml:92(programlisting)
11968
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11969
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11970
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11971
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11972
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11973
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11976
#: serverguide/C/network-config.xml:99(title)
11977
msgid "Ethernet Interface Settings"
11980
#: serverguide/C/network-config.xml:100(para)
11982
"<application>ethtool</application> is a program that displays and changes "
11983
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11984
"and Wake-on-LAN. It is not installed by default, but is available for "
11985
"installation in the repositories."
11988
#: serverguide/C/network-config.xml:106(userinput)
11990
msgid "sudo apt-get install ethtool"
11993
#: serverguide/C/network-config.xml:108(para)
11995
"The following is an example of how to view supported features and configured "
11996
"settings of an Ethernet interface."
11999
#: serverguide/C/network-config.xml:113(userinput)
12001
msgid "sudo ethtool eth0"
12004
#: serverguide/C/network-config.xml:112(screen)
12008
"<placeholder-1/>\n"
12009
"Settings for eth0:\n"
12010
" Supported ports: [ TP ]\n"
12011
" Supported link modes: 10baseT/Half 10baseT/Full \n"
12012
" 100baseT/Half 100baseT/Full \n"
12013
" 1000baseT/Half 1000baseT/Full \n"
12014
" Supports auto-negotiation: Yes\n"
12015
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
12016
" 100baseT/Half 100baseT/Full \n"
12017
" 1000baseT/Half 1000baseT/Full \n"
12018
" Advertised auto-negotiation: Yes\n"
12019
" Speed: 1000Mb/s\n"
12021
" Port: Twisted Pair\n"
12023
" Transceiver: internal\n"
12024
" Auto-negotiation: on\n"
12025
" Supports Wake-on: g\n"
12027
" Current message level: 0x000000ff (255)\n"
12028
" Link detected: yes\n"
12031
#: serverguide/C/network-config.xml:135(para)
12033
"Changes made with the <application>ethtool</application> command are "
12034
"temporary and will be lost after a reboot. If you would like to retain "
12035
"settings, simply add the desired <application>ethtool</application> command "
12036
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
12037
"configuration file <filename>/etc/network/interfaces</filename>."
12040
#: serverguide/C/network-config.xml:141(para)
12042
"The following is an example of how the interface identified as <emphasis "
12043
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
12044
"speed of 1000Mb/s running in full duplex mode."
12047
#: serverguide/C/network-config.xml:145(programlisting)
12052
"iface eth0 inet static\n"
12053
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
12056
#: serverguide/C/network-config.xml:151(para)
12058
"Although the example above shows the interface configured to use the "
12059
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
12060
"other methods as well, such as DHCP. The example is meant to demonstrate "
12061
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
12062
"statement in relation to the rest of the interface configuration."
12065
#: serverguide/C/network-config.xml:163(title)
12066
msgid "IP Addressing"
12069
#: serverguide/C/network-config.xml:164(para)
12071
"The following section describes the process of configuring your systems IP "
12072
"address and default gateway needed for communicating on a local area network "
12073
"and the Internet."
12076
#: serverguide/C/network-config.xml:171(title)
12077
msgid "Temporary IP Address Assignment"
12080
#: serverguide/C/network-config.xml:172(para)
12082
"For temporary network configurations, you can use standard commands such as "
12083
"<application>ip</application>, <application>ifconfig</application> and "
12084
"<application>route</application>, which are also found on most other "
12085
"GNU/Linux operating systems. These commands allow you to configure settings "
12086
"which take effect immediately, however they are not persistent and will be "
12087
"lost after a reboot."
12090
#: serverguide/C/network-config.xml:180(para)
12092
"To temporarily configure an IP address, you can use the "
12093
"<application>ifconfig</application> command in the following manner. Just "
12094
"modify the IP address and subnet mask to match your network requirements."
12097
#: serverguide/C/network-config.xml:186(userinput)
12099
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
12102
#: serverguide/C/network-config.xml:188(para)
12104
"To verify the IP address configuration of <application>eth0</application>, "
12105
"you can use the <application>ifconfig</application> command in the following "
12109
#: serverguide/C/network-config.xml:193(userinput)
12111
msgid "ifconfig eth0"
12114
#: serverguide/C/network-config.xml:192(screen)
12118
"<placeholder-1/>\n"
12119
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
12120
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
12121
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
12122
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
12123
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
12124
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
12125
" collisions:0 txqueuelen:1000 \n"
12126
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
12130
#: serverguide/C/network-config.xml:204(para)
12132
"To configure a default gateway, you can use the "
12133
"<application>route</application> command in the following manner. Modify the "
12134
"default gateway address to match your network requirements."
12137
#: serverguide/C/network-config.xml:210(userinput)
12139
msgid "sudo route add default gw 10.0.0.1 eth0"
12142
#: serverguide/C/network-config.xml:212(para)
12144
"To verify your default gateway configuration, you can use the "
12145
"<application>route</application> command in the following manner."
12148
#: serverguide/C/network-config.xml:217(userinput)
12153
#: serverguide/C/network-config.xml:216(screen)
12157
"<placeholder-1/>\n"
12158
"Kernel IP routing table\n"
12159
"Destination Gateway Genmask Flags Metric Ref Use "
12161
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
12163
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
12167
#: serverguide/C/network-config.xml:223(para)
12169
"If you require DNS for your temporary network configuration, you can add DNS "
12170
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
12171
"example below shows how to enter two DNS servers to "
12172
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
12173
"appropriate for your network. A more lengthy description of DNS client "
12174
"configuration is in a following section."
12177
#: serverguide/C/network-config.xml:230(programlisting)
12181
"nameserver 8.8.8.8\n"
12182
"nameserver 8.8.4.4\n"
12185
#: serverguide/C/network-config.xml:234(para)
12187
"If you no longer need this configuration and wish to purge all IP "
12188
"configuration from an interface, you can use the "
12189
"<application>ip</application> command with the flush option as shown below."
12192
#: serverguide/C/network-config.xml:240(userinput)
12194
msgid "ip addr flush eth0"
12197
#: serverguide/C/network-config.xml:243(para)
12199
"Flushing the IP configuration using the <application>ip</application> "
12200
"command does not clear the contents of "
12201
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
12202
"entries manually."
12205
#: serverguide/C/network-config.xml:251(title)
12206
msgid "Dynamic IP Address Assignment (DHCP Client)"
12209
#: serverguide/C/network-config.xml:252(para)
12211
"To configure your server to use DHCP for dynamic address assignment, add the "
12212
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12213
"statement for the appropriate interface in the file "
12214
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12215
"are configuring your first Ethernet interface identified as <emphasis "
12216
"role=\"italic\">eth0</emphasis>."
12219
#: serverguide/C/network-config.xml:259(programlisting)
10739
12224
"iface eth0 inet dhcp\n"
10742
#: serverguide/C/network-config.xml:59(para)
10744
"The first line specifies that the eth0 device should come up automatically "
10745
"when you boot. The second line means that interface (<quote>iface</quote>) "
10746
"eth0 should have an IPv4 address space (replace <quote>inet</quote> with "
10747
"<quote>inet6</quote> for an IPv6 device) and that it should get its "
10748
"configuration automatically from DHCP. Assuming your network and DHCP server "
10749
"are properly configured, this machine's network should need no further "
10750
"configuration to operate properly. The DHCP server will provide the default "
10751
"gateway (implemented via the <application>route</application> command), the "
10752
"device's IP address (implemented via the <application>ifconfig</application> "
10753
"command), and DNS servers used on the network (implemented in the "
10754
"<filename>/etc/resolv.conf</filename> file.)"
10757
#: serverguide/C/network-config.xml:72(para)
10759
"To configure your Ethernet device with a static IP address and custom "
10760
"configuration, some more information will be required. Suppose you want to "
10761
"assign the IP address 192.168.0.2 to the device eth1, with the typical "
10762
"netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. "
10763
"You would enter something like this into "
10764
"<filename>/etc/network/interfaces</filename>:"
10767
#: serverguide/C/network-config.xml:79(programlisting)
10771
"iface eth1 inet static\n"
10772
"\taddress 192.168.0.2\n"
10773
"\tnetmask 255.255.255.0\n"
10774
"\tgateway 192.168.0.1\n"
10777
#: serverguide/C/network-config.xml:85(para)
10779
"In this case, you will need to specify your DNS servers manually in "
10780
"<filename>/etc/resolv.conf</filename>, which should look something like this:"
10783
#: serverguide/C/network-config.xml:89(programlisting)
10787
"search mydomain.example\n"
10788
"nameserver 192.168.0.1\n"
10789
"nameserver 4.2.2.2\n"
10792
#: serverguide/C/network-config.xml:94(para)
10794
"The <emphasis role=\"italics\">search</emphasis> directive will append "
10795
"mydomain.example to hostname queries in an attempt to resolve names to your "
10796
"network. For example, if your network's domain is mydomain.example and you "
10797
"try to ping the host <quote>mybox</quote>, the DNS query will be modified to "
10798
"<quote>mybox.mydomain.example</quote> for resolution. The <emphasis "
10799
"role=\"italics\">nameserver</emphasis> directives specify DNS servers to be "
10800
"used to resolve hostnames to IP addresses. If you use your own nameserver, "
10801
"enter it here. Otherwise, ask your Internet Service Provider for the primary "
10802
"and secondary DNS servers to use, and enter them into "
10803
"<filename>/etc/resolv.conf</filename> as shown above."
10806
#: serverguide/C/network-config.xml:106(para)
10808
"Many more configurations are possible, including dialup PPP interfaces, IPv6 "
10809
"networking, VPN devices, etc. Refer to <application>man 5 "
10810
"interfaces</application> for more information and supported options. "
10811
"Remember that <filename>/etc/network/interfaces</filename> is used by the "
10812
"<application>ifup</application>/<application>ifdown</application> scripts as "
10813
"a higher level configuration scheme than may be used in some other Linux "
10814
"distributions, and that the traditional, lower level utilities such as "
10815
"<application>ifconfig</application>, <application>route</application>, and "
10816
"<application>dhclient</application> are still available to you for ad hoc "
10820
#: serverguide/C/network-config.xml:120(title)
10821
msgid "Managing DNS Entries"
10824
#: serverguide/C/network-config.xml:121(para)
10826
"This section explains how to configure which nameserver to use when "
10827
"resolving IP addresses to hostnames and vice versa. It does not explain how "
10828
"to configure the system as a name server."
10831
#: serverguide/C/network-config.xml:126(para)
10833
"To manage DNS entries, you can add, edit, or remove DNS names from the "
10834
"<filename>/etc/resolv.conf</filename> file. A sample file is given below:"
10837
#: serverguide/C/network-config.xml:130(programlisting)
10842
"nameserver 204.11.126.131\n"
10843
"nameserver 64.125.134.133\n"
10844
"nameserver 64.125.134.132\n"
10845
"nameserver 208.185.179.218\n"
10848
#: serverguide/C/network-config.xml:138(para)
10850
"The <application>search</application> key specifies the string which will be "
10851
"appended to an incomplete hostname. Here, we have configured it to "
10852
"<application>com</application>. So, when we run: <command>ping "
10853
"ubuntu</command> it would be interpreted as <command>ping "
10854
"ubuntu.com</command>."
10857
#: serverguide/C/network-config.xml:146(para)
10859
"The <application>nameserver</application> key specifies the nameserver IP "
10860
"address. It will be used to resolve a given IP address or hostname. This "
10861
"file can have multiple nameserver entries. The nameservers will be used by "
10862
"the network query in the same order."
10865
#: serverguide/C/network-config.xml:155(para)
10867
"If the DNS server names are retrieved dynamically from DHCP or PPPoE "
10868
"(retrieved from your ISP), do not add nameserver entries in this file. It "
10869
"will be overwritten."
10872
#: serverguide/C/network-config.xml:164(title)
10873
msgid "Managing Hosts"
10876
#: serverguide/C/network-config.xml:165(para)
10878
"To manage hosts, you can add, edit, or remove hosts from "
10879
"<filename>/etc/hosts</filename> file. The file contains IP addresses and "
10880
"their corresponding hostnames. When your system tries to resolve a hostname "
10881
"to an IP address or determine the hostname for an IP address, it refers to "
10882
"the <filename>/etc/hosts</filename> file before using the name servers. If "
10883
"the IP address is listed in the <filename>/etc/hosts</filename> file, the "
10884
"name servers are not used. This behavior can be modified by editing "
10885
"<filename>/etc/nsswitch.conf</filename> at your peril."
10888
#: serverguide/C/network-config.xml:178(para)
10890
"If your network contains computers whose IP addresses are not listed in DNS, "
10891
"it is recommended that you add them to the <filename>/etc/hosts</filename> "
10895
#: serverguide/C/network-config.xml:186(title)
12227
#: serverguide/C/network-config.xml:263(para)
12229
"By adding an interface configuration as shown above, you can manually enable "
12230
"the interface through the <application>ifup</application> command which "
12231
"initiates the DHCP process via <application>dhclient</application>."
12234
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
12236
msgid "sudo ifup eth0"
12239
#: serverguide/C/network-config.xml:271(para)
12241
"To manually disable the interface, you can use the "
12242
"<application>ifdown</application> command, which in turn will initiate the "
12243
"DHCP release process and shut down the interface."
12246
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
12248
msgid "sudo ifdown eth0"
12251
#: serverguide/C/network-config.xml:282(title)
12252
msgid "Static IP Address Assignment"
12255
#: serverguide/C/network-config.xml:283(para)
12257
"To configure your system to use a static IP address assignment, add the "
12258
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12259
"family statement for the appropriate interface in the file "
12260
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12261
"are configuring your first Ethernet interface identified as <emphasis "
12262
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
12263
"role=\"italic\">address</emphasis>, <emphasis "
12264
"role=\"italic\">netmask</emphasis>, and <emphasis "
12265
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
12269
#: serverguide/C/network-config.xml:292(programlisting)
12274
"iface eth0 inet static\n"
12275
"address 10.0.0.100\n"
12276
"netmask 255.255.255.0\n"
12277
"gateway 10.0.0.1\n"
12280
#: serverguide/C/network-config.xml:299(para)
12282
"By adding an interface configuration as shown above, you can manually enable "
12283
"the interface through the <application>ifup</application> command."
12286
#: serverguide/C/network-config.xml:306(para)
12288
"To manually disable the interface, you can use the "
12289
"<application>ifdown</application> command."
12292
#: serverguide/C/network-config.xml:316(title)
12293
msgid "Loopback Interface"
12296
#: serverguide/C/network-config.xml:317(para)
12298
"The loopback interface is identified by the system as <emphasis "
12299
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12300
"can be viewed using the ifconfig command."
12303
#: serverguide/C/network-config.xml:322(userinput)
12305
msgid "ifconfig lo"
12308
#: serverguide/C/network-config.xml:321(screen)
12312
"<placeholder-1/>\n"
12313
"lo Link encap:Local Loopback \n"
12314
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
12315
" inet6 addr: ::1/128 Scope:Host\n"
12316
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
12317
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
12318
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
12319
" collisions:0 txqueuelen:0 \n"
12320
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12323
#: serverguide/C/network-config.xml:332(para)
12325
"By default, there should be two lines in "
12326
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12327
"configuring your loopback interface. It is recommended that you keep the "
12328
"default settings unless you have a specific purpose for changing them. An "
12329
"example of the two default lines are shown below."
12332
#: serverguide/C/network-config.xml:338(programlisting)
12337
"iface lo inet loopback\n"
12340
#: serverguide/C/network-config.xml:347(title)
12341
msgid "Name Resolution"
12344
#: serverguide/C/network-config.xml:348(para)
12346
"Name resolution as it relates to IP networking is the process of mapping IP "
12347
"addresses to hostnames, making it easier to identify resources on a network. "
12348
"The following section will explain how to properly configure your system for "
12349
"name resolution using DNS and static hostname records."
12352
#: serverguide/C/network-config.xml:356(title)
12353
msgid "DNS Client Configuration"
12356
#: serverguide/C/network-config.xml:357(para)
12358
"To configure your system to use DNS for name resolution, add the IP "
12359
"addresses of the DNS servers that are appropriate for your network in the "
12360
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12361
"suffix search-lists to match your network domain names."
12364
#: serverguide/C/network-config.xml:362(para)
12366
"Below is an example of a typical configuration of "
12367
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12368
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12371
#: serverguide/C/network-config.xml:367(programlisting)
12375
"search example.com\n"
12376
"nameserver 8.8.8.8\n"
12377
"nameserver 8.8.4.4\n"
12380
#: serverguide/C/network-config.xml:372(para)
12382
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12383
"multiple domain names so that DNS queries will be appended in the order in "
12384
"which they are entered. For example, your network may have multiple sub-"
12385
"domains to search; a parent domain of <emphasis "
12386
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12387
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12388
"role=\"italic\">dev.example.com</emphasis>."
12391
#: serverguide/C/network-config.xml:380(para)
12393
"If you have multiple domains you wish to search, your configuration might "
12394
"look like the following."
12397
#: serverguide/C/network-config.xml:383(programlisting)
12401
"search example.com sales.example.com dev.example.com\n"
12402
"nameserver 8.8.8.8\n"
12403
"nameserver 8.8.4.4\n"
12406
#: serverguide/C/network-config.xml:388(para)
12408
"If you try to ping a host with the name of <emphasis "
12409
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12410
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12413
#: serverguide/C/network-config.xml:394(para)
12414
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12417
#: serverguide/C/network-config.xml:399(para)
12418
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12421
#: serverguide/C/network-config.xml:404(para)
12422
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12425
#: serverguide/C/network-config.xml:409(para)
12427
"If no matches are found, the DNS server will provide a result of <emphasis "
12428
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12431
#: serverguide/C/network-config.xml:416(title)
12432
msgid "Static Hostnames"
12435
#: serverguide/C/network-config.xml:417(para)
12437
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12438
"file <filename>/etc/hosts</filename>. Entries in the "
12439
"<filename>hosts</filename> file will have precedence over DNS by default. "
12440
"This means that if your system tries to resolve a hostname and it matches an "
12441
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12442
"some configurations, especially when Internet access is not required, "
12443
"servers that communicate with a limited number of resources can be "
12444
"conveniently set to use static hostnames instead of DNS."
12447
#: serverguide/C/network-config.xml:424(para)
12449
"The following is an example of a <filename>hosts</filename> file where a "
12450
"number of local servers have been identified by simple hostnames, aliases "
12451
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12454
#: serverguide/C/network-config.xml:428(programlisting)
12458
"127.0.0.1\tlocalhost\n"
12459
"127.0.1.1\tubuntu-server\n"
12460
"10.0.0.11\tserver1 vpn server1.example.com\n"
12461
"10.0.0.12\tserver2 mail server2.example.com\n"
12462
"10.0.0.13\tserver3 www server3.example.com\n"
12463
"10.0.0.14\tserver4 file server4.example.com\n"
12466
#: serverguide/C/network-config.xml:437(para)
12468
"In the above example, notice that each of the servers have been given "
12469
"aliases in addition to their proper names and FQDN's. <emphasis "
12470
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12471
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12472
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12473
"role=\"italic\">server3</emphasis> as <emphasis "
12474
"role=\"italic\">www</emphasis>, and <emphasis "
12475
"role=\"italic\">server4</emphasis> as <emphasis "
12476
"role=\"italic\">file</emphasis>."
12479
#: serverguide/C/network-config.xml:449(title)
12480
msgid "Name Service Switch Configuration"
12483
#: serverguide/C/network-config.xml:450(para)
12485
"The order in which your system selects a method of resolving hostnames to IP "
12486
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12487
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12488
"section, typically static hostnames defined in the systems "
12489
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12490
"from DNS. The following is an example of the line responsible for this order "
12491
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12494
#: serverguide/C/network-config.xml:458(programlisting)
12498
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12501
#: serverguide/C/network-config.xml:464(para)
12503
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12504
"hostnames located in <filename>/etc/hosts</filename>."
12507
#: serverguide/C/network-config.xml:470(para)
12509
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12510
"name using Multicast DNS."
12513
#: serverguide/C/network-config.xml:475(para)
12515
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12516
"of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
12517
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12518
"authoritative and that the system should not try to continue hunting for an "
12522
#: serverguide/C/network-config.xml:483(para)
12524
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12527
#: serverguide/C/network-config.xml:488(para)
12529
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12532
#: serverguide/C/network-config.xml:494(para)
12534
"To modify the order of the above mentioned name resolution methods, you can "
12535
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12536
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12537
"versus Multicast DNS, you can change the string in "
12538
"<filename>/etc/nsswitch.conf</filename> as shown below."
12541
#: serverguide/C/network-config.xml:501(programlisting)
12545
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12548
#: serverguide/C/network-config.xml:508(title)
10896
12549
msgid "Bridging"
10899
#: serverguide/C/network-config.xml:188(para)
12552
#: serverguide/C/network-config.xml:510(para)
10901
12554
"Bridging multiple interfaces is a more advanced configuration, but is very "
10902
12555
"useful in multiple scenarios. One scenario is setting up a bridge with "
11693
13369
#: serverguide/C/network-auth.xml:60(command)
11694
13370
msgid "sudo apt-get install slapd ldap-utils"
13371
msgstr "sudo apt-get install slapd ldap-utils"
11697
13373
#: serverguide/C/network-auth.xml:63(para)
11699
"The installation process will prompt you for the LDAP directory admin "
11700
"password and confirmation."
13375
"By default <application>slapd</application> is configured with minimal "
13376
"options needed to run the <application>slapd</application> daemon."
11703
13379
#: serverguide/C/network-auth.xml:68(para)
11705
"By default the directory suffix will match the domain name of the server. "
11706
"For example, if the machine's Fully Qualified Domain Name (FQDN) is "
11707
"ldap.example.com, the default suffix will be "
11708
"<emphasis>dc=example,dc=com</emphasis>. If you require a different suffix, "
11709
"the directory can be reconfigured using <application>dpkg-"
11710
"reconfigure</application>. Enter the following in a terminal prompt:"
11713
#: serverguide/C/network-auth.xml:78(command)
11714
msgid "sudo dpkg-reconfigure slapd"
11717
#: serverguide/C/network-auth.xml:81(para)
11719
"You will then be taken through a menu based configuration dialog, allowing "
11720
"you to configure various <application>slapd</application> options."
11723
#: serverguide/C/network-auth.xml:90(para)
11725
"<application>OpenLDAP</application> uses a separate database which contains "
13381
"The configuration example in the following sections will match the domain "
13382
"name of the server. For example, if the machine's Fully Qualified Domain "
13383
"Name (FQDN) is ldap.example.com, the default suffix will be "
13384
"<emphasis>dc=example,dc=com</emphasis>."
13387
#: serverguide/C/network-auth.xml:76(title)
13388
msgid "Populating LDAP"
13391
#: serverguide/C/network-auth.xml:78(para)
13393
"<application>OpenLDAP</application> uses a separate directory which contains "
11726
13394
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
11727
13395
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
11728
13396
"<application>slapd</application> daemon, allowing the modification of schema "
11729
13397
"definitions, indexes, ACLs, etc without stopping the service."
11732
#: serverguide/C/network-auth.xml:98(para)
11734
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
11735
"utilities in the <application>ldap-utils</application> package. For example:"
11738
#: serverguide/C/network-auth.xml:106(para)
11740
"Use <application>ldapsearch</application> to view the tree, entering the "
11741
"admin password set during installation or reconfiguration:"
11744
#: serverguide/C/network-auth.xml:112(command)
11746
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
11749
#: serverguide/C/network-auth.xml:116(computeroutput)
11752
"Enter LDAP Password: \n"
11753
"dn: olcDatabase={1}hdb,cn=config\n"
11754
"objectClass: olcDatabaseConfig\n"
11755
"objectClass: olcHdbConfig\n"
11756
"olcDatabase: {1}hdb\n"
11757
"olcDbDirectory: /var/lib/ldap\n"
11758
"olcSuffix: dc=example,dc=com\n"
11759
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
11760
"dn=\"cn=admin,dc=exampl\n"
11761
" e,dc=com\" write by anonymous auth by self write by * none\n"
11762
"olcAccess: {1}to dn.base=\"\" by * read\n"
11763
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
11764
"olcLastMod: TRUE\n"
11765
"olcDbCheckpoint: 512 30\n"
11766
"olcDbConfig: {0}set_cachesize 0 2097152 0\n"
11767
"olcDbConfig: {1}set_lk_max_objects 1500\n"
11768
"olcDbConfig: {2}set_lk_max_locks 1500\n"
11769
"olcDbConfig: {3}set_lk_max_lockers 1500\n"
11770
"olcDbIndex: objectClass eq\n"
11773
#: serverguide/C/network-auth.xml:137(para)
11775
"The output above is the current configuration options for the "
11776
"<emphasis>hdb</emphasis> backend database. Which in this case containes the "
11777
"<emphasis>dc=example,dc=com</emphasis> suffix."
11780
#: serverguide/C/network-auth.xml:146(para)
11782
"Refine the search by supplying a <emphasis "
11783
"role=\"italic\">filter</emphasis>, in this case only show which attributes "
11787
#: serverguide/C/network-auth.xml:152(command)
11789
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
11793
#: serverguide/C/network-auth.xml:156(computeroutput)
11796
"Enter LDAP Password: \n"
11797
"dn: olcDatabase={1}hdb,cn=config\n"
11798
"olcDbIndex: objectClass eq\n"
11801
#: serverguide/C/network-auth.xml:165(para)
11803
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
11804
"another attribute to the index list using "
11805
"<application>ldapmodify</application>:"
11808
#: serverguide/C/network-auth.xml:171(command) serverguide/C/network-auth.xml:722(command) serverguide/C/network-auth.xml:838(command) serverguide/C/network-auth.xml:861(command) serverguide/C/network-auth.xml:2417(command) serverguide/C/network-auth.xml:2434(command)
11809
msgid "ldapmodify -x -D cn=admin,cn=config -W"
11812
#: serverguide/C/network-auth.xml:175(userinput)
11816
"dn: olcDatabase={1}hdb,cn=config\n"
11817
"add: olcDbIndex\n"
11818
"olcDbIndex: entryUUID eq"
11821
#: serverguide/C/network-auth.xml:175(computeroutput)
11824
"Enter LDAP Password:<placeholder-1/>\n"
11826
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11829
#: serverguide/C/network-auth.xml:184(para)
11831
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
11832
"exit the utility."
11835
#: serverguide/C/network-auth.xml:191(para)
11837
"<application>ldapmodify</application> can also read the changes from a file. "
11838
"Copy and paste the following into a file named "
11839
"<filename>uid_index.ldif</filename>:"
11842
#: serverguide/C/network-auth.xml:196(programlisting)
11846
"dn: olcDatabase={1}hdb,cn=config\n"
11847
"add: olcDbIndex\n"
11848
"olcDbIndex: uid eq,pres,sub\n"
11851
#: serverguide/C/network-auth.xml:202(para)
11852
msgid "Then execute <application>ldapmodify</application>:"
11855
#: serverguide/C/network-auth.xml:207(command)
11856
msgid "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
11859
#: serverguide/C/network-auth.xml:211(computeroutput)
11862
"Enter LDAP Password: \n"
11863
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11866
#: serverguide/C/network-auth.xml:216(para)
11867
msgid "The file method is very useful for large changes."
11870
#: serverguide/C/network-auth.xml:223(para)
11872
"Adding additional <emphasis>schemas</emphasis> to "
11873
"<application>slapd</application> requires the schema to be converted to LDIF "
11874
"format. Fortunately, the <application>slapd</application> program can be "
11875
"used to automate the conversion. The following example will add the "
11876
"<emphasis>misc.schema</emphasis>:"
11879
#: serverguide/C/network-auth.xml:231(para)
11881
"First, create a conversion <filename>schema_convert.conf</filename> file "
11882
"containing the following lines:"
11885
#: serverguide/C/network-auth.xml:236(programlisting)
11889
"include /etc/ldap/schema/core.schema\n"
11890
"include /etc/ldap/schema/collective.schema\n"
11891
"include /etc/ldap/schema/corba.schema\n"
11892
"include /etc/ldap/schema/cosine.schema\n"
11893
"include /etc/ldap/schema/duaconf.schema\n"
11894
"include /etc/ldap/schema/dyngroup.schema\n"
11895
"include /etc/ldap/schema/inetorgperson.schema\n"
11896
"include /etc/ldap/schema/java.schema\n"
11897
"include /etc/ldap/schema/misc.schema\n"
11898
"include /etc/ldap/schema/nis.schema\n"
11899
"include /etc/ldap/schema/openldap.schema\n"
11900
"include /etc/ldap/schema/ppolicy.schema\n"
11903
#: serverguide/C/network-auth.xml:254(para) serverguide/C/network-auth.xml:1318(para)
11904
msgid "Next, create a temporary directory to hold the output:"
11907
#: serverguide/C/network-auth.xml:259(command) serverguide/C/network-auth.xml:1323(command) serverguide/C/network-auth.xml:2347(command)
11908
msgid "mkdir /tmp/ldif_output"
11911
#: serverguide/C/network-auth.xml:265(para)
11913
"Now using <application>slapcat</application> convert the schema files to "
11917
#: serverguide/C/network-auth.xml:270(command)
11919
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
11920
"\"cn={8}misc,cn=schema,cn=config\" > /tmp/cn=misc.ldif"
11923
#: serverguide/C/network-auth.xml:273(para)
11925
"Adjust the configuration file name and temporary directory names if yours "
11926
"are different. Also, it may be worthwhile to keep the "
11927
"<filename>ldif_output</filename> directory around in case you want to add "
11928
"additional schemas in the future."
11931
#: serverguide/C/network-auth.xml:282(para)
11933
"Edit the <filename>/tmp/cn\\=misc.ldif</filename> file, changing the "
11934
"following attributes:"
11937
#: serverguide/C/network-auth.xml:286(programlisting)
11941
"dn: cn=misc,cn=schema,cn=config\n"
11946
#: serverguide/C/network-auth.xml:292(para) serverguide/C/network-auth.xml:1354(para)
11947
msgid "And remove the following lines from the bottom of the file:"
11950
#: serverguide/C/network-auth.xml:296(programlisting)
11954
"structuralObjectClass: olcSchemaConfig\n"
11955
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
11956
"creatorsName: cn=config\n"
11957
"createTimestamp: 20080826021140Z\n"
11958
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
11959
"modifiersName: cn=config\n"
11960
"modifyTimestamp: 20080826021140Z\n"
11963
#: serverguide/C/network-auth.xml:307(para) serverguide/C/network-auth.xml:1369(para) serverguide/C/network-auth.xml:2393(para)
11965
"The attribute values will vary, just be sure the attributes are removed."
11968
#: serverguide/C/network-auth.xml:315(para) serverguide/C/network-auth.xml:1377(para)
11970
"Finally, using the <application>ldapadd</application> utility, add the new "
11971
"schema to the directory:"
11974
#: serverguide/C/network-auth.xml:321(command)
11975
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=misc.ldif"
11978
#: serverguide/C/network-auth.xml:327(para)
11980
"There should now be a <emphasis>dn: "
11981
"cn={4}misc,cn=schema,cn=config</emphasis> entry in the cn=config tree."
11984
#: serverguide/C/network-auth.xml:336(title)
11985
msgid "Populating LDAP"
11988
#: serverguide/C/network-auth.xml:338(para)
11990
"The directory has been created during installation and reconfiguration, and "
11991
"now it is time to populate it. It will be populated with a \"classical\" "
11992
"scheme that will be compatible with address book applications and with Unix "
11993
"Posix accounts. Posix accounts will allow authentication to various "
11994
"applications, such as web applications, email Mail Transfer Agent (MTA) "
11995
"applications, etc."
11998
#: serverguide/C/network-auth.xml:347(para)
13400
#: serverguide/C/network-auth.xml:86(para)
13402
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13403
"configuration and will need additional configuration options in order to "
13404
"populate the frontend directory. The frontend will be populated with a "
13405
"\"classical\" scheme that will be compatible with address book applications "
13406
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13407
"various applications, such as web applications, email Mail Transfer Agent "
13408
"(MTA) applications, etc."
13411
#: serverguide/C/network-auth.xml:95(para)
12000
13413
"For external applications to authenticate using LDAP they will each need to "
12001
13414
"be specifically configured to do so. Refer to the individual application "
12002
13415
"documentation for details."
12005
#: serverguide/C/network-auth.xml:354(para)
12007
"LDAP directories can be populated with LDIF (LDAP Directory Interchange "
12008
"Format) files. Copy the following example LDIF file, naming it "
12009
"<filename>example.com.ldif</filename>, somewhere on your system:"
12012
#: serverguide/C/network-auth.xml:360(programlisting)
13418
#: serverguide/C/network-auth.xml:103(para)
13420
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13421
"examples to match your LDAP configuration."
13424
#: serverguide/C/network-auth.xml:108(para)
13426
"First, some additional schema files need to be loaded. In a terminal enter:"
13429
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13430
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13433
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13434
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13437
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13439
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13442
#: serverguide/C/network-auth.xml:118(para)
13444
"Next, copy the following example LDIF file, naming it "
13445
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13448
#: serverguide/C/network-auth.xml:123(programlisting)
13452
"# Load dynamic backend modules\n"
13453
"dn: cn=module,cn=config\n"
13454
"objectClass: olcModuleList\n"
13456
"olcModulepath: /usr/lib/ldap\n"
13457
"olcModuleload: back_hdb\n"
13459
"# Database settings\n"
13460
"dn: olcDatabase=hdb,cn=config\n"
13461
"objectClass: olcDatabaseConfig\n"
13462
"objectClass: olcHdbConfig\n"
13463
"olcDatabase: {1}hdb\n"
13464
"olcSuffix: dc=example,dc=com\n"
13465
"olcDbDirectory: /var/lib/ldap\n"
13466
"olcRootDN: cn=admin,dc=example,dc=com\n"
13467
"olcRootPW: secret\n"
13468
"olcDbConfig: set_cachesize 0 2097152 0\n"
13469
"olcDbConfig: set_lk_max_objects 1500\n"
13470
"olcDbConfig: set_lk_max_locks 1500\n"
13471
"olcDbConfig: set_lk_max_lockers 1500\n"
13472
"olcDbIndex: objectClass eq\n"
13473
"olcLastMod: TRUE\n"
13474
"olcDbCheckpoint: 512 30\n"
13475
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13476
"by anonymous auth by self write by * none\n"
13477
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13478
"olcAccess: to dn.base=\"\" by * read\n"
13479
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13483
#: serverguide/C/network-auth.xml:155(para)
13485
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13488
#: serverguide/C/network-auth.xml:160(para)
13489
msgid "Now add the LDIF to the directory:"
13492
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13493
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13496
#: serverguide/C/network-auth.xml:168(para)
13498
"The frontend directory is now ready to be populated. Create a "
13499
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13502
#: serverguide/C/network-auth.xml:173(programlisting)
13506
"# Create top-level object in domain\n"
13507
"dn: dc=example,dc=com\n"
13508
"objectClass: top\n"
13509
"objectClass: dcObject\n"
13510
"objectclass: organization\n"
13511
"o: Example Organization\n"
13513
"description: LDAP Example \n"
13516
"dn: cn=admin,dc=example,dc=com\n"
13517
"objectClass: simpleSecurityObject\n"
13518
"objectClass: organizationalRole\n"
13520
"description: LDAP administrator\n"
13521
"userPassword: secret\n"
12016
13523
"dn: ou=people,dc=example,dc=com\n"
12017
13524
"objectClass: organizationalUnit\n"
12097
13603
"givenName: John\n"
12100
#: serverguide/C/network-auth.xml:438(para)
13606
#: serverguide/C/network-auth.xml:267(para)
12101
13607
msgid "Just a quick explanation:"
12104
#: serverguide/C/network-auth.xml:444(para)
13610
#: serverguide/C/network-auth.xml:273(para)
12106
13612
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
12107
13613
"the default."
13616
#: serverguide/C/network-auth.xml:279(para)
13617
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13620
#: serverguide/C/network-auth.xml:287(title)
13621
msgid "Further Configuration"
13624
#: serverguide/C/network-auth.xml:290(para)
13626
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13627
"utilities in the <application>ldap-utils</application> package. For example:"
13630
#: serverguide/C/network-auth.xml:298(para)
13632
"Use <application>ldapsearch</application> to view the tree, entering the "
13633
"admin password set during installation or reconfiguration:"
13636
#: serverguide/C/network-auth.xml:304(command)
13637
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13640
#: serverguide/C/network-auth.xml:308(computeroutput)
13644
"SASL/EXTERNAL authentication started\n"
13645
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13649
"dn: cn=module{0},cn=config\n"
13651
"dn: cn=schema,cn=config\n"
13653
"dn: cn={0}core,cn=schema,cn=config\n"
13655
"dn: cn={1}cosine,cn=schema,cn=config\n"
13657
"dn: cn={2}nis,cn=schema,cn=config\n"
13659
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13661
"dn: olcDatabase={-1}frontend,cn=config\n"
13663
"dn: olcDatabase={0}config,cn=config\n"
13665
"dn: olcDatabase={1}hdb,cn=config\n"
13668
#: serverguide/C/network-auth.xml:334(para)
13670
"The output above is the current configuration options for the "
13671
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13674
#: serverguide/C/network-auth.xml:342(para)
13676
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13677
"another attribute to the index list using "
13678
"<application>ldapmodify</application>:"
13681
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:984(command) serverguide/C/network-auth.xml:1155(command) serverguide/C/network-auth.xml:1191(command)
13682
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13685
#: serverguide/C/network-auth.xml:356(userinput)
13688
"dn: olcDatabase={1}hdb,cn=config\n"
13689
"add: olcDbIndex\n"
13690
"olcDbIndex: uidNumber eq"
13693
#: serverguide/C/network-auth.xml:352(computeroutput)
13697
"SASL/EXTERNAL authentication started\n"
13698
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13700
"<placeholder-1/>\n"
13702
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13705
#: serverguide/C/network-auth.xml:364(para)
13707
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13708
"exit the utility."
13711
#: serverguide/C/network-auth.xml:371(para)
13713
"<application>ldapmodify</application> can also read the changes from a file. "
13714
"Copy and paste the following into a file named "
13715
"<filename>uid_index.ldif</filename>:"
13718
#: serverguide/C/network-auth.xml:376(programlisting)
13722
"dn: olcDatabase={1}hdb,cn=config\n"
13723
"add: olcDbIndex\n"
13724
"olcDbIndex: uid eq,pres,sub\n"
13727
#: serverguide/C/network-auth.xml:382(para)
13728
msgid "Then execute <application>ldapmodify</application>:"
13731
#: serverguide/C/network-auth.xml:387(command)
13732
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13735
#: serverguide/C/network-auth.xml:391(computeroutput)
13739
"SASL/EXTERNAL authentication started\n"
13740
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13742
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13745
#: serverguide/C/network-auth.xml:399(para)
13746
msgid "The file method is very useful for large changes."
13749
#: serverguide/C/network-auth.xml:406(para)
13751
"Adding additional <emphasis>schemas</emphasis> to "
13752
"<application>slapd</application> requires the schema to be converted to LDIF "
13753
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13754
"directory contains some schema files already converted to LDIF format as "
13755
"demonstrated in the previous section. Fortunately, the "
13756
"<application>slapd</application> program can be used to automate the "
13757
"conversion. The following example will add the "
13758
"<emphasis>dyngoup.schema</emphasis>:"
13761
#: serverguide/C/network-auth.xml:416(para)
13763
"First, create a conversion <filename>schema_convert.conf</filename> file "
13764
"containing the following lines:"
13767
#: serverguide/C/network-auth.xml:421(programlisting)
13771
"include /etc/ldap/schema/core.schema\n"
13772
"include /etc/ldap/schema/collective.schema\n"
13773
"include /etc/ldap/schema/corba.schema\n"
13774
"include /etc/ldap/schema/cosine.schema\n"
13775
"include /etc/ldap/schema/duaconf.schema\n"
13776
"include /etc/ldap/schema/dyngroup.schema\n"
13777
"include /etc/ldap/schema/inetorgperson.schema\n"
13778
"include /etc/ldap/schema/java.schema\n"
13779
"include /etc/ldap/schema/misc.schema\n"
13780
"include /etc/ldap/schema/nis.schema\n"
13781
"include /etc/ldap/schema/openldap.schema\n"
13782
"include /etc/ldap/schema/ppolicy.schema\n"
13785
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1655(para)
13786
msgid "Next, create a temporary directory to hold the output:"
13789
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1660(command) serverguide/C/network-auth.xml:2695(command)
13790
msgid "mkdir /tmp/ldif_output"
12110
13793
#: serverguide/C/network-auth.xml:450(para)
12111
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
12114
#: serverguide/C/network-auth.xml:459(title)
12115
msgid "LDAP replication"
12118
#: serverguide/C/network-auth.xml:461(para)
13795
"Now using <application>slapcat</application> convert the schema files to "
13799
#: serverguide/C/network-auth.xml:455(command)
13801
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13802
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13805
#: serverguide/C/network-auth.xml:458(para)
13807
"Adjust the configuration file name and temporary directory names if yours "
13808
"are different. Also, it may be worthwhile to keep the "
13809
"<filename>ldif_output</filename> directory around in case you want to add "
13810
"additional schemas in the future."
13813
#: serverguide/C/network-auth.xml:467(para)
13815
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13816
"following attributes:"
13819
#: serverguide/C/network-auth.xml:471(programlisting)
13823
"dn: cn=dyngroup,cn=schema,cn=config\n"
13828
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1691(para)
13829
msgid "And remove the following lines from the bottom of the file:"
13832
#: serverguide/C/network-auth.xml:481(programlisting)
13836
"structuralObjectClass: olcSchemaConfig\n"
13837
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13838
"creatorsName: cn=config\n"
13839
"createTimestamp: 20080826021140Z\n"
13840
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13841
"modifiersName: cn=config\n"
13842
"modifyTimestamp: 20080826021140Z\n"
13845
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1706(para) serverguide/C/network-auth.xml:2741(para)
13847
"The attribute values will vary, just be sure the attributes are removed."
13850
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1714(para)
13852
"Finally, using the <application>ldapadd</application> utility, add the new "
13853
"schema to the directory:"
13856
#: serverguide/C/network-auth.xml:506(command)
13857
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13860
#: serverguide/C/network-auth.xml:512(para)
13862
"There should now be a <emphasis>dn: "
13863
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13866
#: serverguide/C/network-auth.xml:522(title)
13867
msgid "LDAP Replication"
13870
#: serverguide/C/network-auth.xml:524(para)
12120
13872
"LDAP often quickly becomes a highly critical service to the network. "
12121
13873
"Multiple systems will come to depend on LDAP for authentication, "
12123
13875
"system through replication."
12126
#: serverguide/C/network-auth.xml:467(para)
13878
#: serverguide/C/network-auth.xml:530(para)
12128
13880
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
12129
"Syncrepl allows the directory to be synced using either a "
12130
"<emphasis>push</emphasis> or <emphasis>pull</emphasis> based system. In a "
12131
"push based configuration a <quote>primary</quote> server will push directory "
12132
"updates to <quote>secondary</quote> servers, while a pull based approach "
12133
"allows replication servers to sync on a time based interval."
12136
#: serverguide/C/network-auth.xml:475(para)
12138
"The following is an example of a <emphasis>Multi-Master</emphasis> "
12139
"configuration. In this configuration each OpenLDAP server is configured for "
12140
"both <emphasis>push</emphasis> and <emphasis>pull</emphasis> replication."
12143
#: serverguide/C/network-auth.xml:483(para)
12145
"First, configure the server to sync the <emphasis>cn=config</emphasis> "
12146
"database. Copy the following to a file named <filename>syncrepl_cn-"
12147
"config.ldif</filename>:"
12150
#: serverguide/C/network-auth.xml:488(programlisting)
13881
"Syncrepl allows the changes to be synced using a "
13882
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13883
"provider sends directory changes to consumers."
13886
#: serverguide/C/network-auth.xml:537(title)
13887
msgid "Provider Configuration"
13890
#: serverguide/C/network-auth.xml:539(para)
13892
"The following is an example of a <emphasis>Single-Master</emphasis> "
13893
"configuration. In this configuration one OpenLDAP server is configured as a "
13894
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13897
#: serverguide/C/network-auth.xml:547(para)
13899
"First, configure the provider server. Copy the following to a file named "
13900
"<filename>provider_sync.ldif</filename>:"
13903
#: serverguide/C/network-auth.xml:552(programlisting)
13907
"# Add indexes to the frontend db.\n"
13908
"dn: olcDatabase={1}hdb,cn=config\n"
13909
"changetype: modify\n"
13910
"add: olcDbIndex\n"
13911
"olcDbIndex: entryCSN eq\n"
13913
"add: olcDbIndex\n"
13914
"olcDbIndex: entryUUID eq\n"
13916
"#Load the syncprov and accesslog modules.\n"
12154
13917
"dn: cn=module{0},cn=config\n"
12155
13918
"changetype: modify\n"
12156
13919
"add: olcModuleLoad\n"
12157
13920
"olcModuleLoad: syncprov\n"
12160
"changetype: modify\n"
12161
"replace: olcServerID\n"
12162
"olcServerID: 1 ldap://ldap01.example.com\n"
12163
"olcServerID: 2 ldap://ldap02.example.com\n"
12165
"dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config\n"
13922
"add: olcModuleLoad\n"
13923
"olcModuleLoad: accesslog\n"
13925
"# Accesslog database definitions\n"
13926
"dn: olcDatabase={2}hdb,cn=config\n"
13927
"objectClass: olcDatabaseConfig\n"
13928
"objectClass: olcHdbConfig\n"
13929
"olcDatabase: {2}hdb\n"
13930
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13931
"olcSuffix: cn=accesslog\n"
13932
"olcRootDN: cn=admin,dc=example,dc=com\n"
13933
"olcDbIndex: default eq\n"
13934
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13936
"# Accesslog db syncprov.\n"
13937
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
12166
13938
"changetype: add\n"
12167
13939
"objectClass: olcOverlayConfig\n"
12168
13940
"objectClass: olcSyncProvConfig\n"
12169
13941
"olcOverlay: syncprov\n"
12171
"dn: olcDatabase={0}config,cn=config\n"
12172
"changetype: modify\n"
12173
"add: olcSyncRepl\n"
12174
"olcSyncRepl: rid=001 provider=ldap://ldap01.example.com "
12175
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
12176
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
12177
" retry=\"5 5 300 5\" timeout=1\n"
12178
"olcSyncRepl: rid=002 provider=ldap://ldap02.example.com "
12179
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
12180
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
12181
" retry=\"5 5 300 5\" timeout=1\n"
12183
"add: olcMirrorMode\n"
12184
"olcMirrorMode: TRUE\n"
12187
#: serverguide/C/network-auth.xml:523(para)
12188
msgid "Edit the file changing:"
12191
#: serverguide/C/network-auth.xml:529(para)
12193
"<emphasis>ldap://ldap01.example.com</emphasis> and "
12194
"<emphasis>ldap://ldap02.example.com</emphasis> to the hostnames of your LDAP "
12198
#: serverguide/C/network-auth.xml:534(para)
12200
"You can have more than two LDAP servers, and when a change is made to one of "
12201
"them it will by synced to the rest. Be sure to increment the "
12202
"<emphasis>olcServerID</emphasis> for each server, and the "
12203
"<emphasis>rid</emphasis> for each <emphasis>olcSyncRepl</emphasis> entry."
12206
#: serverguide/C/network-auth.xml:542(para)
12208
"And adjust <emphasis>credentials=secret</emphasis> to match your admin "
12212
#: serverguide/C/network-auth.xml:552(para)
12214
"Next, add the LDIF file using the <application>ldapmodify</application> "
12218
#: serverguide/C/network-auth.xml:557(command)
12219
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
12222
#: serverguide/C/network-auth.xml:563(para)
12224
"Copy the <filename>syncrepl_cn-config.ldif</filename> file to the next LDAP "
12225
"server and repeat the <application>ldapmodify</application> command above."
12228
#: serverguide/C/network-auth.xml:571(para)
12230
"Because a new module has been added, the <application>slapd</application> "
12231
"daemon, on all replicated servers, needs to be restarted:"
12234
#: serverguide/C/network-auth.xml:577(command) serverguide/C/network-auth.xml:779(command) serverguide/C/network-auth.xml:895(command)
12235
msgid "sudo /etc/init.d/slapd restart"
12238
#: serverguide/C/network-auth.xml:583(para)
12240
"Now that the configuration database is synced between servers, the "
12241
"<emphasis>backend</emphasis> database needs to be synced as well. Copy and "
12242
"paste the following into another LDIF file named "
12243
"<filename>syncrepl_backend.ldif</filename>:"
12246
#: serverguide/C/network-auth.xml:589(programlisting)
12250
"dn: olcDatabase={1}hdb,cn=config\n"
12251
"changetype: modify\n"
12253
"olcRootDN: cn=admin,dc=example,dc=com\n"
12255
"add: olcSyncRepl\n"
12256
"olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
12257
"binddn=\"cn=admin,dc=example,dc=com\" \n"
12258
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12259
"type=refreshOnly \n"
12260
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
12261
"olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
12262
"binddn=\"cn=admin,dc=example,dc=com\" \n"
12263
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12264
"type=refreshOnly \n"
12265
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
12267
"add: olcMirrorMode\n"
12268
"olcMirrorMode: TRUE\n"
13942
"olcSpNoPresent: TRUE\n"
13943
"olcSpReloadHint: TRUE\n"
13945
"# syncrepl Provider for primary db\n"
12270
13946
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
12271
13947
"changetype: add\n"
12272
13948
"objectClass: olcOverlayConfig\n"
12273
13949
"objectClass: olcSyncProvConfig\n"
12274
13950
"olcOverlay: syncprov\n"
12277
#: serverguide/C/network-auth.xml:616(para)
12278
msgid "Like the previous LDIF file, edit this one changing:"
12281
#: serverguide/C/network-auth.xml:622(para)
12283
"<emphasis>searchbase=\"dc=example,dc=com\"</emphasis> to your directory's "
12287
#: serverguide/C/network-auth.xml:627(para)
12289
"If you use a different admin user, change "
12290
"<emphasis>binddn=\"cn=admin,dc=example,dc=com\"</emphasis>."
12293
#: serverguide/C/network-auth.xml:632(para)
12295
"Also, replace <emphasis>credentials=secret</emphasis> with your admin "
12299
#: serverguide/C/network-auth.xml:641(para)
12300
msgid "Add the LDIF file:"
12303
#: serverguide/C/network-auth.xml:646(command)
12304
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
12307
#: serverguide/C/network-auth.xml:649(para)
12309
"Because the servers' configuration is already synced there is no need to "
12310
"copy this LDIF file to the other servers."
13951
"olcSpNoPresent: TRUE\n"
13953
"# accesslog overlay definitions for primary db\n"
13954
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13955
"objectClass: olcOverlayConfig\n"
13956
"objectClass: olcAccessLogConfig\n"
13957
"olcOverlay: accesslog\n"
13958
"olcAccessLogDB: cn=accesslog\n"
13959
"olcAccessLogOps: writes\n"
13960
"olcAccessLogSuccess: TRUE\n"
13961
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13962
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13965
#: serverguide/C/network-auth.xml:614(para)
13967
"The <application>AppArmor</application> profile for "
13968
"<application>slapd</application> will need to be adjusted for the accesslog "
13969
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13973
#: serverguide/C/network-auth.xml:619(programlisting)
13977
" /var/lib/ldap/accesslog/ r,\n"
13978
" /var/lib/ldap/accesslog/** rwk,\n"
13981
#: serverguide/C/network-auth.xml:624(para)
13983
"Then create the directory, reload the <application>apparmor</application> "
13984
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13987
#: serverguide/C/network-auth.xml:630(command)
13988
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13991
#: serverguide/C/network-auth.xml:631(command)
13992
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13995
#: serverguide/C/network-auth.xml:636(para)
13997
"Using the <emphasis>-u openldap</emphasis> option with the "
13998
"<application>sudo</application> commands above removes the need to adjust "
13999
"permissions for the new directory later."
14002
#: serverguide/C/network-auth.xml:645(para)
14004
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
14008
#: serverguide/C/network-auth.xml:649(programlisting)
14012
"olcRootDN: cn=admin,dc=example,dc=com\n"
12313
14015
#: serverguide/C/network-auth.xml:657(para)
12315
"The configuration and backend databases should now sycnc to the other "
12316
"servers. You can add additional servers using the "
12317
"<application>ldapmodify</application> utility as the need arises. See <xref "
12318
"linkend=\"openldap-configuration\"/> for details."
12321
#: serverguide/C/network-auth.xml:667(programlisting)
14017
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
14020
#: serverguide/C/network-auth.xml:662(command)
14021
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14024
#: serverguide/C/network-auth.xml:669(para)
14025
msgid "Restart <application>slapd</application>:"
14028
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1040(command) serverguide/C/network-auth.xml:1227(command)
14029
msgid "sudo /etc/init.d/slapd restart"
14030
msgstr "sudo /etc/init.d/slapd restart"
14032
#: serverguide/C/network-auth.xml:680(para)
14034
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
14035
"to configure a <emphasis>Consumer</emphasis> server."
14038
#: serverguide/C/network-auth.xml:687(title)
14039
msgid "Consumer Configuration"
14042
#: serverguide/C/network-auth.xml:692(para)
14044
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
14045
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
14046
"configuration steps."
14049
#: serverguide/C/network-auth.xml:697(para)
14050
msgid "Add the additional schema files:"
14053
#: serverguide/C/network-auth.xml:707(para)
14055
"Also, create, or copy from the provider server, the "
14056
"<filename>backend.example.com.ldif</filename>"
14059
#: serverguide/C/network-auth.xml:711(programlisting)
14063
"# Load dynamic backend modules\n"
14064
"dn: cn=module,cn=config\n"
14065
"objectClass: olcModuleList\n"
14067
"olcModulepath: /usr/lib/ldap\n"
14068
"olcModuleload: back_hdb\n"
14070
"# Database settings\n"
14071
"dn: olcDatabase=hdb,cn=config\n"
14072
"objectClass: olcDatabaseConfig\n"
14073
"objectClass: olcHdbConfig\n"
14074
"olcDatabase: {1}hdb\n"
14075
"olcSuffix: dc=example,dc=com\n"
14076
"olcDbDirectory: /var/lib/ldap\n"
14077
"olcRootDN: cn=admin,dc=example,dc=com\n"
14078
"olcRootPW: secret\n"
14079
"olcDbConfig: set_cachesize 0 2097152 0\n"
14080
"olcDbConfig: set_lk_max_objects 1500\n"
14081
"olcDbConfig: set_lk_max_locks 1500\n"
14082
"olcDbConfig: set_lk_max_lockers 1500\n"
14083
"olcDbIndex: objectClass eq\n"
14084
"olcLastMod: TRUE\n"
14085
"olcDbCheckpoint: 512 30\n"
14086
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
14087
"by anonymous auth by self write by * none\n"
14088
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
14089
"olcAccess: to dn.base=\"\" by * read\n"
14090
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14093
#: serverguide/C/network-auth.xml:741(para)
14094
msgid "And add the LDIF by entering:"
14097
#: serverguide/C/network-auth.xml:752(para)
14099
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
14100
"listed above, and add it:"
14103
#: serverguide/C/network-auth.xml:760(para)
14105
"The two severs should now have the same configuration except for the "
14106
"<emphasis>Syncrepl</emphasis> options."
14109
#: serverguide/C/network-auth.xml:768(para)
14111
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
14114
#: serverguide/C/network-auth.xml:772(programlisting)
14118
"#Load the syncprov module.\n"
14119
"dn: cn=module{0},cn=config\n"
14120
"changetype: modify\n"
14121
"add: olcModuleLoad\n"
14122
"olcModuleLoad: syncprov\n"
14124
"# syncrepl specific indices\n"
14125
"dn: olcDatabase={1}hdb,cn=config\n"
14126
"changetype: modify\n"
14127
"add: olcDbIndex\n"
14128
"olcDbIndex: entryUUID eq\n"
14130
"add: olcSyncRepl\n"
14131
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14132
"binddn=\"cn=admin,dc=example,dc=com\" \n"
14133
" credentials=secret searchbase=\"dc=example,dc=com\" "
14134
"logbase=\"cn=accesslog\" \n"
14135
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
14136
"schemachecking=on \n"
14137
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
14139
"add: olcUpdateRef\n"
14140
"olcUpdateRef: ldap://ldap01.example.com\n"
14143
#: serverguide/C/network-auth.xml:795(para)
14144
msgid "You will probably want to change the following attributes:"
14147
#: serverguide/C/network-auth.xml:800(para)
14148
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
14151
#: serverguide/C/network-auth.xml:801(emphasis)
14155
#: serverguide/C/network-auth.xml:802(emphasis)
14156
msgid "credentials"
14159
#: serverguide/C/network-auth.xml:803(emphasis)
14163
#: serverguide/C/network-auth.xml:804(emphasis)
14164
msgid "olcUpdateRef:"
14167
#: serverguide/C/network-auth.xml:810(para)
14168
msgid "Add the LDIF file to the configuration tree:"
14171
#: serverguide/C/network-auth.xml:815(command)
14172
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14175
#: serverguide/C/network-auth.xml:821(para)
14177
"The frontend database should now sync between servers. You can add "
14178
"additional servers using the steps above as the need arises."
14181
#: serverguide/C/network-auth.xml:831(programlisting)
12323
14183
msgid "127.0.0.1\tldap01.example.com ldap01"
12326
#: serverguide/C/network-auth.xml:663(para)
14186
#: serverguide/C/network-auth.xml:827(para)
12328
14188
"The <application>slapd</application> daemon will send log information to "
12329
14189
"<filename>/var/log/syslog</filename> by default. So if all does "
12493
14447
"linkend=\"openldap-server-replication\"/>."
12496
#: serverguide/C/network-auth.xml:808(para)
12498
"After setting up replication, and following the instructions in <xref "
12499
"linkend=\"openldap-tls\"/>, there are a couple of consequences that should "
12503
#: serverguide/C/network-auth.xml:815(para)
12505
"The configuration only needs to be modified on <emphasis>one</emphasis> "
12509
#: serverguide/C/network-auth.xml:820(para)
12511
"The path names for the <emphasis>certificate</emphasis> and "
12512
"<emphasis>key</emphasis> must be the same on all servers."
12515
#: serverguide/C/network-auth.xml:827(para)
12517
"So on each replicated server: install a certificate, edit "
12518
"<filename>/etc/default/slapd</filename>, and restart "
12519
"<application>slapd</application>."
12522
#: serverguide/C/network-auth.xml:832(para)
12524
"Once <emphasis>TLS</emphasis> has been setup on each server, modify the "
12525
"<emphasis>cn=config</emphasis> replication by entering the following in a "
12529
#: serverguide/C/network-auth.xml:843(userinput)
12532
"dn: olcDatabase={0}config,cn=config\n"
12533
"replace: olcSyncrepl\n"
12534
"olcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com "
12535
"binddn=\"cn=admin,cn\n"
12536
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12538
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12539
"olcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com "
12540
"binddn=\"cn=admin,cn\n"
12541
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12543
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes"
12546
#: serverguide/C/network-auth.xml:842(computeroutput)
12549
"Enter LDAP Password: \n"
12550
"<placeholder-1/>\n"
12552
"modifying entry \"olcDatabase={0}config,cn=config\"\n"
12555
#: serverguide/C/network-auth.xml:856(para)
12556
msgid "Now adjust the <emphasis>backend</emphasis> database replication:"
12559
#: serverguide/C/network-auth.xml:866(userinput)
14450
#: serverguide/C/network-auth.xml:1069(para)
14452
"Assuming you have followed the above instructions and created a CA "
14453
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14454
"server. Follow the following instructions to create a certificate and key "
14455
"for the <emphasis>Consumer</emphasis> server."
14458
#: serverguide/C/network-auth.xml:1078(para)
14459
msgid "Create a new key for the Consumer server:"
14462
#: serverguide/C/network-auth.xml:1083(command)
14463
msgid "mkdir ldap02-ssl"
14466
#: serverguide/C/network-auth.xml:1084(command)
14467
msgid "cd ldap02-ssl"
14470
#: serverguide/C/network-auth.xml:1085(command)
14471
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14474
#: serverguide/C/network-auth.xml:1089(para)
14476
"Creating a new directory is not strictly necessary, but it will help keep "
14477
"things organized and make it easier to copy the files to the Consumer server."
14480
#: serverguide/C/network-auth.xml:1098(para)
14482
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14483
"server, changing the attributes to match your locality and server:"
14486
#: serverguide/C/network-auth.xml:1103(programlisting)
14491
"state = North Carolina\n"
14492
"locality = Winston-Salem\n"
14493
"organization = Example Company\n"
14494
"cn = ldap02.salem.edu\n"
14500
#: serverguide/C/network-auth.xml:1117(para)
14501
msgid "Create the certificate:"
14504
#: serverguide/C/network-auth.xml:1122(command)
14506
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14507
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14508
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14509
"ldap02_slapd_cert.pem"
14512
#: serverguide/C/network-auth.xml:1130(para)
14513
msgid "Copy the <filename>cacert.pem</filename> to the dicretory:"
14516
#: serverguide/C/network-auth.xml:1135(command)
14517
msgid "cp /etc/ssl/certs/cacert.pem ."
14520
#: serverguide/C/network-auth.xml:1141(para)
14522
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14523
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14524
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14525
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14526
"<filename>/etc/ssl/private</filename>."
14529
#: serverguide/C/network-auth.xml:1150(para)
14531
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14535
#: serverguide/C/network-auth.xml:1160(userinput)
14539
"add: olcTLSCACertificateFile\n"
14540
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14542
"add: olcTLSCertificateFile\n"
14543
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14545
"add: olcTLSCertificateKeyFile\n"
14546
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14549
#: serverguide/C/network-auth.xml:1177(para)
14551
"As with the Provider you can now edit "
14552
"<filename>/etc/default/slapd</filename> and add the "
14553
"<emphasis>ldaps:///</emphasis> parameter to the "
14554
"<emphasis>SLAPD_SERVICES</emphasis> option."
14557
#: serverguide/C/network-auth.xml:1185(para)
14559
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14560
"modify the <emphasis>Consumer</emphasis> server's "
14561
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14564
#: serverguide/C/network-auth.xml:1198(userinput)
12562
14568
"dn: olcDatabase={1}hdb,cn=config\n"
12563
14569
"replace: olcSyncrepl\n"
12564
"olcSyncrepl: {0}rid=003 provider=ldap://ldap01.example.com "
12565
"binddn=\"cn=admin,dc=example,dc=\n"
12566
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12568
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12569
"olcSyncrepl: {1}rid=004 provider=ldap://ldap02.example.com "
12570
"binddn=\"cn=admin,dc=example,dc=\n"
12571
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12573
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes"
14570
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14572
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14574
" e=\"cn=accesslog\" "
14575
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14576
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
12576
#: serverguide/C/network-auth.xml:865(computeroutput) serverguide/C/network-auth.xml:2418(computeroutput)
14580
#: serverguide/C/network-auth.xml:1195(computeroutput)
12579
"Enter LDAP Password:\n"
14583
"SASL/EXTERNAL authentication started\n"
14584
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
12580
14586
"<placeholder-1/>\n"
12582
"modifying entry \"olcDatabase={1}hdb,cn=config\""
14588
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
12585
#: serverguide/C/network-auth.xml:878(para)
14591
#: serverguide/C/network-auth.xml:1210(para)
12587
14593
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
12588
14594
"(FQDN) in the certificate, you may have to edit "
12589
14595
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
12592
#: serverguide/C/network-auth.xml:883(programlisting)
14598
#: serverguide/C/network-auth.xml:1215(programlisting)
12596
"TLS_CERT /etc/ssl/certs/server.crt\n"
12597
"TLS_KEY /etc/ssl/private/server.key\n"
14602
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14603
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
12598
14604
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
12601
#: serverguide/C/network-auth.xml:890(para)
14607
#: serverguide/C/network-auth.xml:1222(para)
12603
14609
"Finally, restart <application>slapd</application> on each of the servers:"
12606
#: serverguide/C/network-auth.xml:903(title)
14612
#: serverguide/C/network-auth.xml:1235(title)
12607
14613
msgid "LDAP Authentication"
12610
#: serverguide/C/network-auth.xml:905(para)
14616
#: serverguide/C/network-auth.xml:1237(para)
12612
14618
"Once you have a working LDAP server, the <application>auth-client-"
12613
14619
"config</application> and <application>libnss-ldap</application> packages "
18318
20563
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
18321
#: serverguide/C/installation.xml:450(para)
20566
#: serverguide/C/installation.xml:502(para)
18323
20568
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
18324
"is <emphasis role=\"italic\">\"Ext3 journaling file system\"</emphasis>, "
20569
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
18325
20570
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
18326
20571
"<emphasis>\"Done setting up partition\"</emphasis>."
18329
#: serverguide/C/installation.xml:459(para)
20574
#: serverguide/C/installation.xml:511(para)
18331
20576
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
18332
20577
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
18333
20578
"partition\"</emphasis>."
18336
#: serverguide/C/installation.xml:467(para)
20581
#: serverguide/C/installation.xml:519(para)
18338
20583
"Use the rest of the free space on the drive and choose "
18339
20584
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
18342
#: serverguide/C/installation.xml:474(para)
20587
#: serverguide/C/installation.xml:526(para)
18344
20589
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
18345
"at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis> "
18346
"then choose <emphasis>\"Done setting up partition\"</emphasis>."
20590
"at the top, changing it to <emphasis>\"physical volume for "
20591
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20592
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20593
"<emphasis>\"Done setting up partition\"</emphasis>."
18349
#: serverguide/C/installation.xml:482(para)
20596
#: serverguide/C/installation.xml:536(para)
18350
20597
msgid "Repeat steps three through eight for the other disk and partitions."
18353
#: serverguide/C/installation.xml:491(title)
20600
#: serverguide/C/installation.xml:545(title)
18354
20601
msgid "RAID Configuration"
18357
#: serverguide/C/installation.xml:493(para)
20604
#: serverguide/C/installation.xml:547(para)
18358
20605
msgid "With the partitions setup the arrays are ready to be configured:"
18361
#: serverguide/C/installation.xml:500(para)
20608
#: serverguide/C/installation.xml:554(para)
18363
20610
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
18364
20611
"Software RAID\"</emphasis> at the top."
18367
#: serverguide/C/installation.xml:507(para)
20614
#: serverguide/C/installation.xml:561(para)
18368
20615
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
18371
#: serverguide/C/installation.xml:514(para)
18372
msgid "Choose <emphasis>\"Create MD drive\"</emphasis>."
20618
#: serverguide/C/installation.xml:568(para)
20619
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
18375
#: serverguide/C/installation.xml:521(para)
20622
#: serverguide/C/installation.xml:575(para)
18377
20624
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
18378
20625
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
18381
#: serverguide/C/installation.xml:527(para)
20628
#: serverguide/C/installation.xml:581(para)
18383
20630
"In order to use <emphasis>RAID5</emphasis> you need at least "
18384
20631
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
18385
20632
"<emphasis>two</emphasis> drives are required."
18388
#: serverguide/C/installation.xml:536(para)
20635
#: serverguide/C/installation.xml:590(para)
18390
20637
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
18391
20638
"of hard drives you have, for the array. Then select "
18392
20639
"<emphasis>\"Continue\"</emphasis>."
18395
#: serverguide/C/installation.xml:544(para)
20642
#: serverguide/C/installation.xml:598(para)
18397
20644
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
18398
20645
"default, then choose <emphasis>\"Continue\"</emphasis>."
18401
#: serverguide/C/installation.xml:551(para)
20648
#: serverguide/C/installation.xml:605(para)
18403
20650
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
18404
20651
"etc. The numbers will usually match and the different letters correspond to "
18405
20652
"different hard drives."
18408
#: serverguide/C/installation.xml:556(para)
20655
#: serverguide/C/installation.xml:610(para)
18410
20657
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
18411
20658
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
18412
20659
"go to the next step."
18415
#: serverguide/C/installation.xml:564(para)
20662
#: serverguide/C/installation.xml:618(para)
18417
20664
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
18418
20665
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
18419
20666
"and <emphasis>sdb2</emphasis>."
18422
#: serverguide/C/installation.xml:572(para)
20669
#: serverguide/C/installation.xml:626(para)
18423
20670
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
18426
#: serverguide/C/installation.xml:582(title)
20673
#: serverguide/C/installation.xml:636(title)
18427
20674
msgid "Formatting"
18430
#: serverguide/C/installation.xml:584(para)
20677
#: serverguide/C/installation.xml:638(para)
18432
20679
"There should now be a list of hard drives and RAID devices. The next step is "
18433
20680
"to format and set the mount point for the RAID devices. Treat the RAID "
18434
20681
"device as a local hard drive, format and mount accordingly."
18437
#: serverguide/C/installation.xml:592(para)
18438
msgid "Select the <emphasis>RAID1 device #0</emphasis> partition."
20684
#: serverguide/C/installation.xml:646(para)
20686
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20687
"#0\"</emphasis> partition."
18441
#: serverguide/C/installation.xml:599(para)
20690
#: serverguide/C/installation.xml:653(para)
18443
20692
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
18444
20693
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
18447
#: serverguide/C/installation.xml:607(para)
18448
msgid "Next, select the <emphasis>RAID1 device #1</emphasis> partition."
20696
#: serverguide/C/installation.xml:661(para)
20698
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20699
"#1\"</emphasis> partition."
18451
#: serverguide/C/installation.xml:614(para)
20702
#: serverguide/C/installation.xml:668(para)
18453
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext3 "
20704
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
18454
20705
"journaling file system\"</emphasis>."
18457
#: serverguide/C/installation.xml:621(para)
20708
#: serverguide/C/installation.xml:675(para)
18459
20710
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
18460
20711
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "