1513
1497
"common</application> and <application>winbind</application> packages:"
1516
#: serverguide/C/windows-networking.xml:1438(para)
1500
#: serverguide/C/windows-networking.xml:1440(para)
1518
1502
"<application>lwinet</application>: Returns information about the network and "
1522
#: serverguide/C/windows-networking.xml:1443(para)
1506
#: serverguide/C/windows-networking.xml:1445(para)
1524
1508
"<application>lwimsg</application>: Allows interaction with the "
1525
1509
"<application>likewise-winbindd</application> daemon."
1528
#: serverguide/C/windows-networking.xml:1448(para)
1512
#: serverguide/C/windows-networking.xml:1450(para)
1530
1514
"<application>lwiinfo</application>: Displays information about various parts "
1531
1515
"of the Domain."
1534
#: serverguide/C/windows-networking.xml:1454(para)
1518
#: serverguide/C/windows-networking.xml:1456(para)
1535
1519
msgid "Please refer to each utility's man page specific for details."
1538
#: serverguide/C/windows-networking.xml:1460(title) serverguide/C/mail.xml:336(title) serverguide/C/mail.xml:1563(title) serverguide/C/dns.xml:338(title)
1522
#: serverguide/C/windows-networking.xml:1462(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1598(title) serverguide/C/dns.xml:338(title)
1539
1523
msgid "Troubleshooting"
1542
#: serverguide/C/windows-networking.xml:1464(para)
1526
#: serverguide/C/windows-networking.xml:1466(para)
1544
1528
"If the client has trouble joining the domain, double check that the "
1545
1529
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1549
#: serverguide/C/windows-networking.xml:1469(programlisting)
1533
#: serverguide/C/windows-networking.xml:1471(programlisting)
1553
1537
"nameserver 192.168.0.1\n"
1556
#: serverguide/C/windows-networking.xml:1474(para)
1540
#: serverguide/C/windows-networking.xml:1476(para)
1558
1542
"For more information when joining a domain, use the <emphasis>--loglevel "
1559
1543
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1560
1544
"<application>domainjoin-cli</application> utility:"
1563
#: serverguide/C/windows-networking.xml:1480(command)
1547
#: serverguide/C/windows-networking.xml:1482(command)
1564
1548
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1567
#: serverguide/C/windows-networking.xml:1484(para)
1551
#: serverguide/C/windows-networking.xml:1486(para)
1569
1553
"If an Active Directory user has trouble logging in, check the "
1570
1554
"<filename>/var/log/auth.log</filename> for details."
1573
#: serverguide/C/windows-networking.xml:1489(para)
1557
#: serverguide/C/windows-networking.xml:1491(para)
1575
1559
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1576
1560
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1577
1561
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1578
"<emphasis>\"mdns4\"</emphasis> entry from the <emphasis>hosts</emphasis> "
1579
"option. For example:"
1562
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1563
"<emphasis>hosts</emphasis> option. For example:"
1582
#: serverguide/C/windows-networking.xml:1495(programlisting)
1566
#: serverguide/C/windows-networking.xml:1497(programlisting)
1586
1570
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1589
#: serverguide/C/windows-networking.xml:1499(para)
1573
#: serverguide/C/windows-networking.xml:1501(para)
1590
1574
msgid "Change the above to:"
1593
#: serverguide/C/windows-networking.xml:1503(programlisting)
1577
#: serverguide/C/windows-networking.xml:1505(programlisting)
1597
1581
"hosts: files dns [NOTFOUND=return]\n"
1600
#: serverguide/C/windows-networking.xml:1507(para)
1584
#: serverguide/C/windows-networking.xml:1509(para)
1601
1585
msgid "Then restart networking by entering:"
1604
#: serverguide/C/windows-networking.xml:1512(command) serverguide/C/network-config.xml:237(command)
1588
#: serverguide/C/windows-networking.xml:1514(command) serverguide/C/network-config.xml:559(command)
1605
1589
msgid "sudo /etc/init.d/networking restart"
1608
#: serverguide/C/windows-networking.xml:1515(para)
1592
#: serverguide/C/windows-networking.xml:1517(para)
1609
1593
msgid "You should now be able to join the Active Directory domain."
1612
#: serverguide/C/windows-networking.xml:1523(title)
1596
#: serverguide/C/windows-networking.xml:1525(title)
1613
1597
msgid "Microsoft DNS"
1616
#: serverguide/C/windows-networking.xml:1525(para)
1600
#: serverguide/C/windows-networking.xml:1527(para)
1618
1602
"The following are instructions for installing DNS on an Active Directory "
1619
1603
"domain controller running Windows Server 2003, but the instructions should "
1620
1604
"be similar for other versions:"
1623
#: serverguide/C/windows-networking.xml:1532(para)
1607
#: serverguide/C/windows-networking.xml:1536(para)
1626
1610
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1627
"</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice>. "
1611
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1628
1612
"This will open the <application>Server Role Mangement</application> utility."
1631
#: serverguide/C/windows-networking.xml:1540(para)
1632
msgid "Click Add or remove a role"
1615
#: serverguide/C/windows-networking.xml:1544(para)
1616
msgid "Click <guilabel>Add or remove a role</guilabel>"
1635
#: serverguide/C/windows-networking.xml:1541(para) serverguide/C/windows-networking.xml:1543(para) serverguide/C/windows-networking.xml:1546(para)
1619
#: serverguide/C/windows-networking.xml:1545(para) serverguide/C/windows-networking.xml:1547(para) serverguide/C/windows-networking.xml:1550(para)
1636
1620
msgid "Click Next"
1639
#: serverguide/C/windows-networking.xml:1542(para)
1623
#: serverguide/C/windows-networking.xml:1546(para)
1640
1624
msgid "Select \"DNS Server\""
1643
#: serverguide/C/windows-networking.xml:1544(para)
1627
#: serverguide/C/windows-networking.xml:1548(para)
1628
msgid "Click Next again to proceed"
1647
#: serverguide/C/windows-networking.xml:1545(para)
1631
#: serverguide/C/windows-networking.xml:1549(para)
1648
1632
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1651
#: serverguide/C/windows-networking.xml:1547(para)
1635
#: serverguide/C/windows-networking.xml:1551(para)
1653
1637
"Make sure \"This server maintains the zone\" is selected and click Next."
1656
#: serverguide/C/windows-networking.xml:1548(para)
1640
#: serverguide/C/windows-networking.xml:1552(para)
1657
1641
msgid "Enter your domain name and click Next"
1660
#: serverguide/C/windows-networking.xml:1549(para) serverguide/C/windows-networking.xml:1550(para)
1644
#: serverguide/C/windows-networking.xml:1553(para)
1661
1645
msgid "Click Next to \"Allow only secure dynamic updates\""
1664
#: serverguide/C/windows-networking.xml:1552(para)
1648
#: serverguide/C/windows-networking.xml:1555(para)
1666
1650
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1667
1651
"should not forward queries\" and click Next."
1670
#: serverguide/C/windows-networking.xml:1556(para) serverguide/C/windows-networking.xml:1557(para)
1654
#: serverguide/C/windows-networking.xml:1559(para) serverguide/C/windows-networking.xml:1560(para)
1671
1655
msgid "Click Finish"
1674
#: serverguide/C/windows-networking.xml:1559(para)
1658
#: serverguide/C/windows-networking.xml:1562(para)
1676
1660
"DNS is now installed and can be further configured using the "
1677
1661
"<application>Microsoft Management Console</application> DNS snap-in."
1680
#: serverguide/C/windows-networking.xml:1567(para)
1664
#: serverguide/C/windows-networking.xml:1570(para)
1681
1665
msgid "Click Start"
1684
#: serverguide/C/windows-networking.xml:1568(para)
1668
#: serverguide/C/windows-networking.xml:1571(para)
1685
1669
msgid "Control Panel"
1688
#: serverguide/C/windows-networking.xml:1569(para)
1672
#: serverguide/C/windows-networking.xml:1572(para)
1689
1673
msgid "Network Connections"
1692
#: serverguide/C/windows-networking.xml:1570(para)
1676
#: serverguide/C/windows-networking.xml:1573(para)
1693
1677
msgid "Right Click \"Local Area Connection\""
1696
#: serverguide/C/windows-networking.xml:1571(para)
1680
#: serverguide/C/windows-networking.xml:1574(para)
1697
1681
msgid "Click Properties"
1700
#: serverguide/C/windows-networking.xml:1572(para)
1684
#: serverguide/C/windows-networking.xml:1575(para)
1701
1685
msgid "Double click \"Internet Protocol (TCP/IP)\""
1704
#: serverguide/C/windows-networking.xml:1573(para)
1688
#: serverguide/C/windows-networking.xml:1576(para)
1705
1689
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1708
#: serverguide/C/windows-networking.xml:1574(para)
1692
#: serverguide/C/windows-networking.xml:1577(para)
1709
1693
msgid "Click Ok"
1712
#: serverguide/C/windows-networking.xml:1575(para)
1696
#: serverguide/C/windows-networking.xml:1578(para)
1713
1697
msgid "Click Ok again to save the settings"
1716
#: serverguide/C/windows-networking.xml:1564(para)
1700
#: serverguide/C/windows-networking.xml:1567(para)
1718
1702
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1721
#: serverguide/C/windows-networking.xml:1582(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:766(title) serverguide/C/web-servers.xml:910(title) serverguide/C/web-servers.xml:1002(title) serverguide/C/web-servers.xml:1218(title) serverguide/C/vpn.xml:291(title) serverguide/C/virtualization.xml:1303(title) serverguide/C/virtualization.xml:1492(title) serverguide/C/vcs.xml:536(title) serverguide/C/security.xml:935(title) serverguide/C/security.xml:1264(title) serverguide/C/security.xml:1679(title) serverguide/C/security.xml:1870(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:432(title) serverguide/C/other-apps.xml:381(title) serverguide/C/network-config.xml:672(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:522(title) serverguide/C/mail.xml:444(title) serverguide/C/mail.xml:625(title) serverguide/C/mail.xml:772(title) serverguide/C/mail.xml:1189(title) serverguide/C/mail.xml:1611(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:369(title) serverguide/C/lamp-applications.xml:471(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:431(title) serverguide/C/file-server.xml:611(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
1705
#: serverguide/C/windows-networking.xml:1585(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:1840(title) serverguide/C/virtualization.xml:2165(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1626(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1646(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1722
1706
msgid "References"
1725
#: serverguide/C/windows-networking.xml:1584(para)
1709
#: serverguide/C/windows-networking.xml:1587(para)
1727
1711
"Please refer to the <ulink "
1728
1712
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1729
1713
"further information."
1732
#: serverguide/C/windows-networking.xml:1588(para)
1716
#: serverguide/C/windows-networking.xml:1591(para)
1734
1718
"For more <application>domainjoin-cli</application> options see the man page: "
1735
1719
"<command>man domainjoin-cli</command>."
1722
#: serverguide/C/windows-networking.xml:1595(para)
1724
"Also, see the <ulink "
1725
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1726
"LikewiseOpen</ulink> page."
1738
1729
#: serverguide/C/web-servers.xml:13(title)
1739
1730
msgid "Web Servers"
4996
5042
"firstlogin login.sh es"
4999
#: serverguide/C/virtualization.xml:1164(para)
5045
#: serverguide/C/virtualization.xml:1169(para)
5001
5047
"If you are interested in learning more, have questions or suggestions, "
5002
5048
"please contact the Ubuntu Server Team at:"
5005
#: serverguide/C/virtualization.xml:1169(para)
5051
#: serverguide/C/virtualization.xml:1174(para)
5006
5052
msgid "IRC: #ubuntu-server on freenode"
5009
#: serverguide/C/virtualization.xml:1174(para)
5055
#: serverguide/C/virtualization.xml:1179(para)
5011
5057
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5012
5058
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5015
#: serverguide/C/virtualization.xml:1182(title)
5019
#: serverguide/C/virtualization.xml:1185(title) serverguide/C/network-auth.xml:1683(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:879(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5061
#: serverguide/C/virtualization.xml:1184(para)
5063
"Also, see the <ulink "
5064
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5065
"Wiki</ulink> page."
5068
#: serverguide/C/virtualization.xml:1192(title)
5072
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2026(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5020
5073
msgid "Overview"
5023
#: serverguide/C/virtualization.xml:1187(para)
5025
"<emphasis>Eucalyptus</emphasis> is an open-source software infrastructure "
5026
"for implementing \"cloud computing\" on your own clusters. "
5027
"<emphasis>Eucalyptus</emphasis> allows you to create your own cloud "
5028
"computing environment in order to maximize computing resources and provide a "
5029
"cloud computing environment to your users."
5032
#: serverguide/C/virtualization.xml:1193(para)
5034
"This section will cover setting up a Cloud Computing environment using "
5035
"<application>Eucalyptus</application> with <application>KVM</application>. "
5036
"For more information on KVM see <xref linkend=\"libvirt\"/>."
5039
#: serverguide/C/virtualization.xml:1198(para)
5041
"The Cloud Computing environment will consist of three components, typically "
5042
"installed on at least two separate machines (termed the 'front-end' and "
5043
"'node(s)' for the rest of this document):"
5046
#: serverguide/C/virtualization.xml:1205(para)
5048
"<emphasis>One Front-End:</emphasis> hosts one Cloud Controller, a Java based "
5049
"Web configuration interface, and a Cluster Controller, which determines "
5050
"where virtual machines (VMs) will be housed and manages cluster level VM "
5054
#: serverguide/C/virtualization.xml:1211(para)
5056
"<emphasis>One or more Compute Nodes:</emphasis> runs the Node Controller "
5057
"component of Eucalyptus, which allows the machine to be part of the cloud as "
5076
#: serverguide/C/virtualization.xml:1197(para)
5078
"This tutorial covers <application>UEC</application> installation from the "
5079
"Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
5080
"with a single system serving as the <emphasis>\"all-in-one "
5081
"controller\"</emphasis>, and one or more nodes attached."
5084
#: serverguide/C/virtualization.xml:1202(para)
5086
"From this Tutorial you will learn how to install, configure, register and "
5087
"perform several operations on a basic <application>UEC</application> setup "
5088
"that results in a cloud with a one controller <emphasis>\"front-"
5089
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5090
"instances. You will also use examples to help get you started using your own "
5091
"private compute cloud."
5094
#: serverguide/C/virtualization.xml:1210(title)
5095
msgid "Prerequisites"
5098
#: serverguide/C/virtualization.xml:1212(para)
5100
"To deploy a minimal cloud infrastructure, you’ll need at least "
5101
"<emphasis>two</emphasis> dedicated systems:"
5061
5104
#: serverguide/C/virtualization.xml:1218(para)
5063
"The simple <emphasis>System</emphasis> networking option will be used by "
5064
"default. This network method allows virtual machine instances, to obtain IP "
5065
"addresses from the local LAN, assuming that a DHCP server is properly "
5066
"configured on the LAN to hand out IPs dynamically to VMs that request them. "
5067
"Each node will be configured for bridge networking. For more details see "
5068
"<xref linkend=\"bridging\"/>."
5071
#: serverguide/C/virtualization.xml:1228(para)
5073
"First, on the <emphasis>Front-End</emphasis> install the appropriate "
5074
"packages. In a terminal prompt on the Front-End enter:"
5077
#: serverguide/C/virtualization.xml:1233(command)
5078
msgid "sudo apt-get install eucalyptus-cloud eucalyptus-cc"
5105
msgid "A front end."
5108
#: serverguide/C/virtualization.xml:1223(para)
5109
msgid "One or more node(s)."
5112
#: serverguide/C/virtualization.xml:1229(para)
5114
"The following are recommendations, rather than fixed requirements. However, "
5115
"our experience in developing this documentation indicated the following "
5119
#: serverguide/C/virtualization.xml:1234(title)
5120
msgid "Front End Requirements"
5081
5123
#: serverguide/C/virtualization.xml:1236(para)
5083
"Next, on the each <emphasis>Compute Node</emphasis> install the node "
5084
"controller package. In a terminal prompt on each Compute Node enter:"
5087
#: serverguide/C/virtualization.xml:1241(command)
5088
msgid "sudo apt-get install eucalyptus-nc"
5124
msgid "Use the following table for a system that will run one or more of:"
5127
#: serverguide/C/virtualization.xml:1241(para)
5128
msgid "Cloud Controller (CLC)"
5131
#: serverguide/C/virtualization.xml:1242(para)
5132
msgid "Cluster Controller (CC)"
5135
#: serverguide/C/virtualization.xml:1243(para)
5136
msgid "Walrus (the S3-like storage service)"
5091
5139
#: serverguide/C/virtualization.xml:1244(para)
5093
"Once the installation is complete, and it may take a while, in a browser go "
5094
"to <emphasis>https://front-end:8443</emphasis> and login to the "
5095
"administration interface using the default username and password of "
5096
"<emphasis>admin</emphasis>. You will then be prompted to change the "
5097
"password, configure an email address for the admin user, and set the storage "
5101
#: serverguide/C/virtualization.xml:1250(para)
5103
"In the web interface's <emphasis>\"Configuration\"</emphasis> tab, add a "
5104
"cluster under the <emphasis>\"Clusters\"</emphasis> heading (in this "
5105
"configuration, the cluster controller is on the same system as the cloud "
5106
"controller, so entering 'localhost' as the cluster hostname is correct). "
5107
"Once the form is filled out click the <emphasis>\"Add Cluster\"</emphasis> "
5111
#: serverguide/C/virtualization.xml:1256(para)
5113
"Now, back on the <emphasis>Front-End</emphasis>, add the nodes to the "
5117
#: serverguide/C/virtualization.xml:1261(command)
5118
msgid "sudo euca_conf -addnode hostname_of_node"
5121
#: serverguide/C/virtualization.xml:1264(para)
5123
"You will then be prompted to log into your Node, install the "
5124
"<application>eucalyptus-nc</application> package, and add the "
5125
"<emphasis>eucalyptus</emphasis> user's ssh key to the node's "
5126
"<filename>authorized_keys</filename> file, and confirm authenticity of the "
5127
"host's OpenSSH RSA key fingerprint. Finally, the command will complete by "
5128
"synchronizing the eucalyptus component keys and node registration is "
5132
#: serverguide/C/virtualization.xml:1270(para)
5134
"On the Node, the <filename>/etc/eucalyptus/eucalyptus.conf</filename> "
5135
"configuration file will need editing to use your node's bridge interface "
5136
"(assuming here that the interface is named <emphasis>'br0'</emphasis>):"
5139
#: serverguide/C/virtualization.xml:1275(programlisting)
5143
"VNET_INTERFACE=\"br0\"\n"
5145
"VNET_BRIDGE=\"br0\"\n"
5148
#: serverguide/C/virtualization.xml:1281(para)
5149
msgid "Finally, restart <application>eucalyptus-nc</application>:"
5152
#: serverguide/C/virtualization.xml:1286(command)
5153
msgid "sudo /etc/init.d/eucalyptus-nc restart"
5156
#: serverguide/C/virtualization.xml:1291(para)
5158
"Be sure to replace <emphasis>nodecontroller</emphasis>, "
5159
"<emphasis>node01</emphasis>, and <emphasis>node02</emphasis> with actual "
5163
#: serverguide/C/virtualization.xml:1297(para)
5165
"<application>Eucalyptus</application> is now ready to host images on the "
5169
#: serverguide/C/virtualization.xml:1307(para)
5171
"See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus "
5172
"website</ulink> for more information."
5175
#: serverguide/C/virtualization.xml:1312(para)
5140
msgid "Storage Controller (SC)"
5143
#: serverguide/C/virtualization.xml:1248(title)
5144
msgid "UEC Front End Requirements"
5147
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5151
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5155
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5159
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5163
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5167
#: serverguide/C/virtualization.xml:1265(para)
5171
#: serverguide/C/virtualization.xml:1266(para)
5175
#: serverguide/C/virtualization.xml:1267(para)
5177
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5178
"a dual core processor."
5181
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5185
#: serverguide/C/virtualization.xml:1271(para)
5189
#: serverguide/C/virtualization.xml:1272(para)
5193
#: serverguide/C/virtualization.xml:1273(para)
5194
msgid "The Java web front end benefits from lots of available memory."
5197
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5201
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5202
msgid "5400 RPM IDE"
5205
#: serverguide/C/virtualization.xml:1278(para)
5206
msgid "7200 RPM SATA"
5209
#: serverguide/C/virtualization.xml:1279(para)
5211
"Slower disks will work, but will yield much longer instance startup times."
5214
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5218
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5222
#: serverguide/C/virtualization.xml:1284(para)
5226
#: serverguide/C/virtualization.xml:1285(para)
5228
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5229
"does not like to run out of disk space."
5232
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5236
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5240
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5244
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5246
"Machine images are hundreds of MB, and need to be copied over the network to "
5250
#: serverguide/C/virtualization.xml:1299(title)
5251
msgid "Node Requirements"
5254
#: serverguide/C/virtualization.xml:1301(para)
5255
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5258
#: serverguide/C/virtualization.xml:1306(para)
5259
msgid "the Node Controller (NC)"
5262
#: serverguide/C/virtualization.xml:1310(title)
5263
msgid "UEC Node Requirements"
5266
#: serverguide/C/virtualization.xml:1327(para)
5267
msgid "VT Extensions"
5270
#: serverguide/C/virtualization.xml:1328(para)
5271
msgid "VT, 64-bit, Multicore"
5274
#: serverguide/C/virtualization.xml:1329(para)
5276
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5277
"only run 1 VM per CPU core on a Node."
5280
#: serverguide/C/virtualization.xml:1333(para)
5284
#: serverguide/C/virtualization.xml:1334(para)
5288
#: serverguide/C/virtualization.xml:1335(para)
5289
msgid "Additional memory means more, and larger guests."
5292
#: serverguide/C/virtualization.xml:1340(para)
5293
msgid "7200 RPM SATA or SCSI"
5296
#: serverguide/C/virtualization.xml:1341(para)
5298
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5302
#: serverguide/C/virtualization.xml:1346(para)
5306
#: serverguide/C/virtualization.xml:1347(para)
5308
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5312
#: serverguide/C/virtualization.xml:1363(title)
5313
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5316
#: serverguide/C/virtualization.xml:1367(para)
5317
msgid "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
5320
#: serverguide/C/virtualization.xml:1372(para) serverguide/C/virtualization.xml:1418(para)
5322
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5325
#: serverguide/C/virtualization.xml:1377(para)
5327
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5328
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5331
#: serverguide/C/virtualization.xml:1383(para)
5333
"It will ask two other cloud-specific questions during the course of the "
5337
#: serverguide/C/virtualization.xml:1388(para)
5338
msgid "Name of your cluster."
5341
#: serverguide/C/virtualization.xml:1391(para)
5342
msgid "e.g. <emphasis>cluster1</emphasis>."
5345
#: serverguide/C/virtualization.xml:1394(para)
5347
"A range of public IP addresses on the LAN that the cloud can allocate to "
5351
#: serverguide/C/virtualization.xml:1397(para)
5352
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5355
#: serverguide/C/virtualization.xml:1405(title)
5356
msgid "Installing the Node Controller(s)"
5359
#: serverguide/C/virtualization.xml:1407(para)
5361
"The node controller install is even simpler. Just make sure that you are "
5362
"connected to the network on which the cloud/cluster controller is already "
5366
#: serverguide/C/virtualization.xml:1413(para)
5367
msgid "Boot from the same ISO on the node(s)."
5370
#: serverguide/C/virtualization.xml:1423(para)
5371
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5374
#: serverguide/C/virtualization.xml:1428(para)
5376
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5380
#: serverguide/C/virtualization.xml:1433(para)
5381
msgid "Confirm the partitioning scheme."
5384
#: serverguide/C/virtualization.xml:1438(para)
5386
"The rest of the installation should proceed uninterrupted; complete the "
5387
"installation and reboot the node."
5390
#: serverguide/C/virtualization.xml:1446(title)
5391
msgid "Register the Node(s)"
5394
#: serverguide/C/virtualization.xml:1448(para)
5396
"Nodes are the physical systems within <application>UEC</application> that "
5397
"actually run the virtual machine instances of the cloud."
5400
#: serverguide/C/virtualization.xml:1452(para)
5402
"Once one or more Ubuntu Server node(s) are installed and running the "
5403
"<application>eucalyptus-nc</application> service, log onto the "
5404
"<emphasis>Cloud Controller (CLC)</emphasis> and run:"
5407
#: serverguide/C/virtualization.xml:1458(command)
5408
msgid "sudo euca_conf --no-rsync --discover-nodes"
5411
#: serverguide/C/virtualization.xml:1461(para)
5413
"This will discover the systems on the network running the "
5414
"<application>eucalyptus-nc</application> service, and the administrator can "
5415
"confirm the registration of each node by its IP address."
5418
#: serverguide/C/virtualization.xml:1467(para)
5420
"If you get prompted for passwords, or receive errors from scp, you may need "
5421
"to revisit the key synchronization instructions at <ulink "
5422
"url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
5426
#: serverguide/C/virtualization.xml:1475(title)
5427
msgid "Obtain Credentials"
5430
#: serverguide/C/virtualization.xml:1477(para)
5432
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5433
"users of the cloud will need to retrieve their credentials. This can be done "
5434
"either through a web browser, or at the command line."
5437
#: serverguide/C/virtualization.xml:1483(title)
5438
msgid "From a Web Browser"
5441
#: serverguide/C/virtualization.xml:1487(para)
5443
"From your web browser (either remotely or on your Ubuntu server) access the "
5447
#: serverguide/C/virtualization.xml:1490(programlisting) serverguide/C/virtualization.xml:1743(programlisting)
5451
"https://<cloud-controller-ip-address>:8443/\n"
5454
#: serverguide/C/virtualization.xml:1495(para)
5456
"You must use a secure connection, so make sure you use \"https\" not "
5457
"\"http\" in your URL. You will get a security certificate warning. You will "
5458
"have to add an exception to view the page. If you do not accept it you will "
5459
"not be able to view the Eucalyptus configuration page."
5462
#: serverguide/C/virtualization.xml:1503(para)
5464
"Use username <emphasis>'admin'</emphasis> and password "
5465
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5466
"to change your password)."
5469
#: serverguide/C/virtualization.xml:1509(para)
5471
"Then follow the on-screen instructions to update the admin password and "
5475
#: serverguide/C/virtualization.xml:1514(para)
5477
"Once the first time configuration process is completed, click the "
5478
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5482
#: serverguide/C/virtualization.xml:1520(para)
5484
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5488
#: serverguide/C/virtualization.xml:1525(para)
5489
msgid "Save them to <filename>~/.euca</filename>."
5492
#: serverguide/C/virtualization.xml:1530(para)
5494
"Unzip the downloaded zip file into a safe location "
5495
"(<filename>~/.euca</filename>)."
5498
#: serverguide/C/virtualization.xml:1534(command)
5499
msgid "unzip -d ~/.euca mycreds.zip"
5502
#: serverguide/C/virtualization.xml:1541(title)
5503
msgid "From a Command Line"
5506
#: serverguide/C/virtualization.xml:1545(para)
5508
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5509
"Controller</emphasis>, you can run:"
5512
#: serverguide/C/virtualization.xml:1549(command)
5513
msgid "mkdir -p ~/.euca"
5516
#: serverguide/C/virtualization.xml:1550(command)
5517
msgid "chmod 700 ~/.euca"
5520
#: serverguide/C/virtualization.xml:1551(command)
5524
#: serverguide/C/virtualization.xml:1552(command)
5525
msgid "sudo euca_conf --get-credentials mycreds.zip"
5528
#: serverguide/C/virtualization.xml:1553(command)
5529
msgid "unzip mycreds.zip"
5532
#: serverguide/C/virtualization.xml:1554(command)
5536
#: serverguide/C/virtualization.xml:1561(title)
5537
msgid "Extracting and Using Your Credentials"
5540
#: serverguide/C/virtualization.xml:1563(para)
5542
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5546
#: serverguide/C/virtualization.xml:1569(para)
5548
"Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
5549
"Eucalyptus environment:"
5552
#: serverguide/C/virtualization.xml:1573(command) serverguide/C/virtualization.xml:1600(command)
5553
msgid ". ~/.euca/eucarc"
5556
#: serverguide/C/virtualization.xml:1577(para)
5558
"You may additionally wish to add this command to your "
5559
"<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
5560
"set up automatically when you log in. Eucalyptus treats this set of "
5561
"credentials as <emphasis>'administrator'</emphasis> credentials that allow "
5562
"the holder global privileges across the cloud. As such, they should be "
5563
"protected in the same way that other elevated-priority access is protected "
5564
"(e.g. should not be made visible to the general user population)."
5567
#: serverguide/C/virtualization.xml:1584(command)
5569
"echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
5572
#: serverguide/C/virtualization.xml:1588(para)
5573
msgid "Install the required cloud user tools:"
5576
#: serverguide/C/virtualization.xml:1592(command)
5577
msgid "sudo apt-get install euca2ools"
5580
#: serverguide/C/virtualization.xml:1596(para)
5582
"To validate that everything is working correctly, get the local cluster "
5583
"availability details:"
5586
#: serverguide/C/virtualization.xml:1601(command)
5587
msgid "euca-describe-availability-zones verbose"
5590
#: serverguide/C/virtualization.xml:1602(computeroutput)
5593
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5594
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5595
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5596
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5597
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5598
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5599
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5602
#: serverguide/C/virtualization.xml:1612(para)
5603
msgid "Your output from the above command will vary."
5606
#: serverguide/C/virtualization.xml:1622(title)
5607
msgid "Running an Image"
5610
#: serverguide/C/virtualization.xml:1624(para)
5611
msgid "There are multiple ways to instantiate an image in UEC:"
5614
#: serverguide/C/virtualization.xml:1629(para)
5615
msgid "Use the command line."
5618
#: serverguide/C/virtualization.xml:1630(para)
5620
"Use one of the UEC compatible management tools such as "
5621
"<emphasis>Landscape</emphasis>."
5624
#: serverguide/C/virtualization.xml:1632(para)
5627
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5628
"extension to Firefox."
5631
#: serverguide/C/virtualization.xml:1638(para)
5632
msgid "Here we will describe the process from the command line:"
5635
#: serverguide/C/virtualization.xml:1644(para)
5637
"Before running an instance of your image, you should first create a "
5638
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5639
"instance as root, once it boots. The key is stored, so you will only have to "
5643
#: serverguide/C/virtualization.xml:1648(para)
5644
msgid "Run the following command:"
5647
#: serverguide/C/virtualization.xml:1651(programlisting)
5651
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5652
" touch ~/.euca/mykey.priv\n"
5653
" chmod 0600 ~/.euca/mykey.priv\n"
5654
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5658
#: serverguide/C/virtualization.xml:1659(para)
5660
"You can call your key whatever you like (in this example, the key is called "
5661
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5662
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5663
"a list of created keys stored in the system."
5666
#: serverguide/C/virtualization.xml:1666(para)
5667
msgid "You must also allow access to port 22 in your instances:"
5670
#: serverguide/C/virtualization.xml:1670(command)
5671
msgid "euca-describe-groups"
5674
#: serverguide/C/virtualization.xml:1671(command)
5675
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5678
#: serverguide/C/virtualization.xml:1675(para)
5679
msgid "Next, you can create instances of your registered image:"
5682
#: serverguide/C/virtualization.xml:1679(command)
5683
msgid "euca-run-instances $EMI -k mykey -t c1.medium"
5686
#: serverguide/C/virtualization.xml:1682(para)
5688
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5689
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5690
"on the <emphasis>Store</emphasis> page to see the sample command."
5693
#: serverguide/C/virtualization.xml:1689(para)
5695
"The first time you run an instance, the system will be setting up caches for "
5696
"the image from which it will be created. This can often take some time the "
5697
"first time an instance is run given that VM images are usually quite large."
5700
#: serverguide/C/virtualization.xml:1693(para)
5701
msgid "To monitor the state of your instance, run:"
5704
#: serverguide/C/virtualization.xml:1697(command)
5705
msgid "watch -n5 euca-describe-instances"
5708
#: serverguide/C/virtualization.xml:1699(para)
5710
"In the output, you should see information about the instance, including its "
5711
"state. While first-time caching is being performed, the instance's state "
5712
"will be <emphasis>'pending'</emphasis>."
5715
#: serverguide/C/virtualization.xml:1705(para)
5717
"When the instance is fully started, the above state will become "
5718
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5719
"instance in the output, then connect to it:"
5722
#: serverguide/C/virtualization.xml:1710(command)
5724
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5728
#: serverguide/C/virtualization.xml:1711(command)
5729
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5732
#: serverguide/C/virtualization.xml:1715(para)
5734
"And when you are done with this instance, exit your SSH connection, then "
5735
"terminate your instance:"
5738
#: serverguide/C/virtualization.xml:1719(command)
5740
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
5744
#: serverguide/C/virtualization.xml:1720(command)
5745
msgid "euca-terminate-instances $INSTANCEID"
5748
#: serverguide/C/virtualization.xml:1727(title)
5749
msgid "Install an Image from the Store"
5752
#: serverguide/C/virtualization.xml:1729(para)
5754
"The following is by far the simplest way to install an image. However, "
5755
"advanced users may be interested in learning how to <ulink "
5756
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5757
"own image</ulink>."
5760
#: serverguide/C/virtualization.xml:1734(para)
5762
"The simplest way to add an image to <application>UEC</application> is to "
5763
"install it from the Image Store on the UEC web interface."
5766
#: serverguide/C/virtualization.xml:1740(para)
5768
"Access the web interface at the following URL (Make sure you specify https):"
5771
#: serverguide/C/virtualization.xml:1748(para)
5773
"Enter your login and password (if requested, as you may still be logged in "
5777
#: serverguide/C/virtualization.xml:1753(para)
5778
msgid "Click on the <emphasis>Store</emphasis> tab."
5781
#: serverguide/C/virtualization.xml:1758(para)
5782
msgid "Browse available images."
5785
#: serverguide/C/virtualization.xml:1763(para)
5786
msgid "Click on <emphasis>install</emphasis> for the image you want."
5789
#: serverguide/C/virtualization.xml:1769(para)
5791
"Once the image has been downloaded and installed, you can click on "
5792
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5793
"button to view the command to execute to instantiate (start) this image. The "
5794
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5798
#: serverguide/C/virtualization.xml:1777(title) serverguide/C/dns.xml:619(title)
5799
msgid "More Information"
5802
#: serverguide/C/virtualization.xml:1779(para)
5804
"How to use the <ulink "
5805
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
5806
"Controller</ulink>"
5809
#: serverguide/C/virtualization.xml:1783(para)
5810
msgid "Controlling eucalyptus services:"
5813
#: serverguide/C/virtualization.xml:1788(para)
5815
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
5818
#: serverguide/C/virtualization.xml:1789(para)
5819
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
5822
#: serverguide/C/virtualization.xml:1792(para)
5823
msgid "Locations of some important files:"
5826
#: serverguide/C/virtualization.xml:1799(emphasis)
5830
#: serverguide/C/virtualization.xml:1802(para)
5831
msgid "/var/log/eucalyptus"
5834
#: serverguide/C/virtualization.xml:1807(emphasis)
5835
msgid "Configuration files:"
5838
#: serverguide/C/virtualization.xml:1810(para)
5839
msgid "/etc/eucalyptus"
5842
#: serverguide/C/virtualization.xml:1815(emphasis)
5846
#: serverguide/C/virtualization.xml:1818(para)
5847
msgid "/var/lib/eucalyptus/db"
5850
#: serverguide/C/virtualization.xml:1823(emphasis)
5854
#: serverguide/C/virtualization.xml:1826(para)
5855
msgid "/var/lib/eucalyptus"
5858
#: serverguide/C/virtualization.xml:1827(para)
5859
msgid "/var/lib/eucalyptus/.ssh"
5862
#: serverguide/C/virtualization.xml:1833(para)
5864
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
5865
"running the client tools."
5868
#: serverguide/C/virtualization.xml:1844(para)
5177
5870
"For information on loading instances see the <ulink "
5178
5871
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
5182
#: serverguide/C/virtualization.xml:1317(para)
5875
#: serverguide/C/virtualization.xml:1849(para)
5877
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
5878
"documentation, downloads)</ulink>."
5881
#: serverguide/C/virtualization.xml:1854(para)
5883
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
5884
"(bugs, code)</ulink>."
5887
#: serverguide/C/virtualization.xml:1859(para)
5890
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
5891
"ptus Troubleshooting (1.5)</ulink>."
5894
#: serverguide/C/virtualization.xml:1864(para)
5896
"<ulink url=\"http://support.rightscale.com/2._References/02-"
5897
"Cloud_Infrastructures/Eucalyptus/03-"
5898
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
5899
"RightScale</ulink>."
5902
#: serverguide/C/virtualization.xml:1870(para)
5184
5904
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
5185
5905
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
5186
5906
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
5189
#: serverguide/C/virtualization.xml:1327(title)
5909
#: serverguide/C/virtualization.xml:1879(title)
5913
#: serverguide/C/virtualization.xml:1881(para)
5915
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
5916
"unfamiliar to some readers. This page is intended to provide a glossary of "
5917
"such terms and acronyms."
5920
#: serverguide/C/virtualization.xml:1888(para)
5922
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
5923
"computing resources through virtual machines, provisioned and recollected "
5927
#: serverguide/C/virtualization.xml:1894(para)
5929
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
5930
"provides the web UI (an https server on port 8443), and implements the "
5931
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
5932
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
5933
"cloud</application> package."
5936
#: serverguide/C/virtualization.xml:1901(para)
5938
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
5939
"Cluster Controller. There can be more than one Cluster in an installation of "
5940
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
5944
#: serverguide/C/virtualization.xml:1907(para)
5946
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
5947
"manages collections of node resources. This service is provided by the "
5948
"Ubuntu <application>eucalyptus-cc</application> package."
5951
#: serverguide/C/virtualization.xml:1913(para)
5952
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
5955
#: serverguide/C/virtualization.xml:1918(para)
5957
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
5958
"pay-by-the-gigabyte public cloud computing offering."
5961
#: serverguide/C/virtualization.xml:1923(para)
5962
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
5965
#: serverguide/C/virtualization.xml:1928(para)
5966
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
5969
#: serverguide/C/virtualization.xml:1933(para)
5970
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
5973
#: serverguide/C/virtualization.xml:1938(para)
5975
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
5976
"Linking Your Programs To Useful Systems. An open source project originally "
5977
"from the University of California at Santa Barbara, now supported by "
5978
"Eucalyptus Systems, a Canonical Partner."
5981
#: serverguide/C/virtualization.xml:1945(para)
5983
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
5984
"the high level Eucalyptus components (cloud, walrus, storage controller, "
5985
"cluster controller)."
5988
#: serverguide/C/virtualization.xml:1951(para)
5990
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
5991
"running virtual machines, running a node controller. Within Ubuntu, this "
5992
"generally means that the CPU has VT extensions, and can run the KVM "
5996
#: serverguide/C/virtualization.xml:1957(para)
5998
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
5999
"on nodes which host the virtual machines that comprise the cloud. This "
6000
"service is provided by the Ubuntu package <application>eucalyptus-"
6004
#: serverguide/C/virtualization.xml:1963(para)
6006
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6007
"gigabyte persistent storage solution for EC2."
6010
#: serverguide/C/virtualization.xml:1968(para)
6012
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6013
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6014
"installation can have its own Storage Controller. This component is provided "
6015
"by the <application>eucalyptus-sc</application> package."
6018
#: serverguide/C/virtualization.xml:1975(para)
6020
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6021
"solution, based on Eucalyptus."
6024
#: serverguide/C/virtualization.xml:1980(para)
6025
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6028
#: serverguide/C/virtualization.xml:1985(para)
6030
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6031
"some modern CPUs, allowing for accelerated virtual machine hosting."
6034
#: serverguide/C/virtualization.xml:1990(para)
6036
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6037
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6038
"put/get abstractions."
6041
#: serverguide/C/virtualization.xml:2000(title)
5190
6042
msgid "OpenNebula"
5193
#: serverguide/C/virtualization.xml:1329(para)
6045
#: serverguide/C/virtualization.xml:2002(para)
5195
6047
"<application>OpenNebula</application> allows virtual machines to be placed "
5196
6048
"and re-placed dynamically on a pool of physical resources. This allows a "
5197
6049
"virtual machine to be hosted from any location available."
5200
#: serverguide/C/virtualization.xml:1334(para)
6052
#: serverguide/C/virtualization.xml:2007(para)
5202
6054
"This section will detail configuring an OpenNebula cluster using three "
5203
6055
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
7575
8345
"<application>apparmor-profiles</application> package."
7578
#: serverguide/C/security.xml:974(para)
8348
#: serverguide/C/security.xml:921(para)
7580
8350
"To install the <application>apparmor-profiles</application> package from a "
7581
8351
"terminal prompt:"
7584
#: serverguide/C/security.xml:980(para)
8354
#: serverguide/C/security.xml:927(para)
7585
8355
msgid "AppArmor profiles have two modes of execution:"
7588
#: serverguide/C/security.xml:985(para)
8358
#: serverguide/C/security.xml:932(para)
7590
8360
"Complaining/Learning: profile violations are permitted and logged. Useful "
7591
8361
"for testing and developing new profiles."
7594
#: serverguide/C/security.xml:990(para)
8364
#: serverguide/C/security.xml:937(para)
7596
8366
"Enforced/Confined: enforces profile policy as well as logging the violation."
7599
#: serverguide/C/security.xml:996(title)
8369
#: serverguide/C/security.xml:943(title)
7600
8370
msgid "Using AppArmor"
7603
#: serverguide/C/security.xml:997(para)
8373
#: serverguide/C/security.xml:944(para)
7605
8375
"The <application>apparmor-utils</application> package contains command line "
7606
8376
"utilities that you can use to change the <application>AppArmor</application> "
7607
8377
"execution mode, find the status of a profile, create new profiles, etc."
7610
#: serverguide/C/security.xml:1003(para)
8380
#: serverguide/C/security.xml:950(para)
7612
8382
"<application>apparmor_status</application> is used to view the current "
7613
8383
"status of AppArmor profiles."
7616
#: serverguide/C/security.xml:1007(command)
8386
#: serverguide/C/security.xml:954(command)
7617
8387
msgid "sudo apparmor_status"
7620
#: serverguide/C/security.xml:1011(para)
8390
#: serverguide/C/security.xml:958(para)
7622
8392
"<application>aa-complain</application> places a profile into "
7623
8393
"<emphasis>complain</emphasis> mode."
7626
#: serverguide/C/security.xml:1015(command)
8396
#: serverguide/C/security.xml:962(command)
7627
8397
msgid "sudo aa-complain /path/to/bin"
7630
#: serverguide/C/security.xml:1019(para)
8400
#: serverguide/C/security.xml:966(para)
7632
8402
"<application>aa-enforce</application> places a profile into "
7633
8403
"<emphasis>enforce</emphasis> mode."
7636
#: serverguide/C/security.xml:1023(command)
8406
#: serverguide/C/security.xml:970(command)
7637
8407
msgid "sudo aa-enforce /path/to/bin"
7640
#: serverguide/C/security.xml:1027(para)
8410
#: serverguide/C/security.xml:974(para)
7642
8412
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7643
8413
"profiles are located. It can be used to manipulate the "
7644
8414
"<emphasis>mode</emphasis> of all profiles."
7647
#: serverguide/C/security.xml:1031(para)
8417
#: serverguide/C/security.xml:978(para)
7648
8418
msgid "Enter the following to place all profiles into complain mode:"
7651
#: serverguide/C/security.xml:1035(command)
8421
#: serverguide/C/security.xml:982(command)
7652
8422
msgid "sudo aa-complain /etc/apparmor.d/*"
7655
#: serverguide/C/security.xml:1037(para)
8425
#: serverguide/C/security.xml:984(para)
7656
8426
msgid "To place all profiles in enforce mode:"
7659
#: serverguide/C/security.xml:1041(command)
8429
#: serverguide/C/security.xml:988(command)
7660
8430
msgid "sudo aa-enforce /etc/apparmor.d/*"
7663
#: serverguide/C/security.xml:1045(para)
8433
#: serverguide/C/security.xml:992(para)
7665
8435
"<application>apparmor_parser</application> is used to load a profile into "
7666
8436
"the kernel. It can also be used to reload a currently loaded profile using "
7667
8437
"the <emphasis>-r</emphasis> option. To load a profile:"
7670
#: serverguide/C/security.xml:1050(command) serverguide/C/security.xml:1082(command)
8440
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7671
8441
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7674
#: serverguide/C/security.xml:1052(para)
8444
#: serverguide/C/security.xml:999(para)
7675
8445
msgid "To reload a profile:"
7678
#: serverguide/C/security.xml:1056(command)
8448
#: serverguide/C/security.xml:1003(command)
7679
8449
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7682
#: serverguide/C/security.xml:1060(para)
8452
#: serverguide/C/security.xml:1007(para)
7684
8454
"<filename>/etc/init.d/apparmor</filename> can be used to "
7685
8455
"<emphasis>reload</emphasis> all profiles:"
7688
#: serverguide/C/security.xml:1064(command)
8458
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:632(command)
7689
8459
msgid "sudo /etc/init.d/apparmor reload"
7692
#: serverguide/C/security.xml:1068(para)
8462
#: serverguide/C/security.xml:1015(para)
7694
8464
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7695
8465
"with the <application>apparmor_parser -R</application> option to "
7696
8466
"<emphasis>disable</emphasis> a profile."
7699
#: serverguide/C/security.xml:1073(command)
8469
#: serverguide/C/security.xml:1020(command)
7700
8470
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7703
#: serverguide/C/security.xml:1074(command)
8473
#: serverguide/C/security.xml:1021(command)
7704
8474
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7707
#: serverguide/C/security.xml:1076(para)
8477
#: serverguide/C/security.xml:1023(para)
7709
8479
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7710
8480
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7711
8481
"load the profile using the <emphasis>-a</emphasis> option."
7714
#: serverguide/C/security.xml:1081(command)
8484
#: serverguide/C/security.xml:1028(command)
7715
8485
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7718
#: serverguide/C/security.xml:1086(para)
8488
#: serverguide/C/security.xml:1033(para)
7720
8490
"<application>AppArmor</application> can be disabled, and the kernel module "
7721
8491
"unloaded by entering the following:"
7724
#: serverguide/C/security.xml:1090(command)
8494
#: serverguide/C/security.xml:1037(command)
7725
8495
msgid "sudo /etc/init.d/apparmor stop"
7728
#: serverguide/C/security.xml:1091(command)
8498
#: serverguide/C/security.xml:1038(command)
7729
8499
msgid "sudo update-rc.d -f apparmor remove"
7732
#: serverguide/C/security.xml:1095(para)
8502
#: serverguide/C/security.xml:1042(para)
7733
8503
msgid "To re-enable <application>AppArmor</application> enter:"
7736
#: serverguide/C/security.xml:1099(command)
8506
#: serverguide/C/security.xml:1046(command)
7737
8507
msgid "sudo /etc/init.d/apparmor start"
7740
#: serverguide/C/security.xml:1100(command)
8510
#: serverguide/C/security.xml:1047(command)
7741
8511
msgid "sudo update-rc.d apparmor defaults"
7744
#: serverguide/C/security.xml:1105(para)
8514
#: serverguide/C/security.xml:1052(para)
7746
8516
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7747
8517
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8586
9356
"other users on the system."
8589
#: serverguide/C/security.xml:1845(para)
9359
#: serverguide/C/security.xml:1792(para)
8591
9361
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8592
9362
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8596
#: serverguide/C/security.xml:1851(para)
9366
#: serverguide/C/security.xml:1798(para)
8598
9368
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8599
9369
"kernel keyring."
8602
#: serverguide/C/security.xml:1856(para)
9372
#: serverguide/C/security.xml:1803(para)
8604
9374
"<emphasis>ecryptfs-manager:</emphasis> manages "
8605
9375
"<application>eCryptfs</application> objects such as keys."
8608
#: serverguide/C/security.xml:1861(para)
9378
#: serverguide/C/security.xml:1808(para)
8610
9380
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8611
9381
"<application>ecryptfs</application> meta information for a file."
8614
#: serverguide/C/security.xml:1874(para)
9384
#: serverguide/C/security.xml:1821(para)
8616
9386
"For more information on eCryptfs see the <ulink "
8617
"url=\"https://launchpad.net/ecryptfs\">Launch Pad project page</ulink>"
9387
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8620
#: serverguide/C/security.xml:1879(para)
9390
#: serverguide/C/security.xml:1826(para)
8622
9392
"There is also a <ulink "
8623
9393
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8624
9394
"article covering eCryptfs."
8627
#: serverguide/C/security.xml:1884(para)
9397
#: serverguide/C/security.xml:1831(para)
8629
9399
"Also, for more <application>ecryptfs</application> options see the <ulink "
8630
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/ecryptfs.7.html\">ec"
8631
"ryptfs man page</ulink>."
9400
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
9401
"yptfs man page</ulink>."
9404
#: serverguide/C/security.xml:1837(para)
9406
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9407
"Ubuntu Wiki</ulink> page also has more details."
9410
#: serverguide/C/reporting-bugs.xml:13(title)
9414
#: serverguide/C/reporting-bugs.xml:16(title)
9415
msgid "Reporting Bugs in Ubuntu Server Edition"
9418
#: serverguide/C/reporting-bugs.xml:18(para)
9420
"While the Ubuntu Project attempts to release software with as few bugs as "
9421
"possible, they do occur. You can help fix these bugs by reporting ones that "
9422
"you find to the project. The Ubuntu Project uses <ulink "
9423
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9424
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9425
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9429
#: serverguide/C/reporting-bugs.xml:30(title)
9430
msgid "Reporting Bugs With ubuntu-bug"
9433
#: serverguide/C/reporting-bugs.xml:32(para)
9435
"The preferred way to report a bug is with the <application>ubuntu-"
9436
"bug</application> command. The ubuntu-bug tool gathers information about the "
9437
"system useful to developers in diagnosing the reported problem that will "
9438
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9439
"need to be filed against a specific software package, thus the name of the "
9440
"package that the bug occurs in needs to be given to ubuntu-bug:"
9443
#: serverguide/C/reporting-bugs.xml:43(command)
9444
msgid "ubuntu-bug PACKAGENAME"
9447
#: serverguide/C/reporting-bugs.xml:46(para)
9449
"For example, to file a bug against the openssh-server package, you would do:"
9452
#: serverguide/C/reporting-bugs.xml:51(command)
9453
msgid "ubuntu-bug openssh-server"
9456
#: serverguide/C/reporting-bugs.xml:54(para)
9458
"You can specify either a binary package or the source package for ubuntu-"
9459
"bug. Again using openssh-server as an example, you could also generate the "
9460
"report against the source package for openssh-server, openssh:"
9463
#: serverguide/C/reporting-bugs.xml:62(command)
9464
msgid "ubuntu-bug openssh"
9467
#: serverguide/C/reporting-bugs.xml:66(para)
9469
"See <xref linkend=\"package-management\"/> for more information about "
9470
"packages in Ubuntu."
9473
#: serverguide/C/reporting-bugs.xml:72(para)
9475
"The ubuntu-bug command will gather information about the system in question, "
9476
"possibly including information specific to the specified package, and then "
9477
"ask you what you would like to do with collected information:"
9480
#: serverguide/C/reporting-bugs.xml:80(command)
9481
msgid "ubuntu-bug postgresql"
9484
#: serverguide/C/reporting-bugs.xml:79(screen)
9488
"<placeholder-1/>\n"
9490
"*** Collecting problem information\n"
9492
"The collected information can be sent to the developers to improve the\n"
9493
"application. This might take a few minutes.\n"
9496
"*** Send problem report to the developers?\n"
9498
"After the problem report has been sent, please fill out the form in the\n"
9499
"automatically opened web browser.\n"
9501
"What would you like to do? Your options are:\n"
9502
" S: Send report (1.7 KiB)\n"
9504
" K: Keep report file for sending later or copying to somewhere else\n"
9506
"Please choose (S/V/K/C):\n"
9509
#: serverguide/C/reporting-bugs.xml:101(para)
9510
msgid "The options available are:"
9513
#: serverguide/C/reporting-bugs.xml:108(para)
9515
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9516
"the collected information to Launchpad as part of the the process of filing "
9517
"a bug report. You will be given the opportunity to describe the situation "
9518
"that led up to the occurrance of the bug."
9521
#: serverguide/C/reporting-bugs.xml:115(screen)
9525
"*** Uploading problem information\n"
9527
"The collected information is being sent to the bug tracking system.\n"
9528
"This might take a few minutes.\n"
9531
"*** To continue, you must visit the following URL:\n"
9533
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9534
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9536
"You can launch a browser now, or copy this URL into a browser on another\n"
9540
" 1: Launch a browser now\n"
9542
"Please choose (1/C):\n"
9545
#: serverguide/C/reporting-bugs.xml:135(para)
9547
"If you choose to start a browser, by default the text based web browser "
9548
"<application>w3m</application> will be used to finish filing the bug report. "
9549
"Alternately, you can copy the given URL to a currently running web browser."
9552
#: serverguide/C/reporting-bugs.xml:144(para)
9554
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9555
"the collected information to be displayed to the terminal for review."
9558
#: serverguide/C/reporting-bugs.xml:150(screen)
9562
"Package: postgresql 8.4.2-2\n"
9563
"PackageArchitecture: all\n"
9565
"ProblemType: Bug\n"
9567
" LANG=en_US.UTF-8\n"
9568
" SHELL=/bin/bash\n"
9569
"Uname: Linux 2.6.32-16-server x86_64\n"
9571
" adduser 3.112ubuntu1\n"
9572
" base-files 5.0.0ubuntu10\n"
9573
" base-passwd 3.5.22\n"
9574
" coreutils 7.4-2ubuntu2\n"
9578
#: serverguide/C/reporting-bugs.xml:167(para)
9580
"After viewing the report, you will be brought back to the same menu asking "
9581
"what you would like to do with the report."
9584
#: serverguide/C/reporting-bugs.xml:174(para)
9586
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9587
"File causes the gathered information to be written to a file. This file can "
9588
"then be used to later file a bug report or transferred to a different Ubuntu "
9589
"system for reporting. To submit the report file, simply give it as an "
9590
"argument to the ubuntu-bug command:"
9593
#: serverguide/C/reporting-bugs.xml:189(userinput)
9598
#: serverguide/C/reporting-bugs.xml:192(command)
9599
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9602
#: serverguide/C/reporting-bugs.xml:183(screen)
9606
"What would you like to do? Your options are:\n"
9607
" S: Send report (1.7 KiB)\n"
9609
" K: Keep report file for sending later or copying to somewhere else\n"
9611
"Please choose (S/V/K/C): <placeholder-1/>\n"
9612
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9614
"<placeholder-2/>\n"
9616
"*** Send problem report to the developers?\n"
9620
#: serverguide/C/reporting-bugs.xml:200(para)
9622
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9623
"collected information to be discarded."
9626
#: serverguide/C/reporting-bugs.xml:210(title)
9627
msgid "Reporting Application Crashes"
9630
#: serverguide/C/reporting-bugs.xml:212(para)
9632
"The software package that provides the ubuntu-bug utility, "
9633
"<application>apport</application>, can be configured to trigger when "
9634
"applications crash. This is disabled by default, as capturing a crash can be "
9635
"resource intensive depending on how much memory the application that crashed "
9636
"was using as apport captures and processes the core dump."
9639
#: serverguide/C/reporting-bugs.xml:221(para)
9641
"Configuring apport to capture information about crashing applications "
9642
"requires a couple of steps. First, <application>gdb</application> needs to "
9643
"be installed; it is not installed by default in Ubuntu Server Edition."
9646
#: serverguide/C/reporting-bugs.xml:229(command)
9647
msgid "sudo apt-get install gdb"
9650
#: serverguide/C/reporting-bugs.xml:232(para)
9652
"See <xref linkend=\"package-management\"/> for more information about "
9653
"managing packages in Ubuntu."
9656
#: serverguide/C/reporting-bugs.xml:237(para)
9658
"Once you have ensured that gdb is installed, open the file "
9659
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9660
"<emphasis>enabled</emphasis> setting to be <emphasis "
9661
"role=\"bold\">1</emphasis> like so:"
9664
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9668
"# set this to 0 to disable apport, or to 1 to enable it\n"
9669
"# you can temporarily override this with\n"
9670
"# sudo service apport start force_start=1\n"
9671
"enabled=<userinput>1</userinput>\n"
9673
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9674
"maxsize=209715200\n"
9677
#: serverguide/C/reporting-bugs.xml:254(para)
9679
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9680
"start the apport service:"
9683
#: serverguide/C/reporting-bugs.xml:261(command)
9684
msgid "sudo start apport"
9687
#: serverguide/C/reporting-bugs.xml:264(para)
9689
"After an application crashes, use the <application>apport-cli</application> "
9690
"command to search for the existing saved crash report information:"
9693
#: serverguide/C/reporting-bugs.xml:271(command)
9697
#: serverguide/C/reporting-bugs.xml:270(screen)
9701
"<placeholder-1/>\n"
9703
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9705
"If you were not doing anything confidential (entering passwords or other\n"
9706
"private information), you can help to improve the application by\n"
9710
"What would you like to do? Your options are:\n"
9711
" R: Report Problem...\n"
9712
" I: Cancel and ignore future crashes of this program version\n"
9714
"Please choose (R/I/C):\n"
9717
#: serverguide/C/reporting-bugs.xml:287(para)
9719
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9720
"steps as when using ubuntu-bug. One important difference is that a crash "
9721
"report will be marked as private when filed on Launchpad, meaning that it "
9722
"will be visible to only a limited set of bug triagers. These triagers will "
9723
"review the gathered data for private information before making the bug "
9724
"report publicly visible."
9727
#: serverguide/C/reporting-bugs.xml:307(para)
9730
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9731
"Bugs</ulink> Ubuntu wiki page."
9734
#: serverguide/C/reporting-bugs.xml:313(para)
9736
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9737
"has some useful information. Though some of it pertains to using a GUI."
8634
9740
#: serverguide/C/remote-administration.xml:13(title)
8992
10104
"such as log files."
8995
#: serverguide/C/remote-administration.xml:304(para)
10107
#: serverguide/C/remote-administration.xml:317(para)
8997
10109
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
9000
#: serverguide/C/remote-administration.xml:309(para)
10112
#: serverguide/C/remote-administration.xml:322(para)
9002
10114
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
9003
10115
"when reporting bugs to the eBox developers."
9006
#: serverguide/C/remote-administration.xml:317(para)
10118
#: serverguide/C/remote-administration.xml:330(para)
9008
10120
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
9009
10121
"queried depending on the purge time configured."
9012
#: serverguide/C/remote-administration.xml:323(para)
10124
#: serverguide/C/remote-administration.xml:336(para)
9014
10126
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
9015
10127
"through rss, jabber, and log file."
9018
#: serverguide/C/remote-administration.xml:330(emphasis)
10130
#: serverguide/C/remote-administration.xml:343(emphasis)
9019
10131
msgid "Available Events:"
9022
#: serverguide/C/remote-administration.xml:334(para)
10134
#: serverguide/C/remote-administration.xml:347(para)
9024
10136
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
9025
10137
"drops below a configured percentage, 10% by default."
9028
#: serverguide/C/remote-administration.xml:340(para)
10140
#: serverguide/C/remote-administration.xml:353(para)
9030
"<emphasis>Log Observer:</emphasis> unfortunately this event does not work "
9031
"with the <application>eBox</application> version shipped with Ubuntu 7.10."
10142
"<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
10143
"has logged something."
9034
#: serverguide/C/remote-administration.xml:346(para)
10146
#: serverguide/C/remote-administration.xml:359(para)
9036
10148
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
9037
10149
"any issues arise."
9040
#: serverguide/C/remote-administration.xml:352(para)
10152
#: serverguide/C/remote-administration.xml:365(para)
9042
10154
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
9043
10155
"times in a short time period."
9046
#: serverguide/C/remote-administration.xml:358(para)
10158
#: serverguide/C/remote-administration.xml:371(para)
9048
10160
"<emphasis>State:</emphasis> alerts on the state of "
9049
10161
"<application>eBox</application>, either up or down."
9052
#: serverguide/C/remote-administration.xml:367(emphasis)
10164
#: serverguide/C/remote-administration.xml:380(emphasis)
9053
10165
msgid "Dispatchers:"
9056
#: serverguide/C/remote-administration.xml:371(para)
10168
#: serverguide/C/remote-administration.xml:384(para)
9058
10170
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
9059
10171
"<application>eBox</application> log file "
9060
10172
"<filename>/var/log/ebox/ebox.log</filename>."
9063
#: serverguide/C/remote-administration.xml:378(para)
10175
#: serverguide/C/remote-administration.xml:391(para)
9065
10177
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
9066
10178
"configure it by clicking on the <quote>Configure</quote> icon."
9069
#: serverguide/C/remote-administration.xml:384(para)
10181
#: serverguide/C/remote-administration.xml:397(para)
9071
10183
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
9072
10184
"subscribe to the link in order to view event alerts."
9075
#: serverguide/C/remote-administration.xml:397(title)
10187
#: serverguide/C/remote-administration.xml:410(title)
9076
10188
msgid "Additional Modules"
9079
#: serverguide/C/remote-administration.xml:398(para)
10191
#: serverguide/C/remote-administration.xml:411(para)
9081
10193
"Here is a quick description of other available "
9082
10194
"<application>eBox</application> modules:"
9085
#: serverguide/C/remote-administration.xml:403(para)
10197
#: serverguide/C/remote-administration.xml:416(para)
9087
10199
"<emphasis>Network:</emphasis> allows configuration of the server's network "
9088
10200
"options through eBox."
9091
#: serverguide/C/remote-administration.xml:409(para)
10203
#: serverguide/C/remote-administration.xml:422(para)
9093
10205
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
9096
#: serverguide/C/remote-administration.xml:414(para)
10208
#: serverguide/C/remote-administration.xml:427(para)
9098
10210
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
9099
10211
"groups contained in an <application>OpenLDAP</application> LDAP directory."
9102
#: serverguide/C/remote-administration.xml:420(para)
10214
#: serverguide/C/remote-administration.xml:433(para)
9104
10216
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
9108
#: serverguide/C/remote-administration.xml:425(para)
10220
#: serverguide/C/remote-administration.xml:438(para)
9110
10222
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
9111
10223
"server configuration options."
9114
#: serverguide/C/remote-administration.xml:431(para)
10226
#: serverguide/C/remote-administration.xml:444(para)
9116
10228
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
9117
10229
"Objects</emphasis>, which allow you to assign a name to an IP address or "
9118
10230
"group of IPs."
9121
#: serverguide/C/remote-administration.xml:438(para)
10233
#: serverguide/C/remote-administration.xml:451(para)
9123
10235
"<emphasis>Services:</emphasis> displays configuration information for "
9124
10236
"services that are available to the network."
9127
#: serverguide/C/remote-administration.xml:444(para)
10239
#: serverguide/C/remote-administration.xml:457(para)
9129
10241
"<emphasis>Squid:</emphasis> configuration options for the "
9130
10242
"<application>Squid</application> proxy server."
9133
#: serverguide/C/remote-administration.xml:450(para)
10245
#: serverguide/C/remote-administration.xml:463(para)
9135
10247
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
9138
#: serverguide/C/remote-administration.xml:455(para)
10250
#: serverguide/C/remote-administration.xml:468(para)
9139
10251
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
9142
#: serverguide/C/remote-administration.xml:460(para)
10254
#: serverguide/C/remote-administration.xml:473(para)
9143
10255
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
9146
#: serverguide/C/remote-administration.xml:465(para)
10258
#: serverguide/C/remote-administration.xml:478(para)
9147
10259
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
9150
#: serverguide/C/remote-administration.xml:470(para)
10262
#: serverguide/C/remote-administration.xml:483(para)
9152
10264
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
9153
10265
"Network application."
9156
#: serverguide/C/remote-administration.xml:481(para)
9158
"For more information see the <ulink url=\"http://ebox-platform.com/\">eBox "
9159
"Home Page</ulink>."
10268
#: serverguide/C/remote-administration.xml:494(para)
10270
"The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
10271
"Wiki</ulink> page has more details."
10274
#: serverguide/C/remote-administration.xml:499(para)
10276
"For more information also see the <ulink url=\"http://ebox-"
10277
"platform.com/\">eBox Home Page</ulink>."
9162
10280
#: serverguide/C/package-management.xml:13(title)
10142
11255
"Committed revision 2."
10145
#: serverguide/C/other-apps.xml:280(para)
11258
#: serverguide/C/other-apps.xml:241(para)
10147
11260
"For an example of how <application>etckeeper</application> tracks manual "
10148
11261
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
10149
11262
"<application>bzr</application> you can see which files have been modified:"
10152
#: serverguide/C/other-apps.xml:286(command)
11265
#: serverguide/C/other-apps.xml:247(command)
10153
11266
msgid "sudo bzr status /etc/"
10156
#: serverguide/C/other-apps.xml:287(computeroutput)
11269
#: serverguide/C/other-apps.xml:248(computeroutput)
10159
11272
"modified:\n"
10163
#: serverguide/C/other-apps.xml:291(para)
11276
#: serverguide/C/other-apps.xml:252(para)
10164
11277
msgid "Now commit the changes:"
10167
#: serverguide/C/other-apps.xml:296(command)
11280
#: serverguide/C/other-apps.xml:257(command)
10168
11281
msgid "sudo etckeeper commit \"new host\""
10171
#: serverguide/C/other-apps.xml:299(para)
11284
#: serverguide/C/other-apps.xml:260(para)
10173
11286
"For more information on <application>bzr</application> see <xref "
10174
11287
"linkend=\"bazaar\"/>."
10177
#: serverguide/C/other-apps.xml:305(title)
10178
msgid "Screen Profiles"
11290
#: serverguide/C/other-apps.xml:266(title)
10181
#: serverguide/C/other-apps.xml:307(para)
11294
#: serverguide/C/other-apps.xml:268(para)
10183
11296
"One of the most useful applications for any system administrator is "
10184
11297
"<application>screen</application>. It allows the execution of multiple "
10185
11298
"shells in one terminal. To make some of the advanced "
10186
11299
"<application>screen</application> features more user friendly, and provide "
10187
"some useful information about the system, the <application>screen-"
10188
"profiles</application> package was created."
11300
"some useful information about the system, the "
11301
"<application>byobu</application> package was created."
10191
#: serverguide/C/other-apps.xml:314(para)
11304
#: serverguide/C/other-apps.xml:275(para)
10193
"When executing <application>screen</application> for the first time you will "
10194
"be presented with the <application>screen-profiles-helper</application> "
10195
"menu. This menu will allow you to:"
11306
"When executing <application>byobu</application> pressing the "
11307
"<emphasis>F9</emphasis> key will bring up the "
11308
"<application>Configuration</application> menu. This menu will allow you to:"
10198
#: serverguide/C/other-apps.xml:320(para)
11311
#: serverguide/C/other-apps.xml:281(para)
10199
11312
msgid "View the Help menu"
10202
#: serverguide/C/other-apps.xml:321(para)
11315
#: serverguide/C/other-apps.xml:282(para)
11316
msgid "Change Byobu's background color"
11319
#: serverguide/C/other-apps.xml:283(para)
11320
msgid "Change Byobu's foreground color"
11323
#: serverguide/C/other-apps.xml:284(para)
11324
msgid "Toggle status notifications"
11327
#: serverguide/C/other-apps.xml:285(para)
10203
11328
msgid "Change the key binding set"
10206
#: serverguide/C/other-apps.xml:322(para)
10207
msgid "Change screen profiles"
10210
#: serverguide/C/other-apps.xml:323(para)
11331
#: serverguide/C/other-apps.xml:286(para)
10211
11332
msgid "Change the escape sequence"
10214
#: serverguide/C/other-apps.xml:324(para)
10215
msgid "Create new screen windows"
11335
#: serverguide/C/other-apps.xml:287(para)
11336
msgid "Create new windows"
10218
#: serverguide/C/other-apps.xml:325(para)
11339
#: serverguide/C/other-apps.xml:288(para)
10219
11340
msgid "Manage the default windows"
10222
#: serverguide/C/other-apps.xml:326(para)
10223
msgid "Install screen by default at login"
11343
#: serverguide/C/other-apps.xml:289(para)
11344
msgid "Byobu currently does not launch at login (toggle on)"
10226
#: serverguide/C/other-apps.xml:329(para)
11347
#: serverguide/C/other-apps.xml:292(para)
10228
11349
"The <emphasis>key bindings</emphasis> determine such things as the escape "
10229
11350
"sequence, new window, change window, etc. There are two key binding sets to "
10230
"choose from <emphasis>common</emphasis> and <emphasis>none</emphasis>. If "
10231
"you wish to use the original key bindings choose the "
11351
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11352
"keys</emphasis>. If you wish to use the original key bindings choose the "
10232
11353
"<emphasis>none</emphasis> set."
10235
#: serverguide/C/other-apps.xml:335(para)
10237
"The Ubuntu <application>screen-profiles</application> provide a menu which "
10238
"displays the Ubuntu release, processor information, memory information, and "
10239
"the time and date. The effect is similar to a desktop menu. When a profile "
10240
"is selected it will be symlinked to <filename>~/.screenrc</filename>. The "
10241
"<application>select-screen-profile</application> utility can also be used to "
10242
"change profiles, in a terminal enter:"
10245
#: serverguide/C/other-apps.xml:343(command)
10246
msgid "select-screen-profile -s ubuntu-light"
10249
#: serverguide/C/other-apps.xml:346(para)
10251
"The <emphasis>plain</emphasis> profile will change "
10252
"<application>screen</application> back to the defaults, which does not "
10253
"include the information menu at the bottom."
10256
#: serverguide/C/other-apps.xml:351(para)
10258
"Using the <emphasis>\"Install screen by default at login\"</emphasis> option "
10259
"will cause screen to be executed any time a terminal is opened. Changes made "
10260
"to <application>screen</application> are on a per user basis, and will not "
11356
#: serverguide/C/other-apps.xml:298(para)
11358
"<application>byobu</application> provides a menu which displays the Ubuntu "
11359
"release, processor information, memory information, and the time and date. "
11360
"The effect is similar to a desktop menu."
11363
#: serverguide/C/other-apps.xml:303(para)
11365
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11366
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11367
"executed any time a terminal is opened. Changes made to "
11368
"<application>byobu</application> are on a per user basis, and will not "
10261
11369
"affect other users on the system."
10264
#: serverguide/C/other-apps.xml:356(para)
11372
#: serverguide/C/other-apps.xml:309(para)
10266
"One difference when using screen is the <emphasis>scrollback</emphasis> "
10267
"mode. If you are using one of the Ubuntu profiles press the "
10268
"<emphasis>F7</emphasis>, or <emphasis>Ctrl+a+[</emphasis> if not, to enter "
10269
"scrollback mode. Scrollback mode allows you to navigate past output using "
10270
"<emphasis>vi</emphasis> like commands. Here is a quick list of movement "
11374
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11375
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11376
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11377
"commands. Here is a quick list of movement commands:"
10274
#: serverguide/C/other-apps.xml:363(para)
11380
#: serverguide/C/other-apps.xml:316(para)
10275
11381
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
10278
#: serverguide/C/other-apps.xml:364(para)
11384
#: serverguide/C/other-apps.xml:317(para)
10279
11385
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
10282
#: serverguide/C/other-apps.xml:365(para)
11388
#: serverguide/C/other-apps.xml:318(para)
10283
11389
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
10286
#: serverguide/C/other-apps.xml:366(para)
11392
#: serverguide/C/other-apps.xml:319(para)
10287
11393
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
10290
#: serverguide/C/other-apps.xml:367(para)
11396
#: serverguide/C/other-apps.xml:320(para)
10291
11397
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
10294
#: serverguide/C/other-apps.xml:368(para)
11400
#: serverguide/C/other-apps.xml:321(para)
10295
11401
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
10298
#: serverguide/C/other-apps.xml:369(para)
11404
#: serverguide/C/other-apps.xml:322(para)
10300
11406
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
10301
11407
"the buffer)"
10304
#: serverguide/C/other-apps.xml:370(para)
10305
msgid "<emphasis>C-u</emphasis> - Scrolls a half page up"
10308
#: serverguide/C/other-apps.xml:371(para)
10309
msgid "<emphasis>C-b</emphasis> - Scrolls a full page up"
10312
#: serverguide/C/other-apps.xml:372(para)
10313
msgid "<emphasis>C-d</emphasis> - Scrolls a half page down"
10316
#: serverguide/C/other-apps.xml:373(para)
10317
msgid "<emphasis>C-f</emphasis> - Scrolls the full page down"
10320
#: serverguide/C/other-apps.xml:374(para)
11410
#: serverguide/C/other-apps.xml:323(para)
10321
11411
msgid "<emphasis>/</emphasis> - Search forward"
10324
#: serverguide/C/other-apps.xml:375(para)
11414
#: serverguide/C/other-apps.xml:324(para)
10325
11415
msgid "<emphasis>?</emphasis> - Search backward"
10328
#: serverguide/C/other-apps.xml:376(para)
11418
#: serverguide/C/other-apps.xml:325(para)
10330
11420
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
10333
#: serverguide/C/other-apps.xml:385(para)
11423
#: serverguide/C/other-apps.xml:334(para)
10335
11425
"See the <ulink "
10336
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/update-"
10337
"motd.1.html\">update-motd man page</ulink> for more options available to "
11426
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
11427
"update-motd man page</ulink> for more options available to "
10338
11428
"<application>update-motd</application>."
10341
#: serverguide/C/other-apps.xml:391(para)
11431
#: serverguide/C/other-apps.xml:340(para)
10343
11433
"The Debian Package of the Day <ulink "
10344
11434
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
10391
11489
"discussion of popular network protocols."
10394
#: serverguide/C/network-config.xml:26(title)
11492
#: serverguide/C/network-config.xml:27(title)
10395
11493
msgid "Network Configuration"
10396
11494
msgstr "Sare Konfigurazioa"
10398
#: serverguide/C/network-config.xml:27(para)
11496
#: serverguide/C/network-config.xml:28(para)
10400
11498
"Ubuntu ships with a number of graphical utilities to configure your network "
10401
11499
"devices. This document is geared toward server administrators and will focus "
10402
11500
"on managing your network on the command line."
10405
#: serverguide/C/network-config.xml:33(title)
10409
#: serverguide/C/network-config.xml:34(para)
10411
"Most Ethernet configuration is centralized in a single file, "
10412
"<filename>/etc/network/interfaces</filename>. If you have no Ethernet "
10413
"devices, only the loopback interface will appear in this file, and it will "
10414
"look something like this:"
10417
#: serverguide/C/network-config.xml:40(programlisting)
10421
"# This file describes the network interfaces available on your system\n"
10422
"# and how to activate them. For more information, see interfaces(5).\n"
10424
"# The loopback network interface\n"
10426
"iface lo inet loopback\n"
10427
"address 127.0.0.1\n"
10428
"netmask 255.0.0.0\n"
10431
#: serverguide/C/network-config.xml:50(para)
10433
"If you have only one Ethernet device, eth0, and it gets its configuration "
10434
"from a DHCP server, and it should come up automatically at boot, only two "
10435
"additional lines are required:"
10438
#: serverguide/C/network-config.xml:55(programlisting)
11503
#: serverguide/C/network-config.xml:35(title)
11504
msgid "Ethernet Interfaces"
11507
#: serverguide/C/network-config.xml:36(para)
11509
"Ethernet interfaces are identified by the system using the naming convention "
11510
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11511
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11512
"interface is typically identified as <emphasis "
11513
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11514
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11518
#: serverguide/C/network-config.xml:46(title)
11519
msgid "Identify Ethernet Interfaces"
11522
#: serverguide/C/network-config.xml:47(para)
11524
"To quickly identify all available Ethernet interfaces, you can use the "
11525
"<application>ifconfig</application> command as shown below."
11528
#: serverguide/C/network-config.xml:52(userinput)
11530
msgid "ifconfig -a | grep eth"
11533
#: serverguide/C/network-config.xml:51(screen)
11537
"<placeholder-1/>\n"
11538
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11541
#: serverguide/C/network-config.xml:55(para)
11543
"Another application that can help identify all network interfaces available "
11544
"to your system is the <application>lshw</application> command. In the "
11545
"example below, <application>lshw</application> shows a single Ethernet "
11546
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11547
"along with bus information, driver details and all supported capabilities."
11550
#: serverguide/C/network-config.xml:62(userinput)
11552
msgid "sudo lshw -class network"
11555
#: serverguide/C/network-config.xml:61(screen)
11559
"<placeholder-1/>\n"
11561
" description: Ethernet interface\n"
11562
" product: BCM4401-B0 100Base-TX\n"
11563
" vendor: Broadcom Corporation\n"
11564
" physical id: 0\n"
11565
" bus info: pci@0000:03:00.0\n"
11566
" logical name: eth0\n"
11568
" serial: 00:15:c5:4a:16:5a\n"
11570
" capacity: 100MB/s\n"
11571
" width: 32 bits\n"
11573
" capabilities: (snipped for brevity)\n"
11574
" configuration: (snipped for brevity)\n"
11575
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11578
#: serverguide/C/network-config.xml:83(title)
11579
msgid "Ethernet Interface Logical Names"
11582
#: serverguide/C/network-config.xml:84(para)
11584
"Interface logical names are configured in the file "
11585
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11586
"like control which interface receives a particular logical name, find the "
11587
"line matching the interfaces physical MAC address and modify the value of "
11588
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11589
"Reboot the system to commit your changes."
11592
#: serverguide/C/network-config.xml:92(programlisting)
11596
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11597
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11598
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11599
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11600
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11601
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11604
#: serverguide/C/network-config.xml:99(title)
11605
msgid "Ethernet Interface Settings"
11608
#: serverguide/C/network-config.xml:100(para)
11610
"<application>ethtool</application> is a program that displays and changes "
11611
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11612
"and Wake-on-LAN. It is not installed by default, but is available for "
11613
"installation in the repositories."
11616
#: serverguide/C/network-config.xml:106(userinput)
11618
msgid "sudo apt-get install ethtool"
11621
#: serverguide/C/network-config.xml:108(para)
11623
"The following is an example of how to view supported features and configured "
11624
"settings of an Ethernet interface."
11627
#: serverguide/C/network-config.xml:113(userinput)
11629
msgid "sudo ethtool eth0"
11632
#: serverguide/C/network-config.xml:112(screen)
11636
"<placeholder-1/>\n"
11637
"Settings for eth0:\n"
11638
" Supported ports: [ TP ]\n"
11639
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11640
" 100baseT/Half 100baseT/Full \n"
11641
" 1000baseT/Half 1000baseT/Full \n"
11642
" Supports auto-negotiation: Yes\n"
11643
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11644
" 100baseT/Half 100baseT/Full \n"
11645
" 1000baseT/Half 1000baseT/Full \n"
11646
" Advertised auto-negotiation: Yes\n"
11647
" Speed: 1000Mb/s\n"
11649
" Port: Twisted Pair\n"
11651
" Transceiver: internal\n"
11652
" Auto-negotiation: on\n"
11653
" Supports Wake-on: g\n"
11655
" Current message level: 0x000000ff (255)\n"
11656
" Link detected: yes\n"
11659
#: serverguide/C/network-config.xml:135(para)
11661
"Changes made with the <application>ethtool</application> command are "
11662
"temporary and will be lost after a reboot. If you would like to retain "
11663
"settings, simply add the desired <application>ethtool</application> command "
11664
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11665
"configuration file <filename>/etc/network/interfaces</filename>."
11668
#: serverguide/C/network-config.xml:141(para)
11670
"The following is an example of how the interface identified as <emphasis "
11671
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11672
"speed of 1000Mb/s running in full duplex mode."
11675
#: serverguide/C/network-config.xml:145(programlisting)
11680
"iface eth0 inet static\n"
11681
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11684
#: serverguide/C/network-config.xml:151(para)
11686
"Although the example above shows the interface configured to use the "
11687
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11688
"other methods as well, such as DHCP. The example is meant to demonstrate "
11689
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11690
"statement in relation to the rest of the interface configuration."
11693
#: serverguide/C/network-config.xml:163(title)
11694
msgid "IP Addressing"
11697
#: serverguide/C/network-config.xml:164(para)
11699
"The following section describes the process of configuring your systems IP "
11700
"address and default gateway needed for communicating on a local area network "
11701
"and the Internet."
11704
#: serverguide/C/network-config.xml:171(title)
11705
msgid "Temporary IP Address Assignment"
11708
#: serverguide/C/network-config.xml:172(para)
11710
"For temporary network configurations, you can use standard commands such as "
11711
"<application>ip</application>, <application>ifconfig</application> and "
11712
"<application>route</application>, which are also found on most other "
11713
"GNU/Linux operating systems. These commands allow you to configure settings "
11714
"which take effect immediately, however they are not persistent and will be "
11715
"lost after a reboot."
11718
#: serverguide/C/network-config.xml:180(para)
11720
"To temporarily configure an IP address, you can use the "
11721
"<application>ifconfig</application> command in the following manner. Just "
11722
"modify the IP address and subnet mask to match your network requirements."
11725
#: serverguide/C/network-config.xml:186(userinput)
11727
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11730
#: serverguide/C/network-config.xml:188(para)
11732
"To verify the IP address configuration of <application>eth0</application>, "
11733
"you can use the <application>ifconfig</application> command in the following "
11737
#: serverguide/C/network-config.xml:193(userinput)
11739
msgid "ifconfig eth0"
11742
#: serverguide/C/network-config.xml:192(screen)
11746
"<placeholder-1/>\n"
11747
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11748
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11749
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11750
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11751
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11752
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11753
" collisions:0 txqueuelen:1000 \n"
11754
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11758
#: serverguide/C/network-config.xml:204(para)
11760
"To configure a default gateway, you can use the "
11761
"<application>route</application> command in the following manner. Modify the "
11762
"default gateway address to match your network requirements."
11765
#: serverguide/C/network-config.xml:210(userinput)
11767
msgid "sudo route add default gw 10.0.0.1 eth0"
11770
#: serverguide/C/network-config.xml:212(para)
11772
"To verify your default gateway configuration, you can use the "
11773
"<application>route</application> command in the following manner."
11776
#: serverguide/C/network-config.xml:217(userinput)
11781
#: serverguide/C/network-config.xml:216(screen)
11785
"<placeholder-1/>\n"
11786
"Kernel IP routing table\n"
11787
"Destination Gateway Genmask Flags Metric Ref Use "
11789
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11791
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11795
#: serverguide/C/network-config.xml:223(para)
11797
"If you require DNS for your temporary network configuration, you can add DNS "
11798
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11799
"example below shows how to enter two DNS servers to "
11800
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11801
"appropriate for your network. A more lengthy description of DNS client "
11802
"configuration is in a following section."
11805
#: serverguide/C/network-config.xml:230(programlisting)
11809
"nameserver 8.8.8.8\n"
11810
"nameserver 8.8.4.4\n"
11813
#: serverguide/C/network-config.xml:234(para)
11815
"If you no longer need this configuration and wish to purge all IP "
11816
"configuration from an interface, you can use the "
11817
"<application>ip</application> command with the flush option as shown below."
11820
#: serverguide/C/network-config.xml:240(userinput)
11822
msgid "ip addr flush eth0"
11825
#: serverguide/C/network-config.xml:243(para)
11827
"Flushing the IP configuration using the <application>ip</application> "
11828
"command does not clear the contents of "
11829
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11830
"entries manually."
11833
#: serverguide/C/network-config.xml:251(title)
11834
msgid "Dynamic IP Address Assignment (DHCP Client)"
11837
#: serverguide/C/network-config.xml:252(para)
11839
"To configure your server to use DHCP for dynamic address assignment, add the "
11840
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11841
"statement for the appropriate interface in the file "
11842
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11843
"are configuring your first Ethernet interface identified as <emphasis "
11844
"role=\"italic\">eth0</emphasis>."
11847
#: serverguide/C/network-config.xml:259(programlisting)
10443
11852
"iface eth0 inet dhcp\n"
10446
#: serverguide/C/network-config.xml:59(para)
10448
"The first line specifies that the eth0 device should come up automatically "
10449
"when you boot. The second line means that interface (<quote>iface</quote>) "
10450
"eth0 should have an IPv4 address space (replace <quote>inet</quote> with "
10451
"<quote>inet6</quote> for an IPv6 device) and that it should get its "
10452
"configuration automatically from DHCP. Assuming your network and DHCP server "
10453
"are properly configured, this machine's network should need no further "
10454
"configuration to operate properly. The DHCP server will provide the default "
10455
"gateway (implemented via the <application>route</application> command), the "
10456
"device's IP address (implemented via the <application>ifconfig</application> "
10457
"command), and DNS servers used on the network (implemented in the "
10458
"<filename>/etc/resolv.conf</filename> file.)"
10461
#: serverguide/C/network-config.xml:72(para)
10463
"To configure your Ethernet device with a static IP address and custom "
10464
"configuration, some more information will be required. Suppose you want to "
10465
"assign the IP address 192.168.0.2 to the device eth1, with the typical "
10466
"netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. "
10467
"You would enter something like this into "
10468
"<filename>/etc/network/interfaces</filename>:"
10471
#: serverguide/C/network-config.xml:79(programlisting)
10475
"iface eth1 inet static\n"
10476
"\taddress 192.168.0.2\n"
10477
"\tnetmask 255.255.255.0\n"
10478
"\tgateway 192.168.0.1\n"
10481
#: serverguide/C/network-config.xml:85(para)
10483
"In this case, you will need to specify your DNS servers manually in "
10484
"<filename>/etc/resolv.conf</filename>, which should look something like this:"
10487
#: serverguide/C/network-config.xml:89(programlisting)
10491
"search mydomain.example\n"
10492
"nameserver 192.168.0.1\n"
10493
"nameserver 4.2.2.2\n"
10496
#: serverguide/C/network-config.xml:94(para)
10498
"The <emphasis role=\"italics\">search</emphasis> directive will append "
10499
"mydomain.example to hostname queries in an attempt to resolve names to your "
10500
"network. For example, if your network's domain is mydomain.example and you "
10501
"try to ping the host <quote>mybox</quote>, the DNS query will be modified to "
10502
"<quote>mybox.mydomain.example</quote> for resolution. The <emphasis "
10503
"role=\"italics\">nameserver</emphasis> directives specify DNS servers to be "
10504
"used to resolve hostnames to IP addresses. If you use your own nameserver, "
10505
"enter it here. Otherwise, ask your Internet Service Provider for the primary "
10506
"and secondary DNS servers to use, and enter them into "
10507
"<filename>/etc/resolv.conf</filename> as shown above."
10510
#: serverguide/C/network-config.xml:106(para)
10512
"Many more configurations are possible, including dialup PPP interfaces, IPv6 "
10513
"networking, VPN devices, etc. Refer to <application>man 5 "
10514
"interfaces</application> for more information and supported options. "
10515
"Remember that <filename>/etc/network/interfaces</filename> is used by the "
10516
"<application>ifup</application>/<application>ifdown</application> scripts as "
10517
"a higher level configuration scheme than may be used in some other Linux "
10518
"distributions, and that the traditional, lower level utilities such as "
10519
"<application>ifconfig</application>, <application>route</application>, and "
10520
"<application>dhclient</application> are still available to you for ad hoc "
10524
#: serverguide/C/network-config.xml:120(title)
10525
msgid "Managing DNS Entries"
10526
msgstr "DNS Sarrerak Kudeatzen"
10528
#: serverguide/C/network-config.xml:121(para)
10530
"This section explains how to configure which nameserver to use when "
10531
"resolving IP addresses to hostnames and vice versa. It does not explain how "
10532
"to configure the system as a name server."
10535
#: serverguide/C/network-config.xml:126(para)
10537
"To manage DNS entries, you can add, edit, or remove DNS names from the "
10538
"<filename>/etc/resolv.conf</filename> file. A sample file is given below:"
10541
#: serverguide/C/network-config.xml:130(programlisting)
10546
"nameserver 204.11.126.131\n"
10547
"nameserver 64.125.134.133\n"
10548
"nameserver 64.125.134.132\n"
10549
"nameserver 208.185.179.218\n"
10552
#: serverguide/C/network-config.xml:138(para)
10554
"The <application>search</application> key specifies the string which will be "
10555
"appended to an incomplete hostname. Here, we have configured it to "
10556
"<application>com</application>. So, when we run: <command>ping "
10557
"ubuntu</command> it would be interpreted as <command>ping "
10558
"ubuntu.com</command>."
10561
#: serverguide/C/network-config.xml:146(para)
10563
"The <application>nameserver</application> key specifies the nameserver IP "
10564
"address. It will be used to resolve a given IP address or hostname. This "
10565
"file can have multiple nameserver entries. The nameservers will be used by "
10566
"the network query in the same order."
10569
#: serverguide/C/network-config.xml:155(para)
10571
"If the DNS server names are retrieved dynamically from DHCP or PPPoE "
10572
"(retrieved from your ISP), do not add nameserver entries in this file. It "
10573
"will be overwritten."
10576
#: serverguide/C/network-config.xml:164(title)
10577
msgid "Managing Hosts"
10578
msgstr "Makina Kudeatzaileak"
10580
#: serverguide/C/network-config.xml:165(para)
10582
"To manage hosts, you can add, edit, or remove hosts from "
10583
"<filename>/etc/hosts</filename> file. The file contains IP addresses and "
10584
"their corresponding hostnames. When your system tries to resolve a hostname "
10585
"to an IP address or determine the hostname for an IP address, it refers to "
10586
"the <filename>/etc/hosts</filename> file before using the name servers. If "
10587
"the IP address is listed in the <filename>/etc/hosts</filename> file, the "
10588
"name servers are not used. This behavior can be modified by editing "
10589
"<filename>/etc/nsswitch.conf</filename> at your peril."
10592
#: serverguide/C/network-config.xml:178(para)
10594
"If your network contains computers whose IP addresses are not listed in DNS, "
10595
"it is recommended that you add them to the <filename>/etc/hosts</filename> "
10599
#: serverguide/C/network-config.xml:186(title)
11855
#: serverguide/C/network-config.xml:263(para)
11857
"By adding an interface configuration as shown above, you can manually enable "
11858
"the interface through the <application>ifup</application> command which "
11859
"initiates the DHCP process via <application>dhclient</application>."
11862
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11864
msgid "sudo ifup eth0"
11867
#: serverguide/C/network-config.xml:271(para)
11869
"To manually disable the interface, you can use the "
11870
"<application>ifdown</application> command, which in turn will initiate the "
11871
"DHCP release process and shut down the interface."
11874
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11876
msgid "sudo ifdown eth0"
11879
#: serverguide/C/network-config.xml:282(title)
11880
msgid "Static IP Address Assignment"
11883
#: serverguide/C/network-config.xml:283(para)
11885
"To configure your system to use a static IP address assignment, add the "
11886
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11887
"family statement for the appropriate interface in the file "
11888
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11889
"are configuring your first Ethernet interface identified as <emphasis "
11890
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11891
"role=\"italic\">address</emphasis>, <emphasis "
11892
"role=\"italic\">netmask</emphasis>, and <emphasis "
11893
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11897
#: serverguide/C/network-config.xml:292(programlisting)
11902
"iface eth0 inet static\n"
11903
"address 10.0.0.100\n"
11904
"netmask 255.255.255.0\n"
11905
"gateway 10.0.0.1\n"
11908
#: serverguide/C/network-config.xml:299(para)
11910
"By adding an interface configuration as shown above, you can manually enable "
11911
"the interface through the <application>ifup</application> command."
11914
#: serverguide/C/network-config.xml:306(para)
11916
"To manually disable the interface, you can use the "
11917
"<application>ifdown</application> command."
11920
#: serverguide/C/network-config.xml:316(title)
11921
msgid "Loopback Interface"
11924
#: serverguide/C/network-config.xml:317(para)
11926
"The loopback interface is identified by the system as <emphasis "
11927
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11928
"can be viewed using the ifconfig command."
11931
#: serverguide/C/network-config.xml:322(userinput)
11933
msgid "ifconfig lo"
11936
#: serverguide/C/network-config.xml:321(screen)
11940
"<placeholder-1/>\n"
11941
"lo Link encap:Local Loopback \n"
11942
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
11943
" inet6 addr: ::1/128 Scope:Host\n"
11944
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
11945
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
11946
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
11947
" collisions:0 txqueuelen:0 \n"
11948
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11951
#: serverguide/C/network-config.xml:332(para)
11953
"By default, there should be two lines in "
11954
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11955
"configuring your loopback interface. It is recommended that you keep the "
11956
"default settings unless you have a specific purpose for changing them. An "
11957
"example of the two default lines are shown below."
11960
#: serverguide/C/network-config.xml:338(programlisting)
11965
"iface lo inet loopback\n"
11968
#: serverguide/C/network-config.xml:347(title)
11969
msgid "Name Resolution"
11972
#: serverguide/C/network-config.xml:348(para)
11974
"Name resolution as it relates to IP networking is the process of mapping IP "
11975
"addresses to hostnames, making it easier to identify resources on a network. "
11976
"The following section will explain how to properly configure your system for "
11977
"name resolution using DNS and static hostname records."
11980
#: serverguide/C/network-config.xml:356(title)
11981
msgid "DNS Client Configuration"
11984
#: serverguide/C/network-config.xml:357(para)
11986
"To configure your system to use DNS for name resolution, add the IP "
11987
"addresses of the DNS servers that are appropriate for your network in the "
11988
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11989
"suffix search-lists to match your network domain names."
11992
#: serverguide/C/network-config.xml:362(para)
11994
"Below is an example of a typical configuration of "
11995
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
11996
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
11999
#: serverguide/C/network-config.xml:367(programlisting)
12003
"search example.com\n"
12004
"nameserver 8.8.8.8\n"
12005
"nameserver 8.8.4.4\n"
12008
#: serverguide/C/network-config.xml:372(para)
12010
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12011
"multiple domain names so that DNS queries will be appended in the order in "
12012
"which they are entered. For example, your network may have multiple sub-"
12013
"domains to search; a parent domain of <emphasis "
12014
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12015
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12016
"role=\"italic\">dev.example.com</emphasis>."
12019
#: serverguide/C/network-config.xml:380(para)
12021
"If you have multiple domains you wish to search, your configuration might "
12022
"look like the following."
12025
#: serverguide/C/network-config.xml:383(programlisting)
12029
"search example.com sales.example.com dev.example.com\n"
12030
"nameserver 8.8.8.8\n"
12031
"nameserver 8.8.4.4\n"
12034
#: serverguide/C/network-config.xml:388(para)
12036
"If you try to ping a host with the name of <emphasis "
12037
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12038
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12041
#: serverguide/C/network-config.xml:394(para)
12042
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12045
#: serverguide/C/network-config.xml:399(para)
12046
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12049
#: serverguide/C/network-config.xml:404(para)
12050
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12053
#: serverguide/C/network-config.xml:409(para)
12055
"If no matches are found, the DNS server will provide a result of <emphasis "
12056
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12059
#: serverguide/C/network-config.xml:416(title)
12060
msgid "Static Hostnames"
12063
#: serverguide/C/network-config.xml:417(para)
12065
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12066
"file <filename>/etc/hosts</filename>. Entries in the "
12067
"<filename>hosts</filename> file will have precedence over DNS by default. "
12068
"This means that if your system tries to resolve a hostname and it matches an "
12069
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12070
"some configurations, especially when Internet access is not required, "
12071
"servers that communicate with a limited number of resources can be "
12072
"conveniently set to use static hostnames instead of DNS."
12075
#: serverguide/C/network-config.xml:424(para)
12077
"The following is an example of a <filename>hosts</filename> file where a "
12078
"number of local servers have been identified by simple hostnames, aliases "
12079
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12082
#: serverguide/C/network-config.xml:428(programlisting)
12086
"127.0.0.1\tlocalhost\n"
12087
"127.0.1.1\tubuntu-server\n"
12088
"10.0.0.11\tserver1 vpn server1.example.com\n"
12089
"10.0.0.12\tserver2 mail server2.example.com\n"
12090
"10.0.0.13\tserver3 www server3.example.com\n"
12091
"10.0.0.14\tserver4 file server4.example.com\n"
12094
#: serverguide/C/network-config.xml:437(para)
12096
"In the above example, notice that each of the servers have been given "
12097
"aliases in addition to their proper names and FQDN's. <emphasis "
12098
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12099
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12100
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12101
"role=\"italic\">server3</emphasis> as <emphasis "
12102
"role=\"italic\">www</emphasis>, and <emphasis "
12103
"role=\"italic\">server4</emphasis> as <emphasis "
12104
"role=\"italic\">file</emphasis>."
12107
#: serverguide/C/network-config.xml:449(title)
12108
msgid "Name Service Switch Configuration"
12111
#: serverguide/C/network-config.xml:450(para)
12113
"The order in which your system selects a method of resolving hostnames to IP "
12114
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12115
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12116
"section, typically static hostnames defined in the systems "
12117
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12118
"from DNS. The following is an example of the line responsible for this order "
12119
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12122
#: serverguide/C/network-config.xml:458(programlisting)
12126
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12129
#: serverguide/C/network-config.xml:464(para)
12131
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12132
"hostnames located in <filename>/etc/hosts</filename>."
12135
#: serverguide/C/network-config.xml:470(para)
12137
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12138
"name using Multicast DNS."
12141
#: serverguide/C/network-config.xml:475(para)
12143
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12144
"of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
12145
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12146
"authoritative and that the system should not try to continue hunting for an "
12150
#: serverguide/C/network-config.xml:483(para)
12152
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12155
#: serverguide/C/network-config.xml:488(para)
12157
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12160
#: serverguide/C/network-config.xml:494(para)
12162
"To modify the order of the above mentioned name resolution methods, you can "
12163
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12164
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12165
"versus Multicast DNS, you can change the string in "
12166
"<filename>/etc/nsswitch.conf</filename> as shown below."
12169
#: serverguide/C/network-config.xml:501(programlisting)
12173
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12176
#: serverguide/C/network-config.xml:508(title)
10600
12177
msgid "Bridging"
10603
#: serverguide/C/network-config.xml:188(para)
12180
#: serverguide/C/network-config.xml:510(para)
10605
12182
"Bridging multiple interfaces is a more advanced configuration, but is very "
10606
12183
"useful in multiple scenarios. One scenario is setting up a bridge with "
11401
13001
#: serverguide/C/network-auth.xml:63(para)
11403
"The installation process will prompt you for the LDAP directory admin "
11404
"password and confirmation."
13003
"By default <application>slapd</application> is configured with minimal "
13004
"options needed to run the <application>slapd</application> daemon."
11407
13007
#: serverguide/C/network-auth.xml:68(para)
11409
"By default the directory suffix will match the domain name of the server. "
11410
"For example, if the machine's Fully Qualified Domain Name (FQDN) is "
11411
"ldap.example.com, the default suffix will be "
11412
"<emphasis>dc=example,dc=com</emphasis>. If you require a different suffix, "
11413
"the directory can be reconfigured using <application>dpkg-"
11414
"reconfigure</application>. Enter the following in a terminal prompt:"
11417
#: serverguide/C/network-auth.xml:78(command)
11418
msgid "sudo dpkg-reconfigure slapd"
11421
#: serverguide/C/network-auth.xml:81(para)
11423
"You will then be taken through a menu based configuration dialog, allowing "
11424
"you to configure various <application>slapd</application> options."
11427
#: serverguide/C/network-auth.xml:90(para)
11429
"<application>OpenLDAP</application> uses a separate database which contains "
13009
"The configuration example in the following sections will match the domain "
13010
"name of the server. For example, if the machine's Fully Qualified Domain "
13011
"Name (FQDN) is ldap.example.com, the default suffix will be "
13012
"<emphasis>dc=example,dc=com</emphasis>."
13015
#: serverguide/C/network-auth.xml:76(title)
13016
msgid "Populating LDAP"
13019
#: serverguide/C/network-auth.xml:78(para)
13021
"<application>OpenLDAP</application> uses a separate directory which contains "
11430
13022
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
11431
13023
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
11432
13024
"<application>slapd</application> daemon, allowing the modification of schema "
11433
13025
"definitions, indexes, ACLs, etc without stopping the service."
11436
#: serverguide/C/network-auth.xml:98(para)
11438
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
11439
"utilities in the <application>ldap-utils</application> package. For example:"
11442
#: serverguide/C/network-auth.xml:106(para)
11444
"Use <application>ldapsearch</application> to view the tree, entering the "
11445
"admin password set during installation or reconfiguration:"
11448
#: serverguide/C/network-auth.xml:112(command)
11450
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
11453
#: serverguide/C/network-auth.xml:116(computeroutput)
11456
"Enter LDAP Password: \n"
11457
"dn: olcDatabase={1}hdb,cn=config\n"
11458
"objectClass: olcDatabaseConfig\n"
11459
"objectClass: olcHdbConfig\n"
11460
"olcDatabase: {1}hdb\n"
11461
"olcDbDirectory: /var/lib/ldap\n"
11462
"olcSuffix: dc=example,dc=com\n"
11463
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
11464
"dn=\"cn=admin,dc=exampl\n"
11465
" e,dc=com\" write by anonymous auth by self write by * none\n"
11466
"olcAccess: {1}to dn.base=\"\" by * read\n"
11467
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
11468
"olcLastMod: TRUE\n"
11469
"olcDbCheckpoint: 512 30\n"
11470
"olcDbConfig: {0}set_cachesize 0 2097152 0\n"
11471
"olcDbConfig: {1}set_lk_max_objects 1500\n"
11472
"olcDbConfig: {2}set_lk_max_locks 1500\n"
11473
"olcDbConfig: {3}set_lk_max_lockers 1500\n"
11474
"olcDbIndex: objectClass eq\n"
11477
#: serverguide/C/network-auth.xml:137(para)
11479
"The output above is the current configuration options for the "
11480
"<emphasis>hdb</emphasis> backend database. Which in this case containes the "
11481
"<emphasis>dc=example,dc=com</emphasis> suffix."
11484
#: serverguide/C/network-auth.xml:146(para)
11486
"Refine the search by supplying a <emphasis "
11487
"role=\"italic\">filter</emphasis>, in this case only show which attributes "
11491
#: serverguide/C/network-auth.xml:152(command)
11493
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
11497
#: serverguide/C/network-auth.xml:156(computeroutput)
11500
"Enter LDAP Password: \n"
11501
"dn: olcDatabase={1}hdb,cn=config\n"
11502
"olcDbIndex: objectClass eq\n"
11505
#: serverguide/C/network-auth.xml:165(para)
11507
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
11508
"another attribute to the index list using "
11509
"<application>ldapmodify</application>:"
11512
#: serverguide/C/network-auth.xml:171(command) serverguide/C/network-auth.xml:722(command) serverguide/C/network-auth.xml:838(command) serverguide/C/network-auth.xml:861(command) serverguide/C/network-auth.xml:2417(command) serverguide/C/network-auth.xml:2434(command)
11513
msgid "ldapmodify -x -D cn=admin,cn=config -W"
11516
#: serverguide/C/network-auth.xml:175(userinput)
11520
"dn: olcDatabase={1}hdb,cn=config\n"
11521
"add: olcDbIndex\n"
11522
"olcDbIndex: entryUUID eq"
11525
#: serverguide/C/network-auth.xml:175(computeroutput)
11528
"Enter LDAP Password:<placeholder-1/>\n"
11530
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11533
#: serverguide/C/network-auth.xml:184(para)
11535
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
11536
"exit the utility."
11539
#: serverguide/C/network-auth.xml:191(para)
11541
"<application>ldapmodify</application> can also read the changes from a file. "
11542
"Copy and paste the following into a file named "
11543
"<filename>uid_index.ldif</filename>:"
11546
#: serverguide/C/network-auth.xml:196(programlisting)
11550
"dn: olcDatabase={1}hdb,cn=config\n"
11551
"add: olcDbIndex\n"
11552
"olcDbIndex: uid eq,pres,sub\n"
11555
#: serverguide/C/network-auth.xml:202(para)
11556
msgid "Then execute <application>ldapmodify</application>:"
11559
#: serverguide/C/network-auth.xml:207(command)
11560
msgid "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
11563
#: serverguide/C/network-auth.xml:211(computeroutput)
11566
"Enter LDAP Password: \n"
11567
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11570
#: serverguide/C/network-auth.xml:216(para)
11571
msgid "The file method is very useful for large changes."
11574
#: serverguide/C/network-auth.xml:223(para)
11576
"Adding additional <emphasis>schemas</emphasis> to "
11577
"<application>slapd</application> requires the schema to be converted to LDIF "
11578
"format. Fortunately, the <application>slapd</application> program can be "
11579
"used to automate the conversion. The following example will add the "
11580
"<emphasis>misc.schema</emphasis>:"
11583
#: serverguide/C/network-auth.xml:231(para)
11585
"First, create a conversion <filename>schema_convert.conf</filename> file "
11586
"containing the following lines:"
11589
#: serverguide/C/network-auth.xml:236(programlisting)
11593
"include /etc/ldap/schema/core.schema\n"
11594
"include /etc/ldap/schema/collective.schema\n"
11595
"include /etc/ldap/schema/corba.schema\n"
11596
"include /etc/ldap/schema/cosine.schema\n"
11597
"include /etc/ldap/schema/duaconf.schema\n"
11598
"include /etc/ldap/schema/dyngroup.schema\n"
11599
"include /etc/ldap/schema/inetorgperson.schema\n"
11600
"include /etc/ldap/schema/java.schema\n"
11601
"include /etc/ldap/schema/misc.schema\n"
11602
"include /etc/ldap/schema/nis.schema\n"
11603
"include /etc/ldap/schema/openldap.schema\n"
11604
"include /etc/ldap/schema/ppolicy.schema\n"
11607
#: serverguide/C/network-auth.xml:254(para) serverguide/C/network-auth.xml:1318(para)
11608
msgid "Next, create a temporary directory to hold the output:"
11611
#: serverguide/C/network-auth.xml:259(command) serverguide/C/network-auth.xml:1323(command) serverguide/C/network-auth.xml:2347(command)
11612
msgid "mkdir /tmp/ldif_output"
11615
#: serverguide/C/network-auth.xml:265(para)
11617
"Now using <application>slapcat</application> convert the schema files to "
11621
#: serverguide/C/network-auth.xml:270(command)
11623
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
11624
"\"cn={8}misc,cn=schema,cn=config\" > /tmp/cn=misc.ldif"
11627
#: serverguide/C/network-auth.xml:273(para)
11629
"Adjust the configuration file name and temporary directory names if yours "
11630
"are different. Also, it may be worthwhile to keep the "
11631
"<filename>ldif_output</filename> directory around in case you want to add "
11632
"additional schemas in the future."
11635
#: serverguide/C/network-auth.xml:282(para)
11637
"Edit the <filename>/tmp/cn\\=misc.ldif</filename> file, changing the "
11638
"following attributes:"
11641
#: serverguide/C/network-auth.xml:286(programlisting)
11645
"dn: cn=misc,cn=schema,cn=config\n"
11650
#: serverguide/C/network-auth.xml:292(para) serverguide/C/network-auth.xml:1354(para)
11651
msgid "And remove the following lines from the bottom of the file:"
11654
#: serverguide/C/network-auth.xml:296(programlisting)
11658
"structuralObjectClass: olcSchemaConfig\n"
11659
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
11660
"creatorsName: cn=config\n"
11661
"createTimestamp: 20080826021140Z\n"
11662
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
11663
"modifiersName: cn=config\n"
11664
"modifyTimestamp: 20080826021140Z\n"
11667
#: serverguide/C/network-auth.xml:307(para) serverguide/C/network-auth.xml:1369(para) serverguide/C/network-auth.xml:2393(para)
11669
"The attribute values will vary, just be sure the attributes are removed."
11672
#: serverguide/C/network-auth.xml:315(para) serverguide/C/network-auth.xml:1377(para)
11674
"Finally, using the <application>ldapadd</application> utility, add the new "
11675
"schema to the directory:"
11678
#: serverguide/C/network-auth.xml:321(command)
11679
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=misc.ldif"
11682
#: serverguide/C/network-auth.xml:327(para)
11684
"There should now be a <emphasis>dn: "
11685
"cn={4}misc,cn=schema,cn=config</emphasis> entry in the cn=config tree."
11688
#: serverguide/C/network-auth.xml:336(title)
11689
msgid "Populating LDAP"
11692
#: serverguide/C/network-auth.xml:338(para)
11694
"The directory has been created during installation and reconfiguration, and "
11695
"now it is time to populate it. It will be populated with a \"classical\" "
11696
"scheme that will be compatible with address book applications and with Unix "
11697
"Posix accounts. Posix accounts will allow authentication to various "
11698
"applications, such as web applications, email Mail Transfer Agent (MTA) "
11699
"applications, etc."
11702
#: serverguide/C/network-auth.xml:347(para)
13028
#: serverguide/C/network-auth.xml:86(para)
13030
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13031
"configuration and will need additional configuration options in order to "
13032
"populate the frontend directory. The frontend will be populated with a "
13033
"\"classical\" scheme that will be compatible with address book applications "
13034
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13035
"various applications, such as web applications, email Mail Transfer Agent "
13036
"(MTA) applications, etc."
13039
#: serverguide/C/network-auth.xml:95(para)
11704
13041
"For external applications to authenticate using LDAP they will each need to "
11705
13042
"be specifically configured to do so. Refer to the individual application "
11706
13043
"documentation for details."
11709
#: serverguide/C/network-auth.xml:354(para)
11711
"LDAP directories can be populated with LDIF (LDAP Directory Interchange "
11712
"Format) files. Copy the following example LDIF file, naming it "
11713
"<filename>example.com.ldif</filename>, somewhere on your system:"
11716
#: serverguide/C/network-auth.xml:360(programlisting)
13046
#: serverguide/C/network-auth.xml:103(para)
13048
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13049
"examples to match your LDAP configuration."
13052
#: serverguide/C/network-auth.xml:108(para)
13054
"First, some additional schema files need to be loaded. In a terminal enter:"
13057
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13058
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13061
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13062
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13065
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13067
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13070
#: serverguide/C/network-auth.xml:118(para)
13072
"Next, copy the following example LDIF file, naming it "
13073
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13076
#: serverguide/C/network-auth.xml:123(programlisting)
13080
"# Load dynamic backend modules\n"
13081
"dn: cn=module,cn=config\n"
13082
"objectClass: olcModuleList\n"
13084
"olcModulepath: /usr/lib/ldap\n"
13085
"olcModuleload: back_hdb\n"
13087
"# Database settings\n"
13088
"dn: olcDatabase=hdb,cn=config\n"
13089
"objectClass: olcDatabaseConfig\n"
13090
"objectClass: olcHdbConfig\n"
13091
"olcDatabase: {1}hdb\n"
13092
"olcSuffix: dc=example,dc=com\n"
13093
"olcDbDirectory: /var/lib/ldap\n"
13094
"olcRootDN: cn=admin,dc=example,dc=com\n"
13095
"olcRootPW: secret\n"
13096
"olcDbConfig: set_cachesize 0 2097152 0\n"
13097
"olcDbConfig: set_lk_max_objects 1500\n"
13098
"olcDbConfig: set_lk_max_locks 1500\n"
13099
"olcDbConfig: set_lk_max_lockers 1500\n"
13100
"olcDbIndex: objectClass eq\n"
13101
"olcLastMod: TRUE\n"
13102
"olcDbCheckpoint: 512 30\n"
13103
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13104
"by anonymous auth by self write by * none\n"
13105
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13106
"olcAccess: to dn.base=\"\" by * read\n"
13107
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13111
#: serverguide/C/network-auth.xml:155(para)
13113
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13116
#: serverguide/C/network-auth.xml:160(para)
13117
msgid "Now add the LDIF to the directory:"
13120
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13121
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13124
#: serverguide/C/network-auth.xml:168(para)
13126
"The frontend directory is now ready to be populated. Create a "
13127
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13130
#: serverguide/C/network-auth.xml:173(programlisting)
13134
"# Create top-level object in domain\n"
13135
"dn: dc=example,dc=com\n"
13136
"objectClass: top\n"
13137
"objectClass: dcObject\n"
13138
"objectclass: organization\n"
13139
"o: Example Organization\n"
13141
"description: LDAP Example \n"
13144
"dn: cn=admin,dc=example,dc=com\n"
13145
"objectClass: simpleSecurityObject\n"
13146
"objectClass: organizationalRole\n"
13148
"description: LDAP administrator\n"
13149
"userPassword: secret\n"
11720
13151
"dn: ou=people,dc=example,dc=com\n"
11721
13152
"objectClass: organizationalUnit\n"
11801
13231
"givenName: John\n"
11804
#: serverguide/C/network-auth.xml:438(para)
13234
#: serverguide/C/network-auth.xml:267(para)
11805
13235
msgid "Just a quick explanation:"
11808
#: serverguide/C/network-auth.xml:444(para)
13238
#: serverguide/C/network-auth.xml:273(para)
11810
13240
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
11811
13241
"the default."
13244
#: serverguide/C/network-auth.xml:279(para)
13245
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13248
#: serverguide/C/network-auth.xml:287(title)
13249
msgid "Further Configuration"
13252
#: serverguide/C/network-auth.xml:290(para)
13254
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13255
"utilities in the <application>ldap-utils</application> package. For example:"
13258
#: serverguide/C/network-auth.xml:298(para)
13260
"Use <application>ldapsearch</application> to view the tree, entering the "
13261
"admin password set during installation or reconfiguration:"
13264
#: serverguide/C/network-auth.xml:304(command)
13265
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13268
#: serverguide/C/network-auth.xml:308(computeroutput)
13272
"SASL/EXTERNAL authentication started\n"
13273
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13277
"dn: cn=module{0},cn=config\n"
13279
"dn: cn=schema,cn=config\n"
13281
"dn: cn={0}core,cn=schema,cn=config\n"
13283
"dn: cn={1}cosine,cn=schema,cn=config\n"
13285
"dn: cn={2}nis,cn=schema,cn=config\n"
13287
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13289
"dn: olcDatabase={-1}frontend,cn=config\n"
13291
"dn: olcDatabase={0}config,cn=config\n"
13293
"dn: olcDatabase={1}hdb,cn=config\n"
13296
#: serverguide/C/network-auth.xml:334(para)
13298
"The output above is the current configuration options for the "
13299
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13302
#: serverguide/C/network-auth.xml:342(para)
13304
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13305
"another attribute to the index list using "
13306
"<application>ldapmodify</application>:"
13309
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:984(command) serverguide/C/network-auth.xml:1155(command) serverguide/C/network-auth.xml:1191(command)
13310
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13313
#: serverguide/C/network-auth.xml:356(userinput)
13316
"dn: olcDatabase={1}hdb,cn=config\n"
13317
"add: olcDbIndex\n"
13318
"olcDbIndex: uidNumber eq"
13321
#: serverguide/C/network-auth.xml:352(computeroutput)
13325
"SASL/EXTERNAL authentication started\n"
13326
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13328
"<placeholder-1/>\n"
13330
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13333
#: serverguide/C/network-auth.xml:364(para)
13335
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13336
"exit the utility."
13339
#: serverguide/C/network-auth.xml:371(para)
13341
"<application>ldapmodify</application> can also read the changes from a file. "
13342
"Copy and paste the following into a file named "
13343
"<filename>uid_index.ldif</filename>:"
13346
#: serverguide/C/network-auth.xml:376(programlisting)
13350
"dn: olcDatabase={1}hdb,cn=config\n"
13351
"add: olcDbIndex\n"
13352
"olcDbIndex: uid eq,pres,sub\n"
13355
#: serverguide/C/network-auth.xml:382(para)
13356
msgid "Then execute <application>ldapmodify</application>:"
13359
#: serverguide/C/network-auth.xml:387(command)
13360
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13363
#: serverguide/C/network-auth.xml:391(computeroutput)
13367
"SASL/EXTERNAL authentication started\n"
13368
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13370
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13373
#: serverguide/C/network-auth.xml:399(para)
13374
msgid "The file method is very useful for large changes."
13377
#: serverguide/C/network-auth.xml:406(para)
13379
"Adding additional <emphasis>schemas</emphasis> to "
13380
"<application>slapd</application> requires the schema to be converted to LDIF "
13381
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13382
"directory contains some schema files already converted to LDIF format as "
13383
"demonstrated in the previous section. Fortunately, the "
13384
"<application>slapd</application> program can be used to automate the "
13385
"conversion. The following example will add the "
13386
"<emphasis>dyngoup.schema</emphasis>:"
13389
#: serverguide/C/network-auth.xml:416(para)
13391
"First, create a conversion <filename>schema_convert.conf</filename> file "
13392
"containing the following lines:"
13395
#: serverguide/C/network-auth.xml:421(programlisting)
13399
"include /etc/ldap/schema/core.schema\n"
13400
"include /etc/ldap/schema/collective.schema\n"
13401
"include /etc/ldap/schema/corba.schema\n"
13402
"include /etc/ldap/schema/cosine.schema\n"
13403
"include /etc/ldap/schema/duaconf.schema\n"
13404
"include /etc/ldap/schema/dyngroup.schema\n"
13405
"include /etc/ldap/schema/inetorgperson.schema\n"
13406
"include /etc/ldap/schema/java.schema\n"
13407
"include /etc/ldap/schema/misc.schema\n"
13408
"include /etc/ldap/schema/nis.schema\n"
13409
"include /etc/ldap/schema/openldap.schema\n"
13410
"include /etc/ldap/schema/ppolicy.schema\n"
13413
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1655(para)
13414
msgid "Next, create a temporary directory to hold the output:"
13417
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1660(command) serverguide/C/network-auth.xml:2695(command)
13418
msgid "mkdir /tmp/ldif_output"
11814
13421
#: serverguide/C/network-auth.xml:450(para)
11815
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
11818
#: serverguide/C/network-auth.xml:459(title)
11819
msgid "LDAP replication"
11822
#: serverguide/C/network-auth.xml:461(para)
13423
"Now using <application>slapcat</application> convert the schema files to "
13427
#: serverguide/C/network-auth.xml:455(command)
13429
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13430
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13433
#: serverguide/C/network-auth.xml:458(para)
13435
"Adjust the configuration file name and temporary directory names if yours "
13436
"are different. Also, it may be worthwhile to keep the "
13437
"<filename>ldif_output</filename> directory around in case you want to add "
13438
"additional schemas in the future."
13441
#: serverguide/C/network-auth.xml:467(para)
13443
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13444
"following attributes:"
13447
#: serverguide/C/network-auth.xml:471(programlisting)
13451
"dn: cn=dyngroup,cn=schema,cn=config\n"
13456
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1691(para)
13457
msgid "And remove the following lines from the bottom of the file:"
13460
#: serverguide/C/network-auth.xml:481(programlisting)
13464
"structuralObjectClass: olcSchemaConfig\n"
13465
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13466
"creatorsName: cn=config\n"
13467
"createTimestamp: 20080826021140Z\n"
13468
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13469
"modifiersName: cn=config\n"
13470
"modifyTimestamp: 20080826021140Z\n"
13473
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1706(para) serverguide/C/network-auth.xml:2741(para)
13475
"The attribute values will vary, just be sure the attributes are removed."
13478
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1714(para)
13480
"Finally, using the <application>ldapadd</application> utility, add the new "
13481
"schema to the directory:"
13484
#: serverguide/C/network-auth.xml:506(command)
13485
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13488
#: serverguide/C/network-auth.xml:512(para)
13490
"There should now be a <emphasis>dn: "
13491
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13494
#: serverguide/C/network-auth.xml:522(title)
13495
msgid "LDAP Replication"
13498
#: serverguide/C/network-auth.xml:524(para)
11824
13500
"LDAP often quickly becomes a highly critical service to the network. "
11825
13501
"Multiple systems will come to depend on LDAP for authentication, "
11827
13503
"system through replication."
11830
#: serverguide/C/network-auth.xml:467(para)
13506
#: serverguide/C/network-auth.xml:530(para)
11832
13508
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
11833
"Syncrepl allows the directory to be synced using either a "
11834
"<emphasis>push</emphasis> or <emphasis>pull</emphasis> based system. In a "
11835
"push based configuration a <quote>primary</quote> server will push directory "
11836
"updates to <quote>secondary</quote> servers, while a pull based approach "
11837
"allows replication servers to sync on a time based interval."
11840
#: serverguide/C/network-auth.xml:475(para)
11842
"The following is an example of a <emphasis>Multi-Master</emphasis> "
11843
"configuration. In this configuration each OpenLDAP server is configured for "
11844
"both <emphasis>push</emphasis> and <emphasis>pull</emphasis> replication."
11847
#: serverguide/C/network-auth.xml:483(para)
11849
"First, configure the server to sync the <emphasis>cn=config</emphasis> "
11850
"database. Copy the following to a file named <filename>syncrepl_cn-"
11851
"config.ldif</filename>:"
11854
#: serverguide/C/network-auth.xml:488(programlisting)
13509
"Syncrepl allows the changes to be synced using a "
13510
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13511
"provider sends directory changes to consumers."
13514
#: serverguide/C/network-auth.xml:537(title)
13515
msgid "Provider Configuration"
13518
#: serverguide/C/network-auth.xml:539(para)
13520
"The following is an example of a <emphasis>Single-Master</emphasis> "
13521
"configuration. In this configuration one OpenLDAP server is configured as a "
13522
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13525
#: serverguide/C/network-auth.xml:547(para)
13527
"First, configure the provider server. Copy the following to a file named "
13528
"<filename>provider_sync.ldif</filename>:"
13531
#: serverguide/C/network-auth.xml:552(programlisting)
13535
"# Add indexes to the frontend db.\n"
13536
"dn: olcDatabase={1}hdb,cn=config\n"
13537
"changetype: modify\n"
13538
"add: olcDbIndex\n"
13539
"olcDbIndex: entryCSN eq\n"
13541
"add: olcDbIndex\n"
13542
"olcDbIndex: entryUUID eq\n"
13544
"#Load the syncprov and accesslog modules.\n"
11858
13545
"dn: cn=module{0},cn=config\n"
11859
13546
"changetype: modify\n"
11860
13547
"add: olcModuleLoad\n"
11861
13548
"olcModuleLoad: syncprov\n"
11864
"changetype: modify\n"
11865
"replace: olcServerID\n"
11866
"olcServerID: 1 ldap://ldap01.example.com\n"
11867
"olcServerID: 2 ldap://ldap02.example.com\n"
11869
"dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config\n"
13550
"add: olcModuleLoad\n"
13551
"olcModuleLoad: accesslog\n"
13553
"# Accesslog database definitions\n"
13554
"dn: olcDatabase={2}hdb,cn=config\n"
13555
"objectClass: olcDatabaseConfig\n"
13556
"objectClass: olcHdbConfig\n"
13557
"olcDatabase: {2}hdb\n"
13558
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13559
"olcSuffix: cn=accesslog\n"
13560
"olcRootDN: cn=admin,dc=example,dc=com\n"
13561
"olcDbIndex: default eq\n"
13562
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13564
"# Accesslog db syncprov.\n"
13565
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
11870
13566
"changetype: add\n"
11871
13567
"objectClass: olcOverlayConfig\n"
11872
13568
"objectClass: olcSyncProvConfig\n"
11873
13569
"olcOverlay: syncprov\n"
11875
"dn: olcDatabase={0}config,cn=config\n"
11876
"changetype: modify\n"
11877
"add: olcSyncRepl\n"
11878
"olcSyncRepl: rid=001 provider=ldap://ldap01.example.com "
11879
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11880
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11881
" retry=\"5 5 300 5\" timeout=1\n"
11882
"olcSyncRepl: rid=002 provider=ldap://ldap02.example.com "
11883
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11884
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11885
" retry=\"5 5 300 5\" timeout=1\n"
11887
"add: olcMirrorMode\n"
11888
"olcMirrorMode: TRUE\n"
11891
#: serverguide/C/network-auth.xml:523(para)
11892
msgid "Edit the file changing:"
11895
#: serverguide/C/network-auth.xml:529(para)
11897
"<emphasis>ldap://ldap01.example.com</emphasis> and "
11898
"<emphasis>ldap://ldap02.example.com</emphasis> to the hostnames of your LDAP "
11902
#: serverguide/C/network-auth.xml:534(para)
11904
"You can have more than two LDAP servers, and when a change is made to one of "
11905
"them it will by synced to the rest. Be sure to increment the "
11906
"<emphasis>olcServerID</emphasis> for each server, and the "
11907
"<emphasis>rid</emphasis> for each <emphasis>olcSyncRepl</emphasis> entry."
11910
#: serverguide/C/network-auth.xml:542(para)
11912
"And adjust <emphasis>credentials=secret</emphasis> to match your admin "
11916
#: serverguide/C/network-auth.xml:552(para)
11918
"Next, add the LDIF file using the <application>ldapmodify</application> "
11922
#: serverguide/C/network-auth.xml:557(command)
11923
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
11926
#: serverguide/C/network-auth.xml:563(para)
11928
"Copy the <filename>syncrepl_cn-config.ldif</filename> file to the next LDAP "
11929
"server and repeat the <application>ldapmodify</application> command above."
11932
#: serverguide/C/network-auth.xml:571(para)
11934
"Because a new module has been added, the <application>slapd</application> "
11935
"daemon, on all replicated servers, needs to be restarted:"
11938
#: serverguide/C/network-auth.xml:577(command) serverguide/C/network-auth.xml:779(command) serverguide/C/network-auth.xml:895(command)
11939
msgid "sudo /etc/init.d/slapd restart"
11942
#: serverguide/C/network-auth.xml:583(para)
11944
"Now that the configuration database is synced between servers, the "
11945
"<emphasis>backend</emphasis> database needs to be synced as well. Copy and "
11946
"paste the following into another LDIF file named "
11947
"<filename>syncrepl_backend.ldif</filename>:"
11950
#: serverguide/C/network-auth.xml:589(programlisting)
11954
"dn: olcDatabase={1}hdb,cn=config\n"
11955
"changetype: modify\n"
11957
"olcRootDN: cn=admin,dc=example,dc=com\n"
11959
"add: olcSyncRepl\n"
11960
"olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
11961
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11962
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11963
"type=refreshOnly \n"
11964
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11965
"olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
11966
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11967
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11968
"type=refreshOnly \n"
11969
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11971
"add: olcMirrorMode\n"
11972
"olcMirrorMode: TRUE\n"
13570
"olcSpNoPresent: TRUE\n"
13571
"olcSpReloadHint: TRUE\n"
13573
"# syncrepl Provider for primary db\n"
11974
13574
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
11975
13575
"changetype: add\n"
11976
13576
"objectClass: olcOverlayConfig\n"
11977
13577
"objectClass: olcSyncProvConfig\n"
11978
13578
"olcOverlay: syncprov\n"
11981
#: serverguide/C/network-auth.xml:616(para)
11982
msgid "Like the previous LDIF file, edit this one changing:"
11985
#: serverguide/C/network-auth.xml:622(para)
11987
"<emphasis>searchbase=\"dc=example,dc=com\"</emphasis> to your directory's "
11991
#: serverguide/C/network-auth.xml:627(para)
11993
"If you use a different admin user, change "
11994
"<emphasis>binddn=\"cn=admin,dc=example,dc=com\"</emphasis>."
11997
#: serverguide/C/network-auth.xml:632(para)
11999
"Also, replace <emphasis>credentials=secret</emphasis> with your admin "
12003
#: serverguide/C/network-auth.xml:641(para)
12004
msgid "Add the LDIF file:"
12007
#: serverguide/C/network-auth.xml:646(command)
12008
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
12011
#: serverguide/C/network-auth.xml:649(para)
12013
"Because the servers' configuration is already synced there is no need to "
12014
"copy this LDIF file to the other servers."
13579
"olcSpNoPresent: TRUE\n"
13581
"# accesslog overlay definitions for primary db\n"
13582
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13583
"objectClass: olcOverlayConfig\n"
13584
"objectClass: olcAccessLogConfig\n"
13585
"olcOverlay: accesslog\n"
13586
"olcAccessLogDB: cn=accesslog\n"
13587
"olcAccessLogOps: writes\n"
13588
"olcAccessLogSuccess: TRUE\n"
13589
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13590
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13593
#: serverguide/C/network-auth.xml:614(para)
13595
"The <application>AppArmor</application> profile for "
13596
"<application>slapd</application> will need to be adjusted for the accesslog "
13597
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13601
#: serverguide/C/network-auth.xml:619(programlisting)
13605
" /var/lib/ldap/accesslog/ r,\n"
13606
" /var/lib/ldap/accesslog/** rwk,\n"
13609
#: serverguide/C/network-auth.xml:624(para)
13611
"Then create the directory, reload the <application>apparmor</application> "
13612
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13615
#: serverguide/C/network-auth.xml:630(command)
13616
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13619
#: serverguide/C/network-auth.xml:631(command)
13620
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13623
#: serverguide/C/network-auth.xml:636(para)
13625
"Using the <emphasis>-u openldap</emphasis> option with the "
13626
"<application>sudo</application> commands above removes the need to adjust "
13627
"permissions for the new directory later."
13630
#: serverguide/C/network-auth.xml:645(para)
13632
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13636
#: serverguide/C/network-auth.xml:649(programlisting)
13640
"olcRootDN: cn=admin,dc=example,dc=com\n"
12017
13643
#: serverguide/C/network-auth.xml:657(para)
12019
"The configuration and backend databases should now sycnc to the other "
12020
"servers. You can add additional servers using the "
12021
"<application>ldapmodify</application> utility as the need arises. See <xref "
12022
"linkend=\"openldap-configuration\"/> for details."
12025
#: serverguide/C/network-auth.xml:667(programlisting)
13645
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13648
#: serverguide/C/network-auth.xml:662(command)
13649
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13652
#: serverguide/C/network-auth.xml:669(para)
13653
msgid "Restart <application>slapd</application>:"
13656
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1040(command) serverguide/C/network-auth.xml:1227(command)
13657
msgid "sudo /etc/init.d/slapd restart"
13660
#: serverguide/C/network-auth.xml:680(para)
13662
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13663
"to configure a <emphasis>Consumer</emphasis> server."
13666
#: serverguide/C/network-auth.xml:687(title)
13667
msgid "Consumer Configuration"
13670
#: serverguide/C/network-auth.xml:692(para)
13672
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13673
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13674
"configuration steps."
13677
#: serverguide/C/network-auth.xml:697(para)
13678
msgid "Add the additional schema files:"
13681
#: serverguide/C/network-auth.xml:707(para)
13683
"Also, create, or copy from the provider server, the "
13684
"<filename>backend.example.com.ldif</filename>"
13687
#: serverguide/C/network-auth.xml:711(programlisting)
13691
"# Load dynamic backend modules\n"
13692
"dn: cn=module,cn=config\n"
13693
"objectClass: olcModuleList\n"
13695
"olcModulepath: /usr/lib/ldap\n"
13696
"olcModuleload: back_hdb\n"
13698
"# Database settings\n"
13699
"dn: olcDatabase=hdb,cn=config\n"
13700
"objectClass: olcDatabaseConfig\n"
13701
"objectClass: olcHdbConfig\n"
13702
"olcDatabase: {1}hdb\n"
13703
"olcSuffix: dc=example,dc=com\n"
13704
"olcDbDirectory: /var/lib/ldap\n"
13705
"olcRootDN: cn=admin,dc=example,dc=com\n"
13706
"olcRootPW: secret\n"
13707
"olcDbConfig: set_cachesize 0 2097152 0\n"
13708
"olcDbConfig: set_lk_max_objects 1500\n"
13709
"olcDbConfig: set_lk_max_locks 1500\n"
13710
"olcDbConfig: set_lk_max_lockers 1500\n"
13711
"olcDbIndex: objectClass eq\n"
13712
"olcLastMod: TRUE\n"
13713
"olcDbCheckpoint: 512 30\n"
13714
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13715
"by anonymous auth by self write by * none\n"
13716
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13717
"olcAccess: to dn.base=\"\" by * read\n"
13718
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13721
#: serverguide/C/network-auth.xml:741(para)
13722
msgid "And add the LDIF by entering:"
13725
#: serverguide/C/network-auth.xml:752(para)
13727
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13728
"listed above, and add it:"
13731
#: serverguide/C/network-auth.xml:760(para)
13733
"The two severs should now have the same configuration except for the "
13734
"<emphasis>Syncrepl</emphasis> options."
13737
#: serverguide/C/network-auth.xml:768(para)
13739
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13742
#: serverguide/C/network-auth.xml:772(programlisting)
13746
"#Load the syncprov module.\n"
13747
"dn: cn=module{0},cn=config\n"
13748
"changetype: modify\n"
13749
"add: olcModuleLoad\n"
13750
"olcModuleLoad: syncprov\n"
13752
"# syncrepl specific indices\n"
13753
"dn: olcDatabase={1}hdb,cn=config\n"
13754
"changetype: modify\n"
13755
"add: olcDbIndex\n"
13756
"olcDbIndex: entryUUID eq\n"
13758
"add: olcSyncRepl\n"
13759
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13760
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13761
" credentials=secret searchbase=\"dc=example,dc=com\" "
13762
"logbase=\"cn=accesslog\" \n"
13763
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13764
"schemachecking=on \n"
13765
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13767
"add: olcUpdateRef\n"
13768
"olcUpdateRef: ldap://ldap01.example.com\n"
13771
#: serverguide/C/network-auth.xml:795(para)
13772
msgid "You will probably want to change the following attributes:"
13775
#: serverguide/C/network-auth.xml:800(para)
13776
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13779
#: serverguide/C/network-auth.xml:801(emphasis)
13783
#: serverguide/C/network-auth.xml:802(emphasis)
13784
msgid "credentials"
13787
#: serverguide/C/network-auth.xml:803(emphasis)
13791
#: serverguide/C/network-auth.xml:804(emphasis)
13792
msgid "olcUpdateRef:"
13795
#: serverguide/C/network-auth.xml:810(para)
13796
msgid "Add the LDIF file to the configuration tree:"
13799
#: serverguide/C/network-auth.xml:815(command)
13800
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13803
#: serverguide/C/network-auth.xml:821(para)
13805
"The frontend database should now sync between servers. You can add "
13806
"additional servers using the steps above as the need arises."
13809
#: serverguide/C/network-auth.xml:831(programlisting)
12027
13811
msgid "127.0.0.1\tldap01.example.com ldap01"
12030
#: serverguide/C/network-auth.xml:663(para)
13814
#: serverguide/C/network-auth.xml:827(para)
12032
13816
"The <application>slapd</application> daemon will send log information to "
12033
13817
"<filename>/var/log/syslog</filename> by default. So if all does "
12197
14075
"linkend=\"openldap-server-replication\"/>."
12200
#: serverguide/C/network-auth.xml:808(para)
12202
"After setting up replication, and following the instructions in <xref "
12203
"linkend=\"openldap-tls\"/>, there are a couple of consequences that should "
12207
#: serverguide/C/network-auth.xml:815(para)
12209
"The configuration only needs to be modified on <emphasis>one</emphasis> "
12213
#: serverguide/C/network-auth.xml:820(para)
12215
"The path names for the <emphasis>certificate</emphasis> and "
12216
"<emphasis>key</emphasis> must be the same on all servers."
12219
#: serverguide/C/network-auth.xml:827(para)
12221
"So on each replicated server: install a certificate, edit "
12222
"<filename>/etc/default/slapd</filename>, and restart "
12223
"<application>slapd</application>."
12226
#: serverguide/C/network-auth.xml:832(para)
12228
"Once <emphasis>TLS</emphasis> has been setup on each server, modify the "
12229
"<emphasis>cn=config</emphasis> replication by entering the following in a "
12233
#: serverguide/C/network-auth.xml:843(userinput)
12236
"dn: olcDatabase={0}config,cn=config\n"
12237
"replace: olcSyncrepl\n"
12238
"olcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com "
12239
"binddn=\"cn=admin,cn\n"
12240
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12242
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12243
"olcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com "
12244
"binddn=\"cn=admin,cn\n"
12245
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12247
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes"
12250
#: serverguide/C/network-auth.xml:842(computeroutput)
12253
"Enter LDAP Password: \n"
12254
"<placeholder-1/>\n"
12256
"modifying entry \"olcDatabase={0}config,cn=config\"\n"
12259
#: serverguide/C/network-auth.xml:856(para)
12260
msgid "Now adjust the <emphasis>backend</emphasis> database replication:"
12263
#: serverguide/C/network-auth.xml:866(userinput)
14078
#: serverguide/C/network-auth.xml:1069(para)
14080
"Assuming you have followed the above instructions and created a CA "
14081
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14082
"server. Follow the following instructions to create a certificate and key "
14083
"for the <emphasis>Consumer</emphasis> server."
14086
#: serverguide/C/network-auth.xml:1078(para)
14087
msgid "Create a new key for the Consumer server:"
14090
#: serverguide/C/network-auth.xml:1083(command)
14091
msgid "mkdir ldap02-ssl"
14094
#: serverguide/C/network-auth.xml:1084(command)
14095
msgid "cd ldap02-ssl"
14098
#: serverguide/C/network-auth.xml:1085(command)
14099
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14102
#: serverguide/C/network-auth.xml:1089(para)
14104
"Creating a new directory is not strictly necessary, but it will help keep "
14105
"things organized and make it easier to copy the files to the Consumer server."
14108
#: serverguide/C/network-auth.xml:1098(para)
14110
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14111
"server, changing the attributes to match your locality and server:"
14114
#: serverguide/C/network-auth.xml:1103(programlisting)
14119
"state = North Carolina\n"
14120
"locality = Winston-Salem\n"
14121
"organization = Example Company\n"
14122
"cn = ldap02.salem.edu\n"
14128
#: serverguide/C/network-auth.xml:1117(para)
14129
msgid "Create the certificate:"
14132
#: serverguide/C/network-auth.xml:1122(command)
14134
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14135
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14136
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14137
"ldap02_slapd_cert.pem"
14140
#: serverguide/C/network-auth.xml:1130(para)
14141
msgid "Copy the <filename>cacert.pem</filename> to the dicretory:"
14144
#: serverguide/C/network-auth.xml:1135(command)
14145
msgid "cp /etc/ssl/certs/cacert.pem ."
14148
#: serverguide/C/network-auth.xml:1141(para)
14150
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14151
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14152
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14153
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14154
"<filename>/etc/ssl/private</filename>."
14157
#: serverguide/C/network-auth.xml:1150(para)
14159
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14163
#: serverguide/C/network-auth.xml:1160(userinput)
14167
"add: olcTLSCACertificateFile\n"
14168
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14170
"add: olcTLSCertificateFile\n"
14171
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14173
"add: olcTLSCertificateKeyFile\n"
14174
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14177
#: serverguide/C/network-auth.xml:1177(para)
14179
"As with the Provider you can now edit "
14180
"<filename>/etc/default/slapd</filename> and add the "
14181
"<emphasis>ldaps:///</emphasis> parameter to the "
14182
"<emphasis>SLAPD_SERVICES</emphasis> option."
14185
#: serverguide/C/network-auth.xml:1185(para)
14187
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14188
"modify the <emphasis>Consumer</emphasis> server's "
14189
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14192
#: serverguide/C/network-auth.xml:1198(userinput)
12266
14196
"dn: olcDatabase={1}hdb,cn=config\n"
12267
14197
"replace: olcSyncrepl\n"
12268
"olcSyncrepl: {0}rid=003 provider=ldap://ldap01.example.com "
12269
"binddn=\"cn=admin,dc=example,dc=\n"
12270
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12272
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12273
"olcSyncrepl: {1}rid=004 provider=ldap://ldap02.example.com "
12274
"binddn=\"cn=admin,dc=example,dc=\n"
12275
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12277
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes"
14198
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14200
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14202
" e=\"cn=accesslog\" "
14203
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14204
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
12280
#: serverguide/C/network-auth.xml:865(computeroutput) serverguide/C/network-auth.xml:2418(computeroutput)
14208
#: serverguide/C/network-auth.xml:1195(computeroutput)
12283
"Enter LDAP Password:\n"
14211
"SASL/EXTERNAL authentication started\n"
14212
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
12284
14214
"<placeholder-1/>\n"
12286
"modifying entry \"olcDatabase={1}hdb,cn=config\""
14216
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
12289
#: serverguide/C/network-auth.xml:878(para)
14219
#: serverguide/C/network-auth.xml:1210(para)
12291
14221
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
12292
14222
"(FQDN) in the certificate, you may have to edit "
12293
14223
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
12296
#: serverguide/C/network-auth.xml:883(programlisting)
14226
#: serverguide/C/network-auth.xml:1215(programlisting)
12300
"TLS_CERT /etc/ssl/certs/server.crt\n"
12301
"TLS_KEY /etc/ssl/private/server.key\n"
14230
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14231
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
12302
14232
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
12305
#: serverguide/C/network-auth.xml:890(para)
14235
#: serverguide/C/network-auth.xml:1222(para)
12307
14237
"Finally, restart <application>slapd</application> on each of the servers:"
12310
#: serverguide/C/network-auth.xml:903(title)
14240
#: serverguide/C/network-auth.xml:1235(title)
12311
14241
msgid "LDAP Authentication"
12314
#: serverguide/C/network-auth.xml:905(para)
14244
#: serverguide/C/network-auth.xml:1237(para)
12316
14246
"Once you have a working LDAP server, the <application>auth-client-"
12317
14247
"config</application> and <application>libnss-ldap</application> packages "
18022
20154
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
18025
#: serverguide/C/installation.xml:450(para)
20157
#: serverguide/C/installation.xml:502(para)
18027
20159
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
18028
"is <emphasis role=\"italic\">\"Ext3 journaling file system\"</emphasis>, "
20160
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
18029
20161
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
18030
20162
"<emphasis>\"Done setting up partition\"</emphasis>."
18033
#: serverguide/C/installation.xml:459(para)
20165
#: serverguide/C/installation.xml:511(para)
18035
20167
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
18036
20168
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
18037
20169
"partition\"</emphasis>."
18040
#: serverguide/C/installation.xml:467(para)
20172
#: serverguide/C/installation.xml:519(para)
18042
20174
"Use the rest of the free space on the drive and choose "
18043
20175
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
18046
#: serverguide/C/installation.xml:474(para)
20178
#: serverguide/C/installation.xml:526(para)
18048
20180
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
18049
"at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis> "
18050
"then choose <emphasis>\"Done setting up partition\"</emphasis>."
20181
"at the top, changing it to <emphasis>\"physical volume for "
20182
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20183
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20184
"<emphasis>\"Done setting up partition\"</emphasis>."
18053
#: serverguide/C/installation.xml:482(para)
20187
#: serverguide/C/installation.xml:536(para)
18054
20188
msgid "Repeat steps three through eight for the other disk and partitions."
18057
#: serverguide/C/installation.xml:491(title)
20191
#: serverguide/C/installation.xml:545(title)
18058
20192
msgid "RAID Configuration"
18061
#: serverguide/C/installation.xml:493(para)
20195
#: serverguide/C/installation.xml:547(para)
18062
20196
msgid "With the partitions setup the arrays are ready to be configured:"
18065
#: serverguide/C/installation.xml:500(para)
20199
#: serverguide/C/installation.xml:554(para)
18067
20201
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
18068
20202
"Software RAID\"</emphasis> at the top."
18071
#: serverguide/C/installation.xml:507(para)
20205
#: serverguide/C/installation.xml:561(para)
18072
20206
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
18075
#: serverguide/C/installation.xml:514(para)
18076
msgid "Choose <emphasis>\"Create MD drive\"</emphasis>."
20209
#: serverguide/C/installation.xml:568(para)
20210
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
18079
#: serverguide/C/installation.xml:521(para)
20213
#: serverguide/C/installation.xml:575(para)
18081
20215
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
18082
20216
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
18085
#: serverguide/C/installation.xml:527(para)
20219
#: serverguide/C/installation.xml:581(para)
18087
20221
"In order to use <emphasis>RAID5</emphasis> you need at least "
18088
20222
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
18089
20223
"<emphasis>two</emphasis> drives are required."
18092
#: serverguide/C/installation.xml:536(para)
20226
#: serverguide/C/installation.xml:590(para)
18094
20228
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
18095
20229
"of hard drives you have, for the array. Then select "
18096
20230
"<emphasis>\"Continue\"</emphasis>."
18099
#: serverguide/C/installation.xml:544(para)
20233
#: serverguide/C/installation.xml:598(para)
18101
20235
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
18102
20236
"default, then choose <emphasis>\"Continue\"</emphasis>."
18105
#: serverguide/C/installation.xml:551(para)
20239
#: serverguide/C/installation.xml:605(para)
18107
20241
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
18108
20242
"etc. The numbers will usually match and the different letters correspond to "
18109
20243
"different hard drives."
18112
#: serverguide/C/installation.xml:556(para)
20246
#: serverguide/C/installation.xml:610(para)
18114
20248
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
18115
20249
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
18116
20250
"go to the next step."
18119
#: serverguide/C/installation.xml:564(para)
20253
#: serverguide/C/installation.xml:618(para)
18121
20255
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
18122
20256
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
18123
20257
"and <emphasis>sdb2</emphasis>."
18126
#: serverguide/C/installation.xml:572(para)
20260
#: serverguide/C/installation.xml:626(para)
18127
20261
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
18130
#: serverguide/C/installation.xml:582(title)
20264
#: serverguide/C/installation.xml:636(title)
18131
20265
msgid "Formatting"
18134
#: serverguide/C/installation.xml:584(para)
20268
#: serverguide/C/installation.xml:638(para)
18136
20270
"There should now be a list of hard drives and RAID devices. The next step is "
18137
20271
"to format and set the mount point for the RAID devices. Treat the RAID "
18138
20272
"device as a local hard drive, format and mount accordingly."
18141
#: serverguide/C/installation.xml:592(para)
18142
msgid "Select the <emphasis>RAID1 device #0</emphasis> partition."
20275
#: serverguide/C/installation.xml:646(para)
20277
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20278
"#0\"</emphasis> partition."
18145
#: serverguide/C/installation.xml:599(para)
20281
#: serverguide/C/installation.xml:653(para)
18147
20283
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
18148
20284
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
18151
#: serverguide/C/installation.xml:607(para)
18152
msgid "Next, select the <emphasis>RAID1 device #1</emphasis> partition."
20287
#: serverguide/C/installation.xml:661(para)
20289
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20290
"#1\"</emphasis> partition."
18155
#: serverguide/C/installation.xml:614(para)
20293
#: serverguide/C/installation.xml:668(para)
18157
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext3 "
20295
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
18158
20296
"journaling file system\"</emphasis>."
18161
#: serverguide/C/installation.xml:621(para)
20299
#: serverguide/C/installation.xml:675(para)
18163
20301
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
18164
20302
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "