1531
1558
"common</application> and <application>winbind</application> packages:"
1534
#: serverguide/C/windows-networking.xml:1438(para)
1561
#: serverguide/C/windows-networking.xml:1440(para)
1536
1563
"<application>lwinet</application>: Returns information about the network and "
1539
1566
"<application>lwinet</application>: Viser informasjon om nettverk og domene."
1541
#: serverguide/C/windows-networking.xml:1443(para)
1568
#: serverguide/C/windows-networking.xml:1445(para)
1543
1570
"<application>lwimsg</application>: Allows interaction with the "
1544
1571
"<application>likewise-winbindd</application> daemon."
1547
#: serverguide/C/windows-networking.xml:1448(para)
1574
#: serverguide/C/windows-networking.xml:1450(para)
1549
1576
"<application>lwiinfo</application>: Displays information about various parts "
1550
1577
"of the Domain."
1553
#: serverguide/C/windows-networking.xml:1454(para)
1580
#: serverguide/C/windows-networking.xml:1456(para)
1554
1581
msgid "Please refer to each utility's man page specific for details."
1557
#: serverguide/C/windows-networking.xml:1460(title) serverguide/C/mail.xml:336(title) serverguide/C/mail.xml:1563(title) serverguide/C/dns.xml:338(title)
1584
#: serverguide/C/windows-networking.xml:1462(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1598(title) serverguide/C/dns.xml:338(title)
1558
1585
msgid "Troubleshooting"
1561
#: serverguide/C/windows-networking.xml:1464(para)
1588
#: serverguide/C/windows-networking.xml:1466(para)
1563
1590
"If the client has trouble joining the domain, double check that the "
1564
1591
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1568
#: serverguide/C/windows-networking.xml:1469(programlisting)
1595
#: serverguide/C/windows-networking.xml:1471(programlisting)
1572
1599
"nameserver 192.168.0.1\n"
1575
#: serverguide/C/windows-networking.xml:1474(para)
1602
#: serverguide/C/windows-networking.xml:1476(para)
1577
1604
"For more information when joining a domain, use the <emphasis>--loglevel "
1578
1605
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1579
1606
"<application>domainjoin-cli</application> utility:"
1582
#: serverguide/C/windows-networking.xml:1480(command)
1609
#: serverguide/C/windows-networking.xml:1482(command)
1583
1610
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1586
#: serverguide/C/windows-networking.xml:1484(para)
1613
#: serverguide/C/windows-networking.xml:1486(para)
1588
1615
"If an Active Directory user has trouble logging in, check the "
1589
1616
"<filename>/var/log/auth.log</filename> for details."
1592
#: serverguide/C/windows-networking.xml:1489(para)
1619
#: serverguide/C/windows-networking.xml:1491(para)
1594
1621
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1595
1622
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1596
1623
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1597
"<emphasis>\"mdns4\"</emphasis> entry from the <emphasis>hosts</emphasis> "
1598
"option. For example:"
1624
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1625
"<emphasis>hosts</emphasis> option. For example:"
1601
#: serverguide/C/windows-networking.xml:1495(programlisting)
1628
#: serverguide/C/windows-networking.xml:1497(programlisting)
1605
1632
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1608
#: serverguide/C/windows-networking.xml:1499(para)
1635
#: serverguide/C/windows-networking.xml:1501(para)
1609
1636
msgid "Change the above to:"
1612
#: serverguide/C/windows-networking.xml:1503(programlisting)
1639
#: serverguide/C/windows-networking.xml:1505(programlisting)
1616
1643
"hosts: files dns [NOTFOUND=return]\n"
1619
#: serverguide/C/windows-networking.xml:1507(para)
1646
#: serverguide/C/windows-networking.xml:1509(para)
1620
1647
msgid "Then restart networking by entering:"
1623
#: serverguide/C/windows-networking.xml:1512(command) serverguide/C/network-config.xml:237(command)
1650
#: serverguide/C/windows-networking.xml:1514(command) serverguide/C/network-config.xml:559(command)
1624
1651
msgid "sudo /etc/init.d/networking restart"
1627
#: serverguide/C/windows-networking.xml:1515(para)
1654
#: serverguide/C/windows-networking.xml:1517(para)
1628
1655
msgid "You should now be able to join the Active Directory domain."
1631
#: serverguide/C/windows-networking.xml:1523(title)
1658
#: serverguide/C/windows-networking.xml:1525(title)
1632
1659
msgid "Microsoft DNS"
1635
#: serverguide/C/windows-networking.xml:1525(para)
1662
#: serverguide/C/windows-networking.xml:1527(para)
1637
1664
"The following are instructions for installing DNS on an Active Directory "
1638
1665
"domain controller running Windows Server 2003, but the instructions should "
1639
1666
"be similar for other versions:"
1642
#: serverguide/C/windows-networking.xml:1532(para)
1669
#: serverguide/C/windows-networking.xml:1536(para)
1645
1672
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1646
"</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice>. "
1673
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1647
1674
"This will open the <application>Server Role Mangement</application> utility."
1650
#: serverguide/C/windows-networking.xml:1540(para)
1651
msgid "Click Add or remove a role"
1677
#: serverguide/C/windows-networking.xml:1544(para)
1678
msgid "Click <guilabel>Add or remove a role</guilabel>"
1654
#: serverguide/C/windows-networking.xml:1541(para) serverguide/C/windows-networking.xml:1543(para) serverguide/C/windows-networking.xml:1546(para)
1681
#: serverguide/C/windows-networking.xml:1545(para) serverguide/C/windows-networking.xml:1547(para) serverguide/C/windows-networking.xml:1550(para)
1655
1682
msgid "Click Next"
1683
msgstr "Trykk neste"
1658
#: serverguide/C/windows-networking.xml:1542(para)
1685
#: serverguide/C/windows-networking.xml:1546(para)
1659
1686
msgid "Select \"DNS Server\""
1662
#: serverguide/C/windows-networking.xml:1544(para)
1689
#: serverguide/C/windows-networking.xml:1548(para)
1690
msgid "Click Next again to proceed"
1666
#: serverguide/C/windows-networking.xml:1545(para)
1693
#: serverguide/C/windows-networking.xml:1549(para)
1667
1694
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1670
#: serverguide/C/windows-networking.xml:1547(para)
1697
#: serverguide/C/windows-networking.xml:1551(para)
1672
1699
"Make sure \"This server maintains the zone\" is selected and click Next."
1675
#: serverguide/C/windows-networking.xml:1548(para)
1702
#: serverguide/C/windows-networking.xml:1552(para)
1676
1703
msgid "Enter your domain name and click Next"
1704
msgstr "Fyll inn domenenavnet ditt og trykk neste"
1679
#: serverguide/C/windows-networking.xml:1549(para) serverguide/C/windows-networking.xml:1550(para)
1706
#: serverguide/C/windows-networking.xml:1553(para)
1680
1707
msgid "Click Next to \"Allow only secure dynamic updates\""
1683
#: serverguide/C/windows-networking.xml:1552(para)
1710
#: serverguide/C/windows-networking.xml:1555(para)
1685
1712
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1686
1713
"should not forward queries\" and click Next."
1689
#: serverguide/C/windows-networking.xml:1556(para) serverguide/C/windows-networking.xml:1557(para)
1716
#: serverguide/C/windows-networking.xml:1559(para) serverguide/C/windows-networking.xml:1560(para)
1690
1717
msgid "Click Finish"
1718
msgstr "Trykk fullfør"
1693
#: serverguide/C/windows-networking.xml:1559(para)
1720
#: serverguide/C/windows-networking.xml:1562(para)
1695
1722
"DNS is now installed and can be further configured using the "
1696
1723
"<application>Microsoft Management Console</application> DNS snap-in."
1699
#: serverguide/C/windows-networking.xml:1567(para)
1726
#: serverguide/C/windows-networking.xml:1570(para)
1700
1727
msgid "Click Start"
1703
#: serverguide/C/windows-networking.xml:1568(para)
1730
#: serverguide/C/windows-networking.xml:1571(para)
1704
1731
msgid "Control Panel"
1732
msgstr "Kontrollpanel"
1707
#: serverguide/C/windows-networking.xml:1569(para)
1734
#: serverguide/C/windows-networking.xml:1572(para)
1708
1735
msgid "Network Connections"
1711
#: serverguide/C/windows-networking.xml:1570(para)
1738
#: serverguide/C/windows-networking.xml:1573(para)
1712
1739
msgid "Right Click \"Local Area Connection\""
1715
#: serverguide/C/windows-networking.xml:1571(para)
1742
#: serverguide/C/windows-networking.xml:1574(para)
1716
1743
msgid "Click Properties"
1719
#: serverguide/C/windows-networking.xml:1572(para)
1746
#: serverguide/C/windows-networking.xml:1575(para)
1720
1747
msgid "Double click \"Internet Protocol (TCP/IP)\""
1723
#: serverguide/C/windows-networking.xml:1573(para)
1750
#: serverguide/C/windows-networking.xml:1576(para)
1724
1751
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1727
#: serverguide/C/windows-networking.xml:1574(para)
1754
#: serverguide/C/windows-networking.xml:1577(para)
1728
1755
msgid "Click Ok"
1731
#: serverguide/C/windows-networking.xml:1575(para)
1758
#: serverguide/C/windows-networking.xml:1578(para)
1732
1759
msgid "Click Ok again to save the settings"
1735
#: serverguide/C/windows-networking.xml:1564(para)
1762
#: serverguide/C/windows-networking.xml:1567(para)
1737
1764
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1740
#: serverguide/C/windows-networking.xml:1582(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:766(title) serverguide/C/web-servers.xml:910(title) serverguide/C/web-servers.xml:1002(title) serverguide/C/web-servers.xml:1218(title) serverguide/C/vpn.xml:291(title) serverguide/C/virtualization.xml:1303(title) serverguide/C/virtualization.xml:1492(title) serverguide/C/vcs.xml:536(title) serverguide/C/security.xml:935(title) serverguide/C/security.xml:1264(title) serverguide/C/security.xml:1679(title) serverguide/C/security.xml:1870(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:432(title) serverguide/C/other-apps.xml:381(title) serverguide/C/network-config.xml:672(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:522(title) serverguide/C/mail.xml:444(title) serverguide/C/mail.xml:625(title) serverguide/C/mail.xml:772(title) serverguide/C/mail.xml:1189(title) serverguide/C/mail.xml:1611(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:369(title) serverguide/C/lamp-applications.xml:471(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:431(title) serverguide/C/file-server.xml:611(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
1767
#: serverguide/C/windows-networking.xml:1585(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:1840(title) serverguide/C/virtualization.xml:2165(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1626(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1646(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1741
1768
msgid "References"
1742
1769
msgstr "Referanser"
1744
#: serverguide/C/windows-networking.xml:1584(para)
1771
#: serverguide/C/windows-networking.xml:1587(para)
1746
1773
"Please refer to the <ulink "
1747
1774
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1748
1775
"further information."
1751
#: serverguide/C/windows-networking.xml:1588(para)
1778
#: serverguide/C/windows-networking.xml:1591(para)
1753
1780
"For more <application>domainjoin-cli</application> options see the man page: "
1754
1781
"<command>man domainjoin-cli</command>."
1784
#: serverguide/C/windows-networking.xml:1595(para)
1786
"Also, see the <ulink "
1787
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1788
"LikewiseOpen</ulink> page."
1757
1791
#: serverguide/C/web-servers.xml:13(title)
1758
1792
msgid "Web Servers"
5015
5104
"firstlogin login.sh es"
5018
#: serverguide/C/virtualization.xml:1164(para)
5107
#: serverguide/C/virtualization.xml:1169(para)
5020
5109
"If you are interested in learning more, have questions or suggestions, "
5021
5110
"please contact the Ubuntu Server Team at:"
5024
#: serverguide/C/virtualization.xml:1169(para)
5113
#: serverguide/C/virtualization.xml:1174(para)
5025
5114
msgid "IRC: #ubuntu-server on freenode"
5028
#: serverguide/C/virtualization.xml:1174(para)
5117
#: serverguide/C/virtualization.xml:1179(para)
5030
5119
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5031
5120
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5034
#: serverguide/C/virtualization.xml:1182(title)
5038
#: serverguide/C/virtualization.xml:1185(title) serverguide/C/network-auth.xml:1683(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:879(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5123
#: serverguide/C/virtualization.xml:1184(para)
5125
"Also, see the <ulink "
5126
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5127
"Wiki</ulink> page."
5130
#: serverguide/C/virtualization.xml:1192(title)
5134
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2026(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5039
5135
msgid "Overview"
5042
#: serverguide/C/virtualization.xml:1187(para)
5044
"<emphasis>Eucalyptus</emphasis> is an open-source software infrastructure "
5045
"for implementing \"cloud computing\" on your own clusters. "
5046
"<emphasis>Eucalyptus</emphasis> allows you to create your own cloud "
5047
"computing environment in order to maximize computing resources and provide a "
5048
"cloud computing environment to your users."
5051
#: serverguide/C/virtualization.xml:1193(para)
5053
"This section will cover setting up a Cloud Computing environment using "
5054
"<application>Eucalyptus</application> with <application>KVM</application>. "
5055
"For more information on KVM see <xref linkend=\"libvirt\"/>."
5058
#: serverguide/C/virtualization.xml:1198(para)
5060
"The Cloud Computing environment will consist of three components, typically "
5061
"installed on at least two separate machines (termed the 'front-end' and "
5062
"'node(s)' for the rest of this document):"
5065
#: serverguide/C/virtualization.xml:1205(para)
5067
"<emphasis>One Front-End:</emphasis> hosts one Cloud Controller, a Java based "
5068
"Web configuration interface, and a Cluster Controller, which determines "
5069
"where virtual machines (VMs) will be housed and manages cluster level VM "
5073
#: serverguide/C/virtualization.xml:1211(para)
5075
"<emphasis>One or more Compute Nodes:</emphasis> runs the Node Controller "
5076
"component of Eucalyptus, which allows the machine to be part of the cloud as "
5138
#: serverguide/C/virtualization.xml:1197(para)
5140
"This tutorial covers <application>UEC</application> installation from the "
5141
"Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
5142
"with a single system serving as the <emphasis>\"all-in-one "
5143
"controller\"</emphasis>, and one or more nodes attached."
5146
#: serverguide/C/virtualization.xml:1202(para)
5148
"From this Tutorial you will learn how to install, configure, register and "
5149
"perform several operations on a basic <application>UEC</application> setup "
5150
"that results in a cloud with a one controller <emphasis>\"front-"
5151
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5152
"instances. You will also use examples to help get you started using your own "
5153
"private compute cloud."
5156
#: serverguide/C/virtualization.xml:1210(title)
5157
msgid "Prerequisites"
5160
#: serverguide/C/virtualization.xml:1212(para)
5162
"To deploy a minimal cloud infrastructure, you’ll need at least "
5163
"<emphasis>two</emphasis> dedicated systems:"
5080
5166
#: serverguide/C/virtualization.xml:1218(para)
5082
"The simple <emphasis>System</emphasis> networking option will be used by "
5083
"default. This network method allows virtual machine instances, to obtain IP "
5084
"addresses from the local LAN, assuming that a DHCP server is properly "
5085
"configured on the LAN to hand out IPs dynamically to VMs that request them. "
5086
"Each node will be configured for bridge networking. For more details see "
5087
"<xref linkend=\"bridging\"/>."
5090
#: serverguide/C/virtualization.xml:1228(para)
5092
"First, on the <emphasis>Front-End</emphasis> install the appropriate "
5093
"packages. In a terminal prompt on the Front-End enter:"
5096
#: serverguide/C/virtualization.xml:1233(command)
5097
msgid "sudo apt-get install eucalyptus-cloud eucalyptus-cc"
5167
msgid "A front end."
5170
#: serverguide/C/virtualization.xml:1223(para)
5171
msgid "One or more node(s)."
5174
#: serverguide/C/virtualization.xml:1229(para)
5176
"The following are recommendations, rather than fixed requirements. However, "
5177
"our experience in developing this documentation indicated the following "
5181
#: serverguide/C/virtualization.xml:1234(title)
5182
msgid "Front End Requirements"
5100
5185
#: serverguide/C/virtualization.xml:1236(para)
5102
"Next, on the each <emphasis>Compute Node</emphasis> install the node "
5103
"controller package. In a terminal prompt on each Compute Node enter:"
5106
#: serverguide/C/virtualization.xml:1241(command)
5107
msgid "sudo apt-get install eucalyptus-nc"
5186
msgid "Use the following table for a system that will run one or more of:"
5189
#: serverguide/C/virtualization.xml:1241(para)
5190
msgid "Cloud Controller (CLC)"
5193
#: serverguide/C/virtualization.xml:1242(para)
5194
msgid "Cluster Controller (CC)"
5197
#: serverguide/C/virtualization.xml:1243(para)
5198
msgid "Walrus (the S3-like storage service)"
5110
5201
#: serverguide/C/virtualization.xml:1244(para)
5112
"Once the installation is complete, and it may take a while, in a browser go "
5113
"to <emphasis>https://front-end:8443</emphasis> and login to the "
5114
"administration interface using the default username and password of "
5115
"<emphasis>admin</emphasis>. You will then be prompted to change the "
5116
"password, configure an email address for the admin user, and set the storage "
5120
#: serverguide/C/virtualization.xml:1250(para)
5122
"In the web interface's <emphasis>\"Configuration\"</emphasis> tab, add a "
5123
"cluster under the <emphasis>\"Clusters\"</emphasis> heading (in this "
5124
"configuration, the cluster controller is on the same system as the cloud "
5125
"controller, so entering 'localhost' as the cluster hostname is correct). "
5126
"Once the form is filled out click the <emphasis>\"Add Cluster\"</emphasis> "
5130
#: serverguide/C/virtualization.xml:1256(para)
5132
"Now, back on the <emphasis>Front-End</emphasis>, add the nodes to the "
5136
#: serverguide/C/virtualization.xml:1261(command)
5137
msgid "sudo euca_conf -addnode hostname_of_node"
5140
#: serverguide/C/virtualization.xml:1264(para)
5142
"You will then be prompted to log into your Node, install the "
5143
"<application>eucalyptus-nc</application> package, and add the "
5144
"<emphasis>eucalyptus</emphasis> user's ssh key to the node's "
5145
"<filename>authorized_keys</filename> file, and confirm authenticity of the "
5146
"host's OpenSSH RSA key fingerprint. Finally, the command will complete by "
5147
"synchronizing the eucalyptus component keys and node registration is "
5151
#: serverguide/C/virtualization.xml:1270(para)
5153
"On the Node, the <filename>/etc/eucalyptus/eucalyptus.conf</filename> "
5154
"configuration file will need editing to use your node's bridge interface "
5155
"(assuming here that the interface is named <emphasis>'br0'</emphasis>):"
5158
#: serverguide/C/virtualization.xml:1275(programlisting)
5162
"VNET_INTERFACE=\"br0\"\n"
5164
"VNET_BRIDGE=\"br0\"\n"
5167
#: serverguide/C/virtualization.xml:1281(para)
5168
msgid "Finally, restart <application>eucalyptus-nc</application>:"
5171
#: serverguide/C/virtualization.xml:1286(command)
5172
msgid "sudo /etc/init.d/eucalyptus-nc restart"
5175
#: serverguide/C/virtualization.xml:1291(para)
5177
"Be sure to replace <emphasis>nodecontroller</emphasis>, "
5178
"<emphasis>node01</emphasis>, and <emphasis>node02</emphasis> with actual "
5182
#: serverguide/C/virtualization.xml:1297(para)
5184
"<application>Eucalyptus</application> is now ready to host images on the "
5188
#: serverguide/C/virtualization.xml:1307(para)
5190
"See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus "
5191
"website</ulink> for more information."
5194
#: serverguide/C/virtualization.xml:1312(para)
5202
msgid "Storage Controller (SC)"
5205
#: serverguide/C/virtualization.xml:1248(title)
5206
msgid "UEC Front End Requirements"
5209
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5213
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5217
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5221
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5225
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5229
#: serverguide/C/virtualization.xml:1265(para)
5233
#: serverguide/C/virtualization.xml:1266(para)
5237
#: serverguide/C/virtualization.xml:1267(para)
5239
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5240
"a dual core processor."
5243
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5247
#: serverguide/C/virtualization.xml:1271(para)
5251
#: serverguide/C/virtualization.xml:1272(para)
5255
#: serverguide/C/virtualization.xml:1273(para)
5256
msgid "The Java web front end benefits from lots of available memory."
5259
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5263
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5264
msgid "5400 RPM IDE"
5267
#: serverguide/C/virtualization.xml:1278(para)
5268
msgid "7200 RPM SATA"
5271
#: serverguide/C/virtualization.xml:1279(para)
5273
"Slower disks will work, but will yield much longer instance startup times."
5276
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5280
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5284
#: serverguide/C/virtualization.xml:1284(para)
5288
#: serverguide/C/virtualization.xml:1285(para)
5290
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5291
"does not like to run out of disk space."
5294
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5298
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5302
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5306
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5308
"Machine images are hundreds of MB, and need to be copied over the network to "
5312
#: serverguide/C/virtualization.xml:1299(title)
5313
msgid "Node Requirements"
5316
#: serverguide/C/virtualization.xml:1301(para)
5317
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5320
#: serverguide/C/virtualization.xml:1306(para)
5321
msgid "the Node Controller (NC)"
5324
#: serverguide/C/virtualization.xml:1310(title)
5325
msgid "UEC Node Requirements"
5328
#: serverguide/C/virtualization.xml:1327(para)
5329
msgid "VT Extensions"
5332
#: serverguide/C/virtualization.xml:1328(para)
5333
msgid "VT, 64-bit, Multicore"
5336
#: serverguide/C/virtualization.xml:1329(para)
5338
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5339
"only run 1 VM per CPU core on a Node."
5342
#: serverguide/C/virtualization.xml:1333(para)
5346
#: serverguide/C/virtualization.xml:1334(para)
5350
#: serverguide/C/virtualization.xml:1335(para)
5351
msgid "Additional memory means more, and larger guests."
5354
#: serverguide/C/virtualization.xml:1340(para)
5355
msgid "7200 RPM SATA or SCSI"
5358
#: serverguide/C/virtualization.xml:1341(para)
5360
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5364
#: serverguide/C/virtualization.xml:1346(para)
5368
#: serverguide/C/virtualization.xml:1347(para)
5370
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5374
#: serverguide/C/virtualization.xml:1363(title)
5375
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5378
#: serverguide/C/virtualization.xml:1367(para)
5379
msgid "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
5382
#: serverguide/C/virtualization.xml:1372(para) serverguide/C/virtualization.xml:1418(para)
5384
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5387
#: serverguide/C/virtualization.xml:1377(para)
5389
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5390
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5393
#: serverguide/C/virtualization.xml:1383(para)
5395
"It will ask two other cloud-specific questions during the course of the "
5399
#: serverguide/C/virtualization.xml:1388(para)
5400
msgid "Name of your cluster."
5403
#: serverguide/C/virtualization.xml:1391(para)
5404
msgid "e.g. <emphasis>cluster1</emphasis>."
5407
#: serverguide/C/virtualization.xml:1394(para)
5409
"A range of public IP addresses on the LAN that the cloud can allocate to "
5413
#: serverguide/C/virtualization.xml:1397(para)
5414
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5417
#: serverguide/C/virtualization.xml:1405(title)
5418
msgid "Installing the Node Controller(s)"
5421
#: serverguide/C/virtualization.xml:1407(para)
5423
"The node controller install is even simpler. Just make sure that you are "
5424
"connected to the network on which the cloud/cluster controller is already "
5428
#: serverguide/C/virtualization.xml:1413(para)
5429
msgid "Boot from the same ISO on the node(s)."
5432
#: serverguide/C/virtualization.xml:1423(para)
5433
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5436
#: serverguide/C/virtualization.xml:1428(para)
5438
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5442
#: serverguide/C/virtualization.xml:1433(para)
5443
msgid "Confirm the partitioning scheme."
5446
#: serverguide/C/virtualization.xml:1438(para)
5448
"The rest of the installation should proceed uninterrupted; complete the "
5449
"installation and reboot the node."
5452
#: serverguide/C/virtualization.xml:1446(title)
5453
msgid "Register the Node(s)"
5456
#: serverguide/C/virtualization.xml:1448(para)
5458
"Nodes are the physical systems within <application>UEC</application> that "
5459
"actually run the virtual machine instances of the cloud."
5462
#: serverguide/C/virtualization.xml:1452(para)
5464
"Once one or more Ubuntu Server node(s) are installed and running the "
5465
"<application>eucalyptus-nc</application> service, log onto the "
5466
"<emphasis>Cloud Controller (CLC)</emphasis> and run:"
5469
#: serverguide/C/virtualization.xml:1458(command)
5470
msgid "sudo euca_conf --no-rsync --discover-nodes"
5473
#: serverguide/C/virtualization.xml:1461(para)
5475
"This will discover the systems on the network running the "
5476
"<application>eucalyptus-nc</application> service, and the administrator can "
5477
"confirm the registration of each node by its IP address."
5480
#: serverguide/C/virtualization.xml:1467(para)
5482
"If you get prompted for passwords, or receive errors from scp, you may need "
5483
"to revisit the key synchronization instructions at <ulink "
5484
"url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
5488
#: serverguide/C/virtualization.xml:1475(title)
5489
msgid "Obtain Credentials"
5492
#: serverguide/C/virtualization.xml:1477(para)
5494
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5495
"users of the cloud will need to retrieve their credentials. This can be done "
5496
"either through a web browser, or at the command line."
5499
#: serverguide/C/virtualization.xml:1483(title)
5500
msgid "From a Web Browser"
5503
#: serverguide/C/virtualization.xml:1487(para)
5505
"From your web browser (either remotely or on your Ubuntu server) access the "
5509
#: serverguide/C/virtualization.xml:1490(programlisting) serverguide/C/virtualization.xml:1743(programlisting)
5513
"https://<cloud-controller-ip-address>:8443/\n"
5516
#: serverguide/C/virtualization.xml:1495(para)
5518
"You must use a secure connection, so make sure you use \"https\" not "
5519
"\"http\" in your URL. You will get a security certificate warning. You will "
5520
"have to add an exception to view the page. If you do not accept it you will "
5521
"not be able to view the Eucalyptus configuration page."
5524
#: serverguide/C/virtualization.xml:1503(para)
5526
"Use username <emphasis>'admin'</emphasis> and password "
5527
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5528
"to change your password)."
5531
#: serverguide/C/virtualization.xml:1509(para)
5533
"Then follow the on-screen instructions to update the admin password and "
5537
#: serverguide/C/virtualization.xml:1514(para)
5539
"Once the first time configuration process is completed, click the "
5540
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5544
#: serverguide/C/virtualization.xml:1520(para)
5546
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5550
#: serverguide/C/virtualization.xml:1525(para)
5551
msgid "Save them to <filename>~/.euca</filename>."
5554
#: serverguide/C/virtualization.xml:1530(para)
5556
"Unzip the downloaded zip file into a safe location "
5557
"(<filename>~/.euca</filename>)."
5560
#: serverguide/C/virtualization.xml:1534(command)
5561
msgid "unzip -d ~/.euca mycreds.zip"
5564
#: serverguide/C/virtualization.xml:1541(title)
5565
msgid "From a Command Line"
5568
#: serverguide/C/virtualization.xml:1545(para)
5570
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5571
"Controller</emphasis>, you can run:"
5574
#: serverguide/C/virtualization.xml:1549(command)
5575
msgid "mkdir -p ~/.euca"
5578
#: serverguide/C/virtualization.xml:1550(command)
5579
msgid "chmod 700 ~/.euca"
5582
#: serverguide/C/virtualization.xml:1551(command)
5586
#: serverguide/C/virtualization.xml:1552(command)
5587
msgid "sudo euca_conf --get-credentials mycreds.zip"
5590
#: serverguide/C/virtualization.xml:1553(command)
5591
msgid "unzip mycreds.zip"
5594
#: serverguide/C/virtualization.xml:1554(command)
5598
#: serverguide/C/virtualization.xml:1561(title)
5599
msgid "Extracting and Using Your Credentials"
5602
#: serverguide/C/virtualization.xml:1563(para)
5604
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5608
#: serverguide/C/virtualization.xml:1569(para)
5610
"Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
5611
"Eucalyptus environment:"
5614
#: serverguide/C/virtualization.xml:1573(command) serverguide/C/virtualization.xml:1600(command)
5615
msgid ". ~/.euca/eucarc"
5618
#: serverguide/C/virtualization.xml:1577(para)
5620
"You may additionally wish to add this command to your "
5621
"<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
5622
"set up automatically when you log in. Eucalyptus treats this set of "
5623
"credentials as <emphasis>'administrator'</emphasis> credentials that allow "
5624
"the holder global privileges across the cloud. As such, they should be "
5625
"protected in the same way that other elevated-priority access is protected "
5626
"(e.g. should not be made visible to the general user population)."
5629
#: serverguide/C/virtualization.xml:1584(command)
5631
"echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
5634
#: serverguide/C/virtualization.xml:1588(para)
5635
msgid "Install the required cloud user tools:"
5638
#: serverguide/C/virtualization.xml:1592(command)
5639
msgid "sudo apt-get install euca2ools"
5642
#: serverguide/C/virtualization.xml:1596(para)
5644
"To validate that everything is working correctly, get the local cluster "
5645
"availability details:"
5648
#: serverguide/C/virtualization.xml:1601(command)
5649
msgid "euca-describe-availability-zones verbose"
5652
#: serverguide/C/virtualization.xml:1602(computeroutput)
5655
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5656
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5657
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5658
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5659
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5660
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5661
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5664
#: serverguide/C/virtualization.xml:1612(para)
5665
msgid "Your output from the above command will vary."
5668
#: serverguide/C/virtualization.xml:1622(title)
5669
msgid "Running an Image"
5672
#: serverguide/C/virtualization.xml:1624(para)
5673
msgid "There are multiple ways to instantiate an image in UEC:"
5676
#: serverguide/C/virtualization.xml:1629(para)
5677
msgid "Use the command line."
5680
#: serverguide/C/virtualization.xml:1630(para)
5682
"Use one of the UEC compatible management tools such as "
5683
"<emphasis>Landscape</emphasis>."
5686
#: serverguide/C/virtualization.xml:1632(para)
5689
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5690
"extension to Firefox."
5693
#: serverguide/C/virtualization.xml:1638(para)
5694
msgid "Here we will describe the process from the command line:"
5697
#: serverguide/C/virtualization.xml:1644(para)
5699
"Before running an instance of your image, you should first create a "
5700
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5701
"instance as root, once it boots. The key is stored, so you will only have to "
5705
#: serverguide/C/virtualization.xml:1648(para)
5706
msgid "Run the following command:"
5709
#: serverguide/C/virtualization.xml:1651(programlisting)
5713
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5714
" touch ~/.euca/mykey.priv\n"
5715
" chmod 0600 ~/.euca/mykey.priv\n"
5716
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5720
#: serverguide/C/virtualization.xml:1659(para)
5722
"You can call your key whatever you like (in this example, the key is called "
5723
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5724
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5725
"a list of created keys stored in the system."
5728
#: serverguide/C/virtualization.xml:1666(para)
5729
msgid "You must also allow access to port 22 in your instances:"
5732
#: serverguide/C/virtualization.xml:1670(command)
5733
msgid "euca-describe-groups"
5736
#: serverguide/C/virtualization.xml:1671(command)
5737
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5740
#: serverguide/C/virtualization.xml:1675(para)
5741
msgid "Next, you can create instances of your registered image:"
5744
#: serverguide/C/virtualization.xml:1679(command)
5745
msgid "euca-run-instances $EMI -k mykey -t c1.medium"
5748
#: serverguide/C/virtualization.xml:1682(para)
5750
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5751
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5752
"on the <emphasis>Store</emphasis> page to see the sample command."
5755
#: serverguide/C/virtualization.xml:1689(para)
5757
"The first time you run an instance, the system will be setting up caches for "
5758
"the image from which it will be created. This can often take some time the "
5759
"first time an instance is run given that VM images are usually quite large."
5762
#: serverguide/C/virtualization.xml:1693(para)
5763
msgid "To monitor the state of your instance, run:"
5766
#: serverguide/C/virtualization.xml:1697(command)
5767
msgid "watch -n5 euca-describe-instances"
5770
#: serverguide/C/virtualization.xml:1699(para)
5772
"In the output, you should see information about the instance, including its "
5773
"state. While first-time caching is being performed, the instance's state "
5774
"will be <emphasis>'pending'</emphasis>."
5777
#: serverguide/C/virtualization.xml:1705(para)
5779
"When the instance is fully started, the above state will become "
5780
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5781
"instance in the output, then connect to it:"
5784
#: serverguide/C/virtualization.xml:1710(command)
5786
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5790
#: serverguide/C/virtualization.xml:1711(command)
5791
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5794
#: serverguide/C/virtualization.xml:1715(para)
5796
"And when you are done with this instance, exit your SSH connection, then "
5797
"terminate your instance:"
5800
#: serverguide/C/virtualization.xml:1719(command)
5802
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
5806
#: serverguide/C/virtualization.xml:1720(command)
5807
msgid "euca-terminate-instances $INSTANCEID"
5810
#: serverguide/C/virtualization.xml:1727(title)
5811
msgid "Install an Image from the Store"
5814
#: serverguide/C/virtualization.xml:1729(para)
5816
"The following is by far the simplest way to install an image. However, "
5817
"advanced users may be interested in learning how to <ulink "
5818
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5819
"own image</ulink>."
5822
#: serverguide/C/virtualization.xml:1734(para)
5824
"The simplest way to add an image to <application>UEC</application> is to "
5825
"install it from the Image Store on the UEC web interface."
5828
#: serverguide/C/virtualization.xml:1740(para)
5830
"Access the web interface at the following URL (Make sure you specify https):"
5833
#: serverguide/C/virtualization.xml:1748(para)
5835
"Enter your login and password (if requested, as you may still be logged in "
5839
#: serverguide/C/virtualization.xml:1753(para)
5840
msgid "Click on the <emphasis>Store</emphasis> tab."
5843
#: serverguide/C/virtualization.xml:1758(para)
5844
msgid "Browse available images."
5847
#: serverguide/C/virtualization.xml:1763(para)
5848
msgid "Click on <emphasis>install</emphasis> for the image you want."
5851
#: serverguide/C/virtualization.xml:1769(para)
5853
"Once the image has been downloaded and installed, you can click on "
5854
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5855
"button to view the command to execute to instantiate (start) this image. The "
5856
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5860
#: serverguide/C/virtualization.xml:1777(title) serverguide/C/dns.xml:619(title)
5861
msgid "More Information"
5864
#: serverguide/C/virtualization.xml:1779(para)
5866
"How to use the <ulink "
5867
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
5868
"Controller</ulink>"
5871
#: serverguide/C/virtualization.xml:1783(para)
5872
msgid "Controlling eucalyptus services:"
5875
#: serverguide/C/virtualization.xml:1788(para)
5877
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
5880
#: serverguide/C/virtualization.xml:1789(para)
5881
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
5884
#: serverguide/C/virtualization.xml:1792(para)
5885
msgid "Locations of some important files:"
5888
#: serverguide/C/virtualization.xml:1799(emphasis)
5892
#: serverguide/C/virtualization.xml:1802(para)
5893
msgid "/var/log/eucalyptus"
5896
#: serverguide/C/virtualization.xml:1807(emphasis)
5897
msgid "Configuration files:"
5900
#: serverguide/C/virtualization.xml:1810(para)
5901
msgid "/etc/eucalyptus"
5904
#: serverguide/C/virtualization.xml:1815(emphasis)
5908
#: serverguide/C/virtualization.xml:1818(para)
5909
msgid "/var/lib/eucalyptus/db"
5912
#: serverguide/C/virtualization.xml:1823(emphasis)
5916
#: serverguide/C/virtualization.xml:1826(para)
5917
msgid "/var/lib/eucalyptus"
5920
#: serverguide/C/virtualization.xml:1827(para)
5921
msgid "/var/lib/eucalyptus/.ssh"
5924
#: serverguide/C/virtualization.xml:1833(para)
5926
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
5927
"running the client tools."
5930
#: serverguide/C/virtualization.xml:1844(para)
5196
5932
"For information on loading instances see the <ulink "
5197
5933
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
5201
#: serverguide/C/virtualization.xml:1317(para)
5937
#: serverguide/C/virtualization.xml:1849(para)
5939
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
5940
"documentation, downloads)</ulink>."
5943
#: serverguide/C/virtualization.xml:1854(para)
5945
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
5946
"(bugs, code)</ulink>."
5949
#: serverguide/C/virtualization.xml:1859(para)
5952
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
5953
"ptus Troubleshooting (1.5)</ulink>."
5956
#: serverguide/C/virtualization.xml:1864(para)
5958
"<ulink url=\"http://support.rightscale.com/2._References/02-"
5959
"Cloud_Infrastructures/Eucalyptus/03-"
5960
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
5961
"RightScale</ulink>."
5964
#: serverguide/C/virtualization.xml:1870(para)
5203
5966
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
5204
5967
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
5205
5968
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
5208
#: serverguide/C/virtualization.xml:1327(title)
5971
#: serverguide/C/virtualization.xml:1879(title)
5975
#: serverguide/C/virtualization.xml:1881(para)
5977
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
5978
"unfamiliar to some readers. This page is intended to provide a glossary of "
5979
"such terms and acronyms."
5982
#: serverguide/C/virtualization.xml:1888(para)
5984
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
5985
"computing resources through virtual machines, provisioned and recollected "
5989
#: serverguide/C/virtualization.xml:1894(para)
5991
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
5992
"provides the web UI (an https server on port 8443), and implements the "
5993
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
5994
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
5995
"cloud</application> package."
5998
#: serverguide/C/virtualization.xml:1901(para)
6000
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6001
"Cluster Controller. There can be more than one Cluster in an installation of "
6002
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6006
#: serverguide/C/virtualization.xml:1907(para)
6008
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6009
"manages collections of node resources. This service is provided by the "
6010
"Ubuntu <application>eucalyptus-cc</application> package."
6013
#: serverguide/C/virtualization.xml:1913(para)
6014
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6017
#: serverguide/C/virtualization.xml:1918(para)
6019
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6020
"pay-by-the-gigabyte public cloud computing offering."
6023
#: serverguide/C/virtualization.xml:1923(para)
6024
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6027
#: serverguide/C/virtualization.xml:1928(para)
6028
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6031
#: serverguide/C/virtualization.xml:1933(para)
6032
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6035
#: serverguide/C/virtualization.xml:1938(para)
6037
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6038
"Linking Your Programs To Useful Systems. An open source project originally "
6039
"from the University of California at Santa Barbara, now supported by "
6040
"Eucalyptus Systems, a Canonical Partner."
6043
#: serverguide/C/virtualization.xml:1945(para)
6045
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6046
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6047
"cluster controller)."
6050
#: serverguide/C/virtualization.xml:1951(para)
6052
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6053
"running virtual machines, running a node controller. Within Ubuntu, this "
6054
"generally means that the CPU has VT extensions, and can run the KVM "
6058
#: serverguide/C/virtualization.xml:1957(para)
6060
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6061
"on nodes which host the virtual machines that comprise the cloud. This "
6062
"service is provided by the Ubuntu package <application>eucalyptus-"
6066
#: serverguide/C/virtualization.xml:1963(para)
6068
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6069
"gigabyte persistent storage solution for EC2."
6072
#: serverguide/C/virtualization.xml:1968(para)
6074
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6075
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6076
"installation can have its own Storage Controller. This component is provided "
6077
"by the <application>eucalyptus-sc</application> package."
6080
#: serverguide/C/virtualization.xml:1975(para)
6082
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6083
"solution, based on Eucalyptus."
6086
#: serverguide/C/virtualization.xml:1980(para)
6087
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6090
#: serverguide/C/virtualization.xml:1985(para)
6092
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6093
"some modern CPUs, allowing for accelerated virtual machine hosting."
6096
#: serverguide/C/virtualization.xml:1990(para)
6098
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6099
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6100
"put/get abstractions."
6103
#: serverguide/C/virtualization.xml:2000(title)
5209
6104
msgid "OpenNebula"
5212
#: serverguide/C/virtualization.xml:1329(para)
6107
#: serverguide/C/virtualization.xml:2002(para)
5214
6109
"<application>OpenNebula</application> allows virtual machines to be placed "
5215
6110
"and re-placed dynamically on a pool of physical resources. This allows a "
5216
6111
"virtual machine to be hosted from any location available."
5219
#: serverguide/C/virtualization.xml:1334(para)
6114
#: serverguide/C/virtualization.xml:2007(para)
5221
6116
"This section will detail configuring an OpenNebula cluster using three "
5222
6117
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
7594
8407
"<application>apparmor-profiles</application> package."
7597
#: serverguide/C/security.xml:974(para)
8410
#: serverguide/C/security.xml:921(para)
7599
8412
"To install the <application>apparmor-profiles</application> package from a "
7600
8413
"terminal prompt:"
7603
#: serverguide/C/security.xml:980(para)
8416
#: serverguide/C/security.xml:927(para)
7604
8417
msgid "AppArmor profiles have two modes of execution:"
7607
#: serverguide/C/security.xml:985(para)
8420
#: serverguide/C/security.xml:932(para)
7609
8422
"Complaining/Learning: profile violations are permitted and logged. Useful "
7610
8423
"for testing and developing new profiles."
7613
#: serverguide/C/security.xml:990(para)
8426
#: serverguide/C/security.xml:937(para)
7615
8428
"Enforced/Confined: enforces profile policy as well as logging the violation."
7618
#: serverguide/C/security.xml:996(title)
8431
#: serverguide/C/security.xml:943(title)
7619
8432
msgid "Using AppArmor"
7622
#: serverguide/C/security.xml:997(para)
8435
#: serverguide/C/security.xml:944(para)
7624
8437
"The <application>apparmor-utils</application> package contains command line "
7625
8438
"utilities that you can use to change the <application>AppArmor</application> "
7626
8439
"execution mode, find the status of a profile, create new profiles, etc."
7629
#: serverguide/C/security.xml:1003(para)
8442
#: serverguide/C/security.xml:950(para)
7631
8444
"<application>apparmor_status</application> is used to view the current "
7632
8445
"status of AppArmor profiles."
7635
#: serverguide/C/security.xml:1007(command)
8448
#: serverguide/C/security.xml:954(command)
7636
8449
msgid "sudo apparmor_status"
7639
#: serverguide/C/security.xml:1011(para)
8452
#: serverguide/C/security.xml:958(para)
7641
8454
"<application>aa-complain</application> places a profile into "
7642
8455
"<emphasis>complain</emphasis> mode."
7645
#: serverguide/C/security.xml:1015(command)
8458
#: serverguide/C/security.xml:962(command)
7646
8459
msgid "sudo aa-complain /path/to/bin"
7649
#: serverguide/C/security.xml:1019(para)
8462
#: serverguide/C/security.xml:966(para)
7651
8464
"<application>aa-enforce</application> places a profile into "
7652
8465
"<emphasis>enforce</emphasis> mode."
7655
#: serverguide/C/security.xml:1023(command)
8468
#: serverguide/C/security.xml:970(command)
7656
8469
msgid "sudo aa-enforce /path/to/bin"
7659
#: serverguide/C/security.xml:1027(para)
8472
#: serverguide/C/security.xml:974(para)
7661
8474
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7662
8475
"profiles are located. It can be used to manipulate the "
7663
8476
"<emphasis>mode</emphasis> of all profiles."
7666
#: serverguide/C/security.xml:1031(para)
8479
#: serverguide/C/security.xml:978(para)
7667
8480
msgid "Enter the following to place all profiles into complain mode:"
7670
#: serverguide/C/security.xml:1035(command)
8483
#: serverguide/C/security.xml:982(command)
7671
8484
msgid "sudo aa-complain /etc/apparmor.d/*"
7674
#: serverguide/C/security.xml:1037(para)
8487
#: serverguide/C/security.xml:984(para)
7675
8488
msgid "To place all profiles in enforce mode:"
7678
#: serverguide/C/security.xml:1041(command)
8491
#: serverguide/C/security.xml:988(command)
7679
8492
msgid "sudo aa-enforce /etc/apparmor.d/*"
7682
#: serverguide/C/security.xml:1045(para)
8495
#: serverguide/C/security.xml:992(para)
7684
8497
"<application>apparmor_parser</application> is used to load a profile into "
7685
8498
"the kernel. It can also be used to reload a currently loaded profile using "
7686
8499
"the <emphasis>-r</emphasis> option. To load a profile:"
7689
#: serverguide/C/security.xml:1050(command) serverguide/C/security.xml:1082(command)
8502
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7690
8503
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7693
#: serverguide/C/security.xml:1052(para)
8506
#: serverguide/C/security.xml:999(para)
7694
8507
msgid "To reload a profile:"
7697
#: serverguide/C/security.xml:1056(command)
8510
#: serverguide/C/security.xml:1003(command)
7698
8511
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7701
#: serverguide/C/security.xml:1060(para)
8514
#: serverguide/C/security.xml:1007(para)
7703
8516
"<filename>/etc/init.d/apparmor</filename> can be used to "
7704
8517
"<emphasis>reload</emphasis> all profiles:"
7707
#: serverguide/C/security.xml:1064(command)
8520
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:632(command)
7708
8521
msgid "sudo /etc/init.d/apparmor reload"
7711
#: serverguide/C/security.xml:1068(para)
8524
#: serverguide/C/security.xml:1015(para)
7713
8526
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7714
8527
"with the <application>apparmor_parser -R</application> option to "
7715
8528
"<emphasis>disable</emphasis> a profile."
7718
#: serverguide/C/security.xml:1073(command)
8531
#: serverguide/C/security.xml:1020(command)
7719
8532
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7722
#: serverguide/C/security.xml:1074(command)
8535
#: serverguide/C/security.xml:1021(command)
7723
8536
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7726
#: serverguide/C/security.xml:1076(para)
8539
#: serverguide/C/security.xml:1023(para)
7728
8541
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7729
8542
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7730
8543
"load the profile using the <emphasis>-a</emphasis> option."
7733
#: serverguide/C/security.xml:1081(command)
8546
#: serverguide/C/security.xml:1028(command)
7734
8547
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7737
#: serverguide/C/security.xml:1086(para)
8550
#: serverguide/C/security.xml:1033(para)
7739
8552
"<application>AppArmor</application> can be disabled, and the kernel module "
7740
8553
"unloaded by entering the following:"
7743
#: serverguide/C/security.xml:1090(command)
8556
#: serverguide/C/security.xml:1037(command)
7744
8557
msgid "sudo /etc/init.d/apparmor stop"
7747
#: serverguide/C/security.xml:1091(command)
8560
#: serverguide/C/security.xml:1038(command)
7748
8561
msgid "sudo update-rc.d -f apparmor remove"
7751
#: serverguide/C/security.xml:1095(para)
8564
#: serverguide/C/security.xml:1042(para)
7752
8565
msgid "To re-enable <application>AppArmor</application> enter:"
7755
#: serverguide/C/security.xml:1099(command)
8568
#: serverguide/C/security.xml:1046(command)
7756
8569
msgid "sudo /etc/init.d/apparmor start"
7759
#: serverguide/C/security.xml:1100(command)
8572
#: serverguide/C/security.xml:1047(command)
7760
8573
msgid "sudo update-rc.d apparmor defaults"
7763
#: serverguide/C/security.xml:1105(para)
8576
#: serverguide/C/security.xml:1052(para)
7765
8578
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7766
8579
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8605
9418
"other users on the system."
8608
#: serverguide/C/security.xml:1845(para)
9421
#: serverguide/C/security.xml:1792(para)
8610
9423
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8611
9424
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8615
#: serverguide/C/security.xml:1851(para)
9428
#: serverguide/C/security.xml:1798(para)
8617
9430
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8618
9431
"kernel keyring."
8621
#: serverguide/C/security.xml:1856(para)
9434
#: serverguide/C/security.xml:1803(para)
8623
9436
"<emphasis>ecryptfs-manager:</emphasis> manages "
8624
9437
"<application>eCryptfs</application> objects such as keys."
8627
#: serverguide/C/security.xml:1861(para)
9440
#: serverguide/C/security.xml:1808(para)
8629
9442
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8630
9443
"<application>ecryptfs</application> meta information for a file."
8633
#: serverguide/C/security.xml:1874(para)
9446
#: serverguide/C/security.xml:1821(para)
8635
9448
"For more information on eCryptfs see the <ulink "
8636
"url=\"https://launchpad.net/ecryptfs\">Launch Pad project page</ulink>"
9449
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8639
#: serverguide/C/security.xml:1879(para)
9452
#: serverguide/C/security.xml:1826(para)
8641
9454
"There is also a <ulink "
8642
9455
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8643
9456
"article covering eCryptfs."
8646
#: serverguide/C/security.xml:1884(para)
9459
#: serverguide/C/security.xml:1831(para)
8648
9461
"Also, for more <application>ecryptfs</application> options see the <ulink "
8649
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/ecryptfs.7.html\">ec"
8650
"ryptfs man page</ulink>."
9462
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
9463
"yptfs man page</ulink>."
9466
#: serverguide/C/security.xml:1837(para)
9468
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9469
"Ubuntu Wiki</ulink> page also has more details."
9472
#: serverguide/C/reporting-bugs.xml:13(title)
9476
#: serverguide/C/reporting-bugs.xml:16(title)
9477
msgid "Reporting Bugs in Ubuntu Server Edition"
9480
#: serverguide/C/reporting-bugs.xml:18(para)
9482
"While the Ubuntu Project attempts to release software with as few bugs as "
9483
"possible, they do occur. You can help fix these bugs by reporting ones that "
9484
"you find to the project. The Ubuntu Project uses <ulink "
9485
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9486
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9487
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9491
#: serverguide/C/reporting-bugs.xml:30(title)
9492
msgid "Reporting Bugs With ubuntu-bug"
9495
#: serverguide/C/reporting-bugs.xml:32(para)
9497
"The preferred way to report a bug is with the <application>ubuntu-"
9498
"bug</application> command. The ubuntu-bug tool gathers information about the "
9499
"system useful to developers in diagnosing the reported problem that will "
9500
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9501
"need to be filed against a specific software package, thus the name of the "
9502
"package that the bug occurs in needs to be given to ubuntu-bug:"
9505
#: serverguide/C/reporting-bugs.xml:43(command)
9506
msgid "ubuntu-bug PACKAGENAME"
9509
#: serverguide/C/reporting-bugs.xml:46(para)
9511
"For example, to file a bug against the openssh-server package, you would do:"
9514
#: serverguide/C/reporting-bugs.xml:51(command)
9515
msgid "ubuntu-bug openssh-server"
9518
#: serverguide/C/reporting-bugs.xml:54(para)
9520
"You can specify either a binary package or the source package for ubuntu-"
9521
"bug. Again using openssh-server as an example, you could also generate the "
9522
"report against the source package for openssh-server, openssh:"
9525
#: serverguide/C/reporting-bugs.xml:62(command)
9526
msgid "ubuntu-bug openssh"
9529
#: serverguide/C/reporting-bugs.xml:66(para)
9531
"See <xref linkend=\"package-management\"/> for more information about "
9532
"packages in Ubuntu."
9535
#: serverguide/C/reporting-bugs.xml:72(para)
9537
"The ubuntu-bug command will gather information about the system in question, "
9538
"possibly including information specific to the specified package, and then "
9539
"ask you what you would like to do with collected information:"
9542
#: serverguide/C/reporting-bugs.xml:80(command)
9543
msgid "ubuntu-bug postgresql"
9546
#: serverguide/C/reporting-bugs.xml:79(screen)
9550
"<placeholder-1/>\n"
9552
"*** Collecting problem information\n"
9554
"The collected information can be sent to the developers to improve the\n"
9555
"application. This might take a few minutes.\n"
9558
"*** Send problem report to the developers?\n"
9560
"After the problem report has been sent, please fill out the form in the\n"
9561
"automatically opened web browser.\n"
9563
"What would you like to do? Your options are:\n"
9564
" S: Send report (1.7 KiB)\n"
9566
" K: Keep report file for sending later or copying to somewhere else\n"
9568
"Please choose (S/V/K/C):\n"
9571
#: serverguide/C/reporting-bugs.xml:101(para)
9572
msgid "The options available are:"
9575
#: serverguide/C/reporting-bugs.xml:108(para)
9577
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9578
"the collected information to Launchpad as part of the the process of filing "
9579
"a bug report. You will be given the opportunity to describe the situation "
9580
"that led up to the occurrance of the bug."
9583
#: serverguide/C/reporting-bugs.xml:115(screen)
9587
"*** Uploading problem information\n"
9589
"The collected information is being sent to the bug tracking system.\n"
9590
"This might take a few minutes.\n"
9593
"*** To continue, you must visit the following URL:\n"
9595
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9596
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9598
"You can launch a browser now, or copy this URL into a browser on another\n"
9602
" 1: Launch a browser now\n"
9604
"Please choose (1/C):\n"
9607
#: serverguide/C/reporting-bugs.xml:135(para)
9609
"If you choose to start a browser, by default the text based web browser "
9610
"<application>w3m</application> will be used to finish filing the bug report. "
9611
"Alternately, you can copy the given URL to a currently running web browser."
9614
#: serverguide/C/reporting-bugs.xml:144(para)
9616
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9617
"the collected information to be displayed to the terminal for review."
9620
#: serverguide/C/reporting-bugs.xml:150(screen)
9624
"Package: postgresql 8.4.2-2\n"
9625
"PackageArchitecture: all\n"
9627
"ProblemType: Bug\n"
9629
" LANG=en_US.UTF-8\n"
9630
" SHELL=/bin/bash\n"
9631
"Uname: Linux 2.6.32-16-server x86_64\n"
9633
" adduser 3.112ubuntu1\n"
9634
" base-files 5.0.0ubuntu10\n"
9635
" base-passwd 3.5.22\n"
9636
" coreutils 7.4-2ubuntu2\n"
9640
#: serverguide/C/reporting-bugs.xml:167(para)
9642
"After viewing the report, you will be brought back to the same menu asking "
9643
"what you would like to do with the report."
9646
#: serverguide/C/reporting-bugs.xml:174(para)
9648
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9649
"File causes the gathered information to be written to a file. This file can "
9650
"then be used to later file a bug report or transferred to a different Ubuntu "
9651
"system for reporting. To submit the report file, simply give it as an "
9652
"argument to the ubuntu-bug command:"
9655
#: serverguide/C/reporting-bugs.xml:189(userinput)
9660
#: serverguide/C/reporting-bugs.xml:192(command)
9661
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9664
#: serverguide/C/reporting-bugs.xml:183(screen)
9668
"What would you like to do? Your options are:\n"
9669
" S: Send report (1.7 KiB)\n"
9671
" K: Keep report file for sending later or copying to somewhere else\n"
9673
"Please choose (S/V/K/C): <placeholder-1/>\n"
9674
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9676
"<placeholder-2/>\n"
9678
"*** Send problem report to the developers?\n"
9682
#: serverguide/C/reporting-bugs.xml:200(para)
9684
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9685
"collected information to be discarded."
9688
#: serverguide/C/reporting-bugs.xml:210(title)
9689
msgid "Reporting Application Crashes"
9692
#: serverguide/C/reporting-bugs.xml:212(para)
9694
"The software package that provides the ubuntu-bug utility, "
9695
"<application>apport</application>, can be configured to trigger when "
9696
"applications crash. This is disabled by default, as capturing a crash can be "
9697
"resource intensive depending on how much memory the application that crashed "
9698
"was using as apport captures and processes the core dump."
9701
#: serverguide/C/reporting-bugs.xml:221(para)
9703
"Configuring apport to capture information about crashing applications "
9704
"requires a couple of steps. First, <application>gdb</application> needs to "
9705
"be installed; it is not installed by default in Ubuntu Server Edition."
9708
#: serverguide/C/reporting-bugs.xml:229(command)
9709
msgid "sudo apt-get install gdb"
9712
#: serverguide/C/reporting-bugs.xml:232(para)
9714
"See <xref linkend=\"package-management\"/> for more information about "
9715
"managing packages in Ubuntu."
9718
#: serverguide/C/reporting-bugs.xml:237(para)
9720
"Once you have ensured that gdb is installed, open the file "
9721
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9722
"<emphasis>enabled</emphasis> setting to be <emphasis "
9723
"role=\"bold\">1</emphasis> like so:"
9726
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9730
"# set this to 0 to disable apport, or to 1 to enable it\n"
9731
"# you can temporarily override this with\n"
9732
"# sudo service apport start force_start=1\n"
9733
"enabled=<userinput>1</userinput>\n"
9735
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9736
"maxsize=209715200\n"
9739
#: serverguide/C/reporting-bugs.xml:254(para)
9741
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9742
"start the apport service:"
9745
#: serverguide/C/reporting-bugs.xml:261(command)
9746
msgid "sudo start apport"
9749
#: serverguide/C/reporting-bugs.xml:264(para)
9751
"After an application crashes, use the <application>apport-cli</application> "
9752
"command to search for the existing saved crash report information:"
9755
#: serverguide/C/reporting-bugs.xml:271(command)
9759
#: serverguide/C/reporting-bugs.xml:270(screen)
9763
"<placeholder-1/>\n"
9765
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9767
"If you were not doing anything confidential (entering passwords or other\n"
9768
"private information), you can help to improve the application by\n"
9772
"What would you like to do? Your options are:\n"
9773
" R: Report Problem...\n"
9774
" I: Cancel and ignore future crashes of this program version\n"
9776
"Please choose (R/I/C):\n"
9779
#: serverguide/C/reporting-bugs.xml:287(para)
9781
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9782
"steps as when using ubuntu-bug. One important difference is that a crash "
9783
"report will be marked as private when filed on Launchpad, meaning that it "
9784
"will be visible to only a limited set of bug triagers. These triagers will "
9785
"review the gathered data for private information before making the bug "
9786
"report publicly visible."
9789
#: serverguide/C/reporting-bugs.xml:307(para)
9792
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9793
"Bugs</ulink> Ubuntu wiki page."
9796
#: serverguide/C/reporting-bugs.xml:313(para)
9798
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9799
"has some useful information. Though some of it pertains to using a GUI."
8653
9802
#: serverguide/C/remote-administration.xml:13(title)
9011
10166
"such as log files."
9014
#: serverguide/C/remote-administration.xml:304(para)
10169
#: serverguide/C/remote-administration.xml:317(para)
9016
10171
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
9019
#: serverguide/C/remote-administration.xml:309(para)
10174
#: serverguide/C/remote-administration.xml:322(para)
9021
10176
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
9022
10177
"when reporting bugs to the eBox developers."
9025
#: serverguide/C/remote-administration.xml:317(para)
10180
#: serverguide/C/remote-administration.xml:330(para)
9027
10182
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
9028
10183
"queried depending on the purge time configured."
9031
#: serverguide/C/remote-administration.xml:323(para)
10186
#: serverguide/C/remote-administration.xml:336(para)
9033
10188
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
9034
10189
"through rss, jabber, and log file."
9037
#: serverguide/C/remote-administration.xml:330(emphasis)
10192
#: serverguide/C/remote-administration.xml:343(emphasis)
9038
10193
msgid "Available Events:"
9041
#: serverguide/C/remote-administration.xml:334(para)
10196
#: serverguide/C/remote-administration.xml:347(para)
9043
10198
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
9044
10199
"drops below a configured percentage, 10% by default."
9047
#: serverguide/C/remote-administration.xml:340(para)
10202
#: serverguide/C/remote-administration.xml:353(para)
9049
"<emphasis>Log Observer:</emphasis> unfortunately this event does not work "
9050
"with the <application>eBox</application> version shipped with Ubuntu 7.10."
10204
"<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
10205
"has logged something."
9053
#: serverguide/C/remote-administration.xml:346(para)
10208
#: serverguide/C/remote-administration.xml:359(para)
9055
10210
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
9056
10211
"any issues arise."
9059
#: serverguide/C/remote-administration.xml:352(para)
10214
#: serverguide/C/remote-administration.xml:365(para)
9061
10216
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
9062
10217
"times in a short time period."
9065
#: serverguide/C/remote-administration.xml:358(para)
10220
#: serverguide/C/remote-administration.xml:371(para)
9067
10222
"<emphasis>State:</emphasis> alerts on the state of "
9068
10223
"<application>eBox</application>, either up or down."
9071
#: serverguide/C/remote-administration.xml:367(emphasis)
10226
#: serverguide/C/remote-administration.xml:380(emphasis)
9072
10227
msgid "Dispatchers:"
9075
#: serverguide/C/remote-administration.xml:371(para)
10230
#: serverguide/C/remote-administration.xml:384(para)
9077
10232
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
9078
10233
"<application>eBox</application> log file "
9079
10234
"<filename>/var/log/ebox/ebox.log</filename>."
9082
#: serverguide/C/remote-administration.xml:378(para)
10237
#: serverguide/C/remote-administration.xml:391(para)
9084
10239
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
9085
10240
"configure it by clicking on the <quote>Configure</quote> icon."
9088
#: serverguide/C/remote-administration.xml:384(para)
10243
#: serverguide/C/remote-administration.xml:397(para)
9090
10245
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
9091
10246
"subscribe to the link in order to view event alerts."
9094
#: serverguide/C/remote-administration.xml:397(title)
10249
#: serverguide/C/remote-administration.xml:410(title)
9095
10250
msgid "Additional Modules"
9098
#: serverguide/C/remote-administration.xml:398(para)
10253
#: serverguide/C/remote-administration.xml:411(para)
9100
10255
"Here is a quick description of other available "
9101
10256
"<application>eBox</application> modules:"
9104
#: serverguide/C/remote-administration.xml:403(para)
10259
#: serverguide/C/remote-administration.xml:416(para)
9106
10261
"<emphasis>Network:</emphasis> allows configuration of the server's network "
9107
10262
"options through eBox."
9110
#: serverguide/C/remote-administration.xml:409(para)
10265
#: serverguide/C/remote-administration.xml:422(para)
9112
10267
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
9115
#: serverguide/C/remote-administration.xml:414(para)
10270
#: serverguide/C/remote-administration.xml:427(para)
9117
10272
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
9118
10273
"groups contained in an <application>OpenLDAP</application> LDAP directory."
9121
#: serverguide/C/remote-administration.xml:420(para)
10276
#: serverguide/C/remote-administration.xml:433(para)
9123
10278
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
9127
#: serverguide/C/remote-administration.xml:425(para)
10282
#: serverguide/C/remote-administration.xml:438(para)
9129
10284
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
9130
10285
"server configuration options."
9133
#: serverguide/C/remote-administration.xml:431(para)
10288
#: serverguide/C/remote-administration.xml:444(para)
9135
10290
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
9136
10291
"Objects</emphasis>, which allow you to assign a name to an IP address or "
9137
10292
"group of IPs."
9140
#: serverguide/C/remote-administration.xml:438(para)
10295
#: serverguide/C/remote-administration.xml:451(para)
9142
10297
"<emphasis>Services:</emphasis> displays configuration information for "
9143
10298
"services that are available to the network."
9146
#: serverguide/C/remote-administration.xml:444(para)
10301
#: serverguide/C/remote-administration.xml:457(para)
9148
10303
"<emphasis>Squid:</emphasis> configuration options for the "
9149
10304
"<application>Squid</application> proxy server."
9152
#: serverguide/C/remote-administration.xml:450(para)
10307
#: serverguide/C/remote-administration.xml:463(para)
9154
10309
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
9157
#: serverguide/C/remote-administration.xml:455(para)
10312
#: serverguide/C/remote-administration.xml:468(para)
9158
10313
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
9161
#: serverguide/C/remote-administration.xml:460(para)
10316
#: serverguide/C/remote-administration.xml:473(para)
9162
10317
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
9165
#: serverguide/C/remote-administration.xml:465(para)
10320
#: serverguide/C/remote-administration.xml:478(para)
9166
10321
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
9169
#: serverguide/C/remote-administration.xml:470(para)
10324
#: serverguide/C/remote-administration.xml:483(para)
9171
10326
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
9172
10327
"Network application."
9175
#: serverguide/C/remote-administration.xml:481(para)
9177
"For more information see the <ulink url=\"http://ebox-platform.com/\">eBox "
9178
"Home Page</ulink>."
10330
#: serverguide/C/remote-administration.xml:494(para)
10332
"The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
10333
"Wiki</ulink> page has more details."
10336
#: serverguide/C/remote-administration.xml:499(para)
10338
"For more information also see the <ulink url=\"http://ebox-"
10339
"platform.com/\">eBox Home Page</ulink>."
9181
10342
#: serverguide/C/package-management.xml:13(title)
10161
11317
"Committed revision 2."
10164
#: serverguide/C/other-apps.xml:280(para)
11320
#: serverguide/C/other-apps.xml:241(para)
10166
11322
"For an example of how <application>etckeeper</application> tracks manual "
10167
11323
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
10168
11324
"<application>bzr</application> you can see which files have been modified:"
10171
#: serverguide/C/other-apps.xml:286(command)
11327
#: serverguide/C/other-apps.xml:247(command)
10172
11328
msgid "sudo bzr status /etc/"
10175
#: serverguide/C/other-apps.xml:287(computeroutput)
11331
#: serverguide/C/other-apps.xml:248(computeroutput)
10178
11334
"modified:\n"
10182
#: serverguide/C/other-apps.xml:291(para)
11338
#: serverguide/C/other-apps.xml:252(para)
10183
11339
msgid "Now commit the changes:"
10186
#: serverguide/C/other-apps.xml:296(command)
11342
#: serverguide/C/other-apps.xml:257(command)
10187
11343
msgid "sudo etckeeper commit \"new host\""
10190
#: serverguide/C/other-apps.xml:299(para)
11346
#: serverguide/C/other-apps.xml:260(para)
10192
11348
"For more information on <application>bzr</application> see <xref "
10193
11349
"linkend=\"bazaar\"/>."
10196
#: serverguide/C/other-apps.xml:305(title)
10197
msgid "Screen Profiles"
11352
#: serverguide/C/other-apps.xml:266(title)
10200
#: serverguide/C/other-apps.xml:307(para)
11356
#: serverguide/C/other-apps.xml:268(para)
10202
11358
"One of the most useful applications for any system administrator is "
10203
11359
"<application>screen</application>. It allows the execution of multiple "
10204
11360
"shells in one terminal. To make some of the advanced "
10205
11361
"<application>screen</application> features more user friendly, and provide "
10206
"some useful information about the system, the <application>screen-"
10207
"profiles</application> package was created."
11362
"some useful information about the system, the "
11363
"<application>byobu</application> package was created."
10210
#: serverguide/C/other-apps.xml:314(para)
11366
#: serverguide/C/other-apps.xml:275(para)
10212
"When executing <application>screen</application> for the first time you will "
10213
"be presented with the <application>screen-profiles-helper</application> "
10214
"menu. This menu will allow you to:"
11368
"When executing <application>byobu</application> pressing the "
11369
"<emphasis>F9</emphasis> key will bring up the "
11370
"<application>Configuration</application> menu. This menu will allow you to:"
10217
#: serverguide/C/other-apps.xml:320(para)
11373
#: serverguide/C/other-apps.xml:281(para)
10218
11374
msgid "View the Help menu"
10221
#: serverguide/C/other-apps.xml:321(para)
11377
#: serverguide/C/other-apps.xml:282(para)
11378
msgid "Change Byobu's background color"
11381
#: serverguide/C/other-apps.xml:283(para)
11382
msgid "Change Byobu's foreground color"
11385
#: serverguide/C/other-apps.xml:284(para)
11386
msgid "Toggle status notifications"
11389
#: serverguide/C/other-apps.xml:285(para)
10222
11390
msgid "Change the key binding set"
10225
#: serverguide/C/other-apps.xml:322(para)
10226
msgid "Change screen profiles"
10229
#: serverguide/C/other-apps.xml:323(para)
11393
#: serverguide/C/other-apps.xml:286(para)
10230
11394
msgid "Change the escape sequence"
10233
#: serverguide/C/other-apps.xml:324(para)
10234
msgid "Create new screen windows"
11397
#: serverguide/C/other-apps.xml:287(para)
11398
msgid "Create new windows"
10237
#: serverguide/C/other-apps.xml:325(para)
11401
#: serverguide/C/other-apps.xml:288(para)
10238
11402
msgid "Manage the default windows"
10241
#: serverguide/C/other-apps.xml:326(para)
10242
msgid "Install screen by default at login"
11405
#: serverguide/C/other-apps.xml:289(para)
11406
msgid "Byobu currently does not launch at login (toggle on)"
10245
#: serverguide/C/other-apps.xml:329(para)
11409
#: serverguide/C/other-apps.xml:292(para)
10247
11411
"The <emphasis>key bindings</emphasis> determine such things as the escape "
10248
11412
"sequence, new window, change window, etc. There are two key binding sets to "
10249
"choose from <emphasis>common</emphasis> and <emphasis>none</emphasis>. If "
10250
"you wish to use the original key bindings choose the "
11413
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11414
"keys</emphasis>. If you wish to use the original key bindings choose the "
10251
11415
"<emphasis>none</emphasis> set."
10254
#: serverguide/C/other-apps.xml:335(para)
10256
"The Ubuntu <application>screen-profiles</application> provide a menu which "
10257
"displays the Ubuntu release, processor information, memory information, and "
10258
"the time and date. The effect is similar to a desktop menu. When a profile "
10259
"is selected it will be symlinked to <filename>~/.screenrc</filename>. The "
10260
"<application>select-screen-profile</application> utility can also be used to "
10261
"change profiles, in a terminal enter:"
10264
#: serverguide/C/other-apps.xml:343(command)
10265
msgid "select-screen-profile -s ubuntu-light"
10268
#: serverguide/C/other-apps.xml:346(para)
10270
"The <emphasis>plain</emphasis> profile will change "
10271
"<application>screen</application> back to the defaults, which does not "
10272
"include the information menu at the bottom."
10275
#: serverguide/C/other-apps.xml:351(para)
10277
"Using the <emphasis>\"Install screen by default at login\"</emphasis> option "
10278
"will cause screen to be executed any time a terminal is opened. Changes made "
10279
"to <application>screen</application> are on a per user basis, and will not "
11418
#: serverguide/C/other-apps.xml:298(para)
11420
"<application>byobu</application> provides a menu which displays the Ubuntu "
11421
"release, processor information, memory information, and the time and date. "
11422
"The effect is similar to a desktop menu."
11425
#: serverguide/C/other-apps.xml:303(para)
11427
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11428
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11429
"executed any time a terminal is opened. Changes made to "
11430
"<application>byobu</application> are on a per user basis, and will not "
10280
11431
"affect other users on the system."
10283
#: serverguide/C/other-apps.xml:356(para)
11434
#: serverguide/C/other-apps.xml:309(para)
10285
"One difference when using screen is the <emphasis>scrollback</emphasis> "
10286
"mode. If you are using one of the Ubuntu profiles press the "
10287
"<emphasis>F7</emphasis>, or <emphasis>Ctrl+a+[</emphasis> if not, to enter "
10288
"scrollback mode. Scrollback mode allows you to navigate past output using "
10289
"<emphasis>vi</emphasis> like commands. Here is a quick list of movement "
11436
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11437
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11438
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11439
"commands. Here is a quick list of movement commands:"
10293
#: serverguide/C/other-apps.xml:363(para)
11442
#: serverguide/C/other-apps.xml:316(para)
10294
11443
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
10297
#: serverguide/C/other-apps.xml:364(para)
11446
#: serverguide/C/other-apps.xml:317(para)
10298
11447
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
10301
#: serverguide/C/other-apps.xml:365(para)
11450
#: serverguide/C/other-apps.xml:318(para)
10302
11451
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
10305
#: serverguide/C/other-apps.xml:366(para)
11454
#: serverguide/C/other-apps.xml:319(para)
10306
11455
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
10309
#: serverguide/C/other-apps.xml:367(para)
11458
#: serverguide/C/other-apps.xml:320(para)
10310
11459
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
10313
#: serverguide/C/other-apps.xml:368(para)
11462
#: serverguide/C/other-apps.xml:321(para)
10314
11463
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
10317
#: serverguide/C/other-apps.xml:369(para)
11466
#: serverguide/C/other-apps.xml:322(para)
10319
11468
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
10320
11469
"the buffer)"
10323
#: serverguide/C/other-apps.xml:370(para)
10324
msgid "<emphasis>C-u</emphasis> - Scrolls a half page up"
10327
#: serverguide/C/other-apps.xml:371(para)
10328
msgid "<emphasis>C-b</emphasis> - Scrolls a full page up"
10331
#: serverguide/C/other-apps.xml:372(para)
10332
msgid "<emphasis>C-d</emphasis> - Scrolls a half page down"
10335
#: serverguide/C/other-apps.xml:373(para)
10336
msgid "<emphasis>C-f</emphasis> - Scrolls the full page down"
10339
#: serverguide/C/other-apps.xml:374(para)
11472
#: serverguide/C/other-apps.xml:323(para)
10340
11473
msgid "<emphasis>/</emphasis> - Search forward"
10343
#: serverguide/C/other-apps.xml:375(para)
11476
#: serverguide/C/other-apps.xml:324(para)
10344
11477
msgid "<emphasis>?</emphasis> - Search backward"
10347
#: serverguide/C/other-apps.xml:376(para)
11480
#: serverguide/C/other-apps.xml:325(para)
10349
11482
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
10352
#: serverguide/C/other-apps.xml:385(para)
11485
#: serverguide/C/other-apps.xml:334(para)
10354
11487
"See the <ulink "
10355
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/update-"
10356
"motd.1.html\">update-motd man page</ulink> for more options available to "
11488
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
11489
"update-motd man page</ulink> for more options available to "
10357
11490
"<application>update-motd</application>."
10360
#: serverguide/C/other-apps.xml:391(para)
11493
#: serverguide/C/other-apps.xml:340(para)
10362
11495
"The Debian Package of the Day <ulink "
10363
11496
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
10410
11551
"discussion of popular network protocols."
10413
#: serverguide/C/network-config.xml:26(title)
11554
#: serverguide/C/network-config.xml:27(title)
10414
11555
msgid "Network Configuration"
10417
#: serverguide/C/network-config.xml:27(para)
11558
#: serverguide/C/network-config.xml:28(para)
10419
11560
"Ubuntu ships with a number of graphical utilities to configure your network "
10420
11561
"devices. This document is geared toward server administrators and will focus "
10421
11562
"on managing your network on the command line."
10424
#: serverguide/C/network-config.xml:33(title)
10428
#: serverguide/C/network-config.xml:34(para)
10430
"Most Ethernet configuration is centralized in a single file, "
10431
"<filename>/etc/network/interfaces</filename>. If you have no Ethernet "
10432
"devices, only the loopback interface will appear in this file, and it will "
10433
"look something like this:"
10436
#: serverguide/C/network-config.xml:40(programlisting)
10440
"# This file describes the network interfaces available on your system\n"
10441
"# and how to activate them. For more information, see interfaces(5).\n"
10443
"# The loopback network interface\n"
10445
"iface lo inet loopback\n"
10446
"address 127.0.0.1\n"
10447
"netmask 255.0.0.0\n"
10450
#: serverguide/C/network-config.xml:50(para)
10452
"If you have only one Ethernet device, eth0, and it gets its configuration "
10453
"from a DHCP server, and it should come up automatically at boot, only two "
10454
"additional lines are required:"
10457
#: serverguide/C/network-config.xml:55(programlisting)
11565
#: serverguide/C/network-config.xml:35(title)
11566
msgid "Ethernet Interfaces"
11569
#: serverguide/C/network-config.xml:36(para)
11571
"Ethernet interfaces are identified by the system using the naming convention "
11572
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11573
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11574
"interface is typically identified as <emphasis "
11575
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11576
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11580
#: serverguide/C/network-config.xml:46(title)
11581
msgid "Identify Ethernet Interfaces"
11584
#: serverguide/C/network-config.xml:47(para)
11586
"To quickly identify all available Ethernet interfaces, you can use the "
11587
"<application>ifconfig</application> command as shown below."
11590
#: serverguide/C/network-config.xml:52(userinput)
11592
msgid "ifconfig -a | grep eth"
11595
#: serverguide/C/network-config.xml:51(screen)
11599
"<placeholder-1/>\n"
11600
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11603
#: serverguide/C/network-config.xml:55(para)
11605
"Another application that can help identify all network interfaces available "
11606
"to your system is the <application>lshw</application> command. In the "
11607
"example below, <application>lshw</application> shows a single Ethernet "
11608
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11609
"along with bus information, driver details and all supported capabilities."
11612
#: serverguide/C/network-config.xml:62(userinput)
11614
msgid "sudo lshw -class network"
11617
#: serverguide/C/network-config.xml:61(screen)
11621
"<placeholder-1/>\n"
11623
" description: Ethernet interface\n"
11624
" product: BCM4401-B0 100Base-TX\n"
11625
" vendor: Broadcom Corporation\n"
11626
" physical id: 0\n"
11627
" bus info: pci@0000:03:00.0\n"
11628
" logical name: eth0\n"
11630
" serial: 00:15:c5:4a:16:5a\n"
11632
" capacity: 100MB/s\n"
11633
" width: 32 bits\n"
11635
" capabilities: (snipped for brevity)\n"
11636
" configuration: (snipped for brevity)\n"
11637
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11640
#: serverguide/C/network-config.xml:83(title)
11641
msgid "Ethernet Interface Logical Names"
11644
#: serverguide/C/network-config.xml:84(para)
11646
"Interface logical names are configured in the file "
11647
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11648
"like control which interface receives a particular logical name, find the "
11649
"line matching the interfaces physical MAC address and modify the value of "
11650
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11651
"Reboot the system to commit your changes."
11654
#: serverguide/C/network-config.xml:92(programlisting)
11658
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11659
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11660
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11661
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11662
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11663
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11666
#: serverguide/C/network-config.xml:99(title)
11667
msgid "Ethernet Interface Settings"
11670
#: serverguide/C/network-config.xml:100(para)
11672
"<application>ethtool</application> is a program that displays and changes "
11673
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11674
"and Wake-on-LAN. It is not installed by default, but is available for "
11675
"installation in the repositories."
11678
#: serverguide/C/network-config.xml:106(userinput)
11680
msgid "sudo apt-get install ethtool"
11683
#: serverguide/C/network-config.xml:108(para)
11685
"The following is an example of how to view supported features and configured "
11686
"settings of an Ethernet interface."
11689
#: serverguide/C/network-config.xml:113(userinput)
11691
msgid "sudo ethtool eth0"
11694
#: serverguide/C/network-config.xml:112(screen)
11698
"<placeholder-1/>\n"
11699
"Settings for eth0:\n"
11700
" Supported ports: [ TP ]\n"
11701
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11702
" 100baseT/Half 100baseT/Full \n"
11703
" 1000baseT/Half 1000baseT/Full \n"
11704
" Supports auto-negotiation: Yes\n"
11705
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11706
" 100baseT/Half 100baseT/Full \n"
11707
" 1000baseT/Half 1000baseT/Full \n"
11708
" Advertised auto-negotiation: Yes\n"
11709
" Speed: 1000Mb/s\n"
11711
" Port: Twisted Pair\n"
11713
" Transceiver: internal\n"
11714
" Auto-negotiation: on\n"
11715
" Supports Wake-on: g\n"
11717
" Current message level: 0x000000ff (255)\n"
11718
" Link detected: yes\n"
11721
#: serverguide/C/network-config.xml:135(para)
11723
"Changes made with the <application>ethtool</application> command are "
11724
"temporary and will be lost after a reboot. If you would like to retain "
11725
"settings, simply add the desired <application>ethtool</application> command "
11726
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11727
"configuration file <filename>/etc/network/interfaces</filename>."
11730
#: serverguide/C/network-config.xml:141(para)
11732
"The following is an example of how the interface identified as <emphasis "
11733
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11734
"speed of 1000Mb/s running in full duplex mode."
11737
#: serverguide/C/network-config.xml:145(programlisting)
11742
"iface eth0 inet static\n"
11743
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11746
#: serverguide/C/network-config.xml:151(para)
11748
"Although the example above shows the interface configured to use the "
11749
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11750
"other methods as well, such as DHCP. The example is meant to demonstrate "
11751
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11752
"statement in relation to the rest of the interface configuration."
11755
#: serverguide/C/network-config.xml:163(title)
11756
msgid "IP Addressing"
11759
#: serverguide/C/network-config.xml:164(para)
11761
"The following section describes the process of configuring your systems IP "
11762
"address and default gateway needed for communicating on a local area network "
11763
"and the Internet."
11766
#: serverguide/C/network-config.xml:171(title)
11767
msgid "Temporary IP Address Assignment"
11770
#: serverguide/C/network-config.xml:172(para)
11772
"For temporary network configurations, you can use standard commands such as "
11773
"<application>ip</application>, <application>ifconfig</application> and "
11774
"<application>route</application>, which are also found on most other "
11775
"GNU/Linux operating systems. These commands allow you to configure settings "
11776
"which take effect immediately, however they are not persistent and will be "
11777
"lost after a reboot."
11780
#: serverguide/C/network-config.xml:180(para)
11782
"To temporarily configure an IP address, you can use the "
11783
"<application>ifconfig</application> command in the following manner. Just "
11784
"modify the IP address and subnet mask to match your network requirements."
11787
#: serverguide/C/network-config.xml:186(userinput)
11789
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11792
#: serverguide/C/network-config.xml:188(para)
11794
"To verify the IP address configuration of <application>eth0</application>, "
11795
"you can use the <application>ifconfig</application> command in the following "
11799
#: serverguide/C/network-config.xml:193(userinput)
11801
msgid "ifconfig eth0"
11804
#: serverguide/C/network-config.xml:192(screen)
11808
"<placeholder-1/>\n"
11809
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11810
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11811
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11812
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11813
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11814
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11815
" collisions:0 txqueuelen:1000 \n"
11816
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11820
#: serverguide/C/network-config.xml:204(para)
11822
"To configure a default gateway, you can use the "
11823
"<application>route</application> command in the following manner. Modify the "
11824
"default gateway address to match your network requirements."
11827
#: serverguide/C/network-config.xml:210(userinput)
11829
msgid "sudo route add default gw 10.0.0.1 eth0"
11832
#: serverguide/C/network-config.xml:212(para)
11834
"To verify your default gateway configuration, you can use the "
11835
"<application>route</application> command in the following manner."
11838
#: serverguide/C/network-config.xml:217(userinput)
11843
#: serverguide/C/network-config.xml:216(screen)
11847
"<placeholder-1/>\n"
11848
"Kernel IP routing table\n"
11849
"Destination Gateway Genmask Flags Metric Ref Use "
11851
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11853
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11857
#: serverguide/C/network-config.xml:223(para)
11859
"If you require DNS for your temporary network configuration, you can add DNS "
11860
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11861
"example below shows how to enter two DNS servers to "
11862
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11863
"appropriate for your network. A more lengthy description of DNS client "
11864
"configuration is in a following section."
11867
#: serverguide/C/network-config.xml:230(programlisting)
11871
"nameserver 8.8.8.8\n"
11872
"nameserver 8.8.4.4\n"
11875
#: serverguide/C/network-config.xml:234(para)
11877
"If you no longer need this configuration and wish to purge all IP "
11878
"configuration from an interface, you can use the "
11879
"<application>ip</application> command with the flush option as shown below."
11882
#: serverguide/C/network-config.xml:240(userinput)
11884
msgid "ip addr flush eth0"
11887
#: serverguide/C/network-config.xml:243(para)
11889
"Flushing the IP configuration using the <application>ip</application> "
11890
"command does not clear the contents of "
11891
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11892
"entries manually."
11895
#: serverguide/C/network-config.xml:251(title)
11896
msgid "Dynamic IP Address Assignment (DHCP Client)"
11899
#: serverguide/C/network-config.xml:252(para)
11901
"To configure your server to use DHCP for dynamic address assignment, add the "
11902
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11903
"statement for the appropriate interface in the file "
11904
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11905
"are configuring your first Ethernet interface identified as <emphasis "
11906
"role=\"italic\">eth0</emphasis>."
11909
#: serverguide/C/network-config.xml:259(programlisting)
10462
11914
"iface eth0 inet dhcp\n"
10465
#: serverguide/C/network-config.xml:59(para)
10467
"The first line specifies that the eth0 device should come up automatically "
10468
"when you boot. The second line means that interface (<quote>iface</quote>) "
10469
"eth0 should have an IPv4 address space (replace <quote>inet</quote> with "
10470
"<quote>inet6</quote> for an IPv6 device) and that it should get its "
10471
"configuration automatically from DHCP. Assuming your network and DHCP server "
10472
"are properly configured, this machine's network should need no further "
10473
"configuration to operate properly. The DHCP server will provide the default "
10474
"gateway (implemented via the <application>route</application> command), the "
10475
"device's IP address (implemented via the <application>ifconfig</application> "
10476
"command), and DNS servers used on the network (implemented in the "
10477
"<filename>/etc/resolv.conf</filename> file.)"
10480
#: serverguide/C/network-config.xml:72(para)
10482
"To configure your Ethernet device with a static IP address and custom "
10483
"configuration, some more information will be required. Suppose you want to "
10484
"assign the IP address 192.168.0.2 to the device eth1, with the typical "
10485
"netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. "
10486
"You would enter something like this into "
10487
"<filename>/etc/network/interfaces</filename>:"
10490
#: serverguide/C/network-config.xml:79(programlisting)
10494
"iface eth1 inet static\n"
10495
"\taddress 192.168.0.2\n"
10496
"\tnetmask 255.255.255.0\n"
10497
"\tgateway 192.168.0.1\n"
10500
#: serverguide/C/network-config.xml:85(para)
10502
"In this case, you will need to specify your DNS servers manually in "
10503
"<filename>/etc/resolv.conf</filename>, which should look something like this:"
10506
#: serverguide/C/network-config.xml:89(programlisting)
10510
"search mydomain.example\n"
10511
"nameserver 192.168.0.1\n"
10512
"nameserver 4.2.2.2\n"
10515
#: serverguide/C/network-config.xml:94(para)
10517
"The <emphasis role=\"italics\">search</emphasis> directive will append "
10518
"mydomain.example to hostname queries in an attempt to resolve names to your "
10519
"network. For example, if your network's domain is mydomain.example and you "
10520
"try to ping the host <quote>mybox</quote>, the DNS query will be modified to "
10521
"<quote>mybox.mydomain.example</quote> for resolution. The <emphasis "
10522
"role=\"italics\">nameserver</emphasis> directives specify DNS servers to be "
10523
"used to resolve hostnames to IP addresses. If you use your own nameserver, "
10524
"enter it here. Otherwise, ask your Internet Service Provider for the primary "
10525
"and secondary DNS servers to use, and enter them into "
10526
"<filename>/etc/resolv.conf</filename> as shown above."
10529
#: serverguide/C/network-config.xml:106(para)
10531
"Many more configurations are possible, including dialup PPP interfaces, IPv6 "
10532
"networking, VPN devices, etc. Refer to <application>man 5 "
10533
"interfaces</application> for more information and supported options. "
10534
"Remember that <filename>/etc/network/interfaces</filename> is used by the "
10535
"<application>ifup</application>/<application>ifdown</application> scripts as "
10536
"a higher level configuration scheme than may be used in some other Linux "
10537
"distributions, and that the traditional, lower level utilities such as "
10538
"<application>ifconfig</application>, <application>route</application>, and "
10539
"<application>dhclient</application> are still available to you for ad hoc "
10543
#: serverguide/C/network-config.xml:120(title)
10544
msgid "Managing DNS Entries"
10547
#: serverguide/C/network-config.xml:121(para)
10549
"This section explains how to configure which nameserver to use when "
10550
"resolving IP addresses to hostnames and vice versa. It does not explain how "
10551
"to configure the system as a name server."
10554
#: serverguide/C/network-config.xml:126(para)
10556
"To manage DNS entries, you can add, edit, or remove DNS names from the "
10557
"<filename>/etc/resolv.conf</filename> file. A sample file is given below:"
10560
#: serverguide/C/network-config.xml:130(programlisting)
10565
"nameserver 204.11.126.131\n"
10566
"nameserver 64.125.134.133\n"
10567
"nameserver 64.125.134.132\n"
10568
"nameserver 208.185.179.218\n"
10571
#: serverguide/C/network-config.xml:138(para)
10573
"The <application>search</application> key specifies the string which will be "
10574
"appended to an incomplete hostname. Here, we have configured it to "
10575
"<application>com</application>. So, when we run: <command>ping "
10576
"ubuntu</command> it would be interpreted as <command>ping "
10577
"ubuntu.com</command>."
10580
#: serverguide/C/network-config.xml:146(para)
10582
"The <application>nameserver</application> key specifies the nameserver IP "
10583
"address. It will be used to resolve a given IP address or hostname. This "
10584
"file can have multiple nameserver entries. The nameservers will be used by "
10585
"the network query in the same order."
10588
#: serverguide/C/network-config.xml:155(para)
10590
"If the DNS server names are retrieved dynamically from DHCP or PPPoE "
10591
"(retrieved from your ISP), do not add nameserver entries in this file. It "
10592
"will be overwritten."
10595
#: serverguide/C/network-config.xml:164(title)
10596
msgid "Managing Hosts"
10599
#: serverguide/C/network-config.xml:165(para)
10601
"To manage hosts, you can add, edit, or remove hosts from "
10602
"<filename>/etc/hosts</filename> file. The file contains IP addresses and "
10603
"their corresponding hostnames. When your system tries to resolve a hostname "
10604
"to an IP address or determine the hostname for an IP address, it refers to "
10605
"the <filename>/etc/hosts</filename> file before using the name servers. If "
10606
"the IP address is listed in the <filename>/etc/hosts</filename> file, the "
10607
"name servers are not used. This behavior can be modified by editing "
10608
"<filename>/etc/nsswitch.conf</filename> at your peril."
10611
#: serverguide/C/network-config.xml:178(para)
10613
"If your network contains computers whose IP addresses are not listed in DNS, "
10614
"it is recommended that you add them to the <filename>/etc/hosts</filename> "
10618
#: serverguide/C/network-config.xml:186(title)
11917
#: serverguide/C/network-config.xml:263(para)
11919
"By adding an interface configuration as shown above, you can manually enable "
11920
"the interface through the <application>ifup</application> command which "
11921
"initiates the DHCP process via <application>dhclient</application>."
11924
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11926
msgid "sudo ifup eth0"
11929
#: serverguide/C/network-config.xml:271(para)
11931
"To manually disable the interface, you can use the "
11932
"<application>ifdown</application> command, which in turn will initiate the "
11933
"DHCP release process and shut down the interface."
11936
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11938
msgid "sudo ifdown eth0"
11941
#: serverguide/C/network-config.xml:282(title)
11942
msgid "Static IP Address Assignment"
11945
#: serverguide/C/network-config.xml:283(para)
11947
"To configure your system to use a static IP address assignment, add the "
11948
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11949
"family statement for the appropriate interface in the file "
11950
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11951
"are configuring your first Ethernet interface identified as <emphasis "
11952
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11953
"role=\"italic\">address</emphasis>, <emphasis "
11954
"role=\"italic\">netmask</emphasis>, and <emphasis "
11955
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11959
#: serverguide/C/network-config.xml:292(programlisting)
11964
"iface eth0 inet static\n"
11965
"address 10.0.0.100\n"
11966
"netmask 255.255.255.0\n"
11967
"gateway 10.0.0.1\n"
11970
#: serverguide/C/network-config.xml:299(para)
11972
"By adding an interface configuration as shown above, you can manually enable "
11973
"the interface through the <application>ifup</application> command."
11976
#: serverguide/C/network-config.xml:306(para)
11978
"To manually disable the interface, you can use the "
11979
"<application>ifdown</application> command."
11982
#: serverguide/C/network-config.xml:316(title)
11983
msgid "Loopback Interface"
11986
#: serverguide/C/network-config.xml:317(para)
11988
"The loopback interface is identified by the system as <emphasis "
11989
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11990
"can be viewed using the ifconfig command."
11993
#: serverguide/C/network-config.xml:322(userinput)
11995
msgid "ifconfig lo"
11998
#: serverguide/C/network-config.xml:321(screen)
12002
"<placeholder-1/>\n"
12003
"lo Link encap:Local Loopback \n"
12004
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
12005
" inet6 addr: ::1/128 Scope:Host\n"
12006
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
12007
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
12008
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
12009
" collisions:0 txqueuelen:0 \n"
12010
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12013
#: serverguide/C/network-config.xml:332(para)
12015
"By default, there should be two lines in "
12016
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12017
"configuring your loopback interface. It is recommended that you keep the "
12018
"default settings unless you have a specific purpose for changing them. An "
12019
"example of the two default lines are shown below."
12022
#: serverguide/C/network-config.xml:338(programlisting)
12027
"iface lo inet loopback\n"
12030
#: serverguide/C/network-config.xml:347(title)
12031
msgid "Name Resolution"
12034
#: serverguide/C/network-config.xml:348(para)
12036
"Name resolution as it relates to IP networking is the process of mapping IP "
12037
"addresses to hostnames, making it easier to identify resources on a network. "
12038
"The following section will explain how to properly configure your system for "
12039
"name resolution using DNS and static hostname records."
12042
#: serverguide/C/network-config.xml:356(title)
12043
msgid "DNS Client Configuration"
12046
#: serverguide/C/network-config.xml:357(para)
12048
"To configure your system to use DNS for name resolution, add the IP "
12049
"addresses of the DNS servers that are appropriate for your network in the "
12050
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12051
"suffix search-lists to match your network domain names."
12054
#: serverguide/C/network-config.xml:362(para)
12056
"Below is an example of a typical configuration of "
12057
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12058
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12061
#: serverguide/C/network-config.xml:367(programlisting)
12065
"search example.com\n"
12066
"nameserver 8.8.8.8\n"
12067
"nameserver 8.8.4.4\n"
12070
#: serverguide/C/network-config.xml:372(para)
12072
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12073
"multiple domain names so that DNS queries will be appended in the order in "
12074
"which they are entered. For example, your network may have multiple sub-"
12075
"domains to search; a parent domain of <emphasis "
12076
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12077
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12078
"role=\"italic\">dev.example.com</emphasis>."
12081
#: serverguide/C/network-config.xml:380(para)
12083
"If you have multiple domains you wish to search, your configuration might "
12084
"look like the following."
12087
#: serverguide/C/network-config.xml:383(programlisting)
12091
"search example.com sales.example.com dev.example.com\n"
12092
"nameserver 8.8.8.8\n"
12093
"nameserver 8.8.4.4\n"
12096
#: serverguide/C/network-config.xml:388(para)
12098
"If you try to ping a host with the name of <emphasis "
12099
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12100
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12103
#: serverguide/C/network-config.xml:394(para)
12104
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12107
#: serverguide/C/network-config.xml:399(para)
12108
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12111
#: serverguide/C/network-config.xml:404(para)
12112
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12115
#: serverguide/C/network-config.xml:409(para)
12117
"If no matches are found, the DNS server will provide a result of <emphasis "
12118
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12121
#: serverguide/C/network-config.xml:416(title)
12122
msgid "Static Hostnames"
12125
#: serverguide/C/network-config.xml:417(para)
12127
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12128
"file <filename>/etc/hosts</filename>. Entries in the "
12129
"<filename>hosts</filename> file will have precedence over DNS by default. "
12130
"This means that if your system tries to resolve a hostname and it matches an "
12131
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12132
"some configurations, especially when Internet access is not required, "
12133
"servers that communicate with a limited number of resources can be "
12134
"conveniently set to use static hostnames instead of DNS."
12137
#: serverguide/C/network-config.xml:424(para)
12139
"The following is an example of a <filename>hosts</filename> file where a "
12140
"number of local servers have been identified by simple hostnames, aliases "
12141
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12144
#: serverguide/C/network-config.xml:428(programlisting)
12148
"127.0.0.1\tlocalhost\n"
12149
"127.0.1.1\tubuntu-server\n"
12150
"10.0.0.11\tserver1 vpn server1.example.com\n"
12151
"10.0.0.12\tserver2 mail server2.example.com\n"
12152
"10.0.0.13\tserver3 www server3.example.com\n"
12153
"10.0.0.14\tserver4 file server4.example.com\n"
12156
#: serverguide/C/network-config.xml:437(para)
12158
"In the above example, notice that each of the servers have been given "
12159
"aliases in addition to their proper names and FQDN's. <emphasis "
12160
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12161
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12162
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12163
"role=\"italic\">server3</emphasis> as <emphasis "
12164
"role=\"italic\">www</emphasis>, and <emphasis "
12165
"role=\"italic\">server4</emphasis> as <emphasis "
12166
"role=\"italic\">file</emphasis>."
12169
#: serverguide/C/network-config.xml:449(title)
12170
msgid "Name Service Switch Configuration"
12173
#: serverguide/C/network-config.xml:450(para)
12175
"The order in which your system selects a method of resolving hostnames to IP "
12176
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12177
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12178
"section, typically static hostnames defined in the systems "
12179
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12180
"from DNS. The following is an example of the line responsible for this order "
12181
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12184
#: serverguide/C/network-config.xml:458(programlisting)
12188
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12191
#: serverguide/C/network-config.xml:464(para)
12193
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12194
"hostnames located in <filename>/etc/hosts</filename>."
12197
#: serverguide/C/network-config.xml:470(para)
12199
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12200
"name using Multicast DNS."
12203
#: serverguide/C/network-config.xml:475(para)
12205
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12206
"of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
12207
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12208
"authoritative and that the system should not try to continue hunting for an "
12212
#: serverguide/C/network-config.xml:483(para)
12214
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12217
#: serverguide/C/network-config.xml:488(para)
12219
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12222
#: serverguide/C/network-config.xml:494(para)
12224
"To modify the order of the above mentioned name resolution methods, you can "
12225
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12226
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12227
"versus Multicast DNS, you can change the string in "
12228
"<filename>/etc/nsswitch.conf</filename> as shown below."
12231
#: serverguide/C/network-config.xml:501(programlisting)
12235
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12238
#: serverguide/C/network-config.xml:508(title)
10619
12239
msgid "Bridging"
10622
#: serverguide/C/network-config.xml:188(para)
12242
#: serverguide/C/network-config.xml:510(para)
10624
12244
"Bridging multiple interfaces is a more advanced configuration, but is very "
10625
12245
"useful in multiple scenarios. One scenario is setting up a bridge with "
11420
13063
#: serverguide/C/network-auth.xml:63(para)
11422
"The installation process will prompt you for the LDAP directory admin "
11423
"password and confirmation."
13065
"By default <application>slapd</application> is configured with minimal "
13066
"options needed to run the <application>slapd</application> daemon."
11426
13069
#: serverguide/C/network-auth.xml:68(para)
11428
"By default the directory suffix will match the domain name of the server. "
11429
"For example, if the machine's Fully Qualified Domain Name (FQDN) is "
11430
"ldap.example.com, the default suffix will be "
11431
"<emphasis>dc=example,dc=com</emphasis>. If you require a different suffix, "
11432
"the directory can be reconfigured using <application>dpkg-"
11433
"reconfigure</application>. Enter the following in a terminal prompt:"
11436
#: serverguide/C/network-auth.xml:78(command)
11437
msgid "sudo dpkg-reconfigure slapd"
11440
#: serverguide/C/network-auth.xml:81(para)
11442
"You will then be taken through a menu based configuration dialog, allowing "
11443
"you to configure various <application>slapd</application> options."
11446
#: serverguide/C/network-auth.xml:90(para)
11448
"<application>OpenLDAP</application> uses a separate database which contains "
13071
"The configuration example in the following sections will match the domain "
13072
"name of the server. For example, if the machine's Fully Qualified Domain "
13073
"Name (FQDN) is ldap.example.com, the default suffix will be "
13074
"<emphasis>dc=example,dc=com</emphasis>."
13077
#: serverguide/C/network-auth.xml:76(title)
13078
msgid "Populating LDAP"
13081
#: serverguide/C/network-auth.xml:78(para)
13083
"<application>OpenLDAP</application> uses a separate directory which contains "
11449
13084
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
11450
13085
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
11451
13086
"<application>slapd</application> daemon, allowing the modification of schema "
11452
13087
"definitions, indexes, ACLs, etc without stopping the service."
11455
#: serverguide/C/network-auth.xml:98(para)
11457
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
11458
"utilities in the <application>ldap-utils</application> package. For example:"
11461
#: serverguide/C/network-auth.xml:106(para)
11463
"Use <application>ldapsearch</application> to view the tree, entering the "
11464
"admin password set during installation or reconfiguration:"
11467
#: serverguide/C/network-auth.xml:112(command)
11469
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
11472
#: serverguide/C/network-auth.xml:116(computeroutput)
11475
"Enter LDAP Password: \n"
11476
"dn: olcDatabase={1}hdb,cn=config\n"
11477
"objectClass: olcDatabaseConfig\n"
11478
"objectClass: olcHdbConfig\n"
11479
"olcDatabase: {1}hdb\n"
11480
"olcDbDirectory: /var/lib/ldap\n"
11481
"olcSuffix: dc=example,dc=com\n"
11482
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
11483
"dn=\"cn=admin,dc=exampl\n"
11484
" e,dc=com\" write by anonymous auth by self write by * none\n"
11485
"olcAccess: {1}to dn.base=\"\" by * read\n"
11486
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
11487
"olcLastMod: TRUE\n"
11488
"olcDbCheckpoint: 512 30\n"
11489
"olcDbConfig: {0}set_cachesize 0 2097152 0\n"
11490
"olcDbConfig: {1}set_lk_max_objects 1500\n"
11491
"olcDbConfig: {2}set_lk_max_locks 1500\n"
11492
"olcDbConfig: {3}set_lk_max_lockers 1500\n"
11493
"olcDbIndex: objectClass eq\n"
11496
#: serverguide/C/network-auth.xml:137(para)
11498
"The output above is the current configuration options for the "
11499
"<emphasis>hdb</emphasis> backend database. Which in this case containes the "
11500
"<emphasis>dc=example,dc=com</emphasis> suffix."
11503
#: serverguide/C/network-auth.xml:146(para)
11505
"Refine the search by supplying a <emphasis "
11506
"role=\"italic\">filter</emphasis>, in this case only show which attributes "
11510
#: serverguide/C/network-auth.xml:152(command)
11512
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
11516
#: serverguide/C/network-auth.xml:156(computeroutput)
11519
"Enter LDAP Password: \n"
11520
"dn: olcDatabase={1}hdb,cn=config\n"
11521
"olcDbIndex: objectClass eq\n"
11524
#: serverguide/C/network-auth.xml:165(para)
11526
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
11527
"another attribute to the index list using "
11528
"<application>ldapmodify</application>:"
11531
#: serverguide/C/network-auth.xml:171(command) serverguide/C/network-auth.xml:722(command) serverguide/C/network-auth.xml:838(command) serverguide/C/network-auth.xml:861(command) serverguide/C/network-auth.xml:2417(command) serverguide/C/network-auth.xml:2434(command)
11532
msgid "ldapmodify -x -D cn=admin,cn=config -W"
11535
#: serverguide/C/network-auth.xml:175(userinput)
11539
"dn: olcDatabase={1}hdb,cn=config\n"
11540
"add: olcDbIndex\n"
11541
"olcDbIndex: entryUUID eq"
11544
#: serverguide/C/network-auth.xml:175(computeroutput)
11547
"Enter LDAP Password:<placeholder-1/>\n"
11549
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11552
#: serverguide/C/network-auth.xml:184(para)
11554
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
11555
"exit the utility."
11558
#: serverguide/C/network-auth.xml:191(para)
11560
"<application>ldapmodify</application> can also read the changes from a file. "
11561
"Copy and paste the following into a file named "
11562
"<filename>uid_index.ldif</filename>:"
11565
#: serverguide/C/network-auth.xml:196(programlisting)
11569
"dn: olcDatabase={1}hdb,cn=config\n"
11570
"add: olcDbIndex\n"
11571
"olcDbIndex: uid eq,pres,sub\n"
11574
#: serverguide/C/network-auth.xml:202(para)
11575
msgid "Then execute <application>ldapmodify</application>:"
11578
#: serverguide/C/network-auth.xml:207(command)
11579
msgid "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
11582
#: serverguide/C/network-auth.xml:211(computeroutput)
11585
"Enter LDAP Password: \n"
11586
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11589
#: serverguide/C/network-auth.xml:216(para)
11590
msgid "The file method is very useful for large changes."
11593
#: serverguide/C/network-auth.xml:223(para)
11595
"Adding additional <emphasis>schemas</emphasis> to "
11596
"<application>slapd</application> requires the schema to be converted to LDIF "
11597
"format. Fortunately, the <application>slapd</application> program can be "
11598
"used to automate the conversion. The following example will add the "
11599
"<emphasis>misc.schema</emphasis>:"
11602
#: serverguide/C/network-auth.xml:231(para)
11604
"First, create a conversion <filename>schema_convert.conf</filename> file "
11605
"containing the following lines:"
11608
#: serverguide/C/network-auth.xml:236(programlisting)
11612
"include /etc/ldap/schema/core.schema\n"
11613
"include /etc/ldap/schema/collective.schema\n"
11614
"include /etc/ldap/schema/corba.schema\n"
11615
"include /etc/ldap/schema/cosine.schema\n"
11616
"include /etc/ldap/schema/duaconf.schema\n"
11617
"include /etc/ldap/schema/dyngroup.schema\n"
11618
"include /etc/ldap/schema/inetorgperson.schema\n"
11619
"include /etc/ldap/schema/java.schema\n"
11620
"include /etc/ldap/schema/misc.schema\n"
11621
"include /etc/ldap/schema/nis.schema\n"
11622
"include /etc/ldap/schema/openldap.schema\n"
11623
"include /etc/ldap/schema/ppolicy.schema\n"
11626
#: serverguide/C/network-auth.xml:254(para) serverguide/C/network-auth.xml:1318(para)
11627
msgid "Next, create a temporary directory to hold the output:"
11630
#: serverguide/C/network-auth.xml:259(command) serverguide/C/network-auth.xml:1323(command) serverguide/C/network-auth.xml:2347(command)
11631
msgid "mkdir /tmp/ldif_output"
11634
#: serverguide/C/network-auth.xml:265(para)
11636
"Now using <application>slapcat</application> convert the schema files to "
11640
#: serverguide/C/network-auth.xml:270(command)
11642
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
11643
"\"cn={8}misc,cn=schema,cn=config\" > /tmp/cn=misc.ldif"
11646
#: serverguide/C/network-auth.xml:273(para)
11648
"Adjust the configuration file name and temporary directory names if yours "
11649
"are different. Also, it may be worthwhile to keep the "
11650
"<filename>ldif_output</filename> directory around in case you want to add "
11651
"additional schemas in the future."
11654
#: serverguide/C/network-auth.xml:282(para)
11656
"Edit the <filename>/tmp/cn\\=misc.ldif</filename> file, changing the "
11657
"following attributes:"
11660
#: serverguide/C/network-auth.xml:286(programlisting)
11664
"dn: cn=misc,cn=schema,cn=config\n"
11669
#: serverguide/C/network-auth.xml:292(para) serverguide/C/network-auth.xml:1354(para)
11670
msgid "And remove the following lines from the bottom of the file:"
11673
#: serverguide/C/network-auth.xml:296(programlisting)
11677
"structuralObjectClass: olcSchemaConfig\n"
11678
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
11679
"creatorsName: cn=config\n"
11680
"createTimestamp: 20080826021140Z\n"
11681
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
11682
"modifiersName: cn=config\n"
11683
"modifyTimestamp: 20080826021140Z\n"
11686
#: serverguide/C/network-auth.xml:307(para) serverguide/C/network-auth.xml:1369(para) serverguide/C/network-auth.xml:2393(para)
11688
"The attribute values will vary, just be sure the attributes are removed."
11691
#: serverguide/C/network-auth.xml:315(para) serverguide/C/network-auth.xml:1377(para)
11693
"Finally, using the <application>ldapadd</application> utility, add the new "
11694
"schema to the directory:"
11697
#: serverguide/C/network-auth.xml:321(command)
11698
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=misc.ldif"
11701
#: serverguide/C/network-auth.xml:327(para)
11703
"There should now be a <emphasis>dn: "
11704
"cn={4}misc,cn=schema,cn=config</emphasis> entry in the cn=config tree."
11707
#: serverguide/C/network-auth.xml:336(title)
11708
msgid "Populating LDAP"
11711
#: serverguide/C/network-auth.xml:338(para)
11713
"The directory has been created during installation and reconfiguration, and "
11714
"now it is time to populate it. It will be populated with a \"classical\" "
11715
"scheme that will be compatible with address book applications and with Unix "
11716
"Posix accounts. Posix accounts will allow authentication to various "
11717
"applications, such as web applications, email Mail Transfer Agent (MTA) "
11718
"applications, etc."
11721
#: serverguide/C/network-auth.xml:347(para)
13090
#: serverguide/C/network-auth.xml:86(para)
13092
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13093
"configuration and will need additional configuration options in order to "
13094
"populate the frontend directory. The frontend will be populated with a "
13095
"\"classical\" scheme that will be compatible with address book applications "
13096
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13097
"various applications, such as web applications, email Mail Transfer Agent "
13098
"(MTA) applications, etc."
13101
#: serverguide/C/network-auth.xml:95(para)
11723
13103
"For external applications to authenticate using LDAP they will each need to "
11724
13104
"be specifically configured to do so. Refer to the individual application "
11725
13105
"documentation for details."
11728
#: serverguide/C/network-auth.xml:354(para)
11730
"LDAP directories can be populated with LDIF (LDAP Directory Interchange "
11731
"Format) files. Copy the following example LDIF file, naming it "
11732
"<filename>example.com.ldif</filename>, somewhere on your system:"
11735
#: serverguide/C/network-auth.xml:360(programlisting)
13108
#: serverguide/C/network-auth.xml:103(para)
13110
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13111
"examples to match your LDAP configuration."
13114
#: serverguide/C/network-auth.xml:108(para)
13116
"First, some additional schema files need to be loaded. In a terminal enter:"
13119
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13120
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13123
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13124
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13127
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13129
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13132
#: serverguide/C/network-auth.xml:118(para)
13134
"Next, copy the following example LDIF file, naming it "
13135
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13138
#: serverguide/C/network-auth.xml:123(programlisting)
13142
"# Load dynamic backend modules\n"
13143
"dn: cn=module,cn=config\n"
13144
"objectClass: olcModuleList\n"
13146
"olcModulepath: /usr/lib/ldap\n"
13147
"olcModuleload: back_hdb\n"
13149
"# Database settings\n"
13150
"dn: olcDatabase=hdb,cn=config\n"
13151
"objectClass: olcDatabaseConfig\n"
13152
"objectClass: olcHdbConfig\n"
13153
"olcDatabase: {1}hdb\n"
13154
"olcSuffix: dc=example,dc=com\n"
13155
"olcDbDirectory: /var/lib/ldap\n"
13156
"olcRootDN: cn=admin,dc=example,dc=com\n"
13157
"olcRootPW: secret\n"
13158
"olcDbConfig: set_cachesize 0 2097152 0\n"
13159
"olcDbConfig: set_lk_max_objects 1500\n"
13160
"olcDbConfig: set_lk_max_locks 1500\n"
13161
"olcDbConfig: set_lk_max_lockers 1500\n"
13162
"olcDbIndex: objectClass eq\n"
13163
"olcLastMod: TRUE\n"
13164
"olcDbCheckpoint: 512 30\n"
13165
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13166
"by anonymous auth by self write by * none\n"
13167
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13168
"olcAccess: to dn.base=\"\" by * read\n"
13169
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13173
#: serverguide/C/network-auth.xml:155(para)
13175
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13178
#: serverguide/C/network-auth.xml:160(para)
13179
msgid "Now add the LDIF to the directory:"
13182
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13183
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13186
#: serverguide/C/network-auth.xml:168(para)
13188
"The frontend directory is now ready to be populated. Create a "
13189
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13192
#: serverguide/C/network-auth.xml:173(programlisting)
13196
"# Create top-level object in domain\n"
13197
"dn: dc=example,dc=com\n"
13198
"objectClass: top\n"
13199
"objectClass: dcObject\n"
13200
"objectclass: organization\n"
13201
"o: Example Organization\n"
13203
"description: LDAP Example \n"
13206
"dn: cn=admin,dc=example,dc=com\n"
13207
"objectClass: simpleSecurityObject\n"
13208
"objectClass: organizationalRole\n"
13210
"description: LDAP administrator\n"
13211
"userPassword: secret\n"
11739
13213
"dn: ou=people,dc=example,dc=com\n"
11740
13214
"objectClass: organizationalUnit\n"
11820
13293
"givenName: John\n"
11823
#: serverguide/C/network-auth.xml:438(para)
13296
#: serverguide/C/network-auth.xml:267(para)
11824
13297
msgid "Just a quick explanation:"
11827
#: serverguide/C/network-auth.xml:444(para)
13300
#: serverguide/C/network-auth.xml:273(para)
11829
13302
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
11830
13303
"the default."
13306
#: serverguide/C/network-auth.xml:279(para)
13307
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13310
#: serverguide/C/network-auth.xml:287(title)
13311
msgid "Further Configuration"
13314
#: serverguide/C/network-auth.xml:290(para)
13316
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13317
"utilities in the <application>ldap-utils</application> package. For example:"
13320
#: serverguide/C/network-auth.xml:298(para)
13322
"Use <application>ldapsearch</application> to view the tree, entering the "
13323
"admin password set during installation or reconfiguration:"
13326
#: serverguide/C/network-auth.xml:304(command)
13327
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13330
#: serverguide/C/network-auth.xml:308(computeroutput)
13334
"SASL/EXTERNAL authentication started\n"
13335
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13339
"dn: cn=module{0},cn=config\n"
13341
"dn: cn=schema,cn=config\n"
13343
"dn: cn={0}core,cn=schema,cn=config\n"
13345
"dn: cn={1}cosine,cn=schema,cn=config\n"
13347
"dn: cn={2}nis,cn=schema,cn=config\n"
13349
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13351
"dn: olcDatabase={-1}frontend,cn=config\n"
13353
"dn: olcDatabase={0}config,cn=config\n"
13355
"dn: olcDatabase={1}hdb,cn=config\n"
13358
#: serverguide/C/network-auth.xml:334(para)
13360
"The output above is the current configuration options for the "
13361
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13364
#: serverguide/C/network-auth.xml:342(para)
13366
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13367
"another attribute to the index list using "
13368
"<application>ldapmodify</application>:"
13371
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:984(command) serverguide/C/network-auth.xml:1155(command) serverguide/C/network-auth.xml:1191(command)
13372
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13375
#: serverguide/C/network-auth.xml:356(userinput)
13378
"dn: olcDatabase={1}hdb,cn=config\n"
13379
"add: olcDbIndex\n"
13380
"olcDbIndex: uidNumber eq"
13383
#: serverguide/C/network-auth.xml:352(computeroutput)
13387
"SASL/EXTERNAL authentication started\n"
13388
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13390
"<placeholder-1/>\n"
13392
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13395
#: serverguide/C/network-auth.xml:364(para)
13397
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13398
"exit the utility."
13401
#: serverguide/C/network-auth.xml:371(para)
13403
"<application>ldapmodify</application> can also read the changes from a file. "
13404
"Copy and paste the following into a file named "
13405
"<filename>uid_index.ldif</filename>:"
13408
#: serverguide/C/network-auth.xml:376(programlisting)
13412
"dn: olcDatabase={1}hdb,cn=config\n"
13413
"add: olcDbIndex\n"
13414
"olcDbIndex: uid eq,pres,sub\n"
13417
#: serverguide/C/network-auth.xml:382(para)
13418
msgid "Then execute <application>ldapmodify</application>:"
13421
#: serverguide/C/network-auth.xml:387(command)
13422
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13425
#: serverguide/C/network-auth.xml:391(computeroutput)
13429
"SASL/EXTERNAL authentication started\n"
13430
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13432
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13435
#: serverguide/C/network-auth.xml:399(para)
13436
msgid "The file method is very useful for large changes."
13439
#: serverguide/C/network-auth.xml:406(para)
13441
"Adding additional <emphasis>schemas</emphasis> to "
13442
"<application>slapd</application> requires the schema to be converted to LDIF "
13443
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13444
"directory contains some schema files already converted to LDIF format as "
13445
"demonstrated in the previous section. Fortunately, the "
13446
"<application>slapd</application> program can be used to automate the "
13447
"conversion. The following example will add the "
13448
"<emphasis>dyngoup.schema</emphasis>:"
13451
#: serverguide/C/network-auth.xml:416(para)
13453
"First, create a conversion <filename>schema_convert.conf</filename> file "
13454
"containing the following lines:"
13457
#: serverguide/C/network-auth.xml:421(programlisting)
13461
"include /etc/ldap/schema/core.schema\n"
13462
"include /etc/ldap/schema/collective.schema\n"
13463
"include /etc/ldap/schema/corba.schema\n"
13464
"include /etc/ldap/schema/cosine.schema\n"
13465
"include /etc/ldap/schema/duaconf.schema\n"
13466
"include /etc/ldap/schema/dyngroup.schema\n"
13467
"include /etc/ldap/schema/inetorgperson.schema\n"
13468
"include /etc/ldap/schema/java.schema\n"
13469
"include /etc/ldap/schema/misc.schema\n"
13470
"include /etc/ldap/schema/nis.schema\n"
13471
"include /etc/ldap/schema/openldap.schema\n"
13472
"include /etc/ldap/schema/ppolicy.schema\n"
13475
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1655(para)
13476
msgid "Next, create a temporary directory to hold the output:"
13479
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1660(command) serverguide/C/network-auth.xml:2695(command)
13480
msgid "mkdir /tmp/ldif_output"
11833
13483
#: serverguide/C/network-auth.xml:450(para)
11834
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
11837
#: serverguide/C/network-auth.xml:459(title)
11838
msgid "LDAP replication"
11841
#: serverguide/C/network-auth.xml:461(para)
13485
"Now using <application>slapcat</application> convert the schema files to "
13489
#: serverguide/C/network-auth.xml:455(command)
13491
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13492
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13495
#: serverguide/C/network-auth.xml:458(para)
13497
"Adjust the configuration file name and temporary directory names if yours "
13498
"are different. Also, it may be worthwhile to keep the "
13499
"<filename>ldif_output</filename> directory around in case you want to add "
13500
"additional schemas in the future."
13503
#: serverguide/C/network-auth.xml:467(para)
13505
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13506
"following attributes:"
13509
#: serverguide/C/network-auth.xml:471(programlisting)
13513
"dn: cn=dyngroup,cn=schema,cn=config\n"
13518
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1691(para)
13519
msgid "And remove the following lines from the bottom of the file:"
13522
#: serverguide/C/network-auth.xml:481(programlisting)
13526
"structuralObjectClass: olcSchemaConfig\n"
13527
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13528
"creatorsName: cn=config\n"
13529
"createTimestamp: 20080826021140Z\n"
13530
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13531
"modifiersName: cn=config\n"
13532
"modifyTimestamp: 20080826021140Z\n"
13535
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1706(para) serverguide/C/network-auth.xml:2741(para)
13537
"The attribute values will vary, just be sure the attributes are removed."
13540
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1714(para)
13542
"Finally, using the <application>ldapadd</application> utility, add the new "
13543
"schema to the directory:"
13546
#: serverguide/C/network-auth.xml:506(command)
13547
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13550
#: serverguide/C/network-auth.xml:512(para)
13552
"There should now be a <emphasis>dn: "
13553
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13556
#: serverguide/C/network-auth.xml:522(title)
13557
msgid "LDAP Replication"
13560
#: serverguide/C/network-auth.xml:524(para)
11843
13562
"LDAP often quickly becomes a highly critical service to the network. "
11844
13563
"Multiple systems will come to depend on LDAP for authentication, "
11846
13565
"system through replication."
11849
#: serverguide/C/network-auth.xml:467(para)
13568
#: serverguide/C/network-auth.xml:530(para)
11851
13570
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
11852
"Syncrepl allows the directory to be synced using either a "
11853
"<emphasis>push</emphasis> or <emphasis>pull</emphasis> based system. In a "
11854
"push based configuration a <quote>primary</quote> server will push directory "
11855
"updates to <quote>secondary</quote> servers, while a pull based approach "
11856
"allows replication servers to sync on a time based interval."
11859
#: serverguide/C/network-auth.xml:475(para)
11861
"The following is an example of a <emphasis>Multi-Master</emphasis> "
11862
"configuration. In this configuration each OpenLDAP server is configured for "
11863
"both <emphasis>push</emphasis> and <emphasis>pull</emphasis> replication."
11866
#: serverguide/C/network-auth.xml:483(para)
11868
"First, configure the server to sync the <emphasis>cn=config</emphasis> "
11869
"database. Copy the following to a file named <filename>syncrepl_cn-"
11870
"config.ldif</filename>:"
11873
#: serverguide/C/network-auth.xml:488(programlisting)
13571
"Syncrepl allows the changes to be synced using a "
13572
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13573
"provider sends directory changes to consumers."
13576
#: serverguide/C/network-auth.xml:537(title)
13577
msgid "Provider Configuration"
13580
#: serverguide/C/network-auth.xml:539(para)
13582
"The following is an example of a <emphasis>Single-Master</emphasis> "
13583
"configuration. In this configuration one OpenLDAP server is configured as a "
13584
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13587
#: serverguide/C/network-auth.xml:547(para)
13589
"First, configure the provider server. Copy the following to a file named "
13590
"<filename>provider_sync.ldif</filename>:"
13593
#: serverguide/C/network-auth.xml:552(programlisting)
13597
"# Add indexes to the frontend db.\n"
13598
"dn: olcDatabase={1}hdb,cn=config\n"
13599
"changetype: modify\n"
13600
"add: olcDbIndex\n"
13601
"olcDbIndex: entryCSN eq\n"
13603
"add: olcDbIndex\n"
13604
"olcDbIndex: entryUUID eq\n"
13606
"#Load the syncprov and accesslog modules.\n"
11877
13607
"dn: cn=module{0},cn=config\n"
11878
13608
"changetype: modify\n"
11879
13609
"add: olcModuleLoad\n"
11880
13610
"olcModuleLoad: syncprov\n"
11883
"changetype: modify\n"
11884
"replace: olcServerID\n"
11885
"olcServerID: 1 ldap://ldap01.example.com\n"
11886
"olcServerID: 2 ldap://ldap02.example.com\n"
11888
"dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config\n"
13612
"add: olcModuleLoad\n"
13613
"olcModuleLoad: accesslog\n"
13615
"# Accesslog database definitions\n"
13616
"dn: olcDatabase={2}hdb,cn=config\n"
13617
"objectClass: olcDatabaseConfig\n"
13618
"objectClass: olcHdbConfig\n"
13619
"olcDatabase: {2}hdb\n"
13620
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13621
"olcSuffix: cn=accesslog\n"
13622
"olcRootDN: cn=admin,dc=example,dc=com\n"
13623
"olcDbIndex: default eq\n"
13624
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13626
"# Accesslog db syncprov.\n"
13627
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
11889
13628
"changetype: add\n"
11890
13629
"objectClass: olcOverlayConfig\n"
11891
13630
"objectClass: olcSyncProvConfig\n"
11892
13631
"olcOverlay: syncprov\n"
11894
"dn: olcDatabase={0}config,cn=config\n"
11895
"changetype: modify\n"
11896
"add: olcSyncRepl\n"
11897
"olcSyncRepl: rid=001 provider=ldap://ldap01.example.com "
11898
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11899
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11900
" retry=\"5 5 300 5\" timeout=1\n"
11901
"olcSyncRepl: rid=002 provider=ldap://ldap02.example.com "
11902
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11903
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11904
" retry=\"5 5 300 5\" timeout=1\n"
11906
"add: olcMirrorMode\n"
11907
"olcMirrorMode: TRUE\n"
11910
#: serverguide/C/network-auth.xml:523(para)
11911
msgid "Edit the file changing:"
11914
#: serverguide/C/network-auth.xml:529(para)
11916
"<emphasis>ldap://ldap01.example.com</emphasis> and "
11917
"<emphasis>ldap://ldap02.example.com</emphasis> to the hostnames of your LDAP "
11921
#: serverguide/C/network-auth.xml:534(para)
11923
"You can have more than two LDAP servers, and when a change is made to one of "
11924
"them it will by synced to the rest. Be sure to increment the "
11925
"<emphasis>olcServerID</emphasis> for each server, and the "
11926
"<emphasis>rid</emphasis> for each <emphasis>olcSyncRepl</emphasis> entry."
11929
#: serverguide/C/network-auth.xml:542(para)
11931
"And adjust <emphasis>credentials=secret</emphasis> to match your admin "
11935
#: serverguide/C/network-auth.xml:552(para)
11937
"Next, add the LDIF file using the <application>ldapmodify</application> "
11941
#: serverguide/C/network-auth.xml:557(command)
11942
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
11945
#: serverguide/C/network-auth.xml:563(para)
11947
"Copy the <filename>syncrepl_cn-config.ldif</filename> file to the next LDAP "
11948
"server and repeat the <application>ldapmodify</application> command above."
11951
#: serverguide/C/network-auth.xml:571(para)
11953
"Because a new module has been added, the <application>slapd</application> "
11954
"daemon, on all replicated servers, needs to be restarted:"
11957
#: serverguide/C/network-auth.xml:577(command) serverguide/C/network-auth.xml:779(command) serverguide/C/network-auth.xml:895(command)
11958
msgid "sudo /etc/init.d/slapd restart"
11961
#: serverguide/C/network-auth.xml:583(para)
11963
"Now that the configuration database is synced between servers, the "
11964
"<emphasis>backend</emphasis> database needs to be synced as well. Copy and "
11965
"paste the following into another LDIF file named "
11966
"<filename>syncrepl_backend.ldif</filename>:"
11969
#: serverguide/C/network-auth.xml:589(programlisting)
11973
"dn: olcDatabase={1}hdb,cn=config\n"
11974
"changetype: modify\n"
11976
"olcRootDN: cn=admin,dc=example,dc=com\n"
11978
"add: olcSyncRepl\n"
11979
"olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
11980
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11981
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11982
"type=refreshOnly \n"
11983
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11984
"olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
11985
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11986
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11987
"type=refreshOnly \n"
11988
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11990
"add: olcMirrorMode\n"
11991
"olcMirrorMode: TRUE\n"
13632
"olcSpNoPresent: TRUE\n"
13633
"olcSpReloadHint: TRUE\n"
13635
"# syncrepl Provider for primary db\n"
11993
13636
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
11994
13637
"changetype: add\n"
11995
13638
"objectClass: olcOverlayConfig\n"
11996
13639
"objectClass: olcSyncProvConfig\n"
11997
13640
"olcOverlay: syncprov\n"
12000
#: serverguide/C/network-auth.xml:616(para)
12001
msgid "Like the previous LDIF file, edit this one changing:"
12004
#: serverguide/C/network-auth.xml:622(para)
12006
"<emphasis>searchbase=\"dc=example,dc=com\"</emphasis> to your directory's "
12010
#: serverguide/C/network-auth.xml:627(para)
12012
"If you use a different admin user, change "
12013
"<emphasis>binddn=\"cn=admin,dc=example,dc=com\"</emphasis>."
12016
#: serverguide/C/network-auth.xml:632(para)
12018
"Also, replace <emphasis>credentials=secret</emphasis> with your admin "
12022
#: serverguide/C/network-auth.xml:641(para)
12023
msgid "Add the LDIF file:"
12026
#: serverguide/C/network-auth.xml:646(command)
12027
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
12030
#: serverguide/C/network-auth.xml:649(para)
12032
"Because the servers' configuration is already synced there is no need to "
12033
"copy this LDIF file to the other servers."
13641
"olcSpNoPresent: TRUE\n"
13643
"# accesslog overlay definitions for primary db\n"
13644
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13645
"objectClass: olcOverlayConfig\n"
13646
"objectClass: olcAccessLogConfig\n"
13647
"olcOverlay: accesslog\n"
13648
"olcAccessLogDB: cn=accesslog\n"
13649
"olcAccessLogOps: writes\n"
13650
"olcAccessLogSuccess: TRUE\n"
13651
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13652
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13655
#: serverguide/C/network-auth.xml:614(para)
13657
"The <application>AppArmor</application> profile for "
13658
"<application>slapd</application> will need to be adjusted for the accesslog "
13659
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13663
#: serverguide/C/network-auth.xml:619(programlisting)
13667
" /var/lib/ldap/accesslog/ r,\n"
13668
" /var/lib/ldap/accesslog/** rwk,\n"
13671
#: serverguide/C/network-auth.xml:624(para)
13673
"Then create the directory, reload the <application>apparmor</application> "
13674
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13677
#: serverguide/C/network-auth.xml:630(command)
13678
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13681
#: serverguide/C/network-auth.xml:631(command)
13682
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13685
#: serverguide/C/network-auth.xml:636(para)
13687
"Using the <emphasis>-u openldap</emphasis> option with the "
13688
"<application>sudo</application> commands above removes the need to adjust "
13689
"permissions for the new directory later."
13692
#: serverguide/C/network-auth.xml:645(para)
13694
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13698
#: serverguide/C/network-auth.xml:649(programlisting)
13702
"olcRootDN: cn=admin,dc=example,dc=com\n"
12036
13705
#: serverguide/C/network-auth.xml:657(para)
12038
"The configuration and backend databases should now sycnc to the other "
12039
"servers. You can add additional servers using the "
12040
"<application>ldapmodify</application> utility as the need arises. See <xref "
12041
"linkend=\"openldap-configuration\"/> for details."
12044
#: serverguide/C/network-auth.xml:667(programlisting)
13707
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13710
#: serverguide/C/network-auth.xml:662(command)
13711
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13714
#: serverguide/C/network-auth.xml:669(para)
13715
msgid "Restart <application>slapd</application>:"
13718
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1040(command) serverguide/C/network-auth.xml:1227(command)
13719
msgid "sudo /etc/init.d/slapd restart"
13722
#: serverguide/C/network-auth.xml:680(para)
13724
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13725
"to configure a <emphasis>Consumer</emphasis> server."
13728
#: serverguide/C/network-auth.xml:687(title)
13729
msgid "Consumer Configuration"
13732
#: serverguide/C/network-auth.xml:692(para)
13734
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13735
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13736
"configuration steps."
13739
#: serverguide/C/network-auth.xml:697(para)
13740
msgid "Add the additional schema files:"
13743
#: serverguide/C/network-auth.xml:707(para)
13745
"Also, create, or copy from the provider server, the "
13746
"<filename>backend.example.com.ldif</filename>"
13749
#: serverguide/C/network-auth.xml:711(programlisting)
13753
"# Load dynamic backend modules\n"
13754
"dn: cn=module,cn=config\n"
13755
"objectClass: olcModuleList\n"
13757
"olcModulepath: /usr/lib/ldap\n"
13758
"olcModuleload: back_hdb\n"
13760
"# Database settings\n"
13761
"dn: olcDatabase=hdb,cn=config\n"
13762
"objectClass: olcDatabaseConfig\n"
13763
"objectClass: olcHdbConfig\n"
13764
"olcDatabase: {1}hdb\n"
13765
"olcSuffix: dc=example,dc=com\n"
13766
"olcDbDirectory: /var/lib/ldap\n"
13767
"olcRootDN: cn=admin,dc=example,dc=com\n"
13768
"olcRootPW: secret\n"
13769
"olcDbConfig: set_cachesize 0 2097152 0\n"
13770
"olcDbConfig: set_lk_max_objects 1500\n"
13771
"olcDbConfig: set_lk_max_locks 1500\n"
13772
"olcDbConfig: set_lk_max_lockers 1500\n"
13773
"olcDbIndex: objectClass eq\n"
13774
"olcLastMod: TRUE\n"
13775
"olcDbCheckpoint: 512 30\n"
13776
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13777
"by anonymous auth by self write by * none\n"
13778
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13779
"olcAccess: to dn.base=\"\" by * read\n"
13780
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13783
#: serverguide/C/network-auth.xml:741(para)
13784
msgid "And add the LDIF by entering:"
13787
#: serverguide/C/network-auth.xml:752(para)
13789
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13790
"listed above, and add it:"
13793
#: serverguide/C/network-auth.xml:760(para)
13795
"The two severs should now have the same configuration except for the "
13796
"<emphasis>Syncrepl</emphasis> options."
13799
#: serverguide/C/network-auth.xml:768(para)
13801
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13804
#: serverguide/C/network-auth.xml:772(programlisting)
13808
"#Load the syncprov module.\n"
13809
"dn: cn=module{0},cn=config\n"
13810
"changetype: modify\n"
13811
"add: olcModuleLoad\n"
13812
"olcModuleLoad: syncprov\n"
13814
"# syncrepl specific indices\n"
13815
"dn: olcDatabase={1}hdb,cn=config\n"
13816
"changetype: modify\n"
13817
"add: olcDbIndex\n"
13818
"olcDbIndex: entryUUID eq\n"
13820
"add: olcSyncRepl\n"
13821
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13822
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13823
" credentials=secret searchbase=\"dc=example,dc=com\" "
13824
"logbase=\"cn=accesslog\" \n"
13825
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13826
"schemachecking=on \n"
13827
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13829
"add: olcUpdateRef\n"
13830
"olcUpdateRef: ldap://ldap01.example.com\n"
13833
#: serverguide/C/network-auth.xml:795(para)
13834
msgid "You will probably want to change the following attributes:"
13837
#: serverguide/C/network-auth.xml:800(para)
13838
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13841
#: serverguide/C/network-auth.xml:801(emphasis)
13845
#: serverguide/C/network-auth.xml:802(emphasis)
13846
msgid "credentials"
13849
#: serverguide/C/network-auth.xml:803(emphasis)
13853
#: serverguide/C/network-auth.xml:804(emphasis)
13854
msgid "olcUpdateRef:"
13857
#: serverguide/C/network-auth.xml:810(para)
13858
msgid "Add the LDIF file to the configuration tree:"
13861
#: serverguide/C/network-auth.xml:815(command)
13862
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13865
#: serverguide/C/network-auth.xml:821(para)
13867
"The frontend database should now sync between servers. You can add "
13868
"additional servers using the steps above as the need arises."
13871
#: serverguide/C/network-auth.xml:831(programlisting)
12046
13873
msgid "127.0.0.1\tldap01.example.com ldap01"
12049
#: serverguide/C/network-auth.xml:663(para)
13876
#: serverguide/C/network-auth.xml:827(para)
12051
13878
"The <application>slapd</application> daemon will send log information to "
12052
13879
"<filename>/var/log/syslog</filename> by default. So if all does "
12216
14137
"linkend=\"openldap-server-replication\"/>."
12219
#: serverguide/C/network-auth.xml:808(para)
12221
"After setting up replication, and following the instructions in <xref "
12222
"linkend=\"openldap-tls\"/>, there are a couple of consequences that should "
12226
#: serverguide/C/network-auth.xml:815(para)
12228
"The configuration only needs to be modified on <emphasis>one</emphasis> "
12232
#: serverguide/C/network-auth.xml:820(para)
12234
"The path names for the <emphasis>certificate</emphasis> and "
12235
"<emphasis>key</emphasis> must be the same on all servers."
12238
#: serverguide/C/network-auth.xml:827(para)
12240
"So on each replicated server: install a certificate, edit "
12241
"<filename>/etc/default/slapd</filename>, and restart "
12242
"<application>slapd</application>."
12245
#: serverguide/C/network-auth.xml:832(para)
12247
"Once <emphasis>TLS</emphasis> has been setup on each server, modify the "
12248
"<emphasis>cn=config</emphasis> replication by entering the following in a "
12252
#: serverguide/C/network-auth.xml:843(userinput)
12255
"dn: olcDatabase={0}config,cn=config\n"
12256
"replace: olcSyncrepl\n"
12257
"olcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com "
12258
"binddn=\"cn=admin,cn\n"
12259
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12261
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12262
"olcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com "
12263
"binddn=\"cn=admin,cn\n"
12264
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12266
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes"
12269
#: serverguide/C/network-auth.xml:842(computeroutput)
12272
"Enter LDAP Password: \n"
12273
"<placeholder-1/>\n"
12275
"modifying entry \"olcDatabase={0}config,cn=config\"\n"
12278
#: serverguide/C/network-auth.xml:856(para)
12279
msgid "Now adjust the <emphasis>backend</emphasis> database replication:"
12282
#: serverguide/C/network-auth.xml:866(userinput)
14140
#: serverguide/C/network-auth.xml:1069(para)
14142
"Assuming you have followed the above instructions and created a CA "
14143
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14144
"server. Follow the following instructions to create a certificate and key "
14145
"for the <emphasis>Consumer</emphasis> server."
14148
#: serverguide/C/network-auth.xml:1078(para)
14149
msgid "Create a new key for the Consumer server:"
14152
#: serverguide/C/network-auth.xml:1083(command)
14153
msgid "mkdir ldap02-ssl"
14156
#: serverguide/C/network-auth.xml:1084(command)
14157
msgid "cd ldap02-ssl"
14160
#: serverguide/C/network-auth.xml:1085(command)
14161
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14164
#: serverguide/C/network-auth.xml:1089(para)
14166
"Creating a new directory is not strictly necessary, but it will help keep "
14167
"things organized and make it easier to copy the files to the Consumer server."
14170
#: serverguide/C/network-auth.xml:1098(para)
14172
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14173
"server, changing the attributes to match your locality and server:"
14176
#: serverguide/C/network-auth.xml:1103(programlisting)
14181
"state = North Carolina\n"
14182
"locality = Winston-Salem\n"
14183
"organization = Example Company\n"
14184
"cn = ldap02.salem.edu\n"
14190
#: serverguide/C/network-auth.xml:1117(para)
14191
msgid "Create the certificate:"
14194
#: serverguide/C/network-auth.xml:1122(command)
14196
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14197
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14198
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14199
"ldap02_slapd_cert.pem"
14202
#: serverguide/C/network-auth.xml:1130(para)
14203
msgid "Copy the <filename>cacert.pem</filename> to the dicretory:"
14206
#: serverguide/C/network-auth.xml:1135(command)
14207
msgid "cp /etc/ssl/certs/cacert.pem ."
14210
#: serverguide/C/network-auth.xml:1141(para)
14212
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14213
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14214
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14215
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14216
"<filename>/etc/ssl/private</filename>."
14219
#: serverguide/C/network-auth.xml:1150(para)
14221
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14225
#: serverguide/C/network-auth.xml:1160(userinput)
14229
"add: olcTLSCACertificateFile\n"
14230
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14232
"add: olcTLSCertificateFile\n"
14233
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14235
"add: olcTLSCertificateKeyFile\n"
14236
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14239
#: serverguide/C/network-auth.xml:1177(para)
14241
"As with the Provider you can now edit "
14242
"<filename>/etc/default/slapd</filename> and add the "
14243
"<emphasis>ldaps:///</emphasis> parameter to the "
14244
"<emphasis>SLAPD_SERVICES</emphasis> option."
14247
#: serverguide/C/network-auth.xml:1185(para)
14249
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14250
"modify the <emphasis>Consumer</emphasis> server's "
14251
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14254
#: serverguide/C/network-auth.xml:1198(userinput)
12285
14258
"dn: olcDatabase={1}hdb,cn=config\n"
12286
14259
"replace: olcSyncrepl\n"
12287
"olcSyncrepl: {0}rid=003 provider=ldap://ldap01.example.com "
12288
"binddn=\"cn=admin,dc=example,dc=\n"
12289
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12291
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12292
"olcSyncrepl: {1}rid=004 provider=ldap://ldap02.example.com "
12293
"binddn=\"cn=admin,dc=example,dc=\n"
12294
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12296
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes"
14260
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14262
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14264
" e=\"cn=accesslog\" "
14265
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14266
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
12299
#: serverguide/C/network-auth.xml:865(computeroutput) serverguide/C/network-auth.xml:2418(computeroutput)
14270
#: serverguide/C/network-auth.xml:1195(computeroutput)
12302
"Enter LDAP Password:\n"
14273
"SASL/EXTERNAL authentication started\n"
14274
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
12303
14276
"<placeholder-1/>\n"
12305
"modifying entry \"olcDatabase={1}hdb,cn=config\""
14278
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
12308
#: serverguide/C/network-auth.xml:878(para)
14281
#: serverguide/C/network-auth.xml:1210(para)
12310
14283
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
12311
14284
"(FQDN) in the certificate, you may have to edit "
12312
14285
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
12315
#: serverguide/C/network-auth.xml:883(programlisting)
14288
#: serverguide/C/network-auth.xml:1215(programlisting)
12319
"TLS_CERT /etc/ssl/certs/server.crt\n"
12320
"TLS_KEY /etc/ssl/private/server.key\n"
14292
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14293
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
12321
14294
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
12324
#: serverguide/C/network-auth.xml:890(para)
14297
#: serverguide/C/network-auth.xml:1222(para)
12326
14299
"Finally, restart <application>slapd</application> on each of the servers:"
12329
#: serverguide/C/network-auth.xml:903(title)
14302
#: serverguide/C/network-auth.xml:1235(title)
12330
14303
msgid "LDAP Authentication"
12333
#: serverguide/C/network-auth.xml:905(para)
14306
#: serverguide/C/network-auth.xml:1237(para)
12335
14308
"Once you have a working LDAP server, the <application>auth-client-"
12336
14309
"config</application> and <application>libnss-ldap</application> packages "
18074
20256
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
18077
#: serverguide/C/installation.xml:450(para)
20259
#: serverguide/C/installation.xml:502(para)
18079
20261
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
18080
"is <emphasis role=\"italic\">\"Ext3 journaling file system\"</emphasis>, "
20262
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
18081
20263
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
18082
20264
"<emphasis>\"Done setting up partition\"</emphasis>."
18085
#: serverguide/C/installation.xml:459(para)
20267
#: serverguide/C/installation.xml:511(para)
18087
20269
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
18088
20270
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
18089
20271
"partition\"</emphasis>."
18092
#: serverguide/C/installation.xml:467(para)
20274
#: serverguide/C/installation.xml:519(para)
18094
20276
"Use the rest of the free space on the drive and choose "
18095
20277
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
18098
#: serverguide/C/installation.xml:474(para)
20280
#: serverguide/C/installation.xml:526(para)
18100
20282
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
18101
"at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis> "
18102
"then choose <emphasis>\"Done setting up partition\"</emphasis>."
20283
"at the top, changing it to <emphasis>\"physical volume for "
20284
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20285
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20286
"<emphasis>\"Done setting up partition\"</emphasis>."
18105
#: serverguide/C/installation.xml:482(para)
20289
#: serverguide/C/installation.xml:536(para)
18106
20290
msgid "Repeat steps three through eight for the other disk and partitions."
18109
#: serverguide/C/installation.xml:491(title)
20293
#: serverguide/C/installation.xml:545(title)
18110
20294
msgid "RAID Configuration"
18113
#: serverguide/C/installation.xml:493(para)
20297
#: serverguide/C/installation.xml:547(para)
18114
20298
msgid "With the partitions setup the arrays are ready to be configured:"
18117
#: serverguide/C/installation.xml:500(para)
20301
#: serverguide/C/installation.xml:554(para)
18119
20303
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
18120
20304
"Software RAID\"</emphasis> at the top."
18123
#: serverguide/C/installation.xml:507(para)
20307
#: serverguide/C/installation.xml:561(para)
18124
20308
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
18127
#: serverguide/C/installation.xml:514(para)
18128
msgid "Choose <emphasis>\"Create MD drive\"</emphasis>."
20311
#: serverguide/C/installation.xml:568(para)
20312
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
18131
#: serverguide/C/installation.xml:521(para)
20315
#: serverguide/C/installation.xml:575(para)
18133
20317
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
18134
20318
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
18137
#: serverguide/C/installation.xml:527(para)
20321
#: serverguide/C/installation.xml:581(para)
18139
20323
"In order to use <emphasis>RAID5</emphasis> you need at least "
18140
20324
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
18141
20325
"<emphasis>two</emphasis> drives are required."
18144
#: serverguide/C/installation.xml:536(para)
20328
#: serverguide/C/installation.xml:590(para)
18146
20330
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
18147
20331
"of hard drives you have, for the array. Then select "
18148
20332
"<emphasis>\"Continue\"</emphasis>."
18151
#: serverguide/C/installation.xml:544(para)
20335
#: serverguide/C/installation.xml:598(para)
18153
20337
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
18154
20338
"default, then choose <emphasis>\"Continue\"</emphasis>."
18157
#: serverguide/C/installation.xml:551(para)
20341
#: serverguide/C/installation.xml:605(para)
18159
20343
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
18160
20344
"etc. The numbers will usually match and the different letters correspond to "
18161
20345
"different hard drives."
18164
#: serverguide/C/installation.xml:556(para)
20348
#: serverguide/C/installation.xml:610(para)
18166
20350
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
18167
20351
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
18168
20352
"go to the next step."
18171
#: serverguide/C/installation.xml:564(para)
20355
#: serverguide/C/installation.xml:618(para)
18173
20357
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
18174
20358
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
18175
20359
"and <emphasis>sdb2</emphasis>."
18178
#: serverguide/C/installation.xml:572(para)
20362
#: serverguide/C/installation.xml:626(para)
18179
20363
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
18182
#: serverguide/C/installation.xml:582(title)
20366
#: serverguide/C/installation.xml:636(title)
18183
20367
msgid "Formatting"
18186
#: serverguide/C/installation.xml:584(para)
20370
#: serverguide/C/installation.xml:638(para)
18188
20372
"There should now be a list of hard drives and RAID devices. The next step is "
18189
20373
"to format and set the mount point for the RAID devices. Treat the RAID "
18190
20374
"device as a local hard drive, format and mount accordingly."
18193
#: serverguide/C/installation.xml:592(para)
18194
msgid "Select the <emphasis>RAID1 device #0</emphasis> partition."
20377
#: serverguide/C/installation.xml:646(para)
20379
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20380
"#0\"</emphasis> partition."
18197
#: serverguide/C/installation.xml:599(para)
20383
#: serverguide/C/installation.xml:653(para)
18199
20385
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
18200
20386
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
18203
#: serverguide/C/installation.xml:607(para)
18204
msgid "Next, select the <emphasis>RAID1 device #1</emphasis> partition."
20389
#: serverguide/C/installation.xml:661(para)
20391
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20392
"#1\"</emphasis> partition."
18207
#: serverguide/C/installation.xml:614(para)
20395
#: serverguide/C/installation.xml:668(para)
18209
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext3 "
20397
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
18210
20398
"journaling file system\"</emphasis>."
18213
#: serverguide/C/installation.xml:621(para)
20401
#: serverguide/C/installation.xml:675(para)
18215
20403
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
18216
20404
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "