« back to all changes in this revision
Viewing changes to serverguide/po/be.po
- browse files at revision 94
- compare with another revision
- download diff
- download tarball
- view history from revision 94
- Committer: Bazaar Package Importer
- Author(s): Matthew East
- Date: 2010-09-19 11:35:42 UTC
- Revision ID: james.westby@ubuntu.com-20100919113542-mbxqe7yuo4ggnrw3
Tags: 10.10.3
* Amend font-family for browser startpage (LP: #195590)
* Add translations from Launchpad
* Add translations from Launchpad
- files added:
- internet/po/nn.po
- files removed:
- serverguide
- serverguide/C
- serverguide/po
- serverguide/sample
- files modified:
- about-ubuntu/po/ace.po
added
removed
serverguide/po/be.po
1
# Belarusian translation for ubuntu-docs
2
# Copyright (c) (c) 2006 Canonical Ltd, and Rosetta Contributors 2006
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2006.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-03-29 08:26+0100\n"
11
"PO-Revision-Date: 2009-10-20 02:02+0000\n"
12
"Last-Translator: Launchpad Translations Administrators "
13
"<rosetta@launchpad.net>\n"
14
"Language-Team: Belarusian <be@li.org>\n"
15
"MIME-Version: 1.0\n"
16
"Content-Type: text/plain; charset=UTF-8\n"
17
"Content-Transfer-Encoding: 8bit\n"
18
"X-Launchpad-Export-Date: 2010-04-17 14:51+0000\n"
19
"X-Generator: Launchpad (build Unknown)\n"
20
21
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
22
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
23
msgstr "ubuntu-doc@lists.ubuntu.com (Праэкт дакумэнтацыі Убунту)"
24
25
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
26
msgid "Ubuntu Server Guide"
27
msgstr "Кіраўніцтва да паслужніка Ubuntu"
28
29
#: serverguide/C/serverguide-C.omf:9(date)
30
msgid "2007-09-30"
31
msgstr "2007-09-30"
32
33
#: serverguide/C/windows-networking.xml:13(title)
34
msgid "Windows Networking"
35
msgstr "Сетка Windows"
36
37
#: serverguide/C/windows-networking.xml:15(para)
38
msgid ""
39
"Computer networks are often comprised of diverse systems, and while "
40
"operating a network made up entirely of Ubuntu desktop and server computers "
41
"would certainly be fun, some network environments must consist of both "
42
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
43
"class=\"registered\">Windows</trademark> systems working together in "
44
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
45
"principles and tools used in configuring your Ubuntu Server for sharing "
46
"network resources with Windows computers."
47
msgstr ""
48
"Кампутарныя сеткі часта складаюцца з разнародных сыстэмаў, і каілі "
49
"абслоўгваньне сеткі, пабудаванай цалкам з настольных і паслужнікавых "
50
"кампутараў з Ubuntu можа прыносіць задавальненьне, некаторыя сеткавыя "
51
"асяродзьдзі мусяць складацца з сыстэмаў Ubuntu і <trademark "
52
"class=\"registered\">Microsoft</trademark><trademark "
53
"class=\"registered\">Windows</trademark> якія павінны гарманічна працаваць "
54
"разам. Гэтая частка Кіраўніцтва да паслужніка <phrase>Ubuntu</phrase> дае "
55
"ўводзіны ў прынцыпы й сродкі, прызначаныя для наладкі вашага паслужніка "
56
"Ubuntu для сумеснай працы з кампутарамі з Windows."
57
58
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:354(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
59
msgid "Introduction"
60
msgstr "Уводзіны"
61
62
#: serverguide/C/windows-networking.xml:27(para)
63
msgid ""
64
"Successfully networking your Ubuntu system with Windows clients involves "
65
"providing and integrating with services common to Windows environments. Such "
66
"services assist the sharing of data and information about the computers and "
67
"users involved in the network, and may be classified under three major "
68
"categories of functionality:"
69
msgstr ""
70
71
#: serverguide/C/windows-networking.xml:35(para)
72
msgid ""
73
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
74
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
75
"folders, volumes, and the sharing of printers throughout the network."
76
msgstr ""
77
78
#: serverguide/C/windows-networking.xml:41(para)
79
msgid ""
80
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
81
"information about the computers and users of the network with such "
82
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
83
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
84
msgstr ""
85
86
#: serverguide/C/windows-networking.xml:48(para)
87
msgid ""
88
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
89
"the identity of a computer or user of the network and determining the "
90
"information the computer or user is authorized to access using such "
91
"principles and technologies as file permissions, group policies, and the "
92
"Kerberos authentication service."
93
msgstr ""
94
95
#: serverguide/C/windows-networking.xml:56(para)
96
msgid ""
97
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
98
"clients and share network resources among them. One of the principal pieces "
99
"of software your Ubuntu system includes for Windows networking is the Samba "
100
"suite of SMB server applications and tools."
101
msgstr ""
102
103
#: serverguide/C/windows-networking.xml:62(para)
104
msgid ""
105
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
106
"of the common Samba use cases, and how to install and configure the "
107
"necessary packages. Additional detailed documentation and information on "
108
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
109
"website</ulink>."
110
msgstr ""
111
112
#: serverguide/C/windows-networking.xml:70(title)
113
msgid "Samba File Server"
114
msgstr "Файлавы сэрвер Samba"
115
116
#: serverguide/C/windows-networking.xml:72(para)
117
msgid ""
118
"One of the most common ways to network Ubuntu and Windows computers is to "
119
"configure Samba as a File Server. This section covers setting up a "
120
"<application>Samba</application> server to share files with Windows clients."
121
msgstr ""
122
123
#: serverguide/C/windows-networking.xml:77(para)
124
msgid ""
125
"The server will be configured to share files with any client on the network "
126
"without prompting for a password. If your environment requires stricter "
127
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
128
msgstr ""
129
130
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:287(title) serverguide/C/windows-networking.xml:1302(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:2014(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:233(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1581(title) serverguide/C/network-auth.xml:2092(title) serverguide/C/network-auth.xml:2483(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
131
msgid "Installation"
132
msgstr "Усталёўка"
133
134
#: serverguide/C/windows-networking.xml:85(para)
135
msgid ""
136
"The first step is to install the <application>samba</application> package. "
137
"From a terminal prompt enter:"
138
msgstr ""
139
140
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:299(command)
141
msgid "sudo apt-get install samba"
142
msgstr "sudo apt-get install samba"
143
144
#: serverguide/C/windows-networking.xml:93(para)
145
msgid ""
146
"That's all there is to it; you are now ready to configure Samba to share "
147
"files."
148
msgstr ""
149
150
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:304(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/virtualization.xml:2088(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:258(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2131(title) serverguide/C/network-auth.xml:2504(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
151
msgid "Configuration"
152
msgstr "Настаўленьні"
153
154
#: serverguide/C/windows-networking.xml:101(para)
155
msgid ""
156
"The main Samba configuration file is located in "
157
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
158
"a significant amount of comments in order to document various configuration "
159
"directives."
160
msgstr ""
161
162
#: serverguide/C/windows-networking.xml:106(para)
163
msgid ""
164
"Not all the available options are included in the default configuration "
165
"file. See the <filename>smb.conf</filename><application>man</application> "
166
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
167
"Collection/\">Samba HOWTO Collection</ulink> for more details."
168
msgstr ""
169
170
#: serverguide/C/windows-networking.xml:116(para)
171
msgid ""
172
"First, edit the following key/value pairs in the "
173
"<emphasis>[global]</emphasis> section of "
174
"<filename>/etc/samba/smb.conf</filename>:"
175
msgstr ""
176
177
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:311(programlisting) serverguide/C/windows-networking.xml:776(programlisting) serverguide/C/windows-networking.xml:990(programlisting)
178
#, no-wrap
179
msgid ""
180
"\n"
181
" workgroup = EXAMPLE\n"
182
" ...\n"
183
" security = user\n"
184
msgstr ""
185
186
#: serverguide/C/windows-networking.xml:127(para)
187
msgid ""
188
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
189
"section, and is commented by default. Also, change "
190
"<emphasis>EXAMPLE</emphasis> to better match your environment."
191
msgstr ""
192
193
#: serverguide/C/windows-networking.xml:135(para)
194
msgid ""
195
"Create a new section at the bottom of the file, or uncomment one of the "
196
"examples, for the directory to be shared:"
197
msgstr ""
198
199
#: serverguide/C/windows-networking.xml:139(programlisting)
200
#, no-wrap
201
msgid ""
202
"\n"
203
"[share]\n"
204
" comment = Ubuntu File Server Share\n"
205
" path = /srv/samba/share\n"
206
" browsable = yes\n"
207
" guest ok = yes\n"
208
" read only = no\n"
209
" create mask = 0755\n"
210
msgstr ""
211
212
#: serverguide/C/windows-networking.xml:151(para)
213
msgid ""
214
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
215
"fit your needs."
216
msgstr ""
217
218
#: serverguide/C/windows-networking.xml:156(para)
219
msgid "<emphasis>path:</emphasis> the path to the directory to share."
220
msgstr ""
221
222
#: serverguide/C/windows-networking.xml:159(para)
223
msgid ""
224
"This example uses <filename>/srv/samba/sharename</filename> because, "
225
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
226
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
227
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
228
"specific data should be served. Technically Samba shares can be placed "
229
"anywhere on the filesystem as long as the permissions are correct, but "
230
"adhering to standards is recommended."
231
msgstr ""
232
233
#: serverguide/C/windows-networking.xml:168(para)
234
msgid ""
235
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
236
"directory using <application>Windows Explorer</application>."
237
msgstr ""
238
239
#: serverguide/C/windows-networking.xml:174(para)
240
msgid ""
241
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
242
"without supplying a password."
243
msgstr ""
244
245
#: serverguide/C/windows-networking.xml:179(para)
246
msgid ""
247
"<emphasis>read only:</emphasis> determines if the share is read only or if "
248
"write privileges are granted. Write privileges are allowed only when the "
249
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
250
"is <emphasis>yes</emphasis>, then access to the share is read only."
251
msgstr ""
252
253
#: serverguide/C/windows-networking.xml:184(para)
254
msgid ""
255
"<emphasis>create mask:</emphasis> determines the permissions new files will "
256
"have when created."
257
msgstr ""
258
259
#: serverguide/C/windows-networking.xml:193(para)
260
msgid ""
261
"Now that <application>Samba</application> is configured, the directory needs "
262
"to be created and the permissions changed. From a terminal enter:"
263
msgstr ""
264
265
#: serverguide/C/windows-networking.xml:199(command)
266
msgid "sudo mkdir -p /srv/samba/share"
267
msgstr "sudo mkdir -p /srv/samba/share"
268
269
#: serverguide/C/windows-networking.xml:200(command)
270
msgid "sudo chown nobody.nogroup /srv/samba/share/"
271
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
272
273
#: serverguide/C/windows-networking.xml:204(para)
274
msgid ""
275
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
276
"directory tree if it doesn't exist. Change the share name to fit your "
277
"environment."
278
msgstr ""
279
280
#: serverguide/C/windows-networking.xml:213(para)
281
msgid ""
282
"Finally, restart the <application>samba</application> services to enable the "
283
"new configuration:"
284
msgstr ""
285
"Нарэшце перазапусьціце сэрвісы <application>samba</application> каб уключыць "
286
"новыя настаўленьні:"
287
288
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:331(command) serverguide/C/windows-networking.xml:468(command) serverguide/C/windows-networking.xml:567(command) serverguide/C/windows-networking.xml:937(command) serverguide/C/windows-networking.xml:1047(command) serverguide/C/windows-networking.xml:1162(command) serverguide/C/network-auth.xml:1860(command)
289
msgid "sudo /etc/init.d/samba restart"
290
msgstr "sudo /etc/init.d/samba restart"
291
292
#: serverguide/C/windows-networking.xml:225(para)
293
msgid ""
294
"Once again, the above configuration gives all access to any client on the "
295
"local network. For a more secure configuration see <xref linkend=\"samba-"
296
"fileprint-security\"/>."
297
msgstr ""
298
299
#: serverguide/C/windows-networking.xml:231(para)
300
msgid ""
301
"From a Windows client you should now be able to browse to the Ubuntu file "
302
"server and see the shared directory. To check that everything is working try "
303
"creating a directory from Windows."
304
msgstr ""
305
306
#: serverguide/C/windows-networking.xml:236(para)
307
msgid ""
308
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
309
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
310
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
311
"share actually exists and the permissions are correct."
312
msgstr ""
313
314
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:341(title) serverguide/C/windows-networking.xml:696(title) serverguide/C/windows-networking.xml:1066(title) serverguide/C/windows-networking.xml:1273(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/remote-administration.xml:491(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1531(title) serverguide/C/network-auth.xml:1975(title) serverguide/C/network-auth.xml:2579(title) serverguide/C/network-auth.xml:3087(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
315
msgid "Resources"
316
msgstr "Рэсурсы"
317
318
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:345(para) serverguide/C/windows-networking.xml:700(para) serverguide/C/windows-networking.xml:1070(para)
319
msgid ""
320
"For in depth Samba configurations see the <ulink "
321
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
322
"Collection</ulink>"
323
msgstr ""
324
325
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:706(para) serverguide/C/windows-networking.xml:1076(para)
326
msgid ""
327
"The guide is also available in <ulink "
328
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
329
"format</ulink>."
330
msgstr ""
331
332
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:357(para)
333
msgid ""
334
"O'Reilly's <ulink "
335
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
336
"another good reference."
337
msgstr ""
338
339
#: serverguide/C/windows-networking.xml:265(para) serverguide/C/windows-networking.xml:368(para) serverguide/C/windows-networking.xml:731(para) serverguide/C/windows-networking.xml:1100(para) serverguide/C/windows-networking.xml:1286(para)
340
msgid ""
341
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
342
"</ulink> page."
343
msgstr ""
344
345
#: serverguide/C/windows-networking.xml:274(title)
346
msgid "Samba Print Server"
347
msgstr "Сэрвер друку Samba"
348
349
#: serverguide/C/windows-networking.xml:276(para)
350
msgid ""
351
"Another common use of Samba is to configure it to share printers installed, "
352
"either locally or over the network, on an Ubuntu server. Similar to <xref "
353
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
354
"any client on the local network to use the installed printers without "
355
"prompting for a username and password."
356
msgstr ""
357
358
#: serverguide/C/windows-networking.xml:282(para)
359
msgid ""
360
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
361
"security\"/>."
362
msgstr ""
363
"Для больш бясьпечнай наладкі глядзіце <xref linkend=\"samba-fileprint-"
364
"security\"/>."
365
366
#: serverguide/C/windows-networking.xml:289(para)
367
msgid ""
368
"Before installing and configuring Samba it is best to already have a working "
369
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
370
"for details."
371
msgstr ""
372
373
#: serverguide/C/windows-networking.xml:294(para)
374
msgid ""
375
"To install the <application>samba</application> package, from a terminal "
376
"enter:"
377
msgstr ""
378
"Каб устанавіць пакет <application>samba</application>, увядзіце ў тэрмінале:"
379
380
#: serverguide/C/windows-networking.xml:305(para)
381
msgid ""
382
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
383
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
384
"network, and change <emphasis>security</emphasis> to <emphasis "
385
"role=\"italic\">share</emphasis>:"
386
msgstr ""
387
388
#: serverguide/C/windows-networking.xml:317(para)
389
msgid ""
390
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
391
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
392
msgstr ""
393
394
#: serverguide/C/windows-networking.xml:321(programlisting)
395
#, no-wrap
396
msgid ""
397
"\n"
398
" browsable = yes\n"
399
" guest ok = yes\n"
400
msgstr ""
401
402
#: serverguide/C/windows-networking.xml:326(para)
403
msgid "After editing <filename>smb.conf</filename> restart Samba:"
404
msgstr ""
405
"Пасьля рэдагаваньня <filename>smb.conf</filename> перазапусьціце Samba:"
406
407
#: serverguide/C/windows-networking.xml:334(para)
408
msgid ""
409
"The default Samba configuration will automatically share any printers "
410
"installed. Simply install the printer locally on your Windows clients."
411
msgstr ""
412
413
#: serverguide/C/windows-networking.xml:363(para)
414
msgid ""
415
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
416
"more information on configuring CUPS."
417
msgstr ""
418
"Яшчэ глядзіце <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> каб "
419
"прачытаць больш зьвестак пра настаўленьне CUPS."
420
421
#: serverguide/C/windows-networking.xml:377(title)
422
msgid "Securing a Samba File and Print Server"
423
msgstr "Бясьпека файлавага сэрвера Самба і сэрвера друку"
424
425
#: serverguide/C/windows-networking.xml:380(title)
426
msgid "Samba Security Modes"
427
msgstr "Рэжымы бясьпекі Samba"
428
429
#: serverguide/C/windows-networking.xml:382(para)
430
msgid ""
431
"There are two security levels available to the Common Internet Filesystem "
432
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
433
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
434
"allows more flexibility, providing four ways of implementing user-level "
435
"security and one way to implement share-level:"
436
msgstr ""
437
438
#: serverguide/C/windows-networking.xml:391(para)
439
msgid ""
440
"<emphasis>security = user:</emphasis> requires clients to supply a username "
441
"and password to connect to shares. Samba user accounts are separate from "
442
"system accounts, but the <application>libpam-smbpass</application> package "
443
"will sync system users and passwords with the Samba user database."
444
msgstr ""
445
446
#: serverguide/C/windows-networking.xml:398(para)
447
msgid ""
448
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
449
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
450
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
451
"linkend=\"samba-dc\"/> for further information."
452
msgstr ""
453
454
#: serverguide/C/windows-networking.xml:405(para)
455
msgid ""
456
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
457
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
458
"integration\"/> for details."
459
msgstr ""
460
461
#: serverguide/C/windows-networking.xml:411(para)
462
msgid ""
463
"<emphasis>security = server:</emphasis> this mode is left over from before "
464
"Samba could become a member server, and due to some security issues should "
465
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
466
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
467
"of the Samba guide for more details."
468
msgstr ""
469
470
#: serverguide/C/windows-networking.xml:419(para)
471
msgid ""
472
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
473
"without supplying a username and password."
474
msgstr ""
475
476
#: serverguide/C/windows-networking.xml:426(para)
477
msgid ""
478
"The security mode you choose will depend on your environment and what you "
479
"need the Samba server to accomplish."
480
msgstr ""
481
482
#: serverguide/C/windows-networking.xml:432(title)
483
msgid "Security = User"
484
msgstr ""
485
486
#: serverguide/C/windows-networking.xml:434(para)
487
msgid ""
488
"This section will reconfigure the Samba file and print server, from <xref "
489
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
490
"require authentication."
491
msgstr ""
492
493
#: serverguide/C/windows-networking.xml:439(para)
494
msgid ""
495
"First, install the <application>libpam-smbpass</application> package which "
496
"will sync the system users to the Samba user database:"
497
msgstr ""
498
499
#: serverguide/C/windows-networking.xml:445(command)
500
msgid "sudo apt-get install libpam-smbpass"
501
msgstr "sudo apt-get install libpam-smbpass"
502
503
#: serverguide/C/windows-networking.xml:449(para)
504
msgid ""
505
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
506
"<application>libpam-smbpass</application> is already installed."
507
msgstr ""
508
509
#: serverguide/C/windows-networking.xml:455(para)
510
msgid ""
511
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
512
"<emphasis>[share]</emphasis> section change:"
513
msgstr ""
514
515
#: serverguide/C/windows-networking.xml:459(programlisting)
516
#, no-wrap
517
msgid ""
518
"\n"
519
" guest ok = no\n"
520
msgstr ""
521
522
#: serverguide/C/windows-networking.xml:463(para)
523
msgid "Finally, restart Samba for the new settings to take effect:"
524
msgstr ""
525
526
#: serverguide/C/windows-networking.xml:471(para)
527
msgid ""
528
"Now when connecting to the shared directories or printers you should be "
529
"prompted for a username and password."
530
msgstr ""
531
532
#: serverguide/C/windows-networking.xml:476(para)
533
msgid ""
534
"If you choose to map a network drive to the share you can check the "
535
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
536
"enter the username and password once, at least until the password changes."
537
msgstr ""
538
539
#: serverguide/C/windows-networking.xml:484(title)
540
msgid "Share Security"
541
msgstr ""
542
543
#: serverguide/C/windows-networking.xml:486(para)
544
msgid ""
545
"There are several options available to increase the security for each "
546
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
547
"this section will cover some common options."
548
msgstr ""
549
550
#: serverguide/C/windows-networking.xml:492(title)
551
msgid "Groups"
552
msgstr "Групы"
553
554
#: serverguide/C/windows-networking.xml:494(para)
555
msgid ""
556
"Groups define a collection of computers or users which have a common level "
557
"of access to particular network resources and offer a level of granularity "
558
"in controlling access to such resources. For example, if a group <emphasis "
559
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
560
"role=\"italic\">freda</emphasis>, <emphasis "
561
"role=\"italic\">danika</emphasis>, and <emphasis "
562
"role=\"italic\">rob</emphasis> and a second group <emphasis "
563
"role=\"italic\">support</emphasis> is defined and consists of users "
564
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
565
"role=\"italic\">jeremy</emphasis>, and <emphasis "
566
"role=\"italic\">vincent</emphasis> then certain network resources configured "
567
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
568
"subsequently enable access by freda, danika, and rob, but not jeremy or "
569
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
570
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
571
"role=\"italic\">support</emphasis> groups, she will be able to access "
572
"resources configured for access by both groups, whereas all other users will "
573
"have only access to resources explicitly allowing the group they are part of."
574
msgstr ""
575
576
#: serverguide/C/windows-networking.xml:508(para)
577
msgid ""
578
"By default Samba looks for the local system groups defined in "
579
"<filename>/etc/group</filename> to determine which users belong to which "
580
"groups. For more information on adding and removing users from groups see "
581
"<xref linkend=\"adding-deleting-users\"/>."
582
msgstr ""
583
584
#: serverguide/C/windows-networking.xml:514(para)
585
msgid ""
586
"When defining groups in the Samba configuration file, "
587
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
588
"preface the group name with an \"@\" symbol. For example, if you wished to "
589
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
590
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
591
"do so by entering the group name as <emphasis "
592
"role=\"bold\">@sysadmin</emphasis>."
593
msgstr ""
594
595
#: serverguide/C/windows-networking.xml:523(title)
596
msgid "File Permissions"
597
msgstr ""
598
599
#: serverguide/C/windows-networking.xml:525(para)
600
msgid ""
601
"File Permissions define the explicit rights a computer or user has to a "
602
"particular directory, file, or set of files. Such permissions may be defined "
603
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
604
"the explicit permissions of a defined file share."
605
msgstr ""
606
607
#: serverguide/C/windows-networking.xml:531(para)
608
msgid ""
609
"For example, if you have defined a Samba share called "
610
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
611
"only</emphasis> permissions to the group of users known as <emphasis "
612
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
613
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
614
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
615
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
616
"under the <emphasis>[share]</emphasis> entry:"
617
msgstr ""
618
619
#: serverguide/C/windows-networking.xml:540(programlisting)
620
#, no-wrap
621
msgid ""
622
"\n"
623
" read list = @qa\n"
624
" write list = @sysadmin, vincent\n"
625
msgstr ""
626
627
#: serverguide/C/windows-networking.xml:545(para)
628
msgid ""
629
"Another possible Samba permission is to declare "
630
"<emphasis>administrative</emphasis> permissions to a particular shared "
631
"resource. Users having administrative permissions may read, write, or modify "
632
"any information contained in the resource the user has been given explicit "
633
"administrative permissions to."
634
msgstr ""
635
636
#: serverguide/C/windows-networking.xml:551(para)
637
msgid ""
638
"For example, if you wanted to give the user <emphasis "
639
"role=\"italic\">melissa</emphasis> administrative permissions to the "
640
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
641
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
642
"under the <emphasis>[share]</emphasis> entry:"
643
msgstr ""
644
645
#: serverguide/C/windows-networking.xml:558(programlisting)
646
#, no-wrap
647
msgid ""
648
"\n"
649
" admin users = melissa\n"
650
msgstr ""
651
652
#: serverguide/C/windows-networking.xml:562(para)
653
msgid ""
654
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
655
"the changes to take effect:"
656
msgstr ""
657
"Пасьля рэдагаваньня <filename>/etc/samba/smb.conf</filename>, перазапусьціце "
658
"Samba каб ужыць зьмены:"
659
660
#: serverguide/C/windows-networking.xml:571(para)
661
msgid ""
662
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
663
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
664
"<emphasis role=\"italic\">security = share</emphasis>"
665
msgstr ""
666
667
#: serverguide/C/windows-networking.xml:577(para)
668
msgid ""
669
"Now that Samba has been configured to limit which groups have access to the "
670
"shared directory, the filesystem permissions need to be updated."
671
msgstr ""
672
673
#: serverguide/C/windows-networking.xml:582(para)
674
msgid ""
675
"Traditional Linux file permissions do not map well to Windows NT Access "
676
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
677
"providing more fine grained control. For example, to enable ACLs on "
678
"<filename>/srv</filename> an EXT3 filesystem, edit "
679
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
680
msgstr ""
681
682
#: serverguide/C/windows-networking.xml:589(programlisting)
683
#, no-wrap
684
msgid ""
685
"\n"
686
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
687
"0 1\n"
688
msgstr ""
689
"\n"
690
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
691
"0 1\n"
692
693
#: serverguide/C/windows-networking.xml:593(para)
694
msgid "Then remount the partition:"
695
msgstr ""
696
697
#: serverguide/C/windows-networking.xml:598(command)
698
msgid "sudo mount -v -o remount /srv"
699
msgstr "sudo mount -v -o remount /srv"
700
701
#: serverguide/C/windows-networking.xml:602(para)
702
msgid ""
703
"The above example assumes <filename>/srv</filename> on a separate partition. "
704
"If <filename>/srv</filename>, or wherever you have configured your share "
705
"path, is part of the <filename>/</filename> partition a reboot may be "
706
"required."
707
msgstr ""
708
709
#: serverguide/C/windows-networking.xml:609(para)
710
msgid ""
711
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
712
"group will be given read, write, and execute permissions to "
713
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
714
"will be given read and execute permissions, and the files will be owned by "
715
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
716
msgstr ""
717
718
#: serverguide/C/windows-networking.xml:617(command)
719
msgid "sudo chown -R melissa /srv/samba/share/"
720
msgstr "sudo chown -R melissa /srv/samba/share/"
721
722
#: serverguide/C/windows-networking.xml:618(command)
723
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
724
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
725
726
#: serverguide/C/windows-networking.xml:619(command)
727
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
728
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
729
730
#: serverguide/C/windows-networking.xml:623(para)
731
msgid ""
732
"The <application>setfacl</application> command above gives "
733
"<emphasis>execute</emphasis> permissions to all files in the "
734
"<filename>/srv/samba/share</filename> directory, which you may or may not "
735
"want."
736
msgstr ""
737
738
#: serverguide/C/windows-networking.xml:629(para)
739
msgid ""
740
"Now from a Windows client you should notice the new file permissions are "
741
"implemented. See the <application>acl</application> and "
742
"<application>setfacl</application> man pages for more information on POSIX "
743
"ACLs."
744
msgstr ""
745
746
#: serverguide/C/windows-networking.xml:637(title)
747
msgid "Samba AppArmor Profile"
748
msgstr "Профіль Samba AppArmor"
749
750
#: serverguide/C/windows-networking.xml:639(para)
751
msgid ""
752
"Ubuntu comes with the <application>AppArmor</application> security module, "
753
"which provides mandatory access controls. The default AppArmor profile for "
754
"Samba will need to be adapted to your configuration. For more details on "
755
"using AppArmor see <xref linkend=\"apparmor\"/>."
756
msgstr ""
757
758
#: serverguide/C/windows-networking.xml:645(para)
759
msgid ""
760
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
761
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
762
"of the <application>apparmor-profiles</application> packages. To install the "
763
"package, from a terminal prompt enter:"
764
msgstr ""
765
766
#: serverguide/C/windows-networking.xml:652(command) serverguide/C/security.xml:925(command)
767
msgid "sudo apt-get install apparmor-profiles"
768
msgstr "sudo apt-get install apparmor-profiles"
769
770
#: serverguide/C/windows-networking.xml:656(para)
771
msgid "This package contains profiles for several other binaries."
772
msgstr ""
773
774
#: serverguide/C/windows-networking.xml:661(para)
775
msgid ""
776
"By default the profiles for <application>smbd</application> and "
777
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
778
"allowing Samba to work without modifying the profile, and only logging "
779
"errors. To place the <application>smbd</application> profile into "
780
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
781
"profile will need to be modified to reflect any directories that are shared."
782
msgstr ""
783
784
#: serverguide/C/windows-networking.xml:668(para)
785
msgid ""
786
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
787
"for <emphasis>[share]</emphasis> from the file server example:"
788
msgstr ""
789
790
#: serverguide/C/windows-networking.xml:673(programlisting)
791
#, no-wrap
792
msgid ""
793
"\n"
794
" /srv/samba/share/ r,\n"
795
" /srv/samba/share/** rwkix,\n"
796
msgstr ""
797
"\n"
798
" /srv/samba/share/ r,\n"
799
" /srv/samba/share/** rwkix,\n"
800
801
#: serverguide/C/windows-networking.xml:678(para)
802
msgid ""
803
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
804
msgstr ""
805
806
#: serverguide/C/windows-networking.xml:683(command)
807
msgid "sudo aa-enforce /usr/sbin/smbd"
808
msgstr "sudo aa-enforce /usr/sbin/smbd"
809
810
#: serverguide/C/windows-networking.xml:684(command)
811
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
812
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
813
814
#: serverguide/C/windows-networking.xml:687(para)
815
msgid ""
816
"You should now be able to read, write, and execute files in the shared "
817
"directory as normal, and the <application>smbd</application> binary will "
818
"have access to only the configured files and directories. Be sure to add "
819
"entries for each directory you configure Samba to share. Also, any errors "
820
"will be logged to <filename>/var/log/syslog</filename>."
821
msgstr ""
822
823
#: serverguide/C/windows-networking.xml:712(para) serverguide/C/windows-networking.xml:1082(para)
824
msgid ""
825
"O'Reilly's <ulink "
826
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
827
"also a good reference."
828
msgstr ""
829
830
#: serverguide/C/windows-networking.xml:718(para)
831
msgid ""
832
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
833
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
834
"security."
835
msgstr ""
836
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
837
"samba.html\">Разьдзел 18</ulink> Калекцыі Samba HOWTO зьмяшчае інфармацыю "
838
"пра бясьпеку."
839
840
#: serverguide/C/windows-networking.xml:724(para)
841
msgid ""
842
"For more information on Samba and ACLs see the <ulink "
843
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
844
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
845
msgstr ""
846
847
#: serverguide/C/windows-networking.xml:740(title)
848
msgid "Samba as a Domain Controller"
849
msgstr ""
850
851
#: serverguide/C/windows-networking.xml:742(para)
852
msgid ""
853
"Although it cannot act as an Active Directory Primary Domain Controller "
854
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
855
"domain controller. A major advantage of this configuration is the ability to "
856
"centralize user and machine credentials. Samba can also use multiple "
857
"backends to store the user information."
858
msgstr ""
859
860
#: serverguide/C/windows-networking.xml:749(title)
861
msgid "Primary Domain Controller"
862
msgstr ""
863
864
#: serverguide/C/windows-networking.xml:751(para)
865
msgid ""
866
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
867
"using the default smbpasswd backend."
868
msgstr ""
869
870
#: serverguide/C/windows-networking.xml:758(para)
871
msgid ""
872
"First, install Samba, and <application>libpam-smbpass</application> to sync "
873
"the user accounts, by entering the following in a terminal prompt:"
874
msgstr ""
875
876
#: serverguide/C/windows-networking.xml:764(command) serverguide/C/windows-networking.xml:980(command)
877
msgid "sudo apt-get install samba libpam-smbpass"
878
msgstr "sudo apt-get install samba libpam-smbpass"
879
880
#: serverguide/C/windows-networking.xml:770(para)
881
msgid ""
882
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
883
"The <emphasis>security</emphasis> mode should be set to <emphasis "
884
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
885
"should relate to your organization:"
886
msgstr ""
887
888
#: serverguide/C/windows-networking.xml:785(para)
889
msgid ""
890
"In the commented <quote>Domains</quote> section add or uncomment the "
891
"following:"
892
msgstr ""
893
894
#: serverguide/C/windows-networking.xml:789(programlisting)
895
#, no-wrap
896
msgid ""
897
"\n"
898
" domain logons = yes\n"
899
" logon path = \\\\%N\\%U\\profile\n"
900
" logon drive = H:\n"
901
" logon home = \\\\%N\\%U\n"
902
" logon script = logon.cmd\n"
903
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
904
"/var/lib/samba -s /bin/false %u\n"
905
msgstr ""
906
907
#: serverguide/C/windows-networking.xml:800(para)
908
msgid ""
909
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
910
"Samba to act as a domain controller."
911
msgstr ""
912
913
#: serverguide/C/windows-networking.xml:805(para)
914
msgid ""
915
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
916
"their home directory. It is also possible to configure a "
917
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
918
"directory."
919
msgstr ""
920
921
#: serverguide/C/windows-networking.xml:811(para)
922
msgid ""
923
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
924
msgstr ""
925
926
#: serverguide/C/windows-networking.xml:816(para)
927
msgid ""
928
"<emphasis>logon home:</emphasis> specifies the home directory location."
929
msgstr ""
930
931
#: serverguide/C/windows-networking.xml:821(para)
932
msgid ""
933
"<emphasis>logon script:</emphasis> determines the script to be run locally "
934
"once a user has logged in. The script needs to be placed in the "
935
"<emphasis>[netlogon]</emphasis> share."
936
msgstr ""
937
938
#: serverguide/C/windows-networking.xml:827(para)
939
msgid ""
940
"<emphasis>add machine script:</emphasis> a script that will automatically "
941
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
942
"workstation to join the domain."
943
msgstr ""
944
945
#: serverguide/C/windows-networking.xml:831(para)
946
msgid ""
947
"In this example the <emphasis>machines</emphasis> group will need to be "
948
"created using the <application>addgroup</application> utility see <xref "
949
"linkend=\"adding-deleting-users\"/> for details."
950
msgstr ""
951
952
#: serverguide/C/windows-networking.xml:839(para)
953
msgid ""
954
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
955
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
956
"commented."
957
msgstr ""
958
959
#: serverguide/C/windows-networking.xml:848(para)
960
msgid ""
961
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
962
"role=\"italic\">logon home</emphasis> to be mapped:"
963
msgstr ""
964
965
#: serverguide/C/windows-networking.xml:853(programlisting)
966
#, no-wrap
967
msgid ""
968
"\n"
969
"[homes]\n"
970
" comment = Home Directories\n"
971
" browseable = no\n"
972
" read only = no\n"
973
" create mask = 0700\n"
974
" directory mask = 0700\n"
975
" valid users = %S\n"
976
msgstr ""
977
978
#: serverguide/C/windows-networking.xml:866(para)
979
msgid ""
980
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
981
"share needs to be configured. To enable the share, uncomment:"
982
msgstr ""
983
984
#: serverguide/C/windows-networking.xml:871(programlisting)
985
#, no-wrap
986
msgid ""
987
"\n"
988
"[netlogon]\n"
989
" comment = Network Logon Service\n"
990
" path = /srv/samba/netlogon\n"
991
" guest ok = yes\n"
992
" read only = yes\n"
993
" share modes = no\n"
994
msgstr ""
995
996
#: serverguide/C/windows-networking.xml:881(para)
997
msgid ""
998
"The original <emphasis>netlogon</emphasis> share path is "
999
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
1000
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
1001
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
1002
"location for site-specific data provided by the system."
1003
msgstr ""
1004
1005
#: serverguide/C/windows-networking.xml:892(para)
1006
msgid ""
1007
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
1008
"and an empty (for now) <filename>logon.cmd</filename> script file:"
1009
msgstr ""
1010
1011
#: serverguide/C/windows-networking.xml:898(command)
1012
msgid "sudo mkdir -p /srv/samba/netlogon"
1013
msgstr "sudo mkdir -p /srv/samba/netlogon"
1014
1015
#: serverguide/C/windows-networking.xml:899(command)
1016
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1017
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
1018
1019
#: serverguide/C/windows-networking.xml:902(para)
1020
msgid ""
1021
"You can enter any normal Windows logon script commands in "
1022
"<filename>logon.cmd</filename> to customize the client's environment."
1023
msgstr ""
1024
1025
#: serverguide/C/windows-networking.xml:910(para)
1026
msgid ""
1027
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1028
"workstation to the domain, a system group needs to be mapped to the Windows "
1029
"<emphasis>Domain Admins</emphasis> group. Using the "
1030
"<application>net</application> utility, from a terminal enter:"
1031
msgstr ""
1032
1033
#: serverguide/C/windows-networking.xml:917(command)
1034
msgid ""
1035
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1036
"type=d"
1037
msgstr ""
1038
1039
#: serverguide/C/windows-networking.xml:921(para)
1040
msgid ""
1041
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1042
"prefer. Also, the user used to join the domain needs to be a member of the "
1043
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1044
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1045
"allows <application>sudo</application> use."
1046
msgstr ""
1047
1048
#: serverguide/C/windows-networking.xml:932(para)
1049
msgid "Finally, restart Samba to enable the new domain controller:"
1050
msgstr ""
1051
1052
#: serverguide/C/windows-networking.xml:943(para)
1053
msgid ""
1054
"You should now be able to join Windows clients to the Domain in the same "
1055
"manner as joining them to an NT4 domain running on a Windows server."
1056
msgstr ""
1057
1058
#: serverguide/C/windows-networking.xml:953(title)
1059
msgid "Backup Domain Controller"
1060
msgstr ""
1061
1062
#: serverguide/C/windows-networking.xml:955(para)
1063
msgid ""
1064
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1065
"Backup Domain Controller (BDC) as well. This will allow clients to "
1066
"authenticate in case the PDC becomes unavailable."
1067
msgstr ""
1068
1069
#: serverguide/C/windows-networking.xml:960(para)
1070
msgid ""
1071
"When configuring Samba as a BDC you need a way to sync account information "
1072
"with the PDC. There are multiple ways of accomplishing this "
1073
"<application>scp</application>, <application>rsync</application>, or by "
1074
"using <application>LDAP</application> as the <emphasis>passdb "
1075
"backend</emphasis>."
1076
msgstr ""
1077
1078
#: serverguide/C/windows-networking.xml:966(para)
1079
msgid ""
1080
"Using LDAP is the most robust way to sync account information, because both "
1081
"domain controllers can use the same information in real time. However, "
1082
"setting up a LDAP server may be overly complicated for a small number of "
1083
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1084
msgstr ""
1085
1086
#: serverguide/C/windows-networking.xml:975(para)
1087
msgid ""
1088
"First, install <application>samba</application> and <application>libpam-"
1089
"smbpass</application>. From a terminal enter:"
1090
msgstr ""
1091
"Спачатку ўстанавіце <application>samba</application> і <application>libpam-"
1092
"smbpass</application>. У тэрмінале ўвядзіце:"
1093
1094
#: serverguide/C/windows-networking.xml:986(para)
1095
msgid ""
1096
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1097
"following in the <emphasis>[global]</emphasis>:"
1098
msgstr ""
1099
1100
#: serverguide/C/windows-networking.xml:999(para)
1101
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1102
msgstr ""
1103
1104
#: serverguide/C/windows-networking.xml:1003(programlisting)
1105
#, no-wrap
1106
msgid ""
1107
"\n"
1108
" domain logons = yes\n"
1109
" domain master = no\n"
1110
msgstr ""
1111
1112
#: serverguide/C/windows-networking.xml:1011(para)
1113
msgid ""
1114
"Make sure a user has rights to read the files in "
1115
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1116
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1117
"files, enter:"
1118
msgstr ""
1119
1120
#: serverguide/C/windows-networking.xml:1017(command)
1121
msgid "sudo chgrp -R admin /var/lib/samba"
1122
msgstr "sudo chgrp -R admin /var/lib/samba"
1123
1124
#: serverguide/C/windows-networking.xml:1023(para)
1125
msgid ""
1126
"Next, sync the user accounts, using <application>scp</application> to copy "
1127
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1128
msgstr ""
1129
1130
#: serverguide/C/windows-networking.xml:1029(command)
1131
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1132
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1133
1134
#: serverguide/C/windows-networking.xml:1033(para)
1135
msgid ""
1136
"Replace <emphasis>username</emphasis> with a valid username and "
1137
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1138
msgstr ""
1139
1140
#: serverguide/C/windows-networking.xml:1042(para)
1141
msgid "Finally, restart <application>samba</application>:"
1142
msgstr "У канцы, перазапусьціце <application>samba</application>:"
1143
1144
#: serverguide/C/windows-networking.xml:1053(para)
1145
msgid ""
1146
"You can test that your Backup Domain controller is working by stopping the "
1147
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1148
"the domain."
1149
msgstr ""
1150
1151
#: serverguide/C/windows-networking.xml:1058(para)
1152
msgid ""
1153
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1154
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1155
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1156
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1157
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1158
msgstr ""
1159
1160
#: serverguide/C/windows-networking.xml:1088(para)
1161
msgid ""
1162
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1163
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1164
"up a Primary Domain Controller."
1165
msgstr ""
1166
1167
#: serverguide/C/windows-networking.xml:1094(para)
1168
msgid ""
1169
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1170
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1171
"explains setting up a Backup Domain Controller."
1172
msgstr ""
1173
1174
#: serverguide/C/windows-networking.xml:1109(title)
1175
msgid "Samba Active Directory Integration"
1176
msgstr ""
1177
1178
#: serverguide/C/windows-networking.xml:1112(title)
1179
msgid "Accessing a Samba Share"
1180
msgstr ""
1181
1182
#: serverguide/C/windows-networking.xml:1114(para)
1183
msgid ""
1184
"Another, use for Samba is to integrate into an existing Windows network. "
1185
"Once part of an Active Directory domain, Samba can provide file and print "
1186
"services to AD users."
1187
msgstr ""
1188
1189
#: serverguide/C/windows-networking.xml:1119(para)
1190
msgid ""
1191
"The simplest way to join an AD domain is to use <application>Likewise-"
1192
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1193
"open\"/>."
1194
msgstr ""
1195
1196
#: serverguide/C/windows-networking.xml:1124(para)
1197
msgid ""
1198
"Once part of the domain, enter the following command in the terminal prompt:"
1199
msgstr ""
1200
1201
#: serverguide/C/windows-networking.xml:1129(command)
1202
msgid "sudo apt-get install samba smbfs smbclient"
1203
msgstr "sudo apt-get install samba smbfs smbclient"
1204
1205
#: serverguide/C/windows-networking.xml:1132(para)
1206
msgid ""
1207
"Since the <application>likewise-open</application> and "
1208
"<application>samba</application> packages use separate "
1209
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1210
"<filename role=\"directory\">/var/lib/samba</filename>:"
1211
msgstr ""
1212
1213
#: serverguide/C/windows-networking.xml:1138(command)
1214
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1215
msgstr "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1216
1217
#: serverguide/C/windows-networking.xml:1139(command)
1218
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1219
msgstr "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1220
1221
#: serverguide/C/windows-networking.xml:1142(para)
1222
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1223
msgstr ""
1224
"Пасьля, рэдагуйце <filename>/etc/samba/smb.conf</filename> зьмяніўшы:"
1225
1226
#: serverguide/C/windows-networking.xml:1146(programlisting)
1227
#, no-wrap
1228
msgid ""
1229
"\n"
1230
" workgroup = EXAMPLE\n"
1231
" ...\n"
1232
" security = ads\n"
1233
" realm = EXAMPLE.COM\n"
1234
" ...\n"
1235
" idmap backend = lwopen\n"
1236
" idmap uid = 50-9999999999\n"
1237
" idmap gid = 50-9999999999\n"
1238
msgstr ""
1239
1240
#: serverguide/C/windows-networking.xml:1157(para)
1241
msgid ""
1242
"Restart <application>samba</application> for the new settings to take effect:"
1243
msgstr ""
1244
"Перазапусьціце <application>samba</application> каб ужыць новыя наладкі:"
1245
1246
#: serverguide/C/windows-networking.xml:1165(para)
1247
msgid ""
1248
"You should now be able to access any <application>Samba</application> shares "
1249
"from a Windows client. However, be sure to give the appropriate AD users or "
1250
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1251
"security\"/> for more details."
1252
msgstr ""
1253
1254
#: serverguide/C/windows-networking.xml:1173(title)
1255
msgid "Accessing a Windows Share"
1256
msgstr ""
1257
1258
#: serverguide/C/windows-networking.xml:1175(para)
1259
msgid ""
1260
"Now that the Samba server is part of the Active Directory domain you can "
1261
"access any Windows server shares:"
1262
msgstr ""
1263
1264
#: serverguide/C/windows-networking.xml:1182(para)
1265
msgid ""
1266
"To mount a Windows file share enter the following in a terminal prompt:"
1267
msgstr ""
1268
1269
#: serverguide/C/windows-networking.xml:1186(command)
1270
msgid "mount.cifs //fs01.example.com/share mount_point"
1271
msgstr "mount.cifs //fs01.example.com/share mount_point"
1272
1273
#: serverguide/C/windows-networking.xml:1189(para)
1274
msgid ""
1275
"It is also possible to access shares on computers not part of an AD domain, "
1276
"but a username and password will need to be provided."
1277
msgstr ""
1278
1279
#: serverguide/C/windows-networking.xml:1197(para)
1280
msgid ""
1281
"To mount the share during boot place an entry in "
1282
"<filename>/etc/fstab</filename>, for example:"
1283
msgstr ""
1284
1285
#: serverguide/C/windows-networking.xml:1201(programlisting)
1286
#, no-wrap
1287
msgid ""
1288
"\n"
1289
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1290
"0 0\n"
1291
msgstr ""
1292
"\n"
1293
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1294
"0 0\n"
1295
1296
#: serverguide/C/windows-networking.xml:1208(para)
1297
msgid ""
1298
"Another way to copy files from a Windows server is to use the "
1299
"<application>smbclient</application> utility. To list the files in a Windows "
1300
"share:"
1301
msgstr ""
1302
1303
#: serverguide/C/windows-networking.xml:1214(command)
1304
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1305
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
1306
1307
#: serverguide/C/windows-networking.xml:1220(para)
1308
msgid "To copy a file from the share, enter:"
1309
msgstr ""
1310
1311
#: serverguide/C/windows-networking.xml:1225(command)
1312
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1313
msgstr "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1314
1315
#: serverguide/C/windows-networking.xml:1228(para)
1316
msgid ""
1317
"This will copy the <filename>file.txt</filename> into the current directory."
1318
msgstr ""
1319
"Гэта будзе капіяваць <filename>file.txt</filename> у бягучую дырэкторыю."
1320
1321
#: serverguide/C/windows-networking.xml:1235(para)
1322
msgid "And to copy a file to the share:"
1323
msgstr ""
1324
1325
#: serverguide/C/windows-networking.xml:1240(command)
1326
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1327
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1328
1329
#: serverguide/C/windows-networking.xml:1243(para)
1330
msgid ""
1331
"This will copy the <filename>/etc/hosts</filename> to "
1332
"<filename>//fs01.example.com/share/hosts</filename>."
1333
msgstr ""
1334
1335
#: serverguide/C/windows-networking.xml:1250(para)
1336
msgid ""
1337
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1338
"<application>smbclient</application> command all at once. This is useful for "
1339
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1340
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1341
"and directory commands, simply execute:"
1342
msgstr ""
1343
1344
#: serverguide/C/windows-networking.xml:1257(command)
1345
msgid "smbclient //fs01.example.com/share -k"
1346
msgstr "smbclient //fs01.example.com/share -k"
1347
1348
#: serverguide/C/windows-networking.xml:1264(para)
1349
msgid ""
1350
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1351
"<emphasis>//192.168.0.5/share</emphasis>, "
1352
"<emphasis>username=steve,password=secret</emphasis>, and "
1353
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1354
"file name, and an actual username and password with rights to the share."
1355
msgstr ""
1356
1357
#: serverguide/C/windows-networking.xml:1275(para)
1358
msgid ""
1359
"For more <application>smbclient</application> options see the man page: "
1360
"<command>man smbclient</command>, also available <ulink "
1361
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/smbclient.1.html\">on"
1362
"line</ulink>."
1363
msgstr ""
1364
1365
#: serverguide/C/windows-networking.xml:1280(para)
1366
msgid ""
1367
"The <application>mount.cifs</application><ulink "
1368
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/mount.cifs.8.html\">m"
1369
"an page</ulink> is also useful for more detailed information."
1370
msgstr ""
1371
1372
#: serverguide/C/windows-networking.xml:1293(title)
1373
msgid "Likewise Open"
1374
msgstr "Likewise Open"
1375
1376
#: serverguide/C/windows-networking.xml:1295(para)
1377
msgid ""
1378
"<application>Likewise Open</application> simplifies the necessary "
1379
"configuration needed to authenticate a Linux machine to an Active Directory "
1380
"domain. Based on <application>winbind</application>, the "
1381
"<application>likewise-open</application> package takes the pain out of "
1382
"integrating Ubuntu authentication into an existing Windows network."
1383
msgstr ""
1384
1385
#: serverguide/C/windows-networking.xml:1304(para)
1386
msgid ""
1387
"There are two ways to use Likewise Open, <application>likewise-"
1388
"open</application> the command line utility and <application>likewise-open-"
1389
"gui</application>. This section focuses on the command line utility."
1390
msgstr ""
1391
1392
#: serverguide/C/windows-networking.xml:1309(para)
1393
msgid ""
1394
"To install the <application>likewise-open</application> package, open a "
1395
"terminal prompt and enter:"
1396
msgstr ""
1397
"Каб устанавіць пакет <application>likewise-open</application>, адкрыйце "
1398
"тэрмінал і ўвядзіце:"
1399
1400
#: serverguide/C/windows-networking.xml:1314(command)
1401
msgid "sudo apt-get install likewise-open"
1402
msgstr "sudo apt-get install likewise-open"
1403
1404
#: serverguide/C/windows-networking.xml:1319(title)
1405
msgid "Joining a Domain"
1406
msgstr ""
1407
1408
#: serverguide/C/windows-networking.xml:1321(para)
1409
msgid ""
1410
"The main executable file of the <application>likewise-open</application> "
1411
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1412
"join your computer to the domain. Before you join a domain you will need to "
1413
"make sure you have:"
1414
msgstr ""
1415
1416
#: serverguide/C/windows-networking.xml:1329(para)
1417
msgid ""
1418
"Access to an Active Directory user with appropriate rights to join the "
1419
"domain."
1420
msgstr ""
1421
1422
#: serverguide/C/windows-networking.xml:1334(para)
1423
msgid ""
1424
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1425
"you want to join. If your AD domain does not match a valid domain such as "
1426
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1427
"the form of <emphasis>domainname.local</emphasis>."
1428
msgstr ""
1429
1430
#: serverguide/C/windows-networking.xml:1341(para)
1431
msgid ""
1432
"DNS for the domain setup properly. In a production AD environment this "
1433
"should be the case. Proper Microsoft DNS is needed so that client "
1434
"workstations can determine the Active Directory domain is available."
1435
msgstr ""
1436
1437
#: serverguide/C/windows-networking.xml:1345(para)
1438
msgid ""
1439
"If you don't have a Windows DNS server on your network, see <xref "
1440
"linkend=\"likewise-open-ms-dns\"/> for details."
1441
msgstr ""
1442
"Калі ў вашай сетке няма Windows DNS сэрвера, глядзіце <xref "
1443
"linkend=\"likewise-open-ms-dns\"/> для больш падрабязных зьвестак."
1444
1445
#: serverguide/C/windows-networking.xml:1352(para)
1446
msgid "To join a domain, from a terminal prompt enter:"
1447
msgstr ""
1448
1449
#: serverguide/C/windows-networking.xml:1357(command)
1450
msgid "sudo domainjoin-cli join example.com Administrator"
1451
msgstr ""
1452
1453
#: serverguide/C/windows-networking.xml:1361(para)
1454
msgid ""
1455
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1456
"<emphasis>Administrator</emphasis> with the appropriate user name."
1457
msgstr ""
1458
1459
#: serverguide/C/windows-networking.xml:1367(para)
1460
msgid ""
1461
"You will then be prompted for the user's password. If all goes well a "
1462
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1463
msgstr ""
1464
1465
#: serverguide/C/windows-networking.xml:1373(para)
1466
msgid ""
1467
"After joining the domain, it is necessary to reboot before attempting to "
1468
"authenticate against the domain."
1469
msgstr ""
1470
1471
#: serverguide/C/windows-networking.xml:1379(para)
1472
msgid ""
1473
"After successfully joining an Ubuntu machine to an Active Directory domain "
1474
"you can authenticate using any valid AD user. To login you will need to "
1475
"enter the user name as 'domain\\username'. For example to ssh to a server "
1476
"joined to the domain enter:"
1477
msgstr ""
1478
1479
#: serverguide/C/windows-networking.xml:1386(command)
1480
msgid "ssh 'example\\steve'@hostname"
1481
msgstr "ssh 'example\\steve'@hostname"
1482
1483
#: serverguide/C/windows-networking.xml:1390(para)
1484
msgid ""
1485
"If configuring a Desktop the user name will need to be prefixed with "
1486
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1487
msgstr ""
1488
1489
#: serverguide/C/windows-networking.xml:1396(para)
1490
msgid ""
1491
"To make likewise-open use a default domain, you can add the following "
1492
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1493
msgstr ""
1494
1495
#: serverguide/C/windows-networking.xml:1400(programlisting)
1496
#, no-wrap
1497
msgid ""
1498
"\n"
1499
"winbind use default domain = yes\n"
1500
msgstr ""
1501
1502
#: serverguide/C/windows-networking.xml:1404(para)
1503
msgid "Then restart the <application>likewise-open</application> daemons:"
1504
msgstr ""
1505
1506
#: serverguide/C/windows-networking.xml:1409(command)
1507
msgid "sudo /etc/init.d/likewise-open restart"
1508
msgstr "sudo /etc/init.d/likewise-open restart"
1509
1510
#: serverguide/C/windows-networking.xml:1413(para)
1511
msgid ""
1512
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1513
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1514
"using only their username."
1515
msgstr ""
1516
1517
#: serverguide/C/windows-networking.xml:1419(para)
1518
msgid ""
1519
"The <application>domainjoin-cli</application> utility can also be used to "
1520
"leave the domain. From a terminal:"
1521
msgstr ""
1522
1523
#: serverguide/C/windows-networking.xml:1424(command)
1524
msgid "sudo domainjoin-cli leave"
1525
msgstr "sudo domainjoin-cli leave"
1526
1527
#: serverguide/C/windows-networking.xml:1429(title) serverguide/C/security.xml:1777(title)
1528
msgid "Other Utilities"
1529
msgstr ""
1530
1531
#: serverguide/C/windows-networking.xml:1431(para)
1532
msgid ""
1533
"The <application>likewise-open</application> package comes with a few other "
1534
"utilities that may be useful for gathering information about the Active "
1535
"Directory environment. These utilities are used to join the machine to the "
1536
"domain, and are the same as those available in the <application>samba-"
1537
"common</application> and <application>winbind</application> packages:"
1538
msgstr ""
1539
1540
#: serverguide/C/windows-networking.xml:1440(para)
1541
msgid ""
1542
"<application>lwinet</application>: Returns information about the network and "
1543
"the domain."
1544
msgstr ""
1545
1546
#: serverguide/C/windows-networking.xml:1445(para)
1547
msgid ""
1548
"<application>lwimsg</application>: Allows interaction with the "
1549
"<application>likewise-winbindd</application> daemon."
1550
msgstr ""
1551
1552
#: serverguide/C/windows-networking.xml:1450(para)
1553
msgid ""
1554
"<application>lwiinfo</application>: Displays information about various parts "
1555
"of the Domain."
1556
msgstr ""
1557
1558
#: serverguide/C/windows-networking.xml:1456(para)
1559
msgid "Please refer to each utility's man page specific for details."
1560
msgstr ""
1561
1562
#: serverguide/C/windows-networking.xml:1462(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1598(title) serverguide/C/dns.xml:338(title)
1563
msgid "Troubleshooting"
1564
msgstr ""
1565
1566
#: serverguide/C/windows-networking.xml:1466(para)
1567
msgid ""
1568
"If the client has trouble joining the domain, double check that the "
1569
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1570
"example:"
1571
msgstr ""
1572
1573
#: serverguide/C/windows-networking.xml:1471(programlisting)
1574
#, no-wrap
1575
msgid ""
1576
"\n"
1577
"nameserver 192.168.0.1\n"
1578
msgstr ""
1579
1580
#: serverguide/C/windows-networking.xml:1476(para)
1581
msgid ""
1582
"For more information when joining a domain, use the <emphasis>--loglevel "
1583
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1584
"<application>domainjoin-cli</application> utility:"
1585
msgstr ""
1586
1587
#: serverguide/C/windows-networking.xml:1482(command)
1588
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1589
msgstr ""
1590
1591
#: serverguide/C/windows-networking.xml:1486(para)
1592
msgid ""
1593
"If an Active Directory user has trouble logging in, check the "
1594
"<filename>/var/log/auth.log</filename> for details."
1595
msgstr ""
1596
1597
#: serverguide/C/windows-networking.xml:1491(para)
1598
msgid ""
1599
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1600
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1601
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1602
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1603
"<emphasis>hosts</emphasis> option. For example:"
1604
msgstr ""
1605
1606
#: serverguide/C/windows-networking.xml:1497(programlisting)
1607
#, no-wrap
1608
msgid ""
1609
"\n"
1610
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1611
msgstr ""
1612
1613
#: serverguide/C/windows-networking.xml:1501(para)
1614
msgid "Change the above to:"
1615
msgstr ""
1616
1617
#: serverguide/C/windows-networking.xml:1505(programlisting)
1618
#, no-wrap
1619
msgid ""
1620
"\n"
1621
"hosts: files dns [NOTFOUND=return]\n"
1622
msgstr ""
1623
1624
#: serverguide/C/windows-networking.xml:1509(para)
1625
msgid "Then restart networking by entering:"
1626
msgstr ""
1627
1628
#: serverguide/C/windows-networking.xml:1514(command) serverguide/C/network-config.xml:559(command)
1629
msgid "sudo /etc/init.d/networking restart"
1630
msgstr "sudo /etc/init.d/networking restart"
1631
1632
#: serverguide/C/windows-networking.xml:1517(para)
1633
msgid "You should now be able to join the Active Directory domain."
1634
msgstr ""
1635
1636
#: serverguide/C/windows-networking.xml:1525(title)
1637
msgid "Microsoft DNS"
1638
msgstr "Microsoft DNS"
1639
1640
#: serverguide/C/windows-networking.xml:1527(para)
1641
msgid ""
1642
"The following are instructions for installing DNS on an Active Directory "
1643
"domain controller running Windows Server 2003, but the instructions should "
1644
"be similar for other versions:"
1645
msgstr ""
1646
1647
#: serverguide/C/windows-networking.xml:1536(para)
1648
msgid ""
1649
"Click "
1650
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1651
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1652
"This will open the <application>Server Role Mangement</application> utility."
1653
msgstr ""
1654
1655
#: serverguide/C/windows-networking.xml:1544(para)
1656
msgid "Click <guilabel>Add or remove a role</guilabel>"
1657
msgstr ""
1658
1659
#: serverguide/C/windows-networking.xml:1545(para) serverguide/C/windows-networking.xml:1547(para) serverguide/C/windows-networking.xml:1550(para)
1660
msgid "Click Next"
1661
msgstr "Клікніце Далей"
1662
1663
#: serverguide/C/windows-networking.xml:1546(para)
1664
msgid "Select \"DNS Server\""
1665
msgstr "Выберыце \"DNS Server\""
1666
1667
#: serverguide/C/windows-networking.xml:1548(para)
1668
msgid "Click Next again to proceed"
1669
msgstr ""
1670
1671
#: serverguide/C/windows-networking.xml:1549(para)
1672
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1673
msgstr ""
1674
1675
#: serverguide/C/windows-networking.xml:1551(para)
1676
msgid ""
1677
"Make sure \"This server maintains the zone\" is selected and click Next."
1678
msgstr ""
1679
1680
#: serverguide/C/windows-networking.xml:1552(para)
1681
msgid "Enter your domain name and click Next"
1682
msgstr "Увядзіце імя дамена і клікніце Далей"
1683
1684
#: serverguide/C/windows-networking.xml:1553(para)
1685
msgid "Click Next to \"Allow only secure dynamic updates\""
1686
msgstr ""
1687
1688
#: serverguide/C/windows-networking.xml:1555(para)
1689
msgid ""
1690
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1691
"should not forward queries\" and click Next."
1692
msgstr ""
1693
1694
#: serverguide/C/windows-networking.xml:1559(para) serverguide/C/windows-networking.xml:1560(para)
1695
msgid "Click Finish"
1696
msgstr "Клікніце Скончыць"
1697
1698
#: serverguide/C/windows-networking.xml:1562(para)
1699
msgid ""
1700
"DNS is now installed and can be further configured using the "
1701
"<application>Microsoft Management Console</application> DNS snap-in."
1702
msgstr ""
1703
1704
#: serverguide/C/windows-networking.xml:1570(para)
1705
msgid "Click Start"
1706
msgstr "Клікніце Пачаць"
1707
1708
#: serverguide/C/windows-networking.xml:1571(para)
1709
msgid "Control Panel"
1710
msgstr "Панэль кіраваньня"
1711
1712
#: serverguide/C/windows-networking.xml:1572(para)
1713
msgid "Network Connections"
1714
msgstr "Сеткавыя спалучэньні"
1715
1716
#: serverguide/C/windows-networking.xml:1573(para)
1717
msgid "Right Click \"Local Area Connection\""
1718
msgstr ""
1719
1720
#: serverguide/C/windows-networking.xml:1574(para)
1721
msgid "Click Properties"
1722
msgstr "Клікніце Уласьцівасьці"
1723
1724
#: serverguide/C/windows-networking.xml:1575(para)
1725
msgid "Double click \"Internet Protocol (TCP/IP)\""
1726
msgstr "Двойчы клікніце \"Інтэрнэт пратакол (TCP/IP)\""
1727
1728
#: serverguide/C/windows-networking.xml:1576(para)
1729
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1730
msgstr ""
1731
1732
#: serverguide/C/windows-networking.xml:1577(para)
1733
msgid "Click Ok"
1734
msgstr "Клікніце Ok"
1735
1736
#: serverguide/C/windows-networking.xml:1578(para)
1737
msgid "Click Ok again to save the settings"
1738
msgstr "Зноўку клікніце Ok каб захаваць наладкі"
1739
1740
#: serverguide/C/windows-networking.xml:1567(para)
1741
msgid ""
1742
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1743
msgstr ""
1744
1745
#: serverguide/C/windows-networking.xml:1585(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:1840(title) serverguide/C/virtualization.xml:2165(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1626(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1646(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1746
msgid "References"
1747
msgstr "Спасылкі"
1748
1749
#: serverguide/C/windows-networking.xml:1587(para)
1750
msgid ""
1751
"Please refer to the <ulink "
1752
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1753
"further information."
1754
msgstr ""
1755
1756
#: serverguide/C/windows-networking.xml:1591(para)
1757
msgid ""
1758
"For more <application>domainjoin-cli</application> options see the man page: "
1759
"<command>man domainjoin-cli</command>."
1760
msgstr ""
1761
"Каб пабачыць больш опцый <application>domainjoin-cli</application> глядзіце "
1762
"старонку дапамогі: <command>man domainjoin-cli</command>."
1763
1764
#: serverguide/C/windows-networking.xml:1595(para)
1765
msgid ""
1766
"Also, see the <ulink "
1767
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1768
"LikewiseOpen</ulink> page."
1769
msgstr ""
1770
1771
#: serverguide/C/web-servers.xml:13(title)
1772
msgid "Web Servers"
1773
msgstr "Вэб сэрверы"
1774
1775
#: serverguide/C/web-servers.xml:14(para)
1776
msgid ""
1777
"A Web server is a software responsible for accepting HTTP requests from "
1778
"clients, which are known as Web browsers, and serving them HTTP responses "
1779
"along with optional data contents, which usually are Web pages such as HTML "
1780
"documents and linked objects (images, etc.)."
1781
msgstr ""
1782
1783
#: serverguide/C/web-servers.xml:19(title)
1784
msgid "HTTPD - Apache2 Web Server"
1785
msgstr "HTTPD - Apache2 Вэб сэрвер"
1786
1787
#: serverguide/C/web-servers.xml:20(para)
1788
msgid ""
1789
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1790
"are used to serve Web Pages requested by client computers. Clients typically "
1791
"request and view Web Pages using Web Browser applications such as "
1792
"<application>Firefox</application>, <application>Opera</application>, or "
1793
"<application>Mozilla</application>."
1794
msgstr ""
1795
1796
#: serverguide/C/web-servers.xml:24(para)
1797
msgid ""
1798
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1799
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1800
"resource. For example, to view the home page of the <ulink "
1801
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1802
"the FQDN. To request specific information about <ulink "
1803
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1804
"enter the FQDN followed by a path."
1805
msgstr ""
1806
1807
#: serverguide/C/web-servers.xml:29(para)
1808
msgid ""
1809
"The most common protocol used to transfer Web pages is the Hyper Text "
1810
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1811
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1812
"protocol for uploading and downloading files, are also supported."
1813
msgstr ""
1814
1815
#: serverguide/C/web-servers.xml:33(para)
1816
msgid ""
1817
"Apache Web Servers are often used in combination with the "
1818
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1819
"(<application>PHP</application>) scripting language, and other popular "
1820
"scripting languages such as <application>Python</application> and "
1821
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1822
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1823
"for the development and deployment of Web-based applications."
1824
msgstr ""
1825
1826
#: serverguide/C/web-servers.xml:42(para)
1827
msgid ""
1828
"The <application>Apache2</application> web server is available in Ubuntu "
1829
"Linux. To install Apache2:"
1830
msgstr ""
1831
1832
#: serverguide/C/web-servers.xml:48(para)
1833
msgid "At a terminal prompt enter the following command:"
1834
msgstr ""
1835
1836
#: serverguide/C/web-servers.xml:53(command)
1837
msgid "sudo apt-get install apache2"
1838
msgstr "sudo apt-get install apache2"
1839
1840
#: serverguide/C/web-servers.xml:63(para)
1841
msgid ""
1842
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1843
"text configuration files. These <emphasis>directives</emphasis> are "
1844
"separated between the following files and directories:"
1845
msgstr ""
1846
1847
#: serverguide/C/web-servers.xml:71(para)
1848
msgid ""
1849
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1850
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1851
msgstr ""
1852
1853
#: serverguide/C/web-servers.xml:77(para)
1854
msgid ""
1855
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1856
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1857
"serve content may add files, or symlinks, to this directory."
1858
msgstr ""
1859
1860
#: serverguide/C/web-servers.xml:83(para)
1861
msgid ""
1862
"<emphasis>envvars:</emphasis> file where Apache2 "
1863
"<emphasis>environment</emphasis> variables are set."
1864
msgstr ""
1865
1866
#: serverguide/C/web-servers.xml:88(para)
1867
msgid ""
1868
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1869
"file, named after the <application>httpd</application> daemon. The file can "
1870
"be used for <emphasis>user specific</emphasis> configuration options that "
1871
"globally effect Apache2."
1872
msgstr ""
1873
1874
#: serverguide/C/web-servers.xml:95(para)
1875
msgid ""
1876
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1877
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1878
"modules will have specific configuration files, however."
1879
msgstr ""
1880
1881
#: serverguide/C/web-servers.xml:101(para)
1882
msgid ""
1883
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1884
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1885
"configuration file is symlinked it will be enabled the next time "
1886
"<application>apache2</application> is restarted."
1887
msgstr ""
1888
1889
#: serverguide/C/web-servers.xml:108(para)
1890
msgid ""
1891
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1892
"TCP ports Apache2 is listening on."
1893
msgstr ""
1894
1895
#: serverguide/C/web-servers.xml:113(para)
1896
msgid ""
1897
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1898
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1899
"to be configured for multiple sites that have separate configurations."
1900
msgstr ""
1901
1902
#: serverguide/C/web-servers.xml:119(para)
1903
msgid ""
1904
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1905
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1906
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1907
"a configuration file in sites-available is symlinked, the site configured by "
1908
"it will be active once Apache2 is restarted."
1909
msgstr ""
1910
1911
#: serverguide/C/web-servers.xml:127(para)
1912
msgid ""
1913
"In addition, other configuration files may be added using the "
1914
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1915
"many configuration files. Any directive may be placed in any of these "
1916
"configuration files. Changes to the main configuration files are only "
1917
"recognized by Apache2 when it is started or restarted."
1918
msgstr ""
1919
1920
#: serverguide/C/web-servers.xml:136(para)
1921
msgid ""
1922
"The server also reads a file containing mime document types; the filename is "
1923
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1924
"<filename>/etc/mime.types</filename> by default."
1925
msgstr ""
1926
1927
#: serverguide/C/web-servers.xml:141(title)
1928
msgid "Basic Settings"
1929
msgstr "Асноўныя настаўленьні"
1930
1931
#: serverguide/C/web-servers.xml:142(para)
1932
msgid ""
1933
"This section explains Apache2 server essential configuration parameters. "
1934
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1935
"Documentation</ulink> for more details."
1936
msgstr ""
1937
1938
#: serverguide/C/web-servers.xml:150(para)
1939
msgid ""
1940
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1941
"it is configured with a single default virtual host (using the "
1942
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1943
"if you have a single site, or used as a template for additional virtual "
1944
"hosts if you have multiple sites. If left alone, the default virtual host "
1945
"will serve as your default site, or the site users will see if the URL they "
1946
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1947
"your custom sites. To modify the default virtual host, edit the file "
1948
"<filename>/etc/apache2/sites-available/default</filename>."
1949
msgstr ""
1950
1951
#: serverguide/C/web-servers.xml:163(para)
1952
msgid ""
1953
"The directives set for a virtual host only apply to that particular virtual "
1954
"host. If a directive is set server-wide and not defined within the virtual "
1955
"host settings, the default setting is used. For example, you can define a "
1956
"Webmaster email address and not define individual email addresses for each "
1957
"virtual host."
1958
msgstr ""
1959
1960
#: serverguide/C/web-servers.xml:171(para)
1961
msgid ""
1962
"If you wish to configure a new virtual host or site, copy that file into the "
1963
"same directory with a name you choose. For example:"
1964
msgstr ""
1965
1966
#: serverguide/C/web-servers.xml:177(command)
1967
msgid ""
1968
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1969
"available/mynewsite"
1970
msgstr ""
1971
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1972
"available/mynewsite"
1973
1974
#: serverguide/C/web-servers.xml:180(para)
1975
msgid ""
1976
"Edit the new file to configure the new site using some of the directives "
1977
"described below."
1978
msgstr ""
1979
1980
#: serverguide/C/web-servers.xml:187(para)
1981
msgid ""
1982
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
1983
"to be advertised for the server's administrator. The default value is "
1984
"webmaster@localhost. This should be changed to an email address that is "
1985
"delivered to you (if you are the server's administrator). If your website "
1986
"has a problem, Apache2 will display an error message containing this email "
1987
"address to report the problem to. Find this directive in your site's "
1988
"configuration file in /etc/apache2/sites-available."
1989
msgstr ""
1990
1991
#: serverguide/C/web-servers.xml:198(para)
1992
msgid ""
1993
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
1994
"the IP address, Apache2 should listen on. If the IP address is not "
1995
"specified, Apache2 will listen on all IP addresses assigned to the machine "
1996
"it runs on. The default value for the Listen directive is 80. Change this to "
1997
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
1998
"that it will not be available to the Internet, to (for example) 81 to change "
1999
"the port that it listens on, or leave it as is for normal operation. This "
2000
"directive can be found and changed in its own file, "
2001
"<filename>/etc/apache2/ports.conf</filename>"
2002
msgstr ""
2003
2004
#: serverguide/C/web-servers.xml:211(para)
2005
msgid ""
2006
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
2007
"FQDN your site should answer to. The default virtual host has no ServerName "
2008
"directive specified, so it will respond to all requests that do not match a "
2009
"ServerName directive in another virtual host. If you have just acquired the "
2010
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
2011
"value of the ServerName directive in your virtual host configuration file "
2012
"should be ubunturocks.com. Add this directive to the new virtual host file "
2013
"you created earlier (<filename>/etc/apache2/sites-"
2014
"available/mynewsite</filename>)."
2015
msgstr ""
2016
2017
#: serverguide/C/web-servers.xml:223(para)
2018
msgid ""
2019
"You may also want your site to respond to www.ubunturocks.com, since many "
2020
"users will assume the www prefix is appropriate. Use the "
2021
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
2022
"wildcards in the ServerAlias directive."
2023
msgstr ""
2024
2025
#: serverguide/C/web-servers.xml:230(para)
2026
msgid ""
2027
"For example, the following configuration will cause your site to respond to "
2028
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2029
msgstr ""
2030
2031
#: serverguide/C/web-servers.xml:236(programlisting)
2032
#, no-wrap
2033
msgid ""
2034
"\n"
2035
"ServerAlias *.ubunturocks.com\n"
2036
msgstr ""
2037
2038
#: serverguide/C/web-servers.xml:242(para)
2039
msgid ""
2040
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2041
"should look for the files that make up the site. The default value is "
2042
"/var/www. No site is configured there, but if you uncomment the "
2043
"<emphasis>RedirectMatch</emphasis> directive in "
2044
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2045
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2046
"this value in your site's virtual host file, and remember to create that "
2047
"directory if necessary!"
2048
msgstr ""
2049
2050
#: serverguide/C/web-servers.xml:254(para)
2051
msgid ""
2052
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2053
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2054
"enabled point to \"available\" sites."
2055
msgstr ""
2056
2057
#: serverguide/C/web-servers.xml:260(para)
2058
msgid ""
2059
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2060
"<application>a2ensite</application> utility and restart Apache2:"
2061
msgstr ""
2062
2063
#: serverguide/C/web-servers.xml:266(command)
2064
msgid "sudo a2ensite mynewsite"
2065
msgstr "sudo a2ensite mynewsite"
2066
2067
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2068
msgid "sudo /etc/init.d/apache2 restart"
2069
msgstr "sudo /etc/init.d/apache2 restart"
2070
2071
#: serverguide/C/web-servers.xml:271(para)
2072
msgid ""
2073
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2074
"name for the VirtualHost. One method is to name the file after the "
2075
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2076
msgstr ""
2077
2078
#: serverguide/C/web-servers.xml:278(para)
2079
msgid ""
2080
"Similarly, use the <application>a2dissite</application> utility to disable "
2081
"sites. This is can be useful when troubleshooting configuration problems "
2082
"with multiple VirtualHosts:"
2083
msgstr ""
2084
2085
#: serverguide/C/web-servers.xml:284(command)
2086
msgid "sudo a2dissite mynewsite"
2087
msgstr "sudo a2dissite mynewsite"
2088
2089
#: serverguide/C/web-servers.xml:290(title)
2090
msgid "Default Settings"
2091
msgstr "Прадвызначаныя ўсталёўкі"
2092
2093
#: serverguide/C/web-servers.xml:292(para)
2094
msgid ""
2095
"This section explains configuration of the Apache2 server default settings. "
2096
"For example, if you add a virtual host, the settings you configure for the "
2097
"virtual host take precedence for that virtual host. For a directive not "
2098
"defined within the virtual host settings, the default value is used."
2099
msgstr ""
2100
2101
#: serverguide/C/web-servers.xml:304(para)
2102
msgid ""
2103
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2104
"server when a user requests an index of a directory by specifying a forward "
2105
"slash (/) at the end of the directory name."
2106
msgstr ""
2107
2108
#: serverguide/C/web-servers.xml:311(para)
2109
msgid ""
2110
"For example, when a user requests the page "
2111
"http://www.example.com/this_directory/, he or she will get either the "
2112
"DirectoryIndex page if it exists, a server-generated directory list if it "
2113
"does not and the Indexes option is specified, or a Permission Denied page if "
2114
"neither is true. The server will try to find one of the files listed in the "
2115
"DirectoryIndex directive and will return the first one it finds. If it does "
2116
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2117
"set for that directory, the server will generate and return a list, in HTML "
2118
"format, of the subdirectories and files in the directory. The default value, "
2119
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2120
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2121
"Apache2 finds a file in a requested directory matching any of these names, "
2122
"the first will be displayed."
2123
msgstr ""
2124
2125
#: serverguide/C/web-servers.xml:332(para)
2126
msgid ""
2127
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2128
"file for Apache2 to use for specific error events. For example, if a user "
2129
"requests a resource that does not exist, a 404 error will occur, and per "
2130
"Apache2's default configuration, the file "
2131
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2132
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2133
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2134
"redirects requests to the /error directory to "
2135
"<filename>/usr/share/apache2/error/</filename>."
2136
msgstr ""
2137
2138
#: serverguide/C/web-servers.xml:344(para)
2139
msgid ""
2140
"To see a list of the default ErrorDocument directives, use this command:"
2141
msgstr ""
2142
2143
#: serverguide/C/web-servers.xml:350(command)
2144
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2145
msgstr ""
2146
2147
#: serverguide/C/web-servers.xml:355(para)
2148
msgid ""
2149
"By default, the server writes the transfer log to the file "
2150
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2151
"per-site basis in your virtual host configuration files with the "
2152
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2153
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2154
"specify the file to which errors are logged, via the "
2155
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2156
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2157
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2158
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2159
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2160
"/etc/apache2/apache2.conf</filename> for the default value)."
2161
msgstr ""
2162
2163
#: serverguide/C/web-servers.xml:370(para)
2164
msgid ""
2165
"Some options are specified on a per-directory basis rather than per-server. "
2166
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2167
"is enclosed in XML-like tags, like so:"
2168
msgstr ""
2169
2170
#: serverguide/C/web-servers.xml:376(programlisting)
2171
#, no-wrap
2172
msgid ""
2173
"\n"
2174
"<Directory /var/www/mynewsite>\n"
2175
"...\n"
2176
"</Directory>\n"
2177
msgstr ""
2178
2179
#: serverguide/C/web-servers.xml:382(para)
2180
msgid ""
2181
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2182
"one or more of the following values (among others), separated by spaces:"
2183
msgstr ""
2184
2185
#: serverguide/C/web-servers.xml:394(para)
2186
msgid ""
2187
"Most files should not be executed as CGI scripts. This would be very "
2188
"dangerous. CGI scripts should kept in a directory separate from and outside "
2189
"your DocumentRoot, and only this directory should have the ExecCGI option "
2190
"set. This is the default, and the default location for CGI scripts is "
2191
"<filename>/usr/lib/cgi-bin</filename>."
2192
msgstr ""
2193
2194
#: serverguide/C/web-servers.xml:389(para)
2195
msgid ""
2196
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2197
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2198
msgstr ""
2199
2200
#: serverguide/C/web-servers.xml:405(para)
2201
msgid ""
2202
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2203
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2204
"other files. This is not a common option. See <ulink "
2205
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2206
"HOWTO</ulink> for more information."
2207
msgstr ""
2208
2209
#: serverguide/C/web-servers.xml:414(para)
2210
msgid ""
2211
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2212
"includes, but disable the <emphasis>#exec</emphasis> and "
2213
"<emphasis>#include</emphasis> commands in CGI scripts."
2214
msgstr ""
2215
2216
#: serverguide/C/web-servers.xml:426(para)
2217
msgid ""
2218
"For security reasons, this should usually not be set, and certainly should "
2219
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2220
"per-directory basis only if you are certain you want users to see the entire "
2221
"contents of the directory."
2222
msgstr ""
2223
2224
#: serverguide/C/web-servers.xml:421(para)
2225
msgid ""
2226
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2227
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2228
"index.html) exists in the requested directory. <placeholder-1/>"
2229
msgstr ""
2230
2231
#: serverguide/C/web-servers.xml:436(para)
2232
msgid ""
2233
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2234
"multiviews; this option is disabled by default for security reasons. See the "
2235
"<ulink "
2236
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2237
"Apache2 documentation on this option</ulink>."
2238
msgstr ""
2239
2240
#: serverguide/C/web-servers.xml:444(para)
2241
msgid ""
2242
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2243
"symbolic links if the target file or directory has the same owner as the "
2244
"link."
2245
msgstr ""
2246
2247
#: serverguide/C/web-servers.xml:456(title)
2248
msgid "httpd Settings"
2249
msgstr "httpd Наладкі"
2250
2251
#: serverguide/C/web-servers.xml:458(para)
2252
msgid ""
2253
"This section explains some basic <application>httpd</application> daemon "
2254
"configuration settings."
2255
msgstr ""
2256
2257
#: serverguide/C/web-servers.xml:462(para)
2258
msgid ""
2259
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2260
"the path to the lockfile used when the server is compiled with either "
2261
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2262
"stored on the local disk. It should be left to the default value unless the "
2263
"logs directory is located on an NFS share. If this is the case, the default "
2264
"value should be changed to a location on the local disk and to a directory "
2265
"that is readable only by root."
2266
msgstr ""
2267
2268
#: serverguide/C/web-servers.xml:471(para)
2269
msgid ""
2270
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2271
"file in which the server records its process ID (pid). This file should only "
2272
"be readable by root. In most cases, it should be left to the default value."
2273
msgstr ""
2274
2275
#: serverguide/C/web-servers.xml:477(para)
2276
msgid ""
2277
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2278
"used by the server to answer requests. This setting determines the server's "
2279
"access. Any files inaccessible to this user will also be inaccessible to "
2280
"your website's visitors. The default value for User is www-data."
2281
msgstr ""
2282
2283
#: serverguide/C/web-servers.xml:484(para)
2284
msgid ""
2285
"Unless you know exactly what you are doing, do not set the User directive to "
2286
"root. Using root as the User will create large security holes for your Web "
2287
"server."
2288
msgstr ""
2289
2290
#: serverguide/C/web-servers.xml:490(para)
2291
msgid ""
2292
"The Group directive is similar to the User directive. Group sets the group "
2293
"under which the server will answer requests. The default group is also www-"
2294
"data."
2295
msgstr ""
2296
2297
#: serverguide/C/web-servers.xml:496(title)
2298
msgid "Apache2 Modules"
2299
msgstr ""
2300
2301
#: serverguide/C/web-servers.xml:498(para)
2302
msgid ""
2303
"Apache2 is a modular server. This implies that only the most basic "
2304
"functionality is included in the core server. Extended features are "
2305
"available through modules which can be loaded into Apache2. By default, a "
2306
"base set of modules is included in the server at compile-time. If the server "
2307
"is compiled to use dynamically loaded modules, then modules can be compiled "
2308
"separately, and added at any time using the LoadModule directive. Otherwise, "
2309
"Apache2 must be recompiled to add or remove modules."
2310
msgstr ""
2311
2312
#: serverguide/C/web-servers.xml:510(para)
2313
msgid ""
2314
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2315
"Configuration directives may be conditionally included on the presence of a "
2316
"particular module by enclosing them in an "
2317
"<emphasis><IfModule></emphasis> block."
2318
msgstr ""
2319
2320
#: serverguide/C/web-servers.xml:517(para)
2321
msgid ""
2322
"You can install additional Apache2 modules and use them with your Web "
2323
"server. For example, run the following command from a terminal prompt to "
2324
"install the <emphasis>MySQL Authentication</emphasis> module:"
2325
msgstr ""
2326
2327
#: serverguide/C/web-servers.xml:524(command)
2328
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2329
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2330
2331
#: serverguide/C/web-servers.xml:527(para)
2332
msgid ""
2333
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2334
"additional modules."
2335
msgstr ""
2336
2337
#: serverguide/C/web-servers.xml:531(para)
2338
msgid ""
2339
"Use the <application>a2enmod</application> utility to enable a module:"
2340
msgstr ""
2341
2342
#: serverguide/C/web-servers.xml:537(command)
2343
msgid "sudo a2enmod auth_mysql"
2344
msgstr "sudo a2enmod auth_mysql"
2345
2346
#: serverguide/C/web-servers.xml:541(para)
2347
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2348
msgstr ""
2349
2350
#: serverguide/C/web-servers.xml:546(command)
2351
msgid "sudo a2dismod auth_mysql"
2352
msgstr "sudo a2dismod auth_mysql"
2353
2354
#: serverguide/C/web-servers.xml:553(title)
2355
msgid "HTTPS Configuration"
2356
msgstr "Настаўленьні HTTPS"
2357
2358
#: serverguide/C/web-servers.xml:555(para)
2359
msgid ""
2360
"The <application>mod_ssl</application> module adds an important feature to "
2361
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2362
"browser is communicating using SSL, the https:// prefix is used at the "
2363
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2364
"bar."
2365
msgstr ""
2366
2367
#: serverguide/C/web-servers.xml:564(para)
2368
msgid ""
2369
"The <application>mod_ssl</application> module is available in "
2370
"<application>apache2-common</application> package. Execute the following "
2371
"command from a terminal prompt to enable the "
2372
"<application>mod_ssl</application> module:"
2373
msgstr ""
2374
2375
#: serverguide/C/web-servers.xml:571(command)
2376
msgid "sudo a2enmod ssl"
2377
msgstr "sudo a2enmod ssl"
2378
2379
#: serverguide/C/web-servers.xml:574(para)
2380
msgid ""
2381
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2382
"available/default-ssl</filename>. In order for "
2383
"<application>Apache2</application> to provide HTTPS, a "
2384
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2385
"needed. The default HTTPS configuration will use a certificate and key "
2386
"generated by the <application>ssl-cert</application> package. They are good "
2387
"for testing, but the auto-generated certificate and key should be replaced "
2388
"by a certificate specific to the site or server. For information on "
2389
"generating a key and obtaining a certificate see <xref "
2390
"linkend=\"certificates-and-security\"/>"
2391
msgstr ""
2392
2393
#: serverguide/C/web-servers.xml:584(para)
2394
msgid ""
2395
"To configure <application>Apache2</application> for HTTPS, enter the "
2396
"following:"
2397
msgstr ""
2398
2399
#: serverguide/C/web-servers.xml:589(command)
2400
msgid "sudo a2ensite default-ssl"
2401
msgstr "sudo a2ensite default-ssl"
2402
2403
#: serverguide/C/web-servers.xml:593(para)
2404
msgid ""
2405
"The directories <filename>/etc/ssl/certs</filename> and "
2406
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2407
"install the certificate and key in another directory make sure to change "
2408
"<emphasis>SSLCertificateFile</emphasis> and "
2409
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2410
msgstr ""
2411
2412
#: serverguide/C/web-servers.xml:600(para)
2413
msgid ""
2414
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2415
"settings:"
2416
msgstr ""
2417
2418
#: serverguide/C/web-servers.xml:611(para)
2419
msgid ""
2420
"Depending on how you obtained your certificate you may need to enter a "
2421
"passphrase when <application>Apache2</application> starts."
2422
msgstr ""
2423
2424
#: serverguide/C/web-servers.xml:617(para)
2425
msgid ""
2426
"You can access the secure server pages by typing https://your_hostname/url/ "
2427
"in your browser address bar."
2428
msgstr ""
2429
2430
#: serverguide/C/web-servers.xml:628(para)
2431
msgid ""
2432
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2433
"Documentation</ulink> contains in depth information on Apache2 configuration "
2434
"directives. Also, see the <application>apache2-doc</application> package for "
2435
"the official Apache2 docs."
2436
msgstr ""
2437
2438
#: serverguide/C/web-servers.xml:635(para)
2439
msgid ""
2440
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2441
"Documentation</ulink> site for more SSL related information."
2442
msgstr ""
2443
2444
#: serverguide/C/web-servers.xml:641(para)
2445
msgid ""
2446
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2447
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2448
"configurations."
2449
msgstr ""
2450
2451
#: serverguide/C/web-servers.xml:647(para)
2452
msgid ""
2453
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2454
"server</emphasis> IRC channel on <ulink "
2455
"url=\"http://freenode.net/\">freenode.net</ulink>."
2456
msgstr ""
2457
2458
#: serverguide/C/web-servers.xml:653(para)
2459
msgid ""
2460
"Usually integrated with PHP and MySQL the <ulink "
2461
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2462
"Ubuntu Wiki </ulink> page is a good resource."
2463
msgstr ""
2464
2465
#: serverguide/C/web-servers.xml:664(title)
2466
msgid "PHP5 - Scripting Language"
2467
msgstr ""
2468
2469
#: serverguide/C/web-servers.xml:665(para)
2470
msgid ""
2471
"PHP is a general-purpose scripting language suited for Web development. The "
2472
"PHP script can be embedded into HTML. This section explains how to install "
2473
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2474
msgstr ""
2475
2476
#: serverguide/C/web-servers.xml:669(para)
2477
msgid ""
2478
"This section assumes you have installed and configured Apache2 Web Server "
2479
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2480
"sections in this document to install and configure Apache2 and MySQL "
2481
"respectively."
2482
msgstr ""
2483
2484
#: serverguide/C/web-servers.xml:676(para)
2485
msgid "The PHP5 is available in Ubuntu Linux."
2486
msgstr ""
2487
2488
#: serverguide/C/web-servers.xml:678(para)
2489
msgid ""
2490
"To install PHP5 you can enter the following command in the terminal prompt: "
2491
"<screen>\n"
2492
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2493
"</screen>"
2494
msgstr ""
2495
2496
#: serverguide/C/web-servers.xml:687(para)
2497
msgid ""
2498
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2499
"line you should install <application>php5-cli</application> package. To "
2500
"install <application>php5-cli</application> you can enter the following "
2501
"command in the terminal prompt: <screen>\n"
2502
"<command>sudo apt-get install php5-cli</command>\n"
2503
"</screen>"
2504
msgstr ""
2505
2506
#: serverguide/C/web-servers.xml:696(para)
2507
msgid ""
2508
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2509
"accomplish this, you should install <application>php5-cgi</application> "
2510
"package. You can run the following command in a terminal prompt to install "
2511
"<application>php5-cgi</application> package: <screen>\n"
2512
"<command>sudo apt-get install php5-cgi</command>\n"
2513
"</screen>"
2514
msgstr ""
2515
2516
#: serverguide/C/web-servers.xml:706(para)
2517
msgid ""
2518
"To use <application>MySQL</application> with PHP5 you should install "
2519
"<application>php5-mysql</application> package. To install <application>php5-"
2520
"mysql</application> you can enter the following command in the terminal "
2521
"prompt: <screen>\n"
2522
"<command>sudo apt-get install php5-mysql</command>\n"
2523
"</screen>"
2524
msgstr ""
2525
2526
#: serverguide/C/web-servers.xml:714(para)
2527
msgid ""
2528
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2529
"install <application>php5-pgsql</application> package. To install "
2530
"<application>php5-pgsql</application> you can enter the following command in "
2531
"the terminal prompt: <screen>\n"
2532
"<command>sudo apt-get install php5-pgsql</command>\n"
2533
"</screen>"
2534
msgstr ""
2535
2536
#: serverguide/C/web-servers.xml:727(para)
2537
msgid ""
2538
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2539
"you have installed <application>php5-cli</application> package, you can run "
2540
"PHP5 scripts from your command prompt."
2541
msgstr ""
2542
2543
#: serverguide/C/web-servers.xml:734(para)
2544
msgid ""
2545
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2546
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2547
"when you install the module. Please verify if the files "
2548
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2549
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2550
"not exists, you can enable the module using <command>a2enmod</command> "
2551
"command."
2552
msgstr ""
2553
2554
#: serverguide/C/web-servers.xml:745(para)
2555
msgid ""
2556
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2557
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2558
"following command at a terminal prompt to restart your web server: "
2559
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2560
msgstr ""
2561
2562
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1569(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2563
msgid "Testing"
2564
msgstr "Праверка"
2565
2566
#: serverguide/C/web-servers.xml:754(para)
2567
msgid ""
2568
"To verify your installation, you can run following PHP5 phpinfo script:"
2569
msgstr ""
2570
2571
#: serverguide/C/web-servers.xml:757(programlisting)
2572
#, no-wrap
2573
msgid ""
2574
"\n"
2575
"<?php\n"
2576
" phpinfo();\n"
2577
"?>\n"
2578
msgstr ""
2579
2580
#: serverguide/C/web-servers.xml:762(para)
2581
msgid ""
2582
"You can save the content in a file <filename>phpinfo.php</filename> and "
2583
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2584
"server. When point your browser to "
2585
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2586
"various PHP5 configuration parameters."
2587
msgstr ""
2588
2589
#: serverguide/C/web-servers.xml:776(para)
2590
msgid ""
2591
"For more in depth information see <ulink "
2592
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2593
msgstr ""
2594
"Для больш зьмястоўнай інфармацыі глядзіце дакумэнтацыю <ulink "
2595
"url=\"http://www.php.net/docs.php\">php.net</ulink>."
2596
2597
#: serverguide/C/web-servers.xml:781(para)
2598
msgid ""
2599
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2600
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2601
"5</ulink> and the <ulink "
2602
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2603
msgstr ""
2604
2605
#: serverguide/C/web-servers.xml:788(para)
2606
msgid ""
2607
"Also, see the <ulink "
2608
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2609
"Ubuntu Wiki</ulink> page for more information."
2610
msgstr ""
2611
2612
#: serverguide/C/web-servers.xml:799(title)
2613
msgid "Squid - Proxy Server"
2614
msgstr "Squid - паўнамоцны паслужнік"
2615
2616
#: serverguide/C/web-servers.xml:800(para)
2617
msgid ""
2618
"Squid is a full-featured web proxy cache server application which provides "
2619
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2620
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2621
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2622
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2623
"caching. Squid also supports a wide variety of caching protocols, such as "
2624
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2625
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2626
"Protocol. (WCCP)"
2627
msgstr ""
2628
2629
#: serverguide/C/web-servers.xml:808(para)
2630
msgid ""
2631
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2632
"and caching server needs, and scales from the branch office to enterprise "
2633
"level networks while providing extensive, granular access control mechanisms "
2634
"and monitoring of critical parameters via the Simple Network Management "
2635
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2636
"Squid proxy, or caching servers, ensure your system is configured with a "
2637
"large amount of physical memory, as Squid maintains an in-memory cache for "
2638
"increased performance."
2639
msgstr ""
2640
2641
#: serverguide/C/web-servers.xml:817(para)
2642
msgid ""
2643
"At a terminal prompt, enter the following command to install the Squid "
2644
"server:"
2645
msgstr ""
2646
2647
#: serverguide/C/web-servers.xml:822(command)
2648
msgid "sudo apt-get install squid"
2649
msgstr "sudo apt-get install squid"
2650
2651
#: serverguide/C/web-servers.xml:828(para)
2652
msgid ""
2653
"Squid is configured by editing the directives contained within the "
2654
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2655
"examples illustrate some of the directives which may be modified to affect "
2656
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2657
"see the References section."
2658
msgstr ""
2659
2660
#: serverguide/C/web-servers.xml:834(para)
2661
msgid ""
2662
"Prior to editing the configuration file, you should make a copy of the "
2663
"original file and protect it from writing so you will have the original "
2664
"settings as a reference, and to re-use as necessary."
2665
msgstr ""
2666
2667
#: serverguide/C/web-servers.xml:837(para)
2668
msgid ""
2669
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2670
"writing with the following commands entered at a terminal prompt:"
2671
msgstr ""
2672
2673
#: serverguide/C/web-servers.xml:842(command)
2674
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2675
msgstr "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2676
2677
#: serverguide/C/web-servers.xml:843(command)
2678
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2679
msgstr "sudo chmod a-w /etc/squid/squid.conf.original"
2680
2681
#: serverguide/C/web-servers.xml:849(para)
2682
msgid ""
2683
"To set your Squid server to listen on TCP port 8888 instead of the default "
2684
"TCP port 3128, change the http_port directive as such:"
2685
msgstr ""
2686
2687
#: serverguide/C/web-servers.xml:853(programlisting)
2688
#, no-wrap
2689
msgid ""
2690
"\n"
2691
"http_port 8888\n"
2692
msgstr ""
2693
"\n"
2694
"http_port 8888\n"
2695
2696
#: serverguide/C/web-servers.xml:858(para)
2697
msgid ""
2698
"Change the visible_hostname directive in order to give the Squid server a "
2699
"specific hostname. This hostname does not necessarily need to be the "
2700
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2701
msgstr ""
2702
2703
#: serverguide/C/web-servers.xml:862(programlisting)
2704
#, no-wrap
2705
msgid ""
2706
"\n"
2707
"visible_hostname weezie\n"
2708
msgstr ""
2709
2710
#: serverguide/C/web-servers.xml:867(para)
2711
msgid ""
2712
"Using Squid's access control, you may configure use of Internet services "
2713
"proxied by Squid to be available only users with certain Internet Protocol "
2714
"(IP) addresses. For example, we will illustrate access by users of the "
2715
"192.168.42.0/24 subnetwork only:"
2716
msgstr ""
2717
2718
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2719
msgid ""
2720
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2721
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2722
msgstr ""
2723
2724
#: serverguide/C/web-servers.xml:875(programlisting)
2725
#, no-wrap
2726
msgid ""
2727
"\n"
2728
"acl fortytwo_network src 192.168.42.0/24\n"
2729
msgstr ""
2730
"\n"
2731
"acl fortytwo_network src 192.168.42.0/24\n"
2732
2733
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2734
msgid ""
2735
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2736
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2737
msgstr ""
2738
2739
#: serverguide/C/web-servers.xml:882(programlisting)
2740
#, no-wrap
2741
msgid ""
2742
"\n"
2743
"http_access allow fortytwo_network\n"
2744
msgstr ""
2745
"\n"
2746
"http_access allow fortytwo_network\n"
2747
2748
#: serverguide/C/web-servers.xml:887(para)
2749
msgid ""
2750
"Using the excellent access control features of Squid, you may configure use "
2751
"of Internet services proxied by Squid to be available only during normal "
2752
"business hours. For example, we'll illustrate access by employees of a "
2753
"business which is operating between 9:00AM and 5:00PM, Monday through "
2754
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2755
msgstr ""
2756
2757
#: serverguide/C/web-servers.xml:895(programlisting)
2758
#, no-wrap
2759
msgid ""
2760
"\n"
2761
"acl biz_network src 10.1.42.0/24\n"
2762
"acl biz_hours time M T W T F 9:00-17:00\n"
2763
msgstr ""
2764
"\n"
2765
"acl biz_network src 10.1.42.0/24\n"
2766
"acl biz_hours time M T W T F 9:00-17:00\n"
2767
2768
#: serverguide/C/web-servers.xml:903(programlisting)
2769
#, no-wrap
2770
msgid ""
2771
"\n"
2772
"http_access allow biz_network biz_hours\n"
2773
msgstr ""
2774
"\n"
2775
"http_access allow biz_network biz_hours\n"
2776
2777
#: serverguide/C/web-servers.xml:910(para)
2778
msgid ""
2779
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2780
"save the file and restart the <application>squid</application> server "
2781
"application to effect the changes using the following command entered at a "
2782
"terminal prompt:"
2783
msgstr ""
2784
2785
#: serverguide/C/web-servers.xml:917(command)
2786
msgid "sudo /etc/init.d/squid restart"
2787
msgstr "sudo /etc/init.d/squid restart"
2788
2789
#: serverguide/C/web-servers.xml:924(ulink)
2790
msgid "Squid Website"
2791
msgstr "Вэб старонка Squid"
2792
2793
#: serverguide/C/web-servers.xml:926(para)
2794
msgid ""
2795
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2796
"Squid</ulink> page."
2797
msgstr ""
2798
2799
#: serverguide/C/web-servers.xml:933(title)
2800
msgid "Ruby on Rails"
2801
msgstr "Ruby on Rails"
2802
2803
#: serverguide/C/web-servers.xml:934(para)
2804
msgid ""
2805
"Ruby on Rails is an open source web framework for developing database backed "
2806
"web applications. It is optimized for sustainable productivity of the "
2807
"programmer since it lets the programmer to write code by favouring "
2808
"convention over configuration."
2809
msgstr ""
2810
2811
#: serverguide/C/web-servers.xml:941(para)
2812
msgid ""
2813
"Before installing <application>Rails</application> you should install "
2814
"<application>Apache</application> and <application>MySQL</application>. To "
2815
"install the <application>Apache</application> package, please refer to <xref "
2816
"linkend=\"httpd\"/>. For instructions on installing "
2817
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2818
msgstr ""
2819
2820
#: serverguide/C/web-servers.xml:949(para)
2821
msgid ""
2822
"Once you have <application>Apache</application> and "
2823
"<application>MySQL</application> packages installed, you are ready to "
2824
"install <application>Ruby on Rails</application> package."
2825
msgstr ""
2826
2827
#: serverguide/C/web-servers.xml:956(para)
2828
msgid ""
2829
"To install the <application>Ruby</application> base packages and "
2830
"<application>Ruby on Rails</application>, you can enter the following "
2831
"command in the terminal prompt:"
2832
msgstr ""
2833
"Каб устанавіць асноўныя пакеты <application>Ruby</application> і "
2834
"<application>Ruby on Rails</application>, можаце ўвесці ў тэрмінале наступны "
2835
"загад::"
2836
2837
#: serverguide/C/web-servers.xml:962(command)
2838
msgid "sudo apt-get install rails"
2839
msgstr "sudo apt-get install rails"
2840
2841
#: serverguide/C/web-servers.xml:968(para)
2842
msgid ""
2843
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2844
"configuration file to setup your domains."
2845
msgstr ""
2846
2847
#: serverguide/C/web-servers.xml:972(para)
2848
msgid ""
2849
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2850
msgstr ""
2851
2852
#: serverguide/C/web-servers.xml:976(programlisting)
2853
#, no-wrap
2854
msgid ""
2855
"\n"
2856
"DocumentRoot /path/to/rails/application/public\n"
2857
msgstr ""
2858
2859
#: serverguide/C/web-servers.xml:979(para)
2860
msgid ""
2861
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2862
"directive:"
2863
msgstr ""
2864
2865
#: serverguide/C/web-servers.xml:983(programlisting)
2866
#, no-wrap
2867
msgid ""
2868
"\n"
2869
"<Directory \"/path/to/rails/application/public\">\n"
2870
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2871
" AllowOverride All\n"
2872
" Order allow,deny\n"
2873
" allow from all\n"
2874
" AddHandler cgi-script .cgi\n"
2875
"</Directory>\n"
2876
msgstr ""
2877
2878
#: serverguide/C/web-servers.xml:993(para)
2879
msgid ""
2880
"You should also enable the <application>mod_rewrite</application> module for "
2881
"Apache. To enable <application>mod_rewrite</application> module, please "
2882
"enter the following command in a terminal prompt:"
2883
msgstr ""
2884
2885
#: serverguide/C/web-servers.xml:999(command)
2886
msgid "sudo a2enmod rewrite"
2887
msgstr "sudo a2enmod rewrite"
2888
2889
#: serverguide/C/web-servers.xml:1002(para)
2890
msgid ""
2891
"Finally you will need to change the ownership of the "
2892
"<filename>/path/to/rails/application/public</filename> and "
2893
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2894
"used to run the <application>Apache</application> process:"
2895
msgstr ""
2896
2897
#: serverguide/C/web-servers.xml:1008(command)
2898
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2899
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
2900
2901
#: serverguide/C/web-servers.xml:1009(command)
2902
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2903
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2904
2905
#: serverguide/C/web-servers.xml:1012(para)
2906
msgid ""
2907
"That's it! Now you have your Server ready for your <application>Ruby on "
2908
"Rails</application> applications."
2909
msgstr ""
2910
2911
#: serverguide/C/web-servers.xml:1021(para)
2912
msgid ""
2913
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2914
"for more information."
2915
msgstr ""
2916
"Глядзіце вэб-старонку <ulink url=\"http://rubyonrails.org/\">Ruby on "
2917
"Rails</ulink> для больш зьмястоўнай інфармацыі."
2918
2919
#: serverguide/C/web-servers.xml:1026(para)
2920
msgid ""
2921
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2922
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2923
"resource."
2924
msgstr ""
2925
2926
#: serverguide/C/web-servers.xml:1032(para)
2927
msgid ""
2928
"Another place for more information is the <ulink "
2929
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2930
"Wiki</ulink> page."
2931
msgstr ""
2932
2933
#: serverguide/C/web-servers.xml:1043(title)
2934
msgid "Apache Tomcat"
2935
msgstr "Apache Tomcat"
2936
2937
#: serverguide/C/web-servers.xml:1044(para)
2938
msgid ""
2939
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2940
"JSP (Java Server Pages) web applications."
2941
msgstr ""
2942
2943
#: serverguide/C/web-servers.xml:1046(para)
2944
msgid ""
2945
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2946
"different ways of running Tomcat. You can install them as a classic unique "
2947
"system-wide instance, that will be started at boot time and will run as the "
2948
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2949
"will run with your own user rights, and that you should start and stop by "
2950
"yourself. This second way is particularly useful in a development server "
2951
"context where multiple users need to test on their own private Tomcat "
2952
"instances."
2953
msgstr ""
2954
2955
#: serverguide/C/web-servers.xml:1056(title)
2956
msgid "System-wide installation"
2957
msgstr ""
2958
2959
#: serverguide/C/web-servers.xml:1057(para)
2960
msgid ""
2961
"To install the <application>Tomcat</application> server, you can enter the "
2962
"following command in the terminal prompt:"
2963
msgstr ""
2964
"Каб устанавіць сэрвер <application>Tomcat</application>, можаце ўвесці ў "
2965
"тэрмінале наступны загад:"
2966
2967
#: serverguide/C/web-servers.xml:1060(command)
2968
msgid "sudo apt-get install tomcat6"
2969
msgstr "sudo apt-get install tomcat6"
2970
2971
#: serverguide/C/web-servers.xml:1062(para)
2972
msgid ""
2973
"This will install a Tomcat server with just a default ROOT webapp that "
2974
"displays a minimal \"It works\" page by default."
2975
msgstr ""
2976
2977
#: serverguide/C/web-servers.xml:1068(para)
2978
msgid ""
2979
"Tomcat configuration files can be found in "
2980
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2981
"will be described here, please see <ulink "
2982
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2983
"documentation</ulink> for more."
2984
msgstr ""
2985
2986
#: serverguide/C/web-servers.xml:1074(title)
2987
msgid "Changing default ports"
2988
msgstr "Зьмяніць прадвызначаныя парты"
2989
2990
#: serverguide/C/web-servers.xml:1075(para)
2991
msgid ""
2992
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2993
"connector on port 8009. You might want to change those default ports to "
2994
"avoid conflict with another server on the system. This is done by changing "
2995
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2996
msgstr ""
2997
2998
#: serverguide/C/web-servers.xml:1080(programlisting)
2999
#, no-wrap
3000
msgid ""
3001
"\n"
3002
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
3003
" connectionTimeout=\"20000\" \n"
3004
" redirectPort=\"8443\" />\n"
3005
"...\n"
3006
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
3007
"/>\n"
3008
msgstr ""
3009
3010
#: serverguide/C/web-servers.xml:1089(title)
3011
msgid "Changing JVM used"
3012
msgstr ""
3013
3014
#: serverguide/C/web-servers.xml:1090(para)
3015
msgid ""
3016
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
3017
"then try some other JVMs. If you have various JVMs installed, you can set "
3018
"which should be used by setting JAVA_HOME in "
3019
"<filename>/etc/default/tomcat6</filename>:"
3020
msgstr ""
3021
3022
#: serverguide/C/web-servers.xml:1094(programlisting)
3023
#, no-wrap
3024
msgid ""
3025
"\n"
3026
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3027
msgstr ""
3028
"\n"
3029
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
3030
3031
#: serverguide/C/web-servers.xml:1099(title)
3032
msgid "Declaring users and roles"
3033
msgstr ""
3034
3035
#: serverguide/C/web-servers.xml:1100(para)
3036
msgid ""
3037
"Usernames, passwords and roles (groups) can be defined centrally in a "
3038
"Servlet container. In Tomcat 6.0 this is done in the "
3039
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
3040
msgstr ""
3041
3042
#: serverguide/C/web-servers.xml:1103(programlisting)
3043
#, no-wrap
3044
msgid ""
3045
"\n"
3046
"<role rolename=\"admin\"/>\n"
3047
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
3048
msgstr ""
3049
3050
#: serverguide/C/web-servers.xml:1111(title)
3051
msgid "Using Tomcat standard webapps"
3052
msgstr ""
3053
3054
#: serverguide/C/web-servers.xml:1112(para)
3055
msgid ""
3056
"Tomcat is shipped with webapps that you can install for documentation, "
3057
"administration or demo purposes."
3058
msgstr ""
3059
3060
#: serverguide/C/web-servers.xml:1115(title)
3061
msgid "Tomcat documentation"
3062
msgstr "Дакумэнтацыя Tomcat"
3063
3064
#: serverguide/C/web-servers.xml:1116(para)
3065
msgid ""
3066
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3067
"documentation, packaged as a webapp that you can access by default at "
3068
"http://yourserver:8080/docs. You can install it by entering the following "
3069
"command in the terminal prompt:"
3070
msgstr ""
3071
3072
#: serverguide/C/web-servers.xml:1121(command)
3073
msgid "sudo apt-get install tomcat6-docs"
3074
msgstr "sudo apt-get install tomcat6-docs"
3075
3076
#: serverguide/C/web-servers.xml:1125(title)
3077
msgid "Tomcat administration webapps"
3078
msgstr ""
3079
3080
#: serverguide/C/web-servers.xml:1126(para)
3081
msgid ""
3082
"The <application>tomcat6-admin</application> package contains two webapps "
3083
"that can be used to administer the Tomcat server using a web interface. You "
3084
"can install them by entering the following command in the terminal prompt:"
3085
msgstr ""
3086
3087
#: serverguide/C/web-servers.xml:1131(command)
3088
msgid "sudo apt-get install tomcat6-admin"
3089
msgstr "sudo apt-get install tomcat6-admin"
3090
3091
#: serverguide/C/web-servers.xml:1133(para)
3092
msgid ""
3093
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3094
"access by default at http://yourserver:8080/manager/html. It is primarily "
3095
"used to get server status and restart webapps."
3096
msgstr ""
3097
3098
#: serverguide/C/web-servers.xml:1136(para)
3099
msgid ""
3100
"Access to the <emphasis>manager</emphasis> application is protected by "
3101
"default: you need to define a user with the role \"manager\" in "
3102
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3103
msgstr ""
3104
3105
#: serverguide/C/web-servers.xml:1140(para)
3106
msgid ""
3107
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3108
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3109
"used to create virtual hosts dynamically."
3110
msgstr ""
3111
3112
#: serverguide/C/web-servers.xml:1144(para)
3113
msgid ""
3114
"Access to the <emphasis>host-manager</emphasis> application is also "
3115
"protected by default: you need to define a user with the role \"admin\" in "
3116
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3117
msgstr ""
3118
3119
#: serverguide/C/web-servers.xml:1149(para)
3120
msgid ""
3121
"For security reasons, the tomcat6 user cannot write to the "
3122
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3123
"these admin webapps (application deployment, virtual host creation) need "
3124
"write access to that directory. If you want to use these features execute "
3125
"the following, to give users in the tomcat6 group the necessary rights:"
3126
msgstr ""
3127
3128
#: serverguide/C/web-servers.xml:1156(command)
3129
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3130
msgstr "sudo chgrp -R tomcat6 /etc/tomcat6"
3131
3132
#: serverguide/C/web-servers.xml:1157(command)
3133
msgid "sudo chmod -R g+w /etc/tomcat6"
3134
msgstr "sudo chmod -R g+w /etc/tomcat6"
3135
3136
#: serverguide/C/web-servers.xml:1162(title)
3137
msgid "Tomcat examples webapps"
3138
msgstr ""
3139
3140
#: serverguide/C/web-servers.xml:1163(para)
3141
msgid ""
3142
"The <application>tomcat6-examples</application> package contains two webapps "
3143
"that can be used to test or demonstrate Servlets and JSP features, which you "
3144
"can access them by default at http://yourserver:8080/examples. You can "
3145
"install them by entering the following command in the terminal prompt:"
3146
msgstr ""
3147
3148
#: serverguide/C/web-servers.xml:1169(command)
3149
msgid "sudo apt-get install tomcat6-examples"
3150
msgstr "sudo apt-get install tomcat6-examples"
3151
3152
#: serverguide/C/web-servers.xml:1175(title)
3153
msgid "Using private instances"
3154
msgstr ""
3155
3156
#: serverguide/C/web-servers.xml:1176(para)
3157
msgid ""
3158
"Tomcat is heavily used in development and testing scenarios where using a "
3159
"single system-wide instance doesn't meet the requirements of multiple users "
3160
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3161
"help deploy your own user-oriented instances, allowing every user on a "
3162
"system to run (without root rights) separate private instances while still "
3163
"using the system-installed libraries."
3164
msgstr ""
3165
3166
#: serverguide/C/web-servers.xml:1183(para)
3167
msgid ""
3168
"It is possible to run the system-wide instance and the private instances in "
3169
"parallel, as long as they do not use the same TCP ports."
3170
msgstr ""
3171
3172
#: serverguide/C/web-servers.xml:1187(title)
3173
msgid "Installing private instance support"
3174
msgstr ""
3175
3176
#: serverguide/C/web-servers.xml:1188(para)
3177
msgid ""
3178
"You can install everything necessary to run private instances by entering "
3179
"the following command in the terminal prompt:"
3180
msgstr ""
3181
3182
#: serverguide/C/web-servers.xml:1191(command)
3183
msgid "sudo apt-get install tomcat6-user"
3184
msgstr "sudo apt-get install tomcat6-user"
3185
3186
#: serverguide/C/web-servers.xml:1195(title)
3187
msgid "Creating a private instance"
3188
msgstr ""
3189
3190
#: serverguide/C/web-servers.xml:1196(para)
3191
msgid ""
3192
"You can create a private instance directory by entering the following "
3193
"command in the terminal prompt:"
3194
msgstr ""
3195
3196
#: serverguide/C/web-servers.xml:1199(command)
3197
msgid "tomcat6-instance-create my-instance"
3198
msgstr "tomcat6-instance-create my-instance"
3199
3200
#: serverguide/C/web-servers.xml:1201(para)
3201
msgid ""
3202
"This will create a new <filename>my-instance</filename> directory with all "
3203
"the necessary subdirectories and scripts. You can for example install your "
3204
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3205
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3206
"are deployed by default."
3207
msgstr ""
3208
3209
#: serverguide/C/web-servers.xml:1209(title)
3210
msgid "Configuring your private instance"
3211
msgstr ""
3212
3213
#: serverguide/C/web-servers.xml:1210(para)
3214
msgid ""
3215
"You will find the classic Tomcat configuration files for your private "
3216
"instance in the <filename>conf/</filename> subdirectory. You should for "
3217
"example certainly edit the <filename>conf/server.xml</filename> file to "
3218
"change the default ports used by your private Tomcat instance to avoid "
3219
"conflict with other instances that might be running."
3220
msgstr ""
3221
3222
#: serverguide/C/web-servers.xml:1218(title)
3223
msgid "Starting/stopping your private instance"
3224
msgstr ""
3225
3226
#: serverguide/C/web-servers.xml:1219(para)
3227
msgid ""
3228
"You can start your private instance by entering the following command in the "
3229
"terminal prompt (supposing your instance is located in the <filename>my-"
3230
"instance</filename> directory):"
3231
msgstr ""
3232
3233
#: serverguide/C/web-servers.xml:1223(command)
3234
msgid "my-instance/bin/startup.sh"
3235
msgstr "my-instance/bin/startup.sh"
3236
3237
#: serverguide/C/web-servers.xml:1225(para)
3238
msgid ""
3239
"You should check the <filename>logs/</filename> subdirectory for any error. "
3240
"If you have a <emphasis>java.net.BindException: Address already in "
3241
"use<null>:8080</emphasis> error, it means that the port you're using "
3242
"is already taken and that you should change it."
3243
msgstr ""
3244
3245
#: serverguide/C/web-servers.xml:1230(para)
3246
msgid ""
3247
"You can stop your instance by entering the following command in the terminal "
3248
"prompt (supposing your instance is located in the <filename>my-"
3249
"instance</filename> directory):"
3250
msgstr ""
3251
3252
#: serverguide/C/web-servers.xml:1234(command)
3253
msgid "my-instance/bin/shutdown.sh"
3254
msgstr "my-instance/bin/shutdown.sh"
3255
3256
#: serverguide/C/web-servers.xml:1243(para)
3257
msgid ""
3258
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3259
"website for more information."
3260
msgstr ""
3261
"Глядзіце вэб-старонку <ulink url=\"http://tomcat.apache.org/\">Apache "
3262
"Tomcat</ulink>для больш зьмястоўнай інфармацыі."
3263
3264
#: serverguide/C/web-servers.xml:1248(para)
3265
msgid ""
3266
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3267
"Definitive Guide</ulink> is a good resource for building web applications "
3268
"with Tomcat."
3269
msgstr ""
3270
3271
#: serverguide/C/web-servers.xml:1254(para)
3272
msgid ""
3273
"For additional books see the <ulink "
3274
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3275
"page."
3276
msgstr ""
3277
"Каб знайсьці дадатковую літаратуру, глядзіце сьпіс <ulink "
3278
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Кнігі Tomcat</ulink>."
3279
3280
#: serverguide/C/web-servers.xml:1259(para)
3281
msgid ""
3282
"Also, see the<ulink "
3283
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3284
"Tomcat</ulink> page."
3285
msgstr ""
3286
3287
#: serverguide/C/vpn.xml:13(title)
3288
msgid "VPN"
3289
msgstr ""
3290
3291
#: serverguide/C/vpn.xml:15(para)
3292
msgid ""
3293
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3294
"network connection between two or more networks. There are several ways to "
3295
"create a VPN using software as well as dedicated hardware appliances. This "
3296
"chapter will cover installing and configuring "
3297
"<application>OpenVPN</application> to create a VPN between two servers."
3298
msgstr ""
3299
3300
#: serverguide/C/vpn.xml:23(title)
3301
msgid "OpenVPN"
3302
msgstr ""
3303
3304
#: serverguide/C/vpn.xml:25(para)
3305
msgid ""
3306
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3307
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3308
"clients through a bridge interface on the VPN server. This guide will assume "
3309
"that one VPN node, the server in this case, has a bridge interface "
3310
"configured. For more information on setting up a bridge see <xref "
3311
"linkend=\"bridging\"/>."
3312
msgstr ""
3313
3314
#: serverguide/C/vpn.xml:35(para)
3315
msgid "To install <application>openvpn</application> in a terminal enter:"
3316
msgstr ""
3317
3318
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3319
msgid "sudo apt-get install openvpn"
3320
msgstr ""
3321
3322
#: serverguide/C/vpn.xml:45(title)
3323
msgid "Server Certificates"
3324
msgstr ""
3325
3326
#: serverguide/C/vpn.xml:47(para)
3327
msgid ""
3328
"Now that the <application>openvpn</application> package is installed, the "
3329
"certificates for the VPN server need to be created."
3330
msgstr ""
3331
3332
#: serverguide/C/vpn.xml:52(para)
3333
msgid ""
3334
"First, copy the <filename>easy-rsa</filename> directory to "
3335
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3336
"scripts will not be lost when the package is updated. You will also need to "
3337
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3338
"the current user permission to create files. From a terminal enter:"
3339
msgstr ""
3340
3341
#: serverguide/C/vpn.xml:59(command)
3342
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3343
msgstr ""
3344
3345
#: serverguide/C/vpn.xml:60(command)
3346
msgid ""
3347
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3348
"rsa/"
3349
msgstr ""
3350
3351
#: serverguide/C/vpn.xml:61(command)
3352
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3353
msgstr ""
3354
3355
#: serverguide/C/vpn.xml:64(para)
3356
msgid ""
3357
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3358
"following to your environment:"
3359
msgstr ""
3360
3361
#: serverguide/C/vpn.xml:68(programlisting)
3362
#, no-wrap
3363
msgid ""
3364
"\n"
3365
"export KEY_COUNTRY=\"US\"\n"
3366
"export KEY_PROVINCE=\"NC\"\n"
3367
"export KEY_CITY=\"Winston-Salem\"\n"
3368
"export KEY_ORG=\"Example Company\"\n"
3369
"export KEY_EMAIL=\"steve@example.com\"\n"
3370
msgstr ""
3371
3372
#: serverguide/C/vpn.xml:76(para)
3373
msgid "Enter the following to create the server certificates:"
3374
msgstr ""
3375
3376
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3377
msgid "cd /etc/openvpn/easy-rsa/"
3378
msgstr ""
3379
3380
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3381
msgid "source vars"
3382
msgstr ""
3383
3384
#: serverguide/C/vpn.xml:83(command)
3385
msgid "./clean-all"
3386
msgstr ""
3387
3388
#: serverguide/C/vpn.xml:84(command)
3389
msgid "./build-dh"
3390
msgstr ""
3391
3392
#: serverguide/C/vpn.xml:85(command)
3393
msgid "./pkitool --initca"
3394
msgstr ""
3395
3396
#: serverguide/C/vpn.xml:86(command)
3397
msgid "./pkitool --server server"
3398
msgstr ""
3399
3400
#: serverguide/C/vpn.xml:87(command)
3401
msgid "cd keys"
3402
msgstr ""
3403
3404
#: serverguide/C/vpn.xml:88(command)
3405
msgid "openvpn --genkey --secret ta.key"
3406
msgstr ""
3407
3408
#: serverguide/C/vpn.xml:89(command)
3409
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3410
msgstr ""
3411
3412
#: serverguide/C/vpn.xml:94(title)
3413
msgid "Client Certificates"
3414
msgstr ""
3415
3416
#: serverguide/C/vpn.xml:96(para)
3417
msgid ""
3418
"The VPN client will also need a certificate to authenticate itself to the "
3419
"server. To create the certificate, enter the following in a terminal:"
3420
msgstr ""
3421
3422
#: serverguide/C/vpn.xml:104(command)
3423
msgid "./pkitool hostname"
3424
msgstr ""
3425
3426
#: serverguide/C/vpn.xml:108(para)
3427
msgid ""
3428
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3429
"machine connecting to the VPN."
3430
msgstr ""
3431
3432
#: serverguide/C/vpn.xml:113(para)
3433
msgid "Copy the following files to the client:"
3434
msgstr ""
3435
3436
#: serverguide/C/vpn.xml:118(para)
3437
msgid "/etc/openvpn/ca.crt"
3438
msgstr ""
3439
3440
#: serverguide/C/vpn.xml:119(para)
3441
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3442
msgstr ""
3443
3444
#: serverguide/C/vpn.xml:120(para)
3445
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3446
msgstr ""
3447
3448
#: serverguide/C/vpn.xml:121(para)
3449
msgid "/etc/openvpn/ta.key"
3450
msgstr ""
3451
3452
#: serverguide/C/vpn.xml:125(para)
3453
msgid ""
3454
"Remember to adjust the above file names for your client machine's "
3455
"<emphasis>hostname</emphasis>."
3456
msgstr ""
3457
3458
#: serverguide/C/vpn.xml:130(para)
3459
msgid ""
3460
"It is best to use a secure method to copy the certificate and key files. The "
3461
"<application>scp</application> utility is a good choice, but copying the "
3462
"files to removable media then to the client, also works well."
3463
msgstr ""
3464
3465
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3466
msgid "Server Configuration"
3467
msgstr ""
3468
3469
#: serverguide/C/vpn.xml:143(para)
3470
msgid ""
3471
"Now configure the <application>openvpn</application> server by creating "
3472
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3473
"terminal enter:"
3474
msgstr ""
3475
3476
#: serverguide/C/vpn.xml:149(command)
3477
msgid ""
3478
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3479
"/etc/openvpn/"
3480
msgstr ""
3481
3482
#: serverguide/C/vpn.xml:150(command)
3483
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3484
msgstr ""
3485
3486
#: serverguide/C/vpn.xml:153(para)
3487
msgid ""
3488
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3489
"options to:"
3490
msgstr ""
3491
3492
#: serverguide/C/vpn.xml:157(programlisting)
3493
#, no-wrap
3494
msgid ""
3495
"\n"
3496
"local 172.18.100.101\n"
3497
"dev tap0\n"
3498
"up \"/etc/openvpn/up.sh br0\"\n"
3499
"down \"/etc/openvpn/down.sh br0\"\n"
3500
";server 10.8.0.0 255.255.255.0\n"
3501
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3502
"push \"route 172.18.100.1 255.255.255.0\"\n"
3503
"push \"dhcp-option DNS 172.18.100.20\"\n"
3504
"push \"dhcp-option DOMAIN example.com\"\n"
3505
"tls-auth ta.key 0 # This file is secret\n"
3506
"user nobody\n"
3507
"group nogroup\n"
3508
msgstr ""
3509
3510
#: serverguide/C/vpn.xml:174(para)
3511
msgid ""
3512
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3513
msgstr ""
3514
3515
#: serverguide/C/vpn.xml:179(para)
3516
msgid ""
3517
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3518
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3519
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3520
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3521
"to clients."
3522
msgstr ""
3523
3524
#: serverguide/C/vpn.xml:186(para)
3525
msgid ""
3526
"<emphasis>push</emphasis>: are directives to add networking options for "
3527
"clients."
3528
msgstr ""
3529
3530
#: serverguide/C/vpn.xml:191(para)
3531
msgid ""
3532
"<emphasis>user and group</emphasis>: configure which user and group the "
3533
"<application>openvpn</application> daemon executes as."
3534
msgstr ""
3535
3536
#: serverguide/C/vpn.xml:198(para)
3537
msgid ""
3538
"Replace all IP addresses and domain names above with those of your network."
3539
msgstr ""
3540
3541
#: serverguide/C/vpn.xml:203(para)
3542
msgid ""
3543
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3544
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3545
msgstr ""
3546
3547
#: serverguide/C/vpn.xml:207(programlisting)
3548
#, no-wrap
3549
msgid ""
3550
"\n"
3551
"#!/bin/sh\n"
3552
"\n"
3553
"BR=$1\n"
3554
"DEV=$2\n"
3555
"MTU=$3\n"
3556
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3557
"/usr/sbin/brctl addif $BR $DEV\n"
3558
msgstr ""
3559
3560
#: serverguide/C/vpn.xml:217(para)
3561
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3562
msgstr ""
3563
3564
#: serverguide/C/vpn.xml:221(programlisting)
3565
#, no-wrap
3566
msgid ""
3567
"\n"
3568
"#!/bin/sh\n"
3569
"\n"
3570
"BR=$1\n"
3571
"DEV=$2\n"
3572
"\n"
3573
"/usr/sbin/brctl delif $BR $DEV\n"
3574
"/sbin/ifconfig $DEV down\n"
3575
msgstr ""
3576
3577
#: serverguide/C/vpn.xml:231(para)
3578
msgid "Then make them executable:"
3579
msgstr ""
3580
3581
#: serverguide/C/vpn.xml:236(command)
3582
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3583
msgstr ""
3584
3585
#: serverguide/C/vpn.xml:237(command)
3586
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3587
msgstr ""
3588
3589
#: serverguide/C/vpn.xml:240(para)
3590
msgid ""
3591
"After configuring the server, restart <application>openvpn</application> by "
3592
"entering:"
3593
msgstr ""
3594
3595
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3596
msgid "sudo /etc/init.d/openvpn restart"
3597
msgstr ""
3598
3599
#: serverguide/C/vpn.xml:250(title)
3600
msgid "Client Configuration"
3601
msgstr ""
3602
3603
#: serverguide/C/vpn.xml:252(para)
3604
msgid "First, install <application>openvpn</application> on the client:"
3605
msgstr ""
3606
3607
#: serverguide/C/vpn.xml:260(para)
3608
msgid ""
3609
"Then with the server configured and the client certificates copied to the "
3610
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3611
"file by copying the example. In a terminal on the client machine enter:"
3612
msgstr ""
3613
3614
#: serverguide/C/vpn.xml:266(command)
3615
msgid ""
3616
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3617
"/etc/openvpn"
3618
msgstr ""
3619
3620
#: serverguide/C/vpn.xml:269(para)
3621
msgid ""
3622
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3623
"following options:"
3624
msgstr ""
3625
3626
#: serverguide/C/vpn.xml:273(programlisting)
3627
#, no-wrap
3628
msgid ""
3629
"\n"
3630
"dev tap\n"
3631
"remote vpn.example.com 1194\n"
3632
"cert hostname.crt\n"
3633
"key hostname.key\n"
3634
"tls-auth ta.key 1\n"
3635
msgstr ""
3636
3637
#: serverguide/C/vpn.xml:282(para)
3638
msgid ""
3639
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3640
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3641
"key filenames."
3642
msgstr ""
3643
3644
#: serverguide/C/vpn.xml:288(para)
3645
msgid "Finally, restart <application>openvpn</application>:"
3646
msgstr ""
3647
3648
#: serverguide/C/vpn.xml:296(para)
3649
msgid "You should now be able to connect to the remote LAN through the VPN."
3650
msgstr ""
3651
3652
#: serverguide/C/vpn.xml:307(para)
3653
msgid ""
3654
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3655
"additional information."
3656
msgstr ""
3657
3658
#: serverguide/C/vpn.xml:312(para)
3659
msgid ""
3660
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3661
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3662
msgstr ""
3663
3664
#: serverguide/C/vpn.xml:318(para)
3665
msgid ""
3666
"Another source of further information is the <ulink "
3667
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3668
"OpenVPN</ulink> page."
3669
msgstr ""
3670
3671
#: serverguide/C/virtualization.xml:13(title)
3672
msgid "Virtualization"
3673
msgstr ""
3674
3675
#: serverguide/C/virtualization.xml:14(para)
3676
msgid ""
3677
"Virtualization is being adopted in many different environments and "
3678
"situations. If you are a developer, virtualization can provide you with a "
3679
"contained environment where you can safely do almost any sort of development "
3680
"safe from messing up your main working environment. If you are a systems "
3681
"administrator, you can use virtualization to more easily separate your "
3682
"services and move them around based on demand."
3683
msgstr ""
3684
3685
#: serverguide/C/virtualization.xml:20(para)
3686
msgid ""
3687
"The default virtualization technology supported in Ubuntu is "
3688
"<application>KVM</application>, a technology that takes advantage of "
3689
"virtualization extensions built into Intel and AMD hardware. For hardware "
3690
"without virtualization extensions <application>Xen</application> and "
3691
"<application>Qemu</application> are popular solutions."
3692
msgstr ""
3693
3694
#: serverguide/C/virtualization.xml:27(title)
3695
msgid "libvirt"
3696
msgstr "libvirt"
3697
3698
#: serverguide/C/virtualization.xml:28(para)
3699
msgid ""
3700
"The <application>libvirt</application> library is used to interface with "
3701
"different virtualization technologies. Before getting started with "
3702
"<application>libvirt</application> it is best to make sure your hardware "
3703
"supports the necessary virtualization extensions for "
3704
"<application>KVM</application>. Enter the following from a terminal prompt:"
3705
msgstr ""
3706
3707
#: serverguide/C/virtualization.xml:35(command)
3708
msgid "kvm-ok"
3709
msgstr ""
3710
3711
#: serverguide/C/virtualization.xml:37(para)
3712
msgid ""
3713
"A message will be printed informing you if your CPU "
3714
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3715
"virtualization."
3716
msgstr ""
3717
3718
#: serverguide/C/virtualization.xml:41(para)
3719
msgid ""
3720
"On most computer whose processor supports virtualization, it is necessary to "
3721
"activate an option in the BIOS to enable it."
3722
msgstr ""
3723
3724
#: serverguide/C/virtualization.xml:47(title)
3725
msgid "Virtual Networking"
3726
msgstr ""
3727
3728
#: serverguide/C/virtualization.xml:49(para)
3729
msgid ""
3730
"There are a few different ways to allow a virtual machine access to the "
3731
"external network. The default virtual network configuration is "
3732
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3733
"traffic is NATed through the host interface to the outside network."
3734
msgstr ""
3735
3736
#: serverguide/C/virtualization.xml:54(para)
3737
msgid ""
3738
"To enable external hosts to directly access services on virtual machines a "
3739
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3740
"interfaces to connect to the outside network through the physical interface, "
3741
"making them appear as normal hosts to the rest of the network. For "
3742
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3743
msgstr ""
3744
3745
#: serverguide/C/virtualization.xml:63(para)
3746
msgid "To install the necessary packages, from a terminal prompt enter:"
3747
msgstr "Каб устанавіць неабходныя пакеты, увядзіце ў тэрмінале:"
3748
3749
#: serverguide/C/virtualization.xml:67(command)
3750
msgid "sudo apt-get install kvm libvirt-bin"
3751
msgstr "sudo apt-get install kvm libvirt-bin"
3752
3753
#: serverguide/C/virtualization.xml:69(para)
3754
msgid ""
3755
"After installing <application>libvirt-bin</application>, the user used to "
3756
"manage virtual machines will need to be added to the "
3757
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3758
"the advanced networking options."
3759
msgstr ""
3760
3761
#: serverguide/C/virtualization.xml:73(para)
3762
msgid "In a terminal enter:"
3763
msgstr "Увядзіце ў тэрмінале:"
3764
3765
#: serverguide/C/virtualization.xml:77(command)
3766
msgid "sudo adduser $USER libvirtd"
3767
msgstr "sudo adduser $USER libvirtd"
3768
3769
#: serverguide/C/virtualization.xml:80(para)
3770
msgid ""
3771
"If the user chosen is the current user, you will need to log out and back in "
3772
"for the new group membership to take effect."
3773
msgstr ""
3774
3775
#: serverguide/C/virtualization.xml:84(para)
3776
msgid ""
3777
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3778
"Installing a virtual machine follows the same process as installing the "
3779
"operating system directly on the hardware. You either need a way to automate "
3780
"the installation, or a keyboard and monitor will need to be attached to the "
3781
"physical machine."
3782
msgstr ""
3783
3784
#: serverguide/C/virtualization.xml:89(para)
3785
msgid ""
3786
"In the case of virtual machines a Graphical User Interface (GUI) is "
3787
"analogous to using a physical keyboard and mouse. Instead of installing a "
3788
"GUI the <application>virt-viewer</application> application can be used to "
3789
"connect to a virtual machine's console using <application>VNC</application>. "
3790
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3791
msgstr ""
3792
3793
#: serverguide/C/virtualization.xml:94(para)
3794
msgid ""
3795
"There are several ways to automate the Ubuntu installation process, for "
3796
"example using preseeds, kickstart, etc. Refer to the <ulink "
3797
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
3798
"Installation Guide</ulink> for details."
3799
msgstr ""
3800
3801
#: serverguide/C/virtualization.xml:98(para)
3802
msgid ""
3803
"Yet another way to install an Ubuntu virtual machine is to use "
3804
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3805
"builder</application> allows you to setup advanced partitions, execute "
3806
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3807
"vmbuilder\"/>"
3808
msgstr ""
3809
3810
#: serverguide/C/virtualization.xml:104(title)
3811
msgid "virt-install"
3812
msgstr "virt-install"
3813
3814
#: serverguide/C/virtualization.xml:105(para)
3815
msgid ""
3816
"<application>virt-install</application> is part of the <application>python-"
3817
"virtinst</application> package. To install it, from a terminal prompt enter:"
3818
msgstr ""
3819
"<application>virt-install</application> гэта частка пакета "
3820
"<application>python-virtinst</application>. Каб устанавіць яго, увядзіце ў "
3821
"тэрмінале:"
3822
3823
#: serverguide/C/virtualization.xml:109(command)
3824
msgid "sudo apt-get install python-virtinst"
3825
msgstr "sudo apt-get install python-virtinst"
3826
3827
#: serverguide/C/virtualization.xml:111(para)
3828
msgid ""
3829
"There are several options available when using <application>virt-"
3830
"install</application>. For example:"
3831
msgstr ""
3832
3833
#: serverguide/C/virtualization.xml:115(command)
3834
msgid ""
3835
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3836
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3837
msgstr ""
3838
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3839
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3840
3841
#: serverguide/C/virtualization.xml:122(para)
3842
msgid ""
3843
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3844
"be <emphasis>web_devel</emphasis> in this example."
3845
msgstr ""
3846
3847
#: serverguide/C/virtualization.xml:127(para)
3848
msgid ""
3849
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3850
"machine will use."
3851
msgstr ""
3852
3853
#: serverguide/C/virtualization.xml:132(para)
3854
msgid ""
3855
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3856
"disk which can be a file, partition, or logical volume. In this example a "
3857
"file named <filename>web_devel.img</filename>."
3858
msgstr ""
3859
3860
#: serverguide/C/virtualization.xml:138(para)
3861
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3862
msgstr "<emphasis>-s 4:</emphasis> памер віртуальнага дыска."
3863
3864
#: serverguide/C/virtualization.xml:143(para)
3865
msgid ""
3866
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3867
"file can be either an ISO file or the path to the host's CDROM device."
3868
msgstr ""
3869
3870
#: serverguide/C/virtualization.xml:149(para)
3871
msgid ""
3872
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3873
"technologies."
3874
msgstr ""
3875
3876
#: serverguide/C/virtualization.xml:154(para)
3877
msgid ""
3878
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3879
msgstr ""
3880
3881
#: serverguide/C/virtualization.xml:159(para)
3882
msgid ""
3883
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3884
"virtual machine's console."
3885
msgstr ""
3886
3887
#: serverguide/C/virtualization.xml:164(para)
3888
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3889
msgstr ""
3890
3891
#: serverguide/C/virtualization.xml:169(para)
3892
msgid ""
3893
"After launching <application>virt-install</application> you can connect to "
3894
"the virtual machine's console either locally using a GUI or with the "
3895
"<application>virt-viewer</application> utility."
3896
msgstr ""
3897
3898
#: serverguide/C/virtualization.xml:175(title)
3899
msgid "virt-clone"
3900
msgstr "virt-clone"
3901
3902
#: serverguide/C/virtualization.xml:176(para)
3903
msgid ""
3904
"The <application>virt-clone</application> application can be used to copy "
3905
"one virtual machine to another. For example:"
3906
msgstr ""
3907
3908
#: serverguide/C/virtualization.xml:180(command)
3909
msgid ""
3910
"sudo virt-clone -o web_devel -n database_devel -f "
3911
"/path/to/database_devel.img --connect=qemu:///system"
3912
msgstr ""
3913
"sudo virt-clone -o web_devel -n database_devel -f "
3914
"/path/to/database_devel.img --connect=qemu:///system"
3915
3916
#: serverguide/C/virtualization.xml:184(para)
3917
msgid "<emphasis>-o:</emphasis> original virtual machine."
3918
msgstr ""
3919
3920
#: serverguide/C/virtualization.xml:189(para)
3921
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3922
msgstr "<emphasis>-n:</emphasis> імя новай віртуальнай машыны."
3923
3924
#: serverguide/C/virtualization.xml:194(para)
3925
msgid ""
3926
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3927
"be used by the new virtual machine."
3928
msgstr ""
3929
3930
#: serverguide/C/virtualization.xml:199(para)
3931
msgid ""
3932
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3933
msgstr ""
3934
3935
#: serverguide/C/virtualization.xml:204(para)
3936
msgid ""
3937
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3938
"help troubleshoot problems with <application>virt-clone</application>."
3939
msgstr ""
3940
3941
#: serverguide/C/virtualization.xml:209(para)
3942
msgid ""
3943
"Replace <emphasis>web_devel</emphasis> and "
3944
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3945
msgstr ""
3946
3947
#: serverguide/C/virtualization.xml:215(title)
3948
msgid "Virtual Machine Management"
3949
msgstr ""
3950
3951
#: serverguide/C/virtualization.xml:217(title)
3952
msgid "virsh"
3953
msgstr ""
3954
3955
#: serverguide/C/virtualization.xml:218(para)
3956
msgid ""
3957
"There are several utilities available to manage virtual machines and "
3958
"<application>libvirt</application>. The <application>virsh</application> "
3959
"utility can be used from the command line. Some examples:"
3960
msgstr ""
3961
3962
#: serverguide/C/virtualization.xml:224(para)
3963
msgid "To list running virtual machines:"
3964
msgstr ""
3965
3966
#: serverguide/C/virtualization.xml:228(command)
3967
msgid "virsh -c qemu:///system list"
3968
msgstr "virsh -c qemu:///system list"
3969
3970
#: serverguide/C/virtualization.xml:232(para)
3971
msgid "To start a virtual machine:"
3972
msgstr ""
3973
3974
#: serverguide/C/virtualization.xml:236(command)
3975
msgid "virsh -c qemu:///system start web_devel"
3976
msgstr "virsh -c qemu:///system start web_devel"
3977
3978
#: serverguide/C/virtualization.xml:240(para)
3979
msgid "Similarly, to start a virtual machine at boot:"
3980
msgstr ""
3981
3982
#: serverguide/C/virtualization.xml:244(command)
3983
msgid "virsh -c qemu:///system autostart web_devel"
3984
msgstr "virsh -c qemu:///system autostart web_devel"
3985
3986
#: serverguide/C/virtualization.xml:248(para)
3987
msgid "Reboot a virtual machine with:"
3988
msgstr ""
3989
3990
#: serverguide/C/virtualization.xml:252(command)
3991
msgid "virsh -c qemu:///system reboot web_devel"
3992
msgstr "virsh -c qemu:///system reboot web_devel"
3993
3994
#: serverguide/C/virtualization.xml:256(para)
3995
msgid ""
3996
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3997
"order to be restored later. The following will save the virtual machine "
3998
"state into a file named according to the date:"
3999
msgstr ""
4000
4001
#: serverguide/C/virtualization.xml:261(command)
4002
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
4003
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
4004
4005
#: serverguide/C/virtualization.xml:263(para)
4006
msgid "Once saved the virtual machine will no longer be running."
4007
msgstr ""
4008
4009
#: serverguide/C/virtualization.xml:268(para)
4010
msgid "A saved virtual machine can be restored using:"
4011
msgstr ""
4012
4013
#: serverguide/C/virtualization.xml:272(command)
4014
msgid "virsh -c qemu:///system restore web_devel-022708.state"
4015
msgstr "virsh -c qemu:///system restore web_devel-022708.state"
4016
4017
#: serverguide/C/virtualization.xml:276(para)
4018
msgid "To shutdown a virtual machine do:"
4019
msgstr ""
4020
4021
#: serverguide/C/virtualization.xml:280(command)
4022
msgid "virsh -c qemu:///system shutdown web_devel"
4023
msgstr "virsh -c qemu:///system shutdown web_devel"
4024
4025
#: serverguide/C/virtualization.xml:284(para)
4026
msgid "A CDROM device can be mounted in a virtual machine by entering:"
4027
msgstr ""
4028
4029
#: serverguide/C/virtualization.xml:288(command)
4030
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4031
msgstr ""
4032
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
4033
4034
#: serverguide/C/virtualization.xml:293(para)
4035
msgid ""
4036
"In the above examples replace <emphasis>web_devel</emphasis> with the "
4037
"appropriate virtual machine name, and <filename>web_devel-"
4038
"022708.state</filename> with a descriptive file name."
4039
msgstr ""
4040
4041
#: serverguide/C/virtualization.xml:300(title)
4042
msgid "Virtual Machine Manager"
4043
msgstr ""
4044
4045
#: serverguide/C/virtualization.xml:301(para)
4046
msgid ""
4047
"The <application>virt-manager</application> package contains a graphical "
4048
"utility to manage local and remote virtual machines. To install virt-manager "
4049
"enter:"
4050
msgstr ""
4051
4052
#: serverguide/C/virtualization.xml:306(command)
4053
msgid "sudo apt-get install virt-manager"
4054
msgstr "sudo apt-get install virt-manager"
4055
4056
#: serverguide/C/virtualization.xml:308(para)
4057
msgid ""
4058
"Since <application>virt-manager</application> requires a Graphical User "
4059
"Interface (GUI) environment it is recommended to be installed on a "
4060
"workstation or test machine instead of a production server. To connect to "
4061
"the local <application>libvirt</application> service enter:"
4062
msgstr ""
4063
4064
#: serverguide/C/virtualization.xml:314(command)
4065
msgid "virt-manager -c qemu:///system"
4066
msgstr "virt-manager -c qemu:///system"
4067
4068
#: serverguide/C/virtualization.xml:316(para)
4069
msgid ""
4070
"You can connect to the <application>libvirt</application> service running on "
4071
"another host by entering the following in a terminal prompt:"
4072
msgstr ""
4073
4074
#: serverguide/C/virtualization.xml:320(command)
4075
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4076
msgstr "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4077
4078
#: serverguide/C/virtualization.xml:323(para)
4079
msgid ""
4080
"The above example assumes that <application>SSH</application> connectivity "
4081
"between the management system and virtnode1.mydomain.com has already been "
4082
"configured, and uses SSH keys for authentication. SSH "
4083
"<emphasis>keys</emphasis> are needed because "
4084
"<application>libvirt</application> sends the password prompt to another "
4085
"process. For details on configuring <application>SSH</application> see <xref "
4086
"linkend=\"openssh-server\"/>"
4087
msgstr ""
4088
4089
#: serverguide/C/virtualization.xml:333(title)
4090
msgid "Virtual Machine Viewer"
4091
msgstr ""
4092
4093
#: serverguide/C/virtualization.xml:334(para)
4094
msgid ""
4095
"The <application>virt-viewer</application> application allows you to connect "
4096
"to a virtual machine's console. <application>virt-viewer</application> does "
4097
"require a Graphical User Interface (GUI) to interface with the virtual "
4098
"machine."
4099
msgstr ""
4100
4101
#: serverguide/C/virtualization.xml:338(para)
4102
msgid ""
4103
"To install <application>virt-viewer</application> from a terminal enter:"
4104
msgstr ""
4105
"Каб устанавіць <application>virt-viewer</application>, увядзіце ў тэрмінале:"
4106
4107
#: serverguide/C/virtualization.xml:342(command)
4108
msgid "sudo apt-get install virt-viewer"
4109
msgstr "sudo apt-get install virt-viewer"
4110
4111
#: serverguide/C/virtualization.xml:344(para)
4112
msgid ""
4113
"Once a virtual machine is installed and running you can connect to the "
4114
"virtual machine's console by using:"
4115
msgstr ""
4116
4117
#: serverguide/C/virtualization.xml:348(command)
4118
msgid "virt-viewer -c qemu:///system web_devel"
4119
msgstr "virt-viewer -c qemu:///system web_devel"
4120
4121
#: serverguide/C/virtualization.xml:350(para)
4122
msgid ""
4123
"Similar to <application>virt-manager</application>, <application>virt-"
4124
"viewer</application> can connect to a remote host using "
4125
"<emphasis>SSH</emphasis> with key authentication, as well:"
4126
msgstr ""
4127
4128
#: serverguide/C/virtualization.xml:355(command)
4129
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4130
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4131
4132
#: serverguide/C/virtualization.xml:357(para)
4133
msgid ""
4134
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4135
"appropriate virtual machine name."
4136
msgstr ""
4137
4138
#: serverguide/C/virtualization.xml:360(para)
4139
msgid ""
4140
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4141
"can also setup <application>SSH</application> access to the virtual machine. "
4142
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4143
"more details."
4144
msgstr ""
4145
4146
#: serverguide/C/virtualization.xml:369(para)
4147
msgid ""
4148
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4149
"for more details."
4150
msgstr ""
4151
"Глядзіце старонку <ulink "
4152
"url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink>, для больш зьмястоўнай "
4153
"інфармацыі."
4154
4155
#: serverguide/C/virtualization.xml:374(para)
4156
msgid ""
4157
"For more information on <application>libvirt</application> see the <ulink "
4158
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4159
msgstr ""
4160
"Для больш зьмястоўнай інфармацыі пра <application>libvirt</application> "
4161
"глядзіце <ulink url=\"http://libvirt.org/\">хатнюю старонку libvirt</ulink>"
4162
4163
#: serverguide/C/virtualization.xml:379(para)
4164
msgid ""
4165
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4166
"Manager</ulink> site has more information on <application>virt-"
4167
"manager</application> development."
4168
msgstr ""
4169
4170
#: serverguide/C/virtualization.xml:385(para)
4171
msgid ""
4172
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4173
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4174
"technology in Ubuntu."
4175
msgstr ""
4176
4177
#: serverguide/C/virtualization.xml:391(para)
4178
msgid ""
4179
"Another good resource is the <ulink "
4180
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4181
msgstr ""
4182
4183
#: serverguide/C/virtualization.xml:399(title)
4184
msgid "JeOS and vmbuilder"
4185
msgstr ""
4186
4187
#: serverguide/C/virtualization.xml:405(title)
4188
msgid "What is JeOS"
4189
msgstr "Што такое JeOS"
4190
4191
#: serverguide/C/virtualization.xml:407(para)
4192
msgid ""
4193
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4194
"variant of the Ubuntu Server operating system, configured specifically for "
4195
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4196
"only as an option either:"
4197
msgstr ""
4198
4199
#: serverguide/C/virtualization.xml:414(para)
4200
msgid ""
4201
"While installing from the Server Edition ISO (pressing "
4202
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4203
"installation\", which is the package selection equivalent to JeOS)."
4204
msgstr ""
4205
4206
#: serverguide/C/virtualization.xml:420(para)
4207
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4208
msgstr ""
4209
4210
#: serverguide/C/virtualization.xml:426(para)
4211
msgid ""
4212
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4213
"kernel that only contains the base elements needed to run within a "
4214
"virtualized environment."
4215
msgstr ""
4216
4217
#: serverguide/C/virtualization.xml:431(para)
4218
msgid ""
4219
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4220
"in the latest virtualization products from VMware. This combination of "
4221
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4222
"delivers a highly efficient use of server resources in large virtual "
4223
"deployments."
4224
msgstr ""
4225
4226
#: serverguide/C/virtualization.xml:437(para)
4227
msgid ""
4228
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4229
"can configure their supporting OS exactly as they require. They have the "
4230
"peace of mind that updates, whether for security or enhancement reasons, "
4231
"will be limited to the bare minimum of what is required in their specific "
4232
"environment. In turn, users deploying virtual appliances built on top of "
4233
"JeOS will have to go through fewer updates and therefore less maintenance "
4234
"than they would have had to with a standard full installation of a server."
4235
msgstr ""
4236
4237
#: serverguide/C/virtualization.xml:446(title)
4238
msgid "What is vmbuilder"
4239
msgstr "Што такое vmbuilder"
4240
4241
#: serverguide/C/virtualization.xml:448(para)
4242
msgid ""
4243
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4244
"will fetch the various package and build a virtual machine tailored for your "
4245
"needs in about a minute. vmbuilder is a script that automates the process of "
4246
"creating a ready to use Linux based VM. The currently supported hypervisors "
4247
"are KVM and Xen."
4248
msgstr ""
4249
4250
#: serverguide/C/virtualization.xml:454(para)
4251
msgid ""
4252
"You can pass command line options to add extra packages, remove packages, "
4253
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4254
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4255
"a local mirror, you can bootstrap a VM in less than a minute."
4256
msgstr ""
4257
4258
#: serverguide/C/virtualization.xml:460(para)
4259
msgid ""
4260
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4261
"vm-builder</application> started with little emphasis as a hack to help "
4262
"developers test their new code in a virtual machine without having to "
4263
"restart from scratch each time. As a few Ubuntu administrators started to "
4264
"notice this script, a few of them went on improving it and adapting it for "
4265
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4266
"virtualization specialist, not the golf player) decided to rewrite it from "
4267
"scratch for Intrepid as a python script with a few new design goals:"
4268
msgstr ""
4269
4270
#: serverguide/C/virtualization.xml:470(para)
4271
msgid "Develop it so that it can be reused by other distributions."
4272
msgstr ""
4273
4274
#: serverguide/C/virtualization.xml:475(para)
4275
msgid ""
4276
"Use a plugin mechanisms for all virtualization interactions so that others "
4277
"can easily add logic for other virtualization environments."
4278
msgstr ""
4279
4280
#: serverguide/C/virtualization.xml:480(para)
4281
msgid ""
4282
"Provide an easy to maintain web interface as an option to the command line "
4283
"interface."
4284
msgstr ""
4285
4286
#: serverguide/C/virtualization.xml:486(para)
4287
msgid "But the general principles and commands remain the same."
4288
msgstr ""
4289
4290
#: serverguide/C/virtualization.xml:493(title)
4291
msgid "Initial Setup"
4292
msgstr ""
4293
4294
#: serverguide/C/virtualization.xml:495(para)
4295
msgid ""
4296
"It is assumed that you have installed and configured "
4297
"<application>libvirt</application> and <application>KVM</application> "
4298
"locally on the machine you are using. For details on how to perform this, "
4299
"please refer to:"
4300
msgstr ""
4301
4302
#: serverguide/C/virtualization.xml:507(para)
4303
msgid ""
4304
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4305
"page."
4306
msgstr ""
4307
"Старонка Wiki <ulink "
4308
"url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink>."
4309
4310
#: serverguide/C/virtualization.xml:513(para)
4311
msgid ""
4312
"We also assume that you know how to use a text based text editor such as "
4313
"nano or vi. If you have not used any of them before, you can get an overview "
4314
"of the various text editors available by reading the <ulink "
4315
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4316
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4317
"principle should remain on other virtualization technologies."
4318
msgstr ""
4319
4320
#: serverguide/C/virtualization.xml:521(title)
4321
msgid "Install vmbuilder"
4322
msgstr "Устанавіць vmbuilder"
4323
4324
#: serverguide/C/virtualization.xml:523(para)
4325
msgid ""
4326
"The name of the package that we need to install is <application>python-vm-"
4327
"builder</application>. In a terminal prompt enter:"
4328
msgstr ""
4329
4330
#: serverguide/C/virtualization.xml:528(command)
4331
msgid "sudo apt-get install python-vm-builder"
4332
msgstr "sudo apt-get install python-vm-builder"
4333
4334
#: serverguide/C/virtualization.xml:532(para)
4335
msgid ""
4336
"If you are running Hardy, you can still perform most of this using the older "
4337
"version of the package named <application>ubuntu-vm-builder</application>, "
4338
"there are only a few changes to the syntax of the tool."
4339
msgstr ""
4340
4341
#: serverguide/C/virtualization.xml:541(title)
4342
msgid "Defining Your Virtual Machine"
4343
msgstr ""
4344
4345
#: serverguide/C/virtualization.xml:543(para)
4346
msgid ""
4347
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4348
"are a few thing to consider:"
4349
msgstr ""
4350
4351
#: serverguide/C/virtualization.xml:549(para)
4352
msgid ""
4353
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4354
"will know how to extend disk size to fit their need, so either plan for a "
4355
"large virtual disk to allow for your appliance to grow, or explain fairly "
4356
"well in your documentation how to allocate more space. It might actually be "
4357
"a good idea to store data on some separate external storage."
4358
msgstr ""
4359
4360
#: serverguide/C/virtualization.xml:556(para)
4361
msgid ""
4362
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4363
"whatever you think is a safe minimum for your appliance."
4364
msgstr ""
4365
4366
#: serverguide/C/virtualization.xml:562(para)
4367
msgid ""
4368
"The <application>vmbuilder</application> command has 2 main parameters: the "
4369
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4370
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4371
"and can be found using the following command:"
4372
msgstr ""
4373
4374
#: serverguide/C/virtualization.xml:568(command)
4375
msgid "vmbuilder --help"
4376
msgstr "vmbuilder --help"
4377
4378
#: serverguide/C/virtualization.xml:572(title)
4379
msgid "Base Parameters"
4380
msgstr "Асноўныя парамэтры"
4381
4382
#: serverguide/C/virtualization.xml:574(para)
4383
msgid ""
4384
"As this example is based on <application>KVM</application> and Ubuntu 10.04 "
4385
"LTS (Lucid Lynx), and we are likely to rebuild the same virtual machine "
4386
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4387
msgstr ""
4388
4389
#: serverguide/C/virtualization.xml:580(command)
4390
msgid ""
4391
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
4392
"libvirt qemu:///system"
4393
msgstr ""
4394
4395
#: serverguide/C/virtualization.xml:583(para)
4396
msgid ""
4397
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4398
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4399
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4400
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4401
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4402
"libvirt</emphasis> tells to inform the local virtualization environment to "
4403
"add the resulting VM to the list of available machines."
4404
msgstr ""
4405
4406
#: serverguide/C/virtualization.xml:591(para)
4407
msgid "Notes:"
4408
msgstr "Заўвагі:"
4409
4410
#: serverguide/C/virtualization.xml:597(para)
4411
msgid ""
4412
"Because of the nature of operations performed by vmbuilder, it needs to have "
4413
"root privilege, hence the use of sudo."
4414
msgstr ""
4415
4416
#: serverguide/C/virtualization.xml:602(para)
4417
msgid ""
4418
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4419
"a 64 bit machine (--arch amd64)."
4420
msgstr ""
4421
4422
#: serverguide/C/virtualization.xml:607(para)
4423
msgid ""
4424
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4425
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4426
"use <emphasis>--flavour</emphasis> server instead."
4427
msgstr ""
4428
4429
#: serverguide/C/virtualization.xml:615(title)
4430
msgid "JeOS Installation Parameters"
4431
msgstr "Парамэтры ўстаноўкі JeOS"
4432
4433
#: serverguide/C/virtualization.xml:618(title)
4434
msgid "JeOS Networking"
4435
msgstr ""
4436
4437
#: serverguide/C/virtualization.xml:621(title)
4438
msgid "Assigning a fixed IP address"
4439
msgstr ""
4440
4441
#: serverguide/C/virtualization.xml:623(para)
4442
msgid ""
4443
"As a virtual appliance that may be deployed on various very different "
4444
"networks, it is very difficult to know what the actual network will look "
4445
"like. In order to simplify configuration, it is a good idea to take an "
4446
"approach similar to what network hardware vendors usually do, namely "
4447
"assigning an initial fixed IP address to the appliance in a private class "
4448
"network that you will provide in your documentation. An address in the range "
4449
"192.168.0.0/255 is usually a good choice."
4450
msgstr ""
4451
4452
#: serverguide/C/virtualization.xml:630(para)
4453
msgid "To do this we'll use the following parameters:"
4454
msgstr ""
4455
4456
#: serverguide/C/virtualization.xml:636(para)
4457
msgid ""
4458
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4459
"dhcp if not specified)"
4460
msgstr ""
4461
4462
#: serverguide/C/virtualization.xml:641(para)
4463
msgid ""
4464
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4465
"255.255.255.0)"
4466
msgstr ""
4467
4468
#: serverguide/C/virtualization.xml:646(para)
4469
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4470
msgstr ""
4471
4472
#: serverguide/C/virtualization.xml:651(para)
4473
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4474
msgstr ""
4475
4476
#: serverguide/C/virtualization.xml:656(para)
4477
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4478
msgstr ""
4479
4480
#: serverguide/C/virtualization.xml:661(para)
4481
msgid ""
4482
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4483
msgstr ""
4484
4485
#: serverguide/C/virtualization.xml:667(para)
4486
msgid ""
4487
"We assume for now that default values are good enough, so the resulting "
4488
"invocation becomes:"
4489
msgstr ""
4490
4491
#: serverguide/C/virtualization.xml:672(command)
4492
msgid ""
4493
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
4494
"libvirt qemu:///system --ip 192.168.0.100"
4495
msgstr ""
4496
4497
#: serverguide/C/virtualization.xml:677(title)
4498
msgid "Modifying the libvirt Template to use Bridging"
4499
msgstr ""
4500
4501
#: serverguide/C/virtualization.xml:679(para)
4502
msgid ""
4503
"Because our appliance will be likely to need to be accessed by remote hosts, "
4504
"we need to configure libvirt so that the appliance uses bridge networking. "
4505
"To do this we use vmbuilder template mechanism to modify the default one."
4506
msgstr ""
4507
4508
#: serverguide/C/virtualization.xml:684(para)
4509
msgid ""
4510
"In our working directory we create the template hierarchy and copy the "
4511
"default template:"
4512
msgstr ""
4513
4514
#: serverguide/C/virtualization.xml:689(command)
4515
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4516
msgstr "mkdir -p VMBuilder/plugins/libvirt/templates"
4517
4518
#: serverguide/C/virtualization.xml:690(command)
4519
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4520
msgstr "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4521
4522
#: serverguide/C/virtualization.xml:693(para)
4523
msgid ""
4524
"We can then edit "
4525
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4526
"change:"
4527
msgstr ""
4528
4529
#: serverguide/C/virtualization.xml:697(programlisting)
4530
#, no-wrap
4531
msgid ""
4532
"\n"
4533
" <interface type='network'>\n"
4534
" <source network='default'/>\n"
4535
" </interface>\n"
4536
msgstr ""
4537
"\n"
4538
" <interface type='network'>\n"
4539
" <source network='default'/>\n"
4540
" </interface>\n"
4541
4542
#: serverguide/C/virtualization.xml:703(para)
4543
msgid "To:"
4544
msgstr ""
4545
4546
#: serverguide/C/virtualization.xml:707(programlisting)
4547
#, no-wrap
4548
msgid ""
4549
"\n"
4550
" <interface type='bridge'>\n"
4551
" <source bridge='br0'/>\n"
4552
" </interface>\n"
4553
msgstr ""
4554
4555
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4556
msgid "Partitioning"
4557
msgstr ""
4558
4559
#: serverguide/C/virtualization.xml:719(para)
4560
msgid ""
4561
"Partitioning of the virtual appliance will have to take into consideration "
4562
"what you are planning to do with is. Because most appliances want to have a "
4563
"separate storage for data, having a separate <filename>/var</filename> would "
4564
"make sense."
4565
msgstr ""
4566
4567
#: serverguide/C/virtualization.xml:724(para)
4568
msgid ""
4569
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4570
msgstr ""
4571
4572
#: serverguide/C/virtualization.xml:728(programlisting)
4573
#, no-wrap
4574
msgid ""
4575
"\n"
4576
"--part PATH\n"
4577
" Allows you to specify a partition table in a partition file, located at "
4578
"PATH. Each line of the partition file should specify\n"
4579
" (root first):\n"
4580
" mountpoint size\n"
4581
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4582
"disk starts on a\n"
4583
" line with ’---’. ie :\n"
4584
" root 1000\n"
4585
" /opt 1000\n"
4586
" swap 256\n"
4587
" ---\n"
4588
" /var 2000\n"
4589
" /log 1500\n"
4590
msgstr ""
4591
4592
#: serverguide/C/virtualization.xml:743(para)
4593
msgid ""
4594
"In our case we will define a text file name "
4595
"<filename>vmbuilder.partition</filename> which will contain the following:"
4596
msgstr ""
4597
4598
#: serverguide/C/virtualization.xml:747(programlisting)
4599
#, no-wrap
4600
msgid ""
4601
"\n"
4602
"root 8000\n"
4603
"swap 4000\n"
4604
"---\n"
4605
"/var 20000\n"
4606
msgstr ""
4607
"\n"
4608
"root 8000\n"
4609
"swap 4000\n"
4610
"---\n"
4611
"/var 20000\n"
4612
4613
#: serverguide/C/virtualization.xml:755(para)
4614
msgid ""
4615
"Note that as we are using virtual disk images, the actual sizes that we put "
4616
"here are maximum sizes for these volumes."
4617
msgstr ""
4618
4619
#: serverguide/C/virtualization.xml:760(para)
4620
msgid "Our command line now looks like:"
4621
msgstr ""
4622
4623
#: serverguide/C/virtualization.xml:765(command)
4624
msgid ""
4625
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
4626
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4627
msgstr ""
4628
4629
#: serverguide/C/virtualization.xml:770(para)
4630
msgid ""
4631
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4632
"next line."
4633
msgstr ""
4634
4635
#: serverguide/C/virtualization.xml:777(title)
4636
msgid "User and Password"
4637
msgstr "Карыстальнік і пароль"
4638
4639
#: serverguide/C/virtualization.xml:779(para)
4640
msgid ""
4641
"Again setting up a virtual appliance, you will need to provide a default "
4642
"user and password that is generic so that you can include it in your "
4643
"documentation. We will see later on in this tutorial how we will provide "
4644
"some security by defining a script that will be run the first time a user "
4645
"actually logs in the appliance, that will, among other things, ask him to "
4646
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4647
"as my user name, and <emphasis>'default'</emphasis> as the password."
4648
msgstr ""
4649
4650
#: serverguide/C/virtualization.xml:787(para)
4651
msgid "To do this we use the following optional parameters:"
4652
msgstr ""
4653
4654
#: serverguide/C/virtualization.xml:793(para)
4655
msgid ""
4656
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4657
"Default: ubuntu."
4658
msgstr ""
4659
4660
#: serverguide/C/virtualization.xml:798(para)
4661
msgid ""
4662
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4663
"added. Default: Ubuntu."
4664
msgstr ""
4665
4666
#: serverguide/C/virtualization.xml:803(para)
4667
msgid ""
4668
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4669
"Default: ubuntu."
4670
msgstr ""
4671
4672
#: serverguide/C/virtualization.xml:809(para)
4673
msgid "Our resulting command line becomes:"
4674
msgstr "Наш выніковы загадны радок:"
4675
4676
#: serverguide/C/virtualization.xml:814(command)
4677
msgid ""
4678
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
4679
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ --"
4680
"user user --name user --pass default"
4681
msgstr ""
4682
4683
#: serverguide/C/virtualization.xml:822(title)
4684
msgid "Installing Required Packages"
4685
msgstr ""
4686
4687
#: serverguide/C/virtualization.xml:824(para)
4688
msgid ""
4689
"In this example we will be installing a package "
4690
"<application>(Limesurvey)</application> that accesses a "
4691
"<application>MySQL</application> database and has a web interface. We will "
4692
"therefore require our OS to provide us with:"
4693
msgstr ""
4694
4695
#: serverguide/C/virtualization.xml:831(para)
4696
msgid "Apache"
4697
msgstr "Apache"
4698
4699
#: serverguide/C/virtualization.xml:832(para)
4700
msgid "PHP"
4701
msgstr "PHP"
4702
4703
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4704
msgid "MySQL"
4705
msgstr "MySQL"
4706
4707
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:20(title)
4708
msgid "OpenSSH Server"
4709
msgstr ""
4710
4711
#: serverguide/C/virtualization.xml:835(para)
4712
msgid "Limesurvey (as an example application that we have packaged)"
4713
msgstr ""
4714
4715
#: serverguide/C/virtualization.xml:838(para)
4716
msgid ""
4717
"This is done using vmbuilder by specifying the --addpkg option multiple "
4718
"times:"
4719
msgstr ""
4720
4721
#: serverguide/C/virtualization.xml:842(programlisting)
4722
#, no-wrap
4723
msgid ""
4724
"\n"
4725
"--addpkg PKG\n"
4726
" Install PKG into the guest (can be specfied multiple times)\n"
4727
msgstr ""
4728
4729
#: serverguide/C/virtualization.xml:847(para)
4730
msgid ""
4731
"However, due to the way vmbuilder operates, packages that have to ask "
4732
"questions to the user during the post install phase are not supported and "
4733
"should instead be installed while interactivity can occur. This is the case "
4734
"of Limesurvey, which we will have to install later, once the user logs in."
4735
msgstr ""
4736
4737
#: serverguide/C/virtualization.xml:853(para)
4738
msgid ""
4739
"Other packages that ask simple debconf question, such as <application>mysql-"
4740
"server</application> asking to set a password, the package can be installed "
4741
"immediately, but we will have to reconfigure it the first time the user logs "
4742
"in."
4743
msgstr ""
4744
4745
#: serverguide/C/virtualization.xml:859(para)
4746
msgid ""
4747
"If some packages that we need to install are not in main, we need to enable "
4748
"the additional repositories using --comp and --ppa:"
4749
msgstr ""
4750
4751
#: serverguide/C/virtualization.xml:863(programlisting)
4752
#, no-wrap
4753
msgid ""
4754
"\n"
4755
"--components COMP1,COMP2,...,COMPN\n"
4756
" A comma separated list of distro components to include (e.g. "
4757
"main,universe). This defaults\n"
4758
" to \"main\"\n"
4759
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4760
msgstr ""
4761
4762
#: serverguide/C/virtualization.xml:870(para)
4763
msgid ""
4764
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4765
"PPA (personal package archive) address so that it is added to the VM "
4766
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4767
"to the command line:"
4768
msgstr ""
4769
4770
#: serverguide/C/virtualization.xml:876(command)
4771
msgid ""
4772
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4773
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4774
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4775
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4776
"server --ppa nijaba"
4777
msgstr ""
4778
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4779
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4780
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4781
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4782
"server --ppa nijaba"
4783
4784
#: serverguide/C/virtualization.xml:883(title)
4785
msgid "OpenSSH"
4786
msgstr ""
4787
4788
#: serverguide/C/virtualization.xml:885(para)
4789
msgid ""
4790
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4791
"it will allow our admins to access the appliance remotely. However, pushing "
4792
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4793
"security risk as all these server will share the same secret key, making it "
4794
"very easy for hackers to target our appliance with all the tools they need "
4795
"to crack it open in a breeze. As for the user password, we will instead rely "
4796
"on a script that will install OpenSSH the first time a user logs in so that "
4797
"the key generated will be different for each appliance. For this we'll use a "
4798
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4799
"interaction."
4800
msgstr ""
4801
4802
#: serverguide/C/virtualization.xml:897(title)
4803
msgid "Speed Considerations"
4804
msgstr ""
4805
4806
#: serverguide/C/virtualization.xml:900(title)
4807
msgid "Package Caching"
4808
msgstr ""
4809
4810
#: serverguide/C/virtualization.xml:902(para)
4811
msgid ""
4812
"When vmbuilder creates builds your system, it has to go fetch each one of "
4813
"the packages that composes it over the network to one of the official "
4814
"repositories, which, depending on your internet connection speed and the "
4815
"load of the mirror, can have a big impact on the actual build time. In order "
4816
"to reduce this, it is recommended to either have a local repository (which "
4817
"can be created using <application>apt-mirror</application>) or using a "
4818
"caching proxy such as <application>apt-proxy</application>. The later option "
4819
"being much simpler to implement and requiring less disk space, it is the one "
4820
"we will pick in this tutorial. To install it, simply type:"
4821
msgstr ""
4822
4823
#: serverguide/C/virtualization.xml:912(command)
4824
msgid "sudo apt-get install apt-proxy"
4825
msgstr "sudo apt-get install apt-proxy"
4826
4827
#: serverguide/C/virtualization.xml:915(para)
4828
msgid ""
4829
"Once this is complete, your (empty) proxy is ready for use on "
4830
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4831
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4832
"option:"
4833
msgstr ""
4834
4835
#: serverguide/C/virtualization.xml:920(programlisting)
4836
#, no-wrap
4837
msgid ""
4838
"\n"
4839
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4840
" is http://archive.ubuntu.com/ubuntu for official\n"
4841
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4842
" otherwise\n"
4843
msgstr ""
4844
4845
#: serverguide/C/virtualization.xml:927(para)
4846
msgid "So we add to the command line:"
4847
msgstr "Дадаем у загадны радок:"
4848
4849
#: serverguide/C/virtualization.xml:932(command)
4850
msgid "--mirror http://mirroraddress:9999/ubuntu"
4851
msgstr "--mirror http://mirroraddress:9999/ubuntu"
4852
4853
#: serverguide/C/virtualization.xml:936(para)
4854
msgid ""
4855
"The mirror address specified here will also be used in the "
4856
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4857
"is useful to specify here an address that can be resolved by the guest or to "
4858
"plan on reseting this address later on, such as in a <emphasis>--"
4859
"firstboot</emphasis> script."
4860
msgstr ""
4861
4862
#: serverguide/C/virtualization.xml:945(title)
4863
msgid "Install a Local Mirror"
4864
msgstr ""
4865
4866
#: serverguide/C/virtualization.xml:947(para)
4867
msgid ""
4868
"If we are in a larger environment, it may make sense to setup a local mirror "
4869
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4870
"script that will handle the mirroring for you. You should plan on having "
4871
"about 20 gigabyte of free space per supported release and architecture."
4872
msgstr ""
4873
4874
#: serverguide/C/virtualization.xml:953(para)
4875
msgid ""
4876
"By default, <application>apt-mirror</application> uses the configuration "
4877
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4878
"replicate only the architecture of the local machine. If you would like to "
4879
"support other architectures on your mirror, simply duplicate the lines "
4880
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4881
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4882
"archives as well, you will have:"
4883
msgstr ""
4884
4885
#: serverguide/C/virtualization.xml:960(programlisting)
4886
#, no-wrap
4887
msgid ""
4888
"\n"
4889
"deb http://archive.ubuntu.com/ubuntu lucid main restricted universe "
4890
"multiverse \n"
4891
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main restricted universe "
4892
"multiverse\n"
4893
"\n"
4894
"deb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe "
4895
"multiverse \n"
4896
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-updates main restricted "
4897
"universe multiverse \n"
4898
"\n"
4899
"deb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted "
4900
"universe multiverse \n"
4901
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-backports main restricted "
4902
"universe multiverse \n"
4903
"\n"
4904
"deb http://security.ubuntu.com/ubuntu lucid-security main restricted "
4905
"universe multiverse \n"
4906
"/deb-i386 http://security.ubuntu.com/ubuntu lucid-security main restricted "
4907
"universe multiverse \n"
4908
"\n"
4909
"deb http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
4910
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4911
"installer \n"
4912
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
4913
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4914
"installer \n"
4915
msgstr ""
4916
4917
#: serverguide/C/virtualization.xml:977(para)
4918
msgid ""
4919
"Notice that the source packages are not mirrored as they are seldom used "
4920
"compared to the binaries and they do take a lot more space, but they can be "
4921
"easily added to the list."
4922
msgstr ""
4923
4924
#: serverguide/C/virtualization.xml:982(para)
4925
msgid ""
4926
"Once the mirror has finished replicating (and this can be quite long), you "
4927
"need to configure Apache so that your mirror files (in "
4928
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4929
"default), are published by your Apache server. For more information on "
4930
"Apache see <xref linkend=\"httpd\"/>."
4931
msgstr ""
4932
4933
#: serverguide/C/virtualization.xml:991(title)
4934
msgid "Installing in a RAM Disk"
4935
msgstr ""
4936
4937
#: serverguide/C/virtualization.xml:993(para)
4938
msgid ""
4939
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4940
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4941
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4942
"-tmpfs</emphasis> will help you do just that:"
4943
msgstr ""
4944
4945
#: serverguide/C/virtualization.xml:999(programlisting)
4946
#, no-wrap
4947
msgid ""
4948
"\n"
4949
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4950
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4951
msgstr ""
4952
4953
#: serverguide/C/virtualization.xml:1004(para)
4954
msgid ""
4955
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4956
"have 1G of free ram."
4957
msgstr ""
4958
4959
#: serverguide/C/virtualization.xml:1011(title)
4960
msgid "Package the Application"
4961
msgstr ""
4962
4963
#: serverguide/C/virtualization.xml:1013(para)
4964
msgid "Two option are available to us:"
4965
msgstr "Нам даступныя дзьве опцыі:"
4966
4967
#: serverguide/C/virtualization.xml:1019(para)
4968
msgid ""
4969
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4970
"package. Since this is outside of the scope of this tutorial, we will not "
4971
"perform this here and invite the reader to read the documentation on how to "
4972
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4973
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4974
"repository for your package so that updates can be conveniently pulled from "
4975
"it. See the <ulink url=\"http://www.debian-"
4976
"administration.org/articles/286\">Debian Administration</ulink> article for "
4977
"a tutorial on this."
4978
msgstr ""
4979
4980
#: serverguide/C/virtualization.xml:1028(para)
4981
msgid ""
4982
"Manually install the application under <filename>/opt</filename> as "
4983
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4984
"guidelines</ulink>."
4985
msgstr ""
4986
4987
#: serverguide/C/virtualization.xml:1035(para)
4988
msgid ""
4989
"In our case we'll use <application>Limesurvey</application> as example web "
4990
"application for which we wish to provide a virtual appliance. As noted "
4991
"before, we've made a version of the package available in a PPA (Personal "
4992
"Package Archive)."
4993
msgstr ""
4994
4995
#: serverguide/C/virtualization.xml:1042(title)
4996
msgid "Finishing Install"
4997
msgstr "Заканчэньне ўстаноўкі"
4998
4999
#: serverguide/C/virtualization.xml:1045(title)
5000
msgid "First Boot"
5001
msgstr "Першая загрузка"
5002
5003
#: serverguide/C/virtualization.xml:1047(para)
5004
msgid ""
5005
"As we mentioned earlier, the first time the machine boots we'll need to "
5006
"install <application>openssh-server</application> so that the key generated "
5007
"for it is unique for each machine. To do this, we'll write a script called "
5008
"<filename>boot.sh</filename> as follows:"
5009
msgstr ""
5010
5011
#: serverguide/C/virtualization.xml:1053(programlisting)
5012
#, no-wrap
5013
msgid ""
5014
"\n"
5015
"# This script will run the first time the virtual machine boots\n"
5016
"# It is ran as root.\n"
5017
"\n"
5018
"apt-get update\n"
5019
"apt-get install -qqy --force-yes openssh-server\n"
5020
msgstr ""
5021
5022
#: serverguide/C/virtualization.xml:1061(para)
5023
msgid ""
5024
"And we add the <command>--firstboot boot.sh</command> option to our command "
5025
"line."
5026
msgstr ""
5027
5028
#: serverguide/C/virtualization.xml:1067(title)
5029
msgid "First Login"
5030
msgstr ""
5031
5032
#: serverguide/C/virtualization.xml:1069(para)
5033
msgid ""
5034
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
5035
"set them up the first time a user logs in using a script named login.sh. "
5036
"We'll also use this script to let the user specify:"
5037
msgstr ""
5038
5039
#: serverguide/C/virtualization.xml:1075(para)
5040
msgid "His own password"
5041
msgstr "Яго асабісты пароль"
5042
5043
#: serverguide/C/virtualization.xml:1076(para)
5044
msgid "Define the keyboard and other locale info he wants to use"
5045
msgstr ""
5046
5047
#: serverguide/C/virtualization.xml:1079(para)
5048
msgid "So we'll define <filename>login.sh</filename> as follows:"
5049
msgstr ""
5050
5051
#: serverguide/C/virtualization.xml:1083(programlisting)
5052
#, no-wrap
5053
msgid ""
5054
"\n"
5055
"# This script is ran the first time a user logs in\n"
5056
"\n"
5057
"echo \"Your appliance is about to be finished to be set up.\"\n"
5058
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
5059
"echo \"starting by changing your user password.\"\n"
5060
"\n"
5061
"passwd\n"
5062
"\n"
5063
"#give the opportunity to change the keyboard\n"
5064
"sudo dpkg-reconfigure console-setup\n"
5065
"\n"
5066
"#configure the mysql server root password\n"
5067
"sudo dpkg-reconfigure mysql-server-5.0\n"
5068
"\n"
5069
"#install limesurvey\n"
5070
"sudo apt-get install -qqy --force-yes limesurvey\n"
5071
"\n"
5072
"echo \"Your appliance is now configured. To use it point your\"\n"
5073
"echo \"browser to http://serverip/limesurvey/admin\"\n"
5074
msgstr ""
5075
5076
#: serverguide/C/virtualization.xml:1105(para)
5077
msgid ""
5078
"And we add the <command>--firstlogin login.sh</command> option to our "
5079
"command line."
5080
msgstr ""
5081
5082
#: serverguide/C/virtualization.xml:1112(title)
5083
msgid "Useful Additions"
5084
msgstr ""
5085
5086
#: serverguide/C/virtualization.xml:1115(title)
5087
msgid "Configuring Automatic Updates"
5088
msgstr ""
5089
5090
#: serverguide/C/virtualization.xml:1117(para)
5091
msgid ""
5092
"To have your system be configured to update itself on a regular basis, we "
5093
"will just install <application>unattended-upgrades</application>, so we add "
5094
"the following option to our command line:"
5095
msgstr ""
5096
5097
#: serverguide/C/virtualization.xml:1123(command)
5098
msgid "--addpkg unattended-upgrades"
5099
msgstr "--addpkg unattended-upgrades"
5100
5101
#: serverguide/C/virtualization.xml:1126(para)
5102
msgid ""
5103
"As we have put our application package in a PPA, the process will update not "
5104
"only the system, but also the application each time we update the version in "
5105
"the PPA."
5106
msgstr ""
5107
5108
#: serverguide/C/virtualization.xml:1133(title)
5109
msgid "ACPI Event Handling"
5110
msgstr ""
5111
5112
#: serverguide/C/virtualization.xml:1135(para)
5113
msgid ""
5114
"For your virtual machine to be able to handle restart and shutdown events it "
5115
"is being sent, it is a good idea to install the acpid package as well. To do "
5116
"this we just add the following option:"
5117
msgstr ""
5118
5119
#: serverguide/C/virtualization.xml:1141(command)
5120
msgid "--addpkg acpid"
5121
msgstr "--addpkg acpid"
5122
5123
#: serverguide/C/virtualization.xml:1147(title)
5124
msgid "Final Command"
5125
msgstr "Апошні загад"
5126
5127
#: serverguide/C/virtualization.xml:1149(para)
5128
msgid "Here is the command with all the options discussed above:"
5129
msgstr ""
5130
5131
#: serverguide/C/virtualization.xml:1154(command)
5132
msgid ""
5133
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o \\ -"
5134
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --user "
5135
"user \\ --name user --pass default --addpkg apache2 --addpkg apache2-mpm-"
5136
"prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5137
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5138
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5139
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5140
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5141
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5142
"firstlogin login.sh es"
5143
msgstr ""
5144
5145
#: serverguide/C/virtualization.xml:1169(para)
5146
msgid ""
5147
"If you are interested in learning more, have questions or suggestions, "
5148
"please contact the Ubuntu Server Team at:"
5149
msgstr ""
5150
5151
#: serverguide/C/virtualization.xml:1174(para)
5152
msgid "IRC: #ubuntu-server on freenode"
5153
msgstr "IRC: канал #ubuntu-server на freenode"
5154
5155
#: serverguide/C/virtualization.xml:1179(para)
5156
msgid ""
5157
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5158
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5159
msgstr ""
5160
5161
#: serverguide/C/virtualization.xml:1184(para)
5162
msgid ""
5163
"Also, see the <ulink "
5164
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5165
"Wiki</ulink> page."
5166
msgstr ""
5167
5168
#: serverguide/C/virtualization.xml:1192(title)
5169
msgid "UEC"
5170
msgstr ""
5171
5172
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2026(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5173
msgid "Overview"
5174
msgstr ""
5175
5176
#: serverguide/C/virtualization.xml:1197(para)
5177
msgid ""
5178
"This tutorial covers <application>UEC</application> installation from the "
5179
"Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
5180
"with a single system serving as the <emphasis>\"all-in-one "
5181
"controller\"</emphasis>, and one or more nodes attached."
5182
msgstr ""
5183
5184
#: serverguide/C/virtualization.xml:1202(para)
5185
msgid ""
5186
"From this Tutorial you will learn how to install, configure, register and "
5187
"perform several operations on a basic <application>UEC</application> setup "
5188
"that results in a cloud with a one controller <emphasis>\"front-"
5189
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5190
"instances. You will also use examples to help get you started using your own "
5191
"private compute cloud."
5192
msgstr ""
5193
5194
#: serverguide/C/virtualization.xml:1210(title)
5195
msgid "Prerequisites"
5196
msgstr ""
5197
5198
#: serverguide/C/virtualization.xml:1212(para)
5199
msgid ""
5200
"To deploy a minimal cloud infrastructure, you’ll need at least "
5201
"<emphasis>two</emphasis> dedicated systems:"
5202
msgstr ""
5203
5204
#: serverguide/C/virtualization.xml:1218(para)
5205
msgid "A front end."
5206
msgstr ""
5207
5208
#: serverguide/C/virtualization.xml:1223(para)
5209
msgid "One or more node(s)."
5210
msgstr ""
5211
5212
#: serverguide/C/virtualization.xml:1229(para)
5213
msgid ""
5214
"The following are recommendations, rather than fixed requirements. However, "
5215
"our experience in developing this documentation indicated the following "
5216
"suggestions."
5217
msgstr ""
5218
5219
#: serverguide/C/virtualization.xml:1234(title)
5220
msgid "Front End Requirements"
5221
msgstr ""
5222
5223
#: serverguide/C/virtualization.xml:1236(para)
5224
msgid "Use the following table for a system that will run one or more of:"
5225
msgstr ""
5226
5227
#: serverguide/C/virtualization.xml:1241(para)
5228
msgid "Cloud Controller (CLC)"
5229
msgstr ""
5230
5231
#: serverguide/C/virtualization.xml:1242(para)
5232
msgid "Cluster Controller (CC)"
5233
msgstr ""
5234
5235
#: serverguide/C/virtualization.xml:1243(para)
5236
msgid "Walrus (the S3-like storage service)"
5237
msgstr ""
5238
5239
#: serverguide/C/virtualization.xml:1244(para)
5240
msgid "Storage Controller (SC)"
5241
msgstr ""
5242
5243
#: serverguide/C/virtualization.xml:1248(title)
5244
msgid "UEC Front End Requirements"
5245
msgstr ""
5246
5247
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5248
msgid "Hardware"
5249
msgstr ""
5250
5251
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5252
msgid "Minimum"
5253
msgstr ""
5254
5255
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5256
msgid "Suggested"
5257
msgstr ""
5258
5259
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5260
msgid "Notes"
5261
msgstr ""
5262
5263
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5264
msgid "CPU"
5265
msgstr ""
5266
5267
#: serverguide/C/virtualization.xml:1265(para)
5268
msgid "1 GHz"
5269
msgstr ""
5270
5271
#: serverguide/C/virtualization.xml:1266(para)
5272
msgid "2 x 2 GHz"
5273
msgstr ""
5274
5275
#: serverguide/C/virtualization.xml:1267(para)
5276
msgid ""
5277
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5278
"a dual core processor."
5279
msgstr ""
5280
5281
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5282
msgid "Memory"
5283
msgstr ""
5284
5285
#: serverguide/C/virtualization.xml:1271(para)
5286
msgid "512 MB"
5287
msgstr ""
5288
5289
#: serverguide/C/virtualization.xml:1272(para)
5290
msgid "2 GB"
5291
msgstr ""
5292
5293
#: serverguide/C/virtualization.xml:1273(para)
5294
msgid "The Java web front end benefits from lots of available memory."
5295
msgstr ""
5296
5297
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5298
msgid "Disk"
5299
msgstr ""
5300
5301
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5302
msgid "5400 RPM IDE"
5303
msgstr ""
5304
5305
#: serverguide/C/virtualization.xml:1278(para)
5306
msgid "7200 RPM SATA"
5307
msgstr ""
5308
5309
#: serverguide/C/virtualization.xml:1279(para)
5310
msgid ""
5311
"Slower disks will work, but will yield much longer instance startup times."
5312
msgstr ""
5313
5314
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5315
msgid "Disk Space"
5316
msgstr ""
5317
5318
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5319
msgid "40 GB"
5320
msgstr ""
5321
5322
#: serverguide/C/virtualization.xml:1284(para)
5323
msgid "200 GB"
5324
msgstr ""
5325
5326
#: serverguide/C/virtualization.xml:1285(para)
5327
msgid ""
5328
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5329
"does not like to run out of disk space."
5330
msgstr ""
5331
5332
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5333
msgid "Networking"
5334
msgstr "Сеціва"
5335
5336
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5337
msgid "100 Mbps"
5338
msgstr ""
5339
5340
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5341
msgid "1000 Mbps"
5342
msgstr ""
5343
5344
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5345
msgid ""
5346
"Machine images are hundreds of MB, and need to be copied over the network to "
5347
"nodes."
5348
msgstr ""
5349
5350
#: serverguide/C/virtualization.xml:1299(title)
5351
msgid "Node Requirements"
5352
msgstr ""
5353
5354
#: serverguide/C/virtualization.xml:1301(para)
5355
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5356
msgstr ""
5357
5358
#: serverguide/C/virtualization.xml:1306(para)
5359
msgid "the Node Controller (NC)"
5360
msgstr ""
5361
5362
#: serverguide/C/virtualization.xml:1310(title)
5363
msgid "UEC Node Requirements"
5364
msgstr ""
5365
5366
#: serverguide/C/virtualization.xml:1327(para)
5367
msgid "VT Extensions"
5368
msgstr ""
5369
5370
#: serverguide/C/virtualization.xml:1328(para)
5371
msgid "VT, 64-bit, Multicore"
5372
msgstr ""
5373
5374
#: serverguide/C/virtualization.xml:1329(para)
5375
msgid ""
5376
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5377
"only run 1 VM per CPU core on a Node."
5378
msgstr ""
5379
5380
#: serverguide/C/virtualization.xml:1333(para)
5381
msgid "1 GB"
5382
msgstr ""
5383
5384
#: serverguide/C/virtualization.xml:1334(para)
5385
msgid "4 GB"
5386
msgstr ""
5387
5388
#: serverguide/C/virtualization.xml:1335(para)
5389
msgid "Additional memory means more, and larger guests."
5390
msgstr ""
5391
5392
#: serverguide/C/virtualization.xml:1340(para)
5393
msgid "7200 RPM SATA or SCSI"
5394
msgstr ""
5395
5396
#: serverguide/C/virtualization.xml:1341(para)
5397
msgid ""
5398
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5399
"bottleneck."
5400
msgstr ""
5401
5402
#: serverguide/C/virtualization.xml:1346(para)
5403
msgid "100 GB"
5404
msgstr ""
5405
5406
#: serverguide/C/virtualization.xml:1347(para)
5407
msgid ""
5408
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5409
"space."
5410
msgstr ""
5411
5412
#: serverguide/C/virtualization.xml:1363(title)
5413
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5414
msgstr ""
5415
5416
#: serverguide/C/virtualization.xml:1367(para)
5417
msgid "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
5418
msgstr ""
5419
5420
#: serverguide/C/virtualization.xml:1372(para) serverguide/C/virtualization.xml:1418(para)
5421
msgid ""
5422
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5423
msgstr ""
5424
5425
#: serverguide/C/virtualization.xml:1377(para)
5426
msgid ""
5427
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5428
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5429
msgstr ""
5430
5431
#: serverguide/C/virtualization.xml:1383(para)
5432
msgid ""
5433
"It will ask two other cloud-specific questions during the course of the "
5434
"install:"
5435
msgstr ""
5436
5437
#: serverguide/C/virtualization.xml:1388(para)
5438
msgid "Name of your cluster."
5439
msgstr ""
5440
5441
#: serverguide/C/virtualization.xml:1391(para)
5442
msgid "e.g. <emphasis>cluster1</emphasis>."
5443
msgstr ""
5444
5445
#: serverguide/C/virtualization.xml:1394(para)
5446
msgid ""
5447
"A range of public IP addresses on the LAN that the cloud can allocate to "
5448
"instances."
5449
msgstr ""
5450
5451
#: serverguide/C/virtualization.xml:1397(para)
5452
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5453
msgstr ""
5454
5455
#: serverguide/C/virtualization.xml:1405(title)
5456
msgid "Installing the Node Controller(s)"
5457
msgstr ""
5458
5459
#: serverguide/C/virtualization.xml:1407(para)
5460
msgid ""
5461
"The node controller install is even simpler. Just make sure that you are "
5462
"connected to the network on which the cloud/cluster controller is already "
5463
"running."
5464
msgstr ""
5465
5466
#: serverguide/C/virtualization.xml:1413(para)
5467
msgid "Boot from the same ISO on the node(s)."
5468
msgstr ""
5469
5470
#: serverguide/C/virtualization.xml:1423(para)
5471
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5472
msgstr ""
5473
5474
#: serverguide/C/virtualization.xml:1428(para)
5475
msgid ""
5476
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5477
"install for you."
5478
msgstr ""
5479
5480
#: serverguide/C/virtualization.xml:1433(para)
5481
msgid "Confirm the partitioning scheme."
5482
msgstr ""
5483
5484
#: serverguide/C/virtualization.xml:1438(para)
5485
msgid ""
5486
"The rest of the installation should proceed uninterrupted; complete the "
5487
"installation and reboot the node."
5488
msgstr ""
5489
5490
#: serverguide/C/virtualization.xml:1446(title)
5491
msgid "Register the Node(s)"
5492
msgstr ""
5493
5494
#: serverguide/C/virtualization.xml:1448(para)
5495
msgid ""
5496
"Nodes are the physical systems within <application>UEC</application> that "
5497
"actually run the virtual machine instances of the cloud."
5498
msgstr ""
5499
5500
#: serverguide/C/virtualization.xml:1452(para)
5501
msgid ""
5502
"Once one or more Ubuntu Server node(s) are installed and running the "
5503
"<application>eucalyptus-nc</application> service, log onto the "
5504
"<emphasis>Cloud Controller (CLC)</emphasis> and run:"
5505
msgstr ""
5506
5507
#: serverguide/C/virtualization.xml:1458(command)
5508
msgid "sudo euca_conf --no-rsync --discover-nodes"
5509
msgstr ""
5510
5511
#: serverguide/C/virtualization.xml:1461(para)
5512
msgid ""
5513
"This will discover the systems on the network running the "
5514
"<application>eucalyptus-nc</application> service, and the administrator can "
5515
"confirm the registration of each node by its IP address."
5516
msgstr ""
5517
5518
#: serverguide/C/virtualization.xml:1467(para)
5519
msgid ""
5520
"If you get prompted for passwords, or receive errors from scp, you may need "
5521
"to revisit the key synchronization instructions at <ulink "
5522
"url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
5523
"lation</ulink>."
5524
msgstr ""
5525
5526
#: serverguide/C/virtualization.xml:1475(title)
5527
msgid "Obtain Credentials"
5528
msgstr ""
5529
5530
#: serverguide/C/virtualization.xml:1477(para)
5531
msgid ""
5532
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5533
"users of the cloud will need to retrieve their credentials. This can be done "
5534
"either through a web browser, or at the command line."
5535
msgstr ""
5536
5537
#: serverguide/C/virtualization.xml:1483(title)
5538
msgid "From a Web Browser"
5539
msgstr ""
5540
5541
#: serverguide/C/virtualization.xml:1487(para)
5542
msgid ""
5543
"From your web browser (either remotely or on your Ubuntu server) access the "
5544
"following URL:"
5545
msgstr ""
5546
5547
#: serverguide/C/virtualization.xml:1490(programlisting) serverguide/C/virtualization.xml:1743(programlisting)
5548
#, no-wrap
5549
msgid ""
5550
"\n"
5551
"https://<cloud-controller-ip-address>:8443/\n"
5552
msgstr ""
5553
5554
#: serverguide/C/virtualization.xml:1495(para)
5555
msgid ""
5556
"You must use a secure connection, so make sure you use \"https\" not "
5557
"\"http\" in your URL. You will get a security certificate warning. You will "
5558
"have to add an exception to view the page. If you do not accept it you will "
5559
"not be able to view the Eucalyptus configuration page."
5560
msgstr ""
5561
5562
#: serverguide/C/virtualization.xml:1503(para)
5563
msgid ""
5564
"Use username <emphasis>'admin'</emphasis> and password "
5565
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5566
"to change your password)."
5567
msgstr ""
5568
5569
#: serverguide/C/virtualization.xml:1509(para)
5570
msgid ""
5571
"Then follow the on-screen instructions to update the admin password and "
5572
"email address."
5573
msgstr ""
5574
5575
#: serverguide/C/virtualization.xml:1514(para)
5576
msgid ""
5577
"Once the first time configuration process is completed, click the "
5578
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5579
"the screen."
5580
msgstr ""
5581
5582
#: serverguide/C/virtualization.xml:1520(para)
5583
msgid ""
5584
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5585
"certificates."
5586
msgstr ""
5587
5588
#: serverguide/C/virtualization.xml:1525(para)
5589
msgid "Save them to <filename>~/.euca</filename>."
5590
msgstr ""
5591
5592
#: serverguide/C/virtualization.xml:1530(para)
5593
msgid ""
5594
"Unzip the downloaded zip file into a safe location "
5595
"(<filename>~/.euca</filename>)."
5596
msgstr ""
5597
5598
#: serverguide/C/virtualization.xml:1534(command)
5599
msgid "unzip -d ~/.euca mycreds.zip"
5600
msgstr ""
5601
5602
#: serverguide/C/virtualization.xml:1541(title)
5603
msgid "From a Command Line"
5604
msgstr ""
5605
5606
#: serverguide/C/virtualization.xml:1545(para)
5607
msgid ""
5608
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5609
"Controller</emphasis>, you can run:"
5610
msgstr ""
5611
5612
#: serverguide/C/virtualization.xml:1549(command)
5613
msgid "mkdir -p ~/.euca"
5614
msgstr ""
5615
5616
#: serverguide/C/virtualization.xml:1550(command)
5617
msgid "chmod 700 ~/.euca"
5618
msgstr ""
5619
5620
#: serverguide/C/virtualization.xml:1551(command)
5621
msgid "cd ~/.euca"
5622
msgstr ""
5623
5624
#: serverguide/C/virtualization.xml:1552(command)
5625
msgid "sudo euca_conf --get-credentials mycreds.zip"
5626
msgstr ""
5627
5628
#: serverguide/C/virtualization.xml:1553(command)
5629
msgid "unzip mycreds.zip"
5630
msgstr ""
5631
5632
#: serverguide/C/virtualization.xml:1554(command)
5633
msgid "cd -"
5634
msgstr ""
5635
5636
#: serverguide/C/virtualization.xml:1561(title)
5637
msgid "Extracting and Using Your Credentials"
5638
msgstr ""
5639
5640
#: serverguide/C/virtualization.xml:1563(para)
5641
msgid ""
5642
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5643
"certificates."
5644
msgstr ""
5645
5646
#: serverguide/C/virtualization.xml:1569(para)
5647
msgid ""
5648
"Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
5649
"Eucalyptus environment:"
5650
msgstr ""
5651
5652
#: serverguide/C/virtualization.xml:1573(command) serverguide/C/virtualization.xml:1600(command)
5653
msgid ". ~/.euca/eucarc"
5654
msgstr ""
5655
5656
#: serverguide/C/virtualization.xml:1577(para)
5657
msgid ""
5658
"You may additionally wish to add this command to your "
5659
"<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
5660
"set up automatically when you log in. Eucalyptus treats this set of "
5661
"credentials as <emphasis>'administrator'</emphasis> credentials that allow "
5662
"the holder global privileges across the cloud. As such, they should be "
5663
"protected in the same way that other elevated-priority access is protected "
5664
"(e.g. should not be made visible to the general user population)."
5665
msgstr ""
5666
5667
#: serverguide/C/virtualization.xml:1584(command)
5668
msgid ""
5669
"echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
5670
msgstr ""
5671
5672
#: serverguide/C/virtualization.xml:1588(para)
5673
msgid "Install the required cloud user tools:"
5674
msgstr ""
5675
5676
#: serverguide/C/virtualization.xml:1592(command)
5677
msgid "sudo apt-get install euca2ools"
5678
msgstr ""
5679
5680
#: serverguide/C/virtualization.xml:1596(para)
5681
msgid ""
5682
"To validate that everything is working correctly, get the local cluster "
5683
"availability details:"
5684
msgstr ""
5685
5686
#: serverguide/C/virtualization.xml:1601(command)
5687
msgid "euca-describe-availability-zones verbose"
5688
msgstr ""
5689
5690
#: serverguide/C/virtualization.xml:1602(computeroutput)
5691
#, no-wrap
5692
msgid ""
5693
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5694
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5695
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5696
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5697
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5698
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5699
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5700
msgstr ""
5701
5702
#: serverguide/C/virtualization.xml:1612(para)
5703
msgid "Your output from the above command will vary."
5704
msgstr ""
5705
5706
#: serverguide/C/virtualization.xml:1622(title)
5707
msgid "Running an Image"
5708
msgstr ""
5709
5710
#: serverguide/C/virtualization.xml:1624(para)
5711
msgid "There are multiple ways to instantiate an image in UEC:"
5712
msgstr ""
5713
5714
#: serverguide/C/virtualization.xml:1629(para)
5715
msgid "Use the command line."
5716
msgstr ""
5717
5718
#: serverguide/C/virtualization.xml:1630(para)
5719
msgid ""
5720
"Use one of the UEC compatible management tools such as "
5721
"<emphasis>Landscape</emphasis>."
5722
msgstr ""
5723
5724
#: serverguide/C/virtualization.xml:1632(para)
5725
msgid ""
5726
"Use the <ulink "
5727
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5728
"extension to Firefox."
5729
msgstr ""
5730
5731
#: serverguide/C/virtualization.xml:1638(para)
5732
msgid "Here we will describe the process from the command line:"
5733
msgstr ""
5734
5735
#: serverguide/C/virtualization.xml:1644(para)
5736
msgid ""
5737
"Before running an instance of your image, you should first create a "
5738
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5739
"instance as root, once it boots. The key is stored, so you will only have to "
5740
"do this once."
5741
msgstr ""
5742
5743
#: serverguide/C/virtualization.xml:1648(para)
5744
msgid "Run the following command:"
5745
msgstr ""
5746
5747
#: serverguide/C/virtualization.xml:1651(programlisting)
5748
#, no-wrap
5749
msgid ""
5750
"\n"
5751
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5752
" touch ~/.euca/mykey.priv\n"
5753
" chmod 0600 ~/.euca/mykey.priv\n"
5754
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5755
"fi\n"
5756
msgstr ""
5757
5758
#: serverguide/C/virtualization.xml:1659(para)
5759
msgid ""
5760
"You can call your key whatever you like (in this example, the key is called "
5761
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5762
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5763
"a list of created keys stored in the system."
5764
msgstr ""
5765
5766
#: serverguide/C/virtualization.xml:1666(para)
5767
msgid "You must also allow access to port 22 in your instances:"
5768
msgstr ""
5769
5770
#: serverguide/C/virtualization.xml:1670(command)
5771
msgid "euca-describe-groups"
5772
msgstr ""
5773
5774
#: serverguide/C/virtualization.xml:1671(command)
5775
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5776
msgstr ""
5777
5778
#: serverguide/C/virtualization.xml:1675(para)
5779
msgid "Next, you can create instances of your registered image:"
5780
msgstr ""
5781
5782
#: serverguide/C/virtualization.xml:1679(command)
5783
msgid "euca-run-instances $EMI -k mykey -t c1.medium"
5784
msgstr ""
5785
5786
#: serverguide/C/virtualization.xml:1682(para)
5787
msgid ""
5788
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5789
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5790
"on the <emphasis>Store</emphasis> page to see the sample command."
5791
msgstr ""
5792
5793
#: serverguide/C/virtualization.xml:1689(para)
5794
msgid ""
5795
"The first time you run an instance, the system will be setting up caches for "
5796
"the image from which it will be created. This can often take some time the "
5797
"first time an instance is run given that VM images are usually quite large."
5798
msgstr ""
5799
5800
#: serverguide/C/virtualization.xml:1693(para)
5801
msgid "To monitor the state of your instance, run:"
5802
msgstr ""
5803
5804
#: serverguide/C/virtualization.xml:1697(command)
5805
msgid "watch -n5 euca-describe-instances"
5806
msgstr ""
5807
5808
#: serverguide/C/virtualization.xml:1699(para)
5809
msgid ""
5810
"In the output, you should see information about the instance, including its "
5811
"state. While first-time caching is being performed, the instance's state "
5812
"will be <emphasis>'pending'</emphasis>."
5813
msgstr ""
5814
5815
#: serverguide/C/virtualization.xml:1705(para)
5816
msgid ""
5817
"When the instance is fully started, the above state will become "
5818
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5819
"instance in the output, then connect to it:"
5820
msgstr ""
5821
5822
#: serverguide/C/virtualization.xml:1710(command)
5823
msgid ""
5824
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5825
"'{print $4}')"
5826
msgstr ""
5827
5828
#: serverguide/C/virtualization.xml:1711(command)
5829
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5830
msgstr ""
5831
5832
#: serverguide/C/virtualization.xml:1715(para)
5833
msgid ""
5834
"And when you are done with this instance, exit your SSH connection, then "
5835
"terminate your instance:"
5836
msgstr ""
5837
5838
#: serverguide/C/virtualization.xml:1719(command)
5839
msgid ""
5840
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
5841
"awk '{print $2}')"
5842
msgstr ""
5843
5844
#: serverguide/C/virtualization.xml:1720(command)
5845
msgid "euca-terminate-instances $INSTANCEID"
5846
msgstr ""
5847
5848
#: serverguide/C/virtualization.xml:1727(title)
5849
msgid "Install an Image from the Store"
5850
msgstr ""
5851
5852
#: serverguide/C/virtualization.xml:1729(para)
5853
msgid ""
5854
"The following is by far the simplest way to install an image. However, "
5855
"advanced users may be interested in learning how to <ulink "
5856
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5857
"own image</ulink>."
5858
msgstr ""
5859
5860
#: serverguide/C/virtualization.xml:1734(para)
5861
msgid ""
5862
"The simplest way to add an image to <application>UEC</application> is to "
5863
"install it from the Image Store on the UEC web interface."
5864
msgstr ""
5865
5866
#: serverguide/C/virtualization.xml:1740(para)
5867
msgid ""
5868
"Access the web interface at the following URL (Make sure you specify https):"
5869
msgstr ""
5870
5871
#: serverguide/C/virtualization.xml:1748(para)
5872
msgid ""
5873
"Enter your login and password (if requested, as you may still be logged in "
5874
"from earlier)."
5875
msgstr ""
5876
5877
#: serverguide/C/virtualization.xml:1753(para)
5878
msgid "Click on the <emphasis>Store</emphasis> tab."
5879
msgstr ""
5880
5881
#: serverguide/C/virtualization.xml:1758(para)
5882
msgid "Browse available images."
5883
msgstr ""
5884
5885
#: serverguide/C/virtualization.xml:1763(para)
5886
msgid "Click on <emphasis>install</emphasis> for the image you want."
5887
msgstr ""
5888
5889
#: serverguide/C/virtualization.xml:1769(para)
5890
msgid ""
5891
"Once the image has been downloaded and installed, you can click on "
5892
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5893
"button to view the command to execute to instantiate (start) this image. The "
5894
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5895
"tab."
5896
msgstr ""
5897
5898
#: serverguide/C/virtualization.xml:1777(title) serverguide/C/dns.xml:619(title)
5899
msgid "More Information"
5900
msgstr "Больш зьвестак"
5901
5902
#: serverguide/C/virtualization.xml:1779(para)
5903
msgid ""
5904
"How to use the <ulink "
5905
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
5906
"Controller</ulink>"
5907
msgstr ""
5908
5909
#: serverguide/C/virtualization.xml:1783(para)
5910
msgid "Controlling eucalyptus services:"
5911
msgstr ""
5912
5913
#: serverguide/C/virtualization.xml:1788(para)
5914
msgid ""
5915
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
5916
msgstr ""
5917
5918
#: serverguide/C/virtualization.xml:1789(para)
5919
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
5920
msgstr ""
5921
5922
#: serverguide/C/virtualization.xml:1792(para)
5923
msgid "Locations of some important files:"
5924
msgstr ""
5925
5926
#: serverguide/C/virtualization.xml:1799(emphasis)
5927
msgid "Log files:"
5928
msgstr ""
5929
5930
#: serverguide/C/virtualization.xml:1802(para)
5931
msgid "/var/log/eucalyptus"
5932
msgstr ""
5933
5934
#: serverguide/C/virtualization.xml:1807(emphasis)
5935
msgid "Configuration files:"
5936
msgstr ""
5937
5938
#: serverguide/C/virtualization.xml:1810(para)
5939
msgid "/etc/eucalyptus"
5940
msgstr ""
5941
5942
#: serverguide/C/virtualization.xml:1815(emphasis)
5943
msgid "Database:"
5944
msgstr ""
5945
5946
#: serverguide/C/virtualization.xml:1818(para)
5947
msgid "/var/lib/eucalyptus/db"
5948
msgstr ""
5949
5950
#: serverguide/C/virtualization.xml:1823(emphasis)
5951
msgid "Keys:"
5952
msgstr ""
5953
5954
#: serverguide/C/virtualization.xml:1826(para)
5955
msgid "/var/lib/eucalyptus"
5956
msgstr ""
5957
5958
#: serverguide/C/virtualization.xml:1827(para)
5959
msgid "/var/lib/eucalyptus/.ssh"
5960
msgstr ""
5961
5962
#: serverguide/C/virtualization.xml:1833(para)
5963
msgid ""
5964
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
5965
"running the client tools."
5966
msgstr ""
5967
5968
#: serverguide/C/virtualization.xml:1844(para)
5969
msgid ""
5970
"For information on loading instances see the <ulink "
5971
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
5972
"page."
5973
msgstr ""
5974
5975
#: serverguide/C/virtualization.xml:1849(para)
5976
msgid ""
5977
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
5978
"documentation, downloads)</ulink>."
5979
msgstr ""
5980
5981
#: serverguide/C/virtualization.xml:1854(para)
5982
msgid ""
5983
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
5984
"(bugs, code)</ulink>."
5985
msgstr ""
5986
5987
#: serverguide/C/virtualization.xml:1859(para)
5988
msgid ""
5989
"<ulink "
5990
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
5991
"ptus Troubleshooting (1.5)</ulink>."
5992
msgstr ""
5993
5994
#: serverguide/C/virtualization.xml:1864(para)
5995
msgid ""
5996
"<ulink url=\"http://support.rightscale.com/2._References/02-"
5997
"Cloud_Infrastructures/Eucalyptus/03-"
5998
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
5999
"RightScale</ulink>."
6000
msgstr ""
6001
6002
#: serverguide/C/virtualization.xml:1870(para)
6003
msgid ""
6004
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
6005
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
6006
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
6007
msgstr ""
6008
6009
#: serverguide/C/virtualization.xml:1879(title)
6010
msgid "Glossary"
6011
msgstr ""
6012
6013
#: serverguide/C/virtualization.xml:1881(para)
6014
msgid ""
6015
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
6016
"unfamiliar to some readers. This page is intended to provide a glossary of "
6017
"such terms and acronyms."
6018
msgstr ""
6019
6020
#: serverguide/C/virtualization.xml:1888(para)
6021
msgid ""
6022
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
6023
"computing resources through virtual machines, provisioned and recollected "
6024
"dynamically."
6025
msgstr ""
6026
6027
#: serverguide/C/virtualization.xml:1894(para)
6028
msgid ""
6029
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
6030
"provides the web UI (an https server on port 8443), and implements the "
6031
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
6032
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
6033
"cloud</application> package."
6034
msgstr ""
6035
6036
#: serverguide/C/virtualization.xml:1901(para)
6037
msgid ""
6038
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6039
"Cluster Controller. There can be more than one Cluster in an installation of "
6040
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6041
"floor2, floor2)."
6042
msgstr ""
6043
6044
#: serverguide/C/virtualization.xml:1907(para)
6045
msgid ""
6046
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6047
"manages collections of node resources. This service is provided by the "
6048
"Ubuntu <application>eucalyptus-cc</application> package."
6049
msgstr ""
6050
6051
#: serverguide/C/virtualization.xml:1913(para)
6052
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6053
msgstr ""
6054
6055
#: serverguide/C/virtualization.xml:1918(para)
6056
msgid ""
6057
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6058
"pay-by-the-gigabyte public cloud computing offering."
6059
msgstr ""
6060
6061
#: serverguide/C/virtualization.xml:1923(para)
6062
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6063
msgstr ""
6064
6065
#: serverguide/C/virtualization.xml:1928(para)
6066
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6067
msgstr ""
6068
6069
#: serverguide/C/virtualization.xml:1933(para)
6070
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6071
msgstr ""
6072
6073
#: serverguide/C/virtualization.xml:1938(para)
6074
msgid ""
6075
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6076
"Linking Your Programs To Useful Systems. An open source project originally "
6077
"from the University of California at Santa Barbara, now supported by "
6078
"Eucalyptus Systems, a Canonical Partner."
6079
msgstr ""
6080
6081
#: serverguide/C/virtualization.xml:1945(para)
6082
msgid ""
6083
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6084
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6085
"cluster controller)."
6086
msgstr ""
6087
6088
#: serverguide/C/virtualization.xml:1951(para)
6089
msgid ""
6090
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6091
"running virtual machines, running a node controller. Within Ubuntu, this "
6092
"generally means that the CPU has VT extensions, and can run the KVM "
6093
"hypervisor."
6094
msgstr ""
6095
6096
#: serverguide/C/virtualization.xml:1957(para)
6097
msgid ""
6098
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6099
"on nodes which host the virtual machines that comprise the cloud. This "
6100
"service is provided by the Ubuntu package <application>eucalyptus-"
6101
"nc</application>."
6102
msgstr ""
6103
6104
#: serverguide/C/virtualization.xml:1963(para)
6105
msgid ""
6106
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6107
"gigabyte persistent storage solution for EC2."
6108
msgstr ""
6109
6110
#: serverguide/C/virtualization.xml:1968(para)
6111
msgid ""
6112
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6113
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6114
"installation can have its own Storage Controller. This component is provided "
6115
"by the <application>eucalyptus-sc</application> package."
6116
msgstr ""
6117
6118
#: serverguide/C/virtualization.xml:1975(para)
6119
msgid ""
6120
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6121
"solution, based on Eucalyptus."
6122
msgstr ""
6123
6124
#: serverguide/C/virtualization.xml:1980(para)
6125
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6126
msgstr ""
6127
6128
#: serverguide/C/virtualization.xml:1985(para)
6129
msgid ""
6130
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6131
"some modern CPUs, allowing for accelerated virtual machine hosting."
6132
msgstr ""
6133
6134
#: serverguide/C/virtualization.xml:1990(para)
6135
msgid ""
6136
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6137
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6138
"put/get abstractions."
6139
msgstr ""
6140
6141
#: serverguide/C/virtualization.xml:2000(title)
6142
msgid "OpenNebula"
6143
msgstr "OpenNebula"
6144
6145
#: serverguide/C/virtualization.xml:2002(para)
6146
msgid ""
6147
"<application>OpenNebula</application> allows virtual machines to be placed "
6148
"and re-placed dynamically on a pool of physical resources. This allows a "
6149
"virtual machine to be hosted from any location available."
6150
msgstr ""
6151
6152
#: serverguide/C/virtualization.xml:2007(para)
6153
msgid ""
6154
"This section will detail configuring an OpenNebula cluster using three "
6155
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
6156
"Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
6157
"also need a bridge configured to allow the virtual machines access to the "
6158
"local network. For details see <xref linkend=\"bridging\"/>."
6159
msgstr ""
6160
6161
#: serverguide/C/virtualization.xml:2016(para)
6162
msgid "First, from a terminal on the Front-End enter:"
6163
msgstr ""
6164
6165
#: serverguide/C/virtualization.xml:2021(command)
6166
msgid "sudo apt-get install opennebula"
6167
msgstr "sudo apt-get install opennebula"
6168
6169
#: serverguide/C/virtualization.xml:2024(para)
6170
msgid "On each Compute Node install:"
6171
msgstr ""
6172
6173
#: serverguide/C/virtualization.xml:2029(command)
6174
msgid "sudo apt-get install opennebula-node"
6175
msgstr "sudo apt-get install opennebula-node"
6176
6177
#: serverguide/C/virtualization.xml:2032(para)
6178
msgid ""
6179
"In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
6180
"to have a password. On each machine execute:"
6181
msgstr ""
6182
6183
#: serverguide/C/virtualization.xml:2037(command)
6184
msgid "sudo passwd oneadmin"
6185
msgstr "sudo passwd oneadmin"
6186
6187
#: serverguide/C/virtualization.xml:2040(para)
6188
msgid ""
6189
"Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
6190
"Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
6191
msgstr ""
6192
6193
#: serverguide/C/virtualization.xml:2045(command)
6194
msgid ""
6195
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
6196
"oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
6197
msgstr ""
6198
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
6199
"oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
6200
6201
#: serverguide/C/virtualization.xml:2046(command)
6202
msgid ""
6203
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
6204
"oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
6205
msgstr ""
6206
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
6207
"oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
6208
6209
#: serverguide/C/virtualization.xml:2047(command)
6210
msgid ""
6211
"sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
6212
"/var/lib/one/.ssh/authorized_keys\""
6213
msgstr ""
6214
"sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
6215
"/var/lib/one/.ssh/authorized_keys\""
6216
6217
#: serverguide/C/virtualization.xml:2050(para)
6218
msgid ""
6219
"The SSH key for the Compute Nodes needs to be added to the "
6220
"<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
6221
"accomplish this <application>ssh</application> to each Compute Node as a "
6222
"user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
6223
"session, and execute the following to copy the SSH key from "
6224
"<filename>~/.ssh/known_hosts</filename> to "
6225
"<filename>/etc/ssh/ssh_known_hosts</filename>:"
6226
msgstr ""
6227
6228
#: serverguide/C/virtualization.xml:2057(command)
6229
msgid ""
6230
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
6231
"/etc/ssh/ssh_known_hosts\""
6232
msgstr ""
6233
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
6234
"/etc/ssh/ssh_known_hosts\""
6235
6236
#: serverguide/C/virtualization.xml:2058(command)
6237
msgid ""
6238
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
6239
"/etc/ssh/ssh_known_hosts\""
6240
msgstr ""
6241
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
6242
"/etc/ssh/ssh_known_hosts\""
6243
6244
#: serverguide/C/virtualization.xml:2062(para)
6245
msgid ""
6246
"Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
6247
"appropriate host names."
6248
msgstr ""
6249
6250
#: serverguide/C/virtualization.xml:2067(para)
6251
msgid ""
6252
"This allows the <emphasis>oneadmin</emphasis> to use "
6253
"<application>scp</application>, without a password or manual intervention, "
6254
"to deploy an image to the Compute Nodes."
6255
msgstr ""
6256
6257
#: serverguide/C/virtualization.xml:2072(para)
6258
msgid ""
6259
"On the Front-End create a directory to store the VM images, giving the "
6260
"<emphasis>oneadmin</emphasis> user access to the directory:"
6261
msgstr ""
6262
6263
#: serverguide/C/virtualization.xml:2077(command)
6264
msgid "sudo mkdir /var/lib/one/images"
6265
msgstr "sudo mkdir /var/lib/one/images"
6266
6267
#: serverguide/C/virtualization.xml:2078(command)
6268
msgid "sudo chown oneadmin /var/lib/one/images/"
6269
msgstr "sudo chown oneadmin /var/lib/one/images/"
6270
6271
#: serverguide/C/virtualization.xml:2081(para)
6272
msgid ""
6273
"Finally, copy a virtual machine disk file into "
6274
"<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
6275
"machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
6276
"and-vmbuilder\"/> for details."
6277
msgstr ""
6278
6279
#: serverguide/C/virtualization.xml:2090(para)
6280
msgid ""
6281
"The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
6282
"and virtual machines added to the cluster."
6283
msgstr ""
6284
6285
#: serverguide/C/virtualization.xml:2094(para)
6286
msgid "From a terminal prompt enter:"
6287
msgstr ""
6288
6289
#: serverguide/C/virtualization.xml:2099(command)
6290
msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
6291
msgstr ""
6292
6293
#: serverguide/C/virtualization.xml:2100(command)
6294
msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
6295
msgstr ""
6296
6297
#: serverguide/C/virtualization.xml:2103(para)
6298
msgid ""
6299
"Next, create a <emphasis>Virtual Network</emphasis> template file named "
6300
"<filename>vnet01.template</filename>:"
6301
msgstr ""
6302
6303
#: serverguide/C/virtualization.xml:2107(programlisting)
6304
#, no-wrap
6305
msgid ""
6306
"\n"
6307
"NAME = \"LAN\"\n"
6308
"TYPE = RANGED\n"
6309
"BRIDGE = br0\n"
6310
"NETWORK_SIZE = C\n"
6311
"NETWORK_ADDRESS = 192.168.0.0\n"
6312
msgstr ""
6313
6314
#: serverguide/C/virtualization.xml:2116(para)
6315
msgid ""
6316
"Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
6317
msgstr ""
6318
6319
#: serverguide/C/virtualization.xml:2121(para)
6320
msgid ""
6321
"Using the <application>onevnet</application> utility, add the virtual "
6322
"network to OpenNebula:"
6323
msgstr ""
6324
6325
#: serverguide/C/virtualization.xml:2126(command)
6326
msgid "onevnet create vnet01.template"
6327
msgstr ""
6328
6329
#: serverguide/C/virtualization.xml:2129(para)
6330
msgid ""
6331
"Now create a <emphasis>VM Template</emphasis> file named "
6332
"<filename>vm01.template</filename>:"
6333
msgstr ""
6334
6335
#: serverguide/C/virtualization.xml:2133(programlisting)
6336
#, no-wrap
6337
msgid ""
6338
"\n"
6339
"NAME = vm01\n"
6340
"CPU = 0.5\n"
6341
"MEMORY = 512\n"
6342
"\n"
6343
"OS = [ BOOT = hd ]\n"
6344
"\n"
6345
"DISK = [\n"
6346
" source = \"/var/lib/one/images/vm01.qcow2\",\n"
6347
" target = \"hda\",\n"
6348
" readonly = \"no\" ]\n"
6349
"\n"
6350
"NIC = [ NETWORK=\"LAN\" ]\n"
6351
"\n"
6352
"GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
6353
msgstr ""
6354
6355
#: serverguide/C/virtualization.xml:2150(para)
6356
msgid "Start the virtual machine using <application>onevm</application>:"
6357
msgstr ""
6358
6359
#: serverguide/C/virtualization.xml:2155(command)
6360
msgid "onevm submit vm01.template"
6361
msgstr ""
6362
6363
#: serverguide/C/virtualization.xml:2158(para)
6364
msgid ""
6365
"Use the <application>onevm list</application> option to view information "
6366
"about virtual machines. Also, the <application>onevm show vm01</application> "
6367
"option will display more details about a specific virtual machine."
6368
msgstr ""
6369
6370
#: serverguide/C/virtualization.xml:2169(para)
6371
msgid ""
6372
"See the <ulink "
6373
"url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
6374
"> for more information."
6375
msgstr ""
6376
"Глядзіце <ulink url=\"http://www.opennebula.org/doku.php?id=start\">вэб-"
6377
"старонку OpenNebula website</ulink> для больш зьмястоўнай інфармацыі."
6378
6379
#: serverguide/C/virtualization.xml:2174(para)
6380
msgid ""
6381
"You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
6382
"<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
6383
"url=\"http://freenode.net\">Freenode</ulink>."
6384
msgstr ""
6385
6386
#: serverguide/C/virtualization.xml:2180(para)
6387
msgid ""
6388
"Also, the <ulink "
6389
"url=\"https://help.ubuntu.com/community/OpenNebula\">OpenNebula Ubuntu "
6390
"Wiki</ulink> page has more details."
6391
msgstr ""
6392
6393
#: serverguide/C/vcs.xml:13(title)
6394
msgid "Version Control System"
6395
msgstr ""
6396
6397
#: serverguide/C/vcs.xml:14(para)
6398
msgid ""
6399
"Version control is the art of managing changes to information. It has long "
6400
"been a critical tool for programmers, who typically spend their time making "
6401
"small changes to software and then undoing those changes the next day. But "
6402
"the usefulness of version control software extends far beyond the bounds of "
6403
"the software development world. Anywhere you can find people using computers "
6404
"to manage information that changes often, there is room for version control."
6405
msgstr ""
6406
6407
#: serverguide/C/vcs.xml:17(title)
6408
msgid "Bazaar"
6409
msgstr "Bazaar"
6410
6411
#: serverguide/C/vcs.xml:18(para)
6412
msgid ""
6413
"Bazaar is a new version control system sponsored by Canonical, the "
6414
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6415
"support a central repository model, Bazaar also supports "
6416
"<emphasis>distributed version control</emphasis>, giving people the ability "
6417
"to collaborate more efficiently. In particular, Bazaar is designed to "
6418
"maximize the level of community participation in open source projects."
6419
msgstr ""
6420
6421
#: serverguide/C/vcs.xml:29(para)
6422
msgid ""
6423
"At a terminal prompt, enter the following command to install "
6424
"<application>bzr</application>: <screen>\n"
6425
"<command>sudo apt-get install bzr</command>\n"
6426
"</screen>"
6427
msgstr ""
6428
6429
#: serverguide/C/vcs.xml:40(para)
6430
msgid ""
6431
"To introduce yourself to <application>bzr</application>, use the "
6432
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6433
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6434
"</screen>"
6435
msgstr ""
6436
6437
#: serverguide/C/vcs.xml:49(title)
6438
msgid "Learning Bazaar"
6439
msgstr "Вывучэньне Bazaar"
6440
6441
#: serverguide/C/vcs.xml:50(para)
6442
msgid ""
6443
"Bazaar comes with bundled documentation installed into "
6444
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6445
"is a good place to start. The <application>bzr</application> command also "
6446
"comes with built-in help: <screen>\n"
6447
"<command>$ bzr help</command>\n"
6448
"</screen>"
6449
msgstr ""
6450
6451
#: serverguide/C/vcs.xml:60(para)
6452
msgid ""
6453
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6454
"<command>$ bzr help foo</command>\n"
6455
"</screen>"
6456
msgstr ""
6457
6458
#: serverguide/C/vcs.xml:68(title)
6459
msgid "Launchpad Integration"
6460
msgstr ""
6461
6462
#: serverguide/C/vcs.xml:69(para)
6463
msgid ""
6464
"While highly useful as a stand-alone system, Bazaar has good, optional "
6465
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6466
"the collaborative development system used by Canonical and the broader open "
6467
"source community to manage and extend Ubuntu itself. For information on how "
6468
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6469
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6470
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6471
msgstr ""
6472
6473
#: serverguide/C/vcs.xml:81(title)
6474
msgid "Subversion"
6475
msgstr ""
6476
6477
#: serverguide/C/vcs.xml:82(para)
6478
msgid ""
6479
"Subversion is an open source version control system. Using Subversion, you "
6480
"can record the history of source files and documents. It manages files and "
6481
"directories over time. A tree of files is placed into a central repository. "
6482
"The repository is much like an ordinary file server, except that it "
6483
"remembers every change ever made to files and directories."
6484
msgstr ""
6485
6486
#: serverguide/C/vcs.xml:87(para)
6487
msgid ""
6488
"To access Subversion repository using the HTTP protocol, you must install "
6489
"and configure a web server. Apache2 is proven to work with Subversion. "
6490
"Please refer to the HTTP subsection in the Apache2 section to install and "
6491
"configure Apache2. To access the Subversion repository using the HTTPS "
6492
"protocol, you must install and configure a digital certificate in your "
6493
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6494
"section to install and configure the digital certificate."
6495
msgstr ""
6496
6497
#: serverguide/C/vcs.xml:96(para)
6498
msgid ""
6499
"To install Subversion, run the following command from a terminal prompt:"
6500
msgstr ""
6501
6502
#: serverguide/C/vcs.xml:101(command)
6503
msgid "sudo apt-get install subversion libapache2-svn"
6504
msgstr "sudo apt-get install subversion libapache2-svn"
6505
6506
#: serverguide/C/vcs.xml:108(para)
6507
msgid ""
6508
"This step assumes you have installed above mentioned packages on your "
6509
"system. This section explains how to create a Subversion repository and "
6510
"access the project."
6511
msgstr ""
6512
6513
#: serverguide/C/vcs.xml:111(title)
6514
msgid "Create Subversion Repository"
6515
msgstr ""
6516
6517
#: serverguide/C/vcs.xml:112(para)
6518
msgid ""
6519
"The Subversion repository can be created using the following command from a "
6520
"terminal prompt:"
6521
msgstr ""
6522
6523
#: serverguide/C/vcs.xml:116(command)
6524
msgid "svnadmin create /path/to/repos/project"
6525
msgstr ""
6526
6527
#: serverguide/C/vcs.xml:121(title)
6528
msgid "Importing Files"
6529
msgstr "Імпартаваньне файлаў"
6530
6531
#: serverguide/C/vcs.xml:122(para)
6532
msgid ""
6533
"Once you create the repository you can <emphasis>import</emphasis> files "
6534
"into the repository. To import a directory, enter the following from a "
6535
"terminal prompt: <screen>\n"
6536
"<command>svn import /path/to/import/directory "
6537
"file:///path/to/repos/project</command>\n"
6538
"</screen>"
6539
msgstr ""
6540
6541
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
6542
msgid "Access Methods"
6543
msgstr ""
6544
6545
#: serverguide/C/vcs.xml:135(para)
6546
msgid ""
6547
"Subversion repositories can be accessed (checked out) through many different "
6548
"methods --on local disk, or through various network protocols. A repository "
6549
"location, however, is always a URL. The table describes how different URL "
6550
"schemes map to the available access methods."
6551
msgstr ""
6552
6553
#: serverguide/C/vcs.xml:146(para)
6554
msgid "Schema"
6555
msgstr ""
6556
6557
#: serverguide/C/vcs.xml:147(para)
6558
msgid "Access Method"
6559
msgstr ""
6560
6561
#: serverguide/C/vcs.xml:152(para)
6562
msgid "file://"
6563
msgstr "file://"
6564
6565
#: serverguide/C/vcs.xml:153(para)
6566
msgid "direct repository access (on local disk)"
6567
msgstr ""
6568
6569
#: serverguide/C/vcs.xml:156(para)
6570
msgid "http://"
6571
msgstr "http://"
6572
6573
#: serverguide/C/vcs.xml:157(para)
6574
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6575
msgstr ""
6576
6577
#: serverguide/C/vcs.xml:160(para)
6578
msgid "https://"
6579
msgstr "https://"
6580
6581
#: serverguide/C/vcs.xml:161(para)
6582
msgid "Same as http://, but with SSL encryption"
6583
msgstr ""
6584
6585
#: serverguide/C/vcs.xml:164(para)
6586
msgid "svn://"
6587
msgstr "svn://"
6588
6589
#: serverguide/C/vcs.xml:165(para)
6590
msgid "Access via custom protocol to an svnserve server"
6591
msgstr ""
6592
6593
#: serverguide/C/vcs.xml:168(para)
6594
msgid "svn+ssh://"
6595
msgstr "svn+ssh://"
6596
6597
#: serverguide/C/vcs.xml:169(para)
6598
msgid "Same as svn://, but through an SSH tunnel"
6599
msgstr ""
6600
6601
#: serverguide/C/vcs.xml:175(para)
6602
msgid ""
6603
"In this section, we will see how to configure Subversion for all these "
6604
"access methods. Here, we cover the basics. For more advanced usage details, "
6605
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6606
msgstr ""
6607
6608
#: serverguide/C/vcs.xml:182(title)
6609
msgid "Direct repository access (file://)"
6610
msgstr ""
6611
6612
#: serverguide/C/vcs.xml:183(para)
6613
msgid ""
6614
"This is the simplest of all access methods. It does not require any "
6615
"Subversion server process to be running. This access method is used to "
6616
"access Subversion from the same machine. The syntax of the command, entered "
6617
"at a terminal prompt, is as follows:"
6618
msgstr ""
6619
6620
#: serverguide/C/vcs.xml:190(command)
6621
msgid "svn co file:///path/to/repos/project"
6622
msgstr ""
6623
6624
#: serverguide/C/vcs.xml:193(para)
6625
msgid "or"
6626
msgstr ""
6627
6628
#: serverguide/C/vcs.xml:196(command)
6629
msgid "svn co file://localhost/path/to/repos/project"
6630
msgstr ""
6631
6632
#: serverguide/C/vcs.xml:200(para)
6633
msgid ""
6634
"If you do not specify the hostname, there are three forward slashes (///) -- "
6635
"two for the protocol (file, in this case) plus the leading slash in the "
6636
"path. If you specify the hostname, you must use two forward slashes (//)."
6637
msgstr ""
6638
6639
#: serverguide/C/vcs.xml:202(para)
6640
msgid ""
6641
"The repository permissions depend on filesystem permissions. If the user has "
6642
"read/write permission, he can checkout from and commit to the repository."
6643
msgstr ""
6644
6645
#: serverguide/C/vcs.xml:205(title)
6646
msgid "Access via WebDAV protocol (http://)"
6647
msgstr ""
6648
6649
#: serverguide/C/vcs.xml:206(para)
6650
msgid ""
6651
"To access the Subversion repository via WebDAV protocol, you must configure "
6652
"your Apache 2 web server. Add the following snippet between the "
6653
"<emphasis><VirtualHost></emphasis> and "
6654
"<emphasis></VirtualHost></emphasis> elements in "
6655
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6656
"VirtualHost file:"
6657
msgstr ""
6658
6659
#: serverguide/C/vcs.xml:212(programlisting)
6660
#, no-wrap
6661
msgid ""
6662
"\n"
6663
" <Location /svn>\n"
6664
" DAV svn\n"
6665
" SVNPath /home/svn\n"
6666
" AuthType Basic\n"
6667
" AuthName \"Your repository name\"\n"
6668
" AuthUserFile /etc/subversion/passwd\n"
6669
" Require valid-user\n"
6670
" </Location> \n"
6671
msgstr ""
6672
6673
#: serverguide/C/vcs.xml:223(para)
6674
msgid ""
6675
"The above configuration snippet assumes that Subversion repositories are "
6676
"created under <filename>/home/svn/</filename> directory using "
6677
"<command>svnadmin</command> command. They can be accessible using "
6678
"<command>http://hostname/svn/repos_name</command> url."
6679
msgstr ""
6680
6681
#: serverguide/C/vcs.xml:229(para)
6682
msgid ""
6683
"To import or commit files to your Subversion repository over HTTP, the "
6684
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
6685
"HTTP user is <command>www-data</command>. To change the ownership of the "
6686
"repository files enter the following command from terminal prompt:"
6687
msgstr ""
6688
6689
#: serverguide/C/vcs.xml:238(command)
6690
msgid "sudo chown -R www-data:www-data /path/to/repos"
6691
msgstr "sudo chown -R www-data:www-data /path/to/repos"
6692
6693
#: serverguide/C/vcs.xml:241(para)
6694
msgid ""
6695
"By changing the ownership of repository as <command>www-data</command> you "
6696
"will not be able to import or commit files into the repository by running "
6697
"<command>svn import file:///</command> command as any user other than "
6698
"<command>www-data</command>."
6699
msgstr ""
6700
6701
#: serverguide/C/vcs.xml:250(para)
6702
msgid ""
6703
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
6704
"that will contain user authentication details. To create a file issue the "
6705
"following command at a command prompt (which will create the file and add "
6706
"the first user):"
6707
msgstr ""
6708
6709
#: serverguide/C/vcs.xml:256(command)
6710
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
6711
msgstr "sudo htpasswd -c /etc/subversion/passwd user_name"
6712
6713
#: serverguide/C/vcs.xml:259(para)
6714
msgid ""
6715
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
6716
"option replaces the old file. Instead use this form:"
6717
msgstr ""
6718
6719
#: serverguide/C/vcs.xml:264(command)
6720
msgid "sudo htpasswd /etc/subversion/password user_name"
6721
msgstr "sudo htpasswd /etc/subversion/password user_name"
6722
6723
#: serverguide/C/vcs.xml:268(para)
6724
msgid ""
6725
"This command will prompt you to enter the password. Once you enter the "
6726
"password, the user is added. Now, to access the repository you can run the "
6727
"following command:"
6728
msgstr ""
6729
6730
#: serverguide/C/vcs.xml:269(command)
6731
msgid "svn co http://servername/svn"
6732
msgstr ""
6733
6734
#: serverguide/C/vcs.xml:271(para)
6735
msgid ""
6736
"The password is transmitted as plain text. If you are worried about password "
6737
"snooping, you are advised to use SSL encryption. For details, please refer "
6738
"next section."
6739
msgstr ""
6740
6741
#: serverguide/C/vcs.xml:277(title)
6742
msgid "Access via WebDAV protocol with SSL encryption (https://)"
6743
msgstr ""
6744
6745
#: serverguide/C/vcs.xml:278(para)
6746
msgid ""
6747
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
6748
"(https://) is similar to http:// except that you must install and configure "
6749
"the digital certificate in your Apache2 web server. To use SSL with "
6750
"Subversion add the above Apache2 configuration to "
6751
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
6752
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
6753
"configuration\"/>."
6754
msgstr ""
6755
6756
#: serverguide/C/vcs.xml:287(para)
6757
msgid ""
6758
"You can install a digital certificate issued by a signing authority. "
6759
"Alternatively, you can install your own self-signed certificate."
6760
msgstr ""
6761
6762
#: serverguide/C/vcs.xml:292(para)
6763
msgid ""
6764
"This step assumes you have installed and configured a digital certificate in "
6765
"your Apache 2 web server. Now, to access the Subversion repository, please "
6766
"refer to the above section! The access methods are exactly the same, except "
6767
"the protocol. You must use https:// to access the Subversion repository."
6768
msgstr ""
6769
6770
#: serverguide/C/vcs.xml:302(title)
6771
msgid "Access via custom protocol (svn://)"
6772
msgstr ""
6773
6774
#: serverguide/C/vcs.xml:303(para)
6775
msgid ""
6776
"Once the Subversion repository is created, you can configure the access "
6777
"control. You can edit the <filename> "
6778
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
6779
"access control. For example, to set up authentication, you can uncomment the "
6780
"following lines in the configuration file:"
6781
msgstr ""
6782
6783
#: serverguide/C/vcs.xml:310(programlisting)
6784
#, no-wrap
6785
msgid ""
6786
"# [general]\n"
6787
"# password-db = passwd"
6788
msgstr ""
6789
"# [general]\n"
6790
"# password-db = passwd"
6791
6792
#: serverguide/C/vcs.xml:313(para)
6793
msgid ""
6794
"After uncommenting the above lines, you can maintain the user list in the "
6795
"passwd file. So, edit the file <filename>passwd </filename> in the same "
6796
"directory and add the new user. The syntax is as follows:"
6797
msgstr ""
6798
6799
#: serverguide/C/vcs.xml:319(programlisting)
6800
#, no-wrap
6801
msgid "username = password"
6802
msgstr ""
6803
6804
#: serverguide/C/vcs.xml:320(para)
6805
msgid "For more details, please refer to the file."
6806
msgstr ""
6807
6808
#: serverguide/C/vcs.xml:324(para)
6809
msgid ""
6810
"Now, to access Subversion via the svn:// custom protocol, either from the "
6811
"same machine or a different machine, you can run svnserver using svnserve "
6812
"command. The syntax is as follows:"
6813
msgstr ""
6814
6815
#: serverguide/C/vcs.xml:329(programlisting)
6816
#, no-wrap
6817
msgid ""
6818
"$ svnserve -d --foreground -r /path/to/repos\n"
6819
"# -d -- daemon mode\n"
6820
"# --foreground -- run in foreground (useful for debugging)\n"
6821
"# -r -- root of directory to serve\n"
6822
"\n"
6823
"For more usage details, please refer to:\n"
6824
"$ svnserve --help"
6825
msgstr ""
6826
6827
#: serverguide/C/vcs.xml:337(para)
6828
msgid ""
6829
"Once you run this command, Subversion starts listening on default port "
6830
"(3690). To access the project repository, you must run the following command "
6831
"from a terminal prompt:"
6832
msgstr ""
6833
6834
#: serverguide/C/vcs.xml:340(command)
6835
msgid "svn co svn://hostname/project project --username user_name"
6836
msgstr "svn co svn://hostname/project project --username user_name"
6837
6838
#: serverguide/C/vcs.xml:343(para)
6839
msgid ""
6840
"Based on server configuration, it prompts for password. Once you are "
6841
"authenticated, it checks out the code from Subversion repository. To "
6842
"synchronize the project repository with the local copy, you can run the "
6843
"<command>update</command> sub-command. The syntax of the command, entered at "
6844
"a terminal prompt, is as follows:"
6845
msgstr ""
6846
6847
#: serverguide/C/vcs.xml:351(command)
6848
msgid "cd project_dir ; svn update"
6849
msgstr ""
6850
6851
#: serverguide/C/vcs.xml:354(para)
6852
msgid ""
6853
"For more details about using each Subversion sub-command, you can refer to "
6854
"the manual. For example, to learn more about the co (checkout) command, "
6855
"please run the following command from a terminal prompt:"
6856
msgstr ""
6857
6858
#: serverguide/C/vcs.xml:358(command)
6859
msgid "svn co help"
6860
msgstr "svn co help"
6861
6862
#: serverguide/C/vcs.xml:362(title)
6863
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
6864
msgstr ""
6865
6866
#: serverguide/C/vcs.xml:363(para)
6867
msgid ""
6868
"The configuration and server process is same as in the svn:// method. For "
6869
"details, please refer to the above section. This step assumes you have "
6870
"followed the above step and started the Subversion server using "
6871
"<application>svnserve</application> command."
6872
msgstr ""
6873
6874
#: serverguide/C/vcs.xml:369(para)
6875
msgid ""
6876
"It is also assumed that the ssh server is running on that machine and that "
6877
"it is allowing incoming connections. To confirm, please try to login to that "
6878
"machine using ssh. If you can login, everything is perfect. If you cannot "
6879
"login, please address it before continuing further."
6880
msgstr ""
6881
6882
#: serverguide/C/vcs.xml:375(para)
6883
msgid ""
6884
"The svn+ssh:// protocol is used to access the Subversion repository using "
6885
"SSL encryption. The data transfer is encrypted using this method. To access "
6886
"the project repository (for example with a checkout), you must use the "
6887
"following command syntax:"
6888
msgstr ""
6889
6890
#: serverguide/C/vcs.xml:382(command)
6891
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
6892
msgstr "svn co svn+ssh://hostname/var/svn/repos/project"
6893
6894
#: serverguide/C/vcs.xml:386(para)
6895
msgid ""
6896
"You must use the full path (/path/to/repos/project) to access the Subversion "
6897
"repository using this access method."
6898
msgstr ""
6899
6900
#: serverguide/C/vcs.xml:389(para)
6901
msgid ""
6902
"Based on server configuration, it prompts for password. You must enter the "
6903
"password you use to login via ssh. Once you are authenticated, it checks out "
6904
"the code from the Subversion repository."
6905
msgstr ""
6906
6907
#: serverguide/C/vcs.xml:399(title)
6908
msgid "CVS Server"
6909
msgstr "Сэрвер CVS"
6910
6911
#: serverguide/C/vcs.xml:400(para)
6912
msgid ""
6913
"CVS is a version control system. You can use it to record the history of "
6914
"source files."
6915
msgstr ""
6916
6917
#: serverguide/C/vcs.xml:406(para)
6918
msgid ""
6919
"To install <application>CVS</application>, run the following command from a "
6920
"terminal prompt: <screen>\n"
6921
"<command>sudo apt-get install cvs</command>\n"
6922
"</screen> After you install <application>cvs</application>, you should "
6923
"install <application>xinetd</application> to start/stop the cvs server. At "
6924
"the prompt, enter the following command to install "
6925
"<application>xinetd</application>: <screen>\n"
6926
"<command>sudo apt-get install xinetd</command>\n"
6927
"</screen>"
6928
msgstr ""
6929
6930
#: serverguide/C/vcs.xml:439(programlisting)
6931
#, no-wrap
6932
msgid ""
6933
"\n"
6934
"service cvspserver\n"
6935
"{\n"
6936
" port = 2401\n"
6937
" socket_type = stream\n"
6938
" protocol = tcp\n"
6939
" user = root\n"
6940
" wait = no\n"
6941
" type = UNLISTED\n"
6942
" server = /usr/bin/cvs\n"
6943
" server_args = -f --allow-root /var/lib/cvs pserver\n"
6944
" disable = no\n"
6945
"}\n"
6946
msgstr ""
6947
6948
#: serverguide/C/vcs.xml:455(para)
6949
msgid ""
6950
"Be sure to edit the repository if you have changed the default repository "
6951
"(<application>/var/lib/cvs</application>) directory."
6952
msgstr ""
6953
6954
#: serverguide/C/vcs.xml:424(para)
6955
msgid ""
6956
"Once you install cvs, the repository will be automatically initialized. By "
6957
"default, the repository resides under the "
6958
"<application>/var/lib/cvs</application> directory. You can change this path "
6959
"by running following command: <screen>\n"
6960
"<command>cvs -d /your/new/cvs/repo init</command>\n"
6961
"</screen> Once the initial repository is set up, you can configure "
6962
"<application>xinetd</application> to start the CVS server. You can copy the "
6963
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
6964
"<placeholder-1/><placeholder-2/> Once you have configured "
6965
"<application>xinetd</application> you can start the cvs server by running "
6966
"following command: <screen>\n"
6967
"<command>sudo /etc/init.d/xinetd restart</command>\n"
6968
"</screen>"
6969
msgstr ""
6970
6971
#: serverguide/C/vcs.xml:468(para)
6972
msgid ""
6973
"You can confirm that the CVS server is running by issuing the following "
6974
"command:"
6975
msgstr ""
6976
6977
#: serverguide/C/vcs.xml:475(command)
6978
msgid "sudo netstat -tap | grep cvs"
6979
msgstr "sudo netstat -tap | grep cvs"
6980
6981
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
6982
msgid ""
6983
"When you run this command, you should see the following line or something "
6984
"similar:"
6985
msgstr ""
6986
6987
#: serverguide/C/vcs.xml:484(programlisting)
6988
#, no-wrap
6989
msgid ""
6990
"\n"
6991
"tcp 0 0 *:cvspserver *:* LISTEN \n"
6992
msgstr ""
6993
"\n"
6994
"tcp 0 0 *:cvspserver *:* LISTEN \n"
6995
6996
#: serverguide/C/vcs.xml:488(para)
6997
msgid ""
6998
"From here you can continue to add users, add new projects, and manage the "
6999
"CVS server."
7000
msgstr ""
7001
7002
#: serverguide/C/vcs.xml:493(para)
7003
msgid ""
7004
"CVS allows the user to add users independently of the underlying OS "
7005
"installation. Probably the easiest way is to use the Linux Users for CVS, "
7006
"although it has potential security issues. Please refer to the CVS manual "
7007
"for details."
7008
msgstr ""
7009
7010
#: serverguide/C/vcs.xml:503(title)
7011
msgid "Add Projects"
7012
msgstr ""
7013
7014
#: serverguide/C/vcs.xml:515(para)
7015
msgid ""
7016
"You can use the CVSROOT environment variable to store the CVS root "
7017
"directory. Once you export the CVSROOT environment variable, you can avoid "
7018
"using -d option in the above cvs command."
7019
msgstr ""
7020
7021
#: serverguide/C/vcs.xml:527(para)
7022
msgid ""
7023
"When you add a new project, the CVS user you use must have write access to "
7024
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
7025
"the <application>src</application> group has write access to the CVS "
7026
"repository. So, you can add the user to this group, and he can then add and "
7027
"manage projects in the CVS repository."
7028
msgstr ""
7029
7030
#: serverguide/C/vcs.xml:504(para)
7031
msgid ""
7032
"This section explains how to add new project to the CVS repository. Create "
7033
"the directory and add necessary document and source files to the directory. "
7034
"Now, run the following command to add this project to CVS repository: "
7035
"<screen>\n"
7036
"<command>cd your/project</command>\n"
7037
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
7038
"\"Importing my project to CVS repository\" . new_project start</command>\n"
7039
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
7040
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
7041
"purpose in this context, but since CVS requires them, they must be present. "
7042
"<placeholder-2/>"
7043
msgstr ""
7044
7045
#: serverguide/C/vcs.xml:540(ulink)
7046
msgid "Bazaar Home Page"
7047
msgstr "Хатняя старонка Bazaar"
7048
7049
#: serverguide/C/vcs.xml:541(ulink)
7050
msgid "Launchpad"
7051
msgstr "Launchpad"
7052
7053
#: serverguide/C/vcs.xml:542(ulink)
7054
msgid "Subversion Home Page"
7055
msgstr ""
7056
7057
#: serverguide/C/vcs.xml:543(ulink)
7058
msgid "Subversion Book"
7059
msgstr ""
7060
7061
#: serverguide/C/vcs.xml:545(ulink)
7062
msgid "CVS Manual"
7063
msgstr "Кіраўніцтва па CVS"
7064
7065
#: serverguide/C/vcs.xml:546(ulink)
7066
msgid "Easy Bazaar Ubuntu Wiki page"
7067
msgstr ""
7068
7069
#: serverguide/C/vcs.xml:547(ulink)
7070
msgid "Ubuntu Wiki Subversion page"
7071
msgstr ""
7072
7073
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
7074
msgid "Credits and License"
7075
msgstr "Падзякі й ліцэнзыя"
7076
7077
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
7078
msgid ""
7079
"This document is maintained by the Ubuntu documentation team "
7080
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
7081
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
7082
msgstr ""
7083
7084
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
7085
msgid ""
7086
"This document is made available under the Creative Commons ShareAlike 2.5 "
7087
"License (CC-BY-SA)."
7088
msgstr ""
7089
7090
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
7091
msgid ""
7092
"You are free to modify, extend, and improve the Ubuntu documentation source "
7093
"code under the terms of this license. All derivative works must be released "
7094
"under this license."
7095
msgstr ""
7096
7097
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
7098
msgid ""
7099
"This documentation is distributed in the hope that it will be useful, but "
7100
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
7101
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
7102
msgstr ""
7103
7104
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
7105
msgid ""
7106
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
7107
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
7108
msgstr ""
7109
7110
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7111
msgid "2008"
7112
msgstr "2008"
7113
7114
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7115
msgid "Ubuntu Documentation Project"
7116
msgstr "Праэкт дакумэнтацыі Убунту"
7117
7118
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7119
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7120
msgstr "Canonical Ltd. і сябры <placeholder-1/>"
7121
7122
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7123
msgid "The Ubuntu Documentation Project"
7124
msgstr ""
7125
7126
#: serverguide/C/serverguide.xml:17(para)
7127
msgid ""
7128
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7129
"information on how to install and configure various server applications on "
7130
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7131
"guide for configuring and customizing your system."
7132
msgstr ""
7133
7134
#: serverguide/C/security.xml:13(title)
7135
msgid "Security"
7136
msgstr "Бясьпека"
7137
7138
#: serverguide/C/security.xml:14(para)
7139
msgid ""
7140
"Security should always be considered when installing, deploying, and using "
7141
"any type of computer system. Although a fresh installation of Ubuntu is "
7142
"relatively safe for immediate use on the Internet, it is important to have a "
7143
"balanced understanding of your systems security posture based on how it will "
7144
"be used after deployment."
7145
msgstr ""
7146
7147
#: serverguide/C/security.xml:17(para)
7148
msgid ""
7149
"This chapter provides an overview of security related topics as they pertain "
7150
"to Ubuntu 10.04 LTS Server Edition, and outlines simple measures you may use "
7151
"to protect your server and network from any number of potential security "
7152
"threats."
7153
msgstr ""
7154
7155
#: serverguide/C/security.xml:21(title)
7156
msgid "User Management"
7157
msgstr ""
7158
7159
#: serverguide/C/security.xml:22(para)
7160
msgid ""
7161
"User management is a critical part of maintaining a secure system. "
7162
"Ineffective user and privilege management often lead many systems into being "
7163
"compromised. Therefore, it is important that you understand how you can "
7164
"protect your server through simple and effective user account management "
7165
"techniques."
7166
msgstr ""
7167
7168
#: serverguide/C/security.xml:26(title)
7169
msgid "Where is root?"
7170
msgstr ""
7171
7172
#: serverguide/C/security.xml:27(para)
7173
msgid ""
7174
"Ubuntu developers made a conscientious decision to disable the "
7175
"administrative root account by default in all Ubuntu installations. This "
7176
"does not mean that the root account has been deleted or that it may not be "
7177
"accessed. It merely has been given a password which matches no possible "
7178
"encrypted value, therefore may not log in directly by itself."
7179
msgstr ""
7180
7181
#: serverguide/C/security.xml:30(para)
7182
msgid ""
7183
"Instead, users are encouraged to make use of a tool by the name of "
7184
"<application>sudo</application> to carry out system administrative duties. "
7185
"<application>Sudo</application> allows an authorized user to temporarily "
7186
"elevate their privileges using their own password instead of having to know "
7187
"the password belonging to the root account. This simple yet effective "
7188
"methodology provides accountability for all user actions, and gives the "
7189
"administrator granular control over which actions a user can perform with "
7190
"said privileges."
7191
msgstr ""
7192
7193
#: serverguide/C/security.xml:35(para)
7194
msgid ""
7195
"If for some reason you wish to enable the root account, simply give it a "
7196
"password:"
7197
msgstr ""
7198
7199
#: serverguide/C/security.xml:39(command)
7200
msgid "sudo passwd"
7201
msgstr "sudo passwd"
7202
7203
#: serverguide/C/security.xml:41(para)
7204
msgid ""
7205
"Sudo will prompt you for your password, and then ask you to supply a new "
7206
"password for root as shown below:"
7207
msgstr ""
7208
7209
#: serverguide/C/security.xml:44(userinput)
7210
#, no-wrap
7211
msgid "(enter your own password)"
7212
msgstr "(увядзіце ваш асабісты пароль)"
7213
7214
#: serverguide/C/security.xml:45(userinput)
7215
#, no-wrap
7216
msgid "(enter a new password for root)"
7217
msgstr "(увядзіце новы пароль адміністратара)"
7218
7219
#: serverguide/C/security.xml:46(userinput)
7220
#, no-wrap
7221
msgid "(repeat new password for root)"
7222
msgstr "(паўтарыце новы пароль адміністратара)"
7223
7224
#: serverguide/C/security.xml:44(computeroutput)
7225
#, no-wrap
7226
msgid ""
7227
"[sudo] password for username: <placeholder-1/>\n"
7228
"Enter new UNIX password: <placeholder-2/>\n"
7229
"Retype new UNIX password: <placeholder-3/>\n"
7230
"passwd: password updated successfully"
7231
msgstr ""
7232
7233
#: serverguide/C/security.xml:51(para)
7234
msgid "To disable the root account, use the following passwd syntax:"
7235
msgstr ""
7236
7237
#: serverguide/C/security.xml:55(command)
7238
msgid "sudo passwd -l root"
7239
msgstr "sudo passwd -l root"
7240
7241
#: serverguide/C/security.xml:59(para)
7242
msgid ""
7243
"You should read more on <application>Sudo</application> by checking out it's "
7244
"man page:"
7245
msgstr ""
7246
7247
#: serverguide/C/security.xml:63(command)
7248
msgid "man sudo"
7249
msgstr "man sudo"
7250
7251
#: serverguide/C/security.xml:67(para)
7252
msgid ""
7253
"By default, the initial user created by the Ubuntu installer is a member of "
7254
"the group \"admin\" which is added to the file "
7255
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7256
"give any other account full root access through "
7257
"<application>sudo</application>, simply add them to the admin group."
7258
msgstr ""
7259
7260
#: serverguide/C/security.xml:73(title)
7261
msgid "Adding and Deleting Users"
7262
msgstr ""
7263
7264
#: serverguide/C/security.xml:74(para)
7265
msgid ""
7266
"The process for managing local users and groups is straight forward and "
7267
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7268
"other Debian based distributions, encourage the use of the \"adduser\" "
7269
"package for account management."
7270
msgstr ""
7271
7272
#: serverguide/C/security.xml:79(para)
7273
msgid ""
7274
"To add a user account, use the following syntax, and follow the prompts to "
7275
"give the account a password and identifiable characteristics such as a full "
7276
"name, phone number, etc."
7277
msgstr ""
7278
7279
#: serverguide/C/security.xml:83(command)
7280
msgid "sudo adduser username"
7281
msgstr "sudo adduser username"
7282
7283
#: serverguide/C/security.xml:87(para)
7284
msgid ""
7285
"To delete a user account and its primary group, use the following syntax:"
7286
msgstr ""
7287
7288
#: serverguide/C/security.xml:91(command)
7289
msgid "sudo deluser username"
7290
msgstr "sudo deluser username"
7291
7292
#: serverguide/C/security.xml:93(para)
7293
msgid ""
7294
"Deleting an account does not remove their respective home folder. It is up "
7295
"to you whether or not you wish to delete the folder manually or keep it "
7296
"according to your desired retention policies."
7297
msgstr ""
7298
7299
#: serverguide/C/security.xml:96(para)
7300
msgid ""
7301
"Remember, any user added later on with the same UID/GID as the previous "
7302
"owner will now have access to this folder if you have not taken the "
7303
"necessary precautions."
7304
msgstr ""
7305
7306
#: serverguide/C/security.xml:99(para)
7307
msgid ""
7308
"You may want to change these UID/GID values to something more appropriate, "
7309
"such as the root account, and perhaps even relocate the folder to avoid "
7310
"future conflicts:"
7311
msgstr ""
7312
7313
#: serverguide/C/security.xml:103(command)
7314
msgid "sudo chown -R root:root /home/username/"
7315
msgstr "sudo chown -R root:root /home/username/"
7316
7317
#: serverguide/C/security.xml:104(command)
7318
msgid "sudo mkdir /home/archived_users/"
7319
msgstr "sudo mkdir /home/archived_users/"
7320
7321
#: serverguide/C/security.xml:105(command)
7322
msgid "sudo mv /home/username /home/archived_users/"
7323
msgstr "sudo mv /home/username /home/archived_users/"
7324
7325
#: serverguide/C/security.xml:109(para)
7326
msgid ""
7327
"To temporarily lock or unlock a user account, use the following syntax, "
7328
"respectively:"
7329
msgstr ""
7330
7331
#: serverguide/C/security.xml:113(command)
7332
msgid "sudo passwd -l username"
7333
msgstr "sudo passwd -l username"
7334
7335
#: serverguide/C/security.xml:114(command)
7336
msgid "sudo passwd -u username"
7337
msgstr "sudo passwd -u username"
7338
7339
#: serverguide/C/security.xml:118(para)
7340
msgid ""
7341
"To add or delete a personalized group, use the following syntax, "
7342
"respectively:"
7343
msgstr ""
7344
7345
#: serverguide/C/security.xml:122(command)
7346
msgid "sudo addgroup groupname"
7347
msgstr "sudo addgroup groupname"
7348
7349
#: serverguide/C/security.xml:123(command)
7350
msgid "sudo delgroup groupname"
7351
msgstr "sudo delgroup groupname"
7352
7353
#: serverguide/C/security.xml:127(para)
7354
msgid "To add a user to a group, use the following syntax:"
7355
msgstr ""
7356
7357
#: serverguide/C/security.xml:131(command)
7358
msgid "sudo adduser username groupname"
7359
msgstr "sudo adduser username groupname"
7360
7361
#: serverguide/C/security.xml:138(title)
7362
msgid "User Profile Security"
7363
msgstr ""
7364
7365
#: serverguide/C/security.xml:139(para)
7366
msgid ""
7367
"When a new user is created, the adduser utility creates a brand new home "
7368
"directory named <filename class=\"directory\">/home/username</filename>, "
7369
"respectively. The default profile is modeled after the contents found in the "
7370
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7371
"includes all profile basics."
7372
msgstr ""
7373
7374
#: serverguide/C/security.xml:142(para)
7375
msgid ""
7376
"If your server will be home to multiple users, you should pay close "
7377
"attention to the user home directory permissions to ensure confidentiality. "
7378
"By default, user home directories in Ubuntu are created with world "
7379
"read/execute permissions. This means that all users can browse and access "
7380
"the contents of other users home directories. This may not be suitable for "
7381
"your environment."
7382
msgstr ""
7383
7384
#: serverguide/C/security.xml:147(para)
7385
msgid ""
7386
"To verify your current users home directory permissions, use the following "
7387
"syntax:"
7388
msgstr ""
7389
7390
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
7391
msgid "ls -ld /home/username"
7392
msgstr "ls -ld /home/username"
7393
7394
#: serverguide/C/security.xml:153(para)
7395
msgid ""
7396
"The following output shows that the directory <filename "
7397
"class=\"directory\">/home/username</filename> has world readable permissions:"
7398
msgstr ""
7399
7400
#: serverguide/C/security.xml:156(computeroutput)
7401
#, no-wrap
7402
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7403
msgstr ""
7404
7405
#: serverguide/C/security.xml:160(para)
7406
msgid ""
7407
"You can remove the world readable permissions using the following syntax:"
7408
msgstr ""
7409
7410
#: serverguide/C/security.xml:164(command)
7411
msgid "sudo chmod 0750 /home/username"
7412
msgstr "sudo chmod 0750 /home/username"
7413
7414
#: serverguide/C/security.xml:167(para)
7415
msgid ""
7416
"Some people tend to use the recursive option (-R) indiscriminately which "
7417
"modifies all child folders and files, but this is not necessary, and may "
7418
"yield other undesirable results. The parent directory alone is sufficient "
7419
"for preventing unauthorized access to anything below the parent."
7420
msgstr ""
7421
7422
#: serverguide/C/security.xml:171(para)
7423
msgid ""
7424
"A much more efficient approach to the matter would be to modify the "
7425
"<application>adduser</application> global default permissions when creating "
7426
"user home folders. Simply edit the file "
7427
"<filename>/etc/adduser.conf</filename> and modify the "
7428
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7429
"new home directories will receive the correct permissions."
7430
msgstr ""
7431
7432
#: serverguide/C/security.xml:174(programlisting)
7433
#, no-wrap
7434
msgid ""
7435
"\n"
7436
"DIR_MODE=0750\n"
7437
msgstr ""
7438
"\n"
7439
"DIR_MODE=0750\n"
7440
7441
#: serverguide/C/security.xml:179(para)
7442
msgid ""
7443
"After correcting the directory permissions using any of the previously "
7444
"mentioned techniques, verify the results using the following syntax:"
7445
msgstr ""
7446
7447
#: serverguide/C/security.xml:185(para)
7448
msgid ""
7449
"The results below show that world readable permissions have been removed:"
7450
msgstr ""
7451
7452
#: serverguide/C/security.xml:188(computeroutput)
7453
#, no-wrap
7454
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7455
msgstr ""
7456
7457
#: serverguide/C/security.xml:195(title)
7458
msgid "Password Policy"
7459
msgstr ""
7460
7461
#: serverguide/C/security.xml:196(para)
7462
msgid ""
7463
"A strong password policy is one of the most important aspects of your "
7464
"security posture. Many successful security breaches involve simple brute "
7465
"force and dictionary attacks against weak passwords. If you intend to offer "
7466
"any form of remote access involving your local password system, make sure "
7467
"you adequately address minimum password complexity requirements, maximum "
7468
"password lifetimes, and frequent audits of your authentication systems."
7469
msgstr ""
7470
7471
#: serverguide/C/security.xml:200(title)
7472
msgid "Minimum Password Length"
7473
msgstr "Мінімальная даўжыня пароля"
7474
7475
#: serverguide/C/security.xml:201(para)
7476
msgid ""
7477
"By default, Ubuntu requires a minimum password length of 4 characters, as "
7478
"well as some basic entropy checks. These values are controlled in the file "
7479
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7480
msgstr ""
7481
7482
#: serverguide/C/security.xml:204(programlisting)
7483
#, no-wrap
7484
msgid ""
7485
"\n"
7486
"password required pam_unix.so nullok obscure min=4 max=8 md5\n"
7487
msgstr ""
7488
7489
#: serverguide/C/security.xml:207(para)
7490
msgid ""
7491
"If you would like to adjust the minimum length to 6 characters, change the "
7492
"appropriate variable to min=6. The modification is outlined below."
7493
msgstr ""
7494
7495
#: serverguide/C/security.xml:210(programlisting)
7496
#, no-wrap
7497
msgid ""
7498
"\n"
7499
"password required pam_unix.so nullok obscure min=6 max=8 md5\n"
7500
msgstr ""
7501
7502
#: serverguide/C/security.xml:214(para)
7503
msgid ""
7504
"The <varname>max=8</varname> variable does not represent the maximum length "
7505
"of a password. It only means that complexity requirements will not be "
7506
"checked on passwords over 8 characters. You may want to look at the "
7507
"<application>libpam-cracklib</application> package for additional password "
7508
"entropy assistance."
7509
msgstr ""
7510
7511
#: serverguide/C/security.xml:220(title)
7512
msgid "Password Expiration"
7513
msgstr ""
7514
7515
#: serverguide/C/security.xml:221(para)
7516
msgid ""
7517
"When creating user accounts, you should make it a policy to have a minimum "
7518
"and maximum password age forcing users to change their passwords when they "
7519
"expire."
7520
msgstr ""
7521
7522
#: serverguide/C/security.xml:226(para)
7523
msgid ""
7524
"To easily view the current status of a user account, use the following "
7525
"syntax:"
7526
msgstr ""
7527
7528
#: serverguide/C/security.xml:230(command) serverguide/C/security.xml:263(command)
7529
msgid "sudo chage -l username"
7530
msgstr "sudo chage -l username"
7531
7532
#: serverguide/C/security.xml:232(para)
7533
msgid ""
7534
"The output below shows interesting facts about the user account, namely that "
7535
"there are no policies applied:"
7536
msgstr ""
7537
7538
#: serverguide/C/security.xml:235(computeroutput)
7539
#, no-wrap
7540
msgid ""
7541
"Last password change : Jan 20, 2008\n"
7542
"Password expires : never\n"
7543
"Password inactive : never\n"
7544
"Account expires : never\n"
7545
"Minimum number of days between password change : 0\n"
7546
"Maximum number of days between password change : 99999\n"
7547
"Number of days of warning before password expires : 7"
7548
msgstr ""
7549
7550
#: serverguide/C/security.xml:245(para)
7551
msgid ""
7552
"To set any of these values, simply use the following syntax, and follow the "
7553
"interactive prompts:"
7554
msgstr ""
7555
7556
#: serverguide/C/security.xml:249(command)
7557
msgid "sudo chage username"
7558
msgstr "sudo chage username"
7559
7560
#: serverguide/C/security.xml:251(para)
7561
msgid ""
7562
"The following is also an example of how you can manually change the explicit "
7563
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7564
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7565
"password expiration, and a warning time period (-W) of 14 days before "
7566
"password expiration."
7567
msgstr ""
7568
7569
#: serverguide/C/security.xml:255(command)
7570
msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
7571
msgstr "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
7572
7573
#: serverguide/C/security.xml:259(para)
7574
msgid "To verify changes, use the same syntax as mentioned previously:"
7575
msgstr ""
7576
7577
#: serverguide/C/security.xml:265(para)
7578
msgid ""
7579
"The output below shows the new policies that have been established for the "
7580
"account:"
7581
msgstr ""
7582
7583
#: serverguide/C/security.xml:268(computeroutput)
7584
#, no-wrap
7585
msgid ""
7586
"Last password change : Jan 20, 2008\n"
7587
"Password expires : Apr 19, 2008\n"
7588
"Password inactive : May 19, 2008\n"
7589
"Account expires : Jan 31, 2008\n"
7590
"Minimum number of days between password change : 5\n"
7591
"Maximum number of days between password change : 90\n"
7592
"Number of days of warning before password expires : 14"
7593
msgstr ""
7594
7595
#: serverguide/C/security.xml:284(title)
7596
msgid "Other Security Considerations"
7597
msgstr ""
7598
7599
#: serverguide/C/security.xml:285(para)
7600
msgid ""
7601
"Many applications use alternate authentication mechanisms that can be easily "
7602
"overlooked by even experienced system administrators. Therefore, it is "
7603
"important to understand and control how users authenticate and gain access "
7604
"to services and applications on your server."
7605
msgstr ""
7606
7607
#: serverguide/C/security.xml:290(title)
7608
msgid "SSH Access by Disabled Users"
7609
msgstr ""
7610
7611
#: serverguide/C/security.xml:291(para)
7612
msgid ""
7613
"Simply disabling/locking a user account will not prevent a user from logging "
7614
"into your server remotely if they have previously set up RSA public key "
7615
"authentication. They will still be able to gain shell access to the server, "
7616
"without the need for any password. Remember to check the users home "
7617
"directory for files that will allow for this type of authenticated SSH "
7618
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7619
msgstr ""
7620
7621
#: serverguide/C/security.xml:294(para)
7622
msgid ""
7623
"Remove or rename the directory <filename "
7624
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7625
"further SSH authentication capabilities."
7626
msgstr ""
7627
7628
#: serverguide/C/security.xml:297(para)
7629
msgid ""
7630
"Be sure to check for any established SSH connections by the disabled user, "
7631
"as it is possible they may have existing inbound or outbound connections. "
7632
"Kill any that are found."
7633
msgstr ""
7634
7635
#: serverguide/C/security.xml:300(para)
7636
msgid ""
7637
"Restrict SSH access to only user accounts that should have it. For example, "
7638
"you may create a group called \"sshlogin\" and add the group name as the "
7639
"value associated with the <varname>AllowGroups</varname> variable located in "
7640
"the file <filename>/etc/ssh/sshd_config</filename>."
7641
msgstr ""
7642
7643
#: serverguide/C/security.xml:303(programlisting)
7644
#, no-wrap
7645
msgid ""
7646
"\n"
7647
"AllowGroups sshlogin\n"
7648
msgstr ""
7649
7650
#: serverguide/C/security.xml:306(para)
7651
msgid ""
7652
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7653
"SSH service."
7654
msgstr ""
7655
7656
#: serverguide/C/security.xml:310(command)
7657
msgid "sudo adduser username sshlogin"
7658
msgstr "sudo adduser username sshlogin"
7659
7660
#: serverguide/C/security.xml:311(command) serverguide/C/remote-administration.xml:150(command)
7661
msgid "sudo /etc/init.d/ssh restart"
7662
msgstr "sudo /etc/init.d/ssh restart"
7663
7664
#: serverguide/C/security.xml:315(title)
7665
msgid "External User Database Authentication"
7666
msgstr ""
7667
7668
#: serverguide/C/security.xml:316(para)
7669
msgid ""
7670
"Most enterprise networks require centralized authentication and access "
7671
"controls for all system resources. If you have configured your server to "
7672
"authenticate users against external databases, be sure to disable the user "
7673
"accounts both externally and locally, this way you ensure that local "
7674
"fallback authentication is not possible."
7675
msgstr ""
7676
7677
#: serverguide/C/security.xml:325(title)
7678
msgid "Console Security"
7679
msgstr ""
7680
7681
#: serverguide/C/security.xml:326(para)
7682
msgid ""
7683
"As with any other security barrier you put in place to protect your server, "
7684
"it is pretty tough to defend against untold damage caused by someone with "
7685
"physical access to your environment, for example, theft of hard drives, "
7686
"power or service disruption and so on. Therefore, console security should be "
7687
"addressed merely as one component of your overall physical security "
7688
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7689
"very least slow down a determined one, so it is still advisable to perform "
7690
"basic precautions with regard to console security."
7691
msgstr ""
7692
7693
#: serverguide/C/security.xml:329(para)
7694
msgid ""
7695
"The following instructions will help defend your server against issues that "
7696
"could otherwise yield very serious consequences."
7697
msgstr ""
7698
7699
#: serverguide/C/security.xml:334(title)
7700
msgid "Disable Ctrl+Alt+Delete"
7701
msgstr "Выключыць Ctrl+Alt+Delete"
7702
7703
#: serverguide/C/security.xml:335(para)
7704
msgid ""
7705
"First and foremost, anyone that has physical access to the keyboard can "
7706
"simply use the "
7707
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7708
"eycombo> key combination to reboot the server without having to log on. "
7709
"Sure, someone could simply unplug the power source, but you should still "
7710
"prevent the use of this key combination on a production server. This forces "
7711
"an attacker to take more drastic measures to reboot the server, and will "
7712
"prevent accidental reboots at the same time."
7713
msgstr ""
7714
7715
#: serverguide/C/security.xml:340(para)
7716
msgid ""
7717
"To disable the reboot action taken by pressing the "
7718
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7719
"eycombo> key combination, comment out the following line in the file "
7720
"<filename>/etc/init/control-alt-delete.conf</filename>."
7721
msgstr ""
7722
7723
#: serverguide/C/security.xml:343(programlisting)
7724
#, no-wrap
7725
msgid ""
7726
"\n"
7727
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7728
msgstr ""
7729
7730
#: serverguide/C/security.xml:352(title)
7731
msgid "Firewall"
7732
msgstr "Брандмаўэр"
7733
7734
#: serverguide/C/security.xml:355(para)
7735
msgid ""
7736
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7737
"which is used to manipulate or decide the fate of network traffic headed "
7738
"into or through your server. All modern Linux firewall solutions use this "
7739
"system for packet filtering."
7740
msgstr ""
7741
7742
#: serverguide/C/security.xml:360(para)
7743
msgid ""
7744
"The kernel's packet filtering system would be of little use to "
7745
"administrators without a userspace interface to manage it. This is the "
7746
"purpose of iptables. When a packet reaches your server, it will be handed "
7747
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
7748
"based on the rules supplied to it from userspace via iptables. Thus, "
7749
"iptables is all you need to manage your firewall if you're familiar with it, "
7750
"but many frontends are available to simplify the task."
7751
msgstr ""
7752
7753
#: serverguide/C/security.xml:370(title)
7754
msgid "ufw - Uncomplicated Firewall"
7755
msgstr ""
7756
7757
#: serverguide/C/security.xml:371(para)
7758
msgid ""
7759
"The default firewall configuration tool for Ubuntu is "
7760
"<application>ufw</application>. Developed to ease iptables firewall "
7761
"configuration, <application>ufw</application> provides a user friendly way "
7762
"to create an IPv4 or IPv6 host-based firewall."
7763
msgstr ""
7764
7765
#: serverguide/C/security.xml:375(para)
7766
msgid ""
7767
"<application>ufw</application> by default is initially disabled. From the "
7768
"<application>ufw</application> man page:"
7769
msgstr ""
7770
7771
#: serverguide/C/security.xml:379(quote)
7772
msgid ""
7773
"ufw is not intended to provide complete firewall functionality via its "
7774
"command interface, but instead provides an easy way to add or remove simple "
7775
"rules. It is currently mainly used for host-based firewalls."
7776
msgstr ""
7777
7778
#: serverguide/C/security.xml:383(para)
7779
msgid ""
7780
"The following are some examples of how to use <application>ufw</application>:"
7781
msgstr ""
7782
7783
#: serverguide/C/security.xml:388(para)
7784
msgid ""
7785
"First, <application>ufw</application> needs to be enabled. From a terminal "
7786
"prompt enter:"
7787
msgstr ""
7788
7789
#: serverguide/C/security.xml:392(command)
7790
msgid "sudo ufw enable"
7791
msgstr "sudo ufw enable"
7792
7793
#: serverguide/C/security.xml:396(para)
7794
msgid "To open a port (ssh in this example):"
7795
msgstr ""
7796
7797
#: serverguide/C/security.xml:400(command)
7798
msgid "sudo ufw allow 22"
7799
msgstr "sudo ufw allow 22"
7800
7801
#: serverguide/C/security.xml:404(para)
7802
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
7803
msgstr ""
7804
7805
#: serverguide/C/security.xml:408(command)
7806
msgid "sudo ufw insert 1 allow 80"
7807
msgstr "sudo ufw insert 1 allow 80"
7808
7809
#: serverguide/C/security.xml:412(para)
7810
msgid "Similarly, to close an opened port:"
7811
msgstr ""
7812
7813
#: serverguide/C/security.xml:416(command)
7814
msgid "sudo ufw deny 22"
7815
msgstr "sudo ufw deny 22"
7816
7817
#: serverguide/C/security.xml:420(para)
7818
msgid "To remove a rule, use delete followed by the rule:"
7819
msgstr ""
7820
7821
#: serverguide/C/security.xml:424(command)
7822
msgid "sudo ufw delete deny 22"
7823
msgstr "sudo ufw delete deny 22"
7824
7825
#: serverguide/C/security.xml:428(para)
7826
msgid ""
7827
"It is also possible to allow access from specific hosts or networks to a "
7828
"port. The following example allows ssh access from host 192.168.0.2 to any "
7829
"ip address on this host:"
7830
msgstr ""
7831
7832
#: serverguide/C/security.xml:433(command)
7833
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7834
msgstr "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7835
7836
#: serverguide/C/security.xml:435(para)
7837
msgid ""
7838
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
7839
"subnet."
7840
msgstr ""
7841
7842
#: serverguide/C/security.xml:441(para)
7843
msgid ""
7844
"Adding the <emphasis>--dry-run</emphasis> option to a "
7845
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
7846
"apply them. For example, the following is what would be applied if opening "
7847
"the HTTP port:"
7848
msgstr ""
7849
7850
#: serverguide/C/security.xml:447(command)
7851
msgid "sudo ufw --dry-run allow http"
7852
msgstr "sudo ufw --dry-run allow http"
7853
7854
#: serverguide/C/security.xml:451(computeroutput)
7855
#, no-wrap
7856
msgid ""
7857
"*filter\n"
7858
":ufw-user-input - [0:0]\n"
7859
":ufw-user-output - [0:0]\n"
7860
":ufw-user-forward - [0:0]\n"
7861
":ufw-user-limit - [0:0]\n"
7862
":ufw-user-limit-accept - [0:0]\n"
7863
"### RULES ###\n"
7864
"\n"
7865
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
7866
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
7867
"\n"
7868
"### END RULES ###\n"
7869
"-A ufw-user-input -j RETURN\n"
7870
"-A ufw-user-output -j RETURN\n"
7871
"-A ufw-user-forward -j RETURN\n"
7872
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
7873
"LIMIT]: \"\n"
7874
"-A ufw-user-limit -j REJECT\n"
7875
"-A ufw-user-limit-accept -j ACCEPT\n"
7876
"COMMIT\n"
7877
"Rules updated"
7878
msgstr ""
7879
7880
#: serverguide/C/security.xml:475(para)
7881
msgid "<application>ufw</application> can be disabled by:"
7882
msgstr "<application>ufw</application> можа быць выключана з дапамогай:"
7883
7884
#: serverguide/C/security.xml:479(command)
7885
msgid "sudo ufw disable"
7886
msgstr "sudo ufw disable"
7887
7888
#: serverguide/C/security.xml:483(para)
7889
msgid "To see the firewall status, enter:"
7890
msgstr "Каб паглядзець стан брандмаўэра, увядзіце:"
7891
7892
#: serverguide/C/security.xml:487(command)
7893
msgid "sudo ufw status"
7894
msgstr "sudo ufw status"
7895
7896
#: serverguide/C/security.xml:491(para)
7897
msgid "And for more verbose status information use:"
7898
msgstr ""
7899
7900
#: serverguide/C/security.xml:495(command)
7901
msgid "sudo ufw status verbose"
7902
msgstr "sudo ufw status verbose"
7903
7904
#: serverguide/C/security.xml:499(para)
7905
msgid "To view the <emphasis>numbered</emphasis> format:"
7906
msgstr ""
7907
7908
#: serverguide/C/security.xml:503(command)
7909
msgid "sudo ufw status numbered"
7910
msgstr "sudo ufw status numbered"
7911
7912
#: serverguide/C/security.xml:508(para)
7913
msgid ""
7914
"If the port you want to open or close is defined in "
7915
"<filename>/etc/services</filename>, you can use the port name instead of the "
7916
"number. In the above examples, replace <emphasis>22</emphasis> with "
7917
"<emphasis>ssh</emphasis>."
7918
msgstr ""
7919
7920
#: serverguide/C/security.xml:514(para)
7921
msgid ""
7922
"This is a quick introduction to using <application>ufw</application>. Please "
7923
"refer to the <application>ufw</application> man page for more information."
7924
msgstr ""
7925
7926
#: serverguide/C/security.xml:520(title)
7927
msgid "ufw Application Integration"
7928
msgstr ""
7929
7930
#: serverguide/C/security.xml:522(para)
7931
msgid ""
7932
"Applications that open ports can include an <application>ufw</application> "
7933
"profile, which details the ports needed for the application to function "
7934
"properly. The profiles are kept in <filename "
7935
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
7936
"the default ports have been changed."
7937
msgstr ""
7938
7939
#: serverguide/C/security.xml:531(para)
7940
msgid ""
7941
"To view which applications have installed a profile, enter the following in "
7942
"a terminal:"
7943
msgstr ""
7944
7945
#: serverguide/C/security.xml:536(command)
7946
msgid "sudo ufw app list"
7947
msgstr "sudo ufw app list"
7948
7949
#: serverguide/C/security.xml:542(para)
7950
msgid ""
7951
"Similar to allowing traffic to a port, using an application profile is "
7952
"accomplished by entering:"
7953
msgstr ""
7954
7955
#: serverguide/C/security.xml:547(command)
7956
msgid "sudo ufw allow Samba"
7957
msgstr "sudo ufw allow Samba"
7958
7959
#: serverguide/C/security.xml:553(para)
7960
msgid "An extended syntax is available as well:"
7961
msgstr ""
7962
7963
#: serverguide/C/security.xml:558(command)
7964
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
7965
msgstr ""
7966
7967
#: serverguide/C/security.xml:561(para)
7968
msgid ""
7969
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7970
"with the application profile you are using and the IP range for your network."
7971
msgstr ""
7972
7973
#: serverguide/C/security.xml:567(para)
7974
msgid ""
7975
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7976
"application, because that information is detailed in the profile. Also, note "
7977
"that the <emphasis>app</emphasis> name replaces the "
7978
"<emphasis>port</emphasis> number."
7979
msgstr ""
7980
7981
#: serverguide/C/security.xml:576(para)
7982
msgid ""
7983
"To view details about which ports, protocols, etc are defined for an "
7984
"application, enter:"
7985
msgstr ""
7986
7987
#: serverguide/C/security.xml:581(command)
7988
msgid "sudo ufw app info Samba"
7989
msgstr "sudo ufw app info Samba"
7990
7991
#: serverguide/C/security.xml:587(para)
7992
msgid ""
7993
"Not all applications that require opening a network port come with "
7994
"<application>ufw</application> profiles, but if you have profiled an "
7995
"application and want the file to be included with the package, please file a "
7996
"bug against the package in <ulink "
7997
"url=\"https://launchpad.net/\">Launchpad</ulink>."
7998
msgstr ""
7999
8000
#: serverguide/C/security.xml:596(title)
8001
msgid "IP Masquerading"
8002
msgstr ""
8003
8004
#: serverguide/C/security.xml:597(para)
8005
msgid ""
8006
"The purpose of IP Masquerading is to allow machines with private, non-"
8007
"routable IP addresses on your network to access the Internet through the "
8008
"machine doing the masquerading. Traffic from your private network destined "
8009
"for the Internet must be manipulated for replies to be routable back to the "
8010
"machine that made the request. To do this, the kernel must modify the "
8011
"<emphasis>source</emphasis> IP address of each packet so that replies will "
8012
"be routed back to it, rather than to the private IP address that made the "
8013
"request, which is impossible over the Internet. Linux uses "
8014
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
8015
"connections belong to which machines and reroute each return packet "
8016
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
8017
"having originated from your Ubuntu gateway machine. This process is referred "
8018
"to in Microsoft documentation as Internet Connection Sharing."
8019
msgstr ""
8020
8021
#: serverguide/C/security.xml:613(title)
8022
msgid "ufw Masquerading"
8023
msgstr ""
8024
8025
#: serverguide/C/security.xml:614(para)
8026
msgid ""
8027
"IP Masquerading can be achieved using custom <application>ufw</application> "
8028
"rules. This is possible because the current back-end for "
8029
"<application>ufw</application> is <application>iptables-"
8030
"restore</application> with the rules files located in "
8031
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
8032
"legacy iptables rules used without <application>ufw</application>, and rules "
8033
"that are more network gateway or bridge related."
8034
msgstr ""
8035
8036
#: serverguide/C/security.xml:620(para)
8037
msgid ""
8038
"The rules are split into two different files, rules that should be executed "
8039
"before <application>ufw</application> command line rules, and rules that are "
8040
"executed after <application>ufw</application> command line rules."
8041
msgstr ""
8042
8043
#: serverguide/C/security.xml:626(para)
8044
msgid ""
8045
"First, packet forwarding needs to be enabled in "
8046
"<application>ufw</application>. Two configuration files will need to be "
8047
"adjusted, in <filename>/etc/default/ufw</filename> change the "
8048
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
8049
msgstr ""
8050
8051
#: serverguide/C/security.xml:630(programlisting)
8052
#, no-wrap
8053
msgid ""
8054
"\n"
8055
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8056
msgstr ""
8057
"\n"
8058
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
8059
8060
#: serverguide/C/security.xml:633(para)
8061
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
8062
msgstr ""
8063
8064
#: serverguide/C/security.xml:636(programlisting)
8065
#, no-wrap
8066
msgid ""
8067
"\n"
8068
"net/ipv4/ip_forward=1\n"
8069
msgstr ""
8070
8071
#: serverguide/C/security.xml:639(para)
8072
msgid "Similarly, for IPv6 forwarding uncomment:"
8073
msgstr ""
8074
8075
#: serverguide/C/security.xml:642(programlisting)
8076
#, no-wrap
8077
msgid ""
8078
"\n"
8079
"net/ipv6/conf/default/forwarding=1\n"
8080
msgstr ""
8081
8082
#: serverguide/C/security.xml:647(para)
8083
msgid ""
8084
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
8085
"file. The default rules only configure the <emphasis>filter</emphasis> "
8086
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
8087
"need to be configured. Add the following to the top of the file just after "
8088
"the header comments:"
8089
msgstr ""
8090
8091
#: serverguide/C/security.xml:652(programlisting)
8092
#, no-wrap
8093
msgid ""
8094
"\n"
8095
"# nat Table rules\n"
8096
"*nat\n"
8097
":POSTROUTING ACCEPT [0:0]\n"
8098
"\n"
8099
"# Forward traffic from eth1 through eth0.\n"
8100
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
8101
"\n"
8102
"# don't delete the 'COMMIT' line or these nat table rules won't be "
8103
"processed\n"
8104
"COMMIT\n"
8105
msgstr ""
8106
8107
#: serverguide/C/security.xml:663(para)
8108
msgid ""
8109
"The comments are not strictly necessary, but it is considered good practice "
8110
"to document your configuration. Also, when modifying any of the "
8111
"<emphasis>rules</emphasis> files in <filename "
8112
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
8113
"line for each table modified:"
8114
msgstr ""
8115
8116
#: serverguide/C/security.xml:669(programlisting)
8117
#, no-wrap
8118
msgid ""
8119
"\n"
8120
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8121
"COMMIT\n"
8122
msgstr ""
8123
8124
#: serverguide/C/security.xml:674(para)
8125
msgid ""
8126
"For each <emphasis>Table</emphasis> a corresponding "
8127
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8128
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8129
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8130
"<emphasis>mangle</emphasis> tables."
8131
msgstr ""
8132
8133
#: serverguide/C/security.xml:681(para)
8134
msgid ""
8135
"In the above example replace <emphasis>eth0</emphasis>, "
8136
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8137
"appropriate interfaces and IP range for your network."
8138
msgstr ""
8139
8140
#: serverguide/C/security.xml:689(para)
8141
msgid ""
8142
"Finally, disable and re-enable <application>ufw</application> to apply the "
8143
"changes:"
8144
msgstr ""
8145
8146
#: serverguide/C/security.xml:693(command)
8147
msgid "sudo ufw disable && sudo ufw enable"
8148
msgstr "sudo ufw disable && sudo ufw enable"
8149
8150
#: serverguide/C/security.xml:697(para)
8151
msgid ""
8152
"IP Masquerading should now be enabled. You can also add any additional "
8153
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8154
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8155
"forward</emphasis> chain."
8156
msgstr ""
8157
8158
#: serverguide/C/security.xml:704(title)
8159
msgid "iptables Masquerading"
8160
msgstr ""
8161
8162
#: serverguide/C/security.xml:705(para)
8163
msgid ""
8164
"<application>iptables</application> can also be used to enable masquerading."
8165
msgstr ""
8166
8167
#: serverguide/C/security.xml:710(para)
8168
msgid ""
8169
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8170
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8171
"uncomment the following line"
8172
msgstr ""
8173
8174
#: serverguide/C/security.xml:714(programlisting)
8175
#, no-wrap
8176
msgid ""
8177
"\n"
8178
"net.ipv4.ip_forward=1\n"
8179
msgstr ""
8180
"\n"
8181
"net.ipv4.ip_forward=1\n"
8182
8183
#: serverguide/C/security.xml:717(para)
8184
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8185
msgstr ""
8186
8187
#: serverguide/C/security.xml:720(programlisting)
8188
#, no-wrap
8189
msgid ""
8190
"\n"
8191
"net.ipv6.conf.default.forwarding=1\n"
8192
msgstr ""
8193
"\n"
8194
"net.ipv6.conf.default.forwarding=1\n"
8195
8196
#: serverguide/C/security.xml:725(para)
8197
msgid ""
8198
"Next, execute the <application>sysctl</application> command to enable the "
8199
"new settings in the configuration file:"
8200
msgstr ""
8201
8202
#: serverguide/C/security.xml:729(command)
8203
msgid "sudo sysctl -p"
8204
msgstr "sudo sysctl -p"
8205
8206
#: serverguide/C/security.xml:733(para)
8207
msgid ""
8208
"IP Masquerading can now be accomplished with a single iptables rule, which "
8209
"may differ slightly based on your network configuration:"
8210
msgstr ""
8211
8212
#: serverguide/C/security.xml:736(screen)
8213
#, no-wrap
8214
msgid ""
8215
"\n"
8216
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8217
msgstr ""
8218
"\n"
8219
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8220
8221
#: serverguide/C/security.xml:739(para)
8222
msgid ""
8223
"The above command assumes that your private address space is 192.168.0.0/16 "
8224
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8225
"follows:"
8226
msgstr ""
8227
8228
#: serverguide/C/security.xml:744(para)
8229
msgid "-t nat -- the rule is to go into the nat table"
8230
msgstr ""
8231
8232
#: serverguide/C/security.xml:745(para)
8233
msgid ""
8234
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8235
msgstr ""
8236
8237
#: serverguide/C/security.xml:746(para)
8238
msgid ""
8239
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8240
"specified address space"
8241
msgstr ""
8242
8243
#: serverguide/C/security.xml:747(para)
8244
msgid ""
8245
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8246
"specified network device"
8247
msgstr ""
8248
8249
#: serverguide/C/security.xml:749(para)
8250
msgid ""
8251
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8252
"MASQUERADE target to be manipulated as described above"
8253
msgstr ""
8254
8255
#: serverguide/C/security.xml:757(para)
8256
msgid ""
8257
"Also, each chain in the filter table (the default table, and where most or "
8258
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8259
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8260
"you may have set the policies to DROP or REJECT, in which case your "
8261
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8262
"above rule to work:"
8263
msgstr ""
8264
8265
#: serverguide/C/security.xml:764(screen)
8266
#, no-wrap
8267
msgid ""
8268
"\n"
8269
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8270
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8271
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8272
msgstr ""
8273
"\n"
8274
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8275
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8276
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8277
8278
#: serverguide/C/security.xml:768(para)
8279
msgid ""
8280
"The above commands will allow all connections from your local network to the "
8281
"Internet and all traffic related to those connections to return to the "
8282
"machine that initiated them."
8283
msgstr ""
8284
8285
#: serverguide/C/security.xml:775(para)
8286
msgid ""
8287
"If you want masquerading to be enabled on reboot, which you probably do, "
8288
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8289
"example add the first command with no filtering:"
8290
msgstr ""
8291
8292
#: serverguide/C/security.xml:779(screen)
8293
#, no-wrap
8294
msgid ""
8295
"\n"
8296
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8297
msgstr ""
8298
"\n"
8299
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8300
8301
#: serverguide/C/security.xml:787(title)
8302
msgid "Logs"
8303
msgstr ""
8304
8305
#: serverguide/C/security.xml:788(para)
8306
msgid ""
8307
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8308
"firewall rules, and noticing unusual activity on your network. You must "
8309
"include logging rules in your firewall for them to be generated, though, and "
8310
"logging rules must come before any applicable terminating rule (a rule with "
8311
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8312
"REJECT)."
8313
msgstr ""
8314
8315
#: serverguide/C/security.xml:795(para)
8316
msgid ""
8317
"If you are using <application>ufw</application>, you can turn on logging by "
8318
"entering the following in a terminal:"
8319
msgstr ""
8320
8321
#: serverguide/C/security.xml:799(command)
8322
msgid "sudo ufw logging on"
8323
msgstr "sudo ufw logging on"
8324
8325
#: serverguide/C/security.xml:801(para)
8326
msgid ""
8327
"To turn logging off in <application>ufw</application>, simply replace "
8328
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8329
"role=\"italic\">off</emphasis> in the above command."
8330
msgstr ""
8331
8332
#: serverguide/C/security.xml:804(para)
8333
msgid ""
8334
"If using <application>iptables</application> instead of "
8335
"<application>ufw</application>, enter:"
8336
msgstr ""
8337
8338
#: serverguide/C/security.xml:807(screen)
8339
#, no-wrap
8340
msgid ""
8341
"\n"
8342
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8343
"prefix \"NEW_HTTP_CONN: \"\n"
8344
msgstr ""
8345
"\n"
8346
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8347
"prefix \"NEW_HTTP_CONN: \"\n"
8348
8349
#: serverguide/C/security.xml:810(para)
8350
msgid ""
8351
"A request on port 80 from the local machine, then, would generate a log in "
8352
"dmesg that looks like this:"
8353
msgstr ""
8354
8355
#: serverguide/C/security.xml:815(programlisting)
8356
#, no-wrap
8357
msgid ""
8358
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8359
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8360
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8361
"WINDOW=32767 RES=0x00 SYN URGP=0"
8362
msgstr ""
8363
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8364
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8365
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8366
"WINDOW=32767 RES=0x00 SYN URGP=0"
8367
8368
#: serverguide/C/security.xml:817(para)
8369
msgid ""
8370
"The above log will also appear in <filename>/var/log/messages</filename>, "
8371
"<filename>/var/log/syslog</filename>, and "
8372
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8373
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8374
"and configuring <application>ulogd</application> and using the ULOG target "
8375
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8376
"server that listens for logging instructions from the kernel specifically "
8377
"for firewalls, and can log to any file you like, or even to a "
8378
"<application>PostgreSQL</application> or <application>MySQL</application> "
8379
"database. Making sense of your firewall logs can be simplified by using a "
8380
"log analyzing tool such as <application>fwanalog</application>, "
8381
"<application> fwlogwatch</application>, or <application>lire</application>."
8382
msgstr ""
8383
8384
#: serverguide/C/security.xml:832(title)
8385
msgid "Other Tools"
8386
msgstr "Іншыя прылады"
8387
8388
#: serverguide/C/security.xml:833(para)
8389
msgid ""
8390
"There are many tools available to help you construct a complete firewall "
8391
"without intimate knowledge of iptables. For the GUI-inclined:"
8392
msgstr ""
8393
8394
#: serverguide/C/security.xml:839(para)
8395
msgid ""
8396
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8397
"popular and easy to use."
8398
msgstr ""
8399
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> папулярны і "
8400
"просты ў карыстаньні."
8401
8402
#: serverguide/C/security.xml:844(para)
8403
msgid ""
8404
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8405
"and will look familiar to an administrator who has used a commercial "
8406
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8407
msgstr ""
8408
8409
#: serverguide/C/security.xml:850(para)
8410
msgid ""
8411
"If you prefer a command-line tool with plain-text configuration files:"
8412
msgstr ""
8413
8414
#: serverguide/C/security.xml:855(para)
8415
msgid ""
8416
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8417
"powerful solution to help you configure an advanced firewall for any network."
8418
msgstr ""
8419
8420
#: serverguide/C/security.xml:861(para)
8421
msgid ""
8422
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8423
"a working firewall \"out of the box\" with zero configuration, and will "
8424
"allow you to easily set up a more advanced firewall by editing simple, well-"
8425
"documented configuration files."
8426
msgstr ""
8427
8428
#: serverguide/C/security.xml:868(para)
8429
msgid ""
8430
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8431
"designed to be a desktop firewall application. It is made up of a server "
8432
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8433
"like many popular interactive firewall applications for Windows."
8434
msgstr ""
8435
8436
#: serverguide/C/security.xml:880(para)
8437
msgid ""
8438
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
8439
"Firewall</ulink> wiki page contains information on the development of "
8440
"<application>ufw</application>."
8441
msgstr ""
8442
8443
#: serverguide/C/security.xml:886(para)
8444
msgid ""
8445
"Also, the <application>ufw</application> manual page contains some very "
8446
"useful information: <command>man ufw</command>."
8447
msgstr ""
8448
8449
#: serverguide/C/security.xml:891(para)
8450
msgid ""
8451
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8452
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8453
"on using <application>iptables</application>."
8454
msgstr ""
8455
8456
#: serverguide/C/security.xml:897(para)
8457
msgid ""
8458
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8459
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8460
msgstr ""
8461
8462
#: serverguide/C/security.xml:903(para)
8463
msgid ""
8464
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8465
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8466
msgstr ""
8467
8468
#: serverguide/C/security.xml:911(title)
8469
msgid "AppArmor"
8470
msgstr "AppArmor"
8471
8472
#: serverguide/C/security.xml:912(para)
8473
msgid ""
8474
"<application>AppArmor</application> is a Linux Security Module "
8475
"implementation of name-based mandatory access controls. AppArmor confines "
8476
"individual programs to a set of listed files and posix 1003.1e draft "
8477
"capabilities."
8478
msgstr ""
8479
8480
#: serverguide/C/security.xml:916(para)
8481
msgid ""
8482
"<application>AppArmor</application> is installed and loaded by default. It "
8483
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8484
"and permissions the application requires. Some packages will install their "
8485
"own profiles, and additional profiles can be found in the "
8486
"<application>apparmor-profiles</application> package."
8487
msgstr ""
8488
8489
#: serverguide/C/security.xml:921(para)
8490
msgid ""
8491
"To install the <application>apparmor-profiles</application> package from a "
8492
"terminal prompt:"
8493
msgstr ""
8494
8495
#: serverguide/C/security.xml:927(para)
8496
msgid "AppArmor profiles have two modes of execution:"
8497
msgstr ""
8498
8499
#: serverguide/C/security.xml:932(para)
8500
msgid ""
8501
"Complaining/Learning: profile violations are permitted and logged. Useful "
8502
"for testing and developing new profiles."
8503
msgstr ""
8504
8505
#: serverguide/C/security.xml:937(para)
8506
msgid ""
8507
"Enforced/Confined: enforces profile policy as well as logging the violation."
8508
msgstr ""
8509
8510
#: serverguide/C/security.xml:943(title)
8511
msgid "Using AppArmor"
8512
msgstr "Ужываньне AppArmor"
8513
8514
#: serverguide/C/security.xml:944(para)
8515
msgid ""
8516
"The <application>apparmor-utils</application> package contains command line "
8517
"utilities that you can use to change the <application>AppArmor</application> "
8518
"execution mode, find the status of a profile, create new profiles, etc."
8519
msgstr ""
8520
8521
#: serverguide/C/security.xml:950(para)
8522
msgid ""
8523
"<application>apparmor_status</application> is used to view the current "
8524
"status of AppArmor profiles."
8525
msgstr ""
8526
8527
#: serverguide/C/security.xml:954(command)
8528
msgid "sudo apparmor_status"
8529
msgstr "sudo apparmor_status"
8530
8531
#: serverguide/C/security.xml:958(para)
8532
msgid ""
8533
"<application>aa-complain</application> places a profile into "
8534
"<emphasis>complain</emphasis> mode."
8535
msgstr ""
8536
8537
#: serverguide/C/security.xml:962(command)
8538
msgid "sudo aa-complain /path/to/bin"
8539
msgstr "sudo aa-complain /path/to/bin"
8540
8541
#: serverguide/C/security.xml:966(para)
8542
msgid ""
8543
"<application>aa-enforce</application> places a profile into "
8544
"<emphasis>enforce</emphasis> mode."
8545
msgstr ""
8546
8547
#: serverguide/C/security.xml:970(command)
8548
msgid "sudo aa-enforce /path/to/bin"
8549
msgstr "sudo aa-enforce /path/to/bin"
8550
8551
#: serverguide/C/security.xml:974(para)
8552
msgid ""
8553
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8554
"profiles are located. It can be used to manipulate the "
8555
"<emphasis>mode</emphasis> of all profiles."
8556
msgstr ""
8557
8558
#: serverguide/C/security.xml:978(para)
8559
msgid "Enter the following to place all profiles into complain mode:"
8560
msgstr ""
8561
8562
#: serverguide/C/security.xml:982(command)
8563
msgid "sudo aa-complain /etc/apparmor.d/*"
8564
msgstr "sudo aa-complain /etc/apparmor.d/*"
8565
8566
#: serverguide/C/security.xml:984(para)
8567
msgid "To place all profiles in enforce mode:"
8568
msgstr ""
8569
8570
#: serverguide/C/security.xml:988(command)
8571
msgid "sudo aa-enforce /etc/apparmor.d/*"
8572
msgstr "sudo aa-enforce /etc/apparmor.d/*"
8573
8574
#: serverguide/C/security.xml:992(para)
8575
msgid ""
8576
"<application>apparmor_parser</application> is used to load a profile into "
8577
"the kernel. It can also be used to reload a currently loaded profile using "
8578
"the <emphasis>-r</emphasis> option. To load a profile:"
8579
msgstr ""
8580
8581
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
8582
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8583
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8584
8585
#: serverguide/C/security.xml:999(para)
8586
msgid "To reload a profile:"
8587
msgstr "Каб перазапусьціць профіль:"
8588
8589
#: serverguide/C/security.xml:1003(command)
8590
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8591
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8592
8593
#: serverguide/C/security.xml:1007(para)
8594
msgid ""
8595
"<filename>/etc/init.d/apparmor</filename> can be used to "
8596
"<emphasis>reload</emphasis> all profiles:"
8597
msgstr ""
8598
8599
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:632(command)
8600
msgid "sudo /etc/init.d/apparmor reload"
8601
msgstr "sudo /etc/init.d/apparmor reload"
8602
8603
#: serverguide/C/security.xml:1015(para)
8604
msgid ""
8605
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8606
"with the <application>apparmor_parser -R</application> option to "
8607
"<emphasis>disable</emphasis> a profile."
8608
msgstr ""
8609
8610
#: serverguide/C/security.xml:1020(command)
8611
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8612
msgstr "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8613
8614
#: serverguide/C/security.xml:1021(command)
8615
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8616
msgstr "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8617
8618
#: serverguide/C/security.xml:1023(para)
8619
msgid ""
8620
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8621
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8622
"load the profile using the <emphasis>-a</emphasis> option."
8623
msgstr ""
8624
8625
#: serverguide/C/security.xml:1028(command)
8626
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8627
msgstr "sudo rm /etc/apparmor.d/disable/profile.name"
8628
8629
#: serverguide/C/security.xml:1033(para)
8630
msgid ""
8631
"<application>AppArmor</application> can be disabled, and the kernel module "
8632
"unloaded by entering the following:"
8633
msgstr ""
8634
8635
#: serverguide/C/security.xml:1037(command)
8636
msgid "sudo /etc/init.d/apparmor stop"
8637
msgstr "sudo /etc/init.d/apparmor stop"
8638
8639
#: serverguide/C/security.xml:1038(command)
8640
msgid "sudo update-rc.d -f apparmor remove"
8641
msgstr "sudo update-rc.d -f apparmor remove"
8642
8643
#: serverguide/C/security.xml:1042(para)
8644
msgid "To re-enable <application>AppArmor</application> enter:"
8645
msgstr ""
8646
8647
#: serverguide/C/security.xml:1046(command)
8648
msgid "sudo /etc/init.d/apparmor start"
8649
msgstr "sudo /etc/init.d/apparmor start"
8650
8651
#: serverguide/C/security.xml:1047(command)
8652
msgid "sudo update-rc.d apparmor defaults"
8653
msgstr "sudo update-rc.d apparmor defaults"
8654
8655
#: serverguide/C/security.xml:1052(para)
8656
msgid ""
8657
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8658
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8659
"the actual executable file path. For example for the "
8660
"<application>ping</application> command use <filename>/bin/ping</filename>"
8661
msgstr ""
8662
8663
#: serverguide/C/security.xml:1060(title)
8664
msgid "Profiles"
8665
msgstr "Профілі"
8666
8667
#: serverguide/C/security.xml:1061(para)
8668
msgid ""
8669
"<application>AppArmor</application> profiles are simple text files located "
8670
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8671
"path to the executable they profile replacing the \"/\" with \".\". For "
8672
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
8673
"profile for the <filename>/bin/ping</filename> command."
8674
msgstr ""
8675
8676
#: serverguide/C/security.xml:1067(para)
8677
msgid "There are two main type of rules used in profiles:"
8678
msgstr "Ў профілях ёсьць два голоўных тыпа правілаў:"
8679
8680
#: serverguide/C/security.xml:1072(para)
8681
msgid ""
8682
"<emphasis>Path entries:</emphasis> which detail which files an application "
8683
"can access in the file system."
8684
msgstr ""
8685
8686
#: serverguide/C/security.xml:1077(para)
8687
msgid ""
8688
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8689
"confined process is allowed to use."
8690
msgstr ""
8691
8692
#: serverguide/C/security.xml:1082(para)
8693
msgid ""
8694
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8695
msgstr ""
8696
8697
#: serverguide/C/security.xml:1085(programlisting)
8698
#, no-wrap
8699
msgid ""
8700
"\n"
8701
"#include <tunables/global>\n"
8702
"/bin/ping flags=(complain) {\n"
8703
" #include <abstractions/base>\n"
8704
" #include <abstractions/consoles>\n"
8705
" #include <abstractions/nameservice>\n"
8706
"\n"
8707
" capability net_raw,\n"
8708
" capability setuid,\n"
8709
" network inet raw,\n"
8710
" \n"
8711
" /bin/ping mixr,\n"
8712
" /etc/modules.conf r,\n"
8713
"}\n"
8714
msgstr ""
8715
8716
#: serverguide/C/security.xml:1102(para)
8717
msgid ""
8718
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8719
"from other files. This allows statements pertaining to multiple applications "
8720
"to be placed in a common file."
8721
msgstr ""
8722
8723
#: serverguide/C/security.xml:1108(para)
8724
msgid ""
8725
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8726
"program, also setting the mode to <emphasis>complain</emphasis>."
8727
msgstr ""
8728
8729
#: serverguide/C/security.xml:1114(para)
8730
msgid ""
8731
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8732
"the CAP_NET_RAW Posix.1e capability."
8733
msgstr ""
8734
8735
#: serverguide/C/security.xml:1119(para)
8736
msgid ""
8737
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8738
"execute access to the file."
8739
msgstr ""
8740
8741
#: serverguide/C/security.xml:1125(para)
8742
msgid ""
8743
"After editing a profile file the profile must be reloaded. See <xref "
8744
"linkend=\"apparmor-usage\"/> for details."
8745
msgstr ""
8746
8747
#: serverguide/C/security.xml:1130(title)
8748
msgid "Creating a Profile"
8749
msgstr "Стварэньне профіля"
8750
8751
#: serverguide/C/security.xml:1133(para)
8752
msgid ""
8753
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8754
"application should be exercised. The test plan should be divided into small "
8755
"test cases. Each test case should have a small description and list the "
8756
"steps to follow."
8757
msgstr ""
8758
8759
#: serverguide/C/security.xml:1137(para)
8760
msgid "Some standard test cases are:"
8761
msgstr ""
8762
8763
#: serverguide/C/security.xml:1142(para)
8764
msgid "Starting the program."
8765
msgstr "Урухомленьне праграмы."
8766
8767
#: serverguide/C/security.xml:1147(para)
8768
msgid "Stopping the program."
8769
msgstr "Спыненьне праграмы."
8770
8771
#: serverguide/C/security.xml:1152(para)
8772
msgid "Reloading the program."
8773
msgstr "Перазагрузка праграмы."
8774
8775
#: serverguide/C/security.xml:1157(para)
8776
msgid "Testing all the commands supported by the init script."
8777
msgstr ""
8778
8779
#: serverguide/C/security.xml:1164(para)
8780
msgid ""
8781
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8782
"genprof</application> to generate a new profile. From a terminal:"
8783
msgstr ""
8784
8785
#: serverguide/C/security.xml:1169(command)
8786
msgid "sudo aa-genprof executable"
8787
msgstr "sudo aa-genprof executable"
8788
8789
#: serverguide/C/security.xml:1171(para)
8790
msgid "For example:"
8791
msgstr "Напрыклад:"
8792
8793
#: serverguide/C/security.xml:1175(command)
8794
msgid "sudo aa-genprof slapd"
8795
msgstr "sudo aa-genprof slapd"
8796
8797
#: serverguide/C/security.xml:1179(para)
8798
msgid ""
8799
"To get your new profile included in the <application>apparmor-"
8800
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8801
"against the <ulink "
8802
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
8803
"/ulink> package:"
8804
msgstr ""
8805
8806
#: serverguide/C/security.xml:1186(para)
8807
msgid "Include your test plan and test cases."
8808
msgstr ""
8809
8810
#: serverguide/C/security.xml:1191(para)
8811
msgid "Attach your new profile to the bug."
8812
msgstr ""
8813
8814
#: serverguide/C/security.xml:1200(title)
8815
msgid "Updating Profiles"
8816
msgstr ""
8817
8818
#: serverguide/C/security.xml:1201(para)
8819
msgid ""
8820
"When the program is misbehaving, audit messages are sent to the log files. "
8821
"The program <application>aa-logprof</application> can be used to scan log "
8822
"files for <application>AppArmor</application> audit messages, review them "
8823
"and update the profiles. From a terminal:"
8824
msgstr ""
8825
8826
#: serverguide/C/security.xml:1206(command)
8827
msgid "sudo aa-logprof"
8828
msgstr "sudo aa-logprof"
8829
8830
#: serverguide/C/security.xml:1214(para)
8831
msgid ""
8832
"See the <ulink "
8833
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
8834
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
8835
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
8836
"configuration options."
8837
msgstr ""
8838
8839
#: serverguide/C/security.xml:1221(para)
8840
msgid ""
8841
"For details using AppArmor with other Ubuntu releases see the <ulink "
8842
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8843
"Wiki</ulink> page."
8844
msgstr ""
8845
8846
#: serverguide/C/security.xml:1229(para)
8847
msgid ""
8848
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
8849
"page is another introduction to AppArmor."
8850
msgstr ""
8851
8852
#: serverguide/C/security.xml:1236(para)
8853
msgid ""
8854
"A great place to ask for <application>AppArmor</application> assistance, and "
8855
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
8856
"server</emphasis> IRC channel on <ulink "
8857
"url=\"http://freenode.net\">freenode</ulink>."
8858
msgstr ""
8859
8860
#: serverguide/C/security.xml:1246(title)
8861
msgid "Certificates"
8862
msgstr ""
8863
8864
#: serverguide/C/security.xml:1247(para)
8865
msgid ""
8866
"One of the most common forms of cryptography today is <emphasis>public-"
8867
"key</emphasis> cryptography. Public-key cryptography utilizes a "
8868
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
8869
"system works by <emphasis>encrypting</emphasis> information using the public "
8870
"key. The information can then only be <emphasis>decrypted</emphasis> using "
8871
"the private key."
8872
msgstr ""
8873
8874
#: serverguide/C/security.xml:1253(para)
8875
msgid ""
8876
"A common use for public-key cryptography is encrypting application traffic "
8877
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
8878
"connection. For example, configuring Apache to provide "
8879
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
8880
"encrypt traffic using a protocol that does not itself provide encryption."
8881
msgstr ""
8882
8883
#: serverguide/C/security.xml:1258(para)
8884
msgid ""
8885
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
8886
"<emphasis>public key</emphasis> and other information about a server and the "
8887
"organization who is responsible for it. Certificates can be digitally signed "
8888
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
8889
"third party that has confirmed that the information contained in the "
8890
"certificate is accurate."
8891
msgstr ""
8892
8893
#: serverguide/C/security.xml:1265(title)
8894
msgid "Types of Certificates"
8895
msgstr "Тыпы сэртыфікатаў"
8896
8897
#: serverguide/C/security.xml:1266(para)
8898
msgid ""
8899
"To set up a secure server using public-key cryptography, in most cases, you "
8900
"send your certificate request (including your public key), proof of your "
8901
"company's identity, and payment to a CA. The CA verifies the certificate "
8902
"request and your identity, and then sends back a certificate for your secure "
8903
"server. Alternatively, you can create your own <emphasis>self-"
8904
"signed</emphasis> certificate."
8905
msgstr ""
8906
8907
#: serverguide/C/security.xml:1276(para)
8908
msgid ""
8909
"Note, that self-signed certificates should not be used in most production "
8910
"environments."
8911
msgstr ""
8912
8913
#: serverguide/C/security.xml:1280(para)
8914
msgid ""
8915
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8916
"capabilities that a self-signed certificate does not:"
8917
msgstr ""
8918
8919
#: serverguide/C/security.xml:1287(para)
8920
msgid ""
8921
"Browsers (usually) automatically recognize the certificate and allow a "
8922
"secure connection to be made without prompting the user."
8923
msgstr ""
8924
8925
#: serverguide/C/security.xml:1294(para)
8926
msgid ""
8927
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8928
"the organization that is providing the web pages to the browser."
8929
msgstr ""
8930
8931
#: serverguide/C/security.xml:1302(para)
8932
msgid ""
8933
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8934
"certificates they automatically accept. If a browser encounters a "
8935
"certificate whose authorizing CA is not in the list, the browser asks the "
8936
"user to either accept or decline the connection. Also, other applications "
8937
"may generate an error message when using a self-singed certificate."
8938
msgstr ""
8939
8940
#: serverguide/C/security.xml:1310(para)
8941
msgid ""
8942
"The process of getting a certificate from a CA is fairly easy. A quick "
8943
"overview is as follows:"
8944
msgstr ""
8945
8946
#: serverguide/C/security.xml:1317(para)
8947
msgid "Create a private and public encryption key pair."
8948
msgstr ""
8949
8950
#: serverguide/C/security.xml:1320(para)
8951
msgid ""
8952
"Create a certificate request based on the public key. The certificate "
8953
"request contains information about your server and the company hosting it."
8954
msgstr ""
8955
8956
#: serverguide/C/security.xml:1325(para)
8957
msgid ""
8958
"Send the certificate request, along with documents proving your identity, to "
8959
"a CA. We cannot tell you which certificate authority to choose. Your "
8960
"decision may be based on your past experiences, or on the experiences of "
8961
"your friends or colleagues, or purely on monetary factors."
8962
msgstr ""
8963
8964
#: serverguide/C/security.xml:1331(para)
8965
msgid ""
8966
"Once you have decided upon a CA, you need to follow the instructions they "
8967
"provide on how to obtain a certificate from them."
8968
msgstr ""
8969
8970
#: serverguide/C/security.xml:1336(para)
8971
msgid ""
8972
"When the CA is satisfied that you are indeed who you claim to be, they send "
8973
"you a digital certificate."
8974
msgstr ""
8975
8976
#: serverguide/C/security.xml:1340(para)
8977
msgid ""
8978
"Install this certificate on your secure server, and configure the "
8979
"appropriate applications to use the certificate."
8980
msgstr ""
8981
8982
#: serverguide/C/security.xml:1349(title)
8983
msgid "Generating a Certificate Signing Request (CSR)"
8984
msgstr ""
8985
8986
#: serverguide/C/security.xml:1351(para)
8987
msgid ""
8988
"Whether you are getting a certificate from a CA or generating your own self-"
8989
"signed certificate, the first step is to generate a key."
8990
msgstr ""
8991
8992
#: serverguide/C/security.xml:1356(para)
8993
msgid ""
8994
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8995
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8996
"passphrase allows the services to start without manual intervention, usually "
8997
"the preferred way to start a daemon."
8998
msgstr ""
8999
9000
#: serverguide/C/security.xml:1362(para)
9001
msgid ""
9002
"This section will cover generating a key with a passphrase, and one without. "
9003
"The non-passphrase key will then be used to generate a certificate that can "
9004
"be used with various service daemons."
9005
msgstr ""
9006
9007
#: serverguide/C/security.xml:1368(para)
9008
msgid ""
9009
"Running your secure service without a passphrase is convenient because you "
9010
"will not need to enter the passphrase every time you start your secure "
9011
"service. But it is insecure and a compromise of the key means a compromise "
9012
"of the server as well."
9013
msgstr ""
9014
9015
#: serverguide/C/security.xml:1375(para)
9016
msgid ""
9017
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
9018
"Request (CSR) run the following command from a terminal prompt:"
9019
msgstr ""
9020
9021
#: serverguide/C/security.xml:1381(command)
9022
msgid "openssl genrsa -des3 -out server.key 1024"
9023
msgstr "openssl genrsa -des3 -out server.key 1024"
9024
9025
#: serverguide/C/security.xml:1384(programlisting)
9026
#, no-wrap
9027
msgid ""
9028
"\n"
9029
"Generating RSA private key, 1024 bit long modulus\n"
9030
".....................++++++\n"
9031
".................++++++\n"
9032
"unable to write 'random state'\n"
9033
"e is 65537 (0x10001)\n"
9034
"Enter pass phrase for server.key:\n"
9035
msgstr ""
9036
9037
#: serverguide/C/security.xml:1393(para)
9038
msgid ""
9039
"You can now enter your passphrase. For best security, it should at least "
9040
"contain eight characters. The minimum length when specifying -des3 is four "
9041
"characters. It should include numbers and/or punctuation and not be a word "
9042
"in a dictionary. Also remember that your passphrase is case-sensitive."
9043
msgstr ""
9044
9045
#: serverguide/C/security.xml:1401(para)
9046
msgid ""
9047
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
9048
"server key is generated and stored in the <filename>server.key</filename> "
9049
"file."
9050
msgstr ""
9051
9052
#: serverguide/C/security.xml:1407(para)
9053
msgid ""
9054
"Now create the insecure key, the one without a passphrase, and shuffle the "
9055
"key names:"
9056
msgstr ""
9057
9058
#: serverguide/C/security.xml:1413(command)
9059
msgid "openssl rsa -in server.key -out server.key.insecure"
9060
msgstr "openssl rsa -in server.key -out server.key.insecure"
9061
9062
#: serverguide/C/security.xml:1414(command)
9063
msgid "mv server.key server.key.secure"
9064
msgstr "mv server.key server.key.secure"
9065
9066
#: serverguide/C/security.xml:1415(command)
9067
msgid "mv server.key.insecure server.key"
9068
msgstr "mv server.key.insecure server.key"
9069
9070
#: serverguide/C/security.xml:1418(para)
9071
msgid ""
9072
"The insecure key is now named <filename>server.key</filename>, and you can "
9073
"use this file to generate the CSR without passphrase."
9074
msgstr ""
9075
9076
#: serverguide/C/security.xml:1423(para)
9077
msgid "To create the CSR, run the following command at a terminal prompt:"
9078
msgstr ""
9079
9080
#: serverguide/C/security.xml:1428(command)
9081
msgid "openssl req -new -key server.key -out server.csr"
9082
msgstr "openssl req -new -key server.key -out server.csr"
9083
9084
#: serverguide/C/security.xml:1431(para)
9085
msgid ""
9086
"It will prompt you enter the passphrase. If you enter the correct "
9087
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9088
"etc. Once you enter all these details, your CSR will be created and it will "
9089
"be stored in the <filename>server.csr</filename> file."
9090
msgstr ""
9091
9092
#: serverguide/C/security.xml:1439(para)
9093
msgid ""
9094
"You can now submit this CSR file to a CA for processing. The CA will use "
9095
"this CSR file and issue the certificate. On the other hand, you can create "
9096
"self-signed certificate using this CSR."
9097
msgstr ""
9098
9099
#: serverguide/C/security.xml:1447(title)
9100
msgid "Creating a Self-Signed Certificate"
9101
msgstr ""
9102
9103
#: serverguide/C/security.xml:1448(para)
9104
msgid ""
9105
"To create the self-signed certificate, run the following command at a "
9106
"terminal prompt:"
9107
msgstr ""
9108
9109
#: serverguide/C/security.xml:1453(command)
9110
msgid ""
9111
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9112
"server.crt"
9113
msgstr ""
9114
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
9115
"server.crt"
9116
9117
#: serverguide/C/security.xml:1456(para)
9118
msgid ""
9119
"The above command will prompt you to enter the passphrase. Once you enter "
9120
"the correct passphrase, your certificate will be created and it will be "
9121
"stored in the <filename>server.crt</filename> file."
9122
msgstr ""
9123
9124
#: serverguide/C/security.xml:1461(para)
9125
msgid ""
9126
"If your secure server is to be used in a production environment, you "
9127
"probably need a CA-signed certificate. It is not recommended to use self-"
9128
"signed certificate."
9129
msgstr ""
9130
9131
#: serverguide/C/security.xml:1469(title)
9132
msgid "Installing the Certificate"
9133
msgstr "Устаноўка сэртыфіката"
9134
9135
#: serverguide/C/security.xml:1471(para)
9136
msgid ""
9137
"You can install the key file <filename>server.key</filename> and certificate "
9138
"file <filename>server.crt</filename>, or the certificate file issued by your "
9139
"CA, by running following commands at a terminal prompt:"
9140
msgstr ""
9141
9142
#: serverguide/C/security.xml:1477(command)
9143
msgid "sudo cp server.crt /etc/ssl/certs"
9144
msgstr "sudo cp server.crt /etc/ssl/certs"
9145
9146
#: serverguide/C/security.xml:1478(command)
9147
msgid "sudo cp server.key /etc/ssl/private"
9148
msgstr "sudo cp server.key /etc/ssl/private"
9149
9150
#: serverguide/C/security.xml:1480(para)
9151
msgid ""
9152
"Now simply configure any applications, with the ability to use public-key "
9153
"cryptography, to use the <emphasis>certificate</emphasis> and "
9154
"<emphasis>key</emphasis> files. For example, "
9155
"<application>Apache</application> can provide HTTPS, "
9156
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9157
msgstr ""
9158
9159
#: serverguide/C/security.xml:1487(title)
9160
msgid "Certification Authority"
9161
msgstr ""
9162
9163
#: serverguide/C/security.xml:1489(para)
9164
msgid ""
9165
"If the services on your network require more than a few self-signed "
9166
"certificates it may be worth the additional effort to setup your own "
9167
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9168
"certificates signed by your own CA, allows the various services using the "
9169
"certificates to easily trust other services using certificates issued from "
9170
"the same CA."
9171
msgstr ""
9172
9173
#: serverguide/C/security.xml:1499(para)
9174
msgid ""
9175
"First, create the directories to hold the CA certificate and related files:"
9176
msgstr ""
9177
9178
#: serverguide/C/security.xml:1504(command)
9179
msgid "sudo mkdir /etc/ssl/CA"
9180
msgstr "sudo mkdir /etc/ssl/CA"
9181
9182
#: serverguide/C/security.xml:1505(command)
9183
msgid "sudo mkdir /etc/ssl/newcerts"
9184
msgstr "sudo mkdir /etc/ssl/newcerts"
9185
9186
#: serverguide/C/security.xml:1511(para)
9187
msgid ""
9188
"The CA needs a few additional files to operate, one to keep track of the "
9189
"last serial number used by the CA, each certificate must have a unique "
9190
"serial number, and another file to record which certificates have been "
9191
"issued:"
9192
msgstr ""
9193
9194
#: serverguide/C/security.xml:1518(command)
9195
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9196
msgstr "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9197
9198
#: serverguide/C/security.xml:1519(command)
9199
msgid "sudo touch /etc/ssl/CA/index.txt"
9200
msgstr "sudo touch /etc/ssl/CA/index.txt"
9201
9202
#: serverguide/C/security.xml:1525(para)
9203
msgid ""
9204
"The third file is a CA configuration file. Though not strictly necessary, it "
9205
"is very convenient when issuing multiple certificates. Edit "
9206
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9207
"]</emphasis> change:"
9208
msgstr ""
9209
9210
#: serverguide/C/security.xml:1531(programlisting)
9211
#, no-wrap
9212
msgid ""
9213
"\n"
9214
"dir = /etc/ssl/ # Where everything is kept\n"
9215
"database = $dir/CA/index.txt # database index file.\n"
9216
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9217
"serial = $dir/CA/serial # The current serial number\n"
9218
"private_key = $dir/private/cakey.pem# The private key\n"
9219
msgstr ""
9220
9221
#: serverguide/C/security.xml:1542(para)
9222
msgid "Next, create the self-singed root certificate:"
9223
msgstr ""
9224
9225
#: serverguide/C/security.xml:1547(command)
9226
msgid ""
9227
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9228
"days 3650"
9229
msgstr ""
9230
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9231
"days 3650"
9232
9233
#: serverguide/C/security.xml:1550(para)
9234
msgid "You will then be asked to enter the details about the certificate."
9235
msgstr ""
9236
9237
#: serverguide/C/security.xml:1557(para)
9238
msgid "Now install the root certificate and key:"
9239
msgstr ""
9240
9241
#: serverguide/C/security.xml:1562(command)
9242
msgid "sudo mv cakey.pem /etc/ssl/private/"
9243
msgstr "sudo mv cakey.pem /etc/ssl/private/"
9244
9245
#: serverguide/C/security.xml:1563(command)
9246
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9247
msgstr "sudo mv cacert.pem /etc/ssl/certs/"
9248
9249
#: serverguide/C/security.xml:1569(para)
9250
msgid ""
9251
"You are now ready to start signing certificates. The first item needed is a "
9252
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9253
"for details. Once you have a CSR, enter the following to generate a "
9254
"certificate signed by the CA:"
9255
msgstr ""
9256
9257
#: serverguide/C/security.xml:1576(command)
9258
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9259
msgstr "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9260
9261
#: serverguide/C/security.xml:1579(para)
9262
msgid ""
9263
"After entering the password for the CA key, you will be prompted to sign the "
9264
"certificate, and again to commit the new certificate. You should then see a "
9265
"somewhat large amount of output related to the certificate creation."
9266
msgstr ""
9267
9268
#: serverguide/C/security.xml:1588(para)
9269
msgid ""
9270
"There should now be a new file, "
9271
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9272
"Copy and paste everything between the <emphasis>-----BEGIN CERTIFICATE-----"
9273
"</emphasis> and <emphasis>----END CERTIFICATE-----</emphasis> lines to a "
9274
"file named after the hostname of the server where the certificate will be "
9275
"installed. For example <filename>mail.example.com.crt</filename>, is a nice "
9276
"descriptive name."
9277
msgstr ""
9278
9279
#: serverguide/C/security.xml:1596(para)
9280
msgid ""
9281
"Subsequent certificates will be named <filename>02.pem</filename>, "
9282
"<filename>03.pem</filename>, etc."
9283
msgstr ""
9284
9285
#: serverguide/C/security.xml:1601(para)
9286
msgid ""
9287
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9288
"name."
9289
msgstr ""
9290
9291
#: serverguide/C/security.xml:1609(para)
9292
msgid ""
9293
"Finally, copy the new certificate to the host that needs it, and configure "
9294
"the appropriate applications to use it. The default location to install "
9295
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9296
"enables multiple services to use the same certificate without overly "
9297
"complicated file permissions."
9298
msgstr ""
9299
9300
#: serverguide/C/security.xml:1615(para)
9301
msgid ""
9302
"For applications that can be configured to use a CA certificate, you should "
9303
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9304
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9305
"server."
9306
msgstr ""
9307
9308
#: serverguide/C/security.xml:1629(para)
9309
msgid ""
9310
"For more detailed instructions on using cryptography see the <ulink "
9311
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9312
"Certificates HOWTO</ulink> by tlpd.org"
9313
msgstr ""
9314
9315
#: serverguide/C/security.xml:1635(para)
9316
msgid ""
9317
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9318
"of Certificate Authorities."
9319
msgstr ""
9320
9321
#: serverguide/C/security.xml:1640(para)
9322
msgid ""
9323
"The Wikipedia <ulink "
9324
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9325
"information regarding HTTPS."
9326
msgstr ""
9327
9328
#: serverguide/C/security.xml:1645(para)
9329
msgid ""
9330
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9331
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9332
msgstr ""
9333
9334
#: serverguide/C/security.xml:1650(para)
9335
msgid ""
9336
"Also, O'Reilly's <ulink "
9337
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9338
"OpenSSL</ulink> is a good in depth reference."
9339
msgstr ""
9340
9341
#: serverguide/C/security.xml:1659(title)
9342
msgid "eCryptfs"
9343
msgstr "eCryptfs"
9344
9345
#: serverguide/C/security.xml:1661(para)
9346
msgid ""
9347
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9348
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9349
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9350
"filesystem, partition type, etc."
9351
msgstr ""
9352
9353
#: serverguide/C/security.xml:1667(para)
9354
msgid ""
9355
"During installation there is an option to encrypt the <filename "
9356
"role=\"directory\">/home</filename> partition. This will automatically "
9357
"configure everything needed to encrypt and mount the partition."
9358
msgstr ""
9359
9360
#: serverguide/C/security.xml:1672(para)
9361
msgid ""
9362
"As an example, this section will cover configuring <filename "
9363
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9364
msgstr ""
9365
9366
#: serverguide/C/security.xml:1677(title)
9367
msgid "Using eCryptfs"
9368
msgstr "Ужываньне eCryptfs"
9369
9370
#: serverguide/C/security.xml:1679(para)
9371
msgid "First, install the necessary packages. From a terminal prompt enter:"
9372
msgstr "Спачатку устанавіце неабходныя пакеты. Увядзіце ў тэрмінале:"
9373
9374
#: serverguide/C/security.xml:1684(command)
9375
msgid "sudo apt-get install ecryptfs-utils"
9376
msgstr "sudo apt-get install ecryptfs-utils"
9377
9378
#: serverguide/C/security.xml:1687(para)
9379
msgid "Now mount the partition to be encrypted:"
9380
msgstr ""
9381
9382
#: serverguide/C/security.xml:1692(command)
9383
msgid "sudo mount -t ecryptfs /srv /srv"
9384
msgstr "sudo mount -t ecryptfs /srv /srv"
9385
9386
#: serverguide/C/security.xml:1695(para)
9387
msgid ""
9388
"You will then be prompted for some details on how "
9389
"<application>ecryptfs</application> should encrypt the data."
9390
msgstr ""
9391
9392
#: serverguide/C/security.xml:1699(para)
9393
msgid ""
9394
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9395
"copy the <filename>/etc/default</filename> folder to "
9396
"<filename>/srv</filename>:"
9397
msgstr ""
9398
9399
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:192(command)
9400
msgid "sudo cp -r /etc/default /srv"
9401
msgstr "sudo cp -r /etc/default /srv"
9402
9403
#: serverguide/C/security.xml:1708(para)
9404
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9405
msgstr ""
9406
9407
#: serverguide/C/security.xml:1713(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9408
msgid "sudo umount /srv"
9409
msgstr "sudo umount /srv"
9410
9411
#: serverguide/C/security.xml:1714(command)
9412
msgid "cat /srv/default/cron"
9413
msgstr "cat /srv/default/cron"
9414
9415
#: serverguide/C/security.xml:1717(para)
9416
msgid ""
9417
"Remounting <filename>/srv</filename> using "
9418
"<application>ecryptfs</application> will make the data viewable once again."
9419
msgstr ""
9420
9421
#: serverguide/C/security.xml:1723(title)
9422
msgid "Automatically Mounting Encrypted Partitions"
9423
msgstr ""
9424
9425
#: serverguide/C/security.xml:1725(para)
9426
msgid ""
9427
"There are a couple of ways to automatically mount an "
9428
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9429
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9430
"mount options, along with a passphrase file residing on a USB key."
9431
msgstr ""
9432
9433
#: serverguide/C/security.xml:1731(para)
9434
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9435
msgstr ""
9436
9437
#: serverguide/C/security.xml:1735(programlisting)
9438
#, no-wrap
9439
msgid ""
9440
"\n"
9441
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9442
"ecryptfs_sig=5826dd62cf81c615\n"
9443
"ecryptfs_cipher=aes\n"
9444
"ecryptfs_key_bytes=16\n"
9445
"ecryptfs_passthrough=n\n"
9446
"ecryptfs_enable_filename_crypto=n\n"
9447
msgstr ""
9448
9449
#: serverguide/C/security.xml:1745(para)
9450
msgid ""
9451
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9452
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9453
msgstr ""
9454
9455
#: serverguide/C/security.xml:1750(para)
9456
msgid ""
9457
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9458
"file:"
9459
msgstr ""
9460
9461
#: serverguide/C/security.xml:1754(programlisting)
9462
#, no-wrap
9463
msgid ""
9464
"\n"
9465
"passphrase_passwd=[secrets]\n"
9466
msgstr ""
9467
"\n"
9468
"passphrase_passwd=[secrets]\n"
9469
9470
#: serverguide/C/security.xml:1758(para)
9471
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9472
msgstr ""
9473
9474
#: serverguide/C/security.xml:1762(programlisting)
9475
#, no-wrap
9476
msgid ""
9477
"\n"
9478
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9479
"/srv /srv ecryptfs defaults 0 0\n"
9480
msgstr ""
9481
"\n"
9482
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9483
"/srv /srv ecryptfs defaults 0 0\n"
9484
9485
#: serverguide/C/security.xml:1767(para)
9486
msgid "Make sure the USB drive is mounted before the encrypted partition."
9487
msgstr ""
9488
9489
#: serverguide/C/security.xml:1771(para)
9490
msgid ""
9491
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9492
"ecryptfs."
9493
msgstr ""
9494
9495
#: serverguide/C/security.xml:1779(para)
9496
msgid ""
9497
"The <application>ecryptfs-utils</application> package includes several other "
9498
"useful utilities:"
9499
msgstr ""
9500
9501
#: serverguide/C/security.xml:1785(para)
9502
msgid ""
9503
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9504
"<filename>~/Private</filename> directory to contain encrypted information. "
9505
"This utility can be run by unprivileged users to keep data private from "
9506
"other users on the system."
9507
msgstr ""
9508
9509
#: serverguide/C/security.xml:1792(para)
9510
msgid ""
9511
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9512
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9513
"directory."
9514
msgstr ""
9515
9516
#: serverguide/C/security.xml:1798(para)
9517
msgid ""
9518
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9519
"kernel keyring."
9520
msgstr ""
9521
9522
#: serverguide/C/security.xml:1803(para)
9523
msgid ""
9524
"<emphasis>ecryptfs-manager:</emphasis> manages "
9525
"<application>eCryptfs</application> objects such as keys."
9526
msgstr ""
9527
9528
#: serverguide/C/security.xml:1808(para)
9529
msgid ""
9530
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9531
"<application>ecryptfs</application> meta information for a file."
9532
msgstr ""
9533
9534
#: serverguide/C/security.xml:1821(para)
9535
msgid ""
9536
"For more information on eCryptfs see the <ulink "
9537
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9538
msgstr ""
9539
9540
#: serverguide/C/security.xml:1826(para)
9541
msgid ""
9542
"There is also a <ulink "
9543
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9544
"article covering eCryptfs."
9545
msgstr ""
9546
9547
#: serverguide/C/security.xml:1831(para)
9548
msgid ""
9549
"Also, for more <application>ecryptfs</application> options see the <ulink "
9550
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
9551
"yptfs man page</ulink>."
9552
msgstr ""
9553
9554
#: serverguide/C/security.xml:1837(para)
9555
msgid ""
9556
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9557
"Ubuntu Wiki</ulink> page also has more details."
9558
msgstr ""
9559
9560
#: serverguide/C/reporting-bugs.xml:13(title)
9561
msgid "Appendix"
9562
msgstr ""
9563
9564
#: serverguide/C/reporting-bugs.xml:16(title)
9565
msgid "Reporting Bugs in Ubuntu Server Edition"
9566
msgstr ""
9567
9568
#: serverguide/C/reporting-bugs.xml:18(para)
9569
msgid ""
9570
"While the Ubuntu Project attempts to release software with as few bugs as "
9571
"possible, they do occur. You can help fix these bugs by reporting ones that "
9572
"you find to the project. The Ubuntu Project uses <ulink "
9573
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9574
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9575
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9576
"account</ulink>."
9577
msgstr ""
9578
9579
#: serverguide/C/reporting-bugs.xml:30(title)
9580
msgid "Reporting Bugs With ubuntu-bug"
9581
msgstr ""
9582
9583
#: serverguide/C/reporting-bugs.xml:32(para)
9584
msgid ""
9585
"The preferred way to report a bug is with the <application>ubuntu-"
9586
"bug</application> command. The ubuntu-bug tool gathers information about the "
9587
"system useful to developers in diagnosing the reported problem that will "
9588
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9589
"need to be filed against a specific software package, thus the name of the "
9590
"package that the bug occurs in needs to be given to ubuntu-bug:"
9591
msgstr ""
9592
9593
#: serverguide/C/reporting-bugs.xml:43(command)
9594
msgid "ubuntu-bug PACKAGENAME"
9595
msgstr ""
9596
9597
#: serverguide/C/reporting-bugs.xml:46(para)
9598
msgid ""
9599
"For example, to file a bug against the openssh-server package, you would do:"
9600
msgstr ""
9601
9602
#: serverguide/C/reporting-bugs.xml:51(command)
9603
msgid "ubuntu-bug openssh-server"
9604
msgstr ""
9605
9606
#: serverguide/C/reporting-bugs.xml:54(para)
9607
msgid ""
9608
"You can specify either a binary package or the source package for ubuntu-"
9609
"bug. Again using openssh-server as an example, you could also generate the "
9610
"report against the source package for openssh-server, openssh:"
9611
msgstr ""
9612
9613
#: serverguide/C/reporting-bugs.xml:62(command)
9614
msgid "ubuntu-bug openssh"
9615
msgstr ""
9616
9617
#: serverguide/C/reporting-bugs.xml:66(para)
9618
msgid ""
9619
"See <xref linkend=\"package-management\"/> for more information about "
9620
"packages in Ubuntu."
9621
msgstr ""
9622
9623
#: serverguide/C/reporting-bugs.xml:72(para)
9624
msgid ""
9625
"The ubuntu-bug command will gather information about the system in question, "
9626
"possibly including information specific to the specified package, and then "
9627
"ask you what you would like to do with collected information:"
9628
msgstr ""
9629
9630
#: serverguide/C/reporting-bugs.xml:80(command)
9631
msgid "ubuntu-bug postgresql"
9632
msgstr ""
9633
9634
#: serverguide/C/reporting-bugs.xml:79(screen)
9635
#, no-wrap
9636
msgid ""
9637
"\n"
9638
"<placeholder-1/>\n"
9639
"\n"
9640
"*** Collecting problem information\n"
9641
"\n"
9642
"The collected information can be sent to the developers to improve the\n"
9643
"application. This might take a few minutes.\n"
9644
"..........\n"
9645
"\n"
9646
"*** Send problem report to the developers?\n"
9647
"\n"
9648
"After the problem report has been sent, please fill out the form in the\n"
9649
"automatically opened web browser.\n"
9650
"\n"
9651
"What would you like to do? Your options are:\n"
9652
" S: Send report (1.7 KiB)\n"
9653
" V: View report\n"
9654
" K: Keep report file for sending later or copying to somewhere else\n"
9655
" C: Cancel\n"
9656
"Please choose (S/V/K/C):\n"
9657
msgstr ""
9658
9659
#: serverguide/C/reporting-bugs.xml:101(para)
9660
msgid "The options available are:"
9661
msgstr ""
9662
9663
#: serverguide/C/reporting-bugs.xml:108(para)
9664
msgid ""
9665
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9666
"the collected information to Launchpad as part of the the process of filing "
9667
"a bug report. You will be given the opportunity to describe the situation "
9668
"that led up to the occurrance of the bug."
9669
msgstr ""
9670
9671
#: serverguide/C/reporting-bugs.xml:115(screen)
9672
#, no-wrap
9673
msgid ""
9674
"\n"
9675
"*** Uploading problem information\n"
9676
"\n"
9677
"The collected information is being sent to the bug tracking system.\n"
9678
"This might take a few minutes.\n"
9679
"91%\n"
9680
"\n"
9681
"*** To continue, you must visit the following URL:\n"
9682
"\n"
9683
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9684
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9685
"\n"
9686
"You can launch a browser now, or copy this URL into a browser on another\n"
9687
"computer.\n"
9688
"\n"
9689
"Choices:\n"
9690
" 1: Launch a browser now\n"
9691
" C: Cancel\n"
9692
"Please choose (1/C):\n"
9693
msgstr ""
9694
9695
#: serverguide/C/reporting-bugs.xml:135(para)
9696
msgid ""
9697
"If you choose to start a browser, by default the text based web browser "
9698
"<application>w3m</application> will be used to finish filing the bug report. "
9699
"Alternately, you can copy the given URL to a currently running web browser."
9700
msgstr ""
9701
9702
#: serverguide/C/reporting-bugs.xml:144(para)
9703
msgid ""
9704
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9705
"the collected information to be displayed to the terminal for review."
9706
msgstr ""
9707
9708
#: serverguide/C/reporting-bugs.xml:150(screen)
9709
#, no-wrap
9710
msgid ""
9711
"\n"
9712
"Package: postgresql 8.4.2-2\n"
9713
"PackageArchitecture: all\n"
9714
"Tags: lucid\n"
9715
"ProblemType: Bug\n"
9716
"ProcEnviron:\n"
9717
" LANG=en_US.UTF-8\n"
9718
" SHELL=/bin/bash\n"
9719
"Uname: Linux 2.6.32-16-server x86_64\n"
9720
"Dependencies:\n"
9721
" adduser 3.112ubuntu1\n"
9722
" base-files 5.0.0ubuntu10\n"
9723
" base-passwd 3.5.22\n"
9724
" coreutils 7.4-2ubuntu2\n"
9725
"...\n"
9726
msgstr ""
9727
9728
#: serverguide/C/reporting-bugs.xml:167(para)
9729
msgid ""
9730
"After viewing the report, you will be brought back to the same menu asking "
9731
"what you would like to do with the report."
9732
msgstr ""
9733
9734
#: serverguide/C/reporting-bugs.xml:174(para)
9735
msgid ""
9736
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9737
"File causes the gathered information to be written to a file. This file can "
9738
"then be used to later file a bug report or transferred to a different Ubuntu "
9739
"system for reporting. To submit the report file, simply give it as an "
9740
"argument to the ubuntu-bug command:"
9741
msgstr ""
9742
9743
#: serverguide/C/reporting-bugs.xml:189(userinput)
9744
#, no-wrap
9745
msgid "k"
9746
msgstr ""
9747
9748
#: serverguide/C/reporting-bugs.xml:192(command)
9749
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9750
msgstr ""
9751
9752
#: serverguide/C/reporting-bugs.xml:183(screen)
9753
#, no-wrap
9754
msgid ""
9755
"\n"
9756
"What would you like to do? Your options are:\n"
9757
" S: Send report (1.7 KiB)\n"
9758
" V: View report\n"
9759
" K: Keep report file for sending later or copying to somewhere else\n"
9760
" C: Cancel\n"
9761
"Please choose (S/V/K/C): <placeholder-1/>\n"
9762
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9763
"\n"
9764
"<placeholder-2/>\n"
9765
"\n"
9766
"*** Send problem report to the developers?\n"
9767
"...\n"
9768
msgstr ""
9769
9770
#: serverguide/C/reporting-bugs.xml:200(para)
9771
msgid ""
9772
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9773
"collected information to be discarded."
9774
msgstr ""
9775
9776
#: serverguide/C/reporting-bugs.xml:210(title)
9777
msgid "Reporting Application Crashes"
9778
msgstr ""
9779
9780
#: serverguide/C/reporting-bugs.xml:212(para)
9781
msgid ""
9782
"The software package that provides the ubuntu-bug utility, "
9783
"<application>apport</application>, can be configured to trigger when "
9784
"applications crash. This is disabled by default, as capturing a crash can be "
9785
"resource intensive depending on how much memory the application that crashed "
9786
"was using as apport captures and processes the core dump."
9787
msgstr ""
9788
9789
#: serverguide/C/reporting-bugs.xml:221(para)
9790
msgid ""
9791
"Configuring apport to capture information about crashing applications "
9792
"requires a couple of steps. First, <application>gdb</application> needs to "
9793
"be installed; it is not installed by default in Ubuntu Server Edition."
9794
msgstr ""
9795
9796
#: serverguide/C/reporting-bugs.xml:229(command)
9797
msgid "sudo apt-get install gdb"
9798
msgstr ""
9799
9800
#: serverguide/C/reporting-bugs.xml:232(para)
9801
msgid ""
9802
"See <xref linkend=\"package-management\"/> for more information about "
9803
"managing packages in Ubuntu."
9804
msgstr ""
9805
9806
#: serverguide/C/reporting-bugs.xml:237(para)
9807
msgid ""
9808
"Once you have ensured that gdb is installed, open the file "
9809
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9810
"<emphasis>enabled</emphasis> setting to be <emphasis "
9811
"role=\"bold\">1</emphasis> like so:"
9812
msgstr ""
9813
9814
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9815
#, no-wrap
9816
msgid ""
9817
"\n"
9818
"# set this to 0 to disable apport, or to 1 to enable it\n"
9819
"# you can temporarily override this with\n"
9820
"# sudo service apport start force_start=1\n"
9821
"enabled=<userinput>1</userinput>\n"
9822
"\n"
9823
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9824
"maxsize=209715200\n"
9825
msgstr ""
9826
9827
#: serverguide/C/reporting-bugs.xml:254(para)
9828
msgid ""
9829
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9830
"start the apport service:"
9831
msgstr ""
9832
9833
#: serverguide/C/reporting-bugs.xml:261(command)
9834
msgid "sudo start apport"
9835
msgstr ""
9836
9837
#: serverguide/C/reporting-bugs.xml:264(para)
9838
msgid ""
9839
"After an application crashes, use the <application>apport-cli</application> "
9840
"command to search for the existing saved crash report information:"
9841
msgstr ""
9842
9843
#: serverguide/C/reporting-bugs.xml:271(command)
9844
msgid "apport-cli"
9845
msgstr ""
9846
9847
#: serverguide/C/reporting-bugs.xml:270(screen)
9848
#, no-wrap
9849
msgid ""
9850
"\n"
9851
"<placeholder-1/>\n"
9852
"\n"
9853
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9854
"\n"
9855
"If you were not doing anything confidential (entering passwords or other\n"
9856
"private information), you can help to improve the application by\n"
9857
"reporting\n"
9858
"the problem.\n"
9859
"\n"
9860
"What would you like to do? Your options are:\n"
9861
" R: Report Problem...\n"
9862
" I: Cancel and ignore future crashes of this program version\n"
9863
" C: Cancel\n"
9864
"Please choose (R/I/C):\n"
9865
msgstr ""
9866
9867
#: serverguide/C/reporting-bugs.xml:287(para)
9868
msgid ""
9869
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9870
"steps as when using ubuntu-bug. One important difference is that a crash "
9871
"report will be marked as private when filed on Launchpad, meaning that it "
9872
"will be visible to only a limited set of bug triagers. These triagers will "
9873
"review the gathered data for private information before making the bug "
9874
"report publicly visible."
9875
msgstr ""
9876
9877
#: serverguide/C/reporting-bugs.xml:307(para)
9878
msgid ""
9879
"See the <ulink "
9880
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9881
"Bugs</ulink> Ubuntu wiki page."
9882
msgstr ""
9883
9884
#: serverguide/C/reporting-bugs.xml:313(para)
9885
msgid ""
9886
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9887
"has some useful information. Though some of it pertains to using a GUI."
9888
msgstr ""
9889
9890
#: serverguide/C/remote-administration.xml:13(title)
9891
msgid "Remote Administration"
9892
msgstr ""
9893
9894
#: serverguide/C/remote-administration.xml:14(para)
9895
msgid ""
9896
"There are many ways to remotely administer a Linux server. This chapter will "
9897
"cover one of the most popular <application>SSH</application> as well as "
9898
"<application>eBox</application>, a web based administration framework."
9899
msgstr ""
9900
9901
#: serverguide/C/remote-administration.xml:23(para)
9902
msgid ""
9903
"This section of the Ubuntu Server Guide introduces a powerful collection of "
9904
"tools for the remote control of networked computers and transfer of data "
9905
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
9906
"also learn about some of the configuration settings possible with the "
9907
"OpenSSH server application and how to change them on your Ubuntu system."
9908
msgstr ""
9909
9910
#: serverguide/C/remote-administration.xml:30(para)
9911
msgid ""
9912
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
9913
"family of tools for remotely controlling a computer or transferring files "
9914
"between computers. Traditional tools used to accomplish these functions, "
9915
"such as <application>telnet</application> or <application>rcp</application>, "
9916
"are insecure and transmit the user's password in cleartext when used. "
9917
"OpenSSH provides a server daemon and client tools to facilitate secure, "
9918
"encrypted remote control and file transfer operations, effectively replacing "
9919
"the legacy tools."
9920
msgstr ""
9921
9922
#: serverguide/C/remote-administration.xml:39(para)
9923
msgid ""
9924
"The OpenSSH server component, <application>sshd</application>, listens "
9925
"continuously for client connections from any of the client tools. When a "
9926
"connection request occurs, <application>sshd</application> sets up the "
9927
"correct connection depending on the type of client tool connecting. For "
9928
"example, if the remote computer is connecting with the "
9929
"<application>ssh</application> client application, the OpenSSH server sets "
9930
"up a remote control session after authentication. If a remote user connects "
9931
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
9932
"daemon initiates a secure copy of files between the server and client after "
9933
"authentication. OpenSSH can use many authentication methods, including plain "
9934
"password, public key, and <application>Kerberos</application> tickets."
9935
msgstr ""
9936
9937
#: serverguide/C/remote-administration.xml:53(para)
9938
msgid ""
9939
"Installation of the OpenSSH client and server applications is simple. To "
9940
"install the OpenSSH client applications on your Ubuntu system, use this "
9941
"command at a terminal prompt:"
9942
msgstr ""
9943
9944
#: serverguide/C/remote-administration.xml:59(command)
9945
msgid "sudo apt-get install openssh-client"
9946
msgstr "sudo apt-get install openssh-client"
9947
9948
#: serverguide/C/remote-administration.xml:61(para)
9949
msgid ""
9950
"To install the OpenSSH server application, and related support files, use "
9951
"this command at a terminal prompt:"
9952
msgstr ""
9953
9954
#: serverguide/C/remote-administration.xml:66(command)
9955
msgid "sudo apt-get install openssh-server"
9956
msgstr "sudo apt-get install openssh-server"
9957
9958
#: serverguide/C/remote-administration.xml:68(para)
9959
msgid ""
9960
"The <application>openssh-server</application> package can also be selected "
9961
"to install during the Server Edition installation process."
9962
msgstr ""
9963
9964
#: serverguide/C/remote-administration.xml:75(para)
9965
msgid ""
9966
"You may configure the default behavior of the OpenSSH server application, "
9967
"<application>sshd</application>, by editing the file "
9968
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
9969
"configuration directives used in this file, you may view the appropriate "
9970
"manual page with the following command, issued at a terminal prompt:"
9971
msgstr ""
9972
9973
#: serverguide/C/remote-administration.xml:83(command)
9974
msgid "man sshd_config"
9975
msgstr "man sshd_config"
9976
9977
#: serverguide/C/remote-administration.xml:85(para)
9978
msgid ""
9979
"There are many directives in the <application>sshd</application> "
9980
"configuration file controlling such things as communication settings and "
9981
"authentication modes. The following are examples of configuration directives "
9982
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
9983
"file."
9984
msgstr ""
9985
9986
#: serverguide/C/remote-administration.xml:92(para)
9987
msgid ""
9988
"Prior to editing the configuration file, you should make a copy of the "
9989
"original file and protect it from writing so you will have the original "
9990
"settings as a reference and to reuse as necessary."
9991
msgstr ""
9992
9993
#: serverguide/C/remote-administration.xml:96(para)
9994
msgid ""
9995
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
9996
"writing with the following commands, issued at a terminal prompt:"
9997
msgstr ""
9998
9999
#: serverguide/C/remote-administration.xml:101(command)
10000
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10001
msgstr "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
10002
10003
#: serverguide/C/remote-administration.xml:102(command)
10004
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
10005
msgstr "sudo chmod a-w /etc/ssh/sshd_config.original"
10006
10007
#: serverguide/C/remote-administration.xml:104(para)
10008
msgid ""
10009
"The following are examples of configuration directives you may change:"
10010
msgstr ""
10011
10012
#: serverguide/C/remote-administration.xml:109(para)
10013
msgid ""
10014
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
10015
"port 22, change the Port directive as such:"
10016
msgstr ""
10017
10018
#: serverguide/C/remote-administration.xml:113(para)
10019
msgid "Port 2222"
10020
msgstr "Порт 2222"
10021
10022
#: serverguide/C/remote-administration.xml:118(para)
10023
msgid ""
10024
"To have <application>sshd</application> allow public key-based login "
10025
"credentials, simply add or modify the line:"
10026
msgstr ""
10027
10028
#: serverguide/C/remote-administration.xml:122(para)
10029
msgid "PubkeyAuthentication yes"
10030
msgstr ""
10031
10032
#: serverguide/C/remote-administration.xml:125(para)
10033
msgid ""
10034
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
10035
"present, ensure the line is not commented out."
10036
msgstr ""
10037
10038
#: serverguide/C/remote-administration.xml:131(para)
10039
msgid ""
10040
"To make your OpenSSH server display the contents of the "
10041
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
10042
"or modify the line:"
10043
msgstr ""
10044
10045
#: serverguide/C/remote-administration.xml:136(para)
10046
msgid "Banner /etc/issue.net"
10047
msgstr ""
10048
10049
#: serverguide/C/remote-administration.xml:139(para)
10050
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
10051
msgstr "У файле <filename>/etc/ssh/sshd_config</filename>."
10052
10053
#: serverguide/C/remote-administration.xml:144(para)
10054
msgid ""
10055
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
10056
"save the file, and restart the <application>sshd</application> server "
10057
"application to effect the changes using the following command at a terminal "
10058
"prompt:"
10059
msgstr ""
10060
10061
#: serverguide/C/remote-administration.xml:153(para)
10062
msgid ""
10063
"Many other configuration directives for <application>sshd</application> are "
10064
"available for changing the server application's behavior to fit your needs. "
10065
"Be advised, however, if your only method of access to a server is "
10066
"<application>ssh</application>, and you make a mistake in configuring "
10067
"<application>sshd</application> via the "
10068
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
10069
"out of the server upon restarting it, or that the "
10070
"<application>sshd</application> server refuses to start due to an incorrect "
10071
"configuration directive, so be extra careful when editing this file on a "
10072
"remote server."
10073
msgstr ""
10074
10075
#: serverguide/C/remote-administration.xml:168(title)
10076
msgid "SSH Keys"
10077
msgstr "Ключы SSH"
10078
10079
#: serverguide/C/remote-administration.xml:169(para)
10080
msgid ""
10081
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
10082
"the need of a password. SSH key authentication uses two keys a "
10083
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
10084
msgstr ""
10085
10086
#: serverguide/C/remote-administration.xml:173(para)
10087
msgid "To generate the keys, from a terminal prompt enter:"
10088
msgstr ""
10089
10090
#: serverguide/C/remote-administration.xml:177(command)
10091
msgid "ssh-keygen -t dsa"
10092
msgstr "ssh-keygen -t dsa"
10093
10094
#: serverguide/C/remote-administration.xml:179(para)
10095
msgid ""
10096
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
10097
"identity of the user. During the process you will be prompted for a "
10098
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
10099
"key."
10100
msgstr ""
10101
10102
#: serverguide/C/remote-administration.xml:183(para)
10103
msgid ""
10104
"By default the <emphasis>public</emphasis> key is saved in the file "
10105
"<filename>~/.ssh/id_dsa.pub</filename>, while "
10106
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
10107
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
10108
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
10109
msgstr ""
10110
10111
#: serverguide/C/remote-administration.xml:189(command)
10112
msgid "ssh-copy-id username@remotehost"
10113
msgstr "ssh-copy-id username@remotehost"
10114
10115
#: serverguide/C/remote-administration.xml:191(para)
10116
msgid ""
10117
"Finally, double check the permissions on the "
10118
"<filename>authorized_keys</filename> file, only the authenticated user "
10119
"should have read and write permissions. If the permissions are not correct "
10120
"change them by:"
10121
msgstr ""
10122
10123
#: serverguide/C/remote-administration.xml:196(command)
10124
msgid "chmod 600 .ssh/authorized_keys"
10125
msgstr ""
10126
10127
#: serverguide/C/remote-administration.xml:198(para)
10128
msgid ""
10129
"You should now be able to SSH to the host without being prompted for a "
10130
"password."
10131
msgstr ""
10132
10133
#: serverguide/C/remote-administration.xml:207(para)
10134
msgid ""
10135
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10136
"page."
10137
msgstr ""
10138
10139
#: serverguide/C/remote-administration.xml:213(ulink)
10140
msgid "OpenSSH Website"
10141
msgstr "Вэб-старонка OpenSSH"
10142
10143
#: serverguide/C/remote-administration.xml:218(ulink)
10144
msgid "Advanced OpenSSH Wiki Page"
10145
msgstr ""
10146
10147
#: serverguide/C/remote-administration.xml:226(title)
10148
msgid "eBox"
10149
msgstr "eBox"
10150
10151
#: serverguide/C/remote-administration.xml:227(para)
10152
msgid ""
10153
"<application>eBox</application> is a web framework used to manage server "
10154
"application configuration. The modular design of eBox allows you to pick and "
10155
"choose which services you want to configure using eBox."
10156
msgstr ""
10157
10158
#: serverguide/C/remote-administration.xml:234(para)
10159
msgid ""
10160
"The different <application>eBox</application> modules are split into "
10161
"different packages, allowing you to only install those necessary. One way to "
10162
"view the available packages is to enter the following from a terminal:"
10163
msgstr ""
10164
10165
#: serverguide/C/remote-administration.xml:240(command)
10166
msgid "apt-cache rdepends ebox | uniq"
10167
msgstr "apt-cache rdepends ebox | uniq"
10168
10169
#: serverguide/C/remote-administration.xml:242(para)
10170
msgid ""
10171
"To install the <application>ebox</application> package, which contains the "
10172
"default modules, enter the following:"
10173
msgstr ""
10174
10175
#: serverguide/C/remote-administration.xml:247(command)
10176
msgid "sudo apt-get install ebox"
10177
msgstr "sudo apt-get install ebox"
10178
10179
#: serverguide/C/remote-administration.xml:250(para)
10180
msgid ""
10181
"During the installation you will be asked to supply a password for the ebox "
10182
"user. After installing eBox the web interface can be accessed from: "
10183
"<emphasis>https://yourserver/ebox</emphasis>."
10184
msgstr ""
10185
10186
#: serverguide/C/remote-administration.xml:259(para)
10187
msgid ""
10188
"An important thing to remember when using <application>eBox</application> is "
10189
"that when configuring most modules there is a <emphasis>Change</emphasis> "
10190
"button that implements the new configuration. After clicking the Change "
10191
"button most, but not all, modules will then need to be "
10192
"<emphasis>Saved</emphasis>. To save the new configuration click on the "
10193
"<quote>Save changes</quote> link in the top right hand corner."
10194
msgstr ""
10195
10196
#: serverguide/C/remote-administration.xml:267(para)
10197
msgid ""
10198
"Once you make a change that requires a Save, the link will change from green "
10199
"to red."
10200
msgstr ""
10201
10202
#: serverguide/C/remote-administration.xml:273(title)
10203
msgid "eBox Modules"
10204
msgstr "Модулі eBox"
10205
10206
#: serverguide/C/remote-administration.xml:274(para)
10207
msgid ""
10208
"By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
10209
"new module is installed it will not be automatically enabled."
10210
msgstr ""
10211
10212
#: serverguide/C/remote-administration.xml:278(para)
10213
msgid ""
10214
"To enable a disabled module click on the <emphasis>Module status</emphasis> "
10215
"link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
10216
"which modules you would like to enable and click the <quote>Save</quote> "
10217
"link."
10218
msgstr ""
10219
10220
#: serverguide/C/remote-administration.xml:284(title)
10221
msgid "Default Modules"
10222
msgstr "Прадвызначаныя модулі"
10223
10224
#: serverguide/C/remote-administration.xml:285(para)
10225
msgid ""
10226
"This section provides a quick summary of the default "
10227
"<application>eBox</application> modules."
10228
msgstr ""
10229
10230
#: serverguide/C/remote-administration.xml:291(para)
10231
msgid ""
10232
"<emphasis>System:</emphasis> contains options allowing configuration of "
10233
"general eBox items."
10234
msgstr ""
10235
10236
#: serverguide/C/remote-administration.xml:297(para)
10237
msgid ""
10238
"<emphasis>General:</emphasis> allows you to set the language, port number, "
10239
"and contains a change password form."
10240
msgstr ""
10241
10242
#: serverguide/C/remote-administration.xml:303(para)
10243
msgid ""
10244
"<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
10245
"about disk usage."
10246
msgstr ""
10247
10248
#: serverguide/C/remote-administration.xml:309(para)
10249
msgid ""
10250
"<emphasis>Backup:</emphasis> is used to backup "
10251
"<application>eBox</application> configuration information, and the "
10252
"<emphasis>Full Backup</emphasis> option allows you to save all eBox "
10253
"information not included in the <emphasis>Configuration</emphasis> option "
10254
"such as log files."
10255
msgstr ""
10256
10257
#: serverguide/C/remote-administration.xml:317(para)
10258
msgid ""
10259
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
10260
msgstr ""
10261
10262
#: serverguide/C/remote-administration.xml:322(para)
10263
msgid ""
10264
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
10265
"when reporting bugs to the eBox developers."
10266
msgstr ""
10267
10268
#: serverguide/C/remote-administration.xml:330(para)
10269
msgid ""
10270
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
10271
"queried depending on the purge time configured."
10272
msgstr ""
10273
10274
#: serverguide/C/remote-administration.xml:336(para)
10275
msgid ""
10276
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
10277
"through rss, jabber, and log file."
10278
msgstr ""
10279
10280
#: serverguide/C/remote-administration.xml:343(emphasis)
10281
msgid "Available Events:"
10282
msgstr ""
10283
10284
#: serverguide/C/remote-administration.xml:347(para)
10285
msgid ""
10286
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
10287
"drops below a configured percentage, 10% by default."
10288
msgstr ""
10289
10290
#: serverguide/C/remote-administration.xml:353(para)
10291
msgid ""
10292
"<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
10293
"has logged something."
10294
msgstr ""
10295
10296
#: serverguide/C/remote-administration.xml:359(para)
10297
msgid ""
10298
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
10299
"any issues arise."
10300
msgstr ""
10301
10302
#: serverguide/C/remote-administration.xml:365(para)
10303
msgid ""
10304
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
10305
"times in a short time period."
10306
msgstr ""
10307
10308
#: serverguide/C/remote-administration.xml:371(para)
10309
msgid ""
10310
"<emphasis>State:</emphasis> alerts on the state of "
10311
"<application>eBox</application>, either up or down."
10312
msgstr ""
10313
10314
#: serverguide/C/remote-administration.xml:380(emphasis)
10315
msgid "Dispatchers:"
10316
msgstr ""
10317
10318
#: serverguide/C/remote-administration.xml:384(para)
10319
msgid ""
10320
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
10321
"<application>eBox</application> log file "
10322
"<filename>/var/log/ebox/ebox.log</filename>."
10323
msgstr ""
10324
10325
#: serverguide/C/remote-administration.xml:391(para)
10326
msgid ""
10327
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
10328
"configure it by clicking on the <quote>Configure</quote> icon."
10329
msgstr ""
10330
10331
#: serverguide/C/remote-administration.xml:397(para)
10332
msgid ""
10333
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
10334
"subscribe to the link in order to view event alerts."
10335
msgstr ""
10336
10337
#: serverguide/C/remote-administration.xml:410(title)
10338
msgid "Additional Modules"
10339
msgstr "Дадатковыя модулі"
10340
10341
#: serverguide/C/remote-administration.xml:411(para)
10342
msgid ""
10343
"Here is a quick description of other available "
10344
"<application>eBox</application> modules:"
10345
msgstr ""
10346
10347
#: serverguide/C/remote-administration.xml:416(para)
10348
msgid ""
10349
"<emphasis>Network:</emphasis> allows configuration of the server's network "
10350
"options through eBox."
10351
msgstr ""
10352
10353
#: serverguide/C/remote-administration.xml:422(para)
10354
msgid ""
10355
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
10356
msgstr ""
10357
10358
#: serverguide/C/remote-administration.xml:427(para)
10359
msgid ""
10360
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
10361
"groups contained in an <application>OpenLDAP</application> LDAP directory."
10362
msgstr ""
10363
10364
#: serverguide/C/remote-administration.xml:433(para)
10365
msgid ""
10366
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
10367
"server."
10368
msgstr ""
10369
10370
#: serverguide/C/remote-administration.xml:438(para)
10371
msgid ""
10372
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
10373
"server configuration options."
10374
msgstr ""
10375
10376
#: serverguide/C/remote-administration.xml:444(para)
10377
msgid ""
10378
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
10379
"Objects</emphasis>, which allow you to assign a name to an IP address or "
10380
"group of IPs."
10381
msgstr ""
10382
10383
#: serverguide/C/remote-administration.xml:451(para)
10384
msgid ""
10385
"<emphasis>Services:</emphasis> displays configuration information for "
10386
"services that are available to the network."
10387
msgstr ""
10388
10389
#: serverguide/C/remote-administration.xml:457(para)
10390
msgid ""
10391
"<emphasis>Squid:</emphasis> configuration options for the "
10392
"<application>Squid</application> proxy server."
10393
msgstr ""
10394
10395
#: serverguide/C/remote-administration.xml:463(para)
10396
msgid ""
10397
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
10398
msgstr ""
10399
10400
#: serverguide/C/remote-administration.xml:468(para)
10401
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
10402
msgstr ""
10403
10404
#: serverguide/C/remote-administration.xml:473(para)
10405
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
10406
msgstr ""
10407
10408
#: serverguide/C/remote-administration.xml:478(para)
10409
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
10410
msgstr ""
10411
10412
#: serverguide/C/remote-administration.xml:483(para)
10413
msgid ""
10414
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
10415
"Network application."
10416
msgstr ""
10417
10418
#: serverguide/C/remote-administration.xml:494(para)
10419
msgid ""
10420
"The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
10421
"Wiki</ulink> page has more details."
10422
msgstr ""
10423
10424
#: serverguide/C/remote-administration.xml:499(para)
10425
msgid ""
10426
"For more information also see the <ulink url=\"http://ebox-"
10427
"platform.com/\">eBox Home Page</ulink>."
10428
msgstr ""
10429
10430
#: serverguide/C/package-management.xml:13(title)
10431
msgid "Package Management"
10432
msgstr "Кіраваньне пакетамі"
10433
10434
#: serverguide/C/package-management.xml:14(para)
10435
msgid ""
10436
"Ubuntu features a comprehensive package management system for the "
10437
"installation, upgrade, configuration, and removal of software. In addition "
10438
"to providing access to an organized base of over 24,000 software packages "
10439
"for your Ubuntu computer, the package management facilities also feature "
10440
"dependency resolution capabilities and software update checking."
10441
msgstr ""
10442
10443
#: serverguide/C/package-management.xml:16(para)
10444
msgid ""
10445
"Several tools are available for interacting with Ubuntu's package management "
10446
"system, from simple command-line utilities which may be easily automated by "
10447
"system administrators, to a simple graphical interface which is easy to use "
10448
"by those new to Ubuntu."
10449
msgstr ""
10450
10451
#: serverguide/C/package-management.xml:21(para)
10452
msgid ""
10453
"Ubuntu's package management system is derived from the same system used by "
10454
"the Debian GNU/Linux distribution. The package files contain all of the "
10455
"necessary files, meta-data, and instructions to implement a particular "
10456
"functionality or software application on your Ubuntu computer."
10457
msgstr ""
10458
10459
#: serverguide/C/package-management.xml:24(para)
10460
msgid ""
10461
"Debian package files typically have the extension '.deb', and typically "
10462
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10463
"collections of packages found on various media, such as CD-ROM discs, or "
10464
"online. Packages are normally of the pre-compiled binary format; thus "
10465
"installation is quick and requires no compiling of software."
10466
msgstr ""
10467
10468
#: serverguide/C/package-management.xml:27(para)
10469
msgid ""
10470
"Many complex packages use the concept of <emphasis "
10471
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10472
"packages required by the principal package in order to function properly. "
10473
"For example, the speech synthesis package "
10474
"<application>Festival</application> depends upon the package "
10475
"<application>libasound2</application>, which is a package supplying the "
10476
"<application>ALSA</application> sound library needed for audio playback. In "
10477
"order for <application>Festival</application> to function, it and all of its "
10478
"dependencies must be installed. The software management tools in Ubuntu will "
10479
"do this automatically."
10480
msgstr ""
10481
10482
#: serverguide/C/package-management.xml:32(title)
10483
msgid "dpkg"
10484
msgstr "dpkg"
10485
10486
#: serverguide/C/package-management.xml:34(para)
10487
msgid ""
10488
"<application>dpkg</application> is a package manager for "
10489
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10490
"packages, but unlike other package management system's it can not "
10491
"automatically download and install packages and their dependencies. This "
10492
"section covers using <application>dpkg</application> to manage locally "
10493
"installed packages:"
10494
msgstr ""
10495
10496
#: serverguide/C/package-management.xml:43(para)
10497
msgid ""
10498
"To list all packages installed on the system, from a terminal prompt enter:"
10499
msgstr ""
10500
10501
#: serverguide/C/package-management.xml:48(command)
10502
msgid "dpkg -l"
10503
msgstr "dpkg -l"
10504
10505
#: serverguide/C/package-management.xml:54(para)
10506
msgid ""
10507
"Depending on the amount of packages on your system, this can generate a "
10508
"large amount of output. Pipe the output through "
10509
"<application>grep</application> to see if a specific package is installed:"
10510
msgstr ""
10511
10512
#: serverguide/C/package-management.xml:60(command)
10513
msgid "dpkg -l | grep apache2"
10514
msgstr "dpkg -l | grep apache2"
10515
10516
#: serverguide/C/package-management.xml:63(para)
10517
msgid ""
10518
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10519
"package name, or other regular expression."
10520
msgstr ""
10521
10522
#: serverguide/C/package-management.xml:70(para)
10523
msgid ""
10524
"To list the files installed by a package, in this case the "
10525
"<application>ufw</application> package, enter:"
10526
msgstr ""
10527
10528
#: serverguide/C/package-management.xml:75(command)
10529
msgid "dpkg -L ufw"
10530
msgstr "dpkg -L ufw"
10531
10532
#: serverguide/C/package-management.xml:81(para)
10533
msgid ""
10534
"If you are not sure which package installed a file, <application>dpkg -"
10535
"S</application> may be able to tell you. For example:"
10536
msgstr ""
10537
10538
#: serverguide/C/package-management.xml:87(command)
10539
msgid "dpkg -S /etc/host.conf"
10540
msgstr "dpkg -S /etc/host.conf"
10541
10542
#: serverguide/C/package-management.xml:88(computeroutput)
10543
#, no-wrap
10544
msgid "base-files: /etc/host.conf"
10545
msgstr "base-files: /etc/host.conf"
10546
10547
#: serverguide/C/package-management.xml:91(para)
10548
msgid ""
10549
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10550
"<application>base-files</application> package."
10551
msgstr ""
10552
10553
#: serverguide/C/package-management.xml:96(para)
10554
msgid ""
10555
"Many files are automatically generated during the package install process, "
10556
"and even though they are on the filesystem <command>dpkg -S</command> may "
10557
"not know which package they belong to."
10558
msgstr ""
10559
10560
#: serverguide/C/package-management.xml:105(para)
10561
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10562
msgstr ""
10563
10564
#: serverguide/C/package-management.xml:110(command)
10565
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10566
msgstr "sudo dpkg -i zip_2.32-1_i386.deb"
10567
10568
#: serverguide/C/package-management.xml:113(para)
10569
msgid ""
10570
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10571
"the local .deb file."
10572
msgstr ""
10573
10574
#: serverguide/C/package-management.xml:120(para)
10575
msgid "Uninstalling a package can be accomplished by:"
10576
msgstr ""
10577
10578
#: serverguide/C/package-management.xml:125(command)
10579
msgid "sudo dpkg -r zip"
10580
msgstr "sudo dpkg -r zip"
10581
10582
#: serverguide/C/package-management.xml:129(para)
10583
msgid ""
10584
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10585
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10586
"manager that handles dependencies, to ensure that the system is in a "
10587
"consistent state. For example using <command>dpkg -r</command> you can "
10588
"remove the <application>zip</application> package, but any packages that "
10589
"depend on it will still be installed and may no longer function correctly."
10590
msgstr ""
10591
10592
#: serverguide/C/package-management.xml:140(para)
10593
msgid ""
10594
"For more <application>dpkg</application> options see the man page: "
10595
"<command>man dpkg</command>."
10596
msgstr ""
10597
10598
#: serverguide/C/package-management.xml:146(title)
10599
msgid "Apt-Get"
10600
msgstr "Apt-Get"
10601
10602
#: serverguide/C/package-management.xml:147(para)
10603
msgid ""
10604
"The <application>apt-get</application> command is a powerful command-line "
10605
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10606
"(APT) performing such functions as installation of new software packages, "
10607
"upgrade of existing software packages, updating of the package list index, "
10608
"and even upgrading the entire Ubuntu system."
10609
msgstr ""
10610
10611
#: serverguide/C/package-management.xml:150(para)
10612
msgid ""
10613
"Being a simple command-line tool, <application>apt-get</application> has "
10614
"numerous advantages over other package management tools available in Ubuntu "
10615
"for server administrators. Some of these advantages include ease of use over "
10616
"simple terminal connections (SSH) and the ability to be used in system "
10617
"administration scripts, which can in turn be automated by the "
10618
"<application>cron</application> scheduling utility."
10619
msgstr ""
10620
10621
#: serverguide/C/package-management.xml:157(para)
10622
msgid ""
10623
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10624
"packages using the <application>apt-get</application> tool is quite simple. "
10625
"For example, to install the network scanner <emphasis "
10626
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10627
"<command>sudo apt-get install nmap</command>\n"
10628
"</screen>"
10629
msgstr ""
10630
10631
#: serverguide/C/package-management.xml:165(para)
10632
msgid ""
10633
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10634
"packages is also a straightforward and simple process. To remove the nmap "
10635
"package installed in the previous example, type the following: <screen>\n"
10636
"<command>sudo apt-get remove nmap</command>\n"
10637
"</screen>"
10638
msgstr ""
10639
10640
#: serverguide/C/package-management.xml:172(para)
10641
msgid ""
10642
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10643
"multiple packages to be installed or removed, separated by spaces."
10644
msgstr ""
10645
10646
#: serverguide/C/package-management.xml:175(para)
10647
msgid ""
10648
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10649
"remove</command> will remove the package configuration files as well. This "
10650
"may or may not be the desired effect so use with caution."
10651
msgstr ""
10652
10653
#: serverguide/C/package-management.xml:181(para)
10654
msgid ""
10655
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10656
"index is essentially a database of available packages from the repositories "
10657
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10658
"the local package index with the latest changes made in repositories, type "
10659
"the following: <screen>\n"
10660
"<command>sudo apt-get update</command>\n"
10661
"</screen>"
10662
msgstr ""
10663
10664
#: serverguide/C/package-management.xml:189(para)
10665
msgid ""
10666
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10667
"versions of packages currently installed on your computer may become "
10668
"available from the package repositories (for example security updates). To "
10669
"upgrade your system, first update your package index as outlined above, and "
10670
"then type: <screen>\n"
10671
"<command>sudo apt-get upgrade</command>\n"
10672
"</screen>"
10673
msgstr ""
10674
10675
#: serverguide/C/package-management.xml:195(para)
10676
msgid ""
10677
"For information on upgrading to a new Ubuntu release see <xref "
10678
"linkend=\"installing-upgrading\"/>."
10679
msgstr ""
10680
10681
#: serverguide/C/package-management.xml:153(para)
10682
msgid ""
10683
"Some examples of popular uses for the <application>apt-get</application> "
10684
"utility: <placeholder-1/>"
10685
msgstr ""
10686
10687
#: serverguide/C/package-management.xml:201(para)
10688
msgid ""
10689
"Actions of the <application>apt-get</application> command, such as "
10690
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10691
"log file."
10692
msgstr ""
10693
10694
#: serverguide/C/package-management.xml:204(para)
10695
msgid ""
10696
"For further information about the use of <application>APT</application>, "
10697
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10698
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10699
"help</screen>"
10700
msgstr ""
10701
10702
#: serverguide/C/package-management.xml:208(title)
10703
msgid "Aptitude"
10704
msgstr ""
10705
10706
#: serverguide/C/package-management.xml:209(para)
10707
msgid ""
10708
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10709
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10710
"the common package management functions, such as installation, removal, and "
10711
"upgrade, are performed in <application>Aptitude</application> with single-"
10712
"key commands, which are typically lowercase letters."
10713
msgstr ""
10714
10715
#: serverguide/C/package-management.xml:212(para)
10716
msgid ""
10717
"<application>Aptitude</application> is best suited for use in a non-"
10718
"graphical terminal environment to ensure proper functioning of the command "
10719
"keys. You may start <application>Aptitude</application> as a normal user "
10720
"with the following command at a terminal prompt: <screen>\n"
10721
"<command>sudo aptitude</command>\n"
10722
"</screen>"
10723
msgstr ""
10724
10725
#: serverguide/C/package-management.xml:219(para)
10726
msgid ""
10727
"When <application>Aptitude</application> starts, you will see a menu bar at "
10728
"the top of the screen and two panes below the menu bar. The top pane "
10729
"contains package categories, such as <emphasis role=\"italics\">New "
10730
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10731
"Packages</emphasis>. The bottom pane contains information related to the "
10732
"packages and package categories."
10733
msgstr ""
10734
10735
#: serverguide/C/package-management.xml:222(para)
10736
msgid ""
10737
"Using <application>Aptitude</application> for package management is "
10738
"relatively straightforward, and the user interface makes common tasks simple "
10739
"to perform. The following are examples of common package management "
10740
"functions as performed in <application>Aptitude</application>:"
10741
msgstr ""
10742
10743
#: serverguide/C/package-management.xml:226(para)
10744
msgid ""
10745
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10746
"locate the package via the Not Installed Packages package category, for "
10747
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10748
"key, and highlight the package you wish to install. After highlighting the "
10749
"package you wish to install, press the <keycap>+</keycap> key, and the "
10750
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10751
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10752
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10753
"again, and you will be prompted to become root to complete the installation. "
10754
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10755
"your user password to become root. Finally, press <keycap>g</keycap> once "
10756
"more and you'll be prompted to download the package. Press "
10757
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10758
"prompt, and downloading and installation of the package will commence."
10759
msgstr ""
10760
10761
#: serverguide/C/package-management.xml:230(para)
10762
msgid ""
10763
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10764
"locate the package via the Installed Packages package category, for example, "
10765
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10766
"highlight the package you wish to remove. After highlighting the package you "
10767
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10768
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10769
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10770
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10771
"prompted to become root to complete the installation. Press "
10772
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10773
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10774
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10775
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10776
"the package will commence."
10777
msgstr ""
10778
10779
#: serverguide/C/package-management.xml:234(para)
10780
msgid ""
10781
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10782
"package index, simply press the <keycap>u</keycap> key and you will be "
10783
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10784
"which will result in a Password: prompt. Enter your user password to become "
10785
"root. Updating of the package index will commence. Press "
10786
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10787
"presented to complete the process."
10788
msgstr ""
10789
10790
#: serverguide/C/package-management.xml:238(para)
10791
msgid ""
10792
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10793
"perform the update of the package index as detailed above, and then press "
10794
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
10795
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10796
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10797
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10798
"result in a Password: prompt. Enter your user password to become root. "
10799
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10800
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10801
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10802
"will commence."
10803
msgstr ""
10804
10805
#: serverguide/C/package-management.xml:245(para)
10806
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10807
msgstr ""
10808
10809
#: serverguide/C/package-management.xml:250(para)
10810
msgid ""
10811
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10812
"configuration remains on system"
10813
msgstr ""
10814
10815
#: serverguide/C/package-management.xml:254(para)
10816
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10817
msgstr ""
10818
10819
#: serverguide/C/package-management.xml:258(para)
10820
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10821
msgstr ""
10822
10823
#: serverguide/C/package-management.xml:262(para)
10824
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10825
msgstr ""
10826
10827
#: serverguide/C/package-management.xml:266(para)
10828
msgid ""
10829
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10830
"configured"
10831
msgstr ""
10832
10833
#: serverguide/C/package-management.xml:270(para)
10834
msgid ""
10835
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10836
"and requires fix"
10837
msgstr ""
10838
10839
#: serverguide/C/package-management.xml:274(para)
10840
msgid ""
10841
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10842
"requires fix"
10843
msgstr ""
10844
10845
#: serverguide/C/package-management.xml:242(para)
10846
msgid ""
10847
"The first column of information displayed in the package list in the top "
10848
"pane, when actually viewing packages lists the current state of the package, "
10849
"and uses the following key to describe the state of the package: "
10850
"<placeholder-1/>"
10851
msgstr ""
10852
10853
#: serverguide/C/package-management.xml:280(para)
10854
msgid ""
10855
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10856
"wish to exit. Many other functions are available from the Aptitude menu by "
10857
"pressing the <keycap>F10</keycap> key."
10858
msgstr ""
10859
10860
#: serverguide/C/package-management.xml:285(title)
10861
msgid "Automatic Updates"
10862
msgstr "Аўтаматычныя абнаўленьні"
10863
10864
#: serverguide/C/package-management.xml:287(para)
10865
msgid ""
10866
"The <application>unattended-upgrades</application> package can be used to "
10867
"automatically install updated packages, and can be configured to update all "
10868
"packages or just install security updates. First, install the package by "
10869
"entering the following in a terminal:"
10870
msgstr ""
10871
10872
#: serverguide/C/package-management.xml:293(command)
10873
msgid "sudo apt-get install unattended-upgrades"
10874
msgstr "sudo apt-get install unattended-upgrades"
10875
10876
#: serverguide/C/package-management.xml:296(para)
10877
msgid ""
10878
"To configure <application>unattended-upgrades</application>, edit "
10879
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10880
"the following to fit your needs:"
10881
msgstr ""
10882
10883
#: serverguide/C/package-management.xml:301(programlisting)
10884
#, no-wrap
10885
msgid ""
10886
"\n"
10887
"Unattended-Upgrade::Allowed-Origins {\n"
10888
" \"Ubuntu lucid-security\";\n"
10889
"// \"Ubuntu lucid-updates\";\n"
10890
"};\n"
10891
msgstr ""
10892
10893
#: serverguide/C/package-management.xml:308(para)
10894
msgid ""
10895
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10896
"will not be automatically updated. To blacklist a package, add it to the "
10897
"list:"
10898
msgstr ""
10899
10900
#: serverguide/C/package-management.xml:313(programlisting)
10901
#, no-wrap
10902
msgid ""
10903
"\n"
10904
"Unattended-Upgrade::Package-Blacklist {\n"
10905
"// \"vim\";\n"
10906
"// \"libc6\";\n"
10907
"// \"libc6-dev\";\n"
10908
"// \"libc6-i686\";\n"
10909
"};\n"
10910
msgstr ""
10911
10912
#: serverguide/C/package-management.xml:323(para)
10913
msgid ""
10914
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10915
"whatever follows \"//\" will not be evaluated."
10916
msgstr ""
10917
10918
#: serverguide/C/package-management.xml:328(para)
10919
msgid ""
10920
"To enable automatic updates, edit "
10921
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10922
"<application>apt</application> configuration options:"
10923
msgstr ""
10924
10925
#: serverguide/C/package-management.xml:332(programlisting)
10926
#, no-wrap
10927
msgid ""
10928
"\n"
10929
"APT::Periodic::Update-Package-Lists \"1\";\n"
10930
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10931
"APT::Periodic::AutocleanInterval \"7\";\n"
10932
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10933
msgstr ""
10934
10935
#: serverguide/C/package-management.xml:339(para)
10936
msgid ""
10937
"The above configuration updates the package list, downloads, and installs "
10938
"available upgrades every day. The local download archive is cleaned every "
10939
"week."
10940
msgstr ""
10941
10942
#: serverguide/C/package-management.xml:345(para)
10943
msgid ""
10944
"You can read more about <application>apt</application> Periodic "
10945
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10946
"header."
10947
msgstr ""
10948
10949
#: serverguide/C/package-management.xml:350(para)
10950
msgid ""
10951
"The results of <application>unattended-upgrades</application> will be logged "
10952
"to <filename>/var/log/unattended-upgrades</filename>."
10953
msgstr ""
10954
10955
#: serverguide/C/package-management.xml:355(title)
10956
msgid "Notifications"
10957
msgstr ""
10958
10959
#: serverguide/C/package-management.xml:357(para)
10960
msgid ""
10961
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10962
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10963
"<application>unattended-upgrades</application> to email an administrator "
10964
"detailing any packages that need upgrading or have problems."
10965
msgstr ""
10966
10967
#: serverguide/C/package-management.xml:362(para)
10968
msgid ""
10969
"Another useful package is <application>apticron</application>. "
10970
"<application>apticron</application> will configure a "
10971
"<application>cron</application> job to email an administrator information "
10972
"about any packages on the system that have updates available, as well as a "
10973
"summary of changes in each package."
10974
msgstr ""
10975
10976
#: serverguide/C/package-management.xml:368(para)
10977
msgid ""
10978
"To install the <application>apticron</application> package, in a terminal "
10979
"enter:"
10980
msgstr ""
10981
10982
#: serverguide/C/package-management.xml:373(command)
10983
msgid "sudo apt-get install apticron"
10984
msgstr "sudo apt-get install apticron"
10985
10986
#: serverguide/C/package-management.xml:376(para)
10987
msgid ""
10988
"Once the package is installed edit "
10989
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10990
"and other options:"
10991
msgstr ""
10992
10993
#: serverguide/C/package-management.xml:380(programlisting)
10994
#, no-wrap
10995
msgid ""
10996
"\n"
10997
"EMAIL=\"root@example.com\"\n"
10998
msgstr ""
10999
"\n"
11000
"EMAIL=\"root@example.com\"\n"
11001
11002
#: serverguide/C/package-management.xml:389(para)
11003
msgid ""
11004
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11005
"system repositories is stored in the /etc/apt/sources.list configuration "
11006
"file. An example of this file is referenced here, along with information on "
11007
"adding or removing repository references from the file."
11008
msgstr ""
11009
11010
#: serverguide/C/package-management.xml:395(para)
11011
msgid ""
11012
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
11013
"typical <filename>/etc/apt/sources.list</filename> file."
11014
msgstr ""
11015
11016
#: serverguide/C/package-management.xml:399(para)
11017
msgid ""
11018
"You may edit the file to enable repositories or disable them. For example, "
11019
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11020
"operations occur, simply comment out the appropriate line for the CD-ROM, "
11021
"which appears at the top of the file:"
11022
msgstr ""
11023
11024
#: serverguide/C/package-management.xml:404(screen)
11025
#, no-wrap
11026
msgid ""
11027
"\n"
11028
"# no more prompting for CD-ROM please\n"
11029
"# deb cdrom:[Ubuntu 10.04_Lucid_Lynx - Release i386 (20070419.1)]/ lucid "
11030
"main restricted\n"
11031
msgstr ""
11032
11033
#: serverguide/C/package-management.xml:410(title)
11034
msgid "Extra Repositories"
11035
msgstr ""
11036
11037
#: serverguide/C/package-management.xml:411(para)
11038
msgid ""
11039
"In addition to the officially supported package repositories available for "
11040
"Ubuntu, there exist additional community-maintained repositories which add "
11041
"thousands more potential packages for installation. Two of the most popular "
11042
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
11043
"repositories. These repositories are not officially supported by Ubuntu, but "
11044
"because they are maintained by the community they generally provide packages "
11045
"which are safe for use with your Ubuntu computer."
11046
msgstr ""
11047
11048
#: serverguide/C/package-management.xml:414(para)
11049
msgid ""
11050
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11051
"licensing issues that prevent them from being distributed with a free "
11052
"operating system, and they may be illegal in your locality."
11053
msgstr ""
11054
11055
#: serverguide/C/package-management.xml:416(para)
11056
msgid ""
11057
"Be advised that neither the <emphasis>Universe</emphasis> or "
11058
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11059
"packages. In particular, there may not be security updates for these "
11060
"packages."
11061
msgstr ""
11062
11063
#: serverguide/C/package-management.xml:420(para)
11064
msgid ""
11065
"Many other package sources are available, sometimes even offering only one "
11066
"package, as in the case of package sources provided by the developer of a "
11067
"single application. You should always be very careful and cautious when "
11068
"using non-standard package sources, however. Research the source and "
11069
"packages carefully before performing any installation, as some package "
11070
"sources and their packages could render your system unstable or non-"
11071
"functional in some respects."
11072
msgstr ""
11073
11074
#: serverguide/C/package-management.xml:423(para)
11075
msgid ""
11076
"By default, the <emphasis>Universe</emphasis> and "
11077
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11078
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
11079
"comment the following lines:"
11080
msgstr ""
11081
11082
#: serverguide/C/package-management.xml:430(programlisting)
11083
#, no-wrap
11084
msgid ""
11085
"\n"
11086
"deb http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
11087
"deb-src http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
11088
"\n"
11089
"deb http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
11090
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
11091
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
11092
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
11093
"\n"
11094
"deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
11095
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
11096
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
11097
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
11098
"\n"
11099
"deb http://security.ubuntu.com/ubuntu lucid-security universe\n"
11100
"deb-src http://security.ubuntu.com/ubuntu lucid-security universe\n"
11101
"deb http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
11102
"deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
11103
msgstr ""
11104
11105
#: serverguide/C/package-management.xml:456(para)
11106
msgid ""
11107
"Most of the material covered in this chapter is available in "
11108
"<application>man</application> pages, many of which are available online."
11109
msgstr ""
11110
11111
#: serverguide/C/package-management.xml:463(para)
11112
msgid ""
11113
"The <ulink "
11114
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11115
"re</ulink> Ubuntu wiki page has more information."
11116
msgstr ""
11117
11118
#: serverguide/C/package-management.xml:468(para)
11119
msgid ""
11120
"For more <application>dpkg</application> details see the <ulink "
11121
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/dpkg.1.html\">dpkg "
11122
"man page</ulink>."
11123
msgstr ""
11124
11125
#: serverguide/C/package-management.xml:474(para)
11126
msgid ""
11127
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
11128
"HOWTO</ulink> and <ulink "
11129
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/apt-get.8.html\">apt-"
11130
"get man page</ulink> contain useful information regarding <application>apt-"
11131
"get</application> usage."
11132
msgstr ""
11133
11134
#: serverguide/C/package-management.xml:481(para)
11135
msgid ""
11136
"See the <ulink "
11137
"url=\"http://manpages.ubuntu.com/manpages/lucid/man8/aptitude.8.html\">aptitu"
11138
"de man page</ulink> for more <application>aptitude</application> options."
11139
msgstr ""
11140
11141
#: serverguide/C/package-management.xml:487(para)
11142
msgid ""
11143
"The <ulink "
11144
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11145
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
11146
"adding repositories."
11147
msgstr ""
11148
11149
#: serverguide/C/other-apps.xml:13(title)
11150
msgid "Other Useful Applications"
11151
msgstr ""
11152
11153
#: serverguide/C/other-apps.xml:15(para)
11154
msgid ""
11155
"There are many very useful applications developed by the Ubuntu Server Team, "
11156
"and others that are well integrated with Ubuntu Server Edition, that might "
11157
"not be well known. This chapter will showcase some useful applications that "
11158
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
11159
"easier."
11160
msgstr ""
11161
11162
#: serverguide/C/other-apps.xml:23(title)
11163
msgid "pam_motd"
11164
msgstr ""
11165
11166
#: serverguide/C/other-apps.xml:25(para)
11167
msgid ""
11168
"When logging into an Ubuntu server you may have noticed the informative "
11169
"Message Of The Day (MOTD). This information is obtained and displayed using "
11170
"a couple of packages:"
11171
msgstr ""
11172
11173
#: serverguide/C/other-apps.xml:32(para)
11174
msgid ""
11175
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
11176
"<application>landscape-client</application>, which can be used to manage "
11177
"systems using the web based <emphasis>Landscape</emphasis> application. The "
11178
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
11179
"utility which is used to gather the information displayed in the MOTD."
11180
msgstr ""
11181
11182
#: serverguide/C/other-apps.xml:40(para)
11183
msgid ""
11184
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
11185
"the MOTD via <application>pam_motd</application> module."
11186
msgstr ""
11187
11188
#: serverguide/C/other-apps.xml:46(para)
11189
msgid ""
11190
"<application>pam_motd</application> executes the scripts in "
11191
"<filename>/etc/update-motd.d</filename> in order based on the number "
11192
"prepended to the script. The output of the scripts is written to "
11193
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
11194
"concatenated with <filename>/etc/motd.tail</filename>."
11195
msgstr ""
11196
11197
#: serverguide/C/other-apps.xml:52(para)
11198
msgid ""
11199
"You can add your own dynamic information to the MOTD. For example, to add "
11200
"local weather information:"
11201
msgstr ""
11202
11203
#: serverguide/C/other-apps.xml:58(para)
11204
msgid "First, install the <application>weather-util</application> package:"
11205
msgstr "Спачатку ўстанавіце пакет <application>weather-util</application>:"
11206
11207
#: serverguide/C/other-apps.xml:63(command)
11208
msgid "sudo apt-get install weather-util"
11209
msgstr "sudo apt-get install weather-util"
11210
11211
#: serverguide/C/other-apps.xml:68(para)
11212
msgid ""
11213
"The <application>weather</application> utility uses METAR data from the "
11214
"National Oceanic and Atmospheric Administration and forecasts from the "
11215
"National Weather Service. In order to find local information you will need "
11216
"the 4-character ICAO location indicator. This can be determined by browsing "
11217
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
11218
"Weather Service</ulink> site."
11219
msgstr ""
11220
11221
#: serverguide/C/other-apps.xml:75(para)
11222
msgid ""
11223
"Although the National Weather Service is a United States government agency "
11224
"there are weather stations available world wide. However, local weather "
11225
"information for all locations outside the U.S. may not be available."
11226
msgstr ""
11227
11228
#: serverguide/C/other-apps.xml:81(para)
11229
msgid ""
11230
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11231
"script to use <application>weather</application> with your local ICAO "
11232
"indicator:"
11233
msgstr ""
11234
11235
#: serverguide/C/other-apps.xml:86(programlisting)
11236
#, no-wrap
11237
msgid ""
11238
"\n"
11239
"#!/bin/sh\n"
11240
"#\n"
11241
"#\n"
11242
"# Prints the local weather information for the MOTD.\n"
11243
"#\n"
11244
"#\n"
11245
"\n"
11246
"# Replace KINT with your local weather station.\n"
11247
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
11248
"\n"
11249
"echo\n"
11250
"weather -i KINT\n"
11251
"echo\n"
11252
"\n"
11253
msgstr ""
11254
11255
#: serverguide/C/other-apps.xml:104(para)
11256
msgid "Make the script executable:"
11257
msgstr ""
11258
11259
#: serverguide/C/other-apps.xml:109(command)
11260
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11261
msgstr "sudo chmod 755 /usr/local/bin/local-weather"
11262
11263
#: serverguide/C/other-apps.xml:113(para)
11264
msgid ""
11265
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11266
"weather</filename>:"
11267
msgstr ""
11268
11269
#: serverguide/C/other-apps.xml:118(command)
11270
msgid ""
11271
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11272
msgstr ""
11273
11274
#: serverguide/C/other-apps.xml:122(para)
11275
msgid "Finally, exit the server and re-login to view the new MOTD."
11276
msgstr ""
11277
11278
#: serverguide/C/other-apps.xml:128(para)
11279
msgid ""
11280
"You should now be greeted with some useful information, and some information "
11281
"about the local weather that may not be quite so useful. Hopefully the "
11282
"<application>local-weather</application> example demonstrates the "
11283
"flexibility of <application>pam_motd</application>."
11284
msgstr ""
11285
11286
#: serverguide/C/other-apps.xml:136(title)
11287
msgid "etckeeper"
11288
msgstr "etckeeper"
11289
11290
#: serverguide/C/other-apps.xml:138(para)
11291
msgid ""
11292
"<application>etckeeper</application> allows the contents of <filename "
11293
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11294
"System (VCS) repository. It hooks into <application>apt</application> to "
11295
"automatically commit changes to <filename>/etc</filename> when packages are "
11296
"installed or upgraded. Placing <filename>/etc</filename> under version "
11297
"control is considered an industry best practice, and the goal of "
11298
"<application>etckeeper</application> is to make this process as painless as "
11299
"possible."
11300
msgstr ""
11301
11302
#: serverguide/C/other-apps.xml:146(para)
11303
msgid ""
11304
"Install <application>etckeeper</application> by entering the following in a "
11305
"terminal:"
11306
msgstr ""
11307
"Устанавіце <application>etckeeper</application>, для гэтага ўвядзіце ў "
11308
"тэрмінале наступнае:"
11309
11310
#: serverguide/C/other-apps.xml:151(command)
11311
msgid "sudo apt-get install etckeeper"
11312
msgstr "sudo apt-get install etckeeper"
11313
11314
#: serverguide/C/other-apps.xml:154(para)
11315
msgid ""
11316
"The main configuration file, "
11317
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11318
"main option is which VCS to use. By default "
11319
"<application>etckeeper</application> is configured to use "
11320
"<application>bzr</application> for version control. The repository is "
11321
"automatically initialized (and committed for the first time) during package "
11322
"installation. It is possible to undo this by entering the following command:"
11323
msgstr ""
11324
11325
#: serverguide/C/other-apps.xml:164(command)
11326
msgid "sudo etckeeper uninit"
11327
msgstr ""
11328
11329
#: serverguide/C/other-apps.xml:167(para)
11330
msgid ""
11331
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11332
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11333
"It will also automatically commit changes before and after package "
11334
"installation. For a more precise tracking of changes, it is recommended to "
11335
"commit your changes manually, together with a commit message, using:"
11336
msgstr ""
11337
11338
#: serverguide/C/other-apps.xml:176(command)
11339
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11340
msgstr ""
11341
11342
#: serverguide/C/other-apps.xml:179(para)
11343
msgid ""
11344
"Using the VCS commands you can view log information about files in "
11345
"<filename>/etc</filename>:"
11346
msgstr ""
11347
11348
#: serverguide/C/other-apps.xml:184(command)
11349
msgid "sudo bzr log /etc/passwd"
11350
msgstr ""
11351
11352
#: serverguide/C/other-apps.xml:187(para)
11353
msgid ""
11354
"To demonstrate the integration with the package management system, install "
11355
"<application>postfix</application>:"
11356
msgstr ""
11357
11358
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11359
msgid "sudo apt-get install postfix"
11360
msgstr "sudo apt-get install postfix"
11361
11362
#: serverguide/C/other-apps.xml:195(para)
11363
msgid ""
11364
"When the installation is finished, all the "
11365
"<application>postfix</application> configuration files should be committed "
11366
"to the repository:"
11367
msgstr ""
11368
11369
#: serverguide/C/other-apps.xml:201(computeroutput)
11370
#, no-wrap
11371
msgid ""
11372
"Committing to: /etc/\n"
11373
"added aliases.db\n"
11374
"modified group\n"
11375
"modified group-\n"
11376
"modified gshadow\n"
11377
"modified gshadow-\n"
11378
"modified passwd\n"
11379
"modified passwd-\n"
11380
"added postfix\n"
11381
"added resolvconf\n"
11382
"added rsyslog.d\n"
11383
"modified shadow\n"
11384
"modified shadow-\n"
11385
"added init.d/postfix\n"
11386
"added network/if-down.d/postfix\n"
11387
"added network/if-up.d/postfix\n"
11388
"added postfix/dynamicmaps.cf\n"
11389
"added postfix/main.cf\n"
11390
"added postfix/master.cf\n"
11391
"added postfix/post-install\n"
11392
"added postfix/postfix-files\n"
11393
"added postfix/postfix-script\n"
11394
"added postfix/sasl\n"
11395
"added ppp/ip-down.d\n"
11396
"added ppp/ip-down.d/postfix\n"
11397
"added ppp/ip-up.d/postfix\n"
11398
"added rc0.d/K20postfix\n"
11399
"added rc1.d/K20postfix\n"
11400
"added rc2.d/S20postfix\n"
11401
"added rc3.d/S20postfix\n"
11402
"added rc4.d/S20postfix\n"
11403
"added rc5.d/S20postfix\n"
11404
"added rc6.d/K20postfix\n"
11405
"added resolvconf/update-libc.d\n"
11406
"added resolvconf/update-libc.d/postfix\n"
11407
"added rsyslog.d/postfix.conf\n"
11408
"added ufw/applications.d/postfix\n"
11409
"Committed revision 2."
11410
msgstr ""
11411
11412
#: serverguide/C/other-apps.xml:241(para)
11413
msgid ""
11414
"For an example of how <application>etckeeper</application> tracks manual "
11415
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11416
"<application>bzr</application> you can see which files have been modified:"
11417
msgstr ""
11418
11419
#: serverguide/C/other-apps.xml:247(command)
11420
msgid "sudo bzr status /etc/"
11421
msgstr "sudo bzr status /etc/"
11422
11423
#: serverguide/C/other-apps.xml:248(computeroutput)
11424
#, no-wrap
11425
msgid ""
11426
"modified:\n"
11427
" hosts"
11428
msgstr ""
11429
11430
#: serverguide/C/other-apps.xml:252(para)
11431
msgid "Now commit the changes:"
11432
msgstr ""
11433
11434
#: serverguide/C/other-apps.xml:257(command)
11435
msgid "sudo etckeeper commit \"new host\""
11436
msgstr "sudo etckeeper commit \"new host\""
11437
11438
#: serverguide/C/other-apps.xml:260(para)
11439
msgid ""
11440
"For more information on <application>bzr</application> see <xref "
11441
"linkend=\"bazaar\"/>."
11442
msgstr ""
11443
11444
#: serverguide/C/other-apps.xml:266(title)
11445
msgid "Byobu"
11446
msgstr ""
11447
11448
#: serverguide/C/other-apps.xml:268(para)
11449
msgid ""
11450
"One of the most useful applications for any system administrator is "
11451
"<application>screen</application>. It allows the execution of multiple "
11452
"shells in one terminal. To make some of the advanced "
11453
"<application>screen</application> features more user friendly, and provide "
11454
"some useful information about the system, the "
11455
"<application>byobu</application> package was created."
11456
msgstr ""
11457
11458
#: serverguide/C/other-apps.xml:275(para)
11459
msgid ""
11460
"When executing <application>byobu</application> pressing the "
11461
"<emphasis>F9</emphasis> key will bring up the "
11462
"<application>Configuration</application> menu. This menu will allow you to:"
11463
msgstr ""
11464
11465
#: serverguide/C/other-apps.xml:281(para)
11466
msgid "View the Help menu"
11467
msgstr "Прагляд мэню Дапамогі"
11468
11469
#: serverguide/C/other-apps.xml:282(para)
11470
msgid "Change Byobu's background color"
11471
msgstr ""
11472
11473
#: serverguide/C/other-apps.xml:283(para)
11474
msgid "Change Byobu's foreground color"
11475
msgstr ""
11476
11477
#: serverguide/C/other-apps.xml:284(para)
11478
msgid "Toggle status notifications"
11479
msgstr ""
11480
11481
#: serverguide/C/other-apps.xml:285(para)
11482
msgid "Change the key binding set"
11483
msgstr ""
11484
11485
#: serverguide/C/other-apps.xml:286(para)
11486
msgid "Change the escape sequence"
11487
msgstr ""
11488
11489
#: serverguide/C/other-apps.xml:287(para)
11490
msgid "Create new windows"
11491
msgstr ""
11492
11493
#: serverguide/C/other-apps.xml:288(para)
11494
msgid "Manage the default windows"
11495
msgstr ""
11496
11497
#: serverguide/C/other-apps.xml:289(para)
11498
msgid "Byobu currently does not launch at login (toggle on)"
11499
msgstr ""
11500
11501
#: serverguide/C/other-apps.xml:292(para)
11502
msgid ""
11503
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11504
"sequence, new window, change window, etc. There are two key binding sets to "
11505
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11506
"keys</emphasis>. If you wish to use the original key bindings choose the "
11507
"<emphasis>none</emphasis> set."
11508
msgstr ""
11509
11510
#: serverguide/C/other-apps.xml:298(para)
11511
msgid ""
11512
"<application>byobu</application> provides a menu which displays the Ubuntu "
11513
"release, processor information, memory information, and the time and date. "
11514
"The effect is similar to a desktop menu."
11515
msgstr ""
11516
11517
#: serverguide/C/other-apps.xml:303(para)
11518
msgid ""
11519
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11520
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11521
"executed any time a terminal is opened. Changes made to "
11522
"<application>byobu</application> are on a per user basis, and will not "
11523
"affect other users on the system."
11524
msgstr ""
11525
11526
#: serverguide/C/other-apps.xml:309(para)
11527
msgid ""
11528
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11529
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11530
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11531
"commands. Here is a quick list of movement commands:"
11532
msgstr ""
11533
11534
#: serverguide/C/other-apps.xml:316(para)
11535
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11536
msgstr ""
11537
11538
#: serverguide/C/other-apps.xml:317(para)
11539
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11540
msgstr ""
11541
11542
#: serverguide/C/other-apps.xml:318(para)
11543
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11544
msgstr ""
11545
11546
#: serverguide/C/other-apps.xml:319(para)
11547
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11548
msgstr ""
11549
11550
#: serverguide/C/other-apps.xml:320(para)
11551
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11552
msgstr ""
11553
11554
#: serverguide/C/other-apps.xml:321(para)
11555
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11556
msgstr ""
11557
11558
#: serverguide/C/other-apps.xml:322(para)
11559
msgid ""
11560
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11561
"the buffer)"
11562
msgstr ""
11563
11564
#: serverguide/C/other-apps.xml:323(para)
11565
msgid "<emphasis>/</emphasis> - Search forward"
11566
msgstr ""
11567
11568
#: serverguide/C/other-apps.xml:324(para)
11569
msgid "<emphasis>?</emphasis> - Search backward"
11570
msgstr ""
11571
11572
#: serverguide/C/other-apps.xml:325(para)
11573
msgid ""
11574
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11575
msgstr ""
11576
11577
#: serverguide/C/other-apps.xml:334(para)
11578
msgid ""
11579
"See the <ulink "
11580
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
11581
"update-motd man page</ulink> for more options available to "
11582
"<application>update-motd</application>."
11583
msgstr ""
11584
11585
#: serverguide/C/other-apps.xml:340(para)
11586
msgid ""
11587
"The Debian Package of the Day <ulink "
11588
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11589
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11590
"details about using the <application>weather</application>utility."
11591
msgstr ""
11592
11593
#: serverguide/C/other-apps.xml:347(para)
11594
msgid ""
11595
"See the <ulink "
11596
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11597
"more details on using <application>etckeeper</application>."
11598
msgstr ""
11599
11600
#: serverguide/C/other-apps.xml:353(para)
11601
msgid ""
11602
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11603
"Ubuntu Wiki</ulink> page."
11604
msgstr ""
11605
11606
#: serverguide/C/other-apps.xml:358(para)
11607
msgid ""
11608
"For the latest news and information about <application>bzr</application> see "
11609
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11610
msgstr ""
11611
11612
#: serverguide/C/other-apps.xml:363(para)
11613
msgid ""
11614
"For more information on <application>screen</application> see the <ulink "
11615
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11616
msgstr ""
11617
11618
#: serverguide/C/other-apps.xml:368(para)
11619
msgid ""
11620
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11621
"screen</ulink> page."
11622
msgstr ""
11623
11624
#: serverguide/C/other-apps.xml:373(para)
11625
msgid ""
11626
"Also, see the <application>byobu</application><ulink "
11627
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11628
"information."
11629
msgstr ""
11630
11631
#: serverguide/C/network-config.xml:14(para)
11632
msgid ""
11633
"Networks consist of two or more devices, such as computer systems, printers, "
11634
"and related equipment which are connected by either physical cabling or "
11635
"wireless links for the purpose of sharing and distributing information among "
11636
"the connected devices."
11637
msgstr ""
11638
11639
#: serverguide/C/network-config.xml:20(para)
11640
msgid ""
11641
"This section provides general and specific information pertaining to "
11642
"networking, including an overview of network concepts and detailed "
11643
"discussion of popular network protocols."
11644
msgstr ""
11645
11646
#: serverguide/C/network-config.xml:27(title)
11647
msgid "Network Configuration"
11648
msgstr "Сеткавыя настаўленьні"
11649
11650
#: serverguide/C/network-config.xml:28(para)
11651
msgid ""
11652
"Ubuntu ships with a number of graphical utilities to configure your network "
11653
"devices. This document is geared toward server administrators and will focus "
11654
"on managing your network on the command line."
11655
msgstr ""
11656
11657
#: serverguide/C/network-config.xml:35(title)
11658
msgid "Ethernet Interfaces"
11659
msgstr ""
11660
11661
#: serverguide/C/network-config.xml:36(para)
11662
msgid ""
11663
"Ethernet interfaces are identified by the system using the naming convention "
11664
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11665
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11666
"interface is typically identified as <emphasis "
11667
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11668
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11669
"order."
11670
msgstr ""
11671
11672
#: serverguide/C/network-config.xml:46(title)
11673
msgid "Identify Ethernet Interfaces"
11674
msgstr ""
11675
11676
#: serverguide/C/network-config.xml:47(para)
11677
msgid ""
11678
"To quickly identify all available Ethernet interfaces, you can use the "
11679
"<application>ifconfig</application> command as shown below."
11680
msgstr ""
11681
11682
#: serverguide/C/network-config.xml:52(userinput)
11683
#, no-wrap
11684
msgid "ifconfig -a | grep eth"
11685
msgstr ""
11686
11687
#: serverguide/C/network-config.xml:51(screen)
11688
#, no-wrap
11689
msgid ""
11690
"\n"
11691
"<placeholder-1/>\n"
11692
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11693
msgstr ""
11694
11695
#: serverguide/C/network-config.xml:55(para)
11696
msgid ""
11697
"Another application that can help identify all network interfaces available "
11698
"to your system is the <application>lshw</application> command. In the "
11699
"example below, <application>lshw</application> shows a single Ethernet "
11700
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11701
"along with bus information, driver details and all supported capabilities."
11702
msgstr ""
11703
11704
#: serverguide/C/network-config.xml:62(userinput)
11705
#, no-wrap
11706
msgid "sudo lshw -class network"
11707
msgstr ""
11708
11709
#: serverguide/C/network-config.xml:61(screen)
11710
#, no-wrap
11711
msgid ""
11712
"\n"
11713
"<placeholder-1/>\n"
11714
" *-network\n"
11715
" description: Ethernet interface\n"
11716
" product: BCM4401-B0 100Base-TX\n"
11717
" vendor: Broadcom Corporation\n"
11718
" physical id: 0\n"
11719
" bus info: pci@0000:03:00.0\n"
11720
" logical name: eth0\n"
11721
" version: 02\n"
11722
" serial: 00:15:c5:4a:16:5a\n"
11723
" size: 10MB/s\n"
11724
" capacity: 100MB/s\n"
11725
" width: 32 bits\n"
11726
" clock: 33MHz\n"
11727
" capabilities: (snipped for brevity)\n"
11728
" configuration: (snipped for brevity)\n"
11729
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11730
msgstr ""
11731
11732
#: serverguide/C/network-config.xml:83(title)
11733
msgid "Ethernet Interface Logical Names"
11734
msgstr ""
11735
11736
#: serverguide/C/network-config.xml:84(para)
11737
msgid ""
11738
"Interface logical names are configured in the file "
11739
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11740
"like control which interface receives a particular logical name, find the "
11741
"line matching the interfaces physical MAC address and modify the value of "
11742
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11743
"Reboot the system to commit your changes."
11744
msgstr ""
11745
11746
#: serverguide/C/network-config.xml:92(programlisting)
11747
#, no-wrap
11748
msgid ""
11749
"\n"
11750
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11751
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11752
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11753
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11754
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11755
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11756
msgstr ""
11757
11758
#: serverguide/C/network-config.xml:99(title)
11759
msgid "Ethernet Interface Settings"
11760
msgstr ""
11761
11762
#: serverguide/C/network-config.xml:100(para)
11763
msgid ""
11764
"<application>ethtool</application> is a program that displays and changes "
11765
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11766
"and Wake-on-LAN. It is not installed by default, but is available for "
11767
"installation in the repositories."
11768
msgstr ""
11769
11770
#: serverguide/C/network-config.xml:106(userinput)
11771
#, no-wrap
11772
msgid "sudo apt-get install ethtool"
11773
msgstr ""
11774
11775
#: serverguide/C/network-config.xml:108(para)
11776
msgid ""
11777
"The following is an example of how to view supported features and configured "
11778
"settings of an Ethernet interface."
11779
msgstr ""
11780
11781
#: serverguide/C/network-config.xml:113(userinput)
11782
#, no-wrap
11783
msgid "sudo ethtool eth0"
11784
msgstr ""
11785
11786
#: serverguide/C/network-config.xml:112(screen)
11787
#, no-wrap
11788
msgid ""
11789
"\n"
11790
"<placeholder-1/>\n"
11791
"Settings for eth0:\n"
11792
" Supported ports: [ TP ]\n"
11793
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11794
" 100baseT/Half 100baseT/Full \n"
11795
" 1000baseT/Half 1000baseT/Full \n"
11796
" Supports auto-negotiation: Yes\n"
11797
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11798
" 100baseT/Half 100baseT/Full \n"
11799
" 1000baseT/Half 1000baseT/Full \n"
11800
" Advertised auto-negotiation: Yes\n"
11801
" Speed: 1000Mb/s\n"
11802
" Duplex: Full\n"
11803
" Port: Twisted Pair\n"
11804
" PHYAD: 1\n"
11805
" Transceiver: internal\n"
11806
" Auto-negotiation: on\n"
11807
" Supports Wake-on: g\n"
11808
" Wake-on: d\n"
11809
" Current message level: 0x000000ff (255)\n"
11810
" Link detected: yes\n"
11811
msgstr ""
11812
11813
#: serverguide/C/network-config.xml:135(para)
11814
msgid ""
11815
"Changes made with the <application>ethtool</application> command are "
11816
"temporary and will be lost after a reboot. If you would like to retain "
11817
"settings, simply add the desired <application>ethtool</application> command "
11818
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11819
"configuration file <filename>/etc/network/interfaces</filename>."
11820
msgstr ""
11821
11822
#: serverguide/C/network-config.xml:141(para)
11823
msgid ""
11824
"The following is an example of how the interface identified as <emphasis "
11825
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11826
"speed of 1000Mb/s running in full duplex mode."
11827
msgstr ""
11828
11829
#: serverguide/C/network-config.xml:145(programlisting)
11830
#, no-wrap
11831
msgid ""
11832
"\n"
11833
"auto eth0\n"
11834
"iface eth0 inet static\n"
11835
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11836
msgstr ""
11837
11838
#: serverguide/C/network-config.xml:151(para)
11839
msgid ""
11840
"Although the example above shows the interface configured to use the "
11841
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11842
"other methods as well, such as DHCP. The example is meant to demonstrate "
11843
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11844
"statement in relation to the rest of the interface configuration."
11845
msgstr ""
11846
11847
#: serverguide/C/network-config.xml:163(title)
11848
msgid "IP Addressing"
11849
msgstr ""
11850
11851
#: serverguide/C/network-config.xml:164(para)
11852
msgid ""
11853
"The following section describes the process of configuring your systems IP "
11854
"address and default gateway needed for communicating on a local area network "
11855
"and the Internet."
11856
msgstr ""
11857
11858
#: serverguide/C/network-config.xml:171(title)
11859
msgid "Temporary IP Address Assignment"
11860
msgstr ""
11861
11862
#: serverguide/C/network-config.xml:172(para)
11863
msgid ""
11864
"For temporary network configurations, you can use standard commands such as "
11865
"<application>ip</application>, <application>ifconfig</application> and "
11866
"<application>route</application>, which are also found on most other "
11867
"GNU/Linux operating systems. These commands allow you to configure settings "
11868
"which take effect immediately, however they are not persistent and will be "
11869
"lost after a reboot."
11870
msgstr ""
11871
11872
#: serverguide/C/network-config.xml:180(para)
11873
msgid ""
11874
"To temporarily configure an IP address, you can use the "
11875
"<application>ifconfig</application> command in the following manner. Just "
11876
"modify the IP address and subnet mask to match your network requirements."
11877
msgstr ""
11878
11879
#: serverguide/C/network-config.xml:186(userinput)
11880
#, no-wrap
11881
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11882
msgstr ""
11883
11884
#: serverguide/C/network-config.xml:188(para)
11885
msgid ""
11886
"To verify the IP address configuration of <application>eth0</application>, "
11887
"you can use the <application>ifconfig</application> command in the following "
11888
"manner."
11889
msgstr ""
11890
11891
#: serverguide/C/network-config.xml:193(userinput)
11892
#, no-wrap
11893
msgid "ifconfig eth0"
11894
msgstr ""
11895
11896
#: serverguide/C/network-config.xml:192(screen)
11897
#, no-wrap
11898
msgid ""
11899
"\n"
11900
"<placeholder-1/>\n"
11901
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11902
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11903
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11904
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11905
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11906
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11907
" collisions:0 txqueuelen:1000 \n"
11908
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11909
" Interrupt:16 \n"
11910
msgstr ""
11911
11912
#: serverguide/C/network-config.xml:204(para)
11913
msgid ""
11914
"To configure a default gateway, you can use the "
11915
"<application>route</application> command in the following manner. Modify the "
11916
"default gateway address to match your network requirements."
11917
msgstr ""
11918
11919
#: serverguide/C/network-config.xml:210(userinput)
11920
#, no-wrap
11921
msgid "sudo route add default gw 10.0.0.1 eth0"
11922
msgstr ""
11923
11924
#: serverguide/C/network-config.xml:212(para)
11925
msgid ""
11926
"To verify your default gateway configuration, you can use the "
11927
"<application>route</application> command in the following manner."
11928
msgstr ""
11929
11930
#: serverguide/C/network-config.xml:217(userinput)
11931
#, no-wrap
11932
msgid "route -n"
11933
msgstr ""
11934
11935
#: serverguide/C/network-config.xml:216(screen)
11936
#, no-wrap
11937
msgid ""
11938
"\n"
11939
"<placeholder-1/>\n"
11940
"Kernel IP routing table\n"
11941
"Destination Gateway Genmask Flags Metric Ref Use "
11942
"Iface\n"
11943
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11944
"eth0\n"
11945
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11946
"eth0\n"
11947
msgstr ""
11948
11949
#: serverguide/C/network-config.xml:223(para)
11950
msgid ""
11951
"If you require DNS for your temporary network configuration, you can add DNS "
11952
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11953
"example below shows how to enter two DNS servers to "
11954
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11955
"appropriate for your network. A more lengthy description of DNS client "
11956
"configuration is in a following section."
11957
msgstr ""
11958
11959
#: serverguide/C/network-config.xml:230(programlisting)
11960
#, no-wrap
11961
msgid ""
11962
"\n"
11963
"nameserver 8.8.8.8\n"
11964
"nameserver 8.8.4.4\n"
11965
msgstr ""
11966
11967
#: serverguide/C/network-config.xml:234(para)
11968
msgid ""
11969
"If you no longer need this configuration and wish to purge all IP "
11970
"configuration from an interface, you can use the "
11971
"<application>ip</application> command with the flush option as shown below."
11972
msgstr ""
11973
11974
#: serverguide/C/network-config.xml:240(userinput)
11975
#, no-wrap
11976
msgid "ip addr flush eth0"
11977
msgstr ""
11978
11979
#: serverguide/C/network-config.xml:243(para)
11980
msgid ""
11981
"Flushing the IP configuration using the <application>ip</application> "
11982
"command does not clear the contents of "
11983
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11984
"entries manually."
11985
msgstr ""
11986
11987
#: serverguide/C/network-config.xml:251(title)
11988
msgid "Dynamic IP Address Assignment (DHCP Client)"
11989
msgstr ""
11990
11991
#: serverguide/C/network-config.xml:252(para)
11992
msgid ""
11993
"To configure your server to use DHCP for dynamic address assignment, add the "
11994
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11995
"statement for the appropriate interface in the file "
11996
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11997
"are configuring your first Ethernet interface identified as <emphasis "
11998
"role=\"italic\">eth0</emphasis>."
11999
msgstr ""
12000
12001
#: serverguide/C/network-config.xml:259(programlisting)
12002
#, no-wrap
12003
msgid ""
12004
"\n"
12005
"auto eth0\n"
12006
"iface eth0 inet dhcp\n"
12007
msgstr ""
12008
"\n"
12009
"auto eth0\n"
12010
"iface eth0 inet dhcp\n"
12011
12012
#: serverguide/C/network-config.xml:263(para)
12013
msgid ""
12014
"By adding an interface configuration as shown above, you can manually enable "
12015
"the interface through the <application>ifup</application> command which "
12016
"initiates the DHCP process via <application>dhclient</application>."
12017
msgstr ""
12018
12019
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
12020
#, no-wrap
12021
msgid "sudo ifup eth0"
12022
msgstr ""
12023
12024
#: serverguide/C/network-config.xml:271(para)
12025
msgid ""
12026
"To manually disable the interface, you can use the "
12027
"<application>ifdown</application> command, which in turn will initiate the "
12028
"DHCP release process and shut down the interface."
12029
msgstr ""
12030
12031
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
12032
#, no-wrap
12033
msgid "sudo ifdown eth0"
12034
msgstr ""
12035
12036
#: serverguide/C/network-config.xml:282(title)
12037
msgid "Static IP Address Assignment"
12038
msgstr ""
12039
12040
#: serverguide/C/network-config.xml:283(para)
12041
msgid ""
12042
"To configure your system to use a static IP address assignment, add the "
12043
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12044
"family statement for the appropriate interface in the file "
12045
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
12046
"are configuring your first Ethernet interface identified as <emphasis "
12047
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
12048
"role=\"italic\">address</emphasis>, <emphasis "
12049
"role=\"italic\">netmask</emphasis>, and <emphasis "
12050
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
12051
"network."
12052
msgstr ""
12053
12054
#: serverguide/C/network-config.xml:292(programlisting)
12055
#, no-wrap
12056
msgid ""
12057
"\n"
12058
"auto eth0\n"
12059
"iface eth0 inet static\n"
12060
"address 10.0.0.100\n"
12061
"netmask 255.255.255.0\n"
12062
"gateway 10.0.0.1\n"
12063
msgstr ""
12064
12065
#: serverguide/C/network-config.xml:299(para)
12066
msgid ""
12067
"By adding an interface configuration as shown above, you can manually enable "
12068
"the interface through the <application>ifup</application> command."
12069
msgstr ""
12070
12071
#: serverguide/C/network-config.xml:306(para)
12072
msgid ""
12073
"To manually disable the interface, you can use the "
12074
"<application>ifdown</application> command."
12075
msgstr ""
12076
12077
#: serverguide/C/network-config.xml:316(title)
12078
msgid "Loopback Interface"
12079
msgstr ""
12080
12081
#: serverguide/C/network-config.xml:317(para)
12082
msgid ""
12083
"The loopback interface is identified by the system as <emphasis "
12084
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12085
"can be viewed using the ifconfig command."
12086
msgstr ""
12087
12088
#: serverguide/C/network-config.xml:322(userinput)
12089
#, no-wrap
12090
msgid "ifconfig lo"
12091
msgstr ""
12092
12093
#: serverguide/C/network-config.xml:321(screen)
12094
#, no-wrap
12095
msgid ""
12096
"\n"
12097
"<placeholder-1/>\n"
12098
"lo Link encap:Local Loopback \n"
12099
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
12100
" inet6 addr: ::1/128 Scope:Host\n"
12101
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
12102
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
12103
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
12104
" collisions:0 txqueuelen:0 \n"
12105
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12106
msgstr ""
12107
12108
#: serverguide/C/network-config.xml:332(para)
12109
msgid ""
12110
"By default, there should be two lines in "
12111
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12112
"configuring your loopback interface. It is recommended that you keep the "
12113
"default settings unless you have a specific purpose for changing them. An "
12114
"example of the two default lines are shown below."
12115
msgstr ""
12116
12117
#: serverguide/C/network-config.xml:338(programlisting)
12118
#, no-wrap
12119
msgid ""
12120
"\n"
12121
"auto lo\n"
12122
"iface lo inet loopback\n"
12123
msgstr ""
12124
12125
#: serverguide/C/network-config.xml:347(title)
12126
msgid "Name Resolution"
12127
msgstr ""
12128
12129
#: serverguide/C/network-config.xml:348(para)
12130
msgid ""
12131
"Name resolution as it relates to IP networking is the process of mapping IP "
12132
"addresses to hostnames, making it easier to identify resources on a network. "
12133
"The following section will explain how to properly configure your system for "
12134
"name resolution using DNS and static hostname records."
12135
msgstr ""
12136
12137
#: serverguide/C/network-config.xml:356(title)
12138
msgid "DNS Client Configuration"
12139
msgstr ""
12140
12141
#: serverguide/C/network-config.xml:357(para)
12142
msgid ""
12143
"To configure your system to use DNS for name resolution, add the IP "
12144
"addresses of the DNS servers that are appropriate for your network in the "
12145
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12146
"suffix search-lists to match your network domain names."
12147
msgstr ""
12148
12149
#: serverguide/C/network-config.xml:362(para)
12150
msgid ""
12151
"Below is an example of a typical configuration of "
12152
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12153
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12154
msgstr ""
12155
12156
#: serverguide/C/network-config.xml:367(programlisting)
12157
#, no-wrap
12158
msgid ""
12159
"\n"
12160
"search example.com\n"
12161
"nameserver 8.8.8.8\n"
12162
"nameserver 8.8.4.4\n"
12163
msgstr ""
12164
12165
#: serverguide/C/network-config.xml:372(para)
12166
msgid ""
12167
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12168
"multiple domain names so that DNS queries will be appended in the order in "
12169
"which they are entered. For example, your network may have multiple sub-"
12170
"domains to search; a parent domain of <emphasis "
12171
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12172
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12173
"role=\"italic\">dev.example.com</emphasis>."
12174
msgstr ""
12175
12176
#: serverguide/C/network-config.xml:380(para)
12177
msgid ""
12178
"If you have multiple domains you wish to search, your configuration might "
12179
"look like the following."
12180
msgstr ""
12181
12182
#: serverguide/C/network-config.xml:383(programlisting)
12183
#, no-wrap
12184
msgid ""
12185
"\n"
12186
"search example.com sales.example.com dev.example.com\n"
12187
"nameserver 8.8.8.8\n"
12188
"nameserver 8.8.4.4\n"
12189
msgstr ""
12190
12191
#: serverguide/C/network-config.xml:388(para)
12192
msgid ""
12193
"If you try to ping a host with the name of <emphasis "
12194
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12195
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12196
msgstr ""
12197
12198
#: serverguide/C/network-config.xml:394(para)
12199
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12200
msgstr ""
12201
12202
#: serverguide/C/network-config.xml:399(para)
12203
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12204
msgstr ""
12205
12206
#: serverguide/C/network-config.xml:404(para)
12207
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12208
msgstr ""
12209
12210
#: serverguide/C/network-config.xml:409(para)
12211
msgid ""
12212
"If no matches are found, the DNS server will provide a result of <emphasis "
12213
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12214
msgstr ""
12215
12216
#: serverguide/C/network-config.xml:416(title)
12217
msgid "Static Hostnames"
12218
msgstr ""
12219
12220
#: serverguide/C/network-config.xml:417(para)
12221
msgid ""
12222
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12223
"file <filename>/etc/hosts</filename>. Entries in the "
12224
"<filename>hosts</filename> file will have precedence over DNS by default. "
12225
"This means that if your system tries to resolve a hostname and it matches an "
12226
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12227
"some configurations, especially when Internet access is not required, "
12228
"servers that communicate with a limited number of resources can be "
12229
"conveniently set to use static hostnames instead of DNS."
12230
msgstr ""
12231
12232
#: serverguide/C/network-config.xml:424(para)
12233
msgid ""
12234
"The following is an example of a <filename>hosts</filename> file where a "
12235
"number of local servers have been identified by simple hostnames, aliases "
12236
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12237
msgstr ""
12238
12239
#: serverguide/C/network-config.xml:428(programlisting)
12240
#, no-wrap
12241
msgid ""
12242
"\n"
12243
"127.0.0.1\tlocalhost\n"
12244
"127.0.1.1\tubuntu-server\n"
12245
"10.0.0.11\tserver1 vpn server1.example.com\n"
12246
"10.0.0.12\tserver2 mail server2.example.com\n"
12247
"10.0.0.13\tserver3 www server3.example.com\n"
12248
"10.0.0.14\tserver4 file server4.example.com\n"
12249
msgstr ""
12250
12251
#: serverguide/C/network-config.xml:437(para)
12252
msgid ""
12253
"In the above example, notice that each of the servers have been given "
12254
"aliases in addition to their proper names and FQDN's. <emphasis "
12255
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12256
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12257
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12258
"role=\"italic\">server3</emphasis> as <emphasis "
12259
"role=\"italic\">www</emphasis>, and <emphasis "
12260
"role=\"italic\">server4</emphasis> as <emphasis "
12261
"role=\"italic\">file</emphasis>."
12262
msgstr ""
12263
12264
#: serverguide/C/network-config.xml:449(title)
12265
msgid "Name Service Switch Configuration"
12266
msgstr ""
12267
12268
#: serverguide/C/network-config.xml:450(para)
12269
msgid ""
12270
"The order in which your system selects a method of resolving hostnames to IP "
12271
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12272
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12273
"section, typically static hostnames defined in the systems "
12274
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12275
"from DNS. The following is an example of the line responsible for this order "
12276
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12277
msgstr ""
12278
12279
#: serverguide/C/network-config.xml:458(programlisting)
12280
#, no-wrap
12281
msgid ""
12282
"\n"
12283
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12284
msgstr ""
12285
12286
#: serverguide/C/network-config.xml:464(para)
12287
msgid ""
12288
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12289
"hostnames located in <filename>/etc/hosts</filename>."
12290
msgstr ""
12291
12292
#: serverguide/C/network-config.xml:470(para)
12293
msgid ""
12294
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12295
"name using Multicast DNS."
12296
msgstr ""
12297
12298
#: serverguide/C/network-config.xml:475(para)
12299
msgid ""
12300
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12301
"of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
12302
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12303
"authoritative and that the system should not try to continue hunting for an "
12304
"answer."
12305
msgstr ""
12306
12307
#: serverguide/C/network-config.xml:483(para)
12308
msgid ""
12309
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12310
msgstr ""
12311
12312
#: serverguide/C/network-config.xml:488(para)
12313
msgid ""
12314
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12315
msgstr ""
12316
12317
#: serverguide/C/network-config.xml:494(para)
12318
msgid ""
12319
"To modify the order of the above mentioned name resolution methods, you can "
12320
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12321
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12322
"versus Multicast DNS, you can change the string in "
12323
"<filename>/etc/nsswitch.conf</filename> as shown below."
12324
msgstr ""
12325
12326
#: serverguide/C/network-config.xml:501(programlisting)
12327
#, no-wrap
12328
msgid ""
12329
"\n"
12330
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12331
msgstr ""
12332
12333
#: serverguide/C/network-config.xml:508(title)
12334
msgid "Bridging"
12335
msgstr ""
12336
12337
#: serverguide/C/network-config.xml:510(para)
12338
msgid ""
12339
"Bridging multiple interfaces is a more advanced configuration, but is very "
12340
"useful in multiple scenarios. One scenario is setting up a bridge with "
12341
"multiple network interfaces, then using a firewall to filter traffic between "
12342
"two network segments. Another scenario is using bridge on a system with one "
12343
"interface to allow virtual machines direct access to the outside network. "
12344
"The following example covers the latter scenario."
12345
msgstr ""
12346
12347
#: serverguide/C/network-config.xml:517(para)
12348
msgid ""
12349
"Before configuring a bridge you will need to install the <application>bridge-"
12350
"utils</application> package. To install the package, in a terminal enter:"
12351
msgstr ""
12352
12353
#: serverguide/C/network-config.xml:523(command)
12354
msgid "sudo apt-get install bridge-utils"
12355
msgstr "sudo apt-get install bridge-utils"
12356
12357
#: serverguide/C/network-config.xml:526(para)
12358
msgid ""
12359
"Next, configure the bridge by editing "
12360
"<filename>/etc/network/interfaces</filename>:"
12361
msgstr ""
12362
12363
#: serverguide/C/network-config.xml:530(programlisting)
12364
#, no-wrap
12365
msgid ""
12366
"\n"
12367
"auto lo\n"
12368
"iface lo inet loopback\n"
12369
"\n"
12370
"auto br0\n"
12371
"iface br0 inet static\n"
12372
" address 192.168.0.10\n"
12373
" network 192.168.0.0\n"
12374
" netmask 255.255.255.0\n"
12375
" broadcast 192.168.0.255\n"
12376
" gateway 192.168.0.1\n"
12377
" bridge_ports eth0\n"
12378
" bridge_fd 9\n"
12379
" bridge_hello 2\n"
12380
" bridge_maxage 12\n"
12381
" bridge_stp off\n"
12382
msgstr ""
12383
12384
#: serverguide/C/network-config.xml:549(para)
12385
msgid "Enter the appropriate values for your physical interface and network."
12386
msgstr ""
12387
12388
#: serverguide/C/network-config.xml:554(para)
12389
msgid "Now restart networking to enable the bridge interface:"
12390
msgstr ""
12391
12392
#: serverguide/C/network-config.xml:561(para)
12393
msgid ""
12394
"The new bridge interface should now be up and running. The "
12395
"<application>brctl</application> provides useful information about the state "
12396
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12397
"<command>man brctl</command> for more information."
12398
msgstr ""
12399
12400
#: serverguide/C/network-config.xml:577(para)
12401
msgid ""
12402
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12403
"Network page</ulink> has links to articles covering more advanced network "
12404
"configuration."
12405
msgstr ""
12406
12407
#: serverguide/C/network-config.xml:583(para)
12408
msgid ""
12409
"The <ulink "
12410
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/interfaces.5.html\">i"
12411
"nterfaces man page</ulink> has details on more options for "
12412
"<filename>/etc/network/interfaces</filename>."
12413
msgstr ""
12414
12415
#: serverguide/C/network-config.xml:589(para)
12416
msgid ""
12417
"The <ulink "
12418
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/dhclient.8.html\">dhc"
12419
"lient man page</ulink> has details on more options for configuring DHCP "
12420
"client settings."
12421
msgstr ""
12422
12423
#: serverguide/C/network-config.xml:595(para)
12424
msgid ""
12425
"For more information on DNS client configuration see the <ulink "
12426
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/resolver.5.html\">res"
12427
"olver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12428
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12429
"Administrator's Guide</ulink> is a good source of resolver and name service "
12430
"configuration information."
12431
msgstr ""
12432
12433
#: serverguide/C/network-config.xml:603(para)
12434
msgid ""
12435
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12436
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/brctl.8.html\">brctl "
12437
"man page</ulink> and the Linux Foundation's <ulink "
12438
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12439
msgstr ""
12440
12441
#: serverguide/C/network-config.xml:614(title)
12442
msgid "TCP/IP"
12443
msgstr "TCP/IP"
12444
12445
#: serverguide/C/network-config.xml:615(para)
12446
msgid ""
12447
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12448
"standard set of protocols developed in the late 1970s by the Defense "
12449
"Advanced Research Projects Agency (DARPA) as a means of communication "
12450
"between different types of computers and computer networks. TCP/IP is the "
12451
"driving force of the Internet, and thus it is the most popular set of "
12452
"network protocols on Earth."
12453
msgstr ""
12454
12455
#: serverguide/C/network-config.xml:623(title)
12456
msgid "TCP/IP Introduction"
12457
msgstr ""
12458
12459
#: serverguide/C/network-config.xml:624(para)
12460
msgid ""
12461
"The two protocol components of TCP/IP deal with different aspects of "
12462
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12463
"TCP/IP is a connectionless protocol which deals only with network packet "
12464
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12465
"basic unit of networking information. The IP Datagram consists of a header "
12466
"followed by a message. The <emphasis> Transmission Control "
12467
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12468
"establish connections which may be used to exchange data streams. TCP also "
12469
"guarantees that the data between connections is delivered and that it "
12470
"arrives at one network host in the same order as sent from another network "
12471
"host."
12472
msgstr ""
12473
12474
#: serverguide/C/network-config.xml:637(title)
12475
msgid "TCP/IP Configuration"
12476
msgstr "Наладкі TCP/IP"
12477
12478
#: serverguide/C/network-config.xml:638(para)
12479
msgid ""
12480
"The TCP/IP protocol configuration consists of several elements which must be "
12481
"set by editing the appropriate configuration files, or deploying solutions "
12482
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12483
"can be configured to provide the proper TCP/IP configuration settings to "
12484
"network clients automatically. These configuration values must be set "
12485
"correctly in order to facilitate the proper network operation of your Ubuntu "
12486
"system."
12487
msgstr ""
12488
12489
#: serverguide/C/network-config.xml:650(para)
12490
msgid ""
12491
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12492
"identifying string expressed as four decimal numbers ranging from zero (0) "
12493
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12494
"four numbers representing eight (8) bits of the address for a total length "
12495
"of thirty-two (32) bits for the whole address. This format is called "
12496
"<emphasis>dotted quad notation</emphasis>."
12497
msgstr ""
12498
12499
#: serverguide/C/network-config.xml:660(para)
12500
msgid ""
12501
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12502
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12503
"separate the portions of an IP address significant to the network from the "
12504
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12505
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12506
"three bytes of the IP address and allows the last byte of the IP address to "
12507
"remain available for specifying hosts on the subnetwork."
12508
msgstr ""
12509
12510
#: serverguide/C/network-config.xml:671(para)
12511
msgid ""
12512
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12513
"represents the bytes comprising the network portion of an IP address. For "
12514
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12515
"network address, where twelve (12) represents the first byte of the IP "
12516
"address, (the network part) and zeroes (0) in all of the remaining three "
12517
"bytes to represent the potential host values. A network host using the "
12518
"private IP address 192.168.1.100 would in turn use a Network Address of "
12519
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12520
"network and a zero (0) for all the possible hosts on the network."
12521
msgstr ""
12522
12523
#: serverguide/C/network-config.xml:684(para)
12524
msgid ""
12525
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12526
"is an IP address which allows network data to be sent simultaneously to all "
12527
"hosts on a given subnetwork rather than specifying a particular host. The "
12528
"standard general broadcast address for IP networks is 255.255.255.255, but "
12529
"this broadcast address cannot be used to send a broadcast message to every "
12530
"host on the Internet because routers block it. A more appropriate broadcast "
12531
"address is set to match a specific subnetwork. For example, on the private "
12532
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12533
"Broadcast messages are typically produced by network protocols such as the "
12534
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12535
msgstr ""
12536
12537
#: serverguide/C/network-config.xml:697(para)
12538
msgid ""
12539
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12540
"IP address through which a particular network, or host on a network, may be "
12541
"reached. If one network host wishes to communicate with another network "
12542
"host, and that host is not located on the same network, then a "
12543
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12544
"Address will be that of a router on the same network, which will in turn "
12545
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12546
"value of the Gateway Address setting must be correct, or your system will "
12547
"not be able to reach any hosts beyond those on the same network."
12548
msgstr ""
12549
12550
#: serverguide/C/network-config.xml:708(para)
12551
msgid ""
12552
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12553
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12554
"resolve network hostnames into IP addresses. There are three levels of "
12555
"Nameserver Addresses, which may be specified in order of precedence: The "
12556
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12557
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12558
"your system to be able to resolve network hostnames into their corresponding "
12559
"IP addresses, you must specify valid Nameserver Addresses which you are "
12560
"authorized to use in your system's TCP/IP configuration. In many cases these "
12561
"addresses can and will be provided by your network service provider, but "
12562
"many free and publicly accessible nameservers are available for use, such as "
12563
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12564
msgstr ""
12565
12566
#: serverguide/C/network-config.xml:722(para)
12567
msgid ""
12568
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12569
"Address are typically specified via the appropriate directives in the file "
12570
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12571
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12572
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12573
"system manual page for <filename>interfaces</filename> or "
12574
"<filename>resolv.conf</filename> respectively, with the following commands "
12575
"typed at a terminal prompt:"
12576
msgstr ""
12577
12578
#: serverguide/C/network-config.xml:729(para)
12579
msgid ""
12580
"Access the system manual page for <filename>interfaces</filename> with the "
12581
"following command:"
12582
msgstr ""
12583
12584
#: serverguide/C/network-config.xml:734(command)
12585
msgid "man interfaces"
12586
msgstr ""
12587
12588
#: serverguide/C/network-config.xml:737(para)
12589
msgid ""
12590
"Access the system manual page for <filename>resolv.conf</filename> with the "
12591
"following command:"
12592
msgstr ""
12593
12594
#: serverguide/C/network-config.xml:741(command)
12595
msgid "man resolv.conf"
12596
msgstr "man resolv.conf"
12597
12598
#: serverguide/C/network-config.xml:646(para)
12599
msgid ""
12600
"The common configuration elements of TCP/IP and their purposes are as "
12601
"follows: <placeholder-1/>"
12602
msgstr ""
12603
12604
#: serverguide/C/network-config.xml:748(title)
12605
msgid "IP Routing"
12606
msgstr ""
12607
12608
#: serverguide/C/network-config.xml:749(para)
12609
msgid ""
12610
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12611
"network along which network data may be sent. Routing uses a set of "
12612
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12613
"packets from their source to the destination, often via many intermediary "
12614
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12615
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12616
"<emphasis>Dynamic Routing.</emphasis>"
12617
msgstr ""
12618
12619
#: serverguide/C/network-config.xml:758(para)
12620
msgid ""
12621
"Static routing involves manually adding IP routes to the system's routing "
12622
"table, and this is usually done by manipulating the routing table with the "
12623
"<application>route</application> command. Static routing enjoys many "
12624
"advantages over dynamic routing, such as simplicity of implementation on "
12625
"smaller networks, predictability (the routing table is always computed in "
12626
"advance, and thus the route is precisely the same each time it is used), and "
12627
"low overhead on other routers and network links due to the lack of a dynamic "
12628
"routing protocol. However, static routing does present some disadvantages as "
12629
"well. For example, static routing is limited to small networks and does not "
12630
"scale well. Static routing also fails completely to adapt to network outages "
12631
"and failures along the route due to the fixed nature of the route."
12632
msgstr ""
12633
12634
#: serverguide/C/network-config.xml:768(para)
12635
msgid ""
12636
"Dynamic routing depends on large networks with multiple possible IP routes "
12637
"from a source to a destination and makes use of special routing protocols, "
12638
"such as the Router Information Protocol (RIP), which handle the automatic "
12639
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12640
"routing has several advantages over static routing, such as superior "
12641
"scalability and the ability to adapt to failures and outages along network "
12642
"routes. Additionally, there is less manual configuration of the routing "
12643
"tables, since routers learn from one another about their existence and "
12644
"available routes. This trait also eliminates the possibility of introducing "
12645
"mistakes in the routing tables via human error. Dynamic routing is not "
12646
"perfect, however, and presents disadvantages such as heightened complexity "
12647
"and additional network overhead from router communications, which does not "
12648
"immediately benefit the end users, but still consumes network bandwidth."
12649
msgstr ""
12650
12651
#: serverguide/C/network-config.xml:782(title)
12652
msgid "TCP and UDP"
12653
msgstr "TCP і UDP"
12654
12655
#: serverguide/C/network-config.xml:783(para)
12656
msgid ""
12657
"TCP is a connection-based protocol, offering error correction and guaranteed "
12658
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12659
"Flow control determines when the flow of a data stream needs to be stopped, "
12660
"and previously sent data packets should to be re-sent due to problems such "
12661
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12662
"accurate delivery of the data. TCP is typically used in the exchange of "
12663
"important information such as database transactions."
12664
msgstr ""
12665
12666
#: serverguide/C/network-config.xml:791(para)
12667
msgid ""
12668
"The User Datagram Protocol (UDP), on the other hand, is a "
12669
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12670
"transmission of important data because it lacks flow control or any other "
12671
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12672
"applications as audio and video streaming, where it is considerably faster "
12673
"than TCP due to the lack of error correction and flow control, and where the "
12674
"loss of a few packets is not generally catastrophic."
12675
msgstr ""
12676
12677
#: serverguide/C/network-config.xml:801(title)
12678
msgid "ICMP"
12679
msgstr "ICMP"
12680
12681
#: serverguide/C/network-config.xml:802(para)
12682
msgid ""
12683
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12684
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12685
"supports network packets containing control, error, and informational "
12686
"messages. ICMP is used by such network applications as the "
12687
"<application>ping</application> utility, which can determine the "
12688
"availability of a network host or device. Examples of some error messages "
12689
"returned by ICMP which are useful to both network hosts and devices such as "
12690
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12691
"<emphasis>Time Exceeded</emphasis>."
12692
msgstr ""
12693
12694
#: serverguide/C/network-config.xml:812(title)
12695
msgid "Daemons"
12696
msgstr ""
12697
12698
#: serverguide/C/network-config.xml:813(para)
12699
msgid ""
12700
"Daemons are special system applications which typically execute continuously "
12701
"in the background and await requests for the functions they provide from "
12702
"other applications. Many daemons are network-centric; that is, a large "
12703
"number of daemons executing in the background on an Ubuntu system may "
12704
"provide network-related functionality. Some examples of such network daemons "
12705
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
12706
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
12707
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
12708
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
12709
"Daemon</emphasis> (imapd), which provides E-Mail services."
12710
msgstr ""
12711
12712
#: serverguide/C/network-config.xml:828(para)
12713
msgid ""
12714
"There are man pages for <ulink "
12715
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/tcp.7.html\">TCP</uli"
12716
"nk> and <ulink "
12717
"url=\"http://manpages.ubuntu.com/manpages/lucid/man7/ip.7.html\">IP</ulink> "
12718
"that contain more useful information."
12719
msgstr ""
12720
12721
#: serverguide/C/network-config.xml:834(para)
12722
msgid ""
12723
"Also, see the <ulink "
12724
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12725
"and Technical Overview</ulink> IBM Redbook."
12726
msgstr ""
12727
12728
#: serverguide/C/network-config.xml:840(para)
12729
msgid ""
12730
"Another resource is O'Reilly's <ulink "
12731
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12732
"Administration</ulink>."
12733
msgstr ""
12734
12735
#: serverguide/C/network-config.xml:849(title)
12736
msgid "Dynamic Host Configuration Protocol (DHCP)"
12737
msgstr ""
12738
12739
#: serverguide/C/network-config.xml:850(para)
12740
msgid ""
12741
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12742
"enables host computers to be automatically assigned settings from a server "
12743
"as opposed to manually configuring each network host. Computers configured "
12744
"to be DHCP clients have no control over the settings they receive from the "
12745
"DHCP server, and the configuration is transparent to the computer's user."
12746
msgstr ""
12747
12748
#: serverguide/C/network-config.xml:857(para)
12749
msgid ""
12750
"The most common settings provided by a DHCP server to DHCP clients include:"
12751
msgstr ""
12752
12753
#: serverguide/C/network-config.xml:862(para)
12754
msgid "IP-Address and Netmask"
12755
msgstr "IP-адрас і сеткавая маска"
12756
12757
#: serverguide/C/network-config.xml:865(para)
12758
msgid "DNS"
12759
msgstr "DNS"
12760
12761
#: serverguide/C/network-config.xml:868(para)
12762
msgid "WINS"
12763
msgstr "WINS"
12764
12765
#: serverguide/C/network-config.xml:871(para)
12766
msgid ""
12767
"However, a DHCP server can also supply configuration properties such as:"
12768
msgstr ""
12769
12770
#: serverguide/C/network-config.xml:876(para)
12771
msgid "Host Name"
12772
msgstr "Імя вузла"
12773
12774
#: serverguide/C/network-config.xml:879(para)
12775
msgid "Domain Name"
12776
msgstr "Імя дамена"
12777
12778
#: serverguide/C/network-config.xml:882(para)
12779
msgid "Default Gateway"
12780
msgstr "Прадвызначаная сеткавая брама"
12781
12782
#: serverguide/C/network-config.xml:885(para)
12783
msgid "Time Server"
12784
msgstr ""
12785
12786
#: serverguide/C/network-config.xml:888(para)
12787
msgid "Print Server"
12788
msgstr "Сэрвер друку"
12789
12790
#: serverguide/C/network-config.xml:891(para)
12791
msgid ""
12792
"The advantage of using DHCP is that changes to the network, for example a "
12793
"change in the address of the DNS server, need only be changed at the DHCP "
12794
"server, and all network hosts will be reconfigured the next time their DHCP "
12795
"clients poll the DHCP server. As an added advantage, it is also easier to "
12796
"integrate new computers into the network, as there is no need to check for "
12797
"the availability of an IP address. Conflicts in IP address allocation are "
12798
"also reduced."
12799
msgstr ""
12800
12801
#: serverguide/C/network-config.xml:899(para)
12802
msgid "A DHCP server can provide configuration settings using two methods:"
12803
msgstr ""
12804
12805
#: serverguide/C/network-config.xml:904(term)
12806
msgid "MAC Address"
12807
msgstr ""
12808
12809
#: serverguide/C/network-config.xml:906(para)
12810
msgid ""
12811
"This method entails using DHCP to identify the unique hardware address of "
12812
"each network card connected to the network and then continually supplying a "
12813
"constant configuration each time the DHCP client makes a request to the DHCP "
12814
"server using that network device."
12815
msgstr ""
12816
12817
#: serverguide/C/network-config.xml:915(term)
12818
msgid "Address Pool"
12819
msgstr ""
12820
12821
#: serverguide/C/network-config.xml:917(para)
12822
msgid ""
12823
"This method entails defining a pool (sometimes also called a range or scope) "
12824
"of IP addresses from which DHCP clients are supplied their configuration "
12825
"properties dynamically and on a \"first come, first served\" basis. When a "
12826
"DHCP client is no longer on the network for a specified period, the "
12827
"configuration is expired and released back to the address pool for use by "
12828
"other DHCP Clients."
12829
msgstr ""
12830
12831
#: serverguide/C/network-config.xml:928(para)
12832
msgid ""
12833
"Ubuntu is shipped with both DHCP server and client. The server is "
12834
"<application>dhcpd</application> (dynamic host configuration protocol "
12835
"daemon). The client provided with Ubuntu is "
12836
"<application>dhclient</application> and should be installed on all computers "
12837
"required to be automatically configured. Both programs are easy to install "
12838
"and configure and will be automatically started at system boot."
12839
msgstr ""
12840
12841
#: serverguide/C/network-config.xml:938(para)
12842
msgid ""
12843
"At a terminal prompt, enter the following command to install "
12844
"<application>dhcpd</application>:"
12845
msgstr ""
12846
12847
#: serverguide/C/network-config.xml:943(command)
12848
msgid "sudo apt-get install dhcp3-server"
12849
msgstr "sudo apt-get install dhcp3-server"
12850
12851
#: serverguide/C/network-config.xml:945(para)
12852
msgid ""
12853
"You will probably need to change the default configuration by editing "
12854
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
12855
msgstr ""
12856
12857
#: serverguide/C/network-config.xml:949(para)
12858
msgid ""
12859
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12860
"dhcpd should listen to. By default it listens to eth0."
12861
msgstr ""
12862
12863
#: serverguide/C/network-config.xml:953(para)
12864
msgid ""
12865
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12866
"messages."
12867
msgstr ""
12868
12869
#: serverguide/C/network-config.xml:960(para)
12870
msgid ""
12871
"The error message the installation ends with might be a little confusing, "
12872
"but the following steps will help you configure the service:"
12873
msgstr ""
12874
12875
#: serverguide/C/network-config.xml:964(para)
12876
msgid ""
12877
"Most commonly, what you want to do is assign an IP address randomly. This "
12878
"can be done with settings as follows:"
12879
msgstr ""
12880
12881
#: serverguide/C/network-config.xml:968(programlisting)
12882
#, no-wrap
12883
msgid ""
12884
"\n"
12885
"# Sample /etc/dhcpd.conf\n"
12886
"# (add your comments here) \n"
12887
"default-lease-time 600;\n"
12888
"max-lease-time 7200;\n"
12889
"option subnet-mask 255.255.255.0;\n"
12890
"option broadcast-address 192.168.1.255;\n"
12891
"option routers 192.168.1.254;\n"
12892
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12893
"option domain-name \"mydomain.example\";\n"
12894
"\n"
12895
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12896
"range 192.168.1.10 192.168.1.100;\n"
12897
"range 192.168.1.150 192.168.1.200;\n"
12898
"} \n"
12899
msgstr ""
12900
12901
#: serverguide/C/network-config.xml:984(para)
12902
msgid ""
12903
"This will result in the DHCP server giving a client an IP address from the "
12904
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12905
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12906
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12907
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12908
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12909
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12910
msgstr ""
12911
12912
#: serverguide/C/network-config.xml:993(para)
12913
msgid ""
12914
"If you need to specify a WINS server for your Windows clients, you will need "
12915
"to include the netbios-name-servers option, e.g."
12916
msgstr ""
12917
12918
#: serverguide/C/network-config.xml:997(programlisting)
12919
#, no-wrap
12920
msgid ""
12921
"\n"
12922
"option netbios-name-servers 192.168.1.1; \n"
12923
msgstr ""
12924
"\n"
12925
"option netbios-name-servers 192.168.1.1; \n"
12926
12927
#: serverguide/C/network-config.xml:1000(para)
12928
msgid ""
12929
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12930
"be found <ulink "
12931
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12932
msgstr ""
12933
12934
#: serverguide/C/network-config.xml:1010(para)
12935
msgid ""
12936
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12937
"server Ubuntu Wiki</ulink> page has more information."
12938
msgstr ""
12939
12940
#: serverguide/C/network-config.xml:1015(para)
12941
msgid ""
12942
"For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
12943
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/dhcpd.conf.5.html\">d"
12944
"hcpd.conf man page</ulink>."
12945
msgstr ""
12946
12947
#: serverguide/C/network-config.xml:1021(para)
12948
msgid ""
12949
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12950
"FAQ</ulink>"
12951
msgstr ""
12952
12953
#: serverguide/C/network-config.xml:1031(title)
12954
msgid "Time Synchronisation with NTP"
12955
msgstr ""
12956
12957
#: serverguide/C/network-config.xml:1032(para)
12958
msgid ""
12959
"This page describes methods for keeping your computer's time accurate. This "
12960
"is useful for servers, but is not necessary (or desirable) for desktop "
12961
"machines."
12962
msgstr ""
12963
12964
#: serverguide/C/network-config.xml:1035(para)
12965
msgid ""
12966
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12967
"client requests the current time from a server, and uses it to set its own "
12968
"clock."
12969
msgstr ""
12970
12971
#: serverguide/C/network-config.xml:1038(para)
12972
msgid ""
12973
"Behind this simple description, there is a lot of complexity - there are "
12974
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12975
"clocks (often via GPS), and tier two and three servers spreading the load of "
12976
"actually handling requests across the Internet. Also the client software is "
12977
"a lot more complex than you might think - it has to factor out communication "
12978
"delays, and adjust the time in a way that does not upset all the other "
12979
"processes that run on the server. But luckily all that complexity is hidden "
12980
"from you!"
12981
msgstr ""
12982
12983
#: serverguide/C/network-config.xml:1041(para)
12984
msgid ""
12985
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
12986
msgstr ""
12987
12988
#: serverguide/C/network-config.xml:1046(title)
12989
msgid "ntpdate"
12990
msgstr "ntpdate"
12991
12992
#: serverguide/C/network-config.xml:1047(para)
12993
msgid ""
12994
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12995
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12996
"is likely to drift considerably between reboots, so it makes sense to "
12997
"correct the time occasionally. The easiest way to do this is to get cron to "
12998
"run ntpdate every day. With your favorite editor, as root, create a file "
12999
"<code>/etc/cron.daily/ntpdate</code> containing:"
13000
msgstr ""
13001
13002
#: serverguide/C/network-config.xml:1052(screen)
13003
#, no-wrap
13004
msgid "ntpdate ntp.ubuntu.com\n"
13005
msgstr "ntpdate ntp.ubuntu.com\n"
13006
13007
#: serverguide/C/network-config.xml:1054(para)
13008
msgid ""
13009
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
13010
msgstr ""
13011
13012
#: serverguide/C/network-config.xml:1057(screen)
13013
#, no-wrap
13014
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
13015
msgstr "sudo chmod 755 /etc/cron.daily/ntpdate\n"
13016
13017
#: serverguide/C/network-config.xml:1061(title)
13018
msgid "ntpd"
13019
msgstr "ntpd"
13020
13021
#: serverguide/C/network-config.xml:1062(para)
13022
msgid ""
13023
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
13024
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
13025
"calculates the drift of your system clock and continuously adjusts it, so "
13026
"there are no large corrections that could lead to inconsistent logs for "
13027
"instance. The cost is a little processing power and memory, but for a modern "
13028
"server this is negligible."
13029
msgstr ""
13030
13031
#: serverguide/C/network-config.xml:1065(para)
13032
msgid "To set up ntpd:"
13033
msgstr ""
13034
13035
#: serverguide/C/network-config.xml:1066(screen)
13036
#, no-wrap
13037
msgid "sudo apt-get install ntp\n"
13038
msgstr "sudo apt-get install ntp\n"
13039
13040
#: serverguide/C/network-config.xml:1071(title)
13041
msgid "Changing Time Servers"
13042
msgstr ""
13043
13044
#: serverguide/C/network-config.xml:1072(para)
13045
msgid ""
13046
"In both cases above, your system will use Ubuntu's NTP server at "
13047
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
13048
"use several servers to increase accuracy and resilience, and you may want to "
13049
"use time servers that are geographically closer to you. to do this for "
13050
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
13051
msgstr ""
13052
13053
#: serverguide/C/network-config.xml:1079(screen)
13054
#, no-wrap
13055
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
13056
msgstr "ntpdate ntp.ubuntu.com pool.ntp.org \n"
13057
13058
#: serverguide/C/network-config.xml:1081(para)
13059
msgid ""
13060
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
13061
"lines:"
13062
msgstr ""
13063
13064
#: serverguide/C/network-config.xml:1086(screen)
13065
#, no-wrap
13066
msgid ""
13067
"server ntp.ubuntu.com\n"
13068
"server pool.ntp.org\n"
13069
msgstr ""
13070
"server ntp.ubuntu.com\n"
13071
"server pool.ntp.org\n"
13072
13073
#: serverguide/C/network-config.xml:1089(para)
13074
msgid ""
13075
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
13076
"really good idea which uses round-robin DNS to return an NTP server from a "
13077
"pool, spreading the load between several different servers. Even better, "
13078
"they have pools for different regions - for instance, if you are in New "
13079
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
13080
"<code>pool.ntp.org</code> . Look at <ulink "
13081
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
13082
"details."
13083
msgstr ""
13084
13085
#: serverguide/C/network-config.xml:1100(para)
13086
msgid ""
13087
"You can also Google for NTP servers in your region, and add these to your "
13088
"configuration. To test that a server works, just type <code>sudo ntpdate "
13089
"ntp.server.name</code> and see what happens."
13090
msgstr ""
13091
13092
#: serverguide/C/network-config.xml:1111(para)
13093
msgid ""
13094
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13095
"Time</ulink> wiki page for more information."
13096
msgstr ""
13097
13098
#: serverguide/C/network-config.xml:1117(ulink)
13099
msgid "NTP Support"
13100
msgstr "Падтрымка NTP"
13101
13102
#: serverguide/C/network-config.xml:1122(ulink)
13103
msgid "The NTP FAQ and HOWTO"
13104
msgstr ""
13105
13106
#: serverguide/C/network-auth.xml:13(title)
13107
msgid "Network Authentication"
13108
msgstr ""
13109
13110
#: serverguide/C/network-auth.xml:15(para)
13111
msgid "This section explains various Network Authentication protocols."
13112
msgstr ""
13113
13114
#: serverguide/C/network-auth.xml:19(title)
13115
msgid "OpenLDAP Server"
13116
msgstr "Сэрвер OpenLDAP"
13117
13118
#: serverguide/C/network-auth.xml:20(para)
13119
msgid ""
13120
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
13121
"simplified version of the X.500 protocol. The directory setup in this "
13122
"section will be used for authentication. Nevertheless, LDAP can be used in "
13123
"numerous ways: authentication, shared directory (for mail clients), address "
13124
"book, etc."
13125
msgstr ""
13126
13127
#: serverguide/C/network-auth.xml:28(para)
13128
msgid ""
13129
"To describe LDAP quickly, all information is stored in a tree structure. "
13130
"With <application>OpenLDAP</application> you have freedom to determine the "
13131
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
13132
"We will begin with a basic tree containing two nodes below the root:"
13133
msgstr ""
13134
13135
#: serverguide/C/network-auth.xml:37(para)
13136
msgid "\"People\" node where your users will be stored"
13137
msgstr ""
13138
13139
#: serverguide/C/network-auth.xml:40(para)
13140
msgid "\"Groups\" node where your groups will be stored"
13141
msgstr ""
13142
13143
#: serverguide/C/network-auth.xml:44(para)
13144
msgid ""
13145
"Before beginning, you should determine what the root of your LDAP directory "
13146
"will be. By default, your tree will be determined by your Fully Qualified "
13147
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
13148
"example), your root node will be dc=example,dc=com."
13149
msgstr ""
13150
13151
#: serverguide/C/network-auth.xml:54(para)
13152
msgid ""
13153
"First, install the <application>OpenLDAP</application> server daemon "
13154
"<application>slapd</application> and <application>ldap-utils</application>, "
13155
"a package containing LDAP management utilities:"
13156
msgstr ""
13157
13158
#: serverguide/C/network-auth.xml:60(command)
13159
msgid "sudo apt-get install slapd ldap-utils"
13160
msgstr "sudo apt-get install slapd ldap-utils"
13161
13162
#: serverguide/C/network-auth.xml:63(para)
13163
msgid ""
13164
"By default <application>slapd</application> is configured with minimal "
13165
"options needed to run the <application>slapd</application> daemon."
13166
msgstr ""
13167
13168
#: serverguide/C/network-auth.xml:68(para)
13169
msgid ""
13170
"The configuration example in the following sections will match the domain "
13171
"name of the server. For example, if the machine's Fully Qualified Domain "
13172
"Name (FQDN) is ldap.example.com, the default suffix will be "
13173
"<emphasis>dc=example,dc=com</emphasis>."
13174
msgstr ""
13175
13176
#: serverguide/C/network-auth.xml:76(title)
13177
msgid "Populating LDAP"
13178
msgstr ""
13179
13180
#: serverguide/C/network-auth.xml:78(para)
13181
msgid ""
13182
"<application>OpenLDAP</application> uses a separate directory which contains "
13183
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
13184
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
13185
"<application>slapd</application> daemon, allowing the modification of schema "
13186
"definitions, indexes, ACLs, etc without stopping the service."
13187
msgstr ""
13188
13189
#: serverguide/C/network-auth.xml:86(para)
13190
msgid ""
13191
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13192
"configuration and will need additional configuration options in order to "
13193
"populate the frontend directory. The frontend will be populated with a "
13194
"\"classical\" scheme that will be compatible with address book applications "
13195
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13196
"various applications, such as web applications, email Mail Transfer Agent "
13197
"(MTA) applications, etc."
13198
msgstr ""
13199
13200
#: serverguide/C/network-auth.xml:95(para)
13201
msgid ""
13202
"For external applications to authenticate using LDAP they will each need to "
13203
"be specifically configured to do so. Refer to the individual application "
13204
"documentation for details."
13205
msgstr ""
13206
13207
#: serverguide/C/network-auth.xml:103(para)
13208
msgid ""
13209
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13210
"examples to match your LDAP configuration."
13211
msgstr ""
13212
13213
#: serverguide/C/network-auth.xml:108(para)
13214
msgid ""
13215
"First, some additional schema files need to be loaded. In a terminal enter:"
13216
msgstr ""
13217
13218
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13219
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13220
msgstr ""
13221
13222
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13223
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13224
msgstr ""
13225
13226
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13227
msgid ""
13228
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13229
msgstr ""
13230
13231
#: serverguide/C/network-auth.xml:118(para)
13232
msgid ""
13233
"Next, copy the following example LDIF file, naming it "
13234
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13235
msgstr ""
13236
13237
#: serverguide/C/network-auth.xml:123(programlisting)
13238
#, no-wrap
13239
msgid ""
13240
"\n"
13241
"# Load dynamic backend modules\n"
13242
"dn: cn=module,cn=config\n"
13243
"objectClass: olcModuleList\n"
13244
"cn: module\n"
13245
"olcModulepath: /usr/lib/ldap\n"
13246
"olcModuleload: back_hdb\n"
13247
"\n"
13248
"# Database settings\n"
13249
"dn: olcDatabase=hdb,cn=config\n"
13250
"objectClass: olcDatabaseConfig\n"
13251
"objectClass: olcHdbConfig\n"
13252
"olcDatabase: {1}hdb\n"
13253
"olcSuffix: dc=example,dc=com\n"
13254
"olcDbDirectory: /var/lib/ldap\n"
13255
"olcRootDN: cn=admin,dc=example,dc=com\n"
13256
"olcRootPW: secret\n"
13257
"olcDbConfig: set_cachesize 0 2097152 0\n"
13258
"olcDbConfig: set_lk_max_objects 1500\n"
13259
"olcDbConfig: set_lk_max_locks 1500\n"
13260
"olcDbConfig: set_lk_max_lockers 1500\n"
13261
"olcDbIndex: objectClass eq\n"
13262
"olcLastMod: TRUE\n"
13263
"olcDbCheckpoint: 512 30\n"
13264
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13265
"by anonymous auth by self write by * none\n"
13266
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13267
"olcAccess: to dn.base=\"\" by * read\n"
13268
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13269
"\n"
13270
msgstr ""
13271
13272
#: serverguide/C/network-auth.xml:155(para)
13273
msgid ""
13274
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13275
msgstr ""
13276
13277
#: serverguide/C/network-auth.xml:160(para)
13278
msgid "Now add the LDIF to the directory:"
13279
msgstr ""
13280
13281
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13282
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13283
msgstr ""
13284
13285
#: serverguide/C/network-auth.xml:168(para)
13286
msgid ""
13287
"The frontend directory is now ready to be populated. Create a "
13288
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13289
msgstr ""
13290
13291
#: serverguide/C/network-auth.xml:173(programlisting)
13292
#, no-wrap
13293
msgid ""
13294
"\n"
13295
"# Create top-level object in domain\n"
13296
"dn: dc=example,dc=com\n"
13297
"objectClass: top\n"
13298
"objectClass: dcObject\n"
13299
"objectclass: organization\n"
13300
"o: Example Organization\n"
13301
"dc: Example\n"
13302
"description: LDAP Example \n"
13303
"\n"
13304
"# Admin user.\n"
13305
"dn: cn=admin,dc=example,dc=com\n"
13306
"objectClass: simpleSecurityObject\n"
13307
"objectClass: organizationalRole\n"
13308
"cn: admin\n"
13309
"description: LDAP administrator\n"
13310
"userPassword: secret\n"
13311
"\n"
13312
"dn: ou=people,dc=example,dc=com\n"
13313
"objectClass: organizationalUnit\n"
13314
"ou: people\n"
13315
"\n"
13316
"dn: ou=groups,dc=example,dc=com\n"
13317
"objectClass: organizationalUnit\n"
13318
"ou: groups\n"
13319
"\n"
13320
"dn: uid=john,ou=people,dc=example,dc=com\n"
13321
"objectClass: inetOrgPerson\n"
13322
"objectClass: posixAccount\n"
13323
"objectClass: shadowAccount\n"
13324
"uid: john\n"
13325
"sn: Doe\n"
13326
"givenName: John\n"
13327
"cn: John Doe\n"
13328
"displayName: John Doe\n"
13329
"uidNumber: 1000\n"
13330
"gidNumber: 10000\n"
13331
"userPassword: password\n"
13332
"gecos: John Doe\n"
13333
"loginShell: /bin/bash\n"
13334
"homeDirectory: /home/john\n"
13335
"shadowExpire: -1\n"
13336
"shadowFlag: 0\n"
13337
"shadowWarning: 7\n"
13338
"shadowMin: 8\n"
13339
"shadowMax: 999999\n"
13340
"shadowLastChange: 10877\n"
13341
"mail: john.doe@example.com\n"
13342
"postalCode: 31000\n"
13343
"l: Toulouse\n"
13344
"o: Example\n"
13345
"mobile: +33 (0)6 xx xx xx xx\n"
13346
"homePhone: +33 (0)5 xx xx xx xx\n"
13347
"title: System Administrator\n"
13348
"postalAddress: \n"
13349
"initials: JD\n"
13350
"\n"
13351
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13352
"objectClass: posixGroup\n"
13353
"cn: example\n"
13354
"gidNumber: 10000\n"
13355
msgstr ""
13356
13357
#: serverguide/C/network-auth.xml:236(para)
13358
msgid ""
13359
"In this example the directory structure, a user, and a group have been "
13360
"setup. In other examples you might see the <emphasis>objectClass: "
13361
"top</emphasis> added in every entry, but that is the default behaviour so "
13362
"you do not have to add it explicitly."
13363
msgstr ""
13364
13365
#: serverguide/C/network-auth.xml:243(para)
13366
msgid "Add the entries to the LDAP directory:"
13367
msgstr ""
13368
13369
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13370
msgid ""
13371
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13372
msgstr ""
13373
13374
#: serverguide/C/network-auth.xml:252(para)
13375
msgid ""
13376
"We can check that the content has been correctly added with the "
13377
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13378
"directory:"
13379
msgstr ""
13380
13381
#: serverguide/C/network-auth.xml:258(command)
13382
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13383
msgstr "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13384
13385
#: serverguide/C/network-auth.xml:259(computeroutput)
13386
#, no-wrap
13387
msgid ""
13388
"\n"
13389
"dn: uid=john,ou=people,dc=example,dc=com\n"
13390
"cn: John Doe\n"
13391
"sn: Doe\n"
13392
"givenName: John\n"
13393
msgstr ""
13394
"\n"
13395
"dn: uid=john,ou=people,dc=example,dc=com\n"
13396
"cn: John Doe\n"
13397
"sn: Doe\n"
13398
"givenName: John\n"
13399
13400
#: serverguide/C/network-auth.xml:267(para)
13401
msgid "Just a quick explanation:"
13402
msgstr ""
13403
13404
#: serverguide/C/network-auth.xml:273(para)
13405
msgid ""
13406
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13407
"the default."
13408
msgstr ""
13409
13410
#: serverguide/C/network-auth.xml:279(para)
13411
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13412
msgstr ""
13413
13414
#: serverguide/C/network-auth.xml:287(title)
13415
msgid "Further Configuration"
13416
msgstr ""
13417
13418
#: serverguide/C/network-auth.xml:290(para)
13419
msgid ""
13420
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13421
"utilities in the <application>ldap-utils</application> package. For example:"
13422
msgstr ""
13423
13424
#: serverguide/C/network-auth.xml:298(para)
13425
msgid ""
13426
"Use <application>ldapsearch</application> to view the tree, entering the "
13427
"admin password set during installation or reconfiguration:"
13428
msgstr ""
13429
13430
#: serverguide/C/network-auth.xml:304(command)
13431
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13432
msgstr ""
13433
13434
#: serverguide/C/network-auth.xml:308(computeroutput)
13435
#, no-wrap
13436
msgid ""
13437
"\n"
13438
"SASL/EXTERNAL authentication started\n"
13439
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13440
"SASL SSF: 0\n"
13441
"dn: cn=config\n"
13442
"\n"
13443
"dn: cn=module{0},cn=config\n"
13444
"\n"
13445
"dn: cn=schema,cn=config\n"
13446
"\n"
13447
"dn: cn={0}core,cn=schema,cn=config\n"
13448
"\n"
13449
"dn: cn={1}cosine,cn=schema,cn=config\n"
13450
"\n"
13451
"dn: cn={2}nis,cn=schema,cn=config\n"
13452
"\n"
13453
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13454
"\n"
13455
"dn: olcDatabase={-1}frontend,cn=config\n"
13456
"\n"
13457
"dn: olcDatabase={0}config,cn=config\n"
13458
"\n"
13459
"dn: olcDatabase={1}hdb,cn=config\n"
13460
msgstr ""
13461
13462
#: serverguide/C/network-auth.xml:334(para)
13463
msgid ""
13464
"The output above is the current configuration options for the "
13465
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13466
msgstr ""
13467
13468
#: serverguide/C/network-auth.xml:342(para)
13469
msgid ""
13470
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13471
"another attribute to the index list using "
13472
"<application>ldapmodify</application>:"
13473
msgstr ""
13474
13475
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:984(command) serverguide/C/network-auth.xml:1155(command) serverguide/C/network-auth.xml:1191(command)
13476
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13477
msgstr ""
13478
13479
#: serverguide/C/network-auth.xml:356(userinput)
13480
#, no-wrap
13481
msgid ""
13482
"dn: olcDatabase={1}hdb,cn=config\n"
13483
"add: olcDbIndex\n"
13484
"olcDbIndex: uidNumber eq"
13485
msgstr ""
13486
13487
#: serverguide/C/network-auth.xml:352(computeroutput)
13488
#, no-wrap
13489
msgid ""
13490
"\n"
13491
"SASL/EXTERNAL authentication started\n"
13492
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13493
"SASL SSF: 0\n"
13494
"<placeholder-1/>\n"
13495
"\n"
13496
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13497
msgstr ""
13498
13499
#: serverguide/C/network-auth.xml:364(para)
13500
msgid ""
13501
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13502
"exit the utility."
13503
msgstr ""
13504
13505
#: serverguide/C/network-auth.xml:371(para)
13506
msgid ""
13507
"<application>ldapmodify</application> can also read the changes from a file. "
13508
"Copy and paste the following into a file named "
13509
"<filename>uid_index.ldif</filename>:"
13510
msgstr ""
13511
13512
#: serverguide/C/network-auth.xml:376(programlisting)
13513
#, no-wrap
13514
msgid ""
13515
"\n"
13516
"dn: olcDatabase={1}hdb,cn=config\n"
13517
"add: olcDbIndex\n"
13518
"olcDbIndex: uid eq,pres,sub\n"
13519
msgstr ""
13520
"\n"
13521
"dn: olcDatabase={1}hdb,cn=config\n"
13522
"add: olcDbIndex\n"
13523
"olcDbIndex: uid eq,pres,sub\n"
13524
13525
#: serverguide/C/network-auth.xml:382(para)
13526
msgid "Then execute <application>ldapmodify</application>:"
13527
msgstr ""
13528
13529
#: serverguide/C/network-auth.xml:387(command)
13530
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13531
msgstr ""
13532
13533
#: serverguide/C/network-auth.xml:391(computeroutput)
13534
#, no-wrap
13535
msgid ""
13536
"\n"
13537
"SASL/EXTERNAL authentication started\n"
13538
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13539
"SASL SSF: 0\n"
13540
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13541
msgstr ""
13542
13543
#: serverguide/C/network-auth.xml:399(para)
13544
msgid "The file method is very useful for large changes."
13545
msgstr ""
13546
13547
#: serverguide/C/network-auth.xml:406(para)
13548
msgid ""
13549
"Adding additional <emphasis>schemas</emphasis> to "
13550
"<application>slapd</application> requires the schema to be converted to LDIF "
13551
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13552
"directory contains some schema files already converted to LDIF format as "
13553
"demonstrated in the previous section. Fortunately, the "
13554
"<application>slapd</application> program can be used to automate the "
13555
"conversion. The following example will add the "
13556
"<emphasis>dyngoup.schema</emphasis>:"
13557
msgstr ""
13558
13559
#: serverguide/C/network-auth.xml:416(para)
13560
msgid ""
13561
"First, create a conversion <filename>schema_convert.conf</filename> file "
13562
"containing the following lines:"
13563
msgstr ""
13564
13565
#: serverguide/C/network-auth.xml:421(programlisting)
13566
#, no-wrap
13567
msgid ""
13568
"\n"
13569
"include /etc/ldap/schema/core.schema\n"
13570
"include /etc/ldap/schema/collective.schema\n"
13571
"include /etc/ldap/schema/corba.schema\n"
13572
"include /etc/ldap/schema/cosine.schema\n"
13573
"include /etc/ldap/schema/duaconf.schema\n"
13574
"include /etc/ldap/schema/dyngroup.schema\n"
13575
"include /etc/ldap/schema/inetorgperson.schema\n"
13576
"include /etc/ldap/schema/java.schema\n"
13577
"include /etc/ldap/schema/misc.schema\n"
13578
"include /etc/ldap/schema/nis.schema\n"
13579
"include /etc/ldap/schema/openldap.schema\n"
13580
"include /etc/ldap/schema/ppolicy.schema\n"
13581
msgstr ""
13582
13583
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1655(para)
13584
msgid "Next, create a temporary directory to hold the output:"
13585
msgstr ""
13586
13587
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1660(command) serverguide/C/network-auth.xml:2695(command)
13588
msgid "mkdir /tmp/ldif_output"
13589
msgstr "mkdir /tmp/ldif_output"
13590
13591
#: serverguide/C/network-auth.xml:450(para)
13592
msgid ""
13593
"Now using <application>slapcat</application> convert the schema files to "
13594
"LDIF:"
13595
msgstr ""
13596
13597
#: serverguide/C/network-auth.xml:455(command)
13598
msgid ""
13599
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13600
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13601
msgstr ""
13602
13603
#: serverguide/C/network-auth.xml:458(para)
13604
msgid ""
13605
"Adjust the configuration file name and temporary directory names if yours "
13606
"are different. Also, it may be worthwhile to keep the "
13607
"<filename>ldif_output</filename> directory around in case you want to add "
13608
"additional schemas in the future."
13609
msgstr ""
13610
13611
#: serverguide/C/network-auth.xml:467(para)
13612
msgid ""
13613
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13614
"following attributes:"
13615
msgstr ""
13616
13617
#: serverguide/C/network-auth.xml:471(programlisting)
13618
#, no-wrap
13619
msgid ""
13620
"\n"
13621
"dn: cn=dyngroup,cn=schema,cn=config\n"
13622
"...\n"
13623
"cn: dyngroup\n"
13624
msgstr ""
13625
13626
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1691(para)
13627
msgid "And remove the following lines from the bottom of the file:"
13628
msgstr ""
13629
13630
#: serverguide/C/network-auth.xml:481(programlisting)
13631
#, no-wrap
13632
msgid ""
13633
"\n"
13634
"structuralObjectClass: olcSchemaConfig\n"
13635
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13636
"creatorsName: cn=config\n"
13637
"createTimestamp: 20080826021140Z\n"
13638
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13639
"modifiersName: cn=config\n"
13640
"modifyTimestamp: 20080826021140Z\n"
13641
msgstr ""
13642
13643
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1706(para) serverguide/C/network-auth.xml:2741(para)
13644
msgid ""
13645
"The attribute values will vary, just be sure the attributes are removed."
13646
msgstr ""
13647
13648
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1714(para)
13649
msgid ""
13650
"Finally, using the <application>ldapadd</application> utility, add the new "
13651
"schema to the directory:"
13652
msgstr ""
13653
13654
#: serverguide/C/network-auth.xml:506(command)
13655
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13656
msgstr ""
13657
13658
#: serverguide/C/network-auth.xml:512(para)
13659
msgid ""
13660
"There should now be a <emphasis>dn: "
13661
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13662
msgstr ""
13663
13664
#: serverguide/C/network-auth.xml:522(title)
13665
msgid "LDAP Replication"
13666
msgstr ""
13667
13668
#: serverguide/C/network-auth.xml:524(para)
13669
msgid ""
13670
"LDAP often quickly becomes a highly critical service to the network. "
13671
"Multiple systems will come to depend on LDAP for authentication, "
13672
"authorization, configuration, etc. It is a good idea to setup a redundant "
13673
"system through replication."
13674
msgstr ""
13675
13676
#: serverguide/C/network-auth.xml:530(para)
13677
msgid ""
13678
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13679
"Syncrepl allows the changes to be synced using a "
13680
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13681
"provider sends directory changes to consumers."
13682
msgstr ""
13683
13684
#: serverguide/C/network-auth.xml:537(title)
13685
msgid "Provider Configuration"
13686
msgstr ""
13687
13688
#: serverguide/C/network-auth.xml:539(para)
13689
msgid ""
13690
"The following is an example of a <emphasis>Single-Master</emphasis> "
13691
"configuration. In this configuration one OpenLDAP server is configured as a "
13692
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13693
msgstr ""
13694
13695
#: serverguide/C/network-auth.xml:547(para)
13696
msgid ""
13697
"First, configure the provider server. Copy the following to a file named "
13698
"<filename>provider_sync.ldif</filename>:"
13699
msgstr ""
13700
13701
#: serverguide/C/network-auth.xml:552(programlisting)
13702
#, no-wrap
13703
msgid ""
13704
"\n"
13705
"# Add indexes to the frontend db.\n"
13706
"dn: olcDatabase={1}hdb,cn=config\n"
13707
"changetype: modify\n"
13708
"add: olcDbIndex\n"
13709
"olcDbIndex: entryCSN eq\n"
13710
"-\n"
13711
"add: olcDbIndex\n"
13712
"olcDbIndex: entryUUID eq\n"
13713
"\n"
13714
"#Load the syncprov and accesslog modules.\n"
13715
"dn: cn=module{0},cn=config\n"
13716
"changetype: modify\n"
13717
"add: olcModuleLoad\n"
13718
"olcModuleLoad: syncprov\n"
13719
"-\n"
13720
"add: olcModuleLoad\n"
13721
"olcModuleLoad: accesslog\n"
13722
"\n"
13723
"# Accesslog database definitions\n"
13724
"dn: olcDatabase={2}hdb,cn=config\n"
13725
"objectClass: olcDatabaseConfig\n"
13726
"objectClass: olcHdbConfig\n"
13727
"olcDatabase: {2}hdb\n"
13728
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13729
"olcSuffix: cn=accesslog\n"
13730
"olcRootDN: cn=admin,dc=example,dc=com\n"
13731
"olcDbIndex: default eq\n"
13732
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13733
"\n"
13734
"# Accesslog db syncprov.\n"
13735
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
13736
"changetype: add\n"
13737
"objectClass: olcOverlayConfig\n"
13738
"objectClass: olcSyncProvConfig\n"
13739
"olcOverlay: syncprov\n"
13740
"olcSpNoPresent: TRUE\n"
13741
"olcSpReloadHint: TRUE\n"
13742
"\n"
13743
"# syncrepl Provider for primary db\n"
13744
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
13745
"changetype: add\n"
13746
"objectClass: olcOverlayConfig\n"
13747
"objectClass: olcSyncProvConfig\n"
13748
"olcOverlay: syncprov\n"
13749
"olcSpNoPresent: TRUE\n"
13750
"\n"
13751
"# accesslog overlay definitions for primary db\n"
13752
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13753
"objectClass: olcOverlayConfig\n"
13754
"objectClass: olcAccessLogConfig\n"
13755
"olcOverlay: accesslog\n"
13756
"olcAccessLogDB: cn=accesslog\n"
13757
"olcAccessLogOps: writes\n"
13758
"olcAccessLogSuccess: TRUE\n"
13759
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13760
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13761
msgstr ""
13762
13763
#: serverguide/C/network-auth.xml:614(para)
13764
msgid ""
13765
"The <application>AppArmor</application> profile for "
13766
"<application>slapd</application> will need to be adjusted for the accesslog "
13767
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13768
"adding:"
13769
msgstr ""
13770
13771
#: serverguide/C/network-auth.xml:619(programlisting)
13772
#, no-wrap
13773
msgid ""
13774
"\n"
13775
" /var/lib/ldap/accesslog/ r,\n"
13776
" /var/lib/ldap/accesslog/** rwk,\n"
13777
msgstr ""
13778
13779
#: serverguide/C/network-auth.xml:624(para)
13780
msgid ""
13781
"Then create the directory, reload the <application>apparmor</application> "
13782
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13783
msgstr ""
13784
13785
#: serverguide/C/network-auth.xml:630(command)
13786
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13787
msgstr ""
13788
13789
#: serverguide/C/network-auth.xml:631(command)
13790
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13791
msgstr ""
13792
13793
#: serverguide/C/network-auth.xml:636(para)
13794
msgid ""
13795
"Using the <emphasis>-u openldap</emphasis> option with the "
13796
"<application>sudo</application> commands above removes the need to adjust "
13797
"permissions for the new directory later."
13798
msgstr ""
13799
13800
#: serverguide/C/network-auth.xml:645(para)
13801
msgid ""
13802
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13803
"directory:"
13804
msgstr ""
13805
13806
#: serverguide/C/network-auth.xml:649(programlisting)
13807
#, no-wrap
13808
msgid ""
13809
"\n"
13810
"olcRootDN: cn=admin,dc=example,dc=com\n"
13811
msgstr ""
13812
13813
#: serverguide/C/network-auth.xml:657(para)
13814
msgid ""
13815
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13816
msgstr ""
13817
13818
#: serverguide/C/network-auth.xml:662(command)
13819
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13820
msgstr ""
13821
13822
#: serverguide/C/network-auth.xml:669(para)
13823
msgid "Restart <application>slapd</application>:"
13824
msgstr ""
13825
13826
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1040(command) serverguide/C/network-auth.xml:1227(command)
13827
msgid "sudo /etc/init.d/slapd restart"
13828
msgstr "sudo /etc/init.d/slapd restart"
13829
13830
#: serverguide/C/network-auth.xml:680(para)
13831
msgid ""
13832
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13833
"to configure a <emphasis>Consumer</emphasis> server."
13834
msgstr ""
13835
13836
#: serverguide/C/network-auth.xml:687(title)
13837
msgid "Consumer Configuration"
13838
msgstr ""
13839
13840
#: serverguide/C/network-auth.xml:692(para)
13841
msgid ""
13842
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13843
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13844
"configuration steps."
13845
msgstr ""
13846
13847
#: serverguide/C/network-auth.xml:697(para)
13848
msgid "Add the additional schema files:"
13849
msgstr ""
13850
13851
#: serverguide/C/network-auth.xml:707(para)
13852
msgid ""
13853
"Also, create, or copy from the provider server, the "
13854
"<filename>backend.example.com.ldif</filename>"
13855
msgstr ""
13856
13857
#: serverguide/C/network-auth.xml:711(programlisting)
13858
#, no-wrap
13859
msgid ""
13860
"\n"
13861
"# Load dynamic backend modules\n"
13862
"dn: cn=module,cn=config\n"
13863
"objectClass: olcModuleList\n"
13864
"cn: module\n"
13865
"olcModulepath: /usr/lib/ldap\n"
13866
"olcModuleload: back_hdb\n"
13867
"\n"
13868
"# Database settings\n"
13869
"dn: olcDatabase=hdb,cn=config\n"
13870
"objectClass: olcDatabaseConfig\n"
13871
"objectClass: olcHdbConfig\n"
13872
"olcDatabase: {1}hdb\n"
13873
"olcSuffix: dc=example,dc=com\n"
13874
"olcDbDirectory: /var/lib/ldap\n"
13875
"olcRootDN: cn=admin,dc=example,dc=com\n"
13876
"olcRootPW: secret\n"
13877
"olcDbConfig: set_cachesize 0 2097152 0\n"
13878
"olcDbConfig: set_lk_max_objects 1500\n"
13879
"olcDbConfig: set_lk_max_locks 1500\n"
13880
"olcDbConfig: set_lk_max_lockers 1500\n"
13881
"olcDbIndex: objectClass eq\n"
13882
"olcLastMod: TRUE\n"
13883
"olcDbCheckpoint: 512 30\n"
13884
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13885
"by anonymous auth by self write by * none\n"
13886
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13887
"olcAccess: to dn.base=\"\" by * read\n"
13888
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13889
msgstr ""
13890
13891
#: serverguide/C/network-auth.xml:741(para)
13892
msgid "And add the LDIF by entering:"
13893
msgstr ""
13894
13895
#: serverguide/C/network-auth.xml:752(para)
13896
msgid ""
13897
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13898
"listed above, and add it:"
13899
msgstr ""
13900
13901
#: serverguide/C/network-auth.xml:760(para)
13902
msgid ""
13903
"The two severs should now have the same configuration except for the "
13904
"<emphasis>Syncrepl</emphasis> options."
13905
msgstr ""
13906
13907
#: serverguide/C/network-auth.xml:768(para)
13908
msgid ""
13909
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13910
msgstr ""
13911
13912
#: serverguide/C/network-auth.xml:772(programlisting)
13913
#, no-wrap
13914
msgid ""
13915
"\n"
13916
"#Load the syncprov module.\n"
13917
"dn: cn=module{0},cn=config\n"
13918
"changetype: modify\n"
13919
"add: olcModuleLoad\n"
13920
"olcModuleLoad: syncprov\n"
13921
"\n"
13922
"# syncrepl specific indices\n"
13923
"dn: olcDatabase={1}hdb,cn=config\n"
13924
"changetype: modify\n"
13925
"add: olcDbIndex\n"
13926
"olcDbIndex: entryUUID eq\n"
13927
"-\n"
13928
"add: olcSyncRepl\n"
13929
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13930
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13931
" credentials=secret searchbase=\"dc=example,dc=com\" "
13932
"logbase=\"cn=accesslog\" \n"
13933
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13934
"schemachecking=on \n"
13935
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13936
"-\n"
13937
"add: olcUpdateRef\n"
13938
"olcUpdateRef: ldap://ldap01.example.com\n"
13939
msgstr ""
13940
13941
#: serverguide/C/network-auth.xml:795(para)
13942
msgid "You will probably want to change the following attributes:"
13943
msgstr ""
13944
13945
#: serverguide/C/network-auth.xml:800(para)
13946
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13947
msgstr ""
13948
13949
#: serverguide/C/network-auth.xml:801(emphasis)
13950
msgid "binddn"
13951
msgstr ""
13952
13953
#: serverguide/C/network-auth.xml:802(emphasis)
13954
msgid "credentials"
13955
msgstr ""
13956
13957
#: serverguide/C/network-auth.xml:803(emphasis)
13958
msgid "searchbase"
13959
msgstr ""
13960
13961
#: serverguide/C/network-auth.xml:804(emphasis)
13962
msgid "olcUpdateRef:"
13963
msgstr ""
13964
13965
#: serverguide/C/network-auth.xml:810(para)
13966
msgid "Add the LDIF file to the configuration tree:"
13967
msgstr ""
13968
13969
#: serverguide/C/network-auth.xml:815(command)
13970
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13971
msgstr ""
13972
13973
#: serverguide/C/network-auth.xml:821(para)
13974
msgid ""
13975
"The frontend database should now sync between servers. You can add "
13976
"additional servers using the steps above as the need arises."
13977
msgstr ""
13978
13979
#: serverguide/C/network-auth.xml:831(programlisting)
13980
#, no-wrap
13981
msgid "127.0.0.1\tldap01.example.com ldap01"
13982
msgstr "127.0.0.1\tldap01.example.com ldap01"
13983
13984
#: serverguide/C/network-auth.xml:827(para)
13985
msgid ""
13986
"The <application>slapd</application> daemon will send log information to "
13987
"<filename>/var/log/syslog</filename> by default. So if all does "
13988
"<emphasis>not</emphasis> go well check there for errors and other "
13989
"troubleshooting information. Also, be sure that each server knows it's Fully "
13990
"Qualified Domain Name (FQDN). This is configured in "
13991
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13992
msgstr ""
13993
13994
#: serverguide/C/network-auth.xml:839(title)
13995
msgid "Setting up ACL"
13996
msgstr ""
13997
13998
#: serverguide/C/network-auth.xml:841(para)
13999
msgid ""
14000
"Authentication requires access to the password field, that should be not "
14001
"accessible by default. Also, in order for users to change their own "
14002
"password, using <command>passwd</command> or other utilities, "
14003
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
14004
"authenticated."
14005
msgstr ""
14006
14007
#: serverguide/C/network-auth.xml:848(para)
14008
msgid ""
14009
"To view the Access Control List (ACL), use the "
14010
"<application>ldapsearch</application> utility:"
14011
msgstr ""
14012
14013
#: serverguide/C/network-auth.xml:853(command)
14014
msgid ""
14015
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
14016
"olcAccess"
14017
msgstr ""
14018
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
14019
"olcAccess"
14020
14021
#: serverguide/C/network-auth.xml:857(computeroutput)
14022
#, no-wrap
14023
msgid ""
14024
"Enter LDAP Password: \n"
14025
"dn: olcDatabase={1}hdb,cn=config\n"
14026
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
14027
"dn=\"cn=admin,dc=exampl\n"
14028
" e,dc=com\" write by anonymous auth by self write by * none\n"
14029
"olcAccess: {1}to dn.base=\"\" by * read\n"
14030
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
14031
msgstr ""
14032
14033
#: serverguide/C/network-auth.xml:869(title)
14034
msgid "TLS and SSL"
14035
msgstr "TLS і SSL"
14036
14037
#: serverguide/C/network-auth.xml:871(para)
14038
msgid ""
14039
"When authenticating to an OpenLDAP server it is best to do so using an "
14040
"encrypted session. This can be accomplished using Transport Layer Security "
14041
"(TLS) and/or Secure Sockets Layer (SSL)."
14042
msgstr ""
14043
14044
#: serverguide/C/network-auth.xml:876(para)
14045
msgid ""
14046
"The first step in the process is to obtain or create a "
14047
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
14048
"is compiled using the <application>gnutls</application> library, the "
14049
"<application>certtool</application> utility will be used to create "
14050
"certificates."
14051
msgstr ""
14052
14053
#: serverguide/C/network-auth.xml:885(para)
14054
msgid ""
14055
"First, install <application>gnutls-bin</application> by entering the "
14056
"following in a terminal:"
14057
msgstr ""
14058
14059
#: serverguide/C/network-auth.xml:890(command)
14060
msgid "sudo apt-get install gnutls-bin"
14061
msgstr ""
14062
14063
#: serverguide/C/network-auth.xml:896(para)
14064
msgid ""
14065
"Next, create a private key for the <emphasis>Certificate "
14066
"Authority</emphasis> (CA):"
14067
msgstr ""
14068
14069
#: serverguide/C/network-auth.xml:901(command)
14070
msgid ""
14071
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
14072
msgstr ""
14073
14074
#: serverguide/C/network-auth.xml:907(para)
14075
msgid ""
14076
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
14077
"CA certificate containing:"
14078
msgstr ""
14079
14080
#: serverguide/C/network-auth.xml:911(programlisting)
14081
#, no-wrap
14082
msgid ""
14083
"\n"
14084
"cn = Example Company\n"
14085
"ca\n"
14086
"cert_signing_key\n"
14087
msgstr ""
14088
14089
#: serverguide/C/network-auth.xml:920(para)
14090
msgid "Now create the self-signed CA certificate:"
14091
msgstr ""
14092
14093
#: serverguide/C/network-auth.xml:925(command)
14094
msgid ""
14095
"sudo certtool --generate-self-signed --load-privkey "
14096
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
14097
"/etc/ssl/certs/cacert.pem"
14098
msgstr ""
14099
14100
#: serverguide/C/network-auth.xml:932(para)
14101
msgid "Make a private key for the server:"
14102
msgstr ""
14103
14104
#: serverguide/C/network-auth.xml:937(command)
14105
msgid ""
14106
"sudo sh -c \"certtool --generate-privkey > "
14107
"/etc/ssl/private/ldap01_slapd_key.pem\""
14108
msgstr ""
14109
14110
#: serverguide/C/network-auth.xml:941(para)
14111
msgid ""
14112
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14113
"hostname. Naming the certificate and key for the host and service that will "
14114
"be using them will help keep filenames and paths straight."
14115
msgstr ""
14116
14117
#: serverguide/C/network-auth.xml:950(para)
14118
msgid ""
14119
"To sign the server's certificate with the CA, create the "
14120
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
14121
msgstr ""
14122
14123
#: serverguide/C/network-auth.xml:954(programlisting)
14124
#, no-wrap
14125
msgid ""
14126
"\n"
14127
"organization = Example Company\n"
14128
"cn = ldap01.example.com\n"
14129
"tls_www_server\n"
14130
"encryption_key\n"
14131
"signing_key\n"
14132
msgstr ""
14133
14134
#: serverguide/C/network-auth.xml:965(para)
14135
msgid "Create the server's certificate:"
14136
msgstr ""
14137
14138
#: serverguide/C/network-auth.xml:970(command)
14139
msgid ""
14140
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
14141
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
14142
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
14143
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
14144
msgstr ""
14145
14146
#: serverguide/C/network-auth.xml:978(para)
14147
msgid ""
14148
"Once you have a certificate, key, and CA cert installed, use "
14149
"<application>ldapmodify</application> to add the new configuration options:"
14150
msgstr ""
14151
14152
#: serverguide/C/network-auth.xml:989(userinput)
14153
#, no-wrap
14154
msgid ""
14155
"dn: cn=config\n"
14156
"add: olcTLSCACertificateFile\n"
14157
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14158
"-\n"
14159
"add: olcTLSCertificateFile\n"
14160
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
14161
"-\n"
14162
"add: olcTLSCertificateKeyFile\n"
14163
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
14164
msgstr ""
14165
14166
#: serverguide/C/network-auth.xml:988(computeroutput) serverguide/C/network-auth.xml:1159(computeroutput)
14167
#, no-wrap
14168
msgid ""
14169
"Enter LDAP Password:\n"
14170
"<placeholder-1/>\n"
14171
"\n"
14172
"modifying entry \"cn=config\"\n"
14173
msgstr ""
14174
14175
#: serverguide/C/network-auth.xml:1004(para)
14176
msgid ""
14177
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14178
"<filename>ldap01_slapd_key.pem</filename>, and "
14179
"<filename>cacert.pem</filename> names if yours are different."
14180
msgstr ""
14181
14182
#: serverguide/C/network-auth.xml:1010(para)
14183
msgid ""
14184
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
14185
"<emphasis>SLAPD_SERVICES</emphasis> option:"
14186
msgstr ""
14187
14188
#: serverguide/C/network-auth.xml:1014(programlisting)
14189
#, no-wrap
14190
msgid ""
14191
"\n"
14192
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14193
msgstr ""
14194
"\n"
14195
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14196
14197
#: serverguide/C/network-auth.xml:1018(para)
14198
msgid ""
14199
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
14200
msgstr ""
14201
14202
#: serverguide/C/network-auth.xml:1023(command)
14203
msgid "sudo adduser openldap ssl-cert"
14204
msgstr "sudo adduser openldap ssl-cert"
14205
14206
#: serverguide/C/network-auth.xml:1024(command)
14207
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14208
msgstr ""
14209
14210
#: serverguide/C/network-auth.xml:1025(command)
14211
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14212
msgstr ""
14213
14214
#: serverguide/C/network-auth.xml:1029(para)
14215
msgid ""
14216
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
14217
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
14218
"adjust the commands appropriately."
14219
msgstr ""
14220
14221
#: serverguide/C/network-auth.xml:1035(para)
14222
msgid "Finally, restart <application>slapd</application>:"
14223
msgstr ""
14224
14225
#: serverguide/C/network-auth.xml:1043(para)
14226
msgid ""
14227
"The <application>slapd</application> daemon should now be listening for "
14228
"LDAPS connections and be able to use STARTTLS during authentication."
14229
msgstr ""
14230
14231
#: serverguide/C/network-auth.xml:1049(para)
14232
msgid ""
14233
"If you run into troubles with the server not starting, check the "
14234
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
14235
"it is likely there is a configuration problem. Check that the certificate is "
14236
"signed by the authority from in the files configured, and that the ssl-cert "
14237
"group has read permissions on the private key."
14238
msgstr ""
14239
14240
#: serverguide/C/network-auth.xml:1061(title)
14241
msgid "TLS Replication"
14242
msgstr ""
14243
14244
#: serverguide/C/network-auth.xml:1063(para)
14245
msgid ""
14246
"If you have setup <application>Syncrepl</application> between servers, it is "
14247
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
14248
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
14249
"linkend=\"openldap-server-replication\"/>."
14250
msgstr ""
14251
14252
#: serverguide/C/network-auth.xml:1069(para)
14253
msgid ""
14254
"Assuming you have followed the above instructions and created a CA "
14255
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14256
"server. Follow the following instructions to create a certificate and key "
14257
"for the <emphasis>Consumer</emphasis> server."
14258
msgstr ""
14259
14260
#: serverguide/C/network-auth.xml:1078(para)
14261
msgid "Create a new key for the Consumer server:"
14262
msgstr ""
14263
14264
#: serverguide/C/network-auth.xml:1083(command)
14265
msgid "mkdir ldap02-ssl"
14266
msgstr ""
14267
14268
#: serverguide/C/network-auth.xml:1084(command)
14269
msgid "cd ldap02-ssl"
14270
msgstr ""
14271
14272
#: serverguide/C/network-auth.xml:1085(command)
14273
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14274
msgstr ""
14275
14276
#: serverguide/C/network-auth.xml:1089(para)
14277
msgid ""
14278
"Creating a new directory is not strictly necessary, but it will help keep "
14279
"things organized and make it easier to copy the files to the Consumer server."
14280
msgstr ""
14281
14282
#: serverguide/C/network-auth.xml:1098(para)
14283
msgid ""
14284
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14285
"server, changing the attributes to match your locality and server:"
14286
msgstr ""
14287
14288
#: serverguide/C/network-auth.xml:1103(programlisting)
14289
#, no-wrap
14290
msgid ""
14291
"\n"
14292
"country = US\n"
14293
"state = North Carolina\n"
14294
"locality = Winston-Salem\n"
14295
"organization = Example Company\n"
14296
"cn = ldap02.salem.edu\n"
14297
"tls_www_client\n"
14298
"encryption_key\n"
14299
"signing_key\n"
14300
msgstr ""
14301
14302
#: serverguide/C/network-auth.xml:1117(para)
14303
msgid "Create the certificate:"
14304
msgstr ""
14305
14306
#: serverguide/C/network-auth.xml:1122(command)
14307
msgid ""
14308
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14309
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14310
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14311
"ldap02_slapd_cert.pem"
14312
msgstr ""
14313
14314
#: serverguide/C/network-auth.xml:1130(para)
14315
msgid "Copy the <filename>cacert.pem</filename> to the dicretory:"
14316
msgstr ""
14317
14318
#: serverguide/C/network-auth.xml:1135(command)
14319
msgid "cp /etc/ssl/certs/cacert.pem ."
14320
msgstr ""
14321
14322
#: serverguide/C/network-auth.xml:1141(para)
14323
msgid ""
14324
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14325
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14326
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14327
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14328
"<filename>/etc/ssl/private</filename>."
14329
msgstr ""
14330
14331
#: serverguide/C/network-auth.xml:1150(para)
14332
msgid ""
14333
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14334
"by entering:"
14335
msgstr ""
14336
14337
#: serverguide/C/network-auth.xml:1160(userinput)
14338
#, no-wrap
14339
msgid ""
14340
"dn: cn=config\n"
14341
"add: olcTLSCACertificateFile\n"
14342
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14343
"-\n"
14344
"add: olcTLSCertificateFile\n"
14345
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14346
"-\n"
14347
"add: olcTLSCertificateKeyFile\n"
14348
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14349
msgstr ""
14350
14351
#: serverguide/C/network-auth.xml:1177(para)
14352
msgid ""
14353
"As with the Provider you can now edit "
14354
"<filename>/etc/default/slapd</filename> and add the "
14355
"<emphasis>ldaps:///</emphasis> parameter to the "
14356
"<emphasis>SLAPD_SERVICES</emphasis> option."
14357
msgstr ""
14358
14359
#: serverguide/C/network-auth.xml:1185(para)
14360
msgid ""
14361
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14362
"modify the <emphasis>Consumer</emphasis> server's "
14363
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14364
msgstr ""
14365
14366
#: serverguide/C/network-auth.xml:1198(userinput)
14367
#, no-wrap
14368
msgid ""
14369
"\n"
14370
"dn: olcDatabase={1}hdb,cn=config\n"
14371
"replace: olcSyncrepl\n"
14372
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14373
"binddn=\"cn=ad\n"
14374
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14375
"logbas\n"
14376
" e=\"cn=accesslog\" "
14377
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14378
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14379
"starttls=yes"
14380
msgstr ""
14381
14382
#: serverguide/C/network-auth.xml:1195(computeroutput)
14383
#, no-wrap
14384
msgid ""
14385
"SASL/EXTERNAL authentication started\n"
14386
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14387
"SASL SSF: 0\n"
14388
"<placeholder-1/>\n"
14389
"\n"
14390
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14391
msgstr ""
14392
14393
#: serverguide/C/network-auth.xml:1210(para)
14394
msgid ""
14395
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14396
"(FQDN) in the certificate, you may have to edit "
14397
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14398
msgstr ""
14399
14400
#: serverguide/C/network-auth.xml:1215(programlisting)
14401
#, no-wrap
14402
msgid ""
14403
"\n"
14404
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14405
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14406
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14407
msgstr ""
14408
14409
#: serverguide/C/network-auth.xml:1222(para)
14410
msgid ""
14411
"Finally, restart <application>slapd</application> on each of the servers:"
14412
msgstr ""
14413
14414
#: serverguide/C/network-auth.xml:1235(title)
14415
msgid "LDAP Authentication"
14416
msgstr ""
14417
14418
#: serverguide/C/network-auth.xml:1237(para)
14419
msgid ""
14420
"Once you have a working LDAP server, the <application>auth-client-"
14421
"config</application> and <application>libnss-ldap</application> packages "
14422
"take the pain out of configuring an Ubuntu client to authenticate using "
14423
"LDAP. To install the packages from, a terminal prompt enter:"
14424
msgstr ""
14425
14426
#: serverguide/C/network-auth.xml:1244(command)
14427
msgid "sudo apt-get install libnss-ldap"
14428
msgstr "sudo apt-get install libnss-ldap"
14429
14430
#: serverguide/C/network-auth.xml:1247(para)
14431
msgid ""
14432
"During the install a menu dialog will ask you connection details about your "
14433
"LDAP server."
14434
msgstr ""
14435
14436
#: serverguide/C/network-auth.xml:1251(para)
14437
msgid ""
14438
"If you make a mistake when entering your information you can execute the "
14439
"dialog again using:"
14440
msgstr ""
14441
14442
#: serverguide/C/network-auth.xml:1256(command)
14443
msgid "sudo dpkg-reconfigure ldap-auth-config"
14444
msgstr "sudo dpkg-reconfigure ldap-auth-config"
14445
14446
#: serverguide/C/network-auth.xml:1259(para)
14447
msgid ""
14448
"The results of the dialog can be seen in "
14449
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14450
"covered in the menu edit this file accordingly."
14451
msgstr ""
14452
14453
#: serverguide/C/network-auth.xml:1264(para)
14454
msgid ""
14455
"Now that <application>libnss-ldap</application> is configured enable the "
14456
"<application>auth-client-config</application> LDAP profile by entering:"
14457
msgstr ""
14458
14459
#: serverguide/C/network-auth.xml:1270(command)
14460
msgid "sudo auth-client-config -t nss -p lac_ldap"
14461
msgstr "sudo auth-client-config -t nss -p lac_ldap"
14462
14463
#: serverguide/C/network-auth.xml:1275(para)
14464
msgid ""
14465
"<emphasis>-t:</emphasis> only modifies "
14466
"<filename>/etc/nsswitch.conf</filename>."
14467
msgstr ""
14468
14469
#: serverguide/C/network-auth.xml:1280(para)
14470
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14471
msgstr ""
14472
14473
#: serverguide/C/network-auth.xml:1285(para)
14474
msgid ""
14475
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14476
"config</application> profile that is part of the <application>ldap-auth-"
14477
"config</application> package."
14478
msgstr ""
14479
14480
#: serverguide/C/network-auth.xml:1292(para)
14481
msgid ""
14482
"Using the <application>pam-auth-update</application> utility, configure the "
14483
"system to use LDAP for authentication:"
14484
msgstr ""
14485
14486
#: serverguide/C/network-auth.xml:1297(command)
14487
msgid "sudo pam-auth-update"
14488
msgstr ""
14489
14490
#: serverguide/C/network-auth.xml:1300(para)
14491
msgid ""
14492
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14493
"any other authentication mechanisms you need."
14494
msgstr ""
14495
14496
#: serverguide/C/network-auth.xml:1304(para)
14497
msgid ""
14498
"You should now be able to login using user credentials stored in the LDAP "
14499
"directory."
14500
msgstr ""
14501
14502
#: serverguide/C/network-auth.xml:1309(para)
14503
msgid ""
14504
"If you are going to use LDAP to store Samba users you will need to configure "
14505
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14506
"for details."
14507
msgstr ""
14508
14509
#: serverguide/C/network-auth.xml:1317(title)
14510
msgid "User and Group Management"
14511
msgstr ""
14512
14513
#: serverguide/C/network-auth.xml:1319(para)
14514
msgid ""
14515
"The <application>ldap-utils</application> package comes with multiple "
14516
"utilities to manage the directory, but the long string of options needed, "
14517
"can make them a burden to use. The <application>ldapscripts</application> "
14518
"package contains configurable scripts to easily manage LDAP users and groups."
14519
msgstr ""
14520
14521
#: serverguide/C/network-auth.xml:1325(para)
14522
msgid "To install the package, from a terminal enter:"
14523
msgstr "Каб устанавіць пакет, увядзіце ў тэрмінале:"
14524
14525
#: serverguide/C/network-auth.xml:1330(command)
14526
msgid "sudo apt-get install ldapscripts"
14527
msgstr "sudo apt-get install ldapscripts"
14528
14529
#: serverguide/C/network-auth.xml:1333(para)
14530
msgid ""
14531
"Next, edit the config file "
14532
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14533
"changing the following to match your environment:"
14534
msgstr ""
14535
14536
#: serverguide/C/network-auth.xml:1338(programlisting)
14537
#, no-wrap
14538
msgid ""
14539
"\n"
14540
"SERVER=localhost\n"
14541
"BINDDN='cn=admin,dc=example,dc=com'\n"
14542
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14543
"SUFFIX='dc=example,dc=com'\n"
14544
"GSUFFIX='ou=Groups'\n"
14545
"USUFFIX='ou=People'\n"
14546
"MSUFFIX='ou=Computers'\n"
14547
"GIDSTART=10000\n"
14548
"UIDSTART=10000\n"
14549
"MIDSTART=10000\n"
14550
msgstr ""
14551
"\n"
14552
"SERVER=localhost\n"
14553
"BINDDN='cn=admin,dc=example,dc=com'\n"
14554
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14555
"SUFFIX='dc=example,dc=com'\n"
14556
"GSUFFIX='ou=Groups'\n"
14557
"USUFFIX='ou=People'\n"
14558
"MSUFFIX='ou=Computers'\n"
14559
"GIDSTART=10000\n"
14560
"UIDSTART=10000\n"
14561
"MIDSTART=10000\n"
14562
14563
#: serverguide/C/network-auth.xml:1351(para)
14564
msgid ""
14565
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14566
"authenticated access to the directory:"
14567
msgstr ""
14568
14569
#: serverguide/C/network-auth.xml:1356(command)
14570
msgid ""
14571
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14572
msgstr ""
14573
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14574
14575
#: serverguide/C/network-auth.xml:1357(command)
14576
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14577
msgstr "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14578
14579
#: serverguide/C/network-auth.xml:1361(para)
14580
msgid ""
14581
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14582
"user."
14583
msgstr ""
14584
14585
#: serverguide/C/network-auth.xml:1366(para)
14586
msgid ""
14587
"The <application>ldapscripts</application> are now ready to help manage your "
14588
"directory. The following are some examples of how to use the scripts:"
14589
msgstr ""
14590
14591
#: serverguide/C/network-auth.xml:1373(para)
14592
msgid "Create a new user:"
14593
msgstr "Стварыць новага карыстальніка:"
14594
14595
#: serverguide/C/network-auth.xml:1377(command)
14596
msgid "sudo ldapadduser george example"
14597
msgstr "sudo ldapadduser george example"
14598
14599
#: serverguide/C/network-auth.xml:1379(para)
14600
msgid ""
14601
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14602
"and set the user's primary group (gid) to <emphasis "
14603
"role=\"italic\">example</emphasis>"
14604
msgstr ""
14605
14606
#: serverguide/C/network-auth.xml:1385(para)
14607
msgid "Change a user's password:"
14608
msgstr "Зьмяніць пароль карыстальніка:"
14609
14610
#: serverguide/C/network-auth.xml:1389(command)
14611
msgid "sudo ldapsetpasswd george"
14612
msgstr "sudo ldapsetpasswd george"
14613
14614
#: serverguide/C/network-auth.xml:1390(computeroutput)
14615
#, no-wrap
14616
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14617
msgstr ""
14618
14619
#: serverguide/C/network-auth.xml:1391(userinput)
14620
#, no-wrap
14621
msgid "New Password: "
14622
msgstr "Новы пароль: "
14623
14624
#: serverguide/C/network-auth.xml:1392(userinput)
14625
#, no-wrap
14626
msgid "New Password (verify): "
14627
msgstr ""
14628
14629
#: serverguide/C/network-auth.xml:1396(para)
14630
msgid "Delete a user:"
14631
msgstr "Выдаліць карыстальніка:"
14632
14633
#: serverguide/C/network-auth.xml:1400(command)
14634
msgid "sudo ldapdeleteuser george"
14635
msgstr "sudo ldapdeleteuser george"
14636
14637
#: serverguide/C/network-auth.xml:1405(para)
14638
msgid "Add a group:"
14639
msgstr "Дадаць групу:"
14640
14641
#: serverguide/C/network-auth.xml:1409(command)
14642
msgid "sudo ldapaddgroup qa"
14643
msgstr "sudo ldapaddgroup qa"
14644
14645
#: serverguide/C/network-auth.xml:1413(para)
14646
msgid "Delete a group:"
14647
msgstr "Выдаліць групу:"
14648
14649
#: serverguide/C/network-auth.xml:1417(command)
14650
msgid "sudo ldapdeletegroup qa"
14651
msgstr "sudo ldapdeletegroup qa"
14652
14653
#: serverguide/C/network-auth.xml:1421(para)
14654
msgid "Add a user to a group:"
14655
msgstr "Дадаць карыстальніка ў групу:"
14656
14657
#: serverguide/C/network-auth.xml:1425(command)
14658
msgid "sudo ldapaddusertogroup george qa"
14659
msgstr "sudo ldapaddusertogroup george qa"
14660
14661
#: serverguide/C/network-auth.xml:1427(para)
14662
msgid ""
14663
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14664
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14665
"role=\"italic\">george</emphasis>."
14666
msgstr ""
14667
14668
#: serverguide/C/network-auth.xml:1433(para)
14669
msgid "Remove a user from a group:"
14670
msgstr "Выдаліць карыстальніка з групы:"
14671
14672
#: serverguide/C/network-auth.xml:1437(command)
14673
msgid "sudo ldapdeleteuserfromgroup george qa"
14674
msgstr "sudo ldapdeleteuserfromgroup george qa"
14675
14676
#: serverguide/C/network-auth.xml:1439(para)
14677
msgid ""
14678
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14679
"<emphasis role=\"italic\">qa</emphasis> group."
14680
msgstr ""
14681
14682
#: serverguide/C/network-auth.xml:1445(para)
14683
msgid ""
14684
"The <application>ldapmodifyuser</application> script allows you to add, "
14685
"remove, or replace a user's attributes. The script uses the same syntax as "
14686
"the <application>ldapmodify</application> utility. For example:"
14687
msgstr ""
14688
14689
#: serverguide/C/network-auth.xml:1450(command)
14690
msgid "sudo ldapmodifyuser george"
14691
msgstr "sudo ldapmodifyuser george"
14692
14693
#: serverguide/C/network-auth.xml:1451(computeroutput)
14694
#, no-wrap
14695
msgid ""
14696
"# About to modify the following entry :\n"
14697
"dn: uid=george,ou=People,dc=example,dc=com\n"
14698
"objectClass: account\n"
14699
"objectClass: posixAccount\n"
14700
"cn: george\n"
14701
"uid: george\n"
14702
"uidNumber: 1001\n"
14703
"gidNumber: 1001\n"
14704
"homeDirectory: /home/george\n"
14705
"loginShell: /bin/bash\n"
14706
"gecos: george\n"
14707
"description: User account\n"
14708
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14709
"\n"
14710
"# Enter your modifications here, end with CTRL-D.\n"
14711
"dn: uid=george,ou=People,dc=example,dc=com"
14712
msgstr ""
14713
14714
#: serverguide/C/network-auth.xml:1467(userinput)
14715
#, no-wrap
14716
msgid ""
14717
"replace: gecos\n"
14718
"gecos: George Carlin"
14719
msgstr ""
14720
14721
#: serverguide/C/network-auth.xml:1470(para)
14722
msgid ""
14723
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14724
"Carlin</quote>."
14725
msgstr ""
14726
14727
#: serverguide/C/network-auth.xml:1475(para)
14728
msgid ""
14729
"Another great feature of <application>ldapscripts</application>, is the "
14730
"template system. Templates allow you to customize the attributes of user, "
14731
"group, and machine objectes. For example, to enable the "
14732
"<emphasis>user</emphasis> template edit "
14733
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
14734
msgstr ""
14735
14736
#: serverguide/C/network-auth.xml:1482(programlisting)
14737
#, no-wrap
14738
msgid ""
14739
"\n"
14740
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14741
msgstr ""
14742
"\n"
14743
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14744
14745
#: serverguide/C/network-auth.xml:1486(para)
14746
msgid ""
14747
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14748
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14749
"<filename>ldapadduser.template.sample</filename> file to "
14750
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14751
msgstr ""
14752
14753
#: serverguide/C/network-auth.xml:1493(command)
14754
msgid ""
14755
"sudo cp /etc/ldapscripts/ldapadduser.template.sample "
14756
"/etc/ldapscripts/ldapadduser.template"
14757
msgstr ""
14758
"sudo cp /etc/ldapscripts/ldapadduser.template.sample "
14759
"/etc/ldapscripts/ldapadduser.template"
14760
14761
#: serverguide/C/network-auth.xml:1496(para)
14762
msgid ""
14763
"Edit the new template to add the desired attributes. The following will "
14764
"create new user's as with an <emphasis>objectClass</emphasis> of "
14765
"<emphasis>inetOrgPerson</emphasis>:"
14766
msgstr ""
14767
14768
#: serverguide/C/network-auth.xml:1501(programlisting)
14769
#, no-wrap
14770
msgid ""
14771
"\n"
14772
"dn: uid=<user>,<usuffix>,<suffix>\n"
14773
"objectClass: inetOrgPerson\n"
14774
"objectClass: posixAccount\n"
14775
"cn: <user>\n"
14776
"sn: <ask>\n"
14777
"uid: <user>\n"
14778
"uidNumber: <uid>\n"
14779
"gidNumber: <gid>\n"
14780
"homeDirectory: <home>\n"
14781
"loginShell: <shell>\n"
14782
"gecos: <user>\n"
14783
"description: User account\n"
14784
"title: Employee\n"
14785
msgstr ""
14786
"\n"
14787
"dn: uid=<user>,<usuffix>,<suffix>\n"
14788
"objectClass: inetOrgPerson\n"
14789
"objectClass: posixAccount\n"
14790
"cn: <user>\n"
14791
"sn: <ask>\n"
14792
"uid: <user>\n"
14793
"uidNumber: <uid>\n"
14794
"gidNumber: <gid>\n"
14795
"homeDirectory: <home>\n"
14796
"loginShell: <shell>\n"
14797
"gecos: <user>\n"
14798
"description: User account\n"
14799
"title: Employee\n"
14800
14801
#: serverguide/C/network-auth.xml:1517(para)
14802
msgid ""
14803
"Notice the <emphasis><ask></emphasis> option used for the "
14804
"<emphasis>cn</emphasis> value. Using <ask> will configure "
14805
"<application>ldapadduser</application> to prompt you for the attribute value "
14806
"during user creation."
14807
msgstr ""
14808
14809
#: serverguide/C/network-auth.xml:1525(para)
14810
msgid ""
14811
"There are more useful scripts in the package, to see a full list enter: "
14812
"<command>dpkg -L ldapscripts | grep bin</command>"
14813
msgstr ""
14814
14815
#: serverguide/C/network-auth.xml:1534(para)
14816
msgid ""
14817
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14818
"Ubuntu Wiki</ulink> page has more details."
14819
msgstr ""
14820
14821
#: serverguide/C/network-auth.xml:1539(para)
14822
msgid ""
14823
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14824
"Home Page</ulink>"
14825
msgstr ""
14826
14827
#: serverguide/C/network-auth.xml:1544(para)
14828
msgid ""
14829
"Though starting to show it's age, a great source for in depth LDAP "
14830
"information is O'Reilly's <ulink "
14831
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14832
"Administration</ulink>"
14833
msgstr ""
14834
14835
#: serverguide/C/network-auth.xml:1550(para)
14836
msgid ""
14837
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14838
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14839
"newer versions of OpenLDAP."
14840
msgstr ""
14841
14842
#: serverguide/C/network-auth.xml:1556(para)
14843
msgid ""
14844
"For more information on <application>auth-client-config</application> see "
14845
"the man page: <command>man auth-client-config</command>."
14846
msgstr ""
14847
14848
#: serverguide/C/network-auth.xml:1561(para)
14849
msgid ""
14850
"For more details regarding the <application>ldapscripts</application> "
14851
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14852
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14853
msgstr ""
14854
14855
#: serverguide/C/network-auth.xml:1571(title)
14856
msgid "Samba and LDAP"
14857
msgstr "Samba і LDAP"
14858
14859
#: serverguide/C/network-auth.xml:1573(para)
14860
msgid ""
14861
"This section covers configuring Samba to use LDAP for user, group, and "
14862
"machine account information and authentication. The assumption is, you "
14863
"already have a working OpenLDAP directory installed and the server is "
14864
"configured to use it for authentication. See <xref linkend=\"openldap-"
14865
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14866
"setting up OpenLDAP. For more information on installing and configuring "
14867
"Samba see <xref linkend=\"windows-networking\"/>."
14868
msgstr ""
14869
14870
#: serverguide/C/network-auth.xml:1583(para)
14871
msgid ""
14872
"There are three packages needed when integrating Samba with LDAP. "
14873
"<application>samba</application>, <application>samba-doc</application>, and "
14874
"<application>smbldap-tools</application> packages . To install the packages, "
14875
"from a terminal enter:"
14876
msgstr ""
14877
14878
#: serverguide/C/network-auth.xml:1589(command)
14879
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14880
msgstr "sudo apt-get install samba samba-doc smbldap-tools"
14881
14882
#: serverguide/C/network-auth.xml:1592(para)
14883
msgid ""
14884
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14885
"needed, but unless you have another package or custom scripts, a method of "
14886
"managing users, groups, and computer accounts is needed."
14887
msgstr ""
14888
14889
#: serverguide/C/network-auth.xml:1599(title)
14890
msgid "OpenLDAP Configuration"
14891
msgstr "Наладкі OpenLDAP"
14892
14893
#: serverguide/C/network-auth.xml:1601(para)
14894
msgid ""
14895
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14896
"the user objects in the directory will need additional attributes. This "
14897
"section assumes you want Samba to be configured as a Windows NT domain "
14898
"controller, and will add the necessary LDAP objects and attributes."
14899
msgstr ""
14900
14901
#: serverguide/C/network-auth.xml:1609(para)
14902
msgid ""
14903
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14904
"file which is part of the <application>samba-doc</application> package. The "
14905
"schema file needs to be unzipped and copied to "
14906
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14907
msgstr ""
14908
14909
#: serverguide/C/network-auth.xml:1616(command)
14910
msgid ""
14911
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14912
"/etc/ldap/schema/"
14913
msgstr ""
14914
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14915
"/etc/ldap/schema/"
14916
14917
#: serverguide/C/network-auth.xml:1617(command)
14918
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14919
msgstr "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14920
14921
#: serverguide/C/network-auth.xml:1623(para)
14922
msgid ""
14923
"The <emphasis>samba</emphasis> schema needs to be added to the "
14924
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14925
"<application>slapd</application> is also detailed in <xref "
14926
"linkend=\"openldap-configuration\"/>."
14927
msgstr ""
14928
14929
#: serverguide/C/network-auth.xml:1631(para) serverguide/C/network-auth.xml:2666(para)
14930
msgid ""
14931
"First, create a configuration file named "
14932
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14933
"containing the following lines:"
14934
msgstr ""
14935
14936
#: serverguide/C/network-auth.xml:1636(programlisting)
14937
#, no-wrap
14938
msgid ""
14939
"\n"
14940
"include /etc/ldap/schema/core.schema\n"
14941
"include /etc/ldap/schema/collective.schema\n"
14942
"include /etc/ldap/schema/corba.schema\n"
14943
"include /etc/ldap/schema/cosine.schema\n"
14944
"include /etc/ldap/schema/duaconf.schema\n"
14945
"include /etc/ldap/schema/dyngroup.schema\n"
14946
"include /etc/ldap/schema/inetorgperson.schema\n"
14947
"include /etc/ldap/schema/java.schema\n"
14948
"include /etc/ldap/schema/misc.schema\n"
14949
"include /etc/ldap/schema/nis.schema\n"
14950
"include /etc/ldap/schema/openldap.schema\n"
14951
"include /etc/ldap/schema/ppolicy.schema\n"
14952
"include /etc/ldap/schema/samba.schema\n"
14953
msgstr ""
14954
14955
#: serverguide/C/network-auth.xml:1666(para) serverguide/C/network-auth.xml:2701(para)
14956
msgid ""
14957
"Now use <application>slapcat</application> to convert the schema files:"
14958
msgstr ""
14959
14960
#: serverguide/C/network-auth.xml:1671(command)
14961
msgid ""
14962
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14963
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14964
msgstr ""
14965
14966
#: serverguide/C/network-auth.xml:1674(para) serverguide/C/network-auth.xml:2709(para)
14967
msgid ""
14968
"Change the above file and path names to match your own if they are different."
14969
msgstr ""
14970
14971
#: serverguide/C/network-auth.xml:1681(para)
14972
msgid ""
14973
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14974
"the following attributes:"
14975
msgstr ""
14976
14977
#: serverguide/C/network-auth.xml:1685(programlisting)
14978
#, no-wrap
14979
msgid ""
14980
"\n"
14981
"dn: cn=samba,cn=schema,cn=config\n"
14982
"...\n"
14983
"cn: samba\n"
14984
msgstr ""
14985
"\n"
14986
"dn: cn=samba,cn=schema,cn=config\n"
14987
"...\n"
14988
"cn: samba\n"
14989
14990
#: serverguide/C/network-auth.xml:1695(programlisting)
14991
#, no-wrap
14992
msgid ""
14993
"\n"
14994
"structuralObjectClass: olcSchemaConfig\n"
14995
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
14996
"creatorsName: cn=config\n"
14997
"createTimestamp: 20080827045234Z\n"
14998
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
14999
"modifiersName: cn=config\n"
15000
"modifyTimestamp: 20080827045234Z\n"
15001
msgstr ""
15002
"\n"
15003
"structuralObjectClass: olcSchemaConfig\n"
15004
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
15005
"creatorsName: cn=config\n"
15006
"createTimestamp: 20080827045234Z\n"
15007
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
15008
"modifiersName: cn=config\n"
15009
"modifyTimestamp: 20080827045234Z\n"
15010
15011
#: serverguide/C/network-auth.xml:1720(command)
15012
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
15013
msgstr ""
15014
15015
#: serverguide/C/network-auth.xml:1726(para)
15016
msgid ""
15017
"There should now be a <emphasis>dn: "
15018
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
15019
"sequential schema, entry in the cn=config tree."
15020
msgstr ""
15021
15022
#: serverguide/C/network-auth.xml:1734(para)
15023
msgid ""
15024
"Copy and paste the following into a file named "
15025
"<filename>samba_indexes.ldif</filename>:"
15026
msgstr ""
15027
15028
#: serverguide/C/network-auth.xml:1738(programlisting)
15029
#, no-wrap
15030
msgid ""
15031
"\n"
15032
"dn: olcDatabase={1}hdb,cn=config\n"
15033
"changetype: modify\n"
15034
"add: olcDbIndex\n"
15035
"olcDbIndex: uidNumber eq\n"
15036
"olcDbIndex: gidNumber eq\n"
15037
"olcDbIndex: loginShell eq\n"
15038
"olcDbIndex: uid eq,pres,sub\n"
15039
"olcDbIndex: memberUid eq,pres,sub\n"
15040
"olcDbIndex: uniqueMember eq,pres\n"
15041
"olcDbIndex: sambaSID eq\n"
15042
"olcDbIndex: sambaPrimaryGroupSID eq\n"
15043
"olcDbIndex: sambaGroupType eq\n"
15044
"olcDbIndex: sambaSIDList eq\n"
15045
"olcDbIndex: sambaDomainName eq\n"
15046
"olcDbIndex: default sub\n"
15047
msgstr ""
15048
"\n"
15049
"dn: olcDatabase={1}hdb,cn=config\n"
15050
"changetype: modify\n"
15051
"add: olcDbIndex\n"
15052
"olcDbIndex: uidNumber eq\n"
15053
"olcDbIndex: gidNumber eq\n"
15054
"olcDbIndex: loginShell eq\n"
15055
"olcDbIndex: uid eq,pres,sub\n"
15056
"olcDbIndex: memberUid eq,pres,sub\n"
15057
"olcDbIndex: uniqueMember eq,pres\n"
15058
"olcDbIndex: sambaSID eq\n"
15059
"olcDbIndex: sambaPrimaryGroupSID eq\n"
15060
"olcDbIndex: sambaGroupType eq\n"
15061
"olcDbIndex: sambaSIDList eq\n"
15062
"olcDbIndex: sambaDomainName eq\n"
15063
"olcDbIndex: default sub\n"
15064
15065
#: serverguide/C/network-auth.xml:1756(para)
15066
msgid ""
15067
"Using the <application>ldapmodify</application> utility load the new indexes:"
15068
msgstr ""
15069
15070
#: serverguide/C/network-auth.xml:1761(command)
15071
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
15072
msgstr "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
15073
15074
#: serverguide/C/network-auth.xml:1763(para)
15075
msgid ""
15076
"If all went well you should see the new indexes using "
15077
"<application>ldapsearch</application>:"
15078
msgstr ""
15079
15080
#: serverguide/C/network-auth.xml:1768(command)
15081
msgid ""
15082
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
15083
msgstr ""
15084
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
15085
15086
#: serverguide/C/network-auth.xml:1774(para)
15087
msgid ""
15088
"Next, configure the <application>smbldap-tools</application> package to "
15089
"match your environment. The package comes with a configuration script that "
15090
"will ask questions about the needed options. To run the script enter:"
15091
msgstr ""
15092
15093
#: serverguide/C/network-auth.xml:1780(command)
15094
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
15095
msgstr "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
15096
15097
#: serverguide/C/network-auth.xml:1781(command)
15098
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
15099
msgstr "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
15100
15101
#: serverguide/C/network-auth.xml:1784(para)
15102
msgid ""
15103
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
15104
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
15105
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
15106
"configure script, so if you made any mistakes while executing the script it "
15107
"may be simpler to edit the file appropriately."
15108
msgstr ""
15109
15110
#: serverguide/C/network-auth.xml:1794(para)
15111
msgid ""
15112
"The <application>smbldap-populate</application> script will add the "
15113
"necessary users, groups, and LDAP objects required for Samba. It is a good "
15114
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
15115
"<application>slapcat</application> before executing the command:"
15116
msgstr ""
15117
15118
#: serverguide/C/network-auth.xml:1801(command)
15119
msgid "sudo slapcat -l backup.ldif"
15120
msgstr "sudo slapcat -l backup.ldif"
15121
15122
#: serverguide/C/network-auth.xml:1807(para)
15123
msgid ""
15124
"Once you have a current backup execute <application>smbldap-"
15125
"populate</application> by entering:"
15126
msgstr ""
15127
15128
#: serverguide/C/network-auth.xml:1812(command)
15129
msgid "sudo smbldap-populate"
15130
msgstr "sudo smbldap-populate"
15131
15132
#: serverguide/C/network-auth.xml:1816(para)
15133
msgid ""
15134
"You can create an LDIF file containing the new Samba objects by executing "
15135
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
15136
"look over the changes making sure everything is correct."
15137
msgstr ""
15138
15139
#: serverguide/C/network-auth.xml:1824(para)
15140
msgid ""
15141
"Your LDAP directory now has the necessary domain information to authenticate "
15142
"Samba users."
15143
msgstr ""
15144
15145
#: serverguide/C/network-auth.xml:1830(title)
15146
msgid "Samba Configuration"
15147
msgstr "Наладкі Samba"
15148
15149
#: serverguide/C/network-auth.xml:1832(para)
15150
msgid ""
15151
"There a multiple ways to configure Samba for details on some common "
15152
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
15153
"Samba to use LDAP, edit the main Samba configuration file "
15154
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
15155
"backend</emphasis> option and adding the following:"
15156
msgstr ""
15157
15158
#: serverguide/C/network-auth.xml:1838(programlisting)
15159
#, no-wrap
15160
msgid ""
15161
"\n"
15162
"# passdb backend = tdbsam\n"
15163
"\n"
15164
"# LDAP Settings\n"
15165
" passdb backend = ldapsam:ldap://hostname\n"
15166
" ldap suffix = dc=example,dc=com\n"
15167
" ldap user suffix = ou=People\n"
15168
" ldap group suffix = ou=Groups\n"
15169
" ldap machine suffix = ou=Computers\n"
15170
" ldap idmap suffix = ou=Idmap\n"
15171
" ldap admin dn = cn=admin,dc=example,dc=com\n"
15172
" ldap ssl = start tls\n"
15173
" ldap passwd sync = yes\n"
15174
"...\n"
15175
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
15176
msgstr ""
15177
"\n"
15178
"# passdb backend = tdbsam\n"
15179
"\n"
15180
"# LDAP Наладкі\n"
15181
" passdb backend = ldapsam:ldap://hostname\n"
15182
" ldap suffix = dc=example,dc=com\n"
15183
" ldap user suffix = ou=People\n"
15184
" ldap group suffix = ou=Groups\n"
15185
" ldap machine suffix = ou=Computers\n"
15186
" ldap idmap suffix = ou=Idmap\n"
15187
" ldap admin dn = cn=admin,dc=example,dc=com\n"
15188
" ldap ssl = start tls\n"
15189
" ldap passwd sync = yes\n"
15190
"...\n"
15191
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
15192
15193
#: serverguide/C/network-auth.xml:1855(para)
15194
msgid "Restart <application>samba</application> to enable the new settings:"
15195
msgstr ""
15196
15197
#: serverguide/C/network-auth.xml:1863(para)
15198
msgid ""
15199
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
15200
"enter:"
15201
msgstr ""
15202
15203
#: serverguide/C/network-auth.xml:1868(command)
15204
msgid "sudo smbpasswd -w secret"
15205
msgstr "sudo smbpasswd -w secret"
15206
15207
#: serverguide/C/network-auth.xml:1872(para)
15208
msgid ""
15209
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
15210
"password."
15211
msgstr ""
15212
15213
#: serverguide/C/network-auth.xml:1877(para)
15214
msgid ""
15215
"If you currently have users in LDAP, and you want them to authenticate using "
15216
"Samba, they will need some Samba attributes defined in the "
15217
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
15218
"users using the <application>smbpasswd</application> utility, replacing "
15219
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
15220
msgstr ""
15221
15222
#: serverguide/C/network-auth.xml:1885(command)
15223
msgid "sudo smbpasswd -a username"
15224
msgstr "sudo smbpasswd -a username"
15225
15226
#: serverguide/C/network-auth.xml:1888(para)
15227
msgid "You will then be asked to enter the user's password."
15228
msgstr ""
15229
15230
#: serverguide/C/network-auth.xml:1892(para)
15231
msgid ""
15232
"To add new user, group, and machine accounts use the utilities from the "
15233
"<application>smbldap-tools</application> package. Here are some examples:"
15234
msgstr ""
15235
15236
#: serverguide/C/network-auth.xml:1899(para)
15237
msgid ""
15238
"To add a new user to LDAP with Samba attributes enter the following, "
15239
"replacing username with an actual username:"
15240
msgstr ""
15241
15242
#: serverguide/C/network-auth.xml:1903(command)
15243
msgid "sudo smbldap-useradd -a -P username"
15244
msgstr ""
15245
15246
#: serverguide/C/network-auth.xml:1905(para)
15247
msgid ""
15248
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
15249
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
15250
"passwd</application> utility after the user is created allowing you to enter "
15251
"a password for the user."
15252
msgstr ""
15253
15254
#: serverguide/C/network-auth.xml:1911(para)
15255
msgid "To remove a user from the directory enter:"
15256
msgstr "Каб выдаліць карыстальніка з дырэкторыі, увядзіце:"
15257
15258
#: serverguide/C/network-auth.xml:1915(command)
15259
msgid "sudo smbldap-userdel username"
15260
msgstr "sudo smbldap-userdel username"
15261
15262
#: serverguide/C/network-auth.xml:1917(para)
15263
msgid ""
15264
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
15265
"r</emphasis> option to remove the user's home directory."
15266
msgstr ""
15267
15268
#: serverguide/C/network-auth.xml:1922(para)
15269
msgid ""
15270
"Use <application>smbldap-groupadd</application> to add a group, replacing "
15271
"groupname with an appropriate group:"
15272
msgstr ""
15273
15274
#: serverguide/C/network-auth.xml:1926(command)
15275
msgid "sudo smbldap-groupadd -a groupname"
15276
msgstr "sudo smbldap-groupadd -a groupname"
15277
15278
#: serverguide/C/network-auth.xml:1928(para)
15279
msgid ""
15280
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
15281
"a</emphasis> adds the Samba attributes."
15282
msgstr ""
15283
15284
#: serverguide/C/network-auth.xml:1933(para)
15285
msgid ""
15286
"To add a user to a group use <application>smbldap-groupmod</application>:"
15287
msgstr ""
15288
15289
#: serverguide/C/network-auth.xml:1937(command)
15290
msgid "sudo smbldap-groupmod -m username groupname"
15291
msgstr "sudo smbldap-groupmod -m username groupname"
15292
15293
#: serverguide/C/network-auth.xml:1939(para)
15294
msgid ""
15295
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
15296
"<emphasis>-m</emphasis> option can add more than one user at a time by "
15297
"listing them in <emphasis>comma separated</emphasis> format."
15298
msgstr ""
15299
15300
#: serverguide/C/network-auth.xml:1945(para)
15301
msgid ""
15302
"<application>smbldap-groupmod</application> can also be used to remove a "
15303
"user from a group:"
15304
msgstr ""
15305
15306
#: serverguide/C/network-auth.xml:1949(command)
15307
msgid "sudo smbldap-groupmod -x username groupname"
15308
msgstr "sudo smbldap-groupmod -x username groupname"
15309
15310
#: serverguide/C/network-auth.xml:1953(para)
15311
msgid ""
15312
"Additionally, the <application>smbldap-useradd</application> utility can add "
15313
"Samba machine accounts:"
15314
msgstr ""
15315
15316
#: serverguide/C/network-auth.xml:1957(command)
15317
msgid "sudo smbldap-useradd -t 0 -w username"
15318
msgstr "sudo smbldap-useradd -t 0 -w username"
15319
15320
#: serverguide/C/network-auth.xml:1959(para)
15321
msgid ""
15322
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
15323
"<emphasis>-t 0</emphasis> option creates the machine account without a "
15324
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
15325
"machine account. Also, note the <emphasis>add machine script</emphasis> "
15326
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
15327
"<application>smbldap-useradd</application>."
15328
msgstr ""
15329
15330
#: serverguide/C/network-auth.xml:1968(para)
15331
msgid ""
15332
"There are more useful utilities and options in the <application>smbldap-"
15333
"tools</application> package. The man page for each utility provides more "
15334
"details."
15335
msgstr ""
15336
15337
#: serverguide/C/network-auth.xml:1979(para)
15338
msgid ""
15339
"There are multiple places where LDAP and Samba is documented in the <ulink "
15340
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15341
"Collection</ulink>."
15342
msgstr ""
15343
15344
#: serverguide/C/network-auth.xml:1985(para)
15345
msgid ""
15346
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15347
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15348
msgstr ""
15349
15350
#: serverguide/C/network-auth.xml:1991(para)
15351
msgid ""
15352
"Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
15353
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15354
msgstr ""
15355
15356
#: serverguide/C/network-auth.xml:1997(para)
15357
msgid ""
15358
"Again, for more information on <application>smbldap-tools</application> see "
15359
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15360
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15361
msgstr ""
15362
15363
#: serverguide/C/network-auth.xml:2004(para)
15364
msgid ""
15365
"Also, there is a list of <ulink "
15366
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15367
"wiki</ulink> articles with more information."
15368
msgstr ""
15369
15370
#: serverguide/C/network-auth.xml:2013(title)
15371
msgid "Kerberos"
15372
msgstr "Kerberos"
15373
15374
#: serverguide/C/network-auth.xml:2015(para)
15375
msgid ""
15376
"<application>Kerberos</application> is a network authentication system based "
15377
"on the principal of a trusted third party. The other two parties being the "
15378
"user and the service the user wishes to authenticate to. Not all services "
15379
"and applications can use Kerberos, but for those that can, it brings the "
15380
"network environment one step closer to being Single Sign On (SSO)."
15381
msgstr ""
15382
15383
#: serverguide/C/network-auth.xml:2021(para)
15384
msgid ""
15385
"This section covers installation and configuration of a Kerberos server, and "
15386
"some example client configurations."
15387
msgstr ""
15388
15389
#: serverguide/C/network-auth.xml:2028(para)
15390
msgid ""
15391
"If you are new to Kerberos there are a few terms that are good to understand "
15392
"before setting up a Kerberos server. Most of the terms will relate to things "
15393
"you may be familiar with in other environments:"
15394
msgstr ""
15395
15396
#: serverguide/C/network-auth.xml:2035(para)
15397
msgid ""
15398
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15399
"by servers need to be defined as Kerberos Principals."
15400
msgstr ""
15401
15402
#: serverguide/C/network-auth.xml:2040(para)
15403
msgid ""
15404
"<emphasis>Instances:</emphasis> are used for service principals and special "
15405
"administrative principals."
15406
msgstr ""
15407
15408
#: serverguide/C/network-auth.xml:2045(para)
15409
msgid ""
15410
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15411
"Kerberos installation. Usually the DNS domain converted to uppercase "
15412
"(EXAMPLE.COM)."
15413
msgstr ""
15414
15415
#: serverguide/C/network-auth.xml:2051(para)
15416
msgid ""
15417
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15418
"a database of all principals, the authentication server, and the ticket "
15419
"granting server. For each realm there must be at least one KDC."
15420
msgstr ""
15421
15422
#: serverguide/C/network-auth.xml:2057(para)
15423
msgid ""
15424
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15425
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15426
"password which is known only to the user and the KDC."
15427
msgstr ""
15428
15429
#: serverguide/C/network-auth.xml:2063(para)
15430
msgid ""
15431
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15432
"clients upon request."
15433
msgstr ""
15434
15435
#: serverguide/C/network-auth.xml:2068(para)
15436
msgid ""
15437
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15438
"One principal being a user and the other a service requested by the user. "
15439
"Tickets establish an encryption key used for secure communication during the "
15440
"authenticated session."
15441
msgstr ""
15442
15443
#: serverguide/C/network-auth.xml:2074(para)
15444
msgid ""
15445
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15446
"principal database and contain the encryption key for a service or host."
15447
msgstr ""
15448
15449
#: serverguide/C/network-auth.xml:2081(para)
15450
msgid ""
15451
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15452
"redundancy, which contains a database of Principals. When a user principal "
15453
"logs into a workstation, configured for Kerberos authentication, the KDC "
15454
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15455
"match, the user is authenticated and can then request tickets for Kerberized "
15456
"services from the Ticket Granting Server (TGS). The service tickets allow "
15457
"the user to authenticate to the service without entering another username "
15458
"and password."
15459
msgstr ""
15460
15461
#: serverguide/C/network-auth.xml:2090(title)
15462
msgid "Kerberos Server"
15463
msgstr "Сэрвер Kerberos"
15464
15465
#: serverguide/C/network-auth.xml:2094(para)
15466
msgid ""
15467
"Before installing the Kerberos server a properly configured DNS server is "
15468
"needed for your domain. Since the Kerberos Realm by convention matches the "
15469
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15470
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15471
msgstr ""
15472
15473
#: serverguide/C/network-auth.xml:2100(para)
15474
msgid ""
15475
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15476
"between a client machine and the server differs by more than five minutes "
15477
"(by default), the workstation will not be able to authenticate. To correct "
15478
"the problem all hosts should have their time synchronized using the "
15479
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15480
"NTP see <xref linkend=\"NTP\"/>."
15481
msgstr ""
15482
15483
#: serverguide/C/network-auth.xml:2107(para)
15484
msgid ""
15485
"The first step in installing a Kerberos Realm is to install the "
15486
"<application>krb5-kdc</application> and <application>krb5-admin-"
15487
"server</application> packages. From a terminal enter:"
15488
msgstr ""
15489
15490
#: serverguide/C/network-auth.xml:2113(command) serverguide/C/network-auth.xml:2288(command)
15491
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15492
msgstr "sudo apt-get install krb5-kdc krb5-admin-server"
15493
15494
#: serverguide/C/network-auth.xml:2116(para)
15495
msgid ""
15496
"You will be asked at the end of the install to supply a name for the "
15497
"Kerberos and Admin servers, which may or may not be the same server, for the "
15498
"realm."
15499
msgstr ""
15500
15501
#: serverguide/C/network-auth.xml:2121(para)
15502
msgid ""
15503
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15504
"utility:"
15505
msgstr ""
15506
15507
#: serverguide/C/network-auth.xml:2126(command)
15508
msgid "sudo krb5_newrealm"
15509
msgstr "sudo krb5_newrealm"
15510
15511
#: serverguide/C/network-auth.xml:2133(para)
15512
msgid ""
15513
"The questions asked during installation are used to configure the "
15514
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15515
"Distribution Center (KDC) settings simply edit the file and restart the "
15516
"<application>krb5-kdc</application> daemon."
15517
msgstr ""
15518
15519
#: serverguide/C/network-auth.xml:2141(para)
15520
msgid ""
15521
"Now that the KDC running an admin user is needed. It is recommended to use a "
15522
"different username from your everyday username. Using the "
15523
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15524
msgstr ""
15525
15526
#: serverguide/C/network-auth.xml:2147(command) serverguide/C/network-auth.xml:2943(command)
15527
msgid "sudo kadmin.local"
15528
msgstr "sudo kadmin.local"
15529
15530
#: serverguide/C/network-auth.xml:2148(computeroutput)
15531
#, no-wrap
15532
msgid ""
15533
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15534
"kadmin.local:"
15535
msgstr ""
15536
15537
#: serverguide/C/network-auth.xml:2149(userinput)
15538
#, no-wrap
15539
msgid " addprinc steve/admin"
15540
msgstr " addprinc steve/admin"
15541
15542
#: serverguide/C/network-auth.xml:2150(computeroutput)
15543
#, no-wrap
15544
msgid ""
15545
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15546
"policy\n"
15547
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15548
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15549
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15550
"kadmin.local:"
15551
msgstr ""
15552
15553
#: serverguide/C/network-auth.xml:2154(userinput)
15554
#, no-wrap
15555
msgid " quit"
15556
msgstr " выхад"
15557
15558
#: serverguide/C/network-auth.xml:2157(para)
15559
msgid ""
15560
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15561
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15562
"is an <emphasis>Instance</emphasis>, and <emphasis "
15563
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15564
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15565
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15566
"rights."
15567
msgstr ""
15568
15569
#: serverguide/C/network-auth.xml:2165(para)
15570
msgid ""
15571
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15572
"your Realm and admin username."
15573
msgstr ""
15574
15575
#: serverguide/C/network-auth.xml:2173(para)
15576
msgid ""
15577
"Next, the new admin user needs to have the appropriate Access Control List "
15578
"(ACL) permissions. The permissions are configured in the "
15579
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15580
msgstr ""
15581
15582
#: serverguide/C/network-auth.xml:2178(programlisting)
15583
#, no-wrap
15584
msgid ""
15585
"\n"
15586
"steve/admin@EXAMPLE.COM *\n"
15587
msgstr ""
15588
"\n"
15589
"steve/admin@EXAMPLE.COM *\n"
15590
15591
#: serverguide/C/network-auth.xml:2182(para)
15592
msgid ""
15593
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15594
"any operation on all principals in the realm."
15595
msgstr ""
15596
15597
#: serverguide/C/network-auth.xml:2189(para)
15598
msgid ""
15599
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15600
"to take affect:"
15601
msgstr ""
15602
15603
#: serverguide/C/network-auth.xml:2194(command)
15604
msgid "sudo /etc/init.d/krb5-admin-server restart"
15605
msgstr "sudo /etc/init.d/krb5-admin-server restart"
15606
15607
#: serverguide/C/network-auth.xml:2200(para)
15608
msgid ""
15609
"The new user principal can be tested using the <application>kinit "
15610
"utility</application>:"
15611
msgstr ""
15612
15613
#: serverguide/C/network-auth.xml:2205(command)
15614
msgid "kinit steve/admin"
15615
msgstr "kinit steve/admin"
15616
15617
#: serverguide/C/network-auth.xml:2206(computeroutput)
15618
#, no-wrap
15619
msgid "steve/admin@EXAMPLE.COM's Password:"
15620
msgstr "Пароль на steve/admin@EXAMPLE.COM:"
15621
15622
#: serverguide/C/network-auth.xml:2209(para)
15623
msgid ""
15624
"After entering the password, use the <application>klist</application> "
15625
"utility to view information about the Ticket Granting Ticket (TGT):"
15626
msgstr ""
15627
15628
#: serverguide/C/network-auth.xml:2215(command) serverguide/C/network-auth.xml:2550(command)
15629
msgid "klist"
15630
msgstr "klist"
15631
15632
#: serverguide/C/network-auth.xml:2216(computeroutput)
15633
#, no-wrap
15634
msgid ""
15635
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15636
" Principal: steve/admin@EXAMPLE.COM\n"
15637
"\n"
15638
" Issued Expires Principal\n"
15639
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15640
msgstr ""
15641
15642
#: serverguide/C/network-auth.xml:2223(para)
15643
msgid ""
15644
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15645
"the KDC. For example:"
15646
msgstr ""
15647
15648
#: serverguide/C/network-auth.xml:2227(programlisting)
15649
#, no-wrap
15650
msgid ""
15651
"\n"
15652
"192.168.0.1 kdc01.example.com kdc01\n"
15653
msgstr ""
15654
"\n"
15655
"192.168.0.1 kdc01.example.com kdc01\n"
15656
15657
#: serverguide/C/network-auth.xml:2231(para)
15658
msgid ""
15659
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15660
msgstr ""
15661
15662
#: serverguide/C/network-auth.xml:2238(para)
15663
msgid ""
15664
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15665
"are needed. Add the following to "
15666
"<filename>/etc/named/db.example.com</filename>:"
15667
msgstr ""
15668
15669
#: serverguide/C/network-auth.xml:2243(programlisting)
15670
#, no-wrap
15671
msgid ""
15672
"\n"
15673
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15674
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15675
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15676
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15677
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15678
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15679
msgstr ""
15680
"\n"
15681
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15682
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15683
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15684
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15685
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15686
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15687
15688
#: serverguide/C/network-auth.xml:2253(para)
15689
msgid ""
15690
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15691
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15692
"KDC."
15693
msgstr ""
15694
15695
#: serverguide/C/network-auth.xml:2259(para)
15696
msgid ""
15697
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15698
msgstr ""
15699
15700
#: serverguide/C/network-auth.xml:2266(para)
15701
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15702
msgstr ""
15703
15704
#: serverguide/C/network-auth.xml:2273(title)
15705
msgid "Secondary KDC"
15706
msgstr "Другасны KDC"
15707
15708
#: serverguide/C/network-auth.xml:2275(para)
15709
msgid ""
15710
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15711
"practice to have a Secondary KDC in case the primary becomes unavailable."
15712
msgstr ""
15713
15714
#: serverguide/C/network-auth.xml:2283(para)
15715
msgid ""
15716
"First, install the packages, and when asked for the Kerberos and Admin "
15717
"server names enter the name of the Primary KDC:"
15718
msgstr ""
15719
15720
#: serverguide/C/network-auth.xml:2294(para)
15721
msgid ""
15722
"Once you have the packages installed, create the Secondary KDC's host "
15723
"principal. From a terminal prompt, enter:"
15724
msgstr ""
15725
15726
#: serverguide/C/network-auth.xml:2299(command)
15727
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15728
msgstr "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15729
15730
#: serverguide/C/network-auth.xml:2303(para)
15731
msgid ""
15732
"After, issuing any <application>kadmin</application> commands you will be "
15733
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15734
"password."
15735
msgstr ""
15736
15737
#: serverguide/C/network-auth.xml:2312(para)
15738
msgid "Extract the <emphasis>keytab</emphasis> file:"
15739
msgstr ""
15740
15741
#: serverguide/C/network-auth.xml:2317(command)
15742
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15743
msgstr "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15744
15745
#: serverguide/C/network-auth.xml:2323(para)
15746
msgid ""
15747
"There should now be a <filename>keytab.kdc02</filename> in the current "
15748
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15749
msgstr ""
15750
15751
#: serverguide/C/network-auth.xml:2329(command)
15752
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15753
msgstr "sudo mv keytab.kdc02 /etc/krb5.keytab"
15754
15755
#: serverguide/C/network-auth.xml:2333(para)
15756
msgid ""
15757
"If the path to the <filename>keytab.kdc02</filename> file is different "
15758
"adjust accordingly."
15759
msgstr ""
15760
15761
#: serverguide/C/network-auth.xml:2338(para)
15762
msgid ""
15763
"Also, you can list the principals in a Keytab file, which can be useful when "
15764
"troubleshooting, using the <application>klist</application> utility:"
15765
msgstr ""
15766
15767
#: serverguide/C/network-auth.xml:2344(command)
15768
msgid "sudo klist -k /etc/krb5.keytab"
15769
msgstr "sudo klist -k /etc/krb5.keytab"
15770
15771
#: serverguide/C/network-auth.xml:2350(para)
15772
msgid ""
15773
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15774
"that lists all KDCs for the Realm. For example, on both primary and "
15775
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15776
msgstr ""
15777
15778
#: serverguide/C/network-auth.xml:2355(programlisting)
15779
#, no-wrap
15780
msgid ""
15781
"\n"
15782
"host/kdc01.example.com@EXAMPLE.COM\n"
15783
"host/kdc02.example.com@EXAMPLE.COM\n"
15784
msgstr ""
15785
"\n"
15786
"host/kdc01.example.com@EXAMPLE.COM\n"
15787
"host/kdc02.example.com@EXAMPLE.COM\n"
15788
15789
#: serverguide/C/network-auth.xml:2363(para)
15790
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15791
msgstr ""
15792
15793
#: serverguide/C/network-auth.xml:2368(command)
15794
msgid "sudo kdb5_util -s create"
15795
msgstr "sudo kdb5_util -s create"
15796
15797
#: serverguide/C/network-auth.xml:2374(para)
15798
msgid ""
15799
"Now start the <application>kpropd</application> daemon, which listens for "
15800
"connections from the <application>kprop</application> utility. "
15801
"<application>kprop</application> is used to transfer dump files:"
15802
msgstr ""
15803
15804
#: serverguide/C/network-auth.xml:2381(command)
15805
msgid "sudo kpropd -S"
15806
msgstr "sudo kpropd -S"
15807
15808
#: serverguide/C/network-auth.xml:2387(para)
15809
msgid ""
15810
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15811
"of the principal database:"
15812
msgstr ""
15813
15814
#: serverguide/C/network-auth.xml:2392(command)
15815
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15816
msgstr "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15817
15818
#: serverguide/C/network-auth.xml:2398(para)
15819
msgid ""
15820
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15821
"<filename>/etc/krb5.keytab</filename>:"
15822
msgstr ""
15823
15824
#: serverguide/C/network-auth.xml:2403(command)
15825
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15826
msgstr "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15827
15828
#: serverguide/C/network-auth.xml:2404(command)
15829
msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
15830
msgstr "sudo mv keytab.kdc01 /etc/kr5b.keytab"
15831
15832
#: serverguide/C/network-auth.xml:2408(para)
15833
msgid ""
15834
"Make sure there is a <emphasis>host</emphasis> for "
15835
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15836
msgstr ""
15837
15838
#: serverguide/C/network-auth.xml:2416(para)
15839
msgid ""
15840
"Using the <application>kprop</application> utility push the database to the "
15841
"Secondary KDC:"
15842
msgstr ""
15843
15844
#: serverguide/C/network-auth.xml:2421(command)
15845
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15846
msgstr "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15847
15848
#: serverguide/C/network-auth.xml:2425(para)
15849
msgid ""
15850
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15851
"worked. If there is an error message check "
15852
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
15853
"information."
15854
msgstr ""
15855
15856
#: serverguide/C/network-auth.xml:2431(para)
15857
msgid ""
15858
"You may also want to create a <application>cron</application> job to "
15859
"periodically update the database on the Secondary KDC. For example, the "
15860
"following will push the database every hour:"
15861
msgstr ""
15862
15863
#: serverguide/C/network-auth.xml:2436(programlisting)
15864
#, no-wrap
15865
msgid ""
15866
"\n"
15867
"# m h dom mon dow command\n"
15868
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15869
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15870
msgstr ""
15871
"\n"
15872
"# m h dom mon dow command\n"
15873
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15874
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15875
15876
#: serverguide/C/network-auth.xml:2444(para)
15877
msgid ""
15878
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15879
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15880
msgstr ""
15881
15882
#: serverguide/C/network-auth.xml:2450(command)
15883
msgid "sudo kdb5_util stash"
15884
msgstr "sudo kdb5_util stash"
15885
15886
#: serverguide/C/network-auth.xml:2456(para)
15887
msgid ""
15888
"Finally, start the <application>krb5-kdc</application> daemon on the "
15889
"Secondary KDC:"
15890
msgstr ""
15891
15892
#: serverguide/C/network-auth.xml:2461(command) serverguide/C/network-auth.xml:3073(command)
15893
msgid "sudo /etc/init.d/krb5-kdc start"
15894
msgstr "sudo /etc/init.d/krb5-kdc start"
15895
15896
#: serverguide/C/network-auth.xml:2467(para)
15897
msgid ""
15898
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15899
"for the Realm. You can test this by stopping the <application>krb5-"
15900
"kdc</application> daemon on the Primary KDC, then use "
15901
"<application>kinit</application> to request a ticket. If all goes well you "
15902
"should receive a ticket from the Secondary KDC."
15903
msgstr ""
15904
15905
#: serverguide/C/network-auth.xml:2475(title)
15906
msgid "Kerberos Linux Client"
15907
msgstr "Linux кліент Kerberos"
15908
15909
#: serverguide/C/network-auth.xml:2477(para)
15910
msgid ""
15911
"This section covers configuring a Linux system as a "
15912
"<application>Kerberos</application> client. This will allow access to any "
15913
"kerberized services once a user has successfully logged into the system."
15914
msgstr ""
15915
15916
#: serverguide/C/network-auth.xml:2485(para)
15917
msgid ""
15918
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15919
"user</application> and <application>libpam-krb5</application> packages are "
15920
"needed, along with a few others that are not strictly necessary but make "
15921
"life easier. To install the packages enter the following in a terminal "
15922
"prompt:"
15923
msgstr ""
15924
15925
#: serverguide/C/network-auth.xml:2492(command)
15926
msgid ""
15927
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15928
msgstr ""
15929
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15930
15931
#: serverguide/C/network-auth.xml:2495(para)
15932
msgid ""
15933
"The <application>auth-client-config</application> package allows simple "
15934
"configuration of PAM for authentication from multiple sources, and the "
15935
"<application>libpam-ccreds</application> will cache authentication "
15936
"credentials allowing you to login in case the Key Distribution Center (KDC) "
15937
"is unavailable. This package is also useful for laptops that may "
15938
"authenticate using Kerberos while on the corporate network, but will need to "
15939
"be accessed off the network as well."
15940
msgstr ""
15941
15942
#: serverguide/C/network-auth.xml:2506(para)
15943
msgid "To configure the client in a terminal enter:"
15944
msgstr ""
15945
15946
#: serverguide/C/network-auth.xml:2511(command)
15947
msgid "sudo dpkg-reconfigure krb5-config"
15948
msgstr "sudo dpkg-reconfigure krb5-config"
15949
15950
#: serverguide/C/network-auth.xml:2514(para)
15951
msgid ""
15952
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15953
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15954
"records, the menu will prompt you for the hostname of the Key Distribution "
15955
"Center (KDC) and Realm Administration server."
15956
msgstr ""
15957
15958
#: serverguide/C/network-auth.xml:2520(para)
15959
msgid ""
15960
"The <application>dpkg-reconfigure</application> adds entries to the "
15961
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15962
"entries similar to the following:"
15963
msgstr ""
15964
15965
#: serverguide/C/network-auth.xml:2525(programlisting)
15966
#, no-wrap
15967
msgid ""
15968
"\n"
15969
"[libdefaults]\n"
15970
" default_realm = EXAMPLE.COM\n"
15971
"...\n"
15972
"[realms]\n"
15973
" EXAMPLE.COM = } \n"
15974
" kdc = 192.168.0.1 \n"
15975
" admin_server = 192.168.0.1\n"
15976
" }\n"
15977
msgstr ""
15978
"\n"
15979
"[libdefaults]\n"
15980
" default_realm = EXAMPLE.COM\n"
15981
"...\n"
15982
"[realms]\n"
15983
" EXAMPLE.COM = } \n"
15984
" kdc = 192.168.0.1 \n"
15985
" admin_server = 192.168.0.1\n"
15986
" }\n"
15987
15988
#: serverguide/C/network-auth.xml:2536(para)
15989
msgid ""
15990
"You can test the configuration by requesting a ticket using the "
15991
"<application>kinit</application> utility. For example:"
15992
msgstr ""
15993
15994
#: serverguide/C/network-auth.xml:2541(command)
15995
msgid "kinit steve@EXAMPLE.COM"
15996
msgstr "kinit steve@EXAMPLE.COM"
15997
15998
#: serverguide/C/network-auth.xml:2542(computeroutput)
15999
#, no-wrap
16000
msgid "Password for steve@EXAMPLE.COM:"
16001
msgstr "Пароль для steve@EXAMPLE.COM:"
16002
16003
#: serverguide/C/network-auth.xml:2545(para)
16004
msgid ""
16005
"When a ticket has been granted, the details can be viewed using "
16006
"<application>klist</application>:"
16007
msgstr ""
16008
16009
#: serverguide/C/network-auth.xml:2551(computeroutput)
16010
#, no-wrap
16011
msgid ""
16012
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
16013
"Default principal: steve@EXAMPLE.COM\n"
16014
"\n"
16015
"Valid starting Expires Service principal\n"
16016
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
16017
" renew until 07/25/08 05:18:57\n"
16018
"\n"
16019
"\n"
16020
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
16021
"klist: You have no tickets cached"
16022
msgstr ""
16023
16024
#: serverguide/C/network-auth.xml:2563(para)
16025
msgid ""
16026
"Next, use the <application>auth-client-config</application> to configure the "
16027
"<application>libpam-krb5</application> module to request a ticket during "
16028
"login:"
16029
msgstr ""
16030
16031
#: serverguide/C/network-auth.xml:2569(command)
16032
msgid "sudo auth-client-config -a -p kerberos_example"
16033
msgstr "sudo auth-client-config -a -p kerberos_example"
16034
16035
#: serverguide/C/network-auth.xml:2572(para)
16036
msgid ""
16037
"You will should now receive a ticket upon successful login authentication."
16038
msgstr ""
16039
16040
#: serverguide/C/network-auth.xml:2583(para)
16041
msgid ""
16042
"For more information on Kerberos see the <ulink "
16043
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
16044
msgstr ""
16045
16046
#: serverguide/C/network-auth.xml:2588(para)
16047
msgid ""
16048
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
16049
"Kerberos</ulink> page has more details."
16050
msgstr ""
16051
16052
#: serverguide/C/network-auth.xml:2593(para)
16053
msgid ""
16054
"O'Reilly's <ulink "
16055
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
16056
"Guide</ulink> is a great reference when setting up Kerberos."
16057
msgstr ""
16058
16059
#: serverguide/C/network-auth.xml:2599(para)
16060
msgid ""
16061
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
16062
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
16063
"Kerberos questions."
16064
msgstr ""
16065
16066
#: serverguide/C/network-auth.xml:2609(title)
16067
msgid "Kerberos and LDAP"
16068
msgstr "Kerberos і LDAP"
16069
16070
#: serverguide/C/network-auth.xml:2611(para)
16071
msgid ""
16072
"Replicating a Kerberos principal database between two servers can be "
16073
"complicated, and adds an additional user database to your network. "
16074
"Fortunately, MIT Kerberos can be configured to use an "
16075
"<application>LDAP</application> directory as a principal database. This "
16076
"section covers configuring a primary and secondary kerberos server to use "
16077
"<application>OpenLDAP</application> for the principal database."
16078
msgstr ""
16079
16080
#: serverguide/C/network-auth.xml:2619(title)
16081
msgid "Configuring OpenLDAP"
16082
msgstr "Наладка OpenLDAP"
16083
16084
#: serverguide/C/network-auth.xml:2621(para)
16085
msgid ""
16086
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
16087
"<application>OpenLDAP</application> server that has network connectivity to "
16088
"the Primary and Secondary KDCs. The rest of this section assumes that you "
16089
"also have LDAP replication configured between at least two servers. For "
16090
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
16091
msgstr ""
16092
16093
#: serverguide/C/network-auth.xml:2628(para)
16094
msgid ""
16095
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
16096
"that traffic between the KDC and LDAP server is encrypted. See <xref "
16097
"linkend=\"openldap-tls\"/> for details."
16098
msgstr ""
16099
16100
#: serverguide/C/network-auth.xml:2635(para)
16101
msgid ""
16102
"To load the schema into LDAP, on the LDAP server install the "
16103
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
16104
msgstr ""
16105
16106
#: serverguide/C/network-auth.xml:2641(command)
16107
msgid "sudo apt-get install krb5-kdc-ldap"
16108
msgstr "sudo apt-get install krb5-kdc-ldap"
16109
16110
#: serverguide/C/network-auth.xml:2646(para)
16111
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
16112
msgstr ""
16113
16114
#: serverguide/C/network-auth.xml:2651(command)
16115
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
16116
msgstr "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
16117
16118
#: serverguide/C/network-auth.xml:2652(command)
16119
msgid ""
16120
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
16121
msgstr ""
16122
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
16123
16124
#: serverguide/C/network-auth.xml:2658(para)
16125
msgid ""
16126
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
16127
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
16128
"<application>slapd</application> is also detailed in <xref "
16129
"linkend=\"openldap-configuration\"/>."
16130
msgstr ""
16131
16132
#: serverguide/C/network-auth.xml:2671(programlisting)
16133
#, no-wrap
16134
msgid ""
16135
"\n"
16136
"include /etc/ldap/schema/core.schema\n"
16137
"include /etc/ldap/schema/collective.schema\n"
16138
"include /etc/ldap/schema/corba.schema\n"
16139
"include /etc/ldap/schema/cosine.schema\n"
16140
"include /etc/ldap/schema/duaconf.schema\n"
16141
"include /etc/ldap/schema/dyngroup.schema\n"
16142
"include /etc/ldap/schema/inetorgperson.schema\n"
16143
"include /etc/ldap/schema/java.schema\n"
16144
"include /etc/ldap/schema/misc.schema\n"
16145
"include /etc/ldap/schema/nis.schema\n"
16146
"include /etc/ldap/schema/openldap.schema\n"
16147
"include /etc/ldap/schema/ppolicy.schema\n"
16148
"include /etc/ldap/schema/kerberos.schema\n"
16149
msgstr ""
16150
16151
#: serverguide/C/network-auth.xml:2691(para)
16152
msgid "Create a temporary directory to hold the LDIF files:"
16153
msgstr ""
16154
16155
#: serverguide/C/network-auth.xml:2706(command)
16156
msgid ""
16157
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
16158
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
16159
msgstr ""
16160
16161
#: serverguide/C/network-auth.xml:2716(para)
16162
msgid ""
16163
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
16164
"changing the following attributes:"
16165
msgstr ""
16166
16167
#: serverguide/C/network-auth.xml:2720(programlisting)
16168
#, no-wrap
16169
msgid ""
16170
"\n"
16171
"dn: cn=kerberos,cn=schema,cn=config\n"
16172
"...\n"
16173
"cn: kerberos\n"
16174
msgstr ""
16175
"\n"
16176
"dn: cn=kerberos,cn=schema,cn=config\n"
16177
"...\n"
16178
"cn: kerberos\n"
16179
16180
#: serverguide/C/network-auth.xml:2726(para)
16181
msgid "And remove the following lines from the end of the file:"
16182
msgstr ""
16183
16184
#: serverguide/C/network-auth.xml:2730(programlisting)
16185
#, no-wrap
16186
msgid ""
16187
"\n"
16188
"structuralObjectClass: olcSchemaConfig\n"
16189
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
16190
"creatorsName: cn=config\n"
16191
"createTimestamp: 20090111203515Z\n"
16192
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
16193
"modifiersName: cn=config\n"
16194
"modifyTimestamp: 20090111203515Z\n"
16195
msgstr ""
16196
"\n"
16197
"structuralObjectClass: olcSchemaConfig\n"
16198
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
16199
"creatorsName: cn=config\n"
16200
"createTimestamp: 20090111203515Z\n"
16201
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
16202
"modifiersName: cn=config\n"
16203
"modifyTimestamp: 20090111203515Z\n"
16204
16205
#: serverguide/C/network-auth.xml:2749(para)
16206
msgid "Load the new schema with <application>ldapadd</application>:"
16207
msgstr ""
16208
16209
#: serverguide/C/network-auth.xml:2754(command)
16210
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
16211
msgstr ""
16212
16213
#: serverguide/C/network-auth.xml:2760(para)
16214
msgid ""
16215
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
16216
msgstr ""
16217
16218
#: serverguide/C/network-auth.xml:2765(command) serverguide/C/network-auth.xml:2782(command)
16219
msgid "ldapmodify -x -D cn=admin,cn=config -W"
16220
msgstr "ldapmodify -x -D cn=admin,cn=config -W"
16221
16222
#: serverguide/C/network-auth.xml:2767(userinput)
16223
#, no-wrap
16224
msgid ""
16225
"dn: olcDatabase={1}hdb,cn=config\n"
16226
"add: olcDbIndex\n"
16227
"olcDbIndex: krbPrincipalName eq,pres,sub"
16228
msgstr ""
16229
"dn: olcDatabase={1}hdb,cn=config\n"
16230
"add: olcDbIndex\n"
16231
"olcDbIndex: krbPrincipalName eq,pres,sub"
16232
16233
#: serverguide/C/network-auth.xml:2766(computeroutput)
16234
#, no-wrap
16235
msgid ""
16236
"Enter LDAP Password:\n"
16237
"<placeholder-1/>\n"
16238
"\n"
16239
"modifying entry \"olcDatabase={1}hdb,cn=config\""
16240
msgstr ""
16241
16242
#: serverguide/C/network-auth.xml:2777(para)
16243
msgid "Finally, update the Access Control Lists (ACL):"
16244
msgstr ""
16245
16246
#: serverguide/C/network-auth.xml:2784(userinput)
16247
#, no-wrap
16248
msgid ""
16249
"dn: olcDatabase={1}hdb,cn=config\n"
16250
"replace: olcAccess\n"
16251
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
16252
"dn=\"cn=admin,dc=exampl\n"
16253
" e,dc=com\" write by anonymous auth by self write by * none\n"
16254
"-\n"
16255
"add: olcAccess\n"
16256
"olcAccess: to dn.base=\"\" by * read\n"
16257
"-\n"
16258
"add: olcAccess\n"
16259
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
16260
msgstr ""
16261
16262
#: serverguide/C/network-auth.xml:2783(computeroutput)
16263
#, no-wrap
16264
msgid ""
16265
"Enter LDAP Password: \n"
16266
"<placeholder-1/>\n"
16267
"\n"
16268
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
16269
msgstr ""
16270
16271
#: serverguide/C/network-auth.xml:2804(para)
16272
msgid ""
16273
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
16274
"database."
16275
msgstr ""
16276
16277
#: serverguide/C/network-auth.xml:2810(title)
16278
msgid "Primary KDC Configuration"
16279
msgstr ""
16280
16281
#: serverguide/C/network-auth.xml:2812(para)
16282
msgid ""
16283
"With <application>OpenLDAP</application> configured it is time to configure "
16284
"the KDC."
16285
msgstr ""
16286
16287
#: serverguide/C/network-auth.xml:2818(para)
16288
msgid "First, install the necessary packages, from a terminal enter:"
16289
msgstr ""
16290
16291
#: serverguide/C/network-auth.xml:2823(command) serverguide/C/network-auth.xml:2980(command)
16292
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16293
msgstr "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16294
16295
#: serverguide/C/network-auth.xml:2829(para)
16296
msgid ""
16297
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
16298
"under the appropriate sections:"
16299
msgstr ""
16300
16301
#: serverguide/C/network-auth.xml:2833(programlisting)
16302
#, no-wrap
16303
msgid ""
16304
"\n"
16305
"[libdefaults]\n"
16306
" default_realm = EXAMPLE.COM\n"
16307
"\n"
16308
"...\n"
16309
"\n"
16310
"[realms]\n"
16311
" EXAMPLE.COM = {\n"
16312
" kdc = kdc01.example.com\n"
16313
" kdc = kdc02.example.com\n"
16314
" admin_server = kdc01.example.com\n"
16315
" admin_server = kdc02.example.com\n"
16316
" default_domain = example.com\n"
16317
" database_module = openldap_ldapconf\n"
16318
" }\n"
16319
"\n"
16320
"...\n"
16321
"\n"
16322
"[domain_realm]\n"
16323
" .example.com = EXAMPLE.COM\n"
16324
"\n"
16325
"\n"
16326
"...\n"
16327
"\n"
16328
"[dbdefaults]\n"
16329
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16330
"\n"
16331
"[dbmodules]\n"
16332
" openldap_ldapconf = {\n"
16333
" db_library = kldap\n"
16334
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16335
"\n"
16336
" # this object needs to have read rights on\n"
16337
" # the realm container, principal container and realm sub-"
16338
"trees\n"
16339
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16340
"\n"
16341
" # this object needs to have read and write rights on\n"
16342
" # the realm container, principal container and realm sub-"
16343
"trees\n"
16344
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16345
" ldap_servers = ldaps://ldap01.example.com "
16346
"ldaps://ldap02.example.com\n"
16347
" ldap_conns_per_server = 5\n"
16348
" }\n"
16349
msgstr ""
16350
16351
#: serverguide/C/network-auth.xml:2878(para)
16352
msgid ""
16353
"Change <emphasis>example.com</emphasis>, "
16354
"<emphasis>dc=example,dc=com</emphasis>, "
16355
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
16356
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
16357
"object, and LDAP server for your network."
16358
msgstr ""
16359
16360
#: serverguide/C/network-auth.xml:2887(para)
16361
msgid ""
16362
"Next, use the <application>kdb5_ldap_util</application> utility to create "
16363
"the realm:"
16364
msgstr ""
16365
16366
#: serverguide/C/network-auth.xml:2892(command)
16367
msgid ""
16368
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
16369
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16370
msgstr ""
16371
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
16372
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16373
16374
#: serverguide/C/network-auth.xml:2898(para)
16375
msgid ""
16376
"Create a stash of the password used to bind to the LDAP server. This "
16377
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16378
"<emphasis>ldap_kadmin_dn</emphasis> options in "
16379
"<filename>/etc/krb5.conf</filename>:"
16380
msgstr ""
16381
16382
#: serverguide/C/network-auth.xml:2904(command) serverguide/C/network-auth.xml:3042(command)
16383
msgid ""
16384
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
16385
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16386
msgstr ""
16387
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
16388
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16389
16390
#: serverguide/C/network-auth.xml:2910(para)
16391
msgid "Copy the CA certificate from the LDAP server:"
16392
msgstr ""
16393
16394
#: serverguide/C/network-auth.xml:2915(command)
16395
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16396
msgstr "scp ldap01:/etc/ssl/certs/cacert.pem ."
16397
16398
#: serverguide/C/network-auth.xml:2916(command)
16399
msgid "sudo cp cacert.pem /etc/ssl/certs"
16400
msgstr "sudo cp cacert.pem /etc/ssl/certs"
16401
16402
#: serverguide/C/network-auth.xml:2919(para)
16403
msgid ""
16404
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16405
msgstr ""
16406
16407
#: serverguide/C/network-auth.xml:2923(programlisting)
16408
#, no-wrap
16409
msgid ""
16410
"\n"
16411
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16412
msgstr ""
16413
"\n"
16414
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16415
16416
#: serverguide/C/network-auth.xml:2928(para)
16417
msgid ""
16418
"The certificate will also need to be copied to the Secondary KDC, to allow "
16419
"the connection to the LDAP servers using LDAPS."
16420
msgstr ""
16421
16422
#: serverguide/C/network-auth.xml:2937(para)
16423
msgid ""
16424
"You can now add Kerberos principals to the LDAP database, and they will be "
16425
"copied to any other LDAP servers configured for replication. To add a "
16426
"principal using the <application>kadmin.local</application> utility enter:"
16427
msgstr ""
16428
16429
#: serverguide/C/network-auth.xml:2945(userinput)
16430
#, no-wrap
16431
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16432
msgstr "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16433
16434
#: serverguide/C/network-auth.xml:2944(computeroutput)
16435
#, no-wrap
16436
msgid ""
16437
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16438
"kadmin.local: <placeholder-1/>\n"
16439
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16440
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16441
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16442
"Principal \"steve@EXAMPLE.COM\" created."
16443
msgstr ""
16444
16445
#: serverguide/C/network-auth.xml:2952(para)
16446
msgid ""
16447
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16448
"krbExtraData attributes added to the "
16449
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16450
"the <application>kinit</application> and <application>klist</application> "
16451
"utilities to test that the user is indeed issued a ticket."
16452
msgstr ""
16453
16454
#: serverguide/C/network-auth.xml:2959(para)
16455
msgid ""
16456
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16457
"option is needed to add the Kerberos attributes. Otherwise a new "
16458
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16459
msgstr ""
16460
16461
#: serverguide/C/network-auth.xml:2967(title)
16462
msgid "Secondary KDC Configuration"
16463
msgstr ""
16464
16465
#: serverguide/C/network-auth.xml:2969(para)
16466
msgid ""
16467
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16468
"one using the normal Kerberos database."
16469
msgstr ""
16470
16471
#: serverguide/C/network-auth.xml:2975(para)
16472
msgid "First, install the necessary packages. In a terminal enter:"
16473
msgstr ""
16474
16475
#: serverguide/C/network-auth.xml:2986(para)
16476
msgid ""
16477
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16478
msgstr ""
16479
16480
#: serverguide/C/network-auth.xml:2990(programlisting)
16481
#, no-wrap
16482
msgid ""
16483
"\n"
16484
"[libdefaults]\n"
16485
" default_realm = EXAMPLE.COM\n"
16486
"\n"
16487
"...\n"
16488
"\n"
16489
"[realms]\n"
16490
" EXAMPLE.COM = {\n"
16491
" kdc = kdc01.example.com\n"
16492
" kdc = kdc02.example.com\n"
16493
" admin_server = kdc01.example.com\n"
16494
" admin_server = kdc02.example.com\n"
16495
" default_domain = example.com\n"
16496
" database_module = openldap_ldapconf\n"
16497
" }\n"
16498
"\n"
16499
"...\n"
16500
"\n"
16501
"[domain_realm]\n"
16502
" .example.com = EXAMPLE.COM\n"
16503
"\n"
16504
"...\n"
16505
"\n"
16506
"[dbdefaults]\n"
16507
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16508
"\n"
16509
"[dbmodules]\n"
16510
" openldap_ldapconf = {\n"
16511
" db_library = kldap\n"
16512
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16513
"\n"
16514
" # this object needs to have read rights on\n"
16515
" # the realm container, principal container and realm sub-"
16516
"trees\n"
16517
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16518
"\n"
16519
" # this object needs to have read and write rights on\n"
16520
" # the realm container, principal container and realm sub-"
16521
"trees\n"
16522
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16523
" ldap_servers = ldaps://ldap01.example.com "
16524
"ldaps://ldap02.example.com\n"
16525
" ldap_conns_per_server = 5\n"
16526
" }\n"
16527
msgstr ""
16528
16529
#: serverguide/C/network-auth.xml:3037(para)
16530
msgid "Create the stash for the LDAP bind password:"
16531
msgstr ""
16532
16533
#: serverguide/C/network-auth.xml:3048(para)
16534
msgid ""
16535
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16536
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16537
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16538
"encrypted connection such as <application>scp</application>, or on physical "
16539
"media."
16540
msgstr ""
16541
16542
#: serverguide/C/network-auth.xml:3055(command)
16543
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16544
msgstr "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16545
16546
#: serverguide/C/network-auth.xml:3056(command)
16547
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16548
msgstr "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16549
16550
#: serverguide/C/network-auth.xml:3060(para)
16551
msgid ""
16552
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16553
msgstr ""
16554
16555
#: serverguide/C/network-auth.xml:3068(para)
16556
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16557
msgstr ""
16558
16559
#: serverguide/C/network-auth.xml:3079(para)
16560
msgid ""
16561
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16562
"you should be able to continue to authenticate users if one LDAP server, one "
16563
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16564
msgstr ""
16565
16566
#: serverguide/C/network-auth.xml:3091(para)
16567
msgid ""
16568
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16569
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16570
"Guide</ulink> has some additional details."
16571
msgstr ""
16572
16573
#: serverguide/C/network-auth.xml:3097(para)
16574
msgid ""
16575
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16576
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16577
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16578
"5.6</ulink> and the <ulink "
16579
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/kdb5_ldap_util.8.html"
16580
"\">kdb5_ldap_util man page</ulink>."
16581
msgstr ""
16582
16583
#: serverguide/C/network-auth.xml:3105(para)
16584
msgid ""
16585
"Another useful link is the <ulink "
16586
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/krb5.conf.5.html\">kr"
16587
"b5.conf man page</ulink>."
16588
msgstr ""
16589
16590
#: serverguide/C/network-auth.xml:3110(para)
16591
msgid ""
16592
"Also, see the <ulink "
16593
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16594
"and LDAP</ulink> Ubuntu wiki page."
16595
msgstr ""
16596
16597
#: serverguide/C/monitoring.xml:13(title)
16598
msgid "Monitoring"
16599
msgstr ""
16600
16601
#: serverguide/C/monitoring.xml:17(para)
16602
msgid ""
16603
"The monitoring of essential servers and services is an important part of "
16604
"system administration. Most network services are monitored for performance, "
16605
"availability, or both. This section will cover installation and "
16606
"configuration of <application>Nagios</application> for availability "
16607
"monitoring, and <application>Munin</application> for performance monitoring."
16608
msgstr ""
16609
16610
#: serverguide/C/monitoring.xml:24(para)
16611
msgid ""
16612
"The examples in this section will use two servers with hostnames "
16613
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16614
"<emphasis>Server01</emphasis> will be configured with "
16615
"<application>Nagios</application> to monitor services on itself and "
16616
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16617
"<application>munin</application> package to gather information from the "
16618
"network. Using the <application>munin-node</application> package, "
16619
"<emphasis>server02</emphasis> will be configured to send information to "
16620
"<emphasis>server01</emphasis>."
16621
msgstr ""
16622
16623
#: serverguide/C/monitoring.xml:33(para)
16624
msgid ""
16625
"Hopefully these simple examples will allow you to monitor additional servers "
16626
"and services on your network."
16627
msgstr ""
16628
16629
#: serverguide/C/monitoring.xml:39(title)
16630
msgid "Nagios"
16631
msgstr ""
16632
16633
#: serverguide/C/monitoring.xml:44(para)
16634
msgid ""
16635
"First, on <emphasis>server01</emphasis> install the "
16636
"<application>nagios</application> package. In a terminal enter:"
16637
msgstr ""
16638
16639
#: serverguide/C/monitoring.xml:50(command)
16640
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16641
msgstr ""
16642
16643
#: serverguide/C/monitoring.xml:53(para)
16644
msgid ""
16645
"You will be asked to enter a password for the "
16646
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16647
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16648
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16649
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16650
"of the <application>apache2-utils</application> package."
16651
msgstr ""
16652
16653
#: serverguide/C/monitoring.xml:60(para)
16654
msgid ""
16655
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16656
"user enter:"
16657
msgstr ""
16658
16659
#: serverguide/C/monitoring.xml:65(command)
16660
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16661
msgstr ""
16662
16663
#: serverguide/C/monitoring.xml:68(para)
16664
msgid "To add a user:"
16665
msgstr ""
16666
16667
#: serverguide/C/monitoring.xml:73(command)
16668
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16669
msgstr ""
16670
16671
#: serverguide/C/monitoring.xml:76(para)
16672
msgid ""
16673
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16674
"server</application> package. From a terminal on server02 enter:"
16675
msgstr ""
16676
16677
#: serverguide/C/monitoring.xml:82(command)
16678
msgid "sudo apt-get install nagios-nrpe-server"
16679
msgstr ""
16680
16681
#: serverguide/C/monitoring.xml:86(para)
16682
msgid ""
16683
"<application>NRPE</application> allows you to execute local checks on remote "
16684
"hosts. There are other ways of accomplishing this through other Nagios "
16685
"plugins as well as other checks."
16686
msgstr ""
16687
16688
#: serverguide/C/monitoring.xml:94(title)
16689
msgid "Configuration Overview"
16690
msgstr ""
16691
16692
#: serverguide/C/monitoring.xml:96(para)
16693
msgid ""
16694
"There are a couple of directories containing "
16695
"<application>Nagios</application> configuration and check files."
16696
msgstr ""
16697
16698
#: serverguide/C/monitoring.xml:102(para)
16699
msgid ""
16700
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16701
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16702
"etc."
16703
msgstr ""
16704
16705
#: serverguide/C/monitoring.xml:108(para)
16706
msgid ""
16707
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16708
"service checks."
16709
msgstr ""
16710
16711
#: serverguide/C/monitoring.xml:113(para)
16712
msgid ""
16713
"<filename>/etc/nagios</filename>: on the remote host contains the "
16714
"<application>nagios-nrpe-server</application> configuration files."
16715
msgstr ""
16716
16717
#: serverguide/C/monitoring.xml:118(para)
16718
msgid ""
16719
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16720
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16721
msgstr ""
16722
16723
#: serverguide/C/monitoring.xml:123(para)
16724
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16725
msgstr ""
16726
16727
#: serverguide/C/monitoring.xml:129(para)
16728
msgid ""
16729
"There are a plethora of checks <application>Nagios</application> can be "
16730
"configured to execute for any given host. For this example Nagios will be "
16731
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16732
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16733
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16734
msgstr ""
16735
16736
#: serverguide/C/monitoring.xml:136(para)
16737
msgid ""
16738
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16739
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16740
msgstr ""
16741
16742
#: serverguide/C/monitoring.xml:141(para)
16743
msgid ""
16744
"Additionally, there are some terms that once explained will hopefully make "
16745
"understanding Nagios configuration easier:"
16746
msgstr ""
16747
16748
#: serverguide/C/monitoring.xml:147(para)
16749
msgid ""
16750
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16751
"is being monitored."
16752
msgstr ""
16753
16754
#: serverguide/C/monitoring.xml:152(para)
16755
msgid ""
16756
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16757
"could group all web servers, file server, etc."
16758
msgstr ""
16759
16760
#: serverguide/C/monitoring.xml:157(para)
16761
msgid ""
16762
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16763
"as HTTP, DNS, NFS, etc."
16764
msgstr ""
16765
16766
#: serverguide/C/monitoring.xml:162(para)
16767
msgid ""
16768
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16769
"together. This is useful for grouping multiple HTTP for example."
16770
msgstr ""
16771
16772
#: serverguide/C/monitoring.xml:168(para)
16773
msgid ""
16774
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16775
"place. Nagios can be configured to send emails, SMS messages, etc."
16776
msgstr ""
16777
16778
#: serverguide/C/monitoring.xml:174(para)
16779
msgid ""
16780
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16781
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16782
"will also <application>ping</application> check the "
16783
"<emphasis>gateway</emphasis>."
16784
msgstr ""
16785
16786
#: serverguide/C/monitoring.xml:179(para)
16787
msgid ""
16788
"Large Nagios installations can be quite complex to configure. It is usually "
16789
"best to start small, one or two hosts, get things configured the way you "
16790
"like then expand."
16791
msgstr ""
16792
16793
#: serverguide/C/monitoring.xml:194(para)
16794
msgid ""
16795
"First, create a <emphasis>host</emphasis> configuration file for "
16796
"<emphasis>server02</emphasis>. In a terminal enter:"
16797
msgstr ""
16798
16799
#: serverguide/C/monitoring.xml:199(command)
16800
msgid ""
16801
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16802
"/etc/nagios3/conf.d/server02.cfg"
16803
msgstr ""
16804
16805
#: serverguide/C/monitoring.xml:203(para)
16806
msgid ""
16807
"In the above and following command examples, replace "
16808
"<emphasis>\"server01\"</emphasis>, "
16809
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16810
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16811
"your servers."
16812
msgstr ""
16813
16814
#: serverguide/C/monitoring.xml:212(para)
16815
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16816
msgstr ""
16817
16818
#: serverguide/C/monitoring.xml:216(programlisting)
16819
#, no-wrap
16820
msgid ""
16821
"\n"
16822
"define host{\n"
16823
" use generic-host ; Name of host "
16824
"template to use\n"
16825
" host_name server02\n"
16826
" alias Server 02\n"
16827
" address 172.18.100.101\n"
16828
"}\n"
16829
"\n"
16830
"# check DNS service.\n"
16831
"define service {\n"
16832
" use generic-service\n"
16833
" host_name server02\n"
16834
" service_description DNS\n"
16835
" check_command check_dns!172.18.100.101\n"
16836
"}\n"
16837
msgstr ""
16838
16839
#: serverguide/C/monitoring.xml:236(para)
16840
msgid ""
16841
"Restart the <application>nagios</application> daemon to enable the new "
16842
"configuration:"
16843
msgstr ""
16844
16845
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
16846
msgid "sudo /etc/init.d/nagios3 restart"
16847
msgstr ""
16848
16849
#: serverguide/C/monitoring.xml:251(para)
16850
msgid ""
16851
"Now add a service definition for the MySQL check by adding the following to "
16852
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16853
msgstr ""
16854
16855
#: serverguide/C/monitoring.xml:255(programlisting)
16856
#, no-wrap
16857
msgid ""
16858
"\n"
16859
"# check MySQL servers.\n"
16860
"define service {\n"
16861
" hostgroup_name mysql-servers\n"
16862
" service_description MySQL\n"
16863
" check_command "
16864
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16865
" use generic-service\n"
16866
" notification_interval 0 ; set > 0 if you want to be "
16867
"renotified\n"
16868
"}\n"
16869
msgstr ""
16870
16871
#: serverguide/C/monitoring.xml:269(para)
16872
msgid ""
16873
"A <emphasis>mysqsl-servers</emphasis> hostgroup now needs to be defined. "
16874
"Edit <filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16875
msgstr ""
16876
16877
#: serverguide/C/monitoring.xml:274(programlisting)
16878
#, no-wrap
16879
msgid ""
16880
"\n"
16881
"# MySQL hostgroup.\n"
16882
"define hostgroup {\n"
16883
" hostgroup_name mysql-servers\n"
16884
" alias MySQL servers\n"
16885
" members localhost, server02\n"
16886
" }\n"
16887
msgstr ""
16888
16889
#: serverguide/C/monitoring.xml:286(para)
16890
msgid ""
16891
"The Nagios check needs to authenticate to MySQL. To add a "
16892
"<emphasis>nagios</emphasis> user to MySQL enter:"
16893
msgstr ""
16894
16895
#: serverguide/C/monitoring.xml:291(command)
16896
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16897
msgstr ""
16898
16899
#: serverguide/C/monitoring.xml:295(para)
16900
msgid ""
16901
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16902
"<emphasis>mysql-servers</emphasis> hostgroup."
16903
msgstr ""
16904
16905
#: serverguide/C/monitoring.xml:303(para)
16906
msgid ""
16907
"Restart <application>nagios</application> to start checking the MySQL "
16908
"servers."
16909
msgstr ""
16910
16911
#: serverguide/C/monitoring.xml:318(para)
16912
msgid ""
16913
"Lastly configure NRPE to check the disk space on "
16914
"<emphasis>server02</emphasis>."
16915
msgstr ""
16916
16917
#: serverguide/C/monitoring.xml:322(para)
16918
msgid ""
16919
"On <emphasis>server01</emphasis> add the service check to "
16920
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16921
msgstr ""
16922
16923
#: serverguide/C/monitoring.xml:327(programlisting)
16924
#, no-wrap
16925
msgid ""
16926
"\n"
16927
"# NRPE disk check.\n"
16928
"define service {\n"
16929
" use generic-service\n"
16930
" host_name server02\n"
16931
" service_description nrpe-disk\n"
16932
" check_command "
16933
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16934
"}\n"
16935
msgstr ""
16936
16937
#: serverguide/C/monitoring.xml:340(para)
16938
msgid ""
16939
"Now on <emphasis>server02</emphasis> edit "
16940
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16941
msgstr ""
16942
16943
#: serverguide/C/monitoring.xml:344(programlisting)
16944
#, no-wrap
16945
msgid ""
16946
"\n"
16947
"allowed_hosts=172.18.100.100\n"
16948
msgstr ""
16949
16950
#: serverguide/C/monitoring.xml:348(para)
16951
msgid "And below in the command definition area add:"
16952
msgstr ""
16953
16954
#: serverguide/C/monitoring.xml:352(programlisting)
16955
#, no-wrap
16956
msgid ""
16957
"\n"
16958
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16959
"e\n"
16960
msgstr ""
16961
16962
#: serverguide/C/monitoring.xml:359(para)
16963
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16964
msgstr ""
16965
16966
#: serverguide/C/monitoring.xml:364(command)
16967
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16968
msgstr ""
16969
16970
#: serverguide/C/monitoring.xml:370(para)
16971
msgid ""
16972
"Also, on <emphasis>server01</emphasis> restart "
16973
"<application>nagios</application>:"
16974
msgstr ""
16975
16976
#: serverguide/C/monitoring.xml:383(para)
16977
msgid ""
16978
"You should now be able to see the host and service checks in the Nagios CGI "
16979
"files. To access them point a browser to http://server01/nagios3. You will "
16980
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
16981
"password."
16982
msgstr ""
16983
16984
#: serverguide/C/monitoring.xml:393(para)
16985
msgid ""
16986
"This section has just scratched the surface of Nagios' features. The "
16987
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16988
"plugins</application> contain many more service checks."
16989
msgstr ""
16990
16991
#: serverguide/C/monitoring.xml:400(para)
16992
msgid ""
16993
"For more information see <ulink "
16994
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16995
msgstr ""
16996
16997
#: serverguide/C/monitoring.xml:405(para)
16998
msgid ""
16999
"Specifically the <ulink "
17000
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
17001
"site."
17002
msgstr ""
17003
17004
#: serverguide/C/monitoring.xml:410(para)
17005
msgid ""
17006
"There is also a list of <ulink "
17007
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
17008
"Nagios and network monitoring:"
17009
msgstr ""
17010
17011
#: serverguide/C/monitoring.xml:416(para)
17012
msgid ""
17013
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
17014
"Wiki</ulink> page also has more details."
17015
msgstr ""
17016
17017
#: serverguide/C/monitoring.xml:425(title)
17018
msgid "Munin"
17019
msgstr ""
17020
17021
#: serverguide/C/monitoring.xml:430(para)
17022
msgid ""
17023
"Before installing <application>Munin</application> on "
17024
"<emphasis>server01</emphasis><application>apache2</application> will need to "
17025
"be installed. The default configuration is fine for running a "
17026
"<application>munin</application> server. For more information see <xref "
17027
"linkend=\"httpd\"/>."
17028
msgstr ""
17029
17030
#: serverguide/C/monitoring.xml:436(para)
17031
msgid ""
17032
"First, on <emphasis>server01</emphasis> install "
17033
"<application>munin</application>. In a terminal enter:"
17034
msgstr ""
17035
17036
#: serverguide/C/monitoring.xml:441(command)
17037
msgid "sudo apt-get install munin"
17038
msgstr ""
17039
17040
#: serverguide/C/monitoring.xml:444(para)
17041
msgid ""
17042
"Now on <emphasis>server02</emphasis> install the <application>munin-"
17043
"node</application> package:"
17044
msgstr ""
17045
17046
#: serverguide/C/monitoring.xml:449(command)
17047
msgid "sudo apt-get install munin-node"
17048
msgstr ""
17049
17050
#: serverguide/C/monitoring.xml:456(para)
17051
msgid ""
17052
"On <emphasis>server01</emphasis> edit the "
17053
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
17054
"<emphasis>server02</emphasis>:"
17055
msgstr ""
17056
17057
#: serverguide/C/monitoring.xml:461(programlisting)
17058
#, no-wrap
17059
msgid ""
17060
"\n"
17061
"## First our \"normal\" host.\n"
17062
"[server02]\n"
17063
" address 172.18.100.101\n"
17064
msgstr ""
17065
17066
#: serverguide/C/monitoring.xml:468(para)
17067
msgid ""
17068
"Replace <emphasis>server02</emphasis> and "
17069
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
17070
"for your server."
17071
msgstr ""
17072
17073
#: serverguide/C/monitoring.xml:474(para)
17074
msgid ""
17075
"Next, configure <application>munin-node</application> on "
17076
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
17077
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
17078
msgstr ""
17079
17080
#: serverguide/C/monitoring.xml:479(programlisting)
17081
#, no-wrap
17082
msgid ""
17083
"\n"
17084
"allow ^172\\.18\\.100\\.100$\n"
17085
msgstr ""
17086
17087
#: serverguide/C/monitoring.xml:484(para)
17088
msgid ""
17089
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
17090
"<application>munin</application> server."
17091
msgstr ""
17092
17093
#: serverguide/C/monitoring.xml:489(para)
17094
msgid ""
17095
"Now restart <application>munin-node</application> on "
17096
"<emphasis>server02</emphasis> for the changes to take effect:"
17097
msgstr ""
17098
17099
#: serverguide/C/monitoring.xml:494(command)
17100
msgid "sudo /etc/init.d/munin-node restart"
17101
msgstr ""
17102
17103
#: serverguide/C/monitoring.xml:497(para)
17104
msgid ""
17105
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
17106
"you should see links to nice graphs displaying information from the standard "
17107
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
17108
msgstr ""
17109
17110
#: serverguide/C/monitoring.xml:503(para)
17111
msgid ""
17112
"Since this is a new install it may take some time for the graphs to display "
17113
"anything useful."
17114
msgstr ""
17115
17116
#: serverguide/C/monitoring.xml:510(title)
17117
msgid "Additional Plugins"
17118
msgstr ""
17119
17120
#: serverguide/C/monitoring.xml:512(para)
17121
msgid ""
17122
"The <application>munin-plugins-extra</application> package contains "
17123
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
17124
"install the package, from a terminal enter:"
17125
msgstr ""
17126
17127
#: serverguide/C/monitoring.xml:518(command)
17128
msgid "sudo apt-get install munin-plugins-extra"
17129
msgstr ""
17130
17131
#: serverguide/C/monitoring.xml:521(para)
17132
msgid "Be sure to install the package on both the server and node machines."
17133
msgstr ""
17134
17135
#: serverguide/C/monitoring.xml:531(para)
17136
msgid ""
17137
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
17138
"website for more details."
17139
msgstr ""
17140
17141
#: serverguide/C/monitoring.xml:536(para)
17142
msgid ""
17143
"Specifically the <ulink "
17144
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
17145
"Documentation</ulink> page includes information on additional plugins, "
17146
"writing plugins, etc."
17147
msgstr ""
17148
17149
#: serverguide/C/monitoring.xml:542(para)
17150
msgid ""
17151
"Also, there is a book in German by Open Source Press: <ulink "
17152
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
17153
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
17154
msgstr ""
17155
17156
#: serverguide/C/monitoring.xml:548(para)
17157
msgid ""
17158
"Another resource is the <ulink "
17159
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
17160
"page."
17161
msgstr ""
17162
17163
#: serverguide/C/mail.xml:13(title)
17164
msgid "Email Services"
17165
msgstr ""
17166
17167
#: serverguide/C/mail.xml:14(para)
17168
msgid ""
17169
"The process of getting an email from one person to another over a network or "
17170
"the Internet involves many systems working together. Each of these systems "
17171
"must be correctly configured for the process to work. The sender uses a "
17172
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
17173
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
17174
"the last of which will hand it off to a <emphasis>Mail Delivery "
17175
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
17176
"it will be retrieved by the recipient's email client, usually via a POP3 or "
17177
"IMAP server."
17178
msgstr ""
17179
17180
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
17181
msgid "Postfix"
17182
msgstr "Postfix"
17183
17184
#: serverguide/C/mail.xml:25(para)
17185
msgid ""
17186
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
17187
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
17188
"compatible with the MTA <application>sendmail</application>. This section "
17189
"explains how to install and configure <application>postfix</application>. It "
17190
"also explains how to set it up as an SMTP server using a secure connection "
17191
"(for sending emails securely)."
17192
msgstr ""
17193
17194
#: serverguide/C/mail.xml:34(para)
17195
msgid ""
17196
"This guide does not cover setting up Postfix <emphasis>Virtual "
17197
"Domains</emphasis>, for information on Virtual Domains and other advanced "
17198
"configurations see <xref linkend=\"postfix-references\"/>."
17199
msgstr ""
17200
17201
#: serverguide/C/mail.xml:41(para)
17202
msgid ""
17203
"To install <application>postfix</application> run the following command:"
17204
msgstr ""
17205
17206
#: serverguide/C/mail.xml:47(para)
17207
msgid ""
17208
"Simply press return when the installation process asks questions, the "
17209
"configuration will be done in greater detail in the next stage."
17210
msgstr ""
17211
17212
#: serverguide/C/mail.xml:52(title)
17213
msgid "Basic Configuration"
17214
msgstr ""
17215
17216
#: serverguide/C/mail.xml:53(para)
17217
msgid ""
17218
"To configure <application>postfix</application>, run the following command:"
17219
msgstr ""
17220
17221
#: serverguide/C/mail.xml:57(command)
17222
msgid "sudo dpkg-reconfigure postfix"
17223
msgstr "sudo dpkg-reconfigure postfix"
17224
17225
#: serverguide/C/mail.xml:63(para)
17226
msgid "Internet Site"
17227
msgstr "Інтэрнэт сайт"
17228
17229
#: serverguide/C/mail.xml:64(para)
17230
msgid "mail.example.com"
17231
msgstr "mail.example.com"
17232
17233
#: serverguide/C/mail.xml:65(para)
17234
msgid "steve"
17235
msgstr "steve"
17236
17237
#: serverguide/C/mail.xml:66(para)
17238
msgid "mail.example.com, localhost.localdomain, localhost"
17239
msgstr "mail.example.com, localhost.localdomain, localhost"
17240
17241
#: serverguide/C/mail.xml:67(para)
17242
msgid "No"
17243
msgstr "Не"
17244
17245
#: serverguide/C/mail.xml:68(para)
17246
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
17247
msgstr ""
17248
17249
#: serverguide/C/mail.xml:69(para)
17250
msgid "0"
17251
msgstr "0"
17252
17253
#: serverguide/C/mail.xml:70(para)
17254
msgid "+"
17255
msgstr "+"
17256
17257
#: serverguide/C/mail.xml:71(para)
17258
msgid "all"
17259
msgstr "усе"
17260
17261
#: serverguide/C/mail.xml:59(para)
17262
msgid ""
17263
"The user interface will be displayed. On each screen, select the following "
17264
"values: <placeholder-1/>"
17265
msgstr ""
17266
17267
#: serverguide/C/mail.xml:75(para)
17268
msgid ""
17269
"Replace mail.example.com with the domain for which you'll accept email, "
17270
"192.168.0.0/24 with the actual network and class range of your mail server, "
17271
"and steve with the appropriate username."
17272
msgstr ""
17273
17274
#: serverguide/C/mail.xml:81(para)
17275
msgid ""
17276
"Now is a good time to decide which mailbox format you want to use. By "
17277
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
17278
"mailbox format. Rather than editing the configuration file directly, you can "
17279
"use the <command>postconf</command> command to configure all "
17280
"<application>postfix</application> parameters. The configuration parameters "
17281
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
17282
"you wish to re-configure a particular parameter, you can either run the "
17283
"command or change it manually in the file."
17284
msgstr ""
17285
17286
#: serverguide/C/mail.xml:92(para)
17287
msgid ""
17288
"To configure the mailbox format for <emphasis "
17289
"role=\"strong\">Maildir:</emphasis>"
17290
msgstr ""
17291
17292
#: serverguide/C/mail.xml:97(command)
17293
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
17294
msgstr ""
17295
17296
#: serverguide/C/mail.xml:100(para)
17297
msgid ""
17298
"This will place new mail in /home/<emphasis "
17299
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
17300
"your Mail Delivery Agent (MDA) to use the same path."
17301
msgstr ""
17302
17303
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
17304
msgid "SMTP Authentication"
17305
msgstr ""
17306
17307
#: serverguide/C/mail.xml:110(para)
17308
msgid ""
17309
"SMTP-AUTH allows a client to identify itself through an authentication "
17310
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
17311
"the authentication process. Once authenticated the SMTP server will allow "
17312
"the client to relay mail."
17313
msgstr ""
17314
17315
#: serverguide/C/mail.xml:117(para)
17316
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
17317
msgstr ""
17318
17319
#: serverguide/C/mail.xml:120(screen)
17320
#, no-wrap
17321
msgid ""
17322
"\n"
17323
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
17324
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
17325
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
17326
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17327
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17328
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17329
"sudo postconf -e 'smtpd_recipient_restrictions = "
17330
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17331
"sudo postconf -e 'inet_interfaces = all'\n"
17332
msgstr ""
17333
17334
#: serverguide/C/mail.xml:131(para)
17335
msgid ""
17336
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
17337
"the Postfix queue directory."
17338
msgstr ""
17339
17340
#: serverguide/C/mail.xml:137(para)
17341
msgid ""
17342
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
17343
"and-security\"/> for details. This example also uses a Certificate Authority "
17344
"(CA). For information on generating a CA certificate see <xref "
17345
"linkend=\"certificate-authority\"/>."
17346
msgstr ""
17347
17348
#: serverguide/C/mail.xml:143(para)
17349
msgid ""
17350
"You can get the digital certificate from a certificate authority. But unlike "
17351
"web clients, SMTP clients rarely complain about \"self-signed "
17352
"certificates\", so alternatively, you can create the certificate yourself. "
17353
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
17354
"details."
17355
msgstr ""
17356
17357
#: serverguide/C/mail.xml:155(para)
17358
msgid ""
17359
"Once you have a certificate, configure Postfix to provide TLS encryption for "
17360
"both incoming and outgoing mail:"
17361
msgstr ""
17362
17363
#: serverguide/C/mail.xml:158(screen)
17364
#, no-wrap
17365
msgid ""
17366
"\n"
17367
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
17368
"sudo postconf -e 'smtp_use_tls = yes'\n"
17369
"sudo postconf -e 'smtpd_use_tls = yes'\n"
17370
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
17371
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
17372
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
17373
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
17374
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
17375
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
17376
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
17377
"sudo postconf -e 'myhostname = mail.example.com'\n"
17378
msgstr ""
17379
17380
#: serverguide/C/mail.xml:173(para)
17381
msgid ""
17382
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17383
"the certificate enter:"
17384
msgstr ""
17385
17386
#: serverguide/C/mail.xml:177(command)
17387
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17388
msgstr ""
17389
17390
#: serverguide/C/mail.xml:180(para)
17391
msgid ""
17392
"Again, for more details about certificates see <xref linkend=\"certificates-"
17393
"and-security\"/>."
17394
msgstr ""
17395
17396
#: serverguide/C/mail.xml:186(para)
17397
msgid ""
17398
"After running all the commands, <application>Postfix</application> is "
17399
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17400
"TLS encryption."
17401
msgstr ""
17402
17403
#: serverguide/C/mail.xml:191(para)
17404
msgid ""
17405
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17406
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17407
msgstr ""
17408
17409
#: serverguide/C/mail.xml:195(para)
17410
msgid ""
17411
"The postfix initial configuration is complete. Run the following command to "
17412
"restart the postfix daemon:"
17413
msgstr ""
17414
17415
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17416
msgid "sudo /etc/init.d/postfix restart"
17417
msgstr "sudo /etc/init.d/postfix restart"
17418
17419
#: serverguide/C/mail.xml:204(para)
17420
msgid ""
17421
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17422
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17423
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17424
"However it is still necessary to set up SASL authentication before you can "
17425
"use SMTP-AUTH."
17426
msgstr ""
17427
17428
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
17429
msgid "Configuring SASL"
17430
msgstr "Наладка SASL"
17431
17432
#: serverguide/C/mail.xml:215(para)
17433
msgid ""
17434
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17435
"enable Dovecot SASL the <application>dovecot-common</application> package "
17436
"will need to be installed. From a terminal prompt enter the following:"
17437
msgstr ""
17438
17439
#: serverguide/C/mail.xml:221(command)
17440
msgid "sudo apt-get install dovecot-common"
17441
msgstr ""
17442
17443
#: serverguide/C/mail.xml:223(para)
17444
msgid ""
17445
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17446
"In the <emphasis>auth default</emphasis> section uncomment the "
17447
"<emphasis>socket listen</emphasis> option and change the following:"
17448
msgstr ""
17449
17450
#: serverguide/C/mail.xml:227(programlisting)
17451
#, no-wrap
17452
msgid ""
17453
"\n"
17454
" socket listen {\n"
17455
" #master {\n"
17456
" # Master socket provides access to userdb information. It's typically\n"
17457
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17458
" # can find mailbox locations.\n"
17459
" #path = /var/run/dovecot/auth-master\n"
17460
" #mode = 0600\n"
17461
" # Default user/group is the one who started dovecot-auth (root)\n"
17462
" #user = \n"
17463
" #group = \n"
17464
" #}\n"
17465
" client {\n"
17466
" # The client socket is generally safe to export to everyone. Typical "
17467
"use\n"
17468
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17469
" # using it.\n"
17470
" path = /var/spool/postfix/private/auth-client\n"
17471
" mode = 0660\n"
17472
" user = postfix\n"
17473
" group = postfix\n"
17474
" }\n"
17475
" }\n"
17476
msgstr ""
17477
17478
#: serverguide/C/mail.xml:251(para)
17479
msgid ""
17480
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17481
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17482
"add <emphasis>\"login\"</emphasis>:"
17483
msgstr ""
17484
17485
#: serverguide/C/mail.xml:256(programlisting)
17486
#, no-wrap
17487
msgid ""
17488
"\n"
17489
" mechanisms = plain login\n"
17490
msgstr ""
17491
17492
#: serverguide/C/mail.xml:260(para)
17493
msgid ""
17494
"Once you have <application>Dovecot</application> configured restart it with:"
17495
msgstr ""
17496
17497
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17498
msgid "sudo /etc/init.d/dovecot restart"
17499
msgstr "sudo /etc/init.d/dovecot restart"
17500
17501
#: serverguide/C/mail.xml:269(title)
17502
msgid "Postfix-Dovecot"
17503
msgstr ""
17504
17505
#: serverguide/C/mail.xml:271(para)
17506
msgid ""
17507
"Another option for configuring <application>Postfix</application> for SMTP-"
17508
"AUTH is using the <application>dovecot-postfix</application> package. This "
17509
"package will install <application>Dovecot</application> and configure "
17510
"<application>Postfix</application> to use it for both SASL authentication "
17511
"and as a Mail Delivery Agent (MDA). The package also configures "
17512
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17513
msgstr ""
17514
17515
#: serverguide/C/mail.xml:280(para)
17516
msgid ""
17517
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17518
"server. For example, if you are configuring your server to be a mail "
17519
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17520
"the above commands to configure Postfix for SMTPAUTH."
17521
msgstr ""
17522
17523
#: serverguide/C/mail.xml:287(para)
17524
msgid "To install the package, from a terminal prompt enter:"
17525
msgstr ""
17526
17527
#: serverguide/C/mail.xml:292(command)
17528
msgid "sudo apt-get install dovecot-postfix"
17529
msgstr "sudo apt-get install dovecot-postfix"
17530
17531
#: serverguide/C/mail.xml:295(para)
17532
msgid ""
17533
"You should now have a working mail server, but there are a few options that "
17534
"you may wish to further customize. For example, the package uses the "
17535
"certificate and key from the <application>ssl-cert</application> package, "
17536
"and in a production environment you should use a certificate and key "
17537
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17538
"for more details."
17539
msgstr ""
17540
17541
#: serverguide/C/mail.xml:301(para)
17542
msgid ""
17543
"Once you have a customized certificate and key for the host, change the "
17544
"following options in <filename>/etc/postfix/main.cf</filename>:"
17545
msgstr ""
17546
17547
#: serverguide/C/mail.xml:305(programlisting)
17548
#, no-wrap
17549
msgid ""
17550
"\n"
17551
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17552
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17553
msgstr ""
17554
"\n"
17555
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17556
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17557
17558
#: serverguide/C/mail.xml:310(para)
17559
msgid "Then restart Postfix:"
17560
msgstr "Пасьля перазапусьціце Postfix:"
17561
17562
#: serverguide/C/mail.xml:321(para)
17563
msgid ""
17564
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17565
msgstr ""
17566
17567
#: serverguide/C/mail.xml:324(para)
17568
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17569
msgstr ""
17570
17571
#: serverguide/C/mail.xml:329(command)
17572
msgid "telnet mail.example.com 25"
17573
msgstr "telnet mail.example.com 25"
17574
17575
#: serverguide/C/mail.xml:331(para)
17576
msgid ""
17577
"After you have established the connection to the postfix mail server, type:"
17578
msgstr ""
17579
17580
#: serverguide/C/mail.xml:335(screen)
17581
#, no-wrap
17582
msgid ""
17583
"\n"
17584
"ehlo mail.example.com\n"
17585
msgstr ""
17586
"\n"
17587
"ehlo mail.example.com\n"
17588
17589
#: serverguide/C/mail.xml:338(para)
17590
msgid ""
17591
"If you see the following lines among others, then everything is working "
17592
"perfectly. Type <command>quit</command> to exit."
17593
msgstr ""
17594
17595
#: serverguide/C/mail.xml:342(programlisting)
17596
#, no-wrap
17597
msgid ""
17598
"\n"
17599
"250-STARTTLS\n"
17600
"250-AUTH LOGIN PLAIN\n"
17601
"250-AUTH=LOGIN PLAIN\n"
17602
"250 8BITMIME\n"
17603
msgstr ""
17604
"\n"
17605
"250-STARTTLS\n"
17606
"250-AUTH LOGIN PLAIN\n"
17607
"250-AUTH=LOGIN PLAIN\n"
17608
"250 8BITMIME\n"
17609
17610
#: serverguide/C/mail.xml:352(para)
17611
msgid ""
17612
"This section introduces some common ways to determine the cause if problems "
17613
"arise."
17614
msgstr ""
17615
17616
#: serverguide/C/mail.xml:356(title)
17617
msgid "Escaping chroot"
17618
msgstr ""
17619
17620
#: serverguide/C/mail.xml:357(para)
17621
msgid ""
17622
"The Ubuntu <application>postfix</application> package will by default "
17623
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17624
"This can add greater complexity when troubleshooting problems."
17625
msgstr ""
17626
17627
#: serverguide/C/mail.xml:361(para)
17628
msgid ""
17629
"To turn off the chroot operation locate for the following line in the "
17630
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17631
msgstr ""
17632
17633
#: serverguide/C/mail.xml:365(screen)
17634
#, no-wrap
17635
msgid ""
17636
"\n"
17637
"smtp inet n - - - - smtpd\n"
17638
msgstr ""
17639
"\n"
17640
"smtp inet n - - - - smtpd\n"
17641
17642
#: serverguide/C/mail.xml:368(para)
17643
msgid "and modify it as follows:"
17644
msgstr "і зьміце наступным чынам:"
17645
17646
#: serverguide/C/mail.xml:371(screen)
17647
#, no-wrap
17648
msgid ""
17649
"\n"
17650
"smtp inet n - n - - smtpd\n"
17651
msgstr ""
17652
"\n"
17653
"smtp inet n - n - - smtpd\n"
17654
17655
#: serverguide/C/mail.xml:374(para)
17656
msgid ""
17657
"You will then need to restart Postfix to use the new configuration. From a "
17658
"terminal prompt enter:"
17659
msgstr ""
17660
17661
#: serverguide/C/mail.xml:382(title)
17662
msgid "Log Files"
17663
msgstr ""
17664
17665
#: serverguide/C/mail.xml:383(para)
17666
msgid ""
17667
"<application>Postfix</application> sends all log messages to "
17668
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17669
"can sometimes get lost in the normal log output so they are also logged to "
17670
"<filename>/var/log/mail.err</filename> and "
17671
"<filename>/var/log/mail.warn</filename> respectively."
17672
msgstr ""
17673
17674
#: serverguide/C/mail.xml:388(para)
17675
msgid ""
17676
"To see messages entered into the logs in real time you can use the "
17677
"<application>tail -f</application> command:"
17678
msgstr ""
17679
17680
#: serverguide/C/mail.xml:393(command)
17681
msgid "tail -f /var/log/mail.err"
17682
msgstr "tail -f /var/log/mail.err"
17683
17684
#: serverguide/C/mail.xml:395(para)
17685
msgid ""
17686
"The amount of detail that is recorded in the logs can be increased. Below "
17687
"are some configuration options for increasing the log level for some of the "
17688
"areas covered above."
17689
msgstr ""
17690
17691
#: serverguide/C/mail.xml:401(para)
17692
msgid ""
17693
"To increase <emphasis>TLS</emphasis> activity logging set the "
17694
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17695
msgstr ""
17696
17697
#: serverguide/C/mail.xml:405(command)
17698
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17699
msgstr "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17700
17701
#: serverguide/C/mail.xml:409(para)
17702
msgid ""
17703
"If you are having trouble sending or receiving mail from a specific domain "
17704
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17705
msgstr ""
17706
17707
#: serverguide/C/mail.xml:414(command)
17708
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17709
msgstr "sudo postconf -e 'debug_peer_list = problem.domain'"
17710
17711
#: serverguide/C/mail.xml:418(para)
17712
msgid ""
17713
"You can increase the verbosity of any <application>Postfix</application> "
17714
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17715
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17716
"<emphasis>smtp</emphasis> entry:"
17717
msgstr ""
17718
17719
#: serverguide/C/mail.xml:422(programlisting)
17720
#, no-wrap
17721
msgid ""
17722
"\n"
17723
"smtp unix - - - - - smtp -v\n"
17724
msgstr ""
17725
"\n"
17726
"smtp unix - - - - - smtp -v\n"
17727
17728
#: serverguide/C/mail.xml:428(para)
17729
msgid ""
17730
"It is important to note that after making one of the logging changes above "
17731
"the <application>Postfix</application> process will need to be reloaded in "
17732
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17733
"reload</command>"
17734
msgstr ""
17735
17736
#: serverguide/C/mail.xml:435(para)
17737
msgid ""
17738
"To increase the amount of information logged when troubleshooting "
17739
"<emphasis>SASL</emphasis> issues you can set the following options in "
17740
"<filename>/etc/dovecot/dovecot.conf</filename>"
17741
msgstr ""
17742
17743
#: serverguide/C/mail.xml:439(programlisting)
17744
#, no-wrap
17745
msgid ""
17746
"\n"
17747
"auth_debug=yes\n"
17748
"auth_debug_passwords=yes\n"
17749
msgstr ""
17750
"\n"
17751
"auth_debug=yes\n"
17752
"auth_debug_passwords=yes\n"
17753
17754
#: serverguide/C/mail.xml:446(para)
17755
msgid ""
17756
"Just like <application>Postfix</application> if you change a "
17757
"<application>Dovecot</application> configuration the process will need to be "
17758
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17759
msgstr ""
17760
17761
#: serverguide/C/mail.xml:452(para)
17762
msgid ""
17763
"Some of the options above can drastically increase the amount of information "
17764
"sent to the log files. Remember to return the log level back to normal after "
17765
"you have corrected the problem. Then reload the appropriate daemon for the "
17766
"new configuration to take affect."
17767
msgstr ""
17768
17769
#: serverguide/C/mail.xml:460(para)
17770
msgid ""
17771
"Administering a <application>Postfix</application> server can be a very "
17772
"complicated task. At some point you may need to turn to the Ubuntu community "
17773
"for more experienced help."
17774
msgstr ""
17775
17776
#: serverguide/C/mail.xml:464(para)
17777
msgid ""
17778
"A great place to ask for <application>Postfix</application> assistance, and "
17779
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17780
"server</emphasis> IRC channel on <ulink "
17781
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17782
"one of the <ulink "
17783
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17784
msgstr ""
17785
17786
#: serverguide/C/mail.xml:469(para)
17787
msgid ""
17788
"For in depth <application>Postfix</application> information Ubuntu "
17789
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17790
"Book of Postfix</ulink>."
17791
msgstr ""
17792
17793
#: serverguide/C/mail.xml:473(para)
17794
msgid ""
17795
"Finally, the <ulink "
17796
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17797
"also has great documentation on all the different configuration options "
17798
"available."
17799
msgstr ""
17800
17801
#: serverguide/C/mail.xml:477(para)
17802
msgid ""
17803
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17804
"Wiki Postifx</ulink> page has more information."
17805
msgstr ""
17806
17807
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17808
msgid "Exim4"
17809
msgstr "Exim4"
17810
17811
#: serverguide/C/mail.xml:486(para)
17812
msgid ""
17813
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17814
"developed at the University of Cambridge for use on Unix systems connected "
17815
"to the Internet. Exim can be installed in place of "
17816
"<application>sendmail</application>, although the configuration of "
17817
"<application>exim</application> is quite different to that of "
17818
"<application>sendmail</application>."
17819
msgstr ""
17820
17821
#: serverguide/C/mail.xml:497(para)
17822
msgid ""
17823
"To install <application>exim4</application>, run the following command: "
17824
"<screen>\n"
17825
"<command>sudo apt-get install exim4</command>\n"
17826
"</screen>"
17827
msgstr ""
17828
"Каб устанавіць <application>exim4</application>, увядзіце загад: <screen>\n"
17829
"<command>sudo apt-get install exim4</command>\n"
17830
"</screen>"
17831
17832
#: serverguide/C/mail.xml:506(para)
17833
msgid ""
17834
"To configure <application>Exim4</application>, run the following command:"
17835
msgstr ""
17836
17837
#: serverguide/C/mail.xml:510(command)
17838
msgid "sudo dpkg-reconfigure exim4-config"
17839
msgstr "sudo dpkg-reconfigure exim4-config"
17840
17841
#: serverguide/C/mail.xml:512(para)
17842
msgid ""
17843
"The user interface will be displayed. The user interface lets you configure "
17844
"many parameters. For example, In <application>Exim4</application> the "
17845
"configuration files are split among multiple files. If you wish to have them "
17846
"in one file you can configure accordingly in this user interface."
17847
msgstr ""
17848
17849
#: serverguide/C/mail.xml:520(para)
17850
msgid ""
17851
"All the parameters you configure in the user interface are stored in "
17852
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17853
"re-configure, either you re-run the configuration wizard or manually edit "
17854
"this file using your favorite editor. Once you configure, you can run the "
17855
"following command to generate the master configuration file:"
17856
msgstr ""
17857
17858
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
17859
msgid "sudo update-exim4.conf"
17860
msgstr "sudo update-exim4.conf"
17861
17862
#: serverguide/C/mail.xml:533(para)
17863
msgid ""
17864
"The master configuration file, is generated and it is stored in "
17865
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17866
msgstr ""
17867
17868
#: serverguide/C/mail.xml:539(para)
17869
msgid ""
17870
"At any time, you should not edit the master configuration file, "
17871
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17872
"updated automatically every time you run <command>update-exim4.conf</command>"
17873
msgstr ""
17874
17875
#: serverguide/C/mail.xml:547(para)
17876
msgid ""
17877
"You can run the following command to start <application>Exim4</application> "
17878
"daemon."
17879
msgstr ""
17880
17881
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
17882
msgid "sudo /etc/init.d/exim4 start"
17883
msgstr "sudo /etc/init.d/exim4 start"
17884
17885
#: serverguide/C/mail.xml:557(para)
17886
msgid ""
17887
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17888
msgstr ""
17889
17890
#: serverguide/C/mail.xml:560(para)
17891
msgid ""
17892
"The first step is to create a certificate for use with TLS. Enter the "
17893
"following into a terminal prompt:"
17894
msgstr ""
17895
17896
#: serverguide/C/mail.xml:564(command)
17897
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17898
msgstr "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17899
17900
#: serverguide/C/mail.xml:566(para)
17901
msgid ""
17902
"Now Exim4 needs to be configured for TLS by editing "
17903
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17904
"the following:"
17905
msgstr ""
17906
17907
#: serverguide/C/mail.xml:570(programlisting)
17908
#, no-wrap
17909
msgid ""
17910
"\n"
17911
"MAIN_TLS_ENABLE = yes\n"
17912
msgstr ""
17913
17914
#: serverguide/C/mail.xml:573(para)
17915
msgid ""
17916
"Next you need to configure <application>Exim4</application> to use the "
17917
"<application>saslauthd</application> for authentication. Edit "
17918
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
17919
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
17920
"<emphasis>login_saslauthd_server</emphasis> sections:"
17921
msgstr ""
17922
17923
#: serverguide/C/mail.xml:578(programlisting)
17924
#, no-wrap
17925
msgid ""
17926
"\n"
17927
" plain_saslauthd_server:\n"
17928
" driver = plaintext\n"
17929
" public_name = PLAIN\n"
17930
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
17931
" server_set_id = $auth2\n"
17932
" server_prompts = :\n"
17933
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17934
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17935
" .endif\n"
17936
"#\n"
17937
" login_saslauthd_server:\n"
17938
" driver = plaintext\n"
17939
" public_name = LOGIN\n"
17940
" server_prompts = \"Username:: : Password::\"\n"
17941
" # don't send system passwords over unencrypted connections\n"
17942
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
17943
" server_set_id = $auth1\n"
17944
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17945
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17946
" .endif\n"
17947
msgstr ""
17948
17949
#: serverguide/C/mail.xml:600(para)
17950
msgid "Finally, update the Exim4 configuration and restart the service:"
17951
msgstr ""
17952
17953
#: serverguide/C/mail.xml:605(command)
17954
msgid "sudo /etc/init.d/exim4 restart"
17955
msgstr "sudo /etc/init.d/exim4 restart"
17956
17957
#: serverguide/C/mail.xml:610(para)
17958
msgid ""
17959
"This section provides details on configuring the saslauthd to provide "
17960
"authentication for <application>Exim4</application>."
17961
msgstr ""
17962
17963
#: serverguide/C/mail.xml:613(para)
17964
msgid ""
17965
"The first step is to install the sasl2-bin package. From a terminal prompt "
17966
"enter the following:"
17967
msgstr ""
17968
17969
#: serverguide/C/mail.xml:617(command)
17970
msgid "sudo apt-get install sasl2-bin"
17971
msgstr "sudo apt-get install sasl2-bin"
17972
17973
#: serverguide/C/mail.xml:619(para)
17974
msgid ""
17975
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17976
"and set START=no to:"
17977
msgstr ""
17978
17979
#: serverguide/C/mail.xml:622(programlisting)
17980
#, no-wrap
17981
msgid ""
17982
"\n"
17983
"START=yes\n"
17984
msgstr ""
17985
"\n"
17986
"START=yes\n"
17987
17988
#: serverguide/C/mail.xml:625(para)
17989
msgid ""
17990
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17991
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17992
"service:"
17993
msgstr ""
17994
17995
#: serverguide/C/mail.xml:630(command)
17996
msgid "sudo adduser Debian-exim sasl"
17997
msgstr ""
17998
17999
#: serverguide/C/mail.xml:632(para)
18000
msgid "Now start the <application>saslauthd</application> service:"
18001
msgstr "Цяпер запусьціце сэрвіс <application>saslauthd</application>:"
18002
18003
#: serverguide/C/mail.xml:636(command)
18004
msgid "sudo /etc/init.d/saslauthd start"
18005
msgstr "sudo /etc/init.d/saslauthd start"
18006
18007
#: serverguide/C/mail.xml:638(para)
18008
msgid ""
18009
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
18010
"and SASL authentication."
18011
msgstr ""
18012
18013
#: serverguide/C/mail.xml:647(para)
18014
msgid ""
18015
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
18016
"information."
18017
msgstr ""
18018
"Глядзіце <ulink url=\"http://www.exim.org/\">exim.org</ulink> для больш "
18019
"зьмястоўнай інфармацыі."
18020
18021
#: serverguide/C/mail.xml:652(para)
18022
msgid ""
18023
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
18024
"server\">Exim4 Book</ulink> available."
18025
msgstr ""
18026
"Яшчэ даступная <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
18027
"server\">Кніга па Exim4</ulink>."
18028
18029
#: serverguide/C/mail.xml:657(para)
18030
msgid ""
18031
"Another resource is the <ulink "
18032
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
18033
"page."
18034
msgstr ""
18035
18036
#: serverguide/C/mail.xml:666(title)
18037
msgid "Dovecot Server"
18038
msgstr "Сэрвер Dovecot"
18039
18040
#: serverguide/C/mail.xml:667(para)
18041
msgid ""
18042
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
18043
"security primarily in mind. It supports the major mailbox formats: mbox or "
18044
"Maildir. This section explain how to set it up as an imap or pop3 server."
18045
msgstr ""
18046
18047
#: serverguide/C/mail.xml:675(para)
18048
msgid ""
18049
"To install <application>dovecot</application>, run the following command in "
18050
"the command prompt:"
18051
msgstr ""
18052
"Каб устанавіць <application>dovecot</application>, увядзіце наступнае ў "
18053
"загадны радок:"
18054
18055
#: serverguide/C/mail.xml:680(command)
18056
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
18057
msgstr "sudo apt-get install dovecot-imapd dovecot-pop3d"
18058
18059
#: serverguide/C/mail.xml:685(para)
18060
msgid ""
18061
"To configure <application>dovecot</application>, you can edit the file "
18062
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
18063
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
18064
"secure). A description of these protocols is beyond the scope of this guide. "
18065
"For further information, refer to the Wikipedia articles on <ulink "
18066
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
18067
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
18068
"link>."
18069
msgstr ""
18070
18071
#: serverguide/C/mail.xml:695(para)
18072
msgid ""
18073
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
18074
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
18075
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
18076
msgstr ""
18077
18078
#: serverguide/C/mail.xml:701(programlisting)
18079
#, no-wrap
18080
msgid ""
18081
"\n"
18082
"protocols = pop3 pop3s imap imaps\n"
18083
msgstr ""
18084
"\n"
18085
"protocols = pop3 pop3s imap imaps\n"
18086
18087
#: serverguide/C/mail.xml:704(para)
18088
msgid ""
18089
"Next, choose the mailbox you would like to use. "
18090
"<application>Dovecot</application> supports <emphasis "
18091
"role=\"strong\">maildir</emphasis> and <emphasis "
18092
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
18093
"mailbox formats. They both have their own benefits and are discussed on "
18094
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
18095
"site</ulink>."
18096
msgstr ""
18097
18098
#: serverguide/C/mail.xml:712(para)
18099
msgid ""
18100
"Once you have chosen your mailbox type, edit the file "
18101
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
18102
msgstr ""
18103
18104
#: serverguide/C/mail.xml:717(programlisting)
18105
#, no-wrap
18106
msgid ""
18107
"\n"
18108
"mail_location = maildir:~/Maildir # (for maildir)\n"
18109
"or\n"
18110
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
18111
msgstr ""
18112
"\n"
18113
"mail_location = maildir:~/Maildir # (для maildir)\n"
18114
"or\n"
18115
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (для mbox)\n"
18116
18117
#: serverguide/C/mail.xml:723(para)
18118
msgid ""
18119
"You should configure your Mail Transport Agent (MTA) to transfer the "
18120
"incoming mail to this type of mailbox if it is different from the one you "
18121
"have configured."
18122
msgstr ""
18123
18124
#: serverguide/C/mail.xml:729(para)
18125
msgid ""
18126
"Once you have configured dovecot, restart the "
18127
"<application>dovecot</application> daemon in order to test your setup:"
18128
msgstr ""
18129
18130
#: serverguide/C/mail.xml:738(para)
18131
msgid ""
18132
"If you have enabled imap, or pop3, you can also try to log in with the "
18133
"commands <command>telnet localhost pop3</command> or <command>telnet "
18134
"localhost imap2</command>. If you see something like the following, the "
18135
"installation has been successful:"
18136
msgstr ""
18137
18138
#: serverguide/C/mail.xml:745(programlisting)
18139
#, no-wrap
18140
msgid ""
18141
"\n"
18142
"bhuvan@rainbow:~$ telnet localhost pop3\n"
18143
"Trying 127.0.0.1...\n"
18144
"Connected to localhost.localdomain.\n"
18145
"Escape character is '^]'.\n"
18146
"+OK Dovecot ready.\n"
18147
msgstr ""
18148
18149
#: serverguide/C/mail.xml:754(title)
18150
msgid "Dovecot SSL Configuration"
18151
msgstr "Наладкі Dovecot SSL"
18152
18153
#: serverguide/C/mail.xml:755(para)
18154
msgid ""
18155
"To configure <application>dovecot</application> to use SSL, you can edit the "
18156
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
18157
"lines:"
18158
msgstr ""
18159
18160
#: serverguide/C/mail.xml:760(programlisting)
18161
#, no-wrap
18162
msgid ""
18163
"\n"
18164
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
18165
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
18166
"ssl_disable = no\n"
18167
"disable_plaintext_auth = no\n"
18168
msgstr ""
18169
18170
#: serverguide/C/mail.xml:766(para)
18171
msgid ""
18172
"You can get the SSL certificate from a Certificate Issuing Authority or you "
18173
"can create self signed SSL certificate. The latter is a good option for "
18174
"email, because SMTP clients rarely complain about \"self-signed "
18175
"certificates\". Please refer to <xref linkend=\"certificates-and-"
18176
"security\"/> for details about how to create self signed SSL certificate. "
18177
"Once you create the certificate, you will have a key file and a certificate "
18178
"file. Please copy them to the location pointed in the "
18179
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
18180
msgstr ""
18181
18182
#: serverguide/C/mail.xml:781(title)
18183
msgid "Firewall Configuration for an Email Server"
18184
msgstr "Наладкі брандмаўэра для сэрвера Email"
18185
18186
#: serverguide/C/mail.xml:787(para)
18187
msgid "IMAP - 143"
18188
msgstr "IMAP - 143"
18189
18190
#: serverguide/C/mail.xml:788(para)
18191
msgid "IMAPS - 993"
18192
msgstr "IMAPS - 993"
18193
18194
#: serverguide/C/mail.xml:789(para)
18195
msgid "POP3 - 110"
18196
msgstr "POP3 - 110"
18197
18198
#: serverguide/C/mail.xml:790(para)
18199
msgid "POP3S - 995"
18200
msgstr "POP3S - 995"
18201
18202
#: serverguide/C/mail.xml:782(para)
18203
msgid ""
18204
"To access your mail server from another computer, you must configure your "
18205
"firewall to allow connections to the server on the necessary ports. "
18206
"<placeholder-1/>"
18207
msgstr ""
18208
18209
#: serverguide/C/mail.xml:799(para)
18210
msgid ""
18211
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
18212
"more information."
18213
msgstr ""
18214
"Глядзіце <ulink url=\"http://www.dovecot.org/\">вэб-старонку Dovecot</ulink> "
18215
"для больш зьмястоўнай інфармацыі."
18216
18217
#: serverguide/C/mail.xml:804(para)
18218
msgid ""
18219
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
18220
"Ubuntu Wiki</ulink> page has more details."
18221
msgstr ""
18222
18223
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
18224
msgid "Mailman"
18225
msgstr ""
18226
18227
#: serverguide/C/mail.xml:814(para)
18228
msgid ""
18229
"Mailman is an open source program for managing electronic mail discussions "
18230
"and e-newsletter lists. Many open source mailing lists (including all the "
18231
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
18232
"Mailman as their mailing list software. It is powerful and easy to install "
18233
"and maintain."
18234
msgstr ""
18235
18236
#: serverguide/C/mail.xml:824(para)
18237
msgid ""
18238
"Mailman provides a web interface for the administrators and users, using an "
18239
"external mail server to send and receive emails. It works perfectly with the "
18240
"following mail servers:"
18241
msgstr ""
18242
18243
#: serverguide/C/mail.xml:835(application)
18244
msgid "Exim"
18245
msgstr "Exim"
18246
18247
#: serverguide/C/mail.xml:838(application)
18248
msgid "Sendmail"
18249
msgstr "Sendmail"
18250
18251
#: serverguide/C/mail.xml:841(application)
18252
msgid "Qmail"
18253
msgstr "Qmail"
18254
18255
#: serverguide/C/mail.xml:846(para)
18256
msgid ""
18257
"We will see how to install and configure Mailman with, the Apache web "
18258
"server, and either the Postfix or Exim mail server. If you wish to install "
18259
"Mailman with a different mail server, please refer to the references section."
18260
msgstr ""
18261
18262
#: serverguide/C/mail.xml:853(para)
18263
msgid ""
18264
"You only need to install one mail server and "
18265
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
18266
msgstr ""
18267
18268
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
18269
msgid "Apache2"
18270
msgstr "Apache2"
18271
18272
#: serverguide/C/mail.xml:859(para)
18273
msgid ""
18274
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
18275
"installation\">HTTPD Installation</ulink> section for details."
18276
msgstr ""
18277
18278
#: serverguide/C/mail.xml:867(para)
18279
msgid ""
18280
"For instructions on installing and configuring Postfix refer to <xref "
18281
"linkend=\"postfix\"/>"
18282
msgstr ""
18283
18284
#: serverguide/C/mail.xml:873(para)
18285
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
18286
msgstr ""
18287
18288
#: serverguide/C/mail.xml:884(application)
18289
msgid "dc_use_split_config='true'"
18290
msgstr "dc_use_split_config='true'"
18291
18292
#: serverguide/C/mail.xml:876(para)
18293
msgid ""
18294
"Once exim4 is installed, the configuration files are stored in the "
18295
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
18296
"configuration files are split across different files. You can change this "
18297
"behavior by changing the following variable in the "
18298
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
18299
msgstr ""
18300
18301
#: serverguide/C/mail.xml:891(para)
18302
msgid ""
18303
"To install <application>Mailman</application>, run following command at a "
18304
"terminal prompt:"
18305
msgstr ""
18306
"Каб устанавіць <application>Mailman</application>, увядзіце наступны загад у "
18307
"тэрмінале:"
18308
18309
#: serverguide/C/mail.xml:895(command)
18310
msgid "sudo apt-get install mailman"
18311
msgstr "sudo apt-get install mailman"
18312
18313
#: serverguide/C/mail.xml:897(para)
18314
msgid ""
18315
"It copies the installation files in "
18316
"<application>/var/lib/mailman</application> directory. It installs the CGI "
18317
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
18318
"creates <emphasis>list</emphasis> linux user. It creates the "
18319
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
18320
"this user."
18321
msgstr ""
18322
18323
#: serverguide/C/mail.xml:909(para)
18324
msgid ""
18325
"This section assumes you have successfully installed "
18326
"<application>mailman</application>, <application>apache2</application>, and "
18327
"<application>postfix</application> or <application>exim4</application>. Now "
18328
"you just need to configure them."
18329
msgstr ""
18330
18331
#: serverguide/C/mail.xml:918(para)
18332
msgid ""
18333
"An example Apache configuration file comes with "
18334
"<application>Mailman</application> and is placed in "
18335
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
18336
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
18337
"available</filename>:"
18338
msgstr ""
18339
18340
#: serverguide/C/mail.xml:924(command)
18341
msgid ""
18342
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18343
msgstr ""
18344
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18345
18346
#: serverguide/C/mail.xml:926(para)
18347
msgid ""
18348
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
18349
"Mailman administration site. Now enable the new configuration and restart "
18350
"Apache:"
18351
msgstr ""
18352
18353
#: serverguide/C/mail.xml:931(command)
18354
msgid "sudo a2ensite mailman.conf"
18355
msgstr "sudo a2ensite mailman.conf"
18356
18357
#: serverguide/C/mail.xml:934(para)
18358
msgid ""
18359
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
18360
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
18361
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
18362
"can make changes to the <filename>/etc/apache2/sites-"
18363
"available/mailman.conf</filename> file if you wish to change this behavior."
18364
msgstr ""
18365
18366
#: serverguide/C/mail.xml:945(para)
18367
msgid ""
18368
"For <application>Postfix</application> integration, we will associate the "
18369
"domain lists.example.com with the mailing lists. Please replace "
18370
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
18371
msgstr ""
18372
18373
#: serverguide/C/mail.xml:949(para)
18374
msgid ""
18375
"You can use the postconf command to add the necessary configuration to "
18376
"<filename>/etc/postfix/main.cf</filename>:"
18377
msgstr ""
18378
18379
#: serverguide/C/mail.xml:953(command)
18380
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
18381
msgstr "sudo postconf -e 'relay_domains = lists.example.com'"
18382
18383
#: serverguide/C/mail.xml:954(command)
18384
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18385
msgstr "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18386
18387
#: serverguide/C/mail.xml:955(command)
18388
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18389
msgstr ""
18390
18391
#: serverguide/C/mail.xml:957(para)
18392
msgid ""
18393
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
18394
"the following transport:"
18395
msgstr ""
18396
18397
#: serverguide/C/mail.xml:960(programlisting)
18398
#, no-wrap
18399
msgid ""
18400
"\n"
18401
"mailman unix - n n - - pipe\n"
18402
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
18403
" ${nexthop} ${user}\n"
18404
msgstr ""
18405
"\n"
18406
"mailman unix - n n - - pipe\n"
18407
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
18408
" ${nexthop} ${user}\n"
18409
18410
#: serverguide/C/mail.xml:965(para)
18411
msgid ""
18412
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
18413
"is delivered to a list."
18414
msgstr ""
18415
18416
#: serverguide/C/mail.xml:968(para)
18417
msgid ""
18418
"Associate the domain lists.example.com to the Mailman transport with the "
18419
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
18420
msgstr ""
18421
18422
#: serverguide/C/mail.xml:971(programlisting)
18423
#, no-wrap
18424
msgid ""
18425
"\n"
18426
"lists.example.com mailman:\n"
18427
msgstr ""
18428
"\n"
18429
"lists.example.com mailman:\n"
18430
18431
#: serverguide/C/mail.xml:974(para)
18432
msgid ""
18433
"Now have <application>Postfix</application> build the transport map by "
18434
"entering the following from a terminal prompt:"
18435
msgstr ""
18436
18437
#: serverguide/C/mail.xml:978(command)
18438
msgid "sudo postmap -v /etc/postfix/transport"
18439
msgstr "sudo postmap -v /etc/postfix/transport"
18440
18441
#: serverguide/C/mail.xml:980(para)
18442
msgid "Then restart Postfix to enable the new configurations:"
18443
msgstr "Перазапусьціце Postfix каб ужыць новыя наладкі:"
18444
18445
#: serverguide/C/mail.xml:989(para)
18446
msgid ""
18447
"Once Exim4 is installed, you can start the Exim server using the following "
18448
"command from a terminal prompt:"
18449
msgstr ""
18450
18451
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
18452
msgid "Main"
18453
msgstr ""
18454
18455
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
18456
msgid "Transport"
18457
msgstr ""
18458
18459
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
18460
msgid "Router"
18461
msgstr ""
18462
18463
#: serverguide/C/mail.xml:996(para)
18464
msgid ""
18465
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18466
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18467
"different types. For details, please refer to the <ulink "
18468
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
18469
"add new a configuration file to the following configuration types: "
18470
"<placeholder-1/> Exim creates a master configuration file by sorting all "
18471
"these mini configuration files. So, the order of these configuration files "
18472
"is very important."
18473
msgstr ""
18474
18475
#: serverguide/C/mail.xml:1027(programlisting)
18476
#, no-wrap
18477
msgid ""
18478
"\n"
18479
"# start\n"
18480
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18481
"# directory.\n"
18482
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18483
"# This is normally the same as ~mailman\n"
18484
"MM_HOME=/var/lib/mailman\n"
18485
"#\n"
18486
"# User and group for Mailman, should match your --with-mail-gid\n"
18487
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18488
"MM_UID=list\n"
18489
"MM_GID=list\n"
18490
"#\n"
18491
"# Domains that your lists are in - colon separated list\n"
18492
"# you may wish to add these into local_domains as well\n"
18493
"domainlist mm_domains=hostname.com\n"
18494
"#\n"
18495
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18496
"#\n"
18497
"# These values are derived from the ones above and should not need\n"
18498
"# editing unless you have munged your mailman installation\n"
18499
"#\n"
18500
"# The path of the Mailman mail wrapper script\n"
18501
"MM_WRAP=MM_HOME/mail/mailman\n"
18502
"#\n"
18503
"# The path of the list config file (used as a required file when\n"
18504
"# verifying list addresses)\n"
18505
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18506
"# end\n"
18507
msgstr ""
18508
18509
#: serverguide/C/mail.xml:1021(para)
18510
msgid ""
18511
"All the configuration files belonging to the main type are stored in the "
18512
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18513
"following content to a new file, named <filename>04_exim4-"
18514
"config_mailman</filename>: <placeholder-1/>"
18515
msgstr ""
18516
18517
#: serverguide/C/mail.xml:1067(programlisting)
18518
#, no-wrap
18519
msgid ""
18520
"\n"
18521
" mailman_transport:\n"
18522
" driver = pipe\n"
18523
" command = MM_WRAP \\\n"
18524
" '${if def:local_part_suffix \\\n"
18525
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18526
"\\\n"
18527
" {post}}' \\\n"
18528
" $local_part\n"
18529
" current_directory = MM_HOME\n"
18530
" home_directory = MM_HOME\n"
18531
" user = MM_UID\n"
18532
" group = MM_GID\n"
18533
msgstr ""
18534
"\n"
18535
" mailman_transport:\n"
18536
" driver = pipe\n"
18537
" command = MM_WRAP \\\n"
18538
" '${if def:local_part_suffix \\\n"
18539
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18540
"\\\n"
18541
" {post}}' \\\n"
18542
" $local_part\n"
18543
" current_directory = MM_HOME\n"
18544
" home_directory = MM_HOME\n"
18545
" user = MM_UID\n"
18546
" group = MM_GID\n"
18547
18548
#: serverguide/C/mail.xml:1061(para)
18549
msgid ""
18550
"All the configuration files belonging to transport type are stored in the "
18551
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18552
"following content to a new file named <filename> 40_exim4-"
18553
"config_mailman</filename>: <placeholder-1/>"
18554
msgstr ""
18555
18556
#: serverguide/C/mail.xml:1088(programlisting)
18557
#, no-wrap
18558
msgid ""
18559
"\n"
18560
" mailman_router:\n"
18561
" driver = accept\n"
18562
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18563
" local_part_suffix_optional\n"
18564
" local_part_suffix = -bounces : -bounces+* : \\\n"
18565
" -confirm+* : -join : -leave : \\\n"
18566
" -owner : -request : -admin\n"
18567
" transport = mailman_transport\n"
18568
msgstr ""
18569
"\n"
18570
" mailman_router:\n"
18571
" driver = accept\n"
18572
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18573
" local_part_suffix_optional\n"
18574
" local_part_suffix = -bounces : -bounces+* : \\\n"
18575
" -confirm+* : -join : -leave : \\\n"
18576
" -owner : -request : -admin\n"
18577
" transport = mailman_transport\n"
18578
18579
#: serverguide/C/mail.xml:1084(para)
18580
msgid ""
18581
"All the configuration files belonging to router type are stored in the "
18582
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18583
"following content in to a new file named <filename>101_exim4-"
18584
"config_mailman</filename>: <placeholder-1/>"
18585
msgstr ""
18586
18587
#: serverguide/C/mail.xml:1101(para)
18588
msgid ""
18589
"The order of main and transport configuration files can be in any order. "
18590
"But, the order of router configuration files must be the same. This "
18591
"particular file must appear before the <application>200_exim4-"
18592
"config_primary</application> file. These two configuration files contain "
18593
"same type of information. The first file takes the precedence. For more "
18594
"details, please refer to the references section."
18595
msgstr ""
18596
18597
#: serverguide/C/mail.xml:1114(para)
18598
msgid ""
18599
"Once mailman is installed, you can run it using the following command:"
18600
msgstr ""
18601
18602
#: serverguide/C/mail.xml:1118(command)
18603
msgid "sudo /etc/init.d/mailman start"
18604
msgstr "sudo /etc/init.d/mailman start"
18605
18606
#: serverguide/C/mail.xml:1120(para)
18607
msgid ""
18608
"Once mailman is installed, you should create the default mailing list. Run "
18609
"the following command to create the mailing list:"
18610
msgstr ""
18611
18612
#: serverguide/C/mail.xml:1126(command)
18613
msgid "sudo /usr/sbin/newlist mailman"
18614
msgstr "sudo /usr/sbin/newlist mailman"
18615
18616
#: serverguide/C/mail.xml:1129(programlisting)
18617
#, no-wrap
18618
msgid ""
18619
"\n"
18620
" Enter the email address of the person running the list: bhuvan at "
18621
"ubuntu.com\n"
18622
" Initial mailman password:\n"
18623
" To finish creating your mailing list, you must edit your "
18624
"<filename>/etc/aliases</filename> (or\n"
18625
" equivalent) file by adding the following lines, and possibly running the\n"
18626
" `newaliases' program:\n"
18627
"\n"
18628
" ## mailman mailing list\n"
18629
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18630
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18631
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18632
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18633
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18634
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18635
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18636
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18637
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18638
"mailman\"\n"
18639
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18640
"mailman\"\n"
18641
"\n"
18642
" Hit enter to notify mailman owner...\n"
18643
"\n"
18644
" # \n"
18645
msgstr ""
18646
18647
#: serverguide/C/mail.xml:1152(para)
18648
msgid ""
18649
"We have configured either Postfix or Exim4 to recognize all emails from "
18650
"mailman. So, it is not mandatory to make any new entries in "
18651
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18652
"configuration files, please ensure that you restart those services before "
18653
"continuing to next section."
18654
msgstr ""
18655
18656
#: serverguide/C/mail.xml:1160(para)
18657
msgid ""
18658
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18659
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18660
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18661
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18662
msgstr ""
18663
18664
#: serverguide/C/mail.xml:1171(title)
18665
msgid "Administration"
18666
msgstr ""
18667
18668
#: serverguide/C/mail.xml:1172(para)
18669
msgid ""
18670
"We assume you have a default installation. The mailman cgi scripts are still "
18671
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18672
"Mailman provides a web based administration facility. To access this page, "
18673
"point your browser to the following url:"
18674
msgstr ""
18675
18676
#: serverguide/C/mail.xml:1180(para)
18677
msgid "http://hostname/cgi-bin/mailman/admin"
18678
msgstr "http://hostname/cgi-bin/mailman/admin"
18679
18680
#: serverguide/C/mail.xml:1184(para)
18681
msgid ""
18682
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18683
"screen. If you click the mailing list name, it will ask for your "
18684
"authentication password. If you enter the correct password, you will be able "
18685
"to change administrative settings of this mailing list. You can create a new "
18686
"mailing list using the command line utility "
18687
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18688
"mailing list using the web interface."
18689
msgstr ""
18690
18691
#: serverguide/C/mail.xml:1197(title)
18692
msgid "Users"
18693
msgstr "Карыстальнікі"
18694
18695
#: serverguide/C/mail.xml:1198(para)
18696
msgid ""
18697
"Mailman provides a web based interface for users. To access this page, point "
18698
"your browser to the following url:"
18699
msgstr ""
18700
18701
#: serverguide/C/mail.xml:1203(para)
18702
msgid "http://hostname/cgi-bin/mailman/listinfo"
18703
msgstr "http://hostname/cgi-bin/mailman/listinfo"
18704
18705
#: serverguide/C/mail.xml:1207(para)
18706
msgid ""
18707
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18708
"screen. If you click the mailing list name, it will display the subscription "
18709
"form. You can enter your email address, name (optional), and password to "
18710
"subscribe. An email invitation will be sent to you. You can follow the "
18711
"instructions in the email to subscribe."
18712
msgstr ""
18713
18714
#: serverguide/C/mail.xml:1219(ulink)
18715
msgid "GNU Mailman - Installation Manual"
18716
msgstr ""
18717
18718
#: serverguide/C/mail.xml:1223(ulink)
18719
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18720
msgstr ""
18721
18722
#: serverguide/C/mail.xml:1226(para)
18723
msgid ""
18724
"Also, see the <ulink "
18725
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18726
"Wiki</ulink> page."
18727
msgstr ""
18728
18729
#: serverguide/C/mail.xml:1232(title)
18730
msgid "Mail Filtering"
18731
msgstr ""
18732
18733
#: serverguide/C/mail.xml:1233(para)
18734
msgid ""
18735
"One of the largest issues with email today is the problem of Unsolicited "
18736
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18737
"and other forms of malware. According to some reports these messages make up "
18738
"the bulk of all email traffic on the Internet."
18739
msgstr ""
18740
18741
#: serverguide/C/mail.xml:1238(para)
18742
msgid ""
18743
"This section will cover integrating <application>Amavisd-new</application>, "
18744
"<application>Spamassassin</application>, and "
18745
"<application>ClamAV</application> with the "
18746
"<application>Postfix</application> Mail Transport Agent (MTA). "
18747
"<application>Postfix</application> can also check email validity by passing "
18748
"it through external content filters. These filters can sometimes determine "
18749
"if a message is spam without needing to process it with more resource "
18750
"intensive applications. Two common filters are <application>dkim-"
18751
"filter</application> and <application>python-policyd-spf</application>."
18752
msgstr ""
18753
18754
#: serverguide/C/mail.xml:1248(para)
18755
msgid ""
18756
"<application>Amavisd-new</application> is a wrapper program that can call "
18757
"any number of content filtering programs for spam detection, antivirus, etc."
18758
msgstr ""
18759
18760
#: serverguide/C/mail.xml:1254(para)
18761
msgid ""
18762
"<application>Spamassassin</application> uses a variety of mechanisms to "
18763
"filter email based on the message content."
18764
msgstr ""
18765
18766
#: serverguide/C/mail.xml:1259(para)
18767
msgid ""
18768
"<application>ClamAV</application> is an open source antivirus application."
18769
msgstr ""
18770
18771
#: serverguide/C/mail.xml:1264(para)
18772
msgid ""
18773
"<application>dkim-filter</application> implements a Sendmail Mail Filter "
18774
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18775
msgstr ""
18776
18777
#: serverguide/C/mail.xml:1270(para)
18778
msgid ""
18779
"<application>python-policyd-spf</application> enables Sender Policy "
18780
"Framework (SPF) checking with <application>Postfix</application>."
18781
msgstr ""
18782
18783
#: serverguide/C/mail.xml:1275(para)
18784
msgid "This is how the pieces fit together:"
18785
msgstr ""
18786
18787
#: serverguide/C/mail.xml:1280(para)
18788
msgid "An email message is accepted by <application>Postfix</application>."
18789
msgstr ""
18790
18791
#: serverguide/C/mail.xml:1285(para)
18792
msgid ""
18793
"The message is passed through any external filters <application>dkim-"
18794
"filter</application> and <application>python-policyd-spf</application> in "
18795
"this case."
18796
msgstr ""
18797
18798
#: serverguide/C/mail.xml:1291(para)
18799
msgid "<application>Amavisd-new</application> then processes the message."
18800
msgstr ""
18801
18802
#: serverguide/C/mail.xml:1296(para)
18803
msgid ""
18804
"<application>ClamAV</application> is used to scan the message. If the "
18805
"message contains a virus <application>Postfix</application> will reject the "
18806
"message."
18807
msgstr ""
18808
18809
#: serverguide/C/mail.xml:1302(para)
18810
msgid ""
18811
"Clean messages will then be analyzed by "
18812
"<application>Spamassassin</application> to find out if the message is spam. "
18813
"<application>Spamassassin</application> will then add X-Header lines "
18814
"allowing <application>Amavisd-new</application> to further manipulate the "
18815
"message."
18816
msgstr ""
18817
18818
#: serverguide/C/mail.xml:1309(para)
18819
msgid ""
18820
"For example, if a message has a Spam score of over fifty the message could "
18821
"be automatically dropped from the queue without the recipient ever having to "
18822
"be bothered. Another, way to handle flagged messages is to deliver them to "
18823
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18824
"see fit."
18825
msgstr ""
18826
18827
#: serverguide/C/mail.xml:1316(para)
18828
msgid ""
18829
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18830
"configuring Postfix."
18831
msgstr ""
18832
18833
#: serverguide/C/mail.xml:1319(para)
18834
msgid ""
18835
"To install the rest of the applications enter the following from a terminal "
18836
"prompt:"
18837
msgstr ""
18838
18839
#: serverguide/C/mail.xml:1323(command)
18840
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18841
msgstr "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18842
18843
#: serverguide/C/mail.xml:1324(command)
18844
msgid "sudo apt-get install dkim-filter python-policyd-spf"
18845
msgstr "sudo apt-get install dkim-filter python-policyd-spf"
18846
18847
#: serverguide/C/mail.xml:1326(para)
18848
msgid ""
18849
"There are some optional packages that integrate with "
18850
"<application>Spamassassin</application> for better spam detection:"
18851
msgstr ""
18852
18853
#: serverguide/C/mail.xml:1330(command)
18854
msgid "sudo apt-get install pyzor razor"
18855
msgstr "sudo apt-get install pyzor razor"
18856
18857
#: serverguide/C/mail.xml:1332(para)
18858
msgid ""
18859
"Along with the main filtering applications compression utilities are needed "
18860
"to process some email attachments:"
18861
msgstr ""
18862
18863
#: serverguide/C/mail.xml:1336(command)
18864
msgid ""
18865
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18866
msgstr ""
18867
18868
#: serverguide/C/mail.xml:1339(para)
18869
msgid ""
18870
"If some packages are not found, check that the "
18871
"<emphasis>multiverse</emphasis> repository is enabled in "
18872
"<filename>/etc/apt/sources.list</filename>"
18873
msgstr ""
18874
18875
#: serverguide/C/mail.xml:1340(para)
18876
msgid ""
18877
"If you make changes to the file, be sure to run <command>sudo apt-get "
18878
"update</command> before trying to install again."
18879
msgstr ""
18880
18881
#: serverguide/C/mail.xml:1345(para)
18882
msgid "Now configure everything to work together and filter email."
18883
msgstr ""
18884
18885
#: serverguide/C/mail.xml:1349(title)
18886
msgid "ClamAV"
18887
msgstr "ClamAV"
18888
18889
#: serverguide/C/mail.xml:1350(para)
18890
msgid ""
18891
"The default behaviour of <application>ClamAV</application> will fit our "
18892
"needs. For more ClamAV configuration options, check the configuration files "
18893
"in <filename>/etc/clamav</filename>."
18894
msgstr ""
18895
18896
#: serverguide/C/mail.xml:1355(para)
18897
msgid ""
18898
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18899
"group in order for <application>Amavisd-new</application> to have the "
18900
"appropriate access to scan files:"
18901
msgstr ""
18902
18903
#: serverguide/C/mail.xml:1360(command)
18904
msgid "sudo adduser clamav amavis"
18905
msgstr "sudo adduser clamav amavis"
18906
18907
#: serverguide/C/mail.xml:1364(title)
18908
msgid "Spamassassin"
18909
msgstr ""
18910
18911
#: serverguide/C/mail.xml:1365(para)
18912
msgid ""
18913
"Spamassassin automatically detects optional components and will use them if "
18914
"they are present. This means that there is no need to configure "
18915
"<application>pyzor</application> and <application>razor</application>."
18916
msgstr ""
18917
18918
#: serverguide/C/mail.xml:1369(para)
18919
msgid ""
18920
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18921
"<application>Spamassassin</application> daemon. Change "
18922
"<emphasis>ENABLED=0</emphasis> to:"
18923
msgstr ""
18924
18925
#: serverguide/C/mail.xml:1373(programlisting)
18926
#, no-wrap
18927
msgid ""
18928
"\n"
18929
"ENABLED=1\n"
18930
msgstr ""
18931
"\n"
18932
"ENABLED=1\n"
18933
18934
#: serverguide/C/mail.xml:1376(para)
18935
msgid "Now start the daemon:"
18936
msgstr ""
18937
18938
#: serverguide/C/mail.xml:1380(command)
18939
msgid "sudo /etc/init.d/spamassassin start"
18940
msgstr "sudo /etc/init.d/spamassassin start"
18941
18942
#: serverguide/C/mail.xml:1384(title)
18943
msgid "Amavisd-new"
18944
msgstr "Amavisd-new"
18945
18946
#: serverguide/C/mail.xml:1385(para)
18947
msgid ""
18948
"First activate spam and antivirus detection in <application>Amavisd-"
18949
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18950
"content_filter_mode</filename>:"
18951
msgstr ""
18952
18953
#: serverguide/C/mail.xml:1389(programlisting)
18954
#, no-wrap
18955
msgid ""
18956
"\n"
18957
"use strict;\n"
18958
"\n"
18959
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
18960
"# and to re-enable antivirus checking.\n"
18961
"\n"
18962
"#\n"
18963
"# Default antivirus checking mode\n"
18964
"# Uncomment the two lines below to enable it\n"
18965
"#\n"
18966
"\n"
18967
"@bypass_virus_checks_maps = (\n"
18968
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
18969
"$bypass_virus_checks_re);\n"
18970
"\n"
18971
"\n"
18972
"#\n"
18973
"# Default SPAM checking mode\n"
18974
"# Uncomment the two lines below to enable it\n"
18975
"#\n"
18976
"\n"
18977
"@bypass_spam_checks_maps = (\n"
18978
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
18979
"$bypass_spam_checks_re);\n"
18980
"\n"
18981
"1; # insure a defined return\n"
18982
msgstr ""
18983
18984
#: serverguide/C/mail.xml:1414(para)
18985
msgid ""
18986
"Bouncing spam can be a bad idea as the return address is often faked. "
18987
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18988
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
18989
"D_BOUNCE, as follows:"
18990
msgstr ""
18991
18992
#: serverguide/C/mail.xml:1420(programlisting)
18993
#, no-wrap
18994
msgid ""
18995
"\n"
18996
"$final_spam_destiny = D_DISCARD;\n"
18997
msgstr ""
18998
"\n"
18999
"$final_spam_destiny = D_DISCARD;\n"
19000
19001
#: serverguide/C/mail.xml:1424(para)
19002
msgid ""
19003
"Additionally, you may want to adjust the following options to flag more "
19004
"messages as spam:"
19005
msgstr ""
19006
19007
#: serverguide/C/mail.xml:1428(programlisting)
19008
#, no-wrap
19009
msgid ""
19010
"\n"
19011
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
19012
"level\n"
19013
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
19014
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
19015
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
19016
msgstr ""
19017
19018
#: serverguide/C/mail.xml:1435(para)
19019
msgid ""
19020
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
19021
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
19022
"option. Also, if the server receives mail for multiple domains the "
19023
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
19024
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
19025
msgstr ""
19026
19027
#: serverguide/C/mail.xml:1442(programlisting)
19028
#, no-wrap
19029
msgid ""
19030
"\n"
19031
"$myhostname = 'mail.example.com';\n"
19032
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
19033
msgstr ""
19034
"\n"
19035
"$myhostname = 'mail.example.com';\n"
19036
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
19037
19038
#: serverguide/C/mail.xml:1447(para)
19039
msgid ""
19040
"After configuration <application>Amavisd-new</application> needs to be "
19041
"restarted:"
19042
msgstr ""
19043
19044
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
19045
msgid "sudo /etc/init.d/amavis restart"
19046
msgstr "sudo /etc/init.d/amavis restart"
19047
19048
#: serverguide/C/mail.xml:1454(title)
19049
msgid "DKIM Whitelist"
19050
msgstr ""
19051
19052
#: serverguide/C/mail.xml:1456(para)
19053
msgid ""
19054
"<application>Amavisd-new</application> can be configured to automatically "
19055
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
19056
"Keys. There are some pre-configured domains in the "
19057
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
19058
msgstr ""
19059
19060
#: serverguide/C/mail.xml:1462(para)
19061
msgid "There are multiple ways to configure the Whitelist for a domain:"
19062
msgstr ""
19063
19064
#: serverguide/C/mail.xml:1468(para)
19065
msgid ""
19066
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19067
"address from the \"example.com\" domain."
19068
msgstr ""
19069
19070
#: serverguide/C/mail.xml:1473(para)
19071
msgid ""
19072
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
19073
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
19074
"have a valid signature."
19075
msgstr ""
19076
19077
#: serverguide/C/mail.xml:1479(para)
19078
msgid ""
19079
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
19080
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
19081
"role=\"italic\">example.com</emphasis> the parent domain."
19082
msgstr ""
19083
19084
#: serverguide/C/mail.xml:1485(para)
19085
msgid ""
19086
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
19087
"that have a valid signature from \"example.com\". This is usually used for "
19088
"discussion groups that sign thier messages."
19089
msgstr ""
19090
19091
#: serverguide/C/mail.xml:1492(para)
19092
msgid ""
19093
"A domain can also have multiple Whitelist configurations. After, editing the "
19094
"file restart <application>amaisd-new</application>:"
19095
msgstr ""
19096
19097
#: serverguide/C/mail.xml:1501(para)
19098
msgid ""
19099
"In this context, once a domain has been added to the Whitelist the message "
19100
"will not receive any anti-virus or spam filtering. This may or may not be "
19101
"the intended behavior you wish for a domain."
19102
msgstr ""
19103
19104
#: serverguide/C/mail.xml:1511(para)
19105
msgid ""
19106
"For <application>Postfix</application> integration, enter the following from "
19107
"a terminal prompt:"
19108
msgstr ""
19109
19110
#: serverguide/C/mail.xml:1515(command)
19111
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
19112
msgstr "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
19113
19114
#: serverguide/C/mail.xml:1517(para)
19115
msgid ""
19116
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
19117
"to the end of the file:"
19118
msgstr ""
19119
19120
#: serverguide/C/mail.xml:1520(programlisting)
19121
#, no-wrap
19122
msgid ""
19123
"\n"
19124
"smtp-amavis unix - - - - 2 smtp\n"
19125
" -o smtp_data_done_timeout=1200\n"
19126
" -o smtp_send_xforward_command=yes\n"
19127
" -o disable_dns_lookups=yes\n"
19128
" -o max_use=20\n"
19129
"\n"
19130
"127.0.0.1:10025 inet n - - - - smtpd\n"
19131
" -o content_filter=\n"
19132
" -o local_recipient_maps=\n"
19133
" -o relay_recipient_maps=\n"
19134
" -o smtpd_restriction_classes=\n"
19135
" -o smtpd_delay_reject=no\n"
19136
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
19137
" -o smtpd_helo_restrictions=\n"
19138
" -o smtpd_sender_restrictions=\n"
19139
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
19140
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
19141
" -o smtpd_end_of_data_restrictions=\n"
19142
" -o mynetworks=127.0.0.0/8\n"
19143
" -o smtpd_error_sleep_time=0\n"
19144
" -o smtpd_soft_error_limit=1001\n"
19145
" -o smtpd_hard_error_limit=1000\n"
19146
" -o smtpd_client_connection_count_limit=0\n"
19147
" -o smtpd_client_connection_rate_limit=0\n"
19148
" -o "
19149
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
19150
msgstr ""
19151
"\n"
19152
"smtp-amavis unix - - - - 2 smtp\n"
19153
" -o smtp_data_done_timeout=1200\n"
19154
" -o smtp_send_xforward_command=yes\n"
19155
" -o disable_dns_lookups=yes\n"
19156
" -o max_use=20\n"
19157
"\n"
19158
"127.0.0.1:10025 inet n - - - - smtpd\n"
19159
" -o content_filter=\n"
19160
" -o local_recipient_maps=\n"
19161
" -o relay_recipient_maps=\n"
19162
" -o smtpd_restriction_classes=\n"
19163
" -o smtpd_delay_reject=no\n"
19164
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
19165
" -o smtpd_helo_restrictions=\n"
19166
" -o smtpd_sender_restrictions=\n"
19167
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
19168
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
19169
" -o smtpd_end_of_data_restrictions=\n"
19170
" -o mynetworks=127.0.0.0/8\n"
19171
" -o smtpd_error_sleep_time=0\n"
19172
" -o smtpd_soft_error_limit=1001\n"
19173
" -o smtpd_hard_error_limit=1000\n"
19174
" -o smtpd_client_connection_count_limit=0\n"
19175
" -o smtpd_client_connection_rate_limit=0\n"
19176
" -o "
19177
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
19178
19179
#: serverguide/C/mail.xml:1547(para)
19180
msgid ""
19181
"Also add the following two lines immediately below the "
19182
"<emphasis>\"pickup\"</emphasis> transport service:"
19183
msgstr ""
19184
19185
#: serverguide/C/mail.xml:1550(programlisting)
19186
#, no-wrap
19187
msgid ""
19188
"\n"
19189
" -o content_filter=\n"
19190
" -o receive_override_options=no_header_body_checks\n"
19191
msgstr ""
19192
"\n"
19193
" -o content_filter=\n"
19194
" -o receive_override_options=no_header_body_checks\n"
19195
19196
#: serverguide/C/mail.xml:1554(para)
19197
msgid ""
19198
"This will prevent messages that are generated to report on spam from being "
19199
"classified as spam."
19200
msgstr ""
19201
19202
#: serverguide/C/mail.xml:1557(para)
19203
msgid "Now restart <application>Postfix</application>:"
19204
msgstr ""
19205
19206
#: serverguide/C/mail.xml:1563(para)
19207
msgid "Content filtering with spam and virus detection is now enabled."
19208
msgstr ""
19209
19210
#: serverguide/C/mail.xml:1570(para)
19211
msgid ""
19212
"First, test that the <application>Amavisd-new</application> SMTP is "
19213
"listening:"
19214
msgstr ""
19215
19216
#: serverguide/C/mail.xml:1573(programlisting)
19217
#, no-wrap
19218
msgid ""
19219
"\n"
19220
"telnet localhost 10024\n"
19221
"Trying 127.0.0.1...\n"
19222
"Connected to localhost.\n"
19223
"Escape character is '^]'.\n"
19224
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
19225
"^]\n"
19226
msgstr ""
19227
"\n"
19228
"telnet localhost 10024\n"
19229
"Trying 127.0.0.1...\n"
19230
"Connected to localhost.\n"
19231
"Escape character is '^]'.\n"
19232
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
19233
"^]\n"
19234
19235
#: serverguide/C/mail.xml:1581(para)
19236
msgid ""
19237
"In the Header of messages that go through the content filter you should see:"
19238
msgstr ""
19239
19240
#: serverguide/C/mail.xml:1584(programlisting)
19241
#, no-wrap
19242
msgid ""
19243
"\n"
19244
"X-Spam-Level: \n"
19245
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
19246
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
19247
"BAYES_00\n"
19248
"X-Spam-Level: \n"
19249
msgstr ""
19250
"\n"
19251
"X-Spam-Level: \n"
19252
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
19253
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
19254
"BAYES_00\n"
19255
"X-Spam-Level: \n"
19256
19257
#: serverguide/C/mail.xml:1591(para)
19258
msgid ""
19259
"Your output will vary, but the important thing is that there are <emphasis>X-"
19260
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
19261
msgstr ""
19262
19263
#: serverguide/C/mail.xml:1599(para)
19264
msgid ""
19265
"The best way to figure out why something is going wrong is to check the log "
19266
"files."
19267
msgstr ""
19268
19269
#: serverguide/C/mail.xml:1604(para)
19270
msgid ""
19271
"For instructions on <application>Postfix</application> logging see the <xref "
19272
"linkend=\"postfix-troubleshooting\"/> section."
19273
msgstr ""
19274
19275
#: serverguide/C/mail.xml:1610(para)
19276
msgid ""
19277
"<application>Amavisd-new</application> uses "
19278
"<application>Syslog</application> to send messages to "
19279
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
19280
"increased by adding the <emphasis>$log_level</emphasis> option to "
19281
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
19282
"1 to 5."
19283
msgstr ""
19284
19285
#: serverguide/C/mail.xml:1615(programlisting)
19286
#, no-wrap
19287
msgid ""
19288
"\n"
19289
"$log_level = 2;\n"
19290
msgstr ""
19291
"\n"
19292
"$log_level = 2;\n"
19293
19294
#: serverguide/C/mail.xml:1619(para)
19295
msgid ""
19296
"When the <application>Amavisd-new</application> log output is increased "
19297
"<application>Spamassassin</application> log output is also increased."
19298
msgstr ""
19299
19300
#: serverguide/C/mail.xml:1626(para)
19301
msgid ""
19302
"The <application>ClamAV</application> log level can be increased by editing "
19303
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
19304
msgstr ""
19305
19306
#: serverguide/C/mail.xml:1630(programlisting)
19307
#, no-wrap
19308
msgid ""
19309
"\n"
19310
"LogVerbose true\n"
19311
msgstr ""
19312
"\n"
19313
"LogVerbose true\n"
19314
19315
#: serverguide/C/mail.xml:1633(para)
19316
msgid ""
19317
"By default <application>ClamAV</application> will send log messages to "
19318
"<filename>/var/log/clamav/clamav.log</filename>."
19319
msgstr ""
19320
19321
#: serverguide/C/mail.xml:1639(para)
19322
msgid ""
19323
"After changing an applications log settings remember to restart the service "
19324
"for the new settings to take affect. Also, once the issue you are "
19325
"troubleshooting is resolved it is a good idea to change the log settings "
19326
"back to normal."
19327
msgstr ""
19328
19329
#: serverguide/C/mail.xml:1647(para)
19330
msgid "For more information on filtering mail see the following links:"
19331
msgstr ""
19332
19333
#: serverguide/C/mail.xml:1653(ulink)
19334
msgid "Amavisd-new Documentation"
19335
msgstr ""
19336
19337
#: serverguide/C/mail.xml:1657(para)
19338
msgid ""
19339
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
19340
"Documentation</ulink> and <ulink "
19341
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
19342
msgstr ""
19343
19344
#: serverguide/C/mail.xml:1664(ulink)
19345
msgid "Spamassassin Wiki"
19346
msgstr ""
19347
19348
#: serverguide/C/mail.xml:1669(ulink)
19349
msgid "Pyzor Homepage"
19350
msgstr "Хатняя старонка Pyzor"
19351
19352
#: serverguide/C/mail.xml:1674(ulink)
19353
msgid "Razor Homepage"
19354
msgstr "Хатняя старонка Razor"
19355
19356
#: serverguide/C/mail.xml:1679(ulink)
19357
msgid "DKIM.org"
19358
msgstr "DKIM.org"
19359
19360
#: serverguide/C/mail.xml:1684(ulink)
19361
msgid "Postfix Amavis New"
19362
msgstr ""
19363
19364
#: serverguide/C/mail.xml:1688(para)
19365
msgid ""
19366
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
19367
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
19368
msgstr ""
19369
19370
#: serverguide/C/lamp-applications.xml:13(title)
19371
msgid "LAMP Applications"
19372
msgstr "Дастасаваньні LAMP"
19373
19374
#: serverguide/C/lamp-applications.xml:19(para)
19375
msgid ""
19376
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
19377
"Ubuntu servers. There is a plethora of Open Source applications written "
19378
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
19379
"Content Management Systems, and Management Software such as phpMyAdmin."
19380
msgstr ""
19381
19382
#: serverguide/C/lamp-applications.xml:26(para)
19383
msgid ""
19384
"One advantage of LAMP is the substantial flexibility for different database, "
19385
"web server, and scripting languages. Popular substitutes for MySQL include "
19386
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
19387
"instead of PHP."
19388
msgstr ""
19389
19390
#: serverguide/C/lamp-applications.xml:32(para)
19391
msgid ""
19392
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
19393
"is:"
19394
msgstr ""
19395
19396
#: serverguide/C/lamp-applications.xml:38(para)
19397
msgid "Download an archive containing the application source files."
19398
msgstr ""
19399
19400
#: serverguide/C/lamp-applications.xml:43(para)
19401
msgid ""
19402
"Unpack the archive, usually in a directory accessible to a web server."
19403
msgstr ""
19404
19405
#: serverguide/C/lamp-applications.xml:48(para)
19406
msgid ""
19407
"Depending on where the source was extracted, configure a web browser to "
19408
"serve the files."
19409
msgstr ""
19410
19411
#: serverguide/C/lamp-applications.xml:53(para)
19412
msgid "Configure the application to connect to the database."
19413
msgstr ""
19414
19415
#: serverguide/C/lamp-applications.xml:58(para)
19416
msgid ""
19417
"Run a script, or browse to a page of the application, to install the "
19418
"database needed by the application."
19419
msgstr ""
19420
19421
#: serverguide/C/lamp-applications.xml:63(para)
19422
msgid ""
19423
"Once the steps above, or similar steps, are completed you are ready to begin "
19424
"using the application."
19425
msgstr ""
19426
19427
#: serverguide/C/lamp-applications.xml:69(para)
19428
msgid ""
19429
"A disadvantage of using this approach is that the application files are not "
19430
"placed in the file system in a standard way, which can cause confusion as to "
19431
"where the application is installed. Another larger disadvantage is updating "
19432
"the application. When a new version is released, the same process used to "
19433
"install the application is needed to apply updates."
19434
msgstr ""
19435
19436
#: serverguide/C/lamp-applications.xml:76(para)
19437
msgid ""
19438
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19439
"packaged for Ubuntu, and are available for installation in the same way as "
19440
"non-LAMP applications. Depending on the application some extra configuration "
19441
"and setup steps may be needed, however."
19442
msgstr ""
19443
19444
#: serverguide/C/lamp-applications.xml:82(para)
19445
msgid ""
19446
"This section covers howto install and configure the Wiki applications "
19447
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19448
"and the MySQL management application <application>phpMyAdmin</application>."
19449
msgstr ""
19450
19451
#: serverguide/C/lamp-applications.xml:88(para)
19452
msgid ""
19453
"A Wiki is a website that allows the visitors to easily add, remove and "
19454
"modify available content easily. The ease of interaction and operation makes "
19455
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
19456
"also referred to the collaborative software."
19457
msgstr ""
19458
19459
#: serverguide/C/lamp-applications.xml:100(title)
19460
msgid "Moin Moin"
19461
msgstr "Moin Moin"
19462
19463
#: serverguide/C/lamp-applications.xml:102(para)
19464
msgid ""
19465
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19466
"engine, and licensed under the GNU GPL."
19467
msgstr ""
19468
19469
#: serverguide/C/lamp-applications.xml:110(para)
19470
msgid ""
19471
"To install <application>MoinMoin</application>, run the following command in "
19472
"the command prompt:"
19473
msgstr ""
19474
"Каб устанавіць <application>MoinMoin</application>, увядзіце наступны загад "
19475
"у тэрмінале:"
19476
19477
#: serverguide/C/lamp-applications.xml:116(command)
19478
msgid "sudo apt-get install python-moinmoin"
19479
msgstr "sudo apt-get install python-moinmoin"
19480
19481
#: serverguide/C/lamp-applications.xml:119(para)
19482
msgid ""
19483
"You should also install <application>apache2</application> web server. For "
19484
"installing <application>apache2</application> web server, please refer to "
19485
"<xref linkend=\"http-installation\"/> sub-section in <xref "
19486
"linkend=\"httpd\"/> section."
19487
msgstr ""
19488
19489
#: serverguide/C/lamp-applications.xml:130(para)
19490
msgid ""
19491
"For configuring your first Wiki application, please run the following set of "
19492
"commands. Let us assume that you are creating a Wiki named "
19493
"<emphasis>mywiki</emphasis>:"
19494
msgstr ""
19495
19496
#: serverguide/C/lamp-applications.xml:137(command)
19497
msgid "cd /usr/share/moin"
19498
msgstr "cd /usr/share/moin"
19499
19500
#: serverguide/C/lamp-applications.xml:138(command)
19501
msgid "sudo mkdir mywiki"
19502
msgstr "sudo mkdir mywiki"
19503
19504
#: serverguide/C/lamp-applications.xml:139(command)
19505
msgid "sudo cp -R data mywiki"
19506
msgstr "sudo cp -R data mywiki"
19507
19508
#: serverguide/C/lamp-applications.xml:140(command)
19509
msgid "sudo cp -R underlay mywiki"
19510
msgstr ""
19511
19512
#: serverguide/C/lamp-applications.xml:141(command)
19513
msgid "sudo cp server/moin.cgi mywiki"
19514
msgstr "sudo cp server/moin.cgi mywiki"
19515
19516
#: serverguide/C/lamp-applications.xml:142(command)
19517
msgid "sudo chown -R www-data.www-data mywiki"
19518
msgstr "sudo chown -R www-data.www-data mywiki"
19519
19520
#: serverguide/C/lamp-applications.xml:143(command)
19521
msgid "sudo chmod -R ug+rwX mywiki"
19522
msgstr "sudo chmod -R ug+rwX mywiki"
19523
19524
#: serverguide/C/lamp-applications.xml:144(command)
19525
msgid "sudo chmod -R o-rwx mywiki"
19526
msgstr "sudo chmod -R o-rwx mywiki"
19527
19528
#: serverguide/C/lamp-applications.xml:147(para)
19529
msgid ""
19530
"Now you should configure <application>MoinMoin</application> to find your "
19531
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19532
"<application>MoinMoin</application>, open "
19533
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19534
msgstr ""
19535
19536
#: serverguide/C/lamp-applications.xml:155(programlisting)
19537
#, no-wrap
19538
msgid "data_dir = '/org/mywiki/data'"
19539
msgstr "data_dir = '/org/mywiki/data'"
19540
19541
#: serverguide/C/lamp-applications.xml:157(para)
19542
msgid "to"
19543
msgstr ""
19544
19545
#: serverguide/C/lamp-applications.xml:161(programlisting)
19546
#, no-wrap
19547
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19548
msgstr "data_dir = '/usr/share/moin/mywiki/data'"
19549
19550
#: serverguide/C/lamp-applications.xml:163(para)
19551
msgid ""
19552
"Also, below the <emphasis>data_dir</emphasis> option add the "
19553
"<emphasis>data_underlay_dir</emphasis>:"
19554
msgstr ""
19555
19556
#: serverguide/C/lamp-applications.xml:167(programlisting)
19557
#, no-wrap
19558
msgid ""
19559
"\n"
19560
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19561
msgstr ""
19562
"\n"
19563
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19564
19565
#: serverguide/C/lamp-applications.xml:172(para)
19566
msgid ""
19567
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19568
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19569
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19570
"change."
19571
msgstr ""
19572
19573
#: serverguide/C/lamp-applications.xml:181(para)
19574
msgid ""
19575
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19576
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19577
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19578
"<quote>(\"mywiki\", r\".*\")</quote>."
19579
msgstr ""
19580
19581
#: serverguide/C/lamp-applications.xml:189(para)
19582
msgid ""
19583
"Once you have configured <application>MoinMoin</application> to find your "
19584
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19585
"<application>apache2</application> and make it ready for your Wiki "
19586
"application."
19587
msgstr ""
19588
19589
#: serverguide/C/lamp-applications.xml:196(para)
19590
msgid ""
19591
"You should add the following lines in <filename>/etc/apache2/sites-"
19592
"available/default</filename> file inside the <quote><VirtualHost "
19593
"*></quote> tag:"
19594
msgstr ""
19595
19596
#: serverguide/C/lamp-applications.xml:202(programlisting)
19597
#, no-wrap
19598
msgid ""
19599
"\n"
19600
"### moin\n"
19601
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19602
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19603
" <Directory /usr/share/moin/htdocs>\n"
19604
" Order allow,deny\n"
19605
" allow from all\n"
19606
" </Directory>\n"
19607
"### end moin\n"
19608
msgstr ""
19609
19610
#: serverguide/C/lamp-applications.xml:214(para)
19611
msgid ""
19612
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19613
"<emphasis>alias</emphasis> line above, to the "
19614
"<application>moinmoin</application> version installed."
19615
msgstr ""
19616
19617
#: serverguide/C/lamp-applications.xml:220(para)
19618
msgid ""
19619
"Once you configure the <application>apache2</application> web server and "
19620
"make it ready for your Wiki application, you should restart it. You can run "
19621
"the following command to restart the <application>apache2</application> web "
19622
"server:"
19623
msgstr ""
19624
19625
#: serverguide/C/lamp-applications.xml:233(title)
19626
msgid "Verification"
19627
msgstr ""
19628
19629
#: serverguide/C/lamp-applications.xml:235(para)
19630
msgid ""
19631
"You can verify the Wiki application and see if it works by pointing your web "
19632
"browser to the following URL:"
19633
msgstr ""
19634
19635
#: serverguide/C/lamp-applications.xml:239(programlisting)
19636
#, no-wrap
19637
msgid ""
19638
"\n"
19639
"http://localhost/mywiki\n"
19640
msgstr ""
19641
"\n"
19642
"http://localhost/mywiki\n"
19643
19644
#: serverguide/C/lamp-applications.xml:243(para)
19645
msgid ""
19646
"You can also run the test command by pointing your web browser to the "
19647
"following URL:"
19648
msgstr ""
19649
19650
#: serverguide/C/lamp-applications.xml:248(programlisting)
19651
#, no-wrap
19652
msgid ""
19653
"\n"
19654
"http://localhost/mywiki?action=test\n"
19655
msgstr ""
19656
"\n"
19657
"http://localhost/mywiki?action=test\n"
19658
19659
#: serverguide/C/lamp-applications.xml:252(para)
19660
msgid ""
19661
"For more details, please refer to the <ulink "
19662
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19663
msgstr ""
19664
19665
#: serverguide/C/lamp-applications.xml:263(para)
19666
msgid ""
19667
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19668
"Wiki</ulink>."
19669
msgstr ""
19670
19671
#: serverguide/C/lamp-applications.xml:268(para)
19672
msgid ""
19673
"Also, see the <ulink "
19674
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19675
"MoinMoin</ulink> page."
19676
msgstr ""
19677
19678
#: serverguide/C/lamp-applications.xml:277(title)
19679
msgid "MediaWiki"
19680
msgstr "MediaWiki"
19681
19682
#: serverguide/C/lamp-applications.xml:279(para)
19683
msgid ""
19684
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19685
"either use <application>MySQL</application> or "
19686
"<application>PostgreSQL</application> Database Management System."
19687
msgstr ""
19688
19689
#: serverguide/C/lamp-applications.xml:289(para)
19690
msgid ""
19691
"Before installing <application>MediaWiki</application> you should also "
19692
"install <application>Apache2</application>, the "
19693
"<application>PHP5</application> scripting language and Database a Management "
19694
"System. <application>MySQL</application> or "
19695
"<application>PostgreSQL</application> are the most common, choose one "
19696
"depending on your need. Please refer to those sections in this manual for "
19697
"installation instructions."
19698
msgstr ""
19699
19700
#: serverguide/C/lamp-applications.xml:297(para)
19701
msgid ""
19702
"To install <application>MediaWiki</application>, run the following command "
19703
"in the command prompt:"
19704
msgstr ""
19705
19706
#: serverguide/C/lamp-applications.xml:303(command)
19707
msgid "sudo apt-get install mediawiki php5-gd"
19708
msgstr "sudo apt-get install mediawiki php5-gd"
19709
19710
#: serverguide/C/lamp-applications.xml:306(para)
19711
msgid ""
19712
"For additional <application>MediaWiki</application> functionality see the "
19713
"<application>mediawiki-extensions</application> package."
19714
msgstr ""
19715
19716
#: serverguide/C/lamp-applications.xml:316(para)
19717
msgid ""
19718
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19719
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19720
"directory. You should uncomment the following line in this file to access "
19721
"MediaWiki application."
19722
msgstr ""
19723
19724
#: serverguide/C/lamp-applications.xml:324(screen)
19725
#, no-wrap
19726
msgid ""
19727
"\n"
19728
"# Alias /mediawiki /var/lib/mediawiki\n"
19729
msgstr ""
19730
19731
#: serverguide/C/lamp-applications.xml:328(para)
19732
msgid ""
19733
"After you uncomment the above line, restart Apache server and access "
19734
"MediaWiki using the following url:"
19735
msgstr ""
19736
19737
#: serverguide/C/lamp-applications.xml:333(programlisting)
19738
#, no-wrap
19739
msgid ""
19740
"\n"
19741
"http://localhost/mediawiki/config/index.php\n"
19742
msgstr ""
19743
"\n"
19744
"http://localhost/mediawiki/config/index.php\n"
19745
19746
#: serverguide/C/lamp-applications.xml:338(para)
19747
msgid ""
19748
"Please read the <quote>Checking environment...</quote> section in this page. "
19749
"You should be able to fix many issues by carefully reading this section."
19750
msgstr ""
19751
19752
#: serverguide/C/lamp-applications.xml:345(para)
19753
msgid ""
19754
"Once the configuration is complete, you should copy the "
19755
"<filename>LocalSettings.php</filename> file to "
19756
"<filename>/etc/mediawiki</filename> directory:"
19757
msgstr ""
19758
19759
#: serverguide/C/lamp-applications.xml:352(command)
19760
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19761
msgstr ""
19762
19763
#: serverguide/C/lamp-applications.xml:355(para)
19764
msgid ""
19765
"You may also want to edit "
19766
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19767
msgstr ""
19768
19769
#: serverguide/C/lamp-applications.xml:360(programlisting)
19770
#, no-wrap
19771
msgid ""
19772
"\n"
19773
"ini_set( 'memory_limit', '64M' );\n"
19774
msgstr ""
19775
19776
#: serverguide/C/lamp-applications.xml:367(title)
19777
msgid "Extensions"
19778
msgstr ""
19779
19780
#: serverguide/C/lamp-applications.xml:368(para)
19781
msgid ""
19782
"The extensions add new features and enhancements for the MediaWiki "
19783
"application. The extensions give wiki administrators and end users the "
19784
"ability to customize MediaWiki to their requirements."
19785
msgstr ""
19786
19787
#: serverguide/C/lamp-applications.xml:374(para)
19788
msgid ""
19789
"You can download MediaWiki extensions as an archive file or checkout from "
19790
"the Subversion repository. You should copy it to "
19791
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19792
"also add the following line at the end of file: "
19793
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19794
msgstr ""
19795
19796
#: serverguide/C/lamp-applications.xml:382(programlisting)
19797
#, no-wrap
19798
msgid ""
19799
"\n"
19800
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19801
msgstr ""
19802
19803
#: serverguide/C/lamp-applications.xml:392(para)
19804
msgid ""
19805
"For more details, please refer to the <ulink "
19806
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19807
msgstr ""
19808
19809
#: serverguide/C/lamp-applications.xml:398(para)
19810
msgid ""
19811
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19812
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19813
"new MediaWiki administrators."
19814
msgstr ""
19815
19816
#: serverguide/C/lamp-applications.xml:404(para)
19817
msgid ""
19818
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19819
"Wiki MediaWiki</ulink> page is a good resource."
19820
msgstr ""
19821
19822
#: serverguide/C/lamp-applications.xml:414(title)
19823
msgid "phpMyAdmin"
19824
msgstr "phpMyAdmin"
19825
19826
#: serverguide/C/lamp-applications.xml:416(para)
19827
msgid ""
19828
"<application>phpMyAdmin</application> is a LAMP application specifically "
19829
"written for administering <application>MySQL</application> servers. Written "
19830
"in <application>PHP</application>, and accessed through a web browser, "
19831
"phpMyAdmin provides a graphical interface for database administration tasks."
19832
msgstr ""
19833
19834
#: serverguide/C/lamp-applications.xml:425(para)
19835
msgid ""
19836
"Before installing <application>phpMyAdmin</application> you will need access "
19837
"to a <application>MySQL</application> database either on the same host as "
19838
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19839
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19840
"enter:"
19841
msgstr ""
19842
19843
#: serverguide/C/lamp-applications.xml:432(command)
19844
msgid "sudo apt-get install phpmyadmin"
19845
msgstr "sudo apt-get install phpmyadmin"
19846
19847
#: serverguide/C/lamp-applications.xml:435(para)
19848
msgid ""
19849
"At the prompt choose which web server to be configured for "
19850
"<application>phpMyAdmin</application>. The rest of this section will use "
19851
"<application>Apache2</application> for the web server."
19852
msgstr ""
19853
19854
#: serverguide/C/lamp-applications.xml:440(para)
19855
msgid ""
19856
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19857
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19858
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19859
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19860
"user if you any setup, and enter the <application>MySQL</application> user's "
19861
"password."
19862
msgstr ""
19863
19864
#: serverguide/C/lamp-applications.xml:447(para)
19865
msgid ""
19866
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19867
"needed, create users, create/destroy databases and tables, etc."
19868
msgstr ""
19869
19870
#: serverguide/C/lamp-applications.xml:455(para)
19871
msgid ""
19872
"The configuration files for <application>phpMyAdmin</application> are "
19873
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19874
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19875
"configuration options that apply globally to "
19876
"<application>phpMyAdmin</application>."
19877
msgstr ""
19878
19879
#: serverguide/C/lamp-applications.xml:461(para)
19880
msgid ""
19881
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19882
"hosted on another server, adjust the following in "
19883
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19884
msgstr ""
19885
19886
#: serverguide/C/lamp-applications.xml:466(programlisting)
19887
#, no-wrap
19888
msgid ""
19889
"\n"
19890
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19891
msgstr ""
19892
"\n"
19893
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19894
19895
#: serverguide/C/lamp-applications.xml:471(para)
19896
msgid ""
19897
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19898
"remote database server name or IP address. Also, be sure that the "
19899
"<application>phpMyAdmin</application> host has permissions to access the "
19900
"remote database."
19901
msgstr ""
19902
19903
#: serverguide/C/lamp-applications.xml:477(para)
19904
msgid ""
19905
"Once configured, log out of <application>phpMyAdmin</application> and back "
19906
"in, and you should be accessing the new server."
19907
msgstr ""
19908
19909
#: serverguide/C/lamp-applications.xml:481(para)
19910
msgid ""
19911
"The <filename>config.header.inc.php</filename> and "
19912
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19913
"header and footer to <application>phpMyAdmin</application>."
19914
msgstr ""
19915
19916
#: serverguide/C/lamp-applications.xml:486(para)
19917
msgid ""
19918
"Another important configuration file is "
19919
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19920
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
19921
"configure <application>Apache2</application> to serve the "
19922
"<application>phpMyAdmin</application> site. The file contains directives for "
19923
"loading <application>PHP</application>, directory permissions, etc. For more "
19924
"information on configuring <application>Apache2</application> see <xref "
19925
"linkend=\"httpd\"/>."
19926
msgstr ""
19927
19928
#: serverguide/C/lamp-applications.xml:500(para)
19929
msgid ""
19930
"The <application>phpMyAdmin</application> documentation comes installed with "
19931
"the package and can be accessed from the <emphasis>phpMyAdmin "
19932
"Documentation</emphasis> link (a question mark with a box around it) under "
19933
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
19934
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19935
msgstr ""
19936
19937
#: serverguide/C/lamp-applications.xml:507(para)
19938
msgid ""
19939
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19940
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19941
msgstr ""
19942
19943
#: serverguide/C/lamp-applications.xml:512(para)
19944
msgid ""
19945
"A third resource is the <ulink "
19946
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19947
"Wiki</ulink> page."
19948
msgstr ""
19949
19950
#: serverguide/C/introduction.xml:14(para)
19951
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
19952
msgstr ""
19953
19954
#: serverguide/C/introduction.xml:15(para)
19955
msgid ""
19956
"Here you can find information on how to install and configure various server "
19957
"applications. It is a step-by-step, task-oriented guide for configuring and "
19958
"customizing your system."
19959
msgstr ""
19960
19961
#: serverguide/C/introduction.xml:19(para)
19962
msgid ""
19963
"This guide assumes you have a basic understanding of your Ubuntu system. "
19964
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19965
"but if you need detailed instructions installing Ubuntu please refer to the "
19966
"<ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
19967
"Installation Guide</ulink>."
19968
msgstr ""
19969
19970
#: serverguide/C/introduction.xml:25(para)
19971
msgid ""
19972
"A HTML version of the manual is available online at <ulink "
19973
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19974
"HTML files are also available in the <application>ubuntu-"
19975
"serverguide</application> package. See <xref linkend=\"package-"
19976
"management\"/> for details on installing packages."
19977
msgstr ""
19978
19979
#: serverguide/C/introduction.xml:32(para)
19980
msgid ""
19981
"If you choose to install the <application>ubuntu-serverguide</application> "
19982
"you can view this document from a console by:"
19983
msgstr ""
19984
19985
#: serverguide/C/introduction.xml:36(command)
19986
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19987
msgstr ""
19988
19989
#: serverguide/C/introduction.xml:39(para)
19990
msgid ""
19991
"If you are using a localized version of Ubuntu, replace "
19992
"<emphasis>C</emphasis> with your language localization (e.g. "
19993
"<emphasis>en_GB</emphasis>)."
19994
msgstr ""
19995
19996
#: serverguide/C/introduction.xml:53(title)
19997
msgid "Support"
19998
msgstr "Падтрымка"
19999
20000
#: serverguide/C/introduction.xml:55(para)
20001
msgid ""
20002
"There are a couple of different ways that Ubuntu Server Edition is "
20003
"supported, commercial support and community support. The main commercial "
20004
"support (and development funding) is available from Canonical Ltd. They "
20005
"supply reasonably priced support contracts on a per desktop or per server "
20006
"basis. For more information see the <ulink "
20007
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
20008
"page."
20009
msgstr ""
20010
20011
#: serverguide/C/introduction.xml:62(para)
20012
msgid ""
20013
"Community support is also provided by dedicated individuals, and companies, "
20014
"that wish to make Ubuntu the best distribution possible. Support is provided "
20015
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
20016
"large amount of information available can be overwhelming, but a good search "
20017
"engine query can usually provide an answer to your questions. See the <ulink "
20018
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
20019
"information."
20020
msgstr ""
20021
20022
#: serverguide/C/installation.xml:14(para)
20023
msgid ""
20024
"This chapter provides a quick overview of installing Ubuntu 10.04 LTS Server "
20025
"Edition. For more detailed instructions, please refer to the <ulink "
20026
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
20027
"Installation Guide</ulink>."
20028
msgstr ""
20029
20030
#: serverguide/C/installation.xml:19(title)
20031
msgid "Preparing to Install"
20032
msgstr "Рыхтуецца да ўстаноўкі"
20033
20034
#: serverguide/C/installation.xml:20(para)
20035
msgid ""
20036
"This section explains various aspects to consider before starting the "
20037
"installation."
20038
msgstr ""
20039
20040
#: serverguide/C/installation.xml:24(title)
20041
msgid "System Requirements"
20042
msgstr "Сыстэмныя патрабаваньні"
20043
20044
#: serverguide/C/installation.xml:25(para)
20045
msgid ""
20046
"Ubuntu 10.04 LTS Server Edition supports two (2) major architectures: Intel "
20047
"x86 and AMD64. The table below lists recommended hardware specifications. "
20048
"Depending on your needs, you might manage with less than this. However, most "
20049
"users risk being frustrated if they ignore these suggestions."
20050
msgstr ""
20051
20052
#: serverguide/C/installation.xml:27(title)
20053
msgid "Recommended Minimum Requirements"
20054
msgstr "Мінімальныя рэкамендаваныя патрабаваньні"
20055
20056
#: serverguide/C/installation.xml:35(para)
20057
msgid "Install Type"
20058
msgstr "Тып устаноўкі"
20059
20060
#: serverguide/C/installation.xml:36(para)
20061
msgid "RAM"
20062
msgstr "RAM"
20063
20064
#: serverguide/C/installation.xml:37(para)
20065
msgid "Hard Drive Space"
20066
msgstr "Прастона на жорсткім дыску"
20067
20068
#: serverguide/C/installation.xml:40(para)
20069
msgid "Base System"
20070
msgstr ""
20071
20072
#: serverguide/C/installation.xml:41(para)
20073
msgid "All Tasks Installed"
20074
msgstr "Усе заданьні устаноўленыя"
20075
20076
#: serverguide/C/installation.xml:46(para)
20077
msgid "Server"
20078
msgstr "Сэрвер"
20079
20080
#: serverguide/C/installation.xml:47(para)
20081
msgid "128 megabytes"
20082
msgstr "128 Мб"
20083
20084
#: serverguide/C/installation.xml:48(para)
20085
msgid "500 megabytes"
20086
msgstr "500 Мб"
20087
20088
#: serverguide/C/installation.xml:49(para)
20089
msgid "1 gigabyte"
20090
msgstr "1 Гб"
20091
20092
#: serverguide/C/installation.xml:54(para)
20093
msgid ""
20094
"The Server Edition provides a common base for all sorts of server "
20095
"applications. It is a minimalist design providing a platform for the desired "
20096
"services, such as file/print services, web hosting, email hosting, etc."
20097
msgstr ""
20098
20099
#: serverguide/C/installation.xml:60(para)
20100
msgid ""
20101
"The requirements for UEC are slightly different for Front End requirements "
20102
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
20103
"requirements see <xref linkend=\"uec-node-requirements\"/>."
20104
msgstr ""
20105
20106
#: serverguide/C/installation.xml:68(title)
20107
msgid "Server and Desktop Differences"
20108
msgstr ""
20109
20110
#: serverguide/C/installation.xml:69(para)
20111
msgid ""
20112
"There are a few differences between the <emphasis>Ubuntu Server "
20113
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
20114
"should be noted that both editions use the same "
20115
"<application>apt</application> repositories. Making it just as easy to "
20116
"install a <emphasis role=\"italic\">server</emphasis> application on the "
20117
"Desktop Edition as it is on the Server Edition."
20118
msgstr ""
20119
20120
#: serverguide/C/installation.xml:75(para)
20121
msgid ""
20122
"The differences between the two editions are the lack of an X window "
20123
"environment in the Server Edition, the installation process, and different "
20124
"Kernel options."
20125
msgstr ""
20126
20127
#: serverguide/C/installation.xml:82(title)
20128
msgid "Kernel Differences:"
20129
msgstr ""
20130
20131
#: serverguide/C/installation.xml:85(para)
20132
msgid ""
20133
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
20134
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
20135
"Edition."
20136
msgstr ""
20137
20138
#: serverguide/C/installation.xml:91(para)
20139
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
20140
msgstr ""
20141
20142
#: serverguide/C/installation.xml:96(para)
20143
msgid ""
20144
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
20145
"Desktop Edition."
20146
msgstr ""
20147
20148
#: serverguide/C/installation.xml:102(para)
20149
msgid ""
20150
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
20151
"limited by memory addressing space."
20152
msgstr ""
20153
20154
#: serverguide/C/installation.xml:107(para)
20155
msgid ""
20156
"To see all kernel configuration options you can look through "
20157
"<filename>/boot/config-2.6.31-server</filename>. Also, <ulink "
20158
"url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
20159
"great resource on the options available."
20160
msgstr ""
20161
20162
#: serverguide/C/installation.xml:116(title)
20163
msgid "Backing Up"
20164
msgstr ""
20165
20166
#: serverguide/C/installation.xml:119(para)
20167
msgid ""
20168
"Before installing <application>Ubuntu Server Edition</application> you "
20169
"should make sure all data on the system is backed up. See <xref "
20170
"linkend=\"backups\"/> for backup options."
20171
msgstr ""
20172
20173
#: serverguide/C/installation.xml:123(para)
20174
msgid ""
20175
"If this is not the first time an operating system has been installed on your "
20176
"computer, it is likely you will need to re-partition your disk to make room "
20177
"for Ubuntu."
20178
msgstr ""
20179
20180
#: serverguide/C/installation.xml:127(para)
20181
msgid ""
20182
"Any time you partition your disk, you should be prepared to lose everything "
20183
"on the disk should you make a mistake or something goes wrong during "
20184
"partitioning. The programs used in installation are quite reliable, most "
20185
"have seen years of use, but they also perform destructive actions."
20186
msgstr ""
20187
20188
#: serverguide/C/installation.xml:139(title)
20189
msgid "Installing from CD"
20190
msgstr "Устаноўка з дыска"
20191
20192
#: serverguide/C/installation.xml:140(para)
20193
msgid ""
20194
"The basic steps to install Ubuntu Server Edition from CD are the same for "
20195
"installing any operating system from CD. Unlike the <emphasis>Desktop "
20196
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
20197
"a graphical installation program. Instead the Server Edition uses a console "
20198
"menu based process."
20199
msgstr ""
20200
20201
#: serverguide/C/installation.xml:147(para)
20202
msgid ""
20203
"First, download and burn the appropriate ISO file from the <ulink "
20204
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
20205
msgstr ""
20206
20207
#: serverguide/C/installation.xml:153(para)
20208
msgid "Boot the system from the CD-ROM drive."
20209
msgstr "Загрузіць сыстэму з CD-ROMа."
20210
20211
#: serverguide/C/installation.xml:158(para)
20212
msgid ""
20213
"At the boot prompt you will be asked to select the language. Afterwards the "
20214
"installation process begins by asking for your keyboard layout."
20215
msgstr ""
20216
20217
#: serverguide/C/installation.xml:164(para)
20218
msgid ""
20219
"From the main boot menu there are some additional options to install Ubuntu "
20220
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
20221
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
20222
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
20223
"will cover the basic Ubuntu Server install."
20224
msgstr ""
20225
20226
#: serverguide/C/installation.xml:172(para)
20227
msgid ""
20228
"The installer then discovers your hardware configuration, and configures the "
20229
"network settings using DHCP. If you do not wish to use DHCP at the next "
20230
"screen choose \"Go Back\", and you have the option to \"Configure the "
20231
"network manually\"."
20232
msgstr ""
20233
20234
#: serverguide/C/installation.xml:179(para)
20235
msgid "Next, the installer asks for the system's hostname and Time Zone."
20236
msgstr ""
20237
20238
#: serverguide/C/installation.xml:184(para)
20239
msgid ""
20240
"You can then choose from several options to configure the hard drive layout. "
20241
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
20242
msgstr ""
20243
20244
#: serverguide/C/installation.xml:190(para)
20245
msgid "The Ubuntu base system is then installed."
20246
msgstr ""
20247
20248
#: serverguide/C/installation.xml:195(para)
20249
msgid ""
20250
"A new user is setup, this user will have <emphasis>root</emphasis> access "
20251
"through the <application>sudo</application> utility."
20252
msgstr ""
20253
20254
#: serverguide/C/installation.xml:201(para)
20255
msgid ""
20256
"After the user is setup, you will be asked to encrypt your <filename "
20257
"role=\"directory\">home</filename> directory."
20258
msgstr ""
20259
20260
#: serverguide/C/installation.xml:207(para)
20261
msgid ""
20262
"The next step in the installation process is to decide how you want to "
20263
"update the system. There are three options:"
20264
msgstr ""
20265
20266
#: serverguide/C/installation.xml:213(para)
20267
msgid ""
20268
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
20269
"log into the machine and manually install updates."
20270
msgstr ""
20271
20272
#: serverguide/C/installation.xml:219(para)
20273
msgid ""
20274
"<emphasis>Install security updates Automatically</emphasis>: will install "
20275
"the <application>unattended-upgrades</application> package, which will "
20276
"install security updates without the intervention of an administrator. For "
20277
"more details see <xref linkend=\"automatic-updates\"/>."
20278
msgstr ""
20279
20280
#: serverguide/C/installation.xml:226(para)
20281
msgid ""
20282
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
20283
"service provided by Canonical to help manage your Ubuntu machines. See the "
20284
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
20285
"site for details."
20286
msgstr ""
20287
20288
#: serverguide/C/installation.xml:235(para)
20289
msgid ""
20290
"You now have the option to install, or not install, several package tasks. "
20291
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
20292
"to launch <application>aptitude</application> to choose specific packages to "
20293
"install. For more information see <xref linkend=\"aptitude\"/>."
20294
msgstr ""
20295
20296
#: serverguide/C/installation.xml:243(para)
20297
msgid "Finally, the last step before rebooting is to set the clock to UTC."
20298
msgstr "У канцы, апошні крок перад перазапускам - наладзіць час у UTC."
20299
20300
#: serverguide/C/installation.xml:249(para)
20301
msgid ""
20302
"If at any point during installation you are not satisfied by the default "
20303
"setting, use the \"Go Back\" function at any prompt to be brought to a "
20304
"detailed installation menu that will allow you to modify the default "
20305
"settings."
20306
msgstr ""
20307
20308
#: serverguide/C/installation.xml:254(para)
20309
msgid ""
20310
"At some point during the installation process you may want to read the help "
20311
"screen provided by the installation system. To do this, press F1."
20312
msgstr ""
20313
20314
#: serverguide/C/installation.xml:259(para)
20315
msgid ""
20316
"Once again, for detailed instructions see the <ulink "
20317
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\"> Ubuntu "
20318
"Installation Guide</ulink>."
20319
msgstr ""
20320
20321
#: serverguide/C/installation.xml:265(title)
20322
msgid "Package Tasks"
20323
msgstr ""
20324
20325
#: serverguide/C/installation.xml:266(para)
20326
msgid ""
20327
"During the Server Edition installation you have the option of installing "
20328
"additional packages from the CD. The packages are grouped by the type of "
20329
"service they provide."
20330
msgstr ""
20331
20332
#: serverguide/C/installation.xml:272(para)
20333
msgid "Cloud computing: Walrus storage service"
20334
msgstr ""
20335
20336
#: serverguide/C/installation.xml:277(para)
20337
msgid "Cloud computing: all-in-one cluster"
20338
msgstr ""
20339
20340
#: serverguide/C/installation.xml:282(para)
20341
msgid "Cloud computing: Cluster controller"
20342
msgstr ""
20343
20344
#: serverguide/C/installation.xml:287(para)
20345
msgid "Cloud computing: Node controller"
20346
msgstr ""
20347
20348
#: serverguide/C/installation.xml:292(para)
20349
msgid "Cloud computing: Storage controller"
20350
msgstr ""
20351
20352
#: serverguide/C/installation.xml:297(para)
20353
msgid "Cloud computing: top-level cloud controller"
20354
msgstr ""
20355
20356
#: serverguide/C/installation.xml:302(para)
20357
msgid "DNS server: Selects the BIND DNS server and its documentation."
20358
msgstr ""
20359
20360
#: serverguide/C/installation.xml:307(para)
20361
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
20362
msgstr ""
20363
20364
#: serverguide/C/installation.xml:312(para)
20365
msgid ""
20366
"Mail server: This task selects a variety of package useful for a general "
20367
"purpose mail server system."
20368
msgstr ""
20369
20370
#: serverguide/C/installation.xml:317(para)
20371
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
20372
msgstr ""
20373
20374
#: serverguide/C/installation.xml:322(para)
20375
msgid ""
20376
"PostgreSQL database: This task selects client and server packages for the "
20377
"PostgreSQL database."
20378
msgstr ""
20379
20380
#: serverguide/C/installation.xml:327(para)
20381
msgid "Print server: This task sets up your system to be a print server."
20382
msgstr ""
20383
20384
#: serverguide/C/installation.xml:332(para)
20385
msgid ""
20386
"Samba File server: This task sets up your system to be a Samba file server, "
20387
"which is especially suitable in networks with both Windows and Linux systems."
20388
msgstr ""
20389
20390
#: serverguide/C/installation.xml:338(para)
20391
msgid ""
20392
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
20393
"etc."
20394
msgstr ""
20395
20396
#: serverguide/C/installation.xml:343(para)
20397
msgid ""
20398
"Virtual machine host: Includes packages needed to run KVM virtual machines."
20399
msgstr ""
20400
20401
#: serverguide/C/installation.xml:348(para)
20402
msgid ""
20403
"Manually select packages: Executes <application>apptitude</application> "
20404
"allowing you to individually select packages."
20405
msgstr ""
20406
20407
#: serverguide/C/installation.xml:353(para)
20408
msgid ""
20409
"Installing the package groups is accomplished using the "
20410
"<application>tasksel</application> utility. One of the important difference "
20411
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
20412
"installed, a package is also configured to reasonable defaults, eventually "
20413
"prompting you for additional required information. Likewise, when installing "
20414
"a task, the packages are not only installed, but also configured to provided "
20415
"a fully integrated service."
20416
msgstr ""
20417
20418
#: serverguide/C/installation.xml:360(para)
20419
msgid ""
20420
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
20421
"<xref linkend=\"uec\"/>."
20422
msgstr ""
20423
20424
#: serverguide/C/installation.xml:363(para)
20425
msgid ""
20426
"Once the installation process has finished you can view a list of available "
20427
"tasks by entering the following from a terminal prompt:"
20428
msgstr ""
20429
20430
#: serverguide/C/installation.xml:368(command)
20431
msgid "tasksel --list-tasks"
20432
msgstr "tasksel --list-tasks"
20433
20434
#: serverguide/C/installation.xml:371(para)
20435
msgid ""
20436
"The output will list tasks from other Ubuntu based distributions such as "
20437
"Kubuntu and Edubuntu. Note that you can also invoke the "
20438
"<command>tasksel</command> command by itself, which will bring up a menu of "
20439
"the different tasks available."
20440
msgstr ""
20441
20442
#: serverguide/C/installation.xml:377(para)
20443
msgid ""
20444
"You can view a list of which packages are installed with each task using the "
20445
"<emphasis>--task-packages</emphasis> option. For example, to list the "
20446
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
20447
"following:"
20448
msgstr ""
20449
20450
#: serverguide/C/installation.xml:382(command)
20451
msgid "tasksel --task-packages dns-server"
20452
msgstr "tasksel --task-packages dns-server"
20453
20454
#: serverguide/C/installation.xml:384(para)
20455
msgid "The output of the command should list:"
20456
msgstr ""
20457
20458
#: serverguide/C/installation.xml:387(programlisting)
20459
#, no-wrap
20460
msgid ""
20461
"\n"
20462
"bind9-doc \n"
20463
"bind9utils \n"
20464
"bind9\n"
20465
msgstr ""
20466
20467
#: serverguide/C/installation.xml:392(para)
20468
msgid ""
20469
"Also, if you did not install one of the tasks during the installation "
20470
"process, but for example you decide to make your new LAMP server a DNS "
20471
"server as well. Simply insert the installation CD and from a terminal:"
20472
msgstr ""
20473
20474
#: serverguide/C/installation.xml:397(command)
20475
msgid "sudo tasksel install dns-server"
20476
msgstr "sudo tasksel install dns-server"
20477
20478
#: serverguide/C/installation.xml:402(title)
20479
msgid "Upgrading"
20480
msgstr "Абнаўленьне"
20481
20482
#: serverguide/C/installation.xml:403(para)
20483
msgid ""
20484
"There are several ways to upgrade from one Ubuntu release to another. This "
20485
"section gives an overview of the recommended upgrade method."
20486
msgstr ""
20487
20488
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
20489
msgid "do-release-upgrade"
20490
msgstr "do-release-upgrade"
20491
20492
#: serverguide/C/installation.xml:408(para)
20493
msgid ""
20494
"The recommended way to upgrade a Server Edition installation is to use the "
20495
"<application>do-release-upgrade</application> utility. Part of the "
20496
"<emphasis>update-manager-core</emphasis> package, it does not have any "
20497
"graphical dependencies and is installed by default."
20498
msgstr ""
20499
20500
#: serverguide/C/installation.xml:413(para)
20501
msgid ""
20502
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20503
"upgrade</command>. However, using <application>do-release-"
20504
"upgrade</application> is recommended because it has the ability to handle "
20505
"system configuration changes sometimes needed between releases."
20506
msgstr ""
20507
20508
#: serverguide/C/installation.xml:418(para)
20509
msgid "To upgrade to a newer release, from a terminal prompt enter:"
20510
msgstr "Каб абнавіць да апошняга выпуску, увядзіце ў тэрмінале:"
20511
20512
#: serverguide/C/installation.xml:424(para)
20513
msgid ""
20514
"It is also possible to use <application>do-release-upgrade</application> to "
20515
"upgrade to a development version of Ubuntu. To accomplish this use the "
20516
"<emphasis>-d</emphasis> switch:"
20517
msgstr ""
20518
20519
#: serverguide/C/installation.xml:429(command)
20520
msgid "do-release-upgrade -d"
20521
msgstr "do-release-upgrade -d"
20522
20523
#: serverguide/C/installation.xml:432(para)
20524
msgid ""
20525
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20526
"for production environments."
20527
msgstr ""
20528
20529
#: serverguide/C/installation.xml:439(title)
20530
msgid "Advanced Installation"
20531
msgstr ""
20532
20533
#: serverguide/C/installation.xml:442(title)
20534
msgid "Software RAID"
20535
msgstr ""
20536
20537
#: serverguide/C/installation.xml:444(para)
20538
msgid ""
20539
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20540
"the probability of catastrophic data loss in case of drive failure. RAID is "
20541
"implemented in either software (where the operating system knows about both "
20542
"drives and actively maintains both of them) or hardware (where a special "
20543
"controller makes the OS think there's only one drive and maintains the "
20544
"drives 'invisibly')."
20545
msgstr ""
20546
20547
#: serverguide/C/installation.xml:451(para)
20548
msgid ""
20549
"The RAID software included with current versions of Linux (and Ubuntu) is "
20550
"based on the <application>'mdadm'</application> driver and works very well, "
20551
"better even than many so-called 'hardware' RAID controllers. This section "
20552
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20553
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20554
"another for <emphasis>swap</emphasis>."
20555
msgstr ""
20556
20557
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20558
msgid ""
20559
"Follow the installation steps until you get to the <emphasis>Partition "
20560
"disks</emphasis> step, then:"
20561
msgstr ""
20562
20563
#: serverguide/C/installation.xml:468(para)
20564
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20565
msgstr ""
20566
20567
#: serverguide/C/installation.xml:475(para)
20568
msgid ""
20569
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20570
"partition table on this device?\"</emphasis>."
20571
msgstr ""
20572
20573
#: serverguide/C/installation.xml:479(para)
20574
msgid ""
20575
"Repeat this step for each drive you wish to be part of the RAID array."
20576
msgstr ""
20577
20578
#: serverguide/C/installation.xml:486(para)
20579
msgid ""
20580
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20581
"select <emphasis>\"Create a new partition\"</emphasis>."
20582
msgstr ""
20583
20584
#: serverguide/C/installation.xml:493(para)
20585
msgid ""
20586
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20587
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20588
"size is twice that of RAM. Enter the partition size, then choose "
20589
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20590
msgstr ""
20591
20592
#: serverguide/C/installation.xml:502(para)
20593
msgid ""
20594
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20595
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20596
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20597
"<emphasis>\"Done setting up partition\"</emphasis>."
20598
msgstr ""
20599
20600
#: serverguide/C/installation.xml:511(para)
20601
msgid ""
20602
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20603
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20604
"partition\"</emphasis>."
20605
msgstr ""
20606
20607
#: serverguide/C/installation.xml:519(para)
20608
msgid ""
20609
"Use the rest of the free space on the drive and choose "
20610
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20611
msgstr ""
20612
20613
#: serverguide/C/installation.xml:526(para)
20614
msgid ""
20615
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20616
"at the top, changing it to <emphasis>\"physical volume for "
20617
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20618
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20619
"<emphasis>\"Done setting up partition\"</emphasis>."
20620
msgstr ""
20621
20622
#: serverguide/C/installation.xml:536(para)
20623
msgid "Repeat steps three through eight for the other disk and partitions."
20624
msgstr ""
20625
20626
#: serverguide/C/installation.xml:545(title)
20627
msgid "RAID Configuration"
20628
msgstr "Наладкі RAID"
20629
20630
#: serverguide/C/installation.xml:547(para)
20631
msgid "With the partitions setup the arrays are ready to be configured:"
20632
msgstr ""
20633
20634
#: serverguide/C/installation.xml:554(para)
20635
msgid ""
20636
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20637
"Software RAID\"</emphasis> at the top."
20638
msgstr ""
20639
20640
#: serverguide/C/installation.xml:561(para)
20641
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20642
msgstr ""
20643
20644
#: serverguide/C/installation.xml:568(para)
20645
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20646
msgstr ""
20647
20648
#: serverguide/C/installation.xml:575(para)
20649
msgid ""
20650
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20651
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20652
msgstr ""
20653
20654
#: serverguide/C/installation.xml:581(para)
20655
msgid ""
20656
"In order to use <emphasis>RAID5</emphasis> you need at least "
20657
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20658
"<emphasis>two</emphasis> drives are required."
20659
msgstr ""
20660
20661
#: serverguide/C/installation.xml:590(para)
20662
msgid ""
20663
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20664
"of hard drives you have, for the array. Then select "
20665
"<emphasis>\"Continue\"</emphasis>."
20666
msgstr ""
20667
20668
#: serverguide/C/installation.xml:598(para)
20669
msgid ""
20670
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20671
"default, then choose <emphasis>\"Continue\"</emphasis>."
20672
msgstr ""
20673
20674
#: serverguide/C/installation.xml:605(para)
20675
msgid ""
20676
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20677
"etc. The numbers will usually match and the different letters correspond to "
20678
"different hard drives."
20679
msgstr ""
20680
20681
#: serverguide/C/installation.xml:610(para)
20682
msgid ""
20683
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20684
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20685
"go to the next step."
20686
msgstr ""
20687
20688
#: serverguide/C/installation.xml:618(para)
20689
msgid ""
20690
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20691
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20692
"and <emphasis>sdb2</emphasis>."
20693
msgstr ""
20694
20695
#: serverguide/C/installation.xml:626(para)
20696
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20697
msgstr ""
20698
20699
#: serverguide/C/installation.xml:636(title)
20700
msgid "Formatting"
20701
msgstr ""
20702
20703
#: serverguide/C/installation.xml:638(para)
20704
msgid ""
20705
"There should now be a list of hard drives and RAID devices. The next step is "
20706
"to format and set the mount point for the RAID devices. Treat the RAID "
20707
"device as a local hard drive, format and mount accordingly."
20708
msgstr ""
20709
20710
#: serverguide/C/installation.xml:646(para)
20711
msgid ""
20712
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20713
"#0\"</emphasis> partition."
20714
msgstr ""
20715
20716
#: serverguide/C/installation.xml:653(para)
20717
msgid ""
20718
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20719
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20720
msgstr ""
20721
20722
#: serverguide/C/installation.xml:661(para)
20723
msgid ""
20724
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20725
"#1\"</emphasis> partition."
20726
msgstr ""
20727
20728
#: serverguide/C/installation.xml:668(para)
20729
msgid ""
20730
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20731
"journaling file system\"</emphasis>."
20732
msgstr ""
20733
20734
#: serverguide/C/installation.xml:675(para)
20735
msgid ""
20736
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20737
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20738
"options as appropriate, then select <emphasis>\"Done setting up "
20739
"partition\"</emphasis>."
20740
msgstr ""
20741
20742
#: serverguide/C/installation.xml:683(para)
20743
msgid ""
20744
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20745
"disk\"</emphasis>."
20746
msgstr ""
20747
20748
#: serverguide/C/installation.xml:690(para)
20749
msgid ""
20750
"If you choose to place the root partition on a RAID array, the installer "
20751
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20752
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20753
msgstr ""
20754
20755
#: serverguide/C/installation.xml:695(para)
20756
msgid "The installation process will then continue normally."
20757
msgstr ""
20758
20759
#: serverguide/C/installation.xml:701(title)
20760
msgid "Degraded RAID"
20761
msgstr ""
20762
20763
#: serverguide/C/installation.xml:703(para)
20764
msgid ""
20765
"At some point in the life of the computer a disk failure event may occur. "
20766
"When this happens, using Software RAID, the operating system will place the "
20767
"array into what is known as a <emphasis>degraded</emphasis> state."
20768
msgstr ""
20769
20770
#: serverguide/C/installation.xml:708(para)
20771
msgid ""
20772
"If the array has become degraded, due to the chance of data corruption, by "
20773
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20774
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20775
"second prompt giving you the option to go ahead and boot the system, or "
20776
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20777
"the desired behavior, especially if the machine is in a remote location. "
20778
"Booting to a degraded array can be configured several ways:"
20779
msgstr ""
20780
20781
#: serverguide/C/installation.xml:719(para)
20782
msgid ""
20783
"The <application>dpkg-reconfigure</application> utility can be used to "
20784
"configure the default behavior, and during the process you will be queried "
20785
"about additional settings related to the array. Such as monitoring, email "
20786
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20787
"following:"
20788
msgstr ""
20789
20790
#: serverguide/C/installation.xml:726(command)
20791
msgid "sudo dpkg-reconfigure mdadm"
20792
msgstr "sudo dpkg-reconfigure mdadm"
20793
20794
#: serverguide/C/installation.xml:732(para)
20795
msgid ""
20796
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20797
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20798
"The file has the advantage of being able to pre-configure the system's "
20799
"behavior, and can also be manually edited:"
20800
msgstr ""
20801
20802
#: serverguide/C/installation.xml:738(programlisting)
20803
#, no-wrap
20804
msgid ""
20805
"\n"
20806
"BOOT_DEGRADED=true\n"
20807
msgstr ""
20808
"\n"
20809
"BOOT_DEGRADED=true\n"
20810
20811
#: serverguide/C/installation.xml:743(para)
20812
msgid "The configuration file can be overridden by using a Kernel argument."
20813
msgstr ""
20814
20815
#: serverguide/C/installation.xml:751(para)
20816
msgid ""
20817
"Using a Kernel argument will allow the system to boot to a degraded array as "
20818
"well:"
20819
msgstr ""
20820
20821
#: serverguide/C/installation.xml:757(para)
20822
msgid ""
20823
"When the server is booting press <keycap>Shift</keycap> to open the "
20824
"<application>Grub</application> menu."
20825
msgstr ""
20826
20827
#: serverguide/C/installation.xml:762(para)
20828
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20829
msgstr ""
20830
20831
#: serverguide/C/installation.xml:767(para)
20832
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20833
msgstr ""
20834
20835
#: serverguide/C/installation.xml:772(para)
20836
msgid ""
20837
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20838
"end of the line."
20839
msgstr ""
20840
20841
#: serverguide/C/installation.xml:777(para)
20842
msgid ""
20843
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20844
"the system."
20845
msgstr ""
20846
20847
#: serverguide/C/installation.xml:786(para)
20848
msgid ""
20849
"Once the system has booted you can either repair the array see <xref "
20850
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20851
"another machine due to major hardware failure."
20852
msgstr ""
20853
20854
#: serverguide/C/installation.xml:793(title)
20855
msgid "RAID Maintenance"
20856
msgstr ""
20857
20858
#: serverguide/C/installation.xml:795(para)
20859
msgid ""
20860
"The <application>mdadm</application> utility can be used to view the status "
20861
"of an array, add disks to an array, remove disks, etc:"
20862
msgstr ""
20863
20864
#: serverguide/C/installation.xml:802(para)
20865
msgid "To view the status of an array, from a terminal prompt enter:"
20866
msgstr ""
20867
20868
#: serverguide/C/installation.xml:806(command)
20869
msgid "sudo mdadm -D /dev/md0"
20870
msgstr "sudo mdadm -D /dev/md0"
20871
20872
#: serverguide/C/installation.xml:809(para)
20873
msgid ""
20874
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20875
"display <emphasis>detailed</emphasis> information about the "
20876
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20877
"with the appropriate RAID device."
20878
msgstr ""
20879
20880
#: serverguide/C/installation.xml:815(para)
20881
msgid "To view the status of a disk in an array:"
20882
msgstr ""
20883
20884
#: serverguide/C/installation.xml:819(command)
20885
msgid "sudo mdadm -E /dev/sda1"
20886
msgstr "sudo mdadm -E /dev/sda1"
20887
20888
#: serverguide/C/installation.xml:821(para)
20889
msgid ""
20890
"The output if very similar to the <command>mdadm -D</command> command, "
20891
"adjust <filename>/dev/sda1</filename> for each disk."
20892
msgstr ""
20893
20894
#: serverguide/C/installation.xml:826(para)
20895
msgid "If a disk fails and needs to be removed from an array enter:"
20896
msgstr ""
20897
20898
#: serverguide/C/installation.xml:830(command)
20899
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20900
msgstr "sudo mdadm --remove /dev/md0 /dev/sda1"
20901
20902
#: serverguide/C/installation.xml:832(para)
20903
msgid ""
20904
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20905
"the appropriate RAID device and disk."
20906
msgstr ""
20907
20908
#: serverguide/C/installation.xml:837(para)
20909
msgid "Similarly, to add a new disk:"
20910
msgstr ""
20911
20912
#: serverguide/C/installation.xml:841(command)
20913
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20914
msgstr "sudo mdadm --add /dev/md0 /dev/sda1"
20915
20916
#: serverguide/C/installation.xml:846(para)
20917
msgid ""
20918
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20919
"though there is nothing physically wrong with the drive. It is usually "
20920
"worthwhile to remove the drive from the array then re-add it. This will "
20921
"cause the drive to re-sync with the array. If the drive will not sync with "
20922
"the array, it is a good indication of hardware failure."
20923
msgstr ""
20924
20925
#: serverguide/C/installation.xml:852(para)
20926
msgid ""
20927
"The <filename>/proc/mdstat</filename> file also contains useful information "
20928
"about the system's RAID devices:"
20929
msgstr ""
20930
20931
#: serverguide/C/installation.xml:857(command)
20932
msgid "cat /proc/mdstat"
20933
msgstr "cat /proc/mdstat"
20934
20935
#: serverguide/C/installation.xml:858(computeroutput)
20936
#, no-wrap
20937
msgid ""
20938
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20939
"[raid10] \n"
20940
"md0 : active raid1 sda1[0] sdb1[1]\n"
20941
" 10016384 blocks [2/2] [UU]\n"
20942
" \n"
20943
"unused devices: <none>"
20944
msgstr ""
20945
20946
#: serverguide/C/installation.xml:865(para)
20947
msgid ""
20948
"The following command is great for watching the status of a syncing drive:"
20949
msgstr ""
20950
20951
#: serverguide/C/installation.xml:870(command)
20952
msgid "watch -n1 cat /proc/mdstat"
20953
msgstr "watch -n1 cat /proc/mdstat"
20954
20955
#: serverguide/C/installation.xml:873(para)
20956
msgid ""
20957
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20958
"<application>watch</application> command."
20959
msgstr ""
20960
20961
#: serverguide/C/installation.xml:877(para)
20962
msgid ""
20963
"If you do need to replace a faulty drive, after the drive has been replaced "
20964
"and synced, <application>grub</application> will need to be installed. To "
20965
"install <application>grub</application> on the new drive, enter the "
20966
"following:"
20967
msgstr ""
20968
20969
#: serverguide/C/installation.xml:883(command)
20970
msgid "sudo grub-install /dev/md0"
20971
msgstr "sudo grub-install /dev/md0"
20972
20973
#: serverguide/C/installation.xml:886(para)
20974
msgid ""
20975
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20976
msgstr ""
20977
20978
#: serverguide/C/installation.xml:894(para)
20979
msgid ""
20980
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20981
"can be configured. Please see the following links for more information:"
20982
msgstr ""
20983
20984
#: serverguide/C/installation.xml:901(para)
20985
msgid ""
20986
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20987
"Wiki Articles on RAID</ulink>."
20988
msgstr ""
20989
20990
#: serverguide/C/installation.xml:907(ulink)
20991
msgid "Software RAID HOWTO"
20992
msgstr ""
20993
20994
#: serverguide/C/installation.xml:912(ulink)
20995
msgid "Managing RAID on Linux"
20996
msgstr ""
20997
20998
#: serverguide/C/installation.xml:919(title)
20999
msgid "Logical Volume Manager (LVM)"
21000
msgstr ""
21001
21002
#: serverguide/C/installation.xml:921(para)
21003
msgid ""
21004
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
21005
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
21006
"hard disks. LVM volumes can be created on both software RAID partitions and "
21007
"standard partitions residing on a single disk. Volumes can also be extended, "
21008
"giving greater flexibility to systems as requirements change."
21009
msgstr ""
21010
21011
#: serverguide/C/installation.xml:930(para)
21012
msgid ""
21013
"A side effect of LVM's power and flexibility is a greater degree of "
21014
"complication. Before diving into the LVM installation process, it is best to "
21015
"get familiar with some terms."
21016
msgstr ""
21017
21018
#: serverguide/C/installation.xml:937(para)
21019
msgid ""
21020
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
21021
"Volumes (LV)."
21022
msgstr ""
21023
21024
#: serverguide/C/installation.xml:942(para)
21025
msgid ""
21026
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
21027
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
21028
"which resides the actual EXT3, XFS, JFS, etc filesystem."
21029
msgstr ""
21030
21031
#: serverguide/C/installation.xml:948(para)
21032
msgid ""
21033
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
21034
"RAID partition. The Volume Group can be extended by adding more PVs."
21035
msgstr ""
21036
21037
#: serverguide/C/installation.xml:959(para)
21038
msgid ""
21039
"As an example this section covers installing Ubuntu Server Edition with "
21040
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
21041
"the initial install only one Physical Volume (PV) will be part of the Volume "
21042
"Group (VG). Another PV will be added after install to demonstrate how a VG "
21043
"can be extended."
21044
msgstr ""
21045
21046
#: serverguide/C/installation.xml:965(para)
21047
msgid ""
21048
"There are several installation options for LVM, <emphasis>\"Guided - use the "
21049
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
21050
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
21051
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
21052
"partitions and configure LVM. At this time the only way to configure a "
21053
"system with both LVM and standard partitions, during installation, is to use "
21054
"the Manual approach."
21055
msgstr ""
21056
21057
#: serverguide/C/installation.xml:982(para)
21058
msgid ""
21059
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
21060
"<emphasis>\"Manual\"</emphasis>."
21061
msgstr ""
21062
21063
#: serverguide/C/installation.xml:989(para)
21064
msgid ""
21065
"Select the hard disk and on the next screen choose \"yes\" to "
21066
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
21067
msgstr ""
21068
21069
#: serverguide/C/installation.xml:996(para)
21070
msgid ""
21071
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
21072
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
21073
msgstr ""
21074
21075
#: serverguide/C/installation.xml:1004(para)
21076
msgid ""
21077
"For the LVM <emphasis>/srv</emphasis>, create a new "
21078
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
21079
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
21080
"<emphasis>\"Done setting up the partition\"</emphasis>."
21081
msgstr ""
21082
21083
#: serverguide/C/installation.xml:1012(para)
21084
msgid ""
21085
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
21086
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
21087
"disk."
21088
msgstr ""
21089
21090
#: serverguide/C/installation.xml:1020(para)
21091
msgid ""
21092
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
21093
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
21094
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
21095
"After entering a name, select the partition configured for LVM, and choose "
21096
"<emphasis>\"Continue\"</emphasis>."
21097
msgstr ""
21098
21099
#: serverguide/C/installation.xml:1029(para)
21100
msgid ""
21101
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
21102
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
21103
"volume group, and enter a name for the new LV, for example "
21104
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
21105
"a size, which may be the full partition because it can always be extended "
21106
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
21107
"main <emphasis>\"Partition Disks\"</emphasis> screen."
21108
msgstr ""
21109
21110
#: serverguide/C/installation.xml:1039(para)
21111
msgid ""
21112
"Now add a filesystem to the new LVM. Select the partition under "
21113
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
21114
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
21115
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
21116
"select <emphasis>\"Done setting up the partition\"</emphasis>."
21117
msgstr ""
21118
21119
#: serverguide/C/installation.xml:1048(para)
21120
msgid ""
21121
"Finally, select <emphasis>\"Finish partitioning and write changes to "
21122
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
21123
"the installation."
21124
msgstr ""
21125
21126
#: serverguide/C/installation.xml:1056(para)
21127
msgid "There are some useful utilities to view information about LVM:"
21128
msgstr ""
21129
21130
#: serverguide/C/installation.xml:1061(para)
21131
msgid ""
21132
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
21133
msgstr ""
21134
21135
#: serverguide/C/installation.xml:1062(para)
21136
msgid ""
21137
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
21138
msgstr ""
21139
21140
#: serverguide/C/installation.xml:1063(para)
21141
msgid ""
21142
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
21143
"Physical Volumes."
21144
msgstr ""
21145
21146
#: serverguide/C/installation.xml:1068(title)
21147
msgid "Extending Volume Groups"
21148
msgstr ""
21149
21150
#: serverguide/C/installation.xml:1070(para)
21151
msgid ""
21152
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
21153
"section covers adding a second hard disk, creating a Physical Volume (PV), "
21154
"adding it to the volume group (VG), extending the logical volume <filename "
21155
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
21156
"example assumes a second hard disk has been added to the system. This hard "
21157
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
21158
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
21159
"before issuing the commands below. You could lose some data if you issue "
21160
"those commands on a non-empty disk. In our example we will use the entire "
21161
"disk as a physical volume (you could choose to create partitions and use "
21162
"them as different physical volumes)"
21163
msgstr ""
21164
21165
#: serverguide/C/installation.xml:1082(para)
21166
msgid "First, create the physical volume, in a terminal execute:"
21167
msgstr ""
21168
21169
#: serverguide/C/installation.xml:1087(command)
21170
msgid "sudo pvcreate /dev/sdb"
21171
msgstr ""
21172
21173
#: serverguide/C/installation.xml:1093(para)
21174
msgid "Now extend the Volume Group (VG):"
21175
msgstr ""
21176
21177
#: serverguide/C/installation.xml:1098(command)
21178
msgid "sudo vgextend vg01 /dev/sdb"
21179
msgstr "sudo vgextend vg01 /dev/sdb"
21180
21181
#: serverguide/C/installation.xml:1104(para)
21182
msgid ""
21183
"Use <application>vgdisplay</application> to find out the free physical "
21184
"extents - Free PE / size (the size you can allocate). We will assume a free "
21185
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
21186
"whole free space available. Use your own PE and/or free space."
21187
msgstr ""
21188
21189
#: serverguide/C/installation.xml:1110(para)
21190
msgid ""
21191
"The Logical Volume (LV) can now be extended by different methods, we will "
21192
"only see how to use the PE to extend the LV:"
21193
msgstr ""
21194
21195
#: serverguide/C/installation.xml:1115(command)
21196
msgid "sudo lvextend /dev/vg01/srv -l +511"
21197
msgstr "sudo lvextend /dev/vg01/srv -l +511"
21198
21199
#: serverguide/C/installation.xml:1118(para)
21200
msgid ""
21201
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
21202
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
21203
"Gig, Tera, etc bytes."
21204
msgstr ""
21205
21206
#: serverguide/C/installation.xml:1126(para)
21207
msgid ""
21208
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
21209
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
21210
"pratice to unmount it anyway and check the filesystem, so that you don't "
21211
"mess up the day you want to reduce a logical volume (in that case unmounting "
21212
"first is compulsory)."
21213
msgstr ""
21214
21215
#: serverguide/C/installation.xml:1132(para)
21216
msgid ""
21217
"The following commands are for an <emphasis>EXT3</emphasis> or "
21218
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
21219
"there may be other utilities available."
21220
msgstr ""
21221
21222
#: serverguide/C/installation.xml:1139(command)
21223
msgid "sudo e2fsck -f /dev/vg01/srv"
21224
msgstr "sudo e2fsck -f /dev/vg01/srv"
21225
21226
#: serverguide/C/installation.xml:1142(para)
21227
msgid ""
21228
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
21229
"forces checking even if the system seems clean."
21230
msgstr ""
21231
21232
#: serverguide/C/installation.xml:1149(para)
21233
msgid "Finally, resize the filesystem:"
21234
msgstr ""
21235
21236
#: serverguide/C/installation.xml:1154(command)
21237
msgid "sudo resize2fs /dev/vg01/srv"
21238
msgstr "sudo resize2fs /dev/vg01/srv"
21239
21240
#: serverguide/C/installation.xml:1160(para)
21241
msgid "Now mount the partition and check its size."
21242
msgstr ""
21243
21244
#: serverguide/C/installation.xml:1165(command)
21245
msgid "mount /dev/vg01/srv /srv && df -h /srv"
21246
msgstr "mount /dev/vg01/srv /srv && df -h /srv"
21247
21248
#: serverguide/C/installation.xml:1177(para)
21249
msgid ""
21250
"See the <ulink "
21251
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
21252
"Articles</ulink>."
21253
msgstr ""
21254
21255
#: serverguide/C/installation.xml:1182(para)
21256
msgid ""
21257
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
21258
"HOWTO</ulink> for more information."
21259
msgstr ""
21260
21261
#: serverguide/C/installation.xml:1187(para)
21262
msgid ""
21263
"Another good article is <ulink "
21264
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
21265
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
21266
"linuxdevcenter.com site."
21267
msgstr ""
21268
21269
#: serverguide/C/installation.xml:1194(para)
21270
msgid ""
21271
"For more information on <application>fdisk</application> see the <ulink "
21272
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/fdisk.8.html\">fdisk "
21273
"man page</ulink>."
21274
msgstr ""
21275
21276
#: serverguide/C/file-server.xml:13(title)
21277
msgid "File Servers"
21278
msgstr "Файлавыя сэрверы"
21279
21280
#: serverguide/C/file-server.xml:15(para)
21281
msgid ""
21282
"If you have more than one computer on a single network. At some point you "
21283
"will probably need to share files between them. In this section we cover "
21284
"installing and configuring FTP, NFS, and CUPS."
21285
msgstr ""
21286
21287
#: serverguide/C/file-server.xml:22(title)
21288
msgid "FTP Server"
21289
msgstr "Сэрвер FTP"
21290
21291
#: serverguide/C/file-server.xml:24(para)
21292
msgid ""
21293
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
21294
"files between computers. FTP works on a client/server model. The server "
21295
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
21296
"listens for FTP requests from remote clients. When a request is received, it "
21297
"manages the login and sets up the connection. For the duration of the "
21298
"session it executes any of commands sent by the FTP client."
21299
msgstr ""
21300
21301
#: serverguide/C/file-server.xml:33(para)
21302
msgid "Access to an FTP server can be managed in two ways:"
21303
msgstr ""
21304
21305
#: serverguide/C/file-server.xml:37(para)
21306
msgid "Anonymous"
21307
msgstr ""
21308
21309
#: serverguide/C/file-server.xml:40(para)
21310
msgid "Authenticated"
21311
msgstr ""
21312
21313
#: serverguide/C/file-server.xml:43(para)
21314
msgid ""
21315
"In the Anonymous mode, remote clients can access the FTP server by using the "
21316
"default user account called \"anonymous\" or \"ftp\" and sending an email "
21317
"address as the password. In the Authenticated mode a user must have an "
21318
"account and a password. User access to the FTP server directories and files "
21319
"is dependent on the permissions defined for the account used at login. As a "
21320
"general rule, the FTP daemon will hide the root directory of the FTP server "
21321
"and change it to the FTP Home directory. This hides the rest of the file "
21322
"system from remote sessions."
21323
msgstr ""
21324
21325
#: serverguide/C/file-server.xml:55(title)
21326
msgid "vsftpd - FTP Server Installation"
21327
msgstr "vsftpd - Устаноўка сэрвера FTP"
21328
21329
#: serverguide/C/file-server.xml:57(para)
21330
msgid ""
21331
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
21332
"and maintain. To install <application>vsftpd</application> you can run the "
21333
"following command:"
21334
msgstr ""
21335
21336
#: serverguide/C/file-server.xml:65(command)
21337
msgid "sudo apt-get install vsftpd"
21338
msgstr "sudo apt-get install vsftpd"
21339
21340
#: serverguide/C/file-server.xml:71(title)
21341
msgid "Anonymous FTP Configuration"
21342
msgstr ""
21343
21344
#: serverguide/C/file-server.xml:73(para)
21345
msgid ""
21346
"By default <application>vsftpd</application> is configured to only allow "
21347
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
21348
"created with a home directory of <filename>/home/ftp</filename>. This is the "
21349
"default FTP directory."
21350
msgstr ""
21351
21352
#: serverguide/C/file-server.xml:80(para)
21353
msgid ""
21354
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
21355
"example, simply create a directory in another location and change the "
21356
"<emphasis>ftp</emphasis> user's home directory:"
21357
msgstr ""
21358
21359
#: serverguide/C/file-server.xml:87(command)
21360
msgid "sudo mkdir /srv/ftp"
21361
msgstr "sudo mkdir /srv/ftp"
21362
21363
#: serverguide/C/file-server.xml:88(command)
21364
msgid "sudo usermod -d /srv/ftp ftp"
21365
msgstr "sudo usermod -d /srv/ftp ftp"
21366
21367
#: serverguide/C/file-server.xml:91(para)
21368
msgid "After making the change restart <application>vsftpd</application>:"
21369
msgstr ""
21370
21371
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
21372
msgid "sudo /etc/init.d/vsftpd restart"
21373
msgstr "sudo /etc/init.d/vsftpd restart"
21374
21375
#: serverguide/C/file-server.xml:99(para)
21376
msgid ""
21377
"Finally, copy any files and directories you would like to make available "
21378
"through anonymous FTP to <filename>/srv/ftp</filename>."
21379
msgstr ""
21380
21381
#: serverguide/C/file-server.xml:106(title)
21382
msgid "User Authenticated FTP Configuration"
21383
msgstr ""
21384
21385
#: serverguide/C/file-server.xml:108(para)
21386
msgid ""
21387
"To configure <application>vsftpd</application> to authenticate system users "
21388
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
21389
msgstr ""
21390
21391
#: serverguide/C/file-server.xml:114(programlisting)
21392
#, no-wrap
21393
msgid ""
21394
"\n"
21395
"local_enable=YES\n"
21396
"write_enable=YES\n"
21397
msgstr ""
21398
"\n"
21399
"local_enable=YES\n"
21400
"write_enable=YES\n"
21401
21402
#: serverguide/C/file-server.xml:119(para)
21403
msgid "Now restart <application>vsftpd</application>:"
21404
msgstr "Цяпер перазапусьціце <application>vsftpd</application>:"
21405
21406
#: serverguide/C/file-server.xml:127(para)
21407
msgid ""
21408
"Now when system users login to FTP they will start in their "
21409
"<emphasis>home</emphasis> directories where they can download, upload, "
21410
"create directories, etc."
21411
msgstr ""
21412
21413
#: serverguide/C/file-server.xml:133(para)
21414
msgid ""
21415
"Similarly, by default, the anonymous users are not allowed to upload files "
21416
"to FTP server. To change this setting, you should uncomment the following "
21417
"line, and restart <application>vsftpd</application>:"
21418
msgstr ""
21419
21420
#: serverguide/C/file-server.xml:140(programlisting)
21421
#, no-wrap
21422
msgid ""
21423
"\n"
21424
"anon_upload_enable=YES\n"
21425
msgstr ""
21426
"\n"
21427
"anon_upload_enable=YES\n"
21428
21429
#: serverguide/C/file-server.xml:145(para)
21430
msgid ""
21431
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
21432
"not enable anonymous upload on servers accessed directly from the Internet."
21433
msgstr ""
21434
21435
#: serverguide/C/file-server.xml:151(para)
21436
msgid ""
21437
"The configuration file consists of many configuration parameters. The "
21438
"information about each parameter is available in the configuration file. "
21439
"Alternatively, you can refer to the man page, <command>man 5 "
21440
"vsftpd.conf</command> for details of each parameter."
21441
msgstr ""
21442
21443
#: serverguide/C/file-server.xml:162(title)
21444
msgid "Securing FTP"
21445
msgstr ""
21446
21447
#: serverguide/C/file-server.xml:164(para)
21448
msgid ""
21449
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
21450
"<application>vsftpd</application> more secure. For example users can be "
21451
"limited to their home directories by uncommenting:"
21452
msgstr ""
21453
21454
#: serverguide/C/file-server.xml:170(programlisting)
21455
#, no-wrap
21456
msgid ""
21457
"\n"
21458
"chroot_local_user=YES\n"
21459
msgstr ""
21460
"\n"
21461
"chroot_local_user=YES\n"
21462
21463
#: serverguide/C/file-server.xml:174(para)
21464
msgid ""
21465
"You can also limit a specific list of users to just their home directories:"
21466
msgstr ""
21467
21468
#: serverguide/C/file-server.xml:178(programlisting)
21469
#, no-wrap
21470
msgid ""
21471
"\n"
21472
"chroot_list_enable=YES\n"
21473
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21474
msgstr ""
21475
"\n"
21476
"chroot_list_enable=YES\n"
21477
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21478
21479
#: serverguide/C/file-server.xml:183(para)
21480
msgid ""
21481
"After uncommenting the above options, create a "
21482
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
21483
"per line. Then restart <application>vsftpd</application>:"
21484
msgstr ""
21485
21486
#: serverguide/C/file-server.xml:192(para)
21487
msgid ""
21488
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21489
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21490
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
21491
"add them to the list."
21492
msgstr ""
21493
21494
#: serverguide/C/file-server.xml:199(para)
21495
msgid ""
21496
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21497
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21498
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
21499
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
21500
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21501
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21502
"with a shell may not be ideal for some environments, such as a shared web "
21503
"host."
21504
msgstr ""
21505
21506
#: serverguide/C/file-server.xml:208(para)
21507
msgid ""
21508
"To configure <emphasis>FTPS</emphasis>, edit "
21509
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21510
msgstr ""
21511
21512
#: serverguide/C/file-server.xml:212(programlisting)
21513
#, no-wrap
21514
msgid ""
21515
"\n"
21516
"ssl_enable=Yes\n"
21517
msgstr ""
21518
"\n"
21519
"ssl_enable=Yes\n"
21520
21521
#: serverguide/C/file-server.xml:216(para)
21522
msgid "Also, notice the certificate and key related options:"
21523
msgstr ""
21524
21525
#: serverguide/C/file-server.xml:220(programlisting)
21526
#, no-wrap
21527
msgid ""
21528
"\n"
21529
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
21530
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21531
msgstr ""
21532
"\n"
21533
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
21534
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21535
21536
#: serverguide/C/file-server.xml:225(para)
21537
msgid ""
21538
"By default these options are set the certificate and key provided by the "
21539
"<application>ssl-cert</application> package. In a production environment "
21540
"these should be replaced with a certificate and key generated for the "
21541
"specific host. For more information on certificates see <xref "
21542
"linkend=\"certificates-and-security\"/>."
21543
msgstr ""
21544
21545
#: serverguide/C/file-server.xml:231(para)
21546
msgid ""
21547
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21548
"be forced to use <emphasis>FTPS</emphasis>:"
21549
msgstr ""
21550
21551
#: serverguide/C/file-server.xml:240(para)
21552
msgid ""
21553
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21554
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21555
"adding the <emphasis>nologin</emphasis> shell:"
21556
msgstr ""
21557
21558
#: serverguide/C/file-server.xml:245(programlisting)
21559
#, no-wrap
21560
msgid ""
21561
"\n"
21562
"# /etc/shells: valid login shells\n"
21563
"/bin/csh\n"
21564
"/bin/sh\n"
21565
"/usr/bin/es\n"
21566
"/usr/bin/ksh\n"
21567
"/bin/ksh\n"
21568
"/usr/bin/rc\n"
21569
"/usr/bin/tcsh\n"
21570
"/bin/tcsh\n"
21571
"/usr/bin/esh\n"
21572
"/bin/dash\n"
21573
"/bin/bash\n"
21574
"/bin/rbash\n"
21575
"/usr/bin/screen\n"
21576
"/usr/sbin/nologin\n"
21577
msgstr ""
21578
21579
#: serverguide/C/file-server.xml:263(para)
21580
msgid ""
21581
"This is necessary because, by default <application>vsftpd</application> uses "
21582
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21583
"configuration file contains:"
21584
msgstr ""
21585
21586
#: serverguide/C/file-server.xml:268(programlisting)
21587
#, no-wrap
21588
msgid ""
21589
"\n"
21590
"auth required pam_shells.so\n"
21591
msgstr ""
21592
"\n"
21593
"auth required pam_shells.so\n"
21594
21595
#: serverguide/C/file-server.xml:272(para)
21596
msgid ""
21597
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21598
"in the <filename>/etc/shells</filename> file."
21599
msgstr ""
21600
21601
#: serverguide/C/file-server.xml:277(para)
21602
msgid ""
21603
"Most popular FTP clients can be configured connect using FTPS. The "
21604
"<application>lftp</application> command line FTP client has the ability to "
21605
"use FTPS as well."
21606
msgstr ""
21607
21608
#: serverguide/C/file-server.xml:288(para)
21609
msgid ""
21610
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21611
"website</ulink> for more information."
21612
msgstr ""
21613
21614
#: serverguide/C/file-server.xml:293(para)
21615
msgid ""
21616
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21617
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/vsftpd.conf.5.html\">"
21618
"vsftpd.conf man page</ulink>."
21619
msgstr ""
21620
21621
#: serverguide/C/file-server.xml:299(para)
21622
msgid ""
21623
"The CodeGurus article <ulink "
21624
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21625
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21626
"contrasting FTPS and SFTP."
21627
msgstr ""
21628
21629
#: serverguide/C/file-server.xml:305(para)
21630
msgid ""
21631
"Also, for more information see the <ulink "
21632
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21633
"page."
21634
msgstr ""
21635
21636
#: serverguide/C/file-server.xml:315(title)
21637
msgid "Network File System (NFS)"
21638
msgstr ""
21639
21640
#: serverguide/C/file-server.xml:316(para)
21641
msgid ""
21642
"NFS allows a system to share directories and files with others over a "
21643
"network. By using NFS, users and programs can access files on remote systems "
21644
"almost as if they were local files."
21645
msgstr ""
21646
21647
#: serverguide/C/file-server.xml:322(para)
21648
msgid "Some of the most notable benefits that NFS can provide are:"
21649
msgstr ""
21650
21651
#: serverguide/C/file-server.xml:328(para)
21652
msgid ""
21653
"Local workstations use less disk space because commonly used data can be "
21654
"stored on a single machine and still remain accessible to others over the "
21655
"network."
21656
msgstr ""
21657
21658
#: serverguide/C/file-server.xml:333(para)
21659
msgid ""
21660
"There is no need for users to have separate home directories on every "
21661
"network machine. Home directories could be set up on the NFS server and made "
21662
"available throughout the network."
21663
msgstr ""
21664
21665
#: serverguide/C/file-server.xml:339(para)
21666
msgid ""
21667
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21668
"be used by other machines on the network. This may reduce the number of "
21669
"removable media drives throughout the network."
21670
msgstr ""
21671
21672
#: serverguide/C/file-server.xml:349(para)
21673
msgid ""
21674
"At a terminal prompt enter the following command to install the NFS Server:"
21675
msgstr ""
21676
21677
#: serverguide/C/file-server.xml:355(command)
21678
msgid "sudo apt-get install nfs-kernel-server"
21679
msgstr "sudo apt-get install nfs-kernel-server"
21680
21681
#: serverguide/C/file-server.xml:361(para)
21682
msgid ""
21683
"You can configure the directories to be exported by adding them to the "
21684
"<filename>/etc/exports</filename> file. For example:"
21685
msgstr ""
21686
21687
#: serverguide/C/file-server.xml:366(screen)
21688
#, no-wrap
21689
msgid ""
21690
"\n"
21691
"/ubuntu *(ro,sync,no_root_squash)\n"
21692
"/home *(rw,sync,no_root_squash)\n"
21693
msgstr ""
21694
"\n"
21695
"/ubuntu *(ro,sync,no_root_squash)\n"
21696
"/home *(rw,sync,no_root_squash)\n"
21697
21698
#: serverguide/C/file-server.xml:372(para)
21699
msgid ""
21700
"You can replace * with one of the hostname formats. Make the hostname "
21701
"declaration as specific as possible so unwanted systems cannot access the "
21702
"NFS mount."
21703
msgstr ""
21704
21705
#: serverguide/C/file-server.xml:378(para)
21706
msgid ""
21707
"To start the NFS server, you can run the following command at a terminal "
21708
"prompt:"
21709
msgstr ""
21710
21711
#: serverguide/C/file-server.xml:383(command)
21712
msgid "sudo /etc/init.d/nfs-kernel-server start"
21713
msgstr "sudo /etc/init.d/nfs-kernel-server start"
21714
21715
#: serverguide/C/file-server.xml:388(title)
21716
msgid "NFS Client Configuration"
21717
msgstr ""
21718
21719
#: serverguide/C/file-server.xml:389(para)
21720
msgid ""
21721
"Use the <application>mount</application> command to mount a shared NFS "
21722
"directory from another machine, by typing a command line similar to the "
21723
"following at a terminal prompt:"
21724
msgstr ""
21725
21726
#: serverguide/C/file-server.xml:395(command)
21727
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21728
msgstr "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21729
21730
#: serverguide/C/file-server.xml:399(para)
21731
msgid ""
21732
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21733
"There should be no files or subdirectories in the "
21734
"<filename>/local/ubuntu</filename> directory."
21735
msgstr ""
21736
21737
#: serverguide/C/file-server.xml:406(para)
21738
msgid ""
21739
"An alternate way to mount an NFS share from another machine is to add a line "
21740
"to the <filename>/etc/fstab</filename> file. The line must state the "
21741
"hostname of the NFS server, the directory on the server being exported, and "
21742
"the directory on the local machine where the NFS share is to be mounted."
21743
msgstr ""
21744
21745
#: serverguide/C/file-server.xml:414(para)
21746
msgid ""
21747
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21748
"as follows:"
21749
msgstr ""
21750
21751
#: serverguide/C/file-server.xml:420(programlisting)
21752
#, no-wrap
21753
msgid ""
21754
"\n"
21755
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21756
"rsize=8192,wsize=8192,timeo=14,intr\n"
21757
msgstr ""
21758
"\n"
21759
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21760
"rsize=8192,wsize=8192,timeo=14,intr\n"
21761
21762
#: serverguide/C/file-server.xml:424(para)
21763
msgid ""
21764
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21765
"common</application> package is installed on your client. To install "
21766
"<application>nfs-common</application> enter the following command at the "
21767
"terminal prompt: <screen>\n"
21768
"<command>sudo apt-get install nfs-common</command>\n"
21769
"</screen>"
21770
msgstr ""
21771
21772
#: serverguide/C/file-server.xml:437(ulink)
21773
msgid "Linux NFS faq"
21774
msgstr ""
21775
21776
#: serverguide/C/file-server.xml:439(ulink)
21777
msgid "Ubuntu Wiki NFS Howto"
21778
msgstr ""
21779
21780
#: serverguide/C/file-server.xml:445(title)
21781
msgid "CUPS - Print Server"
21782
msgstr "CUPS - Сэрвер друку"
21783
21784
#: serverguide/C/file-server.xml:446(para)
21785
msgid ""
21786
"The primary mechanism for Ubuntu printing and print services is the "
21787
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21788
"printing system is a freely available, portable printing layer which has "
21789
"become the new standard for printing in most Linux distributions."
21790
msgstr ""
21791
21792
#: serverguide/C/file-server.xml:453(para)
21793
msgid ""
21794
"CUPS manages print jobs and queues and provides network printing using the "
21795
"standard Internet Printing Protocol (IPP), while offering support for a very "
21796
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21797
"also supports PostScript Printer Description (PPD) and auto-detection of "
21798
"network printers, and features a simple web-based configuration and "
21799
"administration tool."
21800
msgstr ""
21801
21802
#: serverguide/C/file-server.xml:463(para)
21803
msgid ""
21804
"To install CUPS on your Ubuntu computer, simply use "
21805
"<application>sudo</application> with the <application>apt-get</application> "
21806
"command and give the packages to install as the first parameter. A complete "
21807
"CUPS install has many package dependencies, but they may all be specified on "
21808
"the same command line. Enter the following at a terminal prompt to install "
21809
"CUPS:"
21810
msgstr ""
21811
21812
#: serverguide/C/file-server.xml:468(command)
21813
msgid "sudo apt-get install cups"
21814
msgstr ""
21815
21816
#: serverguide/C/file-server.xml:471(para)
21817
msgid ""
21818
"Upon authenticating with your user password, the packages should be "
21819
"downloaded and installed without error. Upon the conclusion of installation, "
21820
"the CUPS server will be started automatically."
21821
msgstr ""
21822
21823
#: serverguide/C/file-server.xml:476(para)
21824
msgid ""
21825
"For troubleshooting purposes, you can access CUPS server errors via the "
21826
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21827
"error log does not show enough information to troubleshoot any problems you "
21828
"encounter, the verbosity of the CUPS log can be increased by changing the "
21829
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21830
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21831
"everything, from the default of \"info\". If you make this change, remember "
21832
"to change it back once you've solved your problem, to prevent the log file "
21833
"from becoming overly large."
21834
msgstr ""
21835
21836
#: serverguide/C/file-server.xml:489(para)
21837
msgid ""
21838
"The Common UNIX Printing System server's behavior is configured through the "
21839
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21840
"The CUPS configuration file follows the same syntax as the primary "
21841
"configuration file for the Apache HTTP server, so users familiar with "
21842
"editing Apache's configuration file should feel at ease when editing the "
21843
"CUPS configuration file. Some examples of settings you may wish to change "
21844
"initially will be presented here."
21845
msgstr ""
21846
21847
#: serverguide/C/file-server.xml:499(para)
21848
msgid ""
21849
"Prior to editing the configuration file, you should make a copy of the "
21850
"original file and protect it from writing, so you will have the original "
21851
"settings as a reference, and to reuse as necessary."
21852
msgstr ""
21853
21854
#: serverguide/C/file-server.xml:503(para)
21855
msgid ""
21856
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21857
"writing with the following commands, issued at a terminal prompt:"
21858
msgstr ""
21859
21860
#: serverguide/C/file-server.xml:509(command)
21861
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21862
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21863
21864
#: serverguide/C/file-server.xml:510(command)
21865
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21866
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
21867
21868
#: serverguide/C/file-server.xml:515(para)
21869
msgid ""
21870
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21871
"address of the designated administrator of the CUPS server, simply edit the "
21872
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21873
"preferred text editor, and add or modify the <emphasis "
21874
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21875
"you are the Administrator for the CUPS server, and your e-mail address is "
21876
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21877
"as such:"
21878
msgstr ""
21879
21880
#: serverguide/C/file-server.xml:526(screen)
21881
#, no-wrap
21882
msgid ""
21883
"\n"
21884
"ServerAdmin bjoy@somebigco.com\n"
21885
msgstr ""
21886
21887
#: serverguide/C/file-server.xml:532(para)
21888
msgid ""
21889
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21890
"server installation listens only on the loopback interface at IP address "
21891
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21892
"listen on an actual network adapter's IP address, you must specify either a "
21893
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21894
"addition of a Listen directive. For example, if your CUPS server resides on "
21895
"a local network at the IP address <emphasis "
21896
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21897
"accessible to the other systems on this subnetwork, you would edit the "
21898
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21899
"such:"
21900
msgstr ""
21901
21902
#: serverguide/C/file-server.xml:546(screen)
21903
#, no-wrap
21904
msgid ""
21905
"\n"
21906
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21907
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21908
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21909
"(IPP)\n"
21910
msgstr ""
21911
21912
#: serverguide/C/file-server.xml:552(para)
21913
msgid ""
21914
"In the example above, you may comment out or remove the reference to the "
21915
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21916
"</application> to listen on that interface, but would rather have it only "
21917
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21918
"listening for all network interfaces for which a certain hostname is bound, "
21919
"including the Loopback, you could create a Listen entry for the hostname "
21920
"<emphasis>socrates</emphasis> as such:"
21921
msgstr ""
21922
21923
#: serverguide/C/file-server.xml:562(screen)
21924
#, no-wrap
21925
msgid ""
21926
"\n"
21927
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21928
msgstr ""
21929
21930
#: serverguide/C/file-server.xml:566(para)
21931
msgid ""
21932
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21933
"instead, as in:"
21934
msgstr ""
21935
21936
#: serverguide/C/file-server.xml:568(screen)
21937
#, no-wrap
21938
msgid ""
21939
"\n"
21940
"Port 631 # Listen on port 631 on all interfaces\n"
21941
msgstr ""
21942
21943
#: serverguide/C/file-server.xml:575(para)
21944
msgid ""
21945
"For more examples of configuration directives in the CUPS server "
21946
"configuration file, view the associated system manual page by entering the "
21947
"following command at a terminal prompt:"
21948
msgstr ""
21949
21950
#: serverguide/C/file-server.xml:582(command)
21951
msgid "man cupsd.conf"
21952
msgstr "man cupsd.conf"
21953
21954
#: serverguide/C/file-server.xml:586(para)
21955
msgid ""
21956
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21957
"configuration file, you'll need to restart the CUPS server by typing the "
21958
"following command at a terminal prompt:"
21959
msgstr ""
21960
21961
#: serverguide/C/file-server.xml:592(command)
21962
msgid "sudo /etc/init.d/cups restart"
21963
msgstr ""
21964
21965
#: serverguide/C/file-server.xml:598(title)
21966
msgid "Web Interface"
21967
msgstr ""
21968
21969
#: serverguide/C/file-server.xml:600(para)
21970
msgid ""
21971
"CUPS can be configured and monitored using a web interface, which by default "
21972
"is available at <ulink "
21973
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
21974
"web interface can be used to perform all printer management tasks."
21975
msgstr ""
21976
21977
#: serverguide/C/file-server.xml:604(para)
21978
msgid ""
21979
"In order to perform administrative tasks via the web interface, you must "
21980
"either have the root account enabled on your server, or authenticate as a "
21981
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
21982
"reasons, CUPS won't authenticate a user that doesn't have a password."
21983
msgstr ""
21984
21985
#: serverguide/C/file-server.xml:607(para)
21986
msgid ""
21987
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21988
"at the terminal prompt: <screen>\n"
21989
"<command>sudo usermod -aG lpadmin username</command>\n"
21990
"</screen>"
21991
msgstr ""
21992
21993
#: serverguide/C/file-server.xml:613(para)
21994
msgid ""
21995
"Further documentation is available in the <emphasis "
21996
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21997
msgstr ""
21998
21999
#: serverguide/C/file-server.xml:621(ulink)
22000
msgid "CUPS Website"
22001
msgstr "Вэб-старонка CUPS"
22002
22003
#: serverguide/C/file-server.xml:624(ulink)
22004
msgid "Ubuntu Wiki CUPS page"
22005
msgstr ""
22006
22007
#: serverguide/C/dns.xml:13(title)
22008
msgid "Domain Name Service (DNS)"
22009
msgstr ""
22010
22011
#: serverguide/C/dns.xml:14(para)
22012
msgid ""
22013
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
22014
"fully qualified domain names (FQDN) to one another. In this way, DNS "
22015
"alleviates the need to remember IP addresses. Computers that run DNS are "
22016
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
22017
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
22018
"common program used for maintaining a name server on Linux."
22019
msgstr ""
22020
22021
#: serverguide/C/dns.xml:24(para)
22022
msgid ""
22023
"At a terminal prompt, enter the following command to install "
22024
"<application>dns</application>:"
22025
msgstr ""
22026
22027
#: serverguide/C/dns.xml:28(command)
22028
msgid "sudo apt-get install bind9"
22029
msgstr "sudo apt-get install bind9"
22030
22031
#: serverguide/C/dns.xml:30(para)
22032
msgid ""
22033
"A very useful package for testing and troubleshooting DNS issues is the "
22034
"dnsutils package. To install <application>dnsutils</application> enter the "
22035
"following:"
22036
msgstr ""
22037
22038
#: serverguide/C/dns.xml:35(command)
22039
msgid "sudo apt-get install dnsutils"
22040
msgstr "sudo apt-get install dnsutils"
22041
22042
#: serverguide/C/dns.xml:40(para)
22043
msgid ""
22044
"There a many ways to configure <application>BIND9</application>. Some of the "
22045
"most common configurations are a caching nameserver, primary master, and a "
22046
"as a secondary master."
22047
msgstr ""
22048
22049
#: serverguide/C/dns.xml:46(para)
22050
msgid ""
22051
"When configured as a caching nameserver BIND9 will find the answer to name "
22052
"queries and remember the answer when the domain is queried again."
22053
msgstr ""
22054
22055
#: serverguide/C/dns.xml:52(para)
22056
msgid ""
22057
"As a primary master server BIND9 reads the data for a zone from a file on "
22058
"it's host and is authoritative for that zone."
22059
msgstr ""
22060
22061
#: serverguide/C/dns.xml:57(para)
22062
msgid ""
22063
"In a secondary master configuration BIND9 gets the zone data from another "
22064
"nameserver authoritative for the zone."
22065
msgstr ""
22066
22067
#: serverguide/C/dns.xml:65(para)
22068
msgid ""
22069
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
22070
"directory. The primary configuration file is "
22071
"<filename>/etc/bind/named.conf</filename>."
22072
msgstr ""
22073
22074
#: serverguide/C/dns.xml:72(para)
22075
msgid ""
22076
"The <emphasis>include</emphasis> line specifies the filename which contains "
22077
"the DNS options. The <emphasis>directory</emphasis> line in the "
22078
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
22079
"look for files. All files BIND uses will be relative to this directory."
22080
msgstr ""
22081
22082
#: serverguide/C/dns.xml:80(para)
22083
msgid ""
22084
"The file named <filename>/etc/bind/db.root</filename> describes the root "
22085
"nameservers in the world. The servers change over time, so the "
22086
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
22087
"This is usually done as updates to the <application>bind9</application> "
22088
"package. The <emphasis>zone</emphasis> section defines a master server, and "
22089
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
22090
msgstr ""
22091
22092
#: serverguide/C/dns.xml:90(para)
22093
msgid ""
22094
"It is possible to configure the same server to be a caching name server, "
22095
"primary master, and secondary master. A server can be the Start of Authority "
22096
"(SOA) for one zone, while providing secondary service for another zone. All "
22097
"the while providing caching services for hosts on the local LAN."
22098
msgstr ""
22099
22100
#: serverguide/C/dns.xml:98(title)
22101
msgid "Caching Nameserver"
22102
msgstr ""
22103
22104
#: serverguide/C/dns.xml:99(para)
22105
msgid ""
22106
"The default configuration is setup to act as a caching server. All that is "
22107
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
22108
"uncomment and edit the following in "
22109
"<filename>/etc/bind/named.conf.options</filename>:"
22110
msgstr ""
22111
22112
#: serverguide/C/dns.xml:103(programlisting)
22113
#, no-wrap
22114
msgid ""
22115
"\n"
22116
"forwarders {\n"
22117
" 1.2.3.4;\n"
22118
" 5.6.7.8;\n"
22119
" };\n"
22120
msgstr ""
22121
"\n"
22122
"forwarders {\n"
22123
" 1.2.3.4;\n"
22124
" 5.6.7.8;\n"
22125
" };\n"
22126
22127
#: serverguide/C/dns.xml:110(para)
22128
msgid ""
22129
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
22130
"the IP Adresses of actual nameservers."
22131
msgstr ""
22132
22133
#: serverguide/C/dns.xml:114(para)
22134
msgid ""
22135
"Now restart the DNS server, to enable the new configuration. From a terminal "
22136
"prompt:"
22137
msgstr ""
22138
22139
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
22140
msgid "sudo /etc/init.d/bind9 restart"
22141
msgstr "sudo /etc/init.d/bind9 restart"
22142
22143
#: serverguide/C/dns.xml:120(para)
22144
msgid ""
22145
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
22146
"DNS server."
22147
msgstr ""
22148
22149
#: serverguide/C/dns.xml:125(title)
22150
msgid "Primary Master"
22151
msgstr ""
22152
22153
#: serverguide/C/dns.xml:126(para)
22154
msgid ""
22155
"In this section <application>BIND9</application> will be configured as the "
22156
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
22157
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
22158
"(Fully Qualified Domain Name)."
22159
msgstr ""
22160
22161
#: serverguide/C/dns.xml:132(title)
22162
msgid "Forward Zone File"
22163
msgstr ""
22164
22165
#: serverguide/C/dns.xml:133(para)
22166
msgid ""
22167
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
22168
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
22169
msgstr ""
22170
22171
#: serverguide/C/dns.xml:137(programlisting)
22172
#, no-wrap
22173
msgid ""
22174
"\n"
22175
"zone \"example.com\" {\n"
22176
"\ttype master;\n"
22177
" file \"/etc/bind/db.example.com\";\n"
22178
"};\n"
22179
msgstr ""
22180
"\n"
22181
"zone \"example.com\" {\n"
22182
"\ttype master;\n"
22183
" file \"/etc/bind/db.example.com\";\n"
22184
"};\n"
22185
22186
#: serverguide/C/dns.xml:143(para)
22187
msgid ""
22188
"Now use an existing zone file as a template to create the "
22189
"<filename>/etc/bind/db.example.com</filename> file:"
22190
msgstr ""
22191
22192
#: serverguide/C/dns.xml:147(command)
22193
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
22194
msgstr "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
22195
22196
#: serverguide/C/dns.xml:149(para)
22197
msgid ""
22198
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
22199
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
22200
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
22201
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
22202
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
22203
"leaving the \".\" at the end."
22204
msgstr ""
22205
22206
#: serverguide/C/dns.xml:155(para)
22207
msgid ""
22208
"Also, create an <emphasis>A record</emphasis> for <emphasis "
22209
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
22210
msgstr ""
22211
22212
#: serverguide/C/dns.xml:159(programlisting)
22213
#, no-wrap
22214
msgid ""
22215
"\n"
22216
";\n"
22217
"; BIND data file for local loopback interface\n"
22218
";\n"
22219
"$TTL 604800\n"
22220
"@ IN SOA ns.example.com. root.example.com. (\n"
22221
" 2 ; Serial\n"
22222
" 604800 ; Refresh\n"
22223
" 86400 ; Retry\n"
22224
" 2419200 ; Expire\n"
22225
" 604800 ) ; Negative Cache TTL\n"
22226
";\n"
22227
"@ IN NS ns.example.com.\n"
22228
"@ IN A 127.0.0.1\n"
22229
"@ IN AAAA ::1\n"
22230
"ns IN A 192.168.1.10\n"
22231
msgstr ""
22232
22233
#: serverguide/C/dns.xml:176(para)
22234
msgid ""
22235
"You must increment the <emphasis>Serial Number</emphasis> every time you "
22236
"make changes to the zone file. If you make multiple changes before "
22237
"restarting BIND9, simply increment the Serial once."
22238
msgstr ""
22239
22240
#: serverguide/C/dns.xml:180(para)
22241
msgid ""
22242
"Now, you can add DNS records to the bottom of the zone file. See <xref "
22243
"linkend=\"dns-record-types\"/> for details."
22244
msgstr ""
22245
22246
#: serverguide/C/dns.xml:184(para)
22247
msgid ""
22248
"Many admins like to use the last date edited as the serial of a zone, such "
22249
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
22250
"<emphasis>ss</emphasis> is the Serial Number)"
22251
msgstr ""
22252
22253
#: serverguide/C/dns.xml:189(para)
22254
msgid ""
22255
"Once you have made a change to the zone file "
22256
"<application>BIND9</application> will need to be restarted for the changes "
22257
"to take effect:"
22258
msgstr ""
22259
22260
#: serverguide/C/dns.xml:198(title)
22261
msgid "Reverse Zone File"
22262
msgstr ""
22263
22264
#: serverguide/C/dns.xml:199(para)
22265
msgid ""
22266
"Now that the zone is setup and resolving names to IP Adresses a "
22267
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
22268
"DNS to resolve an address to a name."
22269
msgstr ""
22270
22271
#: serverguide/C/dns.xml:203(para)
22272
msgid "Edit /etc/bind/named.conf.local and add the following:"
22273
msgstr ""
22274
22275
#: serverguide/C/dns.xml:206(programlisting)
22276
#, no-wrap
22277
msgid ""
22278
"\n"
22279
"zone \"1.168.192.in-addr.arpa\" {\n"
22280
" type master;\n"
22281
" notify no;\n"
22282
" file \"/etc/bind/db.192\";\n"
22283
"};\n"
22284
msgstr ""
22285
"\n"
22286
"zone \"1.168.192.in-addr.arpa\" {\n"
22287
" type master;\n"
22288
" notify no;\n"
22289
" file \"/etc/bind/db.192\";\n"
22290
"};\n"
22291
22292
#: serverguide/C/dns.xml:214(para)
22293
msgid ""
22294
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
22295
"whatever network you are using. Also, name the zone file "
22296
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
22297
"first octet of your network."
22298
msgstr ""
22299
22300
#: serverguide/C/dns.xml:219(para)
22301
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
22302
msgstr "Цяпер стварыце файл <filename>/etc/bind/db.192</filename>:"
22303
22304
#: serverguide/C/dns.xml:223(command)
22305
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
22306
msgstr "sudo cp /etc/bind/db.127 /etc/bind/db.192"
22307
22308
#: serverguide/C/dns.xml:225(para)
22309
msgid ""
22310
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
22311
"same options as <filename>/etc/bind/db.example.com</filename>:"
22312
msgstr ""
22313
22314
#: serverguide/C/dns.xml:229(programlisting)
22315
#, no-wrap
22316
msgid ""
22317
"\n"
22318
";\n"
22319
"; BIND reverse data file for local loopback interface\n"
22320
";\n"
22321
"$TTL 604800\n"
22322
"@ IN SOA ns.example.com. root.example.com. (\n"
22323
" 2 ; Serial\n"
22324
" 604800 ; Refresh\n"
22325
" 86400 ; Retry\n"
22326
" 2419200 ; Expire\n"
22327
" 604800 ) ; Negative Cache TTL\n"
22328
";\n"
22329
"@ IN NS ns.\n"
22330
"10 IN PTR ns.example.com.\n"
22331
msgstr ""
22332
22333
#: serverguide/C/dns.xml:244(para)
22334
msgid ""
22335
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
22336
"incremented on each changes as well. For each <emphasis>A record</emphasis> "
22337
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
22338
"create a <emphasis>PTR record</emphasis> in "
22339
"<filename>/etc/bind/db.192</filename>."
22340
msgstr ""
22341
22342
#: serverguide/C/dns.xml:249(para)
22343
msgid ""
22344
"After creating the reverse zone file restart "
22345
"<application>BIND9</application>:"
22346
msgstr ""
22347
22348
#: serverguide/C/dns.xml:258(title)
22349
msgid "Secondary Master"
22350
msgstr ""
22351
22352
#: serverguide/C/dns.xml:259(para)
22353
msgid ""
22354
"Once a <emphasis>Primary Master</emphasis> has been configured a "
22355
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
22356
"availability of the domain should the Primary become unavailable."
22357
msgstr ""
22358
22359
#: serverguide/C/dns.xml:263(para)
22360
msgid ""
22361
"First, on the Primary Master server, the zone transfer needs to be allowed. "
22362
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
22363
"and Reverse zone definitions in "
22364
"<filename>/etc/bind/named.conf.local</filename>:"
22365
msgstr ""
22366
22367
#: serverguide/C/dns.xml:267(programlisting)
22368
#, no-wrap
22369
msgid ""
22370
"\n"
22371
"zone \"example.com\" {\n"
22372
" type master;\n"
22373
"\tfile \"/etc/bind/db.example.com\";\n"
22374
" allow-transfer { 192.168.1.11; };\n"
22375
"};\n"
22376
"\n"
22377
"zone \"1.168.192.in-addr.arpa\" {\n"
22378
" type master;\n"
22379
" notify no;\n"
22380
" file \"/etc/bind/db.192\";\n"
22381
"\tallow-transfer { 192.168.1.11; };\n"
22382
"};\n"
22383
msgstr ""
22384
22385
#: serverguide/C/dns.xml:282(para)
22386
msgid ""
22387
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
22388
"Secondary nameserver."
22389
msgstr ""
22390
22391
#: serverguide/C/dns.xml:286(para)
22392
msgid ""
22393
"Next, on the Secondary Master, install the <application>bind9</application> "
22394
"package the same way as on the Primary. Then edit the "
22395
"<filename>/etc/bind/named.conf.local</filename> and add the following "
22396
"declarations for the Forward and Reverse zones:"
22397
msgstr ""
22398
22399
#: serverguide/C/dns.xml:290(programlisting)
22400
#, no-wrap
22401
msgid ""
22402
"\n"
22403
"zone \"example.com\" {\n"
22404
"\ttype slave;\n"
22405
" file \"/var/cache/bind/db.example.com\";\n"
22406
" masters { 192.168.1.10; };\n"
22407
"}; \n"
22408
" \n"
22409
"zone \"1.168.192.in-addr.arpa\" {\n"
22410
"\ttype slave;\n"
22411
" file \"/var/cache/bind/db.192\";\n"
22412
" masters { 192.168.1.10; };\n"
22413
"};\n"
22414
msgstr ""
22415
22416
#: serverguide/C/dns.xml:304(para)
22417
msgid ""
22418
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
22419
"Primary nameserver."
22420
msgstr ""
22421
22422
#: serverguide/C/dns.xml:308(para)
22423
msgid "Restart <application>BIND9</application> on the Secondary Master:"
22424
msgstr ""
22425
22426
#: serverguide/C/dns.xml:314(para)
22427
msgid ""
22428
"In <filename>/var/log/syslog</filename> you should see something similar to:"
22429
msgstr ""
22430
22431
#: serverguide/C/dns.xml:317(programlisting)
22432
#, no-wrap
22433
msgid ""
22434
"\n"
22435
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
22436
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
22437
msgstr ""
22438
22439
#: serverguide/C/dns.xml:322(para)
22440
msgid ""
22441
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
22442
"on the Primary is larger than the one on the Secondary."
22443
msgstr ""
22444
22445
#: serverguide/C/dns.xml:328(para)
22446
msgid ""
22447
"The default directory for non-authoritative zone files is "
22448
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
22449
"<application>AppArmor</application> to allow the "
22450
"<application>named</application> daemon to write to. For more information on "
22451
"AppArmor see <xref linkend=\"apparmor\"/>."
22452
msgstr ""
22453
22454
#: serverguide/C/dns.xml:339(para)
22455
msgid ""
22456
"This section covers ways to help determine the cause when problems happen "
22457
"with DNS and <application>BIND9</application>."
22458
msgstr ""
22459
22460
#: serverguide/C/dns.xml:345(title)
22461
msgid "resolv.conf"
22462
msgstr "resolv.conf"
22463
22464
#: serverguide/C/dns.xml:346(para)
22465
msgid ""
22466
"The first step in testing <application>BIND9</application> is to add the "
22467
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
22468
"be configured as well as another host to double check things. Simply edit "
22469
"<filename>/etc/resolv.conf</filename> and add the following:"
22470
msgstr ""
22471
22472
#: serverguide/C/dns.xml:351(programlisting)
22473
#, no-wrap
22474
msgid ""
22475
"\n"
22476
"nameserver\t192.168.1.10\n"
22477
"nameserver\t192.168.1.11\n"
22478
msgstr ""
22479
"\n"
22480
"nameserver\t192.168.1.10\n"
22481
"nameserver\t192.168.1.11\n"
22482
22483
#: serverguide/C/dns.xml:356(para)
22484
msgid ""
22485
"You should also add the IP Address of the Secondary nameserver in case the "
22486
"Primary becomes unavailable."
22487
msgstr ""
22488
22489
#: serverguide/C/dns.xml:362(title)
22490
msgid "dig"
22491
msgstr "dig"
22492
22493
#: serverguide/C/dns.xml:363(para)
22494
msgid ""
22495
"If you installed the <application>dnsutils</application> package you can "
22496
"test your setup using the DNS lookup utility <application>dig</application>:"
22497
msgstr ""
22498
22499
#: serverguide/C/dns.xml:369(para)
22500
msgid ""
22501
"After installing <application>BIND9</application> use "
22502
"<application>dig</application> against the loopback interface to make sure "
22503
"it is listening on port 53. From a terminal prompt:"
22504
msgstr ""
22505
22506
#: serverguide/C/dns.xml:374(command)
22507
msgid "dig -x 127.0.0.1"
22508
msgstr "dig -x 127.0.0.1"
22509
22510
#: serverguide/C/dns.xml:376(para)
22511
msgid "You should see lines similar to the following in the command output:"
22512
msgstr ""
22513
22514
#: serverguide/C/dns.xml:379(programlisting)
22515
#, no-wrap
22516
msgid ""
22517
"\n"
22518
";; Query time: 1 msec\n"
22519
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22520
msgstr ""
22521
22522
#: serverguide/C/dns.xml:385(para)
22523
msgid ""
22524
"If you have configured <application>BIND9</application> as a "
22525
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22526
"the query time:"
22527
msgstr ""
22528
22529
#: serverguide/C/dns.xml:390(command)
22530
msgid "dig ubuntu.com"
22531
msgstr "dig ubuntu.com"
22532
22533
#: serverguide/C/dns.xml:392(para)
22534
msgid "Note the query time toward the end of the command output:"
22535
msgstr ""
22536
22537
#: serverguide/C/dns.xml:395(programlisting)
22538
#, no-wrap
22539
msgid ""
22540
"\n"
22541
";; Query time: 49 msec\n"
22542
msgstr ""
22543
22544
#: serverguide/C/dns.xml:398(para)
22545
msgid "After a second dig there should be improvement:"
22546
msgstr ""
22547
22548
#: serverguide/C/dns.xml:401(programlisting)
22549
#, no-wrap
22550
msgid ""
22551
"\n"
22552
";; Query time: 1 msec\n"
22553
msgstr ""
22554
22555
#: serverguide/C/dns.xml:408(title)
22556
msgid "ping"
22557
msgstr "ping"
22558
22559
#: serverguide/C/dns.xml:410(para)
22560
msgid ""
22561
"Now to demonstrate how applications make use of DNS to resolve a host name "
22562
"use the <application>ping</application> utility to send an ICMP echo "
22563
"request. From a terminal prompt enter:"
22564
msgstr ""
22565
22566
#: serverguide/C/dns.xml:416(command)
22567
msgid "ping example.com"
22568
msgstr "ping example.com"
22569
22570
#: serverguide/C/dns.xml:418(para)
22571
msgid ""
22572
"This tests if the nameserver can resolve the name "
22573
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22574
"should resemble:"
22575
msgstr ""
22576
22577
#: serverguide/C/dns.xml:422(programlisting)
22578
#, no-wrap
22579
msgid ""
22580
"\n"
22581
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22582
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22583
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22584
msgstr ""
22585
"\n"
22586
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22587
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22588
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22589
22590
#: serverguide/C/dns.xml:429(title)
22591
msgid "named-checkzone"
22592
msgstr "named-checkzone"
22593
22594
#: serverguide/C/dns.xml:430(para)
22595
msgid ""
22596
"A great way to test your zone files is by using the <application>named-"
22597
"checkzone</application> utility installed with the "
22598
"<application>bind9</application> package. This utility allows you to make "
22599
"sure the configuration is correct before restarting "
22600
"<application>BIND9</application> and making the changes live."
22601
msgstr ""
22602
22603
#: serverguide/C/dns.xml:437(para)
22604
msgid ""
22605
"To test our example Forward zone file enter the following from a command "
22606
"prompt:"
22607
msgstr ""
22608
22609
#: serverguide/C/dns.xml:441(command)
22610
msgid "named-checkzone example.com /etc/bind/db.example.com"
22611
msgstr ""
22612
22613
#: serverguide/C/dns.xml:443(para)
22614
msgid ""
22615
"If everything is configured correctly you should see output similar to:"
22616
msgstr ""
22617
22618
#: serverguide/C/dns.xml:446(programlisting)
22619
#, no-wrap
22620
msgid ""
22621
"\n"
22622
"zone example.com/IN: loaded serial 6\n"
22623
"OK\n"
22624
msgstr ""
22625
22626
#: serverguide/C/dns.xml:452(para)
22627
msgid "Similarly, to test the Reverse zone file enter the following:"
22628
msgstr ""
22629
22630
#: serverguide/C/dns.xml:456(command)
22631
msgid "named-checkzone example.com /etc/bind/db.192"
22632
msgstr "named-checkzone example.com /etc/bind/db.192"
22633
22634
#: serverguide/C/dns.xml:458(para)
22635
msgid "The output should be similar to:"
22636
msgstr ""
22637
22638
#: serverguide/C/dns.xml:461(programlisting)
22639
#, no-wrap
22640
msgid ""
22641
"\n"
22642
"zone example.com/IN: loaded serial 3\n"
22643
"OK\n"
22644
msgstr ""
22645
22646
#: serverguide/C/dns.xml:468(para)
22647
msgid ""
22648
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22649
"different."
22650
msgstr ""
22651
22652
#: serverguide/C/dns.xml:475(title)
22653
msgid "Logging"
22654
msgstr ""
22655
22656
#: serverguide/C/dns.xml:476(para)
22657
msgid ""
22658
"<application>BIND9</application> has a wide variety of logging configuration "
22659
"options available. There are two main options. The "
22660
"<emphasis>channel</emphasis> option configures where logs go, and the "
22661
"<emphasis>category</emphasis> option determines what information to log."
22662
msgstr ""
22663
22664
#: serverguide/C/dns.xml:480(para)
22665
msgid "If no logging option is configured the default option is:"
22666
msgstr ""
22667
22668
#: serverguide/C/dns.xml:483(programlisting)
22669
#, no-wrap
22670
msgid ""
22671
"\n"
22672
"logging {\n"
22673
" category default { default_syslog; default_debug; };\n"
22674
" category unmatched { null; };\n"
22675
"};\n"
22676
msgstr ""
22677
"\n"
22678
"logging {\n"
22679
" category default { default_syslog; default_debug; };\n"
22680
" category unmatched { null; };\n"
22681
"};\n"
22682
22683
#: serverguide/C/dns.xml:489(para)
22684
msgid ""
22685
"This section covers configuring <application>BIND9</application> to send "
22686
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22687
"file."
22688
msgstr ""
22689
22690
#: serverguide/C/dns.xml:494(para)
22691
msgid ""
22692
"First, we need to configure a channel to specify which file to send the "
22693
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22694
"the following:"
22695
msgstr ""
22696
22697
#: serverguide/C/dns.xml:498(programlisting)
22698
#, no-wrap
22699
msgid ""
22700
"\n"
22701
"logging {\n"
22702
" channel query.log { \n"
22703
" file \"/var/log/query.log\";\n"
22704
" severity debug 3; \n"
22705
" }; \n"
22706
"};\n"
22707
msgstr ""
22708
"\n"
22709
"logging {\n"
22710
" channel query.log { \n"
22711
" file \"/var/log/query.log\";\n"
22712
" severity debug 3; \n"
22713
" }; \n"
22714
"};\n"
22715
22716
#: serverguide/C/dns.xml:508(para)
22717
msgid "Next, configure a category to send all DNS queries to the query file:"
22718
msgstr ""
22719
22720
#: serverguide/C/dns.xml:511(programlisting)
22721
#, no-wrap
22722
msgid ""
22723
"\n"
22724
"logging {\n"
22725
" channel query.log { \n"
22726
" file \"/var/log/query.log\"; \n"
22727
" severity debug 3; \n"
22728
" }; \n"
22729
" <emphasis>category queries { query.log; };</emphasis> \n"
22730
"};\n"
22731
msgstr ""
22732
"\n"
22733
"logging {\n"
22734
" channel query.log { \n"
22735
" file \"/var/log/query.log\"; \n"
22736
" severity debug 3; \n"
22737
" }; \n"
22738
" <emphasis>category queries { query.log; };</emphasis> \n"
22739
"};\n"
22740
22741
#: serverguide/C/dns.xml:523(para)
22742
msgid ""
22743
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22744
"level isn't specified level 1 is the default."
22745
msgstr ""
22746
22747
#: serverguide/C/dns.xml:529(para)
22748
msgid ""
22749
"Since the <emphasis>named daemon</emphasis> runs as the "
22750
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22751
"file must be created and the ownership changed:"
22752
msgstr ""
22753
22754
#: serverguide/C/dns.xml:534(command)
22755
msgid "sudo touch /var/log/query.log"
22756
msgstr "sudo touch /var/log/query.log"
22757
22758
#: serverguide/C/dns.xml:535(command)
22759
msgid "sudo chown bind /var/log/query.log"
22760
msgstr "sudo chown bind /var/log/query.log"
22761
22762
#: serverguide/C/dns.xml:539(para)
22763
msgid ""
22764
"Before <application>named</application> daemon can write to the new log file "
22765
"the <application>AppArmor</application> profile must be updated. First, edit "
22766
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22767
msgstr ""
22768
22769
#: serverguide/C/dns.xml:543(programlisting)
22770
#, no-wrap
22771
msgid ""
22772
"\n"
22773
"/var/log/query.log w,\n"
22774
msgstr ""
22775
"\n"
22776
"/var/log/query.log w,\n"
22777
22778
#: serverguide/C/dns.xml:546(para)
22779
msgid "Next, reload the profile:"
22780
msgstr "Далей перазапусьціце профіль:"
22781
22782
#: serverguide/C/dns.xml:550(command)
22783
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22784
msgstr "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22785
22786
#: serverguide/C/dns.xml:552(para)
22787
msgid ""
22788
"For more information on <application>AppArmor</application> see <xref "
22789
"linkend=\"apparmor\"/>"
22790
msgstr ""
22791
"Каб пабачыць боль зьвестак па <application>AppArmor</application> глядзіце "
22792
"<xref linkend=\"apparmor\"/>"
22793
22794
#: serverguide/C/dns.xml:557(para)
22795
msgid ""
22796
"Now restart <application>BIND9</application> for the changes to take effect:"
22797
msgstr ""
22798
"Цяпер перазапусьціце <application>BIND9</application> каб ужыць зьмены:"
22799
22800
#: serverguide/C/dns.xml:565(para)
22801
msgid ""
22802
"You should see the file <filename>/var/log/query.log</filename> fill with "
22803
"query information. This is a simple example of the "
22804
"<application>BIND9</application> logging options. For coverage of advanced "
22805
"options see <xref linkend=\"dns-more-info\"/>."
22806
msgstr ""
22807
22808
#: serverguide/C/dns.xml:574(title)
22809
msgid "Common Record Types"
22810
msgstr ""
22811
22812
#: serverguide/C/dns.xml:575(para)
22813
msgid "This section covers some of the most common DNS record types."
22814
msgstr ""
22815
22816
#: serverguide/C/dns.xml:580(para)
22817
msgid ""
22818
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22819
msgstr ""
22820
22821
#: serverguide/C/dns.xml:583(programlisting)
22822
#, no-wrap
22823
msgid ""
22824
"\n"
22825
"www IN A 192.168.1.12\n"
22826
msgstr ""
22827
"\n"
22828
"www IN A 192.168.1.12\n"
22829
22830
#: serverguide/C/dns.xml:588(para)
22831
msgid ""
22832
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22833
"record. You cannot create a CNAME record pointing to another CNAME record."
22834
msgstr ""
22835
22836
#: serverguide/C/dns.xml:591(programlisting)
22837
#, no-wrap
22838
msgid ""
22839
"\n"
22840
"web IN CNAME www\n"
22841
msgstr ""
22842
"\n"
22843
"web IN CNAME www\n"
22844
22845
#: serverguide/C/dns.xml:596(para)
22846
msgid ""
22847
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22848
"to. Must point to an A record, not a CNAME."
22849
msgstr ""
22850
22851
#: serverguide/C/dns.xml:599(programlisting)
22852
#, no-wrap
22853
msgid ""
22854
"\n"
22855
" IN MX 1 mail.example.com.\n"
22856
"mail IN A 192.168.1.13\n"
22857
msgstr ""
22858
22859
#: serverguide/C/dns.xml:605(para)
22860
msgid ""
22861
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22862
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22863
"Secondary servers are defined."
22864
msgstr ""
22865
22866
#: serverguide/C/dns.xml:609(programlisting)
22867
#, no-wrap
22868
msgid ""
22869
"\n"
22870
" IN NS ns.example.com.\n"
22871
"\tIN NS ns2.example.com.\n"
22872
"ns IN A 192.168.1.10\n"
22873
"ns2\tIN A\t 192.168.1.11\n"
22874
msgstr ""
22875
"\n"
22876
" IN NS ns.example.com.\n"
22877
"\tIN NS ns2.example.com.\n"
22878
"ns IN A 192.168.1.10\n"
22879
"ns2\tIN A\t 192.168.1.11\n"
22880
22881
#: serverguide/C/dns.xml:622(para)
22882
msgid ""
22883
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22884
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22885
msgstr ""
22886
22887
#: serverguide/C/dns.xml:627(para)
22888
msgid ""
22889
"For in depth coverage of <emphasis>DNS</emphasis> and "
22890
"<application>BIND9</application> see <ulink "
22891
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22892
msgstr ""
22893
22894
#: serverguide/C/dns.xml:632(para)
22895
msgid ""
22896
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22897
"BIND</ulink> is a popular book now in it's fifth edition."
22898
msgstr ""
22899
22900
#: serverguide/C/dns.xml:637(para)
22901
msgid ""
22902
"A great place to ask for <application>BIND9</application> assistance, and "
22903
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22904
"server</emphasis> IRC channel on <ulink "
22905
"url=\"http://freenode.net\">freenode</ulink>."
22906
msgstr ""
22907
22908
#: serverguide/C/dns.xml:643(para)
22909
msgid ""
22910
"Also, see the <ulink "
22911
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22912
"HOWTO</ulink> in the Ubuntu Wiki."
22913
msgstr ""
22914
22915
#: serverguide/C/databases.xml:13(title)
22916
msgid "Databases"
22917
msgstr "Базы даньняў"
22918
22919
#: serverguide/C/databases.xml:14(para)
22920
msgid "Ubuntu provides two popular database servers. They are:"
22921
msgstr ""
22922
22923
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22924
msgid "PostgreSQL"
22925
msgstr "PostgreSQL"
22926
22927
#: serverguide/C/databases.xml:25(para)
22928
msgid ""
22929
"They are available in the main repository. This section explains how to "
22930
"install and configure these database servers."
22931
msgstr ""
22932
22933
#: serverguide/C/databases.xml:32(para)
22934
msgid ""
22935
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22936
"It is intended for mission-critical, heavy-load production systems as well "
22937
"as for embedding into mass-deployed software."
22938
msgstr ""
22939
22940
#: serverguide/C/databases.xml:41(para)
22941
msgid "To install MySQL, run the following command from a terminal prompt:"
22942
msgstr "Каб устанавіць MySQL, запусьціце наступны загад у тэрмінале:"
22943
22944
#: serverguide/C/databases.xml:46(command)
22945
msgid "sudo apt-get install mysql-server"
22946
msgstr "sudo apt-get install mysql-server"
22947
22948
#: serverguide/C/databases.xml:48(para)
22949
msgid ""
22950
"During the installation process you will be prompted to enter a password for "
22951
"the <application>MySQL</application> root user."
22952
msgstr ""
22953
22954
#: serverguide/C/databases.xml:53(para)
22955
msgid ""
22956
"Once the installation is complete, the MySQL server should be started "
22957
"automatically. You can run the following command from a terminal prompt to "
22958
"check whether the MySQL server is running:"
22959
msgstr ""
22960
22961
#: serverguide/C/databases.xml:61(command)
22962
msgid "sudo netstat -tap | grep mysql"
22963
msgstr "sudo netstat -tap | grep mysql"
22964
22965
#: serverguide/C/databases.xml:70(programlisting)
22966
#, no-wrap
22967
msgid ""
22968
"\n"
22969
"tcp 0 0 localhost:mysql *:* LISTEN "
22970
" 2556/mysqld\n"
22971
msgstr ""
22972
"\n"
22973
"tcp 0 0 localhost:mysql *:* LISTEN "
22974
" 2556/mysqld\n"
22975
22976
#: serverguide/C/databases.xml:74(para)
22977
msgid ""
22978
"If the server is not running correctly, you can type the following command "
22979
"to start it:"
22980
msgstr ""
22981
22982
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22983
msgid "sudo /etc/init.d/mysql restart"
22984
msgstr "sudo /etc/init.d/mysql restart"
22985
22986
#: serverguide/C/databases.xml:85(para)
22987
msgid ""
22988
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22989
"the basic settings -- log file, port number, etc. For example, to configure "
22990
"<application>MySQL</application> to listen for connections from network "
22991
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22992
"server's IP address:"
22993
msgstr ""
22994
22995
#: serverguide/C/databases.xml:91(programlisting)
22996
#, no-wrap
22997
msgid ""
22998
"\n"
22999
"bind-address = 192.168.0.5\n"
23000
msgstr ""
23001
"\n"
23002
"bind-address = 192.168.0.5\n"
23003
23004
#: serverguide/C/databases.xml:95(para)
23005
msgid "Replace 192.168.0.5 with the appropriate address."
23006
msgstr ""
23007
23008
#: serverguide/C/databases.xml:99(para)
23009
msgid ""
23010
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
23011
"<application>mysql</application> daemon will need to be restarted:"
23012
msgstr ""
23013
23014
#: serverguide/C/databases.xml:107(para)
23015
msgid ""
23016
"If you would like to change the "
23017
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
23018
"terminal enter:"
23019
msgstr ""
23020
23021
#: serverguide/C/databases.xml:113(command)
23022
msgid "sudo dpkg-reconfigure mysql-server-5.1"
23023
msgstr ""
23024
23025
#: serverguide/C/databases.xml:116(para)
23026
msgid ""
23027
"The <application>mysql</application> daemon will be stopped, and you will be "
23028
"prompted to enter a new password."
23029
msgstr ""
23030
23031
#: serverguide/C/databases.xml:125(para)
23032
msgid ""
23033
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
23034
"more information."
23035
msgstr ""
23036
23037
#: serverguide/C/databases.xml:130(para)
23038
msgid ""
23039
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
23040
"<application>mysql-doc-5.0</application> package. To install the package "
23041
"enter the following in a terminal:"
23042
msgstr ""
23043
23044
#: serverguide/C/databases.xml:135(command)
23045
msgid "sudo apt-get install mysql-doc-5.0"
23046
msgstr "sudo apt-get install mysql-doc-5.0"
23047
23048
#: serverguide/C/databases.xml:137(para)
23049
msgid ""
23050
"The documentation is in HTML format, to view them enter "
23051
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
23052
"chapter/index.html</command> in your browser's address bar."
23053
msgstr ""
23054
23055
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
23056
msgid ""
23057
"For general SQL information see <ulink "
23058
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
23059
"Special Edition</ulink> by Rafe Colburn."
23060
msgstr ""
23061
23062
#: serverguide/C/databases.xml:149(para)
23063
msgid ""
23064
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
23065
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
23066
msgstr ""
23067
23068
#: serverguide/C/databases.xml:158(para)
23069
msgid ""
23070
"PostgreSQL is an object-relational database system that has the features of "
23071
"traditional commercial database systems with enhancements to be found in "
23072
"next-generation DBMS systems."
23073
msgstr ""
23074
23075
#: serverguide/C/databases.xml:165(para)
23076
msgid ""
23077
"To install PostgreSQL, run the following command in the command prompt:"
23078
msgstr ""
23079
23080
#: serverguide/C/databases.xml:172(command)
23081
msgid "sudo apt-get install postgresql"
23082
msgstr "sudo apt-get install postgresql"
23083
23084
#: serverguide/C/databases.xml:176(para)
23085
msgid ""
23086
"Once the installation is complete, you should configure the PostgreSQL "
23087
"server based on your needs, although the default configuration is viable."
23088
msgstr ""
23089
23090
#: serverguide/C/databases.xml:184(para)
23091
msgid ""
23092
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
23093
"client authentication methods. By default, IDENT authentication method is "
23094
"used for <application>postgres</application> and local users. Please refer "
23095
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
23096
"PostgreSQL Administrator's Guide</ulink>."
23097
msgstr ""
23098
23099
#: serverguide/C/databases.xml:191(para)
23100
msgid ""
23101
"The following discussion assumes that you wish to enable TCP/IP connections "
23102
"and use the MD5 method for client authentication. PostgreSQL configuration "
23103
"files are stored in the "
23104
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
23105
"example, if you install PostgreSQL 8.4, the configuration files are stored "
23106
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
23107
msgstr ""
23108
23109
#: serverguide/C/databases.xml:201(para)
23110
msgid ""
23111
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
23112
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
23113
msgstr ""
23114
23115
#: serverguide/C/databases.xml:208(para)
23116
msgid ""
23117
"To enable TCP/IP connections, edit the file "
23118
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
23119
msgstr ""
23120
23121
#: serverguide/C/databases.xml:210(para)
23122
msgid ""
23123
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
23124
"change it to:"
23125
msgstr ""
23126
23127
#: serverguide/C/databases.xml:213(programlisting)
23128
#, no-wrap
23129
msgid ""
23130
"\n"
23131
"listen_addresses = 'localhost'\n"
23132
msgstr ""
23133
"\n"
23134
"listen_addresses = 'localhost'\n"
23135
23136
#: serverguide/C/databases.xml:217(para)
23137
msgid ""
23138
"To allow other computers to connect to your "
23139
"<application>PostgreSQL</application> server replace 'localhost' with the "
23140
"<emphasis>IP Address</emphasis> of your server."
23141
msgstr ""
23142
23143
#: serverguide/C/databases.xml:222(para)
23144
msgid ""
23145
"You may also edit all other parameters, if you know what you are doing! For "
23146
"details, refer to the configuration file or to the PostgreSQL documentation."
23147
msgstr ""
23148
23149
#: serverguide/C/databases.xml:227(para)
23150
msgid ""
23151
"Now that we can connect to our <application>PostgreSQL</application> server, "
23152
"the next step is to set a password for the <emphasis>postgres</emphasis> "
23153
"user. Run the following command at a terminal prompt to connect to the "
23154
"default PostgreSQL template database:"
23155
msgstr ""
23156
23157
#: serverguide/C/databases.xml:234(command)
23158
msgid "sudo -u postgres psql template1"
23159
msgstr "sudo -u postgres psql template1"
23160
23161
#: serverguide/C/databases.xml:236(para)
23162
msgid ""
23163
"The above command connects to PostgreSQL database "
23164
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
23165
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
23166
"run the following SQL command at the <application>psql</application> prompt "
23167
"to configure the password for the user <emphasis "
23168
"role=\"italics\">postgres</emphasis>."
23169
msgstr ""
23170
23171
#: serverguide/C/databases.xml:244(command)
23172
msgid "ALTER USER postgres with encrypted password 'your_password';"
23173
msgstr ""
23174
23175
#: serverguide/C/databases.xml:246(para)
23176
msgid ""
23177
"After configuring the password, edit the file "
23178
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
23179
"<emphasis>MD5</emphasis> authentication with the "
23180
"<emphasis>postgres</emphasis> user:"
23181
msgstr ""
23182
23183
#: serverguide/C/databases.xml:252(programlisting)
23184
#, no-wrap
23185
msgid ""
23186
"\n"
23187
"local all postgres md5\n"
23188
msgstr ""
23189
23190
#: serverguide/C/databases.xml:256(para)
23191
msgid ""
23192
"Finally, you should restart the <application>PostgreSQL</application> "
23193
"service to initialize the new configuration. From a terminal prompt enter "
23194
"the following to restart <application>PostgreSQL</application>:"
23195
msgstr ""
23196
23197
#: serverguide/C/databases.xml:262(command)
23198
msgid "sudo /etc/init.d/postgresql-8.4 restart"
23199
msgstr ""
23200
23201
#: serverguide/C/databases.xml:265(para)
23202
msgid ""
23203
"The above configuration is not complete by any means. Please refer <ulink "
23204
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
23205
"Administrator's Guide</ulink> to configure more parameters."
23206
msgstr ""
23207
23208
#: serverguide/C/databases.xml:276(para)
23209
msgid ""
23210
"As mentioned above the <ulink "
23211
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
23212
"Guide</ulink> is an excellent resource. The guide is also available in the "
23213
"<application>postgresql-doc-8.4</application> package. Execute the following "
23214
"in a terminal to install the package:"
23215
msgstr ""
23216
23217
#: serverguide/C/databases.xml:282(command)
23218
msgid "sudo apt-get install postgresql-doc-8.4"
23219
msgstr ""
23220
23221
#: serverguide/C/databases.xml:284(para)
23222
msgid ""
23223
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
23224
"8.4/html/index.html</command> into the address bar of your browser."
23225
msgstr ""
23226
23227
#: serverguide/C/databases.xml:296(para)
23228
msgid ""
23229
"Also, see the <ulink "
23230
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
23231
"Wiki</ulink> page for more information."
23232
msgstr ""
23233
23234
#: serverguide/C/clustering.xml:13(title)
23235
msgid "Clustering"
23236
msgstr ""
23237
23238
#: serverguide/C/clustering.xml:16(title)
23239
msgid "DRBD"
23240
msgstr "DRBD"
23241
23242
#: serverguide/C/clustering.xml:18(para)
23243
msgid ""
23244
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
23245
"multiple hosts. The replication is transparent to other applications on the "
23246
"host systems. Any block device hard disks, partitions, RAID devices, logical "
23247
"volumes, etc can be mirrored."
23248
msgstr ""
23249
23250
#: serverguide/C/clustering.xml:24(para)
23251
msgid ""
23252
"To get started using <application>drbd</application>, first install the "
23253
"necessary packages. From a terminal enter:"
23254
msgstr ""
23255
"Каб карыстацца <application>drbd</application>, спачатку ўстанавіце "
23256
"неабходныя пакеты. Увядзіце ў тэрмінале:"
23257
23258
#: serverguide/C/clustering.xml:29(command)
23259
msgid "sudo apt-get install drbd8-utils"
23260
msgstr "sudo apt-get install drbd8-utils"
23261
23262
#: serverguide/C/clustering.xml:33(para)
23263
msgid ""
23264
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
23265
"virtual machine you will need to manually compile the "
23266
"<application>drbd</application> module. It may be easier to install the "
23267
"<application>linux-server</application> package inside the virtual machine."
23268
msgstr ""
23269
23270
#: serverguide/C/clustering.xml:40(para)
23271
msgid ""
23272
"This section covers setting up a <application>drbd</application> to "
23273
"replicate a separate <filename>/srv</filename> partition, with an "
23274
"<application>ext3</application> filesystem between two hosts. The partition "
23275
"size is not particularly relevant, but both partitions need to be the same "
23276
"size."
23277
msgstr ""
23278
23279
#: serverguide/C/clustering.xml:49(para)
23280
msgid ""
23281
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
23282
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
23283
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
23284
"See <xref linkend=\"dns\"/> for details."
23285
msgstr ""
23286
23287
#: serverguide/C/clustering.xml:57(para)
23288
msgid ""
23289
"To configure <application>drbd</application>, on the first host edit "
23290
"<filename>/etc/drbd.conf</filename>:"
23291
msgstr ""
23292
23293
#: serverguide/C/clustering.xml:61(programlisting)
23294
#, no-wrap
23295
msgid ""
23296
"\n"
23297
"global { usage-count no; }\n"
23298
"common { syncer { rate 100M; } }\n"
23299
"resource r0 {\n"
23300
" protocol C;\n"
23301
" startup {\n"
23302
" wfc-timeout 15;\n"
23303
" degr-wfc-timeout 60;\n"
23304
" }\n"
23305
" net {\n"
23306
" cram-hmac-alg sha1;\n"
23307
" shared-secret \"secret\";\n"
23308
" }\n"
23309
" on drbd01 {\n"
23310
" device /dev/drbd0;\n"
23311
" disk /dev/sdb1;\n"
23312
" address 192.168.0.1:7788;\n"
23313
" meta-disk internal;\n"
23314
" }\n"
23315
" on drbd02 {\n"
23316
" device /dev/drbd0;\n"
23317
" disk /dev/sdb1;\n"
23318
" address 192.168.0.2:7788;\n"
23319
" meta-disk internal;\n"
23320
" }\n"
23321
"} \n"
23322
msgstr ""
23323
23324
#: serverguide/C/clustering.xml:90(para)
23325
msgid ""
23326
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
23327
"this example their default values are fine."
23328
msgstr ""
23329
23330
#: serverguide/C/clustering.xml:98(para)
23331
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
23332
msgstr ""
23333
23334
#: serverguide/C/clustering.xml:103(command)
23335
msgid "scp /etc/drbd.conf drbd02:~"
23336
msgstr "scp /etc/drbd.conf drbd02:~"
23337
23338
#: serverguide/C/clustering.xml:109(para)
23339
msgid ""
23340
"And, on <emphasis>drbd02</emphasis> move the file to "
23341
"<filename>/etc</filename>:"
23342
msgstr ""
23343
23344
#: serverguide/C/clustering.xml:114(command)
23345
msgid "sudo mv drbd.conf /etc/"
23346
msgstr "sudo mv drbd.conf /etc/"
23347
23348
#: serverguide/C/clustering.xml:120(para)
23349
msgid ""
23350
"Next, on both hosts, start the <application>drbd</application> daemon:"
23351
msgstr ""
23352
23353
#: serverguide/C/clustering.xml:125(command)
23354
msgid "sudo /etc/init.d/drbd start"
23355
msgstr "sudo /etc/init.d/drbd start"
23356
23357
#: serverguide/C/clustering.xml:131(para)
23358
msgid ""
23359
"Now using the <application>drbdadm</application> utility initialize the meta "
23360
"data storage. On each server execute:"
23361
msgstr ""
23362
23363
#: serverguide/C/clustering.xml:137(command)
23364
msgid "sudo drbdadm create-md r0"
23365
msgstr "sudo drbdadm create-md r0"
23366
23367
#: serverguide/C/clustering.xml:143(para)
23368
msgid ""
23369
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
23370
"primary, enter the following:"
23371
msgstr ""
23372
23373
#: serverguide/C/clustering.xml:148(command)
23374
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
23375
msgstr "sudo drbdadm -- --overwrite-data-of-peer primary all"
23376
23377
#: serverguide/C/clustering.xml:154(para)
23378
msgid ""
23379
"After executing the above command, the data will start syncing with the "
23380
"secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter "
23381
"the following:"
23382
msgstr ""
23383
23384
#: serverguide/C/clustering.xml:160(command)
23385
msgid "watch -n1 cat /proc/drbd"
23386
msgstr "watch -n1 cat /proc/drbd"
23387
23388
#: serverguide/C/clustering.xml:163(para)
23389
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
23390
msgstr ""
23391
23392
#: serverguide/C/clustering.xml:170(para)
23393
msgid ""
23394
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
23395
msgstr ""
23396
23397
#: serverguide/C/clustering.xml:175(command)
23398
msgid "sudo mkfs.ext3 /dev/drbd0"
23399
msgstr "sudo mkfs.ext3 /dev/drbd0"
23400
23401
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
23402
msgid "sudo mount /dev/drbd0 /srv"
23403
msgstr "sudo mount /dev/drbd0 /srv"
23404
23405
#: serverguide/C/clustering.xml:186(para)
23406
msgid ""
23407
"To test that the data is actually syncing between the hosts copy some files "
23408
"on the <emphasis>drbd01</emphasis>, the primary, to "
23409
"<filename>/srv</filename>:"
23410
msgstr ""
23411
23412
#: serverguide/C/clustering.xml:195(para)
23413
msgid "Next, unmount <filename>/srv</filename>:"
23414
msgstr "Пасьля, размацуйце <filename>/srv</filename>:"
23415
23416
#: serverguide/C/clustering.xml:203(para)
23417
msgid ""
23418
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
23419
"<emphasis>secondary</emphasis> role:"
23420
msgstr ""
23421
23422
#: serverguide/C/clustering.xml:208(command)
23423
msgid "sudo drbdadm secondary r0"
23424
msgstr "sudo drbdadm secondary r0"
23425
23426
#: serverguide/C/clustering.xml:211(para)
23427
msgid ""
23428
"Now on the <emphasis>secondary</emphasis> server "
23429
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
23430
msgstr ""
23431
23432
#: serverguide/C/clustering.xml:216(command)
23433
msgid "sudo drbdadm primary r0"
23434
msgstr "sudo drbdadm primary r0"
23435
23436
#: serverguide/C/clustering.xml:219(para)
23437
msgid "Lastly, mount the partition:"
23438
msgstr ""
23439
23440
#: serverguide/C/clustering.xml:227(para)
23441
msgid ""
23442
"Using <emphasis>ls</emphasis> you should see "
23443
"<filename>/srv/default</filename> copied from the former "
23444
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
23445
msgstr ""
23446
23447
#: serverguide/C/clustering.xml:238(para)
23448
msgid ""
23449
"For more information on <application>DRBD</application> see the <ulink "
23450
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
23451
msgstr ""
23452
23453
#: serverguide/C/clustering.xml:243(para)
23454
msgid ""
23455
"The <ulink "
23456
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/drbd.conf.5.html\">dr"
23457
"bd.conf man page</ulink> contains details on the options not covered in this "
23458
"guide."
23459
msgstr ""
23460
23461
#: serverguide/C/clustering.xml:249(para)
23462
msgid ""
23463
"Also, see the <ulink "
23464
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/drbdadm.8.html\">drbd"
23465
"adm man page</ulink>."
23466
msgstr ""
23467
23468
#: serverguide/C/clustering.xml:254(para)
23469
msgid ""
23470
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
23471
"Wiki</ulink> page also has more information."
23472
msgstr ""
23473
23474
#: serverguide/C/chat.xml:13(title)
23475
msgid "Chat Applications"
23476
msgstr ""
23477
23478
#: serverguide/C/chat.xml:19(para)
23479
msgid ""
23480
"In this section, we will discuss how to install and configure a IRC server, "
23481
"<application>ircd-irc2</application>. We will also discuss how to install "
23482
"and configure Jabber, an instance messaging server."
23483
msgstr ""
23484
23485
#: serverguide/C/chat.xml:28(title)
23486
msgid "IRC Server"
23487
msgstr ""
23488
23489
#: serverguide/C/chat.xml:30(para)
23490
msgid ""
23491
"The Ubuntu repository has many Internet Relay Chat servers. This section "
23492
"explains how to install and configure the original IRC server "
23493
"<application>ircd-irc2</application>."
23494
msgstr ""
23495
23496
#: serverguide/C/chat.xml:39(para)
23497
msgid ""
23498
"To install <application>ircd-irc2</application>, run the following command "
23499
"in the command prompt:"
23500
msgstr ""
23501
23502
#: serverguide/C/chat.xml:45(command)
23503
msgid "sudo apt-get install ircd-irc2"
23504
msgstr ""
23505
23506
#: serverguide/C/chat.xml:48(para)
23507
msgid ""
23508
"The configuration files are stored in <filename>/etc/ircd</filename> "
23509
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
23510
"irc2</filename> directory."
23511
msgstr ""
23512
23513
#: serverguide/C/chat.xml:59(para)
23514
msgid ""
23515
"The IRC settings can be done in the configuration file "
23516
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
23517
"this file by editing the following line:"
23518
msgstr ""
23519
23520
#: serverguide/C/chat.xml:64(programlisting)
23521
#, no-wrap
23522
msgid ""
23523
"\n"
23524
"M:irc.localhost::Debian ircd default configuration::000A\n"
23525
msgstr ""
23526
23527
#: serverguide/C/chat.xml:68(para)
23528
msgid ""
23529
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
23530
"you set irc.livecipher.com as IRC host name, please make sure "
23531
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
23532
"name should not be same as the host name."
23533
msgstr ""
23534
23535
#: serverguide/C/chat.xml:75(para)
23536
msgid ""
23537
"The IRC admin details can be configured by editting the following line:"
23538
msgstr ""
23539
23540
#: serverguide/C/chat.xml:80(programlisting)
23541
#, no-wrap
23542
msgid ""
23543
"\n"
23544
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
23545
"Server::IRCnet:\n"
23546
msgstr ""
23547
23548
#: serverguide/C/chat.xml:84(para)
23549
msgid ""
23550
"You should add specific lines to configure the list of IRC ports to listen "
23551
"on, to configure Operator credentials, to configure client authentication, "
23552
"etc. For details, please refer to the example configuration file "
23553
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
23554
msgstr ""
23555
23556
#: serverguide/C/chat.xml:92(para)
23557
msgid ""
23558
"The IRC banner to be displayed in the IRC client, when the user connects to "
23559
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
23560
msgstr ""
23561
23562
#: serverguide/C/chat.xml:97(para)
23563
msgid ""
23564
"After making necessary changes to the configuration file, you can restart "
23565
"the IRC server using following command:"
23566
msgstr ""
23567
23568
#: serverguide/C/chat.xml:101(programlisting)
23569
#, no-wrap
23570
msgid ""
23571
"\n"
23572
"sudo /etc/init.d/ircd-irc2 restart\n"
23573
msgstr ""
23574
23575
#: serverguide/C/chat.xml:109(para)
23576
msgid ""
23577
"You may also be interested to take a look at other IRC servers available in "
23578
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
23579
"<application>ircd-hybrid</application>."
23580
msgstr ""
23581
23582
#: serverguide/C/chat.xml:117(para)
23583
msgid ""
23584
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
23585
"FAQ</ulink> for more details about the IRC Server."
23586
msgstr ""
23587
23588
#: serverguide/C/chat.xml:124(para)
23589
msgid ""
23590
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23591
"IRCD</ulink> page has more information."
23592
msgstr ""
23593
23594
#: serverguide/C/chat.xml:132(title)
23595
msgid "Jabber Instant Messaging Server"
23596
msgstr ""
23597
23598
#: serverguide/C/chat.xml:134(para)
23599
msgid ""
23600
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
23601
"XMPP, an open standard for instant messaging, and used by many popular "
23602
"applications. This section covers setting up a <emphasis>Jabberd "
23603
"2</emphasis> server on a local LAN. This configuration can also be adapted "
23604
"to providing messaging services to users over the Internet."
23605
msgstr ""
23606
23607
#: serverguide/C/chat.xml:143(para)
23608
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23609
msgstr ""
23610
23611
#: serverguide/C/chat.xml:148(command)
23612
msgid "sudo apt-get install jabberd2"
23613
msgstr ""
23614
23615
#: serverguide/C/chat.xml:155(para)
23616
msgid ""
23617
"A couple of XML configuration files will be used to configure "
23618
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23619
"authentication. This is a very simple form of authentication. However, "
23620
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23621
"Postgresql, etc for for user authentication."
23622
msgstr ""
23623
23624
#: serverguide/C/chat.xml:162(para)
23625
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23626
msgstr ""
23627
23628
#: serverguide/C/chat.xml:166(programlisting)
23629
#, no-wrap
23630
msgid ""
23631
"\n"
23632
" <id>jabber.example.com</id>\n"
23633
msgstr ""
23634
23635
#: serverguide/C/chat.xml:171(para)
23636
msgid ""
23637
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23638
"id, of your server."
23639
msgstr ""
23640
23641
#: serverguide/C/chat.xml:176(para)
23642
msgid "Now in the <storage> section change the <driver> to:"
23643
msgstr ""
23644
23645
#: serverguide/C/chat.xml:180(programlisting)
23646
#, no-wrap
23647
msgid ""
23648
"\n"
23649
" <driver>db</driver>\n"
23650
msgstr ""
23651
23652
#: serverguide/C/chat.xml:184(para)
23653
msgid ""
23654
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23655
"<emphasis><local></emphasis> section change:"
23656
msgstr ""
23657
23658
#: serverguide/C/chat.xml:188(programlisting)
23659
#, no-wrap
23660
msgid ""
23661
"\n"
23662
" <id>jabber.example.com</id>\n"
23663
msgstr ""
23664
23665
#: serverguide/C/chat.xml:192(para)
23666
msgid ""
23667
"And in the <authreg> section adjust the <module> section to:"
23668
msgstr ""
23669
23670
#: serverguide/C/chat.xml:196(programlisting)
23671
#, no-wrap
23672
msgid ""
23673
"\n"
23674
" <module>db</module>\n"
23675
msgstr ""
23676
23677
#: serverguide/C/chat.xml:200(para)
23678
msgid ""
23679
"Finally, restart <application>jabberd2</application> to enable the new "
23680
"settings:"
23681
msgstr ""
23682
23683
#: serverguide/C/chat.xml:205(command)
23684
msgid "sudo /etc/init.d/jabberd2 restart"
23685
msgstr ""
23686
23687
#: serverguide/C/chat.xml:208(para)
23688
msgid ""
23689
"You should now be able to connect to the server using a Jabber client like "
23690
"<application>Pidgin</application> for example."
23691
msgstr ""
23692
23693
#: serverguide/C/chat.xml:213(para)
23694
msgid ""
23695
"The advantage of using Berkeley DB for user data is that after being "
23696
"configured no additional maintenance is required. If you need more control "
23697
"over user accounts and credentials another authentication method is "
23698
"recommended."
23699
msgstr ""
23700
23701
#: serverguide/C/chat.xml:225(para)
23702
msgid ""
23703
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23704
"Site</ulink> contains more details on configuring "
23705
"<application>Jabberd2</application>."
23706
msgstr ""
23707
23708
#: serverguide/C/chat.xml:231(para)
23709
msgid ""
23710
"For more authentication options see the <ulink "
23711
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23712
"Guide</ulink>."
23713
msgstr ""
23714
23715
#: serverguide/C/chat.xml:236(para)
23716
msgid ""
23717
"Also, the <ulink "
23718
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23719
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23720
msgstr ""
23721
23722
#: serverguide/C/backups.xml:13(title)
23723
msgid "Backups"
23724
msgstr ""
23725
23726
#: serverguide/C/backups.xml:14(para)
23727
msgid ""
23728
"There are many ways to backup an Ubuntu installation. The most important "
23729
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23730
"consisting of what to backup, where to back it up to, and how to restore it."
23731
msgstr ""
23732
23733
#: serverguide/C/backups.xml:18(para)
23734
msgid ""
23735
"The following sections discuss various ways of accomplishing these tasks."
23736
msgstr ""
23737
23738
#: serverguide/C/backups.xml:22(title)
23739
msgid "Shell Scripts"
23740
msgstr ""
23741
23742
#: serverguide/C/backups.xml:23(para)
23743
msgid ""
23744
"One of the simplest ways to backup a system is using a <emphasis>shell "
23745
"script</emphasis>. For example, a script can be used to configure which "
23746
"directories to backup, and use those directories as arguments to the "
23747
"<application>tar</application> utility creating an archive file. The archive "
23748
"file can then be moved or copied to another location. The archive can also "
23749
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23750
msgstr ""
23751
23752
#: serverguide/C/backups.xml:29(para)
23753
msgid ""
23754
"The <application>tar</application> utility creates one archive file out of "
23755
"many files or directories. <application>tar</application> can also filter "
23756
"the files through compression utilities reducing the size of the archive "
23757
"file."
23758
msgstr ""
23759
23760
#: serverguide/C/backups.xml:35(title)
23761
msgid "Simple Shell Script"
23762
msgstr ""
23763
23764
#: serverguide/C/backups.xml:36(para)
23765
msgid ""
23766
"The following shell script uses <application>tar</application> to create an "
23767
"archive file on a remotely mounted NFS file system. The archive filename is "
23768
"determined using additional command line utilities."
23769
msgstr ""
23770
23771
#: serverguide/C/backups.xml:40(programlisting)
23772
#, no-wrap
23773
msgid ""
23774
"\n"
23775
"#!/bin/sh\n"
23776
"####################################\n"
23777
"#\n"
23778
"# Backup to NFS mount script.\n"
23779
"#\n"
23780
"####################################\n"
23781
"\n"
23782
"# What to backup. \n"
23783
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23784
"\n"
23785
"# Where to backup to.\n"
23786
"dest=\"/mnt/backup\"\n"
23787
"\n"
23788
"# Create archive filename.\n"
23789
"day=$(date +%A)\n"
23790
"hostname=$(hostname -s)\n"
23791
"archive_file=\"$hostname-$day.tgz\"\n"
23792
"\n"
23793
"# Print start status message.\n"
23794
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23795
"date\n"
23796
"echo\n"
23797
"\n"
23798
"# Backup the files using tar.\n"
23799
"tar czf $dest/$archive_file $backup_files\n"
23800
"\n"
23801
"# Print end status message.\n"
23802
"echo\n"
23803
"echo \"Backup finished\"\n"
23804
"date\n"
23805
"\n"
23806
"# Long listing of files in $dest to check file sizes.\n"
23807
"ls -lh $dest\n"
23808
msgstr ""
23809
23810
#: serverguide/C/backups.xml:77(para)
23811
msgid ""
23812
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23813
"would like to backup. The list should be customized to fit your needs."
23814
msgstr ""
23815
23816
#: serverguide/C/backups.xml:83(para)
23817
msgid ""
23818
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23819
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23820
"day of the week, giving a backup history of seven days. There are other ways "
23821
"to accomplish this including other ways using the "
23822
"<application>date</application> utility."
23823
msgstr ""
23824
23825
#: serverguide/C/backups.xml:90(para)
23826
msgid ""
23827
"<emphasis>$hostname:</emphasis> variable containing the "
23828
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23829
"archive filename gives you the option of placing daily archive files from "
23830
"multiple systems in the same directory."
23831
msgstr ""
23832
23833
#: serverguide/C/backups.xml:97(para)
23834
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23835
msgstr ""
23836
23837
#: serverguide/C/backups.xml:102(para)
23838
msgid ""
23839
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23840
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23841
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23842
"details using <emphasis>NFS</emphasis>."
23843
msgstr ""
23844
23845
#: serverguide/C/backups.xml:109(para)
23846
msgid ""
23847
"<emphasis>status messages:</emphasis> optional messages printed to the "
23848
"console using the <application>echo</application> utility."
23849
msgstr ""
23850
23851
#: serverguide/C/backups.xml:115(para)
23852
msgid ""
23853
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23854
"<application>tar</application> command used to create the archive file."
23855
msgstr ""
23856
23857
#: serverguide/C/backups.xml:121(para)
23858
msgid "<emphasis>c:</emphasis> creates an archive."
23859
msgstr ""
23860
23861
#: serverguide/C/backups.xml:126(para)
23862
msgid ""
23863
"<emphasis>z:</emphasis> filter the archive through the "
23864
"<application>gzip</application> utility compressing the archive."
23865
msgstr ""
23866
23867
#: serverguide/C/backups.xml:131(para)
23868
msgid ""
23869
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23870
"<application>tar</application> output will be sent to STDOUT."
23871
msgstr ""
23872
23873
#: serverguide/C/backups.xml:138(para)
23874
msgid ""
23875
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23876
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23877
"of the destination directory. This is useful for a quick file size check of "
23878
"the archive file. This check should not replace testing the archive file."
23879
msgstr ""
23880
23881
#: serverguide/C/backups.xml:145(para)
23882
msgid ""
23883
"This is a simple example of a backup shell script. There are large amount of "
23884
"options that can be included in a backup script. See <xref linkend=\"backup-"
23885
"shellscript-references\"/> for links to resources providing more in depth "
23886
"shell scripting information."
23887
msgstr ""
23888
23889
#: serverguide/C/backups.xml:152(title)
23890
msgid "Executing the Script"
23891
msgstr ""
23892
23893
#: serverguide/C/backups.xml:154(title)
23894
msgid "Executing from a Terminal"
23895
msgstr ""
23896
23897
#: serverguide/C/backups.xml:155(para)
23898
msgid ""
23899
"The simplest way of executing the above backup script is to copy and paste "
23900
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23901
"from a terminal prompt:"
23902
msgstr ""
23903
23904
#: serverguide/C/backups.xml:160(command)
23905
msgid "sudo bash backup.sh"
23906
msgstr "sudo bash backup.sh"
23907
23908
#: serverguide/C/backups.xml:162(para)
23909
msgid ""
23910
"This is a great way to test the script to make sure everything works as "
23911
"expected."
23912
msgstr ""
23913
23914
#: serverguide/C/backups.xml:167(title)
23915
msgid "Executing with cron"
23916
msgstr ""
23917
23918
#: serverguide/C/backups.xml:168(para)
23919
msgid ""
23920
"The <application>cron</application> utility can be used to automate the "
23921
"script execution. The <application>cron</application> daemon allows the "
23922
"execution of scripts, or commands, at a specified time and date."
23923
msgstr ""
23924
23925
#: serverguide/C/backups.xml:172(para)
23926
msgid ""
23927
"<application>cron</application> is configured through entries in a "
23928
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23929
"separated into fields:"
23930
msgstr ""
23931
23932
#: serverguide/C/backups.xml:176(programlisting)
23933
#, no-wrap
23934
msgid ""
23935
"\n"
23936
"# m h dom mon dow command\n"
23937
msgstr ""
23938
"\n"
23939
"# m h dom mon dow command\n"
23940
23941
#: serverguide/C/backups.xml:181(para)
23942
msgid ""
23943
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23944
msgstr ""
23945
23946
#: serverguide/C/backups.xml:186(para)
23947
msgid ""
23948
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23949
msgstr ""
23950
23951
#: serverguide/C/backups.xml:191(para)
23952
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23953
msgstr ""
23954
23955
#: serverguide/C/backups.xml:196(para)
23956
msgid ""
23957
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23958
msgstr ""
23959
23960
#: serverguide/C/backups.xml:201(para)
23961
msgid ""
23962
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23963
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23964
"valid."
23965
msgstr ""
23966
23967
#: serverguide/C/backups.xml:206(para)
23968
msgid "<emphasis>command:</emphasis> the command to execute."
23969
msgstr ""
23970
23971
#: serverguide/C/backups.xml:211(para)
23972
msgid ""
23973
"To add or change entries in a <filename>crontab</filename> file the "
23974
"<application>crontab -e</application> command should be used. Also, the "
23975
"contents of a <filename>crontab</filename> file can be viewed using the "
23976
"<application>crontab -l</application> command."
23977
msgstr ""
23978
23979
#: serverguide/C/backups.xml:215(para)
23980
msgid ""
23981
"To execute the <application>backup.sh</application> script listed above "
23982
"using <application>cron</application>. Enter the following from a terminal "
23983
"prompt:"
23984
msgstr ""
23985
23986
#: serverguide/C/backups.xml:220(command)
23987
msgid "sudo crontab -e"
23988
msgstr "sudo crontab -e"
23989
23990
#: serverguide/C/backups.xml:223(para)
23991
msgid ""
23992
"Using <application>sudo</application> with the <application>crontab -"
23993
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23994
"This is necessary if you are backing up directories only the root user has "
23995
"access to."
23996
msgstr ""
23997
23998
#: serverguide/C/backups.xml:228(para)
23999
msgid "Add the following entry to the <filename>crontab</filename> file:"
24000
msgstr ""
24001
24002
#: serverguide/C/backups.xml:231(programlisting)
24003
#, no-wrap
24004
msgid ""
24005
"\n"
24006
"# m h dom mon dow command\n"
24007
"0 0 * * * bash /usr/local/bin/backup.sh\n"
24008
msgstr ""
24009
"\n"
24010
"# m h dom mon dow command\n"
24011
"0 0 * * * bash /usr/local/bin/backup.sh\n"
24012
24013
#: serverguide/C/backups.xml:235(para)
24014
msgid ""
24015
"The <application>backup.sh</application> script will now be executed every "
24016
"day at 12:00 am."
24017
msgstr ""
24018
24019
#: serverguide/C/backups.xml:239(para)
24020
msgid ""
24021
"The <application>backup.sh</application> script will need to be copied to "
24022
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
24023
"to execute properly. The script can reside anywhere on the file system "
24024
"simply change the script path appropriately."
24025
msgstr ""
24026
24027
#: serverguide/C/backups.xml:244(para)
24028
msgid ""
24029
"For more in depth <application>crontab</application> options see <xref "
24030
"linkend=\"backup-shellscript-references\"/>."
24031
msgstr ""
24032
24033
#: serverguide/C/backups.xml:250(title)
24034
msgid "Restoring from the Archive"
24035
msgstr ""
24036
24037
#: serverguide/C/backups.xml:251(para)
24038
msgid ""
24039
"Once an archive has been created it is important to test the archive. The "
24040
"archive can be tested by listing the files it contains, but the best test is "
24041
"to <emphasis>restore</emphasis> a file from the archive."
24042
msgstr ""
24043
24044
#: serverguide/C/backups.xml:257(para)
24045
msgid "To see a listing of the archive contents. From a terminal prompt:"
24046
msgstr ""
24047
24048
#: serverguide/C/backups.xml:261(command)
24049
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
24050
msgstr "tar -tzvf /mnt/backup/host-Monday.tgz"
24051
24052
#: serverguide/C/backups.xml:265(para)
24053
msgid "To restore a file from the archive to a different directory enter:"
24054
msgstr ""
24055
24056
#: serverguide/C/backups.xml:269(command)
24057
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
24058
msgstr "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
24059
24060
#: serverguide/C/backups.xml:271(para)
24061
msgid ""
24062
"The <emphasis>-C</emphasis> option to <application>tar</application> "
24063
"redirects the extracted files to the specified directory. The above example "
24064
"will extract the <filename>/etc/hosts</filename> file to "
24065
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
24066
"recreates the directory structure that it contains."
24067
msgstr ""
24068
24069
#: serverguide/C/backups.xml:276(para)
24070
msgid ""
24071
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
24072
"the file to restore."
24073
msgstr ""
24074
24075
#: serverguide/C/backups.xml:281(para)
24076
msgid "To restore all files in the archive enter the following:"
24077
msgstr ""
24078
24079
#: serverguide/C/backups.xml:285(command)
24080
msgid "cd /"
24081
msgstr "cd /"
24082
24083
#: serverguide/C/backups.xml:286(command)
24084
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
24085
msgstr "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
24086
24087
#: serverguide/C/backups.xml:291(para)
24088
msgid "This will overwrite the files currently on the file system."
24089
msgstr ""
24090
24091
#: serverguide/C/backups.xml:300(para)
24092
msgid ""
24093
"For more information on shell scripting see the <ulink "
24094
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
24095
msgstr ""
24096
24097
#: serverguide/C/backups.xml:305(para)
24098
msgid ""
24099
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
24100
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
24101
"great resource for shell scripting."
24102
msgstr ""
24103
24104
#: serverguide/C/backups.xml:311(para)
24105
msgid ""
24106
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
24107
"Wiki Page</ulink> contains details on advanced "
24108
"<application>cron</application> options."
24109
msgstr ""
24110
24111
#: serverguide/C/backups.xml:318(para)
24112
msgid ""
24113
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
24114
"tar Manual</ulink> for more <application>tar</application> options."
24115
msgstr ""
24116
24117
#: serverguide/C/backups.xml:324(para)
24118
msgid ""
24119
"The Wikipedia <ulink "
24120
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
24121
"Scheme</ulink> article contains information on other backup rotation schemes."
24122
msgstr ""
24123
24124
#: serverguide/C/backups.xml:330(para)
24125
msgid ""
24126
"The shell script uses <application>tar</application> to create the archive, "
24127
"but there many other command line utilities that can be used. For example:"
24128
msgstr ""
24129
24130
#: serverguide/C/backups.xml:336(para)
24131
msgid ""
24132
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
24133
"files to and from archives."
24134
msgstr ""
24135
24136
#: serverguide/C/backups.xml:341(para)
24137
msgid ""
24138
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
24139
"the <application>coreutils</application> package. A low level utility that "
24140
"can copy data from one format to another"
24141
msgstr ""
24142
24143
#: serverguide/C/backups.xml:347(para)
24144
msgid ""
24145
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
24146
"snap shot utility used to create copies of an entire file system."
24147
msgstr ""
24148
24149
#: serverguide/C/backups.xml:358(title)
24150
msgid "Archive Rotation"
24151
msgstr ""
24152
24153
#: serverguide/C/backups.xml:359(para)
24154
msgid ""
24155
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
24156
"allows for seven different archives. For a server whose data doesn't change "
24157
"often this may be enough. If the server has a large amount of data a more "
24158
"robust rotation scheme should be used."
24159
msgstr ""
24160
24161
#: serverguide/C/backups.xml:365(title)
24162
msgid "Rotating NFS Archives"
24163
msgstr ""
24164
24165
#: serverguide/C/backups.xml:366(para)
24166
msgid ""
24167
"In this section the shell script will be slightly modified to implement a "
24168
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
24169
msgstr ""
24170
24171
#: serverguide/C/backups.xml:372(para)
24172
msgid ""
24173
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
24174
"Friday."
24175
msgstr ""
24176
24177
#: serverguide/C/backups.xml:377(para)
24178
msgid ""
24179
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
24180
"weekly backups a month."
24181
msgstr ""
24182
24183
#: serverguide/C/backups.xml:382(para)
24184
msgid ""
24185
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
24186
"rotating two monthly backups based on if the month is odd or even."
24187
msgstr ""
24188
24189
#: serverguide/C/backups.xml:388(para)
24190
msgid "Here is the new script:"
24191
msgstr ""
24192
24193
#: serverguide/C/backups.xml:391(programlisting)
24194
#, no-wrap
24195
msgid ""
24196
"\n"
24197
"#!/bin/bash\n"
24198
"####################################\n"
24199
"#\n"
24200
"# Backup to NFS mount script with\n"
24201
"# grandfather-father-son rotation.\n"
24202
"#\n"
24203
"####################################\n"
24204
"\n"
24205
"# What to backup. \n"
24206
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24207
"\n"
24208
"# Where to backup to.\n"
24209
"dest=\"/mnt/backup\"\n"
24210
"\n"
24211
"# Setup variables for the archive filename.\n"
24212
"day=$(date +%A)\n"
24213
"hostname=$(hostname -s)\n"
24214
"\n"
24215
"# Find which week of the month 1-4 it is.\n"
24216
"day_num=$(date +%d)\n"
24217
"if (( $day_num <= 7 )); then\n"
24218
" week_file=\"$hostname-week1.tgz\"\n"
24219
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
24220
" week_file=\"$hostname-week2.tgz\"\n"
24221
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
24222
" week_file=\"$hostname-week3.tgz\"\n"
24223
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
24224
" week_file=\"$hostname-week4.tgz\"\n"
24225
"fi\n"
24226
"\n"
24227
"# Find if the Month is odd or even.\n"
24228
"month_num=$(date +%m)\n"
24229
"month=$(expr $month_num % 2)\n"
24230
"if [ $month -eq 0 ]; then\n"
24231
" month_file=\"$hostname-month2.tgz\"\n"
24232
"else\n"
24233
" month_file=\"$hostname-month1.tgz\"\n"
24234
"fi\n"
24235
"\n"
24236
"# Create archive filename.\n"
24237
"if [ $day_num == 1 ]; then\n"
24238
"\tarchive_file=$month_file\n"
24239
"elif [ $day != \"Saturday\" ]; then\n"
24240
" archive_file=\"$hostname-$day.tgz\"\n"
24241
"else \n"
24242
"\tarchive_file=$week_file\n"
24243
"fi\n"
24244
"\n"
24245
"# Print start status message.\n"
24246
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
24247
"date\n"
24248
"echo\n"
24249
"\n"
24250
"# Backup the files using tar.\n"
24251
"tar czf $dest/$archive_file $backup_files\n"
24252
"\n"
24253
"# Print end status message.\n"
24254
"echo\n"
24255
"echo \"Backup finished\"\n"
24256
"date\n"
24257
"\n"
24258
"# Long listing of files in $dest to check file sizes.\n"
24259
"ls -lh $dest/\n"
24260
msgstr ""
24261
24262
#: serverguide/C/backups.xml:456(para)
24263
msgid ""
24264
"The script can be executed using the same methods as in <xref "
24265
"linkend=\"backup-executing-shellscript\"/>."
24266
msgstr ""
24267
24268
#: serverguide/C/backups.xml:459(para)
24269
msgid ""
24270
"It is good practice to take backup media off site in case of a disaster. In "
24271
"the shell script example the backup media is another server providing an NFS "
24272
"share. In all likelihood taking the NFS server to another location would not "
24273
"be practical. Depending upon connection speeds it may be an option to copy "
24274
"the archive file over a WAN link to a server in another location."
24275
msgstr ""
24276
24277
#: serverguide/C/backups.xml:465(para)
24278
msgid ""
24279
"Another option is to copy the archive file to an external hard drive which "
24280
"can then be taken off site. Since the price of external hard drives continue "
24281
"to decrease it may be cost affective to use two drives for each archive "
24282
"level. This would allow you to have one external drive attached to the "
24283
"backup server and one in another location."
24284
msgstr ""
24285
24286
#: serverguide/C/backups.xml:472(title)
24287
msgid "Tape Drives"
24288
msgstr ""
24289
24290
#: serverguide/C/backups.xml:473(para)
24291
msgid ""
24292
"A tape drive attached to the server can be used instead of a NFS share. "
24293
"Using a tape drive simplifies archive rotation, and taking the media off "
24294
"site as well."
24295
msgstr ""
24296
24297
#: serverguide/C/backups.xml:477(para)
24298
msgid ""
24299
"When using a tape drive the filename portions of the script aren't needed "
24300
"because the date is sent directly to the tape device. Some commands to "
24301
"manipulate the tape are needed. This is accomplished using "
24302
"<application>mt</application>, a magnetic tape control utility part of the "
24303
"<application>cpio</application> package."
24304
msgstr ""
24305
24306
#: serverguide/C/backups.xml:482(para)
24307
msgid "Here is the shell script modified to use a tape drive:"
24308
msgstr ""
24309
24310
#: serverguide/C/backups.xml:485(programlisting)
24311
#, no-wrap
24312
msgid ""
24313
"\n"
24314
"#!/bin/bash\n"
24315
"####################################\n"
24316
"#\n"
24317
"# Backup to tape drive script.\n"
24318
"#\n"
24319
"####################################\n"
24320
"\n"
24321
"# What to backup. \n"
24322
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
24323
"\n"
24324
"# Where to backup to.\n"
24325
"dest=\"/dev/st0\"\n"
24326
"\n"
24327
"# Print start status message.\n"
24328
"echo \"Backing up $backup_files to $dest\"\n"
24329
"date\n"
24330
"echo\n"
24331
"\n"
24332
"# Make sure the tape is rewound.\n"
24333
"mt -f $dest rewind\n"
24334
"\n"
24335
"# Backup the files using tar.\n"
24336
"tar czf $dest $backup_files\n"
24337
"\n"
24338
"# Rewind and eject the tape.\n"
24339
"mt -f $dest rewoffl\n"
24340
"\n"
24341
"# Print end status message.\n"
24342
"echo\n"
24343
"echo \"Backup finished\"\n"
24344
"date\n"
24345
msgstr ""
24346
24347
#: serverguide/C/backups.xml:519(para)
24348
msgid ""
24349
"The default device name for a SCSI tape drive is "
24350
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
24351
"system."
24352
msgstr ""
24353
24354
#: serverguide/C/backups.xml:524(para)
24355
msgid ""
24356
"Restoring from a tape drive is basically the same as restoring from a file. "
24357
"Simply rewind the tape and use the device path instead of a file path. For "
24358
"example to restore the <filename>/etc/hosts</filename> file to "
24359
"<filename>/tmp/etc/hosts</filename>:"
24360
msgstr ""
24361
24362
#: serverguide/C/backups.xml:529(command)
24363
msgid "mt -f /dev/st0 rewind"
24364
msgstr "mt -f /dev/st0 rewind"
24365
24366
#: serverguide/C/backups.xml:530(command)
24367
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
24368
msgstr "tar -xzf /dev/st0 -C /tmp etc/hosts"
24369
24370
#: serverguide/C/backups.xml:535(title)
24371
msgid "Bacula"
24372
msgstr "Bacula"
24373
24374
#: serverguide/C/backups.xml:536(para)
24375
msgid ""
24376
"<application>Bacula</application> is a backup program enabling you to "
24377
"backup, restore, and verify data across your network. There are Bacula "
24378
"clients for Linux, Windows, and Mac OSX. Making it a cross platform network "
24379
"wide solution."
24380
msgstr ""
24381
24382
#: serverguide/C/backups.xml:542(para)
24383
msgid ""
24384
"<application>Bacula</application> is made up of several components and "
24385
"services used to manage which files to backup and where to back them up to:"
24386
msgstr ""
24387
24388
#: serverguide/C/backups.xml:548(para)
24389
msgid ""
24390
"<application>Bacula Director:</application> a service that controls all "
24391
"backup, restore, verify, and archive operations."
24392
msgstr ""
24393
24394
#: serverguide/C/backups.xml:553(para)
24395
msgid ""
24396
"<application>Bacula Console:</application> an application allowing "
24397
"communication with the Director. There are three versions of the Console:"
24398
msgstr ""
24399
24400
#: serverguide/C/backups.xml:558(para)
24401
msgid "Text based command line version."
24402
msgstr ""
24403
24404
#: serverguide/C/backups.xml:559(para)
24405
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
24406
msgstr ""
24407
24408
#: serverguide/C/backups.xml:560(para)
24409
msgid "wxWidgets GUI interface."
24410
msgstr ""
24411
24412
#: serverguide/C/backups.xml:564(para)
24413
msgid ""
24414
"<application>Bacula File:</application> also known as the "
24415
"<application>Bacula Client</application> program. This application is "
24416
"installed on machines to be backed up, and is responsible for the data "
24417
"requested by the Director."
24418
msgstr ""
24419
24420
#: serverguide/C/backups.xml:570(para)
24421
msgid ""
24422
"<application>Bacula Storage:</application> the programs that perform the "
24423
"storage and recovery of data to the physical media."
24424
msgstr ""
24425
24426
#: serverguide/C/backups.xml:575(para)
24427
msgid ""
24428
"<application>Bacula Catalog:</application> is responsible for maintaining "
24429
"the file indexes and volume databases for all files backed up, enabling "
24430
"quick location and restoration of archived files. The Catalog supports three "
24431
"different databases MySQL, PostgreSQL, and SQLite."
24432
msgstr ""
24433
24434
#: serverguide/C/backups.xml:581(para)
24435
msgid ""
24436
"<application>Bacula Monitor:</application> allows the monitoring of the "
24437
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
24438
"available as a GTK+ GUI application."
24439
msgstr ""
24440
24441
#: serverguide/C/backups.xml:587(para)
24442
msgid ""
24443
"These services and applications can be run on multiple servers and clients, "
24444
"or they can be installed on one machine if backing up a single disk or "
24445
"volume."
24446
msgstr ""
24447
24448
#: serverguide/C/backups.xml:594(para)
24449
msgid ""
24450
"There are multiple packages containing the different "
24451
"<application>Bacula</application> components. To install Bacula, from a "
24452
"terminal prompt enter:"
24453
msgstr ""
24454
24455
#: serverguide/C/backups.xml:599(command)
24456
msgid "sudo apt-get install bacula"
24457
msgstr "sudo apt-get install bacula"
24458
24459
#: serverguide/C/backups.xml:601(para)
24460
msgid ""
24461
"By default installing the <application>bacula</application> package will use "
24462
"a <application>MySQL</application> database for the Catalog. If you want to "
24463
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
24464
"director-sqlite3</application> or <application>bacula-director-"
24465
"pgsql</application> respectively."
24466
msgstr ""
24467
24468
#: serverguide/C/backups.xml:607(para)
24469
msgid ""
24470
"During the install process you will be asked to supply credentials for the "
24471
"database <emphasis>administrator</emphasis> and the "
24472
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
24473
"database administrator will need to have the appropriate rights to create a "
24474
"database, see <xref linkend=\"mysql\"/> for more information."
24475
msgstr ""
24476
24477
#: serverguide/C/backups.xml:617(para)
24478
msgid ""
24479
"<application>Bacula</application> configuration files are formatted based on "
24480
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
24481
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
24482
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
24483
"directory."
24484
msgstr ""
24485
24486
#: serverguide/C/backups.xml:622(para)
24487
msgid ""
24488
"The various <application>Bacula</application> components must authorize "
24489
"themselves to each other. This is accomplished using the "
24490
"<emphasis>password</emphasis> directive. For example, the "
24491
"<emphasis>Storage</emphasis> resource password in the "
24492
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
24493
"<emphasis>Director</emphasis> resource password in "
24494
"<filename>/etc/bacula/bacula-sd.conf</filename>."
24495
msgstr ""
24496
24497
#: serverguide/C/backups.xml:628(para)
24498
msgid ""
24499
"By default the backup job named <emphasis>Client1</emphasis> is configured "
24500
"to archive the <application>Bacula</application> Catalog. If you plan on "
24501
"using the server to backup more than one client you should change the name "
24502
"of this job to something more descriptive. To change the name edit "
24503
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
24504
msgstr ""
24505
24506
#: serverguide/C/backups.xml:633(programlisting)
24507
#, no-wrap
24508
msgid ""
24509
"\n"
24510
"#\n"
24511
"# Define the main nightly save backup job\n"
24512
"# By default, this job will back up to disk in \n"
24513
"Job {\n"
24514
" Name = \"BackupServer\"\n"
24515
" JobDefs = \"DefaultJob\"\n"
24516
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
24517
"}\n"
24518
msgstr ""
24519
24520
#: serverguide/C/backups.xml:644(para)
24521
msgid ""
24522
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
24523
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
24524
"your appropriate hostname, or other descriptive name."
24525
msgstr ""
24526
24527
#: serverguide/C/backups.xml:649(para)
24528
msgid ""
24529
"The <emphasis>Console</emphasis> can be used to query the "
24530
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
24531
"<emphasis>non-root</emphasis> user, the user needs to be in the "
24532
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
24533
"the following from a terminal:"
24534
msgstr ""
24535
24536
#: serverguide/C/backups.xml:655(command)
24537
msgid "sudo adduser $username bacula"
24538
msgstr "sudo adduser $username bacula"
24539
24540
#: serverguide/C/backups.xml:658(para)
24541
msgid ""
24542
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
24543
"you are adding the current user to the group you should log out and back in "
24544
"for the new permissions to take effect."
24545
msgstr ""
24546
24547
#: serverguide/C/backups.xml:665(title)
24548
msgid "Localhost Backup"
24549
msgstr ""
24550
24551
#: serverguide/C/backups.xml:666(para)
24552
msgid ""
24553
"This section describes how to backup specified directories on a single host "
24554
"to a local tape drive."
24555
msgstr ""
24556
24557
#: serverguide/C/backups.xml:671(para)
24558
msgid ""
24559
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
24560
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
24561
msgstr ""
24562
24563
#: serverguide/C/backups.xml:674(programlisting)
24564
#, no-wrap
24565
msgid ""
24566
"\n"
24567
"Device {\n"
24568
" Name = \"Tape Drive\"\n"
24569
" Device Type = tape\n"
24570
" Media Type = DDS-4\n"
24571
" Archive Device = /dev/st0\n"
24572
" Hardware end of medium = No;\n"
24573
" AutomaticMount = yes; # when device opened, read it\n"
24574
" AlwaysOpen = Yes;\n"
24575
" RemovableMedia = yes;\n"
24576
" RandomAccess = no;\n"
24577
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
24578
"}\n"
24579
msgstr ""
24580
24581
#: serverguide/C/backups.xml:688(para)
24582
msgid ""
24583
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24584
"Type and Archive Device to match your hardware."
24585
msgstr ""
24586
24587
#: serverguide/C/backups.xml:691(para)
24588
msgid "You could also uncomment one of the other examples in the file."
24589
msgstr ""
24590
24591
#: serverguide/C/backups.xml:696(para)
24592
msgid ""
24593
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24594
"<application>Storage</application> daemon will need to be restarted:"
24595
msgstr ""
24596
24597
#: serverguide/C/backups.xml:701(command)
24598
msgid "sudo /etc/init.d/bacula-sd restart"
24599
msgstr "sudo /etc/init.d/bacula-sd restart"
24600
24601
#: serverguide/C/backups.xml:705(para)
24602
msgid ""
24603
"Now add a <emphasis>Storage</emphasis> resource in "
24604
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24605
msgstr ""
24606
24607
#: serverguide/C/backups.xml:708(programlisting)
24608
#, no-wrap
24609
msgid ""
24610
"\n"
24611
"# Definition of \"Tape Drive\" storage device\n"
24612
"Storage {\n"
24613
" Name = TapeDrive\n"
24614
" # Do not use \"localhost\" here \n"
24615
" Address = backupserver # N.B. Use a fully qualified name "
24616
"here\n"
24617
" SDPort = 9103\n"
24618
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
24619
" Device = \"Tape Drive\"\n"
24620
" Media Type = tape\n"
24621
"}\n"
24622
msgstr ""
24623
24624
#: serverguide/C/backups.xml:720(para)
24625
msgid ""
24626
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24627
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24628
"to the actual host name."
24629
msgstr ""
24630
24631
#: serverguide/C/backups.xml:724(para)
24632
msgid ""
24633
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24634
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24635
msgstr ""
24636
24637
#: serverguide/C/backups.xml:730(para)
24638
msgid ""
24639
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24640
"directories to backup, by adding:"
24641
msgstr ""
24642
24643
#: serverguide/C/backups.xml:733(programlisting)
24644
#, no-wrap
24645
msgid ""
24646
"\n"
24647
"# LocalhostBacup FileSet.\n"
24648
"FileSet {\n"
24649
" Name = \"LocalhostFiles\"\n"
24650
" Include {\n"
24651
" Options {\n"
24652
" signature = MD5\n"
24653
" compression=GZIP\n"
24654
" }\n"
24655
" File = /etc\n"
24656
" File = /home\n"
24657
" }\n"
24658
"}\n"
24659
msgstr ""
24660
24661
#: serverguide/C/backups.xml:747(para)
24662
msgid ""
24663
"This <emphasis>FileSet</emphasis> will backup the <filename "
24664
"role=\"directory\">/etc</filename> and <filename "
24665
"role=\"directory\">/home</filename> directories. The "
24666
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24667
"create a MD5 signature for each file backed up, and to compress the files "
24668
"using GZIP."
24669
msgstr ""
24670
24671
#: serverguide/C/backups.xml:754(para)
24672
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24673
msgstr ""
24674
24675
#: serverguide/C/backups.xml:757(programlisting)
24676
#, no-wrap
24677
msgid ""
24678
"\n"
24679
"# LocalhostBackup Schedule -- Daily.\n"
24680
"Schedule {\n"
24681
" Name = \"LocalhostDaily\"\n"
24682
" Run = Full daily at 00:01\n"
24683
"}\n"
24684
msgstr ""
24685
24686
#: serverguide/C/backups.xml:764(para)
24687
msgid ""
24688
"The job will run every day at 00:01 or 12:01 am. There are many other "
24689
"scheduling options available."
24690
msgstr ""
24691
24692
#: serverguide/C/backups.xml:769(para)
24693
msgid "Finally create the <emphasis>Job</emphasis>:"
24694
msgstr ""
24695
24696
#: serverguide/C/backups.xml:772(programlisting)
24697
#, no-wrap
24698
msgid ""
24699
"\n"
24700
"# Localhost backup.\n"
24701
"Job {\n"
24702
" Name = \"LocalhostBackup\"\n"
24703
" JobDefs = \"DefaultJob\"\n"
24704
" Enabled = yes\n"
24705
" Level = Full\n"
24706
" FileSet = \"LocalhostFiles\"\n"
24707
" Schedule = \"LocalhostDaily\"\n"
24708
" Storage = TapeDrive\n"
24709
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24710
"} \n"
24711
msgstr ""
24712
24713
#: serverguide/C/backups.xml:785(para)
24714
msgid ""
24715
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24716
"drive."
24717
msgstr ""
24718
24719
#: serverguide/C/backups.xml:790(para)
24720
msgid ""
24721
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24722
"current tape does not have a label <application>Bacula</application> will "
24723
"send an email letting you know. To label a tape using the "
24724
"<application>Console</application> enter the following from a terminal:"
24725
msgstr ""
24726
24727
#: serverguide/C/backups.xml:796(command)
24728
msgid "bconsole"
24729
msgstr ""
24730
24731
#: serverguide/C/backups.xml:800(para)
24732
msgid "At the Bacula Console prompt enter:"
24733
msgstr ""
24734
24735
#: serverguide/C/backups.xml:804(command)
24736
msgid "label"
24737
msgstr "метка"
24738
24739
#: serverguide/C/backups.xml:808(para)
24740
msgid ""
24741
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24742
msgstr ""
24743
24744
#: serverguide/C/backups.xml:818(userinput)
24745
#, no-wrap
24746
msgid "2"
24747
msgstr "2"
24748
24749
#: serverguide/C/backups.xml:812(computeroutput)
24750
#, no-wrap
24751
msgid ""
24752
"\n"
24753
"Automatically selected Catalog: MyCatalog\n"
24754
"Using Catalog \"MyCatalog\"\n"
24755
"The defined Storage resources are:\n"
24756
" 1: File\n"
24757
" 2: TapeDrive\n"
24758
"Select Storage resource (1-2):<placeholder-1/>\n"
24759
msgstr ""
24760
24761
#: serverguide/C/backups.xml:823(para)
24762
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24763
msgstr ""
24764
24765
#: serverguide/C/backups.xml:828(userinput)
24766
#, no-wrap
24767
msgid "Sunday"
24768
msgstr "Нядзеля"
24769
24770
#: serverguide/C/backups.xml:827(computeroutput)
24771
#, no-wrap
24772
msgid ""
24773
"\n"
24774
"Enter new Volume name: <placeholder-1/>\n"
24775
"Defined Pools:\n"
24776
" 1: Default\n"
24777
" 2: Scratch"
24778
msgstr ""
24779
24780
#: serverguide/C/backups.xml:833(para)
24781
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24782
msgstr ""
24783
24784
#: serverguide/C/backups.xml:838(para)
24785
msgid "Now, select the <emphasis>Pool</emphasis>:"
24786
msgstr ""
24787
24788
#: serverguide/C/backups.xml:843(userinput)
24789
#, no-wrap
24790
msgid "1"
24791
msgstr "1"
24792
24793
#: serverguide/C/backups.xml:842(computeroutput)
24794
#, no-wrap
24795
msgid ""
24796
"\n"
24797
"Select the Pool (1-2): <placeholder-1/>\n"
24798
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24799
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24800
msgstr ""
24801
24802
#: serverguide/C/backups.xml:850(para)
24803
msgid ""
24804
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24805
"backup the localhost to an attached tape drive."
24806
msgstr ""
24807
24808
#: serverguide/C/backups.xml:858(para)
24809
msgid ""
24810
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24811
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24812
"Manual</ulink>"
24813
msgstr ""
24814
24815
#: serverguide/C/backups.xml:864(para)
24816
msgid ""
24817
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24818
"the latest Bacula news and developments."
24819
msgstr ""
24820
"<ulink url=\"http://www.bacula.org/\">Хатняя старонка Bacula</ulink> "
24821
"зьмяшнае апошнія навіны і распрацоўкі."
24822
24823
#: serverguide/C/backups.xml:869(para)
24824
msgid ""
24825
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24826
"Ubuntu Wiki</ulink> page."
24827
msgstr ""
24828
24829
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24830
#: serverguide/C/backups.xml:0(None)
24831
msgid "translator-credits"
24832
msgstr ""
24833
"Launchpad Contributions:\n"
24834
" Alex Nyakhaychyk https://launchpad.net/~nab"
24835
24836
#~ msgid "sudo apt-get install likewise-open5"
24837
#~ msgstr "sudo apt-get install likewise-open5"
24838
24839
#~ msgid "Next"
24840
#~ msgstr "Далей"
24841
24842
#~ msgid ""
24843
#~ "The <application>mount.cifs</application><ulink "
24844
#~ "url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
24845
#~ "man page</ulink> is also useful for more detailed information."
24846
#~ msgstr ""
24847
#~ "<ulink "
24848
#~ "url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
24849
#~ "Старонка дапамогі</ulink> <application>mount.cifs</application> зьмяшчае "
24850
#~ "больш падрабязныя зьвесткі."
24851
24852
#~ msgid ""
24853
#~ "For more <application>smbclient</application> options see the man page: "
24854
#~ "<command>man smbclient</command>, also available <ulink "
24855
#~ "url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">o"
24856
#~ "nline</ulink>."
24857
#~ msgstr ""
24858
#~ "Каб паглядзець опцыі <application>smbclient</application> глядзіце старонку "
24859
#~ "дапамогі: <command>man smbclient</command>, яшчэ ў сеціве даступная <ulink "
24860
#~ "url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\"><"
24861
#~ "/ulink>."
24862
24863
#~ msgid "To install <application>Likewise Open 5.0</application> enter:"
24864
#~ msgstr ""
24865
#~ "Каб устанавіць <application>Likewise Open 5.0</application> увядзіце:"
24866
24867
#~ msgid ""
24868
#~ "The Apache2 web server is available in Ubuntu Linux. To install Apache2:"
24869
#~ msgstr "Вэб сэрвер Apache2 даступны ва Ubuntu Linux. Каб устанавІць Apache2:"
24870
24871
#~ msgid "Apache Modules"
24872
#~ msgstr "Модулі Apache"
24873
24874
#~ msgid "egrep '(vmx|svm)' /proc/cpuinfo"
24875
#~ msgstr "egrep '(vmx|svm)' /proc/cpuinfo"
24876
24877
#~ msgid ""
24878
#~ "sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 \\ -"
24879
#~ "o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
24880
#~ "-user user --name user --pass default"
24881
#~ msgstr ""
24882
#~ "sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 \\ -"
24883
#~ "o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
24884
#~ "-user user --name user --pass default"
24885
24886
#~ msgid ""
24887
#~ "sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o "
24888
#~ "\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
24889
#~ "user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
24890
#~ "mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
24891
#~ "dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
24892
#~ "addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
24893
#~ "addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
24894
#~ "upgrades --addpkg acpid --ppa nijaba \\ --mirror "
24895
#~ "http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
24896
#~ "firstlogin login.sh es"
24897
#~ msgstr ""
24898
#~ "sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o "
24899
#~ "\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
24900
#~ "user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
24901
#~ "mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
24902
#~ "dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
24903
#~ "addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
24904
#~ "addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
24905
#~ "upgrades --addpkg acpid --ppa nijaba \\ --mirror "
24906
#~ "http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
24907
#~ "firstlogin login.sh es"
24908
24909
#~ msgid "sudo apt-get install eucalyptus-cloud eucalyptus-cc"
24910
#~ msgstr "sudo apt-get install eucalyptus-cloud eucalyptus-cc"
24911
24912
#~ msgid "sudo apt-get install eucalyptus-nc"
24913
#~ msgstr "sudo apt-get install eucalyptus-nc"
24914
24915
#~ msgid "Finally, restart <application>eucalyptus-nc</application>:"
24916
#~ msgstr "У канцы, перазапусьціце <application>eucalyptus-nc</application>:"
24917
24918
#, no-wrap
24919
#~ msgid ""
24920
#~ "\n"
24921
#~ "VNET_INTERFACE=\"br0\"\n"
24922
#~ "...\n"
24923
#~ "VNET_BRIDGE=\"br0\"\n"
24924
#~ msgstr ""
24925
#~ "\n"
24926
#~ "VNET_INTERFACE=\"br0\"\n"
24927
#~ "...\n"
24928
#~ "VNET_BRIDGE=\"br0\"\n"
24929
24930
#~ msgid "sudo /etc/init.d/eucalyptus-nc restart"
24931
#~ msgstr "sudo /etc/init.d/eucalyptus-nc restart"
24932
24933
#~ msgid "sudo euca_conf -addnode hostname_of_node"
24934
#~ msgstr "sudo euca_conf -addnode hostname_of_node"
24935
24936
#~ msgid ""
24937
#~ "See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus "
24938
#~ "website</ulink> for more information."
24939
#~ msgstr ""
24940
#~ "Глядзіце <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">вэб-"
24941
#~ "старонкуEucalyptus</ulink> для больш зьмястоўнай інфармацыі."
24942
24943
#, no-wrap
24944
#~ msgid ""
24945
#~ "\n"
24946
#~ "#exec /sbin/shutdown -r now \"Control-Alt-Delete pressed\"\n"
24947
#~ msgstr ""
24948
#~ "\n"
24949
#~ "#exec /sbin/shutdown -r now \"Control-Alt-Delete pressed\"\n"
24950
24951
#~ msgid "grub-md5-crypt"
24952
#~ msgstr "grub-md5-crypt"
24953
24954
#, no-wrap
24955
#~ msgid "(enter new password)"
24956
#~ msgstr "(увядзіце новы пароль)"
24957
24958
#, no-wrap
24959
#~ msgid "password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
24960
#~ msgstr "password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
24961
24962
#, no-wrap
24963
#~ msgid "(repeat password)"
24964
#~ msgstr "(паўтарыце пароль)"
24965
24966
#~ msgid "chmod 644 .ssh/authorized_keys"
24967
#~ msgstr "chmod 644 .ssh/authorized_keys"
24968
24969
#~ msgid "Update MOTD"
24970
#~ msgstr "Абнавіць MOTD"
24971
24972
#~ msgid "sudo update-motd"
24973
#~ msgstr "sudo update-motd"
24974
24975
#~ msgid ""
24976
#~ "sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/60-local-weather"
24977
#~ msgstr ""
24978
#~ "sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/60-local-weather"
24979
24980
#~ msgid "select-screen-profile -s ubuntu-light"
24981
#~ msgstr "select-screen-profile -s ubuntu-light"
24982
24983
#~ msgid "Ethernet"
24984
#~ msgstr "Ethernet"
24985
24986
#, no-wrap
24987
#~ msgid ""
24988
#~ "\n"
24989
#~ "iface eth1 inet static\n"
24990
#~ "\taddress 192.168.0.2\n"
24991
#~ "\tnetmask 255.255.255.0\n"
24992
#~ "\tgateway 192.168.0.1\n"
24993
#~ msgstr ""
24994
#~ "\n"
24995
#~ "iface eth1 inet static\n"
24996
#~ "\taddress 192.168.0.2\n"
24997
#~ "\tnetmask 255.255.255.0\n"
24998
#~ "\tgateway 192.168.0.1\n"
24999
25000
#~ msgid "sudo dpkg-reconfigure slapd"
25001
#~ msgstr "sudo dpkg-reconfigure slapd"
25002
25003
#~ msgid ""
25004
#~ "ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
25005
#~ msgstr ""
25006
#~ "ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
25007
25008
#~ msgid ""
25009
#~ "ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
25010
#~ "olcDbIndex"
25011
#~ msgstr ""
25012
#~ "ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
25013
#~ "olcDbIndex"
25014
25015
#~ msgid "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
25016
#~ msgstr "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
25017
25018
#, no-wrap
25019
#~ msgid ""
25020
#~ "\n"
25021
#~ "dn: olcDatabase={1}hdb,cn=config\n"
25022
#~ "add: olcDbIndex\n"
25023
#~ "olcDbIndex: entryUUID eq"
25024
#~ msgstr ""
25025
#~ "\n"
25026
#~ "dn: olcDatabase={1}hdb,cn=config\n"
25027
#~ "add: olcDbIndex\n"
25028
#~ "olcDbIndex: entryUUID eq"
25029
25030
#, no-wrap
25031
#~ msgid ""
25032
#~ "\n"
25033
#~ "dn: cn=misc,cn=schema,cn=config\n"
25034
#~ "...\n"
25035
#~ "cn: misc\n"
25036
#~ msgstr ""
25037
#~ "\n"
25038
#~ "dn: cn=misc,cn=schema,cn=config\n"
25039
#~ "...\n"
25040
#~ "cn: misc\n"
25041
25042
#, no-wrap
25043
#~ msgid ""
25044
#~ "\n"
25045
#~ "dn: ou=people,dc=example,dc=com\n"
25046
#~ "objectClass: organizationalUnit\n"
25047
#~ "ou: people\n"
25048
#~ "\n"
25049
#~ "dn: ou=groups,dc=example,dc=com\n"
25050
#~ "objectClass: organizationalUnit\n"
25051
#~ "ou: groups\n"
25052
#~ "\n"
25053
#~ "dn: uid=john,ou=people,dc=example,dc=com\n"
25054
#~ "objectClass: inetOrgPerson\n"
25055
#~ "objectClass: posixAccount\n"
25056
#~ "objectClass: shadowAccount\n"
25057
#~ "uid: john\n"
25058
#~ "sn: Doe\n"
25059
#~ "givenName: John\n"
25060
#~ "cn: John Doe\n"
25061
#~ "displayName: John Doe\n"
25062
#~ "uidNumber: 1000\n"
25063
#~ "gidNumber: 10000\n"
25064
#~ "userPassword: password\n"
25065
#~ "gecos: John Doe\n"
25066
#~ "loginShell: /bin/bash\n"
25067
#~ "homeDirectory: /home/john\n"
25068
#~ "shadowExpire: -1\n"
25069
#~ "shadowFlag: 0\n"
25070
#~ "shadowWarning: 7\n"
25071
#~ "shadowMin: 8\n"
25072
#~ "shadowMax: 999999\n"
25073
#~ "shadowLastChange: 10877\n"
25074
#~ "mail: john.doe@example.com\n"
25075
#~ "postalCode: 31000\n"
25076
#~ "l: Toulouse\n"
25077
#~ "o: Example\n"
25078
#~ "mobile: +33 (0)6 xx xx xx xx\n"
25079
#~ "homePhone: +33 (0)5 xx xx xx xx\n"
25080
#~ "title: System Administrator\n"
25081
#~ "postalAddress: \n"
25082
#~ "initials: JD\n"
25083
#~ "\n"
25084
#~ "dn: cn=example,ou=groups,dc=example,dc=com\n"
25085
#~ "objectClass: posixGroup\n"
25086
#~ "cn: example\n"
25087
#~ "gidNumber: 10000\n"
25088
#~ msgstr ""
25089
#~ "\n"
25090
#~ "dn: ou=people,dc=example,dc=com\n"
25091
#~ "objectClass: organizationalUnit\n"
25092
#~ "ou: people\n"
25093
#~ "\n"
25094
#~ "dn: ou=groups,dc=example,dc=com\n"
25095
#~ "objectClass: organizationalUnit\n"
25096
#~ "ou: groups\n"
25097
#~ "\n"
25098
#~ "dn: uid=john,ou=people,dc=example,dc=com\n"
25099
#~ "objectClass: inetOrgPerson\n"
25100
#~ "objectClass: posixAccount\n"
25101
#~ "objectClass: shadowAccount\n"
25102
#~ "uid: john\n"
25103
#~ "sn: Doe\n"
25104
#~ "givenName: John\n"
25105
#~ "cn: John Doe\n"
25106
#~ "displayName: John Doe\n"
25107
#~ "uidNumber: 1000\n"
25108
#~ "gidNumber: 10000\n"
25109
#~ "userPassword: password\n"
25110
#~ "gecos: John Doe\n"
25111
#~ "loginShell: /bin/bash\n"
25112
#~ "homeDirectory: /home/john\n"
25113
#~ "shadowExpire: -1\n"
25114
#~ "shadowFlag: 0\n"
25115
#~ "shadowWarning: 7\n"
25116
#~ "shadowMin: 8\n"
25117
#~ "shadowMax: 999999\n"
25118
#~ "shadowLastChange: 10877\n"
25119
#~ "mail: john.doe@example.com\n"
25120
#~ "postalCode: 31000\n"
25121
#~ "l: Toulouse\n"
25122
#~ "o: Example\n"
25123
#~ "mobile: +33 (0)6 xx xx xx xx\n"
25124
#~ "homePhone: +33 (0)5 xx xx xx xx\n"
25125
#~ "title: System Administrator\n"
25126
#~ "postalAddress: \n"
25127
#~ "initials: JD\n"
25128
#~ "\n"
25129
#~ "dn: cn=example,ou=groups,dc=example,dc=com\n"
25130
#~ "objectClass: posixGroup\n"
25131
#~ "cn: example\n"
25132
#~ "gidNumber: 10000\n"
25133
25134
#~ msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f example.com.ldif"
25135
#~ msgstr "ldapadd -x -D cn=admin,dc=example,dc=com -W -f example.com.ldif"
25136
25137
#, no-wrap
25138
#~ msgid ""
25139
#~ "\n"
25140
#~ "dn: olcDatabase={1}hdb,cn=config\n"
25141
#~ "changetype: modify\n"
25142
#~ "add: olcRootDN\n"
25143
#~ "olcRootDN: cn=admin,dc=example,dc=com\n"
25144
#~ "-\n"
25145
#~ "add: olcSyncRepl\n"
25146
#~ "olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
25147
#~ "binddn=\"cn=admin,dc=example,dc=com\" \n"
25148
#~ " bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
25149
#~ "type=refreshOnly \n"
25150
#~ " interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
25151
#~ "olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
25152
#~ "binddn=\"cn=admin,dc=example,dc=com\" \n"
25153
#~ " bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
25154
#~ "type=refreshOnly \n"
25155
#~ " interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
25156
#~ "-\n"
25157
#~ "add: olcMirrorMode\n"
25158
#~ "olcMirrorMode: TRUE\n"
25159
#~ "\n"
25160
#~ "dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
25161
#~ "changetype: add\n"
25162
#~ "objectClass: olcOverlayConfig\n"
25163
#~ "objectClass: olcSyncProvConfig\n"
25164
#~ "olcOverlay: syncprov\n"
25165
#~ msgstr ""
25166
#~ "\n"
25167
#~ "dn: olcDatabase={1}hdb,cn=config\n"
25168
#~ "changetype: modify\n"
25169
#~ "add: olcRootDN\n"
25170
#~ "olcRootDN: cn=admin,dc=example,dc=com\n"
25171
#~ "-\n"
25172
#~ "add: olcSyncRepl\n"
25173
#~ "olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
25174
#~ "binddn=\"cn=admin,dc=example,dc=com\" \n"
25175
#~ " bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
25176
#~ "type=refreshOnly \n"
25177
#~ " interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
25178
#~ "olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
25179
#~ "binddn=\"cn=admin,dc=example,dc=com\" \n"
25180
#~ " bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
25181
#~ "type=refreshOnly \n"
25182
#~ " interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
25183
#~ "-\n"
25184
#~ "add: olcMirrorMode\n"
25185
#~ "olcMirrorMode: TRUE\n"
25186
#~ "\n"
25187
#~ "dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
25188
#~ "changetype: add\n"
25189
#~ "objectClass: olcOverlayConfig\n"
25190
#~ "objectClass: olcSyncProvConfig\n"
25191
#~ "olcOverlay: syncprov\n"
25192
25193
#~ msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
25194
#~ msgstr "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
25195
25196
#~ msgid "Add the LDIF file:"
25197
#~ msgstr "Дадаць файл LDIF:"
25198
25199
#~ msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
25200
#~ msgstr "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
25201
25202
#, no-wrap
25203
#~ msgid ""
25204
#~ "dn: cn=config\n"
25205
#~ "add: olcTLSCACertificateFile\n"
25206
#~ "olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
25207
#~ "-\n"
25208
#~ "add: olcTLSCertificateFile\n"
25209
#~ "olcTLSCertificateFile: /etc/ssl/certs/server.crt\n"
25210
#~ "-\n"
25211
#~ "add: olcTLSCertificateKeyFile\n"
25212
#~ "olcTLSCertificateKeyFile: /etc/ssl/private/server.key"
25213
#~ msgstr ""
25214
#~ "dn: cn=config\n"
25215
#~ "add: olcTLSCACertificateFile\n"
25216
#~ "olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
25217
#~ "-\n"
25218
#~ "add: olcTLSCertificateFile\n"
25219
#~ "olcTLSCertificateFile: /etc/ssl/certs/server.crt\n"
25220
#~ "-\n"
25221
#~ "add: olcTLSCertificateKeyFile\n"
25222
#~ "olcTLSCertificateKeyFile: /etc/ssl/private/server.key"
25223
25224
#~ msgid "sudo chgrp ssl-cert /etc/ssl/private/server.key"
25225
#~ msgstr "sudo chgrp ssl-cert /etc/ssl/private/server.key"
25226
25227
#, no-wrap
25228
#~ msgid ""
25229
#~ "\n"
25230
#~ "TLS_CERT /etc/ssl/certs/server.crt\n"
25231
#~ "TLS_KEY /etc/ssl/private/server.key\n"
25232
#~ "TLS_CACERT /etc/ssl/certs/cacert.pem\n"
25233
#~ msgstr ""
25234
#~ "\n"
25235
#~ "TLS_CERT /etc/ssl/certs/server.crt\n"
25236
#~ "TLS_KEY /etc/ssl/private/server.key\n"
25237
#~ "TLS_CACERT /etc/ssl/certs/cacert.pem\n"
25238
25239
#~ msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24"
25240
#~ msgstr "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24"
25241
25242
#~ msgid "w3m /usr/share/ubuntu-serverguide/html/en_GB/index.html"
25243
#~ msgstr "w3m /usr/share/ubuntu-serverguide/html/en_GB/index.html"
25244
25245
#~ msgid "Finally, press <emphasis>\"b\"</emphasis> to boot the system."
25246
#~ msgstr "У канцы, клікніце <emphasis>\"b\"</emphasis>каб загрузіць сыстэму."
25247
25248
#~ msgid "sudo dpkg-reconfigure mysql-server-5.0"
25249
#~ msgstr "sudo dpkg-reconfigure mysql-server-5.0"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1